more new url system fixes for user management -- completely untested as I use LDAP ...

git-svn-id: http://www.observium.org/svn/observer/trunk@2538 61d68cd4-352d-0410-923a-c4978735b2b8
2024-10-07 16:52:45 +00:00 · 2011-09-21 14:54:21 +00:00
parent 51d7ea9292
commit cc5ad3b7d5
3 changed files with 47 additions and 47 deletions
--- a/html/pages/deluser.inc.php
+++ b/html/pages/deluser.inc.php
@@ -8,25 +8,24 @@ if ($_SESSION['userlevel'] < '10') { include("includes/error-no-perm.inc.php");
  if (auth_usermanagement())
  {
-    if ($_GET['action'] == "del")
+    if ($vars['action'] == "del")
    {
-      $delete_username = dbFetchCell("SELECT username FROM users WHERE user_id = ?", array($_GET['user_id']));
+      $delete_username = dbFetchCell("SELECT username FROM users WHERE user_id = ?", array($vars['id']));
-      if ($_GET['confirm'] == "yes")
+      if ($vars['confirm'] == "yes")
      {
-#        del_user($_GET['user_id']);
+        if (deluser($delete_username))
-
+        {
-#        dbDelete('bill_perms', "`user_id` =  ?", array($_GET['user_id']));
+          echo('<div class="infobox">User "' . $delete_username . '" deleted!</div>');
-#        dbDelete('devices_perms', "`user_id` =  ?", array($_GET['user_id']));
+        }
-#        dbDelete('ports_perms', "`user_id` =  ?", array($_GET['user_id']));
+        else
-#        dbDelete('users_prefs', "`user_id` =  ?", array($_GET['user_id']));
+        {
-#        dbDelete('users', "`user_id` =  ?", array($_GET['user_id']));
+          echo('<div class="errorbox">Error deleting user "' . $delete_username . '"!</div>');
-
+        }
        if (deluser($delete_username)) { echo("<div class=infobox>User '$delete_username' deleted!</div>"); }
      }
      else
      {
-        echo("<div class=errorbox>You have requested deletion of the user '$delete_username'. This action can not be reversed.<br /><a href='?page=deluser&action=del&user_id=" . $_GET['user_id'] . "&confirm=yes'>Click to confirm</a></div>");
+        echo('<div class="errorbox">You have requested deletion of the user "' . $delete_username . '". This action can not be reversed.<br /><a href="deluser/action=del/id=' . $vars['id'] . '/confirm=yes">Click to confirm</a></div>');
      }
    }
@@ -36,7 +35,7 @@ if ($_SESSION['userlevel'] < '10') { include("includes/error-no-perm.inc.php");
    {
      $i++;
      echo($i . ". " . $userentry['username'] . "
-         <a href='?page=deluser&action=del&user_id=" . $userentry['user_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a><br/>");
+         <a href='deluser/action=del/id=" . $userentry['user_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a><br/>");
    }
  }
  else
--- a/html/pages/edituser.inc.php
+++ b/html/pages/edituser.inc.php
@@ -6,52 +6,52 @@ echo("<div style='margin: 10px;'>");
 if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php"); } else
 {
-  if ($_GET['user_id'])
+  if ($vars['user_id'])
  {
-    $user_data = dbFetchRow("SELECT * FROM users WHERE user_id = ?", array($_GET['user_id']));
+    $user_data = dbFetchRow("SELECT * FROM users WHERE user_id = ?", array($vars['user_id']));
-      echo("<p><h2>" . $user_data['realname'] . "</h2><a href='?page=edituser'>Change...</a></p>");
+      echo("<p><h2>" . $user_data['realname'] . "</h2><a href='edituser/'>Change...</a></p>");
    // Perform actions if requested
-    if ($_GET['action'] == "deldevperm")
+    if ($vars['action'] == "deldevperm")
    {
-      if (dbFetchCell("SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?", array($_GET['device_id'] ,$_GET['user_id'])))
+      if (dbFetchCell("SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?", array($vars['device_id'] ,$vars['user_id'])))
      {
-        dbDelete('devices_perms', "`device_id` =  ? AND `user_id` = ?", array($_GET['device_id'], $_GET['user_id']));
+        dbDelete('devices_perms', "`device_id` =  ? AND `user_id` = ?", array($vars['device_id'], $vars['user_id']));
      }
    }
-    if ($_GET['action'] == "adddevperm")
+    if ($vars['action'] == "adddevperm")
    {
-      if (!dbFetchCell("SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?", array($_GET['device_id'] ,$_GET['user_id'])))
+      if (!dbFetchCell("SELECT COUNT(*) FROM devices_perms WHERE `device_id` = ? AND `user_id` = ?", array($vars['device_id'] ,$vars['user_id'])))
      {
-        dbInsert(array('device_id' => $_GET['device_id'], 'user_id' => $_GET['user_id']), 'devices_perms');
+        dbInsert(array('device_id' => $vars['device_id'], 'user_id' => $vars['user_id']), 'devices_perms');
      }
    }
-    if ($_GET['action'] == "delifperm")
+    if ($vars['action'] == "delifperm")
    {
