simple_page_mode(true);
//-------------------------------------------------------------------------------------------------
-function can_process()
+function can_process($new)
{
if (strlen($_POST['user_id']) < 4)
return false;
}
- if ($_POST['password'] != "")
+ if (!$new && ($_POST['password'] != ""))
{
if (strlen($_POST['password']) < 4)
{
//-------------------------------------------------------------------------------------------------
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
{
- if (can_process())
+ if (can_process($Mode == 'ADD_ITEM'))
{
if ($selected_id != -1)
{
//-------------------------------------------------------------------------------------------------
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
{
- delete_user($selected_id);
- display_notification_centered(_("User has been deleted."));
- $Mode = 'RESET';
+ $cancel_delete = 0;
+ if (key_in_foreign_table($selected_id, 'audit_trail', 'user'))
+ {
+ $cancel_delete = 1;
+ display_error(_("Cannot delete this user because entries are associated with this user."));
+ }
+ if ($cancel_delete == 0)
+ {
+ delete_user($selected_id);
+ display_notification_centered(_("User has been deleted."));
+ } //end if Delete group
+ $Mode = 'RESET';
}
//-------------------------------------------------------------------------------------------------
if ($Mode == 'RESET')
{
$selected_id = -1;
- $sav = get_post('show_inactive');
+ $sav = get_post('show_inactive', null);
unset($_POST); // clean all input fields
$_POST['show_inactive'] = $sav;
}
$result = get_users(check_value('show_inactive'));
start_form();
-start_table($table_style);
+start_table(TABLESTYLE);
$th = array(_("User login"), _("Full Name"), _("Phone"),
_("E-mail"), _("Last Visit"), _("Access Level"), "", "");
inactive_control_row($th);
end_table(1);
//-------------------------------------------------------------------------------------------------
-start_table($table_style2);
+start_table(TABLESTYLE2);
$_POST['email'] = "";
if ($selected_id != -1)
end_form();
end_page();
-?>