/**
* CRUD data admin2
*/
function user_admin_admin()
{
$op = func_arg(0);
switch (strtolower(trim($op))) {
case 'add':
$username = $_REQUEST['username'];
$password = $_REQUEST['password'];
$email = $_REQUEST['email'];
$admin_created = create_new_admin($username, $password, $email);
if ($admin_created === TRUE) {
$_SESSION['pop_status_msg'][] = "Admin baru berhasil dibuat: <br>• Username: {$username}<br>• Password: {$password}<br>";
} else {
$_SESSION['pop_error_msg'][] = $admin_created;
}
break;
case 'update':
$username = $_REQUEST['username'];
$old_password = $_REQUEST['old_password'];
$new_password = $_REQUEST['new_password'];
$new_email = $_REQUEST['new_email'];
$admin_updated = update_admin($username, $old_password, $new_password, $email);
if ($admin_updated === TRUE) {
$_SESSION['pop_status_msg'][] = "Data admin berhasil diupdate";
} else {
$_SESSION['pop_error_msg'][] = $admin_updated;
}
break;
case 'delete':
// user/admin/admin/[delete]/[$username]
$username = func_arg(1);
$admin_deleted = delete_admin($username);
if ($admin_deleted === TRUE) {
$_SESSION['pop_status_msg'][] = "Data admin [{$username}] berhasil dihapus";
} else {
$_SESSION['pop_error_msg'][] = $admin_deleted;
}
break;
}
// default $op = view
// dapatkan data semua admin
$lilo_mongo = new LiloMongo();
$lilo_mongo->selectDB('Users');
$lilo_mongo->selectCollection('Admin');
$admin_data_cursor = $lilo_mongo->find();
$template = new Template();
$template->basepath = $_SESSION['basepath'];
$template->admin_data_cursor = $admin_data_cursor;
// sampe senee...
$html = $template->render("modules/001_user_management/templates/user_admin_admin.php");
if (trim($ajax) == 'ajax') {
} else {
$html = ui_admin_default(NULL, $html);
}
return $html;
}
function save_admin()
{
if ($u = get_admin_info_by_id(_post('id'))) {
if ($u['password'] != _post('oldpassword')) {
return ajax_echo('旧密码不正确,保存失败');
}
}
if (update_admin(_post('adminname'), _post('newpassword') ? _post('newpassword') : $u['password'])) {
return ajax_echo('您的资料已更改');
}
return ajax_echo('修改失败,原因未知');
}
order_list($db, $order_list_actual, "type_os", "down", $max_line);
unset($_POST);
}
// -------------
// --- MODIFICATION
if (!empty($_POST) && isset($_POST["update_type_os"]) && $_POST["update_type_os"] == "1") {
$id = intval($_POST["id"]);
$type_os = addslashes($_POST["type_os"]);
echo "Modification du champ<br />\n\t\t\t\tAncienne valeur = [<b>" . $type_os . "</b>]<br />\n\t\t\t\t<form action='#' method='POST'> <input type='hidden' name='id' value='" . $id . "' /> <input type='hidden' name='update_type_os' value='1' />\n\t\t\t\t\t<input type='text' name='type_os_updated' class='form-control' />\n\t\t\t\t\t<button class='btn btn-large btn-primary'>Enregistrer<br />les modifications</button>\n\t\t\t\t</form>";
unset($_POST);
}
// --- MODIFICATION DANS DB
if (!empty($_POST) && isset($_POST["update_type_os_db"]) && $_POST["update_type_os_db"] == "1") {
$id = $_POST["id"];
$data = addslashes($_POST["type_os_updated"]);
update_admin($db, $id, $data, "type_os");
}
?>
<div class="col-lg-8 col-md-8 col-sm-12 col-xs-12">
<?php
listing_admin($db, "type_os");
?>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<form method="POST" class="well"> <h2 class="text-center">Ajouter un nouveau système d'exploitation</h2>