-      if (dbFetchCell("SELECT COUNT(*) FROM ports_perms WHERE `interface_id` = ? AND `user_id` = ?", array($_GET['interface_id'], $_GET['user_id'])))
+      if (dbFetchCell("SELECT COUNT(*) FROM ports_perms WHERE `interface_id` = ? AND `user_id` = ?", array($vars['interface_id'], $vars['user_id'])))
      {
-        dbDelete('ports_perms', "`interface_id` =  ? AND `user_id` = ?", array($_GET['interface_id'], $_GET['user_id']));
+        dbDelete('ports_perms', "`interface_id` =  ? AND `user_id` = ?", array($vars['interface_id'], $vars['user_id']));
      }
    }
-    if ($_GET['action'] == "addifperm")
+    if ($vars['action'] == "addifperm")
    {
-      if (!dbFetchCell("SELECT COUNT(*) FROM ports_perms WHERE `interface_id` = ? AND `user_id` = ?", array($_GET['interface_id'], $_GET['user_id'])))
+      if (!dbFetchCell("SELECT COUNT(*) FROM ports_perms WHERE `interface_id` = ? AND `user_id` = ?", array($vars['interface_id'], $vars['user_id'])))
      {
-        dbInsert(array('interface_id' => $_GET['interface_id'], 'user_id' => $_GET['user_id']), 'ports_perms');
+        dbInsert(array('interface_id' => $vars['interface_id'], 'user_id' => $vars['user_id']), 'ports_perms');
      }
    }
-    if ($_GET['action'] == "delbillperm")
+    if ($vars['action'] == "delbillperm")
    {
-      if (dbFetchCell("SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?", array($_GET['bill_id'], $_GET['user_id'])))
+      if (dbFetchCell("SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?", array($vars['bill_id'], $vars['user_id'])))
      {
-        dbDelete('bill_perms', "`bill_id` =  ? AND `user_id` = ?", array($_GET['bill_id'], $_GET['user_id']));
+        dbDelete('bill_perms', "`bill_id` =  ? AND `user_id` = ?", array($vars['bill_id'], $vars['user_id']));
      }
    }
-    if ($_GET['action'] == "addbillperm")
+    if ($vars['action'] == "addbillperm")
    {
-      if (!dbFetchCell("SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?", array($_GET['bill_id'], $_GET['user_id'])))
+      if (!dbFetchCell("SELECT COUNT(*) FROM bill_perms WHERE `bill_id` = ? AND `user_id` = ?", array($vars['bill_id'], $vars['user_id'])))
      {
-        dbInsert(array('bill_id' => $_GET['bill_id'], 'user_id' => $_GET['user_id']), 'bill_perms');
+        dbInsert(array('bill_id' => $vars['bill_id'], 'user_id' => $vars['user_id']), 'bill_perms');
      }
    }
@@ -60,10 +60,10 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
    // Display devices this users has access to
    echo("<h3>Device Access</h3>");
-    $device_perms = dbFetchRows("SELECT * from devices_perms as P, devices as D WHERE `user_id` = ? AND D.device_id = P.device_id", array($_GET['user_id']));
+    $device_perms = dbFetchRows("SELECT * from devices_perms as P, devices as D WHERE `user_id` = ? AND D.device_id = P.device_id", array($vars['user_id']));
    foreach ($device_perms as $device_perm)
    {
-      echo("<strong>" . $device_perm['hostname'] . " <a href='?page=edituser&action=deldevperm&user_id=" . $_GET['user_id'] . "&device_id=" . $device_perm['device_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></strong><br />");
+      echo("<strong>" . $device_perm['hostname'] . " <a href='edituser/action=deldevperm/user_id=" . $vars['user_id'] . "/device_id=" . $device_perm['device_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></strong><br />");
      $access_list[] = $device_perm['device_id'];
      $permdone = "yes";
    }
@@ -73,7 +73,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
    // Display devices this user doesn't have access to
    echo("<h4>Grant access to new device</h4>");
    echo("<form method='get' action=''>
-            <input type='hidden' value='" . $_GET['user_id'] . "' name='user_id'>
+            <input type='hidden' value='" . $vars['user_id'] . "' name='user_id'>
            <input type='hidden' value='edituser' name='page'>
            <input type='hidden' value='adddevperm' name='action'>
            <select name='device_id' class=selector>");
@@ -94,13 +94,13 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
    echo("</td><td valign=top width=33%>");
    echo("<h3>Interface Access</h3>");
-    $interface_perms = dbFetchRows("SELECT * from ports_perms as P, ports as I, devices as D WHERE `user_id` = ? AND I.interface_id = P.interface_id AND D.device_id = I.device_id", array($_GET['user_id']));
+    $interface_perms = dbFetchRows("SELECT * from ports_perms as P, ports as I, devices as D WHERE `user_id` = ? AND I.interface_id = P.interface_id AND D.device_id = I.device_id", array($vars['user_id']));
    foreach ($interface_perms as $interface_perm)
    {
      echo("<table><tr><td><strong>".$interface_perm['hostname']." - ".$interface_perm['ifDescr']."</strong><br />".
