zanex/ITL-Huge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: zanex:3a99bd668315f36a60d571bf9111097f52434fc7
Branches Tags
zanex:main
...
compare: zanex:main
Branches Tags
zanex:main

3 Commits
3a99bd6683 ... main

Author SHA1 Message Date
Elias F.
2b6d4c49f5 feat(groups): user_groups lookup, admin assignment UI, public directory with DataTables 2025-12-10 10:01:07 +01:00
Elias F.
9094b58b6d Reroute getConnection() function in NoteModel.php to getConnectionWithMySQLI 2025-12-10 09:36:57 +01:00
Elias F.
1a30c45d62 Fixed admin panel user registration. 
Now including start.sh to start a php server using the router.php so no webserver is needed.
 2025-12-03 08:10:38 +01:00
17 changed files with 405 additions and 220 deletions
Expand all files Collapse all files

12
.gitignore vendored
View File

@@ -6,3 +6,15 @@
./.idea
./.idea/*
./.crush
/AGENTS.md
/composer.lock
/.idea/copilot.data.migration.agent.xml
/.idea/copilot.data.migration.ask.xml
/.idea/copilot.data.migration.ask2agent.xml
/.idea/copilot.data.migration.edit.xml
/.idea/php.xml
/.idea/phpunit.xml
/PROFILES_README.md
/.idea/vcs.xml
/.idea/workspace.xml

15
application/_installation/04-create-table-user-groups.sql Normal file
View File

@@ -0,0 +1,15 @@
CREATE TABLE IF NOT EXISTS `huge`.`user_groups` (
`group_id` TINYINT(1) NOT NULL COMMENT 'numeric user group id, matches users.user_account_type',
`group_name` VARCHAR(64) COLLATE utf8_unicode_ci NOT NULL COMMENT 'human readable group name',
PRIMARY KEY (`group_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8 COLLATE=utf8_unicode_ci COMMENT='user groups lookup';
INSERT INTO `huge`.`user_groups` (`group_id`, `group_name`) VALUES
(1, 'Gast'),
(2, 'Benutzer'),
(3, 'Gruppe 3'),
(4, 'Gruppe 4'),
(5, 'Gruppe 5'),
(6, 'Gruppe 6'),
(7, 'Admin')
ON DUPLICATE KEY UPDATE `group_name` = VALUES(`group_name`);

25
application/controller/AdminController.php
View File

@@ -20,7 +20,9 @@ class AdminController extends Controller
public function index()
{
$this->View->render('admin/index', array(
'users' => UserModel::getPublicProfilesOfAllUsers())
'users' => UserModel::getPublicProfilesOfAllUsers(),
'groups' => GroupModel::getAllGroups()
)
);
}
@@ -33,24 +35,9 @@ class AdminController extends Controller
Redirect::to("admin");
}
public function registerUser()
public function changeUserGroup()
{
// Ensure the user is logged in and is an admin
if (!LoginModel::isUserLoggedIn() || !LoginModel::isAdmin()) {
Session::add('feedback_negative', Text::get('FEEDBACK_ADMIN_ONLY'));
Redirect::to('admin/index');
return;
}
// Validate and register the new user
$registration_successful = RegistrationModel::registerNewUser(true);
if ($registration_successful) {
Session::add('feedback_positive', Text::get('FEEDBACK_USER_REGISTERED_SUCCESSFULLY'));
} else {
Session::add('feedback_negative', Text::get('FEEDBACK_USER_REGISTRATION_FAILED'));
}
Redirect::to('admin/index');
GroupModel::setUserGroup(Request::post('user_id'), Request::post('group_id'));
Redirect::to("admin");
}
}

16
application/controller/DirectoryController.php Normal file
View File

@@ -0,0 +1,16 @@
<?php
class DirectoryController extends Controller
{
public function __construct()
{
parent::__construct();
}
public function index()
{
$this->View->render('directory/index', [
'users' => UserModel::getUsersWithGroups()
]);
}
}

