diff options
| -rwxr-xr-x | editusers.cgi | 9 | ||||
| -rw-r--r-- | template/en/default/admin/users/search.html.tmpl | 10 |
2 files changed, 12 insertions, 7 deletions
diff --git a/editusers.cgi b/editusers.cgi index e12fc35b6..f4e3c0841 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -68,7 +68,7 @@ if ($action eq 'search') { my $matchstr = trim($cgi->param('matchstr')); my $matchtype = $cgi->param('matchtype'); my $grouprestrict = $cgi->param('grouprestrict') || '0'; - my $enabled_only = $cgi->param('enabled_only') || '0'; + my $is_enabled = scalar $cgi->param('is_enabled'); my $query = 'SELECT DISTINCT userid, login_name, realname, is_enabled, ' . $dbh->sql_date_format('last_seen_date', '%Y-%m-%d') . ' AS last_seen_date ' . 'FROM profiles'; @@ -160,11 +160,12 @@ if ($action eq 'search') { $query .= " $nextCondition ugm.group_id IN($grouplist) "; } - if ($enabled_only eq '1') { - $query .= " $nextCondition profiles.is_enabled = 1 "; + detaint_natural($is_enabled); + if ($is_enabled == 0 || $is_enabled == 1) { + $query .= " $nextCondition profiles.is_enabled = ?"; $nextCondition = 'AND'; + push(@bindValues, $is_enabled); } - $query .= ' ORDER BY profiles.login_name'; $vars->{'users'} = $dbh->selectall_arrayref($query, diff --git a/template/en/default/admin/users/search.html.tmpl b/template/en/default/admin/users/search.html.tmpl index c66af4c5c..55b7300a6 100644 --- a/template/en/default/admin/users/search.html.tmpl +++ b/template/en/default/admin/users/search.html.tmpl @@ -56,9 +56,13 @@ [% END %] <p> - <input type="checkbox" name="enabled_only" value="1" id="enabled_only" - checked="checked"> - <label for="enabled_only">Enabled user accounts only</label> + Restrict search to + <select name="is_enabled"> + <option value="2">All</option> + <option value="1" selected>Enabled</option> + <option value="0">Disabled</option> + </select> + users. </p> [% Hook.process('end') %] |