[irc/unrealircd/unrealircd-webpanel.git] / settings / user-edit.php

<?php

require_once "../common.php";
require_once "../header.php";
do_log($_POST);

$us = unreal_get_current_user();
$id = (isset($_GET['id'])) ? $_GET['id'] : $us->id;
$edit_user = new PanelUser(NULL, $id);
$can_edit_profile = (user_can($us, PERMISSION_MANAGE_USERS) || $edit_user->id == $us->id) ? true : false;
$caneditpermissions = (user_can($us, PERMISSION_MANAGE_USERS)) ? true : false;
$can_edit = ($caneditpermissions) ? "" : "disabled";
$postbutton = (isset($_POST['update_user'])) ? true : false;
$permissions = (isset($_POST['permissions'])) ? $_POST['permissions'] : [];
$edit_perms = (isset($edit_user->user_meta['permissions'])) ? unserialize($edit_user->user_meta['permissions']) : [];

/* Check if they can edit their permissions and if the permissions have indeed been changed */
if ($postbutton && is_array($permissions) && $caneditpermissions
        && $permissions != $edit_perms)
{
    foreach ($permissions as $p)
        if (!in_array($p, $edit_perms))
            $edit_user->add_permission($p);

    foreach($edit_perms as $p)
        if (!in_array($p, $permissions))
            $edit_user->delete_permission($p);

    Message::Success("Permissions for <strong>$edit_user->username</strong> have been updated");
}

if ($postbutton && $can_edit_profile)
{
    $array['update_fname'] = (isset($_POST['first_name']) && strlen($_POST['first_name'])) ? $_POST['first_name'] : false;
    $array['update_lname'] = (isset($_POST['last_name']) && strlen($_POST['last_name'])) ? $_POST['last_name'] : false;
    $array['update_bio'] = (isset($_POST['bio']) && strlen($_POST['bio'])) ? $_POST['bio'] : false;
    $array['update_email'] = (isset($_POST['email']) && strlen($_POST['email'])) ? $_POST['email'] : false;
    $array['update_pass'] = (isset($_POST['password']) && strlen($_POST['password'])) ? $_POST['password'] : false;
    $array['update_pass_conf'] = (isset($_POST['passwordconfirm']) && strlen($_POST['passwordconfirm'])) ? $_POST['passwordconfirm'] : false;

    if (!$array['update_pass'])
    {
        unset($array['update_pass']);
        unset($array['update_pass_conf']);
    }
    elseif ($array['update_pass'] == $array['update_pass_conf'])
    {
        $array['update_pass_conf'] = password_hash($array['update_pass_conf'], PASSWORD_ARGON2ID);
        unset($array['update_pass']);
    }
    else
    {
        Message::Fail("Could not update password: Passwords did not match");
        unset($array['update_pass']);
        unset($array['update_pass_conf']);
    }
    $edit_user->update_core_info($array);
    $edit_user = new PanelUser($edit_user->username);
}
?>
<h4>Edit User: "<?php echo $edit_user->username; ?>"</h4>
<br>
<form method="post" action="user-edit.php?id=<?php echo $edit_user->id; ?>" autocomplete="off" enctype="multipart/form-data">
<?php if ($can_edit_profile) { ?>
<a class="btn btn-<?php echo (user_can($us, PERMISSION_MANAGE_USERS)) ? "danger" : "info"; ?>" data-toggle="collapse" href="#collapseExample" role="button" aria-expanded="false" aria-controls="collapseExample">
<?php echo (user_can($us, PERMISSION_MANAGE_USERS)) ? "Edit" : "View"; ?> Permissions
</a>
<div class="collapse" id="collapseExample">
    <br>
  <div class="card card-body">
    <h6>Here are all the things <?php echo $edit_user->username; ?> can do</h6>
    <?php generate_panel_user_permission_table($edit_user); ?>
  </div>
</div>
<?php } ?>
<br><br>
<div class="input-group mb-3">
    <div class="input-group-prepend">
        <span class="input-group-text" style="width: 100px;">@</span>
    </div><input disabled type="text" class="form-control" name="username" id="username" placeholder="<?php echo $edit_user->username; ?>">
</div>

<div class="input-group mb-3">
    <div class="input-group-prepend">
        <span class="input-group-text" style="width: 100px;">First Name</span>
    </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="first_name" id="first_name" placeholder="<?php echo $edit_user->first_name; ?>">
</div>


<div class="input-group mb-3">
    <div class="input-group-prepend">
        <span class="input-group-text" style="width: 100px;">Last Name</span>
    </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="last_name" id="last_name" placeholder="<?php echo $edit_user->last_name; ?>">
</div>


<div class="input-group mb-3">
    <div class="input-group-prepend">
        <span class="input-group-text" style="width: 100px;">Bio</span>
    </div><textarea <?php echo $can_edit; ?> class="form-control" name="bio" id="username"><?php echo $edit_user->bio; ?></textarea>
</div>


<div class="input-group mb-3">
    <div class="input-group-prepend">
        <span class="input-group-text" style="width: 100px;">Email</span>
    </div><input <?php echo $can_edit; ?> type="text" class="form-control" name="email" id="email" autocomplete="off" value="<?php echo $edit_user->email; ?>">
</div>

<div class="input-group mb-3">
    <div class="input-group-prepend">
        <span class="input-group-text" style="width: 150px;">New Password</span>
    </div><input <?php echo $can_edit; ?> type="password" class="form-control" name="password" id="password" autocomplete="off">
</div><div class="input-group mb-3">
    <div class="input-group-prepend">
        <span class="input-group-text" style="width: 150px;">Confirm Password</span>
    </div><input <?php echo $can_edit; ?> type="password" class="form-control" name="passwordconfirm" id="passwordconfirm" autocomplete="off">
</div>

<br>
<button type="submit" name="update_user" class="btn btn-primary">Save Changes</button><br>
</form>
Commit	Line	Data
fdc0088f VP	1	<?php
	2
	3	require_once "../common.php";
2d62c85d	4	require_once "../header.php";
688348a0	5	do_log($_POST);
2d62c85d VP	6
	7	$us = unreal_get_current_user();
	8	$id = (isset($_GET['id'])) ? $_GET['id'] : $us->id;
	9	$edit_user = new PanelUser(NULL, $id);
78977ce3 VP	10	$can_edit_profile = (user_can($us, PERMISSION_MANAGE_USERS) \|\| $edit_user->id == $us->id) ? true : false;
	11	$caneditpermissions = (user_can($us, PERMISSION_MANAGE_USERS)) ? true : false;
	12	$can_edit = ($caneditpermissions) ? "" : "disabled";
688348a0 VP	13	$postbutton = (isset($_POST['update_user'])) ? true : false;
688348a0 VP	14	$permissions = (isset($_POST['permissions'])) ? $_POST['permissions'] : [];
f5173b9c	15	$edit_perms = (isset($edit_user->user_meta['permissions'])) ? unserialize($edit_user->user_meta['permissions']) : [];
78977ce3	16
f5173b9c	17	/* Check if they can edit their permissions and if the permissions have indeed been changed */
688348a0	18	if ($postbutton && is_array($permissions) && $caneditpermissions
f5173b9c VP	19	&& $permissions != $edit_perms)
	20	{
	21	foreach ($permissions as $p)
	22	if (!in_array($p, $edit_perms))
	23	$edit_user->add_permission($p);
	24
	25	foreach($edit_perms as $p)
	26	if (!in_array($p, $permissions))
	27	$edit_user->delete_permission($p);
f5173b9c	28
688348a0 VP	29	Message::Success("Permissions for <strong>$edit_user->username</strong> have been updated");
688348a0 VP	30	}
2d62c85d	31
688348a0 VP	32	if ($postbutton && $can_edit_profile)
	33	{
	34	$array['update_fname'] = (isset($_POST['first_name']) && strlen($_POST['first_name'])) ? $_POST['first_name'] : false;
	35	$array['update_lname'] = (isset($_POST['last_name']) && strlen($_POST['last_name'])) ? $_POST['last_name'] : false;
	36	$array['update_bio'] = (isset($_POST['bio']) && strlen($_POST['bio'])) ? $_POST['bio'] : false;
	37	$array['update_email'] = (isset($_POST['email']) && strlen($_POST['email'])) ? $_POST['email'] : false;
	38	$array['update_pass'] = (isset($_POST['password']) && strlen($_POST['password'])) ? $_POST['password'] : false;
	39	$array['update_pass_conf'] = (isset($_POST['passwordconfirm']) && strlen($_POST['passwordconfirm'])) ? $_POST['passwordconfirm'] : false;
8a73256b VP	40
	41	if (!$array['update_pass'])
	42	{
	43	unset($array['update_pass']);
	44	unset($array['update_pass_conf']);
	45	}
	46	elseif ($array['update_pass'] == $array['update_pass_conf'])
688348a0 VP	47	{
688348a0 VP	48	$array['update_pass_conf'] = password_hash($array['update_pass_conf'], PASSWORD_ARGON2ID);
9f9d16d5	49	unset($array['update_pass']);
688348a0 VP	50	}
	51	else
	52	{
	53	Message::Fail("Could not update password: Passwords did not match");
9f9d16d5 VP	54	unset($array['update_pass']);
9f9d16d5 VP	55	unset($array['update_pass_conf']);
688348a0 VP	56	}
	57	$edit_user->update_core_info($array);
	58	$edit_user = new PanelUser($edit_user->username);
	59	}
2d62c85d VP	60	?>
2d62c85d VP	61	<h4>Edit User: "<?php echo $edit_user->username; ?>"</h4>
78977ce3	62	<br>
2d62c85d	63	<form method="post" action="user-edit.php?id=<?php echo $edit_user->id; ?>" autocomplete="off" enctype="multipart/form-data">
78977ce3 VP	64	<?php if ($can_edit_profile) { ?>
78977ce3 VP	65	<a class="btn btn-<?php echo (user_can($us, PERMISSION_MANAGE_USERS)) ? "danger" : "info"; ?>" data-toggle="collapse" href="#collapseExample" role="button" aria-expanded="false" aria-controls="collapseExample">
2405dc8e VP	66	<?php echo (user_can($us, PERMISSION_MANAGE_USERS)) ? "Edit" : "View"; ?> Permissions
	67	</a>
	68	<div class="collapse" id="collapseExample">
	69	<br>
	70	<div class="card card-body">
	71	<h6>Here are all the things <?php echo $edit_user->username; ?> can do</h6>
	72	<?php generate_panel_user_permission_table($edit_user); ?>
	73	</div>
	74	</div>
78977ce3	75	<?php } ?>
2405dc8e	76	<br><br>
2d62c85d VP	77	<div class="input-group mb-3">
	78	<div class="input-group-prepend">
	79	<span class="input-group-text" style="width: 100px;">@</span>
	80	</div><input disabled type="text" class="form-control" name="username" id="username" placeholder="<?php echo $edit_user->username; ?>">
	81	</div>
	82
	83	<div class="input-group mb-3">
	84	<div class="input-group-prepend">
	85	<span class="input-group-text" style="width: 100px;">First Name</span>
	86	</div><input <?php echo $can_edit; ?> type="text" class="form-control" name="first_name" id="first_name" placeholder="<?php echo $edit_user->first_name; ?>">
	87	</div>
	88
	89
	90	<div class="input-group mb-3">
	91	<div class="input-group-prepend">
	92	<span class="input-group-text" style="width: 100px;">Last Name</span>
	93	</div><input <?php echo $can_edit; ?> type="text" class="form-control" name="last_name" id="last_name" placeholder="<?php echo $edit_user->last_name; ?>">
	94	</div>
	95
	96
	97	<div class="input-group mb-3">
	98	<div class="input-group-prepend">
	99	<span class="input-group-text" style="width: 100px;">Bio</span>
	100	</div><textarea <?php echo $can_edit; ?> class="form-control" name="bio" id="username"><?php echo $edit_user->bio; ?></textarea>
	101	</div>
	102
	103
	104	<div class="input-group mb-3">
	105	<div class="input-group-prepend">
	106	<span class="input-group-text" style="width: 100px;">Email</span>
f5173b9c	107	</div><input <?php echo $can_edit; ?> type="text" class="form-control" name="email" id="email" autocomplete="off" value="<?php echo $edit_user->email; ?>">
2d62c85d VP	108	</div>
	109
	110	<div class="input-group mb-3">
	111	<div class="input-group-prepend">
2405dc8e VP	112	<span class="input-group-text" style="width: 150px;">New Password</span>
	113	</div><input <?php echo $can_edit; ?> type="password" class="form-control" name="password" id="password" autocomplete="off">
	114	</div><div class="input-group mb-3">
	115	<div class="input-group-prepend">
	116	<span class="input-group-text" style="width: 150px;">Confirm Password</span>
688348a0	117	</div><input <?php echo $can_edit; ?> type="password" class="form-control" name="passwordconfirm" id="passwordconfirm" autocomplete="off">
2d62c85d VP	118	</div>
	119
	120	<br>
2405dc8e	121	<button type="submit" name="update_user" class="btn btn-primary">Save Changes</button><br>
2d62c85d	122	</form>