<?php

if (UserGetLogin()=="root")
{
  ////////////////
  //Add new user
  if ($ToDo=="NewUser")
  {
    //Get primary vars
    $Error=0;
    $Login    = (isset($_POST['Login']))?    $_POST['Login']:""; 
    $Password = (isset($_POST['Password']))? $_POST['Password']:""; 
    
    //check primary vars
    $UserExistQuery="SELECT * FROM `User` WHERE `Login` LIKE '$Login'";
    $UserExistQuery=mysqli_query($GlobalMysqlHandler, $UserExistQuery);
    if ($Login=="" || $Login=="root" || mysqli_num_rows($UserExistQuery))
    {
      $Error=1;
      MessageError(LangSpell('SentenceLoginForbidden'));
    }
    
    if ($Password=="")
    {
      $Error=1;
      MessageError(LangSpell('SentencePasswordForbidden'));
    }
    $Password=md5($Password);
        
    if ($Error==0)
    {
      //insert into user table
      $InsertUserQuery = "INSERT INTO `User` ( `Login` , `Password` ) VALUES ( '$Login', '$Password' );";
      if (!mysqli_query($GlobalMysqlHandler, $InsertUserQuery))
      {
        ErrorLog("[edit_users.php] Database error while insert new user!");
        MessageError(LangSpell('SentenceDatabaseError'));
      }
      else
      {
        MessageSuccess(LangSpell('SentenceNewUserAdded'));
      }
      
      //get eactual inserted id
      $UserIdQuery="SELECT `Id` FROM `User` WHERE `Login` = '$Login' AND `Password` = '$Password'";
      $ActualInsertedUserId = 0;
      if (! ($UserIdQuery=mysqli_query($GlobalMysqlHandler, $UserIdQuery)) )
        ErrorLog("[edit_users.php] Database error while getting id from inserted user!");
      else
      {
        $ActualInsertedUserIdRecord=mysqli_fetch_array($UserIdQuery);
        $ActualInsertedUserId = $ActualInsertedUserIdRecord['Id'];
        
        //insert user rights table
        
        //generate rights query
        $RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
        $RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
        $InsertRightValues = array();
        for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
        {
          if (isset($_POST[mysqli_field_name($RightsQuery,$i)]))
          {
            $x=count($InsertRightValues);
            $InsertRightValues[$x][0]=mysqli_field_name($RightsQuery,$i);
            $InsertRightValues[$x][1]=(strtoupper($_POST[mysqli_field_name($RightsQuery,$i)])=="TRUE")? "True":"False";
          }
        }

        $InsertRightsQuery1 = "INSERT INTO `UserRights` ( `Id` ";
        $InsertRightsQuery2 = " ) VALUES ( '$ActualInsertedUserId' ";
        $InsertRightsQuery3 = " );";
        
        for ($i=0;$i<count($InsertRightValues);$i++)
        {
          $InsertRightsQuery1 .= ", `".$InsertRightValues[$i][0]."` ";
          $InsertRightsQuery2 .= ", '".$InsertRightValues[$i][1]."'";
        }
        $InsertRightsQuery = $InsertRightsQuery1 . $InsertRightsQuery2 . $InsertRightsQuery3;
        
        if (!mysqli_query($GlobalMysqlHandler, $InsertRightsQuery))
        {
          ErrorLog("[edit_users.php] Database error while insert new users rights (Id $ActualInsertedUserId)!");
          MessageError(LangSpell('SentenceDatabaseError'));
        }
      }
    }
  }
  
  /////////////
  //Edit User
  if ($ToDo=="EditUser")
  {
    $Error=0;
    $Id       = (isset($_POST['Id']))?    $_POST['Id']:""; 
    $Login    = (isset($_POST['Login']))?    $_POST['Login']:""; 
    $Password = (isset($_POST['Password']))? $_POST['Password']:""; 
    
    $UserExistQuery="SELECT * FROM `User` WHERE `Login` LIKE '$Login' AND `Id` != '$Id'";
    $UserExistQuery=mysqli_query($GlobalMysqlHandler, $UserExistQuery);
    if ($Login=="" || $Login=="root" || mysqli_num_rows($UserExistQuery))
    {
      $Error=1;
      MessageError(LangSpell('SentenceLoginForbidden'));
    }
    
