2017-08-04 16:28:16 +02:00
< ? php
include_once __DIR__ . '/../../core.php' ;
2017-09-01 18:13:25 +02:00
$id_utente = filter ( 'id_utente' );
2017-08-04 16:28:16 +02:00
switch ( filter ( 'op' )) {
// Abilita utente
case 'enable' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'UPDATE zz_users SET enabled=1 WHERE id=' . prepare ( $id_utente ))) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente abilitato!' ));
2017-08-04 16:28:16 +02:00
}
break ;
// Disabilita utente
case 'disable' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'UPDATE zz_users SET enabled=0 WHERE id=' . prepare ( $id_utente ))) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente disabilitato!' ));
2017-08-04 16:28:16 +02:00
}
break ;
// Cambio di password e usernome dell'utente
case 'change_pwd' :
2017-09-01 18:13:25 +02:00
$id_utente = filter ( 'id_utente' );
2017-08-04 16:28:16 +02:00
$min_length = filter ( 'min_length' );
$min_length_username = filter ( 'min_length_username' );
$password = filter ( 'password1' );
$password_rep = filter ( 'password2' );
// Verifico che la password sia di almeno x caratteri
2017-08-24 10:39:32 +02:00
if ( strlen ( $password ) < $min_length ) {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'La password deve essere lunga almeno _MIN_ caratteri!' , [
2017-09-10 14:35:41 +02:00
'_MIN_' => $min_length ,
2018-07-07 13:56:22 +02:00
]));
2017-08-24 10:39:32 +02:00
} elseif ( $password != $password_rep ) {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Le password non coincidono' ));
2017-08-24 10:39:32 +02:00
} else {
2018-07-03 11:12:32 +02:00
$idanagrafica = filter ( 'idanag' );
2017-09-12 16:17:11 +02:00
2018-07-03 11:12:32 +02:00
$dbo -> query ( 'UPDATE zz_users SET password=' . prepare ( Auth :: hashPassword ( $password )) . ', idanagrafica=' . prepare ( $idanagrafica ) . ' WHERE id=' . prepare ( $id_utente ));
2017-08-04 16:28:16 +02:00
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Password aggiornata!' ));
2017-08-04 16:28:16 +02:00
}
$username = filter ( 'username' );
// Se ho modificato l'username, verifico che questo non sia già stato usato
2017-09-04 10:24:44 +02:00
$rs = $dbo -> fetchArray ( 'SELECT username FROM zz_users WHERE id=' . prepare ( $id_utente ));
2017-08-04 16:28:16 +02:00
if ( $rs [ 0 ][ 'username' ] != $username ) {
2017-09-04 10:24:44 +02:00
$n = $dbo -> fetchNum ( 'SELECT id FROM zz_users WHERE username=' . prepare ( $username ));
2017-08-04 16:28:16 +02:00
if ( $n == 0 ) {
2017-09-04 10:24:44 +02:00
$dbo -> query ( 'UPDATE zz_users SET username=' . prepare ( $username ) . ' WHERE id=' . prepare ( $id_utente ));
2017-08-04 16:28:16 +02:00
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Username aggiornato!' ));
2017-08-04 16:28:16 +02:00
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Utente già esistente!' ));
2017-08-04 16:28:16 +02:00
}
}
2018-02-20 14:23:00 +01:00
if ( empty ( $id_record )) {
redirect ( ROOTDIR . '/modules/utenti/info.php' );
}
2017-08-04 16:28:16 +02:00
break ;
// Aggiunta di un nuovo utente
case 'adduser' :
$username = filter ( 'username' );
$min_length = filter ( 'min_length' );
$min_length_username = filter ( 'min_length_username' );
$password = filter ( 'password1' );
$password_rep = filter ( 'password2' );
2018-07-03 11:12:32 +02:00
$idanagrafica = filter ( 'idanag' );
