admin.php

<?php
  require_once('functions.php');

  $error = '';
  if (isset($_POST['action'])) {
  if ($_POST['action']=='Maak Gebruiker') {
    $login = trim($_POST['newuser']);
    $surname = trim($_POST['surname']);
    $givenname = trim($_POST['givenname']);
    $addictions = trim($_POST['addictions']);
    $password = trim($_POST['password']);

    if ($login != '' && $givenname != '')  {
	$passphrase = md5($login.':kabelkrantadmin:'.$password);

    	$dbh = new PDO(DATABASE, DB_USER, DB_PASSWORD);
	$dbh->beginTransaction();

	$stmt = $dbh->prepare('DELETE FROM editors WHERE login = :login');
	$stmt->bindParam(':login', $login, PDO::PARAM_STR, 15);
	$stmt->execute();

	$stmt = $dbh->prepare('INSERT INTO editors (login, passphrase, surname, addictions, givenname) VALUES (:login, :passphrase, :surname, :addictions, :givenname)');
	$stmt->bindParam(':login', $login, PDO::PARAM_STR, 15);
	$stmt->bindParam(':passphrase', $passphrase, PDO::PARAM_STR, 32);
	$stmt->bindParam(':surname', $surname, PDO::PARAM_STR, 50);
	$stmt->bindParam(':addictions', $addictions, PDO::PARAM_STR, 10);
	$stmt->bindParam(':givenname', $givenname, PDO::PARAM_STR, 50);
	$stmt->execute();
	$dbh->commit();
	$dbh = null;

	$fp = fopen('.htdigest', 'a');
	if ($fp) {
		fwrite($fp, $login.':kabelkrantadmin:'.$passphrase."\n");
		fflush($fp);
		fclose($fp);
	} else {
		$error = 'Fout: Met aan zekerheidgrenzende waarschijnlijkheid is .htdigest niet toegankelijk om te schrijven door PHP.';
	}
//	header('Location: '.$_SERVER['PHP_SELF']);
    }
  } else if ($_POST['action']=='Verwijder Gebruiker') {
  	$login = trim($_POST['newuser']);

	if ($login != '') {
		clearstatcache();
		/* we halen de gebruiker niet uit de database, omdat de refentiele integriteit dat kwijt raakt */
	    	$dbh = new PDO(DATABASE, DB_USER, DB_PASSWORD);
		$dbh->beginTransaction();

		$stmt = $dbh->prepare('UPDATE editors SET passphrase = NULL WHERE login = :login');
		$stmt->bindParam(':login', $login, PDO::PARAM_STR, 15);
		$stmt->execute();

		$dbh->commit();
		$dbh = null;

		$needle = $login.':';
		$nlen   = strlen($needle);
		$fp = fopen('.htdigest', 'r');
		$contents = '';
		while (!feof($fp)) {
		  $tmp = fgets($fp);
		  if (strlen($tmp) > $nlen && substr_compare($tmp, $needle, 0, $nlen, TRUE) != 0) {
		  	$contents .= $tmp;
		  }
		}
		fclose($fp);
		file_put_contents('.htdigest', $contents, LOCK_EX);
	}
  } else if ($_POST['action']=='Wijzig Wachtwoord') {
  	$login = trim($_POST['curuser']);
	$password = trim($_POST['newpassword']);

	if ($login != '' && $password != '') {
		$passphrase = md5($login.':kabelkrantadmin:'.$password);
		clearstatcache();
		/* we halen de gebruiker niet uit de database, omdat de refentiele integriteit dat kwijt raakt */
	    	$dbh = new PDO(DATABASE, DB_USER, DB_PASSWORD);
		$dbh->beginTransaction();

		$stmt = $dbh->prepare('UPDATE editors SET passphrase = :passphrase WHERE login = :login');
		$stmt->bindParam(':login', $login, PDO::PARAM_STR, 15);
		$stmt->bindParam(':passphrase', $login, PDO::PARAM_STR, 32);
		$stmt->execute();

		$dbh->commit();
		$dbh = null;

