<?php $root = realpath($_SERVER["DOCUMENT_ROOT"]); include $root . '/cms/includes/header.php'; if ($_SESSION['user']['role'] != 1) { header('Location: ' . $root . '/cms/index.php'); } $usersCount = usersCount(); $allUsers = getAllUsers(); $rolesCount = rolesCount(); $allRoles = getAllRoles(); ?> <div class="container"> <section> <div class="row"> <div class="col-xs-12 col-md-12"> <h1>Utilisateurs</h1> </div> </div> <div class="col-xs-12 col-md-12"> <article> <table> <thead>
function ProcessRoleAddEdit() { $errors = ""; if (empty($_POST["Name"])) { $errors .= "<li>Error, field \"Name\" is blank.</li>"; } if ($errors == "") { $RoleID = $_POST["RoleID"]; $name = $_POST["Name"]; $desc = $_POST["Description"]; if (empty($RoleID)) { // No RoleID means we are processing an ADD $RoleID = addRole($name, $desc); } else { $hasAttributes = $_POST["hasAttributes"]; updateRole($RoleID, $name, $desc, $hasAttributes); } $results = getAllRoles(); include '../security/manage_roles_form.php'; } else { displayError($errors); } }
$page_create = false; } else { $user_id = $_GET['id']; if ($user = getUserById($user_id)) { if ($page == "edit") { $page_edit = true; } else { if ($page == "delete") { $page_delete = true; } } } } } if ($page_edit || $page_delete || $page_create) { $roles = getAllRoles(); if (isset($_POST['submit'])) { if ($page_edit && 'editUser' == $_POST['action']) { if (empty($_POST['rolename']) || empty($_POST['primary'])) { $formMessage = "Invalid values."; $formStatus = "danger"; } else { $rolename = $_POST['rolename']; $primary = $_POST['primary']; $rolename = stripslashes($rolename); $primary = stripslashes($primary); if ($primary == "no" && $user['username'] == $loggedInUser) { $formMessage = "The active user cannot be change to a non-primary user."; $formStatus = "danger"; } else { if (updateUser($user_id, $rolename, $primary)) {
function createUser($username, $password, $rolename, $primary) { if (!$username || !$password) { return false; } if (!in_array($rolename, getAllRoles())) { return false; } if ($primary != 'yes' && $primary != 'no') { return false; } global $db_prefix; $conn = getConnection(); if (!$conn) { return false; } $sql = "INSERT INTO " . $db_prefix . "user (username,`password`,rolename,`primary`) VALUES ('{$username}',MD5('{$password}'),'{$rolename}','{$primary}')"; $done = false; if (mysqli_query($conn, $sql)) { $done = true; } mysqli_close($conn); return $done; }