From e2f91e470c25f87e9666b0e46724ab695ff6112e Mon Sep 17 00:00:00 2001 From: Alex Date: Mon, 5 Oct 2015 18:52:59 +0300 Subject: [PATCH] let's make clients accounts editable, check for duplicated clients username --- admin/clients.php | 176 +++++++++++++++++++++++++++++++++------------- 1 file changed, 127 insertions(+), 49 deletions(-) diff --git a/admin/clients.php b/admin/clients.php index f9309c2a..4b9e8a2a 100644 --- a/admin/clients.php +++ b/admin/clients.php @@ -45,7 +45,7 @@ include ("../db.inc.php"); /** * Authentication file */ -include ("auth-admin.php"); +require ("auth-admin.php"); /** * XHTML functions @@ -57,7 +57,9 @@ global $db; $a = false; -if (isset($_POST['client'])) +$client =""; $firstname="";$lastname="";$email=""; $time_zone_name=""; + +if (isset($_POST['client']) && !empty($_POST['client'])) { $client = $db->qstr($_POST['client'],get_magic_quotes_gpc()); $firstname = $db->qstr($_POST['firstname'],get_magic_quotes_gpc()); @@ -65,46 +67,108 @@ if (isset($_POST['client'])) $lastname = $db->qstr($_POST['lastname'],get_magic_quotes_gpc()); $time_zone_name = $db->qstr($_POST['Time_zone_name'],get_magic_quotes_gpc()); - if (!empty($_POST['client'])) - { - $sql = "INSERT INTO client - (`client_id` ,`username` ,`firstName` ,`lastName`, `Time_zone_name`) - VALUES (NULL , $client, $firstname , $lastname, $time_zone_name);"; + /* check if there'a record with this username*/ + $sql = "SELECT `username`,`client_id` from client WHERE `username` LIKE $client"; + $rs = $db->GetAll($sql); - if ($db->Execute($sql)) - { - include_once("../include/limesurvey/admin/classes/core/sha256.php"); - - //Insert into lime_users - $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`) - VALUES ($client, '" . SHA256::hashing($_POST['password']) . "',$firstname,1,0,$email,'auto')"; - - $db->Execute($sql); - + if (isset($_GET['edit']) && $_GET['edit'] >0 ) { + + $clid = intval($_GET['edit']); + $uid = intval($_POST['uid']); + } + - $a = T_("Added: $client"); + if (empty($rs) || count($rs)==1 && $rs[0]['client_id'] == $clid){ + + // update client + if (isset($_GET['edit']) && $_GET['edit'] >0 ) { + + $sql = "UPDATE `client` SET `username`= $client,`firstName` = $firstname,`lastName` = $lastname,`Time_zone_name` = $time_zone_name + WHERE `client_id` = $clid "; + + if ($db->Execute($sql)) + { + $sql = "UPDATE " . LIME_PREFIX . "users SET `users_name` = $client, `full_name` = $firstname, `email` = $email"; + + /* rewrite 'password' only if not blank in edit mode */ + if (isset($_GET['edit']) && $_GET['edit'] >0 && isset($_POST['password']) && !empty($_POST['password'])) { + + include_once("../include/limesurvey/admin/classes/core/sha256.php"); + $sql .=",`password` = '" . SHA256::hashing($_POST['password']) . "'"; + } + + $sql .= "WHERE `uid` = $uid"; + + $db->Execute($sql); + + if ($db->Execute($sql)) $a = T_("Updated") . ": " . $client; else $a = T_("Update error"); + } + else + $a = T_("Could not update") . " " . $client; } - else - $a = T_("Could not add") . " " . $client . ". " . T_("There may already be a client of this name"); + else { //save as a new client + + $sql = "INSERT INTO client (`client_id` ,`username` ,`firstName` ,`lastName`, `Time_zone_name`) + VALUES (NULL , $client, $firstname , $lastname, $time_zone_name);"; + + if ($db->Execute($sql)) { + + include_once("../include/limesurvey/admin/classes/core/sha256.php"); + + //Insert into lime_users + $sql = "INSERT INTO " . LIME_PREFIX . "users (`users_name`,`password`,`full_name`,`parent_id`,`superadmin`,`email`,`lang`) + VALUES ($client, '" . SHA256::hashing($_POST['password']) . "', $firstname ,1,0,$email,'auto')"; + + $db->Execute($sql); + + if ($db->Execute($sql)) $a = T_("Added") . ": " . $client; else $a = T_("Error adding client"); + } + else + $a = T_("Could not add") . " " . $client; + } + } + else $a = T_("Username") . " " . $client . ". " . T_("is already in use"); +} + +$header = T_("Add a client"); +$sbut = T_("Add new client"); +$req = "required"; + +if (isset($_GET['edit']) && $_GET['edit'] >0 ) { + + $header = T_("Edit client data"); + + $clid = intval($_GET['edit']); + + $sql = "SELECT client.*, u.email, u.uid from client, " . LIME_PREFIX . "users as u WHERE client_id=$clid and u.users_name=username"; + + $cdata = $db->GetRow($sql); + + if (!$cdata) { + unset($_GET['edit']); + die(T_("NO such client")); + } + else{ + $uid = $cdata['uid']; + $client = $cdata['username']; + $firstname= $cdata['firstName']; + $lastname= $cdata['lastName']; + $email= $cdata['email']; + $time_zone_name = $cdata['Time_zone_name']; + $sbut = T_("Update client data"); + $req = ""; } } - -xhtml_head(T_("Add a client"),true,array("../include/bootstrap/css/bootstrap.min.css","../css/custom.css")); +xhtml_head($header,true,array("../include/bootstrap/css/bootstrap.min.css","../css/custom.css")); $sql = "SELECT Time_zone_name as value, Time_zone_name as description FROM timezone_template"; +$tzs = $db->GetAll($sql); -$rs = $db->GetAll($sql); - - -if ($a) -{ -?> +if ($a) { ?>
- +