3
* Xibo - Digitial Signage - http://www.xibo.org.uk
4
* Copyright (C) 2006,2007,2008 Daniel Garner and James Packer
6
* This file is part of Xibo.
8
* Xibo is free software: you can redistribute it and/or modify
9
* it under the terms of the GNU Affero General Public License as published by
10
* the Free Software Foundation, either version 3 of the License, or
13
* Xibo is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU Affero General Public License for more details.
18
* You should have received a copy of the GNU Affero General Public License
19
* along with Xibo. If not, see <http://www.gnu.org/licenses/>.
21
defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
35
function __construct(database $db, user $user)
40
// Include the group data classes
41
include_once('lib/data/usergroup.data.class.php');
44
function on_page_load()
49
function echo_page_heading()
63
$response = new ResponseManager();
65
$username = Kit::GetParam('username', _POST, _STRING);
66
$password = Kit::GetParam('password', _POST, _STRING);
67
$password = md5($password);
68
$email = Kit::GetParam('email', _POST, _STRING);
69
$usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0);
70
$homepage = Kit::GetParam('homepage', _POST, _STRING);
71
$pass_change = isset($_POST['pass_change']);
73
// Construct the Homepage
74
$homepage = "dashboard";
79
trigger_error("Please enter a User Name.", E_USER_ERROR);
83
trigger_error("Please enter a Password.", E_USER_ERROR);
87
trigger_error("Please enter an Email Address.", E_USER_ERROR);
90
if ($homepage == "") $homepage = "dashboard";
92
//Check for duplicate user name
94
$sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($username));
96
if(!$sqlcheckresult = $db->query($sqlcheck))
98
trigger_error($db->error());
99
trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
102
if($db->num_rows($sqlcheckresult) != 0)
104
trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
107
//Ready to enter the user into the database
108
$query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage)";
109
$query .= " VALUES ('$username', '$password', $usertypeid, '$email', '$homepage')";
111
if(!$id = $db->insert_query($query))
113
trigger_error($db->error());
114
trigger_error("Error adding that user", E_USER_ERROR);
117
// Add the user group
118
$userGroupObject = new UserGroup($db);
120
if (!$groupID = $userGroupObject->Add($username, 1))
122
// We really want to delete the new user...
123
//TODO: Delete the new user
126
trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
129
$userGroupObject->Link($groupID, $id);
131
$response->SetFormSubmitResponse('User Saved.');
132
$response->Respond();
143
$response = new ResponseManager();
145
$userID = Kit::GetParam('userid', _POST, _INT, 0);
146
$username = Kit::GetParam('username', _POST, _STRING);
147
$password = Kit::GetParam('password', _POST, _STRING);
148
$password = md5($password);
149
$email = Kit::GetParam('email', _POST, _STRING);
150
$usertypeid = Kit::GetParam('usertypeid', _POST, _INT, 0);
151
$homepage = Kit::GetParam('homepage', _POST, _STRING);
152
$pass_change = isset($_POST['pass_change']);
157
trigger_error("Please enter a User Name.", E_USER_ERROR);
161
trigger_error("Please enter a Password.", E_USER_ERROR);
165
trigger_error("Please enter an Email Address.", E_USER_ERROR);
168
if ($homepage == "") $homepage = "dashboard";
170
//Check for duplicate user name
172
$sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID ";
174
if (!$sqlcheckresult = $db->query($sqlcheck))
176
trigger_error($db->error());
177
trigger_error(__("Cant get this user's name. Please try another."), E_USER_ERROR);
180
if ($db->num_rows($sqlcheckresult) != 0)
182
trigger_error(__("Could Not Complete, Duplicate User Name Exists"), E_USER_ERROR);
185
//Everything is ok - run the update
186
$sql = "UPDATE user SET UserName = '$username'";
189
$sql .= ", UserPassword = '$password'";
192
$sql .= ", email = '$email' ";
193
if ($homepage == 'dashboard')
196
$sql .= ", homepage='$homepage' ";
199
if ($usertypeid != "")
201
$sql .= ", usertypeid = " . $usertypeid;
204
$sql .= " WHERE UserID = ". $userID . "";
206
if (!$db->query($sql))
208
trigger_error($db->error());
209
trigger_error("Error updating that user", E_USER_ERROR);
212
// Update the group to follow suit
213
$userGroupObject = new UserGroup($db);
215
if (!$userGroupObject->EditUserGroup($userID, $username))
217
// We really want to delete the new user...
