ldt/partstock
ldt/partstock
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
partstock/pages/edit_users.php
Developer 3df8fc53b8 initializing git repo
2018-12-17 17:50:23 +01:00

261 lines
11 KiB
PHP
Executable file
Raw Blame History

<?php
if (UserGetLogin()=="root")
{
////////////////
//Add new user
if ($ToDo=="NewUser")
{
//Get primary vars
$Error=0;
$Login = (isset($_POST['Login']))? $_POST['Login']:"";
$Password = (isset($_POST['Password']))? $_POST['Password']:"";
//check primary vars
$UserExistQuery="SELECT * FROM `User` WHERE `Login` LIKE '$Login'";
$UserExistQuery=mysqli_query($GlobalMysqlHandler, $UserExistQuery);
if ($Login=="" || $Login=="root" || mysqli_num_rows($UserExistQuery))
{
$Error=1;
MessageError(LangSpell('SentenceLoginForbidden'));
}
if ($Password=="")
{
$Error=1;
MessageError(LangSpell('SentencePasswordForbidden'));
}
$Password=md5($Password);
if ($Error==0)
{
//insert into user table
$InsertUserQuery = "INSERT INTO `User` ( `Login` , `Password` ) VALUES ( '$Login', '$Password' );";
if (!mysqli_query($GlobalMysqlHandler, $InsertUserQuery))
{
ErrorLog("[edit_users.php] Database error while insert new user!");
MessageError(LangSpell('SentenceDatabaseError'));
}
else
{
MessageSuccess(LangSpell('SentenceNewUserAdded'));
}
//get eactual inserted id
$UserIdQuery="SELECT `Id` FROM `User` WHERE `Login` = '$Login' AND `Password` = '$Password'";
$ActualInsertedUserId = 0;
if (! ($UserIdQuery=mysqli_query($GlobalMysqlHandler, $UserIdQuery)) )
ErrorLog("[edit_users.php] Database error while getting id from inserted user!");
else
{
$ActualInsertedUserIdRecord=mysqli_fetch_array($UserIdQuery);
$ActualInsertedUserId = $ActualInsertedUserIdRecord['Id'];
//insert user rights table
//generate rights query
$RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
$RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
$InsertRightValues = array();
for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
{
if (isset($_POST[mysqli_field_name($RightsQuery,$i)]))
{
$x=count($InsertRightValues);
$InsertRightValues[$x][0]=mysqli_field_name($RightsQuery,$i);
$InsertRightValues[$x][1]=(strtoupper($_POST[mysqli_field_name($RightsQuery,$i)])=="TRUE")? "True":"False";
}
}
$InsertRightsQuery1 = "INSERT INTO `UserRights` ( `Id` ";
$InsertRightsQuery2 = " ) VALUES ( '$ActualInsertedUserId' ";
$InsertRightsQuery3 = " );";
for ($i=0;$i<count($InsertRightValues);$i++)
{
$InsertRightsQuery1 .= ", `".$InsertRightValues[$i][0]."` ";
$InsertRightsQuery2 .= ", '".$InsertRightValues[$i][1]."'";
}
$InsertRightsQuery = $InsertRightsQuery1 . $InsertRightsQuery2 . $InsertRightsQuery3;
if (!mysqli_query($GlobalMysqlHandler, $InsertRightsQuery))
{
ErrorLog("[edit_users.php] Database error while insert new users rights (Id $ActualInsertedUserId)!");
MessageError(LangSpell('SentenceDatabaseError'));
}
}
}
}
/////////////
//Edit User
if ($ToDo=="EditUser")
{
$Error=0;
$Id = (isset($_POST['Id']))? $_POST['Id']:"";
$Login = (isset($_POST['Login']))? $_POST['Login']:"";
$Password = (isset($_POST['Password']))? $_POST['Password']:"";
$UserExistQuery="SELECT * FROM `User` WHERE `Login` LIKE '$Login' AND `Id` != '$Id'";
$UserExistQuery=mysqli_query($GlobalMysqlHandler, $UserExistQuery);
