From 61c0675e58a04ab4a3adc398894a879f1017227d Mon Sep 17 00:00:00 2001 From: Xenomporio <> Date: Mon, 30 May 2022 14:48:41 +0200 Subject: [PATCH] Bugfix benutzer --- www/lib/class.erpapi.php | 13 +- www/pages/benutzer.php | 2311 +++++++++++++++++++------------------- 2 files changed, 1167 insertions(+), 1157 deletions(-) diff --git a/www/lib/class.erpapi.php b/www/lib/class.erpapi.php index 562b3d3d..f5ead488 100644 --- a/www/lib/class.erpapi.php +++ b/www/lib/class.erpapi.php @@ -30108,11 +30108,14 @@ function ChargenMHDAuslagern($artikel, $menge, $lagerplatztyp, $lpid,$typ,$wert, //$tpl .=""; $drucker = $this->app->DB->SelectArr("SELECT id, name FROM drucker WHERE aktiv='1' AND art='1'"); - for($i=0;$i{$drucker[$i]['name']}"; - } + + if (gettype($drucker) == 'array') { + for($i=0;$i{$drucker[$i]['name']}"; + } + } return $tpl; } diff --git a/www/pages/benutzer.php b/www/pages/benutzer.php index ae2f308d..901e3f43 100644 --- a/www/pages/benutzer.php +++ b/www/pages/benutzer.php @@ -1,1155 +1,1162 @@ -app=$app; - if($intern)return; - - $this->app->erp->inline['german']['benutzer']['default']['weitereyoutube'][] = array('titel'=>'Zwei-Faktor-Authentifizierung mit mOTP','youtube'=>'QfNbDsEQB9M'); - - $this->app->ActionHandlerInit($this); - - $this->app->ActionHandler("create","UserCreate"); - $this->app->ActionHandler("delete","UserDelete"); - $this->app->ActionHandler("edit","UserEdit"); - $this->app->ActionHandler("history","UserHistory"); - $this->app->ActionHandler("list","UserList"); - $this->app->ActionHandler("chrights","UserChangeRights"); - $this->app->ActionHandler("download","UserDownload"); - - - $this->app->DefaultActionHandler("list"); - - //$this->Templates = $this->GetTemplates(); - - $this->app->ActionHandlerListen($app); - } - - public function Install() - { - try { - /** @var SurveyService $surveyService */ - $surveyService = $this->app->Container->get('SurveyService'); - $surveyService->create('user_create', 'benutzer', 'list', false, false); - } - catch (Exception $e) { - - } - $this->app->erp->RegisterHook('welcome_surveysave', 'benutzer', 'UserWelcomeSurveySave'); - } - - /** - * @param int $surveyId - * @param int $surveyUserId - * @param array $resonse - */ - public function UserWelcomeSurveySave($surveyId, $surveyUserId, &$response) - { - /** @var SurveyGateway $surveyGateway */ - $surveyGateway = $this->app->Container->get('SurveyGateway'); - $survey = $surveyGateway->getById($surveyId); - if(empty($survey) || $survey['name'] !== 'user_create') { - return; - } - $dataRow = $surveyGateway->getFilledById($surveyUserId); - $data = json_decode($dataRow['data'], true); - if(!empty($data['name'])) { - foreach($data['name'] as $key => $name) { - if(empty($name)) { - continue; - } - - //@todo Benutzer anlegen - } - } - /** @var SurveyService $surveyService */ - $surveyService = $this->app->Container->get('SurveyService'); - $surveyService->clearUserData($surveyId, $this->app->User->GetID()); - $response['url'] = 'index.php?module=benutzer&action=list'; - } - - function UserDownload() - { - $id = $this->app->Secure->GetGET("id"); - if($id > 0) - { - $result = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE `user`='$id'"); - - $tmp['bezeichnung']=$this->app->DB->Select("SELECT username FROM `user` WHERE id='$id' LIMIT 1"); - $tmp['beschreibung']=$this->app->DB->Select("SELECT description FROM `user` WHERE id='$id' LIMIT 1"); - $tmp['rechte']=$result; - - - header('Content-Type: application/json'); - header('Content-disposition: attachment; filename="'.$tmp['bezeichnung'].'.json"'); - echo json_encode($tmp); - exit; - } - } - - function UserList() - { - // $this->app->Tpl->Add(KURZUEBERSCHRIFT,"Benutzer"); - $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Übersicht"); - $this->app->erp->MenuEintrag("index.php?module=benutzer&action=history","Historie"); - $this->app->erp->MenuEintrag("index.php?module=benutzer&action=create","Neuen Benutzer anlegen"); - $this->app->erp->MenuEintrag("index.php?module=einstellungen&action=list","Zurück zur Übersicht"); - - $this->app->YUI->TableSearch('USER_TABLE',"userlist"); - $this->app->Tpl->Parse('PAGE', "benutzer_list.tpl"); - - } - - /** - * @param int $userId - * - * @return bool - */ - public function isUserLastAdmin(int $userId): bool - { - return $this->isUserAdmin($userId) && - (int)$this->app->DB->Select( - "SELECT COUNT(`id`) FROM `user` WHERE `type` = 'admin' AND `activ` = 1 AND `id` <> {$userId}" - ) === 0; - } - - public function isUserAdmin(int $userId): bool - { - return $this->app->DB->Select("SELECT COUNT(`id`) FROM `user` WHERE `type` = 'admin' AND `id` = {$userId}") > 0; - } - - public function UserDelete(): void - { - $id = (int)$this->app->Secure->GetGET('id'); - $isOwnAccount = $id === (int)$this->app->User->GetId(); - if($isOwnAccount) { - $this->app->Tpl->Set('MESSAGE', "
{|Du kannst deinen eigenen Account nicht löschen.|}
"); - } else{ - $username = $this->app->DB->Select("SELECT `username` FROM `user` WHERE `id` = '{$id}'"); - if(!$this->isUserLastAdmin($id)){ - $this->app->DB->Delete("DELETE FROM `user` WHERE `id` = '{$id}'"); - $this->app->Tpl->Set('MESSAGE', "
Der Benutzer \"$username\" wurde gelöscht.
"); - }else{ - $this->app->Tpl->Set('MESSAGE', "
Der einzige aktive Admin \"$username\" kann nicht gelöscht werden.
"); - } - } - - $this->UserList(); - } - - - function UserCreate() - { - // $this->app->Tpl->Add(KURZUEBERSCHRIFT,"Benutzer"); - $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Zurück zur Übersicht"); - - $input = $this->GetInput(); - $submit = $this->app->Secure->GetPOST('submituser'); - - $error = ''; - $maxlightuser = 0; - - if($submit!='') { - - - if($input['username']=='' && $this->app->Secure->GetPOST('hwtoken') != 4) $error .= 'Geben Sie bitte einen Benutzernamen ein.
'; - if($input['password']=='' && $this->app->Secure->GetPOST('hwtoken') != 4 && $this->app->Secure->GetPOST('hwtoken') != 5) $error .= 'Geben Sie bitte ein Passwort ein.
'; - if($input['repassword']=='' && $this->app->Secure->GetPOST('hwtoken') != 4 && $this->app->Secure->GetPOST('hwtoken') != 5 ) $error .= 'Wiederholen Sie bitte Ihr Passwort.
'; - if($input['password'] != $input['repassword']) $error .= 'Die eingegebenen Passwörter stimmen nicht überein.
'; - if($this->app->DB->Select("SELECT '1' FROM `user` WHERE username='{$input['username']}' LIMIT 1")=='1') - $error .= "Es existiert bereits ein Benutzer mit diesem Namen"; - - $input['adresse'] = $this->app->erp->ReplaceAdresse($input['adresse'],$input['adresse'],1); - $input['projekt'] = $this->app->erp->ReplaceProjekt($input['projekt'],$input['projekt'],1); - - if($input['adresse'] <=0) - $error .= 'Geben Sie bitte eine gültige Adresse aus den Stammdaten an.
'; - - if($error!=='') - $this->app->Tpl->Set('MESSAGE', "
$error
"); - else { - if($input['hwtoken'] == 4 && $input['type'] == 'admin') - { - $input['type'] = 'standard'; - $input['startseite'] = 'index.php?module=stechuhr&action=list'; - } - $input['passwordunenescaped'] = $_POST['password']; - $id = $this->app->erp->CreateBenutzer($input); - - //$this->app->Tpl->Set('MESSAGE', "
Der Benutzer wurde erfolgreich angelegt
"); - $msg = $this->app->erp->base64_url_encode("
Der Benutzer wurde erfolgreich angelegt.
"); - header("Location: index.php?module=benutzer&action=edit&id=$id&msg=$msg"); - exit; - } - } - - $this->SetInput($input); - - - $this->app->YUI->ColorPicker('defaultcolor'); - - $this->app->Tpl->Set('ACTIVCHECKED',"checked"); - $this->app->Tpl->Set('VORRECHTE',""); - $extra = ' - if($(\'#hwtoken\').val() == \'4\' || $(\'#hwtoken\').val() == \'5\') - { - message = \'\'; - } - '; - $this->app->YUI->PasswordCheck('password', 'repassword', 'username', 'submit', $extra); - $this->app->Tpl->Parse('PAGE', "benutzer_create.tpl"); - } - - function UserHistory(){ - $id = $this->app->Secure->GetGET('id'); - $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Übersicht"); - $this->app->erp->MenuEintrag("index.php?module=benutzer&action=history","History"); - - $this->app->YUI->TableSearch('USER_TABLE',"permissionhistory"); - $this->app->Tpl->Parse('PAGE', "benutzer_list.tpl"); - } - - function UserEdit() - { - $id = $this->app->Secure->GetGET('id'); - $this->app->Tpl->Set('ID', $id); - $defaultcolor = $this->app->Secure->GetPOST('defaultcolor'); - if($defaultcolor === 'transparent') $defaultcolor = ''; - - // convert value to user DB - if($this->app->User->GetParameter('welcome_defaultcolor_fuer_kalender')!=''){ - - $this->app->DB->Update("UPDATE user SET defaultcolor='$defaultcolor' WHERE id='".$this->app->User->GetID()."' LIMIT 1"); - $this->app->User->SetParameter('welcome_defaultcolor_fuer_kalender',""); - } - - - if($this->app->Secure->GetGET('cmd') == 'qrruecksetzen' && $id) - { - $this->app->DB->Update("UPDATE `user` set stechuhrdevice = '' WHERE id = '$id' LIMIT 1"); - echo json_encode(array('status'=>1)); - exit; - } - - if($this->app->Secure->GetGET('cmd') == 'getrfid' && $id) - { - $rfid = ''; - $swhere = ''; - $seriennummer = $this->app->Secure->GetPOST('seriennummer'); - if($seriennummer != '')$swhere = " AND seriennummer = '$seriennummer' "; - $deviceiddest = $this->app->DB->Select("SELECT seriennummer FROM adapterbox WHERE verwendenals = 'metratecrfid' $swhere LIMIT 1"); - if($deviceiddest) - { - $rfid = trim($this->app->erp->GetAdapterboxAPIRFID($deviceiddest)); - if($rfid == 'no answer from device (not timeout)')$rfid = ''; - if($rfid) - { - $rfida = explode(';',$rfid); - if(!empty($rfida[1]))$rfid = $rfida[1]; - } - if($this->app->DB->Select("SELECT id FROM `user` WHERE rfidtag = '".$this->app->DB->real_escape_string($rfid)."' AND id <> '$id' LIMIT 1"))$rfid = ''; - } - if($rfid == "0")$rfid = ''; - echo json_encode(array('rfid'=>$rfid)); - exit; - } - $jsonvorlage = $_FILES['jsonvorlage']['tmp_name']; - if($jsonvorlage!="") - { - $content = file_get_contents($jsonvorlage); - $tmp = json_decode($content); - $neuerechte=0; - - $anzahl = count($tmp->{'rechte'}); - for($i=0;$i<=$anzahl;$i++) - { - //echo " $i M ".$tmp->{'rechte'}[$i]->{'module'}." A ".$tmp->{'rechte'}[$i]->{'action'}; - $tmpmodule = $this->app->DB->real_escape_string($tmp->{'rechte'}[$i]->{'module'}); - $tmpaction = $this->app->DB->real_escape_string($tmp->{'rechte'}[$i]->{'action'}); - - if($tmpmodule!="" && $tmpaction!="") - { - $check = $this->app->DB->Select("SELECT id FROM userrights WHERE module='".$tmpmodule."' AND action='".$tmpaction."' AND user='".$id."' LIMIT 1"); - - if($check > 0) - $this->app->DB->Update("UPDATE userrights SET permission=1 WHERE module='".$tmpmodule."' AND action='".$tmpaction."' AND user='".$id."' LIMIT 1"); - else { - $neuerechte++; - $this->app->DB->Insert("INSERT INTO userrights (id,module,action,user,permission) VALUES ('','".$tmpmodule."','".$tmpaction."','$id','1')"); - } - $this->permissionLog($this->app->User->GetID(),$id,$tmpmodule,$tmpaction,1); - } - } - $msg = $this->app->erp->base64_url_encode("
Es wurden $neuerechte neue Rechte dem Benutzer hinzugefügt!
