2020-05-20 10:04:56 +02:00
< ? php
require ( 'include/glob.php' );
require ( 'include/muoribene.php' );
require ( 'include/sessionstart.php' );
require ( 'include/myconn.php' );
require ( 'include/getadmacc.php' );
require ( 'include/menu.php' );
$menu [ 'menu' ][ 'selected' ] = true ;
$menu [ 'menu' ][ 'submenu' ][ 'account' ][ 'selected' ] = true ;
buildmenu ( $menu );
if ( $account [ 'Level' ] != 'guest' ) {
require ( 'include/notifs.php' );
$notifs = notifs ( $link );
$english = false ;
} else {
$english = true ;
}
require ( 'include/tables.php' );
$fields = tables ( $link );
$fields = $fields [ 'Admins' ];
require ( 'include/transiten.php' );
$dbg = '' ;
$dbg .= '<pre>' . print_r ( $_POST , 1 ) . '</pre>' . N ;
use function mysqli_real_escape_string as myesc ;
// praticamente una macro
function hspech ( $str ) {
return ( htmlspecialchars ( $str , ENT_QUOTES | ENT_HTML5 , 'UTF-8' ));
}
2020-05-22 17:21:46 +02:00
function inputerr ( & $account ) {
muoribene ( t ( '<p>Errori di input.<br>Stavi cercando di editare <a href="account.php?id=' . $account [ 'ID' ] . '">il tuo account</a>?</p>' , '<p>Input errors.<br>Where you trying to edit <a href="account.php?id=' . $account [ 'ID' ] . '"> your account</a>?</p>' ) . N , true );
}
2020-05-20 10:04:56 +02:00
$postmisskeys = ckkeys ( array ( 'id' , 'Username' , 'Email' , 'Password' , 'CPassword' ), $_POST );
if ( count ( $postmisskeys ) == 0 && preg_match ( '/^[0-9]+$/' , $_POST [ 'id' ]) === 1 && mb_strlen ( $_POST [ 'Username' ]) >= 1 && mb_strlen ( $_POST [ 'Username' ]) <= $fields [ 'Username' ] && mb_strlen ( $_POST [ 'Email' ]) >= 3 && mb_strlen ( $_POST [ 'Email' ]) <= $fields [ 'Email' ] && $_POST [ 'Password' ] == $_POST [ 'CPassword' ] && ( $_POST [ 'Password' ] == '' || ( mb_strlen ( $_POST [ 'Password' ]) >= 8 && mb_strlen ( $_POST [ 'Password' ]) <= 64 ))) {
$id = $_POST [ 'id' ] + 0 ;
$post = true ;
} elseif ( array_key_exists ( 'id' , $_GET ) && preg_match ( '/^[0-9]+$/' , $_GET [ 'id' ]) == 1 ) {
$id = $_GET [ 'id' ] + 0 ;
$post = false ;
} else {
2020-05-22 17:21:46 +02:00
inputerr ( $account );
2020-05-20 10:04:56 +02:00
}
2020-05-22 17:21:46 +02:00
if ( $account [ 'Level' ] == 'guest' && $id == 0 ) inputerr ( $account );
2020-05-20 10:04:56 +02:00
if ( $account [ 'Level' ] == 'guest' && $id != $account [ 'ID' ])
muoribene ( '<p>You can edit <a href="account.php?id=' . $account [ 'ID' ] . '">your account</a> only.</p>' . N , true );
2020-05-22 17:21:46 +02:00
if ( $id != 0 ) {
$res = mysqli_query ( $link , 'SELECT * FROM Admins WHERE ID=' . $id )
or muoribene ( __LINE__ . ': ' . mysqli_error ( $link ), true );
if ( mysqli_num_rows ( $res ) == 0 )
muoribene ( '<p>Non esiste alcun account con ID=' . $id . '<br>Se vuoi puoi editare <a href="account.php?id=' . $account [ 'ID' ] . '">il tuo account</a>.</p>' , true );
$acc = mysqli_fetch_assoc ( $res );
$passreq = '' ;
} else {
$acc = array (
'ID' => 0 ,
'Username' => '' ,
'Email' => '' ,
'Password' => '' ,
'Level' => 'normal' ,
'MaxLocalities' => 1 ,
'MaxLanguages' => 0 ,
2020-05-23 13:58:17 +02:00
'MaxFinancing' => 3 ,
2020-05-22 17:21:46 +02:00
'MaxPolicies' => 3 ,
'MaxTags' => 3 ,
'Enabled' => 1
);
$passreq = ' required' ;
}
2020-05-20 10:04:56 +02:00
( $account [ 'ID' ] == $acc [ 'ID' ]) ? $ownacc = true : $ownacc = false ;
2020-05-22 17:21:46 +02:00
