new user management system using ajax
This commit is contained in:
Janis Steiner
44
sys0-code/api/delete_user.php
Normal file
44
sys0-code/api/delete_user.php
Normal file
@@ -0,0 +1,44 @@
|
||||
<?php
|
||||
session_start();
|
||||
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
|
||||
header("location: /login/login.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once "../config/config.php";
|
||||
|
||||
function deleteDirectory($dir) {
|
||||
if (!is_dir($dir)) {
|
||||
return false; // Gibt false zurück, wenn das Verzeichnis nicht existiert
|
||||
}
|
||||
|
||||
$files = array_diff(scandir($dir), array('.', '..')); // Ignoriert "." und ".."
|
||||
foreach ($files as $file) {
|
||||
$path = $dir . DIRECTORY_SEPARATOR . $file;
|
||||
if (is_dir($path)) {
|
||||
deleteDirectory($path); // Rekursiver Aufruf für Unterordner
|
||||
} else {
|
||||
unlink($path); // Datei löschen
|
||||
}
|
||||
}
|
||||
return rmdir($dir); // Verzeichnis löschen
|
||||
}
|
||||
|
||||
$userId = $_POST['userId'];
|
||||
|
||||
$sql = "SELECT username FROM users WHERE id = ?";
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->bind_param("i", $userId);
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($username);
|
||||
$stmt->fetch();
|
||||
$stmt->close();
|
||||
|
||||
$sql = "DELETE FROM users WHERE id = ?";
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->bind_param("i", $userId);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
|
||||
deleteDirectory("/var/www/html/user_files/$username/");
|
||||
?>
|
||||
52
sys0-code/api/fetch_users.php
Normal file
52
sys0-code/api/fetch_users.php
Normal file
@@ -0,0 +1,52 @@
|
||||
<?php
|
||||
session_start();
|
||||
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
|
||||
header("location: /login/login.php");
|
||||
exit;
|
||||
}
|
||||
require_once "../config/config.php";
|
||||
|
||||
$username = isset($_GET['username']) ? '%' . htmlspecialchars($_GET['username']) . '%' : '%';
|
||||
|
||||
$sql = "SELECT users.id, users.username, users.role, users.class_id, users.banned, class.name
|
||||
FROM users
|
||||
LEFT JOIN class ON users.class_id = class.id
|
||||
WHERE users.username LIKE ?";
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->bind_param("s", $username);
|
||||
$stmt->execute();
|
||||
$result = $stmt->get_result();
|
||||
|
||||
while ($row = $result->fetch_assoc()) {
|
||||
echo "<tr>";
|
||||
echo "<td>{$row['username']}</td>";
|
||||
echo "<td>
|
||||
<select class='form-select updateField' data-field='class_id' data-userid='{$row['id']}'>";
|
||||
$classQuery = $link->query("SELECT id, name FROM class");
|
||||
while ($class = $classQuery->fetch_assoc()) {
|
||||
$selected = $class['id'] == $row['class_id'] ? 'selected' : '';
|
||||
echo "<option value='{$class['id']}' $selected>{$class['name']}</option>";
|
||||
}
|
||||
if($row["class_id"]==0){
|
||||
echo "<option value='0' selected>Lehrperson</option>";
|
||||
}
|
||||
echo "</select>
|
||||
</td>";
|
||||
|
||||
$role=substr($row['role'],0,11);
|
||||
foreach (str_split($role) as $index => $perm) {
|
||||
$checked = $perm === "1" ? "checked" : "";
|
||||
echo "<td>
|
||||
<input type='checkbox' class='form-check-input updateField' data-field='role[$index]' data-userid='{$row['id']}' $checked>
|
||||
</td>";
|
||||
}
|
||||
|
||||
if($row['banned']==1)
|
||||
echo "<td><button class='btn btn-success verify_user' data-userid='{$row['id']}'>Manuell verifizieren</button></td>";
|
||||
else
|
||||
echo "<td>Bereits verifiziert</td>";
|
||||
echo "<td><button class='btn btn-danger deleteUser' data-userid='{$row['id']}'>Löschen</button></td>";
|
||||
echo "</tr>";
|
||||
}
|
||||
$stmt->close();
|
||||
?>
|
||||
34
sys0-code/api/update_user.php
Normal file
34
sys0-code/api/update_user.php
Normal file
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
session_start();
|
||||
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
|
||||