"); - header("Location: index.php?module=benutzer&action=edit&id=$id&msg=$msg"); - exit; - } - - $this->app->erp->MenuEintrag("index.php?module=benutzer&action=edit&id=$id","Details"); - $username = $this->app->DB->Select("SELECT username FROM `user` WHERE id='$id'"); - // $this->app->Tpl->Add(KURZUEBERSCHRIFT2,$username); - - $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Zurück zur Übersicht"); - - $id = $this->app->Secure->GetGET('id'); - $input = $this->GetInput(); - - if($input['hwtoken'] == 'totp'){ - $input['hwtoken'] = '0'; - }else if($input['hwtoken'] != ''){ - /** @var \Xentral\Modules\TOTPLogin\TOTPLoginService $tokenManager */ - $tokenManager = $this->app->Container->get('TOTPLoginService'); - $tokenManager->disableTotp($id); - } - - $submit = $this->app->Secure->GetPOST('submituser'); - $benutzer = $this->app->DB->Select("SELECT description FROM `user` WHERE id='$id' LIMIT 1"); - $name_angezeigt = $this->app->DB->Select("SELECT adresse FROM `user` WHERE id='$id' LIMIT 1"); - $name = $this->app->DB->Select("SELECT name FROM adresse WHERE id='$name_angezeigt' LIMIT 1"); - if($benutzer!="")$tmp = "(".$benutzer.")"; - $this->app->Tpl->Add('KURZUEBERSCHRIFT2',$name." ".$tmp); - - - if(is_numeric($id) && $submit!='') { - $isUserLastAdmin = $this->isUserLastAdmin((int)$id); - $error = ''; - if($input['username']=='') $error .= 'Geben Sie bitte einen Benutzernamen ein.
'; - if($input['password'] != $input['repassword'] && $input['hwtoken']!=5) $error .= 'Die eingegebenen Passwörter stimmen nicht überein.
'; - - $input['adresse'] = $this->app->erp->ReplaceAdresse(1,$input['adresse'],1); - if($input['adresse'] <=0) - $error .= 'Geben Sie bitte eine gültige Adresse aus den Stammdaten an.
'; - - $input['projekt'] = $this->app->erp->ReplaceProjekt(1,$input['projekt'],1); - $isOwnAccount = $id == $this->app->User->GetId(); - if($isOwnAccount && empty($input['activ'])) { - $error .= '{|Du kannst deinen eigenen Account nicht deaktivieren.|}
'; - } elseif($isOwnAccount && $this->isUserAdmin((int)$id) && $input['type'] !== 'admin') { - $error .= '{|Du kannst deinen eigenen Account nicht in einem Benutzer umwandeln.|}
'; - } elseif($isUserLastAdmin && empty($input['activ'])) { - $error .= '{|Der letzte Administrator kann nicht deaktiviert werden.|}
'; - } elseif($isUserLastAdmin && $input['type'] !== 'admin') { - $error .= '{|Der letzte Administrator kann nicht in einem Benutzer umgewandelt werden.|}
'; - } - if($error!='') - $this->app->Tpl->Set('MESSAGE', "
$error
"); - else { - //$settings = base64_encode(serialize($input['settings'])); - $firma = $this->app->User->GetFirma(); - - if($input['gpsstechuhr']!="1") - { - $check = $this->app->DB->Delete("DELETE FROM gpsstechuhr - WHERE `user`='".$id."' - AND DATE_FORMAT(zeit,'%Y-%m-%d')= DATE_FORMAT( NOW( ) , '%Y-%m-%d' ) LIMIT 1"); - } - - if(($input['hwtoken'] == 4) && $input['type'] == 'admin') - { - $anzaktivadmin = $this->app->DB->Select("SELECT count(*) from `user` where activ=1 and type = 'admin' and id <> '$id'"); - if($anzaktivadmin < 1) - { - $error = 'Sie können den einzigen Administrator als Stechuhruer einbinden. Legen Sie dafür einen neuen User an'; - $this->app->Tpl->Set('MESSAGE', "
$error
"); - } else { - $input['type'] = 'standard'; - $input['startseite'] = 'index.php?module=stechuhr&action=list'; - } - - } - if($error == "") - { - if($input['hwtoken'] == 4) - { - $stechuhrdevice = $this->app->DB->Select("SELECT stechuhrdevice from `user` where id = '$id'"); - if(substr($input['username'], 0,6) !== substr($stechuhrdevice,0,6)) - { - $this->app->DB->Update("UPDATE `user` set stechuhrdevice = '' where id = '$id'"); - } - } - - $spracheBevorzugen = $this->getCurrentDefaultLanguage($input['sprachebevorzugen']); - - $this->app->DB->Update( - sprintf( - "UPDATE `user` - SET username='%s', - description='%s', - activ='%d', - type='%s', - adresse='%d', - vorlage='%s', - gpsstechuhr='%d', - rfidtag='%s', - kalender_aktiv='%d', - kalender_ausblenden='%d', - projekt='%d', - projekt_bevorzugen='%d', - sprachebevorzugen='%s', - email_bevorzugen='%d', - fehllogins='%d', - standarddrucker='%d', - standardetikett='%d', - standardversanddrucker='%d', - paketmarkendrucker='%d', - standardfax='%d', - defaultcolor='%s', - startseite='%s', - hwtoken='%d', - hwkey='%s', - hwcounter='%d', - hwdatablock='%s', - motppin='%s', - motpsecret='%s', - externlogin='%d', - firma='%d', - kalender_passwort='%s', - docscan_aktiv='%d', - docscan_passwort='%s', - `role` = '%s' - WHERE id=%d - LIMIT 1", - $input['username'], - $input['description'], - $input['activ'], - $input['type'], - $input['adresse'], - $input['vorlage'], - $input['gpsstechuhr'], - $input['rfidtag'], - $input['kalender_aktiv'], - $input['kalender_ausblenden'], - $input['projekt'], - $input['projekt_bevorzugen'], - $spracheBevorzugen, - $input['email_bevorzugen'], - $input['fehllogins'], - $input['standarddrucker'], - $input['standardetikett'], - $input['standardversanddrucker'], - $input['paketmarkendrucker'], - $input['standardfax'], - $input['defaultcolor'], - $input['startseite'], - $input['hwtoken'], - $input['hwkey'], - $input['hwcounter'], - $input['hwdatablock'], - $input['motppin'], - $input['motpsecret'], - $input['externlogin'], - $firma, - $input['kalender_passwort'], - $input['docscan_aktiv'], - $input['docscan_passwort'], - $input['role'], - $id - ) - ); - - if($input['password']!='' && $input['password']!='***************') { - $this->app->DB->Select("SELECT passwordhash FROM `user` WHERE id = '$id' LIMIT 1"); - if(!$this->app->DB->error()){ - $options = array( - 'cost' => 12, - ); - $passwordhash = @password_hash($input['passwordunescaped'], PASSWORD_BCRYPT, $options); - if($passwordhash != '') - { - $this->app->DB->Update("UPDATE `user` SET passwordhash = '".$this->app->DB->real_escape_string($passwordhash)."', - password='',passwordmd5='', salt = '', passwordsha512 = '' - WHERE id = '".$id."' LIMIT 1"); - } - } - else{ - $salt = $this->app->DB->Select("SELECT salt FROM `user` WHERE id = '$id' LIMIT 1"); - if(!$this->app->DB->error()){ - if(empty($salt)) $salt = hash('sha512', microtime(true)); - $passwordsha512 = hash('sha512', $_POST['password'] . $salt); - $this->app->DB->Update("UPDATE `user` SET password='',passwordmd5='', salt = '$salt', passwordsha512 = '$passwordsha512' WHERE id='$id' LIMIT 1"); - if($salt == "" || $passwordsha512 == "") { - $this->app->DB->Update("UPDATE `user` SET `password` = '', `passwordmd5` = MD5('{$input['password']}') WHERE `id` = '$id' LIMIT 1"); - } //TODO rausnehmen - } - else{ - $this->app->DB->Update("UPDATE `user` SET `password` = '', `passwordmd5` = MD5('{$input['password']}') WHERE `id` = '$id' LIMIT 1"); - } - } - } - - $this->app->Tpl->Set('MESSAGE', "
Die Einstellungen wurden erfolgreich übernommen.
"); - - $this->app->erp->AbgleichBenutzerVorlagen($id); - } - } - } - - - - $data = $this->app->DB->SelectArr("SELECT * FROM `user` WHERE id='$id' LIMIT 1"); - if($data) - { - - if($data[0]['stechuhrdevice'] != '')$this->app->Tpl->Set('BUTTONQRRESET', ''); - } - if(is_array($data[0])) { - $data[0]['password'] = '***************'; - $data[0]['repassword'] = '***************'; - // $data[0]['motpsecret'] = $this->app->DB->Select("SELECT DECRYPT('{$input[0]['motpsecret']}')"); - // $data[0]['hwkey'] = $this->app->DB->Select("SELECT DECRYPT('{$input[0]['hwkey']}')"); - //$data[0]['settings'] = unserialize(base64_decode($data[0]['settings'])); - } - - if($data[0]['type']=="admin"){ - $this->app->Tpl->Set('HINWEISADMIN',"
Dieser Benutzer ist vom Typ Administrator. Administratoren haben immer Vollzugriff - daher können diesem keine Rechte genommen werden.
