1<?php
2
3include('includes/session.php');
4$Title = _('Inventory Location Authorised Users Maintenance');
5$ViewTopic = 'Inventory';// Filename in ManualContents.php's TOC.
6$BookMark = 'LocationUsers';// Anchor's id in the manual's html document.
7include('includes/header.php');
8
9echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/money_add.png" title="' . _('Location Authorised Users') . '" alt="" />' . ' ' . $Title . '</p>';
10
11if (isset($_POST['SelectedUser'])) {
12	$SelectedUser = mb_strtoupper($_POST['SelectedUser']);
13} elseif (isset($_GET['SelectedUser'])) {
14	$SelectedUser = mb_strtoupper($_GET['SelectedUser']);
15} else {
16	$SelectedUser = '';
17}
18
19if (isset($_POST['SelectedLocation'])) {
20	$SelectedLocation = mb_strtoupper($_POST['SelectedLocation']);
21} elseif (isset($_GET['SelectedLocation'])) {
22	$SelectedLocation = mb_strtoupper($_GET['SelectedLocation']);
23}
24
25if (isset($_POST['Cancel'])) {
26	unset($SelectedLocation);
27	unset($SelectedUser);
28}
29
30if (isset($_POST['Process'])) {
31	if ($_POST['SelectedLocation'] == '') {
32		prnMsg(_('You have not selected any Location'), 'error');
33		echo '<br />';
34		unset($SelectedLocation);
35		unset($_POST['SelectedLocation']);
36	}
37}
38
39if (isset($_POST['submit'])) {
40
41	$InputError = 0;
42
43	if ($_POST['SelectedUser'] == '') {
44		$InputError = 1;
45		prnMsg(_('You have not selected an user to be authorised to use this Location'), 'error');
46		echo '<br />';
47		unset($SelectedLocation);
48	}
49
50	if ($InputError != 1) {
51
52		// First check the user is not being duplicated
53
54		$CheckSql = "SELECT count(*)
55			     FROM locationusers
56			     WHERE loccode= '" . $_POST['SelectedLocation'] . "'
57				 AND userid = '" . $_POST['SelectedUser'] . "'";
58
59		$CheckResult = DB_query($CheckSql);
60		$CheckRow = DB_fetch_row($CheckResult);
61
62		if ($CheckRow[0] > 0) {
63			$InputError = 1;
64			prnMsg(_('The user') . ' ' . $_POST['SelectedUser'] . ' ' . _('is already authorised to use this location'), 'error');
65		} else {
66			// Add new record on submit
67			$SQL = "INSERT INTO locationusers (loccode,
68												userid,
69												canview,
70												canupd)
71										VALUES ('" . $_POST['SelectedLocation'] . "',
72												'" . $_POST['SelectedUser'] . "',
73												'1',
74												'1')";
75
76			$msg = _('User') . ': ' . $_POST['SelectedUser'] . ' ' . _('authority to use the') . ' ' . $_POST['SelectedLocation'] . ' ' . _('location has been changed');
77			$Result = DB_query($SQL);
78			prnMsg($msg, 'success');
79			unset($_POST['SelectedUser']);
80		}
81	}
82} elseif (isset($_GET['delete'])) {
83	$SQL = "DELETE FROM locationusers
84		WHERE loccode='" . $SelectedLocation . "'
85		AND userid='" . $SelectedUser . "'";
86
87	$ErrMsg = _('The Location user record could not be deleted because');
88	$Result = DB_query($SQL, $ErrMsg);
89	prnMsg(_('User') . ' ' . $SelectedUser . ' ' . _('has had their authority to use the') . ' ' . $SelectedLocation . ' ' . _('location removed'), 'success');
90	unset($_GET['delete']);
91} elseif (isset($_GET['ToggleUpdate'])) {
92	$SQL = "UPDATE locationusers
93			SET canupd='" . $_GET['ToggleUpdate'] . "'
94			WHERE loccode='" . $SelectedLocation . "'
95			AND userid='" . $SelectedUser . "'";
96
97	$ErrMsg = _('The Location user record could not be deleted because');
98	$Result = DB_query($SQL, $ErrMsg);
99	prnMsg(_('User') . ' ' . $SelectedUser . ' ' . _('has had their authority to update') . ' ' . $SelectedLocation . ' ' . _('location removed'), 'success');
100	unset($_GET['ToggleUpdate']);
101}
102
103if (!isset($SelectedLocation)) {
104
105	/* It could still be the second time the page has been run and a record has been selected for modification - SelectedUser will exist because it was sent with the new call. If its the first time the page has been displayed with no parameters
106	then none of the above are true. These will call the same page again and allow update/input or deletion of the records*/
107	echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">';
108	echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />
109			<table class="selection">
110			<tr>
111				<td>' . _('Select Location') . ':</td>
112				<td><select name="SelectedLocation">';
113
114	$Result = DB_query("SELECT loccode,
115								locationname
116						FROM locations");
117
118	echo '<option value="">' . _('Not Yet Selected') . '</option>';
119	while ($MyRow = DB_fetch_array($Result)) {
120		if (isset($SelectedLocation) and $MyRow['loccode'] == $SelectedLocation) {
121			echo '<option selected="selected" value="';
122		} else {
123			echo '<option value="';
124		}
125		echo $MyRow['loccode'] . '">' . $MyRow['loccode'] . ' - ' . $MyRow['locationname'] . '</option>';
126
127	} //end while loop
128
129	echo '</select></td></tr>';
130
131	echo '</table>'; // close main table
132	DB_free_result($Result);
133
134	echo '<div class="centre">
135			<input type="submit" name="Process" value="' . _('Accept') . '" />
136			<input type="submit" name="Cancel" value="' . _('Cancel') . '" />
137		</div>';
138
139	echo '</form>';
140
141}
142
143//end of ifs and buts!
