Esempio n. 1
0
function ProcessUserRemove()
{
    global $database;
    global $current_user;
    global $can_delete_users;
    $result = new UserRemoveResult();
    // only allow users with the required privileges to delete users
    if (!$can_delete_users) {
        $result->success = false;
        $result->error_message = "Your user account does not have sufficient priviledges to delete users.";
        return $result;
    }
    // verify the username has been set
    if (!isset($_POST["user_remove"]) || empty($_POST["user_remove"])) {
        $result->success = false;
        $result->error_message = "No username to remove provided.";
        return $result;
    }
    $result->user_name = $_POST["user_remove"];
    // prevent the currently signed in user from being removed
    if ($result->user_name === $current_user) {
        $result->success = false;
        $result->error_message = "You cannot remove the currently logged in user.";
        return $result;
    }
    // if the user removal has been confirmed, remove the user from the database
    $result->removal_confirmed = isset($_POST["user_remove_confirm"]);
    if ($result->removal_confirmed) {
        // check that the user account exists in the database
        $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
        $user_read->ExecuteQuery(array($result->user_name));
        if (!$user_read->MoveNext()) {
            $result->success = false;
            $result->error_message = "Matching username not found in the database.";
            return $result;
        }
        // delete the user account from the database
        $sql = "DELETE FROM map_server_users WHERE username = ?";
        $remove_user_query = $database->prepare($sql);
        if ($remove_user_query->execute(array($result->user_name))) {
            print_line_inset("User " . $result->user_name . " removed.<br/>", 2);
        } else {
            print_line_inset("Failed to remove user " . $result->user_name . ".<br/>", 2);
        }
    }
    $result->success = true;
    return $result;
}
Esempio n. 2
0
function ProcessPasswordChange()
{
    global $database;
    global $current_user;
    if (isset($_POST["current_password"]) || isset($_POST["new_password"]) || isset($_POST["repeat_password"])) {
        // get the password variables
        $current_password = null;
        if (!isset($_POST["current_password"]) || empty($_POST["current_password"])) {
            return "Current password not set.<br/>";
        }
        $current_password = $_POST["current_password"];
        $new_password = null;
        if (!isset($_POST["new_password"]) || empty($_POST["new_password"])) {
            return "New password not set.<br/>";
        }
        $new_password = $_POST["new_password"];
        $repeat_password = null;
        if (!isset($_POST["repeat_password"]) || empty($_POST["repeat_password"])) {
            return "Repeated password not set.<br/>";
        }
        $repeat_password = $_POST["repeat_password"];
        // check that the new password was entered correctly
        if ($new_password !== $repeat_password) {
            return "New password does not match the repeated password.<br/>";
        }
        // get the current users database entry
        $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
        $user_read->ExecuteQuery(array($current_user));
        if (!$user_read->MoveNext()) {
            return "Failed to get current user account from the database.<br/>";
        }
        // check that the provided password matches the current users password
        $password_hash = new PasswordHash(8, true);
        if (!$password_hash->CheckPassword($current_password, $user_read->password_hash)) {
            return "Incorrect password provided.<br/>";
        }
        $user_update = new UserUpdate($database, "UPDATE `map_server_users` SET {0} WHERE username = ?");
        $user_update->username = $user_read->username;
        $user_update->password_hash = $password_hash->HashPassword($new_password);
        $user_update->map_database_permissions = $user_read->map_database_permissions;
        $user_update->user_control_permissions = $user_read->user_control_permissions;
        $user_update->ExecuteQuery(array($user_read->username));
        return "Changes saved.<br/>";
    }
    return null;
}
Esempio n. 3
0
function ProcessUserAdd()
{
    global $database;
    global $can_create_users;
    $result = new UserAddResult();
    if (!$can_create_users) {
        $result->success = false;
        $result->error_message = "Your user account does not have sufficient priviledges to add new users.";
        return $result;
    }
    $result->user_name = "";
    $result->user_can_create_map_entry = false;
    $result->user_can_delete_map_entry = false;
