pre_process.php | searchcode

/modules/phreedom/pages/roles/pre_process.php

http://phreedom.googlecode.com/
PHP | 209 lines | 165 code | 8 blank | 36 comment | 22 complexity | 93405ea55b74a56dba811fc2b80877de MD5 | raw file
Possible License(s): GPL-3.0, LGPL-3.0

<?php

// +-----------------------------------------------------------------+

// |                   PhreeBooks Open Source ERP                    |

// +-----------------------------------------------------------------+

// | Copyright (c) 2008, 2009, 2010, 2011, 2012 PhreeSoft, LLC       |

// | http://www.PhreeSoft.com                                        |

// +-----------------------------------------------------------------+

// | This program is free software: you can redistribute it and/or   |

// | modify it under the terms of the GNU General Public License as  |

// | published by the Free Software Foundation, either version 3 of  |

// | the License, or any later version.                              |

// |                                                                 |

// | This program is distributed in the hope that it will be useful, |

// | but WITHOUT ANY WARRANTY; without even the implied warranty of  |

// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the   |

// | GNU General Public License for more details.                    |

// +-----------------------------------------------------------------+

//  Path: /modules/phreedom/pages/roles/pre_process.php

//

$security_level = validate_user(SECURITY_ID_ROLES);

/**************   include page specific files    *********************/

gen_pull_language($module, 'admin');

//gen_pull_language('contacts');

//require_once(DIR_FS_WORKING . 'functions/phreedom.php');

//require_once(DIR_FS_MODULES . 'phreebooks/functions/phreebooks.php');

/**************  page specific initialization  *************************/

$error  = false;

$action = isset($_GET['action']) ? $_GET['action'] : $_POST['todo'];

// load the sort fields

$_GET['sf'] = $_POST['sort_field'] ? $_POST['sort_field'] : $_GET['sf'];

$_GET['so'] = $_POST['sort_order'] ? $_POST['sort_order'] : $_GET['so'];

/***************   hook for custom actions   ***************************/

$custom_path = DIR_FS_WORKING . 'custom/pages/roles/extra_actions.php';

if (file_exists($custom_path)) { include($custom_path); }

/***************   Act on the action request   *************************/

switch ($action) {

  case 'save':

  case 'fill_all': 

	validate_security($security_level, 2);

  	$admin_id = db_prepare_input($_POST['rowSeq']);

	$fill_all = db_prepare_input($_POST['fill_all']);

	$prefs = array(

	  'def_store_id'    => db_prepare_input($_POST['def_store_id']),

	  'def_cash_acct'   => db_prepare_input($_POST['def_cash_acct']),

	  'def_ar_acct'     => db_prepare_input($_POST['def_ar_acct']),

	  'def_ap_acct'     => db_prepare_input($_POST['def_ap_acct']),

	  'restrict_store'  => isset($_POST['restrict_store'])  ? '1' : '0',

	  'restrict_period' => isset($_POST['restrict_period']) ? '1' : '0',

	);

	// not the most elegent but look for a colon in the second character position

	$post_keys = array_keys($_POST);

	$admin_security = '';

    foreach ($post_keys as $key) {

	  if (strpos($key, 'sID_') === 0) { // it's a security setting post

		if ($admin_security) $admin_security .= ',';

		$admin_security .= substr($key, 4) . ':' . (($fill_all == '-1') ? substr($_POST[$key], 0, 1) : $fill_all);

	  }

	}

	$sql_data_array = array(

	  'admin_name'     => db_prepare_input($_POST['admin_name']),

	  'is_role'        => '1',

	  'inactive'       => isset($_POST['inactive']) ? '1' : '0',

	  'admin_prefs'    => serialize($prefs),

	  'admin_security' => $admin_security,

	);

	if (!$admin_id) { // check for duplicate user name

	  $result = $db->Execute("select admin_id from " . TABLE_USERS . " 

	    where admin_name = '" . db_prepare_input($_POST['admin_name']) . "'");

	  if ($result->RecordCount() > 0) {

		$error = $messageStack->add(ENTRY_DUP_USER_NEW_ERROR, 'error');

	  }

	}

	if (!$error) {

	  if ($admin_id) {

		db_perform(TABLE_USERS, $sql_data_array, 'update', 'admin_id = ' . (int)$admin_id);

		gen_add_audit_log(sprintf(GEN_LOG_USER, TEXT_UPDATE), db_prepare_input($_POST['admin_name']));

	  } else {

		db_perform(TABLE_USERS, $sql_data_array);

		$admin_id = db_insert_id();

		gen_add_audit_log(sprintf(GEN_LOG_USER, TEXT_ADD), db_prepare_input($_POST['admin_name']));

	  }

	  if ($admin_id == $_SESSION['admin_id']) $_SESSION['admin_security'] = gen_parse_permissions($admin_security); // update if user is current user

	} elseif ($error) {

	  $action = 'edit';

	}

	$uInfo = new objectInfo($_POST);

	$uInfo->admin_security = $admin_security;

	break;



  case 'copy':

	validate_security($security_level, 2);

  	$admin_id = db_prepare_input($_GET['cID']);

	$new_name = db_prepare_input($_GET['name']);

