summaryrefslogblamecommitdiffstats
path: root/modules-available/adduser/page.inc.php
blob: c8acb554314b6f89771d621492a1bd7a642f3ebc (plain) (tree) 
16088083 ^


fe6ac164 ^


16088083 ^

fe6ac164 ^




f73a4175 ^








































18269245 ^






f73a4175 ^








8fd7ce43 ^


f73a4175 ^





00851bd2 ^

f73a4175 ^








































fe6ac164 ^

f73a4175 ^


fe6ac164 ^

1a4c38fd ^

f73a4175 ^






fe6ac164 ^

00851bd2 ^

fe6ac164 ^

633e4312 ^

f73a4175 ^












4bc146d5 ^

f73a4175 ^










4bc146d5 ^

16088083 ^

16088083 ^

00851bd2 ^













fe6ac164 ^


f73a4175 ^








00851bd2 ^

f73a4175 ^

1a4c38fd ^

00851bd2 ^

74dc127c ^

00851bd2 ^


f73a4175 ^












1a4c38fd ^

f73a4175 ^

00851bd2 ^

f73a4175 ^

1a4c38fd ^

74dc127c ^

00851bd2 ^

f73a4175 ^


018339a0 ^

f73a4175 ^





27e7c658 ^



f73a4175 ^



27e7c658 ^

f73a4175 ^

fe6ac164 ^

16088083 ^

16088083 ^

74dc127c ^

00851bd2 ^









fe6ac164 ^

1
2

3
4

5

6
7
8
9

10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49

50
51
52
53
54
55

56
57
58
59
60
61
62
63

64
65

66
67
68
69
70

71

72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111

112

113
114

115

116

117
118
119
120
121
122

123

124

125

126

127
128
129
130
131
132
133
134
135
136
137
138

139

140
141
142
143
144
145
146
147
148
149

150

151

152

153
154
155
156
157
158
159
160
161
162
163
164
165

166
167

168
169
170
171
172
173
174
175

176

177

178

179

180

181
182

183
184
185
186
187
188
189
190
191
192
193
194

195

196

197

198

199

200

201

202
203

204

205
206
207
208
209

210
211
212

213
214
215

216

217

218

219

220

221

222
223
224
225
226
227
228
229
230

231


     

                               
 



                                         







































                                                                                                





                                                                                                                                        







                                                                                                                                             

                                                                                                                                  




                                                                                            
                                              







































                                                                                                                                                                          
                                

                                                                           
                                 
                                                                                  





                                                                                                                       
                                 
                                                          
                         
                 











                                                                              
                                                                  









                                                                                              
                                                                             
         
 












                                                                                

                                     







                                                                                                             
                                                                                                                            
                                                            
                                                           
                                        
                                                   

                                                 











                                                                                                  
                                                                                                            
                                                                                            
                                                                                                                                    
                                                                            
                                                                   
                                                          
                                                         

                                             
                                                                 




                                                                                                                          


                                                                     


                                                                                                                  
                                                              
                                                              
                 
         
 
                                                   








                                                                                
 
<?php

class Page_AddUser extends Page
{

	protected function doPreprocess()
	{
		User::load();

		$action = Request::post(('action'), false, 'string');

		if ($action === 'adduser') {
			$this->addUser();
		} elseif ($action === 'edituser') {
			$this->editUser();
		} elseif ($action === 'deleteuser') {
			$this->deleteUser();
		}
		if (Request::isPost()) {
			Util::redirect('?do=adduser');
		}
	}

	private function addUser()
	{
		// Check required fields
		$login = Request::post('login', '', 'string');
		$pass1 = Request::post('pass1', '', 'string');
		$pass2 = Request::post('pass2', '', 'string');
		$fullname = Request::post('fullname', '', 'string');
		$phone = Request::post('phone', '', 'string');
		$email = Request::post('email', '', 'string');
		if (empty($login) || empty($pass1) || empty($pass2) || empty($fullname)) {
			Message::addError('main.empty-field');
			return;
		} elseif ($pass1 !== $pass2) {
			Message::addError('password-mismatch');
			return;
		} else {
			if (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false) {
				User::assertPermission('user.add');
			}
			$data = array(
				'login' => $login,
				'pass' => Crypto::hash6($pass1),
				'fullname' => $fullname,
				'phone' => $phone,
				'email' => $email,
			);
			$ret = Database::exec('INSERT INTO user
				SET login = :login, passwd = :pass, fullname = :fullname, phone = :phone, email = :email', $data, true);
			if ($ret === false) {
				Message::addError('user-already-exists', $login);
				return;
			}
			$id = Database::lastInsertId();
			// Make it superadmin if first user. This method sucks as it's a race condition but hey...
			$ret = Database::queryFirst('SELECT Count(*) AS num FROM user');
			if ($ret !== false && $ret['num'] == 1) {
				$ret = Database::exec('UPDATE user SET permissions = 1, userid = 1 WHERE userid = :id', ['id' => $id], true);
				if ($ret !== false) {
					EventLog::clear();
				}
				// same for permissionmanager
				Database::exec("INSERT INTO `role_x_user` (userid, roleid) VALUES (:id, 1)", ['id' => $id], true);
				EventLog::info('Created first user ' . $login);
			} else {
				EventLog::info(User::getName() . ' created user ' . $login);
			}
			Message::addInfo('adduser-success');
			$this->saveRoles($id);
			return;
		}
	}

