-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathusers.php
More file actions
342 lines (317 loc) · 11.4 KB
/
users.php
File metadata and controls
342 lines (317 loc) · 11.4 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
<?php
include("inc/startup.php");
if(!isLoggedIn())
{
$_SESSION['REAL_REFERRER'] = $_SERVER['REQUEST_URI'];
header("Location: login.php");
die;
}
if($_GET['debug'])
{
print_r($_SERVER);
}
if($_SESSION['role'] != "admin")
{
header("Location: 403.php");
die;
}
?>
<!DOCTYPE html>
<html lang="en-us">
<head>
<?php $tpl->title = APP_NAME . " - User Management"; include("templates/core/head.tpl.php"); ?>
</head>
<body <?php if($_SESSION['minify'] == true) { echo 'class="desktop-detected pace-done minified"'; } else { echo 'class=""';} ?>>
<a name="top"></a>
<!-- HEADER -->
<header id="header">
<?php include("templates/core/header.tpl.php"); ?>
</header>
<!-- END HEADER -->
<!-- Left panel : Navigation area -->
<!-- Note: This width of the aside area can be adjusted through LESS variables -->
<?php include("templates/nav/left.tpl.php"); ?>
<!-- END NAVIGATION -->
<!-- MAIN PANEL -->
<div id="main" role="main">
<!-- RIBBON -->
<div id="ribbon">
<!-- breadcrumb -->
<ol class="breadcrumb">
<li><a href="index.php">Home</a></li><li>User Management</li>
</ol>
<!-- end breadcrumb -->
</div>
<!-- END RIBBON -->
<!-- MAIN CONTENT -->
<div id="content">
<div class="row">
<div class="col-xs-12 col-sm-7 col-md-7 col-lg-4">
<?php if(!$_GET['username']) { ?>
<h1 class="page-title txt-color-blueDark"><i class="fa-fw fa fa-user"></i> User Management</h1>
<?php } else { ?>
<h1 class="page-title txt-color-blueDark"><i class="fa-fw fa fa-user"></i> User Management <span> > <?php echo htmlspecialchars($_GET['username'])?></span></h1>
<?php } ?>
</div>
</div>
<section id="widget-grid" class="">
<!-- row -->
<div class="row">
<!-- NEW WIDGET START -->
<article class="col-xs-12 col-sm-12 col-md-12 col-lg-12">
<!-- Widget ID (each widget will need unique ID)-->
<div class="jarviswidget jarviswidget-color-blueDark" id="wid-id-x" data-widget-colorbutton="false" data-widget-editbutton="false" data-widget-togglebutton="false" data-widget-deletebutton="false" data-widget-fullscreenbutton="false" data-widget-custombutton="false" data-widget-sortable="false">
<header>
<span class="widget-icon"> <i class="fa fa-align-justify"></i> </span>
<h2>User Management</h2>
</header>
<!-- widget div-->
<div>
<!-- widget edit box -->
<div class="jarviswidget-editbox">
<!-- This area used as dropdown edit box -->
</div>
<!-- end widget edit box -->
<!-- widget content -->
<div class="widget-body <?php if(!$_GET) { echo 'no-';}?>padding">
<div class="widget-body-toolbar">
<div class="btn-group">
<?php if(!$_GET['username'] && !$_GET['delete'] ){ ?>
<a href="users.php?action=add" class="btn btn-primary">Add User</a>
<?php } elseif(!$_GET['username'] && !$_GET['dowhatisay']) { ?>
<a href="users.php?username=<?php echo $_GET['username']?>&delete=true" class="btn btn-danger">Delete this User</a>
<?php } ?>
</div>
</div>
<div class="widget-body-toolbar">
</div>
<?php
if(!$_GET['username'] && !$_GET['action'])
{
renderUserTable();
}
else if($_GET['username']) {
$username = $db->real_escape_string($_GET['username']);
$result = $db->query("SELECT * FROM users WHERE username = '$username'");
if($db->affected_rows < 1)
{
display_error("User not found","This user does not exist");
}
else
{
$tpl = $result->fetch_object();
$uid = $tpl->id;
if(!$_POST)
{
if(!$_GET['delete'])
{
include("templates/user/edit.tpl.php");
}
else
{
if(!$_GET['dowhatisay'])
{
include("templates/user/delete.tpl.php");
include("templates/user/edit.tpl.php");
}
else
{
if($uid == 1)
{
display_error("Error","Initial Admin user cannot be deleted");
}
else
{
checkToken();
$db->query("DELETE FROM users WHERE id = '$uid'");
display_ok("User Removed","This user has been removed");
}
}
}
}
else
{
// [username] => ghei [email] => demo@example.com [password] => [autologinkey] => z5RLAGy27P6B5e4352u4299T2l2dbU5YfnuIX394t5M7F8T4195F [userrole] => user [accessgroup] => Array ( [0] => ALDI [1] => ALDI-18 [2] => GHEI-n15 ) )
//print_r($_POST);
foreach($_POST['accessgroup'] as $group)
{
$accessgroup.= $db->real_escape_string($group) . ",";
}
$accessgroup = substr($accessgroup,0,-1);
if(trim($_POST['password']) != "")
{
$pass = sha1($_POST['password']);
$upass = ",password = '$pass'";
}
