0) { $input_id = $_id; } else { $input_id = $_POST["input_id"]; } if ($input_id <> '') { $pdoHost = getenv('MAIN_MYSQL_DB_HOST'); $pdoPort = getenv('MAIN_MYSQL_DB_PORT'); $pdoUser = getenv('MAIN_MYSQL_DB_USER'); $pdoPass = getenv('MAIN_MYSQL_DB_PASS'); $pdoSchema = getenv('MAIN_MYSQL_DB_SCHEMA'); $pdo = new \DynCom\mysyde\common\classes\PDOQueryWrapper($pdoHost, $pdoPort, $pdoSchema, $pdoUser, $pdoPass); $prepStatement = " SELECT * FROM main_admin_user WHERE id = :id LIMIT 1 "; $params = [ [':id', $input_id, PDO::PARAM_STR], ]; $pdo->setQuery($prepStatement); $pdo->prepareQuery(); $pdo->bindParameters($params); $pdo->executePreparedStatement(); $result = $pdo->getResultArray(); if ($result !== null) { if (count($result) == 1) { $input_admin_user = $result[0]; $input_admin_user["password"] = "nochange"; require_once("edit_admin_user_cardform.inc.php"); } } } else { $input_admin_user = array(); require_once("edit_admin_user_cardform.inc.php"); } } function delete_admin_user( $curr_user_id ) { $translation = \DynCom\mysyde\common\classes\Registry::get("translation"); if ($_POST["input_id"] <> '') { if ($_POST["input_id"] <> $curr_user_id) { $query = "DELETE FROM main_admin_user WHERE id = '" . $_POST["input_id"] . "' LIMIT 1"; @mysqli_query($GLOBALS['mysql_con'], $query); $query = "DELETE FROM main_site_admin_user_link where main_admin_user_id = '" . $_POST["input_id"]."'"; @mysqli_query($GLOBALS['mysql_con'], $query); createMySydeLog('main_admin_user', $_POST["input_id"], 'DELETE'); } else { header('EDIT_ERROR: 1'); $messages[] = "
" . $translation->get("user_error5") . "
"; edit_admin_user($_POST["input_id"], $messages); } } require_once("edit_admin_user_listform.inc.php"); } function save_admin_user() { $messages = array(); $error = FALSE; $input_id = ""; $translation = \DynCom\mysyde\common\classes\Registry::get("translation"); $passwordOptions = get_password_options(); $hashedPassword = password_hash(filter_input(INPUT_POST,'input_password'),PASSWORD_DEFAULT,$passwordOptions); if ($_POST["input_right_create_user"] == 'on') { $right_create_user = 1; } else { $right_create_user = 0; } $right_website_admin = 0; if ($_POST["right_website_admin"] == 'on') { $right_website_admin = 1; } $is_betriebsrat = 0; if ($_POST["is_betriebsrat"] == 'on') { $is_betriebsrat = 1; } if ($_POST["input_id"] <> '') { $inserted = FALSE; $input_id = $_POST["input_id"]; $newPassword = false; if ($_POST["input_old_password"] == '' && $_POST["input_password"] == '' && $_POST["input_password2"] == '') { $query = "UPDATE main_admin_user SET name = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_name"]) . "', email = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_email"]) . "', login = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_login"]) . "', right_create_user = " . $right_create_user . ", right_website_admin = ".$right_website_admin.", is_betriebsrat = ".$is_betriebsrat.", edit_mode = '" . (int)$_POST['input_edit_mode'] . "', main_site_id = '" . (int)$_POST['main_site_id'] . "', main_language = '" . $_POST['main_language'] . "' WHERE id = '" . $_POST["input_id"] . "' LIMIT 1"; } else { $newPassword = true; $query = "UPDATE main_admin_user SET name = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_name"]) . "', email = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_email"]) . "', login = '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_login"]) . "', password = '" . $hashedPassword . "', right_website_admin = ".$right_website_admin.", is_betriebsrat = ".