function start()
{
if (!empty($_POST)) {
if (!isset($_POST['id'])) {
createUser($_POST);
} else {
editUser($_POST);
}
require '../views/list.php';
return;
}
if (!isset($_GET['id']) && !isset($_GET['page'])) {
$people = getPeople();
require '../views/list.php';
return;
}
if (isset($_GET['page']) && $_GET['page'] === 'add') {
require '../views/add.php';
return;
}
if (isset($_GET['page']) && $_GET['page'] === 'edit') {
if (!isset($_GET['id'])) {
die('veuillez spécifier un id d\'utilisateur');
}
$id = $_GET['id'];
$editable = ORM::for_table('users')->find_one($id);
require '../views/edit.php';
return;
}
$user = getUser();
require '../views/show.php';
}
function start()
{
if (!empty($_POST)) {
if (!isset($_POST['id'])) {
addUser($_POST);
$fla = flash("Ajout reussie");
} else {
editUser($_POST);
$fla = flash("Edition reussie");
}
$people = getPeople();
require '../views/list.php';
return;
}
if (!isset($_GET['id']) && !isset($_GET['page'])) {
$people = getPeople();
return require '../views/list.php';
}
if (isset($_GET['page']) && $_GET['page'] === 'add') {
return require '../views/add.php';
}
if (isset($_GET['page']) && $_GET['page'] === 'list') {
$people = getPeople();
return require '../views/list.php';
}
if (isset($_GET['page']) && $_GET['page'] === 'edit') {
if (!isset($_GET['id'])) {
die('Nope, ou est ID ?');
}
$id = $_GET['id'];
$editable = ORM::for_table('users')->find_one($id);
return require '../views/edit.php';
}
if (isset($_GET['id'])) {
$user = getUser();
$message = getMessages($_GET['id']);
require '../views/show.php';
}
}
function start()
{
if (!empty($_POST)) {
if (isset($_POST['_method']) && $_POST['_method'] === 'delete') {
removeUser($_POST['id']);
$flashMessage = flash('L\'utilisateur a bien été supprimé');
} elseif (isset($_POST['content'])) {
createMessage($_POST);
$flashMessage = flash('Le message a bien été ajouté !');
return go2page('user', $_POST['user_id']);
} elseif (!isset($_POST['id'])) {
createUser($_POST);
$flashMessage = flash('L\'utilisateur a été créé avec succès');
} else {
editUser($_POST);
$flashMessage = flash('L\'utilisateur a bien été modifié !');
}
return go2page('list');
}
if (!isset($_GET['id']) && !isset($_GET['page'])) {
return go2page('list');
}
if (isset($_GET['page']) && $_GET['page'] === 'add') {
require '../views/add.php';
return;
}
if (isset($_GET['page']) && $_GET['page'] === 'edit') {
if (!isset($_GET['id'])) {
die('veuillez spécifier un id d\'utilisateur');
}
$id = $_GET['id'];
$editable = ORM::for_table('users')->find_one($id);
require '../views/edit.php';
return;
}
$id = $_GET['id'];
return go2page('user', $id);
}
} elseif (isset($_POST['u_id']) && $_POST['u_id'] != -1) {
$query = "SELECT * from users where user_id=" . $_POST['u_id'];
$result = $db->query($query);
if ($myrow = $result->fetch_assoc()) {
$activeStat = $myrow['isActive'] == "Y";
$sql2 = "Select first_name, last_name from users where user_id=" . $myrow['created_by'];
$result2 = $db->query($sql2);
$row2 = $result2->fetch_assoc();
$t = "Modify User Information";
$action = "index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat'];
$isAdmin = $_SESSION[$_CONF['sess_name'] . '_isAdmin'] == 'Y';
// && $_GET['lev'] == 'admin');
$user = $row2;
$result = get_user_info($_SESSION[$_CONF['sess_name'] . '_myUID']);
$editor = $result->fetch_assoc();
$b = "\n <center>" . editUser($action, $myrow, $isAdmin, $editor, $usr_lev) . "\n </center>\n ";
}
$main .= make_box($t, $b);
/**
Modify User
**/
$t = "Modify User Roles";
$b = "<center>";
$sql = "SELECT user2center.center_id,isStudent,isParent,isTeacher,isGuidance,isOffice,isAdmin,isActive, center_name\n\t\t\tFROM user2center, ed_centers \n\t\t\tWHERE user2center.user_id=" . $_POST['u_id'] . "\n\t\t\tAND ed_centers.center_id=user2center.center_id";
$result = $db->query($sql);
while ($row = $result->fetch_assoc()) {
$c_id = $row['center_id'];
