From 8cf255072cab8250cc576b47b341d6d266b4339e Mon Sep 17 00:00:00 2001
From: laf <neil@lathwood.co.uk>
Date: Mon, 10 Mar 2014 23:50:16 +0000
Subject: [PATCH] Updated edit user screen so you can now update details

---
 .../includes/authentication/http-auth.inc.php |  16 ++
 html/includes/authentication/ldap.inc.php     |  18 ++
 html/includes/authentication/mysql.inc.php    |  16 ++
 html/pages/edituser.inc.php                   | 212 +++++++++++++++---
 4 files changed, 233 insertions(+), 29 deletions(-)

diff --git a/html/includes/authentication/http-auth.inc.php b/html/includes/authentication/http-auth.inc.php
index 9b0f511072..651785966d 100644
--- a/html/includes/authentication/http-auth.inc.php
+++ b/html/includes/authentication/http-auth.inc.php
@@ -79,4 +79,20 @@ function get_userlist()
   return dbFetchRows("SELECT * FROM `users`");
 }
 
+function can_update_users()
+{
+  # supported so return 1
+  return 1;
+}
+
+function get_user($user_id)
+{
+   return dbFetchRow("SELECT * FROM `users` WHERE `user_id` = ?", array($user_id));
+}
+
+function update_user($user_id,$realname,$level,$can_modify_passwd,$email)
+{
+  dbUpdate(array('realname' => $realname, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
+}
+
 ?>
diff --git a/html/includes/authentication/ldap.inc.php b/html/includes/authentication/ldap.inc.php
index d640097d70..2ae73110e2 100644
--- a/html/includes/authentication/ldap.inc.php
+++ b/html/includes/authentication/ldap.inc.php
@@ -163,4 +163,22 @@ function get_userlist()
   return $userlist;
 }
 
+function can_update_usesr()
+{
+  # not supported so return 0
+  return 0;
+}
+
+function get_user($user_id)
+{
+  # not supported
+  return 0;
+}
+
+function update_user($user_id,$realname,$level,$can_modify_passwd,$email)
+{
+  # not supported
+  return 0;
+}
+
 ?>
diff --git a/html/includes/authentication/mysql.inc.php b/html/includes/authentication/mysql.inc.php
index 67b2c5990a..151830d702 100644
--- a/html/includes/authentication/mysql.inc.php
+++ b/html/includes/authentication/mysql.inc.php
@@ -145,4 +145,20 @@ function get_userlist()
   return dbFetchRows("SELECT * FROM `users`");
 }
 
+function can_update_users()
+{
+  # supported so return 1
+  return 1;
+}
+
+function get_user($user_id)
+{
+   return dbFetchRow("SELECT * FROM `users` WHERE `user_id` = ?", array($user_id));
+}
+
+function update_user($user_id,$realname,$level,$can_modify_passwd,$email)
+{
+  dbUpdate(array('realname' => $realname, 'level' => $level, 'can_modify_passwd' => $can_modify_passwd, 'email' => $email), 'users', '`user_id` = ?', array($user_id));
+}
+
 ?>
diff --git a/html/pages/edituser.inc.php b/html/pages/edituser.inc.php
index d4203a35ee..4f6106b455 100644
--- a/html/pages/edituser.inc.php
+++ b/html/pages/edituser.inc.php
@@ -8,7 +8,7 @@ $pagetitle[] = "Edit user";
 
 if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else
 {
-  if ($vars['user_id'])
+  if ($vars['user_id'] && !$vars['edit'])
   {
     $user_data = dbFetchRow("SELECT * FROM users WHERE user_id = ?", array($vars['user_id']));
       echo("<p><h2>" . $user_data['realname'] . "</h2><a href='edituser/'>Change...</a></p>");
@@ -57,28 +57,41 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
       }
     }
 
-    echo("<table width=100%><tr><td valign=top width=33%>");
+    echo('<div class="row">
+           <div class="col-md-4">');
 
     // Display devices this users has access to
     echo("<h3>Device Access</h3>");
 
