From: Janusz Dobrowolski Date: Sun, 3 May 2009 13:55:31 +0000 (+0000) Subject: Primary key in users table changed to 'id'. X-Git-Tag: v2.4.2~19^2~1414 X-Git-Url: https://delta.frontaccounting.com/gitweb/?a=commitdiff_plain;h=e5536a0814ee5ce77c9cccfd4ec74a0ebd1973d0;p=fa-stable.git Primary key in users table changed to 'id'. --- diff --git a/admin/change_current_user_password.php b/admin/change_current_user_password.php index e8005ae3..f2b270c8 100644 --- a/admin/change_current_user_password.php +++ b/admin/change_current_user_password.php @@ -20,9 +20,6 @@ include_once($path_to_root . "/includes/ui.inc"); include_once($path_to_root . "/admin/db/users_db.inc"); -$selected_id = $_SESSION["wa_current_user"]->username; - - function can_process() { @@ -33,7 +30,7 @@ function can_process() return false; } - if (strstr($_POST['password'], $_POST['user_id']) != false) + if (strstr($_POST['password'], $_SESSION["wa_current_user"]->username) != false) { display_error( _("The password cannot contain the user login.")); set_focus('password'); @@ -58,7 +55,9 @@ if (isset($_POST['UPDATE_ITEM'])) if ($allow_demo_mode) { display_warning(_("Password cannot be changed in demo mode.")); } else { - update_user_password($_POST['user_id'], md5($_POST['password'])); + update_user_password($_SESSION["wa_current_user"]->user, + $_SESSION["wa_current_user"]->username, + md5($_POST['password'])); display_notification(_("Your password has been updated.")); } $Ajax->activate('_page_body'); @@ -69,13 +68,9 @@ start_form(); start_table($table_style); -$myrow = get_user($selected_id); - -$_POST['user_id'] = $myrow["user_id"]; -hidden('selected_id', $selected_id); -hidden('user_id', $_POST['user_id']); +$myrow = get_user($_SESSION["wa_current_user"]->user); -label_row(_("User login:"), $_POST['user_id']); +label_row(_("User login:"), $myrow['user_id']); $_POST['password'] = ""; $_POST['passwordConfirm'] = ""; diff --git a/admin/db/users_db.inc b/admin/db/users_db.inc index c19cbd82..527b89ce 100644 --- a/admin/db/users_db.inc +++ b/admin/db/users_db.inc @@ -25,17 +25,17 @@ function add_user($user_id, $real_name, $password, $phone, $email, $full_access, //----------------------------------------------------------------------------------------------- -function update_user_password($user_id, $password) +function update_user_password($id, $user_id, $password) { - $sql = "UPDATE ".TB_PREF."users SET password=".db_escape($password) . " - WHERE user_id = ".db_escape($user_id); + $sql = "UPDATE ".TB_PREF."users SET password=".db_escape($password) . ", + user_id = ".db_escape($user_id). " WHERE id=".db_escape($id); db_query($sql, "could not update user password for $user_id"); } //----------------------------------------------------------------------------------------------- -function update_user($user_id, $real_name, $phone, $email, $full_access, +function update_user($id, $user_id, $real_name, $phone, $email, $full_access, $language, $profile, $rep_popup, $pos) { $sql = "UPDATE ".TB_PREF."users SET real_name=".db_escape($real_name). @@ -45,14 +45,15 @@ function update_user($user_id, $real_name, $phone, $email, $full_access, language=".db_escape($language).", print_profile=".db_escape($profile).", rep_popup=$rep_popup, - pos=$pos - WHERE user_id = ".db_escape($user_id); + pos=$pos, + user_id = " . db_escape($user_id) + . " WHERE id=" . db_escape($id); db_query($sql, "could not update user for $user_id"); } //----------------------------------------------------------------------------------------------- -function update_user_display_prefs($user_id, $price_dec, $qty_dec, $exrate_dec, +function update_user_display_prefs($id, $price_dec, $qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes, $date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate) @@ -77,39 +78,52 @@ function update_user_display_prefs($user_id, $price_dec, $qty_dec, $exrate_dec, graphic_links=$graphic_links, language=".db_escape($lang).", sticky_doc_date=".db_escape($stickydate)." - WHERE user_id = ".db_escape($user_id); + WHERE id = ".db_escape($id); - db_query($sql, "could not update user display prefs for $user_id"); + db_query($sql, "could not update user display prefs for $id"); } //----------------------------------------------------------------------------------------------- -function get_users() +function get_users($all=false) { $sql = "SELECT * FROM ".TB_PREF."users"; + if (!$all) $sql .