26
application/controller/RegisterController.php
View File

@@ -22,12 +22,8 @@ class RegisterController extends Controller
*/
public function index()
{
// Redirect non-logged-in users to the login page
if (!LoginModel::isUserLoggedIn()) {
Redirect::to('login/index');
return;
}
// only admins can access registration; reuse existing admin auth check
Auth::checkAdminAuthentication();
$this->View->render('register/index');
}
@@ -37,20 +33,12 @@ class RegisterController extends Controller
*/
public function register_action()
{
// Restrict registration to admins only
if (!LoginModel::isAdmin()) {
Session::add('feedback_negative', Text::get('FEEDBACK_ADMIN_ONLY'));
Redirect::to('login/index');
return;
}
// enforce admin-only for registration
Auth::checkAdminAuthentication();
$registration_successful = RegistrationModel::registerNewUser();
RegistrationModel::registerNewUser();
if ($registration_successful) {
Redirect::to('login/index');
} else {
Redirect::to('register/index');
}
Redirect::to('admin/index');
}
/**
@@ -76,7 +64,7 @@ class RegisterController extends Controller
*/
public function showCaptcha()
{
Session::add('feedback_negative', Text::get('FEEDBACK_CAPTCHA_NOT_USED'));
// Captcha no longer used
Redirect::to('register/index');
}
}

98
application/core/DatabaseFactory.php
View File

@@ -21,44 +21,76 @@
*/
class DatabaseFactory
{
private static $factory;
private $database;
private static $factory;
private $database;
public static function getFactory()
{
if (!self::$factory) {
self::$factory = new DatabaseFactory();
}
return self::$factory;
public static function getFactory()
{
if (!self::$factory) {
self::$factory = new DatabaseFactory();
}
return self::$factory;
}
public function getConnectionWithMySQLI()
{
if (!$this->database) {
// Throw exceptions and prevent also throwing credentials.
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
try {
$host = Config::get('DB_HOST');
$user = Config::get('DB_USER');
$pass = Config::get('DB_PASS');
$name = Config::get('DB_NAME');
$port = (int) Config::get('DB_PORT');
$charset = Config::get('DB_CHARSET') ? Config::get('DB_CHARSET') : 'utf8mb4';
$this->database = new mysqli($host, $user, $pass, $name, $port);
// Set charset (important for security + correct encoding)
$this->database->set_charset($charset);
} catch (mysqli_sql_exception $e) {
echo 'Database connection can not be estabilished. Please try again later.' . '<br>';
echo 'Error code: ' . $e->getCode();
exit;
}
}
public function getConnection() {
if (!$this->database) {
return $this->database;
}
/**
* Check DB connection in try/catch block. Also when PDO is not constructed properly,
* prevent to exposing database host, username and password in plain text as:
* PDO->__construct('mysql:host=127....', 'root', '12345678', Array)
* by throwing custom error message
*/
try {
$options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ, PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING);
$this->database = new PDO(
Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' .
Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'),
Config::get('DB_USER'), Config::get('DB_PASS'), $options
);
} catch (PDOException $e) {
public function getConnection()
{
if (!$this->database) {
// Echo custom message. Echo error code gives you some info.
echo 'Database connection can not be estabilished. Please try again later.' . '<br>';
echo 'Error code: ' . $e->getCode();
/**
* Check DB connection in try/catch block. Also when PDO is not constructed properly,
* prevent to exposing database host, username and password in plain text as:
* PDO->__construct('mysql:host=127....', 'root', '12345678', Array)
* by throwing custom error message
*/
try {
$options = array(PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_OBJ, PDO::ATTR_ERRMODE => PDO::ERRMODE_WARNING);
$this->database = new PDO(
Config::get('DB_TYPE') . ':host=' . Config::get('DB_HOST') . ';dbname=' .
Config::get('DB_NAME') . ';port=' . Config::get('DB_PORT') . ';charset=' . Config::get('DB_CHARSET'),
Config::get('DB_USER'),
Config::get('DB_PASS'),
$options
);
} catch (PDOException $e) {
// Stop application :(
// No connection, reached limit connections etc. so no point to keep it running
exit;
}
}
return $this->database;
// Echo custom message. Echo error code gives you some info.
echo 'Database connection can not be estabilished. Please try again later.' . '<br>';
echo 'Error code: ' . $e->getCode();
// Stop application :(
// No connection, reached limit connections etc. so no point to keep it running
exit;
}
}
return $this->database;
}
}

19
application/core/Text.php
View File

@@ -2,29 +2,16 @@
class Text
{
private static $texts;
public static $texts;
public static function get($key, $data = null)
public static function get($key)
{
// if not $key
if (!$key) {
return null;
}
if ($data) {
foreach ($data as $var => $value) {
${$var} = $value;
}
}
// load config file (this is only done once per application lifecycle)
if (!self::$texts) {
self::$texts = require(__DIR__ . '/../config/texts.php');
}
// check if array key exists
if (!array_key_exists($key, self::$texts)) {
return null;
return "TEXT NOT FOUND";
}
return self::$texts[$key];

