include_once($path_to_root . "/admin/db/users_db.inc");
-$selected_id = $_SESSION["wa_current_user"]->username;
-
-
function can_process()
{
return false;
}
- if (strstr($_POST['password'], $_POST['user_id']) != false)
+ if (strstr($_POST['password'], $_SESSION["wa_current_user"]->username) != false)
{
display_error( _("The password cannot contain the user login."));
set_focus('password');
if ($allow_demo_mode) {
display_warning(_("Password cannot be changed in demo mode."));
} else {
- update_user_password($_POST['user_id'], md5($_POST['password']));
+ update_user_password($_SESSION["wa_current_user"]->user,
+ $_SESSION["wa_current_user"]->username,
+ md5($_POST['password']));
display_notification(_("Your password has been updated."));
}
$Ajax->activate('_page_body');
start_table($table_style);
-$myrow = get_user($selected_id);
-
-$_POST['user_id'] = $myrow["user_id"];
-hidden('selected_id', $selected_id);
-hidden('user_id', $_POST['user_id']);
+$myrow = get_user($_SESSION["wa_current_user"]->user);
-label_row(_("User login:"), $_POST['user_id']);
+label_row(_("User login:"), $myrow['user_id']);
$_POST['password'] = "";
$_POST['passwordConfirm'] = "";
//-----------------------------------------------------------------------------------------------
-function update_user_password($user_id, $password)
+function update_user_password($id, $user_id, $password)
{
- $sql = "UPDATE ".TB_PREF."users SET password=".db_escape($password) . "
- WHERE user_id = ".db_escape($user_id);
+ $sql = "UPDATE ".TB_PREF."users SET password=".db_escape($password) . ",
+ user_id = ".db_escape($user_id). " WHERE id=".db_escape($id);
db_query($sql, "could not update user password for $user_id");
}
//-----------------------------------------------------------------------------------------------
-function update_user($user_id, $real_name, $phone, $email, $full_access,
+function update_user($id, $user_id, $real_name, $phone, $email, $full_access,
$language, $profile, $rep_popup, $pos)
{
$sql = "UPDATE ".TB_PREF."users SET real_name=".db_escape($real_name).
language=".db_escape($language).",
print_profile=".db_escape($profile).",
rep_popup=$rep_popup,
- pos=$pos
- WHERE user_id = ".db_escape($user_id);
+ pos=$pos,
+ user_id = " . db_escape($user_id)
+ . " WHERE id=" . db_escape($id);
db_query($sql, "could not update user for $user_id");
}
//-----------------------------------------------------------------------------------------------
-function update_user_display_prefs($user_id, $price_dec, $qty_dec, $exrate_dec,
+function update_user_display_prefs($id, $price_dec, $qty_dec, $exrate_dec,
$percent_dec, $showgl, $showcodes, $date_format, $date_sep, $tho_sep,
$dec_sep, $theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size,
$graphic_links, $lang, $stickydate)
graphic_links=$graphic_links,
language=".db_escape($lang).",
sticky_doc_date=".db_escape($stickydate)."