header("location: /login/login.php");
|
||||
exit;
|
||||
}
|
||||
require_once "../config/config.php";
|
||||
|
||||
$userId = $_POST['userId'];
|
||||
$field = $_POST['field'];
|
||||
$value = $_POST['value'];
|
||||
|
||||
if (strpos($field, 'role') !== false) {
|
||||
$index = (int)filter_var($field, FILTER_SANITIZE_NUMBER_INT);
|
||||
$sql = "SELECT role FROM users WHERE id = ?";
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->bind_param("i", $userId);
|
||||
$stmt->execute();
|
||||
$stmt->bind_result($role);
|
||||
$stmt->fetch();
|
||||
$stmt->close();
|
||||
|
||||
$role[$index] = $value;
|
||||
$sql = "UPDATE users SET role = ? WHERE id = ?";
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->bind_param("si", $role, $userId);
|
||||
} else {
|
||||
$sql = "UPDATE users SET $field = ? WHERE id = ?";
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->bind_param("ii", $value, $userId);
|
||||
}
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
?>
|
||||
18
sys0-code/api/verify_user.php
Normal file
18
sys0-code/api/verify_user.php
Normal file
@@ -0,0 +1,18 @@
|
||||
<?php
|
||||
session_start();
|
||||
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
|
||||
header("location: /login/login.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
require_once "../config/config.php";
|
||||
|
||||
$userId = $_POST['userId'];
|
||||
|
||||
$sql = "UPDATE users SET banned = 0 WHERE id = ?";
|
||||
$stmt = $link->prepare($sql);
|
||||
$stmt->bind_param("i", $userId);
|
||||
$stmt->execute();
|
||||
$stmt->close();
|
||||
|
||||
?>
|
||||
@@ -1,22 +1,25 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<title>Manage user</title>
|
||||
<html lang="de">
|
||||
<head>
|
||||
<meta charset="UTF-8">
|
||||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||||
<title>Benutzerverwaltung</title>
|
||||
<script src="https://code.jquery.com/jquery-3.6.0.min.js"></script>
|
||||
</head>
|
||||
<body style="background-color: <?php echo $_SESSION['color']; ?>;">
|
||||
|
||||
<?php
|
||||
// Initialize the session
|
||||
session_start();
|
||||
require_once "../log/log.php";
|
||||
// Check if the user is logged in, if not then redirect him to login page
|
||||
require_once "../config/config.php";
|
||||
include "../assets/components.php";
|
||||
|
||||
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3] !== "1") {
|
||||
header("location: /login/login.php");
|
||||
exit;
|
||||
}
|
||||
$_SESSION["rid"]++;
|
||||
?>
|
||||
|
||||
<?php
|
||||
$color=$_SESSION["color"];
|
||||
include "../assets/components.php";
|
||||
?>
|
||||
<script src="/assets/js/load_page.js"></script>
|
||||
<script>
|
||||
function load_user()
|
||||
@@ -26,271 +29,84 @@ function load_user()
|
||||
});
|
||||
}
|
||||
</script>
|
||||
<?php $color=$_SESSION["color"]; ?>
|
||||
<?php echo("<body style='background-color:$color'> ");?>
|
||||
<div id="content"></div>
|
||||
<?php
|
||||
function get_perm_string(){
|
||||
$perm_str="";
|
||||
if(isset($_POST["print"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["private_cloud"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["public_cloud"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["printer_ctrl_all"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["change_user_perm"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["create_admin"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["view_log"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["view_apikey"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["create_key"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["debug"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["delete_from_public_cloud"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
return $perm_str;
|
||||
}
|
||||
function deleteDirectory($dir) {
|
||||
if (!is_dir($dir)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Get list of files and directories inside the directory
|
||||
