| Server IP : 149.202.105.228 / Your IP : 216.73.216.18 Web Server : Apache System : Linux webm129.cluster030.gra.hosting.ovh.net 5.15.167-ovh-vps-grsec-zfs-classid #1 SMP Tue Sep 17 08:14:20 UTC 2024 x86_64 User : atfycaf ( 116275) PHP Version : 7.4.33 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/atfycaf/www/admin/ |
Upload File : |
<?php
include "globalVars.php";
include "header.php";
?>
<h2>Update a User</h2>
<?php
if (isset($_POST["updateUser"])) {
$editAdminID = cleanPost($_POST["editAdminID"], $conn);
if ($editAdminID > 2) {
$accessGiven = array();
foreach($_POST["access"] as $accessID => $givenVar) {
$accessGiven[] = $accessID;
}
$privelegeArray = "|". implode("|", $accessGiven) ."|";
$numPermissions = count($accessGiven);
} else {
$numPermissions = "unlimited";
}
$newUserName = cleanPost($_POST["adminUserName"], $conn);
$newUserEmail = cleanPost($_POST["adminUserEmail"], $conn);
$newSendEmail = cleanPost($_POST["adminUserSend"], $conn);
$newCookieVar = getRandID(20);
$dateAmended = date("Y-m-d H:i:s");
mysqli_query($conn, "UPDATE admin SET adminName = '". addslashes($newUserName) ."', adminEmail = '". addslashes($newUserEmail) ."', cookieVar = '$newCookieVar' WHERE id = '$editAdminID'");
$trackDate = date("Y-m-d H:i:s");
mysqli_query($conn, "INSERT INTO userActions (dateCreated, adminID, pageTracking, databaseUpdated, updateDetails) VALUES ('$trackDate', '$adminID', 'admin/userManagementEdit.html', 'admin', 'The User ". addslashes($newUserName) ." <$newUserEmail> was updated by ". addslashes($adminName) ." <$adminEmail> and granted $numPermissions Admin Permissions')");
if ($editAdminID > 2) {
mysqli_query($conn, "UPDATE adminPriveleges SET privelegeArray = '$privelegeArray', dateAmended = '$dateAmended', amendedBy = '$adminID' WHERE adminID = '$editAdminID'");
}
echo "<p><strong>Success!</strong> The Admin User $newUserName has been updated.</p>";
if ($newSendEmail == 1) {
///// SEND THE NEW USER AN EMAIL WITH A LINK TO CREATE THEIR LOGIN PASSWORD AND LOG IN \\\\\
$resetVar = getRandID(30);
mysqli_query($conn, "INSERT INTO adminPasswordReset (adminID, resetVar, dateRequested) VALUES ('$editAdminID', '$resetVar', '$dateAmended')");
$enquiryTime = date("g:ia");
$enquiryDate = date("jS \of F, Y");
$salTime = date("H");
if ($salTime < 14) {
$salutation = "Good morning";
} elseif ($salTime < 20) {
$salutation = "Good afternoon";
} else {
$salutation = "Good evening";
}
$emailTitle = "Password Reset";
$LANG_PASSWORD_RESET_EMAIL_TEXT = "<p>[[SALUTATION]] [[EMAIL_NAME]],<br>Your account has been updated to access the FAB Almería management panel.<p>
<p>In an attempt to keep security as high as possible you are required to create a new password to log in. To do so, please visit the link below and setup your access password: <a href=\"[[URL]]password-reset-[[RESET_VAR]].html\">[[URL]]password-reset-[[RESET_VAR]].html</a><p><p>or copy and paste this link into your browser of choice:</p><p>[[URL]]password-reset-[[RESET_VAR]].html</p>
<p>After resetting your password to log in to the management panel for the first time, visit the <a href=\"[[URL]]\">main website</a> and click the User Login link in the main menu. The email address you should use to log in is <strong>$newUserEmail</strong></p>
<p>Regards,<br><br>
The FAB Almería Website<br>
<a href=\"[[URL]]\">FAB Almería</a></p>";
$emailContent = str_replace(array("[[SALUTATION]]", "[[EMAIL_NAME]]", "[[RESET_VAR]]"), array($salutation, $newUserName, $resetVar), $LANG_PASSWORD_RESET_EMAIL_TEXT);
$emailTemplate = file_get_contents($SERVER_ROOT ."/emails/email-template.html");
$emailTemplate = str_replace("[[EMAIL_CONTENT]]", $emailContent, $emailTemplate);
$emailContent = str_replace(array("[[EMAIL_TITLE]]", "[[URL]]", "[[IURL]]", "[[COMPANY_NAME]]", "[[EMAIL_ADD]]"), array($emailTitle, $url, $Iurl, $companyName, $emailEmailAdd), $emailTemplate);
$mailTo = $newUserEmail;
$emailSubject = "Your Account on $companyName";
$headers = array();
$headers[] = 'MIME-Version: 1.0';
$headers[] = 'Content-type: text/html; charset=utf-8';
$headers[] = 'To: '. $newUserName .' <'. $mailTo .'>';
$headers[] = 'From: '. $companyName .' <'. $emailEmailAdd .'>';
mail($mailTo, $emailSubject, $emailContent, implode("\r\n", $headers));
echo "<p>An email has been sent to $newUserEmail with the instructions to setup the password and log in for the first time.</p>";
}
} elseif (isset($_POST["getUser"])) {
$editAdminID = cleanPost($_POST["editAdminID"], $conn);
$editAdminQuery = mysqli_query($conn, "SELECT * FROM admin WHERE id = '$editAdminID'");
while ($eAQ = mysqli_fetch_array($editAdminQuery)) {
$editAdminName = $eAQ["adminName"];
$editAdminEmail = $eAQ["adminEmail"];
}
if ($editAdminID > 2) {
$editPrivelegeQuery = mysqli_query($conn, "SELECT privelegeArray FROM adminPriveleges WHERE adminID = '$editAdminID'");
while ($ePQ = mysqli_fetch_array($editPrivelegeQuery)) {
$editPriveleges = trim($ePQ["privelegeArray"], "|");
}
