feat: Add user edit modal and user management pages

- Implemented user edit modal in user_edit.html for editing user details.
- Updated sidebar.html to correctly reflect active states for Users and Settings.
- Created table-07.html for displaying user data in a structured format.
- Added settings.html for managing email content and configurations.
- Developed users.html for listing all users with functionality to add and edit users.

api/opfer/delete.php

@@ -17,7 +17,6 @@ $id = intval($_POST["id"]);
 $db = $api->getDB();
 
 $sql = "DELETE FROM opfer WHERE id = :id";
-
 $stmt = $db->prepare($sql);
 
 $sql_exec = $stmt->execute([':id' => $id]);

api/test.php

@@ -0,0 +1,16 @@
+<?php
+require "api.php";
+
+$id = 1;
+
+$api = new spamhasiApi();
+
+$db = $api->getDB();
+
+$sql = "SELECT * FROM users WHERE id = :id";
+$stmt = $db->prepare($sql);
+$stmt->execute([':id' => $id]);
+$result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+print_r($result);
+?>

api/users/add.php

@@ -0,0 +1,54 @@
+<?php
+require "../api.php";
+
+ini_set("display_errors", 1);
+ini_set("display_startup_errors", 1);
+error_reporting(E_ALL);
+
+$api = new spamhasiApi();
+$conf = $api->getConf();
+
+if (!$api->checkAuth()) {
+    header("Location: /users.html?status=500&error=Unauthorized");
+    exit;
+}
+
+if (!isset($_POST["name"]) || !isset($_POST["passwd1"]) || !isset($_POST["passwd2"])) {
+    header("Location: /users.html?status=500&error=Missing fields");
+    exit;
+}
+
+$name = htmlspecialchars($_POST["name"]);
+$passwd1 = hash("sha256", $_POST["passwd1"]);
+$passwd2 = hash("sha256", $_POST["passwd2"]);
+
+if (!preg_match('/^[a-z]+$/', $name)) {
+    header("Location: /users.html?status=500&error=Der Benutzername enthält ungültige Zeichen.");
+    exit;
+}
+
+if ($passwd1 !== $passwd2) {
+    header("Location: /users.html?status=500&error=Die Passwörter stimmen nicht überein.");
+    exit;
+}
+
+$db = $api->getDB();
+
+$sql = "INSERT INTO users (username, passwd) VALUES (:name, :passwd)";
+
+$stmt = $db->prepare($sql);
+
+$sql_exec = $stmt->execute([':name' => $name, ':passwd' => $passwd2]);
+
+if (!$sql_exec) {
+    header("Location: /users.html?status=500&error=SQL Error");
+}
+
+if (!file_put_contents($conf["PATH"] . "/tmp/user_sessions/" . $name . ".json", '{}')) {
+    header("Location: /users.html?status=500&error=Error to write session file.");
+    exit;
+}
+
+header("Location: /users.html?status=200");
+exit;
+?>

api/users/delete.php

@@ -0,0 +1,48 @@
+<?php
+require "../api.php";
+
+$api = new spamhasiApi();
+$conf = $api->getConf();
+
+if (!$api->checkAuth()) {
+    die('{"status":500, "error":"Unauthorized"}');
+}
+
+if (!isset($_POST["id"])) {
+    die('{"status":500, "error":"Missing fields"}');
+}
+
+$id = intval($_POST["id"]);
+
+$db = $api->getDB();
+
+$sql = "SELECT COUNT(*) FROM users";
+$stmt = $db->query($sql);
+
+$count = $stmt->fetchColumn();
+
+if ($count == 1) {
+    die('{"status":500, "error":"Der einzige Benutzer darf NICHT GELÖSCHT WERDEN!"}');
+}
+
+$sql = "SELECT username FROM users WHERE id = :id";
+$stmt = $db->prepare($sql);
+$stmt->execute([':id' => $id]);
+$result = $stmt->fetch(PDO::FETCH_ASSOC);
+$name = $result["username"];
+
+$sql = "DELETE FROM users WHERE id = :id";
+$stmt = $db->prepare($sql);
+
+$sql_exec = $stmt->execute([':id' => $id]);
+
+if (!$sql_exec) {
+    die('{"status":500, "error":"SQL Error"}');
+}
+
+if (!unlink($conf["PATH"] . "/tmp/user_sessions/" . $name . ".json")) {
+    die('{"status":500, "error":"Error to remove session file."}');
+}
+
+die('{"status":200}');
+?>

