encode($name, 'S1TU'); $addquery = $addquery." WHERE uname LIKE '%".$name."%'"; $isfirst = false; } $sql = mysqli_query($conn,"SELECT COUNT(*) FROM users".$addquery); $count = mysqli_fetch_array($sql)[0]; $maxpage = ceil($count / $maxperpage); if (!($cpage >= 1 && $cpage <= $maxpage)) {$cpage = 1;} $UserItems = []; $query = "SELECT * FROM users".$addquery; if ($result = $conn->query($query)) { while ($cuser = $result->fetch_assoc()) { $Current_full_name = $coderclass->decode($cuser['full_name'], 'TIT4'); $Current_position = $coderclass->decode($cuser['position'], 'SWI2'); $Current_perms = $coderclass->decode($cuser['perms'], 'AFDG'); $Current_perms_List = explode(', ', $Current_perms); $CurrentUserPermList = array(); for ($i=0; $i < count($Current_perms_List); $i++) { $cpid = $Current_perms_List[$i]; $sql = mysqli_query($conn,"SELECT risk_factor, perm_status FROM perm_database WHERE perm_id = '$cpid'"); $tempSQL = mysqli_fetch_array($sql); if ($tempSQL != null) { if ($tempSQL[1] != "0") { array_push($CurrentUserPermList, $tempSQL[0]); } } } sort($CurrentUserPermList); if (empty($CurrentUserPermList)) { array_push($CurrentUserPermList, null); } if (!($CurrentUserPermList[0] == 0 && !UserHasPerm('god_profile')) || $Current_perms == "") { $UserItems[] = [ 'uid' => $cuser['uid'], 'full_name' => $Current_full_name, 'position' => $Current_position, 'risk_factor' => $CurrentUserPermList[0] ]; } } } if ($orderby != "") { usort($UserItems, function ($a, $b) { global $orderby; return strcoll($a[$orderby], $b[$orderby]); }); } else { usort($UserItems, function ($a, $b) { return strcoll($a['full_name'], $b['full_name']); }); } $PrintableUserItems = getItemsSlice($UserItems, $cpage, $maxperpage); $responseStr = ''; for ($i=0; $i < count($PrintableUserItems); $i++) { if ($responseStr != "") { $responseStr = $responseStr."%"; } $responseStr = $responseStr.$PrintableUserItems[$i]['uid'].'|'.$PrintableUserItems[$i]['full_name'].'|'.$PrintableUserItems[$i]['position'].'|'.$PrintableUserItems[$i]['risk_factor']; } echo '{"result": "ok", "data": "'.$responseStr.'", "maxpage": "'.$maxpage.'", "cpage": "'.$cpage.'"}'; } else if (htmlspecialchars($_POST["func"]) == "filter") { $name = array(); $query = "SELECT uname FROM users"; if ($result = $conn->query($query)) { while ($cuser = $result->fetch_assoc()) { array_push($name, $coderclass->decode($cuser['uname'], "S1TU")); } } sort($name); $names = ""; for ($i=0; $i < count($name); $i++) { $names = $names.""; } if (!isset($_COOKIE['maxperpage'])) { setcookie("maxperpage", "25", time() + (86400 * 90), "/"); $maxperpage = "25"; } else { $maxperpage = $_COOKIE['maxperpage']; } setcookie("maxperpage", strval($maxperpage), time() + (86400 * 90), "/"); $perpageselect = " "; $perpageselect = str_replace("value='".