pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
24481279d50e18994d9be88009d350df2378dee5
assetmgt/user.php
“VeLiTi” 24481279d5 Refactor user session handling and permissions management 
- Updated session variables to use 'authorization' array instead of 'username' for user identification across multiple files.
- Introduced a new function `getUserPermissions` to consolidate user permissions retrieval based on assigned roles.
- Modified API calls to use the new authorization structure and updated endpoints to v2.
- Enhanced language support by adding 'PL' to the list of supported languages.
- Cleaned up redundant code and improved session management during user login and registration processes.
- Added a new API endpoint for fetching user permissions based on user ID.
2026-01-19 15:29:16 +01:00

570 lines
23 KiB
PHP
Raw Blame History

<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['authorization']['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings_redirector.php';
//SET ORIGIN FOR NAVIGATION
$_SESSION['prev_origin_user'] = $_SERVER['REQUEST_URI'];
$page = 'user';
//Check if allowed
if (isAllowed($page,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$page_manage = 'user_manage';
$update_allowed = isAllowed($page ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['authorization']['profile'],$_SESSION['authorization']['permission'],'C');
//GET Details from URL
$user_ID = $_GET['id'] ?? '';
if ($user_ID == ''){
header('location: index.php?page=users');
exit;
}
//CALL TO API FOR User information
$api_url = '/v2/users/id='.$user_ID;
$responses = ioServer($api_url,'');
//Decode Payload
if (!empty($responses)){$responses = json_decode($responses);}else{$responses = null;}
$user = $responses[0];
//Helper function to convert service hex string to 1/0
function isServiceActive($service) {
// If service is a valid hex string (50 chars from bin2hex(random_bytes(25))), return 1
if (!empty($service) && ctype_xdigit($service)) {
return 1;
}
return 0;
}
$service_active = isServiceActive($user->service);
//CALL TO API FOR User Role Assignments
$api_url = '/v2/user_role_assignments/user_id='.$user_ID;
$role_assignments = ioServer($api_url,'');
//Decode Payload
if (!empty($role_assignments)){$role_assignments = json_decode($role_assignments);}else{$role_assignments = null;}
//CALL TO API FOR All Available Roles
$api_url = '/v2/user_roles/status=1&p=1';
$all_roles_response = ioServer($api_url,'');
//Decode Payload
if (!empty($all_roles_response)){
$all_roles = json_decode($all_roles_response);
if (!is_array($all_roles)){
$all_roles = [];
}
} else {
$all_roles = [];
}
//------------------------------
// Handle POST for inline edit (user AND roles)
//------------------------------
if (isset($_POST['save_user']) && $update_allowed_edit === 1) {
// Build user data using existing field names
$user_data = [
'id' => $user_ID,
'userkey' => $_POST['userkey'] ?? 1,
'username' => $_POST['username'] ?? '',
'email' => $_POST['email'] ?? '',
'view' => $_POST['view'] ?? 3,
'settings' => $_POST['settings'] ?? '',
'service' => $_POST['service'] ?? 0,
'language' => $_POST['language'] ?? '',
'login_count' => $_POST['login_count'] ?? 0,
'salesid' => $_POST['salesid'] ?? '',
'soldto' => $_POST['soldto'] ?? '',
'shipto' => $_POST['shipto'] ?? '',
'location' => $_POST['location'] ?? ''
];
$data = json_encode($user_data, JSON_UNESCAPED_UNICODE);
ioServer('/v2/users', $data);
// Also save role assignments
$role_data = [
'batch_update' => true,
'user_id' => (int)$user_ID,
'roles' => isset($_POST['roles']) ? array_map('intval', $_POST['roles']) : []
];
$data = json_encode($role_data, JSON_UNESCAPED_UNICODE);
ioServer('/v2/user_role_assignments', $data);
// Redirect to refresh
header('Location: index.php?page=user&id='.$user_ID.'&success_msg=2');
exit;
}
// Handle password reset
if (isset($_POST['reset']) && $update_allowed_edit === 1) {
$data = json_encode(['id' => $user_ID, 'reset' => 'reset'], JSON_UNESCAPED_UNICODE);
ioServer('/v2/users', $data);
header('Location: index.php?page=user&id='.$user_ID.'&success_msg=4');
exit;
}
// Handle unblock
if (isset($_POST['unblock']) && $update_allowed_edit === 1) {
$data = json_encode(['id' => $user_ID, 'login_count' => '0'], JSON_UNESCAPED_UNICODE);
