SignUp/subs/users.backend.php

145 lines
5.6 KiB
PHP
Raw Normal View History

2019-08-08 13:40:15 +00:00
<?php
/**
* /subs/users.backend.php
* @version 1.0
* @desc backend for users managemant
* @author Fándly Gergő Zoltán
* @copy 2017 Fándly Gergő Zoltán
*/
if($_SESSION['accesslevel']>=3){
if(isset($_POST['n_name']) && isset($_POST['n_class']) && isset($_POST['n_al']) && isset($_POST['n_password'])){
$sql=$db->prepare("INSERT INTO users (name, class, accesslevel, password) VALUES (:name, :class, :al, :passwd)");
$sql->execute(array(":name"=>$_POST['n_name'], ":class"=>$_POST['n_class'], ":al"=>$_POST['n_al'], ":passwd"=>\Defuse\Crypto\Crypto::encrypt($_POST['n_password'], $crypto)));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(3);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
if(isset($_GET['all'])){
set_time_limit(120);
if($_GET['all']=="passwd"){
$sql=$db->prepare("SELECT id FROM users WHERE id<>1 and accesslevel<2");
$sql->execute();
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
$sql2=$db->prepare("UPDATE users SET password=:passwd WHERE id=:id");
$sql2->execute(array(":passwd"=>\Defuse\Crypto\Crypto::encrypt(functions::randomString(6, functions::RAND_SMALL), $crypto), ":id"=>$row['id']));
}
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else if($_GET['all']=="reset"){
$sql=$db->prepare("UPDATE users SET except_login=0, except_signup=0 WHERE id<>1");
$sql->execute();
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
if(isset($_GET['delete'])){
$sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE id=:id");
$sql->execute(array(":id"=>$_GET['delete']));
$res=$sql->fetch(PDO::FETCH_ASSOC);
if($res['count']<1){
functions::setError(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
$sql=$db->prepare("DELETE FROM users WHERE id=:id");
$sql->execute(array(":id"=>$_GET['delete']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(4);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
}
if(isset($_GET['np_uid']) && isset($_GET['np_passwd'])){
$sql=$db->prepare("UPDATE users SET password=:passwd WHERE id=:uid");
$sql->execute(array(":passwd"=>\Defuse\Crypto\Crypto::encrypt($_GET['np_passwd'], $crypto), ":uid"=>$_GET['np_uid']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
if(isset($_GET['el_uid']) && isset($_GET['el_param'])){
$sql=$db->prepare("UPDATE users SET except_login=:el WHERE id=:uid");
$sql->execute(array(":el"=>$_GET['el_param'], ":uid"=>$_GET['el_uid']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
if(isset($_GET['es_uid']) && isset($_GET['es_param'])){
$sql=$db->prepare("UPDATE users SET except_signup=:es WHERE id=:uid");
$sql->execute(array(":es"=>$_GET['es_param'], ":uid"=>$_GET['es_uid']));
$res=$sql->rowCount();
if($res<1){
functions::setError(6);
if(!isset($_GET['backend'])) header("Location: ./users");
}
else{
functions::setMessage(7);
if(!isset($_GET['backend'])) header("Location: ./users");
}
}
}
$msql=$db->prepare("SELECT id, name, class, accesslevel, password, except_login, except_signup FROM users WHERE id<>1 ORDER BY class ASC, accesslevel DESC, name ASC");
$msql->execute();
/*
* Export
*/
if(isset($_GET['export'])){
$csv=$BOM;
$csv.=$config['general']['org']."\n".$config['general']['title']."\n\n";
if($_SESSION['accesslevel']==2){
$csv.=$lang['id'].";".$lang['name'].";".$lang['class'].";".$lang['accesslevel']."\n";
}
else{
$csv.=$lang['id'].";".$lang['name'].";".$lang['class'].";".$lang['accesslevel'].";".$lang['password'].";".$lang['except_login'].";".$lang['except_signup']."\n";
}
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
if($_SESSION['accesslevel']==2){
$csv.=$row['id'].";".$row['name'].";".$row['class'].";".$lang['al'][$row['accesslevel']]."\n";
}
else{
$csv.=$row['id'].";".$row['name'].";".$row['class'].";".$lang['al'][$row['accesslevel']].";".\Defuse\Crypto\Crypto::decrypt($row['password'], $crypto).";".$row['except_login'].";".$row['except_signup']."\n";
}
}
//print
header("Content-type: application/octet-stream");
//header("Content-length: ".mb_strlen($csv));
header("Content-disposition: attachment; filename='".$config['general']['title']."_users_export_".date("Y-m-d H-i-s").".csv'");
echo $csv;
die();
}