2012-06-04 16:58:40 +02:00
|
|
|
<?php
|
|
|
|
|
/*
|
|
|
|
|
FusionPBX
|
|
|
|
|
Version: MPL 1.1
|
|
|
|
|
|
|
|
|
|
The contents of this file are subject to the Mozilla Public License Version
|
|
|
|
|
1.1 (the "License"); you may not use this file except in compliance with
|
|
|
|
|
the License. You may obtain a copy of the License at
|
|
|
|
|
http://www.mozilla.org/MPL/
|
|
|
|
|
|
|
|
|
|
Software distributed under the License is distributed on an "AS IS" basis,
|
|
|
|
|
WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
|
|
|
for the specific language governing rights and limitations under the
|
|
|
|
|
License.
|
|
|
|
|
|
|
|
|
|
The Original Code is FusionPBX
|
|
|
|
|
|
|
|
|
|
The Initial Developer of the Original Code is
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
2019-02-28 11:57:41 +01:00
|
|
|
Portions created by the Initial Developer are Copyright (C) 2008-2019
|
2012-06-04 16:58:40 +02:00
|
|
|
the Initial Developer. All Rights Reserved.
|
|
|
|
|
|
|
|
|
|
Contributor(s):
|
|
|
|
|
Mark J Crane <markjcrane@fusionpbx.com>
|
|
|
|
|
*/
|
2016-10-02 22:30:38 +02:00
|
|
|
|
|
|
|
|
//includes
|
2016-10-05 18:29:30 +02:00
|
|
|
include "root.php";
|
2016-10-02 22:30:38 +02:00
|
|
|
require_once "resources/require.php";
|
|
|
|
|
require_once "resources/check_auth.php";
|
2016-10-05 18:29:30 +02:00
|
|
|
require_once "resources/paging.php";
|
2016-10-02 22:30:38 +02:00
|
|
|
|
|
|
|
|
//check permissions
|
|
|
|
|
if (permission_exists("user_view") || if_group("superadmin")) {
|
|
|
|
|
//access granted
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
echo "access denied";
|
|
|
|
|
exit;
|
|
|
|
|
}
|
2013-06-09 06:32:24 +02:00
|
|
|
|
2016-10-05 18:29:30 +02:00
|
|
|
//add multi-lingual support
|
|
|
|
|
$language = new text;
|
|
|
|
|
$text = $language->get();
|
|
|
|
|
|
|
|
|
|
//include the header
|
|
|
|
|
require_once "resources/header.php";
|
|
|
|
|
$document['title'] = $text['title-user_manager'];
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2015-03-27 17:18:30 +01:00
|
|
|
//set the variables
|
|
|
|
|
$order_by = check_str($_GET["order_by"]);
|
|
|
|
|
$order = check_str($_GET["order"]);
|
2018-12-05 07:25:38 +01:00
|
|
|
$search = check_str($_REQUEST["search"]);
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2013-08-16 08:27:06 +02:00
|
|
|
//get the list of superadmins
|
|
|
|
|
$superadmins = superadmin_list($db);
|
|
|
|
|
|
2018-12-21 06:25:32 +01:00
|
|
|
//get the user count from the database
|
2015-03-31 08:05:08 +02:00
|
|
|
$sql = "select count(*) as num_rows from v_users where 1 = 1 ";
|
2017-12-09 20:10:56 +01:00
|
|
|
if (!(permission_exists('user_all') && $_GET['show'] == 'all')) {
|
2015-03-31 08:05:08 +02:00
|
|
|
$sql .= "and domain_uuid = '".$_SESSION['domain_uuid']."' ";
|
|
|
|
|
}
|
2015-03-22 09:17:04 +01:00
|
|
|
$prep_statement = $db->prepare($sql);
|
|
|
|
|
if ($prep_statement) {
