RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update worker.class.php

Browse Source 
Fix for issue #957
This commit is contained in:
Joey 2013-12-19 05:59:23 -05:00
parent f14fd17b2b
commit 019e3c8082
1 changed files with 20 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
public/include/classes/worker.class.php
View File

@ -21,14 +21,24 @@ class Worker extends Base {
$username = $this->user->getUserName($account_id);
$iFailed = 0;
foreach ($data as $key => $value) {
$validWorker = 1;
if ('' === $value['username'] || '' === $value['password']) {
$iFailed++;
} else {
// Prefix the WebUser to Worker name
$value['username'] = "$username." . $value['username'];
$stmt = $this->mysqli->prepare("UPDATE $this->table SET password = ?, username = ?, monitor = ? WHERE account_id = ? AND id = ?");
if ( ! ( $this->checkStmt($stmt) && $stmt->bind_param('ssiii', $value['password'], $value['username'], $value['monitor'], $account_id, $key) && $stmt->execute()) )
// Ensure we have a sane worker name
$wData = explode('.', $value['username']);
if (!preg_match('/[a-z_\-0-9]/i', $wData[1]) || strlen($value['username']) > 50) {
$validWorker = 0;
}
if ($validWorker) {
$stmt = $this->mysqli->prepare("UPDATE $this->table SET password = ?, username = ?, monitor = ? WHERE account_id = ? AND id = ?");
if ( ! ( $this->checkStmt($stmt) && $stmt->bind_param('ssiii', $value['password'], $value['username'], $value['monitor'], $account_id, $key) && $stmt->execute()) )
$iFailed++;
} else {
$iFailed++;
}
}
}
if ($iFailed == 0)
@ -225,8 +235,16 @@ class Worker extends Base {
$this->setErrorMessage($this->getErrorMsg('E0058'));
return false;
}
if (!preg_match('/[a-z_\-0-9]i/', $workerName)) {
$this->setErrorMessage($this->getErrorMsg('E0072'));
return false;
}
$username = $this->user->getUserName($account_id);
$workerName = "$username.$workerName";
if (strlen($workerName) > 50) {
$this->setErrorMessage($this->getErrorMessage('E0073'));
return false;
}
$stmt = $this->mysqli->prepare("INSERT INTO $this->table (account_id, username, password) VALUES(?, ?, ?)");
if ($this->checkStmt($stmt) && $stmt->bind_param('iss', $account_id, $workerName, $workerPassword)) {
if (!$stmt->execute()) {