app=$app; if($intern)return; $this->app->erp->inline['german']['benutzer']['default']['weitereyoutube'][] = array('titel'=>'Zwei-Faktor-Authentifizierung mit mOTP','youtube'=>'QfNbDsEQB9M'); $this->app->ActionHandlerInit($this); $this->app->ActionHandler("create","UserCreate"); $this->app->ActionHandler("delete","UserDelete"); $this->app->ActionHandler("edit","UserEdit"); $this->app->ActionHandler("history","UserHistory"); $this->app->ActionHandler("list","UserList"); $this->app->ActionHandler("chrights","UserChangeRights"); $this->app->ActionHandler("download","UserDownload"); $this->app->DefaultActionHandler("list"); //$this->Templates = $this->GetTemplates(); $this->app->ActionHandlerListen($app); } public function Install() { try { /** @var SurveyService $surveyService */ $surveyService = $this->app->Container->get('SurveyService'); $surveyService->create('user_create', 'benutzer', 'list', false, false); } catch (Exception $e) { } $this->app->erp->RegisterHook('welcome_surveysave', 'benutzer', 'UserWelcomeSurveySave'); } /** * @param int $surveyId * @param int $surveyUserId * @param array $resonse */ public function UserWelcomeSurveySave($surveyId, $surveyUserId, &$response) { /** @var SurveyGateway $surveyGateway */ $surveyGateway = $this->app->Container->get('SurveyGateway'); $survey = $surveyGateway->getById($surveyId); if(empty($survey) || $survey['name'] !== 'user_create') { return; } $dataRow = $surveyGateway->getFilledById($surveyUserId); $data = json_decode($dataRow['data'], true); if(!empty($data['name'])) { foreach($data['name'] as $key => $name) { if(empty($name)) { continue; } //@todo Benutzer anlegen } } /** @var SurveyService $surveyService */ $surveyService = $this->app->Container->get('SurveyService'); $surveyService->clearUserData($surveyId, $this->app->User->GetID()); $response['url'] = 'index.php?module=benutzer&action=list'; } function UserDownload() { $id = $this->app->Secure->GetGET("id"); if($id > 0) { $result = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE `user`='$id'"); $tmp['bezeichnung']=$this->app->DB->Select("SELECT username FROM `user` WHERE id='$id' LIMIT 1"); $tmp['beschreibung']=$this->app->DB->Select("SELECT description FROM `user` WHERE id='$id' LIMIT 1"); $tmp['rechte']=$result; header('Content-Type: application/json'); header('Content-disposition: attachment; filename="'.$tmp['bezeichnung'].'.json"'); echo json_encode($tmp); exit; } } function UserList() { // $this->app->Tpl->Add(KURZUEBERSCHRIFT,"Benutzer"); $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Übersicht"); $this->app->erp->MenuEintrag("index.php?module=benutzer&action=history","Historie"); $this->app->erp->MenuEintrag("index.php?module=benutzer&action=create","Neuen Benutzer anlegen"); $this->app->erp->MenuEintrag("index.php?module=einstellungen&action=list","Zurück zur Übersicht"); $this->app->YUI->TableSearch('USER_TABLE',"userlist"); $this->app->Tpl->Parse('PAGE', "benutzer_list.tpl"); } /** * @param int $userId * * @return bool */ public function isUserLastAdmin(int $userId): bool { return $this->isUserAdmin($userId) && (int)$this->app->DB->Select( "SELECT COUNT(`id`) FROM `user` WHERE `type` = 'admin' AND `activ` = 1 AND `id` <> {$userId}" ) === 0; } public function isUserAdmin(int $userId): bool { return $this->app->DB->Select("SELECT COUNT(`id`) FROM `user` WHERE `type` = 'admin' AND `id` = {$userId}") > 0; } public function UserDelete(): void { $id = (int)$this->app->Secure->GetGET('id'); $isOwnAccount = $id === (int)$this->app->User->GetId(); if($isOwnAccount) { $this->app->Tpl->Set('MESSAGE', "
{|Du kannst deinen eigenen Account nicht löschen.|}
"); } else{ $username = $this->app->DB->Select("SELECT `username` FROM `user` WHERE `id` = '{$id}'"); if(!$this->isUserLastAdmin($id)){ $this->app->DB->Delete("DELETE FROM `user` WHERE `id` = '{$id}'"); $this->app->Tpl->Set('MESSAGE', "
Der Benutzer \"$username\" wurde gelöscht.
"); }else{ $this->app->Tpl->Set('MESSAGE', "
Der einzige aktive Admin \"$username\" kann nicht gelöscht werden.
"); } } $this->UserList(); } function UserCreate() { // $this->app->Tpl->Add(KURZUEBERSCHRIFT,"Benutzer"); $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Zurück zur Übersicht"); $input = $this->GetInput(); $submit = $this->app->Secure->GetPOST('submituser'); $error = ''; $maxlightuser = 0; if($submit!='') { if($input['username']=='' && $this->app->Secure->GetPOST('hwtoken') != 4) $error .= 'Geben Sie bitte einen Benutzernamen ein.
'; if($input['password']=='' && $this->app->Secure->GetPOST('hwtoken') != 4 && $this->app->Secure->GetPOST('hwtoken') != 5) $error .= 'Geben Sie bitte ein Passwort ein.
'; if($input['repassword']=='' && $this->app->Secure->GetPOST('hwtoken') != 4 && $this->app->Secure->GetPOST('hwtoken') != 5 ) $error .= 'Wiederholen Sie bitte Ihr Passwort.
