initializing git repo

2018-12-17 17:50:23 +01:00 · 2018-12-17 17:50:23 +01:00 · 3df8fc53b8
commit 3df8fc53b8
86 changed files with 5649 additions and 0 deletions
--- a/pages/edit_users.php
+++ b/pages/edit_users.php
@ -0,0 +1,261 @@
+<?php
+
+if (UserGetLogin()=="root")
+{
+  ////////////////
+  //Add new user
+  if ($ToDo=="NewUser")
+  {
+    //Get primary vars
+    $Error=0;
+    $Login    = (isset($_POST['Login']))?    $_POST['Login']:""; 
+    $Password = (isset($_POST['Password']))? $_POST['Password']:""; 
+    
+    //check primary vars
+    $UserExistQuery="SELECT * FROM `User` WHERE `Login` LIKE '$Login'";
+    $UserExistQuery=mysqli_query($GlobalMysqlHandler, $UserExistQuery);
+    if ($Login=="" || $Login=="root" || mysqli_num_rows($UserExistQuery))
+    {
+      $Error=1;
+      MessageError(LangSpell('SentenceLoginForbidden'));
+    }
+    
+    if ($Password=="")
+    {
+      $Error=1;
+      MessageError(LangSpell('SentencePasswordForbidden'));
+    }
+    $Password=md5($Password);
+        
+    if ($Error==0)
+    {
+      //insert into user table
+      $InsertUserQuery = "INSERT INTO `User` ( `Login` , `Password` ) VALUES ( '$Login', '$Password' );";
+      if (!mysqli_query($GlobalMysqlHandler, $InsertUserQuery))
+      {
+        ErrorLog("[edit_users.php] Database error while insert new user!");
+        MessageError(LangSpell('SentenceDatabaseError'));
+      }
+      else
+      {
+        MessageSuccess(LangSpell('SentenceNewUserAdded'));
+      }
+      
+      //get eactual inserted id
+      $UserIdQuery="SELECT `Id` FROM `User` WHERE `Login` = '$Login' AND `Password` = '$Password'";
+      $ActualInsertedUserId = 0;
+      if (! ($UserIdQuery=mysqli_query($GlobalMysqlHandler, $UserIdQuery)) )
+        ErrorLog("[edit_users.php] Database error while getting id from inserted user!");
+      else
+      {
+        $ActualInsertedUserIdRecord=mysqli_fetch_array($UserIdQuery);
+        $ActualInsertedUserId = $ActualInsertedUserIdRecord['Id'];
+        
+        //insert user rights table
+        
+        //generate rights query
+        $RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
+        $RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
+        $InsertRightValues = array();
+        for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
+        {
+          if (isset($_POST[mysqli_field_name($RightsQuery,$i)]))
+          {
+            $x=count($InsertRightValues);
+            $InsertRightValues[$x][0]=mysqli_field_name($RightsQuery,$i);
+            $InsertRightValues[$x][1]=(strtoupper($_POST[mysqli_field_name($RightsQuery,$i)])=="TRUE")? "True":"False";
+          }
+        }
+
+        $InsertRightsQuery1 = "INSERT INTO `UserRights` ( `Id` ";
+        $InsertRightsQuery2 = " ) VALUES ( '$ActualInsertedUserId' ";
+        $InsertRightsQuery3 = " );";
+        
+        for ($i=0;$i<count($InsertRightValues);$i++)
+        {
+          $InsertRightsQuery1 .= ", `".$InsertRightValues[$i][0]."` ";
+          $InsertRightsQuery2 .= ", '".$InsertRightValues[$i][1]."'";
+        }
+        $InsertRightsQuery = $InsertRightsQuery1 . $InsertRightsQuery2 . $InsertRightsQuery3;
+        
+        if (!mysqli_query($GlobalMysqlHandler, $InsertRightsQuery))
+        {
+          ErrorLog("[edit_users.php] Database error while insert new users rights (Id $ActualInsertedUserId)!");
+          MessageError(LangSpell('SentenceDatabaseError'));
+        }
+      }
+    }
+  }
+  
+  /////////////
+  //Edit User
+  if ($ToDo=="EditUser")
+  {
+    $Error=0;
+    $Id       = (isset($_POST['Id']))?    $_POST['Id']:""; 
+    $Login    = (isset($_POST['Login']))?    $_POST['Login']:""; 
+    $Password = (isset($_POST['Password']))? $_POST['Password']:""; 
+    
