1<?php 2 3include('includes/session.php'); 4$Title = _('Inventory Location Authorised Users Maintenance'); 5$ViewTopic = 'Inventory';// Filename in ManualContents.php's TOC. 6$BookMark = 'LocationUsers';// Anchor's id in the manual's html document. 7include('includes/header.php'); 8 9echo '<p class="page_title_text"><img src="' . $RootPath . '/css/' . $Theme . '/images/money_add.png" title="' . _('Location Authorised Users') . '" alt="" />' . ' ' . $Title . '</p>'; 10 11if (isset($_POST['SelectedUser'])) { 12 $SelectedUser = mb_strtoupper($_POST['SelectedUser']); 13} elseif (isset($_GET['SelectedUser'])) { 14 $SelectedUser = mb_strtoupper($_GET['SelectedUser']); 15} else { 16 $SelectedUser = ''; 17} 18 19if (isset($_POST['SelectedLocation'])) { 20 $SelectedLocation = mb_strtoupper($_POST['SelectedLocation']); 21} elseif (isset($_GET['SelectedLocation'])) { 22 $SelectedLocation = mb_strtoupper($_GET['SelectedLocation']); 23} 24 25if (isset($_POST['Cancel'])) { 26 unset($SelectedLocation); 27 unset($SelectedUser); 28} 29 30if (isset($_POST['Process'])) { 31 if ($_POST['SelectedLocation'] == '') { 32 prnMsg(_('You have not selected any Location'), 'error'); 33 echo '<br />'; 34 unset($SelectedLocation); 35 unset($_POST['SelectedLocation']); 36 } 37} 38 39if (isset($_POST['submit'])) { 40 41 $InputError = 0; 42 43 if ($_POST['SelectedUser'] == '') { 44 $InputError = 1; 45 prnMsg(_('You have not selected an user to be authorised to use this Location'), 'error'); 46 echo '<br />'; 47 unset($SelectedLocation); 48 } 49 50 if ($InputError != 1) { 51 52 // First check the user is not being duplicated 53 54 $CheckSql = "SELECT count(*) 55 FROM locationusers 56 WHERE loccode= '" . $_POST['SelectedLocation'] . "' 57 AND userid = '" . $_POST['SelectedUser'] . "'"; 58 59 $CheckResult = DB_query($CheckSql); 60 $CheckRow = DB_fetch_row($CheckResult); 61 62 if ($CheckRow[0] > 0) { 63 $InputError = 1; 64 prnMsg(_('The user') . ' ' . $_POST['SelectedUser'] . ' ' . _('is already authorised to use this location'), 'error'); 65 } else { 66 // Add new record on submit 67 $SQL = "INSERT INTO locationusers (loccode, 68 userid, 69 canview, 70 canupd) 71 VALUES ('" . $_POST['SelectedLocation'] . "', 72 '" . $_POST['SelectedUser'] . "', 73 '1', 74 '1')"; 75 76 $msg = _('User') . ': ' . $_POST['SelectedUser'] . ' ' . _('authority to use the') . ' ' . $_POST['SelectedLocation'] . ' ' . _('location has been changed'); 77 $Result = DB_query($SQL); 78 prnMsg($msg, 'success'); 79 unset($_POST['SelectedUser']); 80 } 81 } 82} elseif (isset($_GET['delete'])) { 83 $SQL = "DELETE FROM locationusers 84 WHERE loccode='" . $SelectedLocation . "' 85 AND userid='" . $SelectedUser . "'"; 86 87 $ErrMsg = _('The Location user record could not be deleted because'); 88 $Result = DB_query($SQL, $ErrMsg); 89 prnMsg(_('User') . ' ' . $SelectedUser . ' ' . _('has had their authority to use the') . ' ' . $SelectedLocation . ' ' . _('location removed'), 'success'); 90 unset($_GET['delete']); 91} elseif (isset($_GET['ToggleUpdate'])) { 92 $SQL = "UPDATE locationusers 93 SET canupd='" . $_GET['ToggleUpdate'] . "' 94 WHERE loccode='" . $SelectedLocation . "' 95 AND userid='" . $SelectedUser . "'"; 96 97 $ErrMsg = _('The Location user record could not be deleted because'); 98 $Result = DB_query($SQL, $ErrMsg); 99 prnMsg(_('User') . ' ' . $SelectedUser . ' ' . _('has had their authority to update') . ' ' . $SelectedLocation . ' ' . _('location removed'), 'success'); 100 unset($_GET['ToggleUpdate']); 101} 102 103if (!isset($SelectedLocation)) { 104 105 /* It could still be the second time the page has been run and a record has been selected for modification - SelectedUser will exist because it was sent with the new call. If its the first time the page has been displayed with no parameters 106 then none of the above are true. These will call the same page again and allow update/input or deletion of the records*/ 107 echo '<form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">'; 108 echo '<input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" /> 109 <table class="selection"> 110 <tr> 111 <td>' . _('Select Location') . ':</td> 112 <td><select name="SelectedLocation">'; 113 114 $Result = DB_query("SELECT loccode, 115 locationname 116 FROM locations"); 117 118 echo '<option value="">' . _('Not Yet Selected') . '</option>'; 119 while ($MyRow = DB_fetch_array($Result)) { 120 if (isset($SelectedLocation) and $MyRow['loccode'] == $SelectedLocation) { 121 echo '<option selected="selected" value="'; 122 } else { 123 