2013-08-28 22:47:04 +02:00
< ? php
/**
* File : global_userdata . php .
* Author : Ulrich Block
* Contact : < ulrich . block @ easy - wi . com >
*
* This file is part of Easy - WI .
*
* Easy - WI is free software : you can redistribute it and / or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation , either version 3 of the License , or
* ( at your option ) any later version .
*
* Easy - WI is distributed in the hope that it will be useful ,
* but WITHOUT ANY WARRANTY ; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the
* GNU General Public License for more details .
*
* You should have received a copy of the GNU General Public License
* along with Easy - WI . If not , see < http :// www . gnu . org / licenses />.
*
* Diese Datei ist Teil von Easy - WI .
*
* Easy - WI ist Freie Software : Sie koennen es unter den Bedingungen
* der GNU General Public License , wie von der Free Software Foundation ,
* Version 3 der Lizenz oder ( nach Ihrer Wahl ) jeder spaeteren
* veroeffentlichten Version , weiterverbreiten und / oder modifizieren .
*
* Easy - WI wird in der Hoffnung , dass es nuetzlich sein wird , aber
* OHNE JEDE GEWAEHELEISTUNG , bereitgestellt ; sogar ohne die implizite
* Gewaehrleistung der MARKTFAEHIGKEIT oder EIGNUNG FUER EINEN BESTIMMTEN ZWECK .
* Siehe die GNU General Public License fuer weitere Details .
*
* Sie sollten eine Kopie der GNU General Public License zusammen mit diesem
* Programm erhalten haben . Wenn nicht , siehe < http :// www . gnu . org / licenses />.
*/
2013-09-27 08:22:09 +02:00
include ( EASYWIDIR . '/stuff/keyphrasefile.php' );
2013-08-28 22:47:04 +02:00
2013-10-13 11:42:31 +02:00
if ( $ui -> st ( 'w' , 'get' ) == 'se' ) {
2013-08-28 22:47:04 +02:00
if (( ! isset ( $user_id ) or $main != 1 ) or ( isset ( $user_id ) and ! $pa [ 'usersettings' ])) {
header ( 'Location: userpanel.php' );
die ();
}
2013-10-07 03:20:27 +02:00
$loguserid = $user_id ;
$logusername = getusername ( $user_id );
2013-08-28 22:47:04 +02:00
$logusertype = " user " ;
2013-09-29 15:29:58 +02:00
$logreseller = 0 ;
2013-08-28 22:47:04 +02:00
if ( isset ( $admin_id )) {
2013-10-07 03:20:27 +02:00
$logsubuser = $admin_id ;
2013-08-28 22:47:04 +02:00
} else if ( isset ( $subuser_id )) {
2013-10-07 03:20:27 +02:00
$logsubuser = $subuser_id ;
2013-08-28 22:47:04 +02:00
} else {
2013-09-29 15:29:58 +02:00
$logsubuser = 0 ;
2013-08-28 22:47:04 +02:00
}
2013-10-05 18:39:30 +02:00
if ( isset ( $admin_id ) and $reseller_id != 0 and $admin_id != $reseller_id ) $reseller_id = $admin_id ;
2013-08-28 22:47:04 +02:00
} else {
if (( ! isset ( $admin_id ) or $main != 1 )) {
header ( 'Location: admin.php' );
die ();
}
2013-09-29 15:29:58 +02:00
$loguserid = $admin_id ;
$logusername = getusername ( $admin_id );
$logusertype = 'admin' ;
2013-08-28 22:47:04 +02:00
if ( $reseller_id == 0 ) {
2013-09-29 15:29:58 +02:00
$logreseller = 0 ;
$logsubuser = 0 ;
2013-08-28 22:47:04 +02:00
} else {
$logsubuser = ( isset ( $_SESSION [ 'oldid' ])) ? $_SESSION [ 'oldid' ] : 0 ;
2013-09-29 15:29:58 +02:00
$logreseller = 0 ;
2013-08-28 22:47:04 +02:00
}
2013-10-05 18:39:30 +02:00
if ( $reseller_id != 0 and $admin_id != $reseller_id ) $reseller_id = $admin_id ;
2013-08-28 22:47:04 +02:00
}
2013-09-29 15:29:58 +02:00
$sprache = getlanguagefile ( 'user' , $user_language , $reseller_id );
2013-10-13 11:42:31 +02:00
$lookUpID = ( $ui -> st ( 'w' , 'get' ) == 'se' ) ? $user_id : $admin_id ;
