svj/website
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
5ca973cb002513685fa3ad7e484b6d9ac9ea049f
website/.actions/usermanagement_actions.php

151 lines
7.2 KiB
PHP
Raw Blame History

<?php
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'disableUser' )
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "N" , userActiveUser = "' . $_SESSION[ 'sess_userId' ] . '" , userActiveTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000011' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die( );
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'enableUser' )
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userActive = "Y" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000012' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die( );
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'deleteUser' )
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userDelete = "Y" , userDeleteUser = "' . $_SESSION[ 'sess_userId' ] . '" , userDeleteTS = NOW( ) WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000014' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die( );
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'resetPW' )
{
$status = fnc_sendEmailToUser ( '00000015' , $_POST[ 'userId' ] , $_SESSION[ 'sess_userId' ] );
if ( $status === 'OK' )
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . $_POST[ 'userPasswordOrgCrypt' ] . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
fnc_writeLog ( '00000015' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die( );
}
else
{
$arrError[ ] = 'mail_001';
}
die( );
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'createUser' )
{
if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
{
$_POST[ 'user_portalRightsType' ] = 'DEF';
}
$userPortalRights = ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
? ''
: implode ( ';' , $_POST[ 'user_portalRights' ] );
if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
{
$arrError[ ] = 'mail_002';
}
if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] ) )
{
$arrError[ ] = 'mail_003';
}
if ( isset ( $arrError ) && ! empty ( $arrError ) )
{
$_GET[ 'siteId' ] = $_POST[ 'siteId' ];
$_GET[ 'todoId' ] = $_POST[ 'todoId' ];
}
else
{
$userName = fnc_generateUniqueUsername ( $_POST[ 'userLastname' ] , $_POST[ 'userFirstname' ] );
$passWord = fnc_generatePW ( );
$crypt = md5 ( $passWord );
$insert = $db -> query ( 'INSERT INTO ' . TBL_USER . ' ( userUsername , userEmail , userPhone , userPasswordCrypt , userPasswordOrgCrypt , userPasswordOrg , userFirstname , userLastname , userCreateUser , userActive , userDelete , userPortalRightsType , userPortalRights ) VALUES ( "' . $userName . '" , "' . $_POST[ 'userEmail' ] . '" , "' . $_POST[ 'userPhone' ] . '" , "' . $crypt . '" , "' . $crypt . '" , "' . $passWord . '" , "' . $_POST[ 'userFirstname' ] . '" , "' . $_POST[ 'userLastname' ] . '" , "' . $_SESSION[ 'sess_userId' ] . '" , "Y" , "N" , "' . $_POST[ 'user_portalRightsType' ] . '" , "' . $userPortalRights . '" );' );
$userId = $db -> insert_id;
foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
{
if ( ! isset ( $_POST[ 'user' . $website . 'RightsType' ] ) )
{
$_POST[ 'user' . $website . 'RightsType' ] = 'DEF';
}
$userWebsiteRights = ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
? ''
: implode ( ';' , $_POST[ 'user' . $website . 'Rights' ] );
$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $userId . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
}
fnc_sendEmailToUser ( '00000010' , $userId , $_SESSION[ 'sess_userId' ] );
fnc_writeLog ( '00000010' , array ( fnc_getUsernameById ( $userId ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die ( );
}
}
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'editUser' )
{
if ( ! isset ( $_POST[ 'user_portalRightsType' ] ) )
{
$_POST[ 'user_portalRightsType' ] = 'DEF';
}
$userPortalRights = ( $_POST[ 'user_portalRightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_portalRights' ] ) )
? ''
: implode ( ';' , $_POST[ 'user_portalRights' ] );
if ( ! fnc_validateEmailAddress ( $_POST[ 'userEmail' ] ) )
{
$arrError[ ] = 'mail_002';
}
if ( ! fnc_checkUniqueEmailAddress ( $_POST[ 'userEmail' ] , $_POST[ 'userId' ] ) )
{
$arrError[ ] = 'mail_003';
}
if ( isset ( $arrError ) && ! empty ( $arrError ) )
{
$_GET[ 'siteId' ] = $_POST[ 'siteId' ];
$_GET[ 'todoId' ] = $_POST[ 'todoId' ];
$_GET[ 'userId' ] = $_POST[ 'userId' ];
}
else
{
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userLastname = "' . $_POST[ 'userLastname' ] . '" , userFirstname = "' . $_POST[ 'userFirstname' ] . '" , userEmail = "' . $_POST[ 'userEmail' ] . '" , userPhone = "' . $_POST[ 'userPhone' ] . '" , userPortalRightsType = "' . $_POST[ 'user_portalRightsType' ] . '" , userPortalRights = "' . $userPortalRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" LIMIT 1;' );
foreach ( $vC[ 'portal' ][ 'website' ][ 'prefix' ] as $website )
{
if ( ! isset ( $_POST[ 'user_' . $website . 'RightsType' ] ) )
{
$_POST[ 'user_' . $website . 'RightsType' ] = 'DEF';
}
$userWebsiteRights = ( $_POST[ 'user_' . $website . 'RightsType' ] === 'ALL' || ! isset ( $_POST[ 'user_' . $website . 'Rights' ] ) )
? ''
: implode ( ';' , $_POST[ 'user_' . $website . 'Rights' ] );
$rights = $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
if ( $rights -> num_rows === 0 )
{
$db -> query ( 'INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $_POST[ 'userId' ] . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST[ 'user' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '";' );
}
else
{
$db -> query ( 'UPDATE ' . TBL_RIGHTS . ' SET rightsType = "' . $_POST[ 'user_' . $website . 'RightsType' ] . '" , rights = "' . $userWebsiteRights . '" WHERE userId = "' . $_POST[ 'userId' ] . '" AND rightsPrefix = "' . $website . '";' );
}
}
fnc_writeLog ( '00000013' , array ( fnc_getUsernameById ( $_POST[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
header( 'Location:index.php?siteId=' . $_POST[ 'siteId' ] );
die ( );
}
}
?>
Reference in New Issue View Git Blame Copy Permalink