setHTMLTitle("Benutzer"); $HTML->importSeitenInhalt("users.html"); if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) { $HTML->setHTMLTitle("Kein Zugriff"); $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!"); $HTML->build(); echo $HTML->ausgabe(); die(); } if($_SERVER['REQUEST_TYPE'] == 'POST') { include '../app/FormValidator.php'; if(isset($_POST['genpw'])) { $validator = new FormValidator(array( 'userid' => array('required' => true, 'regex' => '/[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}/') )); if($validator->isValid($_POST)) { $NEWPW = substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil(10/strlen($x)) )),1,10); // Generate random password (10 characters) $statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash WHERE UUID = :PrincipalID'); $statement->execute(['PasswordHash' => password_hash($NEWPW, PASSWORD_ARGON2ID), 'PrincipalID' => $_REQUEST['userid']]); $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ''); } } else if(isset($_POST['generateLink'])) { $validator = new FormValidator(array()); // Needed only for CSRF token validation if($validator->isValid($_POST)) { $inviteID = md5(time().$_SESSION['UUID'].rand(11111, 9999999)); $link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID; $statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)'); $statement->execute(['InviteCode' => $inviteID]); $HTML->ReplaceSeitenInhalt("%%link%%", $link); } } } include 'app/OpenSim.php'; $opensim = new OpenSim(); $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); $statement->execute(); $table = '%%ENTRY%%
VornameNachnameStatusAktionen
'; $statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC"); $statement->execute(); while($row = $statement->fetch()) { $entry = ''.htmlspecialchars($row['FirstName']).''.htmlspecialchars($row['LastName']).''.htmlspecialchars($row['UserLevel']).'
%%CSRF%%
'; $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); } $table = str_replace("%%ENTRY%%", "", $table); $HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table); $HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' '); $HTML->build(); echo $HTML->ausgabe(); ?>