~alexharrington/xibo/pyclient-1.1.0a22

$table .= '<button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=' . $groupid . '"><span>' . $msgPageSec . '</span></button>';

393

$table .= '<button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=' . $groupid . '"><span>' . $msgMenuSec . '</span></button>';

394

}

395

$table .= "</td>";

396

$table .= "</tr>";

397

}

398

$table .= "</tbody></table></div>";

399

400

$response->SetGridResponse($table);

401

$response->Respond();

402

}

403

404

/**

405

* Controls which pages are to be displayed

406

* @return

407

408

function displayPage()

409

{

410

$db =& $this->db;

411

include('template/pages/user_view.php');

412

}

413

414

/**

415

* Outputs the filter page

416

* @return

417

418

function UserFilter()

419

{

420

$db =& $this->db;

421

422

$usertype_list = dropdownlist("SELECT 'all', 'All' as usertype UNION SELECT usertypeID, usertype FROM usertype ORDER BY usertype", "usertypeid", 'all');

423

424

$filterForm = <<<END

425

426

427

428

429

<table>

430

<tr>

431

432

433

434

<td>$usertype_list</td>

435

</tr>

436

</table>

437

</form>

438

</div>

439

END;

440

$id = uniqid();

441

442

$xiboGrid = <<<HTML

443

444

445

$filterForm

446

</div>

447

448

449

</div>

450

</div>

451

HTML;

452

echo $xiboGrid;

453

}

454

455

/**

456

* Displays the User form (from Ajax)

457

* @return

458

459

function DisplayForm()

460

{

461

$db =& $this->db;

462

$user =& $this->user;

463

$response = new ResponseManager();

464

$helpManager = new HelpManager($db, $user);

465

466

$userid = Kit::GetParam('userID', _GET, _INT);

467

468

$SQL = "";

469

$SQL .= "SELECT UserName , ";

470

$SQL .= " UserPassword, ";

471

$SQL .= " usertypeid , ";

472

$SQL .= " email , ";

473

$SQL .= " homepage ";

474

$SQL .= "FROM `user`";

475

$SQL .= sprintf(" WHERE userID = %d", $userid);

476

477

if(!$results = $db->query($SQL))

478

{

479

trigger_error($db->error());

480

trigger_error(__('Error getting user information.'), E_USER_ERROR);

481

}

482

483

while($aRow = $db->get_row($results))

484

{

485

$username = Kit::ValidateParam($aRow[0], _USERNAME);

486

$password = Kit::ValidateParam($aRow[1], _PASSWORD);

487

$usertypeid = Kit::ValidateParam($aRow[2], _INT);

488

$email = Kit::ValidateParam($aRow[3], _STRING);

489

$homepage = Kit::ValidateParam($aRow[4], _STRING);

490

}

491

492

// Help UI

493

$nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true);

494

$passHelp = $helpManager->HelpIcon("The Password for this user.", true);

495

$emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true);

496

$homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true);

497

$overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true);

498

$usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true);

499

500

$homepageOption = '';

501

$override_option = '';

502

503

//What form are we displaying

504

if ($userid == "")

505

{

506

//add form

507

$action = "index.php?p=user&q=AddUser";

508

}

509

else

510

{

511

//edit form

512

$action = "index.php?p=user&q=EditUser";

513

514

//split the homepage into its component parts (if it needs to be)

515

if (strpos($homepage,'&') !== false)

516

{

517

$homepage = substr($homepage, 0, strpos($homepage,'&'));

518

}

519

520

//make the homepage dropdown

521

$homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage);

522

523

$homepageOption = <<<END

524

<tr>

525

<td><label for="homepage">Homepage<span class="required">*</span></label></td>

526

<td>$homepageHelp $homepage_list</td>

527

</tr>

528

END;

529

530

$override_option = <<<FORM

531

<td>Override Password?</td>

532

<td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td>

533

FORM;

534

}

535

536

//get us the user type if we dont have it (for the default value)

537

if($usertypeid=="")

