diff --git a/src/admin/index.php b/src/admin/index.php
index 11b01f6..8eb7cf3 100644
--- a/src/admin/index.php
+++ b/src/admin/index.php
@@ -115,6 +115,11 @@ else
// --- END CREATE TITLE
*/
+// --- BEGIN CREATE TITLE
+$content['TITLE'] = InitPageTitle();
+$content['TITLE'] .= " :: General Options";
+// --- END CREATE TITLE
+
// --- Parsen and Output
InitTemplateParser();
$page -> parser($content, "admin/admin_index.html");
diff --git a/src/admin/users.php b/src/admin/users.php
index 3aad54f..02f3e0f 100644
--- a/src/admin/users.php
+++ b/src/admin/users.php
@@ -53,19 +53,31 @@ InitFilterHelpers(); // Helpers for frontend filtering!
// Init admin langauge file now!
IncludeLanguageFile( $gl_root_path . '/lang/' . $LANG . '/admin.php' );
-
-// --- CONTENT Vars
-$content['TITLE'] = "Ultrastats - Admin Center - Users"; // Title of the Page
// ---
// --- BEGIN Custom Code
+
+// Only if the user is an admin!
+if ( !isset($_SESSION['SESSION_ISADMIN']) || $_SESSION['SESSION_ISADMIN'] == 0 )
+ DieWithFriendlyErrorMsg( $content['LN_ADMIN_ERROR_NOTALLOWED'] );
+
if ($_GET['miniop'] == "setisadmin")
{
if ( isset($_GET['id']) && isset($_GET['newval']) )
{
//PreInit these values
$content['USERID'] = intval(DB_RemoveBadChars($_GET['id']));
+ $iNewVal = intval(DB_RemoveBadChars($_GET['newval']));
+ // --- handle special case
+ if ( $content['USERID'] == $content['SESSION_USERID'] && (!isset($_GET['verify']) || $_GET['verify'] != "yes") && $iNewVal == 0)
+ {
+ // This will print an additional secure check which the user needs to confirm and exit the script execution.
+ PrintSecureUserCheck( $content['LN_USER_WARNREMOVEADMIN'], $content['LN_DELETEYES'], $content['LN_DELETENO'] );
+ }
+ // ---
+
+ // Perform SQL Query!
$sqlquery = "SELECT * " .
" FROM " . DB_USERS .
" WHERE ID = " . $content['USERID'];
@@ -73,8 +85,6 @@ if ($_GET['miniop'] == "setisadmin")
$myuser = DB_GetSingleRow($result, true);
if ( isset($myuser['username']) )
{
- $iNewVal = intval(DB_RemoveBadChars($_GET['newval']));
-
// Update is_admin setting!
$result = DB_Query("UPDATE " . DB_USERS . " SET
is_admin = $iNewVal
@@ -181,6 +191,14 @@ if ( isset($_GET['op']) )
}
else
{
+ // --- Ask for deletion first!
+ if ( (!isset($_GET['verify']) || $_GET['verify'] != "yes") )
+ {
+ // This will print an additional secure check which the user needs to confirm and exit the script execution.
+ PrintSecureUserCheck( GetAndReplaceLangStr( $content['LN_USER_WARNDELETEUSER'], $myrow['username'] ), $content['LN_DELETEYES'], $content['LN_DELETENO'] );
+ }
+ // ---
+
// do the delete!
$result = DB_Query( "DELETE FROM " . DB_USERS . " WHERE ID = " . $content['USERID'] );
if ($result == FALSE)
@@ -191,6 +209,8 @@ if ( isset($_GET['op']) )
else
DB_FreeQuery($result);
+ // TODO: DELETE PERSONAL SETTINGS, GROUP MEMBERSHIP ...
