X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=blobdiff_plain;f=admin%2Fusers.php;h=fbb42a678c2228ce5b3f3237ea1128095f3c78f5;hb=a3905612a65008c52315b9951010b0bef88c63cb;hp=765997cb57899acda6a8040cda23a0ef42f2d108;hpb=6183e9450dcd7e4c747889c10903f6ff1b0add33;p=fa-stable.git diff --git a/admin/users.php b/admin/users.php index 765997cb..fbb42a67 100644 --- a/admin/users.php +++ b/admin/users.php @@ -1,45 +1,29 @@ . +***********************************************************************/ +$page_security = 'SA_USERS'; +$path_to_root = ".."; include_once($path_to_root . "/includes/session.inc"); -page(_("Users")); +page(_($help_context = "Users")); include_once($path_to_root . "/includes/date_functions.inc"); include_once($path_to_root . "/includes/ui.inc"); include_once($path_to_root . "/admin/db/users_db.inc"); -if (isset($_GET['selected_id'])) -{ - $selected_id = $_GET['selected_id']; -} -elseif (isset($_POST['selected_id'])) -{ - $selected_id = $_POST['selected_id']; -} - -//------------------------------------------------------------------------------------------------- - -if (isset($_GET['AddedID'])) -{ - display_notification_centered(_("A new user has been added.")); -} - -if (isset($_GET['UpdatedID'])) -{ - display_notification_centered(_("The selected user has been updated.")); -} - -if (isset($_GET['DeletedID'])) -{ - display_notification_centered(_("User has been deleted.")); -} - +simple_page_mode(true); //------------------------------------------------------------------------------------------------- -function can_process() +function can_process($new) { if (strlen($_POST['user_id']) < 4) @@ -49,19 +33,19 @@ function can_process() return false; } - if ($_POST['password'] != "") + if (!$new && ($_POST['password'] != "")) { if (strlen($_POST['password']) < 4) { display_error( _("The password entered must be at least 4 characters long.")); - set_focus('password'); + set_focus('password'); return false; } if (strstr($_POST['password'], $_POST['user_id']) != false) { display_error( _("The password cannot contain the user login.")); - set_focus('password'); + set_focus('password'); return false; } } @@ -71,55 +55,75 @@ function can_process() //------------------------------------------------------------------------------------------------- -if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM'])) +if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token()) { - if (can_process()) + if (can_process($Mode == 'ADD_ITEM')) { - if (isset($selected_id)) + if ($selected_id != -1) { - update_user($_POST['user_id'], $_POST['real_name'], $_POST['phone'], - $_POST['email'], $_POST['Access'], $_POST['language']); + update_user_prefs($selected_id, + get_post(array('user_id', 'real_name', 'phone', 'email', 'role_id', 'language', + 'print_profile', 'rep_popup' => 0, 'pos'))); if ($_POST['password'] != "") - update_user_password($_POST['user_id'], md5($_POST['password'])); + update_user_password($selected_id, $_POST['user_id'], md5($_POST['password'])); - unset($selected_id); - meta_forward($_SERVER['PHP_SELF'], "UpdatedID=1"); + display_notification_centered(_("The selected user has been updated.")); } else { add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']), - $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language']); - - unset($selected_id); - meta_forward($_SERVER['PHP_SELF'], "AddedID=1"); + $_POST['phone'], $_POST['email'], $_POST['role_id'], $_POST['language'], + $_POST['print_profile'], check_value('rep_popup'), $_POST['pos']); + $id = db_insert_id(); + // use current user display preferences as start point for new user + $prefs = $_SESSION['wa_current_user']->prefs->get_all(); + + update_user_prefs($id, array_merge($prefs, get_post(array('print_profile', + 'rep_popup' => 0, 'language')))); + + display_notification_centered(_("A new user has been added.")); } + $Mode = 'RESET'; } } //------------------------------------------------------------------------------------------------- -if (isset($_GET['delete'])) +if ($Mode == 'Delete' && check_csrf_token()) { - delete_user($selected_id); - unset($selected_id); - - meta_forward($_SERVER['PHP_SELF'], "DeletedID=1"); + $cancel_delete = 0; + if (key_in_foreign_table($selected_id, 'audit_trail', 'user')) + { + $cancel_delete = 1; + display_error(_("Cannot delete this user because entries are associated with this user.")); + } + if ($cancel_delete == 0) + { + delete_user($selected_id); + display_notification_centered(_("User has been deleted.")); + } //end if Delete group + $Mode = 'RESET'; } //------------------------------------------------------------------------------------------------- +if ($Mode == 'RESET') +{ + $selected_id = -1; + $sav = get_post('show_inactive', null); + unset($_POST); // clean all input fields + $_POST['show_inactive'] = $sav; +} -$result = get_users(); +$result = get_users(check_value('show_inactive')); +start_form(); +start_table(TABLESTYLE); -start_table($table_style); +$th = array(_("User login"), _("Full Name"), _("Phone"), + _("E-mail"), _("Last Visit"), _("Access Level"), "", ""); -if ($_SESSION["wa_current_user"]->access == 2) - $th = array(_("User login"), _("Full Name"), _("Phone"), - _("E-mail"), _("Last Visit"), _("Access Level"), "", ""); -else - $th = array(_("User login"), _("Full Name"), _("Phone"), - _("E-mail"), _("Last Visit"), _("Access Level"), ""); +inactive_control_column($th); table_header($th); $k = 0; //row colour counter @@ -129,64 +133,75 @@ while ($myrow = db_fetch($result)) alt_table_row_color($k); - $last_visit_date = sql2date($myrow["last_visit_date"]); + $time_format = (user_date_format() == 0 ? "h:i a" : "H:i"); + $last_visit_date = sql2date($myrow["last_visit_date"]). " " . + date($time_format, strtotime($myrow["last_visit_date"])); /*The security_headings array is defined in config.php */ + $not_me = strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username); label_cell($myrow["user_id"]); label_cell($myrow["real_name"]); label_cell($myrow["phone"]); - label_cell($myrow["email"]); + email_cell($myrow["email"]); label_cell($last_visit_date, "nowrap"); - label_cell($security_headings[$myrow["full_access"]]); - edit_link_cell("selected_id=".$myrow["user_id"]); - if (strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) && - $_SESSION["wa_current_user"]->access == 2) - delete_link_cell("selected_id=".$myrow["user_id"]."&delete=1"); + label_cell($myrow["role"]); + + if ($not_me) + inactive_control_cell($myrow["id"], $myrow["inactive"], 'users', 'id'); + elseif (check_value('show_inactive')) + label_cell(''); + + edit_button_cell("Edit".$myrow["id"], _("Edit")); + if ($not_me) + delete_button_cell("Delete".$myrow["id"], _("Delete")); + else + label_cell(''); end_row(); } //END WHILE LIST LOOP -end_table(); - +inactive_control_row($th); +end_table(1); //------------------------------------------------------------------------------------------------- +start_table(TABLESTYLE2); -hyperlink_no_params($_SERVER['PHP_SELF'], _("New User")); - -start_form(); - -start_table($table_style2); -if (isset($selected_id)) +$_POST['email'] = ""; +if ($selected_id != -1) { - //editing an existing User - - $myrow = get_user($selected_id); - - $_POST['user_id'] = $myrow["user_id"]; - $_POST['real_name'] = $myrow["real_name"]; - $_POST['phone'] = $myrow["phone"]; - $_POST['email'] = $myrow["email"]; - $_POST['Access'] = $myrow["full_access"]; - $_POST['language'] = $myrow["language"]; - + if ($Mode == 'Edit') { + //editing an existing User + $myrow = get_user($selected_id); + + $_POST['id'] = $myrow["id"]; + $_POST['user_id'] = $myrow["user_id"]; + $_POST['real_name'] = $myrow["real_name"]; + $_POST['phone'] = $myrow["phone"]; + $_POST['email'] = $myrow["email"]; + $_POST['role_id'] = $myrow["role_id"]; + $_POST['language'] = $myrow["language"]; + $_POST['print_profile'] = $myrow["print_profile"]; + $_POST['rep_popup'] = $myrow["rep_popup"]; + $_POST['pos'] = $myrow["pos"]; + } hidden('selected_id', $selected_id); - hidden('user_id', $_POST['user_id']); + hidden('user_id'); start_row(); label_row(_("User login:"), $_POST['user_id']); - } else { //end of if $selected_id only do the else when a new record is being entered text_row(_("User Login:"), "user_id", null, 22, 20); + $_POST['language'] = user_language(); + $_POST['print_profile'] = user_print_profile(); + $_POST['rep_popup'] = user_rep_popup(); + $_POST['pos'] = user_pos(); } $_POST['password'] = ""; -start_row(); -label_cell(_("Password:")); -label_cell(""); -end_row(); +password_row(_("Password:"), 'password', $_POST['password']); -if (isset($selected_id)) +if ($selected_id != -1) { table_section_title(_("Enter a new password to change, leave empty to keep current.")); } @@ -195,16 +210,23 @@ text_row_ex(_("Full Name").":", 'real_name', 50); text_row_ex(_("Telephone No.:"), 'phone', 30); -text_row_ex(_("Email Address:"), 'email', 50); +email_row_ex(_("Email Address:"), 'email', 50); -security_headings_list_row(_("Access Level:"), "Access", null); +security_roles_list_row(_("Access Level:"), 'role_id', null); languages_list_row(_("Language:"), 'language', null); +pos_list_row(_("User's POS"). ':', 'pos', null); + +print_profiles_list_row(_("Printing profile"). ':', 'print_profile', null, + _('Browser printing support')); + +check_row(_("Use popup window for reports:"), 'rep_popup', $_POST['rep_popup'], + false, _('Set this option to on if your browser directly supports pdf files')); + end_table(1); -submit_add_or_update_center(!isset($selected_id)); +submit_add_or_update_center($selected_id == -1, '', 'both'); end_form(); end_page(); -?>