4 // by Mischa Peters <mischa at high5 dot nl>
5 // Copyright (c) 2022 High5!
6 // License Info: LICENSE.TXT
10 // Template File: admin_admin.tpl
13 // Template Variables:
20 // POST / GET Variables:
27 require_once './functions.inc.php';
28 include './languages/' . check_language() . '.lang';
30 $SESSID_USERNAME = check_session();
31 $ROLE = check_role($SESSID_USERNAME);
33 if ($ROLE != ADMIN_ROLE) {
34 header("Location: list-domain.php");
38 $list_domains = list_domains();
39 $list_admins = list_admins();
41 if ($_SERVER['REQUEST_METHOD'] == "GET") {
42 $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add';
43 if ($action == 'edit') {
44 $username = filter_input(INPUT_GET, 'username', FILTER_VALIDATE_EMAIL);
45 $domains['domains'] = array_column(list_domains($username), 'domain');
49 if ($_SERVER['REQUEST_METHOD'] == "POST") {
50 $action = filter_input(INPUT_GET, 'action', FILTER_DEFAULT) ?? 'add';
51 $username = filter_input(INPUT_POST, 'username', FILTER_VALIDATE_EMAIL);
52 $password1 = filter_input(INPUT_POST, 'password1', FILTER_DEFAULT);
53 $password2 = filter_input(INPUT_POST, 'password2', FILTER_DEFAULT);
54 $domains = filter_input_array(INPUT_POST, array('domains' => array('filter' => FILTER_VALIDATE_DOMAIN, 'flags' => FILTER_REQUIRE_ARRAY)));
57 if ($action == 'add') {
58 if (empty($username) || in_array($username, array_column($list_admins, 'username'))) {
59 $message = $LANG['AdminAdd_admin_username_error'];
62 if (empty($password1) || $password1 != $password2) {
63 $message = $LANG['AdminAdd_admin_password_error'];
66 if (empty($domains['domains'])) {
67 $message = $LANG['AdminAdd_admin_domain_error'];
70 if (empty($message)) {
71 $hashed = bcrypt($password1);
74 $sth = $dbh->prepare("INSERT INTO admin (username,password,created,modified) VALUES (?,?,NOW(),NOW())");
75 $sth->bindParam(1, $username, PDO::PARAM_STR);
76 $sth->bindParam(2, $hashed, PDO::PARAM_STR);
78 foreach ($domains['domains'] as $row) {
79 $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())");
80 $sth->bindParam(1, $username, PDO::PARAM_STR);
81 $sth->bindParam(2, $row, PDO::PARAM_STR);
84 $message = $LANG['AdminAdd_admin_result_succes'] . "<br />($username)</br />";
85 } catch(PDOException $e) {
86 $message = $LANG['AdminAdd_admin_result_error'] . "<br />($username)<br />";
91 if (in_array($username, array_column($list_admins, 'username')) && $action == 'edit') {
92 if ($password1 != $password2) {
93 $message = $LANG['AdminAdd_admin_password_error'];
95 if (empty($message) && !empty($password1)) {
96 $hashed = bcrypt($password1);
99 $sth = $dbh->prepare("UPDATE admin SET password=?,modified=NOW() WHERE username=?");
100 $sth->bindParam(1, $hashed, PDO::PARAM_STR);
101 $sth->bindParam(2, $username, PDO::PARAM_STR);
103 } catch(PDOException $e) {
104 $message = $LANG['AdminEdit_admin_result_error'] . "<br />($username)<br />";
108 if (empty($domains['domains'])) {
109 $message = $LANG['AdminAdd_admin_domain_error'];
111 if (empty($message)) {
113 $dbh = pdo_connect();
114 $sth = $dbh->prepare("SELECT COUNT(*) FROM domain_admins WHERE username=?");
115 $sth->execute(array($username));
116 $count_domain_admins = $sth->fetchColumn();
118 $sth = $dbh->prepare("DELETE FROM domain_admins WHERE username=?");
119 $sth->execute(array($username));
120 if ($sth->rowCount() != $count_domain_admins) {
121 throw new RuntimeException('Unable to delete entries from the domain_admins table.');
124 foreach ($domains['domains'] as $row) {
125 $sth = $dbh->prepare("INSERT INTO domain_admins (username,domain,created) VALUES (?,?,NOW())");
126 $sth->bindParam(1, $username, PDO::PARAM_STR);
127 $sth->bindParam(2, $row, PDO::PARAM_STR);
130 header("Location: list-admin.php");
131 } catch (RuntimeException $e) {
132 $message = $LANG['AdminEdit_admin_result_error'];
133 } catch (PDOException $e) {
134 $message = $LANG['AdminEdit_admin_result_error'];
139 include './templates/header.tpl';
140 include './templates/menu.tpl';
141 include './templates/admin.tpl';
142 include './templates/footer.tpl';