"); - } else { - $this->app->Tpl->Add("HINWEISADMIN","
Hinweis: Blau = erlaubt, Grau = gesperrt"); - } - $this->SetInput($data[0]); - $this->UserRights(); - - - $rfids = $this->app->DB->SelectArr("SELECT seriennummer,bezeichnung FROM adapterbox WHERE verwendenals = 'metratecrfid'"); - if($rfids) - { - foreach($rfids as $v) - { - $this->app->Tpl->Add('SELRFID',''); - } - } - // - $this->app->YUI->ColorPicker('defaultcolor'); - - $extra = ' - if($(\'#hwtoken\').val() == \'4\' || $(\'#hwtoken\').val() == \'5\') - { - message = \'\'; - } - '; - $this->app->YUI->PasswordCheck('password', 'repassword', 'username', 'submit', $extra); - $roles = $this->getRoleOptions(); - $hasSelection = false; - foreach($roles as $roleKey => $roleValue) { - $selected = $roleKey === $data[0]['role']?' selected="selected"':''; - if($selected !== '') { - $hasSelection = true; - } - if(!$hasSelection && $roleKey === 'Sonstiges') { - $selected = ' selected="selected"'; - } - $this->app->Tpl->Add( - 'SELROLE', - sprintf( - '', - $roleKey, $selected, $roleValue - ) - ); - } - $this->app->Tpl->Set('ROLETEXT', $data[0]['role']); - $this->app->Tpl->Set('ROLE', $data[0]['role']); - $this->app->Tpl->Parse('PAGE', "benutzer_create.tpl"); - } - - - /** - * @return string[] - */ - public function getRoleOptions(): array - { - return [ - 'Buchhaltung' => 'Buchhaltung', - 'Vertrieb' => 'Vertrieb', - 'Einkauf / Produktion' => 'Einkauf / Produktion', - 'Logistik' => 'Logistik', - 'HR / Personalmanagement' => 'HR / Personalmanagement', - 'Office' => 'Office', - 'Marketing' => 'Marketing', - 'Administration / IT' => 'Administration / IT', - 'Management' => 'Management', - 'Sonstiges' => 'Sonstiges', - ]; - } - - /** - * @return array - */ - public function GetInput(): array - { - // username is an array with multiple (hidden) fields, so filter the first filled one. - $usernames = (array) $this->app->Secure->GetPOST('username'); - $usernames = array_filter($usernames); - // make sure, at least one (empty) string is present in this array. - $usernames[] = ''; - // reset all indexes. - $usernames = array_values($usernames); - $username = $usernames[0]; - - $input = array(); - $input['description'] = $this->app->Secure->GetPOST('description'); - $input['type'] = $this->app->Secure->GetPOST('type'); - $input['username'] = $username; - $input['vorlage'] = $this->app->Secure->GetPOST('vorlage'); - $input['adresse'] = $this->app->Secure->GetPOST('adresse'); - $input['externlogin'] = $this->app->Secure->GetPOST('externlogin'); - $input['activ'] = $this->app->Secure->GetPOST('activ'); - $input['gpsstechuhr'] = $this->app->Secure->GetPOST('gpsstechuhr'); - $input['rfidtag'] = $this->app->Secure->GetPOST('rfidtag'); - $input['kalender_aktiv'] = $this->app->Secure->GetPOST('kalender_aktiv'); - $input['kalender_ausblenden'] = $this->app->Secure->GetPOST('kalender_ausblenden'); - $input['projekt'] = $this->app->Secure->GetPOST('projekt'); - $input['projekt_bevorzugen'] = $this->app->Secure->GetPOST('projekt_bevorzugen'); - $input['email_bevorzugen'] = $this->app->Secure->GetPOST('email_bevorzugen'); - $input['startseite'] = $this->app->Secure->GetPOST('startseite'); - $input['defaultcolor'] = $this->app->Secure->GetPOST('defaultcolor'); - if($input['defaultcolor'] === 'transparent') $input['defaultcolor'] = ''; - $input['fehllogins'] = $this->app->Secure->GetPOST('fehllogins'); - $input['password'] = $this->app->Secure->GetPOST('password'); - $input['repassword'] = $this->app->Secure->GetPOST('repassword'); - $input['passwordunescaped'] = $this->app->Secure->GetPOST('password',"","","noescape"); - $input['hwtoken'] = $this->app->Secure->GetPOST('hwtoken'); - $input['motppin'] = $this->app->Secure->GetPOST('motppin'); - $input['motpsecret'] = $this->app->Secure->GetPOST('motpsecret'); - $input['hwkey'] = $this->app->Secure->GetPOST('hwkey'); - $input['hwcounter'] = $this->app->Secure->GetPOST('hwcounter'); - $input['hwdatablock'] = $this->app->Secure->GetPOST('hwdatablock'); - $input['standarddrucker'] = $this->app->Secure->GetPOST('standarddrucker'); - $input['standardversanddrucker'] = $this->app->Secure->GetPOST('standardversanddrucker'); - $input['paketmarkendrucker'] = $this->app->Secure->GetPOST('paketmarkendrucker'); - $input['standardetikett'] = $this->app->Secure->GetPOST('standardetikett'); - $input['standardfax'] = $this->app->Secure->GetPOST('standardfax'); - $input['sprachebevorzugen'] = $this->app->Secure->GetPOST('sprachebevorzugen'); - $input['role'] = $this->app->Secure->GetPOST('role'); - - //$input['settings'] = $this->app->Secure->GetPOST('settings'); - $input['kalender_passwort'] = $this->app->Secure->GetPOST('kalender_passwort'); - $input['docscan_aktiv'] = $this->app->Secure->GetPOST('docscan_aktiv'); - $input['docscan_passwort'] = $this->app->Secure->GetPOST('docscan_passwort'); - return $input; - } - - function SetInput($input) - { - $this->app->Tpl->Set('DESCRIPTION', $input['description']); - $this->app->Tpl->Set('TYPESELECT', $this->TypeSelect($input['type'])); - $this->app->Tpl->Set('USERNAME', $input['username']); - $this->app->Tpl->Set('VORLAGE', $input['vorlage']); - $this->app->Tpl->Set('ADRESSE', $this->app->erp->ReplaceAdresse(0,$input['adresse'],0)); - $this->app->Tpl->Set('PROJEKT', $this->app->erp->ReplaceProjekt(0,$input['projekt'],0)); - $this->app->Tpl->Set('RFIDTAG', $input['rfidtag']); - - $this->app->YUI->AutoComplete("adresse","adresse"); - $this->app->YUI->AutoComplete("vorlage","uservorlage"); - $this->app->YUI->AutoComplete("projekt","projektname",1); - - if($input['externlogin']=='1') $this->app->Tpl->Set('EXTERNLOGINCHECKED', 'checked'); - if($input['activ']=='1') $this->app->Tpl->Set('ACTIVCHECKED', 'checked'); - if($input['gpsstechuhr']=='1') $this->app->Tpl->Set('GPSSTECHUHRCHECKED', 'checked'); - if($input['kalender_aktiv']=='1') $this->app->Tpl->Set('KALENDERAKTIVCHECKED', 'checked'); - if($input['kalender_ausblenden']=='1') $this->app->Tpl->Set('KALENDERAUSBLENDENCHECKED', 'checked'); - if($input['projekt_bevorzugen']=='1') $this->app->Tpl->Set('PROJEKTBEVORZUGENCHECKED', 'checked'); - if($input['email_bevorzugen']=='1') $this->app->Tpl->Set('EMAILBEVORZUGENCHECKED', 'checked'); - if($input['docscan_aktiv']=='1') $this->app->Tpl->Set('DOCSCANAKTIVCHECKED', 'checked'); - - $this->app->Tpl->Set('STARTSEITE', $input['startseite']); - $this->app->Tpl->Set('DEFAULTCOLOR', $input['defaultcolor']); - $this->app->Tpl->Set('SPRACHEBEVORZUGEN',$this->languageSelectOptions($input['sprachebevorzugen'])); - $this->app->Tpl->Set('FEHLLOGINS', $input['fehllogins']); - $this->app->Tpl->Set('PASSWORD', $input['password']); - $this->app->Tpl->Set('REPASSWORD', $input['repassword']); - $this->app->Tpl->Set('TOKENSELECT', $this->TokenSelect($input['hwtoken'])); - $this->app->Tpl->Set('MOTPPIN', $input['motppin']); - $this->app->Tpl->Set('MOTPSECRET', $input['motpsecret']); - $this->app->Tpl->Set('HWKEY', $input['hwkey']); - $this->app->Tpl->Set('HWCOUNTER', $input['hwcounter']); - $this->app->Tpl->Set('HWDATABLOCK', $input['hwdatablock']); - $this->app->Tpl->Set('STANDARDDRUCKER', $this->app->erp->GetSelectDrucker($input['standarddrucker'])); - $this->app->Tpl->Set('STANDARDVERSANDDRUCKER', $this->app->erp->GetSelectVersanddrucker($input['standardversanddrucker'])); - $this->app->Tpl->Set('PAKETMARKENDRUCKER', $this->app->erp->GetSelectVersanddrucker($input['paketmarkendrucker'])); - $this->app->Tpl->Set('STANDARDETIKETT', $this->app->erp->GetSelectEtikettenDrucker($input['standardetikett'])); - $this->app->Tpl->Set('STANDARDFAX', $this->app->erp->GetSelectFax($input['standardfax'])); - //$this->app->Tpl->Set('SETTINGS', $input['settings']); - $this->app->Tpl->Set('SERVERNAME', $this->app->erp->UrlOrigin($_SERVER)); - $this->app->Tpl->Set('KALENDERPASSWORT', $input['kalender_passwort']); - $this->app->Tpl->Set('DOCSCANPASSWORT', $input['docscan_passwort']); - $this->app->Tpl->Set('ROLE', $input['role']); - $this->app->Tpl->Set('ROLETEXT', $input['role']); - } - - function TypeSelect($select='admin') - { - $data = array('standard'=>'Benutzer','admin'=>'Administrator'); - //, 'verwaltung'=>'Verwaltung', 'vollzugriff'=>'Vollzugriff', 'mitarbeiter'=>'Mitarbeiter', 'produktion'=>'Produktion'); - - $out = ""; - foreach($data as $key=>$value) { - $selected = (($select==$key) ? 'selected' : ''); - $out .= ""; - } - return $out; - } - - private function getCurrentDefaultLanguage($fromPost){ - - if(empty($fromPost)){ - $fromPost = $this->app->erp->Firmendaten('preferredLanguage'); - - if(empty($fromPost)){ - $fromPost = 'deutsch'; - } - } - return $fromPost; - } - - /** - * Liefert einen String aus HTML-Optionen zurück - * @param string $fromPost - * @return string - */ - private function languageSelectOptions($fromPost=''){ - - $select = $this->getCurrentDefaultLanguage($fromPost); - - $out = ""; - $sprachen = $this->getLanguages(); - - foreach($sprachen as $sprache) { - $selected = (($select==$sprache) ? 'selected' : ''); - $out .= ""; - } - return $out; - } - - /** - * Liefert einen Array aus Strings zurück. Immer mindestens 'deutsch' enthalten - * @return array - */ - private function getLanguages(){ - - $sprachen[] = 'deutsch'; - $folder = __DIR__ .'/../../languages'; - if(is_dir($folder)) - { - $handle = opendir($folder); - if($handle){ - while($file = readdir($handle)) - { - if($file[0] !== '.') - { - if(is_dir($folder.'/'.$file) && (file_exists($folder.'/'.$file.'/variablen.php')|| file_exists($folder.'/'.$file.'/variablen_custom.php'))) - { - if($file == 'german')$file = 'deutsch'; - if(!in_array($file, $sprachen))$sprachen[] = $file; - } - } - } - closedir($handle); - } - } - return $sprachen; - } - - /** - * @param string $select - * - * @return string - */ - public function TokenSelect($select='0') - { - //$data = array('0'=>'Benutzername + Passwort', '1'=>'Benutzername + Passwort + mOTP', '2'=>'Benutzername + Passwort + Picosafe Login','3'=>'WaWision OTP + Passwort'); - $data = array('0'=>'Benutzername + Passwort', - '3'=>'WaWision LoginKey + Benutzername + Passwort', - '5'=>'LDAP Verzeichnis' - ); - - /** @var \Xentral\Modules\TOTPLogin\TOTPLoginService $tokenManager */ - $tokenManager = $this->app->Container->get('TOTPLoginService'); - $user = $this->app->Secure->GetGET('id'); - try { - if($user != null && $user != '' && $tokenManager->isTOTPEnabled($user)){ - $data['totp'] = 'Benutzername + Passwort + TOTP 2FA'; - $select = 'totp'; - } - } - catch(QueryFailureException $e) { - $this->app->erp->InstallModul('totp'); - } - - if($this->app->erp->RechteVorhanden('stechuhrdevice','list') || $this->app->erp->RechteVorhanden('mitarbeiterzeiterfassung','list')) - { - $data['4'] = 'Mitarbeiterzeiterfassung QR-Code'; - } - - $out = ""; - foreach($data as $key=>$value) { - $selected = (($select==$key) ? 