Authenticate( $username, $password ); if( $pass ) { $_SESSION['lang'] = $lang; $_SESSION['theme'] = $theme; exit( formatJSEND( "success", array( "username" => $username ) ) ); } else { exit( formatJSEND( "error", "Incorrect Username or Password" ) ); } } ////////////////////////////////////////////////////////////////// // Logout ////////////////////////////////////////////////////////////////// if( $_GET['action'] == 'logout' ) { logout(); } ////////////////////////////////////////////////////////////////// // Create User ////////////////////////////////////////////////////////////////// if( $_GET['action'] == 'create' ) { if( checkAccess() ) { if ( ! isset( $_POST['username'] ) || ! isset( $_POST['password'] ) ) { exit( formatJSEND( "error", "Missing username or password" ) ); } if ( ! ( $_POST['password'] === $_POST['password2'] ) ) { exit( formatJSEND( "error", "Passwords do not match" ) ); } if ( preg_match( '/[^\w\-\._@]/', $_POST['username'] ) ) { exit( formatJSEND( "error", "Invalid characters in username" ) ); } $result = $User->Create( $_POST['username'], $_POST['password'] ); if( $result ) { exit( formatJSEND( "success", "User successfully created." ) ); } else { exit( formatJSEND( "error", "User could not be created." ) ); } } } ////////////////////////////////////////////////////////////////// // Delete User ////////////////////////////////////////////////////////////////// if( $_GET['action'] == 'delete' ) { if( checkAccess() ) { if( ! isset( $_GET['username'] ) ) { exit( formatJSEND( "error", "Missing username" ) ); } $return = $User->Delete( $_GET['username'] ); exit( json_encode( $return ) ); } } ////////////////////////////////////////////////////////////////// // Change Password ////////////////////////////////////////////////////////////////// if( $_GET['action'] == 'password' ) { if( ! isset( $_POST['username']) || ! isset( $_POST['password'] ) ) { die( formatJSEND( "error", "Missing username or password" ) ); } if( $_POST['username'] == $_SESSION['user'] || is_admin() ) { $User->username = User::CleanUsername( $_POST['username'] ); $User->password = $_POST['password']; $User->Password(); } } ////////////////////////////////////////////////////////////////// // Change Project ////////////////////////////////////////////////////////////////// if( $_GET['action'] == 'project' ) { if( ! isset( $_GET['project'] ) ) { die( formatJSEND( "error", "Missing project" ) ); } $User->username = $_SESSION['user']; $User->project = $_GET['project']; $User->Project(); } ////////////////////////////////////////////////////////////////// // Search Users ////////////////////////////////////////////////////////////////// if( $_GET['action'] == 'search_users' ) { if( ! isset( $_GET['search_term'] ) ) { die( formatJSEND( "error", "Missing search term" ) ); } search_users( $_GET['search_term'], "exit", true ); } ////////////////////////////////////////////////////////////////// // Verify User Account ////////////////////////////////////////////////////////////////// if( $_GET['action'] == 'verify' ) { $User->username = $_SESSION['user']; checkSession(); } if( $_GET['action'] == 'update_access' ) { checkSession(); if( ! isset( $_POST['access'] ) || ! isset( $_POST['user'] ) ) { die( formatJSEND( "error", "Could not update access." ) ); } if( ! is_admin() ) { die( formatJSEND( "error", "You do not have permission to update user's access." ) ); } if( ! in_array( $_POST["access"], array_keys( Permissions::SYSTEM_LEVELS ) ) ) { exit( formatJSEND( "error", "Invalid access level specified." ) ); } $User->update_access( $_POST["user"], $_POST["access"] ); }