- WHERE user_id = ".db_escape($user_id);
+ WHERE id = ".db_escape($id);
- db_query($sql, "could not update user display prefs for $user_id");
+ db_query($sql, "could not update user display prefs for $id");
}
//-----------------------------------------------------------------------------------------------
-function get_users()
+function get_users($all=false)
{
$sql = "SELECT * FROM ".TB_PREF."users";
+ if (!$all) $sql .= " WHERE !inactive";
return db_query($sql, "could not get users");
}
//-----------------------------------------------------------------------------------------------
-function get_user($user_id)
+function get_user($id)
{
- $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = '$user_id'";
+ $sql = "SELECT * FROM ".TB_PREF."users WHERE id=".db_escape($id);
- $result = db_query($sql, "could not get user for $user_id");
+ $result = db_query($sql, "could not get user $id");
return db_fetch($result);
}
//-----------------------------------------------------------------------------------------------
+// This function is necessary for admin prefs update after upgrade from 2.1
+//
+function get_user_by_login($user_id)
+{
+ $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id=".db_escape($user_id);
+
+ $result = db_query($sql, "could not get user $user_id");
+
+ return db_fetch($result);
+}
-function delete_user($user_id)
+//-----------------------------------------------------------------------------------------------
+
+function delete_user($id)
{
- $sql="DELETE FROM ".TB_PREF."users WHERE user_id='$user_id'";
+ $sql="DELETE FROM ".TB_PREF."users WHERE id=".db_escape($id);
- db_query($sql, "could not delete user $user_id");
+ db_query($sql, "could not delete user $id");
}
//-----------------------------------------------------------------------------------------------
{
set_global_connection();
- $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = '$user_id' AND password='$password'";
+// do not exclude inactive records or you lost access after source upgrade
+// on sites using pre 2.2 database
+ $sql = "SELECT * FROM ".TB_PREF."users WHERE user_id = '$user_id' AND"
+ ." password='$password'";
return db_query($sql, "could not get validate user login for $user_id");
}
}
//-----------------------------------------------------------------------------------------------
+function check_user_activity($id)
+{
+ $sql = "SELECT COUNT(*) FROM ".TB_PREF."audit_trail WHERE audit_trail.user="
+ . db_escape($id);
+ $result = db_query($sql,"Cant check user activity");
+ $ret = db_fetch($result);
+ return $ret[0];
+}
?>
\ No newline at end of file
{ // re-read the prefs
global $path_to_root;
include_once($path_to_root . "/admin/db/users_db.inc");
- $user = get_user($_SESSION["wa_current_user"]->username);
+ $user = get_user_by_login($_SESSION["wa_current_user"]->username);
$_SESSION["wa_current_user"]->prefs = new user_prefs($user);
display_notification(_('All companies data has been successfully updated'));
}
include_once($path_to_root . "/admin/db/users_db.inc");
-simple_page_mode(false);
+simple_page_mode(true);
//-------------------------------------------------------------------------------------------------
function can_process()
if (can_process())
{
- if ($selected_id != '')
+ if ($selected_id != -1)
{
- update_user($_POST['user_id'], $_POST['real_name'], $_POST['phone'],
+ update_user($selected_id, $_POST['user_id'], $_POST['real_name'], $_POST['phone'],
$_POST['email'], $_POST['Access'], $_POST['language'],
$_POST['profile'], check_value('rep_popup'), $_POST['pos']);
if ($_POST['password'] != "")
- update_user_password($_POST['user_id'], md5($_POST['password']));
+ update_user_password($selected_id, $_POST['user_id'], md5($_POST['password']));
display_notification_centered(_("The selected user has been updated."));
}
add_user($_POST['user_id'], $_POST['real_name'], md5($_POST['password']),
$_POST['phone'], $_POST['email'], $_POST['Access'], $_POST['language'],
$_POST['profile'], check_value('rep_popup'), $_POST['pos']);
-
+ $id = db_insert_id();
// use current user display preferences as start point for new user
- update_user_display_prefs($_POST['user_id'],
- user_price_dec(), user_qty_dec(), user_exrate_dec(),
+ update_user_display_prefs($id, user_price_dec(), user_qty_dec(), user_exrate_dec(),
user_percent_dec(), user_show_gl_info(), user_show_codes(),
user_date_format(), user_date_sep(), user_tho_sep(),
user_dec_sep(), user_theme(), user_pagesize(), user_hints(),
