<?PHP
/*-----------------------------------------------------------------------**
---------------------------------------------------------------------------
IPM (Incyte Project Manager)
PHP based project tracking tool
Copyright (c) 2001 by phlux
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
---------------------------------------------------------------------------
**-----------------------------------------------------------------------*/
function userdetails($id) {
// This function gives a limited summary for all of a user's
// projects and tasks.
dbconnect();
include ("config.php");
include ("admin-header.php");
global $PHP_SELF;
$query = "SELECT * FROM IPM_users WHERE id='$id'";
$result = mysql_query($query);
$query2 = "SELECT id FROM IPM_tasks WHERE person='$id' AND status='1' GROUP BY 'id'";
$result2 = mysql_query($query2);
$project_total = mysql_num_rows($result2);
$query3 = "SELECT id FROM IPM_tasks WHERE person='$id' AND status='1'";
$result3 = mysql_query($query3);
$task_total = mysql_num_rows($result3);
while ($userinfo = mysql_fetch_array($result)){
if ($userinfo[role] == "1") {
$role = "Administrator";
} else {
$role = "General User";
}
?>
<table width=50% border=1 bordercolor=black align=center cellpadding=4 cellspacing=0>
<tr valign=top>
<td class=header colspan=2>
User Details for <b><?=$userinfo[firstname]?> <?=$userinfo[lastname]?></b>
</td>
</tr>
<tr valign=top>
<td class=darker width=38% align=right>
Username: <br>
Role: <br>
Email Address: <br>
Total Active Projects: <br>
Total Open Tasks: <br>
</td>
<td class=lighter width=62% align=left>
<b><?=$userinfo[username]?></b><br>
<b><?=$role?></b><br>
<a href=mailto:<?=$userinfo[email]?>><?=$userinfo[email]?></b></a><br>
<b><?=$project_total?></b><br>
<b><?=$task_total?></b><br>
</td>
</tr>
</table>
<?
}
}
function adduser($code) {
// Function to add a new user to the IPM system.
dbconnect();
include ("config.php");
include ("admin-header.php");
global $PHP_SELF, $HTTP_POST_VARS;
if (isset($code)) {
switch ($code) {
case "add2":
message("Blank Password or Passwords did not match. User was not added.");
break;
case "add3":
message("That username is already in use. You will need to choose a different username.");
break;
}
}
?>
<form action=<?=$PHP_SELF?> method=post>
<table align=center border=0 cellspacing=0 cellpadding=2 bgcolor=$tablebg2 width=50%>
<tr valign=top>
<td colspan=2 class=header align=center>
<b>Adding New User</b>
</td>
</tr>
<tr>
<td width=38% class=darker align=right>
<b>First Name: </b>
</td>
<td width=62% class=lighter>
<input type=text name=firstname value="<?=$HTTP_POST_VARS[firstname]?>">
</td>
</tr>
<tr>
<td class=darker align=right>
<b>Last Name: </b>
</td>
<td class=lighter>
<input type=text name=lastname value="<?=$HTTP_POST_VARS[lastname]?>">
</td>
</tr>
<tr>
<td class=darker align=right>
<b>Username: </b>
</td>
<td class=lighter>
<input type=text name=username value="<?=$HTTP_POST_VARS[username]?>">
</td>
</tr>
<tr>
<td class=darker align=right>
<b>Password: </b>
</td>
<td class=lighter>
<input name=pass1 size=12 type=password value="<?=$HTTP_POST_VARS[pass1]?>"> <input name=pass2 type=password size=12 value="<?=$HTTP_POST_VARS[pass2]?>">
<br>Password must be entered twice.