$is_betriebsrat.", right_create_user = " . $right_create_user . " , edit_mode = '" . (int)$_POST['input_edit_mode'] . "', main_site_id = '" . (int)$_POST['main_site_id'] . "', main_language = '" . $_POST['main_language'] . "' WHERE id = '" . $_POST["input_id"] . "' LIMIT 1"; } createMySydeLog('main_admin_user', $_POST["input_id"], 'UPDATE'); } else { $newPassword = true; $query = "INSERT INTO main_admin_user (id,name,email,login,password,right_create_user, right_website_admin, main_site_id, main_language,edit_mode, is_betriebsrat) VALUES ( NULL, '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_name"]) . "', '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_email"]) . "', '" . mysqli_real_escape_string($GLOBALS['mysql_con'], $_REQUEST["input_login"]) . "', '" . $hashedPassword . "', " . $right_create_user . ", ". $right_website_admin.", ". $is_betriebsrat.", '" . (int)$_POST['main_site_id'] . "', '" . $_POST['main_language'] . "', '" . (int)$_POST['edit_mode'] . "' )"; $inserted = TRUE; } $siteQuery = "SELECT * from main_site"; $result = @mysqli_query($GLOBALS['mysql_con'], $siteQuery); $siteAdminError = true; while ($siterow = @mysqli_fetch_assoc($result)) { $arr_ind = "input_site_admin_link_" . $siterow["id"]; if(isset($_POST[$arr_ind]) && $_POST[$arr_ind] == "on") { $siteAdminError = false; break; } } if($siteAdminError === true) { $messages[] = "
" . $translation->get("site_admin_user_error") . "
\n"; $error = TRUE; } if (($_POST["input_name"] == '') || ($_POST["input_login"] == '' || $_POST['input_email'] == '')) { $messages[] = "
" . $translation->get("user_error1") . "
\n"; $error = TRUE; } if($newPassword) { $inputOldPassword = filter_var($_POST['input_old_password'], FILTER_SANITIZE_STRING); $dbPasswordHash = $GLOBALS["admin_user"]['password']; $verifiedPasword = password_verify($inputOldPassword, $dbPasswordHash) ; $validOldHash = md5($inputOldPassword) === $dbPasswordHash; if ($verifiedPasword || $validOldHash) { $verifiedPasword = true; } else { $verifiedPasword = false; } $checkOldPassword = true; if(!isset($_POST['input_old_password'])) // there is no old password the admin adding new password for another user { $checkOldPassword = false; } if($checkOldPassword) { if ( ($_POST["input_old_password"] == '') || !$verifiedPasword ) { if(!$error) { $messages[] = "
" . $translation->get("user_error7") . "
\n"; } $error = TRUE; } } if ($_POST["input_password"] <> $_POST["input_password2"]) { //echo "
" . $GLOBALS["tc"]["error_2_shop_user"] . "
\n"; if(!$error) { $messages[] = "
" . $translation->get("user_error2") . "
\n"; } $error = TRUE; } if (strlen($_POST["input_password"]) < 6) { //echo "
" . $GLOBALS["tc"]["error_3_shop_user"] . "
\n"; if(!$error) { $messages[] = "
" . $translation->get("user_error3") . "
\n"; } $error = TRUE; } if($checkOldPassword) { if($verifiedPasword && ($_POST["input_password"] == $inputOldPassword) ) { if(!$error) { $messages[] = "
" . $translation->get("user_error8") . "
\n"; } $error = TRUE; } } } $pdoHost = getenv('MAIN_MYSQL_DB_HOST'); $pdoPort = getenv('MAIN_MYSQL_DB_PORT'); $pdoUser = getenv('MAIN_MYSQL_DB_USER'); $pdoPass = getenv('MAIN_MYSQL_DB_PASS'); $pdoSchema = getenv('MAIN_MYSQL_DB_SCHEMA'); $pdo = new \DynCom\mysyde\common\classes\PDOQueryWrapper($pdoHost, $pdoPort, $pdoSchema, $pdoUser, $pdoPass); $prepStatement = " SELECT * FROM main_admin_user WHERE login = :login "; $params = [ [':login', $_POST["input_login"], PDO::PARAM_STR], ]; $pdo->setQuery($prepStatement); $pdo->prepareQuery(); $pdo->bindParameters($params); $pdo->executePreparedStatement(); $result = $pdo->getResultArray(); if ((count($result) <> 0) && ($_POST["input_id"] == '')) { $messages[] = "
" . $translation->get("user_error4") . "
\n"; $error = TRUE; } if (!$error) { @mysqli_query($GLOBALS['mysql_con'], $query); if ($inserted == TRUE) { $input_id = mysqli_insert_id($GLOBALS['mysql_con']); createMySydeLog('main_admin_user', $input_id, 'INSERT'); $messages[] = '
' . $translation->get("user_msg_success1") . '
'; } else { $messages[] = '
' . $translation->get("user_msg_success2") . '
