admin/users.php

   1 <?php
   2 /**********************************************************************
   3     Copyright (C) FrontAccounting, LLC.
   4         Released under the terms of the GNU Affero General Public License,
   5         AGPL, as published by the Free Software Foundation, either version
   6         3 of the License, or (at your option) any later version.
   7     This program is distributed in the hope that it will be useful,
   8     but WITHOUT ANY WARRANTY; without even the implied warranty of
   9     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
  10     See the License here <http://www.gnu.org/licenses/agpl-3.0.html>.
  11 ***********************************************************************/
  12 $page_security=15;
  13 $path_to_root="..";
  14 include_once($path_to_root . "/includes/session.inc");
  15
  16 page(_("Users"));
  17
  18 include_once($path_to_root . "/includes/date_functions.inc");
  19 include_once($path_to_root . "/includes/ui.inc");
  20
  21 include_once($path_to_root . "/admin/db/users_db.inc");
  22
  23 simple_page_mode(false);
  24 //-------------------------------------------------------------------------------------------------
  25
  26 function can_process()
  27 {
  28
  29         if (strlen($_POST['user_id']) < 4)
  30         {
  31                 display_error( _("The user login entered must be at least 4 characters long."));
  32                 set_focus('user_id');
  33                 return false;
  34         }
  35
  36         if ($_POST['password'] != "")
  37         {
  38         if (strlen($_POST['password']) < 4)
  39         {
  40                 display_error( _("The password entered must be at least 4 characters long."));
  41                         set_focus('password');
  42                 return false;
  43         }
  44
  45         if (strstr($_POST['password'], $_POST['user_id']) != false)
  46         {
  47                 display_error( _("The password cannot contain the user login."));
  48                         set_focus('password');
  49                 return false;
  50         }
  51         }
  52
  53         return true;
  54 }
  55
  56 //-------------------------------------------------------------------------------------------------
  57
  58 if ($Mode=='ADD_ITEM' || $Mode=='UPDATE_ITEM')
  59 {
  60
  61         if (can_process())
  62         {
  63         if ($selected_id != '')
  64         {
  65                 update_user($_POST['user_id'], $_POST['real_name'], $_POST['phone'],
  66                         $_POST['email'], $_POST['Access'], $_POST['language'],
  67                                 $_POST['profile'], check_value('rep_popup'), $_POST['pos']);
  68
  69                 if ($_POST['password'] != "")
  70                         update_user_password($_POST['user_id'], md5($_POST['password']));
  71
  72                 display_notification_centered(_("The selected user has been updated."));
  73         }
  74         else
  75         {
  76                 add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']),
  77                                 $_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language'],
  78                                 $_POST['profile'], check_value('rep_popup'), $_POST['pos']);
  79
  80                         display_notification_centered(_("A new user has been added."));
  81         }
  82                 $Mode = 'RESET';
  83         }
  84 }
  85
  86 //-------------------------------------------------------------------------------------------------
  87
  88 if ($Mode == 'Delete')
  89 {
  90         delete_user($selected_id);
  91         display_notification_centered(_("User has been deleted."));
  92         $Mode = 'RESET';
  93 }
  94
  95 //-------------------------------------------------------------------------------------------------
  96 if ($Mode == 'RESET')
  97 {
  98         $selected_id = '';
  99         unset($_POST); // clean all input fields
 100 }
 101
 102 $result = get_users();
 103 start_form();
 104 start_table($table_style);
 105
 106 if ($_SESSION["wa_current_user"]->access == 2)
 107         $th = array(_("User login"), _("Full Name"), _("Phone"),
 108                 _("E-mail"), _("Last Visit"), _("Access Level"), "", "");
 109 else
 110         $th = array(_("User login"), _("Full Name"), _("Phone"),
 111                 _("E-mail"), _("Last Visit"), _("Access Level"), "");
 112 table_header($th);
 113
 114 $k = 0; //row colour counter
 115
 116 while ($myrow = db_fetch($result))
 117 {
 118
 119         alt_table_row_color($k);
 120
 121         $last_visit_date = sql2date($myrow["last_visit_date"]);
 122
 123         /*The security_headings array is defined in config.php */
 124
 125         label_cell($myrow["user_id"]);
 126         label_cell($myrow["real_name"]);
 127         label_cell($myrow["phone"]);
 128         label_cell($myrow["email"]);
 129         label_cell($last_visit_date, "nowrap");
 130         label_cell($security_headings[$myrow["full_access"]]);
 131         edit_button_cell("Edit".$myrow["user_id"], _("Edit"));
 132     if (strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) &&
 133         $_SESSION["wa_current_user"]->access == 2)
 134                 delete_button_cell("Delete".$myrow["user_id"], _("Delete"));
 135         else
 136                 label_cell('');
 137         end_row();
 138
 139 } //END WHILE LIST LOOP
 140
 141 end_table();
 142 end_form();
 143 echo '<br>';
 144
 145 //-------------------------------------------------------------------------------------------------
 146 start_form();
 147
 148 start_table($table_style2);
 149 if ($selected_id != '')
 150 {
 151         if ($Mode == 'Edit') {
 152                 //editing an existing User
 153                 $myrow = get_user($selected_id);
 154
 155                 $_POST['user_id'] = $myrow["user_id"];
 156                 $_POST['real_name'] = $myrow["real_name"];
 157                 $_POST['phone'] = $myrow["phone"];
 158                 $_POST['email'] = $myrow["email"];
 159                 $_POST['Access'] = $myrow["full_access"];
 160                 $_POST['language'] = $myrow["language"];
 161                 $_POST['profile'] = $myrow["print_profile"];
 162                 $_POST['rep_popup'] = $myrow["rep_popup"];
 163                 $_POST['pos'] = $myrow["pos"];
 164         }
 165         hidden('selected_id', $selected_id);
 166         hidden('user_id');
 167
 168         start_row();
 169         label_row(_("User login:"), $_POST['user_id']);
 170 }
 171 else
 172 { //end of if $selected_id only do the else when a new record is being entered
 173         text_row(_("User Login:"), "user_id",  null, 22, 20);
 174         $_POST['rep_popup'] = 1;
 175 }
 176 $_POST['password'] = "";
 177 start_row();
 178 label_cell(_("Password:"));
 179 label_cell("<input type='password' name='password' size=22 maxlength=20 value='" . $_POST['password'] . "'>");
 180 end_row();
 181
 182 if ($selected_id != '')
 183 {
 184         table_section_title(_("Enter a new password to change, leave empty to keep current."));
 185 }
 186
 187 text_row_ex(_("Full Name").":", 'real_name',  50);
 188
 189 text_row_ex(_("Telephone No.:"), 'phone', 30);
 190
 191 text_row_ex(_("Email Address:"), 'email', 50);
 192
 193 security_headings_list_row(_("Access Level:"), 'Access', null);
 194
 195 languages_list_row(_("Language:"), 'language', null);
 196
 197 pos_list_row(_("User's POS"). ':', 'pos', null);
 198
 199 print_profiles_list_row(_("Printing profile"). ':', 'profile', null,
 200         _('Browser printing support'));
 201
 202 check_row(_("Use popup window for reports:"), 'rep_popup', $_POST['rep_popup'],
 203         false, _('Set this option to on if your browser directly supports pdf files'));
 204
 205 end_table(1);
 206
 207 submit_add_or_update_center($selected_id == '', '', true);
 208
 209 end_form();
 210 end_page();
 211 ?>