$editStudent = $row['isStudent'] == "Y";
$editParent = $row['isParent'] == "Y";
$editTeacher = $row['isTeacher'] == "Y";
$editGuidance = $row['isGuidance'] == "Y";
<body>
<div class="container">
<div class="jumbotron">
</div>
<div class="tables">
<?php
if (isset($_GET["action"])) {
switch ($_GET["action"]) {
case "createUser":
editUser($mysqli, 0);
break;
case "editUser":
editUser($mysqli, $_GET["id"]);
break;
case "updateUser":
updateUser($mysqli);
break;
case "insertUser":
insertUser($mysqli);
break;
case "deleteUser":
deleteUser($mysqli);
break;
case "unsetUsername":
unset($_SESSION['username']);
unset($_SESSION['password']);
unset($_SESSION['admin']);
header("location: index.php");
search($connection, "SELECT * FROM users WHERE mail LIKE '%{$textInput}%'", "users");
break;
case 14:
changePassword($connection, $textInput, $password);
break;
case 15:
setActive($connection, $textInput);
break;
case 16:
upgradeAccount($connection, $textInput);
break;
case 17:
addUser($connection, $firstname, $sirname, $username, $sex, $password, $tel, $mail, $geb, $plz, $country, $city, $street, $housenr, $picture, $isActivated, $isRetailer, $maximum);
break;
case 18:
editUser($connection, $username, $mail);
break;
case 19:
contactUser($connection, $firstname, $mail);
break;
case 20:
delete($connection, "DELETE FROM notice WHERE ID='{$textInput}'", "notice", "ID", $textInput);
break;
case 21:
search($connection, "SELECT * FROM notice WHERE title LIKE '%{$textInput}%' OR category LIKE '%{$textInput}%' OR UserID LIKE '%{$textInput}%'", "notice");
break;
case 22:
search($connection, "SELECT * FROM notice WHERE title LIKE '%{$textInput}%'", "notice");
break;
case 23:
search($connection, "SELECT * FROM notice WHERE category LIKE '%{$textInput}%' OR UserID LIKE '%{$textInput}%'", "notice");
$tpl->assign('bank_number', $_POST['bank_number']);
$tpl->assign('bank_iban', $_POST['bank_iban']);
$tpl->assign('bank_name', $_POST['bank_name']);
$tpl->assign('bank_account', $_POST['bank_account']);
//Alle Rollen
$roles_query = DB_query("SELECT\n\t\t\t\t\t\t\trole_id,\n\t\t\t\t\t\t\tname\n\t\t\t\t\t\t\tFROM roles");
$roles = array();
while ($role = DB_fetchArray($roles_query)) {
$roles[] = array("id" => $role['role_id'], "name" => $role['name']);
}
$tpl->assign('roleslist', $roles);
$tpl->display();
}
} elseif ($_POST['action'] == 'edit') {
$LOG->write('3', 'admin/editUser.php: action=edit');
editUser();
$LOG->write('2', 'Nutzer ' . $_GET['catID'] . ' bearbeitet');
redirectURI('/admin/users.php');
} elseif ($_POST['action'] == 'editSelf') {
$LOG->write('3', 'admin/editUser.php: action=editSelf');
if ($_POST['password'] == $_POST['repeatPassword']) {
editSelfUser();
$LOG->write('2', 'Nutzer ' . $_GET['catID'] . ' bearbeitet');
redirectURI('/admin/index.php');
} else {
// falsche Passwortwiederholung
$passwordError = "1";
$tpl->assign('action', 'editSelf');
$tpl->assign('uID', $user->getID());
$tpl->assign('user_name', $user->getName());
$tpl->assign('user_lastname', $user->getLastname());
$data = $_REQUEST;
//do relevant stuff with path[1]
switch ($path[0]) {
case "users":
switch ($method) {
case "GET":
$data["username"] = $path[1];
$results = getUser($data);
break;
case "PUT":
$data["username"] = $path[1];
$results = addUser($data);
break;
case "PATCH":
$data["username"] = $path[1];
$results = editUser($data);
break;
default:
$results["meta"] = methodNotAllowed($method, $path);
}
break;
case "goals":
switch ($method) {
case "GET":
$results = getGoals($data);
break;
case "POST":
$results = addGoal($data);
break;
case "PATCH":
$data["goalID"] = $path[1];
// ============================================================================
// POST Method
// ============================================================================
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Prevent editors to administrate other users.