54
application/model/GroupModel.php Normal file
View File

@@ -0,0 +1,54 @@
<?php
class GroupModel
{
public static function getAllGroups()
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT group_id, group_name FROM user_groups ORDER BY group_id";
$query = $database->prepare($sql);
$query->execute();
return $query->fetchAll();
}
public static function getGroupNameById($group_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT group_name FROM user_groups WHERE group_id = :gid LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':gid' => $group_id));
$row = $query->fetch();
return $row ? $row->group_name : null;
}
public static function setUserGroup($userId, $groupId)
{
if (!is_numeric($userId) || !is_numeric($groupId)) {
return false;
}
// Do not allow changing own group via admin UI to prevent lockout
if ((int)$userId === (int)Session::get('user_id')) {
Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_CANT_DELETE_SUSPEND_OWN'));
return false;
}
// Only allow groups that exist in lookup
$database = DatabaseFactory::getFactory()->getConnection();
$check = $database->prepare("SELECT 1 FROM user_groups WHERE group_id = :gid LIMIT 1");
$check->execute([':gid' => $groupId]);
if ($check->rowCount() !== 1) {
return false;
}
$query = $database->prepare("UPDATE users SET user_account_type = :gid WHERE user_id = :uid LIMIT 1");
$query->execute([':gid' => $groupId, ':uid' => $userId]);
if ($query->rowCount() === 1) {
Session::add('feedback_positive', 'Benutzergruppe aktualisiert.');
return true;
}
return false;
}
}

11
application/model/LoginModel.php
View File

@@ -379,15 +379,4 @@ class LoginModel
{
return Session::userIsLoggedIn();
}
/**
* Check if the logged-in user is an admin
*
* @return bool True if the user is an admin, false otherwise
*/
public static function isAdmin()
{
$user_role = Session::get('user_role'); // Assuming user role is stored in session
return $user_role === 'admin';
}
}

187
application/model/NoteModel.php
View File

@@ -6,115 +6,114 @@
*/
class NoteModel
{
/**
* Get all notes (notes are just example data that the user has created)
* @return array an array with several objects (the results)
*/
public static function getAllNotes()
{
$database = DatabaseFactory::getFactory()->getConnection();
/**
* Get all notes (notes are just example data that the user has created)
* @return array an array with several objects (the results)
*/
public static function getAllNotes()
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => Session::get('user_id')));
$sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => Session::get('user_id')));
// fetchAll() is the PDO method that gets all result rows
return $query->fetchAll();
// fetchAll() is the PDO method that gets all result rows
return $query->fetchAll();
}
/**
* Get a single note
* @param int $note_id id of the specific note
* @return object a single object (the result)
*/
public static function getNote($note_id)
{
$database = DatabaseFactory::getFactory()->getConnectionWithMySQLI();
$sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id AND note_id = :note_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => Session::get('user_id'), ':note_id' => $note_id));
return $query;
}
/**
* Set a note (create a new one)
* @param string $note_text note text that will be created
* @return bool feedback (was the note created properly ?)
*/
public static function createNote($note_text)
{
if (!$note_text || strlen($note_text) == 0) {
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_CREATION_FAILED'));
return false;
}
/**
* Get a single note
* @param int $note_id id of the specific note
* @return object a single object (the result)
*/
public static function getNote($note_id)
{
$database = DatabaseFactory::getFactory()->getConnection();
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_id, note_id, note_text FROM notes WHERE user_id = :user_id AND note_id = :note_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':user_id' => Session::get('user_id'), ':note_id' => $note_id));
$sql = "INSERT INTO notes (note_text, user_id) VALUES (:note_text, :user_id)";
$query = $database->prepare($sql);
$query->execute(array(':note_text' => $note_text, ':user_id' => Session::get('user_id')));
// fetch() is the PDO method that gets a single result
return $query->fetch();
if ($query->rowCount() == 1) {
return true;
}
/**
* Set a note (create a new one)
* @param string $note_text note text that will be created
* @return bool feedback (was the note created properly ?)
*/
public static function createNote($note_text)
{
if (!$note_text || strlen($note_text) == 0) {
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_CREATION_FAILED'));
return false;
}
// default return
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_CREATION_FAILED'));
return false;
}
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "INSERT INTO notes (note_text, user_id) VALUES (:note_text, :user_id)";
$query = $database->prepare($sql);
$query->execute(array(':note_text' => $note_text, ':user_id' => Session::get('user_id')));
if ($query->rowCount() == 1) {
return true;
}
// default return
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_CREATION_FAILED'));
return false;
/**
* Update an existing note
* @param int $note_id id of the specific note
* @param string $note_text new text of the specific note
* @return bool feedback (was the update successful ?)
*/
public static function updateNote($note_id, $note_text)
{
if (!$note_id || !$note_text) {
return false;
}
/**
* Update an existing note
* @param int $note_id id of the specific note
* @param string $note_text new text of the specific note
* @return bool feedback (was the update successful ?)
*/
public static function updateNote($note_id, $note_text)
{
if (!$note_id || !$note_text) {
return false;
}
$database = DatabaseFactory::getFactory()->getConnection();
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "UPDATE notes SET note_text = :note_text WHERE note_id = :note_id AND user_id = :user_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':note_id' => $note_id, ':note_text' => $note_text, ':user_id' => Session::get('user_id')));
$sql = "UPDATE notes SET note_text = :note_text WHERE note_id = :note_id AND user_id = :user_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':note_id' => $note_id, ':note_text' => $note_text, ':user_id' => Session::get('user_id')));
if ($query->rowCount() == 1) {
return true;
}
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_EDITING_FAILED'));
return false;
if ($query->rowCount() == 1) {
return true;
}
/**
* Delete a specific note
* @param int $note_id id of the note
* @return bool feedback (was the note deleted properly ?)
*/
public static function deleteNote($note_id)
{
if (!$note_id) {
return false;
}
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_EDITING_FAILED'));
return false;
}
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "DELETE FROM notes WHERE note_id = :note_id AND user_id = :user_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':note_id' => $note_id, ':user_id' => Session::get('user_id')));
if ($query->rowCount() == 1) {
return true;
}
// default return
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED'));
return false;
/**
* Delete a specific note
* @param int $note_id id of the note
* @return bool feedback (was the note deleted properly ?)
*/
public static function deleteNote($note_id)
{
if (!$note_id) {
return false;
}
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "DELETE FROM notes WHERE note_id = :note_id AND user_id = :user_id LIMIT 1";
$query = $database->prepare($sql);
$query->execute(array(':note_id' => $note_id, ':user_id' => Session::get('user_id')));
if ($query->rowCount() == 1) {
return true;
}
// default return
Session::add('feedback_negative', Text::get('FEEDBACK_NOTE_DELETION_FAILED'));
return false;
}
}