+    echo("<div class='panel panel-default panel-condensed'>
+            <table class='table table-hover table-condensed table-striped'>
+              <tr>
+                <th>Device</th>
+                <th>Action</th>
+              </tr>");
+
     $device_perms = dbFetchRows("SELECT * from devices_perms as P, devices as D WHERE `user_id` = ? AND D.device_id = P.device_id", array($vars['user_id']));
     foreach ($device_perms as $device_perm)
     {
-      echo("<strong>" . $device_perm['hostname'] . " <a href='edituser/action=deldevperm/user_id=" . $vars['user_id'] . "/device_id=" . $device_perm['device_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></strong><br />");
+      echo("<tr><td><strong>" . $device_perm['hostname'] . "</td><td> <a href='edituser/action=deldevperm/user_id=" . $vars['user_id'] . "/device_id=" . $device_perm['device_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></strong></td></tr>");
       $access_list[] = $device_perm['device_id'];
       $permdone = "yes";
     }
 
+    echo("</table>
+          </div>");
+
     if (!$permdone) { echo("None Configured"); }
 
     // Display devices this user doesn't have access to
     echo("<h4>Grant access to new device</h4>");
-    echo("<form method='post' action=''>
+    echo("<form class='form-inline' role='form' method='post' action=''>
             <input type='hidden' value='" . $vars['user_id'] . "' name='user_id'>
             <input type='hidden' value='edituser' name='page'>
             <input type='hidden' value='adddevperm' name='action'>
-            <select name='device_id' class=selector>");
+            <div class='form-group'>
+              <label class='sr-only' for='device_id'>Device</label>
+              <select name='device_id' id='device_id' class='form-control'>");
 
     $devices = dbFetchRows("SELECT * FROM `devices` ORDER BY hostname");
     foreach ($devices as $device)
@@ -91,32 +104,52 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
       }
     }
 
-    echo("</select> <input type='submit' name='Submit' value='Add'></form>");
+    echo("</select>
+           </div>
+           <button type='submit' class='btn btn-default' name='Submit'>Add</button></form>");
 
-    echo("</td><td valign=top width=33%>");
+    echo("</div>
+          <div class='col-md-4'>");
     echo("<h3>Interface Access</h3>");
 
     $interface_perms = dbFetchRows("SELECT * from ports_perms as P, ports as I, devices as D WHERE `user_id` = ? AND I.port_id = P.port_id AND D.device_id = I.device_id", array($vars['user_id']));
 
+    echo("<div class='panel panel-default panel-condensed'>
+            <table class='table table-hover table-condensed table-striped'>
+              <tr>
+                <th>Interface name</th>
+                <th>Action</th>
+              </tr>");
     foreach ($interface_perms as $interface_perm)
     {
-      echo("<table><tr><td><strong>".$interface_perm['hostname']." - ".$interface_perm['ifDescr']."</strong><br />".
-                  "" . $interface_perm['ifAlias'] . "</td><td width=50>&nbsp;&nbsp;<a href='edituser/action=delifperm/user_id=" . $vars['user_id'] .
-       "/port_id=" . $interface_perm['port_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></td></tr></table>");
+      echo("<tr>
+              <td>
+                <strong>".$interface_perm['hostname']." - ".$interface_perm['ifDescr']."</strong>".
+                  "" . $interface_perm['ifAlias'] . "
+              </td>
+              <td>
+                &nbsp;&nbsp;<a href='edituser/action=delifperm/user_id=" . $vars['user_id'] .
+       "/port_id=" . $interface_perm['port_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a>
+              </td>
+            </tr>");
       $ipermdone = "yes";
     }
+    echo("</table>
+          </div>");
 
     if (!$ipermdone) { echo("None Configured"); }
 
     // Display devices this user doesn't have access to
     echo("<h4>Grant access to new interface</h4>");
 