-                  "" . $interface_perm['ifAlias'] . "</td><td width=50>&nbsp;&nbsp;<a href='?page=edituser&action=delifperm&user_id=" . $_GET['user_id'] .
+                  "" . $interface_perm['ifAlias'] . "</td><td width=50>&nbsp;&nbsp;<a href='edituser/action=delifperm/user_id=" . $vars['user_id'] .
-       "&interface_id=" . $interface_perm['interface_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></td></tr></table>");
+       "/interface_id=" . $interface_perm['interface_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></td></tr></table>");
      $ipermdone = "yes";
    }
@@ -110,7 +110,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
    echo("<h4>Grant access to new interface</h4>");
    echo("<form action='' method='get'>
-        <input type='hidden' value='" . $_GET['user_id'] . "' name='user_id'>
+        <input type='hidden' value='" . $vars['user_id'] . "' name='user_id'>
        <input type='hidden' value='edituser' name='page'>
        <input type='hidden' value='addifperm' name='action'>
        <table><tr><td>Device: </td>
@@ -132,12 +132,12 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
    echo("</td><td valign=top width=33%>");
    echo("<h3>Bill Access</h3>");
-    $bill_perms = dbFetchRows("SELECT * from bills AS B, bill_perms AS P WHERE P.user_id = ? AND P.bill_id = B.bill_id", array($_GET['user_id']));
+    $bill_perms = dbFetchRows("SELECT * from bills AS B, bill_perms AS P WHERE P.user_id = ? AND P.bill_id = B.bill_id", array($vars['user_id']));
    foreach ($bill_perms as $bill_perm)
    {
-      echo("<table><tr><td><strong>".$bill_perm['bill_name']."</strong></td><td width=50>&nbsp;&nbsp;<a href='?page=edituser&action=delbillperm&user_id=" .
+      echo("<table><tr><td><strong>".$bill_perm['bill_name']."</strong></td><td width=50>&nbsp;&nbsp;<a href='edituser/action=delbillperm/user_id=" .
-        $_GET['user_id'] . "&bill_id=" . $bill_perm['bill_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></td></tr></table>");
+        $vars['user_id'] . "/bill_id=" . $bill_perm['bill_id'] . "'><img src='images/16/cross.png' align=absmiddle border=0></a></td></tr></table>");
      $bill_access_list[] = $bill_perm['bill_id'];
      $bpermdone = "yes";
@@ -148,7 +148,7 @@ if ($_SESSION['userlevel'] != '10') { include("includes/error-no-perm.inc.php");
    // Display devices this user doesn't have access to
    echo("<h4>Grant access to new bill</h4>");
    echo("<form method='get' action=''>
-            <input type='hidden' value='" . $_GET['user_id'] . "' name='user_id'>
+            <input type='hidden' value='" . $vars['user_id'] . "' name='user_id'>
            <input type='hidden' value='edituser' name='page'>
            <input type='hidden' value='addbillperm' name='action'>
            <select name='bill_id' class=selector>");
--- a/html/pages/preferences.inc.php
+++ b/html/pages/preferences.inc.php
@@ -55,7 +55,8 @@ if ($_SESSION['userlevel'] == '1')
  foreach (dbFetchRows("SELECT * FROM `devices_perms` AS P, `devices` AS D WHERE `user_id` = ? AND P.device_id = D.device_id", array($user_id)) as $perm)
  {
-    echo("<a href='?page=device&id=" . $perm['device_id'] . "'>" . $perm['hostname'] . "</a><br />");
+   #FIXME generatedevicelink?
    echo("<a href='device/device" . $perm['device_id'] . "'>" . $perm['hostname'] . "</a><br />");
    $dev_access = 1;
  }