function SaveUser()
{
global $connection, $config;
if (isset($_POST["original_user"])) {
include "../core/libs/phpass.php";
if ($_POST["original_user"] == "new_user") {
$hasher = new PasswordHash($config->hash_cost_log2, $config->hash_portable);
$user = $connection->escape_string($_POST["user"]);
$name = $connection->escape_string($_POST["name"]);
$email = $connection->escape_string($_POST["email"]);
$password = $connection->escape_string($_POST["password"]);
$space = $connection->escape_string($_POST["space"]);
$hash = $hasher->HashPassword($password);
if ($_POST["active"] == true) {
$active = 1;
} else {
$active = 0;
}
if (mkdir("../" . $config->plugin_notes_engine_fpath . "/" . $user)) {
$request = "INSERT INTO teachers_users (user,password,name,email,active,max_user_space) VALUES ('{$user}','{$hash}','{$name}','{$email}','{$active}',{$space})";
$connection->query($request);
echo "<script> window.location.href = 'index.php?module=notes-engine'; </script>";
} else {
echo "Error creating directory: " . "../" . $config->plugin_notes_engine_fpath . "/" . $user;
}
} elseif ($_POST["original_user"] == "delete_user") {
$user = $connection->escape_string($_POST["user"]);
if (delTree("../" . $config->plugin_notes_engine_fpath . "/" . $user)) {
deleteVFSFolder($user);
$request = "DELETE FROM teachers_users WHERE user='******'";
$connection->query($request);
echo "<script> window.location.href = 'index.php?module=notes-engine'; </script>";
} else {
echo "I/O error while deleting folder tree";
}
} else {
$user = $connection->escape_string($_POST["user"]);
$name = $connection->escape_string($_POST["name"]);
$email = $connection->escape_string($_POST["email"]);
$password = $connection->escape_string($_POST["password"]);
$space = $connection->escape_string($_POST["space"]);
if ($_POST["active"] == true) {
$active = 1;
} else {
$active = 0;
}
$request = "UPDATE teachers_users SET max_user_space='{$space}',name='{$name}',email='{$email}',active='{$active}' WHERE user='******'";
$connection->query($request);
if ($password != "") {
$hasher = new PasswordHash($config->hash_cost_log2, $config->hash_portable);
$hash = $hasher->HashPassword($password);
$request = "UPDATE teachers_users SET password='******' WHERE user='******'";
$connection->query($request);
}
echo "<script> window.location.href = 'index.php?module=notes-engine'; </script>";
}
} elseif (isset($_POST["action"])) {
switch ($_POST["action"]) {
case "enable":
$data = $connection->escape_string($_POST["users"]);
$users = explode(",", $data);
$command = "UPDATE teachers_users SET active=1 WHERE user IN ('";
$command .= implode("','", $users);
$command .= "')";
$result = $connection->query($command);
header('Content-Type: text/plain; charset=utf-8');
echo "success";
break;
case "disable":
$data = $connection->escape_string($_POST["users"]);
$users = explode(",", $data);
$command = "UPDATE teachers_users SET active=0 WHERE user IN ('";
$command .= implode("','", $users);
$command .= "')";
$result = $connection->query($command);
header('Content-Type: text/plain; charset=utf-8');
echo "success";
break;
case "delete":
$data = $connection->escape_string($_POST["users"]);
$users = explode(",", $data);
$command = "DELETE FROM teachers_users WHERE user IN ('";
$command .= implode("','", $users);
$command .= "')";
foreach ($users as $user) {
if (delTree("../" . $config->plugin_notes_engine_fpath . "/" . $user)) {
deleteVFSFolder($user);
} else {
echo "I/O error while deleting folder tree -> <b>aborted multiple operation: verify system integrity!</b>";
return;
}
}
$connection->query($command);
header('Content-Type: text/plain; charset=utf-8');
echo "success";
break;
}
} else {
die("Invalid user name (original_user=null)!");
//TODO: better error messages
}
}
function deleteVFSFolder($id)
{
global $connection;
$request = "SELECT * FROM notes_vfs WHERE parent = '{$id}'";
$result = $connection->query($request);
while ($line = $result->fetch_assoc()) {
deleteVFSFolder($line["id"]);
}
$request = "DELETE FROM notes_vfs WHERE id = '{$id}'";
$connection->query($request);
}