218
//TODO: Delete the new user
221
trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
224
$response->SetFormSubmitResponse('User Saved.');
225
$response->Respond();
234
function DeleteUser()
237
$user =& $this->user;
239
$response = new ResponseManager();
240
$userid = Kit::GetParam('userid', _POST, _INT, 0);
241
$groupID = $user->getGroupFromID($userid, true);
243
// Firstly delete the group for this user
244
$userGroupObject = new UserGroup($db);
246
$userGroupObject->Unlink($groupID, $userid);
248
if (!$userGroupObject->Delete($groupID))
250
trigger_error($userGroupObject->GetErrorMessage(), E_USER_ERROR);
254
$sqldel = "DELETE FROM user";
255
$sqldel .= " WHERE UserID = ". $userid . "";
257
if (!$db->query($sqldel))
259
trigger_error($db->error());
260
trigger_error(__("This user has been active, you may only retire them."), E_USER_ERROR);
263
// We should delete this users sessions record.
264
$SQL = "DELETE FROM session WHERE userID = $userid ";
266
if (!$db->query($sqldel))
268
trigger_error($db->error());
269
trigger_error(__("If logged in, this user will be deleted once they log out."), E_USER_ERROR);
272
$response->SetFormSubmitResponse(__('User Deleted.'));
273
$response->Respond();
277
* Prints the user information in a table based on a check box selection
283
$user =& $this->user;
284
$response = new ResponseManager();
286
$itemName = $_REQUEST['usertypeid'];
287
$username = $_REQUEST['username'];
289
$sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage ";
290
$sql .= " FROM user ";
291
$sql .= " WHERE 1=1 ";
292
if ($_SESSION['usertype']==3)
294
$sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " ";
298
$sql .= " AND usertypeid=\"" . $itemName . "\"";
302
$sql .= " AND UserName LIKE '%$username%' ";
304
$sql .= " ORDER by UserName";
307
if (!$results = $db->query($sql))
309
trigger_error($db->error());
310
trigger_error("Can not get the user information", E_USER_ERROR);
314
<div class="info_table">
315
<table style="width:100%">
328
while($aRow = $db->get_row($results))
331
$userName = $aRow[1];
332
$usertypeid = $aRow[2];
333
$loggedin = $aRow[3];
334
$lastaccessed = $aRow[4];
336
$homepage = $aRow[6];
337
$groupid = $user->getGroupFromID($userID, true);
341
$loggedin="<img src=\"img/act.gif\">";
345
$loggedin="<img src=\"img/disact.gif\">";
348
//parse the homepage name, split into & seperated bits.
349
$homepageArray = explode('&', $homepage);
351
if (count($homepageArray) > 1)
353
list($temp, $layoutid) = explode('=', $homepageArray[1]);
355
//Look up the layout name
356
$SQL = "SELECT layout FROM layout WHERE layoutID = $layoutid ";
357
if (!$result = $db->query($SQL))
359
trigger_error("Incorrect home page setting, please contact your system admin.", E_USER_ERROR);
362
$row = $db->get_row($result);
371
if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid']))
373
$table .= '<tr ondblclick="XiboFormRender(\'index.php?p=user&q=DisplayForm&userID=' . $userID . '\')">';
379
$table .= "<td>" . $userName . "</td>";
380
$table .= "<td>" . $homepageArray[0] . "</td>";
381
$table .= "<td>" . $layout . "</td>";
382
$table .= "<td>" . $email . "</td>";
385
if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid']))
387
$msgPageSec = __('Page Security');
388
$msgMenuSec = __('Menu Security');
390
$table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>';
391
$table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button>';
392
$table .= '<button class="XiboFormButton" href="index.php?p=group&q=PageSecurityForm&groupid=' . $groupid . '"><span>' . $msgPageSec . '</span></button>';
393
$table .= '<button class="XiboFormButton" href="index.php?p=group&q=MenuItemSecurityForm&groupid=' . $groupid . '"><span>' . $msgMenuSec . '</span></button>';
398
$table .= "</tbody></table></div>";
400
$response->SetGridResponse($table);
401
$response->Respond();
405
* Controls which pages are to be displayed
408
function displayPage()
411
include('template/pages/user_view.php');
415
* Outputs the filter page
418
function UserFilter()
422
