From d32ba6b5d9995560f750ee5e188e8c1a088baede Mon Sep 17 00:00:00 2001
From: Spiros Ioannou <sivann@mute>
Date: Tue, 1 May 2012 16:09:55 +0300
Subject: [PATCH] new user editing

---
 itdb.php          |   0
 php/edituser.php  | 199 ++++++++++++++++++++++++++++++++++++++++++++++
 php/editusers.php | 103 ------------------------
 php/listusers.php |  68 ++++++++++++++++
 4 files changed, 267 insertions(+), 103 deletions(-)
 create mode 100644 itdb.php
 create mode 100644 php/edituser.php
 delete mode 100644 php/editusers.php
 create mode 100644 php/listusers.php

diff --git a/itdb.php b/itdb.php
new file mode 100644
index 0000000..e69de29
diff --git a/php/edituser.php b/php/edituser.php
new file mode 100644
index 0000000..074ece5
--- /dev/null
+++ b/php/edituser.php
@@ -0,0 +1,199 @@
+<?php 
+
+if (!isset($initok)) {echo "do not run this script directly";exit;}
+
+/* Spiros Ioannou 2009-2010 , sivann _at_ gmail.com */
+
+//delete user
+if (isset($_GET['delid'])) {
+  $delid=$_GET['delid'];
+  if (!is_numeric($delid)) {
+    echo "Non numeric id delid=($delid)";
+    exit;
+  }
+
+  //first handle item associations
+  /*
+  $nitems=countitemsofuser($delid);
+  if ($nitems>0) {
+    echo "<b>User not deleted: Please reassign $nitems items first from this user<br></b>\n";
+    echo "<br><a href='javascript:history.go(-1);'>Go back</a>\n</body></html>";
+    exit;
+  }
+  else {
+  }
+    */
+  deluser($delid,$dbh); //reassigns items to administrator
+  echo "<script>document.location='$scriptname?action=listusers'</script>\n";
+  echo "<a href='$scriptname?action=listusers'>Go here</a>\n</body></html>"; 
+  exit;
+
+}
+
+if (isset($_POST['id'])) { //if we came from a post (save), update the user 
+  $id=$_POST['id'];
+  $username=$_POST['username'];
+  $usertype=$_POST['usertype'];
+
+  //don't accept empty fields
+  if (empty($_POST['username']))  {
+    echo "<br><b><span class='mandatory'>Username</span> field cannot be empty.</b><br>".
+         "<a href='javascript:history.go(-1);'>Go back</a></body></html>";
+    exit;
+  }
+
+
+  if ($_POST['id']=="new")  {//if we came from a post (save) the add user 
+    $sql="INSERT into users (username , userdesc , pass, usertype) ".
+	 " VALUES ('$username','$userdesc','$pass', '$usertype')";
+    db_exec($dbh,$sql,0,0,$lastid);
+    $lastid=$dbh->lastInsertId();
+    print "<br><b>Added user <a href='$scriptname?action=$action&amp;id=$lastid'>$lastid</a></b><br>";
+    echo "<script>window.location='$scriptname?action=$action&id=$lastid'</script> "; //go to the new user
+    echo "\n</body></html>";
+    //$id=$lastid;
+    exit;
+
+  }//new rack
+  else {
+    //check for duplicate username
+    $sql="SELECT count(id) AS count from users where username='{$_POST['username']}' AND id<>{$_POST['id']}";
+    $sth1=db_execute($dbh,$sql);
+    $r1=$sth1->fetch(PDO::FETCH_ASSOC);
+    $sth1->closeCursor();
+    $c=$r1['count'];
+    if ($c) {
+      echo "<b>Not saved -- Username already exists</b>";
+    }
+    //else if ($_POST['id']==1 && $_POST['username']!="admin") { echo "<b>Cannot change admin username</b>"; }
+    else {
+      $sql="UPDATE users set ".
+	" username='".$_POST['username']."', ".
+	" userdesc='".$_POST['userdesc']."', ".
+	" pass='".$_POST['pass']."', ".
+	" usertype='".$_POST['usertype']."' ".