2017-08-04 16:28:16 +02:00
// Verifico che questo username non sia già stato usato
$n = $dbo -> fetchNum ( 'SELECT * FROM zz_users WHERE username=' . prepare ( $username ));
if ( $n == 0 ) {
// Verifico che la password sia di almeno x caratteri
2017-08-24 10:39:32 +02:00
if ( strlen ( $password ) < $min_length ) {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'La password deve essere lunga almeno _MIN_ caratteri!' , [
2017-09-10 14:35:41 +02:00
'_MIN_' => $min_length ,
2018-07-07 13:56:22 +02:00
]));
2017-08-24 10:39:32 +02:00
} elseif ( $password != $password_rep ) {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Le password non coincidono' ));
2017-08-24 10:39:32 +02:00
} else {
2018-07-03 11:12:32 +02:00
if ( $dbo -> query ( 'INSERT INTO zz_users(idgruppo, username, password, idanagrafica, enabled, email) VALUES(' . prepare ( $id_record ) . ', ' . prepare ( $username ) . ', ' . prepare ( Auth :: hashPassword ( $password )) . ', ' . prepare ( $idanagrafica ) . " , 1, '') " )) {
2017-08-04 16:28:16 +02:00
$dbo -> query ( 'INSERT INTO `zz_tokens` (`id_utente`, `token`) VALUES (' . prepare ( $dbo -> lastInsertedID ()) . ', ' . prepare ( secure_random_string ()) . ')' );
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente aggiunto!' ));
2017-08-04 16:28:16 +02:00
}
}
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Utente già esistente!' ));
2017-08-04 16:28:16 +02:00
}
break ;
// Aggiunta nuovo gruppo
case 'add' :
$nome = filter ( 'nome' );
// Verifico che questo username non sia già stato usato
if ( $dbo -> fetchNum ( 'SELECT nome FROM zz_groups WHERE nome=' . prepare ( $nome )) == 0 ) {
$dbo -> query ( 'INSERT INTO zz_groups( nome, editable ) VALUES(' . prepare ( $nome ) . ', 1)' );
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Gruppo aggiunto!' ));
2017-08-04 16:28:16 +02:00
$id_record = $dbo -> lastInsertedID ();
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Gruppo già esistente!' ));
2017-08-04 16:28:16 +02:00
}
break ;
// Elimina utente
2018-07-02 09:55:16 +02:00
case 'delete' :
2017-09-04 10:24:44 +02:00
if ( $dbo -> query ( 'DELETE FROM zz_users WHERE id=' . prepare ( $id_utente ))) {
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Utente eliminato!' ));
2017-08-04 16:28:16 +02:00
}
break ;
2018-08-28 17:10:23 +02:00
// Abilita API utente
2018-09-03 16:49:43 +02:00
case 'token_enable' :
2018-08-28 17:10:23 +02:00
if ( $dbo -> query ( 'UPDATE zz_tokens SET enabled = 1 WHERE id_utente = ' . prepare ( $id_utente ))) {
2018-09-03 16:49:43 +02:00
flash () -> info ( tr ( 'Token abilitato!' ));
}
2018-08-28 17:10:23 +02:00
break ;
2018-07-02 09:55:16 +02:00
2018-09-03 16:49:43 +02:00
// Disabilita API utente
case 'token_disable' :
2018-08-28 17:10:23 +02:00
if ( $dbo -> query ( 'UPDATE zz_tokens SET enabled = 0 WHERE id_utente = ' . prepare ( $id_utente ))) {
2018-08-29 18:15:12 +02:00
flash () -> info ( tr ( 'Token disabilitato!' ));
2018-07-02 09:55:16 +02:00
}
break ;
2017-08-04 16:28:16 +02:00
// Elimina gruppo
case 'deletegroup' :
// Verifico se questo gruppo si può eliminare
$query = 'SELECT editable FROM zz_groups WHERE id=' . prepare ( $id_record );
$rs = $dbo -> fetchArray ( $query );
if ( $rs [ 0 ][ 'editable' ] == 1 ) {
if ( $dbo -> query ( 'DELETE FROM zz_groups WHERE id=' . prepare ( $id_record ))) {
