Your IP : 216.73.217.6
<?php
/**
* User: zaven
* Date: 31.10.2018
* Time: 12:17
* Project: speech
**/
use PHPMailer\PHPMailer\Exception;
use PHPMailer\PHPMailer\PHPMailer;
$permission = bindec('100');
require_once('../includes/init.inc.php');
require_once(APPLICATION_BASE . 'includes/security.ajax.inc.php');
require_once(APPLICATION_BASE . 'vendor/php/phpmailer/phpmailer/phpmailer.php');
$resultArray = array(
'success' => 0,
'error' => 1,
'message' => TX_ERROR_UNKNOWN_ERROR
);
$data = array();
$data['action'] = '';
$data['id'] = '';
$data['user_firstname'] = '';
$data['user_lastname'] = '';
$data['user_mail'] = '';
$data['language_id'] = '';
foreach ($data as $key => $val) {
if (isset($_POST[$key]) && $_POST[$key] != '') {
$data[$key] = $_POST[$key];
}
}
switch ($data['action']) {
case 1: //delete user
if ($data['id'] > 0) {
$sql = "DELETE FROM #__x_user_department WHERE user_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$sql = "DELETE FROM ac_user WHERE user_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
$resultArray['error'] = 0;
$resultArray['message'] = TX_SUCCESS_DATA_WAS_DELETED;
} else {
$resultArray['message'] = TX_ERROR_UNABLE_TO_DELETE_DATA;
}
} else {
$resultArray['message'] = TX_ERROR_MANDATORY_DATA_MISSING;
}
break;
case 2: //reset password
if ($data['id'] > 0) {
$newPassword = generatePassword();
$oldPassword = getData('user', 'user_password', 'user_id', $data['id']);
$userMail = getData('user', 'user_mail', 'user_id', $data['id']);
$userFirstname = getData('user', 'user_firstname', 'user_id', $data['id']);
$userLastname = getData('user', 'user_lastname', 'user_id', $data['id']);
if (
$oldPassword !== false && $oldPassword != '' &&
$userMail !== false && $userMail != ''
) {
$sql = "UPDATE ac_user SET user_password = '" . db_real_escape_string(md5($newPassword)) . "' WHERE user_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
if ($result !== false && db_affected_rows() > 0) {
$myMailer = new PHPMailer(true);
try {
$myMailer->setFrom(Config::get()->getMember('contactAdminEmail'));
$myMailer->addAddress($userMail);
$myMailer->CharSet = 'utf-8';
$myMailer->isHTML(true);
$myMailer->Subject = 'Password reset';
$myMailer->Body = '<p>Dear ' . trim($userFirstname . ' ' . $userLastname) . '</p>' . "\n\n";
$myMailer->Body .= '<p>Your password was reset to <strong>' . $newPassword . '</strong></p>' . "\n\n";
$myMailer->Body .= '<p>Best regards<br>' . "\n" . 'The team</p>' . "\n";
if (!$myMailer->send()) {
$sql = "UPDATE ac_user SET user_password = '" . db_real_escape_string($oldPassword) . "' WHERE user_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
$resultArray['message'] = TX_ERROR_UNABLE_TO_RESET_PASSWORD;
} else {
$resultArray['error'] = 0;
$resultArray['message'] = TX_SUCCESS_PASSWORD_RESET;
}
} catch (Exception $ex) {
$resultArray['message'] = TX_ERROR_UNABLE_TO_RESET_PASSWORD; //$myMailer->ErrorInfo;
$sql = "UPDATE ac_user SET user_password = '" . db_real_escape_string($oldPassword) . "' WHERE user_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
}
}
} else {
$resultArray['message'] = TX_ERROR_APPROPRIATE_DATA_NOT_FOUND;
}
} else {
$resultArray['message'] = TX_ERROR_MANDATORY_DATA_MISSING;
}
break;
case 3: //insert / update user
$mayContinue = true;
foreach ($data as $key => $val) {
if ($mayContinue && $val == '')
$mayContinue = false;
}
if ($mayContinue) {
if ($data['id'] > 0) {
$sql = "UPDATE ac_user SET " .
"language_id='" . db_real_escape_string($data['language_id']) . "', " .