144if (isset($_POST['process']) or isset($SelectedLocation)) {
145	$SQLName = "SELECT locationname
146			FROM locations
147			WHERE loccode='" . $SelectedLocation . "'";
148	$Result = DB_query($SQLName);
149	$MyRow = DB_fetch_array($Result);
150	$SelectedLocationName = $MyRow['locationname'];
151
152	echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Authorised users for') . ' ' . $SelectedLocationName . ' ' . _('Location') . '</a></div>
153		<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">
154		<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" />
155		<input type="hidden" name="SelectedLocation" value="' . $SelectedLocation . '" />';
156
157	$SQL = "SELECT locationusers.userid,
158					canview,
159					canupd,
160					www_users.realname
161			FROM locationusers INNER JOIN www_users
162			ON locationusers.userid=www_users.userid
163			WHERE locationusers.loccode='" . $SelectedLocation . "'
164			ORDER BY locationusers.userid ASC";
165
166	$Result = DB_query($SQL);
167
168	echo '<table class="selection">';
169	echo '<tr>
170			<th colspan="6"><h3>' . _('Authorised users for Location') . ': ' . $SelectedLocationName . '</h3></th>
171		</tr>';
172	echo '<tr>
173			<th>' . _('User Code') . '</th>
174			<th>' . _('User Name') . '</th>
175			<th>' . _('View') . '</th>
176			<th>' . _('Update') . '</th>
177		</tr>';
178
179	while ($MyRow = DB_fetch_array($Result)) {
180
181		if ($MyRow['canupd'] == 1) {
182			$ToggleText = '<td><a href="%s?SelectedUser=%s&amp;ToggleUpdate=0&amp;SelectedLocation=' . $SelectedLocation . '" onclick="return confirm(\'' . _('Are you sure you wish to remove Update for this user?') . '\');">' . _('Remove Update') . '</a></td>';
183		} else {
184			$ToggleText = '<td><a href="%s?SelectedUser=%s&amp;ToggleUpdate=1&amp;SelectedLocation=' . $SelectedLocation . '" onclick="return confirm(\'' . _('Are you sure you wish to add Update for this user?') . '\');">' . _('Add Update') . '</a></td>';
185		}
186
187		printf('<tr class="striped_row">
188				<td>%s</td>
189				<td>%s</td>
190				<td>%s</td>
191				<td>%s</td>' .
192				$ToggleText . '
193				<td><a href="%s?SelectedUser=%s&amp;delete=yes&amp;SelectedLocation=' . $SelectedLocation . '" onclick="return confirm(\'' . _('Are you sure you wish to un-authorise this user?') . '\');">' . _('Un-authorise') . '</a></td>
194				</tr>',
195				$MyRow['userid'],
196				$MyRow['realname'],
197				$MyRow['canview'],
198				$MyRow['canupd'],
199				htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
200				$MyRow['userid'],
201				htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'),
202				$MyRow['userid']);
203	}
204	//END WHILE LIST LOOP
205	echo '</table>';
206
207	if (!isset($_GET['delete'])) {
208
209
210		echo '<table  class="selection">'; //Main table
211
212		echo '<tr>
213				<td>' . _('Select User') . ':</td>
214				<td><select name="SelectedUser">';
215
216		$Result = DB_query("SELECT userid,
217									realname
218							FROM www_users
219							WHERE NOT EXISTS (SELECT locationusers.userid
220											FROM locationusers
221											WHERE locationusers.loccode='" . $SelectedLocation . "'
222												AND locationusers.userid=www_users.userid)");
223
224		if (!isset($_POST['SelectedUser'])) {
225			echo '<option selected="selected" value="">' . _('Not Yet Selected') . '</option>';
226		}
227		while ($MyRow = DB_fetch_array($Result)) {
228			if (isset($_POST['SelectedUser']) and $MyRow['userid'] == $_POST['SelectedUser']) {
229				echo '<option selected="selected" value="';
230			} else {
231				echo '<option value="';
232			}
233			echo $MyRow['userid'] . '">' . $MyRow['userid'] . ' - ' . $MyRow['realname'] . '</option>';
234
235		} //end while loop
236
237		echo '</select>
238					</td>
239				</tr>
240			</table>'; // close main table
241		DB_free_result($Result);
242
243		echo '<div class="centre">
244				<input type="submit" name="submit" value="' . _('Accept') . '" />
245				<input type="submit" name="Cancel" value="' . _('Cancel') . '" />
246			</div>
247			</form>';
248
249	} // end if user wish to delete
250}
251
252include('includes/footer.php');
253?>
254