538

{

539

$usertype = Config::GetSetting($db,"defaultUsertype");

540

541

$SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'";

542

if(!$results = $db->query($SQL))

543

{

544

trigger_error($db->error());

545

trigger_error("Can not get Usertype information", E_USER_ERROR);

546

}

547

$row = $db->get_row($results);

548

$usertypeid = $row['0'];

549

}

550

551

552

if ($_SESSION['usertype']==1)

553

{

554

//usertype list

555

$usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid);

556

557

$usertypeOption = <<<END

558

<tr>

559

560

<td>$usertypeHelp $usertype_list</td>

561

</tr>

562

END;

563

}

564

else

565

{

566

$usertypeOption = "";

567

}

568

569

570

$form = <<<END

571

572

573

<table>

574

<tr>

575

576

<td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td>

577

</tr>

578

<tr>

579

<td><label for="password">Password<span class="required">*</span></label></td>

580

<td>$passHelp <input type="password" id="password" name="password" value="$password" /></td>

581

$override_option

582

</tr>

583

<tr>

584

<td><label for="email">Email Address<span class="required email">*</span></label></td>

585

<td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td>

586

</tr>

587

$homepageOption

588

$usertypeOption

589

</table>

590

</form>

591

END;

592

593

$response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px');

594

$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")');

595

$response->AddButton(__('Cancel'), 'XiboDialogClose()');

596

$response->AddButton(__('Save'), '$("#UserForm").submit()');

597

$response->Respond();

598

}

599

600

/**

601

* Delete User form

602

* @return

603

604

function DeleteForm()

605

{

606

$db =& $this->db;

607

$user =& $this->user;

608

$response = new ResponseManager();

609

$helpManager = new HelpManager($db, $user);

610

611

//expect the $userid to be set

612

$userid = Kit::GetParam('userID', _REQUEST, _INT);

613

614

//we can delete

615

$form = <<<END

616

617

618

<p>Are you sure you want to delete this user?</p>

619

</form>

620

END;

621

622

$response->SetFormRequestResponse($form, __('Delete this User?'), '260px', '180px');

623

$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Delete') . '")');

624

$response->AddButton(__('No'), 'XiboDialogClose()');

625

$response->AddButton(__('Yes'), '$("#UserDeleteForm").submit()');

626

$response->Respond();

627

}

628

629

/**

630

* Sets the users home page

631

* @return

632

633

function SetUserHomepageForm()

634

{

635

$db =& $this->db;

636

$response = new ResponseManager();

637

$layoutid = Kit::GetParam('layoutid', _REQUEST, _INT, 0);

638

$regionid = Kit::GetParam('regionid', _REQUEST, _STRING);

639

640

//Homepages are for layouts / region combinations

641

//The user doesnt have to have access to the layout.

642

643

//There should be a list of users on this form - that list should change according to permissions

644

//Permissions being related to the logged in user (can they change the users records)

645

// the layout they are on (does the user have permission for it)

646

647

//Get the layout owner and permissions

648

$SQL = "SELECT userID, permissionID FROM layout WHERE layoutID = $layoutid ";

649

if (!$result = $db->query($SQL))

650

{

651

trigger_error($db->error());

652

trigger_error("Cant get this regions permissions details.", E_USER_ERROR);

653

}

654

655

$row = $db->get_row($result);

656

657

$layoutOwnerID = $row[0];

658

$layoutPermissionID = $row[1];

659

660

//Query for the user list

661

$SQL = " SELECT userID, username, $layoutPermissionID, $layoutOwnerID ";

662

$SQL .= " FROM user ";

663

if ($_SESSION['usertype'] != "1") //if we arnt an admin then only show us.