$usertype_list = dropdownlist("SELECT 'all', 'All' as usertype UNION SELECT usertypeID, usertype FROM usertype ORDER BY usertype", "usertypeid", 'all');
425
<div class="FilterDiv" id="UserFilter">
426
<form onsubmit="return false">
427
<input type="hidden" name="p" value="user">
428
<input type="hidden" name="q" value="UserGrid">
432
<td><input type="text" name="username"></td>
434
<td>$usertype_list</td>
443
<div class="XiboGrid" id="$id">
444
<div class="XiboFilter">
447
<div class="XiboData">
456
* Displays the User form (from Ajax)
459
function DisplayForm()
462
$user =& $this->user;
463
$response = new ResponseManager();
464
$helpManager = new HelpManager($db, $user);
466
$userid = Kit::GetParam('userID', _GET, _INT);
469
$SQL .= "SELECT UserName , ";
470
$SQL .= " UserPassword, ";
471
$SQL .= " usertypeid , ";
473
$SQL .= " homepage ";
474
$SQL .= "FROM `user`";
475
$SQL .= sprintf(" WHERE userID = %d", $userid);
477
if(!$results = $db->query($SQL))
479
trigger_error($db->error());
480
trigger_error(__('Error getting user information.'), E_USER_ERROR);
483
while($aRow = $db->get_row($results))
485
$username = Kit::ValidateParam($aRow[0], _USERNAME);
486
$password = Kit::ValidateParam($aRow[1], _PASSWORD);
487
$usertypeid = Kit::ValidateParam($aRow[2], _INT);
488
$email = Kit::ValidateParam($aRow[3], _STRING);
489
$homepage = Kit::ValidateParam($aRow[4], _STRING);
493
$nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true);
494
$passHelp = $helpManager->HelpIcon("The Password for this user.", true);
495
$emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true);
496
$homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true);
497
$overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true);
498
$usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true);
500
$homepageOption = '';
501
$override_option = '';
503
//What form are we displaying
507
$action = "index.php?p=user&q=AddUser";
512
$action = "index.php?p=user&q=EditUser";
514
//split the homepage into its component parts (if it needs to be)
515
if (strpos($homepage,'&') !== false)
517
$homepage = substr($homepage, 0, strpos($homepage,'&'));
520
//make the homepage dropdown
521
$homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage);
523
$homepageOption = <<<END
525
<td><label for="homepage">Homepage<span class="required">*</span></label></td>
526
<td>$homepageHelp $homepage_list</td>
530
$override_option = <<<FORM
531
<td>Override Password?</td>
532
<td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td>
536
//get us the user type if we dont have it (for the default value)
539
$usertype = Config::GetSetting($db,"defaultUsertype");
541
$SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'";
542
if(!$results = $db->query($SQL))
544
trigger_error($db->error());
545
trigger_error("Can not get Usertype information", E_USER_ERROR);
547
$row = $db->get_row($results);
548
$usertypeid = $row['0'];
552
if ($_SESSION['usertype']==1)
555
$usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid);
557
$usertypeOption = <<<END
559
<td><label for="usertypeid">User Type <span class="required">*</span></label></td>
560
<td>$usertypeHelp $usertype_list</td>
566
$usertypeOption = "";
571
<form id="UserForm" class="XiboForm" method='post' action='$action'>
572
<input type='hidden' name='userid' value='$userid'>
575
<td><label for="username">User Name<span class="required">*</span></label></td>
576
<td>$nameHelp <input type="text" id="" name="username" value="$username" class="required" /></td>
579
<td><label for="password">Password<span class="required">*</span></label></td>
580
<td>$passHelp <input type="password" id="password" name="password" value="$password" /></td>
584
<td><label for="email">Email Address<span class="required email">*</span></label></td>
585
<td>$emailHelp <input type="text" id="email" name="email" value="$email" class="required" /></td>
593
$response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px');
594
$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Add') . '")');
595
$response->AddButton(__('Cancel'), 'XiboDialogClose()');
