PageRenderTime 38ms CodeModel.GetById 15ms RepoModel.GetById 1ms app.codeStats 0ms

/chronique/SuppLoginSetup.php

http://chronique.googlecode.com/
PHP | 300 lines | 282 code | 13 blank | 5 comment | 3 complexity | 3bc44948fc6e737f387d16f5111727f4 MD5 | raw file
Possible License(s): AGPL-1.0, GPL-2.0, LGPL-2.1, MPL-2.0-no-copyleft-exception 
    

  1. <?php
    2. 

  2. 

  3. /* $Id: SuppLoginSetup.php 4749 2011-11-21 09:22:06Z daintree $*/
    4. 

  4. 

  5. include('includes/session.inc');
    6. 

  6. $title = _('Supplier Login Configuration');
    7. 

  7. include('includes/header.inc');
    8. 

  8. include('includes/SQL_CommonFunctions.inc');
    9. 

  9. include ('includes/LanguagesArray.php');
    10. 

  10. 

  11. 

  12. if (!isset($_SESSION['SupplierID'])){
    13. 

  13. 	echo '<br />
    14. 

  14. 		<br />';
    15. 

  15. 	prnMsg(_('A supplier must first be selected before logins can be defined for it') . '<br /><br /><a href="' . $rootpath . '/SelectSupplier.php">' . _('Select A Supplier') . '</a>','info');
    16. 

  16. 	include('includes/footer.inc');
    17. 

  17. 	exit;
    18. 

  18. } 
    19. 

  19. 

  20. $ModuleList = array(_('Orders'),
    21. 

  21. 					_('Receivables'),
    22. 

  22. 					_('Payables'),
    23. 

  23. 					_('Purchasing'),
    24. 

  24. 					_('Inventory'),
    25. 

  25. 					_('Manufacturing'),
    26. 

  26. 					_('General Ledger'),
    27. 

  27. 					_('Asset Manager'),
    28. 

  28. 					_('Petty Cash'),
    29. 

  29. 					_('Setup'));
    30. 

  30. 

  31. echo '<a href="' . $rootpath . '/SelectSupplier.php?">' . _('Back to Suppliers') . '</a><br />';
    32. 

  32. 

  33. echo '<p class="page_title_text"><img src="'.$rootpath.'/css/'.$theme.'/images/supplier.png" title="' . _('Supplier') . '" alt="" />' . ' ' . _('Supplier') . ' : ' . $_SESSION['SupplierID'] . _(' has been selected') . '</p><br />';
    34. 

  34. 

  35. 

  36. 

  37. if (isset($_POST['submit'])) {
    38. 

  38. 

  39. 	//initialise no input errors assumed initially before we test
    40. 

  40. 	$InputError = 0;
    41. 

  41. 

  42. 	/* actions to take once the user has clicked the submit button
    43. 

  43. 	ie the page has called itself with some user input */
    44. 

  44. 

  45. 	//first off validate inputs sensible
    46. 

  46. 	if (mb_strlen($_POST['UserID'])<4){
    47. 

  47. 		$InputError = 1;
    48. 

  48. 		prnMsg(_('The user ID entered must be at least 4 characters long'),'error');
    49. 

  49. 	} elseif (ContainsIllegalCharacters($_POST['UserID'])) {
    50. 

  50. 		$InputError = 1;
    51. 

  51. 		prnMsg(_('User names cannot contain any of the following characters') . " - ' & + \" \\ " . _('or a space'),'error');
    52. 

  52. 	} elseif (mb_strlen($_POST['Password'])<5){
    53. 

  53. 		if (!$SelectedUser){
    54. 

  54. 			$InputError = 1;
    55. 

  55. 			prnMsg(_('The password entered must be at least 5 characters long'),'error');
    56. 

  56. 		}
    57. 

  57. 	} elseif (mb_strstr($_POST['Password'],$_POST['UserID'])!= False){
    58. 

  58. 		$InputError = 1;
    59. 

  59. 		prnMsg(_('The password cannot contain the user id'),'error');
    60. 

  60. 	}
    61. 

  61. 	
    62. 

  62. 	/* Make a comma separated list of modules allowed ready to update the database*/
    63. 

  63. 	$i=0;
    64. 

  64. 	$ModulesAllowed = '';
    65. 

  65. 	while ($i < count($ModuleList)){
    66. 

  66. 		$FormVbl = 'Module_' . $i;
    67. 

