Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- //error_reporting(0);
- class editUser {
- function getGroupname($id)
- {
- include("bdd.php");
- $sql = "SELECT * FROM users WHERE ID='$id'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $req->execute();
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $results = $req->fetchAll();
- foreach($results as $row)
- {
- return $row['user_group'];
- }
- }
- function chkPerm($array, $group){
- if (in_array($group, $array)) {
- return true;
- }else{
- return false;
- }
- }
- function getColor($group){
- include("bdd.php");
- $sql = "SELECT * FROM groups WHERE name='$group'";
- $query = $bdd->prepare( $sql );
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- $results = $query->fetchAll();
- foreach ($results as $row) {
- return $row['color'];
- }
- }
- function showUserList($filter, $name){
- session_start();
- $username = $_SESSION['name'];
- include ("bdd.php");
- if($filter == true){
- $sql = "SELECT * FROM users WHERE name LIKE '%".$name."%' AND name <> '$username'";
- }else{
- $sql = "SELECT * FROM users WHERE name <> '$username'";
- }
- $query = $bdd->prepare( $sql );
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- $results = $query->fetchAll();
- foreach ($results as $row) {
- $name = $row['name'];
- $id = $row['ID'];
- $group = $row['user_group'];
- $new = new editUser();
- $color = $new->getColor($group);
- echo("
- <tr>
- <td>$id</td>
- <td>$name</td>
- <td><font color='$color'>$group</font></td>
- <td><a href='/admin/pages/includes/ajaxDel.php?id=$id' class='btn btn-danger' onClick='return confirm(`Are you sure?`)'><i class='fa fa-trash-o' aria-hidden='true'></i> Delete</a> <a href='?userEdit=$id&group=$group&edit=modal#tbl' class='btn btn-warning'><i class='fa fa-pencil' aria-hidden='true'></i> Edit user</a> <a href='?userEdit=$id&edit=pwd' class='btn btn-info'><i class='fa fa-key' aria-hidden='true'></i> Change password</a></td>
- </tr>
- ");
- }
- $count = $query->rowCount();
- if($count == 0){
- echo("
- <a href='#addModal' type='button' class='btn btn-primary btn-lg btn-block' data-toggle='modal'><i class='fa fa-plus-square' aria-hidden='true'></i> Add user</a>
- <br />
- <a href='/admin/edit-users/' type='button' class='btn btn-default btn-lg btn-block'><i class='fa fa-retweet' aria-hidden='true'></i> Refresh Results</a>
- <br />
- <div class='alert alert-danger'>
- <strong><i class='fa fa-times' aria-hidden='true'></i></strong> No results found.
- </div>
- ");
- }else{
- echo("
- <a href='#addModal' type='button' class='btn btn-primary btn-lg btn-block' data-toggle='modal'><i class='fa fa-plus-square' aria-hidden='true'></i> Add user</a>
- <br />
- <a href='/admin/edit-users/' type='button' class='btn btn-default btn-lg btn-block'><i class='fa fa-retweet' aria-hidden='true'></i> Refresh Results</a>
- <br />
- <div class='alert alert-info'>
- <strong><i class='fa fa-info-circle fa-1x' aria-hidden='true'></i></strong> Showing <strong>$count</strong> results.