'; if($input['password'] != $input['repassword']) $error .= 'Die eingegebenen Passwörter stimmen nicht überein.
'; if($this->app->DB->Select("SELECT '1' FROM `user` WHERE username='{$input['username']}' LIMIT 1")=='1') $error .= "Es existiert bereits ein Benutzer mit diesem Namen"; $input['adresse'] = $this->app->erp->ReplaceAdresse($input['adresse'],$input['adresse'],1); $input['projekt'] = $this->app->erp->ReplaceProjekt($input['projekt'],$input['projekt'],1); if($input['adresse'] <=0) $error .= 'Geben Sie bitte eine gültige Adresse aus den Stammdaten an.
'; if($error!=='') $this->app->Tpl->Set('MESSAGE', "
$error
"); else { if($input['hwtoken'] == 4 && $input['type'] == 'admin') { $input['type'] = 'standard'; $input['startseite'] = 'index.php?module=stechuhr&action=list'; } $input['passwordunenescaped'] = $_POST['password']; $id = $this->app->erp->CreateBenutzer($input); //$this->app->Tpl->Set('MESSAGE', "
Der Benutzer wurde erfolgreich angelegt
"); $msg = $this->app->erp->base64_url_encode("
Der Benutzer wurde erfolgreich angelegt.
"); header("Location: index.php?module=benutzer&action=edit&id=$id&msg=$msg"); exit; } } $this->SetInput($input); $this->app->YUI->ColorPicker('defaultcolor'); $this->app->Tpl->Set('ACTIVCHECKED',"checked"); $this->app->Tpl->Set('VORRECHTE',""); $extra = ' if($(\'#hwtoken\').val() == \'4\' || $(\'#hwtoken\').val() == \'5\') { message = \'\'; } '; $this->app->YUI->PasswordCheck('password', 'repassword', 'username', 'submit', $extra); $this->app->Tpl->Parse('PAGE', "benutzer_create.tpl"); } function UserHistory(){ $id = $this->app->Secure->GetGET('id'); $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Übersicht"); $this->app->erp->MenuEintrag("index.php?module=benutzer&action=history","History"); $this->app->YUI->TableSearch('USER_TABLE',"permissionhistory"); $this->app->Tpl->Parse('PAGE', "benutzer_list.tpl"); } function UserEdit() { $id = $this->app->Secure->GetGET('id'); $this->app->Tpl->Set('ID', $id); $defaultcolor = $this->app->Secure->GetPOST('defaultcolor'); if($defaultcolor === 'transparent') $defaultcolor = ''; // convert value to user DB if($this->app->User->GetParameter('welcome_defaultcolor_fuer_kalender')!=''){ $this->app->DB->Update("UPDATE user SET defaultcolor='$defaultcolor' WHERE id='".$this->app->User->GetID()."' LIMIT 1"); $this->app->User->SetParameter('welcome_defaultcolor_fuer_kalender',""); } if($this->app->Secure->GetGET('cmd') == 'qrruecksetzen' && $id) { $this->app->DB->Update("UPDATE `user` set stechuhrdevice = '' WHERE id = '$id' LIMIT 1"); echo json_encode(array('status'=>1)); exit; } if($this->app->Secure->GetGET('cmd') == 'getrfid' && $id) { $rfid = ''; $swhere = ''; $seriennummer = $this->app->Secure->GetPOST('seriennummer'); if($seriennummer != '')$swhere = " AND seriennummer = '$seriennummer' "; $deviceiddest = $this->app->DB->Select("SELECT seriennummer FROM adapterbox WHERE verwendenals = 'metratecrfid' $swhere LIMIT 1"); if($deviceiddest) { $rfid = trim($this->app->erp->GetAdapterboxAPIRFID($deviceiddest)); if($rfid == 'no answer from device (not timeout)')$rfid = ''; if($rfid) { $rfida = explode(';',$rfid); if(!empty($rfida[1]))$rfid = $rfida[1]; } if($this->app->DB->Select("SELECT id FROM `user` WHERE rfidtag = '".$this->app->DB->real_escape_string($rfid)."' AND id <> '$id' LIMIT 1"))$rfid = ''; } if($rfid == "0")$rfid = ''; echo json_encode(array('rfid'=>$rfid)); exit; } $jsonvorlage = $_FILES['jsonvorlage']['tmp_name']; if($jsonvorlage!="") { $content = file_get_contents($jsonvorlage); $tmp = json_decode($content); $neuerechte=0; $anzahl = count($tmp->{'rechte'}); for($i=0;$i<=$anzahl;$i++) { //echo " $i M ".$tmp->{'rechte'}[$i]->{'module'}." A ".$tmp->{'rechte'}[$i]->{'action'}; $tmpmodule = $this->app->DB->real_escape_string($tmp->{'rechte'}[$i]->{'module'}); $tmpaction = $this->app->DB->real_escape_string($tmp->{'rechte'}[$i]->{'action'}); if($tmpmodule!="" && $tmpaction!="") { $check = $this->app->DB->Select("SELECT id FROM userrights WHERE module='".$tmpmodule."' AND action='".$tmpaction."' AND user='".$id."' LIMIT 1"); if($check > 0) $this->app->DB->Update("UPDATE userrights SET permission=1 WHERE module='".$tmpmodule."' AND action='".$tmpaction."' AND user='".$id."' LIMIT 1"); else { $neuerechte++; $this->app->DB->Insert("INSERT INTO userrights (id,module,action,user,permission) VALUES ('','".$tmpmodule."','".$tmpaction."','$id','1')"); } $this->permissionLog($this->app->User->GetID(),$id,$tmpmodule,$tmpaction,1); } } $msg = $this->app->erp->base64_url_encode("
Es wurden $neuerechte neue Rechte dem Benutzer hinzugefügt!
