lukas/kupshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first commit

Browse Source
This commit is contained in:
Lukáš Trkan
2025-08-02 16:30:27 +02:00
commit 23646bfcee
14851 changed files with 1750626 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

342
admin/admins.php Normal file
View File

@@ -0,0 +1,342 @@
<?php
// ##############################################################
global $cfg;
// ##############################################################
use KupShop\AdminBundle\Util\ActivityLog;
use KupShop\AdminBundle\Util\LegacyAdminCredentials;
use KupShop\KupShopBundle\Util\Compat\ServiceContainer;
use Query\Operator;
$main_class = 'Admins';
class Admins extends Window
{
use DatabaseCommunication;
protected $nameField = 'login';
protected $required = ['login' => true];
public function get_vars()
{
$vars = parent::get_vars();
$pageVars = getVal('body', $vars);
$ID = $this->getID();
$acn = $this->getAction();
$pageVars['data']['data'] = $pageVars['data']['data'] ?? null;
$this->unserializeCustomData($pageVars['data']);
$vars['body'] = $pageVars;
return $vars;
}
public function getObject()
{
$data = parent::getObject();
if ($data['privilege'] == 'ALL_RIGHTS') {
$data['all_rights'] = 'Y';
} else {
$data['all_rights'] = 'N';
}
return $data;
}
public function getData()
{
$data = parent::getData();
$acn = $this->getAction();
if (getVal('Submit') && $acn != 'passw') {
$data['date_valid'] = $this->prepareDateTime($data['date_valid']);
if ($data['all_rights'] == 'Y') {
$data['privilege'] = 'ALL_RIGHTS';
} else {
$data['privilege'] = '';
foreach ($data as $key => $row) {
if ($row == 'ON') {
$data['privilege'] .= $key.'|';
}
}
$data['privilege'] = substr($data['privilege'], 0, -1);
}
}
if ($acn == 'add' && !getVal('Submit')) {
$data['privilege'] = '';
$data['date_reg'] = date('Y-m-d H:i');
$data['active'] = 'Y';
}
$data['data'] = $data['custom_data'] ?? [];
$this->serializeCustomData($data);
return $data;
}
public function updatePass($password, $id)
{
$new_hash = password_hash($password, PASSWORD_BCRYPT);
$this->updateSQL('admins', ['password' => $new_hash], ['id' => $id]);
return $new_hash;
}
public function handleImpersonate(): void
{
if (!findRight('OTH_ADM_EDIT')) {
$this->returnError('Nedostatečená práva');
}
$legacyAdminCredentials = ServiceContainer::getService(LegacyAdminCredentials::class);
$newAdmin = $legacyAdminCredentials->getAdminById(
(int) $this->getID()
);
addActivityLog(
ActivityLog::SEVERITY_NOTICE,
ActivityLog::TYPE_SECURITY,
sprintf(translate('impersonateLogMessage'), $newAdmin['login'])
);
$legacyAdminCredentials->setLoginSession($this->getID());
$this->redirect(['acn' => 'erased3']);
}
public function handlePassw()
{
if (getVal('Submit')) {
$data = $this->getData();
global $adminID;
$admPassOld = $data['admPassOld'];
$admPass1 = $data['admPass1'];
$admPass2 = $data['admPass2'];
if (!empty($admPassOld) && !empty($admPass1) && !empty($admPass2)) {
$error = 0;
// nova hesla se musi rovnat
if ($admPass1 != $admPass2) {
$error = 1;
// Zadané heslo a kontrolní heslo se neshodují
$ErrStr = translate('errorPasswNotEqual');
}
// kontrola puvodniho hesla
$SQL = sqlQuery("SELECT id, login, password, OLD_PASSWORD('".$admPassOld."') AS passwGet
FROM ".getTableName('admins')."
WHERE id='".$adminID."'
LIMIT 1");
if (sqlNumRows($SQL) == 1) {
$log = sqlFetchArray($SQL);
$admName = $log['login'];
if (($log['passwGet'] != $log['password']) && (password_verify($admPassOld, $log['password']) == false)) {
$error = 1;
// Zadané současné heslo není správné
$ErrStr = translate('errorBadPassw');
}
}
sqlFreeResult($SQL);
if ($error == 0) {
/*$SQL = sqlQuery("UPDATE ".getTableName("admins")."
SET password=OLD_PASSWORD('".$admPass1."') WHERE id='".$adminID."' ");
*/
$new_hash = password_hash($admPass1, PASSWORD_BCRYPT);
$this->updateSQL('admins', ['password' => $new_hash], ['id' => $adminID]);
if ($SQL) {
$ErrStr = urlencode(translate('saved', 'status'));
writeDownActivity(sprintf(translate('activityPasswEdited'), $admName));
redirect('launch.php?s=admins.php&acn=passw&ErrStr='.$ErrStr);
} else {
$ErrStr = translate('scripterror', 'status');
}
} else {
redirect('launch.php?s=admins.php&acn=passw&ErrStr='.urlencode($ErrStr));
}
} else {
$ErrStr = translate('errorNotAllValidPassw');
redirect('launch.php?s=admins.php&acn=passw&ErrStr='.urlencode($ErrStr));
}
}
// die($ErrStr);
}
public function handleUpdate()
{
$SQL = parent::handleUpdate();
if ($SQL) {
$IDadm = $this->getID();
$data = $this->getData();
if (!empty($data['pass'])) {
