[contractor-progress.git] / people.php

<?php

#  Copyright (C) 2008  Jason Woofenden
#
#  This program is free software: you can redistribute it and/or modify
#  it under the terms of the GNU Affero General Public License as published by
#  the Free Software Foundation, either version 3 of the License, or
#  (at your option) any later version.
#
#  This program is distributed in the hope that it will be useful,
#  but WITHOUT ANY WARRANTY; without even the implied warranty of
#  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#  GNU Affero General Public License for more details.
#
#  You should have received a copy of the GNU Affero General Public License
#  along with this program.  If not, see <http://www.gnu.org/licenses/>.


define('PEOPLE_DB_FIELDS', 'username,password,name,privs,balance');


require_once('code/wfpl/template.php');
require_once('code/wfpl/format.php');
require_once('code/wfpl/messages.php');
require_once('code/wfpl/email.php');
require_once('code/db_connect.php');

function people_get_fields() {
        $username = format_oneline($_REQUEST['username']);
        $password = format_oneline($_REQUEST['password']);
        $name = format_oneline($_REQUEST['name']);
        $privs = format_int($_REQUEST['privs']);
        $balance = format_decimal($_REQUEST['balance']);

        people_tem_sets($username, $password, $name, $privs, $balance);

        return array($username, $password, $name, $privs, $balance);
}

function people_tem_sets($username, $password, $name, $privs, $balance) {
        tem_set('username', $username);
        tem_set('password', $password);
        tem_set('name', $name);
        tem_set('privs', $privs);
        tem_set('balance', $balance);
}

# You may pass a "where clause" for the db query.
function people_display_listing($where = 'order by name limit 100') {
        $rows = db_get_rows('people', 'id,name,username', $where);
        if($rows == false || count($rows) == 0) {
                tem_show('empty_listing');
                tem_show('listings');
                return false;
        }

        foreach($rows as $row) {
                list($id, $name, $username) = $row;
                tem_set('id', $id);
                if($username == '') {
                        $username = '--';
                }
                tem_set('name', $name);
                tem_set('username', $username);
                tem_show('listing_row');
        }
        tem_show('populated_listing');
        tem_show('listings');
        return true;
}

function people_main() {
        if(!logged_in_as_contractor()) {
                $GLOBALS['url'] = this_url();
                message('You must be logged in as an administrator to access that function');
                return 'login';
        }

        $ret = _people_main();
        if($ret) {
                return $ret;
        }
        tem_show('main_body');
}

function _people_main() {
        $edit_id = format_int($_REQUEST['people_edit_id']);
        unset($_REQUEST['people_edit_id']);
        if($edit_id) {
                # add hidden field for database id of row we're editing
                tem_set('people_edit_id', $edit_id);
                tem_show('editing');
        }

        $delete_id = format_int($_REQUEST['people_delete_id']);
        unset($_REQUEST['people_delete_id']);
        if($delete_id) {
                db_delete('people', 'where id=%i', $delete_id);
                message('Entry deleted.');

                return './people.html';
        }

        if(!$edit_id) {
                if(!isset($_REQUEST['people_new']) && !isset($_REQUEST['username'])) {
                        people_display_listing();
                        return;
                }
                
                tem_show('new_msg');
        }

        if(isset($_REQUEST['username'])) {
                list($username, $password, $name, $privs, $balance) = people_get_fields();

                if("you're happy with the POSTed values") {
                        if(strlen($password) == 35 && substr($password, 32, 1) == ':') {
                                $password_hash = $password; # so we can edit a record, and leave the password be
                        } else {
                                $password_hash = encrypt_password($password);
                        }

                        if($edit_id) {
                                db_update('people', PEOPLE_DB_FIELDS, $username, $password_hash, $name, $privs, $balance, 'where id=%i', $edit_id);
                                message('Entry updated.');
                        } else {
                                db_insert('people', PEOPLE_DB_FIELDS . ',tiny_agreement', $username, $password_hash, $name, $privs, $balance, 1000);
                                message('Entry saved.');
                        }
                        if($error !== true) {
                                return './people';
                        }
                }
                # otherwise, we display the form again. people_get_fields() has
                # already put the posted values back into the template engine, so they will
                # show up in the form fields. You should add some message asking people to
                # fix their entry in whatever way you require.
        } elseif($edit_id) {
                # we've recieved an edit id, but no data. So we grab the values to be edited from the database
                list($username, $password, $name, $privs, $balance) = db_get_row('people', PEOPLE_DB_FIELDS, 'where id=%i', $edit_id);
                people_tem_sets($username, $password, $name, $privs, $balance);
        } else {
                # form not submitted, you can set default values like so:
                #tem_set('username', 'Yes');
        }

        # this has to be later in the file because it requres that username be set already
        if($edit_id) {
                tem_show('edit_msg');
        }

        tem_show('form');
}

?>