. */ ini_set('session.gc_maxlifetime', 24*60*60); // MIN SESSION ini_set('session.gc_probability', 1); // GC RATES ini_set('session.gc_divisor', 100); // TIMES ini_set('session.use_cookies', '1'); ini_set('session.use_only_cookies', '1'); ini_set('session.cookie_secure', '1'); ini_set('session.cookie_httponly', '1'); ini_set('session.cookie_samesite', 'Lax'); session_save_path('.tmp'); // TEMP session_start(); // START require_once __DIR__ . '/autoload.php'; // AUTOLOAD use App\LobbySIO\Config\Registry; $Users = new \App\LobbySIO\Database\Users(); if (Registry::AUTHMETHOD == 'SAML') { //simplesaml require_once('../simplesamlphp/lib/_autoload.php'); $auth = new \SimpleSAML\Auth\Simple(Registry::AUTHIDP); //$auth->requireAuth(); $auth->isAuthenticated(); if (!$auth->isAuthenticated()) { $attributes = 'none'; } else { $attributes = $auth->getAttributes(); $saml_user_email = $attributes['http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress'][0]; $saml_user_info = $Users->getUserInfoByEmail($saml_user_email, "1", "0"); $saml_user_id = $saml_user_info["0"]["users_id"]; } $session = \SimpleSAML\Session::getSessionFromRequest(); $session->cleanup(); } $StaticFunctions = new \App\LobbySIO\Misc\StaticFunctions(); // DEFAULT CLASSES $SiteInfo = new \App\LobbySIO\Database\SiteInfo(); if (isset($_SESSION['user_id'])) { // LOGGED IN? GET USER OBJECT if (isset($saml_user_id)) { $sessuserid=$saml_user_id; } else { $sessuserid=$_SESSION['user_id']; } } elseif (!isset($_SESSION['user_id'])) { if (isset($saml_user_id)) { $sessuserid=$saml_user_id; } else { $sessuserid='2'; } $session_user = $Users->getUserInfo($sessuserid, "1", "0"); } if (isset($session_user)) { // GET UID OR SET TO KIOSK $uid = $session_user["0"]["users_id"];} else { $uid = "2"; } $app_disp_lang = filter_input(INPUT_COOKIE, 'app_disp_lang'); // SETUP LANGUAGE if(!isset($app_disp_lang)) { $app_disp_lang=$StaticFunctions->getDefaultLanguage(); } $siteidcookie = filter_input(INPUT_COOKIE, 'app_site'); // SETUP SITE foreach($SiteInfo->getSite("0", $uid, "0", "0") as $arr) { $lookup_array[$arr['sites_id']]=1; } if(isset($lookup_array[$siteidcookie])) { $siteid = $siteidcookie; } else { $siteid = "1"; } if(!isset($siteid)) { $siteid="1"; } $Translate = new \App\LobbySIO\Language\Translate($app_disp_lang); // SETUP TRANSLATOR $transLang = $Translate->userLanguage(); $app_current_pagename = $transLang['ADMINISTRATION']; // PAGE SETUP $app_current_pageicon = ' '; require_once("inc/header.inc.php"); if ($StaticFunctions->getUserSessionStatus() == false) { // CHECK STATUS echo $StaticFunctions->killSession(); // ELSE DIE } else { ?>

getUserInfo($_POST['editid'], "0", "0") //$SiteInfo->addSite($_POST['sitename'], $_POST['timezone'], $_POST['region']); //header('Location: ' . $_SERVER['PHP_SELF']); ?>