echo '<option value="'; 124 } 125 echo $MyRow['loccode'] . '">' . $MyRow['loccode'] . ' - ' . $MyRow['locationname'] . '</option>'; 126 127 } //end while loop 128 129 echo '</select></td></tr>'; 130 131 echo '</table>'; // close main table 132 DB_free_result($Result); 133 134 echo '<div class="centre"> 135 <input type="submit" name="Process" value="' . _('Accept') . '" /> 136 <input type="submit" name="Cancel" value="' . _('Cancel') . '" /> 137 </div>'; 138 139 echo '</form>'; 140 141} 142 143//end of ifs and buts! 144if (isset($_POST['process']) or isset($SelectedLocation)) { 145 $SQLName = "SELECT locationname 146 FROM locations 147 WHERE loccode='" . $SelectedLocation . "'"; 148 $Result = DB_query($SQLName); 149 $MyRow = DB_fetch_array($Result); 150 $SelectedLocationName = $MyRow['locationname']; 151 152 echo '<div class="centre"><a href="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '">' . _('Authorised users for') . ' ' . $SelectedLocationName . ' ' . _('Location') . '</a></div> 153 <form method="post" action="' . htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8') . '"> 154 <input type="hidden" name="FormID" value="' . $_SESSION['FormID'] . '" /> 155 <input type="hidden" name="SelectedLocation" value="' . $SelectedLocation . '" />'; 156 157 $SQL = "SELECT locationusers.userid, 158 canview, 159 canupd, 160 www_users.realname 161 FROM locationusers INNER JOIN www_users 162 ON locationusers.userid=www_users.userid 163 WHERE locationusers.loccode='" . $SelectedLocation . "' 164 ORDER BY locationusers.userid ASC"; 165 166 $Result = DB_query($SQL); 167 168 echo '<table class="selection">'; 169 echo '<tr> 170 <th colspan="6"><h3>' . _('Authorised users for Location') . ': ' . $SelectedLocationName . '</h3></th> 171 </tr>'; 172 echo '<tr> 173 <th>' . _('User Code') . '</th> 174 <th>' . _('User Name') . '</th> 175 <th>' . _('View') . '</th> 176 <th>' . _('Update') . '</th> 177 </tr>'; 178 179 while ($MyRow = DB_fetch_array($Result)) { 180 181 if ($MyRow['canupd'] == 1) { 182 $ToggleText = '<td><a href="%s?SelectedUser=%s&ToggleUpdate=0&SelectedLocation=' . $SelectedLocation . '" onclick="return confirm(\'' . _('Are you sure you wish to remove Update for this user?') . '\');">' . _('Remove Update') . '</a></td>'; 183 } else { 184 $ToggleText = '<td><a href="%s?SelectedUser=%s&ToggleUpdate=1&SelectedLocation=' . $SelectedLocation . '" onclick="return confirm(\'' . _('Are you sure you wish to add Update for this user?') . '\');">' . _('Add Update') . '</a></td>'; 185 } 186 187 printf('<tr class="striped_row"> 188 <td>%s</td> 189 <td>%s</td> 190 <td>%s</td> 191 <td>%s</td>' . 192 $ToggleText . ' 193 <td><a href="%s?SelectedUser=%s&delete=yes&SelectedLocation=' . $SelectedLocation . '" onclick="return confirm(\'' . _('Are you sure you wish to un-authorise this user?') . '\');">' . _('Un-authorise') . '</a></td> 194 </tr>', 195 $MyRow['userid'], 196 $MyRow['realname'], 197 $MyRow['canview'], 198 $MyRow['canupd'], 199 htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'), 200 $MyRow['userid'], 201 htmlspecialchars($_SERVER['PHP_SELF'], ENT_QUOTES, 'UTF-8'), 202 $MyRow['userid']); 203 } 204 //END WHILE LIST LOOP 205 echo '</table>'; 206 207 if (!isset($_GET['delete'])) { 208 209 210 echo '<table class="selection">'; //Main table 211 212 echo '<tr> 213 <td>' . _('Select User') . ':</td> 214 <td><select name="SelectedUser">'; 215 216 $Result = DB_query("SELECT userid, 217 realname 218 FROM www_users 219 WHERE NOT EXISTS (SELECT locationusers.userid 220 FROM locationusers 221 WHERE locationusers.loccode='" . $SelectedLocation . "' 222 AND locationusers.userid=www_users.userid)"); 223 224 if (!isset($_POST['SelectedUser'])) { 225 echo '<option selected="selected" value="">' . _('Not Yet Selected') . '</option>'; 226 } 227 while ($MyRow = DB_fetch_array($Result)) { 228 if (isset($_POST['SelectedUser']) and $MyRow['userid'] == $_POST['SelectedUser']) { 229 echo '<option selected="selected" value="'; 230 } else { 231 echo '<option value="'; 232 } 233 echo $MyRow['userid'] . '">' . $MyRow['userid'] . ' - ' . $MyRow['realname'] . '</option>'; 234 235 } //end while loop 236 237 echo '</select> 238 </td> 239 </tr> 240 </table>'; // close main table 241 DB_free_result($Result); 242 243 echo '<div class="centre"> 244 <input type="submit" name="submit" value="' . _('Accept') . '" /> 245 <input type="submit" name="Cancel" value="' . _('Cancel') . '" /> 246 </div> 247 </form>'; 248 249 } // end if user wish to delete 250} 251 252include('includes/footer.php'); 253?> 254