2020-06-03 15:31:18 +00:00
< ? php
2023-08-23 16:16:35 +00:00
$HTML -> setHTMLTitle ( " Benutzer " );
$HTML -> importSeitenInhalt ( " users.html " );
2021-01-07 14:30:23 +00:00
2023-08-23 16:16:35 +00:00
if ( ! isset ( $_SESSION [ 'LOGIN' ]) || ! isset ( $_SESSION [ 'LEVEL' ]) || $_SESSION [ 'LEVEL' ] < 100 )
2020-06-03 15:31:18 +00:00
{
$HTML -> setHTMLTitle ( " Kein Zugriff " );
$HTML -> SetSeitenInhalt ( " Dazu hast du keine Rechte! " );
$HTML -> build ();
echo $HTML -> ausgabe ();
die ();
2020-08-04 10:00:38 +00:00
}
2023-08-23 16:16:35 +00:00
include 'app/OpenSim.php' ;
$opensim = new OpenSim ();
2023-08-23 16:16:35 +00:00
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' ) {
include 'app/FormValidator.php' ;
2023-08-23 16:16:35 +00:00
if ( isset ( $_POST [ 'genpw' ])) {
$validator = new FormValidator ( array (
'userid' => array ( 'required' => true , 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/' )
));
2023-08-23 16:16:35 +00:00
2023-08-23 16:16:35 +00:00
if ( $validator -> isValid ( $_POST )) {
$NEWPW = substr ( str_shuffle ( str_repeat ( $x = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ' , ceil ( 10 / strlen ( $x )) )), 1 , 10 ); // Generate random password (10 characters)
2021-01-07 14:30:23 +00:00
2023-08-23 16:16:35 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID' );
$statement -> execute ([ 'PasswordHash' => password_hash ( $NEWPW , PASSWORD_ARGON2ID ), 'PrincipalID' => $_REQUEST [ 'userid' ]]);
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , '<div class="alert alert-danger" role="alert">Das Passwort für ' . htmlspecialchars ( $opensim -> getUserName ( $_REQUEST [ 'userid' ])) . ' wurde geändert. Das neue Passwort ist <b>' . htmlspecialchars ( $NEWPW ) . '</b></div>' );
}
}
else if ( isset ( $_POST [ 'generateLink' ])) {
$validator = new FormValidator ( array ()); // Needed only for CSRF token validation
2021-01-07 14:30:23 +00:00
2023-08-23 16:16:35 +00:00
if ( $validator -> isValid ( $_POST )) {
2023-08-23 16:16:35 +00:00
$inviteID = bin2hex ( random_bytes ( 16 ));
2023-08-23 16:16:35 +00:00
$link = " https:// " . $_SERVER [ 'SERVER_NAME' ] . " /index.php?page=register&code= " . $inviteID ;
$statement = $RUNTIME [ 'PDO' ] -> prepare ( 'INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)' );
$statement -> execute ([ 'InviteCode' => $inviteID ]);
$HTML -> ReplaceSeitenInhalt ( " %%link%% " , $link );
}
}
2021-01-07 14:30:23 +00:00
}
2020-08-04 10:08:41 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`)) " );
$statement -> execute ();
2020-08-04 10:00:38 +00:00
$table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>' ;
2020-06-03 15:31:18 +00:00
2023-08-23 16:16:34 +00:00
$statement = $RUNTIME [ 'PDO' ] -> prepare ( " SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC " );
2020-08-04 10:00:38 +00:00
$statement -> execute ();
while ( $row = $statement -> fetch ())
{
2023-08-23 16:16:35 +00:00
$entry = '<tr><td>' . htmlspecialchars ( $row [ 'FirstName' ]) . '</td><td>' . htmlspecialchars ( $row [ 'LastName' ]) . '</td><td>' . htmlspecialchars ( $row [ 'UserLevel' ]) . '</td><td><form action="index.php?page=users" method="post">%%CSRF%%<input type="hidden" name="userid" value="' . htmlspecialchars ( $row [ 'PrincipalID' ]) . '"><button type="submit" name="genpw" class="btn btn-link btn-sm">PASSWORT ÄNDERN</button></form></td></tr>' ;
2020-08-04 10:00:38 +00:00
$table = str_replace ( " %%ENTRY%% " , $entry . " %%ENTRY%% " , $table );
2020-06-03 15:31:18 +00:00
}
2020-08-04 10:00:38 +00:00
$table = str_replace ( " %%ENTRY%% " , " " , $table );
2021-01-07 14:30:23 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%USER-LIST%% " , $table );
2020-08-04 10:08:41 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%link%% " , ' ' );
2023-08-23 16:16:35 +00:00
$HTML -> ReplaceSeitenInhalt ( " %%MESSAGE%% " , ' ' );
2020-08-04 10:00:38 +00:00
$HTML -> build ();
echo $HTML -> ausgabe ();
2020-06-03 15:31:18 +00:00
?>