if ($Login->role() !== 'admin') {
$_POST['username'] = $Login->username();
unset($_POST['role']);
}
if (isset($_POST['delete-user-all'])) {
deleteUser($_POST, true);
} elseif (isset($_POST['delete-user-associate'])) {
deleteUser($_POST, false);
} elseif (!empty($_POST['new-password']) && !empty($_POST['confirm-password'])) {
setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']);
} else {
editUser($_POST);
}
}
// ============================================================================
// Main after POST
// ============================================================================
if ($Login->role() !== 'admin') {
$layout['parameters'] = $Login->username();
}
$_user = $dbUsers->getDb($layout['parameters']);
// If the user doesn't exist, redirect to the users list.
if ($_user === false) {
Redirect::page('admin', 'users');
}
$_user['username'] = $layout['parameters'];
} else {
$app->halt(200);
}
}
if ($result === false) {
$app->flash('error', $statement->errorInfo()[2]);
$app->redirect($app->urlFor('userAdd'));
} else {
$app->redirect($app->urlFor('userList', array('active' => 'active')));
}
})->name('userAdd');
$app->get('/admin/users/edit/:user', function ($userID) use($app, $roles) {
$app->render('html/editUser.html', array('user' => getUserDetails($app->db, $userID), 'departments' => getDepartments($app->db), 'roles' => $roles));
})->name('editUser');
$app->post('/admin/users/edit/:user', function ($userID) use($app) {
$result = editUser($app->db, $userID, $app->request->post('user'), $app->request->post('email'), $app->request->post('department'), $app->request->post('role'), $app->request->post('archiveEnabled'), $app->request->post('archiveDate'), $app->request->post('archiveReason'));
if (!empty($result)) {
$app->flash('error', $result);
$app->redirect($app->urlFor('editUser', array('user' => $userID)));
} else {
$app->redirect($app->urlFor('userList', array('active' => 'active')));
}
});
$app->get('/admin/departments', function () use($app) {
$app->redirect($app->urlFor('departmentsList'));
});
$app->get('/admin/departments/list', function () use($app) {
$app->render('html/departments.html', array('departments' => getDepartments($app->db)));
})->name('departmentsList');
$app->get('/admin/departments/add', function () use($app) {
$app->render('html/adddepartment.html');
}
require_once $mainframe->getPath('admin_html');
$task = trim(mosGetParam($_REQUEST, 'task', null));
$cid = mosGetParam($_REQUEST, 'cid', array(0));
if (!is_array($cid)) {
$cid = array(0);
}
switch ($task) {
case 'new':
editUser(0, $option);
break;
case 'edit':
editUser(intval($cid[0]), $option);
break;
case 'editA':
editUser($id, $option);
break;
case 'save':
case 'apply':
saveUser($option, $task);
break;
case 'remove':
removeUsers($cid, $option);
break;
case 'block':
changeUserBlock($cid, 1, $option);
break;
case 'unblock':
changeUserBlock($cid, 0, $option);
break;
case 'logout':
function process_post()
{
/* We switch according to the $_POST[action] variable, which is a hidden
* submit formfield in each <form>. see html/add*.txt for more information.
*/
switch ("{$_POST['action']}") {
/*
* Add new user. We wont touch that here. Let auth() handle that.
*/
case "newuser":
addNewUser();
break;
/*
* Update to the about box in profiles.
*/
/*
* Update to the about box in profiles.
*/
case "modprofile":
modProfile();
break;
/*
* Change password. We wont touch that here. Let auth() handle that.
*/
/*
* Change password. We wont touch that here. Let auth() handle that.
*/
case "changepw":
changePassword();
break;
/*
* Change email.
*/
/*
* Change email.
*/
case "changeemail":
changeEmail();
break;
/*
* Change can view preferences.
*/
/*
* Change can view preferences.
