setHTMLTitle("Benutzer"); $HTML->importSeitenInhalt("users.html"); $HTML->addHTMLHeader(''); if (!isset($_SESSION['LOGIN']) || !isset($_SESSION['LEVEL']) || $_SESSION['LEVEL'] < 100) { $HTML->setHTMLTitle("Kein Zugriff"); $HTML->SetSeitenInhalt("Dazu hast du keine Rechte!"); $HTML->build(); echo $HTML->ausgabe(); die(); } include_once 'app/OpenSim.php'; $opensim = new OpenSim(); if ($_SERVER['REQUEST_METHOD'] == 'POST') { include_once 'app/FormValidator.php'; if (isset($_POST['generateLink'])) { $validator = new FormValidator(array()); // Needed only for CSRF token validation if ($validator->isValid($_POST)) { $inviteID = bin2hex(random_bytes(16)); $link = "https://".$_SERVER['SERVER_NAME']."/index.php?page=register&code=".$inviteID; $statement = $RUNTIME['PDO']->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)'); $statement->execute(['InviteCode' => $inviteID]); $HTML->ReplaceSeitenInhalt("%%link%%", $link); } } elseif (isset($_POST['delident'])) { $validator = new FormValidator(array( 'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/'), 'identid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); if ($validator->isValid($_POST)) { include_once 'app/OpenSim.php'; $os = new OpenSim(); $identName = $os->getUserName($_POST['identid']); $userName = $os->getUserName($_POST['userid']); if($os->deleteIdentity($_POST['userid'], $_POST['identid'])) { $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ''); } else { $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ''); } } } else { $validator = new FormValidator(array( 'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); if ($validator->isValid($_POST)) { if (isset($_POST['genpw'])) { require_once 'app/utils.php'; $token = generateToken(32); $setToken = $RUNTIME['PDO']->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)'); $setToken->execute([$_POST['userid'], $token, time()]); $resetLink = "https://".$RUNTIME['DOMAIN'].'/index.php?page=reset-password&token='.$token; $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ''); } elseif (isset($_POST['deluser'])) { $name = $opensim->getUserName($_POST['userid']); if ($opensim->deleteUser($_POST['userid'])) { $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ''); } else { $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ''); } } } } } $statement = $RUNTIME['PDO']->prepare("CREATE TABLE IF NOT EXISTS `InviteCodes` (`InviteCode` VARCHAR(64) NOT NULL, PRIMARY KEY (`InviteCode`))"); $statement->execute(); $table = '%%ENTRY%%
VornameNachnameStatusAktionen
'; // Only select current primary account $statement = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts JOIN auth ON auth.UUID = UserAccounts.PrincipalID ORDER BY Created ASC"); $statement->execute(); $statementIdent = $RUNTIME['PDO']->prepare("SELECT FirstName,LastName,UserLevel,IdentityID FROM UserIdentitys JOIN UserAccounts ON UserAccounts.PrincipalID = UserIdentitys.IdentityID WHERE UserIdentitys.PrincipalID = ? AND UserIdentitys.PrincipalID != UserIdentitys.IdentityID"); while ($row = $statement->fetch()) { $entry = ''.htmlspecialchars($row['FirstName']).''.htmlspecialchars($row['LastName']).''.htmlspecialchars($row['UserLevel']).'
%%CSRF%%
'; $statementIdent->execute([$row['PrincipalID']]); while ($identRow = $statementIdent->fetch()) { $entry = $entry.''.htmlspecialchars($identRow['FirstName']).''.htmlspecialchars($identRow['LastName']).''.htmlspecialchars($identRow['UserLevel']).'
%%CSRF%%
'; } $table = str_replace("%%ENTRY%%", $entry."%%ENTRY%%", $table); } $table = str_replace("%%ENTRY%%", "", $table); $HTML->ReplaceSeitenInhalt("%%USER-LIST%%", $table); $HTML->ReplaceSeitenInhalt("%%link%%", ' '); $HTML->ReplaceSeitenInhalt("%%MESSAGE%%", ' '); $HTML->build(); echo $HTML->ausgabe();