48
application/model/RegistrationModel.php
View File

@@ -19,28 +19,35 @@ class RegistrationModel
$user_name = strip_tags(Request::post('user_name'));
$user_email = strip_tags(Request::post('user_email'));
// Use 'user_password' if provided (admin registration), otherwise 'user_password_new'
$user_password_new = $isAdmin ? Request::post('user_password') : Request::post('user_password_new');
$user_password_new = $isAdmin ? Request::post('user_password_new') : Request::post('user_password_new');
$user_password_repeat = $user_password_new; // no repeat field
// validate input (skip captcha validation)
$validation_result = self::registrationInputValidation($user_name, $user_password_new, $user_email);
if (!$validation_result) {
return false;
}
// validate using existing validators and messages
$valid = true;
if (!self::validateUserName($user_name)) { $valid = false; }
if (!self::validateUserEmail($user_email, $user_email)) { $valid = false; }
if (!self::validateUserPassword($user_password_new, $user_password_repeat)) { $valid = false; }
if (!$valid) { return false; }
// hash the password
$user_password_hash = password_hash($user_password_new, PASSWORD_DEFAULT);
// check if username or email already exists
if (UserModel::doesUsernameAlreadyExist($user_name) || UserModel::doesEmailAlreadyExist($user_email)) {
Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_OR_EMAIL_TAKEN'));
return false;
$return = true;
if (UserModel::doesUsernameAlreadyExist($user_name)) {
Session::add('feedback_negative', Text::get('FEEDBACK_USERNAME_ALREADY_TAKEN'));
$return = false;
}
if (UserModel::doesEmailAlreadyExist($user_email)) {
Session::add('feedback_negative', Text::get('FEEDBACK_USER_EMAIL_ALREADY_TAKEN'));
$return = false;
}
if (!$return) return false;
// directly activate user (skip email verification)
$user_active = 1;
// directly activate user: set empty activation hash
$user_activation_hash = null;
// write user data to database
if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, time(), $user_active)) {
if (!self::writeNewUserToDatabase($user_name, $user_password_hash, $user_email, time(), $user_activation_hash)) {
Session::add('feedback_negative', Text::get('FEEDBACK_ACCOUNT_CREATION_FAILED'));
return false;
}
@@ -141,11 +148,7 @@ class RegistrationModel
return false;
}
if (strlen($user_password_new) < 6) {
Session::add('feedback_negative', Text::get('FEEDBACK_PASSWORD_TOO_SHORT'));
return false;
}
// no minimum length restriction
return true;
}
@@ -164,9 +167,9 @@ class RegistrationModel
{
$database = DatabaseFactory::getFactory()->getConnection();
// write new users data into database
$sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type)
VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type)";
// write new users data into database; set user_active=1 and user_activation_hash to provided value (can be null)
$sql = "INSERT INTO users (user_name, user_password_hash, user_email, user_creation_timestamp, user_activation_hash, user_provider_type, user_active)
VALUES (:user_name, :user_password_hash, :user_email, :user_creation_timestamp, :user_activation_hash, :user_provider_type, 1)";
$query = $database->prepare($sql);
try {
$query->execute(array(
@@ -178,8 +181,7 @@ class RegistrationModel
':user_provider_type' => 'DEFAULT'
));
} catch (PDOException $e) {
error_log("Database error during user creation: " . $e->getMessage());
Session::add('feedback_negative', "Database error: " . $e->getMessage());
// only one feedback message on failure
return false;
}
$count = $query->rowCount();

