| 1: | <?php |
| 2: | |
| 3: | |
| 4: | |
| 5: | |
| 6: | |
| 7: | |
| 8: | if (!defined('DEBUG_MODE')) { die(); } |
| 9: | |
| 10: | |
| 11: | |
| 12: | |
| 13: | class Hm_Handler_process_change_password extends Hm_Handler_Module { |
| 14: | public function process() { |
| 15: | if (!$this->session->internal_users) { |
| 16: | return; |
| 17: | } |
| 18: | |
| 19: | list($success, $form) = $this->process_form(array('new_pass1', 'new_pass2', 'old_pass', 'change_password')); |
| 20: | if (!$success) { |
| 21: | return; |
| 22: | } |
| 23: | if ($form['new_pass1'] !== $form['new_pass2']) { |
| 24: | Hm_Msgs::add("New passwords don't not match", "warning"); |
| 25: | return; |
| 26: | } |
| 27: | $user = $this->session->get('username', false); |
| 28: | if (!$this->session->auth($user, $form['old_pass'])) { |
| 29: | Hm_Msgs::add("Current password is incorrect", "warning"); |
| 30: | return; |
| 31: | } |
| 32: | $user_config = load_user_config_object($this->config); |
| 33: | if ($this->session->change_pass($user, $form['new_pass1'])) { |
| 34: | Hm_Msgs::add("Password changed"); |
| 35: | $user_config->load($user, $form['old_pass']); |
| 36: | try { |
| 37: | $user_config->save($user, $form['new_pass1']); |
| 38: | } catch (Exception $e) { |
| 39: | Hm_Msgs::add('Could not save settings: ' . $e->getMessage(), 'warning'); |
| 40: | } |
| 41: | return; |
| 42: | } |
| 43: | Hm_Msgs::add("An error Occurred", "danger"); |
| 44: | } |
| 45: | } |
| 46: | |
| 47: | |
| 48: | |
| 49: | |
| 50: | class Hm_Handler_process_delete_account extends Hm_Handler_Module { |
| 51: | public function process() { |
| 52: | if (!$this->session->is_admin()) { |
| 53: | return; |
| 54: | } |
| 55: | if (!$this->session->internal_users) { |
| 56: | return; |
| 57: | } |
| 58: | list($success, $form) = $this->process_form(array('delete_username')); |
| 59: | if (!$success) { |
| 60: | return; |
| 61: | } |
| 62: | $dbh = Hm_DB::connect($this->config); |
| 63: | if (Hm_DB::execute($dbh, 'delete from hm_user where username=?', array($form['delete_username']))) { |
| 64: | Hm_Msgs::add('User account deleted'); |
| 65: | } |
| 66: | else { |
| 67: | Hm_Msgs::add('An error occurred deleting the account', 'danger'); |
| 68: | } |
| 69: | } |
| 70: | } |
| 71: | |
| 72: | |
| 73: | |
| 74: | |
| 75: | class Hm_Handler_account_list extends Hm_Handler_Module { |
| 76: | public function process() { |
| 77: | if (!$this->session->is_admin()) { |
| 78: | return; |
| 79: | } |
| 80: | if (!$this->session->internal_users) { |
| 81: | return; |
| 82: | } |
| 83: | $dbh = Hm_DB::connect($this->config); |
| 84: | $this->out('user_list', Hm_DB::execute($dbh, 'select username from hm_user', array(), false, true)); |
| 85: | } |
| 86: | } |
| 87: | |
| 88: | |
| 89: | |
| 90: | |
| 91: | class Hm_Handler_process_create_account extends Hm_Handler_Module { |
| 92: | public function process() { |
| 93: | if (!$this->session->is_admin()) { |
| 94: | return; |
| 95: | } |
| 96: | if (!$this->session->internal_users) { |
| 97: | return; |
| 98: | } |
| 99: | list($success, $form) = $this->process_form(array('create_username', 'create_password', 'create_password_again')); |
| 100: | if (!$success) { |
| 101: | return; |
| 102: | } |