"user_firstname='" . db_real_escape_string($data['user_firstname']) . "', " .
"user_lastname='" . db_real_escape_string($data['user_lastname']) . "', " .
"user_mail='" . db_real_escape_string($data['user_mail']) . "' " .
" WHERE user_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
if ($result !== false && db_affected_rows() > 0) {
$resultArray['message'] = TX_SUCCESS_DATA_WAS_UPDATED;
$resultArray['error'] = 0;
} else {
$resultArray['message'] = TX_ERROR_UNABLE_TO_UPDATE_DATA;
}
} else if ($data['id'] == -1) {
$newPassword = generatePassword();
$sql = "INSERT INTO ac_user (language_id, user_firstname, user_lastname, user_mail, user_password) VALUES (" .
"'" . db_real_escape_string($data['language_id']) . "', " .
"'" . db_real_escape_string($data['user_firstname']) . "', " .
"'" . db_real_escape_string($data['user_lastname']) . "', " .
"'" . db_real_escape_string($data['user_mail']) . "', " .
"'" . db_real_escape_string(md5($newPassword)) . "')";
$resultArray['dbg'] = $sql;
$result = db_query($sql);
if ($result !== false && db_affected_rows() > 0) {
$data['id'] = db_insert_id();
$myMailer = new PHPMailer(true);
try {
$myMailer->setFrom(Config::get()->getMember('contactAdminEmail'));
$myMailer->addAddress($data['user_mail']);
$myMailer->CharSet = 'utf-8';
$myMailer->isHTML(true);
$myMailer->Subject = 'CAB Election 2021: Your account has been registered!';
$myMailer->Body = '<p>Dear ' . trim($data['user_firstname'] . ' ' . $data['user_lastname']) . '</p>' . "\n\n";
$myMailer->Body .= '<p>You have been registered as an administrator for the CAB.</p>' . "\n\n";
$myMailer->Body .= '<p>Your username is your email...<br>' . "\n";
$myMailer->Body .= 'Your password is set to <strong>' . $newPassword . '</strong></p>' . "\n\n";
$myMailer->Body .= '<p>You can update your password. </p>' . "\n\n";
$myMailer->Body .= '<p>' . "\n";
$myMailer->Body .= ' - Once connected, click on your name (top right of the screen)<br>' . "\n";
$myMailer->Body .= ' - Then choose <strong>"My Account"</strong><br>' . "\n";
$myMailer->Body .= '</p>' . "\n\n";
$myMailer->Body .= '<p>Best regards<br>' . "\n" . 'The team</p>' . "\n\n";
$myMailer->Body .= '<p>For more information, please call Edouard Akillian (0475 36 1234)</p>' . "\n\n";
if (!$myMailer->send()) {
$sql = "DELETE FROM ac_user WHERE user_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
$resultArray['message'] = TX_ERROR_UNABLE_TO_INSERT_DATA;
} else {
$resultArray['error'] = 0;
$resultArray['message'] = TX_SUCCESS_DATA_WAS_INSERTED;
}
} catch (Exception $ex) {
$resultArray['message'] = TX_SUCCESS_DATA_WAS_INSERTED; //$myMailer->ErrorInfo;
$sql = "DELETE FROM ac_user WHERE user_id='" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
}
} else {
$resultArray['message'] = TX_ERROR_UNABLE_TO_INSERT_DATA;
}
} else {
$resultArray['message'] = TX_ERROR_MANDATORY_DATA_MISSING;
}
} else {
$resultArray['message'] = TX_ERROR_MANDATORY_DATA_MISSING;
}
break;
case 4: //validate e-mail to be unique
if (($data['id'] > 0 || $data['id'] == -1) && $data['user_mail'] != '') {
$sql = "SELECT COUNT(user_id) as user_count FROM ac_user WHERE user_mail='" . db_real_escape_string($data['user_mail']) . "' AND user_id <> '" . db_real_escape_string($data['id']) . "'";
$result = db_query($sql);
if ($result !== false) {
$userCount = db_result($result, 0);
$resultArray['error'] = ($userCount == 0 ? 0 : 1);
}
}
break;
}
header('Content-type: application/json; charset=utf-8');
echo json_encode($resultArray);
die();