if ($Login=="" || $Login=="root" || mysqli_num_rows($UserExistQuery))
{
$Error=1;
MessageError(LangSpell('SentenceLoginForbidden'));
}
//check if user rights are existent, insert a record to UserRights if not
$CheckRightsExistentQuery="SELECT * FROM `UserRights` WHERE `Id` =$Id";
$CheckRightsExistentQuery=mysqli_query($GlobalMysqlHandler, $CheckRightsExistentQuery);
if (!mysqli_num_rows($CheckRightsExistentQuery))
{
ErrorLog("[edit_users.php-EditUser] No record with Id=$Id in UserRights table!");
$CheckRightsExistentQuery="INSERT INTO `ldtPartStock`.`UserRights` ( `Id` ) VALUES ( '$Id' );";
if (!mysqli_query($GlobalMysqlHandler, $CheckRightsExistentQuery))
ErrorLog("[edit_users.php-EditUser] Could not insert record with Id=$Id in UserRights table!");
}
if ($Error==0)
{
//generate rights array var
$UpdateRightValues = array();
$RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
$RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
{
$x=count($UpdateRightValues);
$UpdateRightValues[$x][0]=mysqli_field_name($RightsQuery,$i);
$UpdateRightValues[$x][1]=( (isset($_POST[mysqli_field_name($RightsQuery,$i)]))
&& (strtoupper($_POST[mysqli_field_name($RightsQuery,$i)])=="TRUE")
)? "True":"False";
}
//generate user query
$UpdateUserQuery = "UPDATE `User` SET `Login` = '$Login'";
if ($Password!="")
$UpdateUserQuery .= ", `Password` = '".md5($Password)."'";
$UpdateUserQuery .= " WHERE `Id` = '$Id' LIMIT 1;";
//generate user rights query
$UpdateRightsQuery = "UPDATE `UserRights` SET ";
for ($i=0;$i<count($UpdateRightValues);$i++)
{
$UpdateRightsQuery .= "`".$UpdateRightValues[$i][0]."` = '".$UpdateRightValues[$i][1]."'" . (($i<(count($UpdateRightValues)-1)) ? ", ":"");
}
$UpdateRightsQuery .= " WHERE `Id` = '$Id' LIMIT 1;";
$Error=0;
//update user table
if (!mysqli_query($GlobalMysqlHandler, $UpdateUserQuery))
{
ErrorLog("[edit_users.php] Database error while update User table at Id = $Id!");
MessageError(LangSpell('SentenceDatabaseError'));
$Error=1;
}
//update user rights table
if (!mysqli_query($GlobalMysqlHandler, $UpdateRightsQuery))
{
ErrorLog("[edit_users.php] Database error while update UserRights table at Id = $Id!");
MessageError(LangSpell('SentenceDatabaseError'));
$Error=1;
}
if (!$Error)
MessageSuccess(LangSpell('SentenceUserUpdated'));
}
}
///////////////
//Delete User
if ($ToDo=="DeleteUser" && isset($_GET['Id']))
{
//generate querys
$DeleteQuery1="DELETE FROM `User` WHERE `Id` = ".$_GET['Id'];
$DeleteQuery2="DELETE FROM `UserRights` WHERE `Id` = ".$_GET['Id'];
//update DB
if (!mysqli_query($GlobalMysqlHandler, $DeleteQuery1))
{
ErrorLog("[edit_users.php] Database error while delete user with Id=\"".$_GET['Id']."\" from User table!");
MessageError(LangSpell('SentenceDatabaseError'));
}
else
{
MessageSuccess(LangSpell('SentenceUserDeleted'));
}
if (!mysqli_query($GlobalMysqlHandler, $DeleteQuery2))
{
ErrorLog("[edit_users.php] Database error while delete user with Id=\"".$_GET['Id']."\" from UserRihts table!");
MessageError(LangSpell('SentenceDatabaseError'));
}
}
//////////////////
//Global content
$UserQuery="SELECT * FROM `User`";
$UserQuery=mysqli_query($GlobalMysqlHandler, $UserQuery);
$RightsQuery="SELECT * FROM `UserRights` LIMIT 1";
$RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery);
