query('UPDATE ' . TBL_USER . ' SET userActive = "N" , userActiveUser = "' . $_SESSION['sess_userId'] . '" , userActiveTS = NOW( ) WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;'); fnc_writeLog('00000011', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']); header('Location:index.php?siteId=' . $_POST['siteId']); die(); } if (isset ($_POST['formAction']) && $_POST['formAction'] === 'enableUser') { $db->query('UPDATE ' . TBL_USER . ' SET userActive = "Y" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;'); fnc_writeLog('00000012', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']); header('Location:index.php?siteId=' . $_POST['siteId']); die(); } if (isset ($_POST['formAction']) && $_POST['formAction'] === 'deleteUser') { $db->query('UPDATE ' . TBL_USER . ' SET userDelete = "Y" , userDeleteUser = "' . $_SESSION['sess_userId'] . '" , userDeleteTS = NOW( ) WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;'); fnc_writeLog('00000014', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']); header('Location:index.php?siteId=' . $_POST['siteId']); die(); } if (isset ($_POST['formAction']) && $_POST['formAction'] === 'resetPW') { $status = fnc_sendEmailToUser('00000015', $_POST['userId'], $_SESSION['sess_userId']); if ($status === 'OK') { $db->query('UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . $_POST['userPasswordOrgCrypt'] . '" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;'); fnc_writeLog('00000015', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']); header('Location:index.php?siteId=' . $_POST['siteId']); die(); } else { $arrError[] = 'mail_001'; } die(); } if (isset ($_POST['formAction']) && $_POST['formAction'] === 'createUser') { if (!isset ($_POST['user_portalRightsType'])) { $_POST['user_portalRightsType'] = 'DEF'; } $userPortalRights = ($_POST['user_portalRightsType'] === 'ALL' || !isset ($_POST['user_portalRights'])) ? '' : implode(';', $_POST['user_portalRights']); if (!fnc_validateEmailAddress($_POST['userEmail'])) { $arrError[] = 'mail_002'; } if (!fnc_checkUniqueEmailAddress($_POST['userEmail'])) { $arrError[] = 'mail_003'; } if (isset ($arrError) && !empty ($arrError)) { $_GET['siteId'] = $_POST['siteId']; $_GET['todoId'] = $_POST['todoId']; } else { $userName = fnc_generateUniqueUsername($_POST['userLastname'], $_POST['userFirstname']); $passWord = fnc_generatePW(); $crypt = md5($passWord); $insert = $db->query('INSERT INTO ' . TBL_USER . ' ( userUsername , userEmail , userPhone , userPasswordCrypt , userPasswordOrgCrypt , userPasswordOrg , userFirstname , userLastname , userCreateUser , userActive , userDelete , userPortalRightsType , userPortalRights ) VALUES ( "' . $userName . '" , "' . $_POST['userEmail'] . '" , "' . $_POST['userPhone'] . '" , "' . $crypt . '" , "' . $crypt . '" , "' . $passWord . '" , "' . $_POST['userFirstname'] . '" , "' . $_POST['userLastname'] . '" , "' . $_SESSION['sess_userId'] . '" , "Y" , "N" , "' . $_POST['user_portalRightsType'] . '" , "' . $userPortalRights . '" );'); $userId = $db->insert_id; foreach ($vC['portal']['website']['prefix'] as $website) { if (!isset ($_POST['user' . $website . 'RightsType'])) { $_POST['user' . $website . 'RightsType'] = 'DEF'; } $userWebsiteRights = ($_POST['user_' . $website . 'RightsType'] === 'ALL' || !isset ($_POST['user_' . $website . 'Rights'])) ? '' : implode(';', $_POST['user' . $website . 'Rights']); $db->query('INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $userId . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST['user_' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '";'); } fnc_sendEmailToUser('00000010', $userId, $_SESSION['sess_userId']); fnc_writeLog('00000010', array(fnc_getUsernameById($userId)), $_SESSION['sess_userId']); header('Location:index.php?siteId=' . $_POST['siteId']); die (); } } if (isset ($_POST['formAction']) && $_POST['formAction'] === 'editUser') { if (!isset ($_POST['user_portalRightsType'])) { $_POST['user_portalRightsType'] = 'DEF'; } $userPortalRights = ($_POST['user_portalRightsType'] === 'ALL' || !isset ($_POST['user_portalRights'])) ? '' : implode(';', $_POST['user_portalRights']); if (!fnc_validateEmailAddress($_POST['userEmail'])) { $arrError[] = 'mail_002'; } if (!fnc_checkUniqueEmailAddress($_POST['userEmail'], $_POST['userId'])) { $arrError[] = 'mail_003'; } if (isset ($arrError) && !empty ($arrError)) { $_GET['siteId'] = $_POST['siteId']; $_GET['todoId'] = $_POST['todoId']; $_GET['userId'] = $_POST['userId']; } else { $db->query('UPDATE ' . TBL_USER . ' SET userLastname = "' . $_POST['userLastname'] . '" , userFirstname = "' . $_POST['userFirstname'] . '" , userEmail = "' . $_POST['userEmail'] . '" , userPhone = "' . $_POST['userPhone'] . '" , userPortalRightsType = "' . $_POST['user_portalRightsType'] . '" , userPortalRights = "' . $userPortalRights . '" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;'); foreach ($vC['portal']['website']['prefix'] as $website) { if (!isset ($_POST['user_' . $website . 'RightsType'])) { $_POST['user_' . $website . 'RightsType'] = 'DEF'; } $userWebsiteRights = ($_POST['user_' . $website . 'RightsType'] === 'ALL' || !isset ($_POST['user_' . $website . 'Rights'])) ? '' : implode(';', $_POST['user_' . $website . 'Rights']); $rights = $db->query('SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $_POST['userId'] . '" AND rightsPrefix = "' . $website . '";'); if ($rights->num_rows === 0) { $db->query('INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $_POST['userId'] . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST['user' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '";'); } else { $db->query('UPDATE ' . TBL_RIGHTS . ' SET rightsType = "' . $_POST['user_' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '" WHERE userId = "' . $_POST['userId'] . '" AND rightsPrefix = "' . $website . '";'); } } fnc_writeLog('00000013', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']); header('Location:index.php?siteId=' . $_POST['siteId']); die (); } }