+<?php
+
+/**************************************************************************
+** This is free software; you can redistribute it and/or modify it under the
+** terms of the GNU General Public License, see the file COPYING.
+***************************************************************************/
+
+/*
+ *
+ * User Administration page.
+ * Input parameters: action (POST) : empty, 'Create'
+ * username (POST) : name of the user to create or remove
+ */
+
+session_start();
+require_once('classes/gnucomo_config.php');
+?>
+
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
+<link rel='stylesheet' href='gnucomo.css' type='text/css'>
+<title>GNUCoMo login</title>
+
+<script language='JavaScript'>
+function CheckCreate(f)
+{
+ if (f.username.value == "")
+ {
+ alert("You must supply a username");
+ return false;
+ }
+ if (f.passwd.value == "")
+ {
+ alert("You must supply a password");
+ return false;
+ }
+ if (f.passwd.value != f.pwverify.value)
+ {
+ alert("Passwords don't match");
+ return false;
+ }
+ return true;
+}
+
+function CheckRemove(f)
+{
+ var message = "Are you sure you want to remove user ";
+ message += f.username.value;
+ message += " ?";
+
+ return confirm(message);
+}
+
+</script>
+
+</head>
+<body>
+<?php
+if (empty($_SESSION['username']))
+{
+ echo "Please log in first.";
+}
+else
+{
+ echo "<h1>User Administration</h1><hr>";
+
+ $config = new gnucomo_config;
+
+ $config->read("gnucomo");
+
+ // Connect to the database
+ $conn = pg_connect($config->Database($_SESSION['username'], $_SESSION['password']));
+
+
+ if (isset($_POST['action']) && $_POST['action'] == 'Create' && !empty($_POST['username']))
+ {
+ pg_exec($conn, "CREATE USER " . $_POST['username'] . " PASSWORD '"
+ . $_POST['passwd'] . "'");
+ pg_exec($conn, "INSERT INTO usr (username, security_level) VALUES ('"
+ . $_POST['username'] . "','" . $_POST['seclevel'] . "')");
+ }
+
+ if (isset($_POST['action']) && $_POST['action'] == 'Remove' && !empty($_POST['username']))
+ {
+ pg_exec($conn, "DELETE FROM usr WHERE username='" . $_POST['username'] . "'");
+ pg_exec($conn, "DROP USER " . $_POST['username']);
+ }
+
+ $res = pg_exec($conn, "SELECT username, security_level FROM usr");
+
+ echo "<table>";
+ $usr = 0;
+ while ($usr < pg_numrows($res))
+ {
+ $u = pg_fetch_object($res, $usr);
+ ?>
+ <tr><td align='center'><img src='user.png'><br>
+ <b><?php echo $u->username ?></b>
+ </td><td>
+ Sec. Level <?php echo $u->security_level ?>
+ </td><td>
+ <?php if ($_SESSION['username'] != $u->username)
+ {
+ ?>
+ <form action='users.php' method='post' onSubmit='return CheckRemove(this)'>
+ <input type='hidden' name='username' value='<?php echo $u->username ?>'>
+ <input type='submit' name='action' value='Remove'>
+ </form>
+ <?php
+ }
+ ?>
+ </td></tr>
+ <?php
+ $usr++;
+ }
+ echo "</table>";
+
+}
+?>
+
+<h2>Create new user:</h2>
+<p>
+
+<form action='users.php' method='post' onSubmit='return CheckCreate(this)'>
+User name: <input name='username' type='text'>
+Security level: <select name='seclevel'>
+<option value='1'>1</option>
+<option value='2'>2</option>
+<option value='3'>3</option>
+<option value='4'>4</option>
+<option value='5'>5</option>
+</select>
+<br>
+Password: <input type='password' name='passwd'>
+Verify password: <input type='password' name='pwverify'>
+<br>
+<input type='submit' name='action' value='Create'>
+</form>
+</p>
+</body>
+</html>