145 lines
5.6 KiB
PHP
145 lines
5.6 KiB
PHP
<?php
|
|
/**
|
|
* /subs/users.backend.php
|
|
* @version 1.0
|
|
* @desc backend for users managemant
|
|
* @author Fándly Gergő Zoltán
|
|
* @copy 2017 Fándly Gergő Zoltán
|
|
*/
|
|
|
|
if($_SESSION['accesslevel']>=3){
|
|
if(isset($_POST['n_name']) && isset($_POST['n_class']) && isset($_POST['n_al']) && isset($_POST['n_password'])){
|
|
$sql=$db->prepare("INSERT INTO users (name, class, accesslevel, password) VALUES (:name, :class, :al, :passwd)");
|
|
$sql->execute(array(":name"=>$_POST['n_name'], ":class"=>$_POST['n_class'], ":al"=>$_POST['n_al'], ":passwd"=>\Defuse\Crypto\Crypto::encrypt($_POST['n_password'], $crypto)));
|
|
$res=$sql->rowCount();
|
|
|
|
if($res<1){
|
|
functions::setError(6);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
else{
|
|
functions::setMessage(3);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
}
|
|
if(isset($_GET['all'])){
|
|
set_time_limit(120);
|
|
if($_GET['all']=="passwd"){
|
|
$sql=$db->prepare("SELECT id FROM users WHERE id<>1 and accesslevel<2");
|
|
$sql->execute();
|
|
while($row=$sql->fetch(PDO::FETCH_ASSOC)){
|
|
$sql2=$db->prepare("UPDATE users SET password=:passwd WHERE id=:id");
|
|
$sql2->execute(array(":passwd"=>\Defuse\Crypto\Crypto::encrypt(functions::randomString(6, functions::RAND_SMALL), $crypto), ":id"=>$row['id']));
|
|
}
|
|
functions::setMessage(7);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
else if($_GET['all']=="reset"){
|
|
$sql=$db->prepare("UPDATE users SET except_login=0, except_signup=0 WHERE id<>1");
|
|
$sql->execute();
|
|
functions::setMessage(7);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
}
|
|
if(isset($_GET['delete'])){
|
|
$sql=$db->prepare("SELECT COUNT(id) AS count FROM users WHERE id=:id");
|
|
$sql->execute(array(":id"=>$_GET['delete']));
|
|
$res=$sql->fetch(PDO::FETCH_ASSOC);
|
|
|
|
if($res['count']<1){
|
|
functions::setError(7);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
else{
|
|
$sql=$db->prepare("DELETE FROM users WHERE id=:id");
|
|
$sql->execute(array(":id"=>$_GET['delete']));
|
|
$res=$sql->rowCount();
|
|
|
|
if($res<1){
|
|
functions::setError(6);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
else{
|
|
functions::setMessage(4);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
}
|
|
}
|
|
if(isset($_GET['np_uid']) && isset($_GET['np_passwd'])){
|
|
$sql=$db->prepare("UPDATE users SET password=:passwd WHERE id=:uid");
|
|
$sql->execute(array(":passwd"=>\Defuse\Crypto\Crypto::encrypt($_GET['np_passwd'], $crypto), ":uid"=>$_GET['np_uid']));
|
|
$res=$sql->rowCount();
|
|
|
|
if($res<1){
|
|
functions::setError(6);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
else{
|
|
functions::setMessage(7);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
}
|
|
if(isset($_GET['el_uid']) && isset($_GET['el_param'])){
|
|
$sql=$db->prepare("UPDATE users SET except_login=:el WHERE id=:uid");
|
|
$sql->execute(array(":el"=>$_GET['el_param'], ":uid"=>$_GET['el_uid']));
|
|
$res=$sql->rowCount();
|
|
|
|
if($res<1){
|
|
functions::setError(6);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
else{
|
|
functions::setMessage(7);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
}
|
|
if(isset($_GET['es_uid']) && isset($_GET['es_param'])){
|
|
$sql=$db->prepare("UPDATE users SET except_signup=:es WHERE id=:uid");
|
|
$sql->execute(array(":es"=>$_GET['es_param'], ":uid"=>$_GET['es_uid']));
|
|
$res=$sql->rowCount();
|
|
|
|
if($res<1){
|
|
functions::setError(6);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
else{
|
|
functions::setMessage(7);
|
|
if(!isset($_GET['backend'])) header("Location: ./users");
|
|
}
|
|
}
|
|
}
|
|
|
|
$msql=$db->prepare("SELECT id, name, class, accesslevel, password, except_login, except_signup FROM users WHERE id<>1 ORDER BY class ASC, accesslevel DESC, name ASC");
|
|
$msql->execute();
|
|
|
|
/*
|
|
* Export
|
|
*/
|
|
if(isset($_GET['export'])){
|
|
$csv=$BOM;
|
|
$csv.=$config['general']['org']."\n".$config['general']['title']."\n\n";
|
|
|
|
if($_SESSION['accesslevel']==2){
|
|
$csv.=$lang['id'].";".$lang['name'].";".$lang['class'].";".$lang['accesslevel']."\n";
|
|
}
|
|
else{
|
|
$csv.=$lang['id'].";".$lang['name'].";".$lang['class'].";".$lang['accesslevel'].";".$lang['password'].";".$lang['except_login'].";".$lang['except_signup']."\n";
|
|
}
|
|
|
|
while($row=$msql->fetch(PDO::FETCH_ASSOC)){
|
|
if($_SESSION['accesslevel']==2){
|
|
$csv.=$row['id'].";".$row['name'].";".$row['class'].";".$lang['al'][$row['accesslevel']]."\n";
|
|
}
|
|
else{
|
|
$csv.=$row['id'].";".$row['name'].";".$row['class'].";".$lang['al'][$row['accesslevel']].";".\Defuse\Crypto\Crypto::decrypt($row['password'], $crypto).";".$row['except_login'].";".$row['except_signup']."\n";
|
|
}
|
|
}
|
|
|
|
//print
|
|
header("Content-type: application/octet-stream");
|
|
//header("Content-length: ".mb_strlen($csv));
|
|
header("Content-disposition: attachment; filename='".$config['general']['title']."_users_export_".date("Y-m-d H-i-s").".csv'");
|
|
echo $csv;
|
|
die();
|
|
}
|