diff --git a/lam/lib/lists.inc b/lam/lib/lists.inc index 621392dd..6fa649d3 100644 --- a/lam/lib/lists.inc +++ b/lam/lib/lists.inc @@ -3,7 +3,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) - Copyright (C) 2003 - 2014 Roland Gruber + Copyright (C) 2003 - 2015 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -1078,6 +1078,9 @@ class lamList { StatusMessage('INFO', sprintf(_('You can download your PDF files {link=%s}{color=#d2131a}here{endcolor}{endlink}.'), '../' . $_SESSION['mass_pdf']['file'])); } } + elseif (isset($_GET['accountEditInvalidID'])) { + StatusMessage('WARN', _('Please do not edit multiple accounts in parallel in multiple browser tabs.')); + } if (isset($_SESSION['listRedirectMessages'])) { for ($i = 0; $i < sizeof($_SESSION['listRedirectMessages']); $i++) { call_user_func_array('StatusMessage', $_SESSION['listRedirectMessages'][$i]); diff --git a/lam/lib/modules.inc b/lam/lib/modules.inc index f6795dcd..ee0dc19b 100644 --- a/lam/lib/modules.inc +++ b/lam/lib/modules.inc @@ -683,8 +683,9 @@ class accountContainer { * * @param string $type account type * @param string $base key in $_SESSION where this object is saved + * @param integer $randomID random ID to avoid parallel editing (default: null) */ - function __construct($type, $base) { + function __construct($type, $base, $randomID = null) { /* Set the type of account. Valid * types are: user, group, host */ @@ -698,8 +699,9 @@ class accountContainer { $this->current_page=0; $this->subpage='attributes'; $this->isNewAccount = false; + $this->randomID = $randomID; return 0; - } + } /** * Array of all used attributes @@ -760,6 +762,9 @@ class accountContainer { private $sendPasswordViaMail = null; /** send password via mail to this alternate address */ private $sendPasswordViaMailAlternateAddress = null; + + /** random ID number to avoid parallel editing of accounts in multiple browser tabs */ + private $randomID = null; /** * Returns the account module with the given class name @@ -799,6 +804,10 @@ class accountContainer { * It prints the HTML code of each account page. */ function continue_main() { + if (!empty($_POST['account_randomID']) && ($this->randomID != $_POST['account_randomID'])) { + metaRefresh("../lists/list.php?type=" . $this->type . '&accountEditInvalidID=true'); + exit(); + } $oldPage = $this->current_page; $oldSubpage = $this->subpage; $post = $_POST; @@ -1294,7 +1303,8 @@ class accountContainer { jQuery("#inputForm").validationEngine(); }); '; - echo "
\n"; + echo "\n"; + echo ''; } /** diff --git a/lam/templates/account/edit.php b/lam/templates/account/edit.php index f04bca01..b256cdad 100644 --- a/lam/templates/account/edit.php +++ b/lam/templates/account/edit.php @@ -4,7 +4,7 @@ $Id$ This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/) Copyright (C) 2003 - 2006 Tilo Lutz - 2005 - 2014 Roland Gruber + 2005 - 2015 Roland Gruber This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -57,6 +57,7 @@ if (!isLoggedIn()) { // Set correct language, codepages, .... setlanguage(); + //load account if (isset($_GET['DN'])) { $DN = str_replace("\\'", '', $_GET['DN']); @@ -80,7 +81,7 @@ if (isset($_GET['DN'])) { logNewMessage(LOG_ERR, 'User tried to access entry of type ' . $type . ' outside suffix ' . $suffix); die(); } - $_SESSION['account'] = new accountContainer($type, 'account'); + $_SESSION['account'] = new accountContainer($type, 'account', getRandomNumber()); $result = $_SESSION['account']->load_account($DN); if (sizeof($result) > 0) { include '../main_header.php'; @@ -103,7 +104,7 @@ else if (count($_POST)==0) { logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type); die(); } - $_SESSION['account'] = new accountContainer($type, 'account'); + $_SESSION['account'] = new accountContainer($type, 'account', getRandomNumber()); $_SESSION['account']->new_account(); }