144 lines
6.7 KiB
PHP
Executable File
144 lines
6.7 KiB
PHP
Executable File
<?php #pgs/admin/index.php
|
|
|
|
$tpl = array(
|
|
"main" => tplExtrSection(tplLoadFile("pgs/admin/admin.html"), "###ADMIN###"),
|
|
"pwd" => "",
|
|
"gsp" => "",
|
|
"acc" => "",
|
|
"add" => "",
|
|
"list" => ""
|
|
);
|
|
|
|
if ($userID = lgnCheckLogin($mysqli)) {
|
|
// Passwort ändern
|
|
$password_changed_success = false;
|
|
if (isset($input["userMod"], $input["secToken"], $input["passOld"], $input["passNew"], $input["passRepeat"])
|
|
&& $input["secToken"]==$_SESSION["secTokenVerify"] && $input["userMod"]=="Passwort ändern")
|
|
{
|
|
$password_changed_success = lgnChangePass($mysqli, $_SESSION["userID"], $input["passOld"], $input["passNew"], $input["passRepeat"]);
|
|
} else if (isset($input["addAccount"]) && $input["secToken"]==$_SESSION["secTokenVerify"]) {
|
|
if (strlen($input["admin_addacc_mail"])>4 && strpos($input["admin_addacc_mail"], "@") && strlen($input["admin_addacc_pass"])>11) {
|
|
$stmt = $mysqli->prepare("SELECT groupID, roleID FROM users WHERE ID = ?");
|
|
$stmt->bind_param("i", $userID);
|
|
$stmt->execute();
|
|
$stmt->bind_result($groupID, $roleID);
|
|
$stmt->fetch();
|
|
$stmt->close();
|
|
|
|
$password = lgnTransformPassword($input["admin_addacc_pass"]);
|
|
if ($stmt = $mysqli->prepare("INSERT INTO users (groupID, roleID, email, iterations, salt, hash) VALUES (?, ?, ?, ?, ?, ?)")) {
|
|
$stmt->bind_param("iisiss", $groupID, $roleID, $input["admin_addacc_mail"], $password["iterations"], $password["salt"], $password["hash"]);
|
|
$stmt->execute();
|
|
$stmt->close();
|
|
} else {
|
|
addError("Mysql", $mysqli->error);
|
|
}
|
|
} else {
|
|
addError("wrongInput", "eMail-Adresse ordentlich? Passwort lang genug? 12 Zeichen mindestens. Besser länger als kompliziert.");
|
|
}
|
|
} else if (isset($input["chgAccount"]) && $input["secToken"]==$_SESSION["secTokenVerify"]) {
|
|
$res = $mysqli->query("SELECT groupID FROM users WHERE ID=".$userID);
|
|
$groupID = $res->fetch_assoc()["groupID"];
|
|
foreach ($input["admin_acc"] as $ID => $val) {
|
|
$mysqli->query("UPDATE users SET notifications=".$val["notifications"]." WHERE ID=".$ID." AND groupID=".$groupID);
|
|
}
|
|
}
|
|
|
|
$tpl["pwd"] = tplExtrSection($tpl["main"], "###ADMIN.PASSWORD###");
|
|
$tpl["pwd"] = tplReplSection($tpl["pwd"], "###ADMIN.PASSWORD.SUCCESS###", $password_changed_success ? tplExtrSection($tpl["pwd"], "###ADMIN.PASSWORD.SUCCESS###") : "");
|
|
|
|
// Autorenschaft speichern
|
|
/*if (isset($input["chgAuthor"]) && $input["secToken"]==$_SESSION["secTokenVerify"] && $stmt = $mysqli->prepare("SELECT u.ID FROM users u WHERE u.groupID=(SELECT groupID FROM users WHERE ID = ?)")) {
|
|
$stmt->bind_param("i", $userID);
|
|
$stmt->execute();
|
|
$stmt->bind_result($ID);
|
|
$array = array();
|
|
while ($stmt->fetch()) {
|
|
$array[] = "UPDATE users SET guestID = ".($input["admin_gsp_authors"][$ID] ?? "NULL")." WHERE ID = ".$ID;
|
|
}
|
|
$stmt->close();
|
|
foreach ($array as $update) {
|
|
$mysqli->query($update);
|
|
}
|
|
}*/
|
|
|
|
// Veraltet
|
|
$tpl["gsp"] = "";
|
|
|
|
// Accounts
|
|
$tpl["acc"] = tplExtrSection($tpl["main"], "###ADMIN.ACC###");
|
|
$line_tpl = tplExtrSection($tpl["acc"], "###ADMIN.ACC.LINE###");
|
|
$lines = "";
|
|
|
|
$qry = "SELECT u.ID, u.email, u.login, u.notifications FROM users u WHERE u.groupID=(SELECT groupID FROM users WHERE ID = ?)";
|
|
if ($stmt = $mysqli->prepare($qry)) {
