PageRenderTime 50ms CodeModel.GetById 24ms RepoModel.GetById 0ms app.codeStats 0ms

/includes/admin/user.php

https://bitbucket.org/d3bugg3r/shiftsystem
PHP | 135 lines | 130 code | 5 blank | 0 comment | 40 complexity | 771b46550b8c1d2d4736cc5c60c0cc74 MD5 | raw file
    

  1. <h3>User Management</h3>
    2. 

  2. 

  3. <?if ($_GET['u'] == 1) { //the new user form has been submitted
    4. 

  4. 	$user = escape($_POST['user']);
    5. 

  5. 	$email = escape($_POST['email']);
    6. 

  6. 	$admin = escape($_POST['admin']);
    7. 

  7. 	$colour = escape($_POST['colour']);
    8. 

  8. 	$id = escape($_POST['id']);
    9. 

  9. 	if (escape($_POST['submit']) == "Edit User"){   //Checks to see if this is an edit or a create request
    10. 

  10. 		$edit = true; 
    11. 

  11. 		$prev = $_POST['prev_user'];
    12. 

  12. 		if ($user != $prev) { //username has been changed
    13. 

  13. 			$user_val = mysql_query("SELECT * FROM users WHERE username='$user'");
    14. 

  14. 			if (mysql_num_rows($user_val) != 0) { //username is not already in use
    15. 

  15. 				echo "Username is already in use. Please hit back and select another";
    16. 

  16. 				die();
    17. 

  17. 			}
    18. 

  18. 		}
    19. 

  19. 		$password = $_POST['password'];
    20. 

  20. 		if ($password != '') $pass = md5($password);
    21. 

  21. 		if ($admin == "yes") $admin = "1"; else $admin = "0";
    22. 

  22. 		if (mysql_query("UPDATE users SET username='$user', password='$pass', email='$email', admin='$admin', colour='$colour' WHERE ID='$id'")) {
    23. 

  23. 			echo "User edited successfully";
    24. 

  24. 			die();
    25. 

  25. 		}
    26. 

  26. 		else {
    27. 

  27. 			echo "There was an error, please try again: ";
    28. 

  28. 			echo mysql_error();
    29. 

  29. 			die();
    30. 

  30. 		}
    31. 

  31. 		
    32. 

  32. 	}
    33. 

  33. 	elseif (escape($_POST['submit']) == "Delete User") { //this is a delete request
    34. 

  34. 		echo "here";
    35. 

  35. 		if (!isset($_POST['del_conf'])) { //deletion has not yet been confirmed
    36. 

  36. 			echo "<p>Are you sure you wish to permanently delete this user? This cannot be undone</p>";
    37. 

  37. 			echo "<form method='post' action='?p=admin&a=user&u=1'>";
    38. 

  38. 			$id = $_POST['id'];
    39. 

  39. 			echo "<input type='hidden' name='id' value='$id' />";
    40. 

  40. 			echo "<input type='hidden' name='del_conf' value='true' />";
    41. 

  41. 			echo "<input type='submit' name='submit' value='Delete User' />";
    42. 

  42. 			echo "<input type='submit' value='Cancel' />";
    43. 

  43. 			echo "</form>";			
    44. 

  44. 			die();
    45. 

  45. 		}
    46. 

  46. 		else { //deletion has been confirmed
    47. 

  47. 			$id = $_POST['id'];
    48. 

  48. 			if (mysql_query("DELETE FROM users WHERE ID='$id'")) {
    49. 

  49. 				echo "<p>User deleted Successfully</p>";
    50. 

  50. 			}
    51. 

  51. 			else echo "There was an error! ".mysql_error();
    52. 

  52. 		}
    53. 

  53. 	}
    54. 

  54. 	elseif (escape($_POST['submit']) == "Cancel") {
    55. 

  55. 	}
    56. 

  56. 	else { //This is a create request
    57. 

  57. 	$user_val = mysql_query("SELECT * FROM users WHERE username='$user'");
    58. 

  58. 	if (mysql_num_rows($user_val) == 0) { //username is not already in use
    59. 

  59. 		if ($admin=="yes") $admin = 1; else $admin=0;
    60. 

  60. 		$password = generatePassword();
    61. 

  61. 		$pass = md5($password);
    62. 

  62. 		if (mysql_query("INSERT INTO users VALUES('', '$user', '$pass', '$admin', '$email', '$colour')")) {
    63. 