+
// Do the final redirect
RedirectResult( GetAndReplaceLangStr( $content['LN_USER_ERROR_HASBEENDEL'], $myrow['username'] ) , "users.php" );
}
@@ -349,9 +369,13 @@ else
}
// ---
}
-
// --- END Custom Code
+// --- BEGIN CREATE TITLE
+$content['TITLE'] = InitPageTitle();
+$content['TITLE'] .= " :: User Options";
+// --- END CREATE TITLE
+
// --- Parsen and Output
InitTemplateParser();
$page -> parser($content, "admin/admin_users.html");
diff --git a/src/include/functions_common.php b/src/include/functions_common.php
index 9e8996c..071eda9 100644
--- a/src/include/functions_common.php
+++ b/src/include/functions_common.php
@@ -541,12 +541,17 @@ function InitConfigurationValues()
// Now we init the user session stuff
InitUserSession();
- if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true && !$content['SESSION_LOGGEDIN'] )
- {
- // User needs to be logged in, redirect to login page
- if ( !defined("IS_LOGINPAGE") )
- RedirectToUserLogin();
- }
+ if ( isset($CFG["UserDBLoginRequired"]) && $CFG["UserDBLoginRequired"] == true )
+ {
+ if ( !$content['SESSION_LOGGEDIN'] )
+ {
+ // User needs to be logged in, redirect to login page
+ if ( !defined("IS_LOGINPAGE") )
+ RedirectToUserLogin();
+ }
+ }
+ else if ( defined('IS_ADMINPAGE') ) // Language System not initialized yet
+ DieWithFriendlyErrorMsg( "You need to be logged in in order to access the admin pages." );
// General defaults
// // --- Language Handling
@@ -559,6 +564,11 @@ function InitConfigurationValues()
$content['database_forcedatabaseupdate'] = "yes";
}
}
+ else
+ {
+ if ( defined('IS_ADMINPAGE') || defined("IS_LOGINPAGE") ) // Language System not initialized yet
+ DieWithFriendlyErrorMsg( "The phpLogCon user system is currently disabled or not installed." );
+ }
// --- Language Handling
if ( isset($_SESSION['CUSTOM_LANG']) && VerifyLanguage($_SESSION['CUSTOM_LANG']) )
@@ -711,17 +721,22 @@ function InitPageTitle()
else
$szReturn = "";
- if ( isset($currentSourceID) && isset($content['Sources'][$currentSourceID]['Name']) )
- $szReturn .= "Source '" . $content['Sources'][$currentSourceID]['Name'] . "' :: ";
+ if ( !defined('IS_ADMINPAGE') )
+ {
+ if ( isset($currentSourceID) && isset($content['Sources'][$currentSourceID]['Name']) )
+ $szReturn .= "Source '" . $content['Sources'][$currentSourceID]['Name'] . "' :: ";
+ }
// Append phpLogCon
$szReturn .= "phpLogCon";
+ if ( defined('IS_ADMINPAGE') )
+ $szReturn .= " :: " . $content['LN_ADMIN_CENTER'] . " :: ";
+
// return result
return $szReturn;
}
-
function GetStringWithHTMLCodes($myStr)
{
// Replace all special characters with valid html representations
@@ -982,4 +997,38 @@ function StartPHPSession()
}
}
+function PrintSecureUserCheck( $warningtext, $yesmsg, $nomsg )
+{
+ global $content, $page;
+
+ // Copy properties
+ $content['warningtext'] = $warningtext;
+ $content['yesmsg'] = $yesmsg;
+ $content['nomsg'] = $nomsg;
+
+ // Handle GET and POST input!
+ $content['form_url'] = $_SERVER['SCRIPT_NAME'] . "?";
+ foreach ($_GET as $varname => $varvalue)
+ $content['form_url'] .= $varname . "=" . $varvalue . "&";
+ $content['form_url'] .= "verify=yes"; // Append verify!
+
+ foreach ($_POST as $varname => $varvalue)
+ $content['POST_VARIABLES'][] = array( "varname" => $varname, "varvalue" => $varvalue );
+
+ // --- BEGIN CREATE TITLE
+ $content['TITLE'] = InitPageTitle();
+ $content['TITLE'] .= " :: Confirm Action";
+ // --- END CREATE TITLE
+
+ // --- Parsen and Output
+ InitTemplateParser();
+ $page -> parser($content, "admin/admin_securecheck.html");
+ $page -> output();
+ // ---
+
+ // Exit script execution
+ exit;
+}
+
+
?>
\ No newline at end of file
diff --git a/src/include/functions_users.php b/src/include/functions_users.php
index 5f7a862..01a1510 100644
--- a/src/include/functions_users.php
+++ b/src/include/functions_users.php
@@ -44,6 +44,11 @@ if ( !defined('IN_PHPLOGCON') )
///include($gl_root_path . 'include/constants_logstream.php');
// ---
+// --- Define User System initialized!