-    echo("<form action='' method='post'>
+    echo("<form action='' method='post' class='form-horizontal' role='form'>
         <input type='hidden' value='" . $vars['user_id'] . "' name='user_id'>
         <input type='hidden' value='edituser' name='page'>
         <input type='hidden' value='addifperm' name='action'>
-        <table><tr><td>Device: </td>
-         <td><select id='device' class='selector' name='device' onchange='getInterfaceList(this)'>
+        <div class='form-group'>
+          <label for='device' class='col-sm-2 control-label'>Device: </label>
+          <div class='col-sm-10'>
+            <select id='device' class='form-control' name='device' onchange='getInterfaceList(this)'>
           <option value=''>Select a device</option>");
 
     foreach ($devices as $device)
@@ -126,34 +159,63 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
       if (!$done) { echo("<option value='" . $device['device_id']  . "'>" . $device['hostname'] . "</option>"); }
     }
 
-    echo("</select></td></tr><tr>
-       <td>Interface: </td><td><select class=selector id='port_id' name='port_id'>
-       </select></td>
-       </tr><tr></table><input type='submit' name='Submit' value='Add'></form>");
+    echo("</select>
+          </div>
+          </div>
+          <div class='form-group'>
+            <label for='port_id' class='col-sm-2 control-label'>Interface: </label>
+            <div class='col-sm-10'>
+              <select class='form-control' id='port_id' name='port_id'>
+              </select>
+            </div>
+         </div>
+         <div class='form-group'>
+           <div class='col-sm-12'>
+             <button type='submit' name='Submit' value='Add'>Add</button>
+           </div>
+         </div>
+       </form>");
 
-    echo("</td><td valign=top width=33%>");
+    echo("</div>
+          <div class='col-md-4'>");
     echo("<h3>Bill Access</h3>");
 
     $bill_perms = dbFetchRows("SELECT * from bills AS B, bill_perms AS P WHERE P.user_id = ? AND P.bill_id = B.bill_id", array($vars['user_id']));
 
+    echo("<div class='panel panel-default panel-condensed'>
+            <table class='table table-hover table-condensed table-striped'>
+            <tr>
+              <th>Bill name</th>
+              <th>Action</th>
+            </tr>");
+
     foreach ($bill_perms as $bill_perm)
     {
-      echo("<table><tr><td><strong>".$bill_perm['bill_name']."</strong></td><td width=50>&nbsp;&nbsp;<a href='edituser/action=delbillperm/user_id=" .
-        $vars['user_id'] . "/bill_id=" . $bill_perm['bill_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></td></tr></table>");
+      echo("<tr>
+              <td>
+                <strong>".$bill_perm['bill_name']."</strong></td><td width=50>&nbsp;&nbsp;<a href='edituser/action=delbillperm/user_id=" .
+        $vars['user_id'] . "/bill_id=" . $bill_perm['bill_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a>
+              </td>
+            </tr>");
       $bill_access_list[] = $bill_perm['bill_id'];
 
       $bpermdone = "yes";
     }
 
+    echo("</table>
+          </div>");
+
     if (!$bpermdone) { echo("None Configured"); }
 
     // Display devices this user doesn't have access to
     echo("<h4>Grant access to new bill</h4>");
-    echo("<form method='post' action=''>
+    echo("<form method='post' action='' class='form-inline' role='form'>
             <input type='hidden' value='" . $vars['user_id'] . "' name='user_id'>
             <input type='hidden' value='edituser' name='page'>
             <input type='hidden' value='addbillperm' name='action'>
-            <select name='bill_id' class=selector>");
+            <div class='form-group'>
+              <label class='sr-only' for='bill_id'>Bill</label>
+              <select name='bill_id' class='form-control' id='bill_id'>");
 
     $bills = dbFetchRows("SELECT * FROM `bills` ORDER BY `bill_name`");
     foreach ($bills as $bill)
@@ -166,9 +228,98 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
       }
     }
 
-    echo("</select> <input type='submit' name='Submit' value='Add'></form>");
-    echo("</td></table>");
+    echo("</select>
+          </div>
+          <button type='submit' name='Submit' value='Add'>Add</button>
+        </form>
+        </div>");
 