if ( $id != 0 && $account [ 'Level' ] == 'normal' && ! $ownacc && $acc [ 'Level' ] != 'guest' )
2020-05-20 10:04:56 +02:00
muoribene ( '<p>Come admin di livello “normale” puoi editare solo <a href="account.php?id=' . $account [ 'ID' ] . '">il tuo account</a> e gli account di livello “guest”.</p>' , true );
2020-05-22 17:21:46 +02:00
if ( $id == 0 )
$atit = t ( 'Nuovo account' , 'New account' );
elseif ( $ownacc )
$atit = t ( 'Il tuo account' , 'Your account' );
else
$atit = 'Account «' . hspech ( $acc [ 'Email' ]) . '»' ;
2020-05-20 10:04:56 +02:00
/*
[ id ] => 3
[ Username ] => bida
[ Email ] => mastodon @ bida . im
[ Password ] =>
[ CPassword ] =>
[ Level ] => guest
[ MaxLocalities ] => 1
[ MaxLanguages ] => 0
[ MaxFinancing ] => 5
[ MaxPolicies ] => 3
[ MaxTags ] => 3
[ Enabled ] => 1
*/
function ckmax ( $key ) {
global $fields ;
if ( preg_match ( '/^[0-9]+$/' , $_POST [ $key ]) == 1 && $_POST [ $key ] + 0 >= $fields [ $key ][ 'min' ] && $_POST [ $key ] + 0 <= $fields [ $key ][ 'max' ])
return ( true );
else
return ( false );
}
if ( $post ) {
$quea = array ();
$quea [] = 'Username="' . myesc ( $link , $_POST [ 'Username' ]) . '"' ;
$quea [] = 'Email="' . myesc ( $link , $_POST [ 'Email' ]) . '"' ;
if ( $_POST [ 'Password' ] != '' || $_POST [ 'CPassword' ] != '' ) {
2020-05-22 17:21:46 +02:00
if ( $_POST [ 'Password' ] != $_POST [ 'CPassword' ]) inputerr ( $account );
2020-05-20 10:04:56 +02:00
$quea [] = 'Password="' . myesc ( $link , password_hash ( $_POST [ 'Password' ], PASSWORD_DEFAULT )) . '"' ;
}
$ok = true ;
if ( array_key_exists ( 'Level' , $_POST )) {
if ( ! in_array ( $_POST [ 'Level' ], array ( 'guest' , 'normal' , 'super' ))) $ok = false ;
if ( $account [ 'Level' ] == 'normal' && ! $ownacc && ! in_array ( $_POST [ 'Level' ], array ( 'guest' , 'normal' ))) $ok = false ;
if ( $account [ 'Level' ] == 'normal' && $ownacc ) $ok = false ;
2020-05-22 17:21:46 +02:00
if ( $account [ 'Level' ] == 'guest' ) $ok = false ;
if ( ! $ok ) inputerr ( $account );
2020-05-20 10:04:56 +02:00
$quea [] = 'Level="' . $_POST [ 'Level' ] . '"' ;
}
if ( count ( ckkeys ( array ( 'MaxLocalities' , 'MaxLanguages' , 'MaxFinancing' , 'MaxPolicies' , 'MaxTags' ), $_POST )) == 0 ) {
if ( $account [ 'Level' ] == 'guest' ) $ok = false ;
if ( $account [ 'Level' ] == 'normal' && $ownacc ) $ok = false ;
if ( $ok && ckmax ( 'MaxLocalities' ) && ckmax ( 'MaxLanguages' ) && ckmax ( 'MaxFinancing' ) && ckmax ( 'MaxPolicies' ) && ckmax ( 'MaxTags' )) {
$quea [] = 'MaxLocalities=' . $_POST [ 'MaxLocalities' ];
$quea [] = 'MaxLanguages=' . $_POST [ 'MaxLanguages' ];
$quea [] = 'MaxFinancing=' . $_POST [ 'MaxFinancing' ];
$quea [] = 'MaxPolicies=' . $_POST [ 'MaxPolicies' ];
$quea [] = 'MaxTags=' . $_POST [ 'MaxTags' ];
} else {
2020-05-22 17:21:46 +02:00
inputerr ( $account );
2020-05-20 10:04:56 +02:00
}
}
if ( array_key_exists ( 'Enabled' , $_POST )) {
2020-05-22 17:21:46 +02:00
if ( ! in_array ( $_POST [ 'Enabled' ], array ( '0' , '1' ))) inputerr ( $account );
2020-05-20 10:04:56 +02:00
( $ownacc && $_POST [ 'Enabled' ] == '0' ) ? $logout = true : $logout = false ;
$quea [] = 'Enabled=' . $_POST [ 'Enabled' ];
}
2020-05-23 13:58:17 +02:00
if ( $id != 0 )
$que = 'UPDATE Admins SET ' . implode ( ', ' , $quea ) . ' WHERE ID=' . $id ;
else
$que = 'INSERT INTO Admins SET ' . implode ( ', ' , $quea );
2020-05-20 10:04:56 +02:00
$dbg .= 'QUERONA: ' . hspech ( $que );
mysqli_query ( $link , $que )