| 103: | if ($form['create_password'] != $form['create_password_again']) { |
| 104: | Hm_Msgs::add('Passwords did not match', 'warning'); |
| 105: | return; |
| 106: | } |
| 107: | $res = $this->session->create($form['create_username'], $form['create_password']); |
| 108: | if ($res === 1) { |
| 109: | Hm_Msgs::add("That username is already in use", "warning"); |
| 110: | } |
| 111: | elseif ($res === 2) { |
| 112: | Hm_Msgs::add("Account Created"); |
| 113: | } |
| 114: | } |
| 115: | } |
| 116: | |
| 117: | |
| 118: | |
| 119: | |
| 120: | class Hm_Handler_check_internal_users extends Hm_Handler_Module { |
| 121: | public function process() { |
| 122: | $this->out('is_admin', $this->session->is_admin()); |
| 123: | $this->out('internal_users', $this->session->internal_users); |
| 124: | } |
| 125: | } |
| 126: | |
| 127: | |
| 128: | |
| 129: | |
| 130: | class Hm_Output_create_account_link extends Hm_Output_Module { |
| 131: | protected function output() { |
| 132: | if (!$this->get('is_admin', false)) { |
| 133: | $res = ''; |
| 134: | } |
| 135: | else { |
| 136: | $res = '<li class="menu_create_account"><a class="unread_link" href="?page=accounts">'; |
| 137: | if (!$this->get('hide_folder_icons')) { |
| 138: | $res .= '<i class="bi bi-europe-africa account_icon"></i> '; |
| 139: | } |
| 140: | $res .= $this->trans('Accounts').'</a></li>'; |
| 141: | } |
| 142: | if ($this->format == 'HTML5') { |
| 143: | return $res; |
| 144: | } |
| 145: | $this->concat('formatted_folder_list', $res); |
| 146: | } |
| 147: | } |
| 148: | |
| 149: | |
| 150: | |
| 151: | |
| 152: | class Hm_Output_create_form extends Hm_Output_Module { |
| 153: | protected function output() { |
| 154: | if (!$this->get('internal_users') || !$this->get('is_admin', false)) { |
| 155: | Hm_Dispatch::page_redirect('?page=home'); |
| 156: | } |
| 157: | return '<div class="content_title">'.$this->trans('Accounts').'</div>'. |
| 158: | '<div class="settings_subtitle">'.$this->trans('Create Account').'</div>'. |
| 159: | '<div class="create_user">'. |
| 160: | '<form method="POST" autocomplete="off" >'. |
| 161: | '<input type="hidden" name="hm_page_key" value="'.Hm_Request_Key::generate().'" />'. |
| 162: | '<input style="display:none" type="text" name="fake_username" />'. |
| 163: | '<input style="display:none" type="password" name="fake_password" />'. |
| 164: | ' <input required type="text" placeholder="'.$this->trans('Username').'" name="create_username" value="">'. |
| 165: | ' <input type="password" required placeholder="'.$this->trans('Password').'" name="create_password">'. |
| 166: | ' <input type="password" required placeholder="'.$this->trans('Password Again').'" name="create_password_again">'. |
| 167: | ' <input type="submit" name="create_hm_user" value="'.$this->trans('Create').'" />'. |
| 168: | '</form></div>'; |
| 169: | } |
| 170: | } |
| 171: | class Hm_Output_user_list extends Hm_Output_Module { |
| 172: | protected function output() { |
| 173: | $res = '<br /><div class="settings_subtitle">'.$this->trans('Existing Accounts').'</div>'; |
| 174: | $res .= '<table class="user_list"><thead></thead><tbody>'; |
| 175: | if ($this->get('is_mobile')) { |
| 176: | $width = 2; |
| 177: | } |
| 178: | else { |
| 179: | $width = 6; |
| 180: | } |
