X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fusers.php;h=c19a7dd9b5ab0b0e8996e5ea0af6c3d2f9a606fa;hb=6bcd87642330092910f5d6977845a76ac59350ac;hp=9fde1d93b3f8d457a616aa2fd877a9e76d75ada7;hpb=d9b4de9d7e9d3ba77f6ece752fd6cc988effd8f1;p=fa-stable.git

diff --git a/admin/users.php b/admin/users.php
index 9fde1d93..c19a7dd9 100644
--- a/admin/users.php
+++ b/admin/users.php
@@ -23,7 +23,7 @@ include_once($path_to_root . "/admin/db/users_db.inc");
 simple_page_mode(true);
 //-------------------------------------------------------------------------------------------------
 
-function can_process() 
+function can_process($new) 
 {
 
 	if (strlen($_POST['user_id']) < 4)
@@ -33,7 +33,7 @@ function can_process()
 		return false;
 	}
 
-	if ($_POST['password'] != "") 
+	if (!$new && ($_POST['password'] != ""))
 	{
     	if (strlen($_POST['password']) < 4)
     	{
@@ -55,10 +55,10 @@ function can_process()
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') 
+if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
 {
 
-	if (can_process())
+	if (can_process($Mode == 'ADD_ITEM'))
 	{
     	if ($selected_id != -1) 
     	{
@@ -91,18 +91,27 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
 
 //-------------------------------------------------------------------------------------------------
 
-if ($Mode == 'Delete')
+if ($Mode == 'Delete' && check_csrf_token())
 {
-	delete_user($selected_id);
-	display_notification_centered(_("User has been deleted."));
-	$Mode = 'RESET';
+	$cancel_delete = 0;
+    if (key_in_foreign_table($selected_id, 'audit_trail', 'user'))
+    {
+        $cancel_delete = 1;
+        display_error(_("Cannot delete this user because entries are associated with this user."));
+    }
+    if ($cancel_delete == 0) 
+    {
+    	delete_user($selected_id);
+    	display_notification_centered(_("User has been deleted."));
+    } //end if Delete group
+    $Mode = 'RESET';
 }
 
 //-------------------------------------------------------------------------------------------------
 if ($Mode == 'RESET')
 {
  	$selected_id = -1;
-	$sav = get_post('show_inactive');
+	$sav = get_post('show_inactive', null);
 	unset($_POST);	// clean all input fields
 	$_POST['show_inactive'] = $sav;
 }
@@ -219,4 +228,3 @@ submit_add_or_update_center($selected_id == -1, '', 'both');
 
 end_form();
 end_page();
-?>