rewrtitten the users script so it validates xhtml1.0, and fix a security issue removing most of the javascript work.

ChangeLog

@@ -5,10 +5,15 @@ phpMyAdmin - Changelog
 $Id$
 $Source$
 
-2001-09-15  Marc Delisle  <lem9@users.sourceforge.net>
+2001-09-16  Lo<EFBFBD>c Chapeaux  <lolo@phpheaven.net>
-	* libraries/common.lib.php3, bug #460475: user can be blank in
+	* headers.inc.php3; users_detail.php3; libraries/user_details.js; lang/*:
-	  mysql.db (anonymous user), as stated in MySQL doc.
+	  rewrtitten the users script so it validates xhtml1.0, and fix a security
+	  issue removing most of the javascript work.
 
+2001-09-15  Marc Delisle  <lem9@users.sourceforge.net> 
+	* libraries/common.lib.php3, bug #460475: user can be blank in mysql.db
+	  (anonymous user), as stated in MySQL doc.
+    
 2001-09-15  Lo<4C>c Chapeaux  <lolo@phpheaven.net>
 	* tbl_change.php3, lines 351-352: fixed bug #461623 (wrong maxlength in
 	  table_change.php).

header.inc.php3

@@ -91,6 +91,18 @@ var confirmMsg  = '<?php echo(($cfgConfirm) ? str_replace('\'', '\\\'', $strDoYo
 </script>
 <script src="libraries/functions.js" type="text/javascript" language="javascript"></script>
     <?php
+} else if (isset($js_to_run) && $js_to_run == 'user_details.js') {
+    echo "\n";
+    ?>
+// js form validation stuff
+var jsHostEmpty       = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strHostEmpty']); ?>';
+var jsUserEmpty       = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strUserEmpty']); ?>';
+var jsPasswordEmpty   = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strPasswordEmpty']); ?>';
+var jsPasswordNotSame = '<?php echo str_replace('\'', '\\\'', $GLOBALS['strPasswordNotSame']); ?>';
+//-->
+</script>
+<script src="libraries/user_details.js" type="text/javascript" language="javascript"></script>
+    <?php
 } else {
     echo "\n";
     ?>

libraries/user_details.js

@@ -0,0 +1,120 @@
+/* $Id$ */
+
+
+/**
+ * Validates the the password field in a form
+ *
+ * @param   object   the form
+ *
+ * @return  boolean  whether the field value is valid or not
+ */
+function checkPassword(the_form)
+{
+    if (the_form.elements['nopass'][1].checked) {
+        if (the_form.elements['pma_pw'].value == '') {
+            alert(jsPasswordEmpty);
+            the_form.elements['pma_pw2'].value = '';
+            the_form.elements['pma_pw'].focus();
+            return false;
+        } else if (the_form.elements['pma_pw'].value != the_form.elements['pma_pw2'].value) {
+            alert(jsPasswordNotSame);
+            the_form.elements['pma_pw'].value  = '';
+            the_form.elements['pma_pw2'].value = '';
+            the_form.elements['pma_pw'].focus();
+            return false;
+        } // end if...else if
+    } // end if
+
+    return true;
+} // end of the 'checkPassword()' function
+
+
+/**
+ * Validates the "add an user" form
+ *
+ * @return  boolean  whether the form is validated or not
+ */
+function checkAddUser()
+{
+    var the_form = document.forms['addUserForm'];
+
+    if (the_form.elements['anyhost'][1].checked && the_form.elements['host'].value == '') {
+        alert(jsHostEmpty);
+        the_form.elements['host'].focus();
+        return false;
+    }
+
+    if (the_form.elements['anyuser'][1].checked && the_form.elements['pma_user'].value == '') {
+        alert(jsUserEmpty);
+        the_form.elements['pma_user'].focus();
+        return false;
+    }
+
+    return checkPassword(the_form);
+} // end of the 'addUser()' function
+
+
+/**
+ * Gets the list of selected options in combo
+ *
+ * @param   object  the form to check
+ *
+ * @return  string  the list of selected options
+ */
+function getSelected(the_field) {
+    var the_list = '';
+    var opts     = the_field.options;
+    var opts_cnt = opts.length;
+
+    for (var i = 0; i < opts_cnt; i++) {
+        if (opts[i].selected) {
+            the_list += opts[i].text + ', ';
+        }
+    } // end for
+
+    return the_list.substring(0, the_list.length - 2);
+} // end of the 'getSelected()' function
+
+
+/**
+ * Reloads the page to get tables names in a database or fields names in a
+ * table
+ *
+ * @param  object  the input text box to build the query from
+ */
+function change(the_field) {
+    var l        = location.href;
+    var box_name = the_field.name;
+
+    if (box_name == 'dbgrant') {
+        var lpos = l.indexOf('&' + box_name);
+        if (lpos >= 0) {
+            l = l.substring(0, lpos);
+        }
+    } // end if
+
+    location.href = l + '&' + box_name + '=' + getSelected(the_field);
+} // end of the 'change()' function
+
+
+/**
+ * Checks/unchecks all privileges
+ *
+ * @param   string   the form name
+ * @param   boolean  whether to check or to uncheck the element
+ *
+ * @return  boolean  always true
+ */
+function checkForm(the_form, do_check) {
+    var elts      = document.forms[the_form].elements;
+    var elts_cnt  = elts.length;
+
+    for (var i = 0; i < elts_cnt; i++) {
+        var whichElt = elts[i].name;
+        if (whichElt.indexOf('_priv') >= 0) {
+            document.forms[the_form].elements[whichElt].checked = do_check;
+        } // end if
+    } // end for
+
+    return true;
+} // end of the 'checkForm()' function