238 lines
8.4 KiB
PHP
238 lines
8.4 KiB
PHP
<?php
|
|
require_once('include/global.php');
|
|
|
|
if(!$authenticated) {
|
|
$smarty->assign('recaptcha_html', recaptcha_get_html($config['recaptcha_publickey']));
|
|
$smarty->display('login.tpl');
|
|
exit;
|
|
}
|
|
|
|
$action = isset($_GET['action']) ? $_GET['action'] : 'list';
|
|
$subaction = isset($_GET['subaction']) ? $_GET['subaction'] : 'none';
|
|
|
|
switch($action) {
|
|
case 'list':
|
|
$user_list = array();
|
|
if( $result = $db->query('SELECT `id`, `username`, `active`, `last_login_ip`, `last_login_time` FROM `users`;')) {
|
|
$i = 0;
|
|
while($row = $result->fetch_assoc()) {
|
|
$user_list[$i] = $row;
|
|
$user_list[$i]['access_list'] = get_access_list($row['id']);
|
|
$i++;
|
|
}
|
|
}
|
|
$smarty->assign('user_list', $user_list);
|
|
$smarty->display('users.tpl');
|
|
break;
|
|
|
|
case 'edit':
|
|
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
|
|
if($result = $db->query("SELECT * FROM `users` WHERE `id` = $id")) {
|
|
if(!($user = $result->fetch_assoc())) {
|
|
display_error_page('Error', 'Invalid User ID.');
|
|
}
|
|
}
|
|
$user['access_list'] = get_access_list($user['id']);
|
|
|
|
$group_list = array('0' => 'None');
|
|
if ($result = $db->query("SELECT * FROM `groups`")) {
|
|
while($row = $result->fetch_assoc()) {
|
|
$group_list[$row['id']] = $row['name'];
|
|
}
|
|
}
|
|
$smarty->assign('group_list', $group_list);
|
|
$smarty->assign('user', $user);
|
|
|
|
$smarty->display('users_edit.tpl');
|
|
break;
|
|
|
|
case 'add':
|
|
$group_list = array('0' => 'None');
|
|
if ($result = $db->query("SELECT * FROM `groups`")) {
|
|
while($row = $result->fetch_assoc()) {
|
|
$group_list[$row['id']] = $row['name'];
|
|
}
|
|
}
|
|
$smarty->assign('selected_group', 0);
|
|
$smarty->assign('group_list', $group_list);
|
|
$smarty->display('users_add.tpl');
|
|
break;
|
|
case 'password':
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : 0;
|
|
$result = $db->query("SELECT `username` FROM `users` WHERE `id` = $id;");
|
|
if(!($row = $result->fetch_assoc())) die('Error: Invalid User ID');
|
|
$name = $row['username'];
|
|
$smarty->assign('user_id', $id);
|
|
$smarty->assign('username', $name);
|
|
$smarty->display('users_changepassword.tpl');
|
|
break;
|
|
case 'submit':
|
|
switch($subaction) {
|
|
case 'add':
|
|
$username = isset($_POST['username']) ? $db->real_escape_string($_POST['username']) : '';
|
|
$password = isset($_POST['password']) ? $db->real_escape_string($_POST['password']) : '';
|
|
$active = isset($_POST['active']) ? (int)($_POST['active'] == '1') : 0;
|
|
$admin = isset($_POST['admin']) ? (int)($_POST['admin'] == '1') : 0;
|
|
|
|
$error_list = array();
|
|
if(!validate_username($username)) {
|
|
$error_list[] = 'Invalid username provided.';
|
|
}
|
|
if(strlen($password) < 6 || strlen($password) > 20) {
|
|
$error_list[] = 'Invalid password provided.';
|
|
}
|
|
|
|
if(count($error_list) == 0) {
|
|
if(!$db->query("INSERT INTO `users` (`username`, `password`, `active`, `admin`) VALUES ('$username', MD5('$password'), $active, $admin);")) {
|
|
$error_list[] = 'Problem adding to database. That username might already exist.';
|
|
}
|
|
}
|
|
|
|
$error_message = '';
|
|
if(count($error_list) > 0) {
|
|
for($i = 0; $i < count($error_list); $i++) {
|
|
$error_message .= $error_list[$i]."<br />\r\n";
|
|
}
|
|
$smarty->assign('error_message', $error_message);
|
|
$smarty->display('users_add.tpl');
|
|
} else {
|
|
header('Location: users.php');
|
|
}
|
|
break;
|
|
case 'edit':
|
|
$id = isset($_POST['id']) ? (int)$_POST['id'] : -1;
|
|
$username = isset($_POST['username']) ? $db->real_escape_string($_POST['username']) : '';
|
|
$group_id = isset($_POST['group_id']) ? (int)$_POST['group_id'] : 0;
|
|
$email_address = isset($_POST['email_address']) ? $db->real_escape_string($_POST['email_address']) : '';
|
|
$active = isset($_POST['active']) ? (int)($_POST['active'] == '1') : 0;
|
|
$admin = isset($_POST['admin']) ? (int)($_POST['admin'] == '1') : 0;
|
|
|
|
$error_list = array();
|
|
if(!validate_username($username)) {
|
|
$error_list[] = 'Invalid username provided.';
|
|
}
|
|
if(!empty($email_address)) {
|
|
if(!filter_var($email_address, FILTER_VALIDATE_EMAIL)) {
|
|
$error_list[] = 'Invalid email address provided. Either leave it blank or provide a valid email.';
