ona  18.1.1
About: OpenNetAdmin provides a database managed inventory of your IP network (with Web and CLI interface).
  Fossies Dox: ona-18.1.1.tar.gz  ("inofficial" and yet experimental doxygen-generated source code documentation)  

user_edit.inc.php
Go to the documentation of this file.
1 <?php
2 
3 
5 // Function:
6 // Display Edit Form
7 //
8 // Description:
9 // Displays a form for creating/editing a record.
10 // If a record id is found in $form it is used to display an existing
11 // record for editing. When "Save" is pressed the save()
12 // function is called.
14 function ws_editor($window_name, $form='') {
15  global $conf, $self, $mysql;
16  global $color, $style, $images;
17 
18  // Make sure they have permission
19  if (!auth('admin')) {
20  $response = new xajaxResponse();
21  $response->addScript("alert('Permission denied!');");
22  return($response->getXML());
23  }
24 
25 
26  // If we got a record ID, load it for display
27  $admin_checked = '';
28  if (is_string($form) and is_numeric($form)) {
29  list($status, $rows, $record) = db_get_record($mysql, 'users', array('id' => $form, 'client_id' => $_SESSION['auth']['client']['id']));
30  list($status, $rows, $perm) = db_get_record($mysql, 'permissions', array('name' => 'admin'));
31  list($status, $rows, $acl) = db_get_record($mysql, 'acl', array('user_id' => $record['id'], 'perm_id' => $perm['id']));
32  if ($acl['id']) {
33  $admin_checked = 'CHECKED';
34  }
35  }
36 
37 
38  // Set a few parameters for the "results" window we're about to create
39  $window = array(
40  'title' => 'Employee Editor',
41  'html' => '',
42  'js' => '',
43  );
44 
45 
46  // Escape data for display in html
47  foreach(array_keys($record) as $key) { $record[$key] = htmlentities($record[$key], ENT_QUOTES, $conf['php_charset']); }
48 
49  // Load some html into $window['html']
50  $window['html'] .= <<<EOL
51 
52  <!-- Simple Employee Edit Form -->
53  <form id="{$window_name}_edit_form" onSubmit="return false;">
54  <input type="hidden" name="id" value="{$record['id']}">
55  <table cellspacing="1" border="0" cellpadding="0" style="background-color: {$color['window_content_bg']}; padding: 5px 20px;">
56 
57  <tr>
58  <td align="right" nowrap="true" class="padding">
59  First Name
60  </td>
61  <td class="padding" align="left" width="100%" class="padding">
62  <input
63  name="fname"
64  alt="First Name"
65  value="{$record['fname']}"
66  class="edit"
67  type="text"
68  size="32" maxlength="64"
69  >
70  </td>
71  </tr>
72 
73  <tr>
74  <td align="right" nowrap="true" class="padding">
75  Last Name
76  </td>
77  <td class="padding" align="left" width="100%" class="padding">
78  <input
79  name="lname"
80  alt="Last Name"
81  value="{$record['lname']}"
82  class="edit"
83  type="text"
84  size="32" maxlength="64"
85  >
86  </td>
87  </tr>
88 
89  <tr>
90  <td align="right" nowrap="true" class="padding">
91  Username
92  </td>
93  <td class="padding" align="left" width="100%" class="padding">
94  <input
95  name="username"
96  alt="Username"
97  value="{$record['username']}"
98  class="edit"
99  type="text"
100  size="32" maxlength="255"
101  >
102  </td>
103  </tr>
104 
105  <tr>
106  <td align="right" valign="top" nowrap="true" class="padding">
107  Password
108  </td>
109  <td class="padding" align="left" width="100%" class="padding">
110  <input
111  name="passwd"
112  alt="Password"
113  value=""
114  class="edit"
115  type="password"
116  size="32" maxlength="64"
117  >
118  </td>
119  </tr>
120 
121  <tr>
122  <td align="right" valign="top" nowrap="true" class="padding">
123  Admin
124  </td>
125  <td class="padding" align="left" width="100%" class="padding">
126  <input
127  name="admin"
128  alt="Admin"
129  type="checkbox"
130  {$admin_checked}
131  >
132  </td>
133  </tr>
134 
135  <tr>
136  <td align="right" valign="top" nowrap="true" class="padding">
137  &nbsp;
138  </td>
139  <td class="padding" align="right" width="100%" class="padding">
140  <input type="hidden" name="overwrite" value="{$overwrite}">
141  <input class="edit" type="button" name="cancel" value="Cancel" onClick="removeElement('{$window_name}');">
142  <input class="edit" type="button"
143  name="submit"
144  value="Save"
145  onClick="xajax_window_submit('{$window_name}', xajax.getFormValues('{$window_name}_edit_form'), 'save');"
146  >
147  </td>
148  </tr>
149 
150  </table>
151  </form>
152 
153 EOL;
154 
155  // Lets build a window and display the results
156  return(window_open($window_name, $window));
157 
158 }
159 
160 
161 
162 
163 
164 
165 
167 // Function:
168 // Save Form
169 //
170 // Description:
171 // Creates/updates a record with the info from the submitted form.
