diff options
| -rw-r--r-- | controllers/admin.php | 39 | ||||
| -rw-r--r-- | models/user.php | 6 | ||||
| -rw-r--r-- | views/admin/index.php | 34 | ||||
| -rw-r--r-- | views/admin/meta.php | 4 | ||||
| -rw-r--r-- | views/global/router.php | 1 | ||||
| -rw-r--r-- | views/user/index.php | 5 |
6 files changed, 87 insertions, 2 deletions
diff --git a/controllers/admin.php b/controllers/admin.php new file mode 100644 index 0000000..2b8e97b --- /dev/null +++ b/controllers/admin.php @@ -0,0 +1,39 @@ +<?php +namespace Controller; +use Database; +use Exception; + +function on_patch() { + global $TOKEN; + global $METHOD; + global $role_status; + $role_status = ""; + + $status = null; + switch ($METHOD['type']) { + case 'role': $status = 'role_status'; break; + default: throw new Exception('Invalid patch type ' . $METHOD['type']); + } + + $user = null; + try { + $user = Database\Cookie::fromDB($TOKEN); + } + catch(Exception $e) { + $$status = "Couldn't retrieve user!"; + return; + } + + switch ($METHOD['type']) { + case 'role': + try { + $to_update = Database\User::fromDB($METHOD['username']); + $to_update->update($to_update->Username, null, $METHOD['role']); + } + catch (Exception $e) { + $$status = "User doesn't exist!"; + return; + } + break; + } +} diff --git a/models/user.php b/models/user.php index 71cf07d..6ff2f70 100644 --- a/models/user.php +++ b/models/user.php @@ -60,16 +60,18 @@ class User extends Table { private static $AnonUID = 1; - function update(string $Username, string $Password = null) { + function update(string $Username = null, string $Password = null, string $Role = null) { // Applicable to Anon user if ($this->Password === '') { throw new Exception('Not modifying system account!'); } + $Username = $Username ?? $this->Username; $Password = ($Password === null) ? $this->Password : password_hash($Password, PASSWORD_BCRYPT); + $Role = $Role ?? $this->Role; Table::_update( 'Users', - "Username = \"$Username\", Password = \"$Password\"", + "Username = \"$Username\", Password = \"$Password\", Role = \"$Role\"", "UID = \"$this->UID\"" ); } diff --git a/views/admin/index.php b/views/admin/index.php new file mode 100644 index 0000000..69495d6 --- /dev/null +++ b/views/admin/index.php @@ -0,0 +1,34 @@ +<?php + $user = require_login(); +?> + +<?php if ($user->Role === 'Admin'): ?> + <h2>Change role</h2> + + <form action="#" method="POST" class="font-115"> + <input type="hidden" name="method" value="PATCH"> + <?php if (isset($role_status)): ?> + <?php if ($role_status !== ""): ?> + <p class="item error"><span> + <strong>Error:</strong> <?= $role_status ?> + </span></p> + <?php else: ?> + <p class="item success"> + Success! + </p> + <?php endif; ?> + <?php endif; ?> + + <input type="hidden" name="type" value="role"> + <input type="text" name="username" placeholder="Username"> + <select name="role" required> + <option value="User">User</option> + <option value="Admin">Admin</option> + </select> + <input type="submit" value="Modify"> + </form> + +<?php else: ?> + <h2>Permission denied, you're not an admin!</h2> + +<?php endif; ?> diff --git a/views/admin/meta.php b/views/admin/meta.php new file mode 100644 index 0000000..0a151ba --- /dev/null +++ b/views/admin/meta.php @@ -0,0 +1,4 @@ +<?php + +$title = 'Admin panel'; +$controller = 'admin'; diff --git a/views/global/router.php b/views/global/router.php index 5b0bd01..ab3a0be 100644 --- a/views/global/router.php +++ b/views/global/router.php @@ -46,6 +46,7 @@ function route_view() { case '/login': return '/session/create'; case '/logout': return '/session/delete'; case '/list': return '/list'; + case '/admin': return '/admin'; case '/authenticate': return '/user/authenticate.php'; diff --git a/views/user/index.php b/views/user/index.php index 066fd69..82c95c8 100644 --- a/views/user/index.php +++ b/views/user/index.php @@ -21,6 +21,11 @@ <form action="/user/settings" method="GET"> <input type="submit" value="Account settings"> </form> + <?php if ($user->Role === 'Admin'): ?> + <form action="/admin" method="GET"> + <input type="submit" value="Admin panel"> + </form> + <?php endif; ?> </section> <script type="text/javascript"> function showUserButtons() { |