From 4b8ef5f82b6785c616a5f28b29c59f8a4cfed62c Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Tue, 3 Dec 2019 23:14:19 -0700 Subject: [PATCH] Update users.php --- core/users/users.php | 378 ++++++++++++++++++++++++------------------- 1 file changed, 210 insertions(+), 168 deletions(-) diff --git a/core/users/users.php b/core/users/users.php index b89902effd..77fc33de84 100644 --- a/core/users/users.php +++ b/core/users/users.php @@ -17,7 +17,7 @@ The Initial Developer of the Original Code is Mark J Crane - Portions created by the Initial Developer are Copyright (C) 2008-2019 + Portions created by the Initial Developer are Copyright (C) 2008 - 2019 the Initial Developer. All Rights Reserved. Contributor(s): @@ -25,13 +25,13 @@ */ //includes - include "root.php"; + require_once "root.php"; require_once "resources/require.php"; require_once "resources/check_auth.php"; require_once "resources/paging.php"; //check permissions - if (permission_exists("user_view") || if_group("superadmin")) { + if (permission_exists('user_view')) { //access granted } else { @@ -43,197 +43,239 @@ $language = new text; $text = $language->get(); -//include the header - require_once "resources/header.php"; - $document['title'] = $text['title-user_manager']; +//get the http post data + if (is_array($_POST['users'])) { + $action = $_POST['action']; + $search = $_POST['search']; + $users = $_POST['users']; + } -//get variables used to control the order - $order_by = $_GET["order_by"] != '' ? $_GET["order_by"] : 'u.username'; +//process the http post data by action + if ($action != '' && is_array($users) && @sizeof($users) != 0) { + switch ($action) { + case 'copy': + if (permission_exists('user_add')) { + $obj = new users; + $obj->copy($users); + } + break; + case 'toggle': + if (permission_exists('user_edit')) { + $obj = new users; + $obj->toggle($users); + } + break; + case 'delete': + if (permission_exists('user_delete')) { + $obj = new users; + $obj->delete($users); + } + break; + } + + header('Location: users.php'.($search != '' ? '?search='.urlencode($search) : null)); + exit; + } + +//get order and order by + $order_by = $_GET["order_by"]; $order = $_GET["order"]; -//set the variables - $search = $_REQUEST["search"]; - if (strlen($search) > 0) { - $search = strtolower($search); - } - -//common where clause - $sql_where = "where true "; - if (!(isset($_GET['show']) && permission_exists('user_all') && $_GET['show'] == 'all')) { - $sql_where .= "and u.domain_uuid = :domain_uuid "; - $parameters['domain_uuid'] = $_SESSION['domain_uuid']; - } - if (strlen($search) > 0) { - $sql_where .= "and ( "; - $sql_where .= "lower(username) like :search "; - $sql_where .= "or lower(groups) like :search "; - $sql_where .= "or lower(contact_organization) like :search "; - $sql_where .= "or lower(contact_name_given) like :search "; - $sql_where .= "or lower(contact_name_family) like :search "; - $sql_where .= ") "; +//add the search string + if (isset($_GET["search"])) { + $search = strtolower($_GET["search"]); + $sql_search = " ("; + $sql_search .= " lower(username) like :search "; + $sql_search .= " or lower(groups) like :search "; + $sql_search .= " or lower(contact_organization) like :search "; + $sql_search .= " or lower(contact_name) like :search "; + //$sql_search .= " or lower(user_status) like :search "; + $sql_search .= ") "; $parameters['search'] = '%'.$search.'%'; } - $sql_where .= "and ( "; - $sql_where .= " group_level <= :group_level "; - $sql_where .= " or group_level is null "; - $sql_where .= ") "; - $parameters['group_level'] = $_SESSION['user']['group_level']; -//get the user count from the database - $sql = "select count(*) from view_users as u "; - $sql .= $sql_where; +//get the count + $sql = "select count(*) from view_users "; + if ($_GET['show'] == "all" && permission_exists('user_all')) { + if (isset($sql_search)) { + $sql .= "where ".$sql_search; + } + } + else { + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + if (isset($sql_search)) { + $sql .= "and ".$sql_search; + } + $parameters['domain_uuid'] = $domain_uuid; + } $database = new database; $num_rows = $database->select($sql, $parameters, 'column'); - unset($sql); -//prepare for paging - $rows_per_page = is_numeric($_SESSION['domain']['paging']['numeric']) ? $_SESSION['domain']['paging']['numeric'] : 50; - $param = "&search=".$search; - if ($_GET['show'] == "all" && permission_exists('user_all')) { - $param .= "&show=all"; - } +//prepare to page the results + $rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50; + $param = $search ? "&search=".