or muoribene ( __LINE__ . ': ' . mysqli_error ( $link ), true );
if ( $logout ) {
$_SESSION = array ();
session_destroy ();
muoribene ( '<p>' . t ( 'Il tuo account è stato disattivato correttamente. Ciao! :-)' , 'Your account has been correctly disabled. Bye! :-)' ) . '</p>' . N , true );
}
2020-05-23 13:58:17 +02:00
$out = '<div class="message">' ;
if ( $id != 0 ) {
if ( $ownacc )
$out .= t ( 'L’ . $id . '">tuo account («' . hspech ( $_POST [ 'Email' ]) . '»)</a> è andato a buon fine.' , '<a href="account.php?id=' . $id . '">Your account («' . hspech ( $_POST [ 'Email' ]) . '»)</a> was updated successfully.' );
else
$out .= t ( 'L’ ’ . $id . '">account «' . hspech ( $_POST [ 'Email' ]) . '»</a> è andato a buon fine.' , '<a href="account.php?id=' . $id . '">Account «' . hspech ( $_POST [ 'Email' ]) . '»</a> was updated successfully.' );
} else {
$id = mysqli_insert_id ( $link );
$out .= 'Il <a href="account.php?id=' . $id . '">nuovo account «' . hspech ( $_POST [ 'Email' ]) . '»</a> è stato creato correttamente.' ;
}
$out .= '</div>' . N ;
2020-05-20 10:04:56 +02:00
} else {
$out = '<form action="account.php" method="post" name="f" id="f">' . N ;
$out .= '<table class="edtab">' . N ;
$out .= '<tr><td class="insthead">' . $atit . '</td></tr>' . N ;
$out .= '<tr>' . N ;
$out .= '<td>' . N ;
$out .= '<input type="hidden" name="id" value="' . $id . '">' . N ;
$out .= '<div class="edrow"><div class="edfieldd"><label for="Username">' . t ( 'Nome' , 'Name' ) . ':</label></div><div class="edfield"><input type="text" name="Username" id="Username" value="' . hspech ( $acc [ 'Username' ]) . '" class="edinp" minlength="1" maxlength="' . $fields [ 'Username' ] . '" required autofocus></div></div>' . N ;
$out .= '<div class="edrow"><div class="edfieldd"><label for="Email">Email:</label></div><div class="edfield"><input type="email" name="Email" id="Email" value="' . hspech ( $acc [ 'Email' ]) . '" minlength="3" maxlength="' . $fields [ 'Email' ] . '" class="edinp" required></div></div>' . N ;
2020-05-22 17:21:46 +02:00
if ( $id != 0 ) $out .= '<div class="eddesc">' . t ( 'Lascia vuoti i campi “Password” e “Conferma password” per mantenere la password attuale.' , 'Leave “Password” and “Password confirm” fields blank to keep your current password.' ) . '</div>' . N ;
$out .= '<div class="edrow"><div class="edfieldd"><label for="Password">Password:</label></div><div class="edfield"><input type="password" name="Password" id="Password" minlength="8" maxlength="64" class="edinp" autocomplete="new-password"' . $passreq . '></div></div>' . N ;
2020-05-20 10:04:56 +02:00
$out .= '<div class="edrow"><div class="edfieldd"><label for="CPassword">' . t ( 'Conferma password' , 'Confirm password' ) . ':</label></div><div class="edfield"><input type="password" name="CPassword" id="CPassword" minlength="8" maxlength="64" class="edinp"></div></div>' . N ;
if ( $account [ 'Level' ] != 'guest' && ! $ownacc ) {
$out .= '<div class="edrow"><div class="edfieldd"><label for="Level">Livello:</label></div><div class="edfield"><select name="Level" id="Level" class="edinp"><option value="guest"' . (( $acc [ 'Level' ] == 'guest' ) ? ' selected' : '' ) . '>Ospite</option><option value="normal"' . (( $acc [ 'Level' ] == 'normal' ) ? ' selected' : '' ) . '>Normale</option>' ;
if ( $account [ 'Level' ] == 'super' )