*/
case "changecanpage":
changeCanPrefs();
break;
/*
* Update API Key
*/
/*
* Update API Key
*/
case "update_api":
global $MySelf;
$api = new api($MySelf->getID());
if ($_POST[deleteKey]) {
// Delete api Key
$api->deleteApiKey();
makeNotice("Your API key has been delete from the database.", "notice", "API Key wipe success", "index.php?action=preferences");
} else {
// Update api key
$api->setApiKey($_POST[apiID], $_POST[apiKey]);
makeNotice("Your new API key has been stored.", "notice", "API Key update success", "index.php?action=preferences");
}
break;
/*
* Add a Rank
*/
/*
* Add a Rank
*/
case "addnewrank":
addRank();
break;
/*
* Edit the ranks
*/
/*
* Edit the ranks
*/
case "editranks":
editRanks();
break;
/*
* Change opt-in status.
*/
/*
* Change opt-in status.
*/
case "optIn":
toggleOptIn();
break;
/*
* Change See Inoffical Runs Setting (sir)
*/
/*
* Change See Inoffical Runs Setting (sir)
*/
case "sirchange":
sirchange();
break;
/*
* Submiting a template change form
*/
/*
* Submiting a template change form
*/
case "editTemplate":
editTemplate();
break;
/*
* Change ore value.
*/
/*
* Change ore value.
*/
case "changeore":
changeOreValue();
break;
/*
* Change ship value.
*/
/*
* Change ship value.
*/
case "changeship":
changeShipValue();
break;
/*
* Delete pending payout request
*/
/*
* Delete pending payout request
*/
case "deleteRequest":
deletePayoutRequest();
break;
/*
* Modify online time.
*/
/*
* Modify online time.
*/
case "modonlinetime":
modOnlineTime();
break;
/*
* Modify site settings.
*/
/*
* Modify site settings.
*/
case "configuration":
modConfiguration();
break;
/*
* Add an event to the DB
*/
/*
* Add an event to the DB
*/
case "addevent":
addEventToDB();
break;
/*
* Request payout.
*/
/*
* Request payout.
*/
case "requestPayout":
requestPayout();
break;
/*
* Transfer Money
*/
/*
* Transfer Money
*/
case "transferMoney":
transferMoney();
break;
/*
* Do the payouts
*/
/*
* Do the payouts
*/
case "payout":
doPayout();
break;
/*
* Create a new can in the Database.
*/
/*
* Create a new can in the Database.
*/
case "addcan":
addCanToDatabase();
break;
/*
* Admin request to change a user.
*/
/*
* Admin request to change a user.
*/
case "edituser":
editUser();
break;
/*
* AddRun
* This adds a new run to the database.
*/
/*
* AddRun
* This adds a new run to the database.
*/
case "addrun":
addRun();
break;
/*
* Analog to AddRun, just for Hauls.
*/
/*
* Analog to AddRun, just for Hauls.
*/
case "addhaul":
addHaul();
break;
/*
* Create a new transaction.
*/
/*
* Create a new transaction.
*/
case "transaction":
createTransaction();
break;
/*
* Lotto stuff
*/
/*
* Lotto stuff
*/
case "editLottoTickets":
lotto_editCreditsInDB();
break;
case "createDrawing":
lotto_createDrawing();
break;
case "lottoBuyCredits":
lotto_buyTickets();
break;
}
}
$action = $_POST['action'];
switch ($action) {
case 'getAllUsersDT':
echo getAllUsersDT();
break;
case 'deleteUser':
$id = $_POST['id'];
echo deleteUser($id);
break;
case 'editUser':
$id = $_POST['id'];
$name = $_POST['name'];
$login = $_POST['login'];
$pass = $_POST['pass'];
$valid = $_POST['valid'];
echo editUser($id, $name, $login, $pass, $valid);
break;
case 'createUser':
$name = $_POST['name'];
$login = $_POST['login'];
$pass = $_POST['pass'];
$valid = $_POST['valid'];
echo createUser($name, $login, $pass, $valid);
break;
}
}
function getAllUsersDT()
{
global $bdd, $_TABLES;
if (!is_null($bdd) && !is_null($_TABLES)) {
$content = '<thead>';
function editUser() {
empty($_POST['password_field']) ? $password = "" : $password = "******".md5($_POST['password_field'])."'," ;
$sql = "UPDATE ".TB_PREFIX."user
SET
email = :email,
$password
role_id = :role,
enabled = :enabled
WHERE
id = :id
";
return dbQuery($sql, ':email',$_POST['email'], ':role',$_POST['role'], ':enabled',$_POST['enabled'], ':id',$_POST['id']);
}
if( editUser() ) {
$saved = true;
}
}
$smarty -> assign('saved',$saved);
$smarty -> assign('pageActive', 'user');