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
|
|
|
|
|
$total_users = $row['num_rows'];
|
|
|
|
|
}
|
|
|
|
|
unset($prep_statement, $row);
|
|
|
|
|
|
|
|
|
|
//get the users from the database (reuse $sql from above)
|
2018-12-05 07:25:38 +01:00
|
|
|
if (strlen($search) > 0) {
|
|
|
|
|
$search = strtolower($search);
|
|
|
|
|
$sql .= "and lower(username) = '".$search."' ";
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
2015-03-31 08:05:08 +02:00
|
|
|
if (strlen($order_by) > 0) { $sql .= "order by ".$order_by." ".$order." "; }
|
2013-08-16 08:27:06 +02:00
|
|
|
$prep_statement = $db->prepare($sql);
|
|
|
|
|
if ($prep_statement) {
|
|
|
|
|
$prep_statement->execute();
|
|
|
|
|
$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
|
|
|
|
|
if ($row['num_rows'] > 0) {
|
|
|
|
|
$num_rows = $row['num_rows'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$num_rows = '0';
|
|
|
|
|
}
|
|
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
unset ($prep_statement, $result, $sql);
|
2016-03-29 07:02:11 +02:00
|
|
|
$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
|
2018-12-05 07:25:38 +01:00
|
|
|
$param = "search=".escape($search);
|
2017-12-09 20:10:56 +01:00
|
|
|
if (permission_exists('user_all') && $_GET['show'] == 'all') {
|
|
|
|
|
$param .= "&show=all";
|
2015-03-31 08:05:08 +02:00
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
$page = $_GET['page'];
|
2013-06-09 06:32:24 +02:00
|
|
|
if (strlen($page) == 0) { $page = 0; $_GET['page'] = 0; }
|
|
|
|
|
list($paging_controls, $rows_per_page, $var_3) = paging($num_rows, $param, $rows_per_page);
|
|
|
|
|
$offset = $rows_per_page * $page;
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2019-03-02 00:51:15 +01:00
|
|
|
$sql = "select u.domain_uuid, u.user_uuid, u.username, u.user_enabled, contact_organization, contact_name_given, contact_name_family, \n";
|
2019-03-01 23:09:58 +01:00
|
|
|
$sql .= "( \n";
|
|
|
|
|
$sql .= "select \n";
|
|
|
|
|
$sql .= " string_agg(g.group_name, ', ') \n";
|
|
|
|
|
$sql .= "from \n";
|
|
|
|
|
$sql .= " v_user_groups as ug, \n";
|
|
|
|
|
$sql .= " v_groups as g \n";
|
|
|
|
|
$sql .= "where \n";
|
|
|
|
|
$sql .= " ug.group_uuid = g.group_uuid \n";
|
|
|
|
|
$sql .= " and u.user_uuid = ug.user_uuid \n";
|
|
|
|
|
$sql .= ") AS groups \n";
|
|
|
|
|
$sql .= "from v_contacts as c \n";
|
|
|
|
|
$sql .= "right join v_users u on u.contact_uuid = c.contact_uuid \n";
|
|
|
|
|
$sql .= "inner join v_domains as d on d.domain_uuid = u.domain_uuid \n";
|
|
|
|
|
$sql .= "where 1 = 1 \n";
|
2017-12-09 20:10:56 +01:00
|
|
|
if (!(permission_exists('user_all') && $_GET['show'] == 'all')) {
|
2019-03-01 23:09:58 +01:00
|
|
|
$sql .= "and u.domain_uuid = '".$_SESSION['domain_uuid']."' \n";
|
2015-03-31 08:05:08 +02:00
|
|
|
}
|
2018-12-05 07:25:38 +01:00
|
|
|
if (strlen($search) > 0) {
|
2019-03-01 23:09:58 +01:00
|
|
|
$sql .= "and lower(u.username) like '%".$search."%' \n";