<input type="hidden" name="add_type_os" value="1" />
Nom du système d'exploitation : <input name="type_os" type="text" class="form-control" required /><br /><br />
<button class="btn btn-large btn-success">Ajouter<br /><span class="glyphicon glyphicon-tag"></span></button>
</form>
// View admin accounts
include 'account_view.php';
break;
case 'view_edit':
// Get admin user data
$admin_id = intval($_POST['admin_id']);
$admin = get_admin($admin_id);
$first_name = $admin['firstName'];
$last_name = $admin['lastName'];
$email = $admin['emailAddress'];
// Display Edit page
include 'account_edit.php';
break;
case 'update':
$admin_id = intval($_POST['admin_id']);
update_admin($admin_id, $_POST['email'], $_POST['first_name'], $_POST['last_name'], $_POST['password_1'], $_POST['password_2']);
if ($admin_id == $_SESSION['admin']['adminID']) {
$_SESSION['admin'] = get_admin($admin_id);
}
redirect($app_path . 'admin/account');
break;
case 'view_delete_confirm':
$admin_id = intval($_POST['admin_id']);
if ($admin_id == $_SESSION['admin']['adminID']) {
display_error('You cannot delete your own account.');
}
$admin = get_admin($admin_id);
$first_name = $admin['firstName'];
$last_name = $admin['lastName'];
$email = $admin['emailAddress'];
include 'account_delete.php';
order_list($db, $order_list_actual, "servers", "down", $max_line);
unset($_POST);
}
// -------------
// --- MODIFICATION
if (!empty($_POST) && isset($_POST["update_servers"]) && $_POST["update_servers"] == "1") {
$id = intval($_POST["id"]);
$servers = addslashes($_POST["servers"]);
echo "Modification du champ<br />\n\t\t\t\tAncienne valeur = [<b>" . $servers . "</b>]<br />\n\t\t\t\t<form action='#' method='POST'> <input type='hidden' name='id' value='" . $id . "' /> <input type='hidden' name='update_servers' value='1' />\n\t\t\t\t\t<input type='text' name='servers_updated' class='form-control' />\n\t\t\t\t\t<button class='btn btn-large btn-primary'>Enregistrer<br />les modifications</button>\n\t\t\t\t</form>";
unset($_POST);
}
// --- MODIFICATION DANS DB
if (!empty($_POST) && isset($_POST["update_servers_db"]) && $_POST["update_servers_db"] == "1") {
$id = $_POST["id"];
$data = addslashes($_POST["servers_updated"]);
update_admin($db, $id, $data, "servers");
}
?>
<div class="col-lg-8 col-md-8 col-sm-12 col-xs-12">
<?php
listing_admin($db, "servers");
?>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<form method="POST" class="well"> <h2 class="text-center">Ajouter un nouveau serveur</h2>
<input type="hidden" name="add_servers" value="1" />
Nom du serveur : <input name="servers" type="text" class="form-control" required /><br /><br />
<button class="btn btn-large btn-success">Ajouter<br /><span class="glyphicon glyphicon-tag"></span></button>
</form>
order_list($db, $order_list_actual, "antivirus", "down", $max_line);
unset($_POST);
}
// -------------
// --- MODIFICATION
if (!empty($_POST) && isset($_POST["update_antivirus"]) && $_POST["update_antivirus"] == "1") {
$id = intval($_POST["id"]);
$antivirus = addslashes($_POST["antivirus"]);