+	" WHERE id=$id";
+      db_exec($dbh,$sql);
+    }
+  }
+}//save pressed
+
+/////////////////////////////
+//// display data 
+
+if (!isset($_REQUEST['id'])) {echo "ERROR:ID not defined";exit;}
+$id=$_REQUEST['id'];
+
+//$sql="SELECT * FROM racks where racks.id='$id'";
+$sql="SELECT * from users where users.id='$id'";
+$sth=db_execute($dbh,$sql);
+$r=$sth->fetch(PDO::FETCH_ASSOC);
+
+if (($id !="new") && (count($r)<2)) {echo "ERROR: non-existent ID<br>($sql)";exit;}
+
+echo "\n<form id='mainform' method=post  action='$scriptname?action=$action&amp;id=$id' enctype='multipart/form-data'  name='addfrm'>\n";
+
+if ($id=="new")
+  echo "\n<h1>".t("Add User")."</h1>\n";
+else
+  echo "\n<h1>".t("Edit User")."  ($id)"."</h1>\n";
+
+?>
+
+<!-- error errcontainer -->
+<div class='errcontainer ui-state-error ui-corner-all' style='padding: 0 .7em;width:700px;margin-bottom:3px;'>
+        <p><span class='ui-icon ui-icon-alert' style='float: left; margin-right: .3em;'></span>
+        <h4><?php te("There are errors in your form submission, please see below for details");?>.</h4>
+        <ol>
+                <li><label for="username" class="error"><?php te("Username is missing");?></label></li>
+        </ol>
+</div>
+
+<table style='width:100%' border=0>
+
+
+<tr>
+<td class="tdtop" width=20%>
+
+    <table class="tbl2" style='width:300px;'>
+    <tr><td colspan=2><h3>User Properties</h3></td></tr>
+    <tr><td class="tdt">ID:</td> 
+        <td><input  style='display:none' type=text name='id' 
+	     value='<?php echo $id?>' readonly size=3><?php echo $id?></td></tr>
+    <tr><td class="tdt"><?php te("Username");?>:</td> <td><input  class='input2 mandatory' validate='required:true' size=20 type=text name='username' value="<?php echo $r['username']?>"></td></tr>
+    <tr><td class="tdt"><?php te("Type")?></td>
+        <td>
+	<select class='mandatory' validate='required:true' name='usertype'>
+	<?php
+	if ($r['usertype']==1 || empty($r['username'])) {$s1="selected"; $s0="";} else {$s0="selected"; $s1="";} 
+	echo " <option value=1 $s1>".t("Read Only")."</option>\n".
+	     " <option value=0 $s0>".t("Full Access")."</option>\n".
+	     "</select></td>";
+	?>
+	</select>
+    </td></tr>
+
+    <tr><td class="tdt"><?php te("User Description");?>:</td> 
+        <td><input autocomplete="off" class='input2' size=20 
+	     type=text name='userdesc' value="<?php echo $r['userdesc']?>">
+        </td></tr>
+    <tr><td class="tdt"><?php te("Password");?>:</td> 
+        <td><input autocomplete="off" class='input2' size=20 type="password"
+	     name='pass' value="<?php echo $r['pass']?>">
+	 </td></tr>
+    <tr><td class="tdt"><?php te("Items");?>:</td> <td><?php echo countitemsofuser($r['id']) ?></td>
+    </table>
+    <ul>
+      <li><b><?php te("Users are used for both web login and as item assignees");?></b></li>
+      <li><sup>1</sup><?php te("Blank passwords prohibit login");?></li>
+    </ul>
+</td>
+
+<td class='smallrack' style='padding-left:10px;border-left:1px dashed #aaa'>
+    <div class=scrltblcontainer>
+      <div  id='items' class='relatedlist'><?php te("ITEMS");?></div>
+      <?php 
+      if (is_numeric($id)) {
+        $sql="SELECT items.id, agents.title || ' ' || items.model || ' [' || itemtypes.typedesc || ', ".
+             " ID:' || items.id || ']' as txt ".
+             "FROM agents,items,itemtypes WHERE ".
+             " agents.id=items.manufacturerid AND items.itemtypeid=itemtypes.id AND ".