//-------------------------------------------------------------------------------------------------
if ($Mode == 'RESET')
{
- $selected_id = '';
- unset($_POST); // clean all input fields
+ $selected_id = -1;
+ $sav = get_post('show_inactive');
+ unset($_POST); // clean all input fields
+ $_POST['show_inactive'] = $sav;
}
-$result = get_users();
+$result = get_users(check_value('show_inactive'));
start_form();
start_table($table_style);
-if ($_SESSION["wa_current_user"]->access == 2)
+//if ($_SESSION["wa_current_user"]->access == 2)
$th = array(_("User login"), _("Full Name"), _("Phone"),
_("E-mail"), _("Last Visit"), _("Access Level"), "", "");
-else
- $th = array(_("User login"), _("Full Name"), _("Phone"),
- _("E-mail"), _("Last Visit"), _("Access Level"), "");
+//else
+// $th = array(_("User login"), _("Full Name"), _("Phone"),
+// _("E-mail"), _("Last Visit"), _("Access Level"), "");
+
+inactive_control_column($th);
table_header($th);
$k = 0; //row colour counter
$last_visit_date = sql2date($myrow["last_visit_date"]);
/*The security_headings array is defined in config.php */
+ $not_me = strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) &&
+ $_SESSION["wa_current_user"]->access == 2;
label_cell($myrow["user_id"]);
label_cell($myrow["real_name"]);
email_cell($myrow["email"]);
label_cell($last_visit_date, "nowrap");
label_cell($security_headings[$myrow["full_access"]]);
- edit_button_cell("Edit".$myrow["user_id"], _("Edit"));
- if (strcasecmp($myrow["user_id"], $_SESSION["wa_current_user"]->username) &&
- $_SESSION["wa_current_user"]->access == 2)
- delete_button_cell("Delete".$myrow["user_id"], _("Delete"));
+
+ if ($not_me)
+ inactive_control_cell($myrow["id"], $myrow["inactive"], 'users', 'id');
+ elseif (check_value('show_inactive'))
+ label_cell('');
+
+ edit_button_cell("Edit".$myrow["id"], _("Edit"));
+ if ($not_me)
+ delete_button_cell("Delete".$myrow["id"], _("Delete"));
else
label_cell('');
end_row();
} //END WHILE LIST LOOP
-end_table();
-end_form();
-echo '<br>';
-
+inactive_control_row($th);
+end_table(1);
//-------------------------------------------------------------------------------------------------
-start_form();
-
start_table($table_style2);
$_POST['email'] = "";
-if ($selected_id != '')
+if ($selected_id != -1)
{
if ($Mode == 'Edit') {
//editing an existing User
$myrow = get_user($selected_id);
+ $_POST['id'] = $myrow["id"];
$_POST['user_id'] = $myrow["user_id"];
$_POST['real_name'] = $myrow["real_name"];
$_POST['phone'] = $myrow["phone"];
label_cell("<input type='password' name='password' size=22 maxlength=20 value='" . $_POST['password'] . "'>");
end_row();
-if ($selected_id != '')
+if ($selected_id != -1)
{
table_section_title(_("Enter a new password to change, leave empty to keep current."));
}
end_table(1);
-submit_add_or_update_center($selected_id == '', '', 'both');
+submit_add_or_update_center($selected_id == -1, '', 'both');
end_form();
end_page();
class current_user
{
-
+ var $user;
var $loginname;
var $username;
- var $name;
+ var $name;
var $company;
var $pos;
var $access;
function login($company, $loginname, $password)
{
$this->set_company($company);
+ $this->logged = false;
$Auth_Result = get_user_for_login($loginname, $password);
if (db_num_rows($Auth_Result) > 0)
{
- $myrow = db_fetch($Auth_Result);
-
+ $myrow = db_fetch($Auth_Result);
+ if (! @$myrow["inactive"]) {
$this->access = $myrow["full_access"];
$this->name = $myrow["real_name"];
$this->pos = $myrow["pos"];
$this->loginname = $loginname;
$this->username = $this->loginname;
$this->prefs = new user_prefs($myrow);
-
- update_user_visitdate($loginname);
- $this->logged = true;
-
- }
- else
- {
- $this->logged = false;
+ $this->user = @$myrow["id"];
+ update_user_visitdate($this->username);
+ $this->logged = true;
+ }
}
return $this->logged;
$showgl, $showcodes, $date_format, $date_sep, $tho_sep, $dec_sep,
$theme, $pagesize, $show_hints, $profile, $rep_popup, $query_size,
$graphic_links, $lang, $stickydate) {
- update_user_display_prefs($this->username, $price_dec,
+ update_user_display_prefs($this->user, $price_dec,
$qty_dec, $exrate_dec, $percent_dec, $showgl, $showcodes,
$date_format, $date_sep, $tho_sep, $dec_sep, $theme, $pagesize,
$show_hints, $profile, $rep_popup, $query_size, $graphic_links, $lang, $stickydate);
// re-read the prefs
- $user = get_user($this->username);
+ $user = get_user($this->user);
$this->prefs = new user_prefs($user);
}
}
projects / fa-stable.git / commitdiff