[0005214] Stock Check Sheet: changed option name to less confusing for shortages...

[fa-stable.git] / admin / users.php

diff --git a/admin/users.php b/admin/users.php
index 5737c0e6b1d88fae635ef6bc921740c2860c41f6..fbb42a678c2228ce5b3f3237ea1128095f3c78f5 100644 (file)
--- a/admin/users.php
+++ b/admin/users.php
@@ -23,7 +23,7 @@ include_once($path_to_root . "/admin/db/users_db.inc");
 simple_page_mode(true);
 //-------------------------------------------------------------------------------------------------
 
-function can_process() 
+function can_process($new) 
 {
 
        if (strlen($_POST['user_id']) < 4)
@@ -33,7 +33,7 @@ function can_process()
                return false;
        }
 
-       if ($_POST['password'] != "") 
+       if (!$new && ($_POST['password'] != ""))
        {
        if (strlen($_POST['password']) < 4)
        {
@@ -55,10 +55,10 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
-       if (can_process())
+       if (can_process($Mode == 'ADD_ITEM'))
        {
        if ($selected_id != -1) 
        {
@@ -91,25 +91,34 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
-       delete_user($selected_id);
-       display_notification_centered(_("User has been deleted."));
-       $Mode = 'RESET';
+       $cancel_delete = 0;
+    if (key_in_foreign_table($selected_id, 'audit_trail', 'user'))
+    {
+        $cancel_delete = 1;
+        display_error(_("Cannot delete this user because entries are associated with this user."));
+    }
+    if ($cancel_delete == 0) 
+    {
+       delete_user($selected_id);
+       display_notification_centered(_("User has been deleted."));
+    } //end if Delete group
+    $Mode = 'RESET';
 }
 
 //-------------------------------------------------------------------------------------------------
 if ($Mode == 'RESET')
 {
        $selected_id = -1;
-       $sav = get_post('show_inactive');
+       $sav = get_post('show_inactive', null);
        unset($_POST);  // clean all input fields
        $_POST['show_inactive'] = $sav;
 }
 
 $result = get_users(check_value('show_inactive'));
 start_form();
-start_table($table_style);
+start_table(TABLESTYLE);
 
 $th = array(_("User login"), _("Full Name"), _("Phone"),
        _("E-mail"), _("Last Visit"), _("Access Level"), "", "");
@@ -124,7 +133,9 @@ while ($myrow = db_fetch($result))
 
        alt_table_row_color($k);
 
-       $last_visit_date = sql2date($myrow["last_visit_date"]);
+       $time_format = (user_date_format() == 0 ? "h:i a" : "H:i");
+       $last_visit_date = sql2date($myrow["last_visit_date"]). " " . 
+               date($time_format, strtotime($myrow["last_visit_date"]));
 
        /*The security_headings array is defined in config.php */
        $not_me = strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username);
@@ -153,7 +164,7 @@ while ($myrow = db_fetch($result))
 inactive_control_row($th);
 end_table(1);
 //-------------------------------------------------------------------------------------------------
-start_table($table_style2);
+start_table(TABLESTYLE2);
 
 $_POST['email'] = "";
 if ($selected_id != -1) 
@@ -219,4 +230,3 @@ submit_add_or_update_center($selected_id == -1, '', 'both');
 
 end_form();
 end_page();
-?>