TUTOS PHP Cross Reference Groupware Applications

Source: /php/user_ins.php - 312 lines - 9212 bytes - Summary - Text - Print

Description: Copyright 1999 - 2013 by Gero Kohnert This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; version 2 of the License.

   1  <?php
   2  /**
   3   *  Copyright 1999 - 2013 by Gero Kohnert
   4   *
   5   *  This program is free software; you can redistribute it and/or modify it
   6   *  under the terms of the GNU General Public License as published by the
   7   *  Free Software Foundation; version 2 of the License.
   8   *
   9   * @modulegroup user
  10   * @module user_ins
  11   * @package user
  12   */
  13  $tutos['files'][__FILE__] = '$Rev: 1203 $';
  14  
  15  require_once  'webelements.p3';
  16  require_once  'permission.p3';
  17  require_once  'appointment.pinc';
  18  require_once  'admin/admin.pinc'; // let us load the pseudo module
  19  
  20  /* Check if user is allowed to use it */
  21  check_user();
  22  loadmodules('user','ins');
  23  
  24  $msg  = '';
  25  $info = '';
  26  $saveadr = false;
  27  $saveloc = false;
  28  $u = new tutos_user($dbconn);
  29  $gotourl = 'user_new.php';
  30  
  31  if ( ! isset($_POST['uid']) || empty($_POST['uid']) ) {
  32      $msg = addLine($msg,"Please enter a id");
  33  } else if ( isset($_POST['uid']) && ($_POST['uid'] != -1) ) {
  34      // existing entry
  35      $u = $u->read($_POST['uid'],$u,1);
  36      $u->read_permissions();
  37      $gotourl= addUrlParameter($gotourl,"uid=". $_POST['uid'],true);
  38  } else if ( isset($_POST['Xid']) && ($_POST['Xid'] != -1) )  {
  39      // new entry
  40      $u = $u->read($_POST['Xid'],$u,0);
  41      $u->read_permissions();
  42      $gotourl= addUrlParameter($gotourl,"id=". $_POST['Xid'],true);
  43  } else if ( ($_POST['Xid'] == -1) && ($_POST['uid'] == -1) ) {
  44      $saveadr = true;
  45      $adr = new tutos_address($dbconn);
  46      $loc = new location($dbconn);
  47      $loc->setLName("default");
  48      if ( !isset($_POST['fname']) || empty($_POST['fname']) ) {
  49          $msg = addLine($msg,sprintf($lang['Err0009'],$lang['AdrFirstName']));
  50      } else {
  51          $adr->setFName(trim($_POST['fname']));
  52          $gotourl= addUrlParameter($gotourl,"fname=". UrlEncode($_POST['fname']),true);
  53      }
  54      if ( !isset($_POST['lname']) || empty($_POST['lname']) ) {
  55          $msg = addLine($msg,sprintf($lang['Err0009'],$lang['AdrLastName']));
  56      } else {
  57          $adr->setLName(trim($_POST['lname']));
  58          $gotourl= addUrlParameter($gotourl,"lname=". UrlEncode($_POST['lname']),true);
  59      }
  60      if ( !isset($_POST['email']) || empty($_POST['email']) ) {
  61          $msg = addLine($msg,sprintf($lang['Err0009'],$lang['AdrEmail']));
  62      } else {
  63          $saveloc = true;
  64          $loc->setField("email_1",trim($_POST['email']));
  65          $gotourl= addUrlParameter($gotourl,"email=". UrlEncode($_POST['email']),true);
  66      }
  67  }
  68  
  69  if ( !isset($_POST['login']) || empty($_POST['login']) ) {
  70      $msg = addLine($msg,sprintf($lang['Err0009'],$lang['Username']));
  71  } else {
  72      $u->setLogin($_POST['login']);
  73      $gotourl= addUrlParameter($gotourl,"login=". UrlEncode($u->login),true);
  74  }
  75  
  76  // check duplicates
  77  if ($u->uid == -1) {
  78      $q = "select * from ". $u->tablename ." where ". $dbconn->Like2("login",$u->login);
  79      $r = $dbconn->Exec($q);
  80      $n = $r->numrows();
  81      if ( 0 < $n) {
  82          $msg = addLine($msg,"account for user '".myentities($u->login)."' already exist");
  83      }
  84      $r->free();
  85  }
  86  if ( ($u->uid == -1) && !$current_user->feature_ok(useuser,PERM_NEW) ) {
