2015-02-11 23:52:11 -05:00
< ? php
2015-02-12 15:23:08 -05:00
session_start ();
require_once ( " config.inc.php " );
2015-02-20 05:16:28 -05:00
require_once ( $yaptc_inc . " functions.inc.php " );
2015-02-12 15:23:08 -05:00
$yaptc_pagename = " Users " ;
require_once ( $yaptc_inc . " header.inc.php " );
require_once ( $yaptc_inc . " menu.inc.php " );
2015-02-20 05:16:28 -05:00
if ( getSessionStatus () == false ) :
2015-02-19 10:53:29 -05:00
killSession ();
2015-02-20 05:16:28 -05:00
else : ?>
<!-- ********** BEGIN CONTENT ********** -->
2015-02-18 05:37:38 -05:00
2015-02-20 01:57:34 -05:00
< h2 class = " content-subhead " > Add User </ h2 >
< p > All fields are required ! Password must be 8 + characters . Username and email must be unique .</ p >
< ? php
2015-02-12 15:23:08 -05:00
require_once ( $yaptc_lib . " phpass-0.3/PasswordHash.php " );
2015-02-19 22:41:20 -05:00
if ( ! empty ( $_POST [ 'newuser' ]))
2015-02-11 23:52:11 -05:00
{
if ( empty ( $_POST [ 'username' ]))
{
2015-02-19 10:53:29 -05:00
$errors [ 'username' ] = " Username cannot be empty. " ;
2015-02-11 23:52:11 -05:00
}
if ( preg_match ( '/[^a-zA-Z0-9 .-_]/' , $_POST [ 'username' ]))
{
2015-02-19 10:53:29 -05:00
$errors [ 'username' ] = " Username contains illegal characters. " ;
2015-02-11 23:52:11 -05:00
}
if ( empty ( $_POST [ 'password' ]))
{
2015-02-19 10:53:29 -05:00
$errors [ 'password' ] = " Password cannot be empty. " ;
2015-02-11 23:52:11 -05:00
}
if ( strlen ( $_POST [ 'password' ]) < 8 )
{
2015-02-19 10:53:29 -05:00
$errors [ 'password' ] = " Password must be at least 8 charcaters. " ;
2015-02-11 23:52:11 -05:00
}
if ( empty ( $_POST [ 'password_confirm' ]))
{
2015-02-19 10:53:29 -05:00
$errors [ 'password_confirm' ] = " Please confirm password. " ;
2015-02-11 23:52:11 -05:00
}
if ( $_POST [ 'password' ] != $_POST [ 'password_confirm' ])
{
2015-02-19 10:53:29 -05:00
$errors [ 'password_confirm' ] = " Passwords do not match. " ;
2015-02-11 23:52:11 -05:00
}
$email = filter_var ( $_POST [ 'email' ], FILTER_VALIDATE_EMAIL );
if ( ! $email )
{
2015-02-19 10:53:29 -05:00
$errors [ 'email' ] = " Not a valid email address. " ;
2015-02-11 23:52:11 -05:00
}
$query = " SELECT username, email
FROM users
WHERE username = : username OR email = : email " ;
2015-02-20 01:57:34 -05:00
$stmt = $yaptc_db -> prepare ( $query );
2015-02-11 23:52:11 -05:00
$stmt -> execute ( array (
':username' => $_POST [ 'username' ],
':email' => $email
));
$existing = $stmt -> fetchObject ();
if ( $existing )
{
if ( $existing -> username == $_POST [ 'username' ])
{
2015-02-19 10:53:29 -05:00
$errors [ 'username' ] = " That username is already in use. " ;
2015-02-11 23:52:11 -05:00
}
if ( $existing -> email == $email )
{
2015-02-19 10:53:29 -05:00
$errors [ 'email' ] = " That email address is already in use. " ;
2015-02-11 23:52:11 -05:00
}
}
}
2015-02-19 22:41:20 -05:00
if ( ! empty ( $_POST [ 'newuser' ]) && empty ( $errors ))
2015-02-11 23:52:11 -05:00
{
$hasher = new PasswordHash ( 8 , FALSE );
$password = $hasher -> HashPassword ( $_POST [ 'password' ]);
2015-02-19 10:53:29 -05:00
$query = " INSERT INTO users (firstname, lastname, username, password, email, created, usertype)
VALUES ( : firstname , : lastname , : username , : password , : email , NOW (), : usertype ) " ;
2015-02-20 01:57:34 -05:00
$stmt = $yaptc_db -> prepare ( $query );
2015-02-11 23:52:11 -05:00
$success = $stmt -> execute ( array (
2015-02-19 10:53:29 -05:00
':firstname' => $_POST [ 'firstname' ],
':lastname' => $_POST [ 'lastname' ],
2015-02-11 23:52:11 -05:00
':username' => $_POST [ 'username' ],
':password' => $password ,
':email' => $_POST [ 'email' ],
2015-02-12 15:23:08 -05:00
':usertype' => $_POST [ 'usertype' ],
2015-02-11 23:52:11 -05:00
));
if ( $success )
{
$message = " Account created. " ;
}
else
{
2015-02-12 15:23:08 -05:00
echo " Account could not be created. Please try again later. " ;
2015-02-11 23:52:11 -05:00
}
}
?>
< ? php if ( isset ( $message )) : ?>
< p class = " success " >< ? php echo $message ; ?> </p>
< ? php endif ; ?>
<!-- Note that we ' re again checking that each array key exists before
trying to use it , in order to prevent undefined index notices . -->
< ? php if ( isset ( $errors [ 'registration' ])) : ?>
< p class = " error " >< ? php echo $errors [ 'registration' ]; ?> </p>
< ? php endif ; ?>
2015-02-19 10:53:29 -05:00
< form class = " pure-form " action = " <?php echo $_SERVER['PHP_SELF'] ; ?> " method = " post " >
< fieldset id = " registration " class = " pure-group " >
< div class = " pure-g " >
