From c5315bbcd7af5c4fc549c8120caec8c3cba4a45a Mon Sep 17 00:00:00 2001 From: mischa Date: Sat, 3 Sep 2022 06:39:34 +0000 Subject: [PATCH] consolidate add/edit admin to single file --- admin/add-admin.php | 77 ---------- admin/admin.php | 134 ++++++++++++++++++ admin/delete.php | 1 + admin/domain.php | 4 +- admin/edit-admin.php | 101 ------------- .../{admin_add-admin.tpl => admin_admin.tpl} | 0 templates/admin_list-admin.tpl | 2 +- templates/admin_menu.tpl | 2 +- 8 files changed, 139 insertions(+), 182 deletions(-) delete mode 100644 admin/add-admin.php create mode 100644 admin/admin.php delete mode 100644 admin/edit-admin.php rename templates/{admin_add-admin.tpl => admin_admin.tpl} (100%) diff --git a/admin/add-admin.php b/admin/add-admin.php deleted file mode 100644 index 89039a3..0000000 --- a/admin/add-admin.php +++ /dev/null @@ -1,77 +0,0 @@ - -// Copyright (c) 2022 High5! -// License Info: LICENSE.TXT -// -// File: create-admin.php -// -// Template File: admin_create-admin.tpl -// -// -// Template Variables: -// -// tMessage -// tUsername -// tDomains -// -// Form POST \ GET Variables: -// -// fUsername -// fPassword -// fPassword2 -// fDomains -// -require("../variables.inc.php"); -require("../config.inc.php"); -require("../functions.inc.php"); -include("../languages/" . check_language() . ".lang"); - -$list_domains = list_domains(); -$list_admins = list_admins(); - -if ($_SERVER['REQUEST_METHOD'] == "POST") { - $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL); - $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT); - $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT); - $domains = filter_input_array(INPUT_POST, array('domains' => array('filter' => FILTER_VALIDATE_DOMAIN, 'flags' => FILTER_REQUIRE_ARRAY))); - - if (empty($username) || in_array($username, array_column($list_admins, 'username'))) { - $message = $PALANG['pAdminCreate_admin_username_error']; - } - - if (empty($password1) or ($password1 != $password2)) { - $message = $PALANG['pAdminCreate_admin_password_error']; - } - - if (empty($domains['domains'])) { - $message = $PALANG['pAdminCreate_admin_domain_error']; - } - - if (empty($message)) { - $hashed = bcrypt($password1); - try { - $dbh = connect_db(); - $sth = $dbh->prepare("INSERT INTO admin (username,password,created,modified) VALUES (?,?,NOW(),NOW())"); - $sth->bindParam(1, $username, PDO::PARAM_STR); - $sth->bindParam(2, $hashed, PDO::PARAM_STR); - $sth->execute(); - foreach ($domains['domains'] as $row) { - $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())"); - $sth->bindParam(1, $username, PDO::PARAM_STR); - $sth->bindParam(2, $row, PDO::PARAM_STR); - $sth->execute(); - } - $message = $PALANG['pAdminCreate_admin_result_succes'] . "
($username)
"; - } catch(PDOException $e) { - $message = $PALANG['pAdminCreate_admin_result_error'] . "
($username)
"; - } - } - -} -include("../templates/header.tpl"); -include("../templates/admin_menu.tpl"); -include("../templates/admin_create-admin.tpl"); -include("../templates/footer.tpl"); -?> diff --git a/admin/admin.php b/admin/admin.php new file mode 100644 index 0000000..e6f9a42 --- /dev/null +++ b/admin/admin.php @@ -0,0 +1,134 @@ + +// Copyright (c) 2022 High5! +// License Info: LICENSE.TXT +// +// File: create-admin.php +// +// Template File: admin_create-admin.tpl +// +// +// Template Variables: +// +// tMessage +// tUsername +// tDomains +// +// Form POST \ GET Variables: +// +// fUsername +// fPassword +// fPassword2 +// fDomains +// +require_once("../functions.inc.php"); +include("../languages/" . check_language() . ".lang"); + +$list_domains = list_domains(); +$list_admins = list_admins(); + +if ($_SERVER['REQUEST_METHOD'] == "GET") { + $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add'; + if ($action == 'edit') { + $username = filter_input(INPUT_GET, 'username', FILTER_VALIDATE_EMAIL); + $domains['domains'] = array_column(list_domains($username), 'domain'); + } +} + +if ($_SERVER['REQUEST_METHOD'] == "POST") { + $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add'; + $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL); + $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT); + $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT); + $domains = filter_input_array(INPUT_POST, array('domains' => array('filter' => FILTER_VALIDATE_DOMAIN, 'flags' => FILTER_REQUIRE_ARRAY))); + + + if ($action == 'add') { + if (empty($username) || in_array($username, array_column($list_admins, 'username'))) { + $message = $PALANG['pAdminCreate_admin_username_error']; + } + + if (empty($password1) || $password1 != $password2) { + $message = $PALANG['pAdminCreate_admin_password_error']; + } + + if (empty($domains['domains'])) { + $message = $PALANG['pAdminCreate_admin_domain_error']; + } + + if (empty($message)) { + $hashed = bcrypt($password1); + try { + $dbh = connect_db(); + $sth = $dbh->prepare("INSERT INTO admin (username,password,created,modified) VALUES (?,?,NOW(),NOW())"); + $sth->bindParam(1, $username, PDO::PARAM_STR); + $sth->bindParam(2, $hashed, PDO::PARAM_STR); + $sth->execute(); + foreach ($domains['domains'] as $row) { + $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())"); + $sth->bindParam(1, $username, PDO::PARAM_STR); + $sth->bindParam(2, $row, PDO::PARAM_STR); + $sth->execute(); + } + $message = $PALANG['pAdminCreate_admin_result_succes'] . "
($username)
"; + } catch(PDOException $e) { + $message = $PALANG['pAdminCreate_admin_result_error'] . "
($username)
"; + } + } + } + + if (in_array($username, array_column($list_admins, 'username')) && $action == 'edit') { + if ($password1 != $password2) { + $message = $PALANG['pAdminCreate_admin_password_error']; + } + if (empty($message)) { + try { + $dbh = connect_db(); + $hashed = bcrypt($password1); + $sth= $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?"); + $sth->bindParam(1, $hashed, PDO::PARAM_STR); + $sth->bindParam(2, $username, PDO::PARAM_STR); + $sth->execute(); + } catch(PDOException $e) { + $message = $PALANG['pAdminEdit_admin_result_error'] . "
($username)
"; + } + } + + if (empty($domains['domains'])) { + $message = $PALANG['pAdminCreate_admin_domain_error']; + } + if (empty($message)) { + try { + $dbh = connect_db(); + $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?"); + $sth->execute(array($username)); + $count_domain_admins = $sth->fetchColumn(); + + $sth = $dbh->prepare("DELETE FROM domain_admins WHERE username=?"); + $sth->execute(array($username)); + if ($sth->rowCount() != $count_domain_admins) { + throw new RuntimeException('Unable to delete entries from the domain_admins table.'); + } + + foreach ($domains['domains'] as $row) { + $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())"); + $sth->bindParam(1, $username, PDO::PARAM_STR); + $sth->bindParam(2, $row, PDO::PARAM_STR); + $sth->execute(); + } + header("Location: list-admin.php"); + } catch (RuntimeException $e) { + $message = $PALANG['pAdminEdit_admin_result_error']; + } catch (PDOException $e) { + $message = $PALANG['pAdminEdit_admin_result_error']; + } + } + } +} +include("../templates/header.tpl"); +include("../templates/admin_menu.tpl"); +include("../templates/admin_admin.tpl"); +include("../templates/footer.tpl"); +?> diff --git a/admin/delete.php b/admin/delete.php index 59f8fa9..962de78 100644 --- a/admin/delete.php +++ b/admin/delete.php @@ -135,6 +135,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") { $dbh->rollBack(); } catch (PDOException $e) { $message = $e->getMessage(); + $dbh->rollBack(); } } diff --git a/admin/domain.php b/admin/domain.php index 9055b22..2e24f6e 100644 --- a/admin/domain.php +++ b/admin/domain.php @@ -34,7 +34,7 @@ include '../languages/' . check_language() . '.lang'; $list_domains = list_domains(); if ($_SERVER['REQUEST_METHOD'] == "GET") { - $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'new'; + $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add'; if ($action == 'edit') { $domain = filter_input(INPUT_GET, 'domain', FILTER_VALIDATE_DOMAIN); $domain_key = array_search($domain, array_column($list_domains, 'domain')); @@ -45,7 +45,7 @@ if ($_SERVER['REQUEST_METHOD'] == "GET") { } if ($_SERVER['REQUEST_METHOD'] == "POST") { - $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'new'; + $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add'; $domain = strtolower(filter_input(INPUT_POST, 'domain', FILTER_VALIDATE_DOMAIN)); $description = filter_input(INPUT_POST, 'description', FILTER_CALLBACK, array('options' => 'htmlspecialchars')); $aliases = filter_input(INPUT_POST, 'aliases', FILTER_VALIDATE_INT); diff --git a/admin/edit-admin.php b/admin/edit-admin.php deleted file mode 100644 index 97388aa..0000000 --- a/admin/edit-admin.php +++ /dev/null @@ -1,101 +0,0 @@ - -// Copyright (c) 2022 High5! -// License Info: LICENSE.TXT -// -// File: edit-admin.php -// -// Template File: admin_edit-admin.tpl -// -// Template Variables: -// -// tDescription -// tAliases -// tMailboxes -// tMaxquota -// tActive -// -// Form POST \ GET Variables: -// -// fDescription -// fAliases -// fMailboxes -// fMaxquota -// fActive -// -require("../variables.inc.php"); -require("../config.inc.php"); -require("../functions.inc.php"); -include("../languages/" . check_language() . ".lang"); -if ($_SERVER['REQUEST_METHOD'] == "GET") { - $username = escape_string($_GET['username']); - - $list_domains = list_domains(); - $tDomains = list_domains_for_admin($username); - - $result = db_query("SELECT * FROM admin WHERE username='$username'"); - if ($result['rows'] == 1) { - $row = db_array($result['result']); - $tActive = $row['active']; - } - - include("../templates/header.tpl"); - include("../templates/admin_menu.tpl"); - include("../templates/admin_edit-admin.tpl"); - include("../templates/footer.tpl"); -} - -if ($_SERVER['REQUEST_METHOD'] == "POST") { - $username = escape_string($_GET['username']); - $fPassword = escape_string($_POST['fPassword']); - $fPassword2 = escape_string($_POST['fPassword2']); - $fActive = escape_string($_POST['fActive']); - if (isset($_POST['fDomains'])) $tDomains = $_POST['fDomains']; - - $list_domains = list_domains(); - - if ($fPassword != $fPassword2) { - $error = 1; - $tActive = escape_string($_POST['fActive']); - $tDomains = escape_string($_POST['fDomains']); - $pAdminEdit_admin_password_text = $PALANG['pAdminEdit_admin_password_text_error']; - } - - if ($error != 1) { - if (empty($fPassword) and empty($fPassword2)) { - if ($fActive == "on") $fActive = 1; - $result = db_query("UPDATE admin SET modified=NOW(),active='$fActive' WHERE username='$username'"); - } else { - $password = pacrypt($fPassword); - if ($fActive == "on") $fActive = 1; - $result = db_query("UPDATE admin SET password='$password',modified=NOW(),active='$fActive' WHERE username='$username'"); - } - - if (count($tDomains) > 0) { - for ($i = 0; $i < count($tDomains); $i++) { - $domain = $tDomains[$i]; - $result_domains = db_query("INSERT INTO domain_admins (username,domain,created) VALUES ('$username','$domain',NOW())"); - } - } - - if ($result['rows'] == 1) { - if (isset($tDomains[0])) { - $result = db_query("DELETE FROM domain_admins WHERE username='$username'"); - for ($i = 0; $i < count($tDomains); $i++) { - $domain = $tDomains[$i]; - $result = db_query("INSERT INTO domain_admins (username,domain,created) VALUES ('$username','$domain',NOW())"); - } - } - header("Location: list-admin.php"); - } else { - $tMessage = $PALANG['pAdminEdit_admin_result_error']; - } - } - include("../templates/header.tpl"); - include("../templates/admin_menu.tpl"); - include("../templates/admin_edit-admin.tpl"); - include("../templates/footer.tpl"); -} -?> diff --git a/templates/admin_add-admin.tpl b/templates/admin_admin.tpl similarity index 100% rename from templates/admin_add-admin.tpl rename to templates/admin_admin.tpl diff --git a/templates/admin_list-admin.tpl b/templates/admin_list-admin.tpl index cb01b55..620e6c0 100644 --- a/templates/admin_list-admin.tpl +++ b/templates/admin_list-admin.tpl @@ -16,7 +16,7 @@ if (count($list_admins) > 0) { echo " " . $row['domain_count'] . ""; echo " " . $row['modified'] . ""; $active = ($row['active'] == 1) ? $PALANG['YES'] : $PALANG['NO']; - echo " " . $PALANG['edit'] . ""; + echo " " . $PALANG['edit'] . ""; echo " " . $PALANG['del'] . ""; echo " \n"; } diff --git a/templates/admin_menu.tpl b/templates/admin_menu.tpl index 54f7e3d..0ae9a8e 100644 --- a/templates/admin_menu.tpl +++ b/templates/admin_menu.tpl @@ -6,7 +6,7 @@
    • -
    • +