"); header("Location: index.php?module=benutzer&action=edit&id=$id&msg=$msg"); exit; } $this->app->erp->MenuEintrag("index.php?module=benutzer&action=edit&id=$id","Details"); $username = $this->app->DB->Select("SELECT username FROM `user` WHERE id='$id'"); // $this->app->Tpl->Add(KURZUEBERSCHRIFT2,$username); $this->app->erp->MenuEintrag("index.php?module=benutzer&action=list","Zurück zur Übersicht"); $id = $this->app->Secure->GetGET('id'); $input = $this->GetInput(); if($input['hwtoken'] == 'totp'){ $input['hwtoken'] = '0'; }else if($input['hwtoken'] != ''){ /** @var \Xentral\Modules\TOTPLogin\TOTPLoginService $tokenManager */ $tokenManager = $this->app->Container->get('TOTPLoginService'); $tokenManager->disableTotp($id); } $submit = $this->app->Secure->GetPOST('submituser'); $benutzer = $this->app->DB->Select("SELECT description FROM `user` WHERE id='$id' LIMIT 1"); $name_angezeigt = $this->app->DB->Select("SELECT adresse FROM `user` WHERE id='$id' LIMIT 1"); $name = $this->app->DB->Select("SELECT name FROM adresse WHERE id='$name_angezeigt' LIMIT 1"); if($benutzer!="")$tmp = "(".$benutzer.")"; $this->app->Tpl->Add('KURZUEBERSCHRIFT2',$name." ".$tmp); if(is_numeric($id) && $submit!='') { $isUserLastAdmin = $this->isUserLastAdmin((int)$id); $error = ''; if($input['username']=='') $error .= 'Geben Sie bitte einen Benutzernamen ein.
'; if($input['password'] != $input['repassword'] && $input['hwtoken']!=5) $error .= 'Die eingegebenen Passwörter stimmen nicht überein.
'; $input['adresse'] = $this->app->erp->ReplaceAdresse(1,$input['adresse'],1); if($input['adresse'] <=0) $error .= 'Geben Sie bitte eine gültige Adresse aus den Stammdaten an.
'; $input['projekt'] = $this->app->erp->ReplaceProjekt(1,$input['projekt'],1); $isOwnAccount = $id == $this->app->User->GetId(); if($isOwnAccount && empty($input['activ'])) { $error .= '{|Du kannst deinen eigenen Account nicht deaktivieren.|}
'; } elseif($isOwnAccount && $this->isUserAdmin((int)$id) && $input['type'] !== 'admin') { $error .= '{|Du kannst deinen eigenen Account nicht in einem Benutzer umwandeln.|}
'; } elseif($isUserLastAdmin && empty($input['activ'])) { $error .= '{|Der letzte Administrator kann nicht deaktiviert werden.|}
'; } elseif($isUserLastAdmin && $input['type'] !== 'admin') { $error .= '{|Der letzte Administrator kann nicht in einem Benutzer umgewandelt werden.|}
'; } if($error!='') $this->app->Tpl->Set('MESSAGE', "
$error
"); else { //$settings = base64_encode(serialize($input['settings'])); $firma = $this->app->User->GetFirma(); if($input['gpsstechuhr']!="1") { $check = $this->app->DB->Delete("DELETE FROM gpsstechuhr WHERE `user`='".$id."' AND DATE_FORMAT(zeit,'%Y-%m-%d')= DATE_FORMAT( NOW( ) , '%Y-%m-%d' ) LIMIT 1"); } if(($input['hwtoken'] == 4) && $input['type'] == 'admin') { $anzaktivadmin = $this->app->DB->Select("SELECT count(*) from `user` where activ=1 and type = 'admin' and id <> '$id'"); if($anzaktivadmin < 1) { $error = 'Sie können den einzigen Administrator als Stechuhruer einbinden. Legen Sie dafür einen neuen User an'; $this->app->Tpl->Set('MESSAGE', "
$error
"); } else { $input['type'] = 'standard'; $input['startseite'] = 'index.php?module=stechuhr&action=list'; } } if($error == "") { if($input['hwtoken'] == 4) { $stechuhrdevice = $this->app->DB->Select("SELECT stechuhrdevice from `user` where id = '$id'"); if(substr($input['username'], 0,6) !== substr($stechuhrdevice,0,6)) { $this->app->DB->Update("UPDATE `user` set stechuhrdevice = '' where id = '$id'"); } } $spracheBevorzugen = $this->getCurrentDefaultLanguage($input['sprachebevorzugen']); $this->app->DB->Update( sprintf( "UPDATE `user` SET username='%s', description='%s', activ='%d', type='%s', adresse='%d', vorlage='%s', gpsstechuhr='%d', rfidtag='%s', kalender_aktiv='%d', kalender_ausblenden='%d', projekt='%d', projekt_bevorzugen='%d', sprachebevorzugen='%s', email_bevorzugen='%d', fehllogins='%d', standarddrucker='%d', standardetikett='%d', standardversanddrucker='%d', paketmarkendrucker='%d', standardfax='%d', defaultcolor='%s', startseite='%s', hwtoken='%d', hwkey='%s', hwcounter='%d', hwdatablock='%s', motppin='%s', motpsecret='%s', externlogin='%d', firma='%d', kalender_passwort='%s', docscan_aktiv='%d', docscan_passwort='%s', `role` = '%s' WHERE id=%d LIMIT 1", $input['username'], $input['description'], $input['activ'], $input['type'], $input['adresse'], $input['vorlage'], $input['gpsstechuhr'], $input['rfidtag'], $input['kalender_aktiv'], $input['kalender_ausblenden'], $input['projekt'], $input['projekt_bevorzugen'], $spracheBevorzugen, $input['email_bevorzugen'], $input['fehllogins'], $input['standarddrucker'], $input['standardetikett'], $input['standardversanddrucker'], $input['paketmarkendrucker'], $input['standardfax'], $input['defaultcolor'], $input['startseite'], $input['hwtoken'], $input['hwkey'], $input['hwcounter'], $input['hwdatablock'], $input['motppin'], $input['motpsecret'], $input['externlogin'], $firma, $input['kalender_passwort'], $input['docscan_aktiv'], $input['docscan_passwort'], $input['role'], $id ) ); if($input['password']!