2020-06-03 15:31:18 +00:00
< ? php
2021-01-07 14:30:23 +00:00
function generateRandomString ( $length = 10 ) {
return substr ( str_shuffle ( str_repeat ( $x = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' , ceil ( $length / strlen ( $x )) )), 1 , $length );
}
2020-06-03 15:31:18 +00:00
if ( @ $_SESSION [ 'LEVEL' ] < 100 )
{
$HTML -> setHTMLTitle ( " Kein Zugriff " );
$HTML -> SetSeitenInhalt ( " Dazu hast du keine Rechte! " );
$HTML -> build ();
echo $HTML -> ausgabe ();
die ();
2020-08-04 10:00:38 +00:00
}
$HTML -> setHTMLTitle ( " Benutzer " );
$HTML -> importSeitenInhalt ( " pages/HTML/users.html " );
2021-01-07 14:30:23 +00:00
if ( @ $_REQUEST [ 'action' ] == 'genpw' && @ $_REQUEST [ 'userid' ] != '' )
{
$SALT = md5 ( rand ( 1111 , 9999 ));
$NEWPW = generateRandomString ( 10 );
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID' );
$statement -> execute ([ 'PasswordHash' => md5 ( md5 ( $NEWPW ) . " : " . $SALT ), 'PrincipalID' => $_REQUEST [ 'userid' ]]);
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE auth SET passwordSalt = :passwordSalt WHERE UUID = :PrincipalID' );
$statement -> execute ([ 'passwordSalt' => $SALT , 'PrincipalID' => $_REQUEST [ 'userid' ]]);
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , '<div class="alert alert-danger" role="alert">Das Passwort für ' . $RUNTIME [ 'OPENSIM' ] -> getUserName ( $_REQUEST [ 'userid' ]) . ' wurde geändert. Das neue Passwort ist <b>' . $NEWPW . '</b></div>' );
}
2020-08-04 10:08:41 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`)) " );
$statement -> execute ();
if ( isset ( $_REQUEST [ 'generateLink' ]) || @ $_REQUEST [ 'generateLink' ] != " " )
{
$inviteID = md5 ( time () . $_SESSION [ 'UUID' ] . rand ( 11111 , 9999999 ));
$link = " https:// " . $_SERVER [ 'SERVER_NAME' ] . " /index.php?page=register&code= " . $inviteID ;
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)' );
$statement -> execute ([ 'InviteCode' => $inviteID ]);
$HTML -> ReplaceSeitenInhalt ( " %%link%% " , $link );
}
2020-08-04 10:00:38 +00:00
$table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>' ;
2020-06-03 15:31:18 +00:00
2020-08-04 10:00:38 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " SELECT * FROM UserAccounts ORDER BY Created ASC " );
$statement -> execute ();
while ( $row = $statement -> fetch ())
{
2021-01-07 14:30:23 +00:00
$entry = '<tr><td>' . $row [ 'FirstName' ] . '</td><td>' . $row [ 'LastName' ] . '</td><td>' . $row [ 'UserLevel' ] . '</td><td><a href="index.php?page=users&action=genpw&userid=' . $row [ 'PrincipalID' ] . '">PASSWORT ÄNDERN</a></td></tr>' ;
2020-08-04 10:00:38 +00:00
$table = str_replace ( " %%ENTRY%% " , $entry . " %%ENTRY%% " , $table );
2020-06-03 15:31:18 +00:00
}
2020-08-04 10:00:38 +00:00
$table = str_replace ( " %%ENTRY%% " , " " , $table );
2021-01-07 14:30:23 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%USER-LIST%% " , $table );
2020-08-04 10:08:41 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%link%% " , ' ' );
2021-01-07 14:30:23 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , ' ' );
2020-08-04 10:00:38 +00:00
$HTML -> build ();
echo $HTML -> ausgabe ();
2020-06-03 15:31:18 +00:00
?>