'selected' : ''); - $out .= ""; - } - return $out; - } - - function UserRights() - { - $id = $this->app->Secure->GetGET('id'); - $template = $this->app->Secure->GetPOST('usertemplate'); - $copytemplate = $this->app->Secure->GetPOST('copyusertemplate'); - $hwtoken = $this->app->DB->Select("SELECT hwtoken FROM `user` where id = '$id' LIMIT 1"); - $modules = $this->ScanModules(); - if($hwtoken == 4) - { - $modulecount = count($modules); - $curModule = 0; - foreach($modules as $module=>$actions) { - $lower_m = strtolower($module); - $curModule++; - $actioncount = count($actions); - for($i=0;$i<$actioncount;$i++) { - $delimiter = (($curModule<$modulecount || $i+1<$actioncount) ? ', ' : ';'); - $active = 0; - if($lower_m == 'stechuhr' && ($actions[$i] == 'list' || $actions[$i] == 'change'))$active = 1; - if($active==1){ - $this->app->DB->Insert("INSERT INTO userrights (`user`, module, action, permission) VALUES ('$id', '$lower_m', '{$actions[$i]}', '$active')"); - $this->permissionLog($this->app->User->GetID(),$id,$module,$actions[$i],$active); - } - } - } - }else { - - if($template!='') { - $mytemplate = $this->app->Conf->WFconf['permissions'][$template]; - $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$id"); - $this->app->DB->Delete("DELETE FROM userrights WHERE `user`='$id'"); - foreach ($permissions as $permission){ - $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],0); - } - //$sql = 'INSERT INTO userrights (user, module, action, permission) VALUES '; - - $modulecount = count($modules); - $curModule = 0; - foreach($modules as $module=>$actions) { - $lower_m = strtolower($module); - $curModule++; - $actioncount = count($actions); - for($i=0;$i<$actioncount;$i++) { - $delimiter = (($curModule<$modulecount || $i+1<$actioncount) ? ', ' : ';'); - $active = ((isset($mytemplate[$lower_m]) && in_array($actions[$i], $mytemplate[$lower_m])) ? '1' : '0'); - if($active==1){ - $this->app->DB->Insert("INSERT INTO userrights (`user`, module, action, permission) VALUES ('$id', '$lower_m', '{$actions[$i]}', '$active')"); - $this->permissionLog($this->app->User->GetID(),$id,$module,$actions[$i],$active); - } - } - } - //$this->app->DB->Query($sql); - } - - if($copytemplate!='') { - $ok = true; - // echo "User $id $copytemplate"; - if($ok) - { - $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$id"); - foreach ($permissions as $permission){ - $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],0); - } - $this->app->DB->Delete("DELETE FROM userrights WHERE `user`='$id'"); - $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$copytemplate"); - $this->app->DB->Update("INSERT INTO userrights (`user`, module,action,permission) (SELECT '$id',module, action,permission FROM userrights WHERE user='".$copytemplate."')"); - foreach ($permissions as $permission){ - $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],1); - } - } - } - } - - $dbrights = $this->app->DB->SelectArr("SELECT module, action, permission FROM userrights WHERE `user`='$id' ORDER BY module"); - $group = $this->app->DB->Select("SELECT `type` FROM `user` WHERE id='$id' LIMIT 1"); - - $rights = $this->app->Conf->WFconf['permissions'][$group]; - if(is_array($dbrights) && count($dbrights)>0) - $rights = $this->AdaptRights($dbrights, $rights, $group); - - $modules = $this->ScanModules(); - $table = $this->CreateTable($id, $modules, $rights); - - - //$this->app->Tpl->Set('USERTEMPLATES', $this->TemplateSelect()); - $this->app->Tpl->Set('USERNAMESELECT', $this->app->erp->GetSelectUser("",$id)); - $this->app->Tpl->Set('MODULES', $table); - } - - function UserChangeRights() - { - $user = $this->app->Secure->GetGET('b_user'); - $module = $this->app->Secure->GetGET('b_module'); - $action = $this->app->Secure->GetGET('b_action'); - $value = $this->app->Secure->GetGET('b_value'); - - if(is_numeric($user) && $module!='' && $action!='' && $value!='') { - $id = $this->app->DB->Select("SELECT id FROM userrights WHERE user='$user' AND module='$module' AND action='$action' LIMIT 1"); - if($value && $this->app->erp->isIoncube() && method_exists('erpAPI','Ioncube_getMaxLightusersRights') && method_exists('erpAPI','Ioncube_LightuserRechteanzahl')) - { - $lightuser = $this->app->DB->Select("SELECT id FROM `user` WHERE id = '$user' AND type='lightuser' LIMIT 1"); - if($lightuser) - { - $anzerlaubt = erpAPI::Ioncube_getMaxLightusersRights(); - $anzvorhanden = erpAPI::Ioncube_LightuserRechteanzahl($this->app, $user); - if($anzvorhanden >= $anzerlaubt) - { - exit; - } - if($id) - { - if(!$this->app->DB->Select("SELECT permission FROM userrights WHERE id = '$id'"))exit; - }else{ - if($anzvorhanden + 1 > $anzerlaubt)exit; - } - } - if($value && method_exists($this->app->erp, 'ModuleBenutzeranzahlLizenzFehler') && ($err = $this->app->erp->ModuleBenutzeranzahlLizenzFehler($module))) - { - if(isset($err['Error'])) - { - if(is_array($err['Error'])) - { - echo "Error".implode('
',$err['Error']); - }else{ - echo "Error".$err['Error']; - } - } - exit; - } - } - if(is_numeric($id) && $id>0) - { - if($value=="1") - { - $this->app->DB->Update("UPDATE userrights SET permission='$value' WHERE id='$id' LIMIT 1"); - } - else - $this->app->DB->Delete("DELETE FROM userrights WHERE user='$user' AND module='$module' AND action='$action'"); - } - //$this->app->DB->Update("UPDATE userrights SET permission='$value' WHERE id='$id' LIMIT 1"); - else - $this->app->DB->Insert("INSERT INTO userrights (user, module, action, permission) VALUES ('$user', '$module', '$action', '$value')"); - - $this->permissionLog($this->app->User->GetID(),$user,$module,$action,$value); - } - - echo $this->app->DB->Select("SELECT permission FROM userrights WHERE user='$user' AND module='$module' AND action='$action' LIMIT 1"); - - - exit; - } - - public function permissionLog($grantingUserId,$receivingUserId,$module,$action,$permission){ - $grantingUserName = $this->app->DB->Select("SELECT username FROM user WHERE id=$grantingUserId"); - $receivingUserName = $this->app->DB->Select("SELECT username FROM user WHERE id=$receivingUserId"); - $permission = !empty($permission); - try { - $userPermission = $this->app->Container->get('UserPermissionService'); - $userPermission->log($grantingUserId,$grantingUserName,$receivingUserId,$receivingUserName,$module,$action,$permission); - }catch (Exception $ex){ - $this->app->erp->LogFile('Fehler bei Zuweisung Rechtehistore',$ex->getMessage()); - } - } - - - function AdaptRights($dbarr, $rights) - { - $cnt = count($dbarr); - for($i=0;$i<$cnt;$i++) { - $module = $dbarr[$i]['module']; - $action = $dbarr[$i]['action']; - $perm = $dbarr[$i]['permission']; - - if(isset($rights[$module])) { - if($perm=='1' && !in_array($action, $rights[$module])) - $rights[$module][] = $action; - - if($perm=='0' && in_array($action, $rights[$module])) { - $index = array_search($action, $rights[$module]); - unset($rights[$module][$index]); - $rights[$module] = array_values($rights[$module]); - } - }else if($perm=='1') $rights[$module][] = $action; - } - return $rights; - } - - function CreateTable($user, $modules, $rights) - { - $maxcols = 6; - $width = 100 / $maxcols; - $out = ''; - foreach($modules as $key=>$value) { - if(strtolower($key) == 'api' || strtolower($key) == 'ajax')continue; - $out .= "$key"; - - $out .= ""; - $module = strtolower($key); - for($i=0;$i<$maxcols || $i{$action}"; - - if($i%$maxcols==($maxcols-1)) $out .= ""; - } - $out .= "
"; - } - - return $out; - } - - /** - * @param string $page - * @param array $actions - * - * @return array - */ - public function getActionsFromFile($page, $actions = []) - { - if(substr($page,-8) === '.src.php') { - return $actions; - } - $content = file_get_contents($page); - $foundItems = preg_match_all('/ActionHandler\([\"|\\\'][[:alnum:]].*[\"|\\\'],/', $content, $matches); - if($foundItems <= 0) { - return $actions; - } - $action = str_replace(array('ActionHandler("','ActionHandler(\'','",' , '\',' ),'', $matches[0]); - if(empty($action) || !is_array($action)) { - return $actions; - } - if(isset($actions)) { - $actionsCount = $action ? count($action) : 0; - for ($i = 0; $i < $actionsCount; $i++) { - if(empty($action[$i])) { - continue; - } - $found = false; - foreach ($actions as $v) { - if($v == $action[$i]){ - $found = true; - break; - } - } - if(!$found){ - $actions[] = $action[$i]; - } - } - } - else{ - $actionsCount = $action ? count($action) : 0; - for ($i = 0; $i < $actionsCount; $i++) { - $actions[] = $action[$i]; - } - } - sort($actions); - - return $actions; - } - - /** - * @return array - */ - public function ScanModules() - { - //$files = glob('./pages/*.php'); - $files = glob(__DIR__.'/*.php'); - $encodedActions = []; - if(method_exists($this->app->erp,'getEncModullist')) { - $encodedActions = $this->app->erp->getEncModullist(); - } - if(empty($encodedActions)) { - $encodedActions = []; - } - $modules = array(); - if(empty($files)) { - return $encodedActions; - } - foreach($files as $page) { - $name = ucfirst(str_replace('_custom','',basename($page,'.php'))); - if(substr($page,-8) === '.src.php') { - continue; - } - - $modules[$name] = $this->getActionsFromFile($page, isset($modules[$name]) ? $modules[$name]: []); - - if(!empty($encodedActions[$name]) && is_array($encodedActions[$name]) && count($encodedActions[$name]) > 0) { - if(isset($modules[$name])) { - $encodedActionsCount = $encodedActions[$name]?count($encodedActions[$name]):0; - for($i=0;$i<$encodedActionsCount;$i++) { - $found = false; - foreach($modules[$name] as $moduleAction) { - if($moduleAction == $encodedActions[$name][$i]) { - $found = true; - break; - } - } - if(!$found) { - $modules[$name][] = $encodedActions[$name][$i]; - } - } - } - else{ - $modules[$name] = $encodedActions[$name]; - } - sort($modules[$name]); - } - } - - foreach($modules as $name => $actions) { - if(empty($actions)) { - unset($modules[$name]); - } - } - - return $modules; - } - - function TemplateSelect() - { - $options = ""; - foreach($this->Templates as $key=>$value) { - if($key!