Add a new user and make him/her a member of a group.

[gnucomo.git] / src / web / users.php

<?php 

/**************************************************************************
**  (c) Copyright 2003, Andromeda Technology & Automation
** This is free software; you can redistribute it and/or modify it under the
** terms of the GNU General Public License, see the file COPYING.
***************************************************************************
** MODULE INFORMATION *
***********************
**      FILE NAME      : users.php
**      SYSTEM NAME    : Gnucomo - Gnu Computer Monitoring
**      VERSION NUMBER : $Revision: 1.3 $
**
**  DESCRIPTION      :  User Administration page.
**                      Input parameters: action (POST) : empty, 'Create'
**                                 username (POST) : name of the user to create or remove
**
**  EXPORTED OBJECTS : 
**  LOCAL    OBJECTS : 
**  MODULES  USED    :
***************************************************************************
**  ADMINISTRATIVE INFORMATION *
********************************
**      ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
**      CREATION DATE   : Dec 04, 2002
**      LAST UPDATE     : Feb 14, 2003
**      MODIFICATIONS   : 
**************************************************************************/

/*****************************
   $Log: users.php,v $
   Revision 1.3  2003-02-21 08:44:19  arjen
   Add a new user and make him/her a member of a group.
   Change of passwords added.

   Revision 1.2  2003/02/13 09:01:29  arjen
   All web interface pages use the page class.

******************************/

// RCSID = "$Id: users.php,v 1.3 2003-02-21 08:44:19 arjen Exp $";

ini_set('include_path', '.:./classes:../phpclasses');

require_once('page.class.php');

function clientscripts()
{

?>
<script language='JavaScript'>
function CheckCreate(f)
{
   if (f.username.value == "")
   {
      alert("You must supply a username");
      return false;
   }
   if (f.passwd.value == "")
   {
      alert("You must supply a password");
      return false;
   }
   if (f.passwd.value != f.pwverify.value)
   {
      alert("Passwords don't match");
      return false;
   }
   return true;
}

function CheckRemove(f)
{
   var message = "Are you sure you want to remove user ";
   message += f.username.value;
   message += " ?";

   return confirm(message);
}

function CheckPW(f)
{
   if (f.passwd.value == "")
   {
      alert("You must supply a password");
      return false;
   }
   if (f.passwd.value != f.pwverify.value)
   {
      alert("Passwords don't match");
      return false;
   }
   return true;
}
</script>

<?php
}

class user_page extends page
{

   function Body()
   {
   echo "<h1>User Administration</h1><hr>";

   if (isset($_POST['action']) && $_POST['action'] == 'Create' && !empty($_POST['username']))
   {
      $query = "CREATE USER " . $_POST['username'] . " PASSWORD '"
                      . $_POST['passwd'] . "' IN GROUP " . $_POST['group'];
      if (pg_exec($this->database, $query) == FALSE)
      {
         echo "You can not create a new user.<br>";
      }
      else
      {
         pg_exec($this->database, "INSERT INTO usr (username, security_level) VALUES ('"
                     . $_POST['username'] . "','" . $_POST['seclevel'] . "')");
      }
   }

   if (isset($_POST['action']) && $_POST['action'] == 'Remove' && !empty($_POST['username']))
   {
      pg_exec($this->database, "DELETE FROM usr WHERE username='" . $_POST['username'] . "'");
      pg_exec($this->database, "DROP USER " . $_POST['username']);
   }

   if (isset($_POST['action']) && $_POST['action'] == 'Change Password')
   {
      pg_exec($this->database, "ALTER USER " . $_SESSION['username'] .
                               " PASSWORD '" . $_POST['passwd'] . "'");
   }

   $res = pg_exec($this->database, "SELECT username, security_level FROM usr ORDER BY username");

   echo "<table>";
   $usr = 0;
   while ($usr < pg_numrows($res))
   {
      $u = pg_fetch_object($res, $usr);
      ?>
      <tr><td align='center'><img src='user.png'><br>
             <b><?php echo $u->username ?></b>
      </td><td>
         Sec. Level <?php echo $u->security_level ?>
      </td><td>
          <?php if ($_SESSION['username'] != $u->username)
          {
          ?>
          <form action='users.php' method='post' onSubmit='return CheckRemove(this)'>
              <input type='hidden' name='username' value='<?php echo $u->username ?>'>
              <input type='submit' name='action' value='Remove'>
          </form>
          <?php
          }
          ?>
      </td></tr>
      <?php
      $usr++;
   }
   echo "</table>";

?>

<h2>Create new user:</h2>
<p>

<form action='users.php' method='post' onSubmit='return CheckCreate(this)'>
User name: <input name='username' type='text'>
Group: <select name='group'>
<option value='view'>View</option>
<option value='ops'>Operator</option>
<option value='admin'>Admin</option>
</select>
Security level: <select name='seclevel'>
<option value='1'>1</option>
<option value='2'>2</option>
<option value='3'>3</option>
<option value='4'>4</option>
<option value='5'>5</option>
</select>
<br>
Password: <input type='password' name='passwd'>
Verify password: <input type='password' name='pwverify'>
<br>
<input type='submit' name='action' value='Create'>
</form>
</p>

<h2>Change your password:</h2>
<form action='users.php' method='post' onSubmit='return CheckPW(this)'>
New Password: <input type='password' name='passwd'>
Verify password: <input type='password' name='pwverify'>
<br>
<input type='submit' name='action' value='Change Password'>
</form>
<?php
   }
}

$page = new user_page("Gnucomo User Administration");

$page->Showpage();

?>