Show sourcecode
The following files exists in this folder. Click to view.
create_test.php
create_test_fuckingtrasig.php
hash.php
index.php
login.php
main.php
personal_results.php
setup.php
sign_up.php
test_correcting.php
tests.php
user_administration.php
verification.php
user_administration.php
186 lines UTF-8 Windows (CRLF)
123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186
<?php
session_start(["gc_maxlifetime" => 86400]);
?>
<!DOCTYPE html>
<html lang="sv">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>Administrera användare</title>
<style>
table {
border-collapse: collapse;
width: 100%;
}
td,
th {
border: 1px solid black;
text-align: left;
padding: 8px;
}
tr:nth-child(even) {
background-color: #dddddd;
}
#show_password {
width: 10em;
border: 1px solid gray;
background-color: lightgray;
}
</style>
</head>
<body>
<a href="main.php">Tillbaka</a>
<h1>Administrera användare</h1>
<h3>Klicka på deras id för att hantera</h3>
<table>
<tr>
<th>ID</th>
<th>Namn</th>
<th>Användarnamn</th>
<th>Salt</th>
<th>Lösenord (hashat)</th>
<th>Senast inloggning</th>
<th>Admin</th>
</tr>
<?php
try {
/** @var PDO $dbconn */
include("../databaser/dbconnection.php");
$admin_required = true; // Kontrolleras i verification.php
include("verification.php");
// Om ett formulär skickats så uppdaterar man användaren.
if (isset($_POST["id"])) {
// Kollar om det redan finns någon med det användarnamnet
$sql = "SELECT 1 FROM quiz_users WHERE username = ? AND NOT id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$_POST["username"], $_POST["id"]];
$stmt->execute($data);
$result = $stmt->fetch();
if ($result) {
echo ("Användare med det användarnamnet finns redan. Försök med annat");
return; // Avslutar phpn
}
$sql = "SELECT username FROM quiz_users WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$_POST["id"]];
$stmt->execute($data);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$username_in_db = $user["username"];
if($_POST["username"] != $username_in_db){
$sql = "UPDATE quiz_users SET username = ? WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$_POST["username"], $_POST["id"]];
$stmt->execute($data);
}
$sql = "UPDATE quiz_users SET name = ?, admin = ? WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$admin_binary = isset($_POST["admin"]) ? 1 : 0;
$data = [$_POST["name"], $admin_binary, $_POST["id"]];
$stmt->execute($data);
include("hash.php");
if (isset($_POST["renew_salt"]) && isset($_POST["password"])) {
$salt = generateSalt($_POST["username"]);
$hashed_password = customHash($_POST["password"], $salt);
$sql = "UPDATE quiz_users SET salt = ?, password = ? WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$salt, $hashed_password, $_POST["id"]];
$stmt->execute($data);
} else if (isset($_POST["password"]) && $_POST["password"] != null) {
$sql = "SELECT salt FROM quiz_users WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$_POST["id"]];
$stmt->execute($data);
$salt = $stmt->fetch(PDO::FETCH_ASSOC)["salt"];
$hashed_password = customHash($_POST["password"], $salt);
$sql = "UPDATE quiz_users SET password = ? WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$hashed_password, $_POST["id"]];
// $stmt->execute($data);
}
if (isset($_POST["delete_user"])){
// Tar bort användaren om den ska bort.
$sql = "DELETE FROM quiz_users WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$_POST["id"]];
$stmt->execute($data);
}
}
$sql = "SELECT * FROM quiz_users";
$stmt = $dbconn->prepare($sql);
$stmt->execute();
while ($user = $stmt->fetch(PDO::FETCH_ASSOC)) {
// Alla får en egen rad i tabellen
echo ('<tr>');
echo ('<td><a href="user_administration.php?id=' . $user["id"] . '">' . $user["id"] . '</a></td>');
echo ('<td>' . $user["name"] . '</td>');
echo ('<td>' . $user["username"] . '</td>');
echo ('<td>' . $user["salt"] . '</td>');
echo ('<td>' . $user["password"] . '</td>');
echo ('<td>' . $user["last_login"] . '</td>');
$is_admin = $user["admin"] == 1 ? "Ja" : "Nej";
echo ('<td>' . $is_admin . '</td>');
echo ('</tr>');
}
echo ("</table>");
echo ('<hr><hr><hr>');
if (isset($_GET["id"])) {
// Lägger upp ett formulär där man kan ändra på användaren
$sql = "SELECT * FROM quiz_users WHERE id = ?";
$stmt = $dbconn->prepare($sql);
$data = [$_GET["id"]];
$stmt->execute($data);
$user = $stmt->fetch(PDO::FETCH_ASSOC);
$admin_attribute = $user["admin"] == 1 ? "checked" : ""; // Används för att checka adminlådan om den ska vara det
echo ('
<form method="POST" action="user_administration.php">
<h3> ID: ' . $_GET["id"] . '</h3>
<input type="hidden" value="' . $_GET["id"] . '" name="id">
<input type="checkbox" name="delete_user" id="delete_user"><label for="delete_user">Radera användare</label><br>
<input type="text" required maxlength="100" name="name" id="name" value="' . $user["name"] . '"><label for="name">Namn</label><br>
<input type="text" required maxlength="50" name="username" id="username" value="' . $user["username"] . '"><label for="username">Användarnamn</label><br>
<input type="password" maxlength="255" minlength="8" name="password" id="password"><label for="password">Nytt lösenord (frivilligt)</label><br>
<div id="show_password">Visa lösenord</div>
<input type="checkbox" name="renew_salt" id="renew_salt"><label for="renew_salt">Förnya salt? Då krävs nytt lösenord.</label><br>
<input type="checkbox" name="admin" id="admin"' . $admin_attribute . '><label for="admin">Admin?</label><br>
<button type="submit">Genomför</button>
</form>
');
}
} catch (PDOException $e) {
echo ($e->getMessage());
}
?>
<script>
const show_pass_btn = document.getElementById("show_password");
const password_input = document.getElementById("password");
show_pass_btn.addEventListener("mouseover", function() {
password_input.type = "text";
})
show_pass_btn.addEventListener("mouseleave", function() {
password_input.type = "password";
})
</script>
</body>
</html>