596
$response->AddButton(__('Save'), '$("#UserForm").submit()');
597
$response->Respond();
604
function DeleteForm()
607
$user =& $this->user;
608
$response = new ResponseManager();
609
$helpManager = new HelpManager($db, $user);
611
//expect the $userid to be set
612
$userid = Kit::GetParam('userID', _REQUEST, _INT);
616
<form id="UserDeleteForm" class="XiboForm" method="post" action="index.php?p=user&q=DeleteUser">
617
<input type="hidden" name="userid" value="$userid">
618
<p>Are you sure you want to delete this user?</p>
622
$response->SetFormRequestResponse($form, __('Delete this User?'), '260px', '180px');
623
$response->AddButton(__('Help'), 'XiboHelpRender("' . $helpManager->Link('User', 'Delete') . '")');
624
$response->AddButton(__('No'), 'XiboDialogClose()');
625
$response->AddButton(__('Yes'), '$("#UserDeleteForm").submit()');
626
$response->Respond();
630
* Sets the users home page
633
function SetUserHomepageForm()
636
$response = new ResponseManager();
637
$layoutid = Kit::GetParam('layoutid', _REQUEST, _INT, 0);
638
$regionid = Kit::GetParam('regionid', _REQUEST, _STRING);
640
//Homepages are for layouts / region combinations
641
//The user doesnt have to have access to the layout.
643
//There should be a list of users on this form - that list should change according to permissions
644
//Permissions being related to the logged in user (can they change the users records)
645
// the layout they are on (does the user have permission for it)
647
//Get the layout owner and permissions
648
$SQL = "SELECT userID, permissionID FROM layout WHERE layoutID = $layoutid ";
649
if (!$result = $db->query($SQL))
651
trigger_error($db->error());
652
trigger_error("Cant get this regions permissions details.", E_USER_ERROR);
655
$row = $db->get_row($result);
657
$layoutOwnerID = $row[0];
658
$layoutPermissionID = $row[1];
660
//Query for the user list
661
$SQL = " SELECT userID, username, $layoutPermissionID, $layoutOwnerID ";
662
$SQL .= " FROM user ";
663
if ($_SESSION['usertype'] != "1") //if we arnt an admin then only show us.
665
$SQL .= " WHERE userID = " . $_SESSION['userid'];
667
$SQL .= " ORDER BY username ";
669
$user_list = dropdownlist($SQL, "userid", '', '', false, true, "", "edit", true);
672
<form class="XiboForm" action="index.php?p=user&q=SetUserHomepage" method="post">
673
<input type="hidden" name="layoutid" value="$layoutid" />
674
<input type="hidden" name="regionid" value="$regionid" />
675
Set this region to be the homepage for: <br /><br /> $user_list
676
<input type="submit" value="Yes" />
677
<input type="submit" value="No" onclick="$('#div_dialog').dialog('close');return false; ">
681
$response->SetFormRequestResponse($form, 'Set as the home page for a User?', '350px', '150px');
682
$response->Respond();
686
* Sets the users homepage
689
function SetUserHomepage()
692
$response = new ResponseManager();
694
$userid = Kit::GetParam('userid', _POST, _INT, 0);
695
$layoutid = Kit::GetParam('layoutid', _POST, _INT, 0);
696
$regionid = Kit::GetParam('regionid', _POST, _STRING);
698
$homepage = "mediamanager&layoutid=$layoutid®ionid=$regionid";
700
$SQL = sprintf("UPDATE user SET homepage = '%s' WHERE userID = $userid ", $homepage);
702
if (!$db->query($SQL))
704
trigger_error($db->error());
705
$response->SetError('Unknown error setting this users homepage.');
706
$response->Respond();
709
$response->SetFormSubmitResponse('Homepage has been set.');
710
$response->Respond();
3
* Xibo - Digitial Signage - http://www.xibo.org.uk
4
* Copyright (C) 2006,2007,2008 Daniel Garner and James Packer
6
* This file is part of Xibo.
8
* Xibo is free software: you can redistribute it and/or modify
9
* it under the terms of the GNU Affero General Public License as published by
10
* the Free Software Foundation, either version 3 of the License, or
13
* Xibo is distributed in the hope that it will be useful,
14
* but WITHOUT ANY WARRANTY; without even the implied warranty of
15
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
* GNU Affero General Public License for more details.