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
2013-06-09 06:32:24 +02:00
|
|
|
if (strlen($order_by)> 0) {
|
2019-03-01 23:09:58 +01:00
|
|
|
$sql .= "order by ".$order_by." ".$order." \n";
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2019-03-02 00:51:15 +01:00
|
|
|
$sql .= "order by u.username asc \n";
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
2019-03-02 00:51:15 +01:00
|
|
|
$sql .= "limit ".$rows_per_page." offset ".$offset." ";
|
|
|
|
|
//echo "<pre>\n";
|
|
|
|
|
//print_r($sql);
|
|
|
|
|
//echo "</pre>\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
$prep_statement = $db->prepare(check_sql($sql));
|
|
|
|
|
$prep_statement->execute();
|
2015-09-05 05:51:51 +02:00
|
|
|
$users = $prep_statement->fetchAll(PDO::FETCH_NAMED);
|
2019-03-01 23:09:58 +01:00
|
|
|
if (!$users) {
|
|
|
|
|
echo "<pre>\n";
|
|
|
|
|
print_r($prep_statement->errorInfo());
|
|
|
|
|
echo "</pre>\n";
|
|
|
|
|
exit;
|
|
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
unset ($prep_statement, $sql);
|
|
|
|
|
|
2015-09-05 05:51:51 +02:00
|
|
|
//page title and description
|
|
|
|
|
echo "<table width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
|
|
|
|
|
echo "<form method='post' action=''>";
|
|
|
|
|
echo "<tr>\n";
|
2015-09-05 06:06:09 +02:00
|
|
|
echo "<td align='left' width='90%' nowrap='nowrap' valign='top'><b>".$text['header-user_manager']." (".$num_rows.")</b></td>\n";
|
2015-09-05 05:51:51 +02:00
|
|
|
echo "<td align='right' nowrap='nowrap'>";
|
|
|
|
|
if (permission_exists('user_all')) {
|
2017-12-09 20:10:56 +01:00
|
|
|
if ($_GET['show'] == 'all') {
|
2016-10-05 18:29:30 +02:00
|
|
|
echo "<input type='button' class='btn' value='".$text['button-back']."' onclick=\"window.location='users.php';\">\n";
|
2017-12-09 20:10:56 +01:00
|
|
|
echo "<input type='hidden' name='show' value='all'>";
|
2015-09-05 05:51:51 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2017-12-09 20:10:56 +01:00
|
|
|
echo "<input type='button' class='btn' value='".$text['button-show_all']."' onclick=\"window.location='users.php?show=all';\">\n";
|
2015-09-05 05:51:51 +02:00
|
|
|
}
|
|
|
|
|
}
|
2018-02-22 17:49:28 +01:00
|
|
|
if (permission_exists('user_import')) {
|
2018-09-28 19:07:07 +02:00
|
|
|
echo "<input type='button' class='btn' alt='".$text['button-import']."' onclick=\"window.location='user_imports.php'\" value='".$text['button-import']."'>\n";
|
2018-02-22 17:49:28 +01:00
|
|
|
}
|
2018-12-05 07:25:38 +01:00
|
|
|
echo "<input type='text' class='txt' style='width: 150px; margin-left: 15px; margin-right: 3px;' name='search' value=\"".escape($search)."\">";
|
2015-09-05 05:51:51 +02:00
|
|
|
echo "<input type='submit' class='btn' name='submit' value='".$text['button-search']."'>";
|
|
|
|
|
echo "</td>";
|
|
|
|
|
echo "</tr>\n";
|
|
|
|
|
echo "</form>";
|
|
|
|
|
|
|
|
|
|
echo "<tr>\n";
|
|
|
|
|
echo "<td align='left' colspan='4'>\n";