='' && $input['password']!='***************') { $this->app->DB->Select("SELECT passwordhash FROM `user` WHERE id = '$id' LIMIT 1"); if(!$this->app->DB->error()){ $options = array( 'cost' => 12, ); $passwordhash = @password_hash($input['passwordunescaped'], PASSWORD_BCRYPT, $options); if($passwordhash != '') { $this->app->DB->Update("UPDATE `user` SET passwordhash = '".$this->app->DB->real_escape_string($passwordhash)."', password='',passwordmd5='', salt = '', passwordsha512 = '' WHERE id = '".$id."' LIMIT 1"); } } else{ $salt = $this->app->DB->Select("SELECT salt FROM `user` WHERE id = '$id' LIMIT 1"); if(!$this->app->DB->error()){ if(empty($salt)) $salt = hash('sha512', microtime(true)); $passwordsha512 = hash('sha512', $_POST['password'] . $salt); $this->app->DB->Update("UPDATE `user` SET password='',passwordmd5='', salt = '$salt', passwordsha512 = '$passwordsha512' WHERE id='$id' LIMIT 1"); if($salt == "" || $passwordsha512 == "") { $this->app->DB->Update("UPDATE `user` SET `password` = '', `passwordmd5` = MD5('{$input['password']}') WHERE `id` = '$id' LIMIT 1"); } //TODO rausnehmen } else{ $this->app->DB->Update("UPDATE `user` SET `password` = '', `passwordmd5` = MD5('{$input['password']}') WHERE `id` = '$id' LIMIT 1"); } } } $this->app->Tpl->Set('MESSAGE', "
Die Einstellungen wurden erfolgreich übernommen.
"); $this->app->erp->AbgleichBenutzerVorlagen($id); } } } $data = $this->app->DB->SelectArr("SELECT * FROM `user` WHERE id='$id' LIMIT 1"); if($data) { if($data[0]['stechuhrdevice'] != '')$this->app->Tpl->Set('BUTTONQRRESET', ''); } if(is_array($data[0])) { $data[0]['password'] = '***************'; $data[0]['repassword'] = '***************'; // $data[0]['motpsecret'] = $this->app->DB->Select("SELECT DECRYPT('{$input[0]['motpsecret']}')"); // $data[0]['hwkey'] = $this->app->DB->Select("SELECT DECRYPT('{$input[0]['hwkey']}')"); //$data[0]['settings'] = unserialize(base64_decode($data[0]['settings'])); } if($data[0]['type']=="admin"){ $this->app->Tpl->Set('HINWEISADMIN',"
Dieser Benutzer ist vom Typ Administrator. Administratoren haben immer Vollzugriff - daher können diesem keine Rechte genommen werden.
"); } else { $this->app->Tpl->Add("HINWEISADMIN","
Hinweis: Blau = erlaubt, Grau = gesperrt, Sobald eine Vorlage eingetragen ist können Rechte der Vorlage dem Benutzer nicht mehr entzogen werden."); } $this->SetInput($data[0]); $this->UserRights(); $rfids = $this->app->DB->SelectArr("SELECT seriennummer,bezeichnung FROM adapterbox WHERE verwendenals = 'metratecrfid'"); if($rfids) { foreach($rfids as $v) { $this->app->Tpl->Add('SELRFID',''); } } // $this->app->YUI->ColorPicker('defaultcolor'); $extra = ' if($(\'#hwtoken\').val() == \'4\' || $(\'#hwtoken\').val() == \'5\') { message = \'\'; } '; $this->app->YUI->PasswordCheck('password', 'repassword', 'username', 'submit', $extra); $roles = $this->getRoleOptions(); $hasSelection = false; foreach($roles as $roleKey => $roleValue) { $selected = $roleKey === $data[0]['role']?' selected="selected"':''; if($selected !== '') { $hasSelection = true; } if(!$hasSelection && $roleKey === 'Sonstiges') { $selected = ' selected="selected"'; } $this->app->Tpl->Add( 'SELROLE', sprintf( '', $roleKey, $selected, $roleValue ) ); } $this->app->Tpl->Set('ROLETEXT', $data[0]['role']); $this->app->Tpl->Set('ROLE', $data[0]['role']); $this->app->Tpl->Parse('PAGE', "benutzer_create.tpl"); } /** * @return string[] */ public function getRoleOptions(): array { return [ 'Buchhaltung' => 'Buchhaltung', 'Vertrieb' => 'Vertrieb', 'Einkauf / Produktion' => 'Einkauf / Produktion', 'Logistik' => 'Logistik', 'HR / Personalmanagement' => 'HR / Personalmanagement', 'Office' => 'Office', 'Marketing' => 'Marketing', 'Administration / IT' => 'Administration / IT', 'Management' => 'Management', 'Sonstiges' => 'Sonstiges', ]; } /** * @return array */ public function GetInput(): array { // username is an array with multiple (hidden) fields, so filter the first filled one. $usernames = (array) $this->app->Secure->GetPOST('username'); $usernames = array_filter($usernames); // make sure, at least one (empty) string is present in this array. $usernames[] = ''; // reset all indexes. $usernames = array_values($usernames); $username = $usernames[0]; $input = array(); $input['description'] = $this->app->Secure->GetPOST('description'); $input['type'] = $this->app->Secure->GetPOST('type'); $input['username'] = $username; $input['vorlage'] = $this->app->Secure->GetPOST('vorlage'); $input['adresse'] = $this->app->Secure->GetPOST('adresse'); $input['externlogin'] = $this->app->Secure->GetPOST('externlogin'); $input['activ'] = $this->app->Secure->GetPOST('activ'); $input['gpsstechuhr'] = $this->app->Secure->GetPOST('gpsstechuhr'); $input['rfidtag'] = $this->app->Secure->GetPOST('rfidtag'); $input['kalender_aktiv'] = $this->app->Secure->GetPOST('kalender_aktiv'); $input['kalender_ausblenden'] = $this->app->Secure->GetPOST('kalender_ausblenden'); $input['projekt'] = $this->app->Secure->GetPOST('projekt'); $input['projekt_bevorzugen'] = $this->app->Secure->GetPOST('projekt_bevorzugen'); $input['email_bevorzugen'] = $this->app->Secure->GetPOST('email_bevorzugen'); $input['startseite'] = $this->app->Secure->GetPOST('startseite'); $input['defaultcolor'] = $this->app->Secure->GetPOST('defaultcolor'); if($input['defaultcolor'] === 'transparent') $input['defaultcolor'] = ''; $input['fehllogins'] = $this->app->Secure->GetPOST('fehllogins'); $input['password'] = $this->app->Secure->GetPOST('password'); $input['repassword'] = $this->app->Secure->GetPOST('repassword'); $input['passwordunescaped'] = $this->app->Secure->GetPOST('password',"","","noescape"); $input['hwtoken'] = $this->app->Secure->GetPOST('hwtoken'); $input['motppin'] = $this->app->Secure->GetPOST('motppin'); $input['motpsecret'] = $this->app->Secure->GetPOST('motpsecret'); $input['hwkey'] = $this->app->Secure->GetPOST('hwkey'); $input['hwcounter'] = $this->app->Secure->GetPOST('hwcounter'); $input['hwdatablock'] = $this->app->Secure->GetPOST('hwdatablock'); $input['standarddrucker'] = $this->app->Secure->GetPOST('standarddrucker'); $input['standardversanddrucker'] = $this->app->Secure->GetPOST('standardversanddrucker'); $input['paketmarkendrucker'] = $this->app->Secure->GetPOST('paketmarkendrucker'); $input['standardetikett'] = $this->app->Secure->GetPOST('standardetikett'); $input['standardfax'] = $this->app->Secure->GetPOST('standardfax'); $input['sprachebevorzugen'] = $this->app->Secure->GetPOST('sprachebevorzugen'); $input['role'] = $this->app->Secure->GetPOST('role'); //$input['settings'] = $this->app->Secure->GetPOST('settings'); $input['kalender_passwort'] = $this->app->Secure->GetPOST('kalender_passwort'); $input['docscan_aktiv'] = $this->app->Secure->GetPOST('docscan_aktiv'); $input['docscan_passwort'] = $this->app->Secure->GetPOST('docscan_passwort'); return $input; } function SetInput($input) { $this->app->Tpl->Set('DESCRIPTION', $input['description']); $this->app->Tpl->Set('TYPESELECT', $this->TypeSelect($input['type'])); $this->app->Tpl->Set('USERNAME', $input['username']); $this->app->Tpl->Set('VORLAGE', $input['vorlage']); $this->app->Tpl->Set('ADRESSE', $this->app->erp->ReplaceAdresse(0,$input['adresse'],0)); $this->app->Tpl->Set('PROJEKT', $this->app->erp->ReplaceProjekt(0,$input['projekt'],0)); $this->app->Tpl->Set('RFIDTAG', $input['rfidtag']); $this->app->YUI->AutoComplete("adresse","adresse"); $this->app->YUI->AutoComplete("vorlage","uservorlage"); $this->app->YUI->AutoComplete("projekt","projektname",1); if($input['externlogin']=='1') $this->app->Tpl->Set('EXTERNLOGINCHECKED', 'checked'); if($input['activ']=='1') $this->app->Tpl->Set('ACTIVCHECKED', 'checked'); if($input['gpsstechuhr']=='1') $this->app->Tpl->Set('GPSSTECHUHRCHECKED', 'checked'); if($input['kalender_aktiv']=='1') $this->app->Tpl->Set('KALENDERAKTIVCHECKED', 'checked'); if($input['kalender_ausblenden']=='1') $this->app->Tpl->Set('KALENDERAUSBLENDENCHECKED', 'checked'); if($input['projekt_bevorzugen']=='1') $this->app->Tpl->Set('PROJEKTBEVORZUGENCHECKED', 'checked'); if($input['email_bevorzugen']=='1') $this->app->Tpl->Set('EMAILBEVORZUGENCHECKED', 'checked'); if($input['docscan_aktiv']=='1') $this->app->Tpl->Set('DOCSCANAKTIVCHECKED', 