md-cms/edit/users.php

<?PHP
/**
 * This script lists all users and offers the option to add new ones.
 *
 * @author Joshua Ramon Enslin <joshua@jrenslin.de>
 */

/*
 * Require files and ensure environment.
 */

require_once __DIR__ . "/inc/functions.php";

ensureEnvironment();                                    // Ensure existence of system files.
$translations = loadLanguage($settings['defaultLang']); // Load translations.
ensureBackendEnv();                                     // Ensure session is started etc.
$pages = loadPages();                                   // Load overview of pages.

if (!$_SESSION['admin']) {
    echo printErrorPage($settings, $translations['accessDenied']); return;
}

/*
 * Load data.
 */

// Check for vars.
loadHttpToGlobals(["task", "username", "realName", "email", "password", "passwordVerify", "admin"]);

if (!isset($users)) {
    $users = json_decode(file_get_contents(__DIR__ . "/../data/users.json"), true);
}

/**
 * Adding new users.
 */
if (isset($task) and $task == "insert") {

    $redirectURL = "./users.php?" . write_common_vars(["username", "realName", "email", "admin"]) . "#addUser";

    if (!isset($admin)) $admin = false;

    // Ensure all required values are set.
    foreach (["username", "realName", "email", "password", "passwordVerify"] as $var) {
        if (isset($$var)) continue;

        $_SESSION["editHistory"] = ["changesAborted", $translations['requiredValueMissing']];
        header('Location: ' . $redirectURL);
        return;
    }

    // Check if the passwords match.
    if ($password != $passwordVerify) {
        $_SESSION["editHistory"] = ["changesAborted", $translations['passwordsDoNotMatch']];
        header('Location: ' . $redirectURL);
        return;
    }

    // Check if passwords is too short.
    if (strlen($password) < 8) {
        $_SESSION["editHistory"] = ["changesAborted", $translations['passwordTooShort']];
        header('Location: ' . $redirectURL);
        return;
    }

    // Options for hashing.
    $newUser = array(

        "username" => $username,
        "realName" => $realName,
        "email"    => $email,
        "password" => password_hash("$password", PASSWORD_BCRYPT, ['cost' => 12]),
        "admin"    => $admin,
        "created"  => date("Y-m-d H:i:s"),

    );

    $users[$username] = $newUser;

    // Store the users array.
    file_put_contents(__DIR__ . "/../data/users.json", json_encode($users), LOCK_EX);

    $_SESSION["editHistory"] = ["changesStored", $translations['userAdded'] . " $username"];
    header('Location: ./users.php#addUser');
    return;

}

/*
 * Output
 */

echo printBackendHead($settings, $translations['start'], $translations['start'], $settings['logo']);
echo printBackendHeader($translations['usersOverview'], $translations['helpUsers']);

echo '
<div id="mainWrapper">
';

echo printBackendNav($translations);

echo '
    <main>

    <p>
        <a href="#listUsers" class="buttonLike">' . $translations['listUsers'] . '</a>
        <a href="#addUser" class="buttonLike">' . $translations['addUser'] . '</a>
    </p>

    <section id="listUsers">

        <form action="" method="POST">
        <table class="obj_cha_maintable">

            <tr>
                <th><label for="username">' . $translations['username'] . '</label></th>
                <td><input type="text" id="username" name="username" placeholder="' . $translations['username']. '"';
if (isset($username)) echo " value='$username'";
echo ' required /></td>
                <td>' . generateHelpToolTip("helpUsername", $translations['username'], $translations['helpUsername']) . '</td>
            </tr>

            <tr>
                <th><label for="realName">' . $translations['realName'] . '</label></th>
                <td><input type="text" id="realName" name="realName" placeholder="' . $translations['realName']. '"';
if (isset($realName)) echo " value='$realName'";
echo ' required /></td>
                <td>' . generateHelpToolTip("helpRealName", $translations['realName'], $translations['helpRealName']) . '</td>
            </tr>

