Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- require_once("Manager.php");
- //Get action + data
- $data = $_POST;
- if (array_key_exists("mode", $_GET) && $_GET["mode"] == "get") {
- $data = $_GET;
- }
- if (!array_key_exists("action", $data)) {
- echo "No action defined.";
- exit();
- }
- $action = $data["action"];
- switch ($action) {
- // username, password
- case "login":
- login($data);
- break;
- //
- case "logout":
- logout($data);
- break;
- // username, password, email, fullname, authtoken
- case "addaccount":
- addaccount($data);
- break;
- // id, username, email, fullname, authtoken
- case "changeaccount":
- changeaccount($data);
- break;
- // id, password, authtoken
- case "changepassword":
- changepassword($data);
- break;
- // id, permissions, authtoken
- case "changepermissions":
- changepermissions($data);
- break;
- // id, authtoken
- case "removeaccount":
- removeaccount($data);
- break;
- default:
- echo "Action not found";
- exit();
- }
- echo true;
- return;
- function login($data) {
- $username = htmlspecialchars($data["username"]);
- $password = htmlspecialchars($data["password"]);
- $user = Manager::getDatabase()->getUserByUsername($username);
- if ($user == null || !$user->checkPassword($password)) {
- echo "Je gebruikersnaam of wachtwoord klopt niet.";
- exit();
- }
- Manager::getSession()->setCurrentUser($user);
- return true;
- }
- function logout($data) {
- if (!Manager::getSession()->isLoggedIn()) {
- echo "Je bent niet ingelogd.";
- exit();
- }
- Manager::getSession()->logout();
- return true;
- }
- function addaccount($data) {
- $username = htmlspecialchars($data["username"]);
- $password = htmlspecialchars($data["password"]);
- $email = htmlspecialchars($data["email"]);
- $fullname = htmlspecialchars($data["fullname"]);
- $authtoken = htmlspecialchars($data["authtoken"]);
- Manager::getSession()->checkLoginAndToken($authtoken);
- if (Manager::getDatabase()->getUserByUsername($username) != null) {
- echo "Er bestaat al een gebruiker met deze gebruikersnaam.";
- exit();
- }
- $user = new User();
- $user->setUsername($username);
- $user->changePassword($password);
- $user->setEmail($email);
- $user->setFullname($fullname);
- $user->setPermissions([]);
- $user->generateNewToken();
- Manager::getDatabase()->saveUser($user);
- return true;
- }
- function changeaccount($data) {
- $id = htmlspecialchars($data["id"]);
- $username = htmlspecialchars($data["username"]);
- $email = htmlspecialchars($data["email"]);
- $fullname = htmlspecialchars($data["fullname"]);
- $authtoken = htmlspecialchars($data["authtoken"]);
- Manager::getSession()->checkLoginAndToken($authtoken);
- foreach (Manager::getDatabase()->getAllUsers() as $dbuser) {
- if ($dbuser->getId() != $id && $dbuser->getUsername() == $username) {
- echo "De gebruikersnaam is al in gebruik";
- exit();
- }
- }
- $user = Manager::getDatabase()->getUserById($id);
- if ($username != null) $user->setUsername($username);
- if ($email != null) $user->setEmail($email);
- if ($fullname != null) $user->setFullname($fullname);
- Manager::getDatabase()->saveUser($user);
- return true;
- }
- function changepassword($data) {
- $id = htmlspecialchars($data["id"]);
- $password = $data["password"];
- $authtoken = htmlspecialchars($data["authtoken"]);
- Manager::getSession()->checkLoginAndToken($authtoken);
- $user = Manager::getDatabase()->getUserById($id);
- $user->changePassword($password);
- Manager::getDatabase()->saveUser($user);
- return true;
- }
- function changepermissions($data) {
- $id = htmlspecialchars($data["id"]);
- $perms = json_decode($data["permissions"]);
- $authtoken = htmlspecialchars($data["authtoken"]);
- Manager::getSession()->checkLoginAndToken($authtoken);
- $user = Manager::getDatabase()->getUserById($id);
- $user->setPermissions($perms);
- Manager::getDatabase()->saveUser($user);
- return true;
- }
- function removeaccount($data) {
- $id = htmlspecialchars($data["id"]);
- $authtoken = htmlspecialchars($data["authtoken"]);
- Manager::getSession()->checkLoginAndToken($authtoken);
- $user = Manager::getDatabase()->getUserById($id);
- Manager::getDatabase()->removeUser($user);
- return true;
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement