setHTMLTitle("Benutzer"); $HTML->importSeitenInhalt("users.html"); if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) { $HTML->setHTMLTitle("Kein Zugriff"); $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!"); $HTML->build(); echo $HTML->ausgabe(); die(); } include 'app/OpenSim.php'; $opensim = new OpenSim(); if($_SERVER['REQUEST_METHOD'] == 'POST') { include 'app/FormValidator.php'; if(isset($_POST['genpw'])) { $validator = new FormValidator(array( 'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); if($validator->isValid($_POST)) { require_once 'app/utils.php'; $token = generateToken(32); $setToken = $RUNTIME['PDO']->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)'); $setToken->execute([$_POST['userid'], $token, time()]); $resetLink = "https://".$RUNTIME['DOMAIN'].'/index.php?page=reset-password&token='.$token; $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ''); } } else if(isset($_POST['generateLink'])) { $validator = new FormValidator(array()); // Needed only for CSRF token validation if($validator->isValid($_POST)) { $inviteID = bin2hex(random_bytes(16)); $link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID; $statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)'); $statement->execute(['InviteCode' => $inviteID]); $HTML->ReplaceSeitenInhalt("%%link%%", $link); } } } $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); $statement->execute(); $table = '%%ENTRY%%
VornameNachnameStatusAktionen
'; $statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC"); $statement->execute(); while($row = $statement->fetch()) { $entry = ''.htmlspecialchars($row['FirstName']).''.htmlspecialchars($row['LastName']).''.htmlspecialchars($row['UserLevel']).'
%%CSRF%%
'; $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); } $table = str_replace("%%ENTRY%%", "", $table); $HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table); $HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' '); $HTML->build(); echo $HTML->ausgabe(); ?>