Diff -- /var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/admin_action.cgi
Diff
/var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com/admin_action.cgi
added on local at 2026-07-01 12:33:53
Added
+155
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to f146c7f25e43
to f146c7f25e43
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.| 1 | #!/usr/bin/perl | |
| 2 | ||
| 3 | ################################################################################################################################## | |
| 4 | # ______ ____ ____ ______ ______ ____ ___ __ ___ ______ _ __ ____ ____ __ __ _ __ _____ ____ | |
| 5 | # / ____// __ \ / __ \ / ____/ / ____// __ \ / | / |/ // ____/| | / // __ \ / __ \ / //_/ | | / /|__ / / __ \ | |
| 6 | # / / / / / // / / // __/ / /_ / /_/ // /| | / /|_/ // __/ | | /| / // / / // /_/ // ,< | | / / /_ < / / / / | |
| 7 | # / /___ / /_/ // /_/ // /___ / __/ / _, _// ___ | / / / // /___ | |/ |/ // /_/ // _, _// /| | | |/ / ___/ /_ / /_/ / | |
| 8 | # \____/ \____//_____//_____/ /_/ /_/ |_|/_/ |_|/_/ /_//_____/ |__/|__/ \____//_/ |_|/_/ |_| |___/ /____/(_)\____/ | |
| 9 | # | |
| 10 | # - Written by: Shawn Pickering | |
| 11 | # - shawn@shawnpickering.com | |
| 12 | ################################################################################################################################## | |
| 13 | use strict; | |
| 14 | use lib '/var/www/vhosts/3dshawn.com/ptmatrix.3dshawn.com'; | |
| 15 | ||
| 16 | ||
| 17 | ############################################################# | |
| 18 | ## Variables | |
| 19 | ############################################################# | |
| 20 | ||
| 21 | ||
| 22 | ||
| 23 | ############################################################ | |
| 24 | # Modules | |
| 25 | ############################################################ | |
| 26 | use CGI; my $query = new CGI; my $form = $query->Vars; | |
| 27 | use MODS::Login; my $login = new MODS::Login; | |
| 28 | use MODS::PTMatrix::Urls; my $getlist = new MODS::PTMatrix::Urls; my $url = $getlist->urls(); | |
| 29 | use MODS::DBConnect; my $db = new MODS::DBConnect; | |
| 30 | use MODS::PTMatrix::Config; my $config = new MODS::PTMatrix::Config; my $database_name = $config->settings('database_name'); | |
| 31 | use MODS::PTMatrix::PM; | |
| 32 | ||
| 33 | ||
| 34 | ||
| 35 | ############################################################# | |
| 36 | ## Get form data | |
| 37 | ############################################################# | |
| 38 | foreach my $line(keys %$form){ | |
| 39 | $form->{$line} =~ s/[^!-~\s]//g; | |
| 40 | $form->{$line} = quotemeta("$form->{$line}"); | |
| 41 | } | |
| 42 | ||
| 43 | ||
| 44 | ||
| 45 | ############################################################ | |
| 46 | # Program Controls | |
| 47 | ############################################################ | |
| 48 | $|=1; | |
| 49 | my $userinfo = $login->login_verify(); | |
| 50 | if(!$userinfo){print qq~Status: 302 Found\nLocation: $url->{login}\n\n~; exit;} | |
| 51 | ||
| 52 | my $act = $form->{act} || ''; | |
| 53 | my $is_super = $userinfo->{is_super_admin} || $userinfo->{_admin_is_super_admin} || 0; | |
| 54 | ||
| 55 | if ($act eq 'stop_impersonation') {&stop_impersonation;} | |
| 56 | elsif(!$is_super) {&bounce($url->{dashboard});} | |
| 57 | elsif($act eq 'impersonate') {&impersonate;} | |
| 58 | elsif($act eq 'suspend_company') {&suspend_company;} | |
| 59 | elsif($act eq 'unsuspend_company') {&unsuspend_company;} | |
| 60 | elsif($act eq 'change_plan') {&change_plan;} | |
| 61 | elsif($act eq 'suspend_user' || $act eq 'reactivate_user' || $act eq 'close_user'){&user_status_change;} | |
| 62 | else {&bounce($url->{admin_users});} | |
| 63 | ||
| 64 | ||
| 65 | ############################################################ | |
| 66 | # Subroutines | |
| 67 | ############################################################ | |
| 68 | sub bounce{ | |
| 69 | my($target) = @_; | |
| 70 | print qq~Status: 302 Found\nLocation: $target\n\n~; | |
| 71 | exit; | |
| 72 | } | |
| 73 | ||
| 74 | sub stop_impersonation{ | |
| 75 | #Allowed for any user currently impersonating (no super-admin check needed) | |
