modules/su/include/su.php
d4b2da87
 <?php
c208bd90
 /*
 This file belongs to the Webinterface of schokokeks.org Hosting
 
cf54502a
 Written 2008-2018 by schokokeks.org Hosting, namely
c208bd90
   Bernd Wurst <bernd@schokokeks.org>
   Hanno Böck <hanno@schokokeks.org>
 
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
 
2626dd47
 You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
c208bd90
 http://creativecommons.org/publicdomain/zero/1.0/
 
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
 */
d4b2da87
 
 function list_system_users()
 {
2626dd47
     require_role(ROLE_SYSADMIN);
d4b2da87
 
2626dd47
     $result = db_query("SELECT uid,username FROM system.v_useraccounts ORDER BY username");
9086c9ad
 
2626dd47
     $ret = array();
     while ($item = $result->fetch(PDO::FETCH_OBJ)) {
         array_push($ret, $item);
     }
     return $ret;
d4b2da87
 }
 
 
 function list_customers()
 {
2626dd47
     require_role(ROLE_SYSADMIN);
d4b2da87
 
2626dd47
     $result = db_query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden");
9086c9ad
 
2626dd47
     $ret = array();
     while ($item = $result->fetch(PDO::FETCH_OBJ)) {
         array_push($ret, $item);
     }
     return $ret;
d4b2da87
 }
 
2626dd47
 function customer_details($id)
fe1b7420
 {
2626dd47
     $id = (int) $id;
fe1b7420
     $result = db_query("SELECT id, IF(firma IS NULL, CONCAT_WS(' ', vorname, nachname), CONCAT(firma, ' (', CONCAT_WS(' ', vorname, nachname), ')')) AS name FROM kundendaten.kunden WHERE id=?", array($id));
     if ($result->rowCount() < 1) {
2626dd47
         return null;
fe1b7420
     }
     $kunde = $result->fetch();
     return $kunde;
 }
 
d4b2da87
 
2626dd47
 function find_customers($string)
1b16ffa5
 {
2626dd47
     $args = array(":string" => '%'.chop($string).'%', ":number" => $string);
     $return = array();
     $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE ".
8132c40e
                      "firma LIKE :string OR firma2 LIKE :string OR ".
                      "nachname LIKE :string OR vorname LIKE :string OR ".
                      "adresse LIKE :string OR adresse2 LIKE :string OR ".
                      "ort LIKE :string OR pgp_id LIKE :string OR ".
                      "notizen LIKE :string OR email_rechnung LIKE :string OR ".
                      "email LIKE :string OR email_extern LIKE :string OR u.name LIKE :string OR ".
                      "u.username LIKE :string OR k.id=:number OR u.uid=:number", $args);
2626dd47
     while ($entry = $result->fetch()) {
         $return[] = $entry['id'];
     }
1b16ffa5
 
2626dd47
     unset($args[':number']);
     $result = db_query("SELECT kunde FROM kundendaten.domains WHERE kunde IS NOT NULL AND (
8132c40e
                       domainname LIKE :string OR CONCAT_WS('.', domainname, tld) LIKE :string
                       )", $args);
8ae49b3b
 
2626dd47
     while ($entry = $result->fetch()) {
         $return[] = $entry['kunde'];
     }
8ae49b3b
 
2626dd47
     return $return;
1b16ffa5
 }
 
 
 function find_users_for_customer($id)
 {
2626dd47
     $id = (int) $id;
     $return = array();
     $result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE ".
8132c40e
                      "kunde=?", array($id));
2626dd47
     while ($entry = $result->fetch()) {
         $return[] = $entry;
     }
1b16ffa5
 
2626dd47
     return $return;
1b16ffa5
 }
 
 
 
 
2626dd47
 function build_results($term)
 {
1bf695b4
     global $ret;
2626dd47
     $ret = array();
9086c9ad
 
2626dd47
     $add = function ($val, $id, $value) {
         global $ret;
         if (isset($ret[$val]) && is_array($ret[$val])) {
             array_push($ret[$val], array("id" => $id, "value" => $value));
         } else {
             $ret[$val] = array( array("id" => $id, "value" => $value) );
         }
     };
 
 
     $result = array_unique(find_customers($term));
     sort($result);
     foreach ($result as $val) {
         $c = customer_details($val);
         if ($c['id'] == $term) {
             $add(10, "c{$c['id']}", "Kunde {$c['id']}: {$c['name']}");
         } else {
             $add(90, "c{$c['id']}", "Kunde {$c['id']}: {$c['name']}");
         }
         $users = find_users_for_customer($c['id']);
         foreach ($users as $u) {
             $realname = $c['name'];
             if ($u['name']) {
                 $realname = $u['name'];
             }
             if ($u['uid'] == $term || $u['username'] == $term) {
                 $add(15, "u{$u['uid']}", "{$u['username']} (UID {$u['uid']}, {$realname})");
             } elseif (strstr($u['username'], $term)) {
                 $add(20, "u{$u['uid']}", "{$u['username']} (UID {$u['uid']}, {$realname})");
             } elseif (stristr($u['name'], $term)) {
                 $add(25, "u{$u['uid']}", "{$u['username']} (UID {$u['uid']}, {$realname})");
             } else {
                 $add(85, "u{$u['uid']}", "{$u['username']} (UID {$u['uid']}, {$realname})");
             }
         }
1bf695b4
     }
 
2626dd47
     ksort($ret);
9086c9ad
 
2626dd47
     $allentries = array();
     foreach ($ret as $group) {
         usort($group, function ($a, $b) {
             return strnatcmp($a['value'], $b['value']);
         });
         foreach ($group as $entry) {
             $allentries[] = $entry;
         }
1bf695b4
     }
2626dd47
     unset($ret);
     return $allentries;
1bf695b4
 }
1b16ffa5
 
 
2626dd47
 function su($type, $id)
 {
     $role = null;
     $admin_user = $_SESSION['userinfo']['username'];
     $_SESSION['admin_user'] = $admin_user;
     $role = find_role($id, '', true);
     if (!$role) {
         unset($_SESSION['admin_user']);
         return false;
ca4a7771
     }
2626dd47
     setup_session($role, $id);
     if ($type == 'c') {
         if (! (ROLE_CUSTOMER & $_SESSION['role'])) {
             session_destroy();
             system_failure('Es wurde ein "su" zu einem Kundenaccount angefordert, das war aber kein Kundenaccount!');
         }
     } elseif ($type == 'u') {
         if (! (ROLE_SYSTEMUSER & $_SESSION['role'])) {
             session_destroy();
             system_failure('Es wurde ein "su" zu einem Benutzeraccount angefordert, das war aber kein Benutzeraccount!');
         }
     } elseif ($type) {
         // wenn type leer ist, dann ist es auch egal
         system_failure('unknown type');
ca4a7771
     }
 
2626dd47
     redirect('../../go/index/index');
     die();
ca4a7771
 }