First version, for githup; UNSTABLE, DO NOT USE!
This commit is contained in:
Fabio Herzig
159
www/intern/scripts/logindata/ajax-update-user-information.php
Normal file
159
www/intern/scripts/logindata/ajax-update-user-information.php
Normal file
@@ -0,0 +1,159 @@
|
||||
<?php
|
||||
|
||||
use Dotenv\Dotenv;
|
||||
|
||||
header('Content-Type: application/json');
|
||||
|
||||
if (session_status() !== PHP_SESSION_ACTIVE) session_start();
|
||||
|
||||
if (empty($_SESSION['access_granted_wk_leitung']) || $_SESSION['access_granted_wk_leitung'] !== true || empty($_SESSION['passcodewk_leitung_id']) || intval($_SESSION['passcodewk_leitung_id']) < 1 ) {
|
||||
http_response_code(403);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (!isset($baseDir)) {
|
||||
$baseDir = $_SERVER['DOCUMENT_ROOT'];
|
||||
}
|
||||
|
||||
require $baseDir . '/../scripts/db/db-functions.php';
|
||||
require $baseDir . '/../scripts/db/db-tables.php';
|
||||
require $baseDir . '/../scripts/csrf_functions.php';
|
||||
|
||||
|
||||
$type = 'wkl';
|
||||
|
||||
$dbconnection = require $baseDir . '/../scripts/db/db-verbindung-script.php';
|
||||
|
||||
if ($dbconnection['success'] !== true){
|
||||
echo json_encode(['success' => false, 'message' => 'Critical DB Error.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
if (isset($_POST['field_id'])){
|
||||
$id = intval($_POST['field_id']);
|
||||
} else {
|
||||
echo json_encode(['success' => false, 'message' => 'Invalid Input.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$editor_id = $_SESSION['passcodewk_leitung_id'];
|
||||
$plain = trim($_POST['password'] ?? '');
|
||||
|
||||
if (!$plain) {
|
||||
echo json_encode(['success' => false, 'message' => 'Invalid Input.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$username = htmlspecialchars(trim($_POST['username'] ?? ''));
|
||||
|
||||
if (!$username) {
|
||||
echo json_encode(['success' => false, 'message' => 'Invalid Input.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
$freigaben = $_POST['freigaben'] ?? [];
|
||||
$freigabenTrainer = $_POST['freigabenTrainer'] ?? [];
|
||||
$freigabenKampfrichter = $_POST['freigabenKampfrichter'] ?? [];
|
||||
|
||||
if (!is_array($freigaben)) {
|
||||
$freigaben = [];
|
||||
}
|
||||
if (!is_array($freigabenTrainer)) {
|
||||
$freigabenTrainer = [];
|
||||
}
|
||||
if (!is_array($freigabenKampfrichter)) {
|
||||
$freigabenKampfrichter = [];
|
||||
}
|
||||
|
||||
$array = [
|
||||
'types' => $freigaben,
|
||||
'freigabenTrainer' => $freigabenTrainer,
|
||||
'freigabenKampfrichter' => $freigabenKampfrichter
|
||||
];
|
||||
|
||||
// Store as proper JSON string
|
||||
$freigabe_store = json_encode($array);
|
||||
|
||||
// Hash for login
|
||||
$hash = password_hash($plain, PASSWORD_ARGON2ID);
|
||||
|
||||
|
||||
require $baseDir . '/../composer/vendor/autoload.php';
|
||||
|
||||
$envFile = realpath($baseDir . '/../config/.env.pw-encryption-key');
|
||||
|
||||
if ($envFile === false) {
|
||||
http_response_code(500);
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => "Environment file not found"
|
||||
]);
|
||||
exit;
|
||||
}
|
||||
|
||||
try {
|
||||
$envDir = dirname($envFile);
|
||||
|
||||
$dotenv = Dotenv::createImmutable($envDir, '.env.pw-encryption-key');
|
||||
|
||||
$dotenv->load();
|
||||
} catch (Throwable $e) {
|
||||
http_response_code(500);
|
||||
echo json_encode([
|
||||
'success' => false,
|
||||
'message' => "Dotenv error"
|
||||
]);
|
||||
}
|
||||
|
||||
// Encrypt for display
|
||||
$iv_length = openssl_cipher_iv_length('aes-256-cbc');
|
||||
$iv = random_bytes($iv_length);
|
||||
$encrypted = openssl_encrypt($plain, 'aes-256-cbc', $_ENV['PW_ENCRYPTION_KEY'], 0, $iv);
|
||||
$cipher_store = base64_encode($iv . $encrypted);
|
||||
|
||||
|
||||
if ($id > 0) {
|
||||
$updated = db_update($mysqli, $tableInternUsers, [
|
||||
'password_hash' => $hash,
|
||||
'password_cipher' => $cipher_store,
|
||||
'username' => $username,
|
||||
'freigabe' => $freigabe_store,
|
||||
'updated_at' => date('Y-m-d H:i:s'),
|
||||
'edited_by' => $editor_id
|
||||
], ['id' => $id]);
|
||||
} else {
|
||||
$stmt = $mysqli->prepare(
|
||||
"INSERT INTO {$tableInternUsers}
|
||||
(username, password_hash, password_cipher, freigabe, created_at, updated_at, edited_by)
|
||||
VALUES (?, ?, ?, ?, ?, ?, ?)"
|
||||
);
|
||||
|
||||
$stmt->bind_param(
|
||||
"ssssssi",
|
||||
$username,
|
||||
$hash,
|
||||
$cipher_store,
|
||||
$freigabe_store,
|
||||
$created_at,
|
||||
$updated_at,
|
||||
$editor_id
|
||||
);
|
||||
|
||||
$created_at = date('Y-m-d H:i:s');
|
||||
$updated_at = $created_at;
|
||||
|
||||
$updated = $stmt->execute();
|
||||
}
|
||||
|
||||
if ($updated !== false) {
|
||||
if ($id == 0) { // new user
|
||||
$new_id = $mysqli->insert_id;
|
||||
|
||||
echo json_encode(['success' => true, 'message' => $username.' wurde erfolgreich erstellt.', 'id' => $new_id]);
|
||||
} else {
|
||||
echo json_encode(['success' => true, 'message' => $username.' wurde erfolgreich aktualisiert.']);
|
||||
}
|
||||
} else {
|
||||
echo json_encode(['success' => false, 'message' => 'DB Error']);
|
||||
}
|
||||
Reference in New Issue
Block a user