<?php
    function generateRandomString($length = 10) {
        return substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil($length/strlen($x)) )),1,$length);
    }

    if(@$_SESSION['LEVEL'] < 100)
    {
        $HTML->setHTMLTitle("Kein Zugriff");
        $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
        $HTML->build();
        echo $HTML->ausgabe();
        die();
    }

    $HTML->setHTMLTitle("Benutzer");
    $HTML->importSeitenInhalt("pages/HTML/users.html");

    if(@$_REQUEST['action'] == 'genpw' && @$_REQUEST['userid'] != '')
    {
        $SALT   =   md5(rand(1111, 9999));
        $NEWPW  =   generateRandomString(10);

        $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID'); 
        $statement->execute(['PasswordHash' => md5(md5($NEWPW).":".$SALT), 'PrincipalID' => $_REQUEST['userid']]);

        $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordSalt = :passwordSalt WHERE UUID = :PrincipalID'); 
        $statement->execute(['passwordSalt' => $SALT, 'PrincipalID' => $_REQUEST['userid']]);

        $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '<div class="alert alert-danger" role="alert">Das Passwort für '.$RUNTIME['OPENSIM']->getUserName($_REQUEST['userid']).' wurde geändert. Das neue Passwort ist <b>'.$NEWPW.'</b></div>'); 
    }

    $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); 
    $statement->execute();

    if(isset($_REQUEST['generateLink']) || @$_REQUEST['generateLink'] != "")
    {
        $inviteID   =   md5(time().$_SESSION['UUID'].rand(11111, 9999999));
        $link       =   "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID;

        $statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)'); 
        $statement->execute(['InviteCode' => $inviteID]);

        $HTML->ReplaceSeitenInhalt("%%link%%", $link); 
    }

    $table = '<table class="table"><thead><tr><th scope="col">Vorname</th><th scope="col">Nachname</th><th scope="col">Status</th><th scope="col">Aktionen</th></thead><tbody>%%ENTRY%%</tbody></table>';
    
    $statement = $RUNTIME['PDO']->prepare("SELECT * FROM UserAccounts ORDER BY Created ASC");
    $statement->execute(); 

    while($row = $statement->fetch()) 
    {
        $entry = '<tr><td>'.$row['FirstName'].'</td><td>'.$row['LastName'].'</td><td>'.$row['UserLevel'].'</td><td><a href="index.php?page=users&action=genpw&userid='.$row['PrincipalID'].'">PASSWORT ÄNDERN</a></td></tr>';
        $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
    }

    $table = str_replace("%%ENTRY%%", "", $table);
    $HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table);
    $HTML->ReplaceSeitenInhalt("%%link%%", ' '); 
    $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' '); 

    $HTML->build();
    echo $HTML->ausgabe();
?>