1<?php 2 3include('includes/session.php'); 4$Title = _('User Authorised Inventory Locations Maintenance'); 5$ViewTopic = 'Inventory';// Filename in ManualContents.php's TOC. 6$BookMark = 'LocationUsers';// Anchor's id in the manual's html document. 7include('includes/header.php'); 8 9echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/money_add.png" title="' . _('User Authorised Locations') . '" alt="" />' . ' ' . $Title . '</p>'; 10 11if (isset($_POST['SelectedLocation'])) { 12 $SelectedLocation = mb_strtoupper($_POST['SelectedLocation']); 13} elseif (isset($_GET['SelectedLocation'])) { 14 $SelectedLocation = mb_strtoupper($_GET['SelectedLocation']); 15} else { 16 $SelectedLocation = ''; 17} 18 19if (isset($_POST['SelectedUser'])) { 20 $SelectedUser = mb_strtoupper($_POST['SelectedUser']); 21} elseif (isset($_GET['SelectedUser'])) { 22 $SelectedUser = mb_strtoupper($_GET['SelectedUser']); 23} 24 25if (isset($_POST['Cancel'])) { 26 unset($SelectedUser); 27 unset($SelectedLocation); 28} 29 30if (isset($_POST['Process'])) { 31 if ($_POST['SelectedUser'] == '') { 32 prnMsg(_('You have not selected any User'), 'error'); 33 echo '<br />'; 34 unset($SelectedUser); 35 unset($_POST['SelectedUser']); 36 } 37} 38 39if (isset($_POST['submit'])) { 40 41 $InputError = 0; 42 43 if ($_POST['SelectedLocation'] == '') { 44 $InputError = 1; 45 prnMsg(_('You have not selected an inventory location to be authorised for this user'), 'error'); 46 echo '<br />'; 47 unset($SelectedUser); 48 } 49 50 if ($InputError != 1) { 51 52 // First check the user is not being duplicated 53 54 $CheckSql = "SELECT count(*) 55 FROM locationusers 56 WHERE loccode= '" . $_POST['SelectedLocation'] . "' 57 AND userid = '" . $_POST['SelectedUser'] . "'"; 58 59 $CheckResult = DB_query($CheckSql); 60 $CheckRow = DB_fetch_row($CheckResult); 61 62 if ($CheckRow[0] > 0) { 63 $InputError = 1; 64 prnMsg(_('The location') . ' ' . $_POST['SelectedLocation'] . ' ' . _('is already authorised for this user'), 'error'); 65 } else { 66 // Add new record on submit 67 $SQL = "INSERT INTO locationusers (loccode, 68 userid, 69 canview, 70 canupd) 71 VALUES ('" . $_POST['SelectedLocation'] . "', 72 '" . $_POST['SelectedUser'] . "', 73 '1', 74 '1')"; 75 76 $msg = _('User') . ': ' . $_POST['SelectedUser'] . ' ' . _('authority to use the') . ' ' . $_POST['SelectedLocation'] . ' ' . _('location has been changed'); 77 $Result = DB_query($SQL); 78 prnMsg($msg, 'success'); 79 unset($_POST['SelectedLocation']); 80 } 81 } 82} elseif (isset($_GET['delete'])) { 83 $SQL = "DELETE FROM locationusers 84 WHERE loccode='" . $SelectedLocation . "' 85 AND userid='" . $SelectedUser . "'"; 86 87 $ErrMsg = _('The Location user record could not be deleted because'); 88 $Result = DB_query($SQL, $ErrMsg); 89 prnMsg(_('User') . ' ' . $SelectedUser . ' ' . _('has had their authority to use the') . ' ' . $SelectedLocation . ' ' . _('location removed'), 'success'); 90 unset($_GET['delete']); 91} elseif (isset($_GET['ToggleUpdate'])) { 92 $SQL = "UPDATE locationusers 93 SET canupd='" . $_GET['ToggleUpdate'] . "' 94 WHERE loccode='" . $SelectedLocation . "' 95 AND userid='" . $SelectedUser . "'"; 96 97 $ErrMsg = _('The Location user record could not be deleted because'); 98 $Result = DB_query($SQL, $ErrMsg); 99 prnMsg(_('User') . ' ' . $SelectedUser . ' ' . _('has had their authority to update') . ' ' . $SelectedLocation . ' ' . _('location removed'), 'success'); 100 unset($_GET['ToggleUpdate']); 101} 102 103if (!isset($SelectedUser)) { 104 105 /* It could still be the second time the page has been run and a record has been selected for modification - SelectedLocation will exist because it was sent with the new call. If its the first time the page has been displayed with no parameters 106 then none of the above are true. These will call the same page again and allow update/input or deletion of the records*/ 107 echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">'; 108 echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" /> 109 <table class="selection"> 110 <tr> 111 <td>' . _('Select User') . ':</td> 112 <td><select name="SelectedUser">'; 113 114 $Result = DB_query("SELECT userid, 115 realname 116 FROM www_users 117 ORDER BY userid"); 118 119 echo '<option value="">' . _('Not Yet Selected') . '</option>'; 120 while ($MyRow = DB_fetch_array($Result)) { 121 if (isset($SelectedUser) and $MyRow['userid'] == $SelectedUser) { 122 echo '<option selected="selected" value="'; 