$smarty -> assign('active_tab', '#people');
$smarty -> assign('errm',$errm[2])
?>
$user = getUserById($_GET['id']);
// Si l'utilisateur n'existe pas, on repasse en mode ajout
if ($user === false) {
$editMode = false;
}
// On verifie si l'utilisateur essaie de s'auto-modifier ou si c'est un admin
if ($user['user_id'] != userID() && !userIsAdmin()) {
abort('Vous n\'avez pas le droit de modifier cet utilisateur');
}
}
// Gestion de l'envoi du formulaire
if (verifyKeysIn($_POST, 'submit')) {
// Si les champs du formulaire sont valides
if (verifyKeysIn($_POST, 'name', 'fname', 'mail', 'username', 'pwd', 'birth', 'desc')) {
if ($editMode) {
editUser($_GET['id'], $_POST['name'], $_POST['fname'], $_POST['mail'], $_POST['username'], $_POST['pwd'], $_POST['birth'], $_POST['desc']);
} else {
insertUser($_POST['name'], $_POST['fname'], $_POST['mail'], $_POST['username'], $_POST['pwd'], $_POST['birth'], $_POST['desc']);
}
// Retour à la liste des utilisateurs
redirect('list-users.php');
} else {
$errors[] = "Il manque des champs dans le formulaire";
}
}
function userValueOrEmpty($key)
{
global $user;
if ($user === false) {
return '';
}
case "CreateUser":
CreateUser();
break;
case "addUser":
$newUser = getRequestVar('newUser');
$pass1 = getRequestVar('pass1');
$userType = getRequestVar('userType');
addUser($newUser, $pass1, $userType);
break;
case "deleteUser":
$user_id = getRequestVar('user_id');
deleteUser($user_id);
break;
case "editUser":
$user_id = getRequestVar('user_id');
editUser($user_id);
break;
case "updateUser":
$user_id = getRequestVar('user_id');
$org_user_id = getRequestVar('org_user_id');
$pass1 = getRequestVar('pass1');
$userType = getRequestVar('userType');
$hideOffline = getRequestVar('hideOffline');
updateUser($user_id, $org_user_id, $pass1, $userType, $hideOffline);
break;
case "configSettings":
configSettings();
break;
case "updateConfigSettings":
if (!array_key_exists("debugTorrents", $_REQUEST)) {
$_REQUEST["debugTorrents"] = false;
function renew($username, $client)
{
try {
$user = find_user($username, $client)->return;
$user->status = STATUS_NEW;
$user->password = "******";
editUser($user, $client);
return generateCert($username, $client);
} catch (Exception $e) {
var_dump($e);
exit(1);
}
}
$password = trim($_POST['password']);
$required = array("username", "password");
foreach ($required as $require) {
$value = trim($_POST[$require]);
if (!has_value($value)) {
if ($require == 'password') {
$errors[$require] = "Please type in your password to save your changes.";
} else {
$errors[$require] = ucfirst($require) . " can't be blank.";
}
}
}
$max_lengths = array("firstname" => 15, "lastname" => 8, "username" => 15);
max_length($max_lengths);
if (empty($errors)) {
$updateuser = editUser($id, $firstname, $lastname, $username, $password);
$message = $updateuser;
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="UTF-8">
<title>EDFC | Admin - Edit a User</title>
<link rel="stylesheet" href="../css/normalize.css"/>
<link rel="stylesheet" href="../css/foundation.css" />
<link href='https://fonts.googleapis.com/css?family=Montserrat:400,700' rel='stylesheet' type='text/css'>
<link rel="stylesheet" href="css/main.css"/>
</head>
<body>
if (!($fp = fopen('/etc/squid3/basic.passwd', 'w+'))) {
print "Cannot open file (" . $fileName . ")";
exit;
}
if ($fp) {
foreach ($fileName as $line) {
fwrite($fp, $line);
}
fclose($fp);
}
}
// function for encrypting password
function htpasswd($pass)
{
$pass = crypt(trim($pass), base64_encode(CRYPT_STD_DES));
return $pass;
}
if (isset($_POST['changePass'])) {
editUser($_POST['uname'], $_POST['pass']);
}
if (isset($_POST['delete'])) {
delUser($_POST['uname']);
}
$out = "\n<html>\n<body>\n<table>\n";
$users = showUser();
foreach ($users as $user) {
$out .= "\n\t<tr><td>" . $user['username'] . "</td><td>" . $user['password'] . "</td>\n\t<td>\n\t<form action=" . $_SERVER['PHP_SELF'] . " method=post name=delUserForm id=delUserForm>\n\t\t<input type=hidden name=uname value=" . $user['username'] . " />\n\t\t<input type=submit name=delete value=delete />\n\t</form>\n\t</td>\n\t</tr>\n";
