From 386480890b19e16ed31405ed8040d3e69a9a61d8 Mon Sep 17 00:00:00 2001
From: Lukas Metzger <developer@lukas-metzger.com>
Date: Sun, 24 Jan 2016 17:58:04 +0100
Subject: [PATCH] Added edit-user.php, no permissions yet

---
 api/edit-user.php |  84 +++++++++++++++++++++++++++++
 edit-user.php     |  91 +++++++++++++++++++++++++++++++
 js/edit-user.js   | 135 ++++++++++++++++++++++++++++++++++++++++++++++
 3 files changed, 310 insertions(+)
 create mode 100644 api/edit-user.php
 create mode 100644 edit-user.php
 create mode 100644 js/edit-user.js

diff --git a/api/edit-user.php b/api/edit-user.php
new file mode 100644
index 0000000..0a463f9
--- /dev/null
+++ b/api/edit-user.php
@@ -0,0 +1,84 @@
+<?php
+
+/* 
+ * Copyright 2016 Lukas Metzger <developer@lukas-metzger.com>.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+require_once '../config/config-default.php';
+require_once '../lib/database.php';
+require_once '../lib/session.php';
+
+$input = json_decode(file_get_contents('php://input'));
+
+if(!isset($_SESSION['type']) || $_SESSION['type'] != "admin") {
+    echo "Permission denied!";
+    exit();
+}
+
+if(isset($input->action) && $input->action == "addUser") {
+    $passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
+    
+    $db->autocommit(false);
+    
+    $stmt = $db->prepare("INSERT INTO user(name,password,type) VALUES (?,?,?)");
+    $stmt->bind_param("sss", $input->name, $passwordHash, $input->type);
+    $stmt->execute();
+    $stmt->close();
+    
+    $stmt = $db->prepare("SELECT LAST_INSERT_ID()");
+    $stmt->execute();
+    $stmt->bind_result($newUserId);
+    $stmt->fetch();
+    $stmt->close();
+    
+    $db->commit();
+    
+    $retval = Array();
+    $retval['newId'] = $newUserId;
+}
+
+if(isset($input->action) && $input->action == "getUserData") {
+    $stmt = $db->prepare("SELECT name,type FROM user WHERE id=?");
+    $stmt->bind_param("i", $input->id);
+    $stmt->execute();
+    $stmt->bind_result($userName, $userType);
+    $stmt->fetch();
+    $stmt->close();
+    
+    $retval = Array();
+    $retval['name'] = $userName;
+    $retval['type'] = $userType;
+}
+
+if(isset($input->action) && $input->action == "saveUserChanges") {
+    if(isset($input->password)) {
+        $passwordHash = password_hash($input->password, PASSWORD_DEFAULT);
+        $stmt = $db->prepare("UPDATE user SET name=?,password=?,type=? WHERE id=?");
+        $stmt->bind_param("sssi", $input->name, $passwordHash, $input->type, $input->id);
+        $stmt->execute();
+        $stmt->close();
+    } else {
+        $stmt = $db->prepare("UPDATE user SET name=?,type=? WHERE id=?");
+        $stmt->bind_param("ssi", $input->name, $input->type, $input->id);
+        $stmt->execute();
+        $stmt->close();
+    }
+}
+
+if(isset($retval)) {
+    echo json_encode($retval);
+} else {
+    echo "{}";
+}
diff --git a/edit-user.php b/edit-user.php
new file mode 100644
index 0000000..b9b08d9
--- /dev/null
+++ b/edit-user.php
@@ -0,0 +1,91 @@
+<!DOCTYPE html>
+<!--
+Copyright 2016 Lukas Metzger <developer@lukas-metzger.com>.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+-->
+<?php
+    require_once 'lib/session.php';
+?>
+<html>
+    <head>
+        <title>PDNS Manager - Domains</title>
+        <meta charset="UTF-8">
+        <meta name="viewport" content="width=device-width, initial-scale=1.0">
+        
+        <link href="include/bootstrap/css/bootstrap.min.css" rel="stylesheet">
+        <link href="include/bootstrap/css/bootstrap-theme.min.css" rel="stylesheet">
+        <link href="include/select2/select2.min.css" rel="stylesheet">
+        <link href="include/select2/select2-bootstrap.min.css" rel="stylesheet">
+        <link href="include/custom.css" rel="stylesheet">
+        
+        <script src="include/jquery.js"></script>
+        <script src="include/bootstrap/js/bootstrap.min.js"></script>
+        <script src="include/select2/select2.min.js"></script>
+        
+        <script src="js/edit-user.js"></script>
+    </head>
+    <body>
+        <nav class="navbar navbar-inverse navbar-static-top">
+            <div class="container">
+                <div class="navbar-brand">
+                    PDNS Manager
+                </div>
+                <ul class="nav navbar-nav">
+                    <li><a href="domains.php">Domains</a></li>
+                    <?php if($_SESSION['type'] == "admin") echo '<li><a href="users.php">Users</a></li>'; ?>
+                    <li><a href="logout.php">Logout</a></li>
+                </ul>
+            </div>
+        </nav>
+        
+        <div class="container">
+            
+            <row>
+                <h2 id="heading">Change user</h2>
+            </row>
+            
+            <row>
+                <div class="col-md-3">
+                    <form>
+                    
+                        <div class="form-group">
+                            <label for="user-name" class="control-label">Name</label>