123 } else { 124 echo '<option value="'; 125 } 126 echo $MyRow['userid'] . '">' . $MyRow['userid'] . ' - ' . $MyRow['realname'] . '</option>'; 127 128 } //end while loop 129 130 echo '</select></td></tr>'; 131 132 echo '</table>'; // close main table 133 DB_free_result($Result); 134 135 echo '<div class="centre"> 136 <input type="submit" name="Process" value="' . _('Accept') . '" /> 137 <input type="submit" name="Cancel" value="' . _('Cancel') . '" /> 138 </div>'; 139 140 echo '</form>'; 141 142} 143 144//end of ifs and buts! 145if (isset($_POST['process']) or isset($SelectedUser)) { 146 $SQLName = "SELECT realname 147 FROM www_users 148 WHERE userid='" . $SelectedUser . "'"; 149 $Result = DB_query($SQLName); 150 $MyRow = DB_fetch_array($Result); 151 $SelectedUserName = $MyRow['realname']; 152 153 echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Authorised inventory locations for') . ' ' . $SelectedUserName . '</a></div> 154 <form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '"> 155 <input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" /> 156 <input type="hidden" name="SelectedUser" value="' . $SelectedUser . '" />'; 157 158 $SQL = "SELECT locationusers.loccode, 159 canview, 160 canupd, 161 locations.locationname 162 FROM locationusers INNER JOIN locations 163 ON locationusers.loccode=locations.loccode 164 WHERE locationusers.userid='" . $SelectedUser . "' 165 ORDER BY locations.locationname ASC"; 166 167 $Result = DB_query($SQL); 168 169 echo '<table class="selection">'; 170 echo '<tr> 171 <th colspan="6"><h3>' . _('Authorised Inventory Locations for User') . ': ' . $SelectedUserName . '</h3></th> 172 </tr>'; 173 echo '<tr> 174 <th>' . _('Code') . '</th> 175 <th>' . _('Name') . '</th> 176 <th>' . _('View') . '</th> 177 <th>' . _('Update') . '</th> 178 </tr>'; 179 180 while ($MyRow = DB_fetch_array($Result)) { 181 182 if ($MyRow['canupd'] == 1) { 183 $ToggleText = '<td><a href="%s?SelectedLocation=%s&ToggleUpdate=0&SelectedUser=' . $SelectedUser . '" onclick="return confirm(\'' . _('Are you sure you wish to remove Update for this location?') . '\');">' . _('Remove Update') . '</a></td>'; 184 } else { 185 $ToggleText = '<td><a href="%s?SelectedLocation=%s&ToggleUpdate=1&SelectedUser=' . $SelectedUser . '" onclick="return confirm(\'' . _('Are you sure you wish to add Update for this location?') . '\');">' . _('Add Update') . '</a></td>'; 186 } 187 188 printf('<tr class="striped_row"> 189 <td>%s</td> 190 <td>%s</td> 191 <td>%s</td> 192 <td>%s</td>' . 193 $ToggleText . ' 194 <td><a href="%s?SelectedLocation=%s&delete=yes&SelectedUser=' . $SelectedUser . '" onclick="return confirm(\'' . _('Are you sure you wish to un-authorise this location?') . '\');">' . _('Un-authorise') . '</a></td> 195 </tr>', 196 $MyRow['loccode'], 197 $MyRow['locationname'], 198 $MyRow['canview'], 199 $MyRow['canupd'], 200 htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'), 201 $MyRow['loccode'], 202 htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'), 203 $MyRow['loccode']); 204 } 205 //END WHILE LIST LOOP 206 echo '</table>'; 207 208 if (!isset($_GET['delete'])) { 209 210 211 echo '<table class="selection">'; //Main table 212 213 echo '<tr> 214 <td>' . _('Select Location') . ':</td> 215 <td><select name="SelectedLocation">'; 216 217 $Result = DB_query("SELECT loccode, 218 locationname 219 FROM locations 220 WHERE NOT EXISTS (SELECT locationusers.loccode 221 FROM locationusers 222 WHERE locationusers.userid='" . $SelectedUser . "' 223 AND locationusers.loccode=locations.loccode) 224 ORDER BY locationname"); 225 226 if (!isset($_POST['SelectedLocation'])) { 227 echo '<option selected="selected" value="">' . _('Not Yet Selected') . '</option>'; 228 } 229 while ($MyRow = DB_fetch_array($Result)) { 230 if (isset($_POST['SelectedLocation']) and $MyRow['loccode'] == $_POST['SelectedLocation']) { 231 echo '<option selected="selected" value="'; 232 } else { 233 echo '<option value="'; 234 } 235 echo $MyRow['loccode'] . '">' . $MyRow['locationname'] . '</option>'; 236 237 } //end while loop 238 239 echo '</select> 240 </td> 241 </tr> 242 </table>'; // close main table 243 DB_free_result($Result); 244 245 echo '<div class="centre"> 246 <input type="submit" name="submit" value="' . _('Accept') . '" /> 247 <input type="submit" name="Cancel" value="' . _('Cancel') . '" /> 248 </div> 249 </form>'; 250 251 } // end if user wish to delete 252} 253 254include('includes/footer.php'); 255?> 256