664

{

665

$SQL .= " WHERE userID = " . $_SESSION['userid'];

666

}

667

$SQL .= " ORDER BY username ";

668

669

$user_list = dropdownlist($SQL, "userid", '', '', false, true, "", "edit", true);

670

671

$form = <<<END

672

673

674

675

Set this region to be the homepage for: <br /><br /> $user_list

676

677

678

</form>

679

END;

680

681

$response->SetFormRequestResponse($form, 'Set as the home page for a User?', '350px', '150px');

682

$response->Respond();

683

}

684

685

/**

686

* Sets the users homepage

687

* @return

688

689

function SetUserHomepage()

690

{

691

$db =& $this->db;

692

$response = new ResponseManager();

693

694

$userid = Kit::GetParam('userid', _POST, _INT, 0);

695

$layoutid = Kit::GetParam('layoutid', _POST, _INT, 0);

696

$regionid = Kit::GetParam('regionid', _POST, _STRING);

697

698

$homepage = "mediamanager&layoutid=$layoutid&regionid=$regionid";

699

700

$SQL = sprintf("UPDATE user SET homepage = '%s' WHERE userID = $userid ", $homepage);

701

702

if (!$db->query($SQL))

703

{

704

trigger_error($db->error());

705

$response->SetError('Unknown error setting this users homepage.');

706

$response->Respond();

707

}

708

709

$response->SetFormSubmitResponse('Homepage has been set.');

710

$response->Respond();

711

}

712

}

713

<?php

* Xibo - Digitial Signage - http://www.xibo.org.uk

* This file is part of Xibo.

* Xibo is free software: you can redistribute it and/or modify

* it under the terms of the GNU Affero General Public License as published by

* the Free Software Foundation, either version 3 of the License, or

* any later version.

* Xibo is distributed in the hope that it will be useful,

* but WITHOUT ANY WARRANTY; without even the implied warranty of

* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the

* GNU Affero General Public License for more details.

* You should have received a copy of the GNU Affero General Public License

* along with Xibo. If not, see <http://www.gnu.org/licenses/>.

defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");

class userDAO

{

private $db;

private $user;

private $sub_page;

//database fields

private $userid;

private $username;

private $password;

private $usertypeid;

private $email;

private $homepage;

private $groupid;

/**

* Contructor

* @param database $db

* @return userDAO

function __construct(database $db, user $user)

{

$this->db =& $db;

$this->user =& $user;

$this->sub_page = Kit::GetParam('sp', _REQUEST, _WORD, 'view');

$userid = Kit::GetParam('userID', _REQUEST, _INT, 0);

if($userid != 0)

{

$this->sub_page = "edit";

$this->userid = $userid;

$sql = " SELECT UserName, UserPassword, usertypeid, email, groupID, homepage FROM user";

$sql .= sprintf(" WHERE userID = %d", $userid);

if(!$results = $db->query($sql)) trigger_error("Error excuting query".$db->error(), E_USER_ERROR);

while($aRow = $db->get_row($results))

{

$this->username = Kit::ValidateParam($aRow[0], _USERNAME);

$this->password = Kit::ValidateParam($aRow[1], _PASSWORD);

$this->usertypeid = Kit::ValidateParam($aRow[2], _INT);

$this->email = Kit::ValidateParam($aRow[3], _STRING);

$this->groupid = Kit::ValidateParam($aRow[4], _INT);

$this->homepage = Kit::ValidateParam($aRow[5], _STRING);

}

function on_page_load()

{

return "";

}

function echo_page_heading()

{

echo "Users";

return true;

}

/**

* Adds a user

* @return unknown

function AddUser ()

{

$db =& $this->db;

$response = new ResponseManager();

$user = Kit::GetParam('username', _POST, _USERNAME);

$password = md5(Kit::GetParam('password', _POST, _USERNAME));

$usertypeid = Kit::GetParam('usertypeid', _POST, _INT);

$email = Kit::GetParam('email', _POST, _STRING);

100

$groupid = Kit::GetParam('groupid', _POST, _INT);

101

102

// Construct the Homepage

103

$homepage = "dashboard";

104

105

// Validation

106

if ($user=="")

107

{

108

trigger_error("Please enter a User Name.", E_USER_ERROR);

109

}

110

if ($password=="")

111

{

112

trigger_error("Please enter a Password.", E_USER_ERROR);