    //check if user rights are existent, insert a record to UserRights if not
    $CheckRightsExistentQuery="SELECT * FROM `UserRights` WHERE `Id` =$Id";
    $CheckRightsExistentQuery=mysqli_query($GlobalMysqlHandler, $CheckRightsExistentQuery);
    if (!mysqli_num_rows($CheckRightsExistentQuery))
    {
      ErrorLog("[edit_users.php-EditUser] No record with Id=$Id in UserRights table!");
      $CheckRightsExistentQuery="INSERT INTO `ldtPartStock`.`UserRights` ( `Id` ) VALUES ( '$Id' );";
      if (!mysqli_query($GlobalMysqlHandler, $CheckRightsExistentQuery))
        ErrorLog("[edit_users.php-EditUser] Could not insert record with Id=$Id in UserRights table!");
    }
    
    if ($Error==0)
    {
      //generate rights array var
      $UpdateRightValues = array();
      $RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
      $RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
      for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
      {
        $x=count($UpdateRightValues);
        $UpdateRightValues[$x][0]=mysqli_field_name($RightsQuery,$i);
        $UpdateRightValues[$x][1]=( (isset($_POST[mysqli_field_name($RightsQuery,$i)]))
                                    && (strtoupper($_POST[mysqli_field_name($RightsQuery,$i)])=="TRUE") 
                                  )? "True":"False";
      }

      //generate user query
      $UpdateUserQuery = "UPDATE `User` SET `Login` = '$Login'";
      if ($Password!="")
        $UpdateUserQuery .= ", `Password` = '".md5($Password)."'";
      $UpdateUserQuery .= " WHERE `Id` = '$Id' LIMIT 1;";

      //generate user rights query
      $UpdateRightsQuery = "UPDATE `UserRights` SET ";
      for ($i=0;$i<count($UpdateRightValues);$i++)
      {
        $UpdateRightsQuery .= "`".$UpdateRightValues[$i][0]."` = '".$UpdateRightValues[$i][1]."'" . (($i<(count($UpdateRightValues)-1)) ? ", ":"");
      }
      $UpdateRightsQuery .= " WHERE `Id` = '$Id' LIMIT 1;";

      $Error=0;

      //update user table
      if (!mysqli_query($GlobalMysqlHandler, $UpdateUserQuery))
      {
        ErrorLog("[edit_users.php] Database error while update User table at Id = $Id!");
        MessageError(LangSpell('SentenceDatabaseError'));
        $Error=1;
      }

      //update user rights table
      if (!mysqli_query($GlobalMysqlHandler, $UpdateRightsQuery))
      {
        ErrorLog("[edit_users.php] Database error while update UserRights table at Id = $Id!");
        MessageError(LangSpell('SentenceDatabaseError'));
        $Error=1;
      }

      if (!$Error)
        MessageSuccess(LangSpell('SentenceUserUpdated'));
    }
  }
  
  ///////////////
  //Delete User
  if ($ToDo=="DeleteUser" && isset($_GET['Id']))
  {
      //generate querys
      $DeleteQuery1="DELETE FROM `User` WHERE `Id` = ".$_GET['Id'];
      $DeleteQuery2="DELETE FROM `UserRights` WHERE `Id` = ".$_GET['Id'];
      
      //update DB
      if (!mysqli_query($GlobalMysqlHandler, $DeleteQuery1))
      {
        ErrorLog("[edit_users.php] Database error while delete user with Id=\"".$_GET['Id']."\" from User table!");
        MessageError(LangSpell('SentenceDatabaseError'));
      }
      else
      {
        MessageSuccess(LangSpell('SentenceUserDeleted'));
      }
      
      if (!mysqli_query($GlobalMysqlHandler, $DeleteQuery2))
      {
        ErrorLog("[edit_users.php] Database error while delete user with Id=\"".$_GET['Id']."\" from UserRihts table!");
        MessageError(LangSpell('SentenceDatabaseError'));
      }
  }
  
  //////////////////
  //Global content  
  $UserQuery="SELECT * FROM `User`";
  $UserQuery=mysqli_query($GlobalMysqlHandler, $UserQuery);
  $RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
  $RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
  
