=3){ if(isset($_POST['n_name']) && isset($_POST['n_class']) && isset($_POST['n_al']) && isset($_POST['n_password'])){ $sql=$db->prepare("INSERT INTO users (name, class, accesslevel, password) VALUES (:name, :class, :al, :passwd)"); $sql->execute(array(":name"=>$_POST['n_name'], ":class"=>$_POST['n_class'], ":al"=>$_POST['n_al'], ":passwd"=>\Defuse\Crypto\Crypto::encrypt($_POST['n_password'], $crypto))); $res=$sql->rowCount(); if($res<1){ functions::setError(6); if(!isset($_GET['backend'])) header("Location: ./users"); } else{ functions::setMessage(3); if(!isset($_GET['backend'])) header("Location: ./users"); } } if(isset($_GET['all'])){ set_time_limit(120); if($_GET['all']=="passwd"){ $sql=$db->prepare("SELECT id FROM users WHERE id<>1 and accesslevel<2"); $sql->execute(); while($row=$sql->fetch(PDO::FETCH_ASSOC)){ $sql2=$db->prepare("UPDATE users SET password=:passwd WHERE id=:id"); $sql2->execute(array(":passwd"=>\Defuse\Crypto\Crypto::encrypt(functions::randomString(6, functions::RAND_SMALL), $crypto), ":id"=>$row['id'])); } functions::setMessage(7); if(!isset($_GET['backend'])) header("Location: ./users"); } else if($_GET['all']=="reset"){ $sql=$db->prepare("UPDATE users SET except_login=0, except_signup=0 WHERE id<>1"); $sql->execute(); functions::setMessage(7); if(!isset($_GET['backend'])) header("Location: ./users"); } } if(isset($_GET['delete'])){ $sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE id=:id"); $sql->execute(array(":id"=>$_GET['delete'])); $res=$sql->fetch(PDO::FETCH_ASSOC); if($res['count']<1){ functions::setError(7); if(!isset($_GET['backend'])) header("Location: ./users"); } else{ $sql=$db->prepare("DELETE FROM users WHERE id=:id"); $sql->execute(array(":id"=>$_GET['delete'])); $res=$sql->rowCount(); if($res<1){ functions::setError(6); if(!isset($_GET['backend'])) header("Location: ./users"); } else{ functions::setMessage(4); if(!isset($_GET['backend'])) header("Location: ./users"); } } } if(isset($_GET['np_uid']) && isset($_GET['np_passwd'])){ $sql=$db->prepare("UPDATE users SET password=:passwd WHERE id=:uid"); $sql->execute(array(":passwd"=>\Defuse\Crypto\Crypto::encrypt($_GET['np_passwd'], $crypto), ":uid"=>$_GET['np_uid'])); $res=$sql->rowCount(); if($res<1){ functions::setError(6); if(!isset($_GET['backend'])) header("Location: ./users"); } else{ functions::setMessage(7); if(!isset($_GET['backend'])) header("Location: ./users"); } } if(isset($_GET['el_uid']) && isset($_GET['el_param'])){ $sql=$db->prepare("UPDATE users SET except_login=:el WHERE id=:uid"); $sql->execute(array(":el"=>$_GET['el_param'], ":uid"=>$_GET['el_uid'])); $res=$sql->rowCount(); if($res<1){ functions::setError(6); if(!isset($_GET['backend'])) header("Location: ./users"); } else{ functions::setMessage(7); if(!isset($_GET['backend'])) header("Location: ./users"); } } if(isset($_GET['es_uid']) && isset($_GET['es_param'])){ $sql=$db->prepare("UPDATE users SET except_signup=:es WHERE id=:uid"); $sql->execute(array(":es"=>$_GET['es_param'], ":uid"=>$_GET['es_uid'])); $res=$sql->rowCount(); if($res<1){ functions::setError(6); if(!isset($_GET['backend'])) header("Location: ./users"); } else{ functions::setMessage(7); if(!isset($_GET['backend'])) header("Location: ./users"); } } } $msql=$db->prepare("SELECT id, name, class, accesslevel, password, except_login, except_signup FROM users WHERE id<>1 ORDER BY class ASC, accesslevel DESC, name ASC"); $msql->execute(); /* * Export */ if(isset($_GET['export'])){ $csv=$BOM; $csv.=$config['general']['org']."\n".$config['general']['title']."\n\n"; if($_SESSION['accesslevel']==2){ $csv.=$lang['id'].";".$lang['name'].";".$lang['class'].";".$lang['accesslevel']."\n"; } else{ $csv.=$lang['id'].";".$lang['name'].";".$lang['class'].";".$lang['accesslevel'].";".$lang['password'].";".$lang['except_login'].";".$lang['except_signup']."\n"; } while($row=$msql->fetch(PDO::FETCH_ASSOC)){ if($_SESSION['accesslevel']==2){ $csv.=$row['id'].";".$row['name'].";".$row['class'].";".$lang['al'][$row['accesslevel']]."\n"; } else{ $csv.=$row['id'].";".$row['name'].";".$row['class'].";".$lang['al'][$row['accesslevel']].";".\Defuse\Crypto\Crypto::decrypt($row['password'], $crypto).";".$row['except_login'].";".$row['except_signup']."\n"; } } //print header("Content-type: application/octet-stream"); //header("Content-length: ".mb_strlen($csv)); header("Content-disposition: attachment; filename='".$config['general']['title']."_users_export_".date("Y-m-d H-i-s").".csv'"); echo $csv; die(); }