ioServer('/v2/users', $data);
header('Location: index.php?page=user&id='.$user_ID.'&success_msg=5');
exit;
}
// Handle delete
if (isset($_POST['delete']) && $delete_allowed === 1) {
$data = json_encode(['id' => $user_ID, 'delete' => 'delete'], JSON_UNESCAPED_UNICODE);
ioServer('/v2/users', $data);
header('Location: index.php?page=users&success_msg=3');
exit;
}
//------------------------------
//Variables
//------------------------------
$is_blocked = ($user->login_count > 4);
$is_active = ($user->userkey && $user->userkey != '');
if ($is_blocked) {
$status_text = ($User_block ?? 'Blocked');
$status_class = 'id0';
} elseif ($is_active) {
$status_text = ($enabled ?? 'Active');
$status_class = 'id1';
} else {
$status_text = ($disabled ?? 'Inactive');
$status_class = 'id0';
}
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = ($message_user_1 ?? 'User created successfully');
}
if ($_GET['success_msg'] == 2) {
$success_msg = ($message_user_2 ?? 'User updated successfully');
}
if ($_GET['success_msg'] == 3) {
$success_msg = ($message_user_3 ?? 'User deleted successfully');
}
if ($_GET['success_msg'] == 4) {
$success_msg = ($message_user_4 ?? 'Password reset successfully');
}
if ($_GET['success_msg'] == 5) {
$success_msg = ($message_user_5 ?? 'User unblocked successfully');
}
if ($_GET['success_msg'] == 6) {
$success_msg = ($message_user_6 ?? 'Roles updated successfully');
}
}
template_header(($user_title ?? 'User'), 'user', 'view');
$view = '
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.($user_h2 ?? 'User').' - '.$user->username.'</h2>
<a href="index.php?page='.($_SESSION['origin'] ?? 'users').'&p='.($_SESSION['p'] ?? '1').($_SESSION['status'] ?? '').($_SESSION['sort'] ?? '').($_SESSION['search'] ?? '').'" class="btn alt mar-right-2">←</a>
';
if ($update_allowed_edit === 1){
$view .= '<a href="javascript:void(0);" id="editBtn" class="btn mar-right-2" onclick="toggleUserEdit()">✏️</a>';
$view .= '<button type="submit" form="userForm" id="saveBtn" class="btn" style="display:none;">💾</button>';
}
$view .= '</div>';
if (isset($success_msg)){
$view .= ' <div class="msg success">
<i class="fas fa-check-circle"></i>
<p>'.$success_msg.'</p>
<i class="fas fa-times"></i>
</div>';
}
// Start form wrapper for edit mode
$view .= '<form id="userForm" action="" method="post">
<input type="hidden" name="save_user" value="1">
<input type="hidden" name="id" value="'.$user_ID.'">';
$view .= '<div class="content-block-wrapper">';
// User Information Block
$view .= ' <div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-circle-info"></i>'.($view_user_information ?? 'User Information').'
</div>
<div class="order-detail">
<h3>'.($general_status ?? 'Status').'</h3>
<p>
<span class="view-mode status '.$status_class.'">'.$status_text.'</span>
<select class="edit-mode" name="userkey" style="display:none;">
<option value="1"'.($is_active ? ' selected' : '').'>'.($enabled ?? 'Active').'</option>
<option value="0"'.(!$is_active ? ' selected' : '').'>'.($disabled ?? 'Inactive').'</option>
</select>
</p>
</div>
<div class="order-detail">
<h3>'.($User_username ?? 'Username').'</h3>
<p>
<span class="view-mode">'.$user->username.'</span>
<input type="text" class="edit-mode" name="username" value="'.$user->username.'" style="display:none;" pattern="^\S+$" required>
</p>
</div>
<div class="order-detail">
<h3>'.($User_email ?? 'Email').'</h3>
<p>
<span class="view-mode">'.$user->email.'</span>
<input type="email" class="edit-mode" name="email" value="'.$user->email.'" style="display:none;" required>
</p>
</div>
<div class="order-detail">
<h3>'.($User_language ?? 'Language').'</h3>
<p>
<span class="view-mode">'.($user->language ?? '-').'</span>
<select class="edit-mode" name="language" style="display:none;">
<option value="">-</option>';
foreach ($supportedLanguages as $language){
$view .= '<option value="'.$language.'"'.(($user->language == $language) ? ' selected' : '').'>'.$language.'</option>';
}
$view .= ' </select>
</p>
</div>
</div>
';
// Role Assignments Block
$view .='<div class="content-block order-details" id="rolesBlock">
<div class="block-header">
<i class="fa-solid fa-user-shield fa-sm"></i>'.($view_user_roles ?? 'Assigned Roles').'
