207 lines
7.4 KiB
PHP
207 lines
7.4 KiB
PHP
|
<?php
|
||
|
/**
|
||
|
* /subs/part/users_backend.php
|
||
|
* @version 2.1
|
||
|
* @desc users backend
|
||
|
* @author Fándly Gergő Zoltán (fandlygergo@gmail.hu, systemtest.tk)
|
||
|
* @copy 2017 Fándly Gergő Zoltán
|
||
|
* License:
|
||
|
Result Manager for managing results of students in bilingual school systems.
|
||
|
Copyright (C) 2017 Fándly Gergő Zoltán
|
||
|
|
||
|
This program is free software: you can redistribute it and/or modify
|
||
|
it under the terms of the GNU General Public License as published by
|
||
|
the Free Software Foundation, either version 3 of the License, or
|
||
|
(at your option) any later version.
|
||
|
|
||
|
This program is distributed in the hope that it will be useful,
|
||
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||
|
GNU General Public License for more details.
|
||
|
|
||
|
You should have received a copy of the GNU General Public License
|
||
|
along with this program. If not, see <https://www.gnu.org/licenses/>.
|
||
|
**/
|
||
|
|
||
|
try{
|
||
|
|
||
|
if(isset($_GET['list'])){
|
||
|
$filter="WHERE id<>1";
|
||
|
$filter_array=array();
|
||
|
if(isset($_POST['filter'])){
|
||
|
if(isset($_POST['f_search'])){
|
||
|
if($_POST['f_search']!=""){
|
||
|
$filter.=" and (username LIKE ? or fullname LIKE ? or class LIKE ?)";
|
||
|
array_push($filter_array, "%".$_POST['f_search']."%", "%".$_POST['f_search']."%", "%".$_POST['f_search']."%");
|
||
|
}
|
||
|
}
|
||
|
if(isset($_POST['f_class'])){
|
||
|
for($i=0; $i<count($_POST['f_class']); $i++){
|
||
|
if($i==0){
|
||
|
$filter.=" and (";
|
||
|
}
|
||
|
else{
|
||
|
$filter.=" or ";
|
||
|
}
|
||
|
$filter.="class=?";
|
||
|
array_push($filter_array, $_POST['f_class'][$i]);
|
||
|
}
|
||
|
$filter.=")";
|
||
|
}
|
||
|
if(isset($_POST['f_accesslevel'])){
|
||
|
for($i=0; $i<count($_POST['f_accesslevel']); $i++){
|
||
|
if($i==0){
|
||
|
$filter.=" and (";
|
||
|
}
|
||
|
else{
|
||
|
$filter.=" or ";
|
||
|
}
|
||
|
$filter.="accesslevel=?";
|
||
|
array_push($filter_array, $_POST['f_accesslevel'][$i]);
|
||
|
}
|
||
|
$filter.=")";
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$sql=$db->prepare("SELECT id, username, fullname, accesslevel, class, perm_message FROM users ".$filter." ORDER BY class ASC, fullname ASC, accesslevel ASC");
|
||
|
$sql->execute($filter_array);
|
||
|
echo "
|
||
|
<table class=\"table\">
|
||
|
<thead>
|
||
|
<tr>
|
||
|
<th data-breakpoints=\"xs sm md\">".$lang['id']."</th>
|
||
|
<th data-breakpoints=\"xs sm\">".$lang['username']."</th>
|
||
|
<th>".$lang['fullname']."</th>
|
||
|
<th data-breakpoints=\"xs sm\">".$lang['accesslevel']."</th>
|
||
|
<th>".$lang['class']."</th>
|
||
|
<th data-breakpoints=\"xs sm md\">".$lang['perm_message']."</th>
|
||
|
<th data-breakpoints=\"xs sm md\">".$lang['tools']."</th>
|
||
|
</tr>
|
||
|
</thead>
|
||
|
<tbody>
|
||
|
";
|
||
|
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
|
||
|
echo "
|
||
|
<tr>
|
||
|
<td>".$row['id']."</td>
|
||
|
<td>".$row['username']."</td>
|
||
|
<td>".$row['fullname']."</td>
|
||
|
<td>".$row['accesslevel']."</td>
|
||
|
<td>".$row['class']."</td>
|
||
|
<td>".($row['perm_message']?$lang['ryes']:$lang['rno'])."</td>
|
||
|
<td>
|
||
|
<button type=\"button\" onclick=\"usersEdit(".$row['id'].")\">".$lang['edit']."</button>
|
||
|
<button type=\"button\" onclick=\"usersDelete(".$row['id'].", this)\">".$lang['delete']."</button>
|
||
|
</td>
