1
0
Fork 0
Manager/pages/users.php

74 lines
4.6 KiB
PHP
Raw Normal View History

2020-06-03 15:31:18 +00:00
<?php
$HTML->setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("users.html");
$HTML->addHTMLHeader('<link rel="stylesheet" href="./style/admin-users.css">');
2021-01-07 14:30:23 +00:00
2023-08-27 03:31:32 +00:00
if (!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) {
2020-06-03 15:31:18 +00:00
$HTML->setHTMLTitle("Kein Zugriff");
$HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
$HTML->build();
echo $HTML->ausgabe();
die();
2020-08-04 10:00:38 +00:00
}
2023-08-27 03:31:32 +00:00
include_once 'app/OpenSim.php';
$opensim = new OpenSim();
2023-08-27 03:31:32 +00:00
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
include_once 'app/FormValidator.php';
if (isset($_POST['genpw'])) {
$validator = new FormValidator(array(
'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
));
2023-08-27 03:31:32 +00:00
if ($validator->isValid($_POST)) {
require_once 'app/utils.php';
$token = generateToken(32);
$setToken = $RUNTIME['PDO']->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)');
$setToken->execute([$_POST['userid'], $token, time()]);
$resetLink = "https://".$RUNTIME['DOMAIN'].'/index.php?page=reset-password&token='.$token;
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.htmlspecialchars($opensim->getUserName($_REQUEST['userid'])).' kann in den nächsten 24 Stunden über diesen Link zurückgesetzt werden: <b>'.$resetLink.'</b></div>');
}
2023-08-27 03:31:32 +00:00
} elseif (isset($_POST['generateLink'])) {
$validator = new FormValidator(array()); // Needed only for CSRF token validation
2021-01-07 14:30:23 +00:00
2023-08-27 03:31:32 +00:00
if ($validator->isValid($_POST)) {
$inviteID = bin2hex(random_bytes(16));
$link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID;
$statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)');
$statement->execute(['InviteCode' => $inviteID]);
$HTML->ReplaceSeitenInhalt("%%link%%", $link);
}
}
2021-01-07 14:30:23 +00:00
}
2023-08-27 03:31:32 +00:00
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))");
2020-08-04 10:08:41 +00:00
$statement->execute();
2020-08-04 10:00:38 +00:00
$table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
2020-06-03 15:31:18 +00:00
// Only select current primary account
$statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts JOIN auth ON auth.UUID = UserAccounts.PrincipalID ORDER BY Created ASC");
2023-08-27 03:31:32 +00:00
$statement->execute();
2020-08-04 10:00:38 +00:00
$statementIdent = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,IdentityID FROM UserIdentitys JOIN UserAccounts ON UserAccounts.PrincipalID = UserIdentitys.IdentityID WHERE UserIdentitys.PrincipalID = ? AND UserIdentitys.PrincipalID != UserIdentitys.IdentityID");
2023-08-27 03:31:32 +00:00
while ($row = $statement->fetch()) {
$entry = '<tr><td>'.htmlspecialchars($row['FirstName']).'</td><td>'.htmlspecialchars($row['LastName']).'</td><td>'.htmlspecialchars($row['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($row['PrincipalID']).'"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ZURÜCKSETZEN</button> <button type="submit" name="deluser" class="btn btn-link btn-sm" style="color: red">LÖSCHEN</button></form></td></tr>';
$statementIdent->execute([$row['PrincipalID']]);
while ($identRow = $statementIdent->fetch()) {
$entry = $entry.'<tr class="ident-row"><td>'.htmlspecialchars($identRow['FirstName']).'</td><td>'.htmlspecialchars($identRow['LastName']).'</td><td>'.htmlspecialchars($identRow['UserLevel']).'</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="'.htmlspecialchars($identRow['IdentityID']).'"><button type="submit" name="delident" class="btn btn-link btn-sm">Identität löschen</button></form></td></tr>';
}
2020-08-04 10:00:38 +00:00
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
2020-06-03 15:31:18 +00:00
}
2020-08-04 10:00:38 +00:00
$table = str_replace("%%ENTRY%%", "", $table);
2021-01-07 14:30:23 +00:00
$HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table);
2023-08-27 03:31:32 +00:00
$HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' ');
2020-08-04 10:00:38 +00:00
$HTML->build();
echo $HTML->ausgabe();