</div>
<div class="view-mode-roles">';
// Get list of already assigned role IDs
$assigned_role_ids = [];
if (!empty($role_assignments)){
foreach ($role_assignments as $assignment){
if ($assignment->is_active == 1){
$assigned_role_ids[] = $assignment->role_id;
}
}
}
// VIEW MODE - Show only assigned roles
if (!empty($role_assignments)){
$has_active_roles = false;
foreach ($role_assignments as $assignment){
if ($assignment->is_active == 1){
$has_active_roles = true;
$view .= '<div class="order-detail">
<h3>'.$assignment->role_name.'</h3>';
if (!empty($assignment->role_description)){
$view .= '<p>'.$assignment->role_description.'</p>';
}
$view .= '</div>';
}
}
if (!$has_active_roles){
$view .= '<div class="order-detail">
<h3>-</h3>
<p>'.($no_roles_assigned ?? 'No roles assigned to this user').'</p>
</div>';
}
} else {
$view .= '<div class="order-detail">
<h3>-</h3>
<p>'.($no_roles_assigned ?? 'No roles assigned to this user').'</p>
</div>';
}
$view .= '</div>'; // Close view-mode-roles
// EDIT MODE - Show all roles with checkboxes (only if user has edit permission)
if ($update_allowed_edit === 1 && !empty($all_roles)){
$view .= '<div class="edit-mode-roles" style="display:none;">';
foreach ($all_roles as $role){
$is_checked = in_array($role->rowID, $assigned_role_ids) ? ' checked' : '';
$view .= '<div class="order-detail" style="display: flex; align-items: center; gap: 10px;">
<input type="checkbox"
name="roles[]"
value="'.$role->rowID.'"
id="role_'.$role->rowID.'"'.$is_checked.'>
<label for="role_'.$role->rowID.'" style="margin: 0; cursor: pointer; flex: 1;">
<h3 style="margin: 0;">'.$role->name.'</h3>
<p style="margin: 5px 0 0 0; font-size: 0.9em; color: #666;">'.($role->description ?? '').'</p>
</label>
</div>';
}
$view .= '</div>'; // Close edit-mode-roles
}
$view .= '</div>'; // Close content-block
$view .= '</div>'; // Close content-block-wrapper
// Permissions Block
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-key fa-sm"></i>'.($view_user_permissions ?? 'Permissions').'