  87      $msg = addLine($msg,sprintf($lang['Err0054'],$lang[$u->getType()]));
  88  }
  89  if ( ($u->uid != -1) && !$current_user->feature_ok(useuser,PERM_MOD) ) {
  90      $msg = addLine($msg,sprintf($lang['Err0024'],$lang[$u->getType()]));
  91  }
  92  
  93  
  94  // This does not work for mysql !!!
  95  if ( $dbconn->gettype() != "MySQL" ) {
  96      // Check old password
  97      if ( (!empty($_POST['p1']) || !empty($_POST['p2'])) && ($current_user->admin == 0) ) {
  98          if ( "'". $u->pw ."'" != $dbconn->Password($_POST['p0']) ) {
  99              $msg = addLine($msg,$lang['Err0042']);
 100          }
 101      }
 102  }
 103  if ( !empty($_POST['p1']) || !empty($_POST['p2']) ) {
 104      if ( $_POST['p1'] != $_POST['p2'] ) {
 105          $msg = addLine($msg,$lang['Err0041']);
 106      }
 107  }
 108  if ( ! $u->mod_ok() ) {
 109      $msg = addLine($msg,sprintf($lang['Err0024'],$lang[$u->getType()]));
 110  }
 111  
 112  // Holidays
 113  $u->holiday = array();
 114  if (isset($_POST['h']) ) {
 115      foreach (array_unique($_POST['h']) as $i => $f) {
 116          $gotourl= addUrlParameter($gotourl,"h[]=". UrlEncode($f),true);
 117          $u->holiday[$f] = 1;
 118      }
 119  }
 120  // Namedays
 121  $u->nameday = array();
 122  if (isset($_POST['nd']) ) {
 123      foreach (array_unique($_POST['nd']) as $i => $f) {
 124          $gotourl= addUrlParameter($gotourl,"nd[]=". UrlEncode($f),true);
 125          $u->nameday[$f] = 1;
 126      }
 127  }
 128  // workdays
 129  if (isset($_POST['wd']) ) {
 130      $u->workday = array();
 131      foreach (array_unique($_POST['wd']) as $i => $f) {
 132          $gotourl= addUrlParameter($gotourl,"wd[]=". UrlEncode($f),true);
 133          $u->workday[] = $f;
 134      }
 135  }
 136  // Weekstart
 137  if (isset($_POST['ws']) ) {
 138      $u->weekstart = $_POST['ws'];
 139      $gotourl= addUrlParameter($gotourl,"ws=". UrlEncode($u->weekstart),true);
 140  }
 141  // RowIcons
 142  $u->rowiconsbefore = array();
 143  if ( isset($_POST['rib']) ) {
 144      foreach (array_unique($_POST['rib']) as $i => $f) {
 145          $gotourl= addUrlParameter($gotourl,"rib[]=". UrlEncode($f),true);
 146          $u->rowiconsbefore[$f] = 1;
 147      }
 148  }
 149  $u->rowiconsafter = array();
 150  if ( isset($_POST['ria']) ) {
 151      foreach (array_unique($_POST['ria']) as $i => $f) {
 152          $gotourl= addUrlParameter($gotourl,"ria[]=". UrlEncode($f),true);
 153          $u->rowiconsafter[$f] = 1;
 154      }
 155  }
 156  
 157  // Check that there is one admin left
 158  if ( $u->admin == 1 && ($_POST['admin'] == 0) ) {
 159      $q = 'SELECT * FROM '.$dbconn->prefix .$table['people'][name].' WHERE '.$dbconn->colname("admin") .' = 1';
 160      $r = $dbconn->Exec($q);
 161      $n = $r->numrows();
 162      if ( $n == 1 ) {
 163          $msg = addLine($msg,$lang['Err0047']);
 164      }
 165      $r->free();
 166  }
 167  // Disabled
 168  if ( isset($_POST['disabled']) ) {
 169      $u->setDisabled($_POST['disabled']);
 170  } else {
 171      $u->setDisabled(0);
 172  }
 173  
 174  // will set user-default-acl from input
 175  $u->acldefault = array();
 176  if ( isset($_POST['r']) ) {
 177      foreach($_POST['r'] as $i => $f) {
 178          $u->acldefault[$f]=$tutos[seeok];
 179      }
 180  }
 181  if ( isset($_POST['u']) ) {
 182      foreach($_POST['u'] as $i => $f) {
 183          $u->acldefault[$f]=$tutos[useok];
 184      }
 185  }
 186  if ( isset($_POST['m']) ) {
 187      foreach($_POST['m'] as $i => $f) {
 188          $u->acldefault[$f]=$tutos[modok];
 189      }
 190  }
 191  if ( isset($_POST['d']) ) {
 192      foreach($_POST['d'] as $i => $f) {
 193          $u->acldefault[$f]=$tutos[delok];
 194      }
 195  }
 196  
 197  if ( !empty($_POST['p1']) && !empty($_POST['p2']) ) {
