setHTMLTitle("Benutzer");
$HTML->importSeitenInhalt("users.html");
if(!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100)
{
$HTML->setHTMLTitle("Kein Zugriff");
$HTML->SetSeitenInhalt("Dazu hast du keine Rechte!");
$HTML->build();
echo $HTML->ausgabe();
die();
}
include 'app/OpenSim.php';
$opensim = new OpenSim();
if($_SERVER['REQUEST_METHOD'] == 'POST') {
include 'app/FormValidator.php';
if(isset($_POST['genpw'])) {
$validator = new FormValidator(array(
'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/')
));
if($validator->isValid($_POST)) {
$NEWPW = substr(str_shuffle(str_repeat($x='0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ', ceil(10/strlen($x)) )),1,10); // Generate random password (10 characters)
$salt = bin2hex(random_bytes(16));
$hash = md5(md5($NEWPW).':'.$salt);
$statement = $RUNTIME['PDO']->prepare('UPDATE auth SET passwordHash = :PasswordHash, passwordSalt = :PasswordSalt WHERE UUID = :PrincipalID');
$statement->execute(['PasswordHash' => $hash, 'PasswordSalt' => $salt, 'PrincipalID' => $_REQUEST['userid']]);
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", '
Das Passwort für '.htmlspecialchars($opensim->getUserName($_REQUEST['userid'])).' wurde geändert. Das neue Passwort ist '.htmlspecialchars($NEWPW).'
');
}
}
else if(isset($_POST['generateLink'])) {
$validator = new FormValidator(array()); // Needed only for CSRF token validation
if($validator->isValid($_POST)) {
$inviteID = bin2hex(random_bytes(16));
$link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID;
$statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)');
$statement->execute(['InviteCode' => $inviteID]);
$HTML->ReplaceSeitenInhalt("%%link%%", $link);
}
}
}
$statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))");
$statement->execute();
$table = 'Vorname | Nachname | Status | Aktionen |
%%ENTRY%%
';
$statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts ORDER BY Created ASC");
$statement->execute();
while($row = $statement->fetch())
{
$entry = ''.htmlspecialchars($row['FirstName']).' | '.htmlspecialchars($row['LastName']).' | '.htmlspecialchars($row['UserLevel']).' | |
';
$table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table);
}
$table = str_replace("%%ENTRY%%", "", $table);
$HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table);
$HTML->ReplaceSeitenInhalt("%%link%%", ' ');
$HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' ');
$HTML->build();
echo $HTML->ausgabe();
?>