+    $UserExistQuery="SELECT * FROM `User` WHERE `Login` LIKE '$Login' AND `Id` != '$Id'";
+    $UserExistQuery=mysqli_query($GlobalMysqlHandler, $UserExistQuery);
+    if ($Login=="" || $Login=="root" || mysqli_num_rows($UserExistQuery))
+    {
+      $Error=1;
+      MessageError(LangSpell('SentenceLoginForbidden'));
+    }
+    
+    //check if user rights are existent, insert a record to UserRights if not
+    $CheckRightsExistentQuery="SELECT * FROM `UserRights` WHERE `Id` =$Id";
+    $CheckRightsExistentQuery=mysqli_query($GlobalMysqlHandler, $CheckRightsExistentQuery);
+    if (!mysqli_num_rows($CheckRightsExistentQuery))
+    {
+      ErrorLog("[edit_users.php-EditUser] No record with Id=$Id in UserRights table!");
+      $CheckRightsExistentQuery="INSERT INTO `ldtPartStock`.`UserRights` ( `Id` ) VALUES ( '$Id' );";
+      if (!mysqli_query($GlobalMysqlHandler, $CheckRightsExistentQuery))
+        ErrorLog("[edit_users.php-EditUser] Could not insert record with Id=$Id in UserRights table!");
+    }
+    
+    if ($Error==0)
+    {
+      //generate rights array var
+      $UpdateRightValues = array();
+      $RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
+      $RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
+      for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
+      {
+        $x=count($UpdateRightValues);
+        $UpdateRightValues[$x][0]=mysqli_field_name($RightsQuery,$i);
+        $UpdateRightValues[$x][1]=( (isset($_POST[mysqli_field_name($RightsQuery,$i)]))
+                                    && (strtoupper($_POST[mysqli_field_name($RightsQuery,$i)])=="TRUE") 
+                                  )? "True":"False";
+      }
+
+      //generate user query
+      $UpdateUserQuery = "UPDATE `User` SET `Login` = '$Login'";
+      if ($Password!="")
+        $UpdateUserQuery .= ", `Password` = '".md5($Password)."'";
+      $UpdateUserQuery .= " WHERE `Id` = '$Id' LIMIT 1;";
+
+      //generate user rights query
+      $UpdateRightsQuery = "UPDATE `UserRights` SET ";
+      for ($i=0;$i<count($UpdateRightValues);$i++)
+      {
+        $UpdateRightsQuery .= "`".$UpdateRightValues[$i][0]."` = '".$UpdateRightValues[$i][1]."'" . (($i<(count($UpdateRightValues)-1)) ? ", ":"");
+      }
+      $UpdateRightsQuery .= " WHERE `Id` = '$Id' LIMIT 1;";
+
+      $Error=0;
+
+      //update user table
+      if (!mysqli_query($GlobalMysqlHandler, $UpdateUserQuery))
+      {
+        ErrorLog("[edit_users.php] Database error while update User table at Id = $Id!");
+        MessageError(LangSpell('SentenceDatabaseError'));
+        $Error=1;
+      }
+
+      //update user rights table
+      if (!mysqli_query($GlobalMysqlHandler, $UpdateRightsQuery))
+      {
+        ErrorLog("[edit_users.php] Database error while update UserRights table at Id = $Id!");
+        MessageError(LangSpell('SentenceDatabaseError'));
+        $Error=1;
+      }
+
+      if (!$Error)
+        MessageSuccess(LangSpell('SentenceUserUpdated'));
+    }
+  }
+  
+  ///////////////
+  //Delete User
+  if ($ToDo=="DeleteUser" && isset($_GET['Id']))
+  {
+      //generate querys
+      $DeleteQuery1="DELETE FROM `User` WHERE `Id` = ".$_GET['Id'];
+      $DeleteQuery2="DELETE FROM `UserRights` WHERE `Id` = ".$_GET['Id'];
+      
+      //update DB
+      if (!mysqli_query($GlobalMysqlHandler, $DeleteQuery1))
+      {
+        ErrorLog("[edit_users.php] Database error while delete user with Id=\"".$_GET['Id']."\" from User table!");
+        MessageError(LangSpell('SentenceDatabaseError'));
+      }
+      else
+      {
+        MessageSuccess(LangSpell('SentenceUserDeleted'));
+      }
+      
+      if (!mysqli_query($GlobalMysqlHandler, $DeleteQuery2))
+      {
+        ErrorLog("[edit_users.php] Database error while delete user with Id=\"".$_GET['Id']."\" from UserRihts table!");