'checked'); $this->app->Tpl->Set('STARTSEITE', $input['startseite']); $this->app->Tpl->Set('DEFAULTCOLOR', $input['defaultcolor']); $this->app->Tpl->Set('SPRACHEBEVORZUGEN',$this->languageSelectOptions($input['sprachebevorzugen'])); $this->app->Tpl->Set('FEHLLOGINS', $input['fehllogins']); $this->app->Tpl->Set('PASSWORD', $input['password']); $this->app->Tpl->Set('REPASSWORD', $input['repassword']); $this->app->Tpl->Set('TOKENSELECT', $this->TokenSelect($input['hwtoken'])); $this->app->Tpl->Set('MOTPPIN', $input['motppin']); $this->app->Tpl->Set('MOTPSECRET', $input['motpsecret']); $this->app->Tpl->Set('HWKEY', $input['hwkey']); $this->app->Tpl->Set('HWCOUNTER', $input['hwcounter']); $this->app->Tpl->Set('HWDATABLOCK', $input['hwdatablock']); $this->app->Tpl->Set('STANDARDDRUCKER', $this->app->erp->GetSelectDrucker($input['standarddrucker'])); $this->app->Tpl->Set('STANDARDVERSANDDRUCKER', $this->app->erp->GetSelectVersanddrucker($input['standardversanddrucker'])); $this->app->Tpl->Set('PAKETMARKENDRUCKER', $this->app->erp->GetSelectVersanddrucker($input['paketmarkendrucker'])); $this->app->Tpl->Set('STANDARDETIKETT', $this->app->erp->GetSelectEtikettenDrucker($input['standardetikett'])); $this->app->Tpl->Set('STANDARDFAX', $this->app->erp->GetSelectFax($input['standardfax'])); //$this->app->Tpl->Set('SETTINGS', $input['settings']); $this->app->Tpl->Set('SERVERNAME', $this->app->erp->UrlOrigin($_SERVER)); $this->app->Tpl->Set('KALENDERPASSWORT', $input['kalender_passwort']); $this->app->Tpl->Set('DOCSCANPASSWORT', $input['docscan_passwort']); $this->app->Tpl->Set('ROLE', $input['role']); $this->app->Tpl->Set('ROLETEXT', $input['role']); } function TypeSelect($select='admin') { $data = array('standard'=>'Benutzer','admin'=>'Administrator'); //, 'verwaltung'=>'Verwaltung', 'vollzugriff'=>'Vollzugriff', 'mitarbeiter'=>'Mitarbeiter', 'produktion'=>'Produktion'); $out = ""; foreach($data as $key=>$value) { $selected = (($select==$key) ? 'selected' : ''); $out .= ""; } return $out; } private function getCurrentDefaultLanguage($fromPost){ if(empty($fromPost)){ $fromPost = $this->app->erp->Firmendaten('preferredLanguage'); if(empty($fromPost)){ $fromPost = 'deutsch'; } } return $fromPost; } /** * Liefert einen String aus HTML-Optionen zurück * @param string $fromPost * @return string */ private function languageSelectOptions($fromPost=''){ $select = $this->getCurrentDefaultLanguage($fromPost); $out = ""; $sprachen = $this->getLanguages(); foreach($sprachen as $sprache) { $selected = (($select==$sprache) ? 'selected' : ''); $out .= ""; } return $out; } /** * Liefert einen Array aus Strings zurück. Immer mindestens 'deutsch' enthalten * @return array */ private function getLanguages(){ $sprachen[] = 'deutsch'; $folder = __DIR__ .'/../../languages'; if(is_dir($folder)) { $handle = opendir($folder); if($handle){ while($file = readdir($handle)) { if($file[0] !== '.') { if(is_dir($folder.'/'.$file) && (file_exists($folder.'/'.$file.'/variablen.php')|| file_exists($folder.'/'.$file.'/variablen_custom.php'))) { if($file == 'german')$file = 'deutsch'; if(!in_array($file, $sprachen))$sprachen[] = $file; } } } closedir($handle); } } return $sprachen; } /** * @param string $select * * @return string */ public function TokenSelect($select='0') { //$data = array('0'=>'Benutzername + Passwort', '1'=>'Benutzername + Passwort + mOTP', '2'=>'Benutzername + Passwort + Picosafe Login','3'=>'WaWision OTP + Passwort'); $data = array('0'=>'Benutzername + Passwort', '3'=>'WaWision LoginKey + Benutzername + Passwort', '5'=>'LDAP Verzeichnis' ); /** @var \Xentral\Modules\TOTPLogin\TOTPLoginService $tokenManager */ $tokenManager = $this->app->Container->get('TOTPLoginService'); $user = $this->app->Secure->GetGET('id'); try { if($user != null && $user != '' && $tokenManager->isTOTPEnabled($user)){ $data['totp'] = 'Benutzername + Passwort + TOTP 2FA'; $select = 'totp'; } } catch(QueryFailureException $e) { $this->app->erp->InstallModul('totp'); } if($this->app->erp->RechteVorhanden('stechuhrdevice','list') || $this->app->erp->RechteVorhanden('mitarbeiterzeiterfassung','list')) { $data['4'] = 'Mitarbeiterzeiterfassung QR-Code'; } $out = ""; foreach($data as $key=>$value) { $selected = (($select==$key) ? 'selected' : ''); $out .= ""; } return $out; } function UserRights() { $id = $this->app->Secure->GetGET('id'); $template = $this->app->Secure->GetPOST('usertemplate'); $copytemplate = $this->app->Secure->GetPOST('copyusertemplate'); $hwtoken = $this->app->DB->Select("SELECT hwtoken FROM `user` where id = '$id' LIMIT 1"); $modules = $this->ScanModules(); if($hwtoken == 4) { $modulecount = (!empty($modules)?count($modules):0); $curModule = 0; foreach($modules as $module=>$actions) { $lower_m = strtolower($module); $curModule++; $actioncount = (!empty($actions)?count($actions):0); for($i=0;$i<$actioncount;$i++) { $delimiter = (($curModule<$modulecount || $i+1<$actioncount) ? ', ' : ';'); $active = 0; if($lower_m == 'stechuhr' && ($actions[$i] == 'list' || $actions[$i] == 'change'))$active = 1; if($active==1){ $this->app->DB->Insert("INSERT INTO userrights (`user`, module, action, permission) VALUES ('$id', '$lower_m', '{$actions[$i]}', '$active')"); $this->permissionLog($this->app->User->GetID(),$id,$module,$actions[$i],$active); } } } }else { if($template!