[gnucomo.git] / src / web / users.php

<?php 

/**************************************************************************
** This is free software; you can redistribute it and/or modify it under the
** terms of the GNU General Public License, see the file COPYING.
***************************************************************************/

/*
 *
 * User Administration page.
 * Input parameters: action (POST) : empty, 'Create'
 *                   username (POST) : name of the user to create or remove
 */

session_start();
require_once('classes/gnucomo_config.php');
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link rel='stylesheet' href='gnucomo.css' type='text/css'>
<title>GNUCoMo login</title>

<script language='JavaScript'>
function CheckCreate(f)
{
   if (f.username.value == "")
   {
      alert("You must supply a username");
      return false;
   }
   if (f.passwd.value == "")
   {
      alert("You must supply a password");
      return false;
   }
   if (f.passwd.value != f.pwverify.value)
   {
      alert("Passwords don't match");
      return false;
   }
   return true;
}

function CheckRemove(f)
{
   var message = "Are you sure you want to remove user ";
   message += f.username.value;
   message += " ?";

   return confirm(message);
}

</script>

</head>
<body>
<?php
if (empty($_SESSION['username']))
{
   echo "Please log in first.";
}
else
{
   echo "<h1>User Administration</h1><hr>";

   $config = new gnucomo_config;

   $config->read("gnucomo");

   //  Connect to the database
   $conn = pg_connect($config->Database($_SESSION['username'], $_SESSION['password']));


   if (isset($_POST['action']) && $_POST['action'] == 'Create' && !empty($_POST['username']))
   {
      pg_exec($conn, "CREATE USER " . $_POST['username'] . " PASSWORD '"
                      . $_POST['passwd'] . "'");
      pg_exec($conn, "INSERT INTO usr (username, security_level) VALUES ('"
                     . $_POST['username'] . "','" . $_POST['seclevel'] . "')");
   }

   if (isset($_POST['action']) && $_POST['action'] == 'Remove' && !empty($_POST['username']))
   {
      pg_exec($conn, "DELETE FROM usr WHERE username='" . $_POST['username'] . "'");
      pg_exec($conn, "DROP USER " . $_POST['username']);
   }

   $res = pg_exec($conn, "SELECT username, security_level FROM usr");

   echo "<table>";
   $usr = 0;
   while ($usr < pg_numrows($res))
   {
      $u = pg_fetch_object($res, $usr);
      ?>
      <tr><td align='center'><img src='user.png'><br>
             <b><?php echo $u->username ?></b>
      </td><td>
         Sec. Level <?php echo $u->security_level ?>
      </td><td>
          <?php if ($_SESSION['username'] != $u->username)
          {
          ?>
          <form action='users.php' method='post' onSubmit='return CheckRemove(this)'>
              <input type='hidden' name='username' value='<?php echo $u->username ?>'>
              <input type='submit' name='action' value='Remove'>
          </form>
          <?php
          }
          ?>
      </td></tr>
      <?php
      $usr++;
   }
   echo "</table>";

}
?>

<h2>Create new user:</h2>
<p>

<form action='users.php' method='post' onSubmit='return CheckCreate(this)'>
User name: <input name='username' type='text'>
Security level: <select name='seclevel'>
<option value='1'>1</option>
<option value='2'>2</option>
<option value='3'>3</option>
<option value='4'>4</option>
<option value='5'>5</option>
</select>
<br>
Password: <input type='password' name='passwd'>
Verify password: <input type='password' name='pwverify'>
<br>
<input type='submit' name='action' value='Create'>
</form>
</p>
</body>
</html>