18
* You should have received a copy of the GNU Affero General Public License
19
* along with Xibo. If not, see <http://www.gnu.org/licenses/>.
21
defined('XIBO') or die("Sorry, you are not allowed to directly access this page.<br /> Please press the back button in your browser.");
44
function __construct(database $db, user $user)
49
$this->sub_page = Kit::GetParam('sp', _REQUEST, _WORD, 'view');
50
$userid = Kit::GetParam('userID', _REQUEST, _INT, 0);
54
$this->sub_page = "edit";
56
$this->userid = $userid;
58
$sql = " SELECT UserName, UserPassword, usertypeid, email, groupID, homepage FROM user";
59
$sql .= sprintf(" WHERE userID = %d", $userid);
61
if(!$results = $db->query($sql)) trigger_error("Error excuting query".$db->error(), E_USER_ERROR);
63
while($aRow = $db->get_row($results))
65
$this->username = Kit::ValidateParam($aRow[0], _USERNAME);
66
$this->password = Kit::ValidateParam($aRow[1], _PASSWORD);
67
$this->usertypeid = Kit::ValidateParam($aRow[2], _INT);
68
$this->email = Kit::ValidateParam($aRow[3], _STRING);
69
$this->groupid = Kit::ValidateParam($aRow[4], _INT);
70
$this->homepage = Kit::ValidateParam($aRow[5], _STRING);
75
function on_page_load()
80
function echo_page_heading()
94
$response = new ResponseManager();
96
$user = Kit::GetParam('username', _POST, _USERNAME);
97
$password = md5(Kit::GetParam('password', _POST, _USERNAME));
98
$usertypeid = Kit::GetParam('usertypeid', _POST, _INT);
99
$email = Kit::GetParam('email', _POST, _STRING);
100
$groupid = Kit::GetParam('groupid', _POST, _INT);
102
// Construct the Homepage
103
$homepage = "dashboard";
108
trigger_error("Please enter a User Name.", E_USER_ERROR);
112
trigger_error("Please enter a Password.", E_USER_ERROR);
116
trigger_error("Please enter an Email Address.", E_USER_ERROR);
119
if ($homepage == "") $homepage = "dashboard";
121
//Check for duplicate user name
123
$sqlcheck .= sprintf("SELECT UserName FROM user WHERE UserName = '%s'", $db->escape_string($user));
125
if(!$sqlcheckresult = $db->query($sqlcheck))
127
trigger_error($db->error());
128
trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
131
if($db->num_rows($sqlcheckresult) != 0)
133
trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
136
//Ready to enter the user into the database
137
$query = "INSERT INTO user (UserName, UserPassword, usertypeid, email, homepage, groupid)";
138
$query .= " VALUES ('$user', '$password', $usertypeid, '$email', '$homepage', $groupid)";
140
if(!$id = $db->insert_query($query))
142
trigger_error($db->error());
143
trigger_error("Error adding that user", E_USER_ERROR);
146
$response->SetFormSubmitResponse('User Saved.');
147
$response->Respond();
158
$response = new ResponseManager();
162
$userID = Kit::GetParam('userid', _POST, _INT, 0);
163
$username = $_POST['username'];
164
$password = md5($_POST['password']);
165
$email = $_POST['email'];
166
$usertypeid = $_POST['usertypeid'];
167
$homepage = $_POST['homepage'];
168
$groupid = $_POST['groupid'];
169
$pass_change = isset($_POST['pass_change']);
174
trigger_error("Please enter a User Name.", E_USER_ERROR);
178
trigger_error("Please enter a Password.", E_USER_ERROR);
182
trigger_error("Please enter an Email Address.", E_USER_ERROR);
185
if ($homepage == "") $homepage = "dashboard";
187
//Check for duplicate user name
189
$sqlcheck .= "SELECT UserName FROM user WHERE UserName = '" . $username . "' AND userID <> $userID ";
191
if (!$sqlcheckresult = $db->query($sqlcheck))
193
trigger_error($db->error());
194
trigger_error("Cant get this user's name. Please try another.", E_USER_ERROR);
197
if ($db->num_rows($sqlcheckresult) != 0)
199
trigger_error("Could Not Complete, Duplicate User Name Exists", E_USER_ERROR);
202
//Everything is ok - run the update
203
$sql = "UPDATE user SET UserName = '$username'";
206
$sql .= ", UserPassword = '$password'";
209
$sql .= ", email = '$email' ";
210
if ($homepage == 'dashboard')
213
$sql .= ", homepage='$homepage' ";
216
if ($usertypeid != "")
218
$sql .= ", usertypeid = " . $usertypeid . ", groupID = $groupid ";
220
$sql .= " WHERE UserID = ". $userID . "";
222
if (!$db->query($sql))
224
trigger_error($db->error());
225
trigger_error("Error updating that user", E_USER_ERROR);
228
$response->SetFormSubmitResponse('User Saved.');
229
$response->Respond();
238
function DeleteUser()
241
$response = new ResponseManager();
242
$userid = Kit::GetParam('userid', _POST, _INT, 0);
244
$sqldel = "DELETE FROM user";
245
$sqldel .= " WHERE UserID = ". $userid . "";
247
if (!$db->query($sqldel))
249
trigger_error($db->error());
250
trigger_error("This user has been active, you may only retire them.", E_USER_ERROR);
253
// We should delete this users sessions record.