|
||
|
</tr>
|
||
|
";
|
||
|
}
|
||
|
echo "
|
||
|
</tbody>
|
||
|
</table>
|
||
|
";
|
||
|
}
|
||
|
|
||
|
if(isset($_POST['new'])){
|
||
|
if($_POST['username']!=""){
|
||
|
$sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE username=:uname");
|
||
|
$sql->execute(array(":uname"=>$_POST['username']));
|
||
|
$res=$sql->fetch(PDO::FETCH_ASSOC);
|
||
|
if($res['count']>0){
|
||
|
functions::setError(5);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
$password;
|
||
|
if($_POST['password']=="0"){
|
||
|
$password=functions::randomString(6);
|
||
|
}
|
||
|
else{
|
||
|
$password=$_POST['password'];
|
||
|
}
|
||
|
|
||
|
$pm=isset($_POST['perm_message']);
|
||
|
|
||
|
$sql=$db->prepare("INSERT INTO users (username, fullname, accesslevel, class, password, perm_message) VALUES (:uname, :fname, :al, :class, :passwd, :pm)");
|
||
|
$sql->execute(array(":uname"=>$_POST['username'], ":fname"=>$_POST['fullname'], ":al"=>$_POST['accesslevel'], ":class"=>$_POST['class'], ":passwd"=>PasswordStorage::create_hash($_POST['password']), ":pm"=>$pm));
|
||
|
$res=$sql->rowCount();
|
||
|
if($res>0){
|
||
|
functions::setMessage(3);
|
||
|
}
|
||
|
else{
|
||
|
functions::setError(4);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if(isset($_GET['getdata'])){
|
||
|
$sql=$db->prepare("SELECT COUNT(id) AS count, id, username, fullname, accesslevel, class, perm_message FROM users WHERE id=:id");
|
||
|
$sql->execute(array(":id"=>$_GET['getdata']));
|
||
|
$res=$sql->fetch(PDO::FETCH_ASSOC);
|
||
|
if($res['count']<1){
|
||
|
functions::setError(6);
|
||
|
}
|
||
|
else{
|
||
|
echo json_encode($res);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if(isset($_POST['edit'])){
|
||
|
$sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE id=:id");
|
||
|
$sql->execute(array(":id"=>$_POST['edit']));
|
||
|
$res=$sql->fetch(PDO::FETCH_ASSOC);
|
||
|
|
||
|
$pm=isset($_POST['perm_message']);
|
||
|
|
||
|
if($res['count']<1){
|
||
|
functions::setError(6);
|
||
|
}
|
||
|
else{
|
||
|
$sql=$db->prepare("UPDATE users SET username=:uname, fullname=:fname, accesslevel=:al, class=:class, perm_message=:pm WHERE id=:id");
|
||
|
$sql->execute(array(":uname"=>$_POST['username'], ":fname"=>$_POST['fullname'], ":al"=>$_POST['accesslevel'], ":class"=>$_POST['class'], ":pm"=>$pm, ":id"=>$_POST['edit']));
|
||
|
$res1=$sql->rowCount();
|
||
|
|
||
|
//check if password needs update
|
||
|
if($_POST['password']==""){
|
||
|
$res2=true;
|
||
|
}
|
||
|
else{
|
||
|
$password;
|
||
|
if($_POST['password']=="0"){
|
||
|
$password=functions::randomString(6);
|
||
|
}
|
||
|
else{
|
||
|
$password=$_POST['password'];
|
||
|
}
|
||
|
|
||
|
$sql=$db->prepare("UPDATE users SET password=:passwd WHERE id=:id");
|
||
|
$sql->execute(array(":passwd"=>PasswordStorage::create_hash($password), ":id"=>$_POST['edit']));
|
||
|
$res2=$sql->rowCount();
|
||
|
}
|
||
|
|
||
|
if($res1 && $res2){
|
||
|
functions::setMessage(5);
|
||
|
}
|
||
|
else{
|
||
|
functions::setError(4);
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
if(isset($_POST['delete'])){
|
||
|
$sql=$db->prepare("DELETE FROM users WHERE id=:id");
|
||
|
$sql->execute(array(":id"=>$_POST['delete']));
|
||
|
$res=$sql->rowCount();
|
||
|
if($res>0){
|
||
|
functions::setMessage(4);
|
||
|
}
|
||
|
else{
|
||
|
functions::setError(4);
|
||
|
}
|
||
|
}
|
||
|
|
||
|
}
|
||
|
catch(Exception $e){
|
||
|
functions::setError(500);
|
||
|
error_log($e);
|
||
|
}
|