128 lines
4.6 KiB
PHP
128 lines
4.6 KiB
PHP
<?php
|
|
declare(strict_types=1);
|
|
|
|
require __DIR__ . '/_common.php';
|
|
|
|
require_login();
|
|
|
|
$me = current_admin();
|
|
if (!$me) {
|
|
json_response(['ok' => false, 'error' => 'Unauthorized'], 401);
|
|
}
|
|
|
|
$method = $_SERVER['REQUEST_METHOD'];
|
|
|
|
if ($method === 'GET') {
|
|
$list = array_map('strip_admin', read_store()['admins'] ?? []);
|
|
json_response(['ok' => true, 'admins' => $list]);
|
|
}
|
|
|
|
if (!is_super($me)) {
|
|
json_response(['ok' => false, 'error' => 'เฉพาะ super admin จัดการบัญชีแอดมินได้'], 403);
|
|
}
|
|
|
|
if ($method === 'POST') {
|
|
$body = require_json_body();
|
|
$username = trim((string)($body['username'] ?? ''));
|
|
$password = (string)($body['password'] ?? '');
|
|
$role = ($body['role'] ?? 'admin') === 'super' ? 'super' : 'admin';
|
|
if ($role === 'super' && !is_super($me)) {
|
|
json_response(['ok' => false, 'error' => 'สร้าง super admin ได้เฉพาะ super เท่านั้น'], 403);
|
|
}
|
|
if ($username === '' || strlen($username) < 2) {
|
|
json_response(['ok' => false, 'error' => 'ชื่อผู้ใช้สั้นเกินไป'], 400);
|
|
}
|
|
if (strlen($password) < 8) {
|
|
json_response(['ok' => false, 'error' => 'รหัสผ่านอย่างน้อย 8 ตัวอักษร'], 400);
|
|
}
|
|
$store = read_store();
|
|
foreach ($store['admins'] ?? [] as $x) {
|
|
if (strcasecmp($x['username'] ?? '', $username) === 0) {
|
|
json_response(['ok' => false, 'error' => 'ชื่อผู้ใช้ซ้ำ'], 400);
|
|
}
|
|
}
|
|
$store['admins'][] = [
|
|
'id' => new_id(),
|
|
'username' => $username,
|
|
'passwordHash' => password_hash($password, PASSWORD_DEFAULT),
|
|
'role' => $role,
|
|
'createdAt' => gmdate('c'),
|
|
];
|
|
if (!write_store($store)) {
|
|
json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
|
|
}
|
|
json_response(['ok' => true]);
|
|
}
|
|
|
|
if ($method === 'PATCH') {
|
|
$body = require_json_body();
|
|
$targetId = trim((string)($body['id'] ?? ''));
|
|
$newPassword = (string)($body['newPassword'] ?? '');
|
|
if ($targetId === '') {
|
|
json_response(['ok' => false, 'error' => 'ระบุ id แอดมิน'], 400);
|
|
}
|
|
if (strlen($newPassword) < 8) {
|
|
json_response(['ok' => false, 'error' => 'รหัสใหม่อย่างน้อย 8 ตัวอักษร'], 400);
|
|
}
|
|
if ($targetId === $me['id']) {
|
|
json_response(['ok' => false, 'error' => 'เปลี่ยนรหัสตัวเองให้ใช้เมนู "เปลี่ยนรหัสผ่านของคุณ"'], 400);
|
|
}
|
|
$store = read_store();
|
|
$updated = false;
|
|
foreach ($store['admins'] ?? [] as $i => $a) {
|
|
if (($a['id'] ?? '') !== $targetId) {
|
|
continue;
|
|
}
|
|
$store['admins'][$i]['passwordHash'] = password_hash($newPassword, PASSWORD_DEFAULT);
|
|
$updated = true;
|
|
break;
|
|
}
|
|
if (!$updated) {
|
|
json_response(['ok' => false, 'error' => 'ไม่พบแอดมิน'], 404);
|
|
}
|
|
if (!write_store($store)) {
|
|
json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
|
|
}
|
|
json_response(['ok' => true, 'message' => 'ตั้งรหัสใหม่แล้ว']);
|
|
}
|
|
|
|
if ($method === 'DELETE') {
|
|
$id = trim((string)($_GET['id'] ?? ''));
|
|
if ($id === '') {
|
|
json_response(['ok' => false, 'error' => 'ระบุ id'], 400);
|
|
}
|
|
if ($id === $me['id']) {
|
|
json_response(['ok' => false, 'error' => 'ลบบัญชีตัวเองไม่ได้'], 400);
|
|
}
|
|
$store = read_store();
|
|
$admins = $store['admins'] ?? [];
|
|
$next = [];
|
|
$removed = false;
|
|
foreach ($admins as $a) {
|
|
if (($a['id'] ?? '') === $id) {
|
|
$removed = true;
|
|
continue;
|
|
}
|
|
$next[] = $a;
|
|
}
|
|
if (!$removed) {
|
|
json_response(['ok' => false, 'error' => 'ไม่พบผู้ใช้'], 404);
|
|
}
|
|
$supers = 0;
|
|
foreach ($next as $a) {
|
|
if (($a['role'] ?? '') === 'super') {
|
|
$supers++;
|
|
}
|
|
}
|
|
if ($supers < 1) {
|
|
json_response(['ok' => false, 'error' => 'ต้องมี super admin อย่างน้อย 1 คน'], 400);
|
|
}
|
|
$store['admins'] = $next;
|
|
if (!write_store($store)) {
|
|
json_response(['ok' => false, 'error' => 'บันทึกไม่สำเร็จ'], 500);
|
|
}
|
|
json_response(['ok' => true]);
|
|
}
|
|
|
|
json_response(['ok' => false, 'error' => 'Method not allowed'], 405);
|