WKVS_gitea/WKVS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
373118365462d65ff3dd49594e37fd218b329a0c
WKVS/www/intern/scripts/logindata/ajax-update-user-information.php

164 lines
4.0 KiB
PHP
Raw Blame History

<?php
use Dotenv\Dotenv;
header('Content-Type: application/json');
if (!isset($baseDir)) {
$baseDir = $_SERVER['DOCUMENT_ROOT'];
}
require_once $baseDir . '/../scripts/session_functions.php';
ini_wkvs_session();
check_user_permission('wk_leitung');
verify_csrf();
require $baseDir . '/../scripts/db/db-functions.php';
require $baseDir . '/../scripts/db/db-tables.php';
$type = 'wkl';
$dbconnection = require $baseDir . '/../scripts/db/db-verbindung-script.php';
if ($dbconnection['success'] !== true){
echo json_encode(['success' => false, 'message' => 'Critical DB Error.']);
exit;
}
if (isset($_POST['field_id'])){
$id = intval($_POST['field_id']);
} else {
echo json_encode(['success' => false, 'message' => 'Invalid Input.']);
exit;
}
$editor_id = $_SESSION['user_id_wk_leitung'];
$plain = trim($_POST['password'] ?? '');
if (!$plain) {
echo json_encode(['success' => false, 'message' => 'Invalid Input.']);
exit;
}
$username = htmlspecialchars(trim($_POST['username'] ?? ''));
if (!$username) {
echo json_encode(['success' => false, 'message' => 'Invalid Input.']);
exit;
}
$namePerson = htmlspecialchars(trim($_POST['namePerson'] ?? ''));
$freigaben = $_POST['freigaben'] ?? [];
$freigabenTrainer = $_POST['freigabenTrainer'] ?? [];
$freigabenKampfrichter = $_POST['freigabenKampfrichter'] ?? [];
if (!is_array($freigaben)) {
$freigaben = [];
}
if (!is_array($freigabenTrainer)) {
$freigabenTrainer = [];
}
if (!is_array($freigabenKampfrichter)) {
$freigabenKampfrichter = [];
}
$array = [
'types' => $freigaben,
'freigabenTrainer' => $freigabenTrainer,
'freigabenKampfrichter' => $freigabenKampfrichter
];
// Store as proper JSON string
$freigabe_store = json_encode($array);
// Hash for login
$hash = password_hash($plain, PASSWORD_ARGON2ID);
require $baseDir . '/../composer/vendor/autoload.php';
$envFile = realpath($baseDir . '/../config/.env.pw-encryption-key');
if ($envFile === false) {
http_response_code(500);
echo json_encode([
'success' => false,
'message' => "Environment file not found"
]);
exit;
}
try {
$envDir = dirname($envFile);
$dotenv = Dotenv::createImmutable($envDir, '.env.pw-encryption-key');
$dotenv->load();
} catch (Throwable $e) {
http_response_code(500);
echo json_encode([
'success' => false,
'message' => "Dotenv error"
]);
}
// Encrypt for display
$iv_length = openssl_cipher_iv_length('aes-256-cbc');
$iv = random_bytes($iv_length);
$encrypted = openssl_encrypt($plain, 'aes-256-cbc', $_ENV['PW_ENCRYPTION_KEY'], 0, $iv);
$cipher_store = base64_encode($iv . $encrypted);
if ($id > 0) {
$updated = db_update($mysqli, $tableInternUsers, [
'password_hash' => $hash,
'password_cipher' => $cipher_store,
'username' => $username,
'name_person' => $namePerson,
'freigabe' => $freigabe_store,
'updated_at' => date('Y-m-d H:i:s'),
'edited_by' => $editor_id
], ['id' => $id]);
} else {
$stmt = $mysqli->prepare(
"INSERT INTO {$tableInternUsers}
(username, name_person, password_hash, password_cipher, freigabe, created_at, updated_at, edited_by, login_active)
VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?)"
);
$loginActive = 1;
$stmt->bind_param(
"sssssssis",
$username,
$namePerson,
$hash,
$cipher_store,
$freigabe_store,
$created_at,
$updated_at,
$editor_id,
$loginActive
);
$created_at = date('Y-m-d H:i:s');
$updated_at = $created_at;
$updated = $stmt->execute();
}
if ($updated !== false) {
if ($id == 0) { // new user
$new_id = $mysqli->insert_id;
echo json_encode(['success' => true, 'message' => $username.' wurde erfolgreich erstellt.', 'id' => $new_id]);
} else {
echo json_encode(['success' => true, 'message' => $username.' wurde erfolgreich aktualisiert.']);
}
} else {
echo json_encode(['success' => false, 'message' => 'DB Error']);
}
Reference in New Issue View Git Blame Copy Permalink