" />

getMinPass(); ?> addSite($_POST['sitename'], $_POST['timezone'], $_POST['region']); $newsiteid = $SiteInfo->getSiteByID($_POST['sitename']); $SiteInfo->grantSitePermissionBySiteAndUser($newsiteid["0"]["id"], "1"); $SiteInfo->grantSitePermissionBySiteAndUser($newsiteid["0"]["id"], "2"); header('Location: ' . $_SERVER['PHP_SELF']); endif; if (Registry::AUTHMETHOD == 'INTERNAL') { if (!empty($_POST['newuser'])): // NEW USER INTERNAL require_once("src/Misc/PasswordHash.php"); if (empty($_POST['username'])): $errors['username'] = $transLang['USERNAME_NOTEMPTY']; endif; if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username'])): $errors['username'] = $transLang['ILLEGAL_CHARACTERS']; endif; if (empty($_POST['password'])): $errors['password'] = $transLang['PASSWORD_NOTEMPTY']; endif; if (strlen($_POST['password']) < $minpasslength): $errors['password'] = $transLang['MIN_PASSWORD_LENGTH'] . $minpasslength; endif; if (empty($_POST['password_confirm'])): $errors['password_confirm'] = $transLang['PASSWORD_NOTCONFIRMED']; endif; if ($_POST['password'] != $_POST['password_confirm']): $errors['password_confirm'] = $transLang['PASSWORD_NOTMATCH']; endif; $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); if (!$email): $errors['email'] = $transLang['EMAIL_NOTVALID']; endif; $existing = $Users->checkUser($_POST['username'], $email); if ($existing): if ($existing[0]["users_username"] == $_POST['username']): $errors['username'] = $transLang['USERNAME_USED']; endif; if ($existing[0]["users_email"] == $email): $errors['email'] = $transLang['PASSWORD_USED']; endif; endif; endif; if (!empty($_POST['newuser']) && empty($errors)): $hasher = new PasswordHash(8, FALSE); $password = $hasher->HashPassword($_POST['password']); $Users->addUser($_POST['firstname'], $_POST['lastname'], $_POST['username'], $timezone, $password, $_POST['email'], $_POST['usertype']); header('Location: ' . $_SERVER['PHP_SELF']); endif; } elseif (Registry::AUTHMETHOD == 'SAML') { if (!empty($_POST['newuser'])): // NEW USER SAML $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); if (!$email): $errors['email'] = $transLang['EMAIL_NOTVALID']; endif; $existing = $Users->lookupSamlUserByEmail($email); if ($existing): if ($existing[0]["users_email"] == $email): $errors['email'] = $transLang['PASSWORD_USED']; endif; endif; endif; if (!empty($_POST['newuser']) && empty($errors)): $Users->addSAMLUser($timezone, $_POST['email'], $_POST['usertype']); header('Location: ' . $_SERVER['PHP_SELF']); endif; }; if (!empty($_POST['editusercomplete'])): // EDIT USER if (Registry::AUTHMETHOD == 'INTERNAL') { require_once("src/Misc/PasswordHash.php"); if (empty($_POST['username'])): $errors['username'] = $transLang['USERNAME_NOTEMPTY']; endif; if (preg_match('/[^a-zA-Z0-9 .-_]/', $_POST['username'])): $errors['username'] = $transLang['ILLEGAL_CHARACTERS']; endif; // if (empty($_POST['password'])): $errors['password'] = $transLang['PASSWORD_NOTEMPTY']; endif; // if (strlen($_POST['password']) < $minpasslength): $errors['password'] = $transLang['MIN_PASSWORD_LENGTH'] . $minpasslength; endif; // if (empty($_POST['password_confirm'])): $errors['password_confirm'] = $transLang['PASSWORD_NOTCONFIRMED']; endif; // if ($_POST['password'] != $_POST['password_confirm']): $errors['password_confirm'] = $transLang['PASSWORD_NOTMATCH']; endif; $email = filter_var($_POST['email'], FILTER_VALIDATE_EMAIL); if (!$email): $errors['email'] = $transLang['EMAIL_NOTVALID']; endif; // $existing = $Users->checkUser($_POST['username'], $email); // if ($existing): // if ($existing[0]["users_username"] == $_POST['username']): $errors['username'] = $transLang['USERNAME_USED']; endif; // if ($existing[0]["users_email"] == $email): $errors['email'] = $transLang['PASSWORD_USED']; endif; // endif; } endif; if (!empty($_POST['editusercomplete']) && empty($errors)): // $hasher = new PasswordHash(8, FALSE); // $password = $hasher->HashPassword($_POST['password']); if (Registry::AUTHMETHOD == 'INTERNAL') { $editedusername=$_POST['username']; } else { $editedusername="SAML/SSO"; } $Users->editUserInfo($_POST['edituserid'], $_POST['firstname'], $_POST['lastname'], $editedusername, $_POST['email'], $_POST['usertype']); //foreach loop to check if exists, if new, delete or add as needed $SiteInfo->deleteSitePermissionByUser($_POST['edituserid']); foreach($_POST['sitepermissions'] as $editsitepermission) { $SiteInfo->grantSitePermissionBySiteAndUser($editsitepermission, $_POST['edituserid']); } header('Location: ' . $_SERVER['PHP_SELF']); endif; // DEL USER if (!empty($_POST['deluser'])) { if ($_SERVER['REQUEST_METHOD'] == 'DELETE' || ($_SERVER['REQUEST_METHOD'] == 'POST' && $_POST['_METHOD'] == 'DELETE')) { $deleteid = (int) $_POST['deleteid']; echo $Users->deleteUser($deleteid); echo "user deleted!"; header('Location: ' . $_SERVER['PHP_SELF']); } } // Set up pagination $page_num = 1; if(!empty($_GET['pnum'])): $page_num = filter_input(INPUT_GET, 'pnum', FILTER_VALIDATE_INT); if(false === $page_num): $page_num = 1; endif; endif; $offset = ($page_num - 1) * $StaticFunctions->getPageRows(); $row_count = count($Users->getUserInfo("%", "%", "%")); $page_count = 0; if (0 === $row_count): else: $page_count = (int)ceil($row_count / $StaticFunctions->getPageRows()); if($page_num > $page_count): $page_num = 1; endif; endif; ?>

' . $transLang['PAGE'] . '

'; for ($i = 1; $i <= $page_count; $i++): echo '

' . $i . '

'; endfor; echo ''; ?> getUserInfo("%", $StaticFunctions->getPageRows(), $offset) as $row): ?>

getMinPass(); ?> deleteSitePermissionByUserAndSite ('0', $deleteid); $SiteInfo->deleteSitePermissionByUserAndSite ('1', $deleteid); $SiteInfo->deleteSitePermissionByUserAndSite ('2', $deleteid); echo $SiteInfo->deleteSite($deleteid); echo "site deleted!"; header('Location: ' . $_SERVER['PHP_SELF']); } } // Set up pagination $page_num1 = 1; if(!empty($_GET['pnum1'])): $page_num1 = filter_input(INPUT_GET, 'pnum1', FILTER_VALIDATE_INT); if(false === $page_num1): $page_num1 = 1; endif; endif; $offset1 = ($page_num1 - 1) * $StaticFunctions->getPageRows(); $row_count1 = count($SiteInfo->listSite("0", "0")); $page_count1 = 0; if (0 === $row_count1): else: $page_count1 = (int)ceil($row_count1 / $StaticFunctions->getPageRows()); if($page_num1 > $page_count1): $page_num1 = 1; endif; endif; ?>

' . $transLang['PAGE'] . '

'; for ($i1 = 1; $i1 <= $page_count1; $i1++): echo '

' . $i1 . '

'; endfor; echo ''; ?> listSite($StaticFunctions->getPageRows(), $offset1) as $row1): ?>

getMinPass(); ?>