echo "Modification du champ<br />\n\t\t\t\tAncienne valeur = [<b>" . $antivirus . "</b>]<br />\n\t\t\t\t<form action='#' method='POST'> <input type='hidden' name='id' value='" . $id . "' /> <input type='hidden' name='update_antivirus' value='1' />\n\t\t\t\t\t<input type='text' name='antivirus_updated' class='form-control' />\n\t\t\t\t\t<button class='btn btn-large btn-primary'>Enregistrer<br />les modifications</button>\n\t\t\t\t</form>";
unset($_POST);
}
// --- MODIFICATION DANS DB
if (!empty($_POST) && isset($_POST["update_antivirus_db"]) && $_POST["update_antivirus_db"] == "1") {
$id = $_POST["id"];
$data = addslashes($_POST["antivirus_updated"]);
update_admin($db, $id, $data, "antivirus");
}
?>
<div class="col-lg-8 col-md-8 col-sm-12 col-xs-12">
<?php
listing_admin($db, "antivirus");
?>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<form method="POST" class="well"> <h2 class="text-center">Ajouter un nouvel antivirus</h2>
<input type="hidden" name="add_antivirus" value="1" />
Nom de l'antivirus : <input name="antivirus" type="text" class="form-control" required /><br /><br />
<button class="btn btn-large btn-success">Ajouter<br /><span class="glyphicon glyphicon-tag"></span></button>
</form>
order_list($db, $order_list_actual, "shop", "down", $max_line);
unset($_POST);
}
// -------------
// --- MODIFICATION
if (!empty($_POST) && isset($_POST["update_shop"]) && $_POST["update_shop"] == "1") {
$id = intval($_POST["id"]);
$shop = addslashes($_POST["shop"]);
echo "Modification du champ<br />\n\t\t\t\tAncienne valeur = [<b>" . $shop . "</b>]<br />\n\t\t\t\t<form action='#' method='POST'> <input type='hidden' name='id' value='" . $id . "' /> <input type='hidden' name='update_shop' value='1' />\n\t\t\t\t\t<input type='text' name='shop_updated' class='form-control' />\n\t\t\t\t\t<button class='btn btn-large btn-primary'>Enregistrer<br />les modifications</button>\n\t\t\t\t</form>";
unset($_POST);
}
// --- MODIFICATION DANS DB
if (!empty($_POST) && isset($_POST["update_shop_db"]) && $_POST["update_shop_db"] == "1") {
$id = $_POST["id"];
$data = addslashes($_POST["shop_updated"]);
update_admin($db, $id, $data, "shop");
}
?>
<div class="col-lg-8 col-md-8 col-sm-12 col-xs-12">
<?php
listing_admin($db, "shop");
?>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<form method="POST" class="well"> <h2 class="text-center">Ajouter un nouveau magasin</h2>
<input type="hidden" name="add_shop" value="1" />
Nom du magasin : <input name="shop" type="text" class="form-control" required /><br /><br />
<button class="btn btn-large btn-success">Ajouter<br /><span class="glyphicon glyphicon-tag"></span></button>
</form>
update_admin($fName, $mName, $lName, $id);
update_account($pass, $id);
$message = "<div class = 'alert alert-success' style = 'width: 350px;'>Account is successfully updated.</div>";
echo "<script>";
//go back to viewMed page after 3 seconds.
echo "setTimeout(function(){ document.location = '?p=profileAdmin'; }, 2000);";
echo "</script>";
} else {
if ($photo && !$photo['error']) {
$name = $photo['name'];
$type = $photo['type'];
$path = $photo['tmp_name'];
$bytes = file_get_contents($path);
$user = $_SESSION['user'];
update_photo($name, $type, $bytes, $user, $id);
update_admin($fName, $mName, $lName, $id);
update_account($pass, $id);
$message = "<div class = 'alert alert-success' style = 'width: 350px;'>Account is successfully updated.</div>";
echo "<script>";
//go back to viewMed page after 3 seconds.
