Diff -- /var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/admin_action.cgi

O Operator
Diff

/var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/admin_action.cgi

added on local at 2026-07-01 12:33:53

Added
+155
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to f146c7f25e43
Restore this content →
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.
1#!/usr/bin/perl
2
3##################################################################################################################################
4# ______ ____ ____ ______ ______ ____ ___ __ ___ ______ _ __ ____ ____ __ __ _ __ _____ ____
5# / ____// __ \ / __ \ / ____/ / ____// __ \ / | / |/ // ____/| | / // __ \ / __ \ / //_/ | | / /|__ / / __ \
6# / / / / / // / / // __/ / /_ / /_/ // /| | / /|_/ // __/ | | /| / // / / // /_/ // ,< | | / / /_ < / / / /
7# / /___ / /_/ // /_/ // /___ / __/ / _, _// ___ | / / / // /___ | |/ |/ // /_/ // _, _// /| | | |/ / ___/ /_ / /_/ /
8# \____/ \____//_____//_____/ /_/ /_/ |_|/_/ |_|/_/ /_//_____/ |__/|__/ \____//_/ |_|/_/ |_| |___/ /____/(_)\____/
9#
10# - Written by: Shawn Pickering
11# - shawn@shawnpickering.com
12##################################################################################################################################
13use strict;
14use lib '/var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com';
15
16
17#############################################################
18## Variables
19#############################################################
20
21
22
23############################################################
24# Modules
25############################################################
26use CGI; my $query = new CGI; my $form = $query->Vars;
27use MODS::Login; my $login = new MODS::Login;
28use MODS::PTMatrix::Urls; my $getlist = new MODS::PTMatrix::Urls; my $url = $getlist->urls();
29use MODS::DBConnect; my $db = new MODS::DBConnect;
30use MODS::PTMatrix::Config; my $config = new MODS::PTMatrix::Config; my $database_name = $config->settings('database_name');
31use MODS::PTMatrix::PM;
32
33
34
35#############################################################
36## Get form data
37#############################################################
38foreach my $line(keys %$form){
39 $form->{$line} =~ s/[^!-~\s]//g;
40 $form->{$line} = quotemeta("$form->{$line}");
41}
42
43
44
45############################################################
46# Program Controls
47############################################################
48$|=1;
49my $userinfo = $login->login_verify();
50if(!$userinfo){print qq~Status: 302 Found\nLocation: $url->{login}\n\n~; exit;}
51
52my $act = $form->{act} || '';
53my $is_super = $userinfo->{is_super_admin} || $userinfo->{_admin_is_super_admin} || 0;
54
55if ($act eq 'stop_impersonation') {&stop_impersonation;}
56elsif(!$is_super) {&bounce($url->{dashboard});}
57elsif($act eq 'impersonate') {&impersonate;}
58elsif($act eq 'suspend_company') {&suspend_company;}
59elsif($act eq 'unsuspend_company') {&unsuspend_company;}
60elsif($act eq 'change_plan') {&change_plan;}
61elsif($act eq 'suspend_user' || $act eq 'reactivate_user' || $act eq 'close_user'){&user_status_change;}
62else {&bounce($url->{admin_users});}
63
64
65############################################################
66# Subroutines
67############################################################
68sub bounce{
69 my($target) = @_;
70 print qq~Status: 302 Found\nLocation: $target\n\n~;
71 exit;
72}
73
74sub stop_impersonation{
