feat: Add user edit modal and user management pages
- Implemented user edit modal in user_edit.html for editing user details. - Updated sidebar.html to correctly reflect active states for Users and Settings. - Created table-07.html for displaying user data in a structured format. - Added settings.html for managing email content and configurations. - Developed users.html for listing all users with functionality to add and edit users.
This commit is contained in:
marc-go
54
api/users/add.php
Normal file
54
api/users/add.php
Normal file
@@ -0,0 +1,54 @@
|
||||
<?php
|
||||
require "../api.php";
|
||||
|
||||
ini_set("display_errors", 1);
|
||||
ini_set("display_startup_errors", 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
$api = new spamhasiApi();
|
||||
$conf = $api->getConf();
|
||||
|
||||
if (!$api->checkAuth()) {
|
||||
header("Location: /users.html?status=500&error=Unauthorized");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_POST["name"]) || !isset($_POST["passwd1"]) || !isset($_POST["passwd2"])) {
|
||||
header("Location: /users.html?status=500&error=Missing fields");
|
||||
exit;
|
||||
}
|
||||
|
||||
$name = htmlspecialchars($_POST["name"]);
|
||||
$passwd1 = hash("sha256", $_POST["passwd1"]);
|
||||
$passwd2 = hash("sha256", $_POST["passwd2"]);
|
||||
|
||||
if (!preg_match('/^[a-z]+$/', $name)) {
|
||||
header("Location: /users.html?status=500&error=Der Benutzername enthält ungültige Zeichen.");
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($passwd1 !== $passwd2) {
|
||||
header("Location: /users.html?status=500&error=Die Passwörter stimmen nicht überein.");
|
||||
exit;
|
||||
}
|
||||
|
||||
$db = $api->getDB();
|
||||
|
||||
$sql = "INSERT INTO users (username, passwd) VALUES (:name, :passwd)";
|
||||
|
||||
$stmt = $db->prepare($sql);
|
||||
|
||||
$sql_exec = $stmt->execute([':name' => $name, ':passwd' => $passwd2]);
|
||||
|
||||
if (!$sql_exec) {
|
||||
header("Location: /users.html?status=500&error=SQL Error");
|
||||
}
|
||||
|
||||
if (!file_put_contents($conf["PATH"] . "/tmp/user_sessions/" . $name . ".json", '{}')) {
|
||||
header("Location: /users.html?status=500&error=Error to write session file.");
|
||||
exit;
|
||||
}
|
||||
|
||||
header("Location: /users.html?status=200");
|
||||
exit;
|
||||
?>
|
||||
48
api/users/delete.php
Normal file
48
api/users/delete.php
Normal file
@@ -0,0 +1,48 @@
|
||||
<?php
|
||||
require "../api.php";
|
||||
|
||||
$api = new spamhasiApi();
|
||||
$conf = $api->getConf();
|
||||
|
||||
if (!$api->checkAuth()) {
|
||||
die('{"status":500, "error":"Unauthorized"}');
|
||||
}
|
||||
|
||||
if (!isset($_POST["id"])) {
|
||||
die('{"status":500, "error":"Missing fields"}');
|
||||
}
|
||||
|
||||
$id = intval($_POST["id"]);
|
||||
|
||||
$db = $api->getDB();
|
||||
|
||||
$sql = "SELECT COUNT(*) FROM users";
|
||||
$stmt = $db->query($sql);
|
||||
|
||||
$count = $stmt->fetchColumn();
|
||||
|
||||
if ($count == 1) {
|
||||
die('{"status":500, "error":"Der einzige Benutzer darf NICHT GELÖSCHT WERDEN!"}');
|
||||
}
|
||||
|
||||
$sql = "SELECT username FROM users WHERE id = :id";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->execute([':id' => $id]);
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
$name = $result["username"];
|
||||
|
||||
$sql = "DELETE FROM users WHERE id = :id";
|
||||
$stmt = $db->prepare($sql);
|
||||
|
||||
$sql_exec = $stmt->execute([':id' => $id]);
|
||||
|
||||
if (!$sql_exec) {
|
||||
die('{"status":500, "error":"SQL Error"}');
|
||||
}
|
||||
|
||||
if (!unlink($conf["PATH"] . "/tmp/user_sessions/" . $name . ".json")) {
|
||||
die('{"status":500, "error":"Error to remove session file."}');
|
||||
}
|
||||
|
||||
die('{"status":200}');
|
||||
?>
|
||||
83
api/users/edit.php
Normal file
83
api/users/edit.php
Normal file
@@ -0,0 +1,83 @@
|
||||
<?php
|
||||
require "../api.php";
|
||||
|
||||
ini_set("display_errors", 1);
|
||||
ini_set("display_startup_errors", 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
$api = new spamhasiApi();
|
||||
|
||||
if (!$api->checkAuth()) {
|
||||