  63. 			mail($email, 'User Account Created', "DO NOT REPLY TO THIS MESSAGE!
    64. 

  64. 				A User account has been created for you in the Shift Management System with the following details.
    65. 

  65. 				Username: $user
    66. 

  66. 				Password: $password
    67. 

  67. 				Please change your password when you first log in", 'From: Shift Management System');
    68. 

  68. 			echo "User account created. The user has been emailed their details";
    69. 

  69. 			die();
    70. 

  70. 		}
    71. 

  71. 		else {
    72. 

  72. 			echo "There was an error creating the account. Please try again";
    73. 

  73. 			die();
    74. 

  74. 		}
    75. 

  75. 	}
    76. 

  76. 	else { 
    77. 

  77. 		echo "Username is already in use. Please hit back and select another";
    78. 

  78. 		die();
    79. 

  79. 	}
    80. 

  80. 	}
    81. 

  81. }
    82. 

  82. 	
    83. 

  83. 	
    84. 

  84. $users = mysql_query("SELECT * FROM users WHERE 1=1");
    85. 

  85. echo "<form method='post' action='?p=admin&a=user&u=2'>";
    86. 

  86. echo "Select a User to edit: <select name='user'>";
    87. 

  87. while ($user_row = mysql_fetch_row($users)) {
    88. 

  88. 	$u = $user_row[1];
    89. 

  89. 	$u_id = $user_row[0];
    90. 

  90. 	echo "<option value='$u_id'>$u</option>";
    91. 

  91. }
    92. 

  92. echo "</select><input type='submit' value='Edit' /></form><br />";
    93. 

  93. if ($_GET['u'] == 2) { //The edit user form has been submitted
    94. 

  94. 	$id = escape($_POST['user']);
    95. 

  95. 	$result = mysql_query("SELECT * FROM users WHERE id='$id'");
    96. 

  96. 	$details = mysql_fetch_array($result);
    97. 

  97. 	$edit = true;
    98. 

  98. 	echo "<h4>Edit User Details</h4>";
    99. 

  99. }
    100. 

  100. else echo "<h4>Create New User</h4>";
    101. 

  101. 

  102. echo "<form method='post' action='?p=admin&a=user&u=1'>
    103. 

  103. <input type='hidden' name='id' value='$id' />
    104. 

  104. <table class='invisible'>
    105. 

  105. <tr>
    106. 

  106. 	<td>Username:</td><td> <input name='user' value='$details[1]' type='text' /></td>
    107. 

  107. </tr>
    108. 

  108. <tr>
    109. 

  109. 	<td>Email Address:</td><td> <input name='email' value='$details[4]' type='text' /></td>
    110. 

  110. </tr>";
    111. 

  111. if ($edit) {
    112. 

  112. 	echo "<tr>
    113. 

  113. 		<td>Password:</td><td> <input type='password' name='password' /> (Leave blank to remain the same)<input type='hidden' name='prev_user' value='$details[1]' /></td>
    114. 

  114. 	</tr>";
    115. 

  115. }
    116. 

  116. else {
    117. 

  117. 	echo "<tr>
    118. 

  118. 		<td>Password:</td><td> Will be emailed to user</td>
    119. 

  119. 	</tr>";
    120. 

  120. }
    121. 

  121. echo "<tr>
    122. 

  122. 	<td>Colour Code:</td><td><input type='text' name='colour' value='$details[5]' /> <a class='tooltip'>Scroll over for More Info<span>Colour Code: Enter the colour that will represent the user.<br />Either Red, Black etc or a Hex Code (e.g. #000000)</span></a>" ;
    123. 

  123. echo "<tr>
    124. 

  124. 	<td>Set as Admin:</td><td> <input type='checkbox' name='admin' value='yes'"; if (($edit) && ($details[3]==1)) echo "checked='yes'"; echo " /></td>
    125. 

  125. </tr>
    126. 

  126. </table>
    127. 

  127. Please doublecheck the details before submitting<br />";
    128. 

  128. if ($edit) {
    129. 

  129. 	echo "<input type='submit' name='submit' value='Edit User' />";
    130. 

  130. 	echo "<input type='submit' name='submit' value='Delete User' />";
    131. 

  131. }
    132. 

  132. else {
    133. 

  133. 	echo "<input type='submit' name='submit' value='Create User' />";
    134. 

  134. }
    135. 

  135. echo "</form>";
    136.