Esempio n. 1
0
 public function put_array($array)
 {
     if ($this->access < 1) {
         return "Not authorized to make any updates : guest account";
     }
     $user = new User();
     if (!empty($array["id"])) {
         $user = apiDB::getUser($array["id"]);
         if ($_SERVER['PHP_AUTH_USER'] != $user->email && $this->access <= 1) {
             return "Not authorized to update User " . $user->id;
         }
     } else {
         if (!empty($array["email"])) {
             $user = apiDB::getUserByEmail($array["email"]);
             if ($_SERVER['PHP_AUTH_USER'] != $user->email && $this->access <= 1) {
                 return "Not authorized to update User " . $user->id;
             }
         }
     }
     $user->email = empty($array["email"]) ? $user->email : $array["email"];
     $user->password = empty($array["password"]) ? $user->password : $array["password"];
     if ($this->access > 1) {
         $user->access = empty($array["access"]) ? $user->access : $array["access"];
         // not sure if this is still a security flaw...
     }
     if (empty($user->id)) {
         return apiDB::addUser($user);
     } else {
         return apiDB::updateUser($user->id, $user);
     }
 }
Esempio n. 2
0
 public function put_array($array)
 {
     if ($this->access < 1) {
         return "Not authorized to make any updates : guest account";
     }
     $user = new User();
     if (!empty($array["id"])) {
         $user = apiDB::getUser($array["id"]);
         if ($_SERVER['PHP_AUTH_USER'] != $user->email && $this->access <= 1) {
             return "Not authorized to update User " . $user->id;
         }
     } else {
         if (!empty($array["email"])) {
             $user = apiDB::getUserByEmail($array["email"]);
             if ($_SERVER['PHP_AUTH_USER'] != $user->email && $this->access <= 1) {
                 return "Not authorized to update User " . $user->id;
             }
         }
     }
     $user->email = empty($array["email"]) ? $user->email : $array["email"];
     $user->password = empty($array["password"]) ? $user->password : $array["password"];
     $user->verified = empty($array["verified"]) ? $user->verified : $array["verified"];
     $user->firstname = empty($array["firstname"]) ? $user->firstname : $array["firstname"];
     $user->lastname = empty($array["lastname"]) ? $user->lastname : $array["lastname"];
     $user->postal = empty($array["postal"]) ? $user->postal : $array["postal"];
     $user->phone = empty($array["phone"]) ? $user->phone : $array["phone"];
     $user->sub_summary = isset($array["sub_summary"]) ? $array["sub_summary"] : $user->sub_summary;
     $user->sub_stats = isset($array["sub_stats"]) ? $array["sub_stats"] : $user->sub_stats;
     $user->sub_gwadi = isset($array["sub_gwadi"]) ? $array["sub_gwadi"] : $user->sub_gwadi;
     if ($this->access > 1) {
         $user->access = empty($array["access"]) ? $user->access : $array["access"];
         // not sure if this is still a security flaw...
     }
     if (empty($user->id)) {
         return apiDB::addUser($user);
     } else {
         return apiDB::updateUser($user->id, $user);
     }
 }