$maxperpage."'", "value='".$maxperpage."' selected", $perpageselect); $json = json_encode(array( 'name' => $names, 'perpage' => $perpageselect, 'result' => 'ok' )); echo $json; } else if (htmlspecialchars($_POST["func"]) == "createuser") { if (UserHasPerm('user_edit_perm')) { $tempID = bin2hex(random_bytes(24)); $sql = mysqli_query($conn,"INSERT INTO users(full_name, perms, status) VALUES ('564946704637584974726d6975623239564c7179462b652f61594655', '$tempID', -1)"); $sql = mysqli_query($conn,"SELECT uid FROM users WHERE perms = '$tempID' and status = -1"); $user = mysqli_fetch_array($sql); $CreatedUserID = $user[0]; $json = json_encode(array( 'uid' => $CreatedUserID, 'result' => 'ok' )); $sql = mysqli_query($conn,"UPDATE users SET perms='' WHERE uid = '$CreatedUserID'"); } else { $json = json_encode(array( 'result' => 'Jogosultság megtagadva! Önnek nincsen joga felhasználót létrehozni!' )); } echo $json; } else if (htmlspecialchars($_POST["func"]) == "openuser") { $uid = intval(htmlspecialchars($_POST["uid"])); $toedit = htmlspecialchars($_POST["toedit"]); if ($toedit == "true") { $toedit = true; } else { $toedit = false; } $sql = mysqli_query($conn,"SELECT * FROM users WHERE uid = $uid"); $user = mysqli_fetch_array($sql); if ($user == null) { echo json_encode(array('result' => 'Ilyen felhasználói azonosítóval nem létezik fiók! Próbálja újra!')); exit(); } $PermsList = $coderclass->decode($user["perms"], 'AFDG'); $PermListArr = explode(", ", $PermsList); $CurrentPermList = array(); $CurrentPermRisk = array(); for ($i=0; $i < count($PermListArr); $i++) { $cpid = $PermListArr[$i]; $sql = mysqli_query($conn,"SELECT short_name, risk_factor, perm_status FROM perm_database WHERE perm_id = '$cpid'"); $tempSQL = mysqli_fetch_array($sql); $name = $coderclass->decode($tempSQL['short_name'] ?? '', "HA98"); array_push($CurrentPermList, $tempSQL[1]."|".$name."|".$tempSQL[2]); array_push($CurrentPermRisk, $tempSQL[1]); } sort($CurrentPermList); sort($CurrentPermRisk); $Perms = ''; $PermListToJS = $PermsList; if ($toedit && UserHasPerm('user_edit_perm')) { $Perms = ""; $permlist = array(); $query = "SELECT perm_category, perm_id, short_name FROM perm_database WHERE perm_status != 2"; if ($result = $conn->query($query)) { while ($cperm = $result->fetch_assoc()) { $name = $coderclass->decode($cperm['short_name'], 'HA98'); array_push($permlist, $cperm['perm_category']."|".$cperm['perm_id']."|".$name); } } sort($permlist); $printedCat = array(); for ($i=0; $i < count($permlist); $i++) { $TempArr = explode("|", $permlist[$i]); if (!in_array($TempArr[0], $printedCat)) { array_push($printedCat, $TempArr[0]); $Perms .= "".$TempArr[0].""; } if (str_contains($PermsList, $TempArr[1])) { $Perms .= "".$TempArr[2]." - ".$TempArr[1]."