='') { $mytemplate = $this->app->Conf->WFconf['permissions'][$template]; $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$id"); $this->app->DB->Delete("DELETE FROM userrights WHERE `user`='$id'"); foreach ($permissions as $permission){ $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],0); } //$sql = 'INSERT INTO userrights (user, module, action, permission) VALUES '; $modulecount = (!empty($modules)?count($modules):0); $curModule = 0; foreach($modules as $module=>$actions) { $lower_m = strtolower($module); $curModule++; $actioncount = (!empty($actions)?count($actions):0); for($i=0;$i<$actioncount;$i++) { $delimiter = (($curModule<$modulecount || $i+1<$actioncount) ? ', ' : ';'); $active = ((isset($mytemplate[$lower_m]) && in_array($actions[$i], $mytemplate[$lower_m])) ? '1' : '0'); if($active==1){ $this->app->DB->Insert("INSERT INTO userrights (`user`, module, action, permission) VALUES ('$id', '$lower_m', '{$actions[$i]}', '$active')"); $this->permissionLog($this->app->User->GetID(),$id,$module,$actions[$i],$active); } } } //$this->app->DB->Query($sql); } if($copytemplate!='') { $ok = true; // echo "User $id $copytemplate"; if($ok) { $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$id"); foreach ($permissions as $permission){ $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],0); } $this->app->DB->Delete("DELETE FROM userrights WHERE `user`='$id'"); $permissions = $this->app->DB->SelectArr("SELECT module,action FROM userrights WHERE user=$copytemplate"); $this->app->DB->Update("INSERT INTO userrights (`user`, module,action,permission) (SELECT '$id',module, action,permission FROM userrights WHERE user='".$copytemplate."')"); foreach ($permissions as $permission){ $this->permissionLog($this->app->User->GetID(),$id,$permission['module'],$permission['action'],1); } } } } $dbrights = $this->app->DB->SelectArr("SELECT module, action, permission FROM userrights WHERE `user`='$id' ORDER BY module"); $group = $this->app->DB->Select("SELECT `type` FROM `user` WHERE id='$id' LIMIT 1"); $rights = $this->app->Conf->WFconf['permissions'][$group]; if(is_array($dbrights) && (!empty($dbrights)?count($dbrights):0)>0) $rights = $this->AdaptRights($dbrights, $rights, $group); $modules = $this->ScanModules(); $table = $this->CreateTable($id, $modules, $rights); //$this->app->Tpl->Set('USERTEMPLATES', $this->TemplateSelect()); $this->app->Tpl->Set('USERNAMESELECT', $this->app->erp->GetSelectUser("",$id)); $this->app->Tpl->Set('MODULES', $table); } function UserChangeRights() { $user = $this->app->Secure->GetGET('b_user'); $module = $this->app->Secure->GetGET('b_module'); $action = $this->app->Secure->GetGET('b_action'); $value = $this->app->Secure->GetGET('b_value'); if(is_numeric($user) && $module!='' && $action!='' && $value!='') { $id = $this->app->DB->Select("SELECT id FROM userrights WHERE user='$user' AND module='$module' AND action='$action' LIMIT 1"); if(is_numeric($id) && $id>0) { if($value=="1") { $this->app->DB->Update("UPDATE userrights SET permission='$value' WHERE id='$id' LIMIT 1"); } else { $sql = " SELECT permission FROM `uservorlagerights` INNER JOIN `uservorlage` INNER JOIN `user` ON `uservorlagerights`.`vorlage` = `uservorlage`.`id` AND `user`.`vorlage` = `uservorlage`.`bezeichnung` WHERE `user`.`id` = '$user' AND `uservorlagerights`.`module` = '$module' AND `uservorlagerights`.`action` = '$action' LIMIT 1"; $uservorlageright = $this->app->DB->Select($sql); $fromtemplate = false; if (!empty($uservorlageright)) { if ($uservorlageright[0] == '1') { $fromtemplate = true; } } if (!