= " WHERE !inactive"; return db_query($sql, "could not get users"); } //----------------------------------------------------------------------------------------------- -function get_user($user_id) +function get_user($id) { - $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = '$user_id'"; + $sql = "SELECT * FROM ".TB_PREF."users WHERE id=".db_escape($id); - $result = db_query($sql, "could not get user for $user_id"); + $result = db_query($sql, "could not get user $id"); return db_fetch($result); } //----------------------------------------------------------------------------------------------- +// This function is necessary for admin prefs update after upgrade from 2.1 +// +function get_user_by_login($user_id) +{ + $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id=".db_escape($user_id); + + $result = db_query($sql, "could not get user $user_id"); + + return db_fetch($result); +} -function delete_user($user_id) +//----------------------------------------------------------------------------------------------- + +function delete_user($id) { - $sql="DELETE FROM ".TB_PREF."users WHERE user_id='$user_id'"; + $sql="DELETE FROM ".TB_PREF."users WHERE id=".db_escape($id); - db_query($sql, "could not delete user $user_id"); + db_query($sql, "could not delete user $id"); } //----------------------------------------------------------------------------------------------- @@ -118,7 +132,10 @@ function get_user_for_login($user_id, $password) { set_global_connection(); - $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = '$user_id' AND password='$password'"; +// do not exclude inactive records or you lost access after source upgrade +// on sites using pre 2.2 database + $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = '$user_id' AND" + ." password='$password'"; return db_query($sql, "could not get validate user login for $user_id"); } @@ -134,5 +151,13 @@ function update_user_visitdate($user_id) } //----------------------------------------------------------------------------------------------- +function check_user_activity($id) +{ + $sql = "SELECT COUNT(*) FROM ".TB_PREF."audit_trail WHERE audit_trail.user=" + . db_escape($id); + $result = db_query($sql,"Cant check user activity"); + $ret = db_fetch($result); + return $ret[0]; +} ?> \ No newline at end of file diff --git a/admin/inst_upgrade.php b/admin/inst_upgrade.php index 4a5106b9..1048ed2f 100644 --- a/admin/inst_upgrade.php +++ b/admin/inst_upgrade.php @@ -159,7 +159,7 @@ if (get_post('Upgrade')) { // re-read the prefs global $path_to_root; include_once($path_to_root . "/admin/db/users_db.inc"); - $user = get_user($_SESSION["wa_current_user"]->username); + $user = get_user_by_login($_SESSION["wa_current_user"]->username); $_SESSION["wa_current_user"]->prefs = new user_prefs($user); display_notification(_('All companies data has been successfully updated')); } diff --git a/admin/users.php b/admin/users.php index 775cc813..afca5d6c 100644 --- a/admin/users.php +++ b/admin/users.php @@ -20,7 +20,7 @@ include_once($path_to_root . "/includes/ui.inc"); include_once($path_to_root . "/admin/db/users_db.inc"); -simple_page_mode(false); +simple_page_mode(true); //------------------------------------------------------------------------------------------------- function can_process() @@ -60,14 +60,14 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') if (can_process()) { - if ($selected_id != '') + if ($selected_id != -1) { - update_user($_POST['user_id'], $_POST['real_name'], $_POST['phone'], + update_user($selected_id, $_POST['user_id'], $_POST['real_name'], $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language'], $_POST['profile'], check_value('rep_popup'), $_POST['pos']); if ($_POST['password'] != "") - update_user_password($_POST['user_id'], md5($_POST['password'])); + update_user_password($selected_id, $_POST['user_id'], md5($_POST['password'])); display_notification_centered(_("The selected user has been updated.")); } @@ -76,10 +76,9 @@ if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']), $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language'], $_POST['profile'], check_value('rep_popup'), $_POST['pos']); - + $id = db_insert_id(); // use current user display preferences as start point for new user - update_user_display_prefs($_POST['user_id'], - user_price_dec(), user_qty_dec(), user_exrate_dec(), + update_user_display_prefs($id, user_price_dec(), user_qty_dec(), user_exrate_dec(), user_percent_dec(), user_show_gl_info(), user_show_codes(), user_date_format(), user_date_sep(), user_tho_sep(), user_dec_sep(), user_theme(), user_pagesize(), user_hints(), @@ -104,20 +103,24 @@ if ($Mode == 'Delete') //------------------------------------------------------------------------------------------------- if ($Mode == 'RESET') { - $selected_id = ''; - unset($_POST); // clean all input fields + $selected_id = -1; + $sav = get_post('show_inactive'); + unset($_POST); // clean all input fields + $_POST['show_inactive'] = $sav; } -$result = get_users(); +$result = get_users(check_value('show_inactive')); start_form(); start_table($table_style); -if ($_SESSION["wa_current_user"]->access == 2) +//if ($_SESSION["wa_current_user"]->access == 2) $th = array(_("User login"), _("Full Name"), _("Phone"), _("E-mail"), _("Last Visit"), _("Access Level"), "", ""); -else - $th = array(_("User login"), _("Full Name"), _("Phone"), - _("E-mail"), _("Last Visit"), _("Access Level"), ""); +//else +// $th = array(_("User login"), _("Full Name"), _("Phone"), +// _("E-mail"), _("Last Visit"), _("Access Level"), ""); + +inactive_control_column($th); table_header($th); $k = 0; //row colour counter @@ -130,6 +133,8 @@ while ($myrow = db_fetch($result)) $last_visit_date = sql2date($myrow["last_visit_date"]); /*The security_headings array is defined in config.php */ + $not_me = strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) && + $_SESSION["wa_current_user"]->access == 2; label_cell($myrow["user_id"]); label_cell($myrow["real_name"]); @@ -137,32 +142,34 @@ while ($myrow = db_fetch($result)) email_cell($myrow["email"]); label_cell($last_visit_date, "nowrap"); label_cell($security_headings[$myrow["full_access"]]); - edit_button_cell("Edit".$myrow["user_id"], _("Edit")); - if (strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) && - $_SESSION["wa_current_user"]->access == 2) - delete_button_cell("Delete".$myrow["user_id"], _("Delete")); + + if ($not_me) + inactive_control_cell($myrow["id"], $myrow["inactive"], 'users', 'id'); + elseif (check_value('show_inactive')) + label_cell(''); + + edit_button_cell("Edit".$myrow["id"], _("Edit")); + if ($not_me) + delete_button_cell("Delete".$myrow["id"], _("Delete")); else label_cell(''); end_row(); } //END WHILE LIST LOOP -end_table(); -end_form(); -echo '
'; - +inactive_control_row($th); +end_table(1); //------------------------------------------------------------------------------------------------- -start_form(); - start_table($table_style2); $_POST['email'] = ""; -if ($selected_id != '') +if ($selected_id != -1) { if ($Mode == 'Edit') { //editing an existing User $myrow = get_user($selected_id); + $_POST['id'] = $myrow["id"]; $_POST['user_id'] = $myrow["user_id"]; $_POST['real_name'] = $myrow["real_name"]; $_POST['phone'] = $myrow["phone"]; @@ -193,7 +200,7 @@ label_cell(_("Password:")); label_cell(""); end_row(); -if ($selected_id != '') +if ($selected_id != -1) { table_section_title(_("Enter a new password to change, leave empty to keep current.")); } @@ -218,7 +225,7 @@ check_row(_("Use popup window for reports:"), 'rep_popup', $_POST['rep_popup'], end_table(1); -submit_add_or_update_center($selected_id == '', '', 'both'); +submit_add_or_update_center($selected_id == -1, '', 'both'); end_form(); end_page(); diff --git a/includes/current_user.inc b/includes/current_user.inc index b6663e31..97afe9d0 100644 --- a/includes/current_user.inc +++ b/includes/current_user.inc @@ -15,10 +15,10 @@ include_once($path_to_root . "/includes/prefs/userprefs.inc"); class current_user { - + var $user; var $loginname; var $username; - var $name; + var $name; var $company; var $pos; var $access; @@ -49,27 +49,24 @@ class current_user function login($company, $loginname, $password) { $this->set_company($company); + $this->logged = false; $Auth_Result = get_user_for_login($loginname, $password); if (db_num_rows($Auth_Result) > 0) { - $myrow = db_fetch($Auth_Result); - + $myrow = db_fetch($Auth_Result); + if (! @$myrow["inactive"]) { $this->access = $myrow["full_access"]; $this->name = $myrow["real_name"]; $this->pos = $myrow["pos"]; $this->loginname = $loginname; $this->username = $this->loginname; $this->prefs = new user_prefs($myrow); - - update_user_visitdate($loginname); - $this->logged = true; - - } - else - { - $this->logged = false; + $this->user = @$myrow["id"]; + update_user_visitdate($this->username); + $this->logged = true; + } } return $this->logged; @@ -111,13 +108,13 @@ class current_user $showgl, $showcodes, $date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate) { - update_user_display_prefs($this->username, $price_dec, + update_user_display_prefs($this->user, $price_dec, $qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes, $date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate); // re-read the prefs - $user = get_user($this->username); + $user = get_user($this->user); $this->prefs = new user_prefs($user); } }