75 #Allowed for any user currently impersonating (no super-admin check needed)
76 my $dbh = $db->db_connect();
77 my $sid = $userinfo->{session_id};
78 $sid =~ s/[^A-Za-z0-9\-]//g;
79 $db->db_readwrite($dbh, qq~DELETE FROM `${database_name}`.admin_impersonation WHERE session_id='$sid'~, $ENV{SCRIPT_NAME}, __LINE__);
80 $db->db_disconnect($dbh);
81 &bounce($url->{admin_users});
82}
83
84sub impersonate{
85 my $tid = MODS::PTMatrix::PM::safe_int($form->{target_user_id});
86
87 #Use the admin's real session_id, even if they're already impersonating
88 my $sid_real = $userinfo->{session_id};
89 $sid_real =~ s/[^A-Za-z0-9\-]//g;
90
91 #admin_user_id is whoever actually logged in
92 my $admin_uid = $userinfo->{_admin_user_id} || $userinfo->{user_id};
93 $admin_uid = MODS::PTMatrix::PM::safe_int($admin_uid);
94
95 #Don't allow impersonating self or an empty target
96 &bounce($url->{admin_users}) if $tid == $admin_uid || !$tid;
97
98 my $dbh = $db->db_connect();
99 my $r = $db->db_readwrite($dbh, qq~SELECT id FROM `${database_name}`.users WHERE id='$tid' LIMIT 1~, $ENV{SCRIPT_NAME}, __LINE__);
100 if(!$r || !$r->{id}){
101 $db->db_disconnect($dbh);
102 &bounce($url->{admin_users});
103 }
104
105 my $sql = qq~INSERT INTO `${database_name}`.admin_impersonation (session_id, admin_user_id, target_user_id, mode) VALUES ('$sid_real', '$admin_uid', '$tid', 'control') ON DUPLICATE KEY UPDATE target_user_id=VALUES(target_user_id), mode='control', started_at=NOW()~;
106 $db->db_readwrite($dbh, $sql, $ENV{SCRIPT_NAME}, __LINE__);
107 $db->db_disconnect($dbh);
108
109 MODS::PTMatrix::PM::audit(0, $admin_uid, 'admin.impersonate_start', 'user', $tid);
110 &bounce($url->{dashboard});
111}
112
113sub suspend_company{
114 my $cid = MODS::PTMatrix::PM::safe_int($form->{company_id});
115 my $dbh = $db->db_connect();
116 $db->db_readwrite($dbh, qq~UPDATE `${database_name}`.companies SET status='suspended' WHERE id='$cid'~, $ENV{SCRIPT_NAME}, __LINE__);
117 $db->db_disconnect($dbh);
118 &bounce($url->{admin_companies});
119}
120
121sub unsuspend_company{
122 my $cid = MODS::PTMatrix::PM::safe_int($form->{company_id});
123 my $dbh = $db->db_connect();
124 $db->db_readwrite($dbh, qq~UPDATE `${database_name}`.companies SET status='active' WHERE id='$cid'~, $ENV{SCRIPT_NAME}, __LINE__);
125 $db->db_disconnect($dbh);
126 &bounce($url->{admin_companies});
127}
128
129sub change_plan{
130 my $cid = MODS::PTMatrix::PM::safe_int($form->{company_id});
131 my $tier = $form->{tier};
132 if($tier =~ /^(trial|free|starter|pro|business|enterprise)$/){
133 my $dbh = $db->db_connect();
134 $db->db_readwrite($dbh, qq~UPDATE `${database_name}`.companies SET plan_tier='$tier' WHERE id='$cid'~, $ENV{SCRIPT_NAME}, __LINE__);
135 $db->db_disconnect($dbh);
136 }
137 &bounce($url->{admin_companies});
138}
139
140sub user_status_change{
141 my $tid = MODS::PTMatrix::PM::safe_int($form->{target_user_id});
142 &bounce($url->{admin_users}) unless $tid;
143
144 my $admin_uid = $userinfo->{_admin_user_id} || $userinfo->{user_id};
145 &bounce($url->{admin_users}) if $tid == MODS::PTMatrix::PM::safe_int($admin_uid);
146
147 my %new = (suspend_user => 'suspended', reactivate_user => 'active', close_user => 'closed');
148 my $st = $new{$act};
149 my $dbh = $db->db_connect();
150 $db->db_readwrite($dbh, qq~UPDATE `${database_name}`.users SET account_status='$st' WHERE id='$tid'~, $ENV{SCRIPT_NAME}, __LINE__);
151 $db->db_disconnect($dbh);
152
153 MODS::PTMatrix::PM::audit(0, $admin_uid, "admin.$act", 'user', $tid);
154 &bounce("$url->{admin_user}&u=$tid");
155}