File Source for usermanagement.php

<?php
/**
* User management
* <br/><br/>
* Frame script for user management
* <br/><br/>
* Access restricted to administrators and members of group "Management"
* @author Gabriele Droege, DNA Bank Network <contact@dnabank-network.org>
* @version 2.0
* @package Configuration
* @copyright Copyright © 2011 DNA Bank Network http://www.dnabank-network.org<br>The contents of this file are subject to the Mozilla Public License Version 1.1
* @filesource
* @license http://www.mozilla.org/MPL/ MPL
*/
/**
* calling connection to database
*/
include ("../config/head.php");
/**
* calling authorisation script
*/
include ("../auth.php");
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>DNA Module - User management</title>
<link rel="stylesheet" type="text/css" href="../format.css">
<link rel="stylesheet" type="text/css" href="../input/XSLT/Styles.css">
<SCRIPT LANGUAGE="JavaScript1.1" src="../Functions.js"></SCRIPT>
<NOSCRIPT>Please enable Javascript!</NOSCRIPT>
</head>
<body>
<div align="center">
<?php
/**
* including navigation menu
*/
include("../tablenavi.php"); ?>
<form name="formular" method="POST" action="usermanagement.php">
<table id="tablemain" class="main">
<tr>
<td id="tdLogo"><img border="0" href="<?php echo $Path_Wiki; ?>" src="../images/Logo-DNA-Bank-Network-ocker.jpg" width="123" height="78"></td>
<td id="tdtitle">
<h1>Configuration Tool<br />User Management</h1></td>
<td id="tdLogo2"><?php echo $Path_Logo; ?></td>
</tr>
<tr>
<td colspan="4"><?php
echo "Logged in as: ";
$log = $_SESSION["log"];
echo $log;
?></td></tr>
<tr>
<td colspan="3" valign="top">
<table border="0" id="table2">
<?php
/********************************************************************************************
* login as Administrator or memeber of Management group required *
* feature: "Add new user" *
* START *
*********************************************************************************************/
if (isset($_SESSION['admin']) || $_SESSION['admin'] || isset($_SESSION['management']) || $_SESSION['management']) {
if($formSubmitChange and $formAction == "add") {
if($formAction == "add" or $formSubmitSaveUser)
{
/**
* including script for adding new user
*/
include("new_user.php");}
}
/********************************************************************************************
* feature: "Add new user" *
* END *
*********************************************************************************************/
if($formSubmitSave) {
$ID_User = $_POST['formPeople'];
$Group = $_POST['group'];
$Login = $_POST['formLogin'];
$Email = $_POST['formEmail'];
$sql = "UPDATE user SET ID_Group = '$Group', Login = '$Login', Email = '$Email' WHERE ID_User = '$ID_User'";
$result = mysql_query($sql);
if($result) {
echo "<tr><td colspan='4'><span class='fine'>Changes accepted!</span></td></tr>"; }
else { echo "<tr><td colspan='4'><span class='error'>Changes not accepted!</span></td></tr>"; }
} // if($formSubmitSave)
?>
<?php
/********************************************************************************************
* login as Administrator or memeber of Management group required *
* feature: "Change user settings" *
* START *
*********************************************************************************************/
if($formSubmitChange and $formAction == "change") {
if($_POST['user']=="")
{ unset($_POST['user']);
echo "<tr><td colspan='3'><span class='error'>Please select an user.</span></td></tr>";
$UserCheck = "true";}
else
{
echo "<tr><td colspan='3'><h3>Please change group, login name or email for selected user.</h3></td></tr>";
echo "<tr><td colspan='3'><table id='table1'><th></th><th>Signature</th><th>Login Name</th><th>Email</th><th>Group</th>";
foreach ($_POST['user'] as $index)
{
$ID_User = $_POST['formPeople'][$index];
$sql = "SELECT user.ID_User, user.Signature, user.Login, user.Email, usergroups.Group FROM user LEFT JOIN usergroups ON
user.ID_Group = usergroups.ID_Group WHERE user.ID_User = '$ID_User'";
$result = mysql_query($sql);
while($row = mysql_fetch_object($result))
{
echo "<tr><td><input type='hidden' name='formPeople' value='".$row->ID_User."'></td><td>".$row->Signature."</td><td><input type='text' name='formLogin' value='".$row->Login."'></td><td><input type='text' name='formEmail' value='".$row->Email."'></td><td>";
echo "<select name='group'><option value=''>-------</option>
<option value='1'";
if($row->Group == "Administrator") { echo " selected"; }
echo ">Administrators</option>
<option value='2'";
if($row->Group == "DNA Bank Team") { echo " selected"; }
echo ">DNA Bank Team</option>
<option value='3'";
if($row->Group == "Project") { echo " selected"; }
echo ">Project Members</option>
<option value='4'";
if($row->Group == "Guest") { echo " selected"; }
echo ">Guests</option>
</select>";
echo "</td></tr>"; }}
echo "<tr><td></td><td colspan='2' align='right'><input type='submit' name='formSubmitSave' value='Save Edits' class='button'/></td></tr></table></td></tr>"; }
}
/********************************************************************************************
* feature: "Change user settings" *
* END *
*********************************************************************************************/
/********************************************************************************************
* login as Administrator or memeber of Management group required *
* feature: "Delete user" *
* START *
*********************************************************************************************/
if($formSubmitChange and $formAction == "delete") {
if($_POST['user']=="")
{ unset($_POST['user']);
echo "<tr><td colspan='3'><span class='error'>Please select an user.</span></td></tr>";