echo "setTimeout(function(){ document.location = '?p=profileAdmin'; }, 2000);";
echo "</script>";
} else {
$message = "<div class = 'alert alert-warning' style = 'width: 350px;'>Invalid File.</div>";
}
}
} else {
//if not submitted we retrieve the data from the database
$adminFind = find_admin($id);
$user_pass = get_pass($id);
if ($adminFind) {
<?php
if ($access != 'VALID') {
header('location:../../index.php');
}
//Contrôleur secondaire affichage admin
$retour = '';
if (!isset($_SESSION['admin'])) {
header('location:../../index.php');
} else {
include_once 'model/users/fonctions_admins.php';
if (isset($_POST['nom'])) {
if ($_POST['mdp'] == $_POST['mdp2']) {
$mdp = crypt($_POST['mdp'], SEL);
if (update_admin($_GET['a'], $mdp, $_POST['nom'])) {
$retour = 'La modification a bien été effectuée';
} else {
$retour = 'Il y a eu une erreur lors de la mise à jour de l\'administrateur';
}
} else {
$retour = 'Les mots de passe que vous avez entrés ne sont pas identiques';
}
}
$url = "?module=users&action=admins";
$action = "Retourner à la liste des admin";
$title = 'Edition d\'utilisateur';
include_once 'view/retour.php';
}
order_list($db, $order_list_actual, "type_hardware", "down", $max_line);
unset($_POST);
}
// -------------
// --- MODIFICATION
if (!empty($_POST) && isset($_POST["update_type_hardware"]) && $_POST["update_type_hardware"] == "1") {
$id = intval($_POST["id"]);
$type_hardware = addslashes($_POST["type_hardware"]);
echo "Modification du champ<br />\n\t\t\t\tAncienne valeur = [<b>" . $type_hardware . "</b>]<br />\n\t\t\t\t<form action='#' method='POST'> <input type='hidden' name='id' value='" . $id . "' /> <input type='hidden' name='update_type_hardware' value='1' />\n\t\t\t\t\t<input type='text' name='type_hardware_updated' class='form-control' />\n\t\t\t\t\t<button class='btn btn-large btn-primary'>Enregistrer<br />les modifications</button>\n\t\t\t\t</form>";
unset($_POST);
}
// --- MODIFICATION DANS DB
if (!empty($_POST) && isset($_POST["update_type_hardware_db"]) && $_POST["update_type_hardware_db"] == "1") {
$id = $_POST["id"];
$data = addslashes($_POST["type_hardware_updated"]);
update_admin($db, $id, $data, "type_hardware");
}
?>
<div class="col-lg-8 col-md-8 col-sm-12 col-xs-12">
<?php
listing_admin($db, "type_hardware");
?>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<form method="POST" class="well"> <h2 class="text-center">Ajouter un nouveau type de matériel</h2>
<input type="hidden" name="add_type_hardware" value="1" />
Nom du type de matériel : <input name="type_hardware" type="text" class="form-control" required /><br /><br />
<button class="btn btn-large btn-success">Ajouter<br /><span class="glyphicon glyphicon-tag"></span></button>
</form>
order_list($db, $order_list_actual, "techs", "down", $max_line);
unset($_POST);
}
// -------------
// --- MODIFICATION
if (!empty($_POST) && isset($_POST["update_tech"]) && $_POST["update_tech"] == "1") {
$id = intval($_POST["id"]);
$name_tech = addslashes($_POST["name_tech"]);
echo "Modification du champ<br />\n\t\t\t\tAncienne valeur = [<b>" . $name_tech . "</b>]<br />\n\t\t\t\t<form action='#' method='POST'> <input type='hidden' name='id' value='" . $id . "' /> <input type='hidden' name='update_tech_db' value='1' />\n\t\t\t\t\t<input type='text' name='name_tech_updated' class='form-control' />\n\t\t\t\t\t<button class='btn btn-large btn-primary'>Enregistrer<br />les modifications</button>\n\t\t\t\t</form>";
unset($_POST);
}
// --- MODIFICATION DANS DB
if (!empty($_POST) && isset($_POST["update_tech_db"]) && $_POST["update_tech_db"] == "1") {
$id = $_POST["id"];