$search : null; + $param = ($_GET['show'] == 'all' && permission_exists('user_all')) ? "&show=all" : null; $page = is_numeric($_GET['page']) ? $_GET['page'] : 0; list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page); list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true); $offset = $rows_per_page * $page; -//get the users from the database - $sql = "select u.domain_uuid, u.user_uuid, u.contact_uuid, u.domain_name, u.username, u.user_enabled, "; - $sql .= "u.contact_organization, u.contact_name_given, u.contact_name_family, u.groups, u.group_level "; - $sql .= "from view_users as u "; - $sql .= $sql_where; - $sql .= order_by($order_by, $order); +//get the list + $sql = "select * from view_users "; + if ($_GET['show'] == "all" && permission_exists('user_all')) { + if (isset($sql_search)) { + $sql .= "where ".$sql_search; + } + } + else { + $sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) "; + if (isset($sql_search)) { + $sql .= "and ".$sql_search; + } + $parameters['domain_uuid'] = $domain_uuid; + } + $sql .= order_by($order_by, $order, 'username', 'asc'); $sql .= limit_offset($rows_per_page, $offset); $database = new database; $users = $database->select($sql, $parameters, 'all'); - unset($sql, $sql_where, $parameters); + unset($sql, $parameters); -//page title and description - echo "\n"; - echo ""; - echo "\n"; - echo "\n"; - echo ""; - echo "\n"; - echo ""; - - echo "\n"; - echo "\n"; - echo "\n"; - -//alternate the row style - $c = 0; - $row_style["0"] = "row_style0"; - $row_style["1"] = "row_style1"; - -//show the users - echo "
".$text['header-user_manager']." (".$num_rows.")"; +//create token + $object = new token; + $token = $object->create($_SERVER['PHP_SELF']); + +//include the header + require_once "resources/header.php"; + +//show the content + echo "
\n"; + echo "
".$text['title-users']." (".$num_rows.")
\n"; + echo "
\n"; + if (permission_exists('user_add')) { + echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'link'=>'user_edit.php']); + } + if (permission_exists('user_add') && $users) { + echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'onclick'=>"if (confirm('".$text['confirm-copy']."')) { list_action_set('copy'); list_form_submit('form_list'); } else { this.blur(); return false; }"]); + } + if (permission_exists('user_edit') && $users) { + echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$_SESSION['theme']['button_icon_toggle'],'onclick'=>"if (confirm('".$text['confirm-toggle']."')) { list_action_set('toggle'); list_form_submit('form_list'); } else { this.blur(); return false; }"]); + } + if (permission_exists('user_delete') && $users) { + echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'onclick'=>"if (confirm('".$text['confirm-delete']."')) { list_action_set('delete'); list_form_submit('form_list'); } else { this.blur(); return false; }"]); + } + echo "\n"; if (permission_exists('user_all')) { - if (isset($_GET['show']) && $_GET['show'] == 'all') { - echo "\n"; - echo ""; + if ($_GET['show'] == 'all') { + echo " \n"; } else { - echo "\n"; + echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$_SESSION['theme']['button_icon_all'],'link'=>'?show=all']); } } - if (permission_exists('user_import')) { - echo "\n"; + + //add buttons + if (!isset($id)) { + echo " "; } - echo ""; - echo ""; - echo "
\n"; - echo $text['description-user_manager']."\n"; - echo "
\n"; - echo "
\n"; - echo "
\n"; - - echo "\n"; - if (isset($_GET['show']) && permission_exists('user_all') && $_GET['show'] == 'all') { - echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, '', '', $param); + echo ""; + echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search','style'=>($search != '' ? 'display: none;' : null)]); + echo button::create(['label'=>$text['button-reset'],'icon'=>$_SESSION['theme']['button_icon_reset'],'type'=>'button','id'=>'btn_reset','link'=>'users.php','style'=>($search == '' ? 'display: none;' : null)]); + if ($paging_controls_mini != '') { + echo "".$paging_controls_mini."\n"; } - echo th_order_by('username', $text['label-username'], $order_by, $order); - echo th_order_by('groups', $text['label-groups'], $order_by, $order, '', '', $param); - echo th_order_by('contact_organization', $text['label-organization'], $order_by, $order, '', '', $param); - echo th_order_by('contact_name_given', $text['label-name'], $order_by, $order, '', '', $param); - if (permission_exists('ticket_edit')) { - echo "\n"; - } - else { - echo "\n"; - } - echo th_order_by('user_enabled', $text['label-enabled'], $order_by, $order, '', '', $param); - echo "\n"; - echo "\n"; + echo " \n"; + echo " \n"; + echo "