$out .= '<option value="super"' . (( $acc [ 'Level' ] == 'super' ) ? ' selected' : '' ) . '>Super</option>' ;
$out .= '</select></div></div>' . N ;
$out .= '<div class="edrow"><div class="edfieldd"><label for="MaxLocalities">Numero massimo di località aggiungibili:</label></div><div class="edfield"><input type="number" step="1" name="MaxLocalities" id="MaxLocalities" min="' . $fields [ 'MaxLocalities' ][ 'min' ] . '" max="' . $fields [ 'MaxLocalities' ][ 'max' ] . '" value="' . $acc [ 'MaxLocalities' ] . '" required class="edinp"></div></div>' . N ;
$out .= '<div class="edrow"><div class="edfieldd"><label for="MaxLanguages">Numero massimo di lingue aggiungibili:</label></div><div class="edfield"><input type="number" step="1" name="MaxLanguages" id="MaxLanguages" min="' . $fields [ 'MaxLanguages' ][ 'min' ] . '" max="' . $fields [ 'MaxLanguages' ][ 'max' ] . '" value="' . $acc [ 'MaxLanguages' ] . '" required class="edinp"></div></div>' . N ;
$out .= '<div class="edrow"><div class="edfieldd"><label for="MaxFinancing">Numero massimo di mod. di finanziamento aggiungibili:</label></div><div class="edfield"><input type="number" step="1" name="MaxFinancing" id="MaxFinancing" min="' . $fields [ 'MaxFinancing' ][ 'min' ] . '" max="' . $fields [ 'MaxFinancing' ][ 'max' ] . '" value="' . $acc [ 'MaxFinancing' ] . '" required class="edinp"></div></div>' . N ;
$out .= '<div class="edrow"><div class="edfieldd"><label for="MaxPolicies">Numero massimo di policies aggiungibili:</label></div><div class="edfield"><input type="number" step="1" name="MaxPolicies" id="MaxPolicies" min="' . $fields [ 'MaxPolicies' ][ 'min' ] . '" max="' . $fields [ 'MaxPolicies' ][ 'max' ] . '" value="' . $acc [ 'MaxPolicies' ] . '" required class="edinp"></div></div>' . N ;
$out .= '<div class="edrow"><div class="edfieldd"><label for="MaxTags">Numero massimo di categorie aggiungibili:</label></div><div class="edfield"><input type="number" step="1" name="MaxTags" id="MaxTags" min="' . $fields [ 'MaxTags' ][ 'min' ] . '" max="' . $fields [ 'MaxTags' ][ 'max' ] . '" value="' . $acc [ 'MaxTags' ] . '" required class="edinp"></div></div>' . N ;
}
$out .= '<div class="edrow"><div class="edfieldd"><label for="Enabled">' . t ( 'Stato account:' , 'Account status:' ) . '</label></div><div class="edfield"><select name="Enabled" id="Enabled" class="edinp"><option value="1"' . (( $acc [ 'Enabled' ] == 1 ) ? ' selected' : '' ) . '>' . t ( 'Attivo' , 'Enabled' ) . '</option><option value="0"' . (( $acc [ 'Enabled' ] == 0 ) ? ' selected' : '' ) . '>' . t ( 'Non attivo' , 'Disabled' ) . '</option></select></div></div>' . N ;
2020-05-22 17:21:46 +02:00
$out .= '<input type="submit" value="' . t ( 'Salva' , 'Save' ) . '" class="button" onclick="return ckf();">' . N ;
2020-05-20 10:04:56 +02:00
$out .= '</td>' . N ;
$out .= '</tr>' . N ;
$out .= '</table>' . N ;
$out .= '</form>' . N ;
}
mysqli_close ( $link );
?>
<! DOCTYPE HTML >
< html lang = " en " >
< head >
< title > Mustard - < ? php echo ( $atit ); ?> </title>
< meta http - equiv = " Content-Type " content = " text/html; charset=utf-8 " >
2020-05-27 14:49:22 +02:00
< meta name = " description " content = " Admin pages for Mastodon Help " >
2020-05-20 10:04:56 +02:00
< meta name = " viewport " content = " width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no " >
< link rel = " icon " type = " image/png " href = " imgs/icona-32.png " sizes = " 32x32 " >
