mkrieger/patchcablemgr
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
30b4ded68d
patchcablemgr/backend/process_admin_edit-user.php
Garrett b7903ad672 0.3.11
2020-11-24 20:33:24 +00:00

106 lines
3.0 KiB
PHP
Executable File
Raw Blame History

<?php
define('QUADODO_IN_SYSTEM', true);
require_once '../includes/header.php';
$qls->Security->check_auth_page('administrator.php');
if($_SERVER['REQUEST_METHOD'] == 'POST'){
require_once '../includes/Validate.class.php';
$validate = new Validate($qls);
$validate->returnData['success'] = array();
if ($validate->returnData['active'] == 'inactive') {
echo json_encode($validate->returnData);
return;
}
$data = json_decode($_POST['data'], true);
validate($data, $validate, $qls);
if (!count($validate->returnData['error'])){
$userID = $data['userID'];
$userType = $data['userType'];
$action = $data['action'];
if($action == 'role') {
$groupID = $data['groupID'];
if($userType == 'active') {
$qls->SQL->update('users', array('group_id' => $groupID), array('id' => array('=', $userID)));
} else if($userType == 'invitation') {
$qls->SQL->update('invitations', array('group_id' => $groupID), array('id' => array('=', $userID)));
}
} else if($action == 'status') {
$status = strtolower($data['status']);
$qls->SQL->update('users', array('blocked' => $status), array('id' => array('=',$userID)));
} else if($action == 'mfa') {
$mfa = $data['state'];
// Can only turn MFA off
if($mfa == 0) {
$qls->SQL->update('users', array('mfa' => $mfa), array('id' => array('=',$userID)));
}
} else if($action == 'delete') {
if($userType == 'active') {
$query = $qls->SQL->select('*', 'users', array('id' => array('=', $userID)));
if($qls->SQL->num_rows($query)) {
$qls->Admin->remove_user($userID);
} else {
$errMsg = 'User ID does not exist.';
array_push($validate->returnData['error'], $errMsg);
}
} else if($userType == 'invitation') {
$qls->SQL->delete('invitations', array('id' => array('=', $userID), 'AND', 'used' => array('=', 0)));
}
}
}
echo json_encode($validate->returnData);
}
function validate($data, &$validate, &$qls){
// Validate action
$actionArray = array('status', 'mfa', 'role', 'delete');
$action = $data['action'];
if($validate->validateInArray($action, $actionArray, 'action')) {
if($action == 'role') {
$groupID = $data['groupID'];
$validate->validateID($groupID, 'groupID');
}
if($action == 'status') {
$status = $data['status'];
$statusArray = array('yes', 'no');
$validate->validateInArray($status, $statusArray, 'status');
}
if($action == 'mfa') {
$mfa = $data['state'];
$mfaArray = array(0, 1);
$validate->validateInArray($mfa, $mfaArray, 'mfa');
}
}
// Validate userID
$userID = $data['userID'];
if($validate->validateID($userID, 'userID')) {
if($userID == $qls->user_info['id']) {
$errMsg = 'Cannot administer your own account.';
array_push($validate->returnData['error'], $errMsg);
}
}
// Validate userType
$userTypeArray = array('active', 'invitation');
$userType = $data['userType'];
$validate->validateInArray($userType, $userTypeArray, 'user type');
return;
}
?>
Reference in New Issue View Git Blame Copy Permalink