$files = scandir($dir);
|
||||
|
||||
foreach ($files as $file) {
|
||||
// Skip current and parent directory links
|
||||
if ($file == '.' || $file == '..') {
|
||||
continue;
|
||||
}
|
||||
|
||||
$path = $dir . '/' . $file;
|
||||
|
||||
if (is_dir($path)) {
|
||||
// Recursively delete sub-directory
|
||||
deleteDirectory($path);
|
||||
} else {
|
||||
// Delete file
|
||||
unlink($path);
|
||||
}
|
||||
}
|
||||
|
||||
// Delete the empty directory
|
||||
rmdir($dir);
|
||||
}
|
||||
echo ("<script type='text/javascript' >load_user()</script>");
|
||||
require_once "../config/config.php";
|
||||
if(isset($_GET["update_id"]) && $_GET["rid"]==$_SESSION["rid"]-1){
|
||||
$tid=$_GET["update_id"];
|
||||
$perms=get_perm_string();
|
||||
$sql="UPDATE users SET role = '$perms' WHERE id=$tid";
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
}
|
||||
if(isset($_GET['username']) && isset($_GET["delete"]))
|
||||
{
|
||||
$username_td=$_GET['username'];
|
||||
$username_td=htmlspecialchars($username_td);
|
||||
$sql="DELETE FROM users WHERE username = '$username_td';";
|
||||
//echo($sql);
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
deleteDirectory("/var/www/html/user_files/$username_td/");
|
||||
log_("Deleted $username_td","BAN:DELETION");
|
||||
}
|
||||
else if(isset($_GET["verify"]) && isset($_GET['username']))
|
||||
{
|
||||
$username_td=htmlspecialchars($_GET['username']);
|
||||
$sql="UPDATE users SET banned = 0 WHERE username='$username_td'";
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
log_("Unanned $username_td","BAN:UNBAN");
|
||||
}
|
||||
|
||||
|
||||
//how many users do we have?
|
||||
$cnt=0;
|
||||
$sql="SELECT COUNT(*) FROM users";
|
||||
if($stmt = mysqli_prepare($link, $sql)){
|
||||
// Bind variables to the prepared statement as parameters
|
||||
|
||||
// Attempt to execute the prepared statement
|
||||
if(mysqli_stmt_execute($stmt)){
|
||||
// Store result
|
||||
mysqli_stmt_store_result($stmt);
|
||||
mysqli_stmt_bind_result($stmt, $cnt);
|
||||
if(mysqli_stmt_fetch($stmt)){
|
||||
|
||||
}
|
||||
} else{
|
||||
echo "<div class='alert alert-danger' role='alert'>Oops! Something went wrong. Please try again later.</div>";
|
||||
}
|
||||
|
||||
// Close statement
|
||||
mysqli_stmt_close($stmt);
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
<div class="container" style="min-height:95vh; min-width:100%">
|
||||
<div class="row">
|
||||
<div class="col-mt-12" style="overflow-x:auto">
|
||||
<div class="d-flex flex-column align-items-center">
|
||||
<h4>Nach Benutzer suchen, um zu verwalten</h4>
|
||||
<form action="manage_user.php" method="GET" >
|
||||
<input type="text" class="form-control flex-grow-1 mr-2" name="username" placeholder="Benutzername eingeben" >
|
||||
<div class="container mt-12" style="min-height:95vh">
|
||||
<h4>Benutzer suchen und verwalten</h4>
|
||||
<form id="userSearchForm">
|
||||
<input type="text" class="form-control" name="username" placeholder="Benutzername eingeben">
|
||||
<button type="submit" class="btn btn-primary">Suchen</button>
|
||||
</form>
|
||||
<table class="table mt-5" id="userTable">
|
||||
<thead>
|
||||
<tr>
|
||||
<th>Nutzer</th>
|
||||
<th>Klasse</th>
|
||||
<th>Drucken</th>
|
||||
<th>Private Cloud</th>
|
||||
<th>Öffentliche Cloud</th>
|
||||
<th>Alle Drucker freigeben</th>
|
||||
<th>Benutzerrechte</th>
|
||||
<th>Admin erstellen</th>
|
||||
<th>Log ansehen</th>
|
||||
<th>API-Key</th>
|
||||
<th>Druckschlüssel</th>
|
||||
<th>Debug</th>
|
||||
<th>Öffentliche Dateien löschen</th>
|
||||
<th>Manuell verifizieren</th>
|
||||
<th>Löschen</th>
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody></tbody>
|
||||
</table>
|
||||
</div>
|
||||
|
||||
<!-- list users and their permissions -->
|
||||
<?php
|
||||
echo("<table class='table' style='overflow-x: auto'>");
|
||||
echo("<thead>");
|
||||
echo("<tr>");
|
||||
echo("<td>Nutzer</td>");
|
||||
echo("<td>Drucken</td>");
|
||||