$data = addslashes($_POST["name_tech_updated"]);
update_admin($db, $id, $data, "techs");
}
?>
<div class="col-lg-8 col-md-8 col-sm-12 col-xs-12">
<?php
listing_admin($db, "techs");
?>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<form method="POST" class="well"> <h2 class="text-center">Ajouter un nouveau technicien</h2>
<input type="hidden" name="add_tech" value="1" />
Nom du technicien : <input name="tech" type="text" class="form-control" required /><br /><br />
<button class="btn btn-large btn-success">Ajouter<br /><span class="glyphicon glyphicon-tag"></span></button>
</form>
$conn = connDB();
$sql = "UPDATE tbl_admin SET `role` = '{$role}', \n `username` = '{$username}', \n\t\t\t\t\t\t\t\t `email` = '{$email}', \n\t\t\t\t\t\t\t\t `level` = '{$level}'\n WHERE `id` = '{$admin_id}'\n\t\t\t ";
$query = mysql_query($sql, $conn) or die(mysql_error());
}
$role = $_POST['admin_role'];
$username = $_POST['username'];
$email = $_POST['email'];
$old_pass = $_POST['old_password'];
$new_pass = $_POST['new_password'];
$new_pass_retype = $_POST['r_new_password'];
$admin_id = $_POST['admin_id'];
if (isset($_POST['btn-index-account'])) {
if ($_POST['btn-index-account'] == "Save Changes") {
$validation = validation_old_password($old_pass);
if ($validation['rows'] > 0) {
update_admin($role, $username, $email, $new_pass_retype, 'NOT DEFINED YET', $admin_id);
?>
<script>
alert("Success update for username : <?php
echo $_POST['username'];
?>
");
</script>
<?php
} else {
if ($validation['rows'] = 0) {
?>
<script>
alert("Please enter the correct password");
</script>
<?php
$acc_new_pass = $_POST['admin_r_new_password'];
if (empty($acc_role)) {
$role = "super admin";
} else {
$role = $acc_role;
}
update_admin_half($role, $acc_name, $acc_email, '1', $acc_id);
$_SESSION['alert'] = "success";
$_SESSION['msg'] = "Changes successfully saved";
// VERIFY ADMIN
$cek_admin = get_admin_validation($acc_id, $acc_name, $acc_old_pass);
if (!empty($acc_old_pass)) {
if ($cek_admin['rows'] == 1) {
if (empty($acc_new_pass)) {
} else {
update_admin($role, $acc_name, $acc_email, $acc_new_pass, '1', $acc_id);
}
$_SESSION['alert'] = "success";
$_SESSION['msg'] = "Changes successfully saved";
} else {
$_SESSION['alert'] = "error";
$_SESSION['msg'] = "Please input valid information";
}
}
}
}
// END ISSET
/*
# ----------------------------------------------------------------------
# GENERAL
# ----------------------------------------------------------------------
$validate->email('email', $email);
$validate->text('first_name', $first_name);
$validate->text('last_name', $last_name);
$validate->text('password_1', $password_1, false, 6, 30);
$validate->text('password_2', $password_2, false, 6, 30);
// If validation errors, redisplay Login page and exit controller
if ($fields->hasErrors()) {
include 'admin/account/account_edit.php';
break;
}
if ($password_1 !== $password_2) {
$password_message = 'Passwords do not match.';
include 'admin/account/account_edit.php';
break;
}
update_admin($admin_id, $email, $first_name, $last_name, $password_1, $password_2);
if ($admin_id == $_SESSION['admin']['adminID']) {
$_SESSION['admin'] = get_admin($admin_id);
}
redirect($app_path . 'admin/account/.?action=view_account');
break;
case 'view_delete_confirm':
$admin_id = filter_input(INPUT_POST, 'admin_id', FILTER_VALIDATE_INT);
if ($admin_id == $_SESSION['admin']['adminID']) {
display_error('You cannot delete your own account.');
}
$admin = get_admin($admin_id);
$first_name = $admin['firstName'];
$last_name = $admin['lastName'];
$email = $admin['emailAddress'];
include 'account_delete.php';
order_list($db, $order_list_actual, "type_interv", "down", $max_line);
