From d8055192991ac8504e48c137038879790c762d2d Mon Sep 17 00:00:00 2001
From: Camil Staps
Date: Tue, 26 Jul 2016 14:27:14 +0200
Subject: Adding and deleting users

---
 include/clients-overview.php |   2 +-
 include/settings.php         | 170 ++++++++++++++++++++++++++++++++++++-------
 include/users-new.php        |  42 +++++++++++
 3 files changed, 188 insertions(+), 26 deletions(-)
 create mode 100644 include/users-new.php

(limited to 'include')
diff --git a/include/clients-overview.php b/include/clients-overview.php
index 7ce45a6..fc2c3a0 100644
--- a/include/clients-overview.php
+++ b/include/clients-overview.php
@@ -70,7 +70,7 @@ require_once('./login.php');
                 <div class="form-group">
                     <label>Name:</label>
                     <input 
-                        type="text" name="name" class="form-control" placeholder="Title" 
+                        type="text" name="name" class="form-control" placeholder="Name"
                         data-bv-notempty="true" data-bv-notempty-message="You have to provide a name"/>
                 </div>
                 <button type="submit" class="btn btn-default">Go</button>
diff --git a/include/settings.php b/include/settings.php
index 7dfbbc3..896152c 100644
--- a/include/settings.php
+++ b/include/settings.php
@@ -35,43 +35,163 @@ require('./header.php');
 			<!-- /.col-lg-12 -->
 		</div>
 