+  } elseif ($vars['user_id'] && $vars['edit']) {
+
+    if(!empty($vars['new_level']))
+    {
+      if($vars['can_modify_passwd'] == 'on') {
+        $vars['can_modify_passwd'] = '1';
+      }
+      update_user($vars['user_id'],$vars['new_realname'],$vars['new_level'],$vars['can_modify_passwd'],$vars['new_email']);
+      print_message("User has been updated");
+    }
+
+    if(can_update_users() == '1') {
+
+      $users_details = get_user($vars['user_id']);
+      if(!empty($users_details))
+      {
+
+        if(empty($vars['new_realname']))
+        {
+          $vars['new_realname'] = $users_details['realname'];
+        }
+        if(empty($vars['new_level']))
+        {
+          $vars['new_level'] = $users_details['level'];
+        }
+        if(empty($vars['can_modify_passwd']))
+        {
+          $vars['can_modify_passwd'] = $users_details['can_modify_passwd'];
+        } elseif($vars['can_modify_passwd'] == 'on') {
+          $vars['can_modify_passwd'] = '1';
+        }
+        if(empty($vars['new_email']))
+        {
+          $vars['new_email'] = $users_details['email'];
+        }
+
+        echo("<form class='form-horizontal' role='form' method='post' action=''>
+  <input type='hidden' name='user_id' value='" . $vars['user_id'] . "'>
+  <input type='hidden' name='edit' value='yes'>
+  <div class='form-group'>
+    <label for='new_realname' class='col-sm-2 control-label'>Realname</label>
+    <div class='col-sm-4'>
+      <input name='new_realname' class='form-control input-sm' value='". $vars['new_realname']  ."'>
+    </div>
+    <div class='col-sm-6'>
+    </div>
+  </div>
+  <div class='form-group'>
+    <label for='new_email' class='col-sm-2 control-label'>Email</label>
+    <div class='col-sm-4'>
+      <input name='new_email' class='form-control input-sm' value='". $vars['new_email']  ."'>
+    </div>
+    <div class='col-sm-6'>
+    </div>
+  </div>
+  <div class='form-group'>
+    <label for='new_level' class='col-sm-2 control-label'>Level</label>
+    <div class='col-sm-4'>
+      <select name='new_level' class='form-control input-sm'>
+        <option value='1'"); if( $vars['new_level'] == '1') { echo("selected"); } echo(">Normal User</option>
+        <option value='5'"); if( $vars['new_level'] == '5') { echo("selected"); } echo(">Global Read</option>
+        <option value='10'"); if( $vars['new_level'] == '10') { echo("selected"); } echo(">Administrator</option>
+      </select>
+    </div>
+    <div class='col-sm-6'>
+    </div>
+  </div>
+  <div class='form-group'>
+    <div class='col-sm-6'>
+      <div class='checkbox'>
+        <label>
+          <input type='checkbox' "); if($vars['can_modify_passwd'] == '1') { echo "checked='checked'"; } echo(" name='can_modify_passwd'> Allow the user to change his password.
+        </label>
+      </div>
+    </div>
+    <div class='col-sm-6'>
+    </div>
+  </div>
+  <button type='submit' class='btn btn-default'>Update User</button>
+  </form>");    
+      } else {
+        echo print_error("Error getting user details");
+      }
+    } else {
+      echo print_error("Authentication method doesn't support updating users");
+    }
   } else {
 
     $user_list = get_userlist();
@@ -177,18 +328,21 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
 
     echo("<form method='post' action='' class='form-horizontal' role='form'>
             <input type='hidden' value='edituser' name='page'>
-    <div class='col-sm-3'>
-            <select name='user_id' class='form-control input-sm'>");
+              <div class='form-group'>
+                <label for='user_id' class='col-sm-2 control-label'>User</label>
+                <div class='col-sm-4'>
+                  <select name='user_id' class='form-control input-sm'>");
     foreach ($user_list as $user_entry)
     {
       echo("<option value='" . $user_entry['user_id']  . "'>" . $user_entry['username'] . "</option>");
     }
     echo("</select>
     </div>
-    <div class='col-sm-3'>
-      <button type='submit' name='Submit' class='btn btn-default'>Select</button>
     </div>
-    <div class='col-sm-6'>
+    <div class='form-group'>
+      <div class='col-sm-offset-2 col-sm-3'>
+        <button type='submit' name='Submit' class='btn btn-default'>Edit Permissions</button> / <button type='submit' name='edit' value='user' class='btn btn-default'>Edit User</button>
+      </div>
     </div>
   </form>");
   }