current(); if (empty($me->is_admin)) { header(sprintf('Location: %slogin.php', WWW_URL)); exit; } $ldap = LDAP::enabled(); $user = null; $edit = $create = $delete = false; if (!empty($_GET['edit']) && ($user = $users->getById((int) $_GET['edit']))) { $edit = true; } elseif (!empty($_GET['delete']) && ($user = $users->getById((int) $_GET['delete']))) { $delete = true; if ($user->id == $me->id) { die('You cannot delete your own account.'); } } elseif (isset($_GET['create']) && !$ldap) { $create = true; } if ($create && !empty($_POST['create']) && !empty($_POST['login']) && !empty($_POST['password']) && csrf_check()) { $users->create(trim($_POST['login']), trim($_POST['password'])); header('Location: ' . WWW_URL . 'users.php'); exit; } elseif ($edit && !empty($_POST['save']) && !empty($_POST['login']) && csrf_check()) { if (!$ldap && empty($_POST['is_admin']) && $user->id == $me->id) { die("You cannot remove yourself from admins, ask another admin to do it."); } $data = array_merge($_POST, ['is_admin' => !empty($_POST['is_admin'])]); if ($ldap) { unset($data['is_admin'], $data['password'], $data['login']); } $users->edit($user->id, $data); if ($user->id == $me->id) { $_SESSION['user'] = $users->getById($me->id); } header('Location: ' . WWW_URL . 'users.php'); exit; } elseif ($delete && !empty($_POST['delete']) && csrf_check()) { $users->delete($user); header('Location: ' . WWW_URL . 'users.php'); exit; } html_head('Manage users'); html_csrf_error(); if ($create) { $csrf = html_csrf(); echo << {$csrf}
Create a new user
EOF; } elseif ($edit) { $csrf = html_csrf(); $login = htmlspecialchars($user->login); $is_admin = $user->is_admin ? 'checked="checked"' : ''; $quota = $user ? round($user->quota / 1024 / 1024) : DEFAULT_QUOTA; echo '
' . $csrf . '
Edit user
'; if (!$ldap) { echo '
Leave empty if you don\'t want to change it.
'; } echo '
(in MB)
'; } elseif ($delete) { $csrf = html_csrf(); $login = htmlspecialchars($user->login); echo << {$csrf}
Delete user

Do you want to delete the user "{$login}" and all their files?

EOF; } else { echo '

← Back

'; if (!$ldap) { echo '

Create new user

'; } echo ' '; foreach ($users->list() as $user) { $used = Storage::getDirectorySize($user->path); printf('', htmlspecialchars($user->login), format_bytes($used), format_bytes($user->quota), $user->quota, $used, $user->is_admin ? 'Admin' : '', $user->id, $user->id ); } echo '
User Quota Admin
%s %s used out of %s
 %s Edit Delete
'; } html_foot();