+		<?php
+		if (isset($_GET['delete_user']) && $_user->isAdmin()) {
+			try {
+				$user = new user($_pdo, $_GET['delete_user']);
+				if ($user->delete()) {
+					echo "<div class='alert alert-success alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->getUsername()}</i> has been removed.</div>";
+				} else {
+					echo "<div class='alert alert-danger alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->getUsername()}</i> could not be removed.</div>";
+				}
+			} catch (PDOException $e) {
+				echo "<div class='alert alert-danger alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with username <i>{$user->getUsername()}</i> could not be removed due to a PDO error.</div>";
+			} catch (Exception $e) {
+				echo "<div class='alert alert-danger alert-dismissable'><button type='button' class='close fa fa-times' data-dismiss='alert' aria-hidden='true'></button>The user with id {$_GET['delete_user']} could not be found.</div>";
+			}
+		}
+		?>
+
 		<div class="row">
 			<div class="col-md-4">
 				<div class="panel panel-default">
 					<div class="panel-heading">Password</div>
-						<div class="panel-body">
-							<?php
-							if (isset($_POST['password_update'])) {
-								if ($_POST['password_update'] != $_POST['password_update2']) {
-									echo '<div class="alert alert-danger">The passwords don\'t match.</div>';
-								} else if (!$_user->verifyPassword($_POST['password_current'])) {
-									echo '<div class="alert alert-danger">The current password was incorrect.</div>';
-								} else {
-									try {
-										$_user->setPassword($_POST['password_update']);
-										echo '<div class="alert alert-success">Password successfully changed.</div>';
-									} catch (PDOException $e) {
-										echo '<div class="alert alert-danger">An unknown error occurred.</div>';
-									}
+					<div class="panel-body">
+						<?php
+						if (isset($_POST['password_update'])) {
+							if ($_POST['password_update'] != $_POST['password_update2']) {
+								echo '<div class="alert alert-danger">The passwords don\'t match.</div>';
+							} else if (!$_user->verifyPassword($_POST['password_current'])) {
+								echo '<div class="alert alert-danger">The current password was incorrect.</div>';
+							} else {
+								try {
+									$_user->setPassword($_POST['password_update']);
+									echo '<div class="alert alert-success">Password successfully changed.</div>';
+								} catch (PDOException $e) {
+									echo '<div class="alert alert-danger">An unknown error occurred.</div>';
 								}
 							}
-							?>
-							<form action="" method="post">
-								<div class="form-group">
-									<input class="form-control" type="password" name="password_current" placeholder="Current password"/>
-								</div>
-								<div class="form-group">
-									<input class="form-control" type="password" name="password_update" placeholder="New password"/>
-								</div>
+						}
+						?>
+						<form action="" method="post">
+							<div class="form-group">
+								<input class="form-control" type="password" name="password_current" id="password-current" placeholder="Current password"/>
+							</div>
+							<div class="form-group">
+								<input class="form-control" type="password" name="password_update" placeholder="New password"/>
+							</div>
+							<div class="form-group">
+								<input class="form-control" type="password" name="password_update2" placeholder="New password (verification)"/>
+							</div>
+							<input class="btn btn-primary" type="submit" value="Change password"/>
+						</form>
+					</div>
+				</div>
+			</div>
+
+			<div class="col-md-4">
+				<div class="panel panel-default">
+					<div class="panel-heading">Users</div>
+					<div class="panel-body table-responsive">
+						<table class="table table-bordered table-striped mixitup dataTable" id="overview-clients">
+							<thead>
+								<tr>
+									<th class="mixitup-sort sorting" data-sort="mixerOrderId:desc">#</th>
+									<th class="mixitup-sort sorting" data-sort="mixerOrderUsername:desc">Username</th>
+									<?php if ($_user->isAdmin()) echo '<th>Tools</th>'; ?>
+								</tr>
+							</thead>
+							<tbody>
+								<?php
+								$users = BusinessAdmin::getUsers($_pdo);
+								foreach ($users as $user) {
+									echo "<tr class='mix'
+												data-mixer-order-id='{$user->getId()}'
+												data-mixer-order-username='{$user->getUsername()}'>
+											<td class='col-min-width'>{$user->getId()}</td>
+											<td class='col-max-width'>{$user->getUsername()}</td>";
+									if ($_user->isAdmin()) {
+										if ($user->getId() == $_user->getId()) {
+											echo "<td class='col-min-width'>
+													<a title='Change password' href='#' onclick='$(\"#password-current\").focus();' class='btn btn-warning btn-circle fa fa-key'></a>
+												</td>";
+										} else {
+											echo "<td class='col-min-width'>
+													<a title='Delete' href='?delete_user={$user->getId()}' class='btn btn-danger btn-circle fa fa-times'></a>
+												</td>";
+										}
+									}
+									echo "</tr>";
+								}
+								?>
+							</tbody>
+						</table>
+					</div>
+				</div>
+			</div>
+
+			<?php if ($_user->isAdmin()) : ?>
+				<div class="col-md-4">
+					<div class="panel panel-default">
+						<div class="panel-heading">Create new</div>
+						<div class="panel-body">
+							<form role="form" id="newUser" action='<?=constants::url_external?>users/new' method="post" class="bootstrapValidator ajaxify"
+								data-ajaxify-options='{"success":"newUserSuccess","error":"newUserError","beforeSubmit":"newUserBeforeSubmit","clearForm":true}'>
+								<div class="ajaxify-response alert alert-dismissable"><button type="button" class="close" data-dismiss="alert" aria-hidden="true">×</button><span class="ajaxify-response-text"></span></div>
 								<div class="form-group">
-									<input class="form-control" type="password" name="password_update2" placeholder="New password (verification)"/>
+									<label>Username:</label>
+									<input
+										type="text" name="username" class="form-control" placeholder="Username"
+										data-bv-notempty="true" data-bv-notempty-message="You have to provide a username"/>
 								</div>
-								<input class="btn btn-primary" type="submit" value="Change password"/>
+								<button type="submit" class="btn btn-default">Go</button>
 							</form>
+							<script type="text/javascript">
+							// Callback for before the form is submitted
+							function newUserBeforeSubmit() {
+								$('#newUser input').prop('disabled', true);
+								$('#newUser .ajaxify-response').hide().removeClass('alert-success alert-danger').find('.ajaxify-response-text').html('');
+							}
+
+							// Callback for when the form is successfully submitted
+							function newUserSuccess(data) {
+								if (data.success == true) {
+									$('#newUser .ajaxify-response')
+										.addClass('alert-success')
+										.show()
+										.find('.ajaxify-response-text')
+											.html(data.message);
+
+									$('#newUser input, #newUser button').prop('disabled', false);
+									$('#newUser').data('bootstrapValidator').resetForm();
+								} else {
+									$('#newUser .ajaxify-response')
+										.addClass('alert-danger')
+										.show()
+										.find('.ajaxify-response-text')
+											.html(data.message);
+
+									$('#newUser input, #newUser button').prop('disabled', false);
+									$('#newUser').data('bootstrapValidator').resetForm();
+								}
+							}
+
+							// Callback for when form submission encountered an error
+							function newUserError() {
+								$('#newUser .ajaxify-response')
+									.addClass('alert-danger')
+									.show()
+									.find('.ajaxify-response-text')
+										.html('An unknown error occurred. Please contact support.');
+
+								$('#newUser input, #newUser button').prop('disabled', false);
+									$('#newUser').data('bootstrapValidator').resetForm();
+							}
+							</script>
 						</div>
 					</div>
 				</div>
-			</div>
+			<?php endif; ?>
 		</div>
 		<!-- /.row -->
 	</div>
diff --git a/include/users-new.php b/include/users-new.php
new file mode 100644
index 0000000..5d86a83
--- /dev/null
+++ b/include/users-new.php
@@ -0,0 +1,42 @@
+<?php
+/**
+ * BusinessAdmin: administrative software for small companies
+ * Copyright (C) 2015 Camil Staps (ViviSoft)
+ * 
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ * 
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ * 
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+define('REQUIRE_ADMIN', true);
+
+require_once('./conf.php');
+require_once('./login-ajax.php');
+
+$response = new response();
+
+try {
+	$pass = user::generateRandomPassword();
+	$user = BusinessAdmin::createUser($_pdo, $_REQUEST['username'], $pass);
+
+	if ($user === false) {
+		$response->success = false;
+		$response->message = "The user could not be created due to an error.";
+	} else {
+		$response->success = true;
+		$response->message = "User <i>'{$user->getUsername()}'</i> has been created with password <code>$pass</code>. <a class='alert-link' href='javascript:location.reload(true);'>Refresh the page</a>.";
+	}
+} catch (PDOException $e) {
+	$response->success = false;
+	$response->message = "The user could not be created due to a PDO error ({$e->getMessage()}).";
+}
+echo $response->getJson();
-- 
cgit v1.2.3