}
$out .= "\n</table>\n<table>\n<form action=" . $_SERVER['PHP_SELF'] . " method=post name=squidUserForm id=squidUserForm>\n\t<tr><td>Username:</td><td align=left><input name=uname type=text size=20 /></td></tr>\n\t<tr><td>Password:</td><td align=left><input name=pass type=pass size=20 /></td></tr>\n\t<tr><td colspan=2><input type=submit name=changePass value=Change /></td></tr>\n</form>\n</table>\n";
$out .= "\n</body>\n</html>";
print $out;
$mes = editProv($where);
} elseif ($act == "delProv") {
$where = "id={$id}";
$mes = delProv($where);
} elseif ($act == "addCity") {
$mes = addCity();
} elseif ($act == "editCity") {
$where = "id={$id}";
$mes = editCity($where);
} elseif ($act == "delCity") {
$where = "id={$id}";
$mes = delCity($where);
} elseif ($act == "addUser") {
$mes = addUser();
} elseif ($act == "editUser") {
$mes = editUser($id);
} elseif ($act == "delUser") {
$mes = delUser($id);
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Insert title here</title>
</head>
<body>
<?php
if ($mes) {
echo $mes;
* Auteur : Romain Maillard
* Date : 28.09.2015
* But: Permet d'éditer les informations d'un utilisateur
*/
session_start();
// Inclusion fichier de fonction.
require_once "include/fonction.php";
// V?rifie si l'utilisateur est d?j? connect? sinon le redirige vers signin.php.
if (!isConnected()) {
header('Location: signout.php');
}
if ($_SESSION['role'] != 2) {
header('Location: index.php');
}
if (isset($_POST['ok'])) {
if (!editUser($_POST['iduser'], $_POST['password'], $_POST['passwordretape'], $_POST['active'], $_POST['role'])) {
echo "<script>alert('Edit failed');</script>";
} else {
unset($_SESSION['iduser']);
header('Location: admin.php');
}
}
// ***************************************************************************
?>
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
require_once 'hortapp-core/hortapp.user.php';
require_once 'hortapp-core/hortapp.regexp.php';
$login = filter_input(INPUT_GET, 'login', FILTER_VALIDATE_REGEXP, $regexpAlphanumeric);
//echo "login: $login";
$password = filter_input(INPUT_GET, 'password', FILTER_VALIDATE_REGEXP, $regexpPassword);
//echo "password: $password";
$newPasword = filter_input(INPUT_GET, 'newPasword', FILTER_VALIDATE_REGEXP, $regexpAlphanumeric);
//echo "newPasword: $newPasword";
$newPasword2 = filter_input(INPUT_GET, 'newPasword2', FILTER_VALIDATE_REGEXP, $regexpAlphanumeric);
//echo "newPasword2: $newPasword2";
$email = filter_input(INPUT_GET, 'email', FILTER_VALIDATE_REGEXP, $regexpAlphanumeric);
//echo "email: $email";
if ($password) {
$msg = array();
if (strcmp($newPassword, $newPassword2) == 0) {
$res = editUser($login, $password, $newPasword, $email);
if (is_array($res)) {
//success
$msg = $res;
$msg['success'] = true;
} else {
switch ($res) {
case 0:
$msg = array('success' => 'Dades actualitzades correctament');
break;
case 1:
$msg = array('error' => 'Actualització no realitzada. Intenta-ho més endavant');
break;
case 2:
$msg = array('error' => 'Error amb la BD');
break;
}
$result = dbQuery("UPDATE [db]users SET status = -1 WHERE user_id = {$uid}");
if (!$result) {
$msg = "Database Error: {$ax['usr_not_deleted']}";
break;
}
$msg = $ax['usr_deleted'];
} while (false);
return $msg;
}
//Control logic
if ($privs >= 4) {
//manager or admin
$msg = '';
if (isset($_POST['addExe'])) {
$msg = addUser();
} elseif (isset($_POST['updExe'])) {
$msg = updateUser();
} elseif (isset($_GET['delExe'])) {
$msg = deleteUser();
}
echo "<p class='error'>{$msg}</p>\n\t\t<div class='scrollBoxAd'>\n\t\t<div class='centerBox'>\n";
if ($editUser != 'y' or isset($_POST["back"])) {
showUsers();
} else {
editUser($uid);
}
echo "</div>\n</div>\n";
} else {
echo "<p class='error'>{$ax['no_way']}</p>\n";
}
</div>
</div>
<div class="divider"></div><br>
<div class="row">