$editPrivelegesArray = explode("|", $editPriveleges);
}
?>
<form action="userManagementEdit.html" method="post">
<input type="hidden" name="editAdminID" value="<?php echo $editAdminID ?>">
<div class="descStTab">
<div class="pFormRow">
<div class="pFormTitle">Name: <span class="infoButton"><img src="images/infoButton.png" width="14" height="14" alt="Help" title="Help" border="0" /><span>Simply for identification purposes</span></span></div>
<div class="pFormInput">
<input type="text" name="adminUserName" size="50" value="<?php echo $editAdminName ?>" required />
<div class="pFormLabel">
<label class="labelName">Name:</label>
</div>
</div>
</div>
<div class="pFormRow">
<div class="pFormTitle">Email Address: <span class="infoButton"><img src="images/infoButton.png" width="14" height="14" alt="Help" title="Help" border="0" /><span>Will be used to access this admin and also for any correspondence such as password reminders</span></span></div>
<div class="pFormInput">
<input type="email" name="adminUserEmail" size="50" value="<?php echo $editAdminEmail ?>" required />
<div class="pFormLabel">
<label class="labelName">Email Address:</label>
</div>
</div>
</div>
<div class="pFormRow">
<div class="pFormTitle">Re-Send Email?: <span class="infoButton"><img src="images/infoButton.png" width="14" height="14" alt="Help" title="Help" border="0" /><span>Would you like to re-send this person an invitation to the admin with links to log in and create their own password?</span></span></div>
<div class="pFormSelect">
<select name="adminUserSend">
<option value="0">No</option>
<option value="1">Yes</option>
</select>
<div class="pFormLabel">
<label class="labelName">Send Email:</label>
</div>
</div>
</div>
<?php
if ($editAdminID > 2) {
?>
<div id="accessSelect">
<h3>User Access Permissions</h3>
<div class="accessTitle">
Calendars <a class="checkAll" data-cl="checks1"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks1">
<div class="accessCheck">
<input type="checkbox" id="access1" class="accessCheckBox" name="access[1]" value="1"<?php if (in_array(1, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access1">Create Calendars</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access2" class="accessCheckBox" name="access[2]" value="1"<?php if (in_array(2, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access2">Update Calendars</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access3" class="accessCheckBox" name="access[3]" value="1"<?php if (in_array(3, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access3">Delete Calendars</label>
</div>
</div>
<div class="accessTitle">
Forthcoming Events <a class="checkAll" data-cl="checks10"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks10">
<div class="accessCheck">
<input type="checkbox" id="access42" class="accessCheckBox" name="access[42]" value="1"<?php if (in_array(42, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access42">Create Events</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access43" class="accessCheckBox" name="access[43]" value="1"<?php if (in_array(43, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access43">Update Events</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access44" class="accessCheckBox" name="access[44]" value="1"<?php if (in_array(44, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access44">Delete Events</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access45" class="accessCheckBox" name="access[45]" value="1"<?php if (in_array(45, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access45">Manage Registered Players</label>
</div>
</div>
<div class="accessTitle">
Knockout Competitions <a class="checkAll" data-cl="checks2"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks2">
<div class="accessCheck">
<input type="checkbox" id="access4" class="accessCheckBox" name="access[4]" value="1"<?php if (in_array(4, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access4">Create Knockout Competitions</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access5" class="accessCheckBox" name="access[5]" value="1"<?php if (in_array(5, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access5">Update Knockout Competitions</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access6" class="accessCheckBox" name="access[6]" value="1"<?php if (in_array(6, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access6">Delete Knockout Competitions</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access7" class="accessCheckBox" name="access[7]" value="1"<?php if (in_array(7, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access7">Create Knockout Groups</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access8" class="accessCheckBox" name="access[8]" value="1"<?php if (in_array(8, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access8">Update Knockout Groups</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access9" class="accessCheckBox" name="access[9]" value="1"<?php if (in_array(9, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access9">Delete Knockout Groups</label>