echo("<td>Cloud</td>");
|
||||
echo("<td>Öffentliche Cloud</td>");
|
||||
echo("<td>Alle Drucker abbrechen / freigeben</td>");
|
||||
echo("<td>Benutzereinstellungen ändern</td>");
|
||||
echo("<td>Administratoren erstellen</td>");
|
||||
echo("<td>Log ansehen</td>");
|
||||
echo("<td>APIkey ansehen</td>");
|
||||
echo("<td>Druckschlüssel erstellen</td>");
|
||||
echo("<td>Debug</td>");
|
||||
echo("<td>Alle Dateien von Öffentlicher Cloud löschen</td>");
|
||||
echo("<td>Aktualisieren</td>");
|
||||
echo("<td>Benutzer löschen</td>");
|
||||
echo("<td>Benutzer manuell verifizieren</td>");
|
||||
echo("</tr>");
|
||||
echo("</thead>");
|
||||
echo("<tbody>");
|
||||
echo("<tr>");
|
||||
//how many users do we have?
|
||||
$cnt=0;
|
||||
if(isset($_GET["username"]))
|
||||
$search=htmlspecialchars($_GET["username"]);
|
||||
else
|
||||
$search="user_not_found";
|
||||
<div id="footer">
|
||||
</div>
|
||||
|
||||
$sql="SELECT COUNT(*) FROM users WHERE username LIKE '%$search%'";
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
// Store result
|
||||
mysqli_stmt_store_result($stmt);
|
||||
mysqli_stmt_bind_result($stmt, $cnt);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
//now we know how many users we have.
|
||||
$last_id=0;
|
||||
while($cnt!=0){
|
||||
$tusername="";
|
||||
$trole="";
|
||||
$banned=0;
|
||||
$tid=0;
|
||||
$sql="select id,username,role,banned from users where id>$last_id AND username LIKE '%$search%' ORDER BY id";
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
// Store result
|
||||
mysqli_stmt_store_result($stmt);
|
||||
mysqli_stmt_bind_result($stmt, $tid,$tusername,$trole,$banned);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
echo("<tr><form action='manage_user.php?update_id=$tid&rid=".$_SESSION["rid"]."&username=$search' method='post'>");
|
||||
echo("<td>$tusername</td>");
|
||||
if($trole[0]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="print" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="print" ></td>');
|
||||
if($trole[1]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="private_cloud" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="private_cloud" ></td>');
|
||||
if($trole[2]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="public_cloud" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="public_cloud" ></td>');
|
||||
if($trole[3]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="printer_ctrl_all" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="printer_ctrl_all" ></td>');
|
||||
if($trole[4]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="change_user_perm" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="change_user_perm" ></td>');
|
||||
if($trole[5]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="create_admin" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="create_admin" ></td>');
|
||||
if($trole[6]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="view_log" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="view_log" ></td>');
|
||||
if($trole[7]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="view_apikey" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="view_apikey" ></td>');
|
||||
if($trole[8]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="create_key" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="create_key" ></td>');
|
||||
if($trole[9]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="debug" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="debug" ></td>');
|
||||
if($trole[10]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="delete_from_public_cloud" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="delete_from_public_cloud" ></td>');
|
||||
echo('<td><input type="submit" class="btn btn-dark mb-5" value="Aktualisieren" id="button"></td>');
|
||||
echo('<td><a href="manage_user.php?username='.$tusername.'&delete" class="btn btn-danger" >Benutzer löschen</a></td>');
|
||||
if($banned==1)
|
||||
