2018-04-23 03:00:55 +00:00
|
|
|
<?php
|
2018-05-16 02:58:21 +00:00
|
|
|
use Misuzu\Database;
|
2018-04-23 03:00:55 +00:00
|
|
|
|
|
|
|
|
require_once __DIR__ . '/../../misuzu.php';
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
$db = Database::connection();
|
2018-04-26 15:01:59 +00:00
|
|
|
$templating = $app->getTemplating();
|
|
|
|
|
|
2018-04-23 03:00:55 +00:00
|
|
|
$is_post_request = $_SERVER['REQUEST_METHOD'] === 'POST';
|
|
|
|
|
$page_id = (int)($_GET['p'] ?? 1);
|
|
|
|
|
|
|
|
|
|
switch ($_GET['v'] ?? null) {
|
|
|
|
|
case 'listing':
|
2018-05-16 02:58:21 +00:00
|
|
|
$manage_users = $db->query('
|
|
|
|
|
SELECT
|
|
|
|
|
u.`user_id`, u.`username`,
|
|
|
|
|
COALESCE(r.`role_colour`, CAST(0x40000000 AS UNSIGNED)) as `colour`
|
|
|
|
|
FROM `msz_users` as u
|
|
|
|
|
LEFT JOIN `msz_roles` as r
|
|
|
|
|
ON u.`display_role` = r.`role_id`
|
|
|
|
|
LIMIT 0, 32
|
|
|
|
|
')->fetchAll();
|
|
|
|
|
|
|
|
|
|
//$manage_users = UserV1::paginate(32, ['*'], 'p', $page_id);
|
2018-04-26 15:01:59 +00:00
|
|
|
$templating->vars(compact('manage_users'));
|
|
|
|
|
echo $templating->render('@manage.users.listing');
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'view':
|
|
|
|
|
$user_id = $_GET['u'] ?? null;
|
|
|
|
|
|
|
|
|
|
if ($user_id === null || ($user_id = (int)$user_id) < 1) {
|
|
|
|
|
echo 'no';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
$getUser = $db->prepare('
|
|
|
|
|
SELECT
|
|
|
|
|
u.*,
|
|
|
|
|
INET6_NTOA(u.`register_ip`) as `register_ip_decoded`,
|
|
|
|
|
INET6_NTOA(u.`last_ip`) as `last_ip_decoded`,
|
|
|
|
|
COALESCE(r.`role_colour`, CAST(0x40000000 AS UNSIGNED)) as `colour`
|
|
|
|
|
FROM `msz_users` as u
|
|
|
|
|
LEFT JOIN `msz_roles` as r
|
|
|
|
|
ON u.`display_role` = r.`role_id`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
');
|
|
|
|
|
$getUser->bindValue('user_id', $user_id);
|
|
|
|
|
$getUser->execute();
|
|
|
|
|
$manageUser = $getUser->execute() ? $getUser->fetch() : [];
|
|
|
|
|
|
|
|
|
|
if (!$manageUser) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'Could not find that user.';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
$templating->var('view_user', $manageUser);
|
2018-04-26 15:01:59 +00:00
|
|
|
echo $templating->render('@manage.users.view');
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'roles':
|
2018-05-16 02:58:21 +00:00
|
|
|
$manage_roles = $db->query('
|
|
|
|
|
SELECT
|
|
|
|
|
`role_id`, `role_colour`, `role_name`,
|
|
|
|
|
(
|
|
|
|
|
SELECT COUNT(`user_id`)
|
|
|
|
|
FROM `msz_user_roles` as ur
|
|
|
|
|
WHERE ur.`role_id` = r.`role_id`
|
|
|
|
|
) as `users`
|
|
|
|
|
FROM `msz_roles` as r
|
|
|
|
|
LIMIT 0, 10
|
|
|
|
|
')->fetchAll();
|
|
|
|
|
|
|
|
|
|
//$manage_roles = Role::paginate(10, ['*'], 'p', $page_id);
|
2018-04-26 15:01:59 +00:00
|
|
|
$templating->vars(compact('manage_roles'));
|
|
|
|
|
echo $templating->render('@manage.users.roles');
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'role':
|
|
|
|
|
$role_id = $_GET['r'] ?? null;
|
|
|
|
|
|
|
|
|
|
if ($is_post_request) {
|
|
|
|
|
if (!tmp_csrf_verify($_POST['csrf'] ?? '')) {
|
|
|
|
|
echo 'csrf err';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!isset($_POST['role'])) {
|
|
|
|
|
echo 'no';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$role_name = $_POST['role']['name'] ?? '';
|
|
|
|
|
$role_name_length = strlen($role_name);
|
|
|
|
|
|
|
|
|
|
if ($role_name_length < 1 || $role_name_length > 255) {
|
|
|
|
|
echo 'invalid name length';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$role_secret = !empty($_POST['role']['secret']);
