rajven
/
Eye
mirror of https://github.com/rajven/Eye


			
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296
							<?php
$default_displayed = 500;
require_once ($_SERVER['DOCUMENT_ROOT']."/inc/auth.php");
require_once ($_SERVER['DOCUMENT_ROOT']."/inc/languages/" . HTML_LANG . ".php");
require_once ($_SERVER['DOCUMENT_ROOT']."/inc/header.php");
require_once ($_SERVER['DOCUMENT_ROOT']."/inc/oufilter.php");
$default_sort='login';
require_once ($_SERVER['DOCUMENT_ROOT']."/inc/sortfilter.php");

$msg_error = "";

if (getPOST("create") !== null) {
    $login = trim(getPOST("newlogin", null, ''));
    
    if ($login !== '') {
        // Проверка существования логина
        $lcount = get_count_records($db_link, "user_list", "LOWER(login) = LOWER(?)", [$login]);
        
        if ($lcount > 0) {
            $msg_error = WEB_cell_login . " " . $login . " " . $msg_exists . "!";
        } else {
            $new = ['login' => $login];
            // Определение OU
            if ($rou > 0) {
                $new['ou_id'] = $rou;
            } else {
                $rou = 3;
                $ou_exists = get_record_sql($db_link, "SELECT id FROM ou WHERE id = ?", [$rou]);
                if (empty($ou_exists)) {
                    $new['ou_id'] = $default_user_ou_id; // по умолчанию
                } else {
                    $new['ou_id'] = $rou;
                }
            }
            // Наследование настроек от OU
            $ou_info = get_record_sql($db_link, "SELECT * FROM ou WHERE id = ?", [$new['ou_id']]);
            if (!empty($ou_info)) {
                $new['enabled']           = isset($ou_info['enabled']) ? (int)$ou_info['enabled'] : 0;
                $new['queue_id']          = isset($ou_info['queue_id']) ? (int)$ou_info['queue_id'] : 0;
                $new['filter_group_id']   = isset($ou_info['filter_group_id']) ? (int)$ou_info['filter_group_id'] : 0;
            } else {
                // Если OU не найден — значения по умолчанию
                $new['enabled']           = 0;
                $new['queue_id']          = 0;
                $new['filter_group_id']   = 0;
            }
            $lid = insert_record($db_link, "user_list", $new);
            if (!empty($lid)) {
                header("Location: edituser.php?id=$lid");
                exit;
            }
        }
    }
    
    header("Location: " . $_SERVER["REQUEST_URI"]);
    exit;
}

?>
<div id="cont">

<?php

if (isset($_POST['search_str'])) { $f_search_str = trim($_POST['search_str']); }
if (!isset($f_search_str) and isset($_SESSION[$page_url]['search_str'])) { $f_search_str=$_SESSION[$page_url]['search_str']; }
if (!isset($f_search_str)) { $f_search_str=''; }
$_SESSION[$page_url]['search_str']=$f_search_str;

$f_search=replaceSpecialChars($f_search_str);

if ($msg_error) {
    print "<div id='msg'><b>$msg_error</b></div><br>\n";
    }
?>

<script>
function blockForm(formId) {
    const form = document.getElementById(formId);
    if (!form) return;
    // Меняем текст кнопки отправки
    const submitBtn = form.querySelector('input[type="submit"], button[type="submit"]');
    if (submitBtn) {
        submitBtn.disabled = true;
        submitBtn.value = '<?php print WEB_msg_processing; ?>';
        submitBtn.textContent = '<?php print WEB_msg_processing; ?>';
    }
}
</script>

<form id="filter" name="filter" action="index.php" method="post">
  <fieldset style="display: flex; align-items: center; gap: 10px; padding: 10px;">
    <legend><b><?php echo WEB_cell_ou; ?> —</b></legend>
    <?php print_ou_select($db_link, 'ou', $rou); ?>
    <span><?php echo WEB_rows_at_page; ?></span>
    <?php print_row_at_pages('rows', $displayed); ?>
    <label for="search_str" style="margin: 0;"><?php echo WEB_ips_search; ?>:</label>
    <input type="text" id="search_str" name="search_str" value="<?php echo $f_search_str; ?>" style="margin: 0;">
    <input id="btn_filter" name="btn_filter" type="submit" value="<?php echo WEB_btn_show; ?>" style="margin: 0;">
  </fieldset>
  <fieldset>
    <legend><?php echo WEB_new_user; ?></legend>
    <div>
      <input type="text" id="newlogin" name="newlogin" value="Unknown">
      <input type="submit" name="create" value="<?php echo WEB_btn_add; ?>">
    </div>
  </fieldset>
</form>