	private function editUser()
	{
		User::assertPermission('user.edit');
		$userid = Request::post('userid', false, 'int');
		if ($userid === false) {
			Message::addError('main.parameter-missing', 'userid');
			return;
		}
		$user = Database::queryFirst('SELECT userid, login, fullname, phone, email
					FROM user WHERE userid = :userid', compact('userid'));
		if ($user === false) {
			Message::addError('user-not-found', $userid);
			return;
		}
		// Check required fields
		$login = Request::post('login', '', 'string');
		$pass1 = Request::post('pass1', '', 'string');
		$pass2 = Request::post('pass2', '', 'string');
		$fullname = Request::post('fullname', '', 'string');
		$phone = Request::post('phone', '', 'string');
		$email = Request::post('email', '', 'string');
		if (empty($login) || empty($fullname)) {
			Message::addError('main.empty-field');
		} elseif (!(empty($pass1) && empty($pass2)) && $pass1 !== $pass2) {
			Message::addError('password-mismatch');
		} else {
			$data = array(
				'login' => $login,
				'fullname' => $fullname,
				'phone' => $phone,
				'email' => $email,
				'userid' => $userid,
			);
			$ret = Database::exec('UPDATE user SET login = :login, fullname = :fullname, phone = :phone, email = :email WHERE userid = :userid', $data, true);
			if ($ret === false) {
				Message::addError('db-error', Database::lastError());
			} else {
				if ($ret > 0) {
					Message::addSuccess('user-edited');
				}
				if (!empty($pass1) && $userid !== User::getId()) {
					$data = [
						'pass' => Crypto::hash6($pass1),
						'userid' => $userid,
					];
					Database::exec('UPDATE user SET passwd = :pass WHERE userid = :userid', $data);
					Message::addSuccess('password-changed');
				}
				$this->saveRoles($userid);
			}
		}
		Util::redirect('?do=adduser&show=edituser&userid=' . $userid);
	}

	private function deleteUser()
	{
		User::assertPermission('user.remove');
		$userid = Request::post('userid', false, 'int');
		if ($userid === false) {
			Message::addError('main.parameter-missing', 'userid');
			return;
		}
		//\\
		$user = Database::queryFirst('SELECT userid, login
					FROM user WHERE userid = :userid', compact('userid'));
		if ($user === false) {
			Message::addError('user-not-found', $userid);
			return;
		}
		if ($user['userid'] == 1 || $user['userid'] == User::getId()) {
			Message::addError('cannot-delete-1-self');
			return;
		}
		Database::exec('DELETE FROM user WHERE userid = :userid', compact('userid'));
		Message::addSuccess('user-deleted', $user['login'], $userid);
	}

	private function saveRoles($userid)
	{
		if (!Module::isAvailable('permissionmanager'))
			return;
		if (!User::hasPermission('.permissionmanager.users.edit-roles'))
			return;
		$roles = Request::post('roles', [], 'array');
		$ret = PermissionDbUpdate::setRolesForUser([$userid], $roles);
		if ($ret > 0) {
			Message::addSuccess('roles-updated');
		}
	}

	protected function doRender()
	{
		Render::addTemplate('header');
		$hasUsers = (Database::queryFirst('SELECT userid FROM user LIMIT 1') !== false);
		$show = Request::get('show', ($hasUsers ? 'list' : 'adduser'), 'string');
		if ($show === 'adduser') {
			// Can add user if: - no user exists yet; - user has explicit permission to add users
			if ($hasUsers) {
				User::assertPermission('user.add');
			}
			Render::openTag('form', ['class' => 'form-adduser', 'action' => '?do=adduser', 'method' => 'post']);
			Render::addTemplate('page-adduser');
			Render::addTemplate('js-add-edit');
			if ($hasUsers) {
				$this->showRoles();
			}
			Render::closeTag('form');
		} elseif ($show === 'edituser') {
			User::assertPermission('user.edit');
			$userid = Request::get('userid', false, 'int');
			if ($userid === false) {
				Message::addError('main.parameter-missing', 'userid');
				Util::redirect('?do=adduser&show=list');
			}
			$user = Database::queryFirst('SELECT userid, login, fullname, phone, email
					FROM user WHERE userid = :userid', compact('userid'));
			if ($user === false) {
				Message::addError('user-not-found', $userid);
			} else {
				$user['password_disabled'] = User::getId() === $userid ? 'disabled' : false;
				// TODO: LDAP -> disallow pw change, maybe other fields too?
				Render::openTag('form', ['class' => 'form-adduser', 'action' => '?do=adduser', 'method' => 'post']);
				Render::addTemplate('page-edituser', $user);
				Render::addTemplate('js-add-edit');
				$this->showRoles($userid);
				Render::closeTag('form');
			}
		} elseif ($show === 'list') {
			User::assertPermission('user.view-list');
			$page = new Paginate('SELECT userid, login, fullname, phone, email FROM user ORDER BY login', 50);
			$data = ['list' => $page->exec()->fetchAll(PDO::FETCH_ASSOC)];
			foreach ($data['list'] as &$u) {
				// Don't allow deleting user 1 and self
				$u['hide_delete'] = $u['userid'] == 1 || $u['userid'] == User::getId();
				if ($u['userid'] == 1) {
					$u['userClass'] = 'slx-bold';
				}
			}
			unset($u);
			Permission::addGlobalTags($data['perms'], null, ['user.add', 'user.edit', 'user.remove']);
			Module::isAvailable('js_stupidtable');
			$page->render('page-userlist', $data);
		}
	}

	private function showRoles($userid = false)
	{
		if (!Module::isAvailable('permissionmanager'))
			return;
		if (!User::hasPermission('.permissionmanager.users.edit-roles'))
			return;
		$data = ['roles' => PermissionUtil::getRoles($userid, false)];
		Render::addTemplate('user-permissions', $data);
	}

}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-04-20 05:52:24 +0200