="web") - $options .= ""; - } - - return $options; - } - - function GetTemplates() - { - return $this->app->Conf->WFconf['permissions']; - } -} +app=$app; + if($intern)return; + + $this->app->erp->inline['german']['benutzer']['default']['weitereyoutube'][] = array('titel'=>'Zwei-Faktor-Authentifizierung mit mOTP','youtube'=>'QfNbDsEQB9M'); + + $this->app->ActionHandlerInit($this); + + $this->app->ActionHandler("create","UserCreate"); + $this->app->ActionHandler("delete","UserDelete"); + $this->app->ActionHandler("edit","UserEdit"); + $this->app->ActionHandler("history","UserHistory"); + $this->app->ActionHandler("list","UserList"); + $this->app->ActionHandler("chrights","UserChangeRights"); + $this->app->ActionHandler("download","UserDownload"); + + + $this->app->DefaultActionHandler("list"); + + //$this->Templates = $this->GetTemplates(); + + $this->app->ActionHandlerListen($app); + } + + public function Install() + { + try { + /** @var SurveyService $surveyService */ + $surveyService = $this->app->Container->get('SurveyService'); + $surveyService->create('user_create', 'benutzer', 'list', false, false); + } + catch (Exception $e) { + + } + $this->app->erp->RegisterHook('welcome_surveysave', 'benutzer', 'UserWelcomeSurveySave'); + } + + /** + * @param int $surveyId + * @param int $surveyUserId + * @param array $resonse + */ + public function UserWelcomeSurveySave($surveyId, $surveyUserId, &$response) + { + /** @var SurveyGateway $surveyGateway */ + $surveyGateway = $this->app->Container->get('SurveyGateway'); + $survey = $surveyGateway->getById($surveyId); + if(empty($survey) || $survey['name'] !== 'user_create') { + return; + } + $dataRow = $surveyGateway->getFilledById($surveyUserId); + $data = json_decode($dataRow['data'], true); + if(!empty($data['name'])) { + foreach($data['name'] as $key => $name) { + if(empty($name)) { + continue; + } + + //@todo Benutzer anlegen + } + } + /** @var SurveyService $surveyService */ + $surveyService = $this->app->Container->get('SurveyService'); + $surveyService->clearUserData($surveyId, $this->app->User->GetID()); + $response['url'] = 'index.php?module=benutzer&action=list'; + } + + function UserDownload() + { + $id = $this->app->Secure->GetGET("id"); + if($id > 0) + { + $result = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE `user`='$id'"); + + $tmp['bezeichnung']=$this->app->DB->Select("SELECT username FROM `user` WHERE id='$id' LIMIT 1"); + $tmp['beschreibung']=$this->app->DB->Select("SELECT description FROM `user` WHERE id='$id' LIMIT 1"); + $tmp['rechte']=$result; + + + header('Content-Type: application/json'); + header('Content-disposition: attachment; filename="'.$tmp['bezeichnung'].'.json"'); + echo json_encode($tmp); + exit; + } + } + + function UserList() + { + // $this->app->Tpl->Add(KURZUEBERSCHRIFT,"Benutzer"); + $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Übersicht"); + $this->app->erp->MenuEintrag("index.php?module=benutzer&action=history","Historie"); + $this->app->erp->MenuEintrag("index.php?module=benutzer&action=create","Neuen Benutzer anlegen"); + $this->app->erp->MenuEintrag("index.php?module=einstellungen&action=list","Zurück zur Übersicht"); + + $this->app->YUI->TableSearch('USER_TABLE',"userlist"); + $this->app->Tpl->Parse('PAGE', "benutzer_list.tpl"); + + } + + /** + * @param int $userId + * + * @return bool + */ + public function isUserLastAdmin(int $userId): bool + { + return $this->isUserAdmin($userId) && + (int)$this->app->DB->Select( + "SELECT COUNT(`id`) FROM `user` WHERE `type` = 'admin' AND `activ` = 1 AND `id` <> {$userId}" + ) === 0; + } + + public function isUserAdmin(int $userId): bool + { + return $this->app->DB->Select("SELECT COUNT(`id`) FROM `user` WHERE `type` = 'admin' AND `id` = {$userId}") > 0; + } + + public function UserDelete(): void + { + $id = (int)$this->app->Secure->GetGET('id'); + $isOwnAccount = $id === (int)$this->app->User->GetId(); + if($isOwnAccount) { + $this->app->Tpl->Set('MESSAGE', "
{|Du kannst deinen eigenen Account nicht löschen.|}
"); + } else{ + $username = $this->app->DB->Select("SELECT `username` FROM `user` WHERE `id` = '{$id}'"); + if(!$this->isUserLastAdmin($id)){ + $this->app->DB->Delete("DELETE FROM `user` WHERE `id` = '{$id}'"); + $this->app->Tpl->Set('MESSAGE', "
Der Benutzer \"$username\" wurde gelöscht.
"); + }else{ + $this->app->Tpl->Set('MESSAGE', "
Der einzige aktive Admin \"$username\" kann nicht gelöscht werden.
"); + } + } + + $this->UserList(); + } + + + function UserCreate() + { + // $this->app->Tpl->Add(KURZUEBERSCHRIFT,"Benutzer"); + $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Zurück zur Übersicht"); + + $input = $this->GetInput(); + $submit = $this->app->Secure->GetPOST('submituser'); + + $error = ''; + $maxlightuser = 0; + + if($submit!='') { + + + if($input['username']=='' && $this->app->Secure->GetPOST('hwtoken') != 4) $error .= 'Geben Sie bitte einen Benutzernamen ein.
'; + if($input['password']=='' && $this->app->Secure->GetPOST('hwtoken') != 4 && $this->app->Secure->GetPOST('hwtoken') != 5) $error .= 'Geben Sie bitte ein Passwort ein.
'; + if($input['repassword']=='' && $this->app->Secure->GetPOST('hwtoken') != 4 && $this->app->Secure->GetPOST('hwtoken') != 5 ) $error .= 'Wiederholen Sie bitte Ihr Passwort.
'; + if($input['password'] != $input['repassword']) $error .= 'Die eingegebenen Passwörter stimmen nicht überein.
'; + if($this->app->DB->Select("SELECT '1' FROM `user` WHERE username='{$input['username']}' LIMIT 1")=='1') + $error .= "Es existiert bereits ein Benutzer mit diesem Namen"; + + $input['adresse'] = $this->app->erp->ReplaceAdresse($input['adresse'],$input['adresse'],1); + $input['projekt'] = $this->app->erp->ReplaceProjekt($input['projekt'],$input['projekt'],1); + + if($input['adresse'] <=0) + $error .= 'Geben Sie bitte eine gültige Adresse aus den Stammdaten an.
'; + + if($error!=='') + $this->app->Tpl->Set('MESSAGE', "
$error
"); + else { + if($input['hwtoken'] == 4 && $input['type'] == 'admin') + { + $input['type'] = 'standard'; + $input['startseite'] = 'index.php?module=stechuhr&action=list'; + } + $input['passwordunenescaped'] = $_POST['password']; + $id = $this->app->erp->CreateBenutzer($input); + + //$this->app->Tpl->Set('MESSAGE', "
Der Benutzer wurde erfolgreich angelegt
"); + $msg = $this->app->erp->base64_url_encode("
Der Benutzer wurde erfolgreich angelegt.
"); + header("Location: index.php?module=benutzer&action=edit&id=$id&msg=$msg"); + exit; + } + } + + $this->SetInput($input); + + + $this->app->YUI->ColorPicker('defaultcolor'); + + $this->app->Tpl->Set('ACTIVCHECKED',"checked"); + $this->app->Tpl->Set('VORRECHTE',""); + $extra = ' + if($(\'#hwtoken\').val() == \'4\' || $(\'#hwtoken\').val() == \'5\') + { + message = \'\'; + } + '; + $this->app->YUI->PasswordCheck('password', 'repassword', 'username', 'submit', $extra); + $this->app->Tpl->Parse('PAGE', "benutzer_create.tpl"); + } + + function UserHistory(){ + $id = $this->app->Secure->GetGET('id'); + $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Übersicht"); + $this->app->erp->MenuEintrag("index.php?module=benutzer&action=history","History"); + + $this->app->YUI->TableSearch('USER_TABLE',"permissionhistory"); + $this->app->Tpl->Parse('PAGE', "benutzer_list.tpl"); + } + + function UserEdit() + { + $id = $this->app->Secure->GetGET('id'); + $this->app->Tpl->Set('ID', $id); + $defaultcolor = $this->app->Secure->GetPOST('defaultcolor'); + if($defaultcolor === 'transparent') $defaultcolor = ''; + + // convert value to user DB + if($this->app->User->GetParameter('welcome_defaultcolor_fuer_kalender')!=''){ + + $this->app->DB->Update("UPDATE user SET defaultcolor='$defaultcolor' WHERE id='".$this->app->User->GetID()."' LIMIT 1"); + $this->app->User->SetParameter('welcome_defaultcolor_fuer_kalender',""); + } + + + if($this->app->Secure->GetGET('cmd') == 'qrruecksetzen' && $id) + { + $this->app->DB->Update("UPDATE `user` set stechuhrdevice = '' WHERE id = '$id' LIMIT 1"); + echo json_encode(array('status'=>1)); + exit; + } + + if($this->app->Secure->GetGET('cmd') == 'getrfid' && $id) + { + $rfid = ''; + $swhere = ''; + $seriennummer = $this->app->Secure->GetPOST('seriennummer'); + if($seriennummer != '')$swhere = " AND seriennummer = '$seriennummer' "; + $deviceiddest = $this->app->DB->Select("SELECT seriennummer FROM adapterbox WHERE verwendenals = 'metratecrfid' $swhere LIMIT 1"); + if($deviceiddest) + { + $rfid = trim($this->app->erp->GetAdapterboxAPIRFID($deviceiddest)); + if($rfid == 'no answer from device (not timeout)')$rfid = ''; + if($rfid) + { + $rfida = explode(';',$rfid); + if(!empty($rfida[1]))$rfid = $rfida[1]; + } + if($this->app->DB->Select("SELECT id FROM `user` WHERE rfidtag = '".$this->app->DB->real_escape_string($rfid)."' AND id <> '$id' LIMIT 1"))$rfid = ''; + } + if($rfid == "0")$rfid = ''; + echo json_encode(array('rfid'=>$rfid)); + exit; + } + $jsonvorlage = $_FILES['jsonvorlage']['tmp_name']; + if($jsonvorlage!="") + { + $content = file_get_contents($jsonvorlage); + $tmp = json_decode($content); + $neuerechte=0; + + $anzahl = count($tmp->{'rechte'}); + for($i=0;$i<=$anzahl;$i++) + { + //echo " $i M ".$tmp->{'rechte'}[$i]->{'module'}." A ".$tmp->{'rechte'}[$i]->{'action'}; + $tmpmodule = $this->app->DB->real_escape_string($tmp->{'rechte'}[$i]->{'module'}); + $tmpaction = $this->app->DB->real_escape_string($tmp->{'rechte'}[$i]->{'action'}); + + if($tmpmodule!="" && $tmpaction!="") + { + $check = $this->app->DB->Select("SELECT id FROM userrights WHERE module='".$tmpmodule."' AND action='".$tmpaction."' AND user='".$id."' LIMIT 1"); + + if($check > 0) + $this->app->DB->Update("UPDATE userrights SET permission=1 WHERE module='".$tmpmodule."' AND action='".$tmpaction."' AND user='".$id."' LIMIT 1"); + else { + $neuerechte++; + $this->app->DB->Insert("INSERT INTO userrights (id,module,action,user,permission) VALUES ('','".$tmpmodule."','".$tmpaction."','$id','1')"); + } + $this->permissionLog($this->app->User->GetID(),$id,$tmpmodule,$tmpaction,1); + } + } + $msg = $this->app->erp->base64_url_encode("
Es wurden $neuerechte neue Rechte dem Benutzer hinzugefügt!
