admin/users.php

   1 <?php
   2
   3 $page_security=15;
   4 $path_to_root="..";
   5 include_once($path_to_root . "/includes/session.inc");
   6
   7 page(_("Users"));
   8
   9 include_once($path_to_root . "/includes/date_functions.inc");
  10 include_once($path_to_root . "/includes/ui.inc");
  11
  12 include_once($path_to_root . "/admin/db/users_db.inc");
  13
  14 simple_page_mode(false);
  15 //-------------------------------------------------------------------------------------------------
  16
  17 function can_process()
  18 {
  19
  20         if (strlen($_POST['user_id']) < 4)
  21         {
  22                 display_error( _("The user login entered must be at least 4 characters long."));
  23                 set_focus('user_id');
  24                 return false;
  25         }
  26
  27         if ($_POST['password'] != "")
  28         {
  29         if (strlen($_POST['password']) < 4)
  30         {
  31                 display_error( _("The password entered must be at least 4 characters long."));
  32                         set_focus('password');
  33                 return false;
  34         }
  35
  36         if (strstr($_POST['password'], $_POST['user_id']) != false)
  37         {
  38                 display_error( _("The password cannot contain the user login."));
  39                         set_focus('password');
  40                 return false;
  41         }
  42         }
  43
  44         return true;
  45 }
  46
  47 //-------------------------------------------------------------------------------------------------
  48
  49 if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
  50 {
  51
  52         if (can_process())
  53         {
  54         if ($selected_id != '')
  55         {
  56                 update_user($_POST['user_id'], $_POST['real_name'], $_POST['phone'],
  57                         $_POST['email'], $_POST['Access'], $_POST['language'],
  58                                 $_POST['profile'], check_value('rep_popup'), $_POST['pos']);
  59
  60                 if ($_POST['password'] != "")
  61                         update_user_password($_POST['user_id'], md5($_POST['password']));
  62
  63                 display_notification_centered(_("The selected user has been updated."));
  64         }
  65         else
  66         {
  67                 add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']),
  68                                 $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language'],
  69                                 $_POST['profile'], check_value('rep_popup'), $_POST['pos']);
  70
  71                         display_notification_centered(_("A new user has been added."));
  72         }
  73                 $Mode = 'RESET';
  74         }
  75 }
  76
  77 //-------------------------------------------------------------------------------------------------
  78
  79 if ($Mode == 'Delete')
  80 {
  81         delete_user($selected_id);
  82         display_notification_centered(_("User has been deleted."));
  83         $Mode = 'RESET';
  84 }
  85
  86 //-------------------------------------------------------------------------------------------------
  87 if ($Mode == 'RESET')
  88 {
  89         $selected_id = '';
  90         unset($_POST); // clean all input fields
  91 }
  92
  93 $result = get_users();
  94 start_form();
  95 start_table($table_style);
  96
  97 if ($_SESSION["wa_current_user"]->access == 2)
  98         $th = array(_("User login"), _("Full Name"), _("Phone"),
  99                 _("E-mail"), _("Last Visit"), _("Access Level"), "", "");
 100 else
 101         $th = array(_("User login"), _("Full Name"), _("Phone"),
 102                 _("E-mail"), _("Last Visit"), _("Access Level"), "");
 103 table_header($th);
 104
 105 $k = 0; //row colour counter
 106
 107 while ($myrow = db_fetch($result))
 108 {
 109
 110         alt_table_row_color($k);
 111
 112         $last_visit_date = sql2date($myrow["last_visit_date"]);
 113
 114         /*The security_headings array is defined in config.php */
 115
 116         label_cell($myrow["user_id"]);
 117         label_cell($myrow["real_name"]);
 118         label_cell($myrow["phone"]);
 119         label_cell($myrow["email"]);
 120         label_cell($last_visit_date, "nowrap");
 121         label_cell($security_headings[$myrow["full_access"]]);
 122         edit_button_cell("Edit".$myrow["user_id"], _("Edit"));
 123     if (strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) &&
 124         $_SESSION["wa_current_user"]->access == 2)
 125                 edit_button_cell("Delete".$myrow["user_id"], _("Delete"));
 126         else
 127                 label_cell('');
 128         end_row();
 129
 130 } //END WHILE LIST LOOP
 131
 132 end_table();
 133 end_form();
 134 echo '<br>';
 135
 136 //-------------------------------------------------------------------------------------------------
 137 start_form();
 138
 139 start_table($table_style2);
 140 if ($selected_id != '')
 141 {
 142         if ($Mode == 'Edit') {
 143                 //editing an existing User
 144                 $myrow = get_user($selected_id);
 145
 146                 $_POST['user_id'] = $myrow["user_id"];
 147                 $_POST['real_name'] = $myrow["real_name"];
 148                 $_POST['phone'] = $myrow["phone"];
 149                 $_POST['email'] = $myrow["email"];
 150                 $_POST['Access'] = $myrow["full_access"];
 151                 $_POST['language'] = $myrow["language"];
 152                 $_POST['profile'] = $myrow["print_profile"];
 153                 $_POST['rep_popup'] = $myrow["rep_popup"];
 154                 $_POST['pos'] = $myrow["pos"];
 155         }
 156         hidden('selected_id', $selected_id);
 157         hidden('user_id');
 158
 159         start_row();
 160         label_row(_("User login:"), $_POST['user_id']);
 161 }
 162 else
 163 { //end of if $selected_id only do the else when a new record is being entered
 164         text_row(_("User Login:"), "user_id",  null, 22, 20);
 165         $_POST['rep_popup'] = 1;
 166 }
 167 $_POST['password'] = "";
 168 start_row();
 169 label_cell(_("Password:"));
 170 label_cell("<input type='password' name='password' size=22 maxlength=20 value='" . $_POST['password'] . "'>");
 171 end_row();
 172
 173 if ($selected_id != '')
 174 {
 175         table_section_title(_("Enter a new password to change, leave empty to keep current."));
 176 }
 177
 178 text_row_ex(_("Full Name").":", 'real_name',  50);
 179
 180 text_row_ex(_("Telephone No.:"), 'phone', 30);
 181
 182 text_row_ex(_("Email Address:"), 'email', 50);
 183
 184 security_headings_list_row(_("Access Level:"), 'Access', null);
 185
 186 languages_list_row(_("Language:"), 'language', null);
 187
 188 pos_list_row(_("User's POS"). ':', 'pos', null);
 189
 190 print_profiles_list_row(_("Printing profile"). ':', 'profile', null,
 191         _('Browser printing support'));
 192
 193 check_row(_("Use popup window for reports:"), 'rep_popup', $_POST['rep_popup'],
 194         false, _('Set this option to on if your browser directly supports pdf files'));
 195
 196 end_table(1);
 197
 198 submit_add_or_update_center($selected_id == '', '', true);
 199
 200 end_form();
 201 end_page();
 202 ?>