$dbo -> query ( 'DELETE FROM zz_users WHERE idgruppo=' . prepare ( $id_record ));
$dbo -> query ( 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ));
2018-07-19 17:29:21 +02:00
flash () -> info ( tr ( 'Gruppo eliminato!' ));
2017-08-04 16:28:16 +02:00
}
} else {
2018-07-19 17:29:21 +02:00
flash () -> error ( tr ( 'Questo gruppo non si può eliminare!' ));
2017-08-04 16:28:16 +02:00
}
break ;
2018-09-03 16:49:43 +02:00
// Impostazione/reimpostazione dei permessi di accesso di default
case 'restore_permission' :
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
//Gruppo Tecnici
if ( $dbo -> fetchArray ( 'SELECT `nome` FROM `zz_groups` WHERE `id` = ' . prepare ( $id_record ))[ 0 ][ 'nome' ] == 'Tecnici' ) {
$permessi = [];
$permessi [ 'Dashboard' ] = 'rw' ;
$permessi [ 'Anagrafiche' ] = 'rw' ;
$permessi [ 'Interventi' ] = 'rw' ;
$permessi [ 'Magazzino' ] = 'rw' ;
$permessi [ 'Articoli' ] = 'rw' ;
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
$dbo -> query ( 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ));
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
foreach ( $permessi as $module_name => $permesso ) {
$module_id = $dbo -> fetchArray ( 'SELECT `id` FROM `zz_modules` WHERE `name` = "' . $module_name . '"' )[ 0 ][ 'id' ];
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
$dbo -> insert ( 'zz_permissions' , [
'idgruppo' => $id_record ,
'idmodule' => $module_id ,
'permessi' => $permesso ,
]);
}
2018-08-29 18:15:12 +02:00
2018-09-26 15:37:46 +02:00
flash () -> info ( tr ( 'Permessi reimpostati' ));
2018-09-03 16:49:43 +02:00
}
2018-08-29 18:15:12 +02:00
2018-09-03 16:49:43 +02:00
break ;
2017-08-04 16:28:16 +02:00
// Aggiornamento dei permessi di accesso
case 'update_permission' :
$permessi = filter ( 'permesso' );
$idmodulo = filter ( 'idmodulo' );
// Verifico che ci sia il permesso per questo gruppo
2018-08-10 17:14:09 +02:00
if ( $permessi != '-' ) {
$rs = $dbo -> fetchArray ( 'SELECT * FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ) . ' AND idmodule=' . prepare ( $idmodulo ));
if ( empty ( $rs )) {
$query = 'INSERT INTO zz_permissions(idgruppo, idmodule, permessi) VALUES(' . prepare ( $id_record ) . ', ' . prepare ( $idmodulo ) . ', ' . prepare ( $permessi ) . ')' ;
} else {
$query = 'UPDATE zz_permissions SET permessi=' . prepare ( $permessi ) . ' WHERE id=' . prepare ( $rs [ 0 ][ 'id' ]);
}
2017-08-04 16:28:16 +02:00
2018-08-10 17:14:09 +02:00
// Aggiunta dei permessi relativi alle viste
$count = $dbo -> fetchNum ( 'SELECT * FROM `zz_group_view` WHERE `id_gruppo` = ' . prepare ( $id_record ) . ' AND `id_vista` IN (SELECT `id` FROM `zz_views` WHERE `id_module`=' . prepare ( $idmodulo ) . ')' );
if ( empty ( $count )) {
$results = $dbo -> fetchArray ( 'SELECT `id_vista` FROM `zz_group_view` WHERE `id_vista` IN (SELECT `id` FROM `zz_views` WHERE `id_module`=' . prepare ( $idmodulo ) . ')' );
foreach ( $results as $result ) {
$dbo -> attach ( 'zz_group_view' , [ 'id_vista' => $result [ 'id_vista' ]], [ 'id_gruppo' => $id_record ]);
}
2017-08-24 10:39:32 +02:00
}
2018-08-10 17:14:09 +02:00
} else {
$query = 'DELETE FROM zz_permissions WHERE idgruppo=' . prepare ( $id_record ) . ' AND idmodule=' . prepare ( $idmodulo );
2017-08-24 10:39:32 +02:00
}
2017-08-04 16:28:16 +02:00
$dbo -> query ( $query );
ob_end_clean ();
echo 'ok' ;
break ;
}