"); + header("Location: index.php?module=benutzer&action=edit&id=$id&msg=$msg"); + exit; + } + + $this->app->erp->MenuEintrag("index.php?module=benutzer&action=edit&id=$id","Details"); + $username = $this->app->DB->Select("SELECT username FROM `user` WHERE id='$id'"); + // $this->app->Tpl->Add(KURZUEBERSCHRIFT2,$username); + + $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Zurück zur Übersicht"); + + $id = $this->app->Secure->GetGET('id'); + $input = $this->GetInput(); + + if($input['hwtoken'] == 'totp'){ + $input['hwtoken'] = '0'; + }else if($input['hwtoken'] != ''){ + /** @var \Xentral\Modules\TOTPLogin\TOTPLoginService $tokenManager */ + $tokenManager = $this->app->Container->get('TOTPLoginService'); + $tokenManager->disableTotp($id); + } + + $submit = $this->app->Secure->GetPOST('submituser'); + $benutzer = $this->app->DB->Select("SELECT description FROM `user` WHERE id='$id' LIMIT 1"); + $name_angezeigt = $this->app->DB->Select("SELECT adresse FROM `user` WHERE id='$id' LIMIT 1"); + $name = $this->app->DB->Select("SELECT name FROM adresse WHERE id='$name_angezeigt' LIMIT 1"); + if($benutzer!="")$tmp = "(".$benutzer.")"; + $this->app->Tpl->Add('KURZUEBERSCHRIFT2',$name." ".$tmp); + + + if(is_numeric($id) && $submit!='') { + $isUserLastAdmin = $this->isUserLastAdmin((int)$id); + $error = ''; + if($input['username']=='') $error .= 'Geben Sie bitte einen Benutzernamen ein.
'; + if($input['password'] != $input['repassword'] && $input['hwtoken']!=5) $error .= 'Die eingegebenen Passwörter stimmen nicht überein.
'; + + $input['adresse'] = $this->app->erp->ReplaceAdresse(1,$input['adresse'],1); + if($input['adresse'] <=0) + $error .= 'Geben Sie bitte eine gültige Adresse aus den Stammdaten an.
'; + + $input['projekt'] = $this->app->erp->ReplaceProjekt(1,$input['projekt'],1); + $isOwnAccount = $id == $this->app->User->GetId(); + if($isOwnAccount && empty($input['activ'])) { + $error .= '{|Du kannst deinen eigenen Account nicht deaktivieren.|}
'; + } elseif($isOwnAccount && $this->isUserAdmin((int)$id) && $input['type'] !== 'admin') { + $error .= '{|Du kannst deinen eigenen Account nicht in einem Benutzer umwandeln.|}
'; + } elseif($isUserLastAdmin && empty($input['activ'])) { + $error .= '{|Der letzte Administrator kann nicht deaktiviert werden.|}
'; + } elseif($isUserLastAdmin && $input['type'] !== 'admin') { + $error .= '{|Der letzte Administrator kann nicht in einem Benutzer umgewandelt werden.|}
'; + } + if($error!='') + $this->app->Tpl->Set('MESSAGE', "
$error
"); + else { + //$settings = base64_encode(serialize($input['settings'])); + $firma = $this->app->User->GetFirma(); + + if($input['gpsstechuhr']!="1") + { + $check = $this->app->DB->Delete("DELETE FROM gpsstechuhr + WHERE `user`='".$id."' + AND DATE_FORMAT(zeit,'%Y-%m-%d')= DATE_FORMAT( NOW( ) , '%Y-%m-%d' ) LIMIT 1"); + } + + if(($input['hwtoken'] == 4) && $input['type'] == 'admin') + { + $anzaktivadmin = $this->app->DB->Select("SELECT count(*) from `user` where activ=1 and type = 'admin' and id <> '$id'"); + if($anzaktivadmin < 1) + { + $error = 'Sie können den einzigen Administrator als Stechuhruer einbinden. Legen Sie dafür einen neuen User an'; + $this->app->Tpl->Set('MESSAGE', "
$error
"); + } else { + $input['type'] = 'standard'; + $input['startseite'] = 'index.php?module=stechuhr&action=list'; + } + + } + if($error == "") + { + if($input['hwtoken'] == 4) + { + $stechuhrdevice = $this->app->DB->Select("SELECT stechuhrdevice from `user` where id = '$id'"); + if(substr($input['username'], 0,6) !== substr($stechuhrdevice,0,6)) + { + $this->app->DB->Update("UPDATE `user` set stechuhrdevice = '' where id = '$id'"); + } + } + + $spracheBevorzugen = $this->getCurrentDefaultLanguage($input['sprachebevorzugen']); + + $this->app->DB->Update( + sprintf( + "UPDATE `user` + SET username='%s', + description='%s', + activ='%d', + type='%s', + adresse='%d', + vorlage='%s', + gpsstechuhr='%d', + rfidtag='%s', + kalender_aktiv='%d', + kalender_ausblenden='%d', + projekt='%d', + projekt_bevorzugen='%d', + sprachebevorzugen='%s', + email_bevorzugen='%d', + fehllogins='%d', + standarddrucker='%d', + standardetikett='%d', + standardversanddrucker='%d', + paketmarkendrucker='%d', + standardfax='%d', + defaultcolor='%s', + startseite='%s', + hwtoken='%d', + hwkey='%s', + hwcounter='%d', + hwdatablock='%s', + motppin='%s', + motpsecret='%s', + externlogin='%d', + firma='%d', + kalender_passwort='%s', + docscan_aktiv='%d', + docscan_passwort='%s', + `role` = '%s' + WHERE id=%d + LIMIT 1", + $input['username'], + $input['description'], + $input['activ'], + $input['type'], + $input['adresse'], + $input['vorlage'], + $input['gpsstechuhr'], + $input['rfidtag'], + $input['kalender_aktiv'], + $input['kalender_ausblenden'], + $input['projekt'], + $input['projekt_bevorzugen'], + $spracheBevorzugen, + $input['email_bevorzugen'], + $input['fehllogins'], + $input['standarddrucker'], + $input['standardetikett'], + $input['standardversanddrucker'], + $input['paketmarkendrucker'], + $input['standardfax'], + $input['defaultcolor'], + $input['startseite'], + $input['hwtoken'], + $input['hwkey'], + $input['hwcounter'], + $input['hwdatablock'], + $input['motppin'], + $input['motpsecret'], + $input['externlogin'], + $firma, + $input['kalender_passwort'], + $input['docscan_aktiv'], + $input['docscan_passwort'], + $input['role'], + $id + ) + ); + + if($input['password']!='' && $input['password']!='***************') { + $this->app->DB->Select("SELECT passwordhash FROM `user` WHERE id = '$id' LIMIT 1"); + if(!$this->app->DB->error()){ + $options = array( + 'cost' => 12, + ); + $passwordhash = @password_hash($input['passwordunescaped'], PASSWORD_BCRYPT, $options); + if($passwordhash != '') + { + $this->app->DB->Update("UPDATE `user` SET passwordhash = '".$this->app->DB->real_escape_string($passwordhash)."', + password='',passwordmd5='', salt = '', passwordsha512 = '' + WHERE id = '".$id."' LIMIT 1"); + } + } + else{ + $salt = $this->app->DB->Select("SELECT salt FROM `user` WHERE id = '$id' LIMIT 1"); + if(!$this->app->DB->error()){ + if(empty($salt)) $salt = hash('sha512', microtime(true)); + $passwordsha512 = hash('sha512', $_POST['password'] . $salt); + $this->app->DB->Update("UPDATE `user` SET password='',passwordmd5='', salt = '$salt', passwordsha512 = '$passwordsha512' WHERE id='$id' LIMIT 1"); + if($salt == "" || $passwordsha512 == "") { + $this->app->DB->Update("UPDATE `user` SET `password` = '', `passwordmd5` = MD5('{$input['password']}') WHERE `id` = '$id' LIMIT 1"); + } //TODO rausnehmen + } + else{ + $this->app->DB->Update("UPDATE `user` SET `password` = '', `passwordmd5` = MD5('{$input['password']}') WHERE `id` = '$id' LIMIT 1"); + } + } + } + + $this->app->Tpl->Set('MESSAGE', "
Die Einstellungen wurden erfolgreich übernommen.
"); + + $this->app->erp->AbgleichBenutzerVorlagen($id); + } + } + } + + + + $data = $this->app->DB->SelectArr("SELECT * FROM `user` WHERE id='$id' LIMIT 1"); + if($data) + { + + if($data[0]['stechuhrdevice'] != '')$this->app->Tpl->Set('BUTTONQRRESET', ''); + } + if(is_array($data[0])) { + $data[0]['password'] = '***************'; + $data[0]['repassword'] = '***************'; + // $data[0]['motpsecret'] = $this->app->DB->Select("SELECT DECRYPT('{$input[0]['motpsecret']}')"); + // $data[0]['hwkey'] = $this->app->DB->Select("SELECT DECRYPT('{$input[0]['hwkey']}')"); + //$data[0]['settings'] = unserialize(base64_decode($data[0]['settings'])); + } + + if($data[0]['type']=="admin"){ + $this->app->Tpl->Set('HINWEISADMIN',"
Dieser Benutzer ist vom Typ Administrator. Administratoren haben immer Vollzugriff - daher können diesem keine Rechte genommen werden.