+             " items.userid='$id' ";
+        $sthi=db_execute($dbh,$sql);
+        $ri=$sthi->fetchAll(PDO::FETCH_ASSOC);
+        $nitems=count($ri);
+        $institems="";
+        for ($i=0;$i<$nitems;$i++) {
+          $x=($i+1).": ".$ri[$i]['txt'];
+          if ($i%2) $bcolor="#D9E3F6"; else $bcolor="#ffffff";
+          $institems.="\t<div style='margin:0;padding:0;background-color:$bcolor'>".
+                      "<a href='$scriptname?action=edititem&amp;id={$ri[$i]['id']}'>$x</a></div>\n";
+        }
+        echo $institems;
+      }
+      ?>
+      </div>
+    </div>
+</td>
+</tr>
+<tr>
+<td colspan=2>
+<button type="submit"><img src="images/save.png" alt="Save"> <?php te("Save");?></button>
+<?php 
+echo "\n<button type='button' onclick='javascript:delconfirm2(\"{$r['id']}\",\"$scriptname?action=$action&amp;delid=$id\");'>".
+     "<img title='delete' src='images/delete.png' border=0>".t("Delete"). "</button>\n";
+?>
+
+</td>
+</tr>
+
+
+</table>
+
+<input type=hidden name='id' value='<?php echo $id ?>'>
+<input type=hidden name='action' value='<?php echo $action ?>'>
+
+</form>
+
+</body>
+</html>
diff --git a/php/editusers.php b/php/editusers.php
deleted file mode 100644
index 388f87a..0000000
--- a/php/editusers.php
+++ /dev/null
@@ -1,103 +0,0 @@
-<script>
- $(document).ready(function() {
-    $('input#usersfilter').quicksearch('table#userstbl tbody tr');
- });
-
-</script>
-<?php 
-if (!isset($initok)) {echo "do not run this script directly";exit;}
-
-/* Spiros Ioannou 2009 , sivann _at_ gmail.com */
-
-//echo "<pre>"; print_r($_GET); print_r($_POST);
-
-
-$formvars=array("id", "username","userdesc","pass");
-
-//if came here from a form post, update db with new values
-if (isset($_POST['username'])) {
-  $nrows=count($_POST['id']); //number of rows
-
-  for ($rn=0;$rn<$nrows;$rn++) {
-    $id=$_POST['id'][$rn];
-      if (($id == "new") && (strlen($_POST['username'][$rn])>1) )  {//new item -- insert
-      $sql="INSERT into users ".
-          "(username,userdesc,pass, usertype) ".
-	  " values (".
-	  "'".($_POST['username'][$rn])."',".
-	  "'".($_POST['userdesc'][$rn])."',".
-	  "'".($_POST['pass'][$rn])."',".
-	  "'".($_POST['usertype'][$rn])."')";
-      }
-      elseif ($id!="new"){ //existing item -- update
-	$sql="UPDATE users set ".
-	  " username='".($_POST['username'][$rn])."', ".
-	  " userdesc='".($_POST['userdesc'][$rn])."', ".
-	  " pass='".($_POST['pass'][$rn])."', ".
-	  " usertype='".($_POST['usertype'][$rn])."' ".
-	  " WHERE id=$id";
-      }
-      else {continue;}
-
-    //echo "$rn $sql<br>";
-   db_exec($dbh,$sql);
-  }//for
-} //if
-
-$sql="select * from users order by username";
-$sth=db_execute($dbh,$sql);
-?>
-
-<form autocomplete='off' method=post name='actionaddfrm'>
-<h1><?php te("Users");?></h1><b><?php te("Users are used for both web login and as item assignees");?></b>
-<input style='color:#909090' id="usersfilter" name="usersfilter" class='filter' 
-      value='Filter' onclick='this.style.color="#000"; this.value=""' size="20">
-<span style='font-weight:normal;' class='nres'></span>
-
-<table id='userstbl' class=brdr width='100%' border=0>
-  <thead>
-  <tr><th><?php te("Username");?></th><th><?php te("User Description");?></th>
-      <th><?php te("Password");?><sup>1</sup></th>
-      <th><?php te("Type");?></th></tr>
-  </thead>
-  <tbody>
-
-<?php
-$i=0;
-/// print actions list
-while ($r=$sth->fetch(PDO::FETCH_ASSOC)) {
-  $i++;
-  if ($r['usertype']==0) 
-    {$s0="selected"; $s1="";} 
-  else 
-    {$s1="selected"; $s0="";} 
-  echo "\n<tr>\n";
-  echo "<td><input type=hidden name='id[]' value='".$r['id']."' readonly size=3>";
-  echo "<input size=15 type=text name='username[]' value=\"".$r['username']."\"></td>\n";
-  echo "<td><input size=50 type=text name='userdesc[]' value=\"".$r['userdesc']."\"></td>\n";
-  echo "<td><input size=12 type=password name='pass[]' value=\"".$r['pass']."\"></td>\n";
-  echo "<td><select  name='usertype[]'>".