113

}

114

if ($email == "")

115

{

116

trigger_error("Please enter an Email Address.", E_USER_ERROR);

117

}

118

119

if ($homepage == "") $homepage = "dashboard";

120

121

//Check for duplicate user name

122

$sqlcheck = " ";

123

$sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($user));

124

125

if(!$sqlcheckresult = $db->query($sqlcheck))

126

{

127

trigger_error($db->error());

128

trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);

129

}

130

131

if($db->num_rows($sqlcheckresult) != 0)

132

{

133

trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);

134

}

135

136

//Ready to enter the user into the database

137

$query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage, groupid)";

138

$query .= " VALUES ('$user', '$password', $usertypeid, '$email', '$homepage', $groupid)";

139

140

if(!$id = $db->insert_query($query))

141

{

142

trigger_error($db->error());

143

trigger_error("Error adding that user", E_USER_ERROR);

144

}

145

146

$response->SetFormSubmitResponse('User Saved.');

147

$response->Respond();

148

}

149

150

/**

151

* Modifys a user

152

153

* @return unknown

154

155

function EditUser()

156

{

157

$db =& $this->db;

158

$response = new ResponseManager();

159

160

$error = "";

161

162

$userID = Kit::GetParam('userid', _POST, _INT, 0);

163

$username = $_POST['username'];

164

$password = md5($_POST['password']);

165

$email = $_POST['email'];

166

$usertypeid = $_POST['usertypeid'];

167

$homepage = $_POST['homepage'];

168

$groupid = $_POST['groupid'];

169

$pass_change = isset($_POST['pass_change']);

170

171

// Validation

172

if ($username == "")

173

{

174

trigger_error("Please enter a User Name.", E_USER_ERROR);

175

}

176

if ($password == "")

177

{

178

trigger_error("Please enter a Password.", E_USER_ERROR);

179

}

180

if ($email == "")

181

{

182

trigger_error("Please enter an Email Address.", E_USER_ERROR);

183

}

184

185

if ($homepage == "") $homepage = "dashboard";

186

187

//Check for duplicate user name

188

$sqlcheck = " ";

189

$sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID ";

190

191

if (!$sqlcheckresult = $db->query($sqlcheck))

192

{

193

trigger_error($db->error());

194

trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);

195

}

196

197

if ($db->num_rows($sqlcheckresult) != 0)

198

{

199

trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);

200

}

201

202

//Everything is ok - run the update

203

$sql = "UPDATE user SET UserName = '$username'";

204

if ($pass_change)

205

{

206

$sql .= ", UserPassword = '$password'";

207

}

208

209

$sql .= ", email = '$email' ";

210

if ($homepage == 'dashboard')

211

{

212

//acts as a reset

213

$sql .= ", homepage='$homepage' ";

214

}

215

216

if ($usertypeid != "")

217

{

218

$sql .= ", usertypeid = " . $usertypeid . ", groupID = $groupid ";

219

}

220

$sql .= " WHERE UserID = ". $userID . "";

221

222

if (!$db->query($sql))

223

{

224

trigger_error($db->error());

225

trigger_error("Error updating that user", E_USER_ERROR);

226

}

227

228

$response->SetFormSubmitResponse('User Saved.');

229

$response->Respond();

230

}

231

232

/**

233

* Deletes a user

234

235

* @param int $id

236

* @return unknown

237

238

function DeleteUser()

239

{

240

$db =& $this->db;

241

$response = new ResponseManager();

242

$userid = Kit::GetParam('userid', _POST, _INT, 0);

243

244

$sqldel = "DELETE FROM user";

245

$sqldel .= " WHERE UserID = ". $userid . "";

246

247

if (!$db->query($sqldel))

248

{

249

trigger_error($db->error());

250

trigger_error("This user has been active, you may only retire them.", E_USER_ERROR);

251

}

252

253

// We should delete this users sessions record.