echo('<td><a href="manage_user.php?username='.$tusername.'&verify" class="btn btn-success" >Benutzer verifizieren</a></td>');
|
||||
else
|
||||
echo('<td>Benutzer bereits verifiziert</td>');
|
||||
echo("</form></tr>");
|
||||
$last_id=$tid;
|
||||
$cnt--;
|
||||
<script>
|
||||
$(document).ready(function () {
|
||||
function fetchUsers(username = '') {
|
||||
$.get('/api/fetch_users.php', { username }, function (data) {
|
||||
$('#userTable tbody').html(data);
|
||||
});
|
||||
}
|
||||
// echo("</tr>");
|
||||
echo("</tbody>");
|
||||
echo("</table>");
|
||||
mysqli_close($link);
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="footer"></div>
|
||||
$('#userSearchForm').on('submit', function (e) {
|
||||
e.preventDefault();
|
||||
const username = $(this).find('[name="username"]').val();
|
||||
fetchUsers(username);
|
||||
});
|
||||
|
||||
$(document).on('change', '.updateField', function () {
|
||||
const field = $(this).data('field');
|
||||
const userId = $(this).data('userid');
|
||||
const value = $(this).is(':checkbox') ? ($(this).is(':checked') ? 1 : 0) : $(this).val();
|
||||
|
||||
$.post('/api/update_user.php', { userId, field, value }, function (response) {
|
||||
console.log(response);
|
||||
});
|
||||
});
|
||||
|
||||
$(document).on('click', '.deleteUser', function () {
|
||||
const userId = $(this).data('userid');
|
||||
if (confirm('Sind Sie sicher, dass Sie diesen Benutzer löschen möchten?')) {
|
||||
$.post('/api/delete_user.php', { userId }, function () {
|
||||
fetchUsers();
|
||||
});
|
||||
}
|
||||
});
|
||||
|
||||
$(document).on('click', '.verify_user', function () {
|
||||
const userId = $(this).data('userid');
|
||||
$.post('/api/verify_user.php', { userId }, function () {
|
||||
fetchUsers();
|
||||
});
|
||||
});
|
||||
|
||||
fetchUsers(); // Initiale Benutzer laden
|
||||
load_user();
|
||||
});
|
||||
</script>
|
||||
|
||||
</body>
|
||||
|
||||
</html>
|
||||
|
||||
296
sys0-code/app/manage_user.php.old
Normal file
296
sys0-code/app/manage_user.php.old
Normal file
@@ -0,0 +1,296 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<title>Manage user</title>
|
||||
<?php
|
||||
// Initialize the session
|
||||
session_start();
|
||||
require_once "../log/log.php";
|
||||
// Check if the user is logged in, if not then redirect him to login page
|
||||
if(!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true || $_SESSION["role"][3]!== "1"){
|
||||
header("location: /login/login.php");
|
||||
exit;
|
||||
}
|
||||
$_SESSION["rid"]++;
|
||||
?>
|
||||
|
||||
<?php
|
||||
$color=$_SESSION["color"];
|
||||
include "../assets/components.php";
|
||||
?>
|
||||
<script src="/assets/js/load_page.js"></script>
|
||||
<script>
|
||||
function load_user()
|
||||
{
|
||||
$(document).ready(function(){
|
||||
$('#content').load("/assets/php/user_page.php");
|
||||
});
|
||||
}
|
||||
</script>
|
||||
<?php $color=$_SESSION["color"]; ?>
|
||||
<?php echo("<body style='background-color:$color'> ");?>
|
||||
<div id="content"></div>
|
||||
<?php
|
||||
function get_perm_string(){
|
||||
$perm_str="";
|
||||
if(isset($_POST["print"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["private_cloud"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["public_cloud"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["printer_ctrl_all"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["change_user_perm"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["create_admin"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["view_log"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["view_apikey"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["create_key"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["debug"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
if(isset($_POST["delete_from_public_cloud"]))
|
||||
$perm_str.="1";
|
||||
else
|
||||
$perm_str.="0";
|
||||
return $perm_str;
|
||||
}
|
||||
function deleteDirectory($dir) {
|
||||
