admin/users.php

   1 <?php
   2 /**********************************************************************
   3     Copyright (C) FrontAccounting, LLC.
   4         Released under the terms of the GNU General Public License, GPL,
   5         as published by the Free Software Foundation, either version 3
   6         of the License, or (at your option) any later version.
   7     This program is distributed in the hope that it will be useful,
   8     but WITHOUT ANY WARRANTY; without even the implied warranty of
   9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10     See the License here <http://www.gnu.org/licenses/gpl-3.0.html>.
  11 ***********************************************************************/
  12 $page_security = 'SA_USERS';
  13 $path_to_root = "..";
  14 include_once($path_to_root . "/includes/session.inc");
  15
  16 page(_("Users"));
  17
  18 include_once($path_to_root . "/includes/date_functions.inc");
  19 include_once($path_to_root . "/includes/ui.inc");
  20
  21 include_once($path_to_root . "/admin/db/users_db.inc");
  22
  23 simple_page_mode(true);
  24 //-------------------------------------------------------------------------------------------------
  25
  26 function can_process()
  27 {
  28
  29         if (strlen($_POST['user_id']) < 4)
  30         {
  31                 display_error( _("The user login entered must be at least 4 characters long."));
  32                 set_focus('user_id');
  33                 return false;
  34         }
  35
  36         if ($_POST['password'] != "")
  37         {
  38         if (strlen($_POST['password']) < 4)
  39         {
  40                 display_error( _("The password entered must be at least 4 characters long."));
  41                         set_focus('password');
  42                 return false;
  43         }
  44
  45         if (strstr($_POST['password'], $_POST['user_id']) != false)
  46         {
  47                 display_error( _("The password cannot contain the user login."));
  48                         set_focus('password');
  49                 return false;
  50         }
  51         }
  52
  53         return true;
  54 }
  55
  56 //-------------------------------------------------------------------------------------------------
  57
  58 if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
  59 {
  60
  61         if (can_process())
  62         {
  63         if ($selected_id != -1)
  64         {
  65                 update_user($selected_id, $_POST['user_id'], $_POST['real_name'], $_POST['phone'],
  66                         $_POST['email'], $_POST['Access'], $_POST['language'],
  67                                 $_POST['profile'], check_value('rep_popup'), $_POST['pos']);
  68
  69                 if ($_POST['password'] != "")
  70                         update_user_password($selected_id, $_POST['user_id'], md5($_POST['password']));
  71
  72                 display_notification_centered(_("The selected user has been updated."));
  73         }
  74         else
  75         {
  76                 add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']),
  77                                 $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language'],
  78                                 $_POST['profile'], check_value('rep_popup'), $_POST['pos']);
  79                         $id = db_insert_id();
  80                         // use current user display preferences as start point for new user
  81                         update_user_display_prefs($id, user_price_dec(), user_qty_dec(), user_exrate_dec(),
  82                                 user_percent_dec(), user_show_gl_info(), user_show_codes(),
  83                                 user_date_format(), user_date_sep(), user_tho_sep(),
  84                                 user_dec_sep(), user_theme(), user_pagesize(), user_hints(),
  85                                 $_POST['profile'], check_value('rep_popup'), user_query_size(),
  86                                 user_graphic_links(), $_POST['language']);
  87
  88                         display_notification_centered(_("A new user has been added."));
  89         }
  90                 $Mode = 'RESET';
  91         }
  92 }
  93
  94 //-------------------------------------------------------------------------------------------------
  95
  96 if ($Mode == 'Delete')
  97 {
  98         delete_user($selected_id);
  99         display_notification_centered(_("User has been deleted."));
 100         $Mode = 'RESET';
 101 }
 102
 103 //-------------------------------------------------------------------------------------------------
 104 if ($Mode == 'RESET')