header("Location: /users.html?status=500&error=Unauthorized");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($_POST["id"]) || !isset($_POST["name"]) || !isset($_POST["passwd1"]) || !isset($_POST["passwd2"])) {
|
||||
die('{"status":500, "error":"Missing fields"}');
|
||||
}
|
||||
|
||||
$db = $api->getDB();
|
||||
|
||||
$id = intval($_POST["id"]);
|
||||
|
||||
$sql = "SELECT username FROM users WHERE id = :id";
|
||||
|
||||
$stmt = $db->prepare($sql);
|
||||
$sql_exec = $stmt->execute([':id' => $id]);
|
||||
|
||||
if (!$sql_exec) {
|
||||
header("Location: /users.html?status=500&error=Alter Benutzername konnte nicht abgerufen werden.");
|
||||
exit;
|
||||
}
|
||||
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($result) {
|
||||
$old_name = $result["username"];
|
||||
}else{
|
||||
header("Location: /users.html?status=500&error=Alter Benutzername konnte nicht ermittelt werden: SQL Error");
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
$name = $_POST["name"];
|
||||
|
||||
if (!preg_match('/^[a-z]+$/', $name)) {
|
||||
header("Location: /users.html?status=500&error=Der Benutzername enthält ungültige Zeichen.");
|
||||
exit;
|
||||
}
|
||||
|
||||
if ($name !== $old_name) {
|
||||
if (file_exists("../../tmp/user_sessions/" . $old_name . ".json")) {
|
||||
unlink("../../tmp/user_sessions/" . $old_name . ".json");
|
||||
}
|
||||
}
|
||||
|
||||
$passwd1 = hash("sha256", $_POST["passwd1"]);
|
||||
$passwd2 = hash("sha256", $_POST["passwd2"]);
|
||||
|
||||
if ($passwd1 !== $passwd2) {
|
||||
header("Location: /users.html?status=500&error=Die Passwörter stimmen nicht überein.");
|
||||
exit;
|
||||
}
|
||||
|
||||
$db = $api->getDB();
|
||||
|
||||
$sql = "UPDATE users SET username = :name, passwd = :passwd WHERE id = :id";
|
||||
|
||||
$stmt = $db->prepare($sql);
|
||||
|
||||
$sql_exec = $stmt->execute([':name' => $name, ':passwd' => $passwd1, ':id' => $id]);
|
||||
|
||||
if (!$sql_exec) {
|
||||
header("Location: /users.html?status=500&error=SQL Error");
|
||||
exit;
|
||||
}
|
||||
|
||||
if (file_put_contents("../../tmp/user_sessions/" . $name . ".json", '{"array":true}')) {
|
||||
header("Location: /users.html?status=200");
|
||||
}else{
|
||||
header("Location: /users.html?status=500&error=Error to write session file.");
|
||||
}
|
||||
exit;
|
||||
?>
|
||||
33
api/users/info.php
Normal file
33
api/users/info.php
Normal file
@@ -0,0 +1,33 @@
|
||||
<?php
|
||||
require "../api.php";
|
||||
|
||||
$api = new spamhasiApi();
|
||||
|
||||
if (!$api->checkAuth()) {
|
||||
die('{"status":500, "error":"Unauthorized"}');
|
||||
}
|
||||
|
||||
if (!isset($_POST["id"])) {
|
||||
die('{"status":500, "error":"Missing parameter"}');
|
||||
}
|
||||
|
||||
$id = intval($_POST["id"]);
|
||||
|
||||
$db = $api->getDB();
|
||||
|
||||
$sql = "SELECT id, username FROM users WHERE id = :id";
|
||||
$stmt = $db->prepare($sql);
|
||||
$stmt->execute([':id' => $id]);
|
||||
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if ($result) {
|
||||
$json["user"] = $result;
|
||||
$json["status"] = 200;
|
||||
}else{
|
||||
$json["status"] = 500;
|
||||
$json["error"] = "Empty SQL Result";
|
||||
}
|
||||
|
||||
die(json_encode($json));
|
||||
?>
|
||||
34
api/users/list.php
Normal file
34
api/users/list.php
Normal file
@@ -0,0 +1,34 @@
|
||||
<?php
|
||||
require "../api.php";
|
||||
|
||||
$api = new spamhasiApi();
|
||||
|
||||
if (!$api->checkAuth()) {
|
||||
die('{"status":500, "error":"Unauthorized"}');
|
||||
}
|
||||
|
||||
$db = $api->getDB();
|
||||
|
||||
$sql = "SELECT * FROM users";
|
||||
$stmt = $db->query($sql);
|
||||
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
|
||||
|
||||
$all_users = [];
|
||||
|
||||
if ($result) {
|
||||
foreach ($result as $user_res) {
|
||||
$user["id"] = $user_res["id"];
|
||||
$user["name"] = $user_res["username"];
|
||||
|
||||
$all_users[] = $user;
|
||||
}
|
||||
|
||||
$json["users"] = $all_users;
|
||||
}else{
|
||||
$json["users"] = [];
|
||||
}
|
||||
|
||||
$json["status"] = 200;
|
||||
|
||||
die(json_encode($json));
|
||||
?>
|
||||
Reference in New Issue
Block a user