254

$SQL = "DELETE FROM session WHERE userID = $userID ";

255

256

if (!$db->query($sqldel))

257

{

258

trigger_error($db->error());

259

trigger_error("If logged in, this user will be deleted once they log out.", E_USER_ERROR);

260

}

261

262

$response->SetFormSubmitResponse('User Deleted.');

263

$response->Respond();

264

}

265

266

/**

267

* Prints the user information in a table based on a check box selection

268

269

270

function UserGrid()

271

{

272

$db =& $this->db;

273

$user =& $this->user;

274

$response = new ResponseManager();

275

276

$itemName = $_REQUEST['usertypeid'];

277

$username = $_REQUEST['username'];

278

279

$sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage, group.group ";

280

$sql .= " FROM user ";

281

$sql .= " INNER JOIN `group` ON user.groupid = group.groupID ";

282

$sql .= " WHERE 1=1 ";

283

if ($_SESSION['usertype']==3)

284

{

285

$sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " ";

286

}

287

if($itemName!="all")

288

{

289

$sql .= " AND usertypeid=\"" . $itemName . "\"";

290

}

291

if ($username != "")

292

{

293

$sql .= " AND UserName LIKE '%$username%' ";

294

}

295

$sql .= " ORDER by UserName";

296

297

//get the results

298

if (!$results = $db->query($sql))

299

{

300

trigger_error($db->error());

301

trigger_error("Can not get the user information", E_USER_ERROR);

302

}

303

304

$table = <<<END

305

306

307

<thead>

308

<tr>

309

310

<th>Homepage</th>

311

<th>Layout</th>

312

<th>Email</th>

313

<th>Group</th>

314

<th>Action</th>

315

</tr>

316

</thead>

317

<tbody>

318

END;

319

320

while($aRow = $db->get_row($results))

321

{

322

$userID = $aRow[0];

323

$userName = $aRow[1];

324

$usertypeid = $aRow[2];

325

$loggedin = $aRow[3];

326

$lastaccessed = $aRow[4];

327

$email = $aRow[5];

328

$homepage = $aRow[6];

329

$group = $aRow[7];

330

331

if($loggedin==1)

332

{

333

$loggedin="<img src=\"img/act.gif\">";

334

}

335

else

336

{

337

$loggedin="<img src=\"img/disact.gif\">";

338

}

339

340

//parse the homepage name, split into & seperated bits.

341

$homepageArray = explode('&', $homepage);

342

343

if (count($homepageArray) > 1)

344

{

345

list($temp, $layoutid) = explode('=', $homepageArray[1]);

346

347

//Look up the layout name

348

$SQL = "SELECT layout FROM layout WHERE layoutID = $layoutid ";

349

if (!$result = $db->query($SQL))

350

{

351

trigger_error("Incorrect home page setting, please contact your system admin.", E_USER_ERROR);

352

}

353

354

$row = $db->get_row($result);

355

356

$layout = $row[0];

357

}

358

else

359

{

360

$layout = "";

361

}

362

363

if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid']))

364

{

365

$table .= '<tr ondblclick="XiboFormRender(\'index.php?p=user&q=DisplayForm&userID=' . $userID . '\')">';

366

}

367

else

368

{

369

$table .= "<tr>";

370

}

371

$table .= "<td>" . $userName . "</td>";

372

$table .= "<td>" . $homepageArray[0] . "</td>";

373

$table .= "<td>" . $layout . "</td>";

374

$table .= "<td>" . $email . "</td>";

375

$table .= "<td>" . $group . "</td>";

376

$table .= "<td>";

377

378

if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid']))

379

{

380

$table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>';

381

$table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button></div></td>';

382

}

383

else

384

{

385

$table .= "</td>";

386

}

387

$table .= "</tr>";

388

}

389

$table .= "</tbody></table></div>";

390

391

$response->SetGridResponse($table);

392

$response->Respond();

393

}

394

395

/**

396

* Controls which pages are to be displayed

397

* @return

398

399

function displayPage()

400

{

401

$db =& $this->db;

402

403

switch ($this->sub_page)

404

{

405

406

case 'view':

