2017-08-04 16:28:16 +02:00
< ? php
include_once __DIR__ . '/../../core.php' ;
2017-09-01 18:13:25 +02:00
$id_utente = filter ( 'id_utente' );
2017-08-04 16:28:16 +02:00
switch ( filter ( 'op' )) {
// Abilita utente
case 'enable' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'UPDATE zz_users SET enabled=1 WHERE id=' . prepare ( $id_utente ))) {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'infos' ][] = tr ( 'Utente abilitato!' );
2017-08-04 16:28:16 +02:00
}
break ;
// Disabilita utente
case 'disable' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'UPDATE zz_users SET enabled=0 WHERE id=' . prepare ( $id_utente ))) {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'infos' ][] = tr ( 'Utente disabilitato!' );
2017-08-04 16:28:16 +02:00
}
break ;
// Cambio di password e usernome dell'utente
case 'change_pwd' :
2017-09-01 18:13:25 +02:00
$id_utente = filter ( 'id_utente' );
2017-08-04 16:28:16 +02:00
$min_length = filter ( 'min_length' );
$min_length_username = filter ( 'min_length_username' );
$password = filter ( 'password1' );
$password_rep = filter ( 'password2' );
// Verifico che la password sia di almeno x caratteri
2017-08-24 10:39:32 +02:00
if ( strlen ( $password ) < $min_length ) {
2017-09-10 14:35:41 +02:00
$_SESSION [ 'errors' ][] = tr ( 'La password deve essere lunga almeno _MIN_ caratteri!' , [
'_MIN_' => $min_length ,
]);
2017-08-24 10:39:32 +02:00
} elseif ( $password != $password_rep ) {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Le password non coincidono' );
2017-08-24 10:39:32 +02:00
} else {
2017-09-12 16:17:11 +02:00
$idanag = explode ( '-' , filter ( 'idanag' ));
$idtipoanagrafica = $idanag [ 0 ];
$idanagrafica = $idanag [ 1 ];
$dbo -> query ( 'UPDATE zz_users SET password=' . prepare ( Auth :: hashPassword ( $password )) . ', idanagrafica=' . prepare ( $idanagrafica ) . ', idtipoanagrafica=' . prepare ( $idtipoanagrafica ) . ' WHERE id=' . prepare ( $id_utente ));
2017-08-04 16:28:16 +02:00
2017-09-04 12:02:29 +02:00
$_SESSION [ 'infos' ][] = tr ( 'Password aggiornata!' );
2017-08-04 16:28:16 +02:00
}
$username = filter ( 'username' );
// Se ho modificato l'username, verifico che questo non sia già stato usato
2017-09-04 10:24:44 +02:00
$rs = $dbo -> fetchArray ( 'SELECT username FROM zz_users WHERE id=' . prepare ( $id_utente ));
2017-08-04 16:28:16 +02:00
if ( $rs [ 0 ][ 'username' ] != $username ) {
2017-09-04 10:24:44 +02:00
$n = $dbo -> fetchNum ( 'SELECT id FROM zz_users WHERE username=' . prepare ( $username ));
2017-08-04 16:28:16 +02:00
if ( $n == 0 ) {
2017-09-04 10:24:44 +02:00
$dbo -> query ( 'UPDATE zz_users SET username=' . prepare ( $username ) . ' WHERE id=' . prepare ( $id_utente ));
2017-08-04 16:28:16 +02:00
2017-09-04 12:02:29 +02:00
$_SESSION [ 'infos' ][] = tr ( 'Username aggiornato!' );
2017-08-04 16:28:16 +02:00
} else {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Utente già esistente!' );
2017-08-04 16:28:16 +02:00
}
}
2018-02-20 14:23:00 +01:00
if ( empty ( $id_record )) {
redirect ( ROOTDIR . '/modules/utenti/info.php' );
}
2017-08-04 16:28:16 +02:00
break ;
// Aggiunta di un nuovo utente
case 'adduser' :
$username = filter ( 'username' );
$min_length = filter ( 'min_length' );
$min_length_username = filter ( 'min_length_username' );
$password = filter ( 'password1' );
$password_rep = filter ( 'password2' );
$idanag = explode ( '-' , filter ( 'idanag' ));
2017-09-12 16:17:11 +02:00
$idtipoanagrafica = $idanag [ 0 ];
$idanagrafica = $idanag [ 1 ];
2017-08-04 16:28:16 +02:00
// Verifico che questo username non sia già stato usato
$n = $dbo -> fetchNum ( 'SELECT * FROM zz_users WHERE username=' . prepare ( $username ));
if ( $n == 0 ) {
// Verifico che la password sia di almeno x caratteri
2017-08-24 10:39:32 +02:00
if ( strlen ( $password ) < $min_length ) {
2017-09-10 14:35:41 +02:00
$_SESSION [ 'errors' ][] = tr ( 'La password deve essere lunga almeno _MIN_ caratteri!' , [
'_MIN_' => $min_length ,
]);
2017-08-24 10:39:32 +02:00
} elseif ( $password != $password_rep ) {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Le password non coincidono' );
2017-08-24 10:39:32 +02:00
} else {
2017-08-04 16:28:16 +02:00
