81 lines
4.0 KiB
PHP
81 lines
4.0 KiB
PHP
<?php
|
|
include 'renderer.php';
|
|
|
|
class Accounts extends Renderer {
|
|
public function __construct(?string $templateName) {
|
|
parent::__construct($templateName);
|
|
$this->renderInactiveUsers();
|
|
$this->renderActiveUsers();
|
|
}
|
|
|
|
private function renderInactiveUsers(): void {
|
|
$result = mysqli_query($this->dbConnection, 'SELECT * FROM user WHERE active=0');
|
|
$content = '<tbody>';
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$content .= '<tr><td>' . $row['username'] . '</td><td>' . $this->decode($row['realname'], $row['salt'])
|
|
. '</td><td>' . $this->decode($row['email'], $row['salt']) . '</td>'
|
|
. '<td><button type="submit" name="action" value="activate:' . $row['username'] . '">Aktivieren</button>'
|
|
. '<button type="submit" name="action" value="delete:' . $row['username'] . '">Löschen</button></td></tr>';
|
|
}
|
|
$content .= '</tbody>';
|
|
$this->content['inactive_accounts'] = $content;
|
|
}
|
|
|
|
private function renderActiveUsers(): void {
|
|
$result = mysqli_query($this->dbConnection, 'SELECT * FROM user WHERE active=1');
|
|
$content = '<tbody>';
|
|
while ($row = mysqli_fetch_assoc($result)) {
|
|
$content .= '<tr><td>' . $row['username'] . '</td><td>' . $this->decode($row['realname'], $row['salt'])
|
|
. '</td><td>' . $this->decode($row['email'], $row['salt']) . '</td>'
|
|
. '<td><button type="submit" name="action" value="delete:' . $row['username'] . '">Löschen</button></td></tr>';
|
|
}
|
|
$content .= '</tbody>';
|
|
$this->content['active_accounts'] = $content;
|
|
}
|
|
|
|
protected function formAction(): void {
|
|
$actionParams = explode(':', trim(filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING)));
|
|
switch ($actionParams[0]) {
|
|
case 'activate':
|
|
$this->activateAccount($actionParams[1]);
|
|
break;
|
|
case 'delete':
|
|
$this->deleteAccount($actionParams[1]);
|
|
break;
|
|
default:
|
|
break;
|
|
}
|
|
}
|
|
|
|
private function activateAccount(string $accountName): void {
|
|
$emailTo = 'Vorstand Förderverein AJS <foerderverein-ajs@gmx.de>';
|
|
mysqli_begin_transaction($this->dbConnection);
|
|
mysqli_query($this->dbConnection, sprintf('UPDATE `user` SET `active`=1 WHERE `username`="%s"', $accountName));
|
|
mysqli_commit($this->dbConnection);
|
|
$result = mysqli_query($this->dbConnection, 'SELECT * FROM user WHERE `username` = lower("' . trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_ADD_SLASHES)) . '")');
|
|
$user = mysqli_fetch_assoc($result);
|
|
$message = 'Dein Account "' . $accountName . '" wurde aktiviert.';
|
|
$headers = 'From: ' . $emailTo . "\r\n" .
|
|
'Reply-To: ' . $emailTo . "\r\n" .
|
|
'X-Mailer: PHP/' . phpversion();
|
|
mail($user['email'], 'Zugang zu internem Bereich beantragt', $message, $headers);
|
|
header('Location: accounts', true, 301);
|
|
die();
|
|
}
|
|
|
|
private function deleteAccount(string $accountName): void {
|
|
$emailTo = 'Vorstand Förderverein AJS <foerderverein-ajs@gmx.de>';
|
|
$result = mysqli_query($this->dbConnection, 'SELECT * FROM user WHERE `username` = lower("' . trim(filter_input(INPUT_POST, 'username', FILTER_SANITIZE_ADD_SLASHES)) . '")');
|
|
$user = mysqli_fetch_assoc($result);
|
|
mysqli_begin_transaction($this->dbConnection);
|
|
mysqli_query($this->dbConnection, sprintf('UPDATE `user` SET `active`=-1 WHERE `username`="%s"', $accountName));
|
|
mysqli_commit($this->dbConnection);
|
|
$message = 'Der Account "' . $accountName . '" wurde als gelöscht markiert.';
|
|
$headers = 'From: ' . $emailTo . "\r\n" .
|
|
'Reply-To: ' . $emailTo . "\r\n" .
|
|
'X-Mailer: PHP/' . phpversion();
|
|
mail($user['email'], 'Zugang zu internem Bereich beantragt', $message, $headers);
|
|
header('Location: accounts', true, 301);
|
|
die();
|
|
}
|
|
} |