if ( $ui -> st ( 'd' , 'get' ) == 'pw' ) {
if ( ! $ui -> smallletters ( 'action' , 2 , 'post' )) {
2013-10-03 12:49:13 +02:00
$template_file = ( $logusertype == 'user' ) ? 'userpanel_pass.tpl' : 'admin_user_own_pass.tpl' ;
2013-10-13 11:42:31 +02:00
} else if ( $ui -> smallletters ( 'action' , 2 , 'post' ) == 'md' ){
2013-09-29 15:29:58 +02:00
$errors = array ();
2013-10-05 13:39:56 +02:00
if ( ! $ui -> password ( 'password' , 255 , 'post' )) $errors [] = $sprache -> error_pass ;
if ( ! $ui -> password ( 'pass2' , 255 , 'post' )) $errors [] = $sprache -> error_pas ;
if ( $ui -> password ( 'password' , 255 , 'post' ) != $ui -> password ( 'pass2' , 255 , 'post' )) $errors [] = $sprache -> error_passw_succ ;
if ( ! token ( true )) $errors [] = $spracheResponse -> token ;
2013-08-28 22:47:04 +02:00
if ( count ( $errors ) > 0 ) {
2013-09-29 15:29:58 +02:00
$template_file = implode ( '<br />' , $errors );
2013-08-28 22:47:04 +02:00
} else {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT `cname` FROM `userdata` WHERE `id`=? AND `resellerid`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $lookUpID , $reseller_id ));
2013-10-07 03:20:27 +02:00
$cname = $query -> fetchColumn ();
$salt = md5 ( mt_rand () . date ( 'Y-m-d H:i:s:u' ));
$security = createHash ( $cname , $ui -> password ( 'pass2' , 255 , 'post' ), $salt , $aeskey );
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " UPDATE `userdata` SET `updateTime`=NOW(),`security`=?,`salt`=? WHERE `id`=? AND `resellerid`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $security , $salt , $lookUpID , $reseller_id ));
if ( $query -> rowCount () > 0 ) {
2013-09-29 15:29:58 +02:00
$template_file = $spracheResponse -> table_add ;
2013-08-28 22:47:04 +02:00
$loguseraction = " %psw% %user% $cname " ;
$insertlog -> execute ();
} else {
2013-09-29 15:29:58 +02:00
$template_file = $spracheResponse -> error_table ;
2013-08-28 22:47:04 +02:00
}
}
} else {
2013-09-29 15:29:58 +02:00
$template_file = 'userpanel_404.tpl' ;
2013-08-28 22:47:04 +02:00
}
} else {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " SELECT * FROM `userdata` WHERE `id`=? AND `resellerid`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $lookUpID , $reseller_id ));
foreach ( $query -> fetchAll ( PDO :: FETCH_ASSOC ) as $row ) {
2013-10-07 03:20:27 +02:00
$cname = $row [ 'cname' ];
$name = $row [ 'name' ];
$vname = $row [ 'vname' ];
$mail = $row [ 'mail' ];
$phone = $row [ 'phone' ];
$handy = $row [ 'handy' ];
$city = $row [ 'city' ];
$cityn = $row [ 'cityn' ];
$street = $row [ 'street' ];
$streetn = $row [ 'streetn' ];
$mail_backup = $row [ 'mail_backup' ];
$mail_serverdown = $row [ 'mail_serverdown' ];
$mail_ticket = $row [ 'mail_ticket' ];
$mail_gsupdate = $row [ 'mail_gsupdate' ];
$mail_securitybreach = $row [ 'mail_securitybreach' ];
$mail_vserver = $row [ 'mail_vserver' ];
2013-08-28 22:47:04 +02:00
#https://github.com/easy-wi/developer/issues/5
2013-09-29 15:29:58 +02:00
$oldValues = array ();
2013-10-05 13:39:56 +02:00
foreach ( $row as $k => $v ) $oldValues [ $k ] = $v ;
2013-08-28 22:47:04 +02:00
}
2013-10-13 11:42:31 +02:00
if ( $ui -> smallletters ( 'action' , 2 , 'post' ) == 'md' and isset ( $oldValues )){
if ( $ui -> ismail ( 'mail' , 'post' ) and token ( true )) {
$mail_backup = ( $ui -> active ( 'mail_backup' , 'post' )) ? $ui -> active ( 'mail_backup' , 'post' ) : 'N' ;