</div>
</div>
<div class="accessTitle">
League Competitions <a class="checkAll" data-cl="checks3"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks3">
<div class="accessCheck">
<input type="checkbox" id="access10" class="accessCheckBox" name="access[10]" value="1"<?php if (in_array(10, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access10">Create League Competitions</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access11" class="accessCheckBox" name="access[11]" value="1"<?php if (in_array(11, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access11">Update League Competitions</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access12" class="accessCheckBox" name="access[12]" value="1"<?php if (in_array(12, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access12">Delete League Competitions</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access13" class="accessCheckBox" name="access[13]" value="1"<?php if (in_array(13, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access13">Create League Groups</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access14" class="accessCheckBox" name="access[14]" value="1"<?php if (in_array(14, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access14">Update League Groups</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access15" class="accessCheckBox" name="access[15]" value="1"<?php if (in_array(15, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access15">Delete League Groups</label>
</div>
</div>
<div class="accessTitle">
Championship Honours <a class="checkAll" data-cl="checks4"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks4">
<div class="accessCheck">
<input type="checkbox" id="access16" class="accessCheckBox" name="access[16]" value="1"<?php if (in_array(16, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access16">Create New Honours</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access17" class="accessCheckBox" name="access[17]" value="1"<?php if (in_array(17, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access17">Update Championship Honours</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access18" class="accessCheckBox" name="access[18]" value="1"<?php if (in_array(18, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access18">Delete Championship Honours</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access19" class="accessCheckBox" name="access[19]" value="1"<?php if (in_array(19, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access19">Create Honours Groups</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access20" class="accessCheckBox" name="access[20]" value="1"<?php if (in_array(20, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access20">Update Honours Groups</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access21" class="accessCheckBox" name="access[21]" value="1"<?php if (in_array(21, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access21">Delete Honours Groups</label>
</div>
</div>
<div class="accessTitle">
Committee Members <a class="checkAll" data-cl="checks5"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks5">
<div class="accessCheck">
<input type="checkbox" id="access22" class="accessCheckBox" name="access[22]" value="1"<?php if (in_array(22, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access22">Create New Members</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access23" class="accessCheckBox" name="access[23]" value="1"<?php if (in_array(23, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access23">Update Committee Members</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access24" class="accessCheckBox" name="access[24]" value="1"<?php if (in_array(24, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access24">Delete Committee Members</label>
</div>
</div>
<div class="accessTitle">
Local Clubs <a class="checkAll" data-cl="checks6"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks6">
<div class="accessCheck">
<input type="checkbox" id="access25" class="accessCheckBox" name="access[25]" value="1"<?php if (in_array(25, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access25">Create New Club</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access26" class="accessCheckBox" name="access[26]" value="1"<?php if (in_array(26, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access26">Update Local Clubs</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access27" class="accessCheckBox" name="access[27]" value="1"<?php if (in_array(27, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access27">Delete Local Clubs</label>
</div>
</div>
<div class="accessTitle">
Pages <a class="checkAll" data-cl="checks7"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks7">
<div class="accessCheck">
