149 lines
6.3 KiB
PHP
149 lines
6.3 KiB
PHP
<?php
|
|
|
|
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'disableUser')
|
|
{
|
|
$db->query('UPDATE ' . TBL_USER . ' SET userActive = "N" , userActiveUser = "' . $_SESSION['sess_userId'] . '" , userActiveTS = NOW( ) WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
|
|
fnc_writeLog('00000011', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
|
|
header('Location:index.php?siteId=' . $_POST['siteId']);
|
|
die();
|
|
}
|
|
|
|
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'enableUser')
|
|
{
|
|
$db->query('UPDATE ' . TBL_USER . ' SET userActive = "Y" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
|
|
fnc_writeLog('00000012', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
|
|
header('Location:index.php?siteId=' . $_POST['siteId']);
|
|
die();
|
|
}
|
|
|
|
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'deleteUser')
|
|
{
|
|
$db->query('UPDATE ' . TBL_USER . ' SET userDelete = "Y" , userDeleteUser = "' . $_SESSION['sess_userId'] . '" , userDeleteTS = NOW( ) WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
|
|
fnc_writeLog('00000014', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
|
|
header('Location:index.php?siteId=' . $_POST['siteId']);
|
|
die();
|
|
}
|
|
|
|
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'resetPW')
|
|
{
|
|
$status = fnc_sendEmailToUser('00000015', $_POST['userId'], $_SESSION['sess_userId']);
|
|
if ($status === 'OK')
|
|
{
|
|
$db->query('UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . $_POST['userPasswordOrgCrypt'] . '" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
|
|
fnc_writeLog('00000015', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
|
|
header('Location:index.php?siteId=' . $_POST['siteId']);
|
|
die();
|
|
}
|
|
else
|
|
{
|
|
$arrError[] = 'mail_001';
|
|
}
|
|
die();
|
|
}
|
|
|
|
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'createUser')
|
|
{
|
|
if (!isset ($_POST['user_portalRightsType']))
|
|
{
|
|
$_POST['user_portalRightsType'] = 'DEF';
|
|
}
|
|
$userPortalRights = ($_POST['user_portalRightsType'] === 'ALL' || !isset ($_POST['user_portalRights']))
|
|
? ''
|
|
: implode(';', $_POST['user_portalRights']);
|
|
|
|
if (!fnc_validateEmailAddress($_POST['userEmail']))
|
|
{
|
|
$arrError[] = 'mail_002';
|
|
}
|
|
if (!fnc_checkUniqueEmailAddress($_POST['userEmail']))
|
|
{
|
|
$arrError[] = 'mail_003';
|
|
}
|
|
|
|
if (isset ($arrError) && !empty ($arrError))
|
|
{
|
|
$_GET['siteId'] = $_POST['siteId'];
|
|
$_GET['todoId'] = $_POST['todoId'];
|
|
}
|
|
else
|
|
{
|
|
$userName = fnc_generateUniqueUsername($_POST['userLastname'], $_POST['userFirstname']);
|
|
$passWord = fnc_generatePW();
|
|
$crypt = md5($passWord);
|
|
$insert = $db->query('INSERT INTO ' . TBL_USER . ' ( userUsername , userEmail , userPhone , userPasswordCrypt , userPasswordOrgCrypt , userPasswordOrg , userFirstname , userLastname , userCreateUser , userActive , userDelete , userPortalRightsType , userPortalRights ) VALUES ( "' . $userName . '" , "' . $_POST['userEmail'] . '" , "' . $_POST['userPhone'] . '" , "' . $crypt . '" , "' . $crypt . '" , "' . $passWord . '" , "' . $_POST['userFirstname'] . '" , "' . $_POST['userLastname'] . '" , "' . $_SESSION['sess_userId'] . '" , "Y" , "N" , "' . $_POST['user_portalRightsType'] . '" , "' . $userPortalRights . '" );');