$mail_serverdown = ( $ui -> active ( 'mail_serverdown' , 'post' )) ? $ui -> active ( 'mail_serverdown' , 'post' ) : 'N' ;
$mail_ticket = ( $ui -> active ( 'mail_ticket' , 'post' )) ? $ui -> active ( 'mail_ticket' , 'post' ) : 'N' ;
2013-10-07 03:20:27 +02:00
$name = $ui -> names ( 'name' , 30 , 'post' );
$vname = $ui -> names ( 'vname' , 30 , 'post' );
2013-10-13 11:42:31 +02:00
$mail = $ui -> ismail ( 'mail' , 'post' );
2013-10-07 03:20:27 +02:00
$phone = $ui -> phone ( 'phone' , 30 , 'post' );
$handy = $ui -> phone ( 'handy' , 30 , 'post' );
$city = $ui -> names ( 'city' , 40 , 'post' );
$cityn = $ui -> isinteger ( 'cityn' , 'post' );
$street = $ui -> names ( 'street' , 40 , 'post' );
2013-10-13 11:42:31 +02:00
$streetn = $ui -> streetNumber ( 'streetn' , 'post' );
if (( $ui -> st ( 'w' , 'get' ) == 'se' )) {
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " UPDATE `userdata` SET `updateTime`=NOW(),`name`=?,`vname`=?,`mail`=?,`phone`=?,`handy`=?,`city`=?,`cityn`=?,`street`=?,`streetn`=?,`mail_backup`=?,`mail_serverdown`=?,`mail_ticket`=? WHERE `id`=? AND `resellerid`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $name , $vname , $mail , $phone , $handy , $city , $cityn , $street , $streetn , $mail_backup , $mail_serverdown , $mail_ticket , $lookUpID , $reseller_id ));
} else {
2013-10-13 11:42:31 +02:00
$mail_gsupdate = ( $ui -> active ( 'mail_gsupdate' , 'post' )) ? $ui -> active ( 'mail_gsupdate' , 'post' ) : 'N' ;
$mail_securitybreach = ( $ui -> active ( 'mail_securitybreach' , 'post' )) ? $ui -> active ( 'mail_securitybreach' , 'post' ) : 'N' ;
$mail_vserver = ( $ui -> active ( 'mail_vserver' , 'post' )) ? $ui -> active ( 'mail_vserver' , 'post' ) : 'N' ;
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " UPDATE `userdata` SET `updateTime`=NOW(),`name`=?,`vname`=?,`mail`=?,`phone`=?,`handy`=?,`city`=?,`cityn`=?,`street`=?,`streetn`=?,`mail_backup`=?,`mail_serverdown`=?,`mail_ticket`=?,`mail_gsupdate`=?,`mail_securitybreach`=?,`mail_vserver`=? WHERE `id`=? AND `resellerid`=? LIMIT 1 " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $name , $vname , $mail , $phone , $handy , $city , $cityn , $street , $streetn , $mail_backup , $mail_serverdown , $mail_ticket , $mail_gsupdate , $mail_securitybreach , $mail_vserver , $lookUpID , $reseller_id ));
}
if ( $query -> rowCount () > 0 ) {
#https://github.com/easy-wi/developer/issues/5
2013-09-29 15:29:58 +02:00
$changed = array ();
2013-10-05 13:39:56 +02:00
foreach ( $oldValues as $k => $v ) if ( isset ( $$k ) and " { $$k } " != $v ) $changed [ $k ] = $v ;
2013-09-29 15:29:58 +02:00
$query = $sql -> prepare ( " INSERT INTO `userdata_value_log` (`userID`,`date`,`json`,`resellerID`) VALUES (?,NOW(),?,?) " );
2013-08-28 22:47:04 +02:00
$query -> execute ( array ( $lookUpID , json_encode ( $changed ), $reseller_id ));
2013-09-29 15:29:58 +02:00
$template_file = $spracheResponse -> table_add ;
2013-08-28 22:47:04 +02:00
$loguseraction = " %mod% %user% $cname " ;
$insertlog -> execute ();
} else {
2013-09-29 15:29:58 +02:00
$template_file = $spracheResponse -> error_table ;
2013-08-28 22:47:04 +02:00
}
} else {
2013-09-29 15:29:58 +02:00
$template_file = ( ! token ( true )) ? $spracheResponse -> token : $sprache -> error_mail ;
2013-08-28 22:47:04 +02:00
}
} else {
2013-10-03 12:49:13 +02:00
$template_file = ( $logusertype == 'user' ) ? 'userpanel_user_md.tpl' : 'admin_user_own_md.tpl' ;
2013-08-28 22:47:04 +02:00
}
}