Igen

"; } else { $Perms .= "".$TempArr[2]." - ".$TempArr[1]."

Igen

"; } } $Perms .= ""; } else { $Perms = "

'.$templist[1].' - '.$templist[0].'. oszt
'.$templist[1].' - '.$templist[0].'. oszt
'.$templist[1].' - '.$templist[0].'. oszt

"; } $can_edit = false; if (UserHasPerm('user_edit_perm') && ($CurrentPermRisk[0] != 0 || $PermsList == "")) { $can_edit = true; } else if (UserHasPerm('god_profile')) { $can_edit = true; } if ($user != null) { $otp = ""; if ($user["otphash"] != "") { $otp = $user["otptype"]; } $json = json_encode(array( 'uname' => $coderclass->decode($user["uname"], 'S1TU'), 'full_name' => $coderclass->decode($user["full_name"], 'TIT4'), 'mail' => $coderclass->decode($user["mail"], 'A7SO'), 'position' => $coderclass->decode($user["position"], 'SWI2'), 'note' => $coderclass->decode($user["note"], 'AH1K'), 'perms' => $Perms, 'PermListToJS' => $PermListToJS, 'status' => $user["status"], 'can_edit' => $can_edit, 'otp' => $otp, 'result' => 'ok' )); } else { $json = json_encode(array('result' => 'A felhasználó azonosítója hibás! Próbálja újra.')); } echo $json; } else if (htmlspecialchars($_POST["func"]) == "saveuser") { $uid = intval(htmlspecialchars($_POST["uid"])); if (htmlspecialchars($_POST["status"]) == "true") {$status = "1";} else {$status = "0";} if ($status == "0" && $uid == $userID) { echo json_encode(array('result' => 'A saját fiókodat nem tudod deaktiválni!')); exit(); } $uname = $coderclass->encode(htmlspecialchars($_POST["uname"]), "S1TU"); if ($uname == "") { echo json_encode(array('result' => 'Kötelező megadni egy felhasználó nevet!')); exit(); } $sql = mysqli_query($conn,"SELECT uid FROM users WHERE uname = '$uname'"); $tempSQL = mysqli_fetch_array($sql); if ($tempSQL != null && $tempSQL[0] != $uid) { echo json_encode(array('result' => 'Ilyen felhasználónévvel már létezik fiók! Adjon meg mást!')); exit(); } $full_name = $coderclass->encode(htmlspecialchars($_POST["full_name"]), "TIT4"); if (filter_var(htmlspecialchars($_POST["mail"]), FILTER_VALIDATE_EMAIL) !== false) { $mail = $coderclass->encode(htmlspecialchars($_POST["mail"]), "A7SO"); } else if($_POST["mail"] == "") { $mail = ""; } else { echo json_encode(array('result' => 'Az email cím nem felel meg a formai követelményeknek!')); exit(); } $position = $coderclass->encode(htmlspecialchars($_POST["position"]), "SWI2"); $note = $coderclass->encode(htmlspecialchars($_POST["note"]), "AH1K"); if (!UserHasPerm('god_profile')) { $perms = $coderclass->encode(str_replace('god_profile', '', str_replace(', god_profile', '', htmlspecialchars($_POST["perms"]))), "AFDG"); } else { $perms = $coderclass->encode(htmlspecialchars($_POST["perms"]), "AFDG"); } $userpass = htmlspecialchars($_POST["upass"]); if (!(strlen($userpass) >= 6 && preg_match('/[a-z]/', $userpass) && preg_match('/[A-Z]/', $userpass) && preg_match('/[0-9]/', $userpass)) && $userpass != "") { echo json_encode(array('result' => 'A megadott jelszó nem felel meg a formai követelményeknek!')); exit(); } else if($userpass != "") { $md5_userpass = md5($userpass); } if (UserHasPerm('user_edit_perm')) { if ($userpass != "") { $sql = mysqli_query($conn,"UPDATE users SET uname='$uname',upass='$md5_userpass',full_name='$full_name',mail='$mail',position='$position',note='$note',perms='$perms',status=$status WHERE uid = $uid"); } else { $sql = mysqli_query($conn,"UPDATE users SET uname='$uname',full_name='$full_name',mail='$mail',position='$position',note='$note',perms='$perms',status=$status WHERE uid = $uid"); } $json = json_encode(array('result' => 'ok')); } else { $json = json_encode(array('result' => 'Jogosultság megtagadva! Önnek nincsen joga felhasználót módosítani!')); } echo $json; } else if (htmlspecialchars($_POST["func"]) == "DeactivateOTP") { $uid = intval(htmlspecialchars($_POST["uid"])); if (!UserHasPerm('user_edit_perm')) { $json = json_encode(array('result' => 'Jogosultság megtagadva! Önnek nincsen joga felhasználót módosítani!')); } else if ($uid == $userID) { $json = json_encode(array('result' => 'A saját kétlépcsős hitelesítésének deaktiválását a fiók menupont alatt teheti meg!')); } else { $sql = mysqli_query($conn,"UPDATE users SET otphash = '' WHERE uid = '$uid'"); $json = json_encode(array('result' => 'ok')); } echo $json; } exit(); } ?> Kezelőfelület

Felhasználók

Felhasználónév:

Oldalanként:

';}?>

Teljes neve	Beosztása	Kockázati tényező	Adatlap

< 0 / 0 >