admin/users.php

   1 <?php
   2 /**********************************************************************
   3     Copyright (C) FrontAccounting, LLC.
   4         Released under the terms of the GNU General Public License, GPL,
   5         as published by the Free Software Foundation, either version 3
   6         of the License, or (at your option) any later version.
   7     This program is distributed in the hope that it will be useful,
   8     but WITHOUT ANY WARRANTY; without even the implied warranty of
   9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  11 ***********************************************************************/
  12 $page_security = 'SA_USERS';
  13 $path_to_root = "..";
  14 include_once($path_to_root . "/includes/session.inc");
  15
  16 page(_($help_context = "Users"));
  17
  18 include_once($path_to_root . "/includes/date_functions.inc");
  19 include_once($path_to_root . "/includes/ui.inc");
  20
  21 include_once($path_to_root . "/admin/db/users_db.inc");
  22
  23 simple_page_mode(true);
  24 //-------------------------------------------------------------------------------------------------
  25
  26 function can_process($new)
  27 {
  28
  29         if (strlen($_POST['user_id']) < 4)
  30         {
  31                 display_error( _("The user login entered must be at least 4 characters long."));
  32                 set_focus('user_id');
  33                 return false;
  34         }
  35
  36         if (!$new && ($_POST['password'] != ""))
  37         {
  38         if (strlen($_POST['password']) < 4)
  39         {
  40                 display_error( _("The password entered must be at least 4 characters long."));
  41                         set_focus('password');
  42                 return false;
  43         }
  44
  45         if (strstr($_POST['password'], $_POST['user_id']) != false)
  46         {
  47                 display_error( _("The password cannot contain the user login."));
  48                         set_focus('password');
  49                 return false;
  50         }
  51         }
  52
  53         return true;
  54 }
  55
  56 //-------------------------------------------------------------------------------------------------
  57
  58 if (($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM') && check_csrf_token())
  59 {
  60
  61         if (can_process($Mode == 'ADD_ITEM'))
  62         {
  63         if ($selected_id != -1)
  64         {
  65                 update_user_prefs($selected_id,
  66                         get_post(array('user_id', 'real_name', 'phone', 'email', 'role_id', 'language',
  67                                         'print_profile', 'rep_popup' => 0, 'pos')));
  68
  69                 if ($_POST['password'] != "")
  70                         update_user_password($selected_id, $_POST['user_id'], md5($_POST['password']));
  71
  72                 display_notification_centered(_("The selected user has been updated."));
  73         }
  74         else
  75         {
  76                 add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']),
  77                                 $_POST['phone'], $_POST['email'], $_POST['role_id'], $_POST['language'],
  78                                 $_POST['print_profile'], check_value('rep_popup'), $_POST['pos']);
  79                         $id = db_insert_id();
  80                         // use current user display preferences as start point for new user
  81                         $prefs = $_SESSION['wa_current_user']->prefs->get_all();
  82
  83                         update_user_prefs($id, array_merge($prefs, get_post(array('print_profile',
  84                                 'rep_popup' => 0, 'language'))));
  85
  86                         display_notification_centered(_("A new user has been added."));
  87         }
  88                 $Mode = 'RESET';
  89         }
  90 }
  91
  92 //-------------------------------------------------------------------------------------------------
  93
  94 if ($Mode == 'Delete' && check_csrf_token())
  95 {
  96         $cancel_delete = 0;
  97     if (key_in_foreign_table($selected_id, 'audit_trail', 'user'))
  98     {
  99         $cancel_delete = 1;
 100         display_error(_("Cannot delete this user because entries are associated with this user."));
 101     }
 102     if ($cancel_delete == 0)
 103     {
 104         delete_user($selected_id);
 105         display_notification_centered(_("User has been deleted."));
 106     } //end if Delete group
 107     $Mode = 'RESET';
 108 }
 109
 110 //-------------------------------------------------------------------------------------------------
 111 if ($Mode == 'RESET')
 112 {
 113         $selected_id = -1;
 114         $sav = get_post('show_inactive', null);
 115         unset($_POST);  // clean all input fields
 116         $_POST['show_inactive'] = $sav;
 117 }
 118
 119 $result = get_users(check_value('show_inactive'));
 120 start_form();
 121 start_table(TABLESTYLE);
 122
 123 $th = array(_("User login"), _("Full Name"), _("Phone"),
 124         _("E-mail"), _("Last Visit"), _("Access Level"), "", "");
 125
 126 inactive_control_column($th);
 127 table_header($th);
 128
 129 $k = 0; //row colour counter
 130
 131 while ($myrow = db_fetch($result))
 132 {
 133
 134         alt_table_row_color($k);
 135
 136         $time_format = (user_date_format() == 0 ? "h:i a" : "H:i");
 137         $last_visit_date = sql2date($myrow["last_visit_date"]). " " .
 138                 date($time_format, strtotime($myrow["last_visit_date"]));
 139
 140         /*The security_headings array is defined in config.php */
 141         $not_me = strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username);
 142
 143         label_cell($myrow["user_id"]);
 144         label_cell($myrow["real_name"]);
 145         label_cell($myrow["phone"]);
 146         email_cell($myrow["email"]);
 147         label_cell($last_visit_date, "nowrap");
 148         label_cell($myrow["role"]);
 149
 150     if ($not_me)
 151                 inactive_control_cell($myrow["id"], $myrow["inactive"], 'users', 'id');
 152         elseif (check_value('show_inactive'))
 153                 label_cell('');
 154
 155         edit_button_cell("Edit".$myrow["id"], _("Edit"));
 156     if ($not_me)
 157                 delete_button_cell("Delete".$myrow["id"], _("Delete"));
 158         else
 159                 label_cell('');
 160         end_row();
 161
 162 } //END WHILE LIST LOOP
 163
 164 inactive_control_row($th);
 165 end_table(1);
 166 //-------------------------------------------------------------------------------------------------
 167 start_table(TABLESTYLE2);
 168
 169 $_POST['email'] = "";
 170 if ($selected_id != -1)
 171 {
 172         if ($Mode == 'Edit') {
 173                 //editing an existing User
 174                 $myrow = get_user($selected_id);
 175
 176                 $_POST['id'] = $myrow["id"];
 177                 $_POST['user_id'] = $myrow["user_id"];
 178                 $_POST['real_name'] = $myrow["real_name"];
 179                 $_POST['phone'] = $myrow["phone"];
 180                 $_POST['email'] = $myrow["email"];
 181                 $_POST['role_id'] = $myrow["role_id"];
 182                 $_POST['language'] = $myrow["language"];
 183                 $_POST['print_profile'] = $myrow["print_profile"];
 184                 $_POST['rep_popup'] = $myrow["rep_popup"];
 185                 $_POST['pos'] = $myrow["pos"];
 186         }
 187         hidden('selected_id', $selected_id);
 188         hidden('user_id');
 189
 190         start_row();
 191         label_row(_("User login:"), $_POST['user_id']);
 192 }
 193 else
 194 { //end of if $selected_id only do the else when a new record is being entered
 195         text_row(_("User Login:"), "user_id",  null, 22, 20);
 196         $_POST['language'] = user_language();
 197         $_POST['print_profile'] = user_print_profile();
 198         $_POST['rep_popup'] = user_rep_popup();
 199         $_POST['pos'] = user_pos();
 200 }
 201 $_POST['password'] = "";
 202 password_row(_("Password:"), 'password', $_POST['password']);
 203
 204 if ($selected_id != -1)
 205 {
 206         table_section_title(_("Enter a new password to change, leave empty to keep current."));
 207 }
 208
 209 text_row_ex(_("Full Name").":", 'real_name',  50);
 210
 211 text_row_ex(_("Telephone No.:"), 'phone', 30);
 212
 213 email_row_ex(_("Email Address:"), 'email', 50);
 214
 215 security_roles_list_row(_("Access Level:"), 'role_id', null);
 216
 217 languages_list_row(_("Language:"), 'language', null);
 218
 219 pos_list_row(_("User's POS"). ':', 'pos', null);
 220
 221 print_profiles_list_row(_("Printing profile"). ':', 'print_profile', null,
 222         _('Browser printing support'));
 223
 224 check_row(_("Use popup window for reports:"), 'rep_popup', $_POST['rep_popup'],
 225         false, _('Set this option to on if your browser directly supports pdf files'));
 226
 227 end_table(1);
 228
 229 submit_add_or_update_center($selected_id == -1, '', 'both');
 230
 231 end_form();
 232 end_page();