    $result->user_can_edit_map_entry = false;
    $result->user_can_create_users = false;
    $result->user_can_delete_users = false;
    $result->user_can_edit_users = false;
    if (isset($_POST['user_add_username'])) {
        $result->user_name = $_POST['user_add_username'];
        $result->user_can_create_map_entry = isset($_POST['user_add_can_create_map_entry']);
        $result->user_can_delete_map_entry = isset($_POST['user_add_can_delete_map_entry']);
        $result->user_can_edit_map_entry = isset($_POST['user_add_can_edit_map_entry']);
        $result->user_can_create_users = isset($_POST['user_add_can_create_users']);
        $result->user_can_delete_users = isset($_POST['user_add_can_delete_users']);
        $result->user_can_edit_users = isset($_POST['user_add_can_edit_users']);
        print_line_inset("<h3>Output</h3>", 2);
        if (empty($result->user_name)) {
            print_line_inset("No username set.<br/><br/>", 2);
        } else {
            $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
            $user_read->ExecuteQuery(array($result->user_name));
            if ($user_read->MoveNext()) {
                print_line_inset("An account with that username already exists.<br/><br/>", 2);
            } else {
                // generate a random password for the new user account
                $result->user_password = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 8);
                $user_write = new UserWrite($database, "INSERT INTO `map_server_users` ({0}) VALUES ({1})");
                $password_hash = new PasswordHash(8, true);
                $user_write->username = $result->user_name;
                $user_write->password_hash = $password_hash->HashPassword($result->user_password);
                if ($result->user_can_create_map_entry) {
                    $user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
                }
                if ($result->user_can_delete_map_entry) {
                    $user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
                }
                if ($result->user_can_edit_map_entry) {
                    $user_write->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
                }
                if ($result->user_can_create_users) {
                    $user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
                }
                if ($result->user_can_delete_users) {
                    $user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
                }
                if ($result->user_can_edit_users) {
                    $user_write->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
                }
                $user_write->ExecuteQuery(NULL);
                print_line_inset("New user added!<br/>", 2);
                print_line_inset("Username: "******"<br/>", 2);
                print_line_inset("Password: "******"<br/>", 2);
                print_line_inset("<br/>", 2);
                print_line_inset("This password is randomly generated and should be changed by the user.<br/>", 2);
                print_line_inset("<br/>", 2);
            }
        }
    }
    $result->success = true;
    return $result;
}
Esempio n. 4
0
<?php 
if ($can_edit_users) {
    ?>
				<th></th>
<?php 
}
if ($can_delete_users) {
    ?>
				<th></th>
<?php 
}
?>
			</tr>
<?php 
// iterate through all users in the database
$user_reader = new UserRead($database, "SELECT {0} FROM `map_server_users`");
$user_reader->ExecuteQuery(NULL);
while ($user_reader->MoveNext()) {
    // get the users details
    $username = $user_reader->username;
    $map_database_permissions = "";
    if ($user_reader->map_database_permissions == AccessPermissions::ACCESS_PERMISSIONS_NONE) {
        $map_database_permissions = "None";
    } else {
        if (AccessPermissions::ACCESS_PERMISSIONS_CREATE == ($user_reader->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE)) {
            $map_database_permissions .= "Create ";
        }
        if (AccessPermissions::ACCESS_PERMISSIONS_DELETE == ($user_reader->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE)) {
            $map_database_permissions .= "Delete ";
        }
        if (AccessPermissions::ACCESS_PERMISSIONS_EDIT == ($user_reader->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT)) {
Esempio n. 5
0
function ProcessUserEdit()
{
    global $database;
    global $current_user;
    global $can_edit_users;
    $result = new UserEditResult();
    // only allow users with the required privileges to delete users
    if (!$can_edit_users) {
        $result->success = false;
        $result->error_message = "Your user account does not have sufficient priviledges to edit users.";
        return $result;
    }