</td>
</tr>
<tr>
<td class=darker align=right><b>
<b>Email Address: </b>
</td>
<td class=lighter>
<input name=email type=text value="<?=$HTTP_POST_VARS[email]?>">
</td>
</tr>
<tr>
<td class=darker align=right>
<b>Role: </b>
</td>
<td class=lighter>
<select name=role>
<option value=0 selected>General User</option>
<option value=1>Administrator</option>
</select>
</td>
</tr>
<tr>
<td class=header align=center colspan=2>
<input type=submit value="Add User">
</td>
</tr>
</table>
<input type=hidden name=op value=adduseraction>
</form>
<? include ("footer.php");
}
function adduseraction($firstname, $lastname, $username, $pass1, $pass2, $email, $role) {
// Insert the new user in the DB
// MD5 support added by Luis Arias (luis@elysia.com)
dbconnect();
global $PHP_SELF;
$query="SELECT id FROM IPM_users WHERE username='$username'";
$result=mysql_query($query);
// see if username already exists on the system
if (mysql_num_rows($result) > 0) {
$code="add3";
adduser($code);
} else {
if (($pass1 != "") && ($pass1 == $pass2)) {
$query="INSERT INTO IPM_users VALUES (NULL,'$username','".md5($pass1)."','$firstname','$lastname','$email','$role')";
if (mysql_query($query)) {
$code="add1";
} else {
$code="add0";
}
userlist($code);
} else {
$code="add2";
adduser($code);
}
}
}
function edituseraction($id, $firstname, $lastname, $username, $pass1, $pass2, $email, $role) {
// Edit the user in the DB
dbconnect();
global $PHP_SELF;
$query="SELECT id FROM IPM_users WHERE username='$username'";
$result=mysql_query($query);
// see if username already exists on the system
if ($name=mysql_fetch_row($result)) {
if ($name[0] != $id) {
edituser($id, "edit3");
} else {
if ($pass1 && $pass2) {
if ($pass1 == $pass2) {
$query="update IPM_users SET username='$username', password='".md5($pass1)."', firstname='$firstname', lastname='$lastname', role='$role', email='$email' where id='$id'";
$result=mysql_query($query);
if ($result) {
$code="edit1";
} else {
$code="edit0";
}
userlist($code);
return;
} else {
$code="edit2";
edituser($id, $code);
return;
}
} else {
$query="update IPM_users SET username='$username', firstname='$firstname', lastname='$lastname', role='$role', email='$email' where id='$id'";
$result=mysql_query($query);
if ($result) {
$code="edit1";
} else {
$code="edit0";
}
userlist($code);
return;
}
}
}
}
function edituser($id, $code) {
// Build form for editing users
dbconnect();
include ("config.php");
include ("admin-header.php");
global $PHP_SELF, $HTTP_POST_VARS;
if (isset($code)) {
switch ($code) {
case "edit2":
message("Blank Password or Passwords did not match. User was not updated.");
break;
case "edit3":
message("That username is already in use. You will need to choose a different username.");
break;
}
}
$query="SELECT * FROM IPM_users WHERE id='$id'";
$result=mysql_query($query);
while ($list=mysql_fetch_array($result)) {
?>
<form action=<?=$PHP_SELF?> method=post>
<input type=hidden name=op value=edituseraction>
<input type=hidden name=id value="<?=$id?>">
<table align=center border=0 cellspacing=0 cellpadding=2 bgcolor=$tablebg2 width=50%>
<tr valign=top>
<td colspan=2 class=header align=center>
<b>Editing User: <?=$list[username]?></b>
</td>
</tr>
<tr>
<td width=38% class=darker align=right>
<b>First Name: </b>
</td>
<td width=62% class=lighter>
<input type=text name=firstname value="<?=$list[firstname]?>">
</td>
</tr>
<tr>
<td class=darker align=right>
<b>Last Name: </b>
</td>
<td class=lighter>
<input type=text name=lastname value="<?=$list[lastname]?>">
</td>
</tr>
<tr>
<td class=darker align=right>
<b>Username: </b>
</td>
<td class=lighter>
<input type=text name=username value="<?=$list[username]?>">
</td>
</tr>
<tr>
<td class=darker align=right>
<b>Update Password: </b>
</td>
<td class=lighter>
<input name=pass1 size=12 type=password value="<?=$HTTP_POST_VARS[pass1]?>"> <input name=pass2 type=password size=12 value="<?=$HTTP_POST_VARS[pass2]?>">
<br>Password must be entered twice.<br>ONLY ENTER PASSWORD IF YOU WANT TO CHANGE IT!
