2018-04-23 03:00:55 +00:00
|
|
|
<?php
|
2018-05-16 02:58:21 +00:00
|
|
|
use Misuzu\Database;
|
2018-04-23 03:00:55 +00:00
|
|
|
|
|
|
|
|
require_once __DIR__ . '/../../misuzu.php';
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
$db = Database::connection();
|
2018-04-26 15:01:59 +00:00
|
|
|
$templating = $app->getTemplating();
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$isPostRequest = $_SERVER['REQUEST_METHOD'] === 'POST';
|
2018-05-16 21:06:14 +00:00
|
|
|
$queryQffset = (int)($_GET['o'] ?? 0);
|
2018-04-23 03:00:55 +00:00
|
|
|
|
|
|
|
|
switch ($_GET['v'] ?? null) {
|
|
|
|
|
case 'listing':
|
2018-05-16 21:06:14 +00:00
|
|
|
$usersTake = 32;
|
|
|
|
|
|
|
|
|
|
$manageUsersCount = $db->query('
|
|
|
|
|
SELECT COUNT(`user_id`)
|
|
|
|
|
FROM `msz_users`
|
|
|
|
|
')->fetchColumn();
|
|
|
|
|
|
|
|
|
|
$getManageUsers = $db->prepare('
|
2018-05-16 02:58:21 +00:00
|
|
|
SELECT
|
|
|
|
|
u.`user_id`, u.`username`,
|
|
|
|
|
COALESCE(r.`role_colour`, CAST(0x40000000 AS UNSIGNED)) as `colour`
|
|
|
|
|
FROM `msz_users` as u
|
|
|
|
|
LEFT JOIN `msz_roles` as r
|
|
|
|
|
ON u.`display_role` = r.`role_id`
|
2018-05-16 21:06:14 +00:00
|
|
|
LIMIT :offset, :take
|
|
|
|
|
');
|
|
|
|
|
$getManageUsers->bindValue('offset', $queryQffset);
|
|
|
|
|
$getManageUsers->bindValue('take', $usersTake);
|
|
|
|
|
$manageUsers = $getManageUsers->execute() ? $getManageUsers->fetchAll() : [];
|
2018-05-16 02:58:21 +00:00
|
|
|
|
2018-05-16 21:06:14 +00:00
|
|
|
$templating->vars([
|
|
|
|
|
'manage_users' => $manageUsers,
|
|
|
|
|
'manage_users_count' => $manageUsersCount,
|
|
|
|
|
'manage_users_range' => $usersTake,
|
|
|
|
|
'manage_users_offset' => $queryQffset,
|
|
|
|
|
]);
|
2018-04-26 15:01:59 +00:00
|
|
|
echo $templating->render('@manage.users.listing');
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'view':
|
2018-05-27 00:20:35 +00:00
|
|
|
$userId = $_GET['u'] ?? null;
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if ($userId === null || ($userId = (int)$userId) < 1) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'no';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
$getUser = $db->prepare('
|
|
|
|
|
SELECT
|
|
|
|
|
u.*,
|
|
|
|
|
INET6_NTOA(u.`register_ip`) as `register_ip_decoded`,
|
|
|
|
|
INET6_NTOA(u.`last_ip`) as `last_ip_decoded`,
|
|
|
|
|
COALESCE(r.`role_colour`, CAST(0x40000000 AS UNSIGNED)) as `colour`
|
|
|
|
|
FROM `msz_users` as u
|
|
|
|
|
LEFT JOIN `msz_roles` as r
|
|
|
|
|
ON u.`display_role` = r.`role_id`
|
|
|
|
|
WHERE `user_id` = :user_id
|
|
|
|
|
');
|
2018-05-27 00:20:35 +00:00
|
|
|
$getUser->bindValue('user_id', $userId);
|
2018-05-16 02:58:21 +00:00
|
|
|
$getUser->execute();
|
|
|
|
|
$manageUser = $getUser->execute() ? $getUser->fetch() : [];
|
|
|
|
|
|
|
|
|
|
if (!$manageUser) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'Could not find that user.';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
$templating->var('view_user', $manageUser);
|
2018-04-26 15:01:59 +00:00
|
|
|
echo $templating->render('@manage.users.view');
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'roles':
|
2018-05-16 21:06:14 +00:00
|
|
|
$rolesTake = 10;
|
|
|
|
|
|
|
|
|
|
$manageRolesCount = $db->query('
|
|
|
|
|
SELECT COUNT(`role_id`)
|
|
|
|
|
FROM `msz_roles`
|
|
|
|
|
')->fetchColumn();
|
|
|
|
|
|
|
|
|
|
$getManageRoles = $db->prepare('
|
2018-05-16 02:58:21 +00:00
|
|
|
SELECT
|
|
|
|
|
`role_id`, `role_colour`, `role_name`,
|
|
|
|
|
(
|
|
|
|
|
SELECT COUNT(`user_id`)
|
|
|
|
|
FROM `msz_user_roles` as ur
|
|
|
|
|
WHERE ur.`role_id` = r.`role_id`
|
|
|
|
|
) as `users`
|
|
|
|
|
FROM `msz_roles` as r
|
2018-05-16 21:06:14 +00:00
|
|
|
LIMIT :offset, :take
|
|
|
|
|
');
|
|
|
|
|
$getManageRoles->bindValue('offset', $queryQffset);
|
|
|
|
|
$getManageRoles->bindValue('take', $rolesTake);
|
|
|
|
|
$manageRoles = $getManageRoles->execute() ? $getManageRoles->fetchAll() : [];
|
2018-05-16 02:58:21 +00:00
|
|
|
|
2018-05-16 21:06:14 +00:00
|
|
|
$templating->vars([
|
|
|
|
|
'manage_roles' => $manageRoles,
|
|
|
|
|
'manage_roles_count' => $manageRolesCount,
|
|
|
|
|
'manage_roles_range' => $rolesTake,
|
|
|
|
|
'manage_roles_offset' => $queryQffset,
|
|
|
|
|
]);
|
2018-04-26 15:01:59 +00:00
|
|
|
echo $templating->render('@manage.users.roles');
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'role':
|
2018-05-27 00:20:35 +00:00
|
|
|
$roleId = $_GET['r'] ?? null;
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if ($isPostRequest) {
|
2018-04-23 03:00:55 +00:00