		$needle = $login.':';
		$nlen   = strlen($needle);
		$fp = fopen('.htdigest', 'r');
		$contents = '';
		while (!feof($fp)) {
		  $tmp = fgets($fp);
		  if (strlen($tmp) > $nlen && substr_compare($tmp, $needle, 0, $nlen, TRUE) != 0) {
		  	$contents .= $tmp;
		  }
		}
		fclose($fp);
		$contents.=$login.':kabelkrantadmin:'.$passphrase."\n";
		file_put_contents('.htdigest', $contents, LOCK_EX);
	
	}
  }
}

  
?>
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" >
  <head>
    <title><?php echo OWNER; ?></title>
    <link rel="stylesheet" href="toevoegen.css" type="text/css" />
  </head>
  <body>
    <?php echo $error; ?>
    Welkom op de nieuwe beta-versie van kabelkrantadmin.<br />
    Momenteel worden wat toevoegingen gedaan aan de broncode, het kan zijn
    dat je daar iets van merkt.<br />
     
     <form method="post">
        <fieldset>
	   <legend>Gebruiker Toevoegen</legend>
	   <label for="newuser" style="display: block; width: 110px; float: left; clear: both;">Gebruikersnaam:</label> <input id="newuser" name="newuser" type="text" /> 
	   <label for="password" style="display: block; width: 110px; float: left; clear: both;">Wachtwoord:</label> <input id="password" name="password" type="password" />
	   <label for="givenname" style="display: block; width: 110px; float: left; clear: both;">Voornaam:</label> <input id="givenname" name="givenname" type="text" />
	   <label for="addictions" style="display: block; width: 110px; float: left; clear: both;">Tussenvoegsels:</label> <input id="addictions" name="addictions" type="text" />
	   <label for="surname" style="display: block; width: 110px; float: left; clear: both;">Achternaam:</label> <input id="surname" name="surname" type="text" />
	   <input name="action" type="submit" value="Maak Gebruiker" class="button" style="clear: both; width: auto;" />
	   <input name="action" type="submit" value="Verwijder Gebruiker" class="button" style="width: auto;" />
        </fieldset>
     </form>
     <form method="post">
        <fieldset>
	   <legend>Wachtwoord wijzigen</legend>
	   <label for="curuser" style="display: block; width: 110px; float: left; clear: both;">Gebruikersnaam:</label> <input id="curuser" name="curuser" type="text" />
	   <label for="newpassword" style="display: block; width: 110px; float: left; clear: both;">Wachtwoord:</label> <input id="newpassword" name="newpassword" type="password" />
	   <input name="action" type="submit" value="Wijzig Wachtwoord" class="button" style="clear: both; width: auto;" />
        </fieldset>
     </form>
     <form method="post">
        <fieldset>
	   <legend>Rechten</legend>
	   <table>
	     <tr>
	       <th>Gebruiker</th>
	     </tr>

	     <?php 
	    	$dbh = new PDO(DATABASE, DB_USER, DB_PASSWORD);
		$stmt = $dbh->query('SELECT login, givenname, addictions, surname FROM editors WHERE passphrase <> \'\' ORDER BY surname;');
		$result = $stmt->fetchAll();
		$dbh = null;

		if (is_array($result)) {
			foreach ($result as $entry) {
				echo '<tr><td>'.$entry['givenname'].($entry['addictions']!=''?' '.$entry['addictions']:'').
								($entry['surname']!=''?' '.$entry['surname']:'').
								' ('.$entry['login'].')</td></tr>';
			}
		}			 
	     ?>
	     
	   </table>
	</fieldset>
     </form>
     <form method="post">
        <fieldset>
	   <legend>Acties</legend>
	   <table>
	     <tr>
	       <th>Naam</th>
	       <th>Omschrijving</th>
	     </tr>
	   </table>
	</fieldset>
     </form>

     <i>Wanneer er serieuze problemen zijn, kan er altijd gebeld worden met +31 85 7 85 31 85. Kinkrsoftware/Stefan de Konink;</i>
</body>
</html>