check if accounts are edited in multiple browser tabs

This commit is contained in:
Roland Gruber 2015-02-16 19:54:21 +00:00
parent 8d9eb36e0c
commit 75b42a68ff
3 changed files with 21 additions and 7 deletions

View File

@ -3,7 +3,7 @@
$Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2014 Roland Gruber
Copyright (C) 2003 - 2015 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -1078,6 +1078,9 @@ class lamList {
StatusMessage('INFO', sprintf(_('You can download your PDF files {link=%s}{color=#d2131a}here{endcolor}{endlink}.'), '../' . $_SESSION['mass_pdf']['file']));
}
}
elseif (isset($_GET['accountEditInvalidID'])) {
StatusMessage('WARN', _('Please do not edit multiple accounts in parallel in multiple browser tabs.'));
}
if (isset($_SESSION['listRedirectMessages'])) {
for ($i = 0; $i < sizeof($_SESSION['listRedirectMessages']); $i++) {
call_user_func_array('StatusMessage', $_SESSION['listRedirectMessages'][$i]);

View File

@ -683,8 +683,9 @@ class accountContainer {
*
* @param string $type account type
* @param string $base key in $_SESSION where this object is saved
* @param integer $randomID random ID to avoid parallel editing (default: null)
*/
function __construct($type, $base) {
function __construct($type, $base, $randomID = null) {
/* Set the type of account. Valid
* types are: user, group, host
*/
@ -698,8 +699,9 @@ class accountContainer {
$this->current_page=0;
$this->subpage='attributes';
$this->isNewAccount = false;
$this->randomID = $randomID;
return 0;
}
}
/**
* Array of all used attributes
@ -761,6 +763,9 @@ class accountContainer {
/** send password via mail to this alternate address */
private $sendPasswordViaMailAlternateAddress = null;
/** random ID number to avoid parallel editing of accounts in multiple browser tabs */
private $randomID = null;
/**
* Returns the account module with the given class name
*
@ -799,6 +804,10 @@ class accountContainer {
* It prints the HTML code of each account page.
*/
function continue_main() {
if (!empty($_POST['account_randomID']) && ($this->randomID != $_POST['account_randomID'])) {
metaRefresh("../lists/list.php?type=" . $this->type . '&amp;accountEditInvalidID=true');
exit();
}
$oldPage = $this->current_page;
$oldSubpage = $this->subpage;
$post = $_POST;
@ -1295,6 +1304,7 @@ class accountContainer {
});
</script>';
echo "<form id=\"inputForm\" enctype=\"multipart/form-data\" action=\"edit.php\" method=\"post\" onSubmit=\"saveScrollPosition('inputForm')\" autocomplete=\"off\">\n";
echo '<input type="hidden" name="account_randomID" value="' . $this->randomID . '">';
}
/**

View File

@ -4,7 +4,7 @@ $Id$
This code is part of LDAP Account Manager (http://www.ldap-account-manager.org/)
Copyright (C) 2003 - 2006 Tilo Lutz
2005 - 2014 Roland Gruber
2005 - 2015 Roland Gruber
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -57,6 +57,7 @@ if (!isLoggedIn()) {
// Set correct language, codepages, ....
setlanguage();
//load account
if (isset($_GET['DN'])) {
$DN = str_replace("\\'", '', $_GET['DN']);
@ -80,7 +81,7 @@ if (isset($_GET['DN'])) {
logNewMessage(LOG_ERR, 'User tried to access entry of type ' . $type . ' outside suffix ' . $suffix);
die();
}
$_SESSION['account'] = new accountContainer($type, 'account');
$_SESSION['account'] = new accountContainer($type, 'account', getRandomNumber());
$result = $_SESSION['account']->load_account($DN);
if (sizeof($result) > 0) {
include '../main_header.php';
@ -103,7 +104,7 @@ else if (count($_POST)==0) {
logNewMessage(LOG_ERR, 'User tried to create entry of forbidden account type: ' . $type);
die();
}
$_SESSION['account'] = new accountContainer($type, 'account');
$_SESSION['account'] = new accountContainer($type, 'account', getRandomNumber());
$_SESSION['account']->new_account();
}