|
|
$userId = $db->insert_id;
|
|
|
|
foreach ($vC['portal']['website']['prefix'] as $website)
|
|
{
|
|
if (!isset ($_POST['user' . $website . 'RightsType']))
|
|
{
|
|
$_POST['user' . $website . 'RightsType'] = 'DEF';
|
|
}
|
|
$userWebsiteRights = ($_POST['user_' . $website . 'RightsType'] === 'ALL' || !isset ($_POST['user_' . $website . 'Rights']))
|
|
? ''
|
|
: implode(';', $_POST['user' . $website . 'Rights']);
|
|
|
|
$db->query('INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $userId . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST['user_' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '";');
|
|
}
|
|
|
|
fnc_sendEmailToUser('00000010', $userId, $_SESSION['sess_userId']);
|
|
fnc_writeLog('00000010', array(fnc_getUsernameById($userId)), $_SESSION['sess_userId']);
|
|
header('Location:index.php?siteId=' . $_POST['siteId']);
|
|
die ();
|
|
}
|
|
}
|
|
|
|
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'editUser')
|
|
{
|
|
if (!isset ($_POST['user_portalRightsType']))
|
|
{
|
|
$_POST['user_portalRightsType'] = 'DEF';
|
|
}
|
|
$userPortalRights = ($_POST['user_portalRightsType'] === 'ALL' || !isset ($_POST['user_portalRights']))
|
|
? ''
|
|
: implode(';', $_POST['user_portalRights']);
|
|
|
|
if (!fnc_validateEmailAddress($_POST['userEmail']))
|
|
{
|
|
$arrError[] = 'mail_002';
|
|
}
|
|
if (!fnc_checkUniqueEmailAddress($_POST['userEmail'], $_POST['userId']))
|
|
{
|
|
$arrError[] = 'mail_003';
|
|
}
|
|
|
|
if (isset ($arrError) && !empty ($arrError))
|
|
{
|
|
$_GET['siteId'] = $_POST['siteId'];
|
|
$_GET['todoId'] = $_POST['todoId'];
|
|
$_GET['userId'] = $_POST['userId'];
|
|
}
|
|
else
|
|
{
|
|
$db->query('UPDATE ' . TBL_USER . ' SET userLastname = "' . $_POST['userLastname'] . '" , userFirstname = "' . $_POST['userFirstname'] . '" , userEmail = "' . $_POST['userEmail'] . '" , userPhone = "' . $_POST['userPhone'] . '" , userPortalRightsType = "' . $_POST['user_portalRightsType'] . '" , userPortalRights = "' . $userPortalRights . '" WHERE userId = "' . $_POST['userId'] . '" LIMIT 1;');
|
|
|
|
foreach ($vC['portal']['website']['prefix'] as $website)
|
|
{
|
|
if (!isset ($_POST['user_' . $website . 'RightsType']))
|
|
{
|
|
$_POST['user_' . $website . 'RightsType'] = 'DEF';
|
|
}
|
|
$userWebsiteRights = ($_POST['user_' . $website . 'RightsType'] === 'ALL' || !isset ($_POST['user_' . $website . 'Rights']))
|
|
? ''
|
|
: implode(';', $_POST['user_' . $website . 'Rights']);
|
|
$rights = $db->query('SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $_POST['userId'] . '" AND rightsPrefix = "' . $website . '";');
|
|
if ($rights->num_rows === 0)
|
|
{
|
|
$db->query('INSERT INTO ' . TBL_RIGHTS . ' SET userId = "' . $_POST['userId'] . '" , rightsPrefix = "' . $website . '" , rightsType = "' . $_POST['user' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '";');
|
|
}
|
|
else
|
|
{
|
|
$db->query('UPDATE ' . TBL_RIGHTS . ' SET rightsType = "' . $_POST['user_' . $website . 'RightsType'] . '" , rights = "' . $userWebsiteRights . '" WHERE userId = "' . $_POST['userId'] . '" AND rightsPrefix = "' . $website . '";');
|
|
}
|
|
}
|
|
|
|
fnc_writeLog('00000013', array(fnc_getUsernameById($_POST['userId'])), $_SESSION['sess_userId']);
|
|
header('Location:index.php?siteId=' . $_POST['siteId']);
|
|
die ();
|
|
}
|
|
} |