|
|
|
|
|
|
|
|
|
|
$role_hierarchy = (int)($_POST['role']['hierarchy'] ?? -1);
|
|
|
|
|
|
|
|
|
|
if ($role_hierarchy < 1 || $role_hierarchy > 100) {
|
|
|
|
|
echo 'Invalid hierarchy value.';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-30 21:39:43 +00:00
|
|
|
$role_colour = colour_create();
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-04-30 21:39:43 +00:00
|
|
|
if (!empty($_POST['role']['colour']['inherit'])) {
|
|
|
|
|
colour_set_inherit($role_colour);
|
|
|
|
|
} else {
|
2018-04-23 03:00:55 +00:00
|
|
|
foreach (['red', 'green', 'blue'] as $key) {
|
|
|
|
|
$value = (int)($_POST['role']['colour'][$key] ?? -1);
|
2018-04-30 21:39:43 +00:00
|
|
|
$func = 'colour_set_' . ucfirst($key);
|
2018-04-23 03:00:55 +00:00
|
|
|
|
|
|
|
|
if ($value < 0 || $value > 0xFF) {
|
|
|
|
|
echo 'invalid colour value';
|
|
|
|
|
break 2;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-30 21:39:43 +00:00
|
|
|
$func($role_colour, $value);
|
2018-04-23 03:00:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$role_description = $_POST['role']['description'] ?? '';
|
|
|
|
|
|
|
|
|
|
if (strlen($role_description) > 1000) {
|
|
|
|
|
echo 'description is too long';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
if ($role_id < 1) {
|
|
|
|
|
$updateRole = $db->prepare('
|
|
|
|
|
INSERT INTO `msz_roles`
|
|
|
|
|
(`role_name`, `role_hierarchy`, `role_secret`, `role_colour`, `role_description`, `created_at`)
|
|
|
|
|
VALUES
|
|
|
|
|
(:role_name, :role_hierarchy, :role_secret, :role_colour, :role_description, NOW())
|
|
|
|
|
');
|
|
|
|
|
} else {
|
|
|
|
|
$updateRole = $db->prepare('
|
|
|
|
|
UPDATE `msz_roles` SET
|
|
|
|
|
`role_name` = :role_name,
|
|
|
|
|
`role_hierarchy` = :role_hierarchy,
|
|
|
|
|
`role_secret` = :role_secret,
|
|
|
|
|
`role_colour` = :role_colour,
|
|
|
|
|
`role_description` = :role_description
|
|
|
|
|
WHERE `role_id` = :role_id
|
|
|
|
|
');
|
|
|
|
|
$updateRole->bindValue('role_id', $role_id);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$updateRole->bindValue('role_name', $role_name);
|
|
|
|
|
$updateRole->bindValue('role_hierarchy', $role_hierarchy);
|
|
|
|
|
$updateRole->bindValue('role_secret', $role_secret ? 1 : 0);
|
|
|
|
|
$updateRole->bindValue('role_colour', $role_colour);
|
|
|
|
|
$updateRole->bindValue('role_description', $role_description);
|
|
|
|
|
$updateRole->execute();
|
|
|
|
|
|
|
|
|
|
if ($role_id < 1) {
|
|
|
|
|
$role_id = (int)$db->lastInsertId();
|
|
|
|
|
}
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
header("Location: ?v=role&r={$role_id}");
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ($role_id !== null) {
|
|
|
|
|
if ($role_id < 1) {
|
|
|
|
|
echo 'no';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
$getEditRole = $db->prepare('
|
|
|
|
|
SELECT *
|
|
|
|
|
FROM `msz_roles`
|
|
|
|
|
WHERE `role_id` = :role_id
|
|
|
|
|
');
|
|
|
|
|
$getEditRole->bindValue('role_id', $role_id);
|
|
|
|
|
$edit_role = $getEditRole->execute() ? $getEditRole->fetch() : [];
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
if (!$edit_role) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'invalid role';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-26 15:01:59 +00:00
|
|
|
$templating->vars(compact('edit_role'));
|
2018-04-23 03:00:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-04-26 15:01:59 +00:00
|
|
|
echo $templating->render('@manage.users.roles_create');
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
}
|