</div>
<div class="table order-table">
<table>
<tr>
<td style="width:25%;">'.($User_permission ?? 'Permission Level').'</td>
<td>
<span class="view-mode">';
// Display permission level text
switch($user->view){
case 1: $view .= ($permission1 ?? 'View'); break;
case 2: $view .= ($permission2 ?? 'Edit'); break;
case 3: $view .= ($permission3 ?? 'Admin'); break;
case 4: $view .= ($permission4 ?? 'Super Admin'); break;
case 5: $view .= ($permission5 ?? 'System'); break;
default: $view .= '-';
}
$view .= '</span>
<select class="edit-mode" name="view" style="display:none;">
<option value="3"'.($user->view == 3 ? ' selected' : '').'>'.($permission3 ?? 'Admin').'</option>
<option value="2"'.($user->view == 2 ? ' selected' : '').'>'.($permission2 ?? 'Edit').'</option>
<option value="1"'.($user->view == 1 ? ' selected' : '').'>'.($permission1 ?? 'View').'</option>';
if ($_SESSION['authorization']['permission'] == 3){
$view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>';
}
if ($_SESSION['authorization']['permission'] == 4){
$view .= '<option value="4"'.($user->view == 4 ? ' selected' : '').'>'.($permission4 ?? 'Super Admin').'</option>
<option value="5"'.($user->view == 5 ? ' selected' : '').'>'.($permission5 ?? 'System').'</option>';
}
$view .= ' </select>
</td>
</tr>
<tr>
<td style="width:25%;">'.($User_profile ?? 'Profile').'</td>
<td>
<span class="view-mode">'.($user->settings ?? '-').'</span>';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
$view .= '<select class="edit-mode" name="settings" style="display:none;">
<option value="">-</option>';
foreach ($all_profiles as $profile) {
$view .= '<option value="'.$profile.'"'.($user->settings == $profile ? ' selected' : '').'>'.$profile.'</option>';
}
$view .= '</select>';
} else {
$view .= '<input type="hidden" name="settings" value="'.$user->settings.'">';
}
$view .= ' </td>
</tr>
<tr>
<td style="width:25%;">'.($User_service ?? 'Service Access').'</td>
<td>
<span class="view-mode">'.(($service_active == 1) ? ($enabled ?? 'Enabled') : ($disabled ?? 'Disabled')).'</span>
<select class="edit-mode" name="service" style="display:none;">
<option value="1"'.(($service_active == 1) ? ' selected' : '').'>'.($enabled ?? 'Enabled').'</option>
<option value="0"'.(($service_active == 0) ? ' selected' : '').'>'.($disabled ?? 'Disabled').'</option>
</select>
</td>
</tr>
</table>
</div>
</div>';
// Partner Hierarchy Block
$partner_data = json_decode($user->partnerhierarchy) ?? json_decode($_SESSION['authorization']['partnerhierarchy']);
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-building fa-sm"></i>'.($view_user_partners ?? 'Partner Hierarchy').'
</div>
<div class="table order-table">
<table>';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
$salesid_dropdown = listPartner('salesid', $_SESSION['authorization']['permission'], $partner_data->salesid ?? '', '');
$soldto_dropdown = listPartner('soldto', $_SESSION['authorization']['permission'], $partner_data->soldto ?? '', '');
$view .= '<tr>
<td style="width:25%;">'.($general_salesid ?? 'Sales ID').'</td>
<td>
<span class="view-mode">'.($partner_data->salesid ?? '-').'</span>
<span class="edit-mode" style="display:none;">'.$salesid_dropdown.'</span>
</td>
</tr>
<tr>
<td style="width:25%;">'.($general_soldto ?? 'Sold To').'</td>
<td>
<span class="view-mode">'.($partner_data->soldto ?? '-').'</span>
<span class="edit-mode" style="display:none;">'.$soldto_dropdown.'</span>
</td>
</tr>';
}
$shipto_dropdown = listPartner('shipto', $_SESSION['authorization']['permission'], $partner_data->shipto ?? '', '');
$location_dropdown = listPartner('location', $_SESSION['authorization']['permission'], $partner_data->location ?? '', '');
$view .= '<tr>
<td style="width:25%;">'.($general_shipto ?? 'Ship To').'</td>
<td>
<span class="view-mode">'.($partner_data->shipto ?? '-').'</span>
<span class="edit-mode" style="display:none;">'.$shipto_dropdown.'</span>
</td>
</tr>
<tr>
<td style="width:25%;">'.($general_location ?? 'Location').'</td>
<td>
<span class="view-mode">'.($partner_data->location ?? '-').'</span>
<span class="edit-mode" style="display:none;">'.$location_dropdown.'</span>
</td>
</tr>
</table>
</div>
</div>';
// Metadata Block
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>'.($tab3 ?? 'Details').'
