added real logins, login administration, task viewer page, contractor main page

[contractor-progress.git] / people.php

<?php

# This form requires wfpl. See: http://jasonwoof.org/wfpl

# This form was initially auto-generated. If you would like to alter the
# parameters and generate a new one try this URL:
#
# http://jasonwoof.com/metaform/?form_name=people&opt_email=No&opt_db=Yes&opt_listing=Yes&opt_http_pass=No&fields=username+textbox%0D%0Apassword+textbox%0D%0Aname+textbox%0D%0Aprivs+int%0D%0Abalance+decimal&edit=yes


# SETUP

# To save results to a database, you'll need to create the people table
# (the file people.sql should help with this), and create the file
# 'code/db_connect.php' which calls db_connect() see:
# code/wfpl/examples/db_connect.php
#
# if you rename any of the database fields, you'll need to update this:

define('PEOPLE_DB_FIELDS', 'username,password,name,privs,balance');


require_once('code/wfpl/template.php');
require_once('code/wfpl/format.php');
require_once('code/wfpl/messages.php');
require_once('code/wfpl/email.php');
require_once('code/db_connect.php');

function people_get_fields() {
        $username = format_oneline($_REQUEST['username']);
        $password = format_oneline($_REQUEST['password']);
        $name = format_oneline($_REQUEST['name']);
        $privs = format_int($_REQUEST['privs']);
        $balance = format_decimal($_REQUEST['balance']);

        people_tem_sets($username, $password, $name, $privs, $balance);

        return array($username, $password, $name, $privs, $balance);
}

function people_tem_sets($username, $password, $name, $privs, $balance) {
        tem_set('username', $username);
        tem_set('password', $password);
        tem_set('name', $name);
        tem_set('privs', $privs);
        tem_set('balance', $balance);
}

# You may pass a "where clause" for the db query.
function people_display_listing($where = 'order by username limit 100') {
        $rows = db_get_rows('people', 'id,username', $where);
        if($rows == false || count($rows) == 0) {
                tem_show('empty_listing');
                tem_show('listings');
                return false;
        }

        foreach($rows as $row) {
                list($id, $username) = $row;
                tem_set('id', $id);
                if($username == '') {
                        $username = '--';
                }
                tem_set('username', $username);
                tem_show('listing_row');
        }
        tem_show('populated_listing');
        tem_show('listings');
        return true;
}

function people_main() {
        if(logged_in() != 1) { # FIXME get more sophisticated than first person in database is admin
                $GLOBALS['url'] = this_url();
                message('You must be logged in as an administrator to access that function');
                return 'login';
        }

        $ret = _people_main();
        if($ret) {
                return $ret;
        }
        tem_show('main_body');
}

function _people_main() {
        $edit_id = format_int($_REQUEST['people_edit_id']);
        unset($_REQUEST['people_edit_id']);
        if($edit_id) {
                # add hidden field for database id of row we're editing
                tem_set('people_edit_id', $edit_id);
                tem_show('editing');
        }

        $delete_id = format_int($_REQUEST['people_delete_id']);
        unset($_REQUEST['people_delete_id']);
        if($delete_id) {
                db_delete('people', 'where id=%i', $delete_id);
                message('Entry deleted.');

                return './people.html';
        }

        if(!$edit_id) {
                if(!isset($_REQUEST['people_new']) && !isset($_REQUEST['username'])) {
                        people_display_listing();
                        return;
                }
                
                tem_show('new_msg');
        }

        if(isset($_REQUEST['username'])) {
                list($username, $password, $name, $privs, $balance) = people_get_fields();

                if("you're happy with the POSTed values") {
                        if(strlen($password) == 35 && substr($password, 32, 1) == ':') {
                                $password_hash = $password; # so we can edit a record, and leave the password be
                        } else {
                                $password_hash = encrypt_password($password);
                        }

                        if($edit_id) {
                                db_update('people', PEOPLE_DB_FIELDS, $username, $password_hash, $name, $privs, $balance, 'where id=%i', $edit_id);
                                message('Entry updated.');
                        } else {
                                db_insert('people', PEOPLE_DB_FIELDS, $username, $password_hash, $name, $privs, $balance);
                                message('Entry saved.');
                        }
                        if($error !== true) {
                                return './people';
                        }
                }
                # otherwise, we display the form again. people_get_fields() has
                # already put the posted values back into the template engine, so they will
                # show up in the form fields. You should add some message asking people to
                # fix their entry in whatever way you require.
        } elseif($edit_id) {
                # we've recieved an edit id, but no data. So we grab the values to be edited from the database
                list($username, $password, $name, $privs, $balance) = db_get_row('people', PEOPLE_DB_FIELDS, 'where id=%i', $edit_id);
                people_tem_sets($username, $password, $name, $privs, $balance);
        } else {
                # form not submitted, you can set default values like so:
                #tem_set('username', 'Yes');
        }

        # this has to be later in the file because it requres that username be set already
        if($edit_id) {
                tem_show('edit_msg');
        }

        tem_show('form');
}

?>