-       " <option value=0 $s0>".t("Full Access")."</option>\n".
-       " <option value=1 $s1>".t("Read Only")."</option>\n".
-       "</select></td>";
-  echo "</tr>\n\n";
-}
-
-?>
-<tr><td><input type=hidden name='id[]' value='new' readonly size=3>
-<input size=15 type=text name='username[]' ></td>
-<td><input size=50 type=text name='userdesc[]' ></td>
-<td><input size=12 type=text name='pass[]' ></td>
-<td><select  name='usertype[]'>
- <option value=0 ><?php te("Full Access");?></option>
- <option value=1 ><?php te("Read Only");?></option>
-</select></td>
-
-<tr><td colspan=4><button type="submit"><img src="images/save.png" alt="Save" > <?php te("Save");?></button></td></tr>
-<tr><td colspan=4><sup>1</sup><?php te("Blank passwords prohibit login");?></td></tr>
-
-</tbody>
-</table>
-</form>
-</body>
-</html>
diff --git a/php/listusers.php b/php/listusers.php
new file mode 100644
index 0000000..fed9fdb
--- /dev/null
+++ b/php/listusers.php
@@ -0,0 +1,68 @@
+<SCRIPT LANGUAGE="JavaScript"> 
+$(function () {
+  $('table#userslisttbl').dataTable({
+	"sPaginationType": "full_numbers",
+	"bJQueryUI": true,
+	"iDisplayLength": 25,
+	"bLengthChange": true,
+	"bFilter": true,
+	"bSort": true,
+	"bInfo": true,
+	"sDom": '<"H"Tlpf>rt<"F"ip>',
+	"aaSorting": [],
+	"oTableTools": {
+	    "sSwfPath": "swf/copy_cvs_xls_pdf.swf"
+	}
+
+  });
+});
+
+</SCRIPT>
+<?php 
+
+if (!isset($initok)) {echo "do not run this script directly";exit;}
+
+$sql="SELECT * from users ORDER by username ASC";
+$sth=db_execute($dbh,$sql);
+?>
+
+<h1><?php te("Users");?> <a title='<?php te("Add new User");?>' href='<?php echo $scriptname?>?action=edituser&amp;id=new'><img border=0 src='images/add.png' ></a>
+</h1>
+
+<th title='<?php te("how many items are assigned to this user");?>'> <?php te("Items");?></th>
+<table class='display' width="100%" id='userslisttbl'>
+<thead>
+<tr>
+  <th width='2%'><?php te("Edit");?></th>
+  <th width='5%'><?php te("Username");?></th>
+  <th><?php te("User Description");?></th>
+  <th><?php te("Type");?></th>
+  <th width='5%'><?php te("Items");?></th>
+</tr>
+</thead>
+<tbody>
+
+<?php 
+$usertype[0]=t("Full Access");
+$usertype[1]=t("Read Only");
+
+$i=0;
+while ($r=$sth->fetch(PDO::FETCH_ASSOC)) {
+  $i++;
+  $itemcount=countitemsofuser($r['id']);
+  echo "\n<tr>";
+  echo "<td><a class='editid' href='$scriptname?action=edituser&amp;id=".$r['id']."'>{$r['id']}</a></td>\n";
+  echo "<td>{$r['username']}</td>\n";
+  echo "<td>{$r['userdesc']}</td>\n";
+  echo "<td>{$usertype[$r['usertype']]}</td>\n";
+  echo "<td>$itemcount</td>\n";
+  echo "</tr>\n";
+}
+?>
+
+</tbody>
+</table>
+
+</form>
+</body>
+</html>