These users are system users who can access to system and perform tasks. We created a menu called "users" to access this option and linked to "users.php" file. Users can also assign privileges that restrict operations in the system. There are three privileges;
- Manage Inventory
- Billing
- Manage Users
User must have at least one privilege or more. We record these privileges along with user name and password in the users table. Create, Edit and Delete operations are all handled in same "users.php" page.
<?php include("header.php"); ?>
<script type="text/javascript">
function delUser(id){
var r=confirm("Are you sure you want to delete this user? all data associated with this user will be deleted or become unavailable!");
if(r==true){
window.location="delete_user.php?id="+id;
}
}
function addnew(){
window.location="users.php";
}
</script>
<div style="width:60%; float:left; margin-right:30px;">
<h3>New User / Edit User</h3>
<?php
// form processing
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if(!isset($_POST['chkbox'])){
$error = "Please select one or more privileges for this user!";
}else{
$privileges = $_POST['chkbox'];
$priv = "";
for($i=0; $i<count($privileges); $i++){
$priv .= $privileges[$i].", ";
}
}
if($username == ''){ $error = "Please enter User Name!"; }
if($password == ''){ $error = "Please enter a Password!"; }
// duplicate check
if(isset($_GET['act'])){
$uid = $_GET['id'];
$q = mysql_query("SELECT * FROM users WHERE User_Name = '$username' AND User_ID != '$uid'");
}else{
$q = mysql_query("SELECT * FROM users WHERE User_Name = '$username'");
}
if(mysql_num_rows($q) > 0){
$error = "Another user with the same name already exists in the database. Please select a different name!";
}
if(!isset($error)){
if(isset($_GET['act'])){ // user update request
$uid = $_GET['id'];
mysql_query("
UPDATE users SET User_Name = '$username', User_Password = '$password', User_Privileges = '$priv'
WHERE User_ID = '$uid'
");
$noerror = "User details has been updated!";
}else{ // add new user request
mysql_query("
INSERT INTO users (User_Name, User_Password, User_Privileges)
VALUES ('$username', '$password','$priv')
");
$noerror = "User has been added to the database!";
}
}
}
// end of form processing
if(isset($error)){
echo "<div class=\"error\">{$error}</div>";
}
if(isset($noerror)){
echo "<div class=\"noerror\">";
echo $noerror;
echo "</div>";
}
?>
<?php
// user editing
if(isset($_GET['act'])){
$uid = $_GET['id'];
$q = mysql_query("SELECT * FROM users WHERE User_ID = '$uid'");
$r = mysql_fetch_assoc($q);
function checkprev($str){
$uid = $_GET['id'];
$a = mysql_query("SELECT * FROM users WHERE User_ID = '$uid'");
$b = mysql_fetch_assoc($a);
$c = $b['User_Privileges'];
if(stristr($c, $str)){
return "Checked";
}
}
}
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<table>
<tr>
<td>User Name:</td><td><input type="text" size="35" name="username" value="<?php if(isset($_GET['act'])){ echo $r['User_Name']; } ?>"></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" size="10" name="password"></td>
</tr>
<tr>
<td> </td><td> </td>
</tr>
<tr>
<td colspan="2" style="background-color:#D2F2D3; border:1px solid #0033CC; padding-left:3px; "><strong>Previleges</strong></td>
</tr>
<tr>
<td colspan="2" style="border:1px solid #0033CC; ">
<table>
<tr>
<td><input type="checkbox" name="chkbox[]" value="Manage Inventory" <?php if(isset($_GET['act'])){ echo checkprev('Manage Inventory'); } ?>> Manage Inventory</td>
<td><input type="checkbox" name="chkbox[]" value="Billing" <?php if(isset($_GET['act'])){ echo checkprev('Billing'); } ?>> Billing</td>
<td><input type="checkbox" name="chkbox[]" value="Manage Users" <?php if(isset($_GET['act'])){ echo checkprev('Manage Users'); } ?>> Manage Users</td>
</tr>
</table>
</td>
</tr>
<tr><td colspan="2"> </td></tr>
<tr>
<td colspan="2"><input class="btn" type="submit" name="submit" value="<?php if(isset($_GET['act'])){ echo "Update User"; }else{ echo "Add User"; } ?>"> <?php if(isset($_GET['act'])){ echo " <input class='btn' type='button' value='« Back' onclick='addnew()' />"; } ?></td>
</tr>
</table>
</form>
</div>
<div style="width:36%; float:left;">
<h3>System Users</h3>
<table width="97.5%" cellpadding="3px" cellspacing="1px">
<tr id="header-row">
<td>User ID</td>
<td>User Name</td>
<td>Actions</td>
</tr>
<?php
$q = mysql_query("SELECT User_ID, User_Name FROM users");
while($r = mysql_fetch_assoc($q)){
echo "<tr id=\"sh1\"><td>{$r['User_ID']}</td><td>{$r['User_Name']}</td><td>";
echo "<a href=\"users.php?act=&id={$r['User_ID']}\">Edit</a> | <a href=\"javascript: delUser({$r['User_ID']})\">Delete</a>";
echo "</td></tr>";
}
?>
</table>
</div>
<div style="clear:both;"></div>
<?php include("footer.php"); ?>
0 comments:
Post a Comment