|
|
}
|
|
}
|
|
|
|
// check for validation errors
|
|
if(count($error_list) == 0) {
|
|
if(!$db->query(sprintf("UPDATE `users` SET `username` = '%s', `group_id` = %d, `email_address` = '%s', `active` = %d, `admin` = %d WHERE id = %d",
|
|
$username, $group_id, $email_address, $active, $admin, $id))) {
|
|
$error_list[] = sprintf("Update query error (%d: %s).", $db->errno, $db->error);
|
|
}
|
|
}
|
|
|
|
$error_message = '';
|
|
if(count($error_list) > 0) {
|
|
for($i = 0; $i < count($error_list); $i++) {
|
|
$error_message .= $error_list[$i]."<br />\r\n";
|
|
}
|
|
$smarty->assign('error_message', $error_message);
|
|
$smarty->display('users_edit.tpl');
|
|
} else {
|
|
header('Location: users.php');
|
|
}
|
|
|
|
break;
|
|
|
|
case 'add-access':
|
|
$id = isset($_POST['id']) ? (int)$_POST['id'] : 0;
|
|
$program_id = isset($_POST['program_id']) ? (int)$_POST['program_id'] : 0;
|
|
$max_session_count = isset($_POST['max_session_count']) ? (int)$_POST['max_session_count'] : 0;
|
|
$expiration_time = isset($_POST['expiration_time']) ? (int)$_POST['expiration_time'] : 0;
|
|
|
|
if($id == 0 || $program_id == 0) die('Invalid ID or Program ID.');
|
|
|
|
if($expiration_time > 0) {
|
|
$expiration_time = time() + $expiration_time;
|
|
}
|
|
|
|
$db->query("INSERT INTO `permissions` (`user_id`, `program_id`, `max_session_count`, `expiration_time`) VALUES ($id, $program_id, $max_session_count, $expiration_time);");
|
|
header('Location: users.php');
|
|
break;
|
|
|
|
case 'change-password':
|
|
$id = isset($_POST['id']) ? (int)$_POST['id'] : -1;
|
|
$password = isset($_POST['password']) ? $_POST['password'] : '';
|
|
$password2 = isset($_POST['password2']) ? $_POST['password2'] : '';
|
|
|
|
$error_list = array();
|
|
|
|
if($id == -1 || empty($password) || empty($password2) ) {
|
|
$error_list[] = 'Password and confirmation password cannot be blank.';
|
|
}
|
|
if($password != $password2) {
|
|
$error_list[] = 'Confirmation password must match the primary password..';
|
|
}
|
|
|
|
if(count($error_list) == 0) {
|
|
$password_hash = md5($password);
|
|
if(!$db->query('UPDATE `users` SET `password` = \''.$password_hash.'\' WHERE `id` = '.$id)) {
|
|
$error_list[] = sprintf("Update query error (%d: %s).", $db->errno, $db->error);
|
|
}
|
|
}
|
|
|
|
$error_message = '';
|
|
if(count($error_list) > 0) {
|
|
for($i = 0; $i < count($error_list); $i++) {
|
|
$error_message .= $error_list[$i]."<br />\r\n";
|
|
}
|
|
$result = $db->query("SELECT `username` FROM `users` WHERE `id` = $id;");
|
|
if(!($user = $result->fetch_assoc())) die('Error: Invalid User ID');
|
|
$smarty->assign('user_id', $id);
|
|
$smarty->assign('username', $user['username']);
|
|
$smarty->assign('error_message', $error_message);
|
|
$smarty->display('users_changepassword.tpl');
|
|
} else {
|
|
header('Location: users.php');
|
|
}
|
|
|
|
break;
|
|
}
|
|
break;
|
|
case 'delete':
|
|
$uid = isset($_GET['id']) ? (int)$_GET['id'] : -1;
|
|
if($db->query("DELETE FROM `users` WHERE `id` = $uid;")) {
|
|
$db->query("DELETE FROM `permissions` WHERE `user_id` = $uid;");
|
|
echo 'OK';
|
|
}
|
|
break;
|
|
case 'addaccess':
|
|
$id = isset($_GET['id']) ? (int)$_GET['id'] : -1;
|
|
|
|
if(($user = fetch_partial_user($id)) === FALSE) {
|
|
display_error_page('Error', 'Invalid User ID.');
|
|
}
|
|
|
|
$program_list = fetch_program_list();
|
|
|
|
$smarty->assign('user_id', $id);
|
|
$smarty->assign('username', $user['username']);
|
|
$smarty->assign('program_list', $program_list);
|
|
$smarty->assign('selected_program', 0);
|
|
$smarty->assign('max_session_count', 1);
|
|
|
|
$expiration_list = array(0 => 'Never', 86400 => '1 day', 2592000 => '30 days', 5184000 => '60 days', 7776000 => '90 days', 15552000 => '180 days', 31536000 => '365 days');
|
|
foreach($expiration_list as $seconds => &$option_text) {
|
|
// skip infinite
|
|
if($seconds == 0) continue;
|
|
// generate the expiration dates
|
|
$option_text = $option_text . ' ('.date("F j, Y, g:i a", time() + $seconds).')';
|
|
}
|
|
|
|
$smarty->assign('expiration_list', $expiration_list);
|
|
$smarty->display('users_addaccess.tpl');
|
|
|
|
break;
|
|
case 'removeaccess':
|
|
$pid = isset($_GET['pid']) ? (int)$_GET['pid'] : 0;
|
|
if($db->query("DELETE FROM `permissions` WHERE `id` = $pid;")) {
|
|
echo 'OK';
|
|
}
|
|
break;
|
|
}
|
|
?>
|