tplExtrSection(tplLoadFile("pgs/admin/admin.html"), "###ADMIN###"), "pwd" => "", "gsp" => "", "acc" => "", "add" => "", "list" => "" ); if ($userID = lgnCheckLogin($mysqli)) { // Passwort ändern $password_changed_success = false; if (isset($input["userMod"], $input["secToken"], $input["passOld"], $input["passNew"], $input["passRepeat"]) && $input["secToken"]==$_SESSION["secTokenVerify"] && $input["userMod"]=="Passwort ändern") { $password_changed_success = lgnChangePass($mysqli, $_SESSION["userID"], $input["passOld"], $input["passNew"], $input["passRepeat"]); } else if (isset($input["addAccount"]) && $input["secToken"]==$_SESSION["secTokenVerify"]) { if (strlen($input["admin_addacc_mail"])>4 && strpos($input["admin_addacc_mail"], "@") && strlen($input["admin_addacc_pass"])>11) { $stmt = $mysqli->prepare("SELECT groupID, roleID FROM users WHERE ID = ?"); $stmt->bind_param("i", $userID); $stmt->execute(); $stmt->bind_result($groupID, $roleID); $stmt->fetch(); $stmt->close(); $password = lgnTransformPassword($input["admin_addacc_pass"]); if ($stmt = $mysqli->prepare("INSERT INTO users (groupID, roleID, email, iterations, salt, hash) VALUES (?, ?, ?, ?, ?, ?)")) { $stmt->bind_param("iisiss", $groupID, $roleID, $input["admin_addacc_mail"], $password["iterations"], $password["salt"], $password["hash"]); $stmt->execute(); $stmt->close(); } else { addError("Mysql", $mysqli->error); } } else { addError("wrongInput", "eMail-Adresse ordentlich? Passwort lang genug? 12 Zeichen mindestens. Besser länger als kompliziert."); } } else if (isset($input["chgAccount"]) && $input["secToken"]==$_SESSION["secTokenVerify"]) { $res = $mysqli->query("SELECT groupID FROM users WHERE ID=".$userID); $groupID = $res->fetch_assoc()["groupID"]; foreach ($input["admin_acc"] as $ID => $val) { $mysqli->query("UPDATE users SET notifications=".$val["notifications"]." WHERE ID=".$ID." AND groupID=".$groupID); } } $tpl["pwd"] = tplExtrSection($tpl["main"], "###ADMIN.PASSWORD###"); $tpl["pwd"] = tplReplSection($tpl["pwd"], "###ADMIN.PASSWORD.SUCCESS###", $password_changed_success ? tplExtrSection($tpl["pwd"], "###ADMIN.PASSWORD.SUCCESS###") : ""); // Autorenschaft speichern /*if (isset($input["chgAuthor"]) && $input["secToken"]==$_SESSION["secTokenVerify"] && $stmt = $mysqli->prepare("SELECT u.ID FROM users u WHERE u.groupID=(SELECT groupID FROM users WHERE ID = ?)")) { $stmt->bind_param("i", $userID); $stmt->execute(); $stmt->bind_result($ID); $array = array(); while ($stmt->fetch()) { $array[] = "UPDATE users SET guestID = ".($input["admin_gsp_authors"][$ID] ?? "NULL")." WHERE ID = ".$ID; } $stmt->close(); foreach ($array as $update) { $mysqli->query($update); } }*/ // Veraltet $tpl["gsp"] = ""; // Accounts $tpl["acc"] = tplExtrSection($tpl["main"], "###ADMIN.ACC###"); $line_tpl = tplExtrSection($tpl["acc"], "###ADMIN.ACC.LINE###"); $lines = ""; $qry = "SELECT u.ID, u.email, u.login, u.notifications FROM users u WHERE u.groupID=(SELECT groupID FROM users WHERE ID = ?)"; if ($stmt = $mysqli->prepare($qry)) { $stmt->bind_param("i", $userID); $stmt->execute(); $res = $stmt->get_result(); while ($row = $res->fetch_assoc()) { $replace = array( "###ADMIN.ACC.LINE.ID###" => $row["ID"], "###ADMIN.ACC.LINE.MAIL###" => $row["email"], "###ADMIN.ACC.LINE.LOGIN###" => $row["login"], "###ADMIN.ACC.NOTIFICATIONS.SELECTED.0###" => $row["notifications"]==0 ? "selected" : "", "###ADMIN.ACC.NOTIFICATIONS.SELECTED.1###" => $row["notifications"]==1 ? "selected" : "", "###ADMIN.ACC.NOTIFICATIONS.SELECTED.2###" => $row["notifications"]==2 ? "selected" : "" ); $lines.= tplReplMarkerArray($line_tpl, $replace); } $stmt->close(); } $tpl["acc"] = tplReplSection($tpl["acc"], "###ADMIN.ACC.LINE###", $lines); // Account hinzufügen $tpl["add"] = tplExtrSection($tpl["main"], "###ADMIN.ADD###"); // Account-Liste if (lgnCheckRight($mysqli, "INVITE_ADD")) { $tpl["list"] = tplExtrSection($tpl["main"], "###ADMIN.LIST###"); if (isset($input["admin_list_resendpw"], $input["admin_list_resendcheck"]) && $input["secToken"]==$_SESSION["secTokenVerify"] && $input["admin_list_resendpw"]==$input["admin_list_resendcheck"]) { $pass = lgnTransformPassword(); $pass_tpl = tplExtrSection(tplLoadFile("pgs/admin/mail.html"), "###SENDPASSWORD###"); $text = tplReplMarker($pass_tpl, "###PASSWORD###", $pass["password"]); $success = emlSendSingleMail($mysqli, $input["admin_list_resendpw"], "Neues Passwort", $text); if ($success) { if ($stmt = $mysqli->prepare("UPDATE users SET iterations = ?, salt = ?, hash = ?, lastaction = null WHERE ID = ?")) { $stmt->bind_param("issi", $pass["iterations"], $pass["salt"], $pass["hash"], $input["admin_list_resendpw"]); $stmt->execute(); $stmt->close(); } addError("", "Passwort senden erfolgreich!"); } else { addError("", "Passwort senden fehlgeschlagen!"); } } $qry = "SELECT gr.name, u.groupID, u.ID, u.login, u.email, u.eMailFrom, u.notifications, u.lastaction FROM groups gr RIGHT JOIN users u ON u.groupID=gr.ID ORDER BY gr.name ASC, u.email ASC"; $res = $mysqli->query($qry); $line_tpl = tplExtrSection($tpl["list"], "###ADMIN.LIST.ACCOUNT###"); $lines = ""; while ($row = $res->fetch_assoc()) { $replace = array( "###ADMIN.LIST.GROUP.ID###" => $row["groupID"], "###ADMIN.LIST.GROUP.NAME###" => $row["name"], "###ADMIN.LIST.USER.ID###" => $row["ID"], "###ADMIN.LIST.USER.EMAIL###" => $row["email"], "###ADMIN.LIST.USER.LOGIN###" => $row["login"], "###ADMIN.LIST.USER.NOTIFICATIONS###" => $row["notifications"] ); $line = tplReplMarkerArray($line_tpl, $replace); $line = tplReplSection($line, "###ADMIN.LIST.USER.LOGGEDIN###", null!=$row["lastaction"] ? tplExtrSection($line_tpl, "###ADMIN.LIST.USER.LOGGEDIN###") : ""); $lines.= $line; } $tpl["list"] = tplReplSection($tpl["list"], "###ADMIN.LIST.ACCOUNT###", $lines); } } $tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.PASSWORD###", $tpl["pwd"]); $tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.GSP###", $tpl["gsp"]); $tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.ACC###", $tpl["acc"]); $tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.ADD###", $tpl["add"]); $tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.LIST###", $tpl["list"]); $output["main"] = $tpl["main"]; ?>