<br>
<a class="mainButton" href="#modal"><?php print WEB_btn_apply_selected; ?></a>
<div class="remodal" data-remodal-options="closeOnConfirm: true" data-remodal-id="modal" role="dialog" aria-labelledby="modal1Title" aria-describedby="modal1Desc">
 <div class="remodalBorder">
  <button data-remodal-action="close" class="remodal-close" aria-label="Close"></button>
      <form id="formUserApply" onsubmit="blockForm('formUserApply');">
        <h2 id="modal1Title"><?php print WEB_selection_title; ?></h2>
        <input type="hidden" name="ApplyForAll" value="MassChange">
        <table class="data" align=center>
        <tr><td><input type=checkbox class="putField" name="e_enabled" value='1'></td><td align=left><?php print WEB_cell_enabled."</td><td align=right>";print_qa_select('a_enabled', 0); ?></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_group_id" value='1'></td><td align=left><?php print WEB_cell_filter."</td><td align=right>";print_filter_group_select($db_link, 'a_group_id', 0); ?></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_queue_id" value='1'></td><td align=left><?php print WEB_cell_shaper."</td><td align=right>";print_queue_select($db_link, 'a_queue_id', 0); ?></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_day_q" value='1'></td><td align=left><?php print WEB_cell_perday."</td><td align=right>"; ?><input type="text" name="a_day_q" value="0" size=5></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_month_q" value='1'></td><td align=left><?php print WEB_cell_permonth."</td><td align=right>"; ?><input type="text" name="a_month_q" value="0" size=5></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_new_ou" value='1'></td><td align=left><?php print WEB_cell_ou."</td><td align=right>";print_ou_set($db_link, 'a_new_ou', 0); ?></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_bind_mac" value='1'></td><td align=left><?php print WEB_user_bind_mac."</td><td align=right>";print_qa_select('a_bind_mac', 1);?></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_bind_ip" value='1'></td><td align=left><?php print WEB_user_bind_ip."</td><td align=right>";print_qa_select('a_bind_ip', 1);?></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_create_netdev" value='1'></td><td align=left><?php print WEB_user_create_netdev."</td><td align=right>";print_qa_select('a_create_netdev', 1);?></td></tr>
        <tr><td><input type=checkbox class="putField" name="e_permanent" value='1'></td><td align=left><?php print WEB_user_permanent."</td><td align=right>";print_qa_select('a_permanent', 0);?></td></tr>
        </table>
        <input type="submit" name="submit" class="btn" value="<?php echo WEB_btn_apply; ?>">
    </form>
</div>
</div>

<a class="delButton" href="#modalDel"><?php print WEB_btn_delete; ?></a>
<div class="remodal" data-remodal-options="closeOnConfirm: true" data-remodal-id="modalDel" role="dialog" aria-labelledby="modal1Title" aria-describedby="modal1Desc">
 <div class="remodalBorder">
  <button data-remodal-action="close" class="remodal-close" aria-label="Close"></button>
    <form id="formUserDel" onsubmit="blockForm('formUserDel');">
        <h2 id="modal1Title"><?php print WEB_msg_delete_selected; ?></h2>
        <input type="hidden" name="RemoveUser" value="MassChange">
        <?php print_qa_select('f_deleted', 0);?><br><br>
        <input type="submit" name="submit" class="btn" value="<?php echo WEB_btn_apply; ?>">
    </form>
</div>
</div>

<?php

$sort_url = "<a href=/admin/users/index.php?";

$params = [];
$conditions = ["deleted = 0"];

if ($rou != 0) {
    $conditions[] = "ou_id = ?";
    $params[] = (int)$rou;
}

if (isset($f_search_str) && strlen($f_search_str) > 0) {
    $search_pattern = '%' . $f_search . '%';
    $conditions[] = "(login LIKE ? OR description LIKE ?)";
    $params[] = $search_pattern;
    $params[] = $search_pattern;
}

// Защита от пустого WHERE
if (!empty($conditions)) {
    $whereClause = ' WHERE ' . implode(' AND ', $conditions);
} else {
    $whereClause = '';
}

// === 2. Безопасная сортировка (БЕЛЫЙ СПИСОК!) ===
$allowed_sort_fields = ['id', 'login', 'description' ];
$allowed_order = ['ASC', 'DESC'];

$sort_field = in_array($sort_field, $allowed_sort_fields, true) ? $sort_field : 'id';
$order = in_array(strtoupper($order), $allowed_order, true) ? strtoupper($order) : 'ASC';