  67. 		$ModulesAllowed .= $_POST[($FormVbl)] . ',';
    68. 

  68. 		$i++;
    69. 

  69. 	}
    70. 

  70. 	
    71. 

  71. 

  72. 	if ($InputError !=1) {
    73. 

  73. 

  74. 		$sql = "INSERT INTO www_users (userid,
    75. 

  75. 										realname,
    76. 

  76. 										supplierid,
    77. 

  77. 										password,
    78. 

  78. 										phone,
    79. 

  79. 										email,
    80. 

  80. 										pagesize,
    81. 

  81. 										fullaccess,
    82. 

  82. 										defaultlocation,
    83. 

  83. 										lastvisitdate,
    84. 

  84. 										modulesallowed,
    85. 

  85. 										displayrecordsmax,
    86. 

  86. 										theme,
    87. 

  87. 										language)
    88. 

  88. 						VALUES ('" . $_POST['UserID'] . "',
    89. 

  89. 							'" . $_POST['RealName'] ."',
    90. 

  90. 							'" . $_SESSION['SupplierID'] ."',
    91. 

  91. 							'" . CryptPass($_POST['Password']) ."',
    92. 

  92. 							'" . $_POST['Phone'] . "',
    93. 

  93. 							'" . $_POST['Email'] ."',
    94. 

  94. 							'" . $_POST['PageSize'] ."',
    95. 

  95. 							'" . $_POST['Access'] . "',
    96. 

  96. 							'" . $_POST['DefaultLocation'] ."',
    97. 

  97. 							'" . date($_SESSION['DefaultDateFormat']) ."',
    98. 

  98. 							'" . $ModulesAllowed . "',
    99. 

  99. 							'" . $_SESSION['DefaultDisplayRecordsMax'] . "',
    100. 

  100. 							'" . $_POST['Theme'] . "',
    101. 

  101. 							'". $_POST['UserLanguage'] ."')";
    102. 

  102. 		$ErrMsg = _('The user could not be added because');
    103. 

  103. 		$DbgMsg = _('The SQL that was used to insert the new user and failed was');
    104. 

  104. 		$result = DB_query($sql,$db,$ErrMsg,$DbgMsg);
    105. 

  105. 		prnMsg( _('A new supplier login has been created'), 'success' );
    106. 

  106. 		include('includes/footer.inc');
    107. 

  107. 		exit;
    108. 

  108. 	}
    109. 

  109. } 
    110. 

  110. 

  111. echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF']) . '">';
    112. 

  112. echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />';
    113. 

  113. 

  114. 

  115. echo '<table class="selection">
    116. 

  116. 		<tr>
    117. 

  117. 			<td>' . _('User Login') . ':</td>
    118. 

  118. 			<td><input type="text" name="UserID" size="22" maxlength="20" /></td>
    119. 

  119. 		</tr>';
    120. 

    121. 

  121. 

  122. if (!isset($_POST['Password'])) {
    123. 

  123. 	$_POST['Password']='';
    124. 

  124. }
    125. 

  125. if (!isset($_POST['RealName'])) {
    126. 

  126. 	$_POST['RealName']='';
    127. 

  127. }
    128. 

  128. if (!isset($_POST['Phone'])) {
    129. 

  129. 	$_POST['Phone']='';
    130. 

  130. }
    131. 

  131. if (!isset($_POST['Email'])) {
    132. 

  132. 	$_POST['Email']='';
    133. 

  133. }
    134. 

  134. echo '<tr>
    135. 

  135. 		<td>' . _('Password') . ':</td>
    136. 

  136. 		<td><input type="password" name="Password" size="22" maxlength="20" value="' . $_POST['Password'] . '">
    137. 

  137. 	</tr>
    138. 

  138. 	<tr>
    139. 

  139. 		<td>' . _('Full Name') . ':</td>
    140. 

  140. 		<td><input type="text" name="RealName" value="' . $_POST['RealName'] . '" size="36" maxlength="35" /></td>
    141. 

  141. 	</tr>
    142. 

  142. 	<tr>
    143. 

  143. 		<td>' . _('Telephone No') . ':</td>
    144. 

  144. 		<td><input type="text" name="Phone" value="' . $_POST['Phone'] . '" size="32" maxlength="30" /></td>
    145. 

  145. 	</tr>
    146. 

  146. 	<tr>
    147. 

  147. 		<td>' . _('Email Address') .':</td>
    148. 