"); + } else { + $this->app->Tpl->Add("HINWEISADMIN","
Hinweis: Blau = erlaubt, Grau = gesperrt"); + } + $this->SetInput($data[0]); + $this->UserRights(); + + + $rfids = $this->app->DB->SelectArr("SELECT seriennummer,bezeichnung FROM adapterbox WHERE verwendenals = 'metratecrfid'"); + if($rfids) + { + foreach($rfids as $v) + { + $this->app->Tpl->Add('SELRFID',''); + } + } + // + $this->app->YUI->ColorPicker('defaultcolor'); + + $extra = ' + if($(\'#hwtoken\').val() == \'4\' || $(\'#hwtoken\').val() == \'5\') + { + message = \'\'; + } + '; + $this->app->YUI->PasswordCheck('password', 'repassword', 'username', 'submit', $extra); + $roles = $this->getRoleOptions(); + $hasSelection = false; + foreach($roles as $roleKey => $roleValue) { + $selected = $roleKey === $data[0]['role']?' selected="selected"':''; + if($selected !== '') { + $hasSelection = true; + } + if(!$hasSelection && $roleKey === 'Sonstiges') { + $selected = ' selected="selected"'; + } + $this->app->Tpl->Add( + 'SELROLE', + sprintf( + '', + $roleKey, $selected, $roleValue + ) + ); + } + $this->app->Tpl->Set('ROLETEXT', $data[0]['role']); + $this->app->Tpl->Set('ROLE', $data[0]['role']); + $this->app->Tpl->Parse('PAGE', "benutzer_create.tpl"); + } + + + /** + * @return string[] + */ + public function getRoleOptions(): array + { + return [ + 'Buchhaltung' => 'Buchhaltung', + 'Vertrieb' => 'Vertrieb', + 'Einkauf / Produktion' => 'Einkauf / Produktion', + 'Logistik' => 'Logistik', + 'HR / Personalmanagement' => 'HR / Personalmanagement', + 'Office' => 'Office', + 'Marketing' => 'Marketing', + 'Administration / IT' => 'Administration / IT', + 'Management' => 'Management', + 'Sonstiges' => 'Sonstiges', + ]; + } + + /** + * @return array + */ + public function GetInput(): array + { + // username is an array with multiple (hidden) fields, so filter the first filled one. + $usernames = (array) $this->app->Secure->GetPOST('username'); + $usernames = array_filter($usernames); + // make sure, at least one (empty) string is present in this array. + $usernames[] = ''; + // reset all indexes. + $usernames = array_values($usernames); + $username = $usernames[0]; + + $input = array(); + $input['description'] = $this->app->Secure->GetPOST('description'); + $input['type'] = $this->app->Secure->GetPOST('type'); + $input['username'] = $username; + $input['vorlage'] = $this->app->Secure->GetPOST('vorlage'); + $input['adresse'] = $this->app->Secure->GetPOST('adresse'); + $input['externlogin'] = $this->app->Secure->GetPOST('externlogin'); + $input['activ'] = $this->app->Secure->GetPOST('activ'); + $input['gpsstechuhr'] = $this->app->Secure->GetPOST('gpsstechuhr'); + $input['rfidtag'] = $this->app->Secure->GetPOST('rfidtag'); + $input['kalender_aktiv'] = $this->app->Secure->GetPOST('kalender_aktiv'); + $input['kalender_ausblenden'] = $this->app->Secure->GetPOST('kalender_ausblenden'); + $input['projekt'] = $this->app->Secure->GetPOST('projekt'); + $input['projekt_bevorzugen'] = $this->app->Secure->GetPOST('projekt_bevorzugen'); + $input['email_bevorzugen'] = $this->app->Secure->GetPOST('email_bevorzugen'); + $input['startseite'] = $this->app->Secure->GetPOST('startseite'); + $input['defaultcolor'] = $this->app->Secure->GetPOST('defaultcolor'); + if($input['defaultcolor'] === 'transparent') $input['defaultcolor'] = ''; + $input['fehllogins'] = $this->app->Secure->GetPOST('fehllogins'); + $input['password'] = $this->app->Secure->GetPOST('password'); + $input['repassword'] = $this->app->Secure->GetPOST('repassword'); + $input['passwordunescaped'] = $this->app->Secure->GetPOST('password',"","","noescape"); + $input['hwtoken'] = $this->app->Secure->GetPOST('hwtoken'); + $input['motppin'] = $this->app->Secure->GetPOST('motppin'); + $input['motpsecret'] = $this->app->Secure->GetPOST('motpsecret'); + $input['hwkey'] = $this->app->Secure->GetPOST('hwkey'); + $input['hwcounter'] = $this->app->Secure->GetPOST('hwcounter'); + $input['hwdatablock'] = $this->app->Secure->GetPOST('hwdatablock'); + $input['standarddrucker'] = $this->app->Secure->GetPOST('standarddrucker'); + $input['standardversanddrucker'] = $this->app->Secure->GetPOST('standardversanddrucker'); + $input['paketmarkendrucker'] = $this->app->Secure->GetPOST('paketmarkendrucker'); + $input['standardetikett'] = $this->app->Secure->GetPOST('standardetikett'); + $input['standardfax'] = $this->app->Secure->GetPOST('standardfax'); + $input['sprachebevorzugen'] = $this->app->Secure->GetPOST('sprachebevorzugen'); + $input['role'] = $this->app->Secure->GetPOST('role'); + + //$input['settings'] = $this->app->Secure->GetPOST('settings'); + $input['kalender_passwort'] = $this->app->Secure->GetPOST('kalender_passwort'); + $input['docscan_aktiv'] = $this->app->Secure->GetPOST('docscan_aktiv'); + $input['docscan_passwort'] = $this->app->Secure->GetPOST('docscan_passwort'); + return $input; + } + + function SetInput($input) + { + $this->app->Tpl->Set('DESCRIPTION', $input['description']); + $this->app->Tpl->Set('TYPESELECT', $this->TypeSelect($input['type'])); + $this->app->Tpl->Set('USERNAME', $input['username']); + $this->app->Tpl->Set('VORLAGE', $input['vorlage']); + $this->app->Tpl->Set('ADRESSE', $this->app->erp->ReplaceAdresse(0,$input['adresse'],0)); + $this->app->Tpl->Set('PROJEKT', $this->app->erp->ReplaceProjekt(0,$input['projekt'],0)); + $this->app->Tpl->Set('RFIDTAG', $input['rfidtag']); + + $this->app->YUI->AutoComplete("adresse","adresse"); + $this->app->YUI->AutoComplete("vorlage","uservorlage"); + $this->app->YUI->AutoComplete("projekt","projektname",1); + + if($input['externlogin']=='1') $this->app->Tpl->Set('EXTERNLOGINCHECKED', 'checked'); + if($input['activ']=='1') $this->app->Tpl->Set('ACTIVCHECKED', 'checked'); + if($input['gpsstechuhr']=='1') $this->app->Tpl->Set('GPSSTECHUHRCHECKED', 'checked'); + if($input['kalender_aktiv']=='1') $this->app->Tpl->Set('KALENDERAKTIVCHECKED', 'checked'); + if($input['kalender_ausblenden']=='1') $this->app->Tpl->Set('KALENDERAUSBLENDENCHECKED', 'checked'); + if($input['projekt_bevorzugen']=='1') $this->app->Tpl->Set('PROJEKTBEVORZUGENCHECKED', 'checked'); + if($input['email_bevorzugen']=='1') $this->app->Tpl->Set('EMAILBEVORZUGENCHECKED', 'checked'); + if($input['docscan_aktiv']=='1') $this->app->Tpl->Set('DOCSCANAKTIVCHECKED', 'checked'); + + $this->app->Tpl->Set('STARTSEITE', $input['startseite']); + $this->app->Tpl->Set('DEFAULTCOLOR', $input['defaultcolor']); + $this->app->Tpl->Set('SPRACHEBEVORZUGEN',$this->languageSelectOptions($input['sprachebevorzugen'])); + $this->app->Tpl->Set('FEHLLOGINS', $input['fehllogins']); + $this->app->Tpl->Set('PASSWORD', $input['password']); + $this->app->Tpl->Set('REPASSWORD', $input['repassword']); + $this->app->Tpl->Set('TOKENSELECT', $this->TokenSelect($input['hwtoken'])); + $this->app->Tpl->Set('MOTPPIN', $input['motppin']); + $this->app->Tpl->Set('MOTPSECRET', $input['motpsecret']); + $this->app->Tpl->Set('HWKEY', $input['hwkey']); + $this->app->Tpl->Set('HWCOUNTER', $input['hwcounter']); + $this->app->Tpl->Set('HWDATABLOCK', $input['hwdatablock']); + $this->app->Tpl->Set('STANDARDDRUCKER', $this->app->erp->GetSelectDrucker($input['standarddrucker'])); + $this->app->Tpl->Set('STANDARDVERSANDDRUCKER', $this->app->erp->GetSelectVersanddrucker($input['standardversanddrucker'])); + $this->app->Tpl->Set('PAKETMARKENDRUCKER', $this->app->erp->GetSelectVersanddrucker($input['paketmarkendrucker'])); + $this->app->Tpl->Set('STANDARDETIKETT', $this->app->erp->GetSelectEtikettenDrucker($input['standardetikett'])); + $this->app->Tpl->Set('STANDARDFAX', $this->app->erp->GetSelectFax($input['standardfax'])); + //$this->app->Tpl->Set('SETTINGS', $input['settings']); + $this->app->Tpl->Set('SERVERNAME', $this->app->erp->UrlOrigin($_SERVER)); + $this->app->Tpl->Set('KALENDERPASSWORT', $input['kalender_passwort']); + $this->app->Tpl->Set('DOCSCANPASSWORT', $input['docscan_passwort']); + $this->app->Tpl->Set('ROLE', $input['role']); + $this->app->Tpl->Set('ROLETEXT', $input['role']); + } + + function TypeSelect($select='admin') + { + $data = array('standard'=>'Benutzer','admin'=>'Administrator'); + //, 'verwaltung'=>'Verwaltung', 'vollzugriff'=>'Vollzugriff', 'mitarbeiter'=>'Mitarbeiter', 'produktion'=>'Produktion'); + + $out = ""; + foreach($data as $key=>$value) { + $selected = (($select==$key) ? 'selected' : ''); + $out .= ""; + } + return $out; + } + + private function getCurrentDefaultLanguage($fromPost){ + + if(empty($fromPost)){ + $fromPost = $this->app->erp->Firmendaten('preferredLanguage'); + + if(empty($fromPost)){ + $fromPost = 'deutsch'; + } + } + return $fromPost; + } + + /** + * Liefert einen String aus HTML-Optionen zurück + * @param string $fromPost + * @return string + */ + private function languageSelectOptions($fromPost=''){ + + $select = $this->getCurrentDefaultLanguage($fromPost); + + $out = ""; + $sprachen = $this->getLanguages(); + + foreach($sprachen as $sprache) { + $selected = (($select==$sprache) ? 'selected' : ''); + $out .= ""; + } + return $out; + } + + /** + * Liefert einen Array aus Strings zurück. Immer mindestens 'deutsch' enthalten + * @return array + */ + private function getLanguages(){ + + $sprachen[] = 'deutsch'; + $folder = __DIR__ .'/../../languages'; + if(is_dir($folder)) + { + $handle = opendir($folder); + if($handle){ + while($file = readdir($handle)) + { + if($file[0] !== '.') + { + if(is_dir($folder.'/'.$file) && (file_exists($folder.'/'.$file.'/variablen.php')|| file_exists($folder.'/'.$file.'/variablen_custom.php'))) + { + if($file == 'german')$file = 'deutsch'; + if(!in_array($file, $sprachen))$sprachen[] = $file; + } + } + } + closedir($handle); + } + } + return $sprachen; + } + + /** + * @param string $select + * + * @return string + */ + public function TokenSelect($select='0') + { + //$data = array('0'=>'Benutzername + Passwort', '1'=>'Benutzername + Passwort + mOTP', '2'=>'Benutzername + Passwort + Picosafe Login','3'=>'WaWision OTP + Passwort'); + $data = array('0'=>'Benutzername + Passwort', + '3'=>'WaWision LoginKey + Benutzername + Passwort', + '5'=>'LDAP Verzeichnis' + ); + + /** @var \Xentral\Modules\TOTPLogin\TOTPLoginService $tokenManager */ + $tokenManager = $this->app->Container->get('TOTPLoginService'); + $user = $this->app->Secure->GetGET('id'); + try { + if($user != null && $user != '' && $tokenManager->isTOTPEnabled($user)){ + $data['totp'] = 'Benutzername + Passwort + TOTP 2FA'; + $select = 'totp'; + } + } + catch(QueryFailureException $e) { + $this->app->erp->InstallModul('totp'); + } + + if($this->app->erp->RechteVorhanden('stechuhrdevice','list') || $this->app->erp->RechteVorhanden('mitarbeiterzeiterfassung','list')) + { + $data['4'] = 'Mitarbeiterzeiterfassung QR-Code'; + } + + $out = ""; + foreach($data as $key=>$value) { + $selected = (($select==$key) ? 