if (!is_dir($dir)) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Get list of files and directories inside the directory
|
||||
$files = scandir($dir);
|
||||
|
||||
foreach ($files as $file) {
|
||||
// Skip current and parent directory links
|
||||
if ($file == '.' || $file == '..') {
|
||||
continue;
|
||||
}
|
||||
|
||||
$path = $dir . '/' . $file;
|
||||
|
||||
if (is_dir($path)) {
|
||||
// Recursively delete sub-directory
|
||||
deleteDirectory($path);
|
||||
} else {
|
||||
// Delete file
|
||||
unlink($path);
|
||||
}
|
||||
}
|
||||
|
||||
// Delete the empty directory
|
||||
rmdir($dir);
|
||||
}
|
||||
echo ("<script type='text/javascript' >load_user()</script>");
|
||||
require_once "../config/config.php";
|
||||
if(isset($_GET["update_id"]) && $_GET["rid"]==$_SESSION["rid"]-1){
|
||||
$tid=$_GET["update_id"];
|
||||
$perms=get_perm_string();
|
||||
$sql="UPDATE users SET role = '$perms' WHERE id=$tid";
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
}
|
||||
if(isset($_GET['username']) && isset($_GET["delete"]))
|
||||
{
|
||||
$username_td=$_GET['username'];
|
||||
$username_td=htmlspecialchars($username_td);
|
||||
$sql="DELETE FROM users WHERE username = '$username_td';";
|
||||
//echo($sql);
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
deleteDirectory("/var/www/html/user_files/$username_td/");
|
||||
log_("Deleted $username_td","BAN:DELETION");
|
||||
}
|
||||
else if(isset($_GET["verify"]) && isset($_GET['username']))
|
||||
{
|
||||
$username_td=htmlspecialchars($_GET['username']);
|
||||
$sql="UPDATE users SET banned = 0 WHERE username='$username_td'";
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
log_("Unanned $username_td","BAN:UNBAN");
|
||||
}
|
||||
|
||||
|
||||
//how many users do we have?
|
||||
$cnt=0;
|
||||
$sql="SELECT COUNT(*) FROM users";
|
||||
if($stmt = mysqli_prepare($link, $sql)){
|
||||
// Bind variables to the prepared statement as parameters
|
||||
|
||||
// Attempt to execute the prepared statement
|
||||
if(mysqli_stmt_execute($stmt)){
|
||||
// Store result
|
||||
mysqli_stmt_store_result($stmt);
|
||||
mysqli_stmt_bind_result($stmt, $cnt);
|
||||
if(mysqli_stmt_fetch($stmt)){
|
||||
|
||||
}
|
||||
} else{
|
||||
echo "<div class='alert alert-danger' role='alert'>Oops! Something went wrong. Please try again later.</div>";
|
||||
}
|
||||
|
||||
// Close statement
|
||||
mysqli_stmt_close($stmt);
|
||||
}
|
||||
?>
|
||||
|
||||
|
||||
<div class="container" style="min-height:95vh; min-width:100%">
|
||||
<div class="row">
|
||||
<div class="col-mt-12" style="overflow-x:auto">
|
||||
<div class="d-flex flex-column align-items-center">
|
||||
<h4>Nach Benutzer suchen, um zu verwalten</h4>
|
||||
<form action="manage_user.php" method="GET" >
|
||||
<input type="text" class="form-control flex-grow-1 mr-2" name="username" placeholder="Benutzername eingeben" >
|
||||
<button type="submit" class="btn btn-primary">Suchen</button>
|
||||
</form>
|
||||
</div>
|
||||
|
||||
<!-- list users and their permissions -->
|
||||
<?php
|
||||
echo("<table class='table' style='overflow-x: auto'>");
|
||||
echo("<thead>");
|
||||
echo("<tr>");
|
||||
echo("<td>Nutzer</td>");
|
||||
echo("<td>Drucken</td>");
|
||||
echo("<td>Cloud</td>");
|
||||
echo("<td>Öffentliche Cloud</td>");
|
||||
echo("<td>Alle Drucker abbrechen / freigeben</td>");
|
||||
echo("<td>Benutzereinstellungen ändern</td>");
|
||||
echo("<td>Administratoren erstellen</td>");
|
||||
echo("<td>Log ansehen</td>");
|
||||
echo("<td>APIkey ansehen</td>");
|
||||
echo("<td>Druckschlüssel erstellen</td>");
|
||||
echo("<td>Debug</td>");
|
||||
echo("<td>Alle Dateien von Öffentlicher Cloud löschen</td>");
|
||||
echo("<td>Aktualisieren</td>");
|
||||
echo("<td>Benutzer löschen</td>");
|
||||
echo("<td>Benutzer manuell verifizieren</td>");
|
||||
echo("</tr>");
|
||||
echo("</thead>");
|
||||
echo("<tbody>");
|
||||
echo("<tr>");
|
||||
//how many users do we have?