            <tr>
                <th><label for="userEmail">' . $translations['email'] . '</label></th>
                <td><input type="email" id="userEmail" name="email" placeholder="' . $translations['email']. '"';
if (isset($email)) echo " value='$email'";
echo ' required /></td>
                <td>' . generateHelpToolTip("helpEmail", $translations['email'], $translations['helpEmail']) . '</td>
            </tr>

            <tr>
                <th><label for="password">' . $translations['password'] . '</label></th>
                <td><input type="password" id="password" name="password" placeholder="' . $translations['password']. '" required /></td>
                <td>' . generateHelpToolTip("helpPassword", $translations['password'], $translations['helpPassword']) . '</td>
            </tr>

            <tr>
                <th><label for="passwordVerify">' . $translations['passwordVerify'] . '</label></th>
                <td><input type="password" id="passwordVerify" name="passwordVerify" placeholder="' . $translations['passwordVerify']. '" required /></td>
                <td></td>
            </tr>

            <tr>
                <th><label for="admin">' . $translations['admin'] . '</label></th>
                <td>
                    <label class="switch">
                        <input name="admin" id="admin" type="checkbox"'; if (isset($admin) and $admin) echo ' checked'; echo '>
                        <span class="slider round"></span>
                    </label>
                </td>
                <td>' . generateHelpToolTip("helpAdmin", $translations['admin'], $translations['helpAdmin']) . '</td>
            </tr>

            <tr>
                <th></th>
                <td><button type="submit">' . $translations['submit'] . '</button></td>
                <td>
                    ' . printHiddenInputs(['task' => 'insert'], 16) . '
                </td>
            </tr>

        </table>
        </form>

    </section>

    <section>

    <table class="overviewtable">
        <thead>
            <tr>
                <th>' . $translations['username'] . '</th>
                <th>' . $translations['realName'] . '</th>
                <th>' . $translations['email'] . '</th>
                <th>' . $translations['admin'] . '</th>
                <th>' . $translations['options'] . '</th>
            </tr>
        </thead>
        <tbody>
';

foreach ($users as $user) {

    echo '
            <tr>
                <td><a href="user.php?t=' . urlencode($user['username']) . '">' . $user['username'] . '</a></td>
                <td>' . $user['realName'] . '</td>
                <td>' . $user['email'] . '</td>
                <td>' . $user['admin'] . '</td>
                <td></td>
            </tr>
    ';

}

echo '
        </tbody>
    </table>

    </section>

    </main>
</div>';

echo printBackendEnd();

?>
Initial commit. 2018-06-12 07:53:27 +02:00			`<?PHP`
			`/**`
Fixed (file) comments. 2018-06-19 18:02:04 +02:00			`* This script lists all users and offers the option to add new ones.`
Initial commit. 2018-06-12 07:53:27 +02:00			`*`
			`* @author Joshua Ramon Enslin <joshua@jrenslin.de>`
			`*/`

			`/*`
			`* Require files and ensure environment.`
			`*/`

			`require_once __DIR__ . "/inc/functions.php";`

Made input interface multilingual. Set proper default for CSS file in password_protect.php. 2018-06-18 17:18:06 +02:00			`ensureEnvironment(); // Ensure existence of system files.`
			`$translations = loadLanguage($settings['defaultLang']); // Load translations.`
			`ensureBackendEnv(); // Ensure session is started etc.`
			`$pages = loadPages(); // Load overview of pages.`
Initial commit. 2018-06-12 07:53:27 +02:00
Added checks for admin permissions to settings / users. Added welcome message and start page contents in input interface (iss0000160). 2018-06-18 15:07:38 +02:00			`if (!$_SESSION['admin']) {`
Readied error pages for variable themes. Fixed error in parsing pseudocode. 2018-06-21 13:25:38 +02:00			`echo printErrorPage($settings, $translations['accessDenied']); return;`
Added checks for admin permissions to settings / users. Added welcome message and start page contents in input interface (iss0000160). 2018-06-18 15:07:38 +02:00			`}`