'selected' : ''); + $out .= ""; + } + return $out; + } + + function UserRights() + { + $id = $this->app->Secure->GetGET('id'); + $template = $this->app->Secure->GetPOST('usertemplate'); + $copytemplate = $this->app->Secure->GetPOST('copyusertemplate'); + $hwtoken = $this->app->DB->Select("SELECT hwtoken FROM `user` where id = '$id' LIMIT 1"); + $modules = $this->ScanModules(); + if($hwtoken == 4) + { + $modulecount = count($modules); + $curModule = 0; + foreach($modules as $module=>$actions) { + $lower_m = strtolower($module); + $curModule++; + $actioncount = count($actions); + for($i=0;$i<$actioncount;$i++) { + $delimiter = (($curModule<$modulecount || $i+1<$actioncount) ? ', ' : ';'); + $active = 0; + if($lower_m == 'stechuhr' && ($actions[$i] == 'list' || $actions[$i] == 'change'))$active = 1; + if($active==1){ + $this->app->DB->Insert("INSERT INTO userrights (`user`, module, action, permission) VALUES ('$id', '$lower_m', '{$actions[$i]}', '$active')"); + $this->permissionLog($this->app->User->GetID(),$id,$module,$actions[$i],$active); + } + } + } + }else { + + if($template!='') { + $mytemplate = $this->app->Conf->WFconf['permissions'][$template]; + $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$id"); + $this->app->DB->Delete("DELETE FROM userrights WHERE `user`='$id'"); + foreach ($permissions as $permission){ + $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],0); + } + //$sql = 'INSERT INTO userrights (user, module, action, permission) VALUES '; + + $modulecount = count($modules); + $curModule = 0; + foreach($modules as $module=>$actions) { + $lower_m = strtolower($module); + $curModule++; + $actioncount = count($actions); + for($i=0;$i<$actioncount;$i++) { + $delimiter = (($curModule<$modulecount || $i+1<$actioncount) ? ', ' : ';'); + $active = ((isset($mytemplate[$lower_m]) && in_array($actions[$i], $mytemplate[$lower_m])) ? '1' : '0'); + if($active==1){ + $this->app->DB->Insert("INSERT INTO userrights (`user`, module, action, permission) VALUES ('$id', '$lower_m', '{$actions[$i]}', '$active')"); + $this->permissionLog($this->app->User->GetID(),$id,$module,$actions[$i],$active); + } + } + } + //$this->app->DB->Query($sql); + } + + if($copytemplate!='') { + $ok = true; + // echo "User $id $copytemplate"; + if($ok) + { + $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$id"); + foreach ($permissions as $permission){ + $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],0); + } + $this->app->DB->Delete("DELETE FROM userrights WHERE `user`='$id'"); + $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$copytemplate"); + $this->app->DB->Update("INSERT INTO userrights (`user`, module,action,permission) (SELECT '$id',module, action,permission FROM userrights WHERE user='".$copytemplate."')"); + foreach ($permissions as $permission){ + $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],1); + } + } + } + } + + $dbrights = $this->app->DB->SelectArr("SELECT module, action, permission FROM userrights WHERE `user`='$id' ORDER BY module"); + $group = $this->app->DB->Select("SELECT `type` FROM `user` WHERE id='$id' LIMIT 1"); + + $rights = $this->app->Conf->WFconf['permissions'][$group]; + if(is_array($dbrights) && count($dbrights)>0) + $rights = $this->AdaptRights($dbrights, $rights, $group); + + $modules = $this->ScanModules(); + $table = $this->CreateTable($id, $modules, $rights); + + + //$this->app->Tpl->Set('USERTEMPLATES', $this->TemplateSelect()); + $this->app->Tpl->Set('USERNAMESELECT', $this->app->erp->GetSelectUser("",$id)); + $this->app->Tpl->Set('MODULES', $table); + } + + function UserChangeRights() + { + $user = $this->app->Secure->GetGET('b_user'); + $module = $this->app->Secure->GetGET('b_module'); + $action = $this->app->Secure->GetGET('b_action'); + $value = $this->app->Secure->GetGET('b_value'); + + if(is_numeric($user) && $module!='' && $action!='' && $value!='') { + $id = $this->app->DB->Select("SELECT id FROM userrights WHERE user='$user' AND module='$module' AND action='$action' LIMIT 1"); + if($value && $this->app->erp->isIoncube() && method_exists('erpAPI','Ioncube_getMaxLightusersRights') && method_exists('erpAPI','Ioncube_LightuserRechteanzahl')) + { + $lightuser = $this->app->DB->Select("SELECT id FROM `user` WHERE id = '$user' AND type='lightuser' LIMIT 1"); + if($lightuser) + { + $anzerlaubt = erpAPI::Ioncube_getMaxLightusersRights(); + $anzvorhanden = erpAPI::Ioncube_LightuserRechteanzahl($this->app, $user); + if($anzvorhanden >= $anzerlaubt) + { + exit; + } + if($id) + { + if(!$this->app->DB->Select("SELECT permission FROM userrights WHERE id = '$id'"))exit; + }else{ + if($anzvorhanden + 1 > $anzerlaubt)exit; + } + } + if($value && method_exists($this->app->erp, 'ModuleBenutzeranzahlLizenzFehler') && ($err = $this->app->erp->ModuleBenutzeranzahlLizenzFehler($module))) + { + if(isset($err['Error'])) + { + if(is_array($err['Error'])) + { + echo "Error".implode('
',$err['Error']); + }else{ + echo "Error".$err['Error']; + } + } + exit; + } + } + if(is_numeric($id) && $id>0) + { + if($value=="1") + { + $this->app->DB->Update("UPDATE userrights SET permission='$value' WHERE id='$id' LIMIT 1"); + } + else + $this->app->DB->Delete("DELETE FROM userrights WHERE user='$user' AND module='$module' AND action='$action'"); + } + //$this->app->DB->Update("UPDATE userrights SET permission='$value' WHERE id='$id' LIMIT 1"); + else + $this->app->DB->Insert("INSERT INTO userrights (user, module, action, permission) VALUES ('$user', '$module', '$action', '$value')"); + + $this->permissionLog($this->app->User->GetID(),$user,$module,$action,$value); + } + + echo $this->app->DB->Select("SELECT permission FROM userrights WHERE user='$user' AND module='$module' AND action='$action' LIMIT 1"); + + + exit; + } + + public function permissionLog($grantingUserId,$receivingUserId,$module,$action,$permission){ + $grantingUserName = $this->app->DB->Select("SELECT username FROM user WHERE id=$grantingUserId"); + $receivingUserName = $this->app->DB->Select("SELECT username FROM user WHERE id=$receivingUserId"); + $permission = !empty($permission); + try { + $userPermission = $this->app->Container->get('UserPermissionService'); + $userPermission->log($grantingUserId,$grantingUserName,$receivingUserId,$receivingUserName,$module,$action,$permission); + }catch (Exception $ex){ + $this->app->erp->LogFile('Fehler bei Zuweisung Rechtehistore',$ex->getMessage()); + } + } + + + function AdaptRights($dbarr, $rights) + { + $cnt = count($dbarr); + for($i=0;$i<$cnt;$i++) { + $module = $dbarr[$i]['module']; + $action = $dbarr[$i]['action']; + $perm = $dbarr[$i]['permission']; + + if(isset($rights[$module])) { + if($perm=='1' && !in_array($action, $rights[$module])) + $rights[$module][] = $action; + + if($perm=='0' && in_array($action, $rights[$module])) { + $index = array_search($action, $rights[$module]); + unset($rights[$module][$index]); + $rights[$module] = array_values($rights[$module]); + } + }else if($perm=='1') $rights[$module][] = $action; + } + return $rights; + } + + function CreateTable($user, $modules, $rights) + { + $maxcols = 6; + $width = 100 / $maxcols; + $out = ''; + foreach($modules as $key=>$value) { + if(strtolower($key) == 'api' || strtolower($key) == 'ajax')continue; + $out .= "$key"; + + $out .= ""; + $module = strtolower($key); + for($i=0;$i<$maxcols || $i{$action}"; + + if($i%$maxcols==($maxcols-1)) $out .= ""; + } + $out .= "
"; + } + + return $out; + } + + /** + * @param string $page + * @param array $actions + * + * @return array + */ + public function getActionsFromFile($page, $actions = []) + { + if(substr($page,-8) === '.src.php') { + return $actions; + } + $content = file_get_contents($page); + $foundItems = preg_match_all('/ActionHandler\([\"|\\\'][[:alnum:]].*[\"|\\\'],/', $content, $matches); + if($foundItems <= 0) { + return $actions; + } + $action = str_replace(array('ActionHandler("','ActionHandler(\'','",' , '\',' ),'', $matches[0]); + if(empty($action) || !is_array($action)) { + return $actions; + } + if(isset($actions)) { + $actionsCount = $action ? count($action) : 0; + for ($i = 0; $i < $actionsCount; $i++) { + if(empty($action[$i])) { + continue; + } + $found = false; + foreach ($actions as $v) { + if($v == $action[$i]){ + $found = true; + break; + } + } + if(!$found){ + $actions[] = $action[$i]; + } + } + } + else{ + $actionsCount = $action ? count($action) : 0; + for ($i = 0; $i < $actionsCount; $i++) { + $actions[] = $action[$i]; + } + } + sort($actions); + + return $actions; + } + + /** + * @return array + */ + public function ScanModules() + { + //$files = glob('./pages/*.php'); + $files = glob(__DIR__.'/*.php'); + $encodedActions = []; + if(method_exists($this->app->erp,'getEncModullist')) { + $encodedActions = $this->app->erp->getEncModullist(); + } + if(empty($encodedActions)) { + $encodedActions = []; + } + $modules = array(); + if(empty($files)) { + return $encodedActions; + } + foreach($files as $page) { + $name = ucfirst(str_replace('_custom','',basename($page,'.php'))); + if(substr($page,-8) === '.src.php') { + continue; + } + + $modules[$name] = $this->getActionsFromFile($page, isset($modules[$name]) ? $modules[$name]: []); + + if(!empty($encodedActions[$name]) && is_array($encodedActions[$name]) && count($encodedActions[$name]) > 0) { + if(isset($modules[$name])) { + $encodedActionsCount = $encodedActions[$name]?count($encodedActions[$name]):0; + for($i=0;$i<$encodedActionsCount;$i++) { + $found = false; + foreach($modules[$name] as $moduleAction) { + if($moduleAction == $encodedActions[$name][$i]) { + $found = true; + break; + } + } + if(!$found) { + $modules[$name][] = $encodedActions[$name][$i]; + } + } + } + else{ + $modules[$name] = $encodedActions[$name]; + } + sort($modules[$name]); + } + } + + foreach($modules as $name => $actions) { + if(empty($actions)) { + unset($modules[$name]); + } + } + + return $modules; + } + + function TemplateSelect() + { + $options = ""; + foreach($this->Templates as $key=>$value) { + if($key!="web") + $options .= ""; + } + + return $options; + } + + function GetTemplates() + { + return $this->app->Conf->WFconf['permissions']; + } +}