//table and head
$GlobalContent.='<table>'."\n";
$GlobalContent.=' <tr>'."\n";
$GlobalContent.=' <th>Id</th>'."\n";
$GlobalContent.=' <th>Login</th>'."\n";
$GlobalContent.=' <th>Password</th>'."\n";
for ($i=1;$i<mysqli_num_fields($RightsQuery);$i++)
{
$GlobalContent.=' <th>'.mysqli_field_name($RightsQuery,$i).'</th>'."\n";
}
$GlobalContent.=' <th> </th>'."\n";
$GlobalContent.=' <th> </th>'."\n";
$GlobalContent.=' </tr>'."\n";
//existing users
while ($UserRecord=mysqli_fetch_array($UserQuery))
{
$GlobalContent.=' <tr>'."\n";
$GlobalContent.=' <form action="index.php?Page=EditUsers&ToDo=EditUser" method="post">'."\n";
$GlobalContent.=' <td><input type="hidden" name="Id" value="'.$UserRecord['Id'].'">'.$UserRecord['Id'].'</td>'."\n";
$GlobalContent.=' <td><input type="text" name="Login" value="'.$UserRecord['Login'].'" title="'.LangSpellHtml('TagTitleEditUserLogin').'"></td>'."\n";
$GlobalContent.=' <td><input type="password" name="Password" value="" title="'.LangSpellHtml('TagTitleEditUserPassword').'"></td>'."\n";
$RightsQuery="SELECT * FROM `UserRights` WHERE `Id` = ".$UserRecord['Id']." LIMIT 1";
if (!$RightsQuery=mysqli_query($GlobalMysqlHandler, $RightsQuery))
ErrorLog('[edit_users.php-$RightsQuery] Database error or user id '.$UserRecord['Id'].' not found in UserRights');
$RightsRecord=mysqli_fetch_row($RightsQuery);
for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
{
$GlobalContent.=' <td><input type="checkbox" name="'.mysqli_field_name($RightsQuery,$i).'" value="True" title="'.LangSpellHtml('TagTitleEditUserRight').'" '.((strtoupper($RightsRecord[$i])=="TRUE")? "checked":"").'></td>'."\n";
}
$GlobalContent.=' <td><input type="Submit" value="'.LangSpellHtml('ButtonSave').'" title="'.LangSpellHtml('ButtonSave').'" class="Button"></td>'."\n";
$GlobalContent.=' <td><a href="index.php?Page=EditUsers&ToDo=DeleteUser&Id='.$UserRecord[0].'" title="'.LangSpellHtml('TagTitleDeleteUser').'" target="_top" class="Button">'.OtherGetIcon('Delete',0).'</a></td>'."\n";
$GlobalContent.=' </form>'."\n";
$GlobalContent.=' </tr>'."\n";
}
//new user entry
$GlobalContent.=' <tr>'."\n";
$GlobalContent.=' <form action="index.php?Page=EditUsers&ToDo=NewUser" method="post">'."\n";
$GlobalContent.=' <td><input type="hidden" name="Id" value="'.$UserRecord['Id'].'">'.$UserRecord[$i].'</td>'."\n";
$GlobalContent.=' <td><input type="text" name="Login" value="'.$UserRecord['Login'].'" title="'.LangSpellHtml('TagTitleEditUserLogin').'"></td>'."\n";
$GlobalContent.=' <td><input type="password" name="Password" value="" title="'.LangSpellHtml('TagTitleEditUserPassword').'"></td>'."\n";
for ($i=1;$i<(mysqli_num_fields($RightsQuery));$i++)
{
$GlobalContent.=' <td><input type="checkbox" name="'.mysqli_field_name($RightsQuery,$i).'" value="True" title="'.LangSpellHtml('TagTitleEditUserRight').'"></td>'."\n";
}
$GlobalContent.=' <td><input type="Submit" value="'.LangSpellHtml('ButtonNew').'" class="Button"></td>'."\n";
$GlobalContent.=' <td> </td>'."\n";
$GlobalContent.=' </form>'."\n";
$GlobalContent.=' </tr>'."\n";
$GlobalContent.='</table>'."\n";
}
else
{
MessageError(LangSpell("ScentenceNoUserRights"));
}
?>
Reference in a new issue View git blame Copy permalink