unset($_POST);
}
// -------------
// --- MODIFICATION
if (!empty($_POST) && isset($_POST["update_type_interv"]) && $_POST["update_type_interv"] == "1") {
$id = intval($_POST["id"]);
$type_interv = addslashes($_POST["type_interv"]);
echo "Modification du champ<br />\n\t\t\t\tAncienne valeur = [<b>" . $type_interv . "</b>]<br />\n\t\t\t\t<form action='#' method='POST'> <input type='hidden' name='id' value='" . $id . "' /> <input type='hidden' name='update_type_interv' value='1' />\n\t\t\t\t\t<input type='text' name='type_hardware_updated' class='form-control' />\n\t\t\t\t\t<button class='btn btn-large btn-primary'>Enregistrer<br />les modifications</button>\n\t\t\t\t</form>";
unset($_POST);
}
// --- MODIFICATION DANS DB
if (!empty($_POST) && isset($_POST["update_type_interv_db"]) && $_POST["update_type_interv_db"] == "1") {
$id = $_POST["id"];
$data = addslashes($_POST["type_interv_updated"]);
update_admin($db, $id, $data, "type_interv");
}
?>
<div class="col-lg-8 col-md-8 col-sm-12 col-xs-12">
<?php
listing_admin($db, "type_interv");
?>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<form method="POST" class="well"> <h2 class="text-center">Ajouter un nouveau type d'intervention</h2>
<input type="hidden" name="add_type_interv" value="1" />
Nom du type d'intervention : <input name="type_interv" type="text" class="form-control" required /><br /><br />
<button class="btn btn-large btn-success">Ajouter<br /><span class="glyphicon glyphicon-tag"></span></button>
</form>
<?php
$sql = edit_admin();
?>
<div class="col-1">
<div class="box-title">
<h1>EDIT ADMIN</h1>
</div>
<?php
if (isset($_POST['update'])) {
update_admin();
}
?>
<form action="?redirect=edit_admin" method="post">
<table class="tab-in">
<?php
while ($data = mysql_fetch_array($sql)) {
?>
<tr>
<th class="th-ho">Nama</th>
<th class="th-v"><input class="text-in" type="text" name="nama_lengkap" value="<?php
echo $data['nama_lengkap'];
?>
"></th>
</tr>
<tr>
<th class="th-ho">User Name</th>
<th class="th-v"><input class="text-in" type="text" name="user" value="<?php
echo $data['user_name'];
?>
"></th>
order_list($db, $order_list_actual, "software", "down", $max_line);
unset($_POST);
}
// -------------
// --- MODIFICATION
if (!empty($_POST) && isset($_POST["update_software"]) && $_POST["update_software"] == "1") {
$id = intval($_POST["id"]);
$software = addslashes($_POST["software"]);
echo "Modification du champ<br />\n\t\t\t\tAncienne valeur = [<b>" . $software . "</b>]<br />\n\t\t\t\t<form action='#' method='POST'> <input type='hidden' name='id' value='" . $id . "' /> <input type='hidden' name='update_software' value='1' />\n\t\t\t\t\t<input type='text' name='software_updated' class='form-control' />\n\t\t\t\t\t<button class='btn btn-large btn-primary'>Enregistrer<br />les modifications</button>\n\t\t\t\t</form>";
unset($_POST);
}
// --- MODIFICATION DANS DB
if (!empty($_POST) && isset($_POST["update_software_db"]) && $_POST["update_software_db"] == "1") {
$id = $_POST["id"];
$data = addslashes($_POST["software_updated"]);
update_admin($db, $id, $data, "software");
}
?>
<div class="col-lg-8 col-md-8 col-sm-12 col-xs-12">
<?php
listing_admin($db, "software");
?>
</div>
<div class="col-lg-4 col-md-4 col-sm-12 col-xs-12">
<form method="POST" class="well"> <h2 class="text-center">Ajouter un nouveau logiciel</h2>
<input type="hidden" name="add_software" value="1" />
Nom du logiciel : <input name="software" type="text" class="form-control" required /><br /><br />
<button class="btn btn-large btn-success">Ajouter<br /><span class="glyphicon glyphicon-tag"></span></button>
</form>