254
$SQL = "DELETE FROM session WHERE userID = $userID ";
256
if (!$db->query($sqldel))
258
trigger_error($db->error());
259
trigger_error("If logged in, this user will be deleted once they log out.", E_USER_ERROR);
262
$response->SetFormSubmitResponse('User Deleted.');
263
$response->Respond();
267
* Prints the user information in a table based on a check box selection
273
$user =& $this->user;
274
$response = new ResponseManager();
276
$itemName = $_REQUEST['usertypeid'];
277
$username = $_REQUEST['username'];
279
$sql = "SELECT user.UserID, user.UserName, user.usertypeid, user.loggedin, user.lastaccessed, user.email, user.homepage, group.group ";
280
$sql .= " FROM user ";
281
$sql .= " INNER JOIN `group` ON user.groupid = group.groupID ";
282
$sql .= " WHERE 1=1 ";
283
if ($_SESSION['usertype']==3)
285
$sql .= " AND usertypeid=3 AND userid = " . $_SESSION['userid'] . " ";
289
$sql .= " AND usertypeid=\"" . $itemName . "\"";
293
$sql .= " AND UserName LIKE '%$username%' ";
295
$sql .= " ORDER by UserName";
298
if (!$results = $db->query($sql))
300
trigger_error($db->error());
301
trigger_error("Can not get the user information", E_USER_ERROR);
305
<div class="info_table">
306
<table style="width:100%">
320
while($aRow = $db->get_row($results))
323
$userName = $aRow[1];
324
$usertypeid = $aRow[2];
325
$loggedin = $aRow[3];
326
$lastaccessed = $aRow[4];
328
$homepage = $aRow[6];
333
$loggedin="<img src=\"img/act.gif\">";
337
$loggedin="<img src=\"img/disact.gif\">";
340
//parse the homepage name, split into & seperated bits.