$UserCheck = "true";}
else
{
foreach ($_POST['user'] as $index)
{
$ID_User = $_POST['formPeople'][$index];
$Signature = $_POST['formSignaturehidden'][$index];
$sqldna = "SELECT ID_DNA FROM dnabanknumbers WHERE Created_Who = '$Signature'";
$resultdna = mysql_query($sqldna);
$countdna = mysql_num_rows($resultdna);
$sqlspecimen = "SELECT ID_Collection FROM sptoolcollection WHERE Created_Who = '$Signature'";
$resultspecimen = mysql_query($sqlspecimen);
$countspecimen = mysql_num_rows($resultspecimen);
/********************************************************************************************
* check if user is creator of DNA or specimen records *
* user can only be deleted when he/she doesn't have created records *
*********************************************************************************************/
if($countdna == "0" and $countspecimen == "0") {
$sql = "DELETE FROM user WHERE ID_User = '$ID_User'";
$result = mysql_query($sql);
if($sql) { echo "<tr><td colspan='3'><span class='fine'>User successfully deleted.</span></td></tr>";
$UserCheck = "true"; }
if(!$sql) { echo "<tr><td colspan='3'><span class='error'>User can't be deleted.</span></td></tr>";
$UserCheck = "true"; }
}
else { echo "<tr><td colspan='3'><span class='error'>User ".$Signature." can't be deleted, since he/her has created records. You can change his/her group membership instead.</span></td></tr>";
$UserCheck = "true"; }}
}}
/********************************************************************************************
* feature: "Delete user" *
* END *
*********************************************************************************************/
/********************************************************************************************
* login as Administrator or memeber of Management group required *
* Start page, listing all registered user and number of created records *
* START *
*********************************************************************************************/
if(!$formSubmitChange or $formSubmitSave or $UserCheck == "true") {
$sqlcheck = "SELECT * from user where ID_Group = '1'";
$resultcheck = mysql_query($sqlcheck);
$count = mysql_num_rows($resultcheck);
if($count == 1) { while($rowcheck = mysql_fetch_object($resultcheck)) {
$UserCheck = $rowcheck->ID_User; }}
$sql = "SELECT user.ID_User, user.Signature, user.Login, user.Email, usergroups.Group FROM user LEFT JOIN usergroups ON
user.ID_Group = usergroups.ID_Group ORDER BY usergroups.Group";
$result = mysql_query($sql);
if($result) {
echo "<tr><td colspan='3'><h3>The following users are registered to the DNA Module:</h3></td></tr>";
echo "<tr><td colspan='3'><table id='table1'><th></th><th>Signature</th><th>Login Name</th><th>Email</th><th>Group</th><th>DNA entries</th><th>Specimen entries</th>";
$gesamt = mysql_num_rows($result);
for ($i=1; $i<=$gesamt; $i++) {
$row=mysql_fetch_array($result);
{
$Signature = $row['Signature'];
$sqldna = "SELECT ID_DNA FROM dnabanknumbers WHERE Created_Who = '$Signature'";
$resultdna = mysql_query($sqldna);
$countdna = mysql_num_rows($resultdna);
$sqlspecimen = "SELECT ID_Collection FROM sptoolcollection WHERE Created_Who = '$Signature'";
$resultspecimen = mysql_query($sqlspecimen);
$countspecimen = mysql_num_rows($resultspecimen);
if($row['Signature'] == $log or $row['ID_User'] == $UserCheck)
{echo "<tr><td></td><td>".$row['Signature']."</td><td>".$row['Login']."</td><td>".$row['Email']."</td><td>".$row['Group']."</td><td>".$countdna."</td><td>".$countspecimen."</td></tr>"; }
else {
echo "<tr><td><input type='radio' name='user[]' value='".$i."'><input type='hidden' name='formPeople[".$i."]' value='".$row['ID_User']."'></td><td><input type='hidden' name='formSignaturehidden[".$i."]' value='".$row['Signature']."'>".$row['Signature']."</td><td>".$row['Login']."</td><td>".$row['Email']."</td><td>".$row['Group']."</td><td><input type='hidden' name='countdna[".$i."]' value='".$countdna."'>".$countdna."</td><td><input type='hidden' name='countspecimen[".$i."]' value='".$countspecimen."'>".$countspecimen."</td></tr>"; }
}}
echo "<tr><td>Choose action:</td><td>
<select name='formAction'><option value=''>-------</option>
<option value='change'>Edit User</option>
<option value='delete'>Delete User</option>
<option value='add'>Add User</option>
</select></td>
<td colspan='2' align='right'>
<input type='submit' value='Action' name='formSubmitChange' class='button' onclick='return checkAction();'></td></tr>";
echo "</table></td></tr>";
}
} // if(!$formSubmitChange)
/********************************************************************************************
* Start page *
* END *
*********************************************************************************************/
}
/**
* message permission denied for non administrators or managers
*/
if (!isset($_SESSION['admin']) && !$_SESSION['admin'] && !isset($_SESSION['management']) && !$_SESSION['management']) { echo '<tr>
<td id="DescriptionBlack" colspan="2"></td>';
include("../No_permission.php");
echo '</td></tr>'; }
?>
<tr>
<td id="DescriptionBlack" colspan="2"></td>
<td align="right"><input type="button"
<?php if($formSubmitChange and ($formAction == "change" or $formAction == "add"))
{ echo 'value="Cancel" name="formSubmitMenu" id="SelectLong" onClick="self.location.href = \'usermanagement.php\';">'; }
else { echo 'value="Return to Configuration Tool" name="formSubmitMenu" id="SelectLong" onClick="self.location.href = \'configuration.php\';">'; } ?></td>
</tr>
</table>
</td>
</tr>
</table>
<?php
/**
* including footer
*/
include ("../footer.php"); ?>
</div>
</form>
</body>
</html>

Documentation generated on Tue, 29 Nov 2011 10:45:20 +0100 by phpDocumentor 1.4.3

Source for file usermanagement.php