  148. 		<td><input type="text" name="Email" value="' . $_POST['Email'] .'" size="32" maxlength="55" /></td>
    149. 

  149. 	</tr>';
    150. 

    151. 

  151. 

  152. 

  153. 

  154. 

  155. //Make an array of the security roles where only one role is active and is ID 1
    156. 

  156. 

  157. //For the security role selection box, we will only show roles that have:
    158. 

  158. //- Only one entry in securitygroups AND the tokenid of this entry == 9
    159. 

  159. 

  160. //First get all available security role ID's'
    161. 

  161. $RolesResult = DB_query("SELECT secroleid FROM securityroles", $db);
    162. 

  162. $FoundTheSupplierRole = false;
    163. 

  163. while ($myroles = DB_fetch_array($RolesResult)){
    164. 

  164. 	//Now look to find the tokens for the role - we just wnat the role that has just one token i.e. token 9
    165. 

  165. 	$TokensResult = DB_query("SELECT tokenid 
    166. 

  166. 								FROM securitygroups 
    167. 

  167. 								WHERE secroleid = '" . $myroles['secroleid'] ."'",
    168. 

  168. 								$db);
    169. 

  169. 

  170. 	if (DB_num_rows($TokensResult) == 1 ) {
    171. 

  171. 		$mytoken = DB_fetch_row($TokensResult);
    172. 

  172. 		if ($mytoken[0]==9){
    173. 

  173. 			echo'<input type="hidden" name="Access" value ="' . $myroles['secroleid'] . '" />';
    174. 

  174. 			$FoundTheSupplierRole = true;
    175. 

  175. 			break;
    176. 

  176. 		}
    177. 

  177. 	}
    178. 

  178. }
    179. 

  179. 

  180. if (!$FoundTheSupplierRole){
    181. 

  181. 	prnMsg(_('The supplier login role is expected to contain just one token - number 9. There is no such role currently defined - so a supplier login cannot be set up until this role is defined'),'error');
    182. 

  182. 	echo '</table>';
    183. 

  183. 	include('includes/footer.inc');
    184. 

  184. 	exit;
    185. 

  185. }
    186. 

  186. 

  187. 

  188. echo '<tr><td>' . _('Default Location') . ':</td>
    189. 

  189. 	<td><select name="DefaultLocation">';
    190. 

    191. 

  191. $sql = "SELECT loccode, locationname FROM locations";
    192. 

  192. $result = DB_query($sql,$db);
    193. 

  193. 

  194. while ($myrow=DB_fetch_array($result)){
    195. 

  195. 

  196. 	if (isset($_POST['DefaultLocation']) 
    197. 

  197. 		AND $myrow['loccode'] == $_POST['DefaultLocation']){
    198. 

  198. 

  199. 		echo '<option selected value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
    200. 

  200. 	} else {
    201. 

  201. 		echo '<option value="' . $myrow['loccode'] . '">' . $myrow['locationname'] . '</option>';
    202. 

  202. 	}
    203. 

  203. }
    204. 

  204. 

  205. echo '<tr><td>' . _('Reports Page Size') .':</td>
    206. 

  206. 	<td><select name="PageSize">';
    207. 

    208. 

  208. if(isset($_POST['PageSize']) and $_POST['PageSize']=='A4'){
    209. 

  209. 	echo '<option selected value="A4">' . _('A4') . '</option>';
    210. 

  210. } else {
    211. 

  211. 	echo '<option value="A4">' . _('A4') . '</option>';
    212. 

  212. }
    213. 

  213. 

  214. if(isset($_POST['PageSize']) and $_POST['PageSize']=='A3'){
    215. 

  215. 	echo '<option selected value="A3">' . _('A3') . '</option>';
    216. 

  216. } else {
    217. 

  217. 	echo '<option value="A3">' . _('A3') . '</option>';
    218. 

  218. }
    219. 

  219. 

  220. if(isset($_POST['PageSize']) and $_POST['PageSize']=='A3_landscape'){
    221. 

  221. 	echo '<option selected value="A3_landscape">' . _('A3') . ' ' . _('landscape') . '</option>';
    222. 

  222. } else {
    223. 

  223. 	echo '<option value="A3_landscape">' . _('A3') . ' ' . _('landscape') . '</option>';
    224. 

  224. }
    225. 

  225. 

  226. if(isset($_POST['PageSize']) and $_POST['PageSize']=='letter'){
    227. 

  227. 	echo '<option selected value="letter">' . _('Letter') . '</option>';
    228. 

