Simple Multi User Managed Directory 0.00063
SMUMD
source/install/secure/index.php
gehe zur Dokumentation dieser Datei
00001 <?php
00002 /*  by Sascha Heinatz * sascha.heinatz@alice.de
00003  *      Copyright 2011. 
00004  * 
00005  *      This file is part of Simple Multi User Managed Directory - SMUMD.
00006  *      
00007  *      Simple Multi User Managed Directory - SMUMD 
00008  *      is free software: you can redistribute it and/or modify
00009  *      it under the terms of the GNU Lesser General Public License as published by
00010  *      the Free Software Foundation, either version 3 of the License, or
00011  *      (at your option) any later version.
00012  *      
00013  *      Simple Multi User Managed Directory - SMUMD 
00014  *      is distributed in the hope that it will be useful,
00015  *      but WITHOUT ANY WARRANTY; without even the implied warranty of
00016  *      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
00017  *      GNU Lesser General Public License for more details.
00018  *      
00019  *      You should have received a copy of the GNU Lesser General Public License
00020  *      along with Simple Multi User Managed Directory - SMUMD.  
00021  *      If not, see <http://www.gnu.org/licenses/>.
00022  *      <hr>
00023  */
00024 $Version = "00004";
00025 include "../init.php";
00026 include "init.php";
00027 // include "smumd-core.php";
00028 /* overwrite some main variable */
00029 $used["pathnow"] = $SERVER_ROOT.$INSTALL_DIR. $FS .$SECURE_DIR;
00030 $doorder = "";
00031 if (isset($_POST['masterpass'])) {
00032         if ($_POST['masterpass'] == "themasterofdesaster") {
00033                 if (isset($_POST['what'])) {
00034                         if (isset($_POST['action'])) {
00035                                 $doorder = $_POST['what']."-".$_POST['action'];
00036                         }
00037                 }
00038                 switch ($doorder) {
00039                         case 'usermng-addnew':
00040                                 $addeduser = createanewuser($_POST['uname'],$_POST['ulogin'],$_POST['upass'],$_POST['upassproof']);
00041                                 if ($addeduser) {
00042                                         $out["errors"] .= "add a new admin : name : ".$_POST['ulogin']." | login : ".$_POST['ulogin']." <br />";                
00043                                 } else {
00044                                         $out["errors"] .= "problem to add a new user maybe passwords missmatch <br />";         
00045                                 }
00046                                 break;  
00047                         case 'usermng-deluser':
00048                                 $deleteuser = deleteuser($_POST['uname']);
00049                                 if ($deleteuser) {
00050                                         $out["errors"] .= "deleted user  : name : ".$_POST['uname']." <br />";          
00051                                 } else {
00052                                         $out["errors"] .= "problem to deleted user <br />";             
00053                                 }
00054                                 break;                                  
00055                 }
00056         }
00057 }
00058 $out["menu"] .= <<<ADMINMENU
00059 <p>Add a New Admin Account</p>
00060 <form id="addnewuser" action="?" name="addnewuser"  method="post">
00061 <input id="addnewusername" name="pathnow" value="$used[pathnow]" type="hidden" />
00062         <input id="addnewuserwhat" name="what" value="usermng" type="hidden" />
00063         <input id="addnewuseraction" name="action" value="addnew" type="hidden" />
00064 THE SMUMD MASTER PASS : <input id="masterpass" name="masterpass" value="" type="password" size="30" /> <br />
00065 Admin Name :    <input id="addnewuseruname" name="uname" value="" type="input" size="20" /> <br />
00066 Admin Login :   <input id="addnewuserulogin" name="ulogin" value="" type="input" size="20" /> <br />
00067 Admin Password :        <input id="addnewuserupass" name="upass" value="" type="password" size="20" /> <br />
00068 Admin Password :        <input id="addnewuserupassproof" name="upassproof" value="" type="password" size="20" /> <br />
00069         <input id="addnewuserabout" name="about" value="add new user" type="submit" /> <br />
00070 </form>
00071 
00072 ADMINMENU;
00073 $out["menu"] .= "<hr>".deleteuserformlist()."<hr>";
00074 /* delete user form */
00075 function deleteuserformlist() {
00076         global $out;
00077         global $used;
00078         global $FS;
00079         global $debugging;
00080         $outhtml ="";
00081         if (!$fh = fopen($used["userlogindb"], 'r')) {
00082                  $out["errors"] .= "Cannot open userlogin db file to read stuff  <br>";
00083         } else {                
00084                 $theusernametag = "$<username>(.*)</username>$";
00085                                         $outhtml .= <<<HTMLUDEL
00086 <form id="delluser" action="?" name="deluser"  method="post">
00087 <input id="addnewusername" name="pathnow" value="$used[pathnow]" type="hidden" />
00088         <input id="addnewuserwhat" name="what" value="usermng" type="hidden" />
00089         <input id="addnewuseraction" name="action" value="deluser" type="hidden" />
00090 THE SMUMD MASTER PASS : <input id="masterpass" name="masterpass" value="" type="password" size="30" /> <br />
00091 HTMLUDEL;
00092                 while (!feof($fh)){
00093                            $line = fgets ($fh);
00094                            if ($line===FALSE) {
00095                                 if ($debugging)  $out["errors"] .= " cant read line <br>"; 
00096                            } else {
00097                                 $uname = array();
