thooge/ipreg
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Refactored user, vlan and zone

Browse Source
This commit is contained in:
Thomas Hooge
2023-03-03 19:33:52 +01:00
parent c63b500d77
commit 32bd592098
31 changed files with 473 additions and 407 deletions
Download Patch File Download Diff File Expand all files Collapse all files

152
user.php
View File

@@ -13,8 +13,90 @@ if (($_SESSION['suser_role_admin'] == 0) and ($_SESSION['suser_role_manage'] ==
header_location('comments.php?comments=accessdenied');
}
if (isset($_REQUEST['id'])) {
$id = (int) $_REQUEST['id'] or $id = 0;
}
// ========== ACTIONS START ===================================================
switch ($submit = form_get_action()) {
case NULL: break;
case 'add': $action = ACT_ADD; break;
case 'view': $action = ACT_VIEW; break;
case 'edit': $action = ACT_EDIT; break;
case 'del': $action = ACT_DELETE; break;
case 'insert':
$user_name = strtolower(sanitize($_POST['user_name']));
$user_displayname = sanitize($_POST['user_displayname']);
$user_password = md5(sanitize($_POST['user_password']));
// check if username exists
$sth = $dbh->prepare("SELECT COUNT(*) FROM user WHERE user_name=?");
$sth->execute([$user_name]);
if ($sth->fetchColumn() == 0) {
$sql = "INSERT INTO user (user_name, user_displayname, user_pass)
VALUE (?, ?, ?)";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name, $user_displayname, $user_password]);
$id = $dbh->lastInsertId();
$action = ACT_VIEW;
} else {
$g_error->Add(_("Username already in use."));
$action = ACT_ADD;
}
break;
case 'update':
$user_name = sanitize($_POST['user_name']);
$user_displayname = sanitize($_POST['user_displayname']);
$user_realm = sanitize($_POST['user_realm']);
// roles
$role_add = sanitize($_POST['role_add']);
$role_edit = sanitize($_POST['role_edit']);
$role_delete = sanitize($_POST['role_delete']);
$role_manage = sanitize($_POST['role_manage']);
$role_admin = sanitize($_POST['role_admin']);
// construct menu set
$role = array();
if ($role_add) $role[] = 'add';
if ($role_edit) $role[] = 'edit';
if ($role_delete) $role[] = 'delete';
if ($role_manage) $role[] = 'manage';
if ($role_admin) $role[] = 'admin';
$sql = "UPDATE user SET
user_name=?, user_displayname=?, user_realm=?,
user_role=?
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$user_name ,$user_displayname, $user_realm,
implode(',', $role), $id]);
$action = ACT_VIEW;
break;
case 'delete':
$sth = $dbh->prepare("DELETE FROM user WHERE user_id=?");
$sth->execute([$id]);
$g_message->Add(_("User deleted."));
$action = ACT_DEFAULT;
break;
default:
$g_error->Add(submit_error($submit));
$valid = FALSE;
}
// ========== ACTIONS END =====================================================
include("header.php");
if ($action == ACT_DEFAULT):
// ========== VARIANT: default behavior =======================================
$sql = "SELECT user_id AS id, user_name AS name,
user_displayname AS displayname, user_realm AS realm,
user_role AS role
@@ -27,10 +109,74 @@ $users = $sth->fetchAll(PDO::FETCH_ASSOC);
for($i = 0; $i < count($users); $i++) {
$users[$i]['role'] = explode(',', $users[$i]['role'] );
}
$smarty->assign("users", $users);
$smarty->display("user.tpl");
include("footer.php");
elseif ($action == ACT_ADD):
// ========== VARIANT: add record =============================================
$realms = db_load_enum('user','user_realm');
$smarty->assign("realm_ids", $realms);
$smarty->assign("realm_names", $realms);
$smarty->assign("realm_selected", $realms[0]);
$smarty->display("useradd.tpl");
elseif ($action == ACT_VIEW):
// ========== VARIANT: view single record =====================================
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm as realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$user->flags = explode(',', $user->flags);
$smarty->assign("user", $user);
$smarty->display("userview.tpl");
elseif ($action == ACT_EDIT):
// ========== VARIANT: edit single record =====================================
$sql = "SELECT user_id AS id, user_name AS name, user_displayname AS displayname,
user_realm AS realm, user_role AS role, user_flags AS flags
FROM user
WHERE user_id=?";
$sth = $dbh->prepare($sql);
$sth->execute([$id]);
$user = $sth->fetch(PDO::FETCH_OBJ);
$user->role = explode(',', $user->role);
$smarty->assign("user", $user);
// auth realms
$smarty->assign("realm_ids", ['local', 'ldap']);
$smarty->assign("realm_names", ['Local', 'LDAP']);
$smarty->assign("realm_selected", $user->realm);
$smarty->display("useredit.tpl");
elseif ($action == ACT_DELETE):
// ========== VARIANT: delete record ==========================================
$sth = $dbh->prepare("SELECT user_id AS id, user_name AS name FROM user WHERE user_id=?");
$sth->execute([$id]);
$smarty->assign("user", $sth->fetch(PDO::FETCH_OBJ));
$smarty->display("userdel.tpl");
else:
// ========== ERROR UNKNOWN VARIANT ===========================================
echo "<p>Unknown function call: Please report to system development!</p>\n";
endif; // $action == ...
// ========== END OF VARIANTS =================================================
$smarty->display('footer.tpl');
?>