// === 3. Подсчёт записей ===
$countSQL = "SELECT COUNT(*) FROM user_list $whereClause";
$count_records = (int)get_single_field($db_link, $countSQL, $params);

// === 4. Пагинация ===
$total = ceil($count_records / $displayed);
$page = max(1, min($page, $total));
$start = ($page - 1) * $displayed;

print_navigation($page_url, $page, $displayed, $count_records, $total);

// === 5. Запрос данных ===
$limit = (int)$displayed;
$offset = (int)$start;

$dataParams = array_merge($params, [$limit, $offset]);

$sSQL = "
    SELECT *
    FROM user_list U
    $whereClause
    ORDER BY $sort_field $order
    LIMIT ? OFFSET ?
";

$users = get_records_sql($db_link, $sSQL, $dataParams);

?>

<form id="def" name="def" >

<table class="data">
<tr align="center">
<td><input type="checkbox" onClick="checkAll(this.checked);"></td>
<td><b><?php print $sort_url . "sort=id&order=$new_order>id</a>"; ?></b></td>
<td><b><?php print $sort_url . "sort=login&order=$new_order>" . WEB_cell_login . "</a>"; ?></b></td>
<td><b><?php print $sort_url . "sort=description&order=$new_order>" . WEB_cell_description . "</a>"; ?></b></td>
<td><b><?php print WEB_cell_rule; ?></b></td>
<td><b><?php print WEB_cell_ou; ?></b></td>
<td><b><?php print WEB_cell_enabled; ?></b></td>
<td><b><?php print WEB_cell_perday; ?></b></td>
<td><b><?php print WEB_cell_permonth; ?></b></td>
<td><b><?php print WEB_cell_report; ?></b></td>
</tr>
<?php


foreach ($users as $row) {
    $auth_customs = get_count_records($db_link,"user_auth","user_id=? AND deleted=0 AND enabled <>?", [ $row['id'],$row['enabled'] ] );
    $cl = "data";
    if (! $row['enabled']) {
        $cl = "off";
    }
    if ($row['blocked']) {
        $cl = "error";
    }
    if ($auth_customs > 0) {
	$cl = "custom";
	}
    if (! get_auth_count($db_link, $row['id'])) {
        $cl = 'nb';
    }
    print "<tr align=center>\n";
    print "<td class=\"$cl\" style='padding:0'><input type=checkbox name=fid[] value=".$row['id']."></td>\n";
    $cl_id = $cl;
    if (!empty($row['permanent']) and $row['permanent'] == 1) { $cl_id = 'warn'; }
    print "<td class=\"$cl_id\">".$row['id']."</td>\n";
    if (empty($row['login'])) { $row['login']=$row['id']; }
    print "<td class=\"$cl\" align=left><a href=edituser.php?id=".$row['id'].">" . $row['login'] . "</a></td>\n";
    print "<td class=\"$cl\">".$row['description']."</td>\n";
    $rules_count = get_count_records($db_link,"auth_rules","user_id=?", [$row['id']]);
    print "<td class=\"$cl\">".$rules_count."</td>\n";
    print "<td class=\"$cl\">".get_ou($db_link,$row['ou_id'])."</td>\n";
    print "<td class=\"$cl\">".get_qa($row['enabled']) . "</td>\n";
    print "<td class=\"$cl\">".$row['day_quota']."</td>\n";
    print "<td class=\"$cl\">".$row['month_quota']."</td>\n";
    print "<td class=\"$cl\" align=center colspan=2><a href=../reports/userday.php?id=".$row['id'].">Просмотр</a></td>\n";
}
?>
</table>

<?php
print_navigation($page_url,$page,$displayed,$count_records,$total);
?>

</form>
<table class="data">
<tr>
<td colspan = 3><?php echo WEB_color_description; ?></td>
</tr>
<tr>
<td class="nb"><?php echo WEB_color_user_empty; ?></td>
<td class="off"><?php echo WEB_color_user_disabled; ?></td>
<td class="error"><?php echo WEB_color_user_blocked; ?></td>
<td class="custom"><?php echo WEB_color_user_custom; ?></td>
<td class="warn"><?php echo WEB_color_user_permanent; ?></td>
</table>

<script src="/js/remodal/remodal.min.js"></script>
<script src="/js/remodal-user.js"></script>

<script>
document.getElementById('ou').addEventListener('change', function(event) {
  const buttonApply = document.getElementById('btn_filter');
  buttonApply.click();
});

document.getElementById('rows').addEventListener('change', function(event) {
  const buttonApply = document.getElementById('btn_filter');
  buttonApply.click();
});

</script>

<?php
require_once ($_SERVER['DOCUMENT_ROOT']."/inc/footer.php");
?>