<input type="checkbox" id="access28" class="accessCheckBox" name="access[28]" value="1"<?php if (in_array(28, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access28">Create New Pages</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access29" class="accessCheckBox" name="access[29]" value="1"<?php if (in_array(29, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access29">Update Site Pages</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access30" class="accessCheckBox" name="access[30]" value="1"<?php if (in_array(30, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access30">Delete Site Pages</label>
</div>
</div>
<div class="accessTitle">
Header Slides <a class="checkAll" data-cl="checks8"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks8">
<div class="accessCheck">
<input type="checkbox" id="access31" class="accessCheckBox" name="access[31]" value="1"<?php if (in_array(31, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access31">Create New Slides</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access32" class="accessCheckBox" name="access[32]" value="1"<?php if (in_array(32, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access32">Update Header Slides</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access33" class="accessCheckBox" name="access[33]" value="1"<?php if (in_array(33, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access33">Delete Header Slides</label>
</div>
</div>
<div class="accessTitle">
Photo Galleries <a class="checkAll" data-cl="checks9"><i class="fas fa-check"></i> Check All</a>
</div>
<div class="accessChecks" id="checks9">
<div class="accessCheck">
<input type="checkbox" id="access34" class="accessCheckBox" name="access[34]" value="1"<?php if (in_array(34, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access34">Create New Galleries</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access35" class="accessCheckBox" name="access[35]" value="1"<?php if (in_array(35, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access35">Update Photo Galleries</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access36" class="accessCheckBox" name="access[36]" value="1"<?php if (in_array(36, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access36">Delete Photo Galleries</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access37" class="accessCheckBox" name="access[37]" value="1"<?php if (in_array(37, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access37">Upload New Photos</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access38" class="accessCheckBox" name="access[38]" value="1"<?php if (in_array(38, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access38">Update Photos</label>
</div>
<div class="accessCheck">
<input type="checkbox" id="access39" class="accessCheckBox" name="access[39]" value="1"<?php if (in_array(39, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access39">Delete Photos</label>
</div>
</div>
<div class="accessTitle">
Main Menu
</div>
<div class="accessChecks">
<div class="accessCheck">
<input type="checkbox" id="access40" name="access[40]" value="1"<?php if (in_array(40, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access40">Update the Main Menu</label>
</div>
</div>
<div class="accessTitle">
Site Configuration
</div>
<div class="accessChecks">
<div class="accessCheck">
<input type="checkbox" id="access41" name="access[41]" value="1"<?php if (in_array(41, $editPrivelegesArray)) {?> checked<?php } ?>>
<label for="access41">Update the Site Configuration</label>
</div>
</div>
</div>
<?php
}
?>
</div>
<input type="submit" class="submitButton" name="updateUser" value="Update this User" />
</form>
<?php
} else {
?>
<div class="descTab" id="htmlSelectorTab">
<?php
if ($adminID == 1) {
$adminUsersQuery = mysqli_query($conn, "SELECT * FROM admin WHERE id > '1' ORDER BY id ASC") or die (mysqli_error($conn));
} else {
$adminUsersQuery = mysqli_query($conn, "SELECT * FROM admin WHERE id > '2' ORDER BY id ASC") or die (mysqli_error($conn));
}
while ($aUQ = mysqli_fetch_array($adminUsersQuery)) {
$editAdminID = $aUQ["id"];
$editAdminName = $aUQ["adminName"];
$editAdminEmail = $aUQ["adminEmail"];
?>
<div class="pFormRow">
<div class="pFormEditTitle"><?php echo $editAdminName ?><br><a href="mailto:<?php echo $editAdminEmail ?>"><?php echo $editAdminEmail ?></a></div>
<div class="pFormEditButtons">
<form action="userManagementEdit.html" method="post"><input type="hidden" name="editAdminID" value="<?php echo $editAdminID ?>" /><input type="submit" class="submitButton" name="getUser" value="Edit This User"></form>
<?php
if ($editAdminID > 2) {
?><br />
<form action="userManagementDel.html" method="post"><input type="hidden" name="editAdminID" value="<?php echo $editAdminID ?>" /><input type="submit" class="deleteButton" name="getUser" value="Delete This User"></form>
<?php
}
?>
</div>
</div>
<?php
}
?>
</div>
<?php
}
?>
<?php
include "footer.php";
?>