admin/users.php

   1 <?php
   2
   3 $page_security=15;
   4 $path_to_root="..";
   5 include_once($path_to_root . "/includes/session.inc");
   6
   7 page(_("Users"));
   8
   9 include_once($path_to_root . "/includes/date_functions.inc");
  10 include_once($path_to_root . "/includes/ui.inc");
  11
  12 include_once($path_to_root . "/admin/db/users_db.inc");
  13
  14 if (isset($_GET['selected_id']))
  15 {
  16         $selected_id = $_GET['selected_id'];
  17 }
  18 elseif (isset($_POST['selected_id']))
  19 {
  20         $selected_id = $_POST['selected_id'];
  21 }
  22
  23 //-------------------------------------------------------------------------------------------------
  24
  25 if (isset($_GET['AddedID']))
  26 {
  27         display_notification_centered(_("A new user has been added."));
  28 }
  29
  30 if (isset($_GET['UpdatedID']))
  31 {
  32     display_notification_centered(_("The selected user has been updated."));
  33 }
  34
  35 if (isset($_GET['DeletedID']))
  36 {
  37         display_notification_centered(_("User has been deleted."));
  38 }
  39
  40 //-------------------------------------------------------------------------------------------------
  41
  42 function can_process()
  43 {
  44
  45         if (strlen($_POST['user_id']) < 4)
  46         {
  47                 display_error( _("The user login entered must be at least 4 characters long."));
  48                 set_focus('user_id');
  49                 return false;
  50         }
  51
  52         if ($_POST['password'] != "")
  53         {
  54         if (strlen($_POST['password']) < 4)
  55         {
  56                 display_error( _("The password entered must be at least 4 characters long."));
  57                 set_focus('password');
  58                 return false;
  59         }
  60
  61         if (strstr($_POST['password'], $_POST['user_id']) != false)
  62         {
  63                 display_error( _("The password cannot contain the user login."));
  64                 set_focus('password');
  65                 return false;
  66         }
  67         }
  68
  69         return true;
  70 }
  71
  72 //-------------------------------------------------------------------------------------------------
  73
  74 if (isset($_POST['ADD_ITEM']) || isset($_POST['UPDATE_ITEM']))
  75 {
  76
  77         if (can_process())
  78         {
  79         if (isset($selected_id))
  80         {
  81                 update_user($_POST['user_id'], $_POST['real_name'], $_POST['phone'],
  82                         $_POST['email'], $_POST['Access'], $_POST['language']);
  83
  84                 if ($_POST['password'] != "")
  85                         update_user_password($_POST['user_id'], md5($_POST['password']));
  86
  87                         unset($selected_id);
  88                 meta_forward($_SERVER['PHP_SELF'], "UpdatedID=1");
  89         }
  90         else
  91         {
  92                 add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']),
  93                                 $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language']);
  94
  95                         unset($selected_id);
  96                         meta_forward($_SERVER['PHP_SELF'], "AddedID=1");
  97         }
  98         }
  99 }
 100
 101 //-------------------------------------------------------------------------------------------------
 102
 103 if (isset($_GET['delete']))
 104 {
 105         delete_user($selected_id);
 106         unset($selected_id);
 107
 108         meta_forward($_SERVER['PHP_SELF'], "DeletedID=1");
 109 }
 110
 111 //-------------------------------------------------------------------------------------------------
 112
 113 $result = get_users();
 114
 115 start_table($table_style);
 116
 117 if ($_SESSION["wa_current_user"]->access == 2)
 118         $th = array(_("User login"), _("Full Name"), _("Phone"),
 119                 _("E-mail"), _("Last Visit"), _("Access Level"), "", "");
 120 else
 121         $th = array(_("User login"), _("Full Name"), _("Phone"),
 122                 _("E-mail"), _("Last Visit"), _("Access Level"), "");
 123 table_header($th);
 124
 125 $k = 0; //row colour counter
 126
 127 while ($myrow = db_fetch($result))
 128 {
 129
 130         alt_table_row_color($k);
 131
 132         $last_visit_date = sql2date($myrow["last_visit_date"]);
 133
 134         /*The security_headings array is defined in config.php */
 135
 136         label_cell($myrow["user_id"]);
 137         label_cell($myrow["real_name"]);
 138         label_cell($myrow["phone"]);
 139         label_cell($myrow["email"]);
 140         label_cell($last_visit_date, "nowrap");
 141         label_cell($security_headings[$myrow["full_access"]]);
 142     edit_link_cell("selected_id=".$myrow["user_id"]);
 143     if (strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) &&
 144         $_SESSION["wa_current_user"]->access == 2)
 145         delete_link_cell("selected_id=".$myrow["user_id"]."&delete=1");
 146         end_row();
 147
 148 } //END WHILE LIST LOOP
 149
 150 end_table();
 151
 152 //-------------------------------------------------------------------------------------------------
 153
 154 hyperlink_no_params($_SERVER['PHP_SELF'], _("New User"));
 155
 156 start_form();
 157
 158 start_table($table_style2);
 159 if (isset($selected_id))
 160 {
 161         //editing an existing User
 162
 163         $myrow = get_user($selected_id);
 164
 165         $_POST['user_id'] = $myrow["user_id"];
 166         $_POST['real_name'] = $myrow["real_name"];
 167         $_POST['phone'] = $myrow["phone"];
 168         $_POST['email'] = $myrow["email"];
 169         $_POST['Access'] = $myrow["full_access"];
 170         $_POST['language'] = $myrow["language"];
 171
 172         hidden('selected_id', $selected_id);
 173         hidden('user_id', $_POST['user_id']);
 174
 175         start_row();
 176         label_row(_("User login:"), $_POST['user_id']);
 177
 178 }
 179 else
 180 { //end of if $selected_id only do the else when a new record is being entered
 181         text_row(_("User Login:"), "user_id",  null, 22, 20);
 182 }
 183 $_POST['password'] = "";
 184 start_row();
 185 label_cell(_("Password:"));
 186 label_cell("<input type='password' name='password' size=22 maxlength=20 value='" . $_POST['password'] . "'>");
 187 end_row();
 188
 189 if (isset($selected_id))
 190 {
 191         table_section_title(_("Enter a new password to change, leave empty to keep current."));
 192 }
 193
 194 text_row_ex(_("Full Name").":", 'real_name',  50);
 195
 196 text_row_ex(_("Telephone No.:"), 'phone', 30);
 197
 198 text_row_ex(_("Email Address:"), 'email', 50);
 199
 200 security_headings_list_row(_("Access Level:"), "Access", null);
 201
 202 languages_list_row(_("Language:"), 'language', null);
 203
 204 end_table(1);
 205
 206 submit_add_or_update_center(!isset($selected_id));
 207
 208 end_form();
 209 end_page();
 210 ?>