api/users/edit.php

@@ -0,0 +1,83 @@
+<?php
+require "../api.php";
+
+ini_set("display_errors", 1);
+ini_set("display_startup_errors", 1);
+error_reporting(E_ALL);
+
+$api = new spamhasiApi();
+
+if (!$api->checkAuth()) {
+    header("Location: /users.html?status=500&error=Unauthorized");
+    exit;
+}
+
+if (!isset($_POST["id"]) || !isset($_POST["name"]) || !isset($_POST["passwd1"]) || !isset($_POST["passwd2"])) {
+    die('{"status":500, "error":"Missing fields"}');
+}
+
+$db = $api->getDB();
+
+$id = intval($_POST["id"]);
+
+$sql = "SELECT username FROM users WHERE id = :id";
+
+$stmt = $db->prepare($sql);
+$sql_exec = $stmt->execute([':id' => $id]);
+
+if (!$sql_exec) {
+    header("Location: /users.html?status=500&error=Alter Benutzername konnte nicht abgerufen werden.");
+    exit;
+}
+
+$result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+if ($result) {
+    $old_name = $result["username"];
+}else{
+    header("Location: /users.html?status=500&error=Alter Benutzername konnte nicht ermittelt werden: SQL Error");
+    exit;
+}
+
+
+$name = $_POST["name"];
+
+if (!preg_match('/^[a-z]+$/', $name)) {
+    header("Location: /users.html?status=500&error=Der Benutzername enthält ungültige Zeichen.");
+    exit;
+}
+
+if ($name !== $old_name) {
+    if (file_exists("../../tmp/user_sessions/" . $old_name . ".json")) {
+        unlink("../../tmp/user_sessions/" . $old_name . ".json");
+    }
+}
+
+$passwd1 = hash("sha256", $_POST["passwd1"]);
+$passwd2 = hash("sha256", $_POST["passwd2"]);
+
+if ($passwd1 !== $passwd2) {
+    header("Location: /users.html?status=500&error=Die Passwörter stimmen nicht überein.");
+    exit;
+}
+
+$db = $api->getDB();
+
+$sql = "UPDATE users SET username = :name, passwd = :passwd WHERE id = :id";
+
+$stmt = $db->prepare($sql);
+
+$sql_exec = $stmt->execute([':name' => $name, ':passwd' => $passwd1, ':id' => $id]);
+
+if (!$sql_exec) {
+    header("Location: /users.html?status=500&error=SQL Error");
+    exit;
+}
+
+if (file_put_contents("../../tmp/user_sessions/" . $name . ".json", '{"array":true}')) {
+    header("Location: /users.html?status=200");
+}else{
+    header("Location: /users.html?status=500&error=Error to write session file.");
+}
+exit;
+?>

api/users/info.php

@@ -0,0 +1,33 @@
+<?php
+require "../api.php";
+
+$api = new spamhasiApi();
+
+if (!$api->checkAuth()) {
+    die('{"status":500, "error":"Unauthorized"}');
+}
+
+if (!isset($_POST["id"])) {
+    die('{"status":500, "error":"Missing parameter"}');
+}
+
+$id = intval($_POST["id"]);
+
+$db = $api->getDB();
+
+$sql = "SELECT id, username FROM users WHERE id = :id";
+$stmt = $db->prepare($sql);
+$stmt->execute([':id' => $id]);
+
+$result = $stmt->fetch(PDO::FETCH_ASSOC);
+
+if ($result) {
+    $json["user"] = $result;
+    $json["status"] = 200; 
+}else{
+    $json["status"] = 500;
+    $json["error"] = "Empty SQL Result";
+}
+
+die(json_encode($json));
+?>

api/users/list.php

@@ -0,0 +1,34 @@
+<?php
+require "../api.php";
+
+$api = new spamhasiApi();
+
+if (!$api->checkAuth()) {
+    die('{"status":500, "error":"Unauthorized"}');
+}
+
+$db = $api->getDB();
+
+$sql = "SELECT * FROM users";
+$stmt = $db->query($sql);
+$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+$all_users = [];
+
+if ($result) {
+    foreach ($result as $user_res) {
+        $user["id"] = $user_res["id"];
+        $user["name"] = $user_res["username"];
+
+        $all_users[] = $user;
+    }
+
+    $json["users"] = $all_users;
+}else{
+    $json["users"] = [];
+}
+
+$json["status"] = 200;
+
+die(json_encode($json));
+?>