<div class="col s12">
<p class="center-align">
<button class="btn btn-block waves-effect waves-light" type="submit" name="delete">Delete</button>
</p>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
<?php
}
}
if (isset($_POST['edit'])) {
editUser($_POST['firstname'], $_POST['lastname'], $_POST['address'], $_POST['town'], $_POST['country'], $_POST['postcode'], $_POST['email'], $_POST['username']);
$_SESSION['edit-user'] = '******';
header("location:user-page.php?page=" . $_GET['page']);
}
if (isset($_POST['delete'])) {
removeUser($_POST['username']);
$_SESSION['delete-user'] = '******';
header("location:user-page.php?page=" . $_GET['page']);
}
?>
<script src="../js/jquery-2.1.1.min.js"></script>
function confirmUser($_POST)
{
extract($_POST);
# validate input
require_lib("validate");
$v = new validate();
$v->isOk($oldusrnme, "string", 1, 20, "Invalid old username.");
$v->isOk($username, "string", 1, 20, "Invalid username.");
$v->isOk($chgpass, "string", 2, 3, "Tempering with 'change pass' detected.");
# change to upper case
$chgpass = strtoupper($chgpass);
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "<li class='err'>" . $e["msg"] . "</li>";
}
$theseErrors .= "\n\t\t\t<p>\n\t\t\t<input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>Quick Links</th>\n\t\t\t\t</tr>\n\t\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t\t</table>";
return $theseErrors;
}
$OUTPUT = "";
db_conn("cubit");
if ($chgpass == "YES") {
$v->isOk($password, "string", 1, 20, "Invalid password.");
$v->isOk($password2, "string", 1, 20, "Invalid password.");
$v->pwMatch($password, $password2, "Passwords do not match.");
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "<li class='err'>" . $e["msg"] . "</li>";
}
$theseErrors .= "<p><input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>";
return $theseErrors;
}
# make MD#5 of new password
$MD5_PASS = md5($password);
} else {
$sql = db_exec("SELECT password FROM users WHERE username='******'");
if (pg_num_rows($sql) < 1) {
errDie("No such user :/", SELF);
}
$MD5_PASS = pg_result($sql, 0, 0);
}
$_POST['MD5_PASS'] = $MD5_PASS;
$_POST['empnum'] = $empnum;
$_POST['tool'] = $tool;
// write user
$OUTPUT .= writeUser($_POST);
db_connect();
#we only remove the department that the user selected ...
$get_dept_scripts = "SELECT script FROM deptscripts WHERE dept = '{$old_dept}'";
$run_dept_scripts = db_exec($get_dept_scripts) or errDie("Unable to get department script information.");
if (pg_numrows($run_dept_scripts) < 1) {
#no scripts for this department
} else {
while ($ddarr = pg_fetch_array($run_dept_scripts)) {
$Sql = "DELETE FROM userscripts WHERE username='******' AND script = '{$ddarr['script']}'";
$Ex = db_exec($Sql) or errDie("Unable to clear old user script permissions.");
}
}
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'top_menu.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'getimg.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary-day.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary-day.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'todo.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index_die.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index-services.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
#add permissions from this department
if (isset($perm) and $perm != '') {
foreach ($perm as $key => $value) {
$sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$value}', '" . USER_DIV . "')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
#add whole department if they were selected
if (isset($deps)) {
foreach ($deps as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$depscr['script']}', '" . USER_DIV . "')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
}
#remove whole departments if they were selected
if (isset($depsrem)) {
foreach ($depsrem as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "DELETE FROM userscripts WHERE username='******' AND script='{$depscr['script']}'";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