+define('IS_USERSYSTEMENABLED', true);
+$content['IS_USERSYSTEMENABLED'] = true;
+// ---
+
// --- BEGIN Usermanagement Function ---
function InitUserSession()
{
@@ -62,8 +67,9 @@ function InitUserSession()
{
$content['SESSION_LOGGEDIN'] = true;
$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
+ $content['SESSION_USERID'] = $_SESSION['SESSION_USERID'];
$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
-
+
// Successfully logged in
return true;
}
@@ -125,10 +131,12 @@ function CheckUserLogin( $username, $password )
{
$_SESSION['SESSION_LOGGEDIN'] = true;
$_SESSION['SESSION_USERNAME'] = $username;
+ $_SESSION['SESSION_USERID'] = $myrow['ID'];
$_SESSION['SESSION_ISADMIN'] = $myrow['is_admin'];
$content['SESSION_LOGGEDIN'] = $_SESSION['SESSION_LOGGEDIN'];
$content['SESSION_USERNAME'] = $_SESSION['SESSION_USERNAME'];
+ $content['SESSION_USERID'] = $_SESSION['SESSION_USERID'];
$content['SESSION_ISADMIN'] = $_SESSION['SESSION_ISADMIN'];
// TODO SET LAST LOGIN TIME!
@@ -152,6 +160,7 @@ function DoLogOff()
unset( $_SESSION['SESSION_LOGGEDIN'] );
unset( $_SESSION['SESSION_USERNAME'] );
+ unset( $_SESSION['SESSION_USERID'] );
unset( $_SESSION['SESSION_ACCESSLEVEL'] );
// Redir to Index Page
diff --git a/src/lang/en/admin.php b/src/lang/en/admin.php
index 7f38740..dfdc53f 100644
--- a/src/lang/en/admin.php
+++ b/src/lang/en/admin.php
@@ -37,6 +37,9 @@ $content['LN_ADMINMENU_USEROPT'] = "User Options";
$content['LN_ADMINMENU_GROUPOPT'] = "Group Options";
$content['LN_ADMIN_CENTER'] = "Admin center";
$content['LN_ADMIN_UNKNOWNSTATE'] = "Unknown State";
+$content['LN_ADMIN_ERROR_NOTALLOWED'] = "You are not allowed to access this page with your user level.";
+$content['LN_DELETEYES'] = "Yes";
+$content['LN_DELETENO'] = "No";
// User Center
$content['LN_USER_CENTER'] = "User Options";
@@ -61,6 +64,11 @@ $content['LN_USER_ERROR_HASBEENADDED'] = "User '%1' has been successfully added"
$content['LN_USER_ERROR_HASBEENEDIT'] = "User '%1' has been successfully edited";
$content['LN_USER_ISADMIN'] = "Is Admin?";
$content['LN_USER_ADDEDIT'] = "Add/Edit User";
+$content['LN_USER_WARNREMOVEADMIN'] = "You are about to revoke your own administrative priviledges. Are you sure to remove your admin status?";
+$content['LN_USER_WARNDELETEUSER'] = "Are you sure that you want to delete the User '%1'? All his personal settings will be deleted as well.";
+$content['LN_USER_'] = "";
+$content['LN_USER_'] = "";
+$content['LN_USER_'] = "";
$content['LN_USER_'] = "";
diff --git a/src/templates/admin/admin_securecheck.html b/src/templates/admin/admin_securecheck.html
new file mode 100644
index 0000000..a4f8921
--- /dev/null
+++ b/src/templates/admin/admin_securecheck.html
@@ -0,0 +1,32 @@
+
+
+
+
+
+
+
\ No newline at end of file
diff --git a/src/themes/default/main.css b/src/themes/default/main.css
index 1e49e04..1dd5333 100644
--- a/src/themes/default/main.css
+++ b/src/themes/default/main.css
@@ -445,3 +445,9 @@ select, input, button, textarea
font: bold 8pt Arial,Helvetica,sans-serif;
color: #BB0000
}
+
+.borderless
+{
+ border:0px solid;
+ background-color: transparent;
+}
+