</td>
</tr>
<tr>
<td class=darker align=right><b>
<b>Email Address: </b>
</td>
<td class=lighter>
<input name=email type=text value="<?=$list[email]?>">
</td>
</tr>
<tr>
<td class=darker align=right>
<b>Role: </b>
</td>
<td class=lighter>
<select name=role>
<? if ($list[role] == "1") {
echo "<option value=1 selected>Administrator</option>";
} else {
echo "<option value=0 selected>General User</option>";
}?>
<option value="<?=$list[role]?>">----------</option>
<option value=0>General User</option>
<option value=1>Administrator</option>
</select>
</td>
</tr>
<tr>
<td class=header align=center colspan=2>
<input type=submit value="Update User">
</td>
</tr>
</table>
</form>
<?
}
include ("footer.php");
}
function confirmdeleteuser($id) {
// Makes sure you REALLY want to delete someone
dbconnect();
$query = "SELECT * FROM IPM_users WHERE id=$id";
$result = mysql_query($query);
$list = mysql_fetch_array($result);
include ("config.php");
include ("admin-header.php");
global $PHP_SELF;
?>
<table align=center width=70% border=1 bordercolor=black cellspacing=0 cellpadding=4>
<tr>
<td class=header align=center>
Are you sure you want to delete <b><?=$list[firstname]?> <?=$list[lastname]?></b>?
</td>
</tr>
<tr>
<td align=center class=importantmessage>
ALL OF THE USER'S PREFERENCES WILL BE DELETED <br><b>THIS WILL CAUSE ERRORS IF THE DELETED USER IS STILL ASSIGNED TO TASKS!</b>
</td>
</tr>
<tr>
<td align=center class=message>
<a href=<?=$PHP_SELF?>?op=deleteuser&id=<?=$id?>>[YES]</a> :: <a href=Javascript:history.go(-1)>[NO]</a>
</td>
</tr>
</table>
<?
include ("footer.php");
}
function deleteuser($id) {
// deletes a user from the database but leaves their tasks to be
// reassigned or deleted manually
dbconnect();
include ("config.php");
global $PHP_SELF;
$query = "DELETE FROM IPM_users WHERE id='$id'";
if ($result = mysql_query($query)) {
$code="del1";
} else {
$code="del0";
}
userlist($code);
return;
}
function userlist($code) {
// Show a list of all IPM users and provide links for adding/editing/deleting them
dbconnect();
include ("config.php");
global $PHP_SELF;
$query = "SELECT * FROM IPM_users";
$result = mysql_query($query);
include ("admin-header.php");
if (isset($code)) {
switch ($code) {
case "add1":
message("User Successfully Added");
break;
case "add0":
message("Error Adding User");
break;
case "edit1":
message("User Successfully Updated");
break;
case "edit0":
message("Error Updating User");
break;
case "del1":
message("User Successfully Deleted");
break;
case "del0":
message("Error Deleting User");
break;
}
}
?>
<table align=center width=50% border=1 bordercolor=black cellspacing=0 cellpadding=4>
<tr valign=middle>
<td class=header align=left>
<? $string=popuploader("list", "Sort by Last Name <b>(A-Z)</b>", "<b>Full Name</b>", $PHP_SELF, "headerlink"); ?>
<?=$string?>
</td>
<td align=center class=header nowrap>
Show Details
</td>
<td align=center class=header nowrap>
Username
</td>
<td align=right class=header nowrap>
<a class=headerlink href=<?=$PHP_SELF?>?op=adduser>[ADD USERS]</a>
</td>
</tr>
<? while ($list=mysql_fetch_array($result)) {
?>
<tr valign=top>
<td align=left class=lighter>
<a class=biglink href=<?=$PHP_SELF?>?op=edituser&id=<?=$list[id]?>><?=$list[lastname]?>, <?=$list[firstname]?></a>
</td>
<td align=center class=lighter width=10% nowrap>
<a href=<?=$PHP_SELF?>?op=userdetails&id=<?=$list[id]?>>[DETAILS]</a>
</td>
<td align=center class=darker width=10% nowrap>
<?=$list[username]?>
</td>
<td align=center class=lighter width=10% nowrap>
<a href=<?=$PHP_SELF?>?op=confirmdeleteuser&id=<?=$list[id]?>>[DELETE]</a>
</td>
</tr>
<?