</div>
<div class="table order-table">
<table>
<tr>
<td style="width:25%;">'.($general_created ?? 'Created').'</td>
<td>'.getRelativeTime($user->created).'</td>
</tr>
<tr>
<td style="width:25%;">'.($User_lastlogin ?? 'Last Login').'</td>
<td>'.($user->lastlogin ? getRelativeTime($user->lastlogin) : '-').'</td>
</tr>
<tr>
<td style="width:25%;">'.($general_updated ?? 'Updated').'</td>
<td>'.($user->updated ? getRelativeTime($user->updated) : '-').'</td>
</tr>
<tr>
<td style="width:25%;">'.($general_updatedby ?? 'Updated By').'</td>
<td>'.($user->updatedby ?? '-').'</td>
</tr>
<tr>
<td style="width:25%;">'.($User_pw_login_count ?? 'Login Attempts').'</td>
<td>
<span class="view-mode">'.$user->login_count.'</span>';
if ($_SESSION['authorization']['permission'] == 3 || $_SESSION['authorization']['permission'] == 4){
$view .= '<input type="number" class="edit-mode" name="login_count" value="'.$user->login_count.'" style="display:none; width: 80px;">';
} else {
$view .= '<input type="hidden" name="login_count" value="'.$user->login_count.'">';
}
$view .= ' </td>
</tr>
</table>
</div>
</div>
</form>
';
// Actions Block (outside form for separate actions)
if ($update_allowed_edit === 1){
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bolt fa-sm"></i>'.($general_actions ?? 'Actions').'
</div>
<div class="table order-table">
<table>
<tr>
<td style="width:25%;">'.($User_pw_reset ?? 'Reset Password').'</td>
<td>
<form action="" method="post" style="display:inline;">
<input type="hidden" name="id" value="'.$user_ID.'">
<button type="submit" name="reset" class="btn alt" onclick="return confirm(\''.($confirm_reset_password ?? 'Are you sure you want to reset this user\'s password?').'\')">
<i class="fa-solid fa-key"></i>
</button>
</form>
</td>
</tr>';
if ($is_blocked){
$view .= ' <tr>
<td style="width:25%;">'.($User_unblock ?? 'Unblock User').'</td>
<td>
<form action="" method="post" style="display:inline;">
<input type="hidden" name="id" value="'.$user_ID.'">
<button type="submit" name="unblock" class="btn alt" onclick="return confirm(\''.($confirm_unblock ?? 'Are you sure you want to unblock this user?').'\')">
<i class="fa-solid fa-unlock"></i>
</button>
</form>
</td>
</tr>';
}
if ($delete_allowed === 1){
$view .= ' <tr>
<td style="width:25%;">'.($general_delete ?? 'Delete User').'</td>
<td>
<form action="" method="post" style="display:inline;">
<input type="hidden" name="id" value="'.$user_ID.'">
<button type="submit" name="delete" class="btn red" onclick="return confirm(\''.($confirm_delete_user ?? 'Are you sure you want to delete this user?').'\')">
<i class="fa-solid fa-trash"></i>
</button>
</form>
</td>
</tr>';
}
$view .= ' </table>
</div>
</div>';
}
//OUTPUT
echo $view;
$js = 'var userEditMode = false;
function toggleUserEdit() {
userEditMode = !userEditMode;
var editBtn = document.getElementById("editBtn");
var saveBtn = document.getElementById("saveBtn");
var viewElements = document.querySelectorAll(".view-mode");
var editElements = document.querySelectorAll(".edit-mode");
var viewRolesElements = document.querySelectorAll(".view-mode-roles");
var editRolesElements = document.querySelectorAll(".edit-mode-roles");
var i;
if (userEditMode) {
// Enter edit mode for user info AND roles
for (i = 0; i < viewElements.length; i++) { viewElements[i].style.display = "none"; }
for (i = 0; i < editElements.length; i++) { editElements[i].style.display = "inline"; }
for (i = 0; i < viewRolesElements.length; i++) { viewRolesElements[i].style.display = "none"; }
for (i = 0; i < editRolesElements.length; i++) { editRolesElements[i].style.display = "block"; }
editBtn.style.display = "none";
saveBtn.style.display = "inline-block";
} else {
// Exit edit mode
for (i = 0; i < viewElements.length; i++) { viewElements[i].style.display = "inline"; }
for (i = 0; i < editElements.length; i++) { editElements[i].style.display = "none"; }
for (i = 0; i < viewRolesElements.length; i++) { viewRolesElements[i].style.display = "block"; }
for (i = 0; i < editRolesElements.length; i++) { editRolesElements[i].style.display = "none"; }
editBtn.style.display = "inline-block";
saveBtn.style.display = "none";
}
}';
template_footer($js);
Reference in New Issue View Git Blame Copy Permalink