341
$homepageArray = explode('&', $homepage);
343
if (count($homepageArray) > 1)
345
list($temp, $layoutid) = explode('=', $homepageArray[1]);
347
//Look up the layout name
348
$SQL = "SELECT layout FROM layout WHERE layoutID = $layoutid ";
349
if (!$result = $db->query($SQL))
351
trigger_error("Incorrect home page setting, please contact your system admin.", E_USER_ERROR);
354
$row = $db->get_row($result);
363
if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid']))
365
$table .= '<tr ondblclick="XiboFormRender(\'index.php?p=user&q=DisplayForm&userID=' . $userID . '\')">';
371
$table .= "<td>" . $userName . "</td>";
372
$table .= "<td>" . $homepageArray[0] . "</td>";
373
$table .= "<td>" . $layout . "</td>";
374
$table .= "<td>" . $email . "</td>";
375
$table .= "<td>" . $group . "</td>";
378
if($_SESSION['usertype'] == 1 ||($userID == $_SESSION['userid']))
380
$table .= '<button class="XiboFormButton" href="index.php?p=user&q=DisplayForm&userID=' . $userID . '"><span>Edit</span></button>';
381
$table .= '<button class="XiboFormButton" href="index.php?p=user&q=DeleteForm&userID=' . $userID . '" ><span>Delete</span></button></div></td>';
389
$table .= "</tbody></table></div>";
391
$response->SetGridResponse($table);
392
$response->Respond();
396
* Controls which pages are to be displayed
399
function displayPage()
403
switch ($this->sub_page)
407
include('template/pages/user_view.php');
416
* Outputs the filter page
419
function UserFilter()
423
$usertype_list = dropdownlist("SELECT 'all', 'All' as usertype UNION SELECT usertypeID, usertype FROM usertype ORDER BY usertype", "usertypeid", 'all');
426
<div class="FilterDiv" id="UserFilter">
427
<form onsubmit="return false">
428
<input type="hidden" name="p" value="user">
429
<input type="hidden" name="q" value="UserGrid">
433
<td><input type="text" name="username"></td>
435
<td>$usertype_list</td>
444
<div class="XiboGrid" id="$id">
445
<div class="XiboFilter">
448
<div class="XiboData">
457
* Displays the Add user form (from Ajax)
460
function DisplayForm()
463
$user =& $this->user;
464
$response = new ResponseManager();
466
$helpManager = new HelpManager($db, $user);
468
//ajax request handler
470
$userid = $this->userid;
471
$username = $this->username;
472
$password = $this->password;
473
$usertypeid = $this->usertypeid;
474
$email = $this->email;
475
$homepage = $this->homepage;
476
$groupid = $this->groupid;
479
$helpButton = $helpManager->HelpButton("content/users/overview", true);
480
$nameHelp = $helpManager->HelpIcon("The Login Name of the user.", true);
481
$passHelp = $helpManager->HelpIcon("The Password for this user.", true);
482
$emailHelp = $helpManager->HelpIcon("Users email address. E.g. user@example.com", true);
483
$homepageHelp = $helpManager->HelpIcon("The users Homepage. This should not be changed until you want to reset their homepage.", true);
484
$overpassHelp = $helpManager->HelpIcon("Do you want to override this users password with the one entered here.", true);
485
$usertypeHelp = $helpManager->HelpIcon("What is this users type? This would usually be set to 'User'", true);
486
$groupHelp = $helpManager->HelpIcon("Which group does this user belong to? User groups control media sharing and access to functional areas of Xibo.", true);
488
//What form are we displaying
492
$action = "index.php?p=user&q=AddUser";
497
$action = "index.php?p=user&q=EditUser";
499
//split the homepage into its component parts (if it needs to be)
500
if (strpos($homepage,'&') !== false)
502
$homepage = substr($homepage, 0, strpos($homepage,'&'));
505
//make the homepage dropdown
506
$homepage_list = listcontent("dashboard|dashboard,mediamanager|mediamanager", "homepage", $homepage);
508
$homepageOption = <<<END
510
<td><label for="homepage">Homepage<span class="required">*</span></label></td>
511
<td>$homepageHelp $homepage_list</td>
515
$override_option = <<<FORM
516
<td>Override Password?</td>
517
<td>$overpassHelp <input type="checkbox" name="pass_change" value="0"></td>
521
//get us the user type if we dont have it (for the default value)
524
$usertype = Config::GetSetting($db,"defaultUsertype");
526
$SQL = "SELECT usertypeid FROM usertype WHERE usertype = '$usertype'";
527
if(!$results = $db->query($SQL))
529
trigger_error($db->error());
530
trigger_error("Can not get Usertype information", E_USER_ERROR);
532
$row = $db->get_row($results);
533
$usertypeid = $row['0'];
537
$group_list = dropdownlist("SELECT groupID, `group` FROM `group` ORDER BY `group`", "groupid", $groupid);