|
|
|
|
|
echo $text['description-user_manager']."\n";
|
|
|
|
|
echo "<br />\n";
|
|
|
|
|
echo "<br />\n";
|
|
|
|
|
echo "</td>\n";
|
|
|
|
|
echo "</tr>\n";
|
|
|
|
|
|
2012-06-04 16:58:40 +02:00
|
|
|
//alternate the row style
|
|
|
|
|
$c = 0;
|
|
|
|
|
$row_style["0"] = "row_style0";
|
|
|
|
|
$row_style["1"] = "row_style1";
|
|
|
|
|
|
2018-12-18 06:07:13 +01:00
|
|
|
//show the users
|
2014-06-21 09:04:04 +02:00
|
|
|
echo "<table class='tr_hover' width='100%' border='0' cellpadding='0' cellspacing='0'>\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
|
|
|
|
|
echo "<tr>\n";
|
2017-12-09 20:10:56 +01:00
|
|
|
if (permission_exists('user_all') && $_GET['show'] == 'all') {
|
2015-03-31 08:05:08 +02:00
|
|
|
echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, '', '', $param);
|
|
|
|
|
}
|
2013-06-09 06:32:24 +02:00
|
|
|
echo th_order_by('username', $text['label-username'], $order_by, $order);
|
2015-05-10 07:23:42 +02:00
|
|
|
echo "<th>".$text['label-groups']."</th>\n";
|
2018-12-18 06:07:13 +01:00
|
|
|
echo "<th>".$text['label-organization']."</th>\n";
|
|
|
|
|
echo "<th>".$text['label-name']."</th>\n";
|
2015-03-31 08:05:08 +02:00
|
|
|
echo th_order_by('user_enabled', $text['label-enabled'], $order_by, $order, '', '', $param);
|
2014-02-26 03:35:26 +01:00
|
|
|
echo "<td class='list_control_icons'>";
|
2012-06-04 16:58:40 +02:00
|
|
|
if (permission_exists('user_add')) {
|
2015-03-22 09:17:04 +01:00
|
|
|
if ($_SESSION['limit']['users']['numeric'] == '' || ($_SESSION['limit']['users']['numeric'] != '' && $total_users < $_SESSION['limit']['users']['numeric'])) {
|
2016-10-05 18:29:30 +02:00
|
|
|
echo "<a href='user_edit.php' alt='".$text['button-add']."'>".$v_link_label_add."</a>";
|
2015-03-22 09:17:04 +01:00
|
|
|
}
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
echo "</td>\n";
|
2014-06-22 03:16:49 +02:00
|
|
|
echo "</tr>\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2018-06-04 00:23:00 +02:00
|
|
|
if (is_array($users)) {
|
2015-09-05 05:51:51 +02:00
|
|
|
foreach($users as $row) {
|
2013-08-16 08:27:06 +02:00
|
|
|
if (if_superadmin($superadmins, $row['user_uuid']) && !if_group("superadmin")) {
|
|
|
|
|
//hide
|
|
|
|
|
} else {
|
2018-06-04 00:23:00 +02:00
|
|
|
$tr_link = (permission_exists('user_edit')) ? "href='user_edit.php?id=".escape($row['user_uuid'])."'" : null;
|
2014-06-21 09:04:04 +02:00
|
|
|
echo "<tr ".$tr_link.">\n";
|
2017-12-09 20:10:56 +01:00
|
|
|
if (permission_exists('user_all') && $_GET['show'] == 'all') {
|
2019-01-02 23:09:07 +01:00
|
|
|
echo " <td valign='top' class='".$row_style[$c]."'>".escape($row['domain_name'])."</td>\n";
|
2015-03-31 08:05:08 +02:00
|
|
|
}
|
2014-06-21 02:58:16 +02:00
|
|
|
echo " <td valign='top' class='".$row_style[$c]."'>";
|
|
|
|
|
if (permission_exists('user_edit')) {
|
2018-06-04 00:23:00 +02:00
|
|
|
echo "<a href='user_edit.php?id=".escape($row['user_uuid'])."'>".escape($row['username'])."</a>";
