[gnucomo.git] / src / web / users.php

<?php 

/**************************************************************************
**  (c) Copyright 2003, Andromeda Technology & Automation
** This is free software; you can redistribute it and/or modify it under the
** terms of the GNU General Public License, see the file COPYING.
***************************************************************************
** MODULE INFORMATION *
***********************
**      FILE NAME      : users.php
**      SYSTEM NAME    : Gnucomo - Gnu Computer Monitoring
**      VERSION NUMBER : $Revision: 1.4 $
**
**  DESCRIPTION      :  User Administration page.
**                      Input parameters: action (POST) : empty, 'Create'
**                                 username (POST) : name of the user to create or remove
**
**  EXPORTED OBJECTS : 
**  LOCAL    OBJECTS : 
**  MODULES  USED    :
***************************************************************************
**  ADMINISTRATIVE INFORMATION *
********************************
**      ORIGINAL AUTHOR : Arjen Baart - arjen@andromeda.nl
**      CREATION DATE   : Dec 04, 2002
**      LAST UPDATE     : Feb 14, 2003
**      MODIFICATIONS   : 
**************************************************************************/

/*****************************
   $Log: users.php,v $
   Revision 1.4  2004-01-10 20:03:02  arjen
   *** empty log message ***

   Revision 1.3  2003/02/21 08:44:19  arjen
   Add a new user and make him/her a member of a group.
   Change of passwords added.

   Revision 1.2  2003/02/13 09:01:29  arjen
   All web interface pages use the page class.

******************************/

// RCSID = "$Id: users.php,v 1.4 2004-01-10 20:03:02 arjen Exp $";

ini_set('include_path', '.:./classes:../phpclasses');

require_once('page.class.php');

function clientscripts()
{

?>
<script language='JavaScript'>
function CheckCreate(f)
{
   if (f.username.value == "")
   {
      alert("You must supply a username");
      return false;
   }
   if (f.passwd.value == "")
   {
      alert("You must supply a password");
      return false;
   }
   if (f.passwd.value != f.pwverify.value)
   {
      alert("Passwords don't match");
      return false;
   }
   return true;
}

function CheckRemove(f)
{
   var message = "Are you sure you want to remove user ";
   message += f.username.value;
   message += " ?";

   return confirm(message);
}

function CheckPW(f)
{
   if (f.passwd.value == "")
   {
      alert("You must supply a password");
      return false;
   }
   if (f.passwd.value != f.pwverify.value)
   {
      alert("Passwords don't match");
      return false;
   }
   return true;
}
</script>

<?php
}

class user_page extends page
{

   function Body()
   {

   if (isset($_POST['action']) && $_POST['action'] == 'Create' && !empty($_POST['username']))
   {
      $query = "CREATE USER " . $_POST['username'] . " PASSWORD '"
                      . $_POST['passwd'] . "' IN GROUP " . $_POST['group'];
      if (pg_exec($this->database, $query) == FALSE &&
                  strstr(pg_errormessage($this->database), "already exists") == false)
      {
         echo "You can not create a new user: " . pg_errormessage($this->database) . ".<br>";
      }
      else
      {
         pg_exec($this->database, "INSERT INTO usr (username, security_level) VALUES ('"
                     . $_POST['username'] . "','" . $_POST['seclevel'] . "')");
      }
   }

   if (isset($_POST['action']) && $_POST['action'] == 'Remove' && !empty($_POST['username']))
   {
      pg_exec($this->database, "DELETE FROM usr WHERE username='" . $_POST['username'] . "'");
      pg_exec($this->database, "DROP USER " . $_POST['username']);
   }

   if (isset($_POST['action']) && $_POST['action'] == 'Change Password')
   {
      pg_exec($this->database, "ALTER USER " . $_SESSION['username'] .
                               " PASSWORD '" . $_POST['passwd'] . "'");
   }

   if (isset($_GET['username']))
   {
      echo "<h1>Detailed information for user " . $_GET['username'] . "</h1><br>\n";

      if (isset($_POST['action']) && $_POST['action'] == 'Save Changes')
      {
         $qry = "UPDATE usr SET display_name='" . $_POST['dspname'] . "'";
         $qry .= ", email='" . $_POST['email'] . "'";
         $qry .= ", security_level='" . $_POST['seclevel'] . "'";
         $qry .= " WHERE username='" . $_GET['username'] . "'";

         pg_exec($this->database, $qry);
      }
      $res = pg_exec($this->database, "SELECT * from usr
                                       WHERE username='" . $_GET['username'] . "'");
      $usr = pg_fetch_object($res, 0);

      echo "<form action='users.php?username=" . $usr->username . "' method='POST'>";
      echo "<table>";

      echo "<tr><td>Display name</td><td><input name='dspname' type='text' value='";
      echo $usr->display_name . "'></td></tr>";
      echo "<tr><td>Email address</td><td><input name='email' type='text' value='";
      echo $usr->email . "'></td></tr>";

      echo "<tr><td>Security level</td><td><select name='seclevel'>";
      for ($seclevel = 1; $seclevel < 6; $seclevel++)
      {
         echo "<option value='$seclevel'";
         if ($seclevel == $usr->security_level)
         {
            echo " selected='true'";
         }
         echo ">$seclevel</option>\n";
      }
      echo "</select></td></tr>";
      echo "</table>";
      echo "<input type='submit' name='action' value='Save Changes'>";
      echo "</form>";
   }
   else
   {
   echo "<h1>User Administration</h1><hr>";
   $res = pg_exec($this->database, "SELECT username, display_name, email, security_level
                                    FROM usr ORDER BY username");

   echo "<table>";
   $usr = 0;
   while ($usr < pg_numrows($res))
   {
      $u = pg_fetch_object($res, $usr);
      ?>
      <tr><td align='center'><a href='users.php?username=<?php echo $u->username ?>'><img src='user.png'></a><br>
             <b><?php echo $u->username ?></b>
      </td><td>
         <?php echo $u->display_name ?>
      </td><td>
         <?php echo $u->email ?>
      </td><td>
         Sec. Level <?php echo $u->security_level ?>
      </td><td>
          <?php if ($_SESSION['username'] != $u->username)
          {
          ?>
          <form action='users.php' method='post' onSubmit='return CheckRemove(this)'>
              <input type='hidden' name='username' value='<?php echo $u->username ?>'>
              <input type='submit' name='action' value='Remove'>
          </form>
          <?php
          }
          ?>
      </td></tr>
      <?php
      $usr++;
   }
   echo "</table>";

?>

<h2>Create new user:</h2>
<p>

<form action='users.php' method='post' onSubmit='return CheckCreate(this)'>
User name: <input name='username' type='text'>
Group: <select name='group'>
<option value='view'>View</option>
<option value='ops'>Operator</option>
<option value='admin'>Admin</option>
</select>
Security level: <select name='seclevel'>
<option value='1'>1</option>
<option value='2'>2</option>
<option value='3'>3</option>
<option value='4'>4</option>
<option value='5'>5</option>
</select>
<br>
Password: <input type='password' name='passwd'>
Verify password: <input type='password' name='pwverify'>
<br>
<input type='submit' name='action' value='Create'>
</form>
</p>

<h2>Change your password:</h2>
<form action='users.php' method='post' onSubmit='return CheckPW(this)'>
New Password: <input type='password' name='passwd'>
Verify password: <input type='password' name='pwverify'>
<br>
<input type='submit' name='action' value='Change Password'>
</form>
<?php
   }
   }
}

$page = new user_page("Gnucomo User Administration");

$page->Showpage();

?>