    // verify the username has been set
    if (!isset($_POST["user_edit"]) || empty($_POST["user_edit"])) {
        $result->success = false;
        $result->error_message = "No username to edit provided.";
        return $result;
    }
    $result->user_name = $_POST["user_edit"];
    // prevent the currently signed in user from being edited
    if ($result->user_name === $current_user) {
        $result->success = false;
        $result->error_message = "You cannot edit the currently logged in user.";
        return $result;
    }
    $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
    $user_read->ExecuteQuery(array($result->user_name));
    if (!$user_read->MoveNext()) {
        $result->success = false;
        $result->error_message = "Unable to find user in database.";
        return $result;
    }
    $result->user_can_create_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE) == AccessPermissions::ACCESS_PERMISSIONS_CREATE;
    $result->user_can_delete_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE) == AccessPermissions::ACCESS_PERMISSIONS_DELETE;
    $result->user_can_edit_map_entry = ($user_read->map_database_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT) == AccessPermissions::ACCESS_PERMISSIONS_EDIT;
    $result->user_can_create_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_CREATE) == AccessPermissions::ACCESS_PERMISSIONS_CREATE;
    $result->user_can_delete_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_DELETE) == AccessPermissions::ACCESS_PERMISSIONS_DELETE;
    $result->user_can_edit_users = ($user_read->user_control_permissions & AccessPermissions::ACCESS_PERMISSIONS_EDIT) == AccessPermissions::ACCESS_PERMISSIONS_EDIT;
    if (isset($_POST['user_edit_save'])) {
        $result->user_can_create_map_entry = isset($_POST['user_edit_can_create_map_entry']);
        $result->user_can_delete_map_entry = isset($_POST['user_edit_can_delete_map_entry']);
        $result->user_can_edit_map_entry = isset($_POST['user_edit_can_edit_map_entry']);
        $result->user_can_create_users = isset($_POST['user_edit_can_create_users']);
        $result->user_can_delete_users = isset($_POST['user_edit_can_delete_users']);
        $result->user_can_edit_users = isset($_POST['user_edit_can_edit_users']);
        $user_update = new UserUpdate($database, "UPDATE `map_server_users` SET {0} WHERE username = ?");
        $user_update->username = $user_read->username;
        $user_update->password_hash = $user_read->password_hash;
        $user_update->map_database_permissions = AccessPermissions::ACCESS_PERMISSIONS_NONE;
        $user_update->user_control_permissions = AccessPermissions::ACCESS_PERMISSIONS_NONE;
        if ($result->user_can_create_map_entry) {
            $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
        }
        if ($result->user_can_delete_map_entry) {
            $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
        }
        if ($result->user_can_edit_map_entry) {
            $user_update->map_database_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
        }
        if ($result->user_can_create_users) {
            $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_CREATE;
        }
        if ($result->user_can_delete_users) {
            $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_DELETE;
        }
        if ($result->user_can_edit_users) {
            $user_update->user_control_permissions |= AccessPermissions::ACCESS_PERMISSIONS_EDIT;
        }
        $user_update->ExecuteQuery(array($user_read->username));
        print_line_inset("<h3>Output</h3>", 2);
        print_line_inset("Changes saved.<br/><br/>", 2);
    }
    $result->success = true;
    return $result;
}
Esempio n. 6
0
 function LogIn($username, $password)
 {
     $config = LoadConfig();
     $database = OpenDatabase($config->map_database->data_source_name, $config->map_database->username_readonly, $config->map_database->password_readonly);
     $user_read = new UserRead($database, "SELECT {0} FROM `map_server_users` WHERE username = ?");
     $user_read->ExecuteQuery(array($username));
     if (!$user_read->MoveNext()) {
         return false;
     }
     $password_hash = new PasswordHash(8, true);
     if ($password_hash->CheckPassword($password, $user_read->password_hash)) {
         $this->is_logged_in = true;
         $user = new User();
         $user->username = $user_read->username;
         $user->user_control_permissions = $user_read->user_control_permissions;
         $user->map_database_permissions = $user_read->map_database_permissions;
         $this->logged_in_user = $user;
     } else {
         $this->is_logged_in = false;
         $this->logged_in_user = null;
     }
     $database = null;
     return $this->is_logged_in;
 }