2020-06-03 15:31:18 +00:00
< ? php
2023-08-23 16:16:35 +00:00
$HTML -> setHTMLTitle ( " Benutzer " );
$HTML -> importSeitenInhalt ( " users.html " );
2023-08-27 09:59:43 +00:00
$HTML -> addHTMLHeader ( '<link rel="stylesheet" href="./style/admin-users.css">' );
2021-01-07 14:30:23 +00:00
2023-08-27 03:31:32 +00:00
if ( ! isset ( $_SESSION [ 'LOGIN' ]) || ! isset ( $_SESSION [ 'LEVEL' ]) || $_SESSION [ 'LEVEL' ] < 100 ) {
2020-06-03 15:31:18 +00:00
$HTML -> setHTMLTitle ( " Kein Zugriff " );
$HTML -> SetSeitenInhalt ( " Dazu hast du keine Rechte! " );
$HTML -> build ();
echo $HTML -> ausgabe ();
die ();
2020-08-04 10:00:38 +00:00
}
2023-08-27 03:31:32 +00:00
include_once 'app/OpenSim.php' ;
2023-08-23 16:16:35 +00:00
$opensim = new OpenSim ();
2023-08-27 03:31:32 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' ) {
include_once 'app/FormValidator.php' ;
2023-08-27 10:20:45 +00:00
if ( isset ( $_POST [ 'generateLink' ])) {
2023-08-23 16:16:35 +00:00
$validator = new FormValidator ( array ()); // Needed only for CSRF token validation
2021-01-07 14:30:23 +00:00
2023-08-27 03:31:32 +00:00
if ( $validator -> isValid ( $_POST )) {
2023-08-23 16:16:35 +00:00
$inviteID = bin2hex ( random_bytes ( 16 ));
2023-08-23 16:16:35 +00:00
$link = " https:// " . $_SERVER [ 'SERVER_NAME' ] . " /index.php?page=register&code= " . $inviteID ;
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)' );
$statement -> execute ([ 'InviteCode' => $inviteID ]);
$HTML -> ReplaceSeitenInhalt ( " %%link%% " , $link );
}
2023-08-27 10:20:45 +00:00
} elseif ( isset ( $_POST [ 'delident' ])) {
$validator = new FormValidator ( array (
'userid' => array ( 'required' => true , 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/' ),
'identid' => array ( 'required' => true , 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/' )
));
if ( $validator -> isValid ( $_POST )) {
include_once 'app/OpenSim.php' ;
$os = new OpenSim ();
$identName = $os -> getUserName ( $_POST [ 'identid' ]);
$userName = $os -> getUserName ( $_POST [ 'userid' ]);
if ( $os -> deleteIdentity ( $_POST [ 'userid' ], $_POST [ 'identid' ])) {
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , '<div class="alert alert-danger" role="alert">Identität <b>' . $identName . '</b> von <b>' . $userName . '</b> wurde gelöscht.</div>' );
} else {
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , '<div class="alert alert-danger" role="alert">Identität <b>' . $identName . '</b> konnte nicht gelöscht werden.</div>' );
}
}
} else {
$validator = new FormValidator ( array (
'userid' => array ( 'required' => true , 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/' )
));
if ( $validator -> isValid ( $_POST )) {
if ( isset ( $_POST [ 'genpw' ])) {
require_once 'app/utils.php' ;
$token = generateToken ( 32 );
$setToken = $RUNTIME [ 'PDO' ] -> prepare ( 'REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)' );
$setToken -> execute ([ $_POST [ 'userid' ], $token , time ()]);
$resetLink = " https:// " . $RUNTIME [ 'DOMAIN' ] . '/index.php?page=reset-password&token=' . $token ;
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , '<div class="alert alert-danger" role="alert">Das Passwort für ' . htmlspecialchars ( $opensim -> getUserName ( $_POST [ 'userid' ])) . ' kann in den nächsten 24 Stunden über diesen Link zurückgesetzt werden: <b>' . $resetLink . '</b></div>' );
} elseif ( isset ( $_POST [ 'deluser' ])) {
$name = $opensim -> getUserName ( $_POST [ 'userid' ]);
if ( $opensim -> deleteUser ( $_POST [ 'userid' ])) {
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , '<div class="alert alert-danger" role="alert">Der Account <b>' . $name . '</b> wurde gelöscht.</div>' );
} else {
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , '<div class="alert alert-danger" role="alert">Der Account <b>' . $name . '</b> konnte nicht gelöscht werden.</div>' );
}
}
}
2023-08-23 16:16:35 +00:00
}
2021-01-07 14:30:23 +00:00
}
2023-08-27 03:31:32 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`)) " );
2020-08-04 10:08:41 +00:00
$statement -> execute ();
2020-08-04 10:00:38 +00:00
$table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>' ;
2020-06-03 15:31:18 +00:00
2023-08-27 09:59:43 +00:00
// Only select current primary account
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts JOIN auth ON auth.UUID = UserAccounts.PrincipalID ORDER BY Created ASC " );
2023-08-27 03:31:32 +00:00
$statement -> execute ();
2020-08-04 10:00:38 +00:00
2023-08-27 09:59:43 +00:00
$statementIdent = $RUNTIME [ 'PDO' ] -> prepare ( " SELECT FirstName,LastName,UserLevel,IdentityID FROM UserIdentitys JOIN UserAccounts ON UserAccounts.PrincipalID = UserIdentitys.IdentityID WHERE UserIdentitys.PrincipalID = ? AND UserIdentitys.PrincipalID != UserIdentitys.IdentityID " );
2023-08-27 03:31:32 +00:00
while ( $row = $statement -> fetch ()) {
2023-08-27 09:59:43 +00:00
$entry = '<tr><td>' . htmlspecialchars ( $row [ 'FirstName' ]) . '</td><td>' . htmlspecialchars ( $row [ 'LastName' ]) . '</td><td>' . htmlspecialchars ( $row [ 'UserLevel' ]) . '</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="' . htmlspecialchars ( $row [ 'PrincipalID' ]) . '"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button> <button type="submit" name="deluser" class="btn btn-link btn-sm" style="color: red">LÖSCHEN</button></form></td></tr>' ;
$statementIdent -> execute ([ $row [ 'PrincipalID' ]]);
while ( $identRow = $statementIdent -> fetch ()) {
2023-08-27 10:20:45 +00:00
$entry = $entry . '<tr class="ident-row"><td>' . htmlspecialchars ( $identRow [ 'FirstName' ]) . '</td><td>' . htmlspecialchars ( $identRow [ 'LastName' ]) . '</td><td>' . htmlspecialchars ( $identRow [ 'UserLevel' ]) . '</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="' . htmlspecialchars ( $row [ 'PrincipalID' ]) . '"><input type="hidden" name="identid" value="' . htmlspecialchars ( $identRow [ 'IdentityID' ]) . '"><button type="submit" name="delident" class="btn btn-link btn-sm">Identität löschen</button></form></td></tr>' ;
2023-08-27 09:59:43 +00:00
}
2020-08-04 10:00:38 +00:00
$table = str_replace ( " %%ENTRY%% " , $entry . " %%ENTRY%% " , $table );
2020-06-03 15:31:18 +00:00
}
2020-08-04 10:00:38 +00:00
$table = str_replace ( " %%ENTRY%% " , " " , $table );
2021-01-07 14:30:23 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%USER-LIST%% " , $table );
2023-08-27 03:31:32 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%link%% " , ' ' );
2023-08-23 16:16:35 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , ' ' );
2020-08-04 10:00:38 +00:00
$HTML -> build ();
echo $HTML -> ausgabe ();