2017-02-17 16:41:39 +01:00
|
|
|
<?php
|
|
|
|
|
/* μlogger
|
|
|
|
|
*
|
|
|
|
|
* Copyright(C) 2017 Bartek Fabiszewski (www.fabiszewski.net)
|
|
|
|
|
*
|
|
|
|
|
* This is free software; you can redistribute it and/or modify it under
|
2017-04-07 00:05:28 +02:00
|
|
|
* the terms of the GNU General Public License as published by
|
|
|
|
|
* the Free Software Foundation; either version 3 of the License, or
|
2017-02-17 16:41:39 +01:00
|
|
|
* (at your option) any later version.
|
|
|
|
|
*
|
|
|
|
|
* This program is distributed in the hope that it will be useful, but
|
|
|
|
|
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
* General Public License for more details.
|
|
|
|
|
*
|
2017-04-07 00:05:28 +02:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
|
* along with this program; if not, see <http://www.gnu.org/licenses/>.
|
2017-02-17 16:41:39 +01:00
|
|
|
*/
|
2017-04-09 23:35:55 +02:00
|
|
|
|
2017-04-11 17:00:40 +02:00
|
|
|
require_once(dirname(__DIR__) . "/auth.php"); // sets $mysqli, $user
|
2017-04-09 23:35:55 +02:00
|
|
|
|
|
|
|
|
/**
|
2017-02-17 16:41:39 +01:00
|
|
|
* Exit with xml response
|
|
|
|
|
* @param boolean $isError Error if true
|
|
|
|
|
* @param string $errorMessage Optional error message
|
|
|
|
|
*/
|
|
|
|
|
function exitWithStatus($isError, $errorMessage = NULL) {
|
|
|
|
|
header("Content-type: text/xml");
|
|
|
|
|
$xml = new XMLWriter();
|
|
|
|
|
$xml->openURI("php://output");
|
|
|
|
|
$xml->startDocument("1.0");
|
|
|
|
|
$xml->setIndent(true);
|
|
|
|
|
$xml->startElement('root');
|
|
|
|
|
$xml->writeElement("error", (int) $isError);
|
|
|
|
|
if ($isError) {
|
|
|
|
|
$xml->writeElement("message", $errorMessage);
|
|
|
|
|
}
|
|
|
|
|
$xml->endElement();
|
|
|
|
|
$xml->endDocument();
|
|
|
|
|
$xml->flush();
|
|
|
|
|
exit;
|
|
|
|
|
}
|
|
|
|
|
|
2017-04-12 20:16:39 +02:00
|
|
|
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : NULL;
|
2017-04-06 18:07:15 +02:00
|
|
|
$login = isset($_REQUEST['login']) ? trim($_REQUEST['login']) : NULL;
|
|
|
|
|
$hash = isset($_REQUEST['pass']) ? password_hash($_REQUEST['pass'], PASSWORD_DEFAULT) : NULL;
|
2017-04-12 20:16:39 +02:00
|
|
|
if (!$user->isAdmin || empty($action) || empty($login) || $user->login == $login) {
|
|
|
|
|
exitWithStatus(true, "Server error");
|
2017-02-17 16:41:39 +01:00
|
|
|
}
|
2017-04-12 20:16:39 +02:00
|
|
|
|
|
|
|
|
$aUser = new uUser($login);
|
|
|
|
|
|
|
|
|
|
switch ($action) {
|
|
|
|
|
case 'add':
|
|
|
|
|
if (empty($hash)) {
|
|
|
|
|
exitWithStatus(true, "Server error");
|
|
|
|
|
}
|
|
|
|
|
if ($aUser->isValid) {
|
|
|
|
|
exitWithStatus(true, $lang["userexists"]);
|
|
|
|
|
}
|
|
|
|
|
if ($aUser->add($login, $hash) === false) {
|
|
|
|
|
exitWithStatus(true, $mysqli->error);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'update':
|
|
|
|
|
// update password
|
|
|
|
|
if (empty($hash)) {
|
|
|
|
|
exitWithStatus(true, "Server error");
|
|
|
|
|
}
|
|
|
|
|
if ($aUser->setPass($hash) === false) {
|
|
|
|
|
exitWithStatus(true, $mysqli->error);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'delete':
|
|
|
|
|
if ($aUser->delete() === false) {
|
|
|
|
|
exitWithStatus(true, $mysqli->error);
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
exitWithStatus(true, "Server error");
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2017-02-17 16:41:39 +01:00
|
|
|
exitWithStatus(false);
|
2017-04-06 18:07:15 +02:00
|
|
|
|
2017-02-17 16:41:39 +01:00
|
|
|
?>
|