$_POST = secureArray($_POST);
$_POST['username'] = $db->real_escape_string($_GET['username']);
$db->query("UPDATE users SET username = '$_POST[username]'$upass,email = '$_POST[email]',retention='$_POST[retention]',userrole='$_POST[userrole]',autologinkey='$_POST[autologinkey]',accessgroup='$accessgroup',apikey='$_POST[apikey]',max_customs='$_POST[maxcustoms]',max_nodes='$_POST[max_nodes]',sms_tickets='$_POST[sms_tickets]',tts_tickets='$_POST[tts_tickets]',eventsallowed='$_POST[eventsallowed]',max_checks='$_POST[max_checks]' WHERE id = $uid");
if($db->affected_rows > 0)
{
display_ok("User Data Updated","Database Update Successfull");
}
else
{
display_error("Database Error","Unable to update database. please try again later");
//echo "UPDATE users SET username = '$_POST[username]'$upass,email = '$_POST[email]',userrole='$_POST[userrole]',autologinkey='$_POST[autologinkey]',accessgroup='$accessgroup',apikey='$_POST[apikey]',max_customs='$_POST[maxcustoms]' WHERE id = $uid";
}
}
}
}
else if($_GET['action'] == "add")
{
if(!$_POST)
{
include("templates/user/add.tpl.php");
}
else
{
// [username] => aldi [email] => aldi@aldi.com [password] => changeme [autologinkey] => [userrole] => user [accessgroup] => Array ( [0] => ALDI [1] => ALDI-12 [2] => ALDI-14 [3] => ALDI-18 [4] => ALDI-8 [5] => ALDI-NIT ) )
foreach($_POST['accessgroup'] as $group)
{
$accessgroup.= $db->real_escape_string($group) . ",";
}
$accessgroup = substr($accessgroup,0,-1);
$pass = sha1($_POST['password']);
$_POST = secureArray($_POST);
$db->query("SELECT * FROM users WHERE username = '$_POST[username]'");
if($db->affected_rows > 0)
{
display_error("User already exist","There is already a user in the database with this username");
include("templates/user/add.tpl.php");
}
else
{
$db->query("INSERT INTO users (username,password,autologinkey,userrole,accessgroup,email,apikey,max_customs,max_nodes,sms_tickets,tts_tickets,retention,eventsallowed,max_checks) VALUES ('$_POST[username]','$pass','$_POST[autologinkey]','$_POST[userrole]','$accessgroup','$_POST[email]','$_POST[apikey]','$_POST[maxcustoms]','$_POST[max_nodes]','$_POST[sms_tickets]','$_POST[tts_tickets]','$_POST[retention]','$_POST[eventsallowed]','$_POST[max_checks]')");
if($db->affected_rows > 0)
{
display_ok("User added","User successfully added in database");
}
else
{
display_error("Database Error","cannot add user. try again later");
include("templates/user/add.tpl.php");
}
}
//print_r($_POST);
}
}
?>
</div>
</div>
</div>
</article>
</div>
<!-- end row -->
</section>
</div>
<!-- END MAIN CONTENT -->
</div>
<!-- END MAIN PANEL -->
<!--================================================== -->
<?php include("templates/core/scripts.tpl.php"); ?>
<script type="application/javascript">
$(document).ready(function() {
var oTable = $('#usertable').dataTable({
"sPaginationType" : "bootstrap_full",
"iDisplayLength" : 25
});
oTable.fnSort( [ [4,'desc'] ] );
})
// validate edit field
var $editForm = $('#editForm').validate({
// Rules for form validation
rules : {
username : {
required : true
},
email : {
required : true
},
maxcustoms : {
required : true,
digits : true
},
max_nodes : {
digits : true
},
max_checks : {
digits : true
},
sms_tickets : {
digits : true
},
tts_tickets : {
digits : true
},
},
// Messages for form validation
messages : {
username : {
required : 'Please enter a username'
},
email : {
required : 'Please enter a email'
}
},
// Do not change code below
//errorPlacement : function(error, element) {
// error.insertAfter(element.parent());
//}
});
// validate edit field
var $addForm = $('#addForm').validate({
// Rules for form validation
rules : {
username : {
required : true
},
password : {
required : true
},
email : {
required : true
},
maxcustoms : {
required : true,
digits : true
},
max_nodes : {
digits : true
},
max_checks : {
digits : true
},
sms_tickets : {
digits : true
},
tts_tickets : {
digits : true
},
autologinkey : {
required : true
}
},
// Messages for form validation
messages : {
username : {
required : 'Please enter a username'
},
email : {
required : 'Please enter a email'
},
password : {
required : 'Please enter a password'
},
autologinkey : {
required : 'Please set a autologinkey, enter unset as value if you want to disable autologin'
}
},
// Do not change code below
//errorPlacement : function(error, element) {
// error.insertAfter(element.parent());
//}
});
</script>
</body>
</html>