+                            <input type="text" class="form-control" id="user-name" placeholder="Username" autocomplete="off" data-regex="^[A-Za-z0-9\._-]+$" tabindex="1">
+                        </div>
+                        <div class="form-group">
+                            <label for="user-password" class="control-label">Password</label>
+                            <input type="password" class="form-control" id="user-password" placeholder="(Unchanged)" autocomplete="off" tabindex="2">
+                        </div>
+                        <div class="form-group">
+                            <label for="user-password2" class="control-label">Password repeated</label>
+                            <input type="password" class="form-control" id="user-password2" placeholder="(Unchanged)" autocomplete="off" tabindex="3">
+                        </div>
+                        <div class="form-group">
+                            <label for="user-type" class="control-label">Type</label>
+                            <select id="user-type" class="form-control" tabindex="4">
+                                <option value="user">User</option>
+                                <option value="admin">Admin</option>
+                            </select>
+                        </div>
+                        <button id="user-button-add" class="btn btn-primary" tabindex="5">Change</button>
+                    </form>
+                </div>
+                
+            </row>
+            
+        </div>
+
+    </body>
+</html>
+
diff --git a/js/edit-user.js b/js/edit-user.js
new file mode 100644
index 0000000..e431266
--- /dev/null
+++ b/js/edit-user.js
@@ -0,0 +1,135 @@
+/* 
+ * Copyright 2016 Lukas Metzger <developer@lukas-metzger.com>.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+$(document).ready(function() {
+    
+    $('#user-button-add').click(function(evt){
+        evt.preventDefault();
+        
+        if(location.hash.substring(1) == "new") {
+            addUser();
+        } else {
+            saveUserChanges();
+        }
+    });
+    
+    $('form input#user-name').bind("paste keyup change", regexValidate);
+    
+    $('#user-password').unbind().bind("paste keyup change", function() {
+        $('#user-password').parent().removeClass("has-error");
+    });
+    
+    $('#user-password2').unbind().bind("paste keyup change", function() {
+        if($('#user-password').val() != $('#user-password2').val()) {
+            $('#user-password2').parent().addClass("has-error");
+        } else {
+            $('#user-password2').parent().removeClass("has-error");
+        }
+    });
+    
+    $('#user-type').select2({
+        minimumResultsForSearch: Infinity
+    });
+    
+    //Prepare for new user
+    if(location.hash.substring(1) == "new") {
+        $('#heading').text("Add user");
+        $('#user-button-add').text("Add");
+        $('#user-password').attr("placeholder", "Password");
+        $('#user-password2').attr("placeholder", "Password repeated");
+    } else {
+        getUserData();
+    }
+});
+
+function regexValidate() {
+    var regex = new RegExp($(this).attr('data-regex'));
+    if(!regex.test($(this).val())) {
+        $(this).parent().addClass("has-error");
+    } else {
+        $(this).parent().removeClass("has-error"); 
+    }
+}
+
+function addUser() {
+    $('form input').change();
+    
+    if($('#user-password').val().length <= 0) {
+        $('#user-password').parent().addClass("has-error");
+        $('#user-password2').parent().addClass("has-error");
+    }
+    
+    if($('#user-name').parent().hasClass("has-error")) {
+        return;
+    }
+    if($('#user-password2').parent().hasClass("has-error")) {
+        return;
+    }    
+    
+    var data = {
+        name: $('#user-name').val(),
+        password: $('#user-password').val(),
+        type: $('#user-type').val(),
+        action: "addUser"
+    };
+    
+    $.post(
+        "api/edit-user.php",
+        JSON.stringify(data),
+        function(data) {
+            location.assign("edit-user.php#" + data.newId);
+            location.reload();
+        },
+        "json"
+    );
+}
+
+function getUserData() {
+    var data = {
+        id: location.hash.substring(1),
+        action: "getUserData"
+    };
+    
+    $.post(
+        "api/edit-user.php",
+        JSON.stringify(data),
+        function(data) {
+            $('#user-name').val(data.name);
+            $('#user-type').val(data.type).change();
+        },
+        "json"
+    );
+}
+
+function saveUserChanges() {
+    var data = {
+        id: location.hash.substring(1),
+        name: $('#user-name').val(),
+        type: $('#user-type').val(),
+        action: "saveUserChanges"
+    };
+    
+    if($('#user-password').val().length > 0) {
+        data.password = $('#user-password').val();
+    }
+    
+    $.post(
+        "api/edit-user.php",
+        JSON.stringify(data),
+        null,
+        "json"
+    );
+}
\ No newline at end of file