27 lines
2.5 KiB
PHP
27 lines
2.5 KiB
PHP
<?php
|
|
$content = file_get_contents('index.php');
|
|
|
|
// 1. Fix Login Session
|
|
$content = str_replace(
|
|
"\$_SESSION['user_role_name'] = \$u['role_name'];",
|
|
"\$_SESSION['user_role_name'] = \$u['role_name'];\n \$_SESSION['outlet_id'] = \$u['outlet_id'];",
|
|
$content
|
|
);
|
|
|
|
// 2. Fix Add User POST
|
|
$content = preg_replace(
|
|
"/\\\$group_id = \(int\)\(\\\$_POST\['group_id'\] \?\? 0\) \?\: null;.*?\\\$stmt = \\\$db->prepare\(\"INSERT INTO users \(username, password, email, phone, group_id\) VALUES \(\?, \?, \?, \?, \?\)\"\);.*?\\\$stmt->execute\(\[\\\$username, password_hash\(\\\$password, PASSWORD_DEFAULT\), \\\$email, \\\$phone, \\\$group_id\]\);/s",
|
|
"\$group_id = (int)(\$_POST['group_id'] ?? 0) ?: null;\n \$outlet_id = !empty(\$_POST['outlet_id']) ? (int)\$_POST['outlet_id'] : null;\n \$stmt = \$db->prepare(\"INSERT INTO users (username, password, email, phone, group_id, outlet_id) VALUES (?, ?, ?, ?, ?, ?)\");\n \$stmt->execute([\$username, password_hash(\$password, PASSWORD_DEFAULT), \$email, \$phone, \$group_id, \$outlet_id]);",
|
|
$content
|
|
);
|
|
|
|
// 3. Fix Edit User POST
|
|
$content = preg_replace(
|
|
"/\\\$group_id = \(int\)\(\\\$_POST\['group_id'\] \?\? 0\) \?\: null;.*?if \(\!empty\(\\\$password\)\) \{.*?\\\$stmt = \\\$db->prepare\(\"UPDATE users SET username=\?, password=\?, email=\?, phone=\?, group_id=\? WHERE id=\?\"\);.*?\\\$stmt->execute\(\[\\\$username, password_hash\(\\\$password, PASSWORD_DEFAULT\), \\\$email, \\\$phone, \\\$group_id, \\\$id\]\);.*?\} else \{.*?\\\$stmt = \\\$db->prepare\(\"UPDATE users SET username=\?, email=\?, phone=\?, group_id=\? WHERE id=\?\"\);.*?\\\$stmt->execute\(\[\\\$username, \\\$email, \\\$phone, \\\$group_id, \\\$id\]\);.*?\}/s",
|
|
"\$group_id = (int)(\$_POST['group_id'] ?? 0) ?: null;\n \$outlet_id = !empty(\$_POST['outlet_id']) ? (int)\$_POST['outlet_id'] : null;\n if (!empty(\$password)) {\n \$stmt = \$db->prepare(\"UPDATE users SET username=?, password=?, email=?, phone=?, group_id=?, outlet_id=? WHERE id=?\");\n \$stmt->execute([\$username, password_hash(\$password, PASSWORD_DEFAULT), \$email, \$phone, \$group_id, \$outlet_id, \$id]);\n } else {\n \$stmt = \$db->prepare(\"UPDATE users SET username=?, email=?, phone=?, group_id=?, outlet_id=? WHERE id=?\");\n \$stmt->execute([\$username, \$email, \$phone, \$group_id, \$outlet_id, \$id]);\n }",
|
|
$content
|
|
);
|
|
|
|
file_put_contents('index.php', $content);
|
|
echo "Patched auth & post logic\n";
|