- </div>
- ");
- }
- }
- function delUser($id){
- include ("bdd.php");
- $sql = "DELETE FROM users WHERE id='$id'";
- $query = $bdd->prepare( $sql );
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- }
- function updateUser($id, $name, $group){
- include ("bdd.php");
- $sql = "UPDATE users SET name = '$name', user_group = '$group' WHERE ID='$id'";
- $query = $bdd->prepare( $sql );
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- }
- function getUserVals($id){
- include ("bdd.php");
- $sql = "SELECT * FROM users WHERE ID='$id'";
- $query = $bdd->prepare($sql);
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- $results = $query->fetchAll();
- foreach ($results as $row) {
- $name = $row['name'];
- $group = $row['group'];
- }
- return $name;
- }
- function addUser($name, $unSaltPass, $group, $salt){
- include ("bdd.php");
- $sql = "SELECT * FROM users WHERE name='$name'";
- //$req = $bdd->prepare($sql);
- //$req->execute();
- $query = $bdd->prepare( $sql );
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- $results = $query->fetchAll();
- foreach($results as $row){
- $name1 = $row['name'];
- }
- $password = sha1($unSaltPass.$salt);
- $sql = "INSERT INTO users(name, password, user_group) values ('$name', '$password', '$group')";
- //$req = $bdd->prepare($sql);
- //$req->execute();
- $query = $bdd->prepare( $sql );
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- }
- function changePwd($id, $unSaltPass, $salt){
- include ("bdd.php");
- include ("gatherPermissions.php");
- $user = new editUser();
- $password = sha1($unSaltPass.$salt);
- $sql = "UPDATE users SET password = '$password' WHERE ID='$id'";
- $query = $bdd->prepare( $sql );
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- }
- function checkLevel($currentUsername,$requested_group){
- include ("bdd.php");
- //Get user info
- $sql = "SELECT * FROM users WHERE name='$currentUsername'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $req->execute();
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $results = $req->fetchAll();
- foreach($results as $row)
- {
- $userGroupCurrent = $row['user_group'];
- }
- //Get Requested group Level
- $sql = "SELECT * FROM groups WHERE name='$requested_group'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $req->execute();
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $results = $req->fetchAll();
- foreach($results as $row)
- {
- $reqGroupLevel = $row['level'];
- }
- //Get current user group level
- $sql = "SELECT * FROM groups WHERE name='$userGroupCurrent'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $req->execute();
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $results = $req->fetchAll();
- foreach($results as $row)
- {
- $currentGroupLevel = $row['level'];
- }
- if($currentGroupLevel > $reqGroupLevel)
- {
- return false;
- }else{
- return true;
- }
- }
- }
- class editGroup{
- function listGroups($filter, $name){
- include ("bdd.php");
- include ("gatherPermissions.php");
- if($filter == true){
- $sql = "SELECT * FROM groups WHERE name LIKE '%".$name."%' AND name <> 'not_assigned' ORDER BY level ASC";
- }else{
- $sql = "SELECT * FROM groups WHERE name <> 'not_assigned' ORDER BY level ASC";
- }
- $query = $bdd->prepare( $sql );
- if ($query == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($bdd->errorInfo());
- die();
- }
- $sth = $query->execute();
- if ($sth == false) {
- echo ("<center>
- <img src='http://www.clipartbest.com/cliparts/yck/M6X/yckM6Xygi.png' width=20% height=20%>
- <p>
- <h2>ERROR:</h2>
- <h3>We had a fatal error. Please contact the developer and supply this information:</h3>
- <h4>SQL ERROR: \"$sql\"</h4>
- <h4>Details:</h4>
- </p>
- </center>");
- print_r($query->errorInfo());
- die();
- }
- $results = $query->fetchAll();
- $count= $query->rowCount();
- if($count < 1){
- echo("
- <div class='alert alert-danger'>
- <strong><i class='fa fa-times' aria-hidden='true'></i></strong> No results found.
- </div>
- ");
- }else{
- echo("<div class='alert alert-info'>
- <strong><i class='fa fa-info-circle fa-1x' aria-hidden='true'></i></strong> Showing <strong>$count</strong> results.