  //table and head
  $GlobalContent.='<table>'."\n";
  $GlobalContent.='  <tr>'."\n";
  $GlobalContent.='    <th>Id</th>'."\n";
  $GlobalContent.='    <th>Login</th>'."\n";
  $GlobalContent.='    <th>Password</th>'."\n";
  for ($i=1;$i<mysqli_num_fields($RightsQuery);$i++)
  {
    $GlobalContent.='    <th>'.mysqli_field_name($RightsQuery,$i).'</th>'."\n";
  }
  $GlobalContent.='    <th> </th>'."\n";
  $GlobalContent.='    <th> </th>'."\n";
  $GlobalContent.='  </tr>'."\n";
  
  //existing users
  while ($UserRecord=mysqli_fetch_array($UserQuery))
  {
    $GlobalContent.='  <tr>'."\n";
    $GlobalContent.='  <form action="index.php?Page=EditUsers&ToDo=EditUser" method="post">'."\n";
    $GlobalContent.='    <td><input type="hidden" name="Id" value="'.$UserRecord['Id'].'">'.$UserRecord['Id'].'</td>'."\n";
    $GlobalContent.='    <td><input type="text" name="Login" value="'.$UserRecord['Login'].'" title="'.LangSpellHtml('TagTitleEditUserLogin').'"></td>'."\n";
    $GlobalContent.='    <td><input type="password" name="Password" value="" title="'.LangSpellHtml('TagTitleEditUserPassword').'"></td>'."\n";

    $RightsQuery="SELECT * FROM `UserRights` WHERE `Id` = ".$UserRecord['Id']." LIMIT 1";
    if (!$RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery))
      ErrorLog('[edit_users.php-$RightsQuery] Database error or user id '.$UserRecord['Id'].' not found in UserRights');
    $RightsRecord=mysqli_fetch_row($RightsQuery);
    for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
    {
      $GlobalContent.='    <td><input type="checkbox" name="'.mysqli_field_name($RightsQuery,$i).'" value="True" title="'.LangSpellHtml('TagTitleEditUserRight').'" '.((strtoupper($RightsRecord[$i])=="TRUE")? "checked":"").'></td>'."\n";
    }
    $GlobalContent.='    <td><input type="Submit" value="'.LangSpellHtml('ButtonSave').'" title="'.LangSpellHtml('ButtonSave').'" class="Button"></td>'."\n";
    $GlobalContent.='    <td><a href="index.php?Page=EditUsers&ToDo=DeleteUser&Id='.$UserRecord[0].'" title="'.LangSpellHtml('TagTitleDeleteUser').'" target="_top" class="Button">'.OtherGetIcon('Delete',0).'</a></td>'."\n";
    $GlobalContent.='  </form>'."\n";
    $GlobalContent.='  </tr>'."\n";
  }
  
  //new user entry
  $GlobalContent.='  <tr>'."\n";
  $GlobalContent.='  <form action="index.php?Page=EditUsers&ToDo=NewUser" method="post">'."\n";
  $GlobalContent.='    <td><input type="hidden" name="Id" value="'.$UserRecord['Id'].'">'.$UserRecord[$i].'</td>'."\n";
  $GlobalContent.='    <td><input type="text" name="Login" value="'.$UserRecord['Login'].'" title="'.LangSpellHtml('TagTitleEditUserLogin').'"></td>'."\n";
  $GlobalContent.='    <td><input type="password" name="Password" value="" title="'.LangSpellHtml('TagTitleEditUserPassword').'"></td>'."\n";
    for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
    {
      $GlobalContent.='    <td><input type="checkbox" name="'.mysqli_field_name($RightsQuery,$i).'" value="True" title="'.LangSpellHtml('TagTitleEditUserRight').'"></td>'."\n";
    }
  $GlobalContent.='    <td><input type="Submit" value="'.LangSpellHtml('ButtonNew').'" class="Button"></td>'."\n";
  $GlobalContent.='    <td> </td>'."\n";
  $GlobalContent.='  </form>'."\n";
  $GlobalContent.='  </tr>'."\n";
  
  $GlobalContent.='</table>'."\n";
}
else
{
  MessageError(LangSpell("ScentenceNoUserRights"));
}
?>