00098                                  if (preg_match($theusernametag,$line,$uname)) {  
00099                                         $outhtml .= "<input id=\"deleteuseruname".$uname[1]."\" name=\"uname\" type=\"radio\" value=\"".$uname[1]."\" />".$uname[1]." | ";
00100                                  } 
00101                            };
00102                 }       
00103                                         $outhtml .= <<<HTMLUDELETE
00104 <input id="addnewuserabout" name="about" value="delete this user" type="submit" /> <br />
00105 </form>
00106 HTMLUDELETE;
00107                 
00108                 fclose($fh);
00109         }
00110         
00111         return $outhtml;
00112 }
00113 /* delete a user */
00114 function deleteuser($uname) {
00115         global $out;
00116         global $used;
00117         global $FS;
00118         global $debugging;
00119         $deleted = false;
00120         $fh = fopen($used["userlogindb"], 'r');
00121         $newdbfilecontent = "";
00122         if($fh == false) {
00123         $out["errors"] .= "ERROR: File not found -> ".$used["userlogindb"]."<br>";
00124         }else {
00125         while (!feof($fh)){
00126                    $line = fgets ($fh);
00127                    if ($line===FALSE) {
00128                         if ($debugging)  $out["errors"] .= " cant read line <br>"; 
00129                    } else {
00130                         $thefilepathtag = "|<username>".quotemeta($uname)."</username>|";
00131                          if (!preg_match($thefilepathtag,$line)) {  $newdbfilecontent .= $line; $deleted = true; } 
00132                    };
00133         }
00134         
00135     fclose($fh); 
00136         }
00137     if (!$fh = fopen($used["userlogindb"], 'w')) {
00138                 /*! error ausgabe datenbank datei nicht schreibbar */
00139         $out["errors"] .= "Cannot open db file to write stuff  <br>";
00140     } else {
00141                 if (fwrite($fh, $newdbfilecontent) === FALSE) {
00142                         /*! error ausgabe fehler beim schreiben der datenbank */
00143                         $out["errors"] .= "Cannot rewrite  db file <br>";
00144                 }       
00145                 fclose($fh);
00146         }
00147         return $deleted;
00148 }
00149 /* create a new admin user */
00150 function createanewuser($uname,$ulogin,$upass,$upassproof) {
00151         global $out;
00152         global $used;
00153         global $FS;
00154         global $debugging;
00155         $newuserwritten = false;
00156         if ($upass == $upassproof) {
00157                 if (!$fh = fopen($used["userlogindb"], 'a')) {
00158                          $out["errors"] .= "Cannot open userlogin db file to append stuff  <br>";
00159                 } else {
00160                         $theusernametag = "<username>".$uname."</username>";
00161                         $usermd5ulogin = md5($ulogin);
00162                         $theuserlogintag ="<userlogin>".$usermd5ulogin."</userlogin>";
00163                         $usermd5upass = md5($upass."isadmin");
00164                         $theuserpasstag ="<userpass>".$usermd5upass."</userpass>";
00165                         $taggedline = $theusernametag.$theuserlogintag.$theuserpasstag;
00166                         $addnewuserline = $taggedline."\n";
00167                         if (fwrite($fh, $addnewuserline) === FALSE) {
00168                                 $out["errors"] .= "Cannot write to userlogin db file to append stuff <br>";
00169                         } else {
00170                                 $newuserwritten = true;
00171                         }
00172                         fclose($fh);
00173                 }
00174         } else {
00175                 $out["errors"] .= "passwords missmatch error <br>";
00176         }
00177         return $newuserwritten;
00178 }
00179 header("Content-Type: text/html; charset=utf-8");
00180 ?><!DOCTYPE HTML>
00181 <html>
00182 <head>
00183 <title>SMUMD Admin - Version : <?php echo $Version; ?> - Simple Multi User Managed Directory</title>
00184 <meta http-equiv="expires" content="Sun, 7 Aug 2011 03:59:25 +02:00 gmt" />
00185 <meta http-equiv="pragma" content="no-cache" />
00186 <meta http-equiv="cache-control" content="no-cache" />
00187 <meta name="robots" content="index,follow" /> 
00188 <meta name="description" content="Simple Multi User Managed Directory Add Administrator" />
00189 <meta name="author" content="webmaster@legioneuropa.de" />
00190 <meta name="keywords" content="Simple Multi User Managed Directory Add Administrator" />
00191 <meta name="date" content="2011-08-07" />
00192 <meta name="generator" content="notepad++" />
00193 <meta name="revisit-after" content="1 days" />
00194 <link rel="shortcut icon" href="favicon.ico" />
00195 <style type="text/css">
00196 td {text-align:right;}
00197 form {margin:0; padding:0;}
00198 .dateiname {text-align:left; font-size:14px; font-family:Arial;}
00199 .dateigroesse {text-align:right; font-size:11px; font-family:Arial;}
00200 .benutzer  {font-size:14px; font-family:Arial;}
00201 .datum  {font-size:9px; font-family:Arial;}
00202 .zeit {font-size:9px; font-family:Arial;}
00203 .permission {font-size:8px; font-family:Arial;}
00204 </style>
00205 </head>
00206 <body>
00207 <h4>WORKING Administration BackendFile</h4>
00208 <p>
00209  this adds a new admin account to the userlogin file, 
00210  please protect this folder with a htaccess file,
00211  cause nobody should be able to read the files inside this folder.
00212  </p>
00213 <?php
00214 echo $out["errors"];
00215 echo $out["menu"];
00216 ?>
00217 <a href="../index.php">zum FrontEnd</a>
00218 </body>
00219 </html>
00220 <?php
00221 
00222 ?>