- </div>");
- }
- foreach ($results as $row) {
- $name = $row['name'];
- $id = $row['ID'];
- $color = $row['color'];
- $level = $row['level'];
- $desc = $row['description'];
- $currentGroupLevel = $userPerm['level'];
- $reqGroupLevel = $row['level'];
- if($currentGroupLevel > $reqGroupLevel)
- {
- echo("
- <tr>
- <td>$id</td>
- <td><font color='$color'>$name</font></td>
- <td><span class='label label-danger'>$level</span></td>
- <td>$desc</td>
- <td><a href='#' data-toggle='modal' data-target='#delModal' class='btn btn-danger' onClick='confirmDel($id)'><i class='fa fa-trash-o' aria-hidden='true'></i> Delete</a>
- <a href='edit-group-perms/$id/' class='btn btn-default'>
- <i class='fa fa-shield' aria-hidden='true'></i> View/Edit Permissions</a>
- <a href='#' data-toggle='modal' data-target='#lvModal' class='btn btn-info'><i class='fa fa-bars' aria-hidden='true'></i> Edit Group order...</a>
- <a href='#' data-toggle='modal' onClick='setId(`$id`,`$name`,`$color`)' data-target='#editModal' class='btn btn-info'><i class='fa fa-pencil' aria-hidden='true'></i> Edit Other Properties</a>
- </td>
- </tr>
- ");
- }else if($userPerm['level'] <= $level){
- echo("
- <tr>
- <td>$id</td>
- <td><font color='$color'>$name</font></td>
- <td><span class='label label-success'>$level</span></td>
- <td>$desc</td>
- <td><a href='#' data-toggle='modal' data-target='#delModal' onClick='confirmDel($id)' class='btn btn-danger' ><i class='fa fa-trash-o' aria-hidden='true' ></i> Delete</a>
- <a href='edit-group-perms/$id/' class='btn btn-default'>
- <i class='fa fa-shield' aria-hidden='true'></i> View/Edit Permissions</a>
- <a href='#' data-toggle='modal' data-target='#lvModal' class='btn btn-info'><i class='fa fa-bars' aria-hidden='true'></i> Edit Group order...</a>
- <a href='#' data-toggle='modal' onClick='setId(`$id`,`$name`,`$color`)' data-target='#editModal' class='btn btn-info'><i class='fa fa-pencil' aria-hidden='true'></i> Edit Other Properties</a>
- </td>
- </tr>
- ");
- }
- }
- ?>
- <script>
- function setId(id,name,color){
- $("#Editname").val(name);
- $("#Editcolor").val(color);
- $("#Editid").val(id);
- }
- </script>
- <?php
- }
- function delGroup($id,$old)
- {
- include("bdd.php");
- $sql = "DELETE FROM groups WHERE id='$id'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- die("ERR");
- }
- $sth = $req->execute();
- if($sth == false)
- {
- die("ERR");
- }
- $sql = "UPDATE users SET user_group = 'not_assigned' WHERE user_group='$old'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- die("ERR");
- }
- $sth = $req->execute();
- if($sth == false)
- {
- die("ERR");
- }
- return true;
- }
- function chkPerm($array, $group){
- if (in_array($group, $array)) {
- return true;
- }else{
- return false;
- }
- }
- function updateGroup($name,$color,$id){
- include("bdd.php");
- $sql = "SELECT * FROM groups WHERE ID='$id'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- print_r($req->errorInfo());
- die("Error");
- }
- $req->execute();
- if($req == false)
- {
- print_r($req->errorInfo());
- die("Error");
- }
- $result = $req->fetchAll();
- foreach($result as $row)
- {
- $old_group = $row['name'];
- }
- $name = htmlspecialchars($name);
- $sql = "UPDATE groups SET name='$name', color='$color' WHERE ID='$id'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- print_r($req->errorInfo());
- die("Error");
- }
- $req->execute();
- if($req == false)
- {
- print_r($req->errorInfo());
- die("Error");
- }
- $sql = "UPDATE users SET user_group = '$name' WHERE user_group='$old_group'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- print_r($req->errorInfo());
- die("Error");
- }
- $req->execute();
- if($req == false)
- {
- print_r($req->errorInfo());
- die("Error");
- }
- $_SESSION['msg_success'] = "Updated group";
- return true;
- }
- function getGroupname($id)
- {
- include("bdd.php");
- $sql = "SELECT * FROM groups WHERE ID='$id'";
- $req = $bdd->prepare($sql);
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $req->execute();
- if($req == false)
- {
- print_r($req->errorInfo());
- die("error");
- }
- $results = $req->fetchAll();
- foreach($results as $row)
- {
- return $row['name'];
- }
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement