mirror_php/ImoutoIB
1
0
Fork 0
mirror of https://github.com/ithrts/ImoutoIB.git synced 2025-01-18 01:18:16 +01:00
Code Issues Projects Releases Wiki Activity

admin create users

Browse Source 
admin can now create users
forgotten old password check to password change
minor box editing
This commit is contained in:
Sanpaku 2021-10-03 11:46:20 +02:00
parent c7a00cb8c2
commit 367a03ebb9
3 changed files with 212 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
assets/css/Yotsuba B.css
View File

@ -427,12 +427,16 @@ div.post details table {
display: flex;
}
.box.right {
.container-right {
width: 585px;
margin: 0 0 auto auto;
}
.box.right {
width: 100%;
border: 1px solid #006;
color: #000;
background: #eff;
margin: 0 0 auto auto;
}
.box.left {

1
includes/inits.php
View File

@ -37,6 +37,7 @@ $pages = '';
$logged_in = false;
$mod_level = false;
$changed_password = false;
$user_created = false;
$post_locked = false;
$post_sticky = false;

211
mod.php
View File

@ -61,6 +61,9 @@ if (isset($_POST['old-password'])) {
if (($_POST['old-password'] == '') || ($_POST['new-password'] == '') || ($_POST['new-password2'] == '')) {
error('You must fill in all fields.');
}
if (crypt($_POST['old-password'], $password_salt) != $password) {
error('Old password is incorrect.');
}
if ($_POST['new-password'] != $_POST['new-password2']) {
error('New passwords don\'t match.');
}
@ -87,6 +90,61 @@ if (isset($_POST['old-password'])) {
setcookie("mod_session", null, time() - 3600, $cookie_location, $domain, isset($_SERVER["HTTPS"]), true);
}
//CREATE USER
if (isset($_POST['create-user'])) {
if ($user_mod_level < $config['mod']['edit_user']) {
error('You don\'t have permission to edit users.');
}
if (!is_numeric($_POST['create-level']) || ($_POST['create-level'] > 9001) || ($_POST['create-level'] < 0) ) {
error('Invalid mod level.');
}
if (!ctype_alnum($_POST['create-username'])) {
error('Invalid username. Alphanumeric only.');
}
if (strlen($_POST['create-username']) > 32) {
error('Username too long, Maximum 32.');
}
if (strlen($_POST['create-username']) < 2) {
error('Username too short, Minimum 3.');
}
if (strlen($_POST['create-password']) > 256) {
error('Password too long, Maximum 256.');
}
if (strlen($_POST['create-password']) < 8) {
error('Password too short, Minimum 8.');
}
if ($_POST['create-password'] != $_POST['create-password2']) {
error('Passwords don\'t match.');
}
$_POST['create-username'] = strtolower($_POST['create-username']); //set lowercase
if (file_exists(__dir__ . '/' . $database_folder . '/users/' . $_POST['create-username'] . '.php')) {
error('User already exists or is unavailable.');
}
$password_salt = crypt(md5(random_bytes(30)) , $secure_hash);
$current_count = file_get_contents(__dir__ . '/' . $database_folder . '/users/counter.php');
$new_count = $current_count + 1;
$new_user = '<?php ';
$new_user .= '$user_id = "' . $new_count . '"; ';
$new_user .= '$username = "' . $_POST['create-username'] . '"; ';
$new_user .= '$password_salt = "' . $password_salt . '"; ';
$new_user .= '$password = "' . crypt($_POST['create-password'] , $password_salt) . '"; ';
$new_user .= '$gpg_key = ""; ';
$new_user .= '$gpg_enabled = "0"; '; //if enabled, don't check password but instead send a gpg decryption test. use php session.
$new_user .= '$user_mod_level = "' . $_POST['create-level'] . '"; ';
$new_user .= '$user_mod_boards = "*"; '; //add board specifics or all.
$new_user .= '$user_remember = "' . time() . '"; '; //add a +30 days check or delete session and go to login screen
$new_user .= '$user_session = ""; '; //login session key, set on login.
$new_user .= ' ?>';
file_put_contents(__dir__ . '/' . $database_folder . '/users/' . $_POST['create-username'] . '.php', $new_user);
file_put_contents(__dir__ . '/' . $database_folder . '/users/counter.php', $new_count); //+1 user id
$user_created = true;
}
//LOGGIN IN?
if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] == "") {
@ -95,6 +153,7 @@ if (isset($_POST['username']) && isset($_POST['password'])) {
if ($_POST['username'] == "counter" || ctype_alnum($_POST['username']) != true) {
error('Invalid Username.');
}
$_POST['username'] = strtolower($_POST['username']);
if (!file_exists(__dir__ . '/' . $database_folder . '/users/' . $_POST['username'] . '.php')) {
error('User doesn\'t exist.');
}
@ -213,6 +272,15 @@ if ($_GET["page"] == 'account') {
}
$mod_navigation .= '>Account</a></li>';
//USERS
if ($config['mod']['edit_user'] <= $user_mod_level) {
$mod_navigation .= '<li><a href="' . $prefix_folder . '/mod.php?page=users"';
if ($_GET["page"] == 'users') {
$mod_navigation .= 'class="active"';
}
$mod_navigation .= '>Manage Users</a></li>';
}
//REPORTS
if ($config['mod']['reports'] <= $user_mod_level) {
$mod_navigation .= '<li><a href="' . $prefix_folder . '/mod.php?page=reports"';
@ -285,12 +353,14 @@ if ((!isset($_GET["page"])) || ($_GET["page"] == '')) {
echo '<br>';
echo '<div class="box flex">';
echo $mod_navigation;
echo '<div class="container-right">';
echo '<div class="box right">';
echo '<h2>Content</h2>';
echo '<div class="box-content">';
echo '<p>Welcome to the moderator dashboard.</p>';
echo '</div>';
echo '</div>';
echo '</div>';
echo '<br>';
echo '</div>';
@ -321,6 +391,7 @@ if ($_GET["page"] == 'account') {
echo '<br>';
echo '<div class="box flex">';
echo $mod_navigation;
echo '<div class="container-right">';
echo '<div class="box right">';
echo '<h2>Account</h2>';
echo '<div class="box-content">';
@ -332,15 +403,16 @@ if ($_GET["page"] == 'account') {
echo '<details><summary>Edit Password</summary>';
echo ' <form name="edit-password" action="' . $prefix_folder . '/mod.php" method="post">
<table id="post-form" style="width:initial;">
<tr><th>Old Password:</th><td><input type="password" name="old-password" size="25" maxlength="256" autocomplete="off" placeholder="Password"></td></tr>
<tr><th>New Password:</th><td><input type="password" name="new-password" size="25" maxlength="256" autocomplete="off" placeholder="Password"></td></tr>
<tr><th>New Password x2:</th><td><input type="password" name="new-password2" size="25" maxlength="256" autocomplete="off" placeholder="Password"></td></tr>
<tr><th>Current Password:</th><td><input type="password" name="old-password" size="25" maxlength="256" autocomplete="off" placeholder="Password" required></td></tr>
<tr><th>New Password:</th><td><input type="password" name="new-password" size="25" maxlength="256" autocomplete="off" placeholder="Password" required></td></tr>
<tr><th>New Password x2:</th><td><input type="password" name="new-password2" size="25" maxlength="256" autocomplete="off" placeholder="Password" required></td></tr>
<tr><th style="visibility:hidden;"></th><td><input type="submit" name="post" value="Edit Password" style="float: right;"></td></tr>
</table>
</form>';
echo '</details>';
echo '</div>';
echo '</div>';
echo '</div>';
echo '<br>';
echo '</div>';
@ -351,9 +423,130 @@ if ($_GET["page"] == 'account') {
exit();
}
//USERS PAGE
if ($_GET["page"] == 'users') {
if ($user_mod_level < $config['mod']['edit_user']) {
error('You don\'t have permission to view this page.');
}
$title = 'Manage Users - ' . $site_name;
if (isset($_GET["theme"])) {
echo '<html data-stylesheet="'. htmlspecialchars($_GET["theme"]) .'">';
} else {
echo '<html data-stylesheet="'. $current_theme .'">';
}
echo '<head>';
include $path . '/templates/header.html';
echo '</head>';
echo '<body class="frontpage">';
include $path . '/templates/boardlist.html';
echo '<div class="page-info"><h1>Dashbord</h1><div class="small">Try not to ruin everything.</div>';
echo $logged_in_as;
echo '</div>';
echo $dashboard_notifications;
echo '<br>';
echo '<div class="box flex">';
echo $mod_navigation;
echo '<div class="container-right">';
echo '<div class="box right">';
echo '<h2>Create User</h2>';
echo '<div class="box-content">';
echo '<p>';
echo '<details><summary>Create User</summary>';
echo '<form name="create-user" action="' . $prefix_folder . '/mod.php?page=users" method="post">
<table id="post-form" style="width:initial;">
<tbody><tr><th>Username:</th><td><input type="text" name="create-username" size="25" maxlength="32" autocomplete="off" placeholder="Username" required></td></tr>
<tr><th>Password:</th><td><input type="password" name="create-password" size="25" maxlength="256" autocomplete="off" placeholder="Password" required></td></tr>
<tr><th>Password x2:</th><td><input type="password" name="create-password2" size="25" maxlength="256" autocomplete="off" placeholder="Password" required></td></tr>
<tr><th>User Level:</th><td>
<select name="create-level">
<option value="9001">Admin (9001)</option>
<option value="40">Moderator (40)</option>
<option value="10">Janitor (10)</option>
<option value="0" selected>User (0)</option>
</select>
</td></tr>
<tr><th style="visibility:hidden;"></th><td><input type="submit" name="create-user" value="Create User" style="float: right;"></td></tr>
</tbody></table>
</form>';
echo '</details>';
echo '</p>';
echo '</div>';
echo '</div>';
echo '<br>';
echo '<div class="box right">';
echo '<h2>Manage Users</h2>';
echo '<div class="box-content">';
//foreach
echo '<table><thead> <td>ID</td> <td>Username</td> <td>Mod Level</td> <td>Actions</td></thead>';
echo '<tbody>';
//TO DO: multiarray and sort by ID, alternatively use JS.
// I should also first take the admins, sort them by id, then the mods by id, then the jannies by id, etc.
// Basically sorted by mod level, and each modlevel sorted by ID.
$userlist = glob(__dir__ . '/' . $database_folder . '/users/*');
foreach ($userlist as $user) {
if (basename($user) == 'counter.php') {
continue; //not a user, go next iteration
}
include $user;
echo '<tr>';
echo '<td>' . $user_id . '</td>';
echo '<td>' . $username . '</td>';
echo '<td>';
switch ($user_mod_level) {
case 9001:
echo 'Admin';
break;
case 40:
echo 'Mod';
break;
case 10:
echo 'Janitor';
break;
case 0:
echo 'User';
break;
default:
echo 'Unknown';
break;
}
echo ' (' . $user_mod_level . ')</td>';
echo '<td><details><summary>More</summary>';
echo '<details><summary style="font-size:smaller;">Edit</summary>[editstuff]</details>';
echo '<details><summary style="font-size:smaller;">Delete</summary><details><summary>Are you sure you want to delete this user ('.$username.')?</summary><details><summary>Yes!</summary>[delete]</details></details></details>';
echo '</details></td>';
echo '</tr>';
}
echo '</tbody></table>';
echo '</div>';
echo '</div>';
echo '</div>';
echo '<br>';
echo '</div>';
if ($user_created == true) {
echo '<div class="message" style="margin-top:0;">User created.</div>';
}
include $path . '/templates/footer.html';
echo '</body>';
echo '</html>';
exit();
}
//REPORTS PAGE
if ($_GET["page"] == 'reports') {
if ($user_mod_level < $config['mod']['reports']) {
error('You don\'t have permission to view this page.');
}
//recount
ReportCounter($database_folder, 'normal');
@ -375,6 +568,7 @@ if ($_GET["page"] == 'reports') {
echo '<br>';
echo '<div class="box flex">';
echo $mod_navigation;
echo '<div class="container-right">';
echo '<div class="box right">';
echo '<h2>Reports</h2>';
echo '<div class="box-content">';
@ -425,6 +619,7 @@ if ($_GET["page"] == 'reports') {
echo '</tbody>';
echo '</table>';
echo '</div>';
echo '</div>';
echo '</div>';
echo '<br>';
@ -438,7 +633,9 @@ if ($_GET["page"] == 'reports') {
//GLOBAL REPORTS PAGE
if ($_GET["page"] == 'global_reports') {
if ($user_mod_level < $config['mod']['global_reports']) {
error('You don\'t have permission to view this page.');
}
//recount
ReportCounter($database_folder, 'global');
@ -460,6 +657,7 @@ if ($_GET["page"] == 'global_reports') {
echo '<br>';
echo '<div class="box flex">';
echo $mod_navigation;
echo '<div class="container-right">';
echo '<div class="box right">';
echo '<h2>Global Reports</h2>';
echo '<div class="box-content">';
@ -506,6 +704,7 @@ if ($_GET["page"] == 'global_reports') {
echo '</tbody>';
echo '</table>';
echo '</div>';
echo '</div>';
echo '</div>';
echo '<br>';