407

include('template/pages/user_view.php');

408

break;

409

410

default:

411

break;

412

}

413

}

414

415

/**

416

* Outputs the filter page

417

* @return

418

419

function UserFilter()

420

{

421

$db =& $this->db;

422

423

$usertype_list = dropdownlist("SELECT 'all', 'All' as usertype UNION SELECT usertypeID, usertype FROM usertype ORDER BY usertype", "usertypeid", 'all');

424

425

$filterForm = <<<END

426

427

428

429

430

<table>

431

<tr>

432

433

434

435

<td>$usertype_list</td>

436

</tr>

437

</table>

438

</form>

439

</div>

440

END;

441

$id = uniqid();

442

443

$xiboGrid = <<<HTML

444

445

446

$filterForm

447

</div>

448

449

450

</div>

451

</div>

452

HTML;

453

echo $xiboGrid;

454

}

455

456

/**

457

* Displays the Add user form (from Ajax)

458

* @return

459

460

function DisplayForm()

461

{

462

$db =& $this->db;

463

$user =& $this->user;

464

$response = new ResponseManager();

465

466

$helpManager = new HelpManager($db, $user);

467

468

//ajax request handler

469

470

$userid = $this->userid;

471

$username = $this->username;

472

$password = $this->password;

473

$usertypeid = $this->usertypeid;

474

$email = $this->email;

475

$homepage = $this->homepage;

476

$groupid = $this->groupid;

477

478

// Help UI

479

$helpButton = $helpManager->HelpButton("content/users/overview", true);

480

$nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true);

481

$passHelp = $helpManager->HelpIcon("The Password for this user.", true);

482

$emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true);

483

$homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true);

484

$overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true);

485

$usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true);

486

$groupHelp = $helpManager->HelpIcon("Which group does this user belong to? User groups control media sharing and access to functional areas of Xibo.", true);

487

488

//What form are we displaying

489

if ($userid == "")

490

{

491

//add form

492

$action = "index.php?p=user&q=AddUser";

493

}

494

else

495

{

496

//edit form

497

$action = "index.php?p=user&q=EditUser";

498

499

//split the homepage into its component parts (if it needs to be)

500

if (strpos($homepage,'&') !== false)

501

{

502

$homepage = substr($homepage, 0, strpos($homepage,'&'));

503

}

504

505

//make the homepage dropdown

506

$homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage);

507

508

$homepageOption = <<<END

509

<tr>

510

<td><label for="homepage">Homepage<span class="required">*</span></label></td>

511

<td>$homepageHelp $homepage_list</td>

512

</tr>

513

END;

514

515

$override_option = <<<FORM

516

<td>Override Password?</td>

517

<td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td>

518

FORM;

519

}

520

521

//get us the user type if we dont have it (for the default value)

522

if($usertypeid=="")

523

{

524

$usertype = Config::GetSetting($db,"defaultUsertype");

525

526

$SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'";

527

if(!$results = $db->query($SQL))

528

{

529

trigger_error($db->error());

530

trigger_error("Can not get Usertype information", E_USER_ERROR);

531

}

532

$row = $db->get_row($results);

533

$usertypeid = $row['0'];

534

}

535

536

//group list

537

$group_list = dropdownlist("SELECT groupID, `group` FROM `group` ORDER BY `group`", "groupid", $groupid);

538

539

if ($_SESSION['usertype']==1)

540

{

541

//usertype list

542

$usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid);

543

544

$usertypeOption = <<<END

545

<tr>

546

547

<td>$usertypeHelp $usertype_list</td>

548

</tr>

549

<tr>

550

<td><label for="groupid">Group <span class="required">*</span></label></td>

551

<td>$groupHelp $group_list</td>

552

</tr>

553

END;

554

}

555

else

556

{

557

$usertypeOption = "";

558

}

559

560

561

$form = <<<END

562

563

564

<table>

565

<tr>

566

567

<td>$nameHelp <input type="text" id="" name="username" value="$username" /></td>

568

</tr>

569

<tr>

570

<td><label for="password">Password<span class="required">*</span></label></td>

571

<td>$passHelp <input type="password" id="password" name="password" value="$password" /></td>