Initial commit. 2018-06-12 07:53:27 +02:00			`/*`
			`* Load data.`
			`*/`

			`// Check for vars.`
Added editing function for pages (using tinymce). Added editing pages for footer, banner, aside. Added page overview. Added public page. Added settings page. Added generator for embed pseudocodes. 2018-06-13 20:07:24 +02:00			`loadHttpToGlobals(["task", "username", "realName", "email", "password", "passwordVerify", "admin"]);`
Initial commit. 2018-06-12 07:53:27 +02:00
			`if (!isset($users)) {`
			`$users = json_decode(file_get_contents(__DIR__ . "/../data/users.json"), true);`
			`}`

Fixed (file) comments. 2018-06-19 18:02:04 +02:00			`/**`
			`* Adding new users.`
			`*/`
			`if (isset($task) and $task == "insert") {`
Initial commit. 2018-06-12 07:53:27 +02:00
Added editing function for pages (using tinymce). Added editing pages for footer, banner, aside. Added page overview. Added public page. Added settings page. Added generator for embed pseudocodes. 2018-06-13 20:07:24 +02:00			`$redirectURL = "./users.php?" . write_common_vars(["username", "realName", "email", "admin"]) . "#addUser";`

			`if (!isset($admin)) $admin = false;`
Initial commit. 2018-06-12 07:53:27 +02:00
			`// Ensure all required values are set.`
			`foreach (["username", "realName", "email", "password", "passwordVerify"] as $var) {`
			`if (isset($$var)) continue;`

			`$_SESSION["editHistory"] = ["changesAborted", $translations['requiredValueMissing']];`
			`header('Location: ' . $redirectURL);`
			`return;`
			`}`

			`// Check if the passwords match.`
			`if ($password != $passwordVerify) {`
			`$_SESSION["editHistory"] = ["changesAborted", $translations['passwordsDoNotMatch']];`
			`header('Location: ' . $redirectURL);`
			`return;`
			`}`

			`// Check if passwords is too short.`
			`if (strlen($password) < 8) {`
			`$_SESSION["editHistory"] = ["changesAborted", $translations['passwordTooShort']];`
			`header('Location: ' . $redirectURL);`
			`return;`
			`}`

			`// Options for hashing.`
			`$newUser = array(`

			`"username" => $username,`
			`"realName" => $realName,`
			`"email" => $email,`
			`"password" => password_hash("$password", PASSWORD_BCRYPT, ['cost' => 12]),`
Added editing function for pages (using tinymce). Added editing pages for footer, banner, aside. Added page overview. Added public page. Added settings page. Added generator for embed pseudocodes. 2018-06-13 20:07:24 +02:00			`"admin" => $admin,`
Initial commit. 2018-06-12 07:53:27 +02:00			`"created" => date("Y-m-d H:i:s"),`

			`);`

			`$users[$username] = $newUser;`

			`// Store the users array.`
			`file_put_contents(__DIR__ . "/../data/users.json", json_encode($users), LOCK_EX);`

			`$_SESSION["editHistory"] = ["changesStored", $translations['userAdded'] . " $username"];`
			`header('Location: ./users.php#addUser');`
			`return;`

			`}`

			`/*`
			`* Output`
			`*/`

Improved settings of CSPs. Added manifest.json. Added further security-related HTTP headers. 2018-06-18 13:57:35 +02:00			`echo printBackendHead($settings, $translations['start'], $translations['start'], $settings['logo']);`
Initial commit. 2018-06-12 07:53:27 +02:00			`echo printBackendHeader($translations['usersOverview'], $translations['helpUsers']);`

			`echo '`
			`<div id="mainWrapper">`
			`';`

			`echo printBackendNav($translations);`

			`echo '`
			`<main>`

			`<p>`
			`<a href="#listUsers" class="buttonLike">' . $translations['listUsers'] . '</a>`
			`<a href="#addUser" class="buttonLike">' . $translations['addUser'] . '</a>`
			`</p>`

			`<section id="listUsers">`

			`<form action="" method="POST">`
			`<table class="obj_cha_maintable">`

			`<tr>`
			`<th><label for="username">' . $translations['username'] . '</label></th>`
			`<td><input type="text" id="username" name="username" placeholder="' . $translations['username']. '"';`
			`if (isset($username)) echo " value='$username'";`
			`echo ' required /></td>`
			`<td>' . generateHelpToolTip("helpUsername", $translations['username'], $translations['helpUsername']) . '</td>`
			`</tr>`