 198      $u->setPassword($_POST['p1']);
 199      $u->updatepw = 1;
 200  } else {
 201      $u->updatepw = 0;
 202  }
 203  
 204  if ( $u->uid == -1 ) {
 205      $u->updatepw = 1;
 206  }
 207  
 208  // TEAM HANDLING
 209  $newteamlist = array();
 210  if (isset($_POST['teams'])) {
 211      foreach($_POST['teams'] as $i => $f) {
 212          $newteamlist[$f] = $f;
 213      }
 214  }
 215  
 216  //
 217  // Parse additional custom fields
 218  //
 219  $msg = addLine($msg,parse_custom_fields("people",$u));
 220  
 221  // Permissions
 222  $msg = addLine($msg,parse_permission_form($u));
 223  
 224  // other modules
 225  $msg = addLine($msg,module_parseforms($current_user,$u,$gotourl));
 226  
 227  if ( $msg == "" ) {
 228      $u->setAdmin($_POST['admin']);
 229      $u->setLanguage($_POST['lng']);
 230      $u->setTimezone($_POST['tz']);
 231      $u->setTheme($_POST['theme']);
 232      $u->setLayout($_POST['layout']);
 233  
 234      $dbconn->Begin("WORK");
 235  
 236      if ($saveadr) {
 237          $msg = addLine($msg,$adr->save());
 238          $u->id = $adr->id;
 239          if ($saveloc) {
 240              $loc->adr_id = $adr->id;
 241              $loc->ref = $adr;
 242              $msg = addLine($msg,$loc->save());
 243          }
 244      }
 245      $msg = addLine($msg,$u->save_permissions());
 246      $msg = addLine($msg,$u->save());
 247  
 248      //
 249      // Parse per user config settings
 250      // (this requires a user id)
 251      //
 252      config_field_parse($dbconn,'maxshow',$u);
 253      config_field_parse($dbconn,'maxshort',$u);
 254      config_field_parse($dbconn,'CSV_delimiter',$u);
 255      config_field_parse($dbconn,'CSV_enclosure',$u);
 256      config_field_parse($dbconn,'mobilely',$u);
 257      config_field_parse($dbconn,'tasksincalendar',$u);
 258  
 259      team::obj_read($u);
 260      // get teams
 261      // when user is saved handle
 262      // group memberships
 263      if (isset($_POST['teams'])) {
 264          $allteams = array(); // all touched teams
 265          $add = array();
 266          $del = array();
 267          foreach($u->teams as $i => $f) {
 268              if (!$f->mod_ok()) continue;
 269              $allteams[$i] = $i;
 270              // mark for delete
 271              $del[$i] = $i;
 272          }
 273          foreach($newteamlist as $i => $f) {
 274              $allteams[$i] = $i;
 275              // mark for add
 276              $add[$i] = $i;
 277          }
 278  
 279          foreach($allteams as $i => $f) {
 280              $t = new team($dbconn);
 281              $t->read($f,$t);
 282  
 283              if (isset($add[$i]) && isset($del[$i])) continue;
 284  
 285              $add_user = array();
 286              $del_user = array();
 287              if (isset($add[$i])) {
 288                  $add_user[$u->id] = $u->id;
 289              } else if (isset($del[$i])){
 290                  $del_user[$u->id] = $u->id;
 291              }
 292              $t->save($add_user,$del_user);
 293          }
 294      }
 295  
 296      $dbconn->Commit("WORK");
 297  
 298      $gotourl = "address_show.php";
 299      if ( $tutos[demo] == 1 ) {
 300          $gotourl= addUrlParameter($gotourl,"lg=". $u->lang,true);
 301          $gotourl= addUrlParameter($gotourl,"th=". $u->theme,true);
 302          $gotourl= addUrlParameter($gotourl,"ly=". $u->ly,true);
 303      }
 304      $gotourl= addUrlParameter($gotourl,"id=". $u->id,true);
 305  }
 306  
 307  leave_insert($dbconn,$gotourl,$msg,$info);
 308  /**
 309   *  SVN Info  $Id: user_ins.php 1203 2013-12-18 07:03:39Z gokohnert $
 310   *  $Author: gokohnert $
 311   */
 312  ?>

title

Description

title

Description

title

Description

title

title

Body