572

$override_option

573

</tr>

574

<tr>

575

<td><label for="email">Email Address</label></td>

576

<td>$emailHelp <input type="text" id="email" name="email" value="$email" /></td>

577

</tr>

578

$homepageOption

579

$usertypeOption

580

<tr>

581

582

<td>

583

584

585

$helpButton

586

</td>

587

</tr>

588

</table>

589

</form>

590

END;

591

592

$response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px');

593

$response->Respond();

594

}

595

596

/**

597

* Delete User form

598

* @return

599

600

function DeleteForm()

601

{

602

$db =& $this->db;

603

$response = new ResponseManager();

604

605

//expect the $userid to be set

606

$userid = $this->userid;

607

608

//we can delete

609

$form = <<<END

610

611

612

<p>Are you sure you want to delete $this->name?</p>

613

614

615

</form>

616

END;

617

618

$response->SetFormRequestResponse($form, 'Delete this User?', '260px', '180px');

619

$response->Respond();

620

}

621

622

/**

623

* Sets the users home page

624

* @return

625

626

function SetUserHomepageForm()

627

{

628

$db =& $this->db;

629

$response = new ResponseManager();

630

$layoutid = Kit::GetParam('layoutid', _REQUEST, _INT, 0);

631

$regionid = Kit::GetParam('regionid', _REQUEST, _STRING);

632

633

//Homepages are for layouts / region combinations

634

//The user doesnt have to have access to the layout.

635

636

//There should be a list of users on this form - that list should change according to permissions

637

//Permissions being related to the logged in user (can they change the users records)

638

// the layout they are on (does the user have permission for it)

639

640

//Get the layout owner and permissions

641

$SQL = "SELECT userID, permissionID FROM layout WHERE layoutID = $layoutid ";

642

if (!$result = $db->query($SQL))

643

{

644

trigger_error($db->error());

645

trigger_error("Cant get this regions permissions details.", E_USER_ERROR);

646

}

647

648

$row = $db->get_row($result);

649

650

$layoutOwnerID = $row[0];

651

$layoutPermissionID = $row[1];

652

653

//Query for the user list

654

$SQL = " SELECT userID, username, $layoutPermissionID, $layoutOwnerID ";

655

$SQL .= " FROM user ";

656

if ($_SESSION['usertype'] != "1") //if we arnt an admin then only show us.

657

{

658

$SQL .= " WHERE userID = " . $_SESSION['userid'];

659

}

660

$SQL .= " ORDER BY username ";

661

662

$user_list = dropdownlist($SQL, "userid", '', '', false, true, "", "edit", true);

663

664

$form = <<<END

665

666

667

668

Set this region to be the homepage for: <br /><br /> $user_list

669

670

671

</form>

672

END;

673

674

$response->SetFormRequestResponse($form, 'Set as the home page for a User?', '350px', '150px');

675

$response->Respond();

676

}

677

678

/**

679

* Sets the users homepage

680

* @return

681

682

function SetUserHomepage()

683

{

684

$db =& $this->db;

685

$response = new ResponseManager();

686

687

$userid = Kit::GetParam('userid', _POST, _INT, 0);

688

$layoutid = Kit::GetParam('layoutid', _POST, _INT, 0);

689

$regionid = Kit::GetParam('regionid', _POST, _STRING);

690

691

$homepage = "mediamanager&layoutid=$layoutid&regionid=$regionid";

692

693

$SQL = sprintf("UPDATE user SET homepage = '%s' WHERE userID = $userid ", $homepage);

694

695

if (!$db->query($SQL))

696

{

697

trigger_error($db->error());

698

$response->SetError('Unknown error setting this users homepage.');

699

$response->Respond();

700

}

701

702

$response->SetFormSubmitResponse('Homepage has been set.');

703

$response->Respond();

704

}

705

}

706

Older »