assetmgt/profile.php

<?php
defined(page_security_key) or exit;

$page = 'profile';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
    header('location: index.php');
    exit;
}
//PAGE Security
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');

// Default input product values
$user = [
    'id' => '',
    'username' => '',
    'partnerhierarchy' => '',
    'view' => 3,
    'service' => 0,
    'settings' => '',
    'userkey' => 1,
    'created' => '',
    'lastlogin' => '',
    'language' => 'US'
];

// ID param exists, edit an existing product
//CALL TO API
$api_url = '/v1/profile/userkey='.$_SESSION['userkey'];
$responses = ioServer($api_url,'');
//Decode Payload
if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;}

$user = json_decode(json_encode($responses[0]), true);

if ($update_allowed === 1){
    if (isset($_POST['submit'])) {
        
        //GET ALL POST DATA
        $data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
        //Secure data
        $payload = generate_payload($data);
        //API call
        $responses = ioServer('/v1/profile', $payload);
        if ($responses === 'NOK'){

        } else {
        header('Location: index.php?page=profile&success_msg=2');
        exit;
        }
    }
}

if ($update_allowed === 1){
    if (isset($_POST['reset'])) {
        
        //GET ALL POST DATA
        $data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
        //Secure data
        $payload = generate_payload($data);
        //API call
        $responses = ioServer('/v1/profile', $payload);
        if ($responses === 'NOK'){

        } else {
        header('Location: index.php?page=profile&success_msg=2');
        exit;
        }
    }
}

//------------------------------------
//CHECK IF USER IS ALSO CREATOR OF RECORD THEN OVERRIDE UPDATE_ALLOWED_EDIT
//------------------------------------
$update_allowed = (($user['username'] == $_SESSION['username'])? 1 : 0);
    
template_header('Profile', 'profile', 'manage');

$view ='
<form action="" method="post">
    <div class="content-title responsive-flex-wrap responsive-pad-bot-3">
        <h2 class="responsive-width-100">'.$user_h2.'</h2>
        <a href="index.php?page=dasboard" class="btn alt mar-right-2">'.$button_cancel.'</a>
';
if ($update_allowed === 1 && $_SESSION['permission'] != 0){
    $view .= '<input type="submit" name="submit" value="Save" class="btn">';
}
   
$view .= '</div>';

$view .= '<div class="tabs">
            <a href="#" class="active">'.$tab1 .'</a>
            <a