539
if ($_SESSION['usertype']==1)
542
$usertype_list = dropdownlist("SELECT usertypeid, usertype FROM usertype", "usertypeid", $usertypeid);
544
$usertypeOption = <<<END
546
<td><label for="usertypeid">User Type <span class="required">*</span></label></td>
547
<td>$usertypeHelp $usertype_list</td>
550
<td><label for="groupid">Group <span class="required">*</span></label></td>
551
<td>$groupHelp $group_list</td>
557
$usertypeOption = "";
562
<form class="XiboForm" method='post' action='$action'>
563
<input type='hidden' name='userid' value='$userid'>
566
<td><label for="username">User Name<span class="required">*</span></label></td>
567
<td>$nameHelp <input type="text" id="" name="username" value="$username" /></td>
570
<td><label for="password">Password<span class="required">*</span></label></td>
571
<td>$passHelp <input type="password" id="password" name="password" value="$password" /></td>
575
<td><label for="email">Email Address</label></td>
576
<td>$emailHelp <input type="text" id="email" name="email" value="$email" /></td>
583
<input type='submit' value="Save" / >
584
<input id="btnCancel" type="button" title="No / Cancel" onclick="$('#div_dialog').dialog('close');return false; " value="Cancel" />
592
$response->SetFormRequestResponse($form, 'Add/Edit a User.', '550px', '320px');
593
$response->Respond();
600
function DeleteForm()
603
$response = new ResponseManager();
605
//expect the $userid to be set
606
$userid = $this->userid;
610
<form class="XiboForm" method="post" action="index.php?p=user&q=DeleteUser">
611
<input type="hidden" name="userid" value="$userid">
612
<p>Are you sure you want to delete $this->name?</p>
613
<input type="submit" value="Yes">
614
<input type="submit" value="No" onclick="$('#div_dialog').dialog('close');return false; ">
618
$response->SetFormRequestResponse($form, 'Delete this User?', '260px', '180px');
619
$response->Respond();
623
* Sets the users home page
626
function SetUserHomepageForm()
629
$response = new ResponseManager();
630
$layoutid = Kit::GetParam('layoutid', _REQUEST, _INT, 0);
631
$regionid = Kit::GetParam('regionid', _REQUEST, _STRING);
633
//Homepages are for layouts / region combinations
634
//The user doesnt have to have access to the layout.
636
//There should be a list of users on this form - that list should change according to permissions
637
//Permissions being related to the logged in user (can they change the users records)
638
// the layout they are on (does the user have permission for it)
640
//Get the layout owner and permissions
641
$SQL = "SELECT userID, permissionID FROM layout WHERE layoutID = $layoutid ";
642
if (!$result = $db->query($SQL))
644
trigger_error($db->error());
645
trigger_error("Cant get this regions permissions details.", E_USER_ERROR);
648
$row = $db->get_row($result);
650
$layoutOwnerID = $row[0];
651
$layoutPermissionID = $row[1];
653
//Query for the user list
654
$SQL = " SELECT userID, username, $layoutPermissionID, $layoutOwnerID ";
655
$SQL .= " FROM user ";
656
if ($_SESSION['usertype'] != "1") //if we arnt an admin then only show us.
658
$SQL .= " WHERE userID = " . $_SESSION['userid'];
660
$SQL .= " ORDER BY username ";
662
$user_list = dropdownlist($SQL, "userid", '', '', false, true, "", "edit", true);
665
<form class="XiboForm" action="index.php?p=user&q=SetUserHomepage" method="post">
666
<input type="hidden" name="layoutid" value="$layoutid" />
667
<input type="hidden" name="regionid" value="$regionid" />
668
Set this region to be the homepage for: <br /><br /> $user_list
669
<input type="submit" value="Yes" />
670
<input type="submit" value="No" onclick="$('#div_dialog').dialog('close');return false; ">
674
$response->SetFormRequestResponse($form, 'Set as the home page for a User?', '350px', '150px');
675
$response->Respond();
679
* Sets the users homepage
682
function SetUserHomepage()
685
$response = new ResponseManager();
687
$userid = Kit::GetParam('userid', _POST, _INT, 0);
688
$layoutid = Kit::GetParam('layoutid', _POST, _INT, 0);
689
$regionid = Kit::GetParam('regionid', _POST, _STRING);
691
$homepage = "mediamanager&layoutid=$layoutid®ionid=$regionid";
693
$SQL = sprintf("UPDATE user SET homepage = '%s' WHERE userID = $userid ", $homepage);
695
if (!$db->query($SQL))
697
trigger_error($db->error());
698
$response->SetError('Unknown error setting this users homepage.');
699
$response->Respond();
702
$response->SetFormSubmitResponse('Homepage has been set.');
703
$response->Respond();