/*sqlQuery("UPDATE ".getTableName("admins")."
SET password=OLD_PASSWORD('{$data['pass']}')
WHERE id='{$IDadm}' ");
*/
$new_hash = password_hash($data['pass'], PASSWORD_BCRYPT);
$this->updateSQL('admins', ['password' => $new_hash], ['id' => $IDadm]);
}
// ####################################################
// UPRAVA PRAV ADMINA KE CLANKUM
if (isset($data['ArtAuthors'])) {
if (findModule('articles')) {
// smazat vsechny radky
sqlQuery('DELETE FROM '.getTableName('articles_authors_admins')."
WHERE id_admin='".$IDadm."' ", '@');
if ($data['ArtAuthors'][0] != 0) {
$no = count($data['ArtAuthors']);
for ($i = 0; $i < $no; $i++) {
sqlQuery('INSERT INTO '.getTableName('articles_authors_admins')."
SET id_admin='".$IDadm."', id_auth='".$data['ArtAuthors'][$i]."' ");
}
}
}
}
// ####################################################
// UPRAVA PRAV ADMINA K SEKCIM CLANKU
if (isset($data['ArtSections'])) {
if (findModule('articles_sections')) {
// smazat vsechny radky
sqlQuery('DELETE FROM '.getTableName('articles_branches_admins')."
WHERE id_admin='".$IDadm."' ", '@');
if ($data['ArtSections'][0] != 0) {
$no = count($data['ArtSections']);
for ($i = 0; $i < $no; $i++) {
sqlQuery('INSERT INTO '.getTableName('articles_branches_admins')."
SET id_admin='".$IDadm."', id_branch='".$data['ArtSections'][$i]."' ");
}
}
}
}
// ####################################################
}
return $SQL;
}
public function handleDelete()
{
$IDadm = $this->getID();
if (!findRight('OTH_ADM_ERASE')) {
redirect('launch.php?s=error.php&id=1');
}
global $adminID;
if ($adminID != $IDadm) {
writeDownActivity(sprintf(translate('activityDeleted'), returnSQLResult('SELECT login
FROM '.getTableName('admins')."
WHERE id='".$IDadm."' ")));
$SQL = sqlQuery('DELETE FROM '.getTableName('admins')." WHERE id='{$IDadm}' ");
redirect('launch.php?s=admins.php&acn=erased');
} else {
// Nemůžete smazat administrátora, pod kterým jste právě přihlášen
$ErrStr = translate('errorCantDeleteActive');
redirect('launch.php?s=admins.php&acn=edit&ID='.$IDadm.'&ErrStr='.$ErrStr);
}
}
public function articlesSections($topCat)
{
$data = [];
$SQL = sqlQuery('SELECT ab.id, ab.name
FROM '.getTableName('articles_branches')." AS ab
WHERE ab.top_branch='".$topCat."'
ORDER BY ab.name ASC");
$ID = $this->getID();
foreach ($SQL as $key => $row) {
$data[$key]['id'] = $row['id'];
$data[$key]['level'] = $topCat;
$data[$key]['selected'] = returnSQLResult('SELECT Count(id_admin)
FROM '.getTableName('articles_branches_admins')."
WHERE id_admin='".$ID."' AND id_branch='".$row['id']."' LIMIT 1 ");
$data[$key]['name'] = $row['name'];
$data[$key]['submenu'] = $this->articlesSections($row['id']);
}
return $data;
}
public function handleSendPassword()
{
global $dbcfg, $cfg;
$ID = $this->getID();
$admin = sqlFetch($this->selectSQL('admins', ['id' => $ID]));
$password = $this->generatePassword(10);
$admin['password'] = $password;
$new_hash = password_hash($password, PASSWORD_BCRYPT);
$this->updateSQL('admins', ['password' => $new_hash], ['id' => $ID]);
if (!isset($cfg['Menu']['wpj_toolbar'])) {
$cfg['Menu']['wpj_toolbar'] = null;
}
$admin_url = getVal('admin_url', $cfg['Menu']['wpj_toolbar'], 'admin/');
$smarty = createSmarty(false, true);
$smarty->assign(['admin' => $admin, 'admin_url' => $admin_url]);
$content = $smarty->fetch(findTemplate('email/password_generate.tpl'));
if (SendMail($dbcfg->shop_email, $admin['email'], 'Nové heslo do administrace '.substr($cfg['Addr']['print'], 0, -1), $content, 'text/html')) {
$this->returnOK('Heslo bylo úspěšně zasláno na email');
} else {
$this->returnError('Heslo se nepodařilo odeslat, zkuste to prosím znovu');
}
}
public function generatePassword($length = 8)
{
$chars = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789';
$count = mb_strlen($chars);
for ($i = 0, $result = ''; $i < $length; $i++) {
$index = rand(0, $count - 1);
$result .= mb_substr($chars, $index, 1);
}
return $result;
}
public function handlePrintHashLogin()
{
$ID = $this->getID();
$admin = sqlQueryBuilder()->select('*')->from('admins')->where(Operator::equals(['id' => $ID]))->execute()->fetch();
if (empty($admin['token'])) {
$this->returnError('Nejdříve musíte vygenerovat přihlašovací token!');
}
$smarty = createSmarty(true, true);
$smarty->assign([
'login' => $admin['login'],
'code' => $admin['token'],
]);
$smarty->display('window/adminsPrintHashLogin.tpl');
exit;
}
public function generateAdminToken(): string
{
return ServiceContainer::getService(\KupShop\KupShopBundle\Util\System\TokenGenerator::class)->generate(16);
}
}