173 function ws_save($window_name, $form='') {
174  global $conf, $self, $mysql;
175 
176  // Make sure they have permission
177  if (!auth('admin')) {
178  $response = new xajaxResponse();
179  $response->addScript("alert('Permission denied!');");
180  return($response->getXML());
181  }
182 
183  // Don't allow this in the demo account!
184  if ($_SESSION['auth']['client']['url'] == 'demo') {
185  $response = new xajaxResponse();
186  $response->addScript("alert('Feature disabled in this demo!');");
187  return($response->getXML());
188  }
189 
190  // Instantiate the xajaxResponse object
191  $response = new xajaxResponse();
192  $js = '';
193 
194  // Make sure they're logged in
195  if (!loggedIn()) { return($response->getXML()); }
196 
197  // Validate input
198  if (!$form['fname'] or !$form['lname'] or !$form['username']) {
199  $js .= "alert('Error! First name, last name, and username are required fields!');";
200  $response->addScript($js);
201  return($response->getXML());
202  }
203  if (!$form['id'] and !$form['passwd']) {
204  $js .= "alert('Error! A password is required to create a new employee!');";
205  $response->addScript($js);
206  return($response->getXML());
207  }
208 
209  // Usernames are stored in lower case
210  $form['username'] = strtolower($form['username']);
211 
212  // md5sum the password if there is one
213  if ($form['passwd']) {
214  $form['passwd'] = md5($form['passwd']);
215  }
216 
217  // Create a new record?
218  if (!$form['id']) {
219  list ($status, $rows) = db_insert_record(
220  $mysql,
221  'users',
222  array(
223  'client_id' => $_SESSION['auth']['client']['id'],
224  'active' => 1,
225  'fname' => $form['fname'],
226  'lname' => $form['lname'],
227  'username' => $form['username'],
228  'passwd' => $form['passwd'],
229  'ctime' => date_mangle(time()),
230  'mtime' => date_mangle(time()),
231  )
232  );
233  printmsg("NOTICE => Added new user: {$form['username']} client url: {$_SESSION['auth']['client']['url']}", 0);
234  }
235 
236  // Update an existing record?
