config('domain'))); } public function get(): void { $table = ''; // Only select current primary account $statement = $this->app->db()->prepare("SELECT FirstName,LastName,UserLevel,PrincipalID FROM UserAccounts JOIN auth ON auth.UUID = UserAccounts.PrincipalID ORDER BY Created ASC"); $statement->execute(); $statementIdent = $this->app->db()->prepare("SELECT FirstName,LastName,UserLevel,IdentityID FROM UserIdentitys JOIN UserAccounts ON UserAccounts.PrincipalID = UserIdentitys.IdentityID WHERE UserIdentitys.PrincipalID = ? AND UserIdentitys.PrincipalID != UserIdentitys.IdentityID"); $csrf = $this->app->csrfField(); while ($row = $statement->fetch()) { $entry = ''; $statementIdent->execute([$row['PrincipalID']]); while ($identRow = $statementIdent->fetch()) { $entry = $entry.''; } $table = $table.$entry; } $tpl = $this->app->template('users.php')->parent('__dashboard.php')->vars([ 'title' => 'Benutzer', 'username' => $_SESSION['DISPLAYNAME'] ])->unsafeVar('user-list', $table.'
VornameNachnameStatusAktionen
'.htmlspecialchars($row['FirstName']).''.htmlspecialchars($row['LastName']).''.htmlspecialchars(strval($row['UserLevel'])).'
'.$csrf.'
'.htmlspecialchars($identRow['FirstName']).''.htmlspecialchars($identRow['LastName']).''.htmlspecialchars(strval($identRow['UserLevel'])).'
'.$csrf.'
') ->unsafeVar('users-message', isset($_SESSION['users-message']) ? $_SESSION['users-message'] : ''); if (isset($_SESSION['users-message'])) { $tpl->unsafeVar('users-message', $_SESSION['users-message']); unset($_SESSION['users-message']); } if (isset($_SESSION['invite-id'])) { $tpl->var('invite-link', 'https://'.$this->app->config('domain').'/index.php?page=register&code='.$_SESSION['invite-id']); unset($_SESSION['invite-id']); } $tpl->render(); } public function post(): void { if (isset($_POST['generateLink'])) { $validator = new FormValidator(array()); // Needed only for CSRF token validation if ($validator->isValid($_POST)) { $inviteID = bin2hex(random_bytes(16)); $statement = $this->app->db()->prepare('INSERT INTO `InviteCodes` (`InviteCode`) VALUES (:InviteCode)'); $statement->execute(['InviteCode' => $inviteID]); $_SESSION['invite-id'] = $inviteID; } } elseif (isset($_POST['delident'])) { $validator = new FormValidator(array( 'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/'), 'identid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); if ($validator->isValid($_POST)) { $os = new OpenSim($this->app->db()); $identName = $os->getUserName($_POST['identid']); $userName = $os->getUserName($_POST['userid']); if ($os->deleteIdentity($_POST['userid'], $_POST['identid'])) { $_SESSION['users-message'] = 'Identität '.$identName.' von '.$userName.' wurde gelöscht.'; } else { $_SESSION['users-message'] = 'Identität '.$identName.' konnte nicht gelöscht werden.'; } } } else { $validator = new FormValidator(array( 'userid' => array('required' => true, 'regex' => '/^[a-f0-9]{8}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{4}-[a-f0-9]{12}$/') )); if ($validator->isValid($_POST)) { $opensim = new OpenSim($this->app->db()); if (isset($_POST['genpw'])) { $token = Util::generateToken(32); $setToken = $this->app->db()->prepare('REPLACE INTO PasswordResetTokens(PrincipalID,Token,RequestTime) VALUES(?,?,?)'); $setToken->execute([$_POST['userid'], $token, time()]); $resetLink = "https://".$this->app->config('domain').'/index.php?page=reset-password&token='.$token; $_SESSION['users-message'] = 'Das Passwort für '.htmlspecialchars($opensim->getUserName($_POST['userid'])).' kann in den nächsten 24 Stunden über diesen Link zurückgesetzt werden: '.$resetLink.''; } elseif (isset($_POST['deluser'])) { $name = $opensim->getUserName($_POST['userid']); if ($opensim->deleteUser($_POST['userid'])) { $_SESSION['users-message'] = 'Der Account '.$name.' wurde gelöscht.'; } else { $_SESSION['users-message'] = 'Der Account '.$name.' konnte nicht gelöscht werden.'; } } } } header('Location: index.php?page=users'); } }