/**
* Return user info [ MUST BE OVERRIDDEN ] or false
*
* Returns info about the given user needs to contain
* at least these fields:
*
* username string name of the user
* grps array list of groups the user is in
* $user['grps']['groupname']=groupidnum
*
* sets a variable ($this->founduser) to show if a user was
* found by this function
*
* @author Matt Pascoe <*****@*****.**>
* @return array containing user data or false
*/
function getUserData($login_name)
{
global $onadb;
list($status, $rows, $user) = db_get_record($onadb, 'users', "username LIKE '{$login_name}'");
if (!$rows) {
$this->founduser = false;
return false;
} else {
$this->founduser = true;
// Update the access time for the user
db_update_record($onadb, 'users', array('id' => $user['id']), array('atime' => date_mangle(time())));
// Load the user's groups
list($status, $rows, $records) = db_get_records($onadb, 'group_assignments', array('user_id' => $user['id']));
foreach ($records as $record) {
list($status, $rows, $group) = db_get_record($onadb, 'groups', array('id' => $record['group_id']));
$user['grps'][$group['name']] = $group['id'];
if ($group['level'] > $user['level']) {
$user['level'] = $group['level'];
}
}
return $user;
}
}
function ws_save($window_name, $form = '')
{
global $conf, $self, $mysql;
// Make sure they have permission
if (!auth('admin')) {
$response = new xajaxResponse();
$response->addScript("alert('Permission denied!');");
return $response->getXML();
}
// Don't allow this in the demo account!
if ($_SESSION['auth']['client']['url'] == 'demo') {
$response = new xajaxResponse();
$response->addScript("alert('Feature disabled in this demo!');");
return $response->getXML();
}
// Instantiate the xajaxResponse object
$response = new xajaxResponse();
$js = '';
// Make sure they're logged in
if (!loggedIn()) {
return $response->getXML();
}
// Validate input
if (!$form['fname'] or !$form['lname'] or !$form['username']) {
$js .= "alert('Error! First name, last name, and username are required fields!');";
$response->addScript($js);
return $response->getXML();
}
if (!$form['id'] and !$form['passwd']) {
$js .= "alert('Error! A password is required to create a new employee!');";
$response->addScript($js);
return $response->getXML();
}
// Usernames are stored in lower case
$form['username'] = strtolower($form['username']);
// md5sum the password if there is one
if ($form['passwd']) {
$form['passwd'] = md5($form['passwd']);
}
// Create a new record?
if (!$form['id']) {
list($status, $rows) = db_insert_record($mysql, 'users', array('client_id' => $_SESSION['auth']['client']['id'], 'active' => 1, 'fname' => $form['fname'], 'lname' => $form['lname'], 'username' => $form['username'], 'passwd' => $form['passwd'], 'ctime' => date_mangle(time()), 'mtime' => date_mangle(time())));
printmsg("NOTICE => Added new user: {$form['username']} client url: {$_SESSION['auth']['client']['url']}", 0);
} else {
list($status, $rows, $record) = db_get_record($mysql, 'users', array('id' => $form['id'], 'client_id' => $_SESSION['auth']['client']['id']));
if ($rows != 1 or $record['id'] != $form['id']) {
$js .= "alert('Error! The record requested could not be loaded from the database!');";
$response->addScript($js);
return $response->getXML();
}
if (strlen($form['passwd']) < 32) {
$form['passwd'] = $record['passwd'];
}
list($status, $rows) = db_update_record($mysql, 'users', array('id' => $form['id']), array('fname' => $form['fname'], 'lname' => $form['lname'], 'username' => $form['username'], 'passwd' => $form['passwd'], 'mtime' => date_mangle(time()), 'active' => 1));
printmsg("NOTICE => Updated user: {$form['username']} client url: {$_SESSION['auth']['client']['url']}", 0);
}
// If the module returned an error code display a popup warning
if ($status) {
printmsg("ERROR => User add/edit failed! {$self['error']}", 0);
$js .= "alert('Save failed. Contact the webmaster if this problem persists.');";
$response->addScript($js);
return $response->getXML();
}
$js .= "removeElement('{$window_name}');";
$js .= "xajax_window_submit('user_list', xajax.getFormValues('user_list_filter_form'), 'display_list');";
// Handle the "admin" flag
list($status, $rows, $user) = db_get_record($mysql, 'users', array('username' => $form['username'], 'client_id' => $_SESSION['auth']['client']['id'], 'active' => 1));
list($status, $rows, $perm) = db_get_record($mysql, 'permissions', array('name' => 'admin'));
list($status, $rows, $acl) = db_get_record($mysql, 'acl', array('user_id' => $user['id'], 'perm_id' => $perm['id']));
if ($form['admin'] and !$acl['id'] and $user['id'] and $perm['id']) {
// Give the user the permission
list($status, $rows) = db_insert_record($mysql, 'acl', array('user_id' => $user['id'], 'perm_id' => $perm['id']));
} else {
if (!$form['admin'] and $acl['id'] and $user['id'] and $perm['id'] and $_SESSION['auth']['user']['id'] != $user['id']) {
// Take the permission away, UNLESS THEY ARE TRYING TO MODIFY THEIR OWN ACCOUNT!
list($status, $rows) = db_delete_record($mysql, 'acl', array('user_id' => $user['id'], 'perm_id' => $perm['id']));
} else {
if ($_SESSION['auth']['user']['id'] == $user['id']) {
// IF they did try to remove their own admin status, give them a popup and tell them they can't do that.
$js .= "alert('WARNING => You can\\'t change your own admin status!');";
}
}
}
// Insert the new table into the window
$response->addScript($js);
return $response->getXML();
}