}
echo "</table>";
include ("footer.php");
}
function dbconnect() {
// This function makes a connection to the SQL server and grabs the appropriate
// database for use in all the other functions.
include ("config.php");
if (!$db=mysql_connect($db_servername, $db_username, $db_password)) {
echo "ERROR! UNABLE TO CONNECT TO DATABASE";
}
if (!mysql_select_db($db_dbname)) {
echo "ERROR! UNABLE TO FIND $db_dbname DATABASE";
}
}
function authenticate() {
global $uid;
return $uid;
}
function isadmin() {
// Returns true if the logged in user has admin privleges.
include ("config.php");
dbconnect();
$user_id=authenticate();
$query="SELECT role FROM IPM_users WHERE id='$user_id'";
$result=mysql_query($query);
while ($list=mysql_fetch_row($result)){
if ($list[0] == 1) {
return 1;
} else {
return;
}
}
}
function unauthorized() {
// If you hit cancel on the authentication screen or you fail 3 times
// this function is called and displays a message.
include ("config.php");
echo "<html><head><link rel=stylesheet type=text/css href=$stylesheet_url>"
."<title>$page_title$version</title></head><body><br><br>";
message("$unauthorizedmessage");
echo "</body></html>";
}
function logged_out() {
// If you hit cancel on the authentication screen or you fail 3 times
// this function is called and displays a message.
include ("config.php");
echo "<html><head><link rel=stylesheet type=text/css href=$stylesheet_url>"
."<title>$page_title$version</title></head><body><br><br>";
message("You are now logged out of IPM");
echo "</body></html>";
}
function popuploader($id, $description, $linkname, $url, $class) {
// This function takes a project id and and compares the todo hours
// to the finished hours to make a percent done
include ("config.php");
echo "<a name=$id href=$url onMouseOver=\"window.status='$linkname'; show('box-$id'); return true;\" onMouseOut=\"hide('box-$id'); return true;\" class=\"$class\">$linkname</a>";
$res= "<DIV ID=box-$id class=hidden>\n"
."<table border=1 cellpadding=5 cellspacing=0 bordercolor=black width=300>"
."<tr>"
." <td class=popup>"
." <b>$linkname</b><br>"
." <li class=popup>";
$res .=nl2br($description);
$res .=" </td>"
."</tr>"
."</table>"
."</div>";
return $res;
}
function message($message) {
// writes a pre-formated message to the screen (used for results display)
?>
<table align=center width=40% border=1 bordercolor=black cellspacing=0 cellpadding=4>
<tr class=message>
<td align=center>
<?=$message?>
</td>
</tr>
</table>
<br><br>
<?
}
if (!isadmin()) {
header("Location: index.php");
flush();
exit();
}
switch ($op) {
case "userdetails":
userdetails($id);
break;
case "userlist":
userlist($code);
break;
case "userstats":
userstats($user);
break;
case "adduser":
adduser($code);
break;
case "adduseraction":
adduseraction($firstname, $lastname, $username, $pass1, $pass2, $email, $role);
break;
case "edituser":
edituser($id, $code);
break;
case "edituseraction":
edituseraction($id, $firstname, $lastname, $username, $pass1, $pass2, $email, $role);
break;
case "confirmdeleteuser":
confirmdeleteuser($id);
break;
case "deleteuser":
deleteuser($id);
break;
default:
userlist($code);
break;
}
?>