| 76 | my $dbh = $db->db_connect(); | |
| 77 | my $sid = $userinfo->{session_id}; | |
| 78 | $sid =~ s/[^A-Za-z0-9\-]//g; | |
| 79 | $db->db_readwrite($dbh, qq~DELETE FROM `${database_name}`.admin_impersonation WHERE session_id='$sid'~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 80 | $db->db_disconnect($dbh); | |
| 81 | &bounce($url->{admin_users}); | |
| 82 | } | |
| 83 | ||
| 84 | sub impersonate{ | |
| 85 | my $tid = MODS::PTMatrix::PM::safe_int($form->{target_user_id}); | |
| 86 | ||
| 87 | #Use the admin's real session_id, even if they're already impersonating | |
| 88 | my $sid_real = $userinfo->{session_id}; | |
| 89 | $sid_real =~ s/[^A-Za-z0-9\-]//g; | |
| 90 | ||
| 91 | #admin_user_id is whoever actually logged in | |
| 92 | my $admin_uid = $userinfo->{_admin_user_id} || $userinfo->{user_id}; | |
| 93 | $admin_uid = MODS::PTMatrix::PM::safe_int($admin_uid); | |
| 94 | ||
| 95 | #Don't allow impersonating self or an empty target | |
| 96 | &bounce($url->{admin_users}) if $tid == $admin_uid || !$tid; | |
| 97 | ||
| 98 | my $dbh = $db->db_connect(); | |
| 99 | my $r = $db->db_readwrite($dbh, qq~SELECT id FROM `${database_name}`.users WHERE id='$tid' LIMIT 1~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 100 | if(!$r || !$r->{id}){ | |
| 101 | $db->db_disconnect($dbh); | |
| 102 | &bounce($url->{admin_users}); | |
| 103 | } | |
| 104 | ||
| 105 | my $sql = qq~INSERT INTO `${database_name}`.admin_impersonation (session_id, admin_user_id, target_user_id, mode) VALUES ('$sid_real', '$admin_uid', '$tid', 'control') ON DUPLICATE KEY UPDATE target_user_id=VALUES(target_user_id), mode='control', started_at=NOW()~; | |
| 106 | $db->db_readwrite($dbh, $sql, $ENV{SCRIPT_NAME}, __LINE__); | |
| 107 | $db->db_disconnect($dbh); | |
| 108 | ||
| 109 | MODS::PTMatrix::PM::audit(0, $admin_uid, 'admin.impersonate_start', 'user', $tid); | |
| 110 | &bounce($url->{dashboard}); | |
| 111 | } | |
| 112 | ||
| 113 | sub suspend_company{ | |
| 114 | my $cid = MODS::PTMatrix::PM::safe_int($form->{company_id}); | |
| 115 | my $dbh = $db->db_connect(); | |
| 116 | $db->db_readwrite($dbh, qq~UPDATE `${database_name}`.companies SET status='suspended' WHERE id='$cid'~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 117 | $db->db_disconnect($dbh); | |
| 118 | &bounce($url->{admin_companies}); | |
| 119 | } | |
| 120 | ||
| 121 | sub unsuspend_company{ | |
| 122 | my $cid = MODS::PTMatrix::PM::safe_int($form->{company_id}); | |
| 123 | my $dbh = $db->db_connect(); | |
| 124 | $db->db_readwrite($dbh, qq~UPDATE `${database_name}`.companies SET status='active' WHERE id='$cid'~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 125 | $db->db_disconnect($dbh); | |
| 126 | &bounce($url->{admin_companies}); | |
| 127 | } | |
| 128 | ||
| 129 | sub change_plan{ | |
| 130 | my $cid = MODS::PTMatrix::PM::safe_int($form->{company_id}); | |
| 131 | my $tier = $form->{tier}; | |
| 132 | if($tier =~ /^(trial|free|starter|pro|business|enterprise)$/){ | |
| 133 | my $dbh = $db->db_connect(); | |
| 134 | $db->db_readwrite($dbh, qq~UPDATE `${database_name}`.companies SET plan_tier='$tier' WHERE id='$cid'~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 135 | $db->db_disconnect($dbh); | |
| 136 | } | |
| 137 | &bounce($url->{admin_companies}); | |
| 138 | } | |
| 139 | ||
| 140 | sub user_status_change{ | |
| 141 | my $tid = MODS::PTMatrix::PM::safe_int($form->{target_user_id}); | |
| 142 | &bounce($url->{admin_users}) unless $tid; | |
| 143 | ||
| 144 | my $admin_uid = $userinfo->{_admin_user_id} || $userinfo->{user_id}; | |
| 145 | &bounce($url->{admin_users}) if $tid == MODS::PTMatrix::PM::safe_int($admin_uid); | |
| 146 | ||
| 147 | my %new = (suspend_user => 'suspended', reactivate_user => 'active', close_user => 'closed'); | |
| 148 | my $st = $new{$act}; | |
| 149 | my $dbh = $db->db_connect(); | |
| 150 | $db->db_readwrite($dbh, qq~UPDATE `${database_name}`.users SET account_status='$st' WHERE id='$tid'~, $ENV{SCRIPT_NAME}, __LINE__); | |
| 151 | $db->db_disconnect($dbh); | |
| 152 | ||
| 153 | MODS::PTMatrix::PM::audit(0, $admin_uid, "admin.$act", 'user', $tid); | |
| 154 | &bounce("$url->{admin_user}&u=$tid"); | |
| 155 | } |