	// check for duplicate user names

	$result = $db->Execute("select admin_name from " . TABLE_USERS . " where admin_name = '" . $new_name . "'");

	if ($result->Recordcount() > 0) {	// error and reload

	  $messageStack->add(GEN_ERROR_DUPLICATE_ID, 'error');

	  break;

	}

	$result   = $db->Execute("select * from " . TABLE_USERS . " where admin_id = " . $admin_id);

	$old_name = $result->fields['admin_name'];

	// clean up the fields (especially the system fields, retain the custom fields)

	$output_array = array();

	foreach ($result->fields as $key => $value) {

	  switch ($key) {

		case 'admin_id':	// Remove from write list fields

		case 'display_name':

		case 'admin_email':

		case 'admin_pass':

		case 'account_id':

		  break;

		case 'admin_name': // set the new user name

		  $output_array[$key] = $new_name;

		  break;

		default:

		  $output_array[$key] = $value;

	  }

	}

	db_perform(TABLE_USERS, $output_array, 'insert');

	$new_id = db_insert_id();

	$messageStack->add(GEN_MSG_COPY_SUCCESS, 'success');

	// now continue with newly copied item by editing it

	gen_add_audit_log(sprintf(GEN_LOG_USER, TEXT_COPY), $old_name . ' => ' . $new_name);

	$_POST['rowSeq'] = $new_id;	// set item pointer to new record

	$action = 'edit'; // fall through to edit case



  case 'edit':

	if (isset($_POST['rowSeq'])) $admin_id = db_prepare_input($_POST['rowSeq']);

	$result = $db->Execute("select * from " . TABLE_USERS . " where admin_id = " . (int)$admin_id);

	$temp = unserialize($result->fields['admin_prefs']);

	unset($result->fields['admin_prefs']);

	$uInfo = new objectInfo($result->fields);

	foreach ($temp as $key => $value) $uInfo->$key = $value;

	break;



  case 'delete':

	validate_security($security_level, 4);

  	$admin_id = (int)db_prepare_input($_POST['rowSeq']);

	// fetch the name for the audit log

	$result = $db->Execute("select admin_name from " . TABLE_USERS . " where admin_id = " . $admin_id);

	$db->Execute("delete from " . TABLE_USERS . " where admin_id = " . $admin_id);

	gen_add_audit_log(sprintf(GEN_LOG_USER, TEXT_DELETE), $result->fields['admin_name']);

	gen_redirect(html_href_link(FILENAME_DEFAULT, gen_get_all_get_params(array('action')), 'SSL'));

	break;



  case 'go_first':    $_GET['list'] = 1;     break;

  case 'go_previous': $_GET['list']--;       break;

  case 'go_next':     $_GET['list']++;       break;

  case 'go_last':     $_GET['list'] = 99999; break;

  case 'search':

  case 'search_reset':

  case 'go_page':

  default:

}



/*****************   prepare to display templates  *************************/

$fill_all_values = array(

  array('id' => '-1', 'text' => GEN_HEADING_PLEASE_SELECT),

  array('id' => '0',  'text' => TEXT_NONE),

  array('id' => '1',  'text' => TEXT_READ_ONLY),

  array('id' => '2',  'text' => TEXT_ADD),

  array('id' => '3',  'text' => TEXT_EDIT),

  array('id' => '4',  'text' => TEXT_FULL),

);



$include_header   = true;

$include_footer   = true;

$include_tabs     = true;

$include_calendar = false;



switch ($action) {

  case 'new':

  case 'edit':

  case 'fill_all':

    $include_template = 'template_detail.php';

	$role_name = isset($uInfo->admin_name) ? (' - ' . $uInfo->admin_name) : '';

    define('PAGE_TITLE', HEADING_TITLE_ROLE_DETAIL . $role_name);

	break;

  default:

	// build the list header

	$heading_array = array(

	  'admin_name'   => GEN_USERNAME,

	  'inactive'     => TEXT_INACTIVE,

	);

	$result      = html_heading_bar($heading_array, $_GET['sf'], $_GET['so']);

	$list_header = $result['html_code'];

	$disp_order  = $result['disp_order'];

	// build the list for the page selected

	$search_text = ($_GET['search_text'] == TEXT_SEARCH) ? '' : db_input($_GET['search_text']);

	if (isset($search_text) && $search_text <> '') {

	  $search_fields = array('admin_name', 'admin_email', 'display_name');

	  // hook for inserting new search fields to the query criteria.

	  if (is_array($extra_search_fields)) $search_fields = array_merge($search_fields, $extra_search_fields);

	  $search = ' and (' . implode(' like \'%' . $search_text . '%\' or ', $search_fields) . ' like \'%' . $search_text . '%\')';

	} else {

	  $search = '';

	}

	$field_list = array('admin_id', 'inactive', 'display_name', 'admin_name', 'admin_email');

	// hook to add new fields to the query return results

	if (is_array($extra_query_list_fields) > 0) $field_list = array_merge($field_list, $extra_query_list_fields);

	$query_raw    = "select " . implode(', ', $field_list) . " from " . TABLE_USERS . " where 

	  is_role = '1'" . $search . " order by $disp_order";

	$query_split  = new splitPageResults($_GET['list'], MAX_DISPLAY_SEARCH_RESULTS, $query_raw, $query_numrows);

	$query_result = $db->Execute($query_raw);

	$include_template = 'template_main.php';

	define('PAGE_TITLE', BOX_HEADING_ROLES);

}



?>