1
0
Fork 0
Manager/pages/users.php

64 lines
3.1 KiB
PHP
Raw Normal View History

2020-06-03 15:31:18 +00:00
<?php
2021-01-07 14:30:23 +00:00
function generateRandomString($length = 10) {
return substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil($length/strlen($x)) )),1,$length);
}
2020-06-03 15:31:18 +00:00
if(@$_SESSION['LEVEL'] < 100)
{
$HTML->setHTMLTitle("Kein Zugriff");
$HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
$HTML->build();
echo $HTML->ausgabe();
die();
2020-08-04 10:00:38 +00:00
}
$HTML->setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("pages/HTML/users.html");
2021-01-07 14:30:23 +00:00
if(@$_REQUEST['action'] == 'genpw' && @$_REQUEST['userid'] != '')
{
$SALT = md5(rand(1111, 9999));
$NEWPW = generateRandomString(10);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => md5(md5($NEWPW).":".$SALT), 'PrincipalID' => $_REQUEST['userid']]);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordSalt = :passwordSalt WHERE UUID = :PrincipalID');
$statement->execute(['passwordSalt' => $SALT, 'PrincipalID' => $_REQUEST['userid']]);
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($RUNTIME['OPENSIM']->getUserName($_REQUEST['userid'])).' wurde geändert. Das neue Passwort ist <b>'.htmlspecialchars($NEWPW).'</b></div>');
2021-01-07 14:30:23 +00:00
}
2020-08-04 10:08:41 +00:00
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))");
$statement->execute();
if(isset($_REQUEST['generateLink']) || @$_REQUEST['generateLink'] != "")
{
$inviteID = md5(time().$_SESSION['UUID'].rand(11111, 9999999));
$link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID;
$statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)');
$statement->execute(['InviteCode' => $inviteID]);
$HTML->ReplaceSeitenInhalt("%%link%%", $link);
}
2020-08-04 10:00:38 +00:00
$table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:34 +00:00
$statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC");
2020-08-04 10:00:38 +00:00
$statement->execute();
while($row = $statement->fetch())
{
$entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><a href="index.php?page=users&action=genpw&userid='.htmlspecialchars($row['PrincipalID']).'">PASSWORT ÄNDERN</a></td></tr>';
2020-08-04 10:00:38 +00:00
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
2020-06-03 15:31:18 +00:00
}
2020-08-04 10:00:38 +00:00
$table = str_replace("%%ENTRY%%", "", $table);
2021-01-07 14:30:23 +00:00
$HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table);
2020-08-04 10:08:41 +00:00
$HTML->ReplaceSeitenInhalt("%%link%%", ' ');
2021-01-07 14:30:23 +00:00
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' ');
2020-08-04 10:00:38 +00:00
$HTML->build();
echo $HTML->ausgabe();
2020-06-03 15:31:18 +00:00
?>