| 181: | $count = 0; |
| 182: | foreach ($this->get('user_list', array()) as $user) { |
| 183: | if ($count == 0) { |
| 184: | $res .= '<tr>'; |
| 185: | } |
| 186: | $res .= '<td><form class="delete_user_form" action="?page=accounts" method="POST">'. |
| 187: | '<input type="hidden" name="hm_page_key" value="'.Hm_Request_Key::generate().'" />'. |
| 188: | '<input name="delete_username" type="hidden" value="'. |
| 189: | $this->html_safe($user['username']).'" /><input class="user_delete" type="submit" '. |
| 190: | 'value=" X " /></form>'; |
| 191: | $res .= ' '.$this->html_safe($user['username']).'</td>'; |
| 192: | $count++; |
| 193: | if ($count == $width) { |
| 194: | $res .= '</tr>'; |
| 195: | $count = 0; |
| 196: | } |
| 197: | } |
| 198: | if ($count != $width) { |
| 199: | $res .= '</tr>'; |
| 200: | } |
| 201: | $res .= '</table>'; |
| 202: | return $res; |
| 203: | } |
| 204: | } |
| 205: | |
| 206: | |
| 207: | |
| 208: | |
| 209: | |
| 210: | class Hm_Output_change_password_link extends Hm_Output_Module { |
| 211: | protected function output() { |
| 212: | if ($this->get('internal_users')) { |
| 213: | $res = '<li class="menu_change_password"><a class="unread_link" href="?page=change_password">'; |
| 214: | if (!$this->get('hide_folder_icons')) { |
| 215: | $res .= '<i class="bi bi-key-fill menu-icon"></i>'; |
| 216: | } |
| 217: | $res .= $this->trans('Password').'</a></li>'; |
| 218: | $this->concat('formatted_folder_list', $res); |
| 219: | } |
| 220: | } |
| 221: | } |
| 222: | |
| 223: | |
| 224: | |
| 225: | |
| 226: | |
| 227: | class Hm_Output_change_password extends Hm_Output_Module { |
| 228: | protected function output() { |
| 229: | $res = ''; |
| 230: | if ($this->get('internal_users')) { |
| 231: | $res .= '<div class="chg_pass_page px-0"> |
| 232: | <div class="content_title px-3">'.$this->trans('Change Password').'</div> |
| 233: | <div class="change_pass row px-3 mt-3"> |
| 234: | <div class="col-lg-4 col-sm-12"> |
| 235: | <form method="POST"> |
| 236: | <input type="hidden" name="hm_page_key" value="'.Hm_Request_Key::generate().'" /> |
| 237: | |
| 238: | <div class="form-floating mb-3"> |
| 239: | <input required type="password" id="old_pass" name="old_pass" class="form-control" placeholder="'.$this->trans('Current password').'"> |
| 240: | <label for="old_pass">'.$this->trans('Current password').'</label> |
| 241: | </div> |
| 242: | |
| 243: | <div class="form-floating mb-3"> |
| 244: | <input required type="password" id="new_pass1" name="new_pass1" class="form-control" placeholder="'.$this->trans('New password').'"> |
| 245: | <label for="new_pass1">'.$this->trans('New password').'</label> |
| 246: | </div> |
| 247: | |
| 248: | <div class="form-floating mb-3"> |
| 249: | <input required type="password" id="new_pass2" name="new_pass2" class="form-control" placeholder="'.$this->trans('New password again').'"> |
| 250: | <label for="new_pass2">'.$this->trans('New password again').'</label> |
| 251: | </div> |
| 252: | |
| 253: | <input type="submit" name="change_password" class="btn btn-primary" value="'.$this->trans('Update').'"> |
| 254: | </form> |
| 255: | </div> |
| 256: | </div> |
| 257: | </div>'; |
| 258: | } |
| 259: | return $res; |
| 260: | } |
| 261: | } |
| 262: | |