< div class = " pure-u-1 pure-u-md-1-2 " >
< input type = " text " class = " pure-input " id = " firstname " name = " firstname " placeholder = " First Name " required />
< ? php echo isset ( $errors [ 'firstname' ]) ? $errors [ 'firstname' ] : '' ; ?>
< input type = " text " class = " pure-input " id = " lastname " name = " lastname " placeholder = " Last Name " required />
< ? php echo isset ( $errors [ 'lastname' ]) ? $errors [ 'lastname' ] : '' ; ?>
< input type = " text " class = " pure-input " id = " username " name = " username " placeholder = " Username " required />
2015-02-11 23:52:11 -05:00
< ? php echo isset ( $errors [ 'username' ]) ? $errors [ 'username' ] : '' ; ?>
2015-02-19 10:53:29 -05:00
</ div >
< div class = " pure-u-1 pure-u-md-1-2 " >
< input type = " text " class = " pure-input " id = " email " name = " email " placeholder = " Email " />
2015-02-11 23:52:11 -05:00
< ? php echo isset ( $errors [ 'email' ]) ? $errors [ 'email' ] : '' ; ?>
2015-02-19 10:53:29 -05:00
< input type = " password " class = " pure-input " id = " password " name = " password " placeholder = " Password " required />
2015-02-11 23:52:11 -05:00
< ? php echo isset ( $errors [ 'password' ]) ? $errors [ 'password' ] : '' ; ?>
2015-02-19 10:53:29 -05:00
< input type = " password " class = " pure-input " id = " password_confirm " name = " password_confirm " placeholder = " Confirm Password " required />
2015-02-11 23:52:11 -05:00
< ? php echo isset ( $errors [ 'password_confirm' ]) ? $errors [ 'password_confirm' ] : '' ; ?>
2015-02-19 10:53:29 -05:00
</ div >
< div class = " pure-u-1 pure-u-md-1 " >
< label for = " usertype " > Access Level </ label >
< select id = " usertype " name = " usertype " required />
< option value = " 00000000002 " > User </ option >
< option value = " 00000000001 " > Administrator </ option >
</ select >
< ? php echo isset ( $errors [ 'usertype' ]) ? $errors [ 'usertype' ] : '' ; ?>
2015-02-19 22:41:20 -05:00
< button type = " submit " class = " pure-button button-success " value = " Submit " name = " newuser " > Create </ button >
2015-02-19 10:53:29 -05:00
</ div >
2015-02-11 23:52:11 -05:00
</ fieldset >
</ form >
2015-02-19 22:41:20 -05:00
2015-02-12 15:23:08 -05:00
< ? php
2015-02-19 22:41:20 -05:00
// delete user only if submitted by button
if ( ! empty ( $_POST [ 'deluser' ]))
{
if ( $_SERVER [ 'REQUEST_METHOD' ] == 'DELETE' || ( $_SERVER [ 'REQUEST_METHOD' ] == 'POST' && $_POST [ '_METHOD' ] == 'DELETE' )) {
$deleteid = ( int ) $_POST [ 'deleteid' ];
2015-02-20 01:57:34 -05:00
$deletequery = $yaptc_db -> prepare ( " DELETE FROM users WHERE users.id= $deleteid " );
2015-02-19 22:41:20 -05:00
$deletequery -> execute ();
echo " user deleted! " ;
if ( $deletequery !== false ) {
header ( " Location: { $_SERVER [ 'PHP_SELF' ] } " , true , 303 );
exit ;
}
}
}
2015-02-20 01:57:34 -05:00
?>
< h2 class = " content-subhead " > User List </ h2 >
< p > Current users . To edit , select the edit button in the right column .</ p >
< table class = " pure-table " >
< thead >
< tr >
< th > First Name </ th >
< th > Last Name </ th >
< th > Username </ th >
< th > Email </ th >
< th > Created </ th >
< th > User Type </ th >
< th > Actions </ th >
</ tr >
</ thead >
< tbody >
< tr >
< ? php
foreach ( listUsers ( $yaptc_db ) as $row ) {
2015-02-19 10:53:29 -05:00
echo " <td> " . $row [ 'firstname' ] . " </td> " ;
echo " <td> " . $row [ 'lastname' ] . " </td> " ;
echo " <td> " . $row [ 'username' ] . " </td> " ;
echo " <td> " . $row [ 'email' ] . " </td> " ;
echo " <td> " . $row [ 'created' ] . " </td> " ;
echo " <td> " . $row [ 'usertype' ] . " </td> " ;
2015-02-20 01:57:34 -05:00
?>
< td >< form method = " post " onsubmit = " return confirm('WARNING! - WARNING! - WARNING! This will delete the user and ALL punches associated with them. There is NO UNDO! Are you sure?') " >
2015-02-19 22:41:20 -05:00
< input type = " hidden " name = " _METHOD " value = " DELETE " >
2015-02-20 05:20:53 -05:00
< input type = " hidden " name = " deleteid " value = " <?php echo $row['userid'] ; ?> " >< button button class = " button-error pure-button " name = " deluser " value = " deluser " type = " submit " < ? php if ( $row [ 'username' ] == " admin " ) : echo " disabled " ; endif ; ?> >Delete</button></form></td>
2015-02-20 01:57:34 -05:00
</ tr >
< ? php } ?>
</ tbody >
</ table >
2015-02-19 10:53:29 -05:00
2015-02-20 05:16:28 -05:00
<!-- ********** END CONTENT ********** -->
< ? php endif ; require_once ( $yaptc_inc . " footer.inc.php " ); ?>