 105 {
 106         $selected_id = -1;
 107         $sav = get_post('show_inactive');
 108         unset($_POST);  // clean all input fields
 109         $_POST['show_inactive'] = $sav;
 110 }
 111
 112 $result = get_users(check_value('show_inactive'));
 113 start_form();
 114 start_table($table_style);
 115
 116 //if ($_SESSION["wa_current_user"]->access == 2)
 117         $th = array(_("User login"), _("Full Name"), _("Phone"),
 118                 _("E-mail"), _("Last Visit"), _("Access Level"), "", "");
 119 //else
 120 //      $th = array(_("User login"), _("Full Name"), _("Phone"),
 121 //              _("E-mail"), _("Last Visit"), _("Access Level"), "");
 122
 123 inactive_control_column($th);
 124 table_header($th);
 125
 126 $k = 0; //row colour counter
 127
 128 while ($myrow = db_fetch($result))
 129 {
 130
 131         alt_table_row_color($k);
 132
 133         $last_visit_date = sql2date($myrow["last_visit_date"]);
 134
 135         /*The security_headings array is defined in config.php */
 136         $not_me = strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) &&
 137         $_SESSION["wa_current_user"]->access == 2;
 138
 139         label_cell($myrow["user_id"]);
 140         label_cell($myrow["real_name"]);
 141         label_cell($myrow["phone"]);
 142         email_cell($myrow["email"]);
 143         label_cell($last_visit_date, "nowrap");
 144         label_cell($myrow["role"]);
 145
 146     if ($not_me)
 147                 inactive_control_cell($myrow["id"], $myrow["inactive"], 'users', 'id');
 148         elseif (check_value('show_inactive'))
 149                 label_cell('');
 150
 151         edit_button_cell("Edit".$myrow["id"], _("Edit"));
 152     if ($not_me)
 153                 delete_button_cell("Delete".$myrow["id"], _("Delete"));
 154         else
 155                 label_cell('');
 156         end_row();
 157
 158 } //END WHILE LIST LOOP
 159
 160 inactive_control_row($th);
 161 end_table(1);
 162 //-------------------------------------------------------------------------------------------------
 163 start_table($table_style2);
 164
 165 $_POST['email'] = "";
 166 if ($selected_id != -1)
 167 {
 168         if ($Mode == 'Edit') {
 169                 //editing an existing User
 170                 $myrow = get_user($selected_id);
 171
 172                 $_POST['id'] = $myrow["id"];
 173                 $_POST['user_id'] = $myrow["user_id"];
 174                 $_POST['real_name'] = $myrow["real_name"];
 175                 $_POST['phone'] = $myrow["phone"];
 176                 $_POST['email'] = $myrow["email"];
 177                 $_POST['Access'] = $myrow["role_id"];
 178                 $_POST['language'] = $myrow["language"];
 179                 $_POST['profile'] = $myrow["print_profile"];
 180                 $_POST['rep_popup'] = $myrow["rep_popup"];
 181                 $_POST['pos'] = $myrow["pos"];
 182         }
 183         hidden('selected_id', $selected_id);
 184         hidden('user_id');
 185
 186         start_row();
 187         label_row(_("User login:"), $_POST['user_id']);
 188 }
 189 else
 190 { //end of if $selected_id only do the else when a new record is being entered
 191         text_row(_("User Login:"), "user_id",  null, 22, 20);
 192         $_POST['language'] = user_language();
 193         $_POST['profile'] = user_print_profile();
 194         $_POST['rep_popup'] = user_rep_popup();
 195         $_POST['pos'] = user_pos();
 196 }
 197 $_POST['password'] = "";
 198 start_row();
 199 label_cell(_("Password:"));
 200 label_cell("<input type='password' name='password' size=22 maxlength=20 value='" . $_POST['password'] . "'>");
 201 end_row();
 202
 203 if ($selected_id != -1)
 204 {
 205         table_section_title(_("Enter a new password to change, leave empty to keep current."));
 206 }
 207
 208 text_row_ex(_("Full Name").":", 'real_name',  50);
 209
 210 text_row_ex(_("Telephone No.:"), 'phone', 30);
 211
 212 email_row_ex(_("Email Address:"), 'email', 50);
 213
 214 security_roles_list_row(_("Access Level:"), 'Access', null);
 215
 216 languages_list_row(_("Language:"), 'language', null);
 217
 218 pos_list_row(_("User's POS"). ':', 'pos', null);
 219
 220 print_profiles_list_row(_("Printing profile"). ':', 'profile', null,
 221         _('Browser printing support'));
 222
 223 check_row(_("Use popup window for reports:"), 'rep_popup', $_POST['rep_popup'],
 224         false, _('Set this option to on if your browser directly supports pdf files'));
 225
 226 end_table(1);
 227
 228 submit_add_or_update_center($selected_id == -1, '', 'both');
 229
 230 end_form();
 231 end_page();
 232 ?>