  228. } else {
    229. 

  229. 	echo '<option value="letter">' . _('Letter') . '</option>';
    230. 

  230. }
    231. 

  231. 

  232. if(isset($_POST['PageSize']) and $_POST['PageSize']=='letter_landscape'){
    233. 

  233. 	echo '<option selected value="letter_landscape">' . _('Letter') . ' ' . _('landscape') . '</option>';
    234. 

  234. } else {
    235. 

  235. 	echo '<option value="letter_landscape">' . _('Letter') . ' ' . _('landscape') . '</option>';
    236. 

  236. }
    237. 

  237. 

  238. if(isset($_POST['PageSize']) and $_POST['PageSize']=='legal'){
    239. 

  239. 	echo '<option selected value="legal">' . _('Legal') . '</option>';
    240. 

  240. } else {
    241. 

  241. 	echo '<option Value="legal">' . _('Legal') . '</option>';
    242. 

  242. }
    243. 

  243. if(isset($_POST['PageSize']) and $_POST['PageSize']=='legal_landscape'){
    244. 

  244. 	echo '<option selected value="legal_landscape">' . _('Legal') . ' ' . _('landscape') . '</option>';
    245. 

  245. } else {
    246. 

  246. 	echo '<option value="legal_landscape">' . _('Legal') . ' ' . _('landscape') . '</option>';
    247. 

  247. }
    248. 

  248. 

  249. echo '</select></td></tr>';
    250. 

  250. 

  251. echo '<tr>
    252. 

  252. 	<td>' . _('Theme') . ':</td>
    253. 

  253. 	<td><select name="Theme">';
    254. 

    255. 

  255. $ThemeDirectory = dir('css/');
    256. 

  256. 

  257. 

  258. while (false != ($ThemeName = $ThemeDirectory->read())){
    259. 

  259. 

  260. 	if (is_dir('css/' . $ThemeName) AND $ThemeName != '.' AND $ThemeName != '..' AND $ThemeName != '.svn'){
    261. 

  261. 

  262. 		if (isset($_POST['Theme']) and $_POST['Theme'] == $ThemeName){
    263. 

  263. 			echo '<option selected value="' . $ThemeName . '">' . $ThemeName . '</option>';
    264. 

  264. 		} else if (!isset($_POST['Theme']) and ($_SESSION['DefaultTheme']==$ThemeName)) {
    265. 

  265. 			echo '<option selected value="' . $ThemeName . '">' . $ThemeName . '</option>';
    266. 

  266. 		} else {
    267. 

  267. 			echo '<option value="' . $ThemeName . '">' . $ThemeName . '</option>';
    268. 

  268. 		}
    269. 

  269. 	}
    270. 

  270. }
    271. 

  271. 

  272. echo '</select></td></tr>';
    273. 

  273. 

  274. 

  275. echo '<tr>
    276. 

  276. 	<td>' . _('Language') . ':</td>
    277. 

  277. 	<td><select name="UserLanguage">';
    278. 

    279. 

  279. foreach ($LanguagesArray as $LanguageEntry => $LanguageName){
    280. 

  280. 	if (isset($_POST['UserLanguage']) and $_POST['UserLanguage'] == $LanguageEntry){
    281. 

  281. 		echo '<option selected value="' . $LanguageEntry . '">' . $LanguageName['LanguageName'] .'</option>';
    282. 

  282. 	} elseif (!isset($_POST['UserLanguage']) and $LanguageEntry == $DefaultLanguage) {
    283. 

  283. 		echo '<option selected value="' . $LanguageEntry . '">' . $LanguageName['LanguageName'] .'</option>';
    284. 

  284. 	} else {
    285. 

  285. 		echo '<option value="' . $LanguageEntry . '">' . $LanguageName['LanguageName'] .'</option>';
    286. 

  286. 	}
    287. 

  287. }
    288. 

  288. echo '</select></td>
    289. 

  289. 	</tr>
    290. 

  290. 	</table>
    291. 

  291. 	<br />
    292. 

  292. 	<div class="centre">
    293. 

  293. 		<input type="submit" name="submit" value="' . _('Enter Information') . '" />
    294. 

  294. 	</div>
    295. 

  295. 	</form>';
    296. 

    297. 

  297. echo '<script  type="text/javascript">defaultControl(document.forms[0].UserID);</script>';
    298. 

  298. 

  299. include('includes/footer.inc');
    300. 

  300. ?>
    301.