Function line misplaced.

[fa-stable.git] / admin / users.php

diff --git a/admin/users.php b/admin/users.php
index 5d56aff15c844c9709cce9d5bafa683afab77f01..c19a7dd9b5ab0b0e8996e5ea0af6c3d2f9a606fa 100644 (file)
--- a/admin/users.php
+++ b/admin/users.php
@@ -23,7 +23,7 @@ include_once($path_to_root . "/admin/db/users_db.inc");
 simple_page_mode(true);
 //-------------------------------------------------------------------------------------------------
 
-function can_process() 
+function can_process($new) 
 {
 
        if (strlen($_POST['user_id']) < 4)
@@ -33,7 +33,7 @@ function can_process()
                return false;
        }
 
-       if ($_POST['password'] != "") 
+       if (!$new && ($_POST['password'] != ""))
        {
        if (strlen($_POST['password']) < 4)
        {
@@ -55,10 +55,10 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
-       if (can_process())
+       if (can_process($Mode == 'ADD_ITEM'))
        {
        if ($selected_id != -1) 
        {
@@ -91,25 +91,34 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
-       delete_user($selected_id);
-       display_notification_centered(_("User has been deleted."));
-       $Mode = 'RESET';
+       $cancel_delete = 0;
+    if (key_in_foreign_table($selected_id, 'audit_trail', 'user'))
+    {
+        $cancel_delete = 1;
+        display_error(_("Cannot delete this user because entries are associated with this user."));
+    }
+    if ($cancel_delete == 0) 
+    {
+       delete_user($selected_id);
+       display_notification_centered(_("User has been deleted."));
+    } //end if Delete group
+    $Mode = 'RESET';
 }
 
 //-------------------------------------------------------------------------------------------------
 if ($Mode == 'RESET')
 {
        $selected_id = -1;
-       $sav = get_post('show_inactive');
+       $sav = get_post('show_inactive', null);
        unset($_POST);  // clean all input fields
        $_POST['show_inactive'] = $sav;
 }
 
 $result = get_users(check_value('show_inactive'));
 start_form();
-start_table($table_style);
+start_table(TABLESTYLE);
 
 $th = array(_("User login"), _("Full Name"), _("Phone"),
        _("E-mail"), _("Last Visit"), _("Access Level"), "", "");
@@ -153,7 +162,7 @@ while ($myrow = db_fetch($result))
 inactive_control_row($th);
 end_table(1);
 //-------------------------------------------------------------------------------------------------
-start_table($table_style2);
+start_table(TABLESTYLE2);
 
 $_POST['email'] = "";
 if ($selected_id != -1) 
@@ -188,10 +197,7 @@ else
        $_POST['pos'] = user_pos();
 }
 $_POST['password'] = "";
-start_row();
-label_cell(_("Password:"));
-label_cell("<input type='password' name='password' size=22 maxlength=20 value='" . $_POST['password'] . "'>");
-end_row();
+password_row(_("Password:"), 'password', $_POST['password']);
 
 if ($selected_id != -1) 
 {
@@ -222,4 +228,3 @@ submit_add_or_update_center($selected_id == -1, '', 'both');
 
 end_form();
 end_page();
-?>