if ( $dbo -> query ( 'INSERT INTO zz_users(idgruppo, username, password, idanagrafica, idtipoanagrafica, enabled, email) VALUES(' . prepare ( $id_record ) . ', ' . prepare ( $username ) . ', ' . prepare ( Auth :: hashPassword ( $password )) . ', ' . prepare ( $idanagrafica ) . ', ' . prepare ( $idtipoanagrafica ) . " , 1, '') " )) {
$dbo -> query ( 'INSERT INTO `zz_tokens` (`id_utente`, `token`) VALUES (' . prepare ( $dbo -> lastInsertedID ()) . ', ' . prepare ( secure_random_string ()) . ')' );
2017-09-04 12:02:29 +02:00
$_SESSION [ 'infos' ][] = tr ( 'Utente aggiunto!' );
2017-08-04 16:28:16 +02:00
}
}
} else {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Utente già esistente!' );
2017-08-04 16:28:16 +02:00
}
break ;
// Aggiunta nuovo gruppo
case 'add' :
$nome = filter ( 'nome' );
// Verifico che questo username non sia già stato usato
if ( $dbo -> fetchNum ( 'SELECT nome FROM zz_groups WHERE nome=' . prepare ( $nome )) == 0 ) {
$dbo -> query ( 'INSERT INTO zz_groups( nome, editable ) VALUES(' . prepare ( $nome ) . ', 1)' );
2017-09-04 12:02:29 +02:00
$_SESSION [ 'infos' ][] = tr ( 'Gruppo aggiunto!' );
2017-08-04 16:28:16 +02:00
$id_record = $dbo -> lastInsertedID ();
} else {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Gruppo già esistente!' );
2017-08-04 16:28:16 +02:00
}
break ;
// Elimina utente
2018-07-02 09:55:16 +02:00
case 'delete' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'DELETE FROM zz_users WHERE id=' . prepare ( $id_utente ))) {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'infos' ][] = tr ( 'Utente eliminato!' );
2017-08-04 16:28:16 +02:00
}
break ;
2018-07-02 09:55:16 +02:00
// Disabilita API utente
case 'token' :
$token = $dbo -> fetchOne ( 'SELECT `enabled` FROM `zz_tokens` WHERE `id_utente` = ' . prepare ( $id_record ));
if ( $dbo -> query ( 'UPDATE zz_tokens SET enabled = ' . ( empty ( $token [ 'enabled' ]) ? 1 : 0 ) . ' WHERE id_utente = ' . prepare ( $id_utente ))) {
$_SESSION [ 'infos' ][] = tr ( 'Utente eliminato!' );
}
break ;
2017-08-04 16:28:16 +02:00
// Elimina gruppo
case 'deletegroup' :
// Verifico se questo gruppo si può eliminare
$query = 'SELECT editable FROM zz_groups WHERE id=' . prepare ( $id_record );
$rs = $dbo -> fetchArray ( $query );
if ( $rs [ 0 ][ 'editable' ] == 1 ) {
if ( $dbo -> query ( 'DELETE FROM zz_groups WHERE id=' . prepare ( $id_record ))) {
$dbo -> query ( 'DELETE FROM zz_users WHERE idgruppo=' . prepare ( $id_record ));
$dbo -> query ( 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ));
2017-09-04 12:02:29 +02:00
$_SESSION [ 'infos' ][] = tr ( 'Gruppo eliminato!' );
2017-08-04 16:28:16 +02:00
}
} else {
2017-09-04 12:02:29 +02:00
$_SESSION [ 'errors' ][] = tr ( 'Questo gruppo non si può eliminare!' );
2017-08-04 16:28:16 +02:00
}
break ;
// Aggiornamento dei permessi di accesso
case 'update_permission' :
$permessi = filter ( 'permesso' );
$idmodulo = filter ( 'idmodulo' );
// Verifico che ci sia il permesso per questo gruppo
$rs = $dbo -> fetchArray ( 'SELECT * FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ) . ' AND idmodule=' . prepare ( $idmodulo ));
if ( count ( $rs ) == 0 ) {
$query = 'INSERT INTO zz_permissions(idgruppo, idmodule, permessi) VALUES(' . prepare ( $id_record ) . ', ' . prepare ( $idmodulo ) . ', ' . prepare ( $permessi ) . ')' ;
} else {
$query = 'UPDATE zz_permissions SET permessi=' . prepare ( $permessi ) . ' WHERE id=' . prepare ( $rs [ 0 ][ 'id' ]);
}
2017-08-24 10:39:32 +02:00
// Aggiunta dei permessi relativi alle viste
$count = $dbo -> fetchArray ( 'SELECT COUNT(*) AS count FROM `zz_group_view` WHERE `id_gruppo` = ' . prepare ( $id_record ) . ' AND `id_vista` IN (SELECT `id` FROM `zz_views` WHERE `id_module`=' . prepare ( $idmodulo ) . ')' );
if ( empty ( $count [ 0 ][ 'count' ])) {
$results = $dbo -> fetchArray ( 'SELECT `id_vista` FROM `zz_group_view` WHERE `id_vista` IN (SELECT `id` FROM `zz_views` WHERE `id_module`=' . prepare ( $idmodulo ) . ')' );
foreach ( $results as $result ) {
$dbo -> attach ( 'zz_group_view' , [ 'id_vista' => $result [ 'id_vista' ]], [ 'id_gruppo' => $id_record ]);
}
}
2017-08-04 16:28:16 +02:00
$dbo -> query ( $query );
ob_end_clean ();
echo 'ok' ;
break ;
}