function SaveUser() { global $connection, $config; if (isset($_POST["original_user"])) { include "../core/libs/phpass.php"; if ($_POST["original_user"] == "new_user") { $hasher = new PasswordHash($config->hash_cost_log2, $config->hash_portable); $user = $connection->escape_string($_POST["user"]); $name = $connection->escape_string($_POST["name"]); $email = $connection->escape_string($_POST["email"]); $password = $connection->escape_string($_POST["password"]); $space = $connection->escape_string($_POST["space"]); $hash = $hasher->HashPassword($password); if ($_POST["active"] == true) { $active = 1; } else { $active = 0; } if (mkdir("../" . $config->plugin_notes_engine_fpath . "/" . $user)) { $request = "INSERT INTO teachers_users (user,password,name,email,active,max_user_space) VALUES ('{$user}','{$hash}','{$name}','{$email}','{$active}',{$space})"; $connection->query($request); echo "<script> window.location.href = 'index.php?module=notes-engine'; </script>"; } else { echo "Error creating directory: " . "../" . $config->plugin_notes_engine_fpath . "/" . $user; } } elseif ($_POST["original_user"] == "delete_user") { $user = $connection->escape_string($_POST["user"]); if (delTree("../" . $config->plugin_notes_engine_fpath . "/" . $user)) { deleteVFSFolder($user); $request = "DELETE FROM teachers_users WHERE user='******'"; $connection->query($request); echo "<script> window.location.href = 'index.php?module=notes-engine'; </script>"; } else { echo "I/O error while deleting folder tree"; } } else { $user = $connection->escape_string($_POST["user"]); $name = $connection->escape_string($_POST["name"]); $email = $connection->escape_string($_POST["email"]); $password = $connection->escape_string($_POST["password"]); $space = $connection->escape_string($_POST["space"]); if ($_POST["active"] == true) { $active = 1; } else { $active = 0; } $request = "UPDATE teachers_users SET max_user_space='{$space}',name='{$name}',email='{$email}',active='{$active}' WHERE user='******'"; $connection->query($request); if ($password != "") { $hasher = new PasswordHash($config->hash_cost_log2, $config->hash_portable); $hash = $hasher->HashPassword($password); $request = "UPDATE teachers_users SET password='******' WHERE user='******'"; $connection->query($request); } echo "<script> window.location.href = 'index.php?module=notes-engine'; </script>"; } } elseif (isset($_POST["action"])) { switch ($_POST["action"]) { case "enable": $data = $connection->escape_string($_POST["users"]); $users = explode(",", $data); $command = "UPDATE teachers_users SET active=1 WHERE user IN ('"; $command .= implode("','", $users); $command .= "')"; $result = $connection->query($command); header('Content-Type: text/plain; charset=utf-8'); echo "success"; break; case "disable": $data = $connection->escape_string($_POST["users"]); $users = explode(",", $data); $command = "UPDATE teachers_users SET active=0 WHERE user IN ('"; $command .= implode("','", $users); $command .= "')"; $result = $connection->query($command); header('Content-Type: text/plain; charset=utf-8'); echo "success"; break; case "delete": $data = $connection->escape_string($_POST["users"]); $users = explode(",", $data); $command = "DELETE FROM teachers_users WHERE user IN ('"; $command .= implode("','", $users); $command .= "')"; foreach ($users as $user) { if (delTree("../" . $config->plugin_notes_engine_fpath . "/" . $user)) { deleteVFSFolder($user); } else { echo "I/O error while deleting folder tree -> <b>aborted multiple operation: verify system integrity!</b>"; return; } } $connection->query($command); header('Content-Type: text/plain; charset=utf-8'); echo "success"; break; } } else { die("Invalid user name (original_user=null)!"); //TODO: better error messages } }
function deleteVFSFolder($id) { global $connection; $request = "SELECT * FROM notes_vfs WHERE parent = '{$id}'"; $result = $connection->query($request); while ($line = $result->fetch_assoc()) { deleteVFSFolder($line["id"]); } $request = "DELETE FROM notes_vfs WHERE id = '{$id}'"; $connection->query($request); }