< link rel = " icon " type = " image/png " href = " imgs/icona-192.png " sizes = " 192x192 " >
< link rel = " icon " type = " image/png " href = " imgs/icona-512.png " sizes = " 512x512 " >
< link rel = " apple-touch-icon-precomposed " href = " imgs/icona-180.png " >
2020-05-21 05:34:33 +02:00
< link rel = " stylesheet " type = " text/css " href = " css/theme.css?v=<?php echo( $cjrand ); ?> " >
2020-05-20 10:04:56 +02:00
< script language = " JavaScript " src = " js/menu.js?v=<?php echo( $cjrand ); ?> " ></ script >
< script language = " JavaScript " src = " js/alerta.js?v=<?php echo( $cjrand ); ?> " ></ script >
< script language = " JavaScript " src = " js/confirma.js?v=<?php echo( $cjrand ); ?> " ></ script >
< script language = " JavaScript " >
<!--
< ? php if ( $account [ 'Level' ] != 'guest' ) require ( 'js/notifs.js.php' ); ?>
let english =< ? php if ( $english ) echo ( 'true' ); else echo ( 'false' ); ?> ;
let ownacc =< ? php if ( $ownacc ) echo ( 'true' ); else echo ( 'false' ); ?> ;
function t ( it , en ) {
if ( ! english )
return ( it );
else
return ( en );
}
function ckf () {
/* let objv = document . getElementById ( 'Username' ) . value , amsg = '' ;
if ( objv . length () < 1 ) amsg += '<li>' + t ( '“Nome” deve essere almeno un carattere' , '“Name” must be at least one character' ) + '</li>' ; */
2020-05-22 17:21:46 +02:00
//alert('La gira!');
2020-05-20 10:04:56 +02:00
let pass = document . getElementById ( 'Password' ), cpass = document . getElementById ( 'CPassword' );
pass . setCustomValidity ( '' );
if ( pass . value != '' && pass . value != cpass . value ) {
pass . setCustomValidity ( t ( '“Password” e “Conferma password” non corrispondono' , '“Password” and “Confirm password” don’ ));
2020-05-22 17:21:46 +02:00
pass . reportValidity ();
2020-05-20 10:04:56 +02:00
return ( false );
} else {
if ( ownacc && document . getElementById ( 'Enabled' ) . value == '0' ) {
confirma ( t ( 'Attenzione!' , 'Warning!' ), '<p>' + t ( 'Stai per disabilitare il tuo stesso account: la sessione corrente sarà interrotta e non potrai più rientrare in Mustard finché un admin non lo riabiliterà. Confermi di voler disabilitare il tuo account?' , 'You are about to disable your own account: current session will be closed and you won’ ) + '</p>' , 'No' , t ( 'Si' , 'Yes' ), '' , 'document.f.submit();' );
return ( false );
} else {
//document.f.submit();
return ( true );
}
}
}
//-->
</ script >
</ head >
< body >
< nav >
< div id = " hmenu " >
< ul >
< ? php echo ( $menuout ); ?>
</ ul >
< div class = " mtit " >< ? php echo ( $atit ); ?> </div>
< div id = " rightdiv " >
< ? php if ( $account [ 'Level' ] != 'guest' ) echo ( '<img src="' . $notifs [ 'imgoff' ] . '" id="bell" class="rlinks" title="Show notifications" onclick="shidenotifs();">' . N ); ?>
< img src = " imgs/esci.svg " class = " rlinks " title = " Logout " onclick = " document.location.href='logout.php'; " >
</ div >
</ div >
</ nav >
< ? php if ( $account [ 'Level' ] != 'guest' ) echo ( $notifs [ 'div' ]); ?>
< div id = " popup " >
< div id = " inpopup " >
< div id = " popupcont " >
...
</ div >
</ div >
</ div >
<!-- < div id = " footer " >
</ div > -->
< div id = " fullscreen " >
< div id = " middlerow " >
< ? php echo ( $out ); ?>
</ div >
</ div >
< div id = " debug " >
< ? php echo ( $dbg ); ?>
</ div >
</ body >
</ html >