			`<tr>`
			`<th><label for="realName">' . $translations['realName'] . '</label></th>`
			`<td><input type="text" id="realName" name="realName" placeholder="' . $translations['realName']. '"';`
			`if (isset($realName)) echo " value='$realName'";`
			`echo ' required /></td>`
			`<td>' . generateHelpToolTip("helpRealName", $translations['realName'], $translations['helpRealName']) . '</td>`
			`</tr>`

			`<tr>`
			`<th><label for="userEmail">' . $translations['email'] . '</label></th>`
			`<td><input type="email" id="userEmail" name="email" placeholder="' . $translations['email']. '"';`
			`if (isset($email)) echo " value='$email'";`
			`echo ' required /></td>`
			`<td>' . generateHelpToolTip("helpEmail", $translations['email'], $translations['helpEmail']) . '</td>`
			`</tr>`

			`<tr>`
			`<th><label for="password">' . $translations['password'] . '</label></th>`
			`<td><input type="password" id="password" name="password" placeholder="' . $translations['password']. '" required /></td>`
			`<td>' . generateHelpToolTip("helpPassword", $translations['password'], $translations['helpPassword']) . '</td>`
			`</tr>`

			`<tr>`
			`<th><label for="passwordVerify">' . $translations['passwordVerify'] . '</label></th>`
			`<td><input type="password" id="passwordVerify" name="passwordVerify" placeholder="' . $translations['passwordVerify']. '" required /></td>`
			`<td></td>`
			`</tr>`

Added editing function for pages (using tinymce). Added editing pages for footer, banner, aside. Added page overview. Added public page. Added settings page. Added generator for embed pseudocodes. 2018-06-13 20:07:24 +02:00			`<tr>`
			`<th><label for="admin">' . $translations['admin'] . '</label></th>`
			`<td>`
			`<label class="switch">`
			`<input name="admin" id="admin" type="checkbox"'; if (isset($admin) and $admin) echo ' checked'; echo '>`
			`<span class="slider round"></span>`
			`</label>`
			`</td>`
			`<td>' . generateHelpToolTip("helpAdmin", $translations['admin'], $translations['helpAdmin']) . '</td>`
			`</tr>`

Initial commit. 2018-06-12 07:53:27 +02:00			`<tr>`
			`<th></th>`
			`<td><button type="submit">' . $translations['submit'] . '</button></td>`
			`<td>`
			`' . printHiddenInputs(['task' => 'insert'], 16) . '`
			`</td>`
			`</tr>`

			`</table>`
			`</form>`

			`</section>`

			`<section>`

			`<table class="overviewtable">`
			`<thead>`
			`<tr>`
			`<th>' . $translations['username'] . '</th>`
			`<th>' . $translations['realName'] . '</th>`
			`<th>' . $translations['email'] . '</th>`
Added editing function for pages (using tinymce). Added editing pages for footer, banner, aside. Added page overview. Added public page. Added settings page. Added generator for embed pseudocodes. 2018-06-13 20:07:24 +02:00			`<th>' . $translations['admin'] . '</th>`
Initial commit. 2018-06-12 07:53:27 +02:00			`<th>' . $translations['options'] . '</th>`
			`</tr>`
			`</thead>`
			`<tbody>`
			`';`

			`foreach ($users as $user) {`

			`echo '`
			`<tr>`
			`<td><a href="user.php?t=' . urlencode($user['username']) . '">' . $user['username'] . '</a></td>`
			`<td>' . $user['realName'] . '</td>`
			`<td>' . $user['email'] . '</td>`
Added editing function for pages (using tinymce). Added editing pages for footer, banner, aside. Added page overview. Added public page. Added settings page. Added generator for embed pseudocodes. 2018-06-13 20:07:24 +02:00			`<td>' . $user['admin'] . '</td>`
Initial commit. 2018-06-12 07:53:27 +02:00			`<td></td>`
			`</tr>`
			`';`

			`}`

			`echo '`
			`</tbody>`
			`</table>`

			`</section>`

			`</main>`
			`</div>';`

			`echo printBackendEnd();`

			`?>`