+        MessageError(LangSpell('SentenceDatabaseError'));
+      }
+  }
+  
+  //////////////////
+  //Global content  
+  $UserQuery="SELECT * FROM `User`";
+  $UserQuery=mysqli_query($GlobalMysqlHandler, $UserQuery);
+  $RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
+  $RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
+  
+  //table and head
+  $GlobalContent.='<table>'."\n";
+  $GlobalContent.='  <tr>'."\n";
+  $GlobalContent.='    <th>Id</th>'."\n";
+  $GlobalContent.='    <th>Login</th>'."\n";
+  $GlobalContent.='    <th>Password</th>'."\n";
+  for ($i=1;$i<mysqli_num_fields($RightsQuery);$i++)
+  {
+    $GlobalContent.='    <th>'.mysqli_field_name($RightsQuery,$i).'</th>'."\n";
+  }
+  $GlobalContent.='    <th> </th>'."\n";
+  $GlobalContent.='    <th> </th>'."\n";
+  $GlobalContent.='  </tr>'."\n";
+  
+  //existing users
+  while ($UserRecord=mysqli_fetch_array($UserQuery))
+  {
+    $GlobalContent.='  <tr>'."\n";
+    $GlobalContent.='  <form action="index.php?Page=EditUsers&ToDo=EditUser" method="post">'."\n";
+    $GlobalContent.='    <td><input type="hidden" name="Id" value="'.$UserRecord['Id'].'">'.$UserRecord['Id'].'</td>'."\n";
+    $GlobalContent.='    <td><input type="text" name="Login" value="'.$UserRecord['Login'].'" title="'.LangSpellHtml('TagTitleEditUserLogin').'"></td>'."\n";
+    $GlobalContent.='    <td><input type="password" name="Password" value="" title="'.LangSpellHtml('TagTitleEditUserPassword').'"></td>'."\n";
+
+    $RightsQuery="SELECT * FROM `UserRights` WHERE `Id` = ".$UserRecord['Id']." LIMIT 1";
+    if (!$RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery))
+      ErrorLog('[edit_users.php-$RightsQuery] Database error or user id '.$UserRecord['Id'].' not found in UserRights');
+    $RightsRecord=mysqli_fetch_row($RightsQuery);
+    for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
+    {
+      $GlobalContent.='    <td><input type="checkbox" name="'.mysqli_field_name($RightsQuery,$i).'" value="True" title="'.LangSpellHtml('TagTitleEditUserRight').'" '.((strtoupper($RightsRecord[$i])=="TRUE")? "checked":"").'></td>'."\n";
+    }
+    $GlobalContent.='    <td><input type="Submit" value="'.LangSpellHtml('ButtonSave').'" title="'.LangSpellHtml('ButtonSave').'" class="Button"></td>'."\n";
+    $GlobalContent.='    <td><a href="index.php?Page=EditUsers&ToDo=DeleteUser&Id='.$UserRecord[0].'" title="'.LangSpellHtml('TagTitleDeleteUser').'" target="_top" class="Button">'.OtherGetIcon('Delete',0).'</a></td>'."\n";
+    $GlobalContent.='  </form>'."\n";
+    $GlobalContent.='  </tr>'."\n";
+  }
+  
+  //new user entry
+  $GlobalContent.='  <tr>'."\n";
+  $GlobalContent.='  <form action="index.php?Page=EditUsers&ToDo=NewUser" method="post">'."\n";
+  $GlobalContent.='    <td><input type="hidden" name="Id" value="'.$UserRecord['Id'].'">'.$UserRecord[$i].'</td>'."\n";
+  $GlobalContent.='    <td><input type="text" name="Login" value="'.$UserRecord['Login'].'" title="'.LangSpellHtml('TagTitleEditUserLogin').'"></td>'."\n";
+  $GlobalContent.='    <td><input type="password" name="Password" value="" title="'.LangSpellHtml('TagTitleEditUserPassword').'"></td>'."\n";
+    for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
+    {
+      $GlobalContent.='    <td><input type="checkbox" name="'.mysqli_field_name($RightsQuery,$i).'" value="True" title="'.LangSpellHtml('TagTitleEditUserRight').'"></td>'."\n";
+    }
+  $GlobalContent.='    <td><input type="Submit" value="'.LangSpellHtml('ButtonNew').'" class="Button"></td>'."\n";
+  $GlobalContent.='    <td> </td>'."\n";
+  $GlobalContent.='  </form>'."\n";
+  $GlobalContent.='  </tr>'."\n";
+  
+  $GlobalContent.='</table>'."\n";
+}
+else
+{
+  MessageError(LangSpell("ScentenceNoUserRights"));
+}
+?>