|
|
|
if (!tmp_csrf_verify($_POST['csrf'] ?? '')) {
|
|
|
|
|
echo 'csrf err';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!isset($_POST['role'])) {
|
|
|
|
|
echo 'no';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$roleName = $_POST['role']['name'] ?? '';
|
|
|
|
|
$roleNameLength = strlen($roleName);
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if ($roleNameLength < 1 || $roleNameLength > 255) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'invalid name length';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$roleSecret = !empty($_POST['role']['secret']);
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$roleHierarchy = (int)($_POST['role']['hierarchy'] ?? -1);
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if ($roleHierarchy < 1 || $roleHierarchy > 100) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'Invalid hierarchy value.';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$roleColour = colour_create();
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-04-30 21:39:43 +00:00
|
|
|
if (!empty($_POST['role']['colour']['inherit'])) {
|
2018-05-27 00:20:35 +00:00
|
|
|
colour_set_inherit($roleColour);
|
2018-04-30 21:39:43 +00:00
|
|
|
} else {
|
2018-04-23 03:00:55 +00:00
|
|
|
foreach (['red', 'green', 'blue'] as $key) {
|
|
|
|
|
$value = (int)($_POST['role']['colour'][$key] ?? -1);
|
2018-04-30 21:39:43 +00:00
|
|
|
$func = 'colour_set_' . ucfirst($key);
|
2018-04-23 03:00:55 +00:00
|
|
|
|
|
|
|
|
if ($value < 0 || $value > 0xFF) {
|
|
|
|
|
echo 'invalid colour value';
|
|
|
|
|
break 2;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$func($roleColour, $value);
|
2018-04-23 03:00:55 +00:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$roleDescription = $_POST['role']['description'] ?? '';
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if (strlen($roleDescription) > 1000) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'description is too long';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if ($roleId < 1) {
|
2018-05-16 02:58:21 +00:00
|
|
|
$updateRole = $db->prepare('
|
|
|
|
|
INSERT INTO `msz_roles`
|
|
|
|
|
(`role_name`, `role_hierarchy`, `role_secret`, `role_colour`, `role_description`, `created_at`)
|
|
|
|
|
VALUES
|
|
|
|
|
(:role_name, :role_hierarchy, :role_secret, :role_colour, :role_description, NOW())
|
|
|
|
|
');
|
|
|
|
|
} else {
|
|
|
|
|
$updateRole = $db->prepare('
|
|
|
|
|
UPDATE `msz_roles` SET
|
|
|
|
|
`role_name` = :role_name,
|
|
|
|
|
`role_hierarchy` = :role_hierarchy,
|
|
|
|
|
`role_secret` = :role_secret,
|
|
|
|
|
`role_colour` = :role_colour,
|
|
|
|
|
`role_description` = :role_description
|
|
|
|
|
WHERE `role_id` = :role_id
|
|
|
|
|
');
|
2018-05-27 00:20:35 +00:00
|
|
|
$updateRole->bindValue('role_id', $roleId);
|
2018-05-16 02:58:21 +00:00
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$updateRole->bindValue('role_name', $roleName);
|
|
|
|
|
$updateRole->bindValue('role_hierarchy', $roleHierarchy);
|
|
|
|
|
$updateRole->bindValue('role_secret', $roleSecret ? 1 : 0);
|
|
|
|
|
$updateRole->bindValue('role_colour', $roleColour);
|
|
|
|
|
$updateRole->bindValue('role_description', $roleDescription);
|
2018-05-16 02:58:21 +00:00
|
|
|
$updateRole->execute();
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if ($roleId < 1) {
|
|
|
|
|
$roleId = (int)$db->lastInsertId();
|
2018-05-16 02:58:21 +00:00
|
|
|
}
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
header("Location: ?v=role&r={$roleId}");
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if ($roleId !== null) {
|
|
|
|
|
if ($roleId < 1) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'no';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-16 02:58:21 +00:00
|
|
|
$getEditRole = $db->prepare('
|
|
|
|
|
SELECT *
|
|
|
|
|
FROM `msz_roles`
|
|
|
|
|
WHERE `role_id` = :role_id
|
|
|
|
|
');
|
2018-05-27 00:20:35 +00:00
|
|
|
$getEditRole->bindValue('role_id', $roleId);
|
|
|
|
|
$editRole = $getEditRole->execute() ? $getEditRole->fetch() : [];
|
2018-04-23 03:00:55 +00:00
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
if (!$editRole) {
|
2018-04-23 03:00:55 +00:00
|
|
|
echo 'invalid role';
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2018-05-27 00:20:35 +00:00
|
|
|
$templating->vars(['edit_role' => $editRole]);
|
2018-04-23 03:00:55 +00:00
|
|
|
}
|
|
|
|
|
|
2018-04-26 15:01:59 +00:00
|
|
|
echo $templating->render('@manage.users.roles_create');
|
2018-04-23 03:00:55 +00:00
|
|
|
break;
|
|
|
|
|
}
|
