2020-06-03 15:31:18 +00:00
< ? php
2023-08-23 16:16:35 +00:00
$HTML -> setHTMLTitle ( " Benutzer " );
$HTML -> importSeitenInhalt ( " users.html " );
2021-01-07 14:30:23 +00:00
2023-08-27 03:31:32 +00:00
if ( ! isset ( $_SESSION [ 'LOGIN' ]) || ! isset ( $_SESSION [ 'LEVEL' ]) || $_SESSION [ 'LEVEL' ] < 100 ) {
2020-06-03 15:31:18 +00:00
$HTML -> setHTMLTitle ( " Kein Zugriff " );
$HTML -> SetSeitenInhalt ( " Dazu hast du keine Rechte! " );
$HTML -> build ();
echo $HTML -> ausgabe ();
die ();
2020-08-04 10:00:38 +00:00
}
2023-08-27 03:31:32 +00:00
include_once 'app/OpenSim.php' ;
2023-08-23 16:16:35 +00:00
$opensim = new OpenSim ();
2023-08-27 03:31:32 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' ) {
include_once 'app/FormValidator.php' ;
if ( isset ( $_POST [ 'genpw' ])) {
2023-08-23 16:16:35 +00:00
$validator = new FormValidator ( array (
2023-08-23 16:16:36 +00:00
'userid' => array ( 'required' => true , 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/' )
2023-08-23 16:16:35 +00:00
));
2023-08-23 16:16:35 +00:00
2023-08-27 03:31:32 +00:00
if ( $validator -> isValid ( $_POST )) {
2023-08-23 16:16:36 +00:00
require_once 'app/utils.php' ;
$token = generateToken ( 32 );
$setToken = $RUNTIME [ 'PDO' ] -> prepare ( 'REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)' );
$setToken -> execute ([ $_POST [ 'userid' ], $token , time ()]);
$resetLink = " https:// " . $RUNTIME [ 'DOMAIN' ] . '/index.php?page=reset-password&token=' . $token ;
2023-08-23 16:16:36 +00:00
2023-08-23 16:16:36 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , '<div class="alert alert-danger" role="alert">Das Passwort für ' . htmlspecialchars ( $opensim -> getUserName ( $_REQUEST [ 'userid' ])) . ' kann in den nächsten 24 Stunden über diesen Link zurückgesetzt werden: <b>' . $resetLink . '</b></div>' );
2023-08-23 16:16:35 +00:00
}
2023-08-27 03:31:32 +00:00
} elseif ( isset ( $_POST [ 'generateLink' ])) {
2023-08-23 16:16:35 +00:00
$validator = new FormValidator ( array ()); // Needed only for CSRF token validation
2021-01-07 14:30:23 +00:00
2023-08-27 03:31:32 +00:00
if ( $validator -> isValid ( $_POST )) {
2023-08-23 16:16:35 +00:00
$inviteID = bin2hex ( random_bytes ( 16 ));
2023-08-23 16:16:35 +00:00
$link = " https:// " . $_SERVER [ 'SERVER_NAME' ] . " /index.php?page=register&code= " . $inviteID ;
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)' );
$statement -> execute ([ 'InviteCode' => $inviteID ]);
$HTML -> ReplaceSeitenInhalt ( " %%link%% " , $link );
}
}
2021-01-07 14:30:23 +00:00
}
2023-08-27 03:31:32 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`)) " );
2020-08-04 10:08:41 +00:00
$statement -> execute ();
2020-08-04 10:00:38 +00:00
$table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>' ;
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:34 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC " );
2023-08-27 03:31:32 +00:00
$statement -> execute ();
2020-08-04 10:00:38 +00:00
2023-08-27 03:31:32 +00:00
while ( $row = $statement -> fetch ()) {
2023-08-23 16:16:36 +00:00
$entry = '<tr><td>' . htmlspecialchars ( $row [ 'FirstName' ]) . '</td><td>' . htmlspecialchars ( $row [ 'LastName' ]) . '</td><td>' . htmlspecialchars ( $row [ 'UserLevel' ]) . '</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="' . htmlspecialchars ( $row [ 'PrincipalID' ]) . '"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button></form></td></tr>' ;
2020-08-04 10:00:38 +00:00
$table = str_replace ( " %%ENTRY%% " , $entry . " %%ENTRY%% " , $table );
2020-06-03 15:31:18 +00:00
}
2020-08-04 10:00:38 +00:00
$table = str_replace ( " %%ENTRY%% " , " " , $table );
2021-01-07 14:30:23 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%USER-LIST%% " , $table );
2023-08-27 03:31:32 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%link%% " , ' ' );
2023-08-23 16:16:35 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , ' ' );
2020-08-04 10:00:38 +00:00
$HTML -> build ();
echo $HTML -> ausgabe ();