|
||||
$cnt=0;
|
||||
if(isset($_GET["username"]))
|
||||
$search=htmlspecialchars($_GET["username"]);
|
||||
else
|
||||
$search="user_not_found";
|
||||
|
||||
$sql="SELECT COUNT(*) FROM users WHERE username LIKE '%$search%'";
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
// Store result
|
||||
mysqli_stmt_store_result($stmt);
|
||||
mysqli_stmt_bind_result($stmt, $cnt);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
//now we know how many users we have.
|
||||
$last_id=0;
|
||||
while($cnt!=0){
|
||||
$tusername="";
|
||||
$trole="";
|
||||
$banned=0;
|
||||
$tid=0;
|
||||
$sql="select id,username,role,banned from users where id>$last_id AND username LIKE '%$search%' ORDER BY id";
|
||||
$stmt = mysqli_prepare($link, $sql);
|
||||
mysqli_stmt_execute($stmt);
|
||||
// Store result
|
||||
mysqli_stmt_store_result($stmt);
|
||||
mysqli_stmt_bind_result($stmt, $tid,$tusername,$trole,$banned);
|
||||
mysqli_stmt_fetch($stmt);
|
||||
mysqli_stmt_close($stmt);
|
||||
echo("<tr><form action='manage_user.php?update_id=$tid&rid=".$_SESSION["rid"]."&username=$search' method='post'>");
|
||||
echo("<td>$tusername</td>");
|
||||
if($trole[0]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="print" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="print" ></td>');
|
||||
if($trole[1]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="private_cloud" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="private_cloud" ></td>');
|
||||
if($trole[2]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="public_cloud" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="public_cloud" ></td>');
|
||||
if($trole[3]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="printer_ctrl_all" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="printer_ctrl_all" ></td>');
|
||||
if($trole[4]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="change_user_perm" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="change_user_perm" ></td>');
|
||||
if($trole[5]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="create_admin" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="create_admin" ></td>');
|
||||
if($trole[6]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="view_log" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="view_log" ></td>');
|
||||
if($trole[7]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="view_apikey" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="view_apikey" ></td>');
|
||||
if($trole[8]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="create_key" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="create_key" ></td>');
|
||||
if($trole[9]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="debug" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="debug" ></td>');
|
||||
if($trole[10]==="1")
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="delete_from_public_cloud" checked></td>');
|
||||
else
|
||||
echo('<td><input class="form-check-input" type="checkbox" value="" name="delete_from_public_cloud" ></td>');
|
||||
echo('<td><input type="submit" class="btn btn-dark mb-5" value="Aktualisieren" id="button"></td>');
|
||||
echo('<td><a href="manage_user.php?username='.$tusername.'&delete" class="btn btn-danger" >Benutzer löschen</a></td>');
|
||||
if($banned==1)
|
||||
echo('<td><a href="manage_user.php?username='.$tusername.'&verify" class="btn btn-success" >Benutzer verifizieren</a></td>');
|
||||
else
|
||||
echo('<td>Benutzer bereits verifiziert</td>');
|
||||
echo("</form></tr>");
|
||||
$last_id=$tid;
|
||||
$cnt--;
|
||||
}
|
||||
// echo("</tr>");
|
||||
echo("</tbody>");
|
||||
echo("</table>");
|
||||
mysqli_close($link);
|
||||
?>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div id="footer"></div>
|
||||
</body>
|
||||
|
||||
</html>
|
||||
@@ -26,6 +26,12 @@ function load_user()
|
||||
$('#content').load("/assets/php/user_page.php");
|
||||
});
|
||||