37
application/model/UserModel.php
View File

@@ -19,7 +19,7 @@ class UserModel
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT user_id, user_name, user_email, user_active, user_has_avatar, user_deleted FROM users";
$sql = "SELECT user_id, user_name, user_email, user_active, user_has_avatar, user_deleted, user_account_type FROM users";
$query = $database->prepare($sql);
$query->execute();
@@ -39,11 +39,46 @@ class UserModel
$all_users_profiles[$user->user_id]->user_active = $user->user_active;
$all_users_profiles[$user->user_id]->user_deleted = $user->user_deleted;
$all_users_profiles[$user->user_id]->user_avatar_link = (Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : AvatarModel::getPublicAvatarFilePathOfUser($user->user_has_avatar, $user->user_id));
$all_users_profiles[$user->user_id]->user_account_type = $user->user_account_type;
}
return $all_users_profiles;
}
/**
* Gets list of users including their group name via user_groups lookup.
* @return array
*/
public static function getUsersWithGroups()
{
$database = DatabaseFactory::getFactory()->getConnection();
$sql = "SELECT u.user_id, u.user_name, u.user_email, u.user_active, u.user_has_avatar, u.user_deleted, u.user_account_type,
g.group_name
FROM users u
LEFT JOIN user_groups g ON g.group_id = u.user_account_type";
$query = $database->prepare($sql);
$query->execute();
$result = [];
foreach ($query->fetchAll() as $user) {
array_walk_recursive($user, 'Filter::XSSFilter');
$obj = new stdClass();
$obj->user_id = $user->user_id;
$obj->user_name = $user->user_name;
$obj->user_email = $user->user_email;
$obj->user_active = $user->user_active;
$obj->user_deleted = $user->user_deleted;
$obj->user_account_type = $user->user_account_type;
$obj->group_name = $user->group_name;
$obj->user_avatar_link = (Config::get('USE_GRAVATAR') ? AvatarModel::getGravatarLinkByEmail($user->user_email) : AvatarModel::getPublicAvatarFilePathOfUser($user->user_has_avatar, $user->user_id));
$result[] = $obj;
}
return $result;
}
/**
* Gets a user's profile data, according to the given $user_id
* @param int $user_id The user's id

3
application/view/_templates/header.php
View File

@@ -24,6 +24,9 @@
<li <?php if (View::checkForActiveController($filename, "profile")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>profile/index">Profiles</a>
</li>
<li <?php if (View::checkForActiveController($filename, "directory")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>directory/index">Benutzer</a>
</li>
<?php if (Session::userIsLoggedIn()) { ?>
<li <?php if (View::checkForActiveController($filename, "dashboard")) { echo ' class="active" '; } ?> >
<a href="<?php echo Config::get('URL'); ?>dashboard/index">Dashboard</a>