$fromtemplate) { $this->app->DB->Delete("DELETE FROM userrights WHERE user='$user' AND module='$module' AND action='$action'"); } } } else { $this->app->DB->Insert("INSERT INTO userrights (user, module, action, permission) VALUES ('$user', '$module', '$action', '$value')"); } $this->permissionLog($this->app->User->GetID(),$user,$module,$action,$value); } echo $this->app->DB->Select("SELECT permission FROM userrights WHERE user='$user' AND module='$module' AND action='$action' LIMIT 1"); exit; } public function permissionLog($grantingUserId,$receivingUserId,$module,$action,$permission){ $grantingUserName = $this->app->DB->Select("SELECT username FROM user WHERE id=$grantingUserId"); $receivingUserName = $this->app->DB->Select("SELECT username FROM user WHERE id=$receivingUserId"); $permission = !empty($permission); try { $userPermission = $this->app->Container->get('UserPermissionService'); $userPermission->log($grantingUserId,$grantingUserName,$receivingUserId,$receivingUserName,$module,$action,$permission); }catch (Exception $ex){ $this->app->erp->LogFile('Fehler bei Zuweisung Rechtehistore',$ex->getMessage()); } } function AdaptRights($dbarr, $rights) { $cnt = (!empty($dbarr)?count($dbarr):0); for($i=0;$i<$cnt;$i++) { $module = $dbarr[$i]['module']; $action = $dbarr[$i]['action']; $perm = $dbarr[$i]['permission']; if(isset($rights[$module])) { if($perm=='1' && !in_array($action, $rights[$module])) $rights[$module][] = $action; if($perm=='0' && in_array($action, $rights[$module])) { $index = array_search($action, $rights[$module]); unset($rights[$module][$index]); $rights[$module] = array_values($rights[$module]); } }else if($perm=='1') $rights[$module][] = $action; } return $rights; } function CreateTable($user, $modules, $rights) { $maxcols = 6; $width = 100 / $maxcols; $out = ''; foreach($modules as $key=>$value) { if(strtolower($key) == 'api' || strtolower($key) == 'ajax')continue; $out .= "$key"; $out .= ""; $module = strtolower($key); for($i=0;$i<$maxcols || $i<(!empty($value)?count($value):0);$i++) { if($i%$maxcols==0) $out .= ""; if (gettype($rights[$module]) == 'array') { if(isset($value[$i]) && in_array($value[$i], $rights[$module])) { $class = 'class="blue"'; $active = '1'; }else{ $class = 'class="grey"'; $active = 0; } } else { $class = 'class="grey"'; $active = 0; } $class = ((isset($value[$i])) ? $class : ''); $action = ((isset($value[$i])) ? strtolower($value[$i]) : ''); $onclick = ((isset($value[$i])) ? "onclick=\"ChangeRights(this, '$user','$module','$action')\"" : ''); $out .= ""; if($i%$maxcols==($maxcols-1)) $out .= ""; } $out .= "
{$action}
"; } return $out; } /** * @param string $page * @param array $actions * * @return array */ public function getActionsFromFile($page, $actions = []) { if(substr($page,-8) === '.src.php') { return $actions; } $content = file_get_contents($page); $foundItems = preg_match_all('/ActionHandler\([\"|\\\'][[:alnum:]].*[\"|\\\'],/', $content, $matches); if($foundItems <= 0) { return $actions; } $action = str_replace(array('ActionHandler("','ActionHandler(\'','",' , '\',' ),'', $matches[0]); if(empty($action) || !is_array($action)) { return $actions; } if(isset($actions)) { $actionsCount = $action ? count($action) : 0; for ($i = 0; $i < $actionsCount; $i++) { if(empty($action[$i])) { continue; } $found = false; foreach ($actions as $v) { if($v == $action[$i]){ $found = true; break; } } if(!$found){ $actions[] = $action[$i]; } } } else{ $actionsCount = $action ? count($action) : 0; for ($i = 0; $i < $actionsCount; $i++) { $actions[] = $action[$i]; } } sort($actions); return $actions; } /** * @return array */ public function ScanModules() { //$files = glob('./pages/*.php'); $files = glob(__DIR__.'/*.php'); $encodedActions = []; if(method_exists($this->app->erp,'getEncModullist')) { $encodedActions = $this->app->erp->getEncModullist(); } if(empty($encodedActions)) { $encodedActions = []; } $modules = array(); if(empty($files)) { return $encodedActions; } foreach($files as $page) { $name = ucfirst(str_replace('_custom','',basename($page,'.php'))); if(substr($page,-8) === '.src.php') { continue; } $modules[$name] = $this->getActionsFromFile($page, isset($modules[$name]) ? $modules[$name]: []); if(!empty($encodedActions[$name]) && is_array($encodedActions[$name]) && count($encodedActions[$name]) > 0) { if(isset($modules[$name])) { $encodedActionsCount = $encodedActions[$name]?count($encodedActions[$name]):0; for($i=0;$i<$encodedActionsCount;$i++) { $found = false; foreach($modules[$name] as $moduleAction) { if($moduleAction == $encodedActions[$name][$i]) { $found = true; break; } } if(!$found) { $modules[$name][] = $encodedActions[$name][$i]; } } } else{ $modules[$name] = $encodedActions[$name]; } sort($modules[$name]); } } foreach($modules as $name => $actions) { if(empty($actions)) { unset($modules[$name]); } } return $modules; } function TemplateSelect() { $options = ""; foreach($this->Templates as $key=>$value) { if($key!="web") $options .= ""; } return $options; } function GetTemplates() { return $this->app->Conf->WFconf['permissions']; } }