2 /**********************************************************************
3 Copyright (C) FrontAccounting, LLC.
4 Released under the terms of the GNU General Public License, GPL,
5 as published by the Free Software Foundation, either version 3
6 of the License, or (at your option) any later version.
7 This program is distributed in the hope that it will be useful,
8 but WITHOUT ANY WARRANTY; without even the implied warranty of
9 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
10 See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
11 ***********************************************************************/
12 $page_security = 'SA_USERS';
14 include_once($path_to_root . "/includes/session.inc");
16 page(_($help_context = "Users"));
18 include_once($path_to_root . "/includes/date_functions.inc");
19 include_once($path_to_root . "/includes/ui.inc");
21 include_once($path_to_root . "/admin/db/users_db.inc");
23 simple_page_mode(true);
24 //-------------------------------------------------------------------------------------------------
26 function can_process($new)
29 if (strlen($_POST['user_id']) < 4)
31 display_error( _("The user login entered must be at least 4 characters long."));
36 if (!$new && ($_POST['password'] != ""))
38 if (strlen($_POST['password']) < 4)
40 display_error( _("The password entered must be at least 4 characters long."));
41 set_focus('password');
45 if (strstr($_POST['password'], $_POST['user_id']) != false)
47 display_error( _("The password cannot contain the user login."));
48 set_focus('password');
56 //-------------------------------------------------------------------------------------------------
58 if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
61 if (can_process($Mode == 'ADD_ITEM'))
63 if ($selected_id != -1)
65 update_user_prefs($selected_id,
66 get_post(array('user_id', 'real_name', 'phone', 'email', 'role_id', 'language',
67 'print_profile', 'rep_popup' => 0, 'pos')));
69 if ($_POST['password'] != "")
70 update_user_password($selected_id, $_POST['user_id'], md5($_POST['password']));
72 display_notification_centered(_("The selected user has been updated."));
76 add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']),
77 $_POST['phone'], $_POST['email'], $_POST['role_id'], $_POST['language'],
78 $_POST['print_profile'], check_value('rep_popup'), $_POST['pos']);
80 // use current user display preferences as start point for new user
81 $prefs = $_SESSION['wa_current_user']->prefs->get_all();
83 update_user_prefs($id, array_merge($prefs, get_post(array('print_profile',
84 'rep_popup' => 0, 'language'))));
86 display_notification_centered(_("A new user has been added."));
92 //-------------------------------------------------------------------------------------------------
94 if ($Mode == 'Delete' && check_csrf_token())
97 if (key_in_foreign_table($selected_id, 'audit_trail', 'user'))
100 display_error(_("Cannot delete this user because entries are associated with this user."));
102 if ($cancel_delete == 0)
104 delete_user($selected_id);
105 display_notification_centered(_("User has been deleted."));
106 } //end if Delete group
110 //-------------------------------------------------------------------------------------------------
111 if ($Mode == 'RESET')
114 $sav = get_post('show_inactive', null);
115 unset($_POST); // clean all input fields
116 $_POST['show_inactive'] = $sav;
119 $result = get_users(check_value('show_inactive'));
121 start_table(TABLESTYLE);
123 $th = array(_("User login"), _("Full Name"), _("Phone"),
124 _("E-mail"), _("Last Visit"), _("Access Level"), "", "");
126 inactive_control_column($th);
129 $k = 0; //row colour counter
131 while ($myrow = db_fetch($result))
134 alt_table_row_color($k);
136 $last_visit_date = sql2date($myrow["last_visit_date"]);
138 /*The security_headings array is defined in config.php */
139 $not_me = strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username);
141 label_cell($myrow["user_id"]);
142 label_cell($myrow["real_name"]);
143 label_cell($myrow["phone"]);
144 email_cell($myrow["email"]);
145 label_cell($last_visit_date, "nowrap");
146 label_cell($myrow["role"]);
149 inactive_control_cell($myrow["id"], $myrow["inactive"], 'users', 'id');
150 elseif (check_value('show_inactive'))
153 edit_button_cell("Edit".$myrow["id"], _("Edit"));
155 delete_button_cell("Delete".$myrow["id"], _("Delete"));
160 } //END WHILE LIST LOOP
162 inactive_control_row($th);
164 //-------------------------------------------------------------------------------------------------
165 start_table(TABLESTYLE2);
167 $_POST['email'] = "";
168 if ($selected_id != -1)
170 if ($Mode == 'Edit') {
171 //editing an existing User
172 $myrow = get_user($selected_id);
174 $_POST['id'] = $myrow["id"];
175 $_POST['user_id'] = $myrow["user_id"];
176 $_POST['real_name'] = $myrow["real_name"];
177 $_POST['phone'] = $myrow["phone"];
178 $_POST['email'] = $myrow["email"];
179 $_POST['role_id'] = $myrow["role_id"];
180 $_POST['language'] = $myrow["language"];
181 $_POST['print_profile'] = $myrow["print_profile"];
182 $_POST['rep_popup'] = $myrow["rep_popup"];
183 $_POST['pos'] = $myrow["pos"];
185 hidden('selected_id', $selected_id);
189 label_row(_("User login:"), $_POST['user_id']);
192 { //end of if $selected_id only do the else when a new record is being entered
193 text_row(_("User Login:"), "user_id", null, 22, 20);
194 $_POST['language'] = user_language();
195 $_POST['print_profile'] = user_print_profile();
196 $_POST['rep_popup'] = user_rep_popup();
197 $_POST['pos'] = user_pos();
199 $_POST['password'] = "";
200 password_row(_("Password:"), 'password', $_POST['password']);
202 if ($selected_id != -1)
204 table_section_title(_("Enter a new password to change, leave empty to keep current."));
207 text_row_ex(_("Full Name").":", 'real_name', 50);
209 text_row_ex(_("Telephone No.:"), 'phone', 30);
211 email_row_ex(_("Email Address:"), 'email', 50);
213 security_roles_list_row(_("Access Level:"), 'role_id', null);
215 languages_list_row(_("Language:"), 'language', null);
217 pos_list_row(_("User's POS"). ':', 'pos', null);
219 print_profiles_list_row(_("Printing profile"). ':', 'print_profile', null,
220 _('Browser printing support'));
222 check_row(_("Use popup window for reports:"), 'rep_popup', $_POST['rep_popup'],
223 false, _('Set this option to on if your browser directly supports pdf files'));
227 submit_add_or_update_center($selected_id == -1, '', 'both');