|
|
$stmt->bind_param("i", $userID);
|
|
$stmt->execute();
|
|
$res = $stmt->get_result();
|
|
while ($row = $res->fetch_assoc()) {
|
|
$replace = array(
|
|
"###ADMIN.ACC.LINE.ID###" => $row["ID"],
|
|
"###ADMIN.ACC.LINE.MAIL###" => $row["email"],
|
|
"###ADMIN.ACC.LINE.LOGIN###" => $row["login"],
|
|
"###ADMIN.ACC.NOTIFICATIONS.SELECTED.0###" => $row["notifications"]==0 ? "selected" : "",
|
|
"###ADMIN.ACC.NOTIFICATIONS.SELECTED.1###" => $row["notifications"]==1 ? "selected" : "",
|
|
"###ADMIN.ACC.NOTIFICATIONS.SELECTED.2###" => $row["notifications"]==2 ? "selected" : ""
|
|
);
|
|
$lines.= tplReplMarkerArray($line_tpl, $replace);
|
|
}
|
|
$stmt->close();
|
|
}
|
|
$tpl["acc"] = tplReplSection($tpl["acc"], "###ADMIN.ACC.LINE###", $lines);
|
|
|
|
// Account hinzufügen
|
|
$tpl["add"] = tplExtrSection($tpl["main"], "###ADMIN.ADD###");
|
|
|
|
// Account-Liste
|
|
if (lgnCheckRight($mysqli, "INVITE_ADD")) {
|
|
$tpl["list"] = tplExtrSection($tpl["main"], "###ADMIN.LIST###");
|
|
if (isset($input["admin_list_resendpw"], $input["admin_list_resendcheck"]) && $input["secToken"]==$_SESSION["secTokenVerify"] && $input["admin_list_resendpw"]==$input["admin_list_resendcheck"]) {
|
|
$pass = lgnTransformPassword();
|
|
$pass_tpl = tplExtrSection(tplLoadFile("pgs/admin/mail.html"), "###SENDPASSWORD###");
|
|
$text = tplReplMarker($pass_tpl, "###PASSWORD###", $pass["password"]);
|
|
$success = emlSendSingleMail($mysqli, $input["admin_list_resendpw"], "Neues Passwort", $text);
|
|
if ($success) {
|
|
if ($stmt = $mysqli->prepare("UPDATE users SET iterations = ?, salt = ?, hash = ?, lastaction = null WHERE ID = ?")) {
|
|
$stmt->bind_param("issi", $pass["iterations"], $pass["salt"], $pass["hash"], $input["admin_list_resendpw"]);
|
|
$stmt->execute();
|
|
$stmt->close();
|
|
}
|
|
addError("", "Passwort senden erfolgreich!");
|
|
} else {
|
|
addError("", "Passwort senden fehlgeschlagen!");
|
|
}
|
|
}
|
|
|
|
$qry = "SELECT gr.name, u.groupID, u.ID, u.login, u.email, u.eMailFrom, u.notifications, u.lastaction FROM groups gr RIGHT JOIN users u ON u.groupID=gr.ID ORDER BY gr.name ASC, u.email ASC";
|
|
$res = $mysqli->query($qry);
|
|
$line_tpl = tplExtrSection($tpl["list"], "###ADMIN.LIST.ACCOUNT###");
|
|
$lines = "";
|
|
while ($row = $res->fetch_assoc()) {
|
|
$replace = array(
|
|
"###ADMIN.LIST.GROUP.ID###" => $row["groupID"],
|
|
"###ADMIN.LIST.GROUP.NAME###" => $row["name"],
|
|
"###ADMIN.LIST.USER.ID###" => $row["ID"],
|
|
"###ADMIN.LIST.USER.EMAIL###" => $row["email"],
|
|
"###ADMIN.LIST.USER.LOGIN###" => $row["login"],
|
|
"###ADMIN.LIST.USER.NOTIFICATIONS###" => $row["notifications"]
|
|
);
|
|
$line = tplReplMarkerArray($line_tpl, $replace);
|
|
$line = tplReplSection($line, "###ADMIN.LIST.USER.LOGGEDIN###", null!=$row["lastaction"] ? tplExtrSection($line_tpl, "###ADMIN.LIST.USER.LOGGEDIN###") : "");
|
|
$lines.= $line;
|
|
}
|
|
$tpl["list"] = tplReplSection($tpl["list"], "###ADMIN.LIST.ACCOUNT###", $lines);
|
|
}
|
|
}
|
|
|
|
$tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.PASSWORD###", $tpl["pwd"]);
|
|
$tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.GSP###", $tpl["gsp"]);
|
|
$tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.ACC###", $tpl["acc"]);
|
|
$tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.ADD###", $tpl["add"]);
|
|
$tpl["main"] = tplReplSection($tpl["main"], "###ADMIN.LIST###", $tpl["list"]);
|
|
$output["main"] = $tpl["main"];
|
|
|
|
?>
|