237  else {
238  list($status, $rows, $record) = db_get_record($mysql, 'users', array('id' => $form['id'], 'client_id' => $_SESSION['auth']['client']['id']));
239  if ($rows != 1 or $record['id'] != $form['id']) {
240  $js .= "alert('Error! The record requested could not be loaded from the database!');";
241  $response->addScript($js);
242  return($response->getXML());
243  }
244  if (strlen($form['passwd']) < 32) {
245  $form['passwd'] = $record['passwd'];
246  }
247 
248  list ($status, $rows) = db_update_record(
249  $mysql,
250  'users',
251  array(
252  'id' => $form['id'],
253  ),
254  array(
255  'fname' => $form['fname'],
256  'lname' => $form['lname'],
257  'username' => $form['username'],
258  'passwd' => $form['passwd'],
259  'mtime' => date_mangle(time()),
260  'active' => 1
261  )
262  );
263 
264  printmsg("NOTICE => Updated user: {$form['username']} client url: {$_SESSION['auth']['client']['url']}", 0);
265  }
266 
267  // If the module returned an error code display a popup warning
268  if ($status) {
269  printmsg("ERROR => User add/edit failed! {$self['error']}", 0);
270  $js .= "alert('Save failed. Contact the webmaster if this problem persists.');";
271  $response->addScript($js);
272  return($response->getXML());
273  }
274 
275  $js .= "removeElement('{$window_name}');";
276  $js .= "xajax_window_submit('user_list', xajax.getFormValues('user_list_filter_form'), 'display_list');";
277 
278  // Handle the "admin" flag
279  list($status, $rows, $user) = db_get_record($mysql, 'users', array('username' => $form['username'], 'client_id' => $_SESSION['auth']['client']['id'], 'active' => 1));
280  list($status, $rows, $perm) = db_get_record($mysql, 'permissions', array('name' => 'admin'));
281  list($status, $rows, $acl) = db_get_record($mysql, 'acl', array('user_id' => $user['id'], 'perm_id' => $perm['id']));
282  if ($form['admin'] and !$acl['id'] and $user['id'] and $perm['id']) {
283  // Give the user the permission
284  list($status, $rows) = db_insert_record($mysql, 'acl', array('user_id' => $user['id'], 'perm_id' => $perm['id']));
285  }
286  else if (!$form['admin'] and $acl['id'] and $user['id'] and $perm['id'] and ($_SESSION['auth']['user']['id'] != $user['id']) ) {
287  // Take the permission away, UNLESS THEY ARE TRYING TO MODIFY THEIR OWN ACCOUNT!
288  list($status, $rows) = db_delete_record($mysql, 'acl', array('user_id' => $user['id'], 'perm_id' => $perm['id']));
289 
290  }
291  else if ($_SESSION['auth']['user']['id'] == $user['id']) {
292  // IF they did try to remove their own admin status, give them a popup and tell them they can't do that.
293  $js .= "alert('WARNING => You can\\'t change your own admin status!');";
294  }
295 
296  // Insert the new table into the window
297  $response->addScript($js);
298  return($response->getXML());
299 }
300 
301 
302 
303 
304 ?>
db_insert_record
db_insert_record($dbh=0, $table="", $insert="")
Definition: functions_db.inc.php:375
ws_save
ws_save($window_name, $form='')
Definition: user_edit.inc.php:173
loggedIn
loggedIn()
Definition: functions_general.inc.php:1313
Name
Full Name
Definition: app_user_info.inc.php:101
$record
$record['display_name']
Definition: app_advanced_search.inc.php:12
$status
$status
Definition: install.php:12
$window
$window['title']
Definition: install.php:26
printmsg
if(6<=$conf['debug']) printmsg($msg="", $debugLevel=0)
Definition: functions_general.inc.php:48
ws_editor
ws_editor($window_name, $form='')
Definition: user_edit.inc.php:14
window_open
window_open($window_name, $window=array())
Definition: webwin.inc.php:59
db_update_record
db_update_record($dbh=0, $table="", $where="", $insert="")
Definition: functions_db.inc.php:474
$images
$images
Definition: config.inc.php:26
EOL
< a style="text-decoration: none;" href="/">< input class='edit' type="button" value="I don't like free stuff?" onclick=""/></a ></center ></div > EOL
Definition: install.php:40
Username
</td ></td ><!-- commented out for now till LDAP stuff is usefull< tr >< td colspan="2" align="center" class="padding" style="font-weight: bold;">< u > Domain Info</u ></td ></td >< tr >< td align="right" valign="top" class="padding" style="font-weight: bold;"> Username
Definition: app_user_info.inc.php:92
$_SESSION
$_SESSION['ona']['auth']
Definition: login.php:14
$conf
global $conf
Definition: 2-to-3.php:15
xajaxResponse
Definition: xajaxResponse.inc.php:68
$style
$style['font-family']
Definition: config.inc.php:158
nbsp
& nbsp
Definition: install.php:36
$self
global $self
Definition: 2-to-3.php:15
db_get_record
db_get_record($dbh=0, $table="", $where="", $order="")
Definition: functions_db.inc.php:708
auth
auth($resource, $msg_level=1)
Definition: functions_general.inc.php:1330
$color
if($_SERVER['SERVER_PORT']==443) $color['bg']
Definition: config.inc.php:119
date_mangle
date_mangle($time=-1)
Definition: functions_general.inc.php:1105