18
application/view/admin/index.php
View File

@@ -22,6 +22,7 @@
<td>User's email</td>
<td>Activated ?</td>
<td>Link to user's profile</td>
<td>Group</td>
<td>suspension Time in days</td>
<td>Soft delete</td>
<td>Submit</td>
@@ -41,6 +42,19 @@
<td>
<a href="<?= Config::get('URL') . 'profile/showProfile/' . $user->user_id; ?>">Profile</a>
</td>
<td>
<form action="<?= Config::get('URL'); ?>admin/changeUserGroup" method="post">
<input type="hidden" name="user_id" value="<?= $user->user_id; ?>" />
<select name="group_id">
<?php foreach ($this->groups as $group) { ?>
<option value="<?= $group->group_id; ?>" <?= (isset($user->user_account_type) && (int)$user->user_account_type === (int)$group->group_id ? 'selected' : '') ?>>
<?= (int)$group->group_id; ?> - <?= htmlspecialchars($group->group_name, ENT_QUOTES, 'UTF-8'); ?>
</option>
<?php } ?>
</select>
<input type="submit" value="Save" />
</form>
</td>
<form action="<?= config::get("URL"); ?>admin/actionAccountSettings" method="post">
<td><input type="number" name="suspension" /></td>
<td><input type="checkbox" name="softDelete" <?php if ($user->user_deleted) { ?> checked <?php } ?> /></td>
@@ -56,10 +70,10 @@
<h3>Register a new user</h3>
<form method="post" action="<?php echo Config::get('URL'); ?>admin/registerUser">
<form method="post" action="<?php echo Config::get('URL'); ?>register/register_action">
<input type="text" name="user_name" placeholder="Username" required />
<input type="email" name="user_email" placeholder="Email address" required />
<input type="password" name="user_password" placeholder="Password" required />
<input type="password" name="user_password_new" placeholder="Password" required autocomplete="off" />
<input type="submit" value="Register User" />
</form>

54
application/view/directory/index.php Normal file
View File

@@ -0,0 +1,54 @@
<div class="container">
<h1>Benutzerverzeichnis</h1>
<div class="box">
<?php $this->renderFeedbackMessages(); ?>
<table id="users-table" class="overview-table" style="width:100%">
<thead>
<tr>
<td>Id</td>
<td>Avatar</td>
<td>Benutzername</td>
<td>Email</td>
<td>Aktiv?</td>
<td>Gruppe</td>
<td>Profil</td>
</tr>
</thead>
<tbody>
<?php foreach ($this->users as $user) { ?>
<tr class="<?= ($user->user_active == 0 ? 'inactive' : 'active'); ?>">
<td><?= $user->user_id; ?></td>
<td class="avatar">
<?php if (isset($user->user_avatar_link)) { ?>
<img src="<?= $user->user_avatar_link; ?>"/>
<?php } ?>
</td>
<td><?= $user->user_name; ?></td>
<td><?= $user->user_email; ?></td>
<td><?= ($user->user_active == 0 ? 'Nein' : 'Ja'); ?></td>
<td><?= htmlspecialchars($user->group_name ?: $user->user_account_type, ENT_QUOTES, 'UTF-8'); ?></td>
<td><a href="<?= Config::get('URL') . 'profile/showProfile/' . $user->user_id; ?>">Profil</a></td>
</tr>
<?php } ?>
</tbody>
</table>
</div>
</div>
<!-- jQuery & DataTables CDN -->
<link rel="stylesheet" href="https://cdn.datatables.net/1.13.8/css/jquery.dataTables.min.css">
<script src="https://code.jquery.com/jquery-3.7.1.min.js"></script>
<script src="https://cdn.datatables.net/1.13.8/js/jquery.dataTables.min.js"></script>
<script>
$(document).ready(function(){
$('#users-table').DataTable({
pageLength: 10,
order: [[ 0, 'asc' ]],
language: {
url: 'https://cdn.datatables.net/plug-ins/1.13.8/i18n/de-DE.json'
}
});
});
</script>

2
application/view/register/index.php
View File

@@ -11,9 +11,7 @@
<form method="post" action="<?php echo Config::get('URL'); ?>register/register_action">
<input type="text" pattern="[a-zA-Z0-9]{2,64}" name="user_name" placeholder="Username (letters/numbers, 2-64 chars)" required />
<input type="text" name="user_email" placeholder="email address (a real address)" required />
<input type="text" name="user_email_repeat" placeholder="repeat email address (to prevent typos)" required />
<input type="password" name="user_password_new" pattern=".{6,}" placeholder="Password (6+ characters)" required autocomplete="off" />
<input type="password" name="user_password_repeat" pattern=".{6,}" required placeholder="Repeat your password" autocomplete="off" />
<input type="submit" value="Register" />
</form>
</div>

0
start.sh Normal file → Executable file
View File