'; } // saveImg if(isset($_FILES) && !empty($_FILES) && $_FILES['user_image']['size'] != 0 ){ $fileName = saveImage('user_image', $input_id); $query = "UPDATE main_admin_user SET image = '" . $fileName. "' WHERE id = '" . $input_id . "' LIMIT 1"; @mysqli_query($GLOBALS['mysql_con'],$query); } // SaveImag $query = "DELETE FROM main_site_admin_user_link where main_admin_user_id = " . $input_id; @mysqli_query($GLOBALS['mysql_con'], $query); $query = "SELECT * from main_site"; $result = @mysqli_query($GLOBALS['mysql_con'], $query); $deleteAll = true; while ($siterow = @mysqli_fetch_assoc($result)) { $arr_ind = "input_site_admin_link_" . $siterow["id"]; if(isset($_POST[$arr_ind]) && $_POST[$arr_ind] == "on") { $query = "INSERT INTO main_site_admin_user_link SET main_site_id = " . $siterow["id"] . ", main_admin_user_id = " . $input_id . ", modified_date = " . time() . ", modified_user = " . (int)$GLOBALS["admin_user"]['id']; @mysqli_query($GLOBALS['mysql_con'],$query); } else { $deleteAll = false; } } // if($deleteAll === true) { // $query = "DELETE FROM main_site_admin_user_link where main_admin_user_id = " . $input_id; // @mysqli_query($GLOBALS['mysql_con'], $query); // } // Zuordnung Benutzer zu Shop // $query = "DELETE FROM main_admin_user_shop_link where main_admin_user_id = '" . $input_id."'"; // @mysqli_query($GLOBALS['mysql_con'], $query); // $query = "SELECT * from shop_shop"; // $result = @mysqli_query($GLOBALS['mysql_con'], $query); // $deleteAll = true; // while ($siterow = @mysqli_fetch_assoc($result)) { // $arr_ind = "input_shop_admin_link_" . $siterow["id"]; // if(isset($_POST[$arr_ind]) && $_POST[$arr_ind] == "on") { // $active = 1; // } else { // $active = 0; // $deleteAll = false; // } // $query = "INSERT INTO main_admin_user_shop_link SET // shop_code = '" . $siterow["code"] . "', // main_admin_user_id = " . $input_id . ", // active = " . $active . ", // modified_date = " . time() . ", // modified_user = " . (int)$GLOBALS["admin_user"]['id']; // @mysqli_query($GLOBALS['mysql_con'],$query); // } // if($deleteAll === true) { // $query = "DELETE FROM main_admin_user_shop_link where main_admin_user_id = " . $input_id; // @mysqli_query($GLOBALS['mysql_con'], $query); // } edit_admin_user($input_id, $messages); } else { header('EDIT_ERROR: 1'); $input_admin_user["id"] = $_POST["input_id"]; $input_admin_user["name"] = $_POST["input_name"]; $input_admin_user["email"] = $_POST["input_email"]; $input_admin_user["login"] = $_POST["input_login"]; $input_admin_user["right_create_user"] = $right_create_user; if (($_POST["input_password"] == "nochange") && ($_POST["input_password2"] == "nochange")) { $input_admin_user["password"] = "nochange"; $input_admin_user["password2"] = "nochange"; } else { $input_admin_user["password"] = ""; $input_admin_user["password2"] = ""; } require_once("edit_admin_user_cardform.inc.php"); } } function saveImage($filekey = 'user_image', $input_id){ $erlaubte_endungen = array("jpg", "jpeg", "gif", "png"); $filename = strtolower($_FILES[$filekey]['name']); $filename_expl = explode(".", $filename); if (!in_array($filename_expl[count($filename_expl) - 1], $erlaubte_endungen)) { $messages = "
" . $translation->get("error_slideshow_line2") . "
\n"; $error = TRUE; } $saveFilename = $input_id . "_" . time() . "_" . cleanFilename($_FILES[$filekey]['name']); $width = 300; $height = 200; require_once(MODULE_PATH . "collection/collection_config.inc.php"); move_uploaded_file($_FILES[$filekey]['tmp_name'], PATH_ORIGINAL_PICTURE_COLLECTION . $saveFilename); image_resize(PATH_ORIGINAL_PICTURE_COLLECTION . $saveFilename, PATH_RESIZE_COLLECTION . $saveFilename, $width, $height, TRUE); image_resize(PATH_ORIGINAL_PICTURE_COLLECTION . $saveFilename, "../.." . PATH_ICON_COLLECTION . $saveFilename, 200, 100, TRUE); return $saveFilename; } function delete_user_image(){ $user_id = $_POST['input_id']; $query = "SELECT * FROM main_admin_user WHERE id =".$user_id." LIMIT 1"; $result = @mysqli_query($GLOBALS['mysql_con'], $query); $user = @mysqli_fetch_array($result); if(!empty($user)){ $filename = $user['image']; require_once(MODULE_PATH . "collection/collection_config.inc.php"); if (file_exists(PATH_ORIGINAL_PICTURE_COLLECTION . $filename)) { unlink(PATH_ORIGINAL_PICTURE_COLLECTION . $filename); } if (file_exists("../.." . PATH_ICON_COLLECTION . $filename) && !empty($filename)) { unlink("../.." . PATH_ICON_COLLECTION . $filename); } if (file_exists(PATH_RESIZE_COLLECTION . $filename)) { unlink(PATH_RESIZE_COLLECTION . $filename); } $query = "UPDATE main_admin_user SET image = '' WHERE id = '" . $user_id . "' LIMIT 1"; @mysqli_query($GLOBALS['mysql_con'], $query); } }