\n"; + echo "\n"; - if (is_array($users) && sizeof($users) != 0) { - foreach($users as $row) { - $tr_link = (permission_exists('user_edit')) ? "href='user_edit.php?id=".escape($row['user_uuid'])."'" : null; - echo "\n"; - if (isset($_GET['show']) && permission_exists('user_all') && $_GET['show'] == 'all') { - echo " \n"; - } - echo " \n"; - echo " \n"; - - echo " \n"; - echo " \n"; - - echo " \n"; - echo " \n"; - echo " \n"; - echo "\n"; - $c = $c == 0 ? 1 : 0; - } - unset($users, $row); - } - - echo "\n"; - echo "
".$text['label-tools']." "; - if (permission_exists('user_add')) { - if (!isset($_SESSION['limit']['users']['numeric']) || (isset($_SESSION['limit']['users']['numeric']) && $num_rows < $_SESSION['limit']['users']['numeric'])) { - echo "".$v_link_label_add.""; - } - } - echo "
".escape($row['domain_name']).""; - if (permission_exists('user_edit')) { - echo "".escape($row['username']).""; - } - else { - echo escape($row['username']); - } - echo " \n"; - echo " ".$row['groups']." \n"; - echo " ".escape($row['contact_organization'])."  ".escape($row['contact_name_given'])." ".escape($row['contact_name_family'])."  \n"; - if (permission_exists('ticket_edit')) { - echo " \n"; - } - echo " "; - if ($row['user_enabled'] == 'true') { - echo $text['option-true']; - } - else { - echo $text['option-false']; - } - echo " "; - if (permission_exists('user_edit')) { - echo "$v_link_label_edit"; - } - if (permission_exists('user_delete')) { - if ($_SESSION["user"]["user_uuid"] != $row['user_uuid']) { - echo "".$v_link_label_delete.""; - } - else { - echo "".str_replace("list_control_icon", "list_control_icon_disabled", $v_link_label_delete).""; - } - } - echo "
\n"; - echo "
\n"; - - echo $paging_controls."\n"; + echo $text['description-users']."\n"; echo "

\n"; -//include the footer - include "resources/footer.php"; + echo "
\n"; + echo "\n"; + echo "\n"; -?> \ No newline at end of file + echo "\n"; + echo "\n"; + if (permission_exists('user_add') || permission_exists('user_edit') || permission_exists('user_delete')) { + echo " \n"; + } + if ($_GET['show'] == 'all' && permission_exists('user_all')) { + echo th_order_by('domain_name', $text['label-domain'], $order_by, $order); + } + echo th_order_by('username', $text['label-username'], $order_by, $order); + echo th_order_by('groups', $text['label-groups'], $order_by, $order); + echo th_order_by('contact_organization', $text['label-organization'], $order_by, $order); + echo th_order_by('contact_name', $text['label-name'], $order_by, $order); + //echo th_order_by('contact_name_family', $text['label-contact_name_family'], $order_by, $order); + //echo th_order_by('user_status', $text['label-user_status'], $order_by, $order); + //echo th_order_by('add_date', $text['label-add_date'], $order_by, $order); + echo th_order_by('user_enabled', $text['label-user_enabled'], $order_by, $order, null, "class='center'"); + if (permission_exists('user_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { + echo " \n"; + } + echo "\n"; + + if (is_array($users) && @sizeof($users) != 0) { + $x = 0; + foreach ($users as $row) { + if (permission_exists('user_edit')) { + $list_row_url = "user_edit.php?id=".urlencode($row['user_uuid']); + } + echo "\n"; + if (permission_exists('user_add') || permission_exists('user_edit') || permission_exists('user_delete')) { + echo " \n"; + } + if ($_GET['show'] == 'all' && permission_exists('user_all')) { + echo " \n"; + } + echo " \n"; + echo " \n"; + echo " \n"; + echo " \n"; + //echo " \n"; + //echo " \n"; + //echo " \n"; + //echo " \n"; + if (permission_exists('user_edit')) { + echo " \n"; + if (permission_exists('user_edit') && $_SESSION['theme']['list_row_edit_button']['boolean'] == 'true') { + echo " \n"; + } + echo "\n"; + $x++; + } + unset($users); + } + + echo "
\n"; + echo " \n"; + echo "  
\n"; + echo " \n"; + echo " \n"; + echo " ".escape($_SESSION['domains'][$row['domain_uuid']]['domain_name'])."\n"; + if (permission_exists('user_edit')) { + echo " ".escape($row['username'])."\n"; + } + else { + echo " ".escape($row['username']); + } + echo " ".escape($row['groups'])."".escape($row['contact_organization'])."".escape($row['contact_name'])."".escape($row['contact_name_given'])."".escape($row['contact_name_family'])."".escape($row['user_status'])."".escape($row['add_date'])."\n"; + echo button::create(['type'=>'submit','class'=>'link','label'=>$text['label-'.$row['user_enabled']],'title'=>$text['button-toggle'],'onclick'=>"list_self_check('checkbox_".$x."'); list_action_set('toggle'); list_form_submit('form_list')"]); + } + else { + echo " \n"; + echo $text['label-'.$row['user_enabled']]; + } + echo " \n"; + echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]); + echo "
\n"; + echo "
\n"; + echo "
".$paging_controls."
\n"; + echo "\n"; + echo "
\n"; + +//include the footer + require_once "resources/footer.php"; + +?>