X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fusers.php;h=c19a7dd9b5ab0b0e8996e5ea0af6c3d2f9a606fa;hb=495ac5fbc5f98dde51645d1691e13dc37654f771;hp=5737c0e6b1d88fae635ef6bc921740c2860c41f6;hpb=303eb17e9cdd9702eee9fdfcaee51e654a1da541;p=fa-stable.git

diff --git a/admin/users.php b/admin/users.php
index 5737c0e6..c19a7dd9 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -23,7 +23,7 @@ include_once($path_to_root . "/admin/db/users_db.inc");
 simple_page_mode(true);
 //-------------------------------------------------------------------------------------------------
 
-function can_process() 
+function can_process($new) 
 {
 
 	if (strlen($_POST['user_id']) < 4)
@@ -33,7 +33,7 @@ function can_process()
 		return false;
 	}
 
-	if ($_POST['password'] != "") 
+	if (!$new && ($_POST['password'] != ""))
 	{
     	if (strlen($_POST['password']) < 4)
     	{
@@ -55,10 +55,10 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
-	if (can_process())
+	if (can_process($Mode == 'ADD_ITEM'))
 	{
     	if ($selected_id != -1) 
     	{
@@ -91,25 +91,34 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
-	delete_user($selected_id);
-	display_notification_centered(_("User has been deleted."));
-	$Mode = 'RESET';
+	$cancel_delete = 0;
+    if (key_in_foreign_table($selected_id, 'audit_trail', 'user'))
+    {
+        $cancel_delete = 1;
+        display_error(_("Cannot delete this user because entries are associated with this user."));
+    }
+    if ($cancel_delete == 0) 
+    {
+    	delete_user($selected_id);
+    	display_notification_centered(_("User has been deleted."));
+    } //end if Delete group
+    $Mode = 'RESET';
 }
 
 //-------------------------------------------------------------------------------------------------
 if ($Mode == 'RESET')
 {
  	$selected_id = -1;
-	$sav = get_post('show_inactive');
+	$sav = get_post('show_inactive', null);
 	unset($_POST);	// clean all input fields
 	$_POST['show_inactive'] = $sav;
 }
 
 $result = get_users(check_value('show_inactive'));
 start_form();
-start_table($table_style);
+start_table(TABLESTYLE);
 
 $th = array(_("User login"), _("Full Name"), _("Phone"),
 	_("E-mail"), _("Last Visit"), _("Access Level"), "", "");
@@ -153,7 +162,7 @@ while ($myrow = db_fetch($result))
 inactive_control_row($th);
 end_table(1);
 //-------------------------------------------------------------------------------------------------
-start_table($table_style2);
+start_table(TABLESTYLE2);
 
 $_POST['email'] = "";
 if ($selected_id != -1) 
@@ -219,4 +228,3 @@ submit_add_or_update_center($selected_id == -1, '', 'both');
 
 end_form();
 end_page();
-?>