}
// Provide some info on status
$OUTPUT = "\n\t\t<table " . TMPL_tblDflts . " width='50%'>\n\t\t\t<tr>\n\t\t\t\t<th>Committed changes to user</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>User, {$username}, was successfully edited.</td>\n\t\t\t</tr>\n\t\t</table>";
$OUTPUT .= editUser($_POST);
return $OUTPUT;
}
function editUserData()
{
$id = intval($_POST['id']);
if ($id == 0) {
die("error");
}
$origin = intval($_POST['origin']);
$status = intval($_POST['status']);
$getmail = $_POST['getmail'] === "true" ? 1 : 0;
if (isset($_SESSION['superadmin']) || isset($_SESSION['admin']) && getUserStatus($id) < 2 && $status < 2) {
echo editUser($id, $origin, $status, $_POST['username'], $_POST['password'], $_POST['email'], $_POST['fullname'], $getmail);
} else {
die("error");
}
}
if (!$deleted) {
$msg = "Database Error: {$ax['usr_not_deleted']}";
break;
}
$msg = $ax['usr_deleted'];
} while (false);
return $msg;
}
//Control logic
if ($privs >= 4) {
//manager or admin
$msg = '';
if (isset($_POST['addExe'])) {
$msg = addUser($user);
} elseif (isset($_POST['updExe'])) {
$msg = updateUser($user);
} elseif (isset($_GET['delExe'])) {
$msg = deleteUser($user);
}
echo "<p class='error'>{$msg}</p>\n\t\t<div class='scrollBoxAd'>\n\t\t<div class='centerBox'>\n";
if (!$mode or isset($_POST["back"])) {
showUsers();
//no add / no edit
} else {
editUser($user);
//add or edit
}
echo "</div>\n</div>\n";
} else {
echo "<p class='error'>{$ax['no_way']}</p>\n";
}
// update user
if ($_SERVER['REQUEST_METHOD'] == 'PUT') {
$error = array();
$post = json_decode(file_get_contents("php://input"), true);
// TODO:: Validate post
if (!isset($post['email']) || empty($post['email']) || !filter_var($post['email'], FILTER_VALIDATE_EMAIL)) {
$error[] = 'E-posta adresinizi kontrol ediniz.';
}
if (!isset($post['password']) || empty($post['password'])) {
$error[] = 'Şifrenizi kontrol ediniz.';
}
if (isset($error) && !empty($error) && is_array($error)) {
header('HTTP/1.1 405 Reset Content');
Output::error($error);
} else {
$result = editUser($user_id, $post);
}
}
// delete user
if ($_SERVER['REQUEST_METHOD'] == 'DELETE') {
$result = deleteUser($user_id);
}
// get user
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
$result = getUser($user_id);
}
// if method does not found
if (!$result) {
$data = 'Tekrar deniyiniz!';
header('HTTP/1.1 405 Reset Content');
Output::error($data);
<?php
DEFINE('INCLUDE_CHECK', 1);
require_once 'lib/connections/db.php';
include 'lib/functions/functions.php';
checkLogin('2');
// we check if everything is filled in and perform checks
if ($_POST['phone'] && !validateNumeric($_POST['phone'])) {
die(msg(0, "Phone numbers must be of numeric type only."));
}
if ($_POST['email'] && validateEmail($_POST['email'])) {
die(msg(0, "Invalid Email!"));
}
if ($_POST['email'] && uniqueEmail($_POST['email'])) {
die(msg(0, "Email already in database. Please select another email address."));
}
$res = editUser($_SESSION['user_id'], $_POST['email'], $_POST['first_name'], $_POST['last_name'], $_POST['dialing_code'], $_POST['phone'], $_POST['city'], $_POST['country']);
if ($res == 4) {
die(msg(0, "An internal error has occured. Please contact the site admin!"));
}
if ($res == 99) {
die(msg(1, "Profile updated successfully!"));
}
function msg($status, $txt)
{
return '{"status":' . $status . ',"txt":"' . $txt . '"}';
}
$reponse = getComm();
} else {
if ($action == 'supprComm') {
$reponse = supprComm();
} else {
if ($action == 'listUser') {
$reponse = listUser();
} else {
if ($action == 'ajoutUser') {
$reponse = ajoutUser();
} else {
if ($action == 'supprUser') {
$reponse = supprUser();
} else {
if ($action == 'editUser') {
$reponse = editUser();
} else {
if ($action == 'listeTemplates') {
$reponse = listeTemplates();
} else {
if ($action == 'validConfTemplate') {
$reponse = validConfTemplate();
}
}
}
}
}
}
}
}
}