}
|
||||
function update_cancel_modal(printer_id,rid){
|
||||
const modal_=document.getElementById("cancel_modal");
|
||||
const button=document.getElementById("send_cancel_command");
|
||||
button.href="overview.php?cancel="+printer_id+"&rid="+rid;
|
||||
document.getElementById("open_cancel_modal").click();
|
||||
}
|
||||
</script>
|
||||
<?php
|
||||
echo "<script type='text/javascript' >load_user()</script>";
|
||||
@@ -115,6 +121,11 @@ function load_user()
|
||||
</head>
|
||||
<body>
|
||||
<div id="content"></div>
|
||||
<!-- placeholder button to be activated to open cancel modal -->
|
||||
<button style="display:none" type="button" class="btn btn-primary" data-bs-toggle="modal" id="open_cancel_modal" data-bs-target="#cancel_modal">
|
||||
Launch cancel modal
|
||||
</button>
|
||||
|
||||
<div>
|
||||
<div class="row justify-content-center">
|
||||
<div style="width: 100%;min-height:95vh">
|
||||
@@ -349,7 +360,8 @@ function load_user()
|
||||
echo("<tr><td>Vergangene Druckzeit</td><td>$print_time</td></tr>");
|
||||
echo("<tr><td>Datei</td><td><div class='hover-element'>".short_path($json["job"]["file"]["name"],10,10)."<div class='description'>".$json["job"]["file"]["name"]."</div></div></td></tr>");
|
||||
if($userid==$_SESSION["id"] or $role[3]==="1"){
|
||||
echo("<tr><td><a class='btn btn-danger' href='overview.php?cancel=$printer_id&rid=".$_SESSION["rid"]."'>Abbrechen</a></td></tr>");
|
||||
//echo("<tr><td><a class='btn btn-danger' data-toggle='modal' data-target='cancel_modal'>Abbrechen</a></td></tr>");
|
||||
echo("<tr><td><button class='btn btn-danger' onclick='update_cancel_modal(\"$printer_id\",\"".$_SESSION["rid"]."\")'>Abbrechen</button></td></tr>");
|
||||
}
|
||||
echo("</thead>");
|
||||
echo("</table>");
|
||||
@@ -481,6 +493,25 @@ Wenn deine Klasse nicht in der Liste ist, bitte deine Lehrperson deine Klasse in
|
||||
</form>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<!-- cancel modal -->
|
||||
<div class="modal fade" id="cancel_modal" tabindex="1" role="dialog" aria-labelledby="cancel_modal" aria-hidden="false">
|
||||
<div class="modal-dialog" role="document">
|
||||
<div class="modal-content">
|
||||
<div class="modal-header">
|
||||
<h5 class="modal-title">Druck abbrechen</h5>
|
||||
</div>
|
||||
<div class="modal-body">
|
||||
Möchtest du den Druck wirklich abbrechen? Dies kann nicht rückgängig gemacht werden!
|
||||
</div>
|
||||
<div class="modal-footer">
|
||||
<button type="button" class="btn btn-primary" data-bs-dismiss="modal">nicht abbrechen</button>
|
||||
<a type="button" id="send_cancel_command" href="#" class="btn btn-danger">Druck abbrechen</a>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<?php
|
||||
if($_SESSION["class_id"]==""){
|
||||
echo("<script>");
|
||||
|
||||
@@ -466,6 +466,9 @@ function time_to_seconds($print_time) {
|
||||
if ($reservation_conflict && !in_array($class,$for_class) && $class!=0) {
|
||||
echo "<center><div style='width:50%' class='alert alert-danger' role='alert'>Die Drucker sind zurzeit reserviert! Bitte versuche es später erneut!</div></center>";
|
||||
$block=true;
|
||||
}else if($class==0){
|
||||
$block=false;
|
||||
echo "<center><div style='width:50%' class='alert alert-danger' role='alert'>Die Drucker sind zurzeit reserviert!<br>Als Lehrperson können Sie zwar jetzt trozdem drucken, sollten es aber nur tun, wenn Sie sicher sind, dass nicht gerade eine andere Lehrperson mit einer Klasse drucken will!</div></center>";
|
||||
}else{
|
||||
$block=false;
|
||||
}
|
||||
@@ -473,7 +476,6 @@ function time_to_seconds($print_time) {
|
||||
?>
|
||||
<div class="container d-flex align-items-center justify-content-center" >
|
||||
|
||||
|
||||
<form class="mt-5" enctype="multipart/form-data" method="POST" action="">
|
||||
<?php if(!isset($_GET["cloudprint"])){
|
||||
echo ('<div class="form-group">');
|
||||
|
||||
Reference in New Issue
Block a user