renderInactiveUsers(); $this->renderActiveUsers(); } private function renderInactiveUsers(): void { $result = mysqli_query($this->dbConnection, 'SELECT * FROM user WHERE active=0'); $content = ''; while ($row = mysqli_fetch_assoc($result)) { $content .= '' . $row['username'] . '' . $this->decode($row['realname'], $row['salt']) . '' . $this->decode($row['email'], $row['salt']) . '' . 'Aktivieren' . 'Löschen'; } $content .= ''; $this->content['inactive_accounts'] = $content; } private function renderActiveUsers(): void { $result = mysqli_query($this->dbConnection, 'SELECT * FROM user WHERE active=1'); $content = ''; while ($row = mysqli_fetch_assoc($result)) { $content .= '' . $row['username'] . '' . $this->decode($row['realname'], $row['salt']) . '' . $this->decode($row['email'], $row['salt']) . '' . 'Löschen'; } $content .= ''; $this->content['active_accounts'] = $content; } protected function formAction(): void { $actionParams = explode(':', trim(filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING))); switch ($actionParams[0]) { case 'activate': $this->activateAccount($actionParams[1]); break; case 'delete': $this->deleteAccount($actionParams[1]); break; default: break; } } private function activateAccount(string $accountName): void { $emailTo = 'Vorstand Förderverein AJS '; mysqli_begin_transaction($this->dbConnection); mysqli_query($this->dbConnection, sprintf('UPDATE `user` SET `active`=1 WHERE `username`="%s"', $accountName)); mysqli_commit($this->dbConnection); $result = mysqli_query($this->dbConnection, 'SELECT * FROM user WHERE `username` = lower("' . trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_ADD_SLASHES)) . '")'); $user = mysqli_fetch_assoc($result); $message = 'Dein Account "' . $accountName . '" wurde aktiviert.'; $headers = 'From: ' . $emailTo . "\r\n" . 'Reply-To: ' . $emailTo . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($user['email'], 'Zugang zu internem Bereich beantragt', $message, $headers); header('Location: accounts', true, 301); die(); } private function deleteAccount(string $accountName): void { $emailTo = 'Vorstand Förderverein AJS '; $result = mysqli_query($this->dbConnection, 'SELECT * FROM user WHERE `username` = lower("' . trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_ADD_SLASHES)) . '")'); $user = mysqli_fetch_assoc($result); mysqli_begin_transaction($this->dbConnection); mysqli_query($this->dbConnection, sprintf('UPDATE `user` SET `active`=-1 WHERE `username`="%s"', $accountName)); mysqli_commit($this->dbConnection); $message = 'Der Account "' . $accountName . '" wurde als gelöscht markiert.'; $headers = 'From: ' . $emailTo . "\r\n" . 'Reply-To: ' . $emailTo . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($user['email'], 'Zugang zu internem Bereich beantragt', $message, $headers); header('Location: accounts', true, 301); die(); } }