|
2014-06-21 02:58:16 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2018-06-04 00:23:00 +02:00
|
|
|
echo escape($row['username']);
|
2014-06-21 02:58:16 +02:00
|
|
|
}
|
|
|
|
|
echo " </td>\n";
|
2019-03-01 23:09:58 +01:00
|
|
|
echo " <td valign='top' class='".$row_style[$c]."'>\n";
|
|
|
|
|
echo " ".$row['groups']." \n";
|
|
|
|
|
echo " </td>\n";
|
2018-12-18 06:07:13 +01:00
|
|
|
|
2019-02-28 11:57:41 +01:00
|
|
|
echo "<td class='".$row_style[$c]."'><a href='/app/contacts/contact_edit.php?id=".$row['contact_uuid']."'>".$row['contact_organization']."</a> </td>\n";
|
|
|
|
|
echo "<td class='".$row_style[$c]."'><a href='/app/contacts/contact_edit.php?id=".$row['contact_uuid']."'>".$row['contact_name_given']." ".$row['contact_name_family']."</a> </td>\n";
|
2014-06-21 21:52:55 +02:00
|
|
|
echo " <td valign='top' class='".$row_style[$c]."'>";
|
2013-08-16 08:27:06 +02:00
|
|
|
if ($row['user_enabled'] == 'true') {
|
|
|
|
|
echo $text['option-true'];
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
echo $text['option-false'];
|
|
|
|
|
}
|
|
|
|
|
echo " </td>\n";
|
2014-10-18 08:49:34 +02:00
|
|
|
echo " <td valign='top' align='right' class='tr_link_void'>";
|
2013-08-16 08:27:06 +02:00
|
|
|
if (permission_exists('user_edit')) {
|
2016-10-05 18:29:30 +02:00
|
|
|
echo "<a href='user_edit.php?id=".$row['user_uuid']."' alt='".$text['button-edit']."'>$v_link_label_edit</a>";
|
2013-08-16 08:27:06 +02:00
|
|
|
}
|
2014-06-17 23:27:10 +02:00
|
|
|
if (permission_exists('user_delete')) {
|
2015-03-15 03:11:35 +01:00
|
|
|
if ($_SESSION["user"]["user_uuid"] != $row['user_uuid']) {
|
2016-10-05 18:29:30 +02:00
|
|
|
echo "<a href='user_delete.php?id=".$row['user_uuid']."' alt='".$text['button-delete']."' onclick=\"return confirm('".$text['confirm-delete']."')\">".$v_link_label_delete."</a>";
|
2014-04-27 08:47:05 +02:00
|
|
|
}
|
|
|
|
|
else {
|
2015-04-01 02:37:50 +02:00
|
|
|
echo "<span onclick=\"alert('".$text['message-cannot_delete_own_account']."');\">".str_replace("list_control_icon", "list_control_icon_disabled", $v_link_label_delete)."</span>";
|
2014-04-27 08:47:05 +02:00
|
|
|
}
|
2013-08-16 08:27:06 +02:00
|
|
|
}
|
|
|
|
|
echo " </td>\n";
|
|
|
|
|
echo "</tr>\n";
|
|
|
|
|
if ($c==0) { $c=1; } else { $c=0; }
|
2012-06-04 16:58:40 +02:00
|
|
|
}
|
|
|
|
|
} //end foreach
|
2018-12-18 06:07:13 +01:00
|
|
|
unset($sql, $users);
|
2012-06-04 16:58:40 +02:00
|
|
|
} //end if results
|
|
|
|
|
|
|
|
|
|
echo "<tr>\n";
|
2016-05-21 21:04:31 +02:00
|
|
|
echo "</table>\n";
|
|
|
|
|
echo "<br />\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2016-05-21 21:04:31 +02:00
|
|
|
echo $paging_controls."\n";
|
|
|
|
|
echo "<br /><br />\n";
|
2012-06-04 16:58:40 +02:00
|
|
|
|
2016-10-05 18:29:30 +02:00
|
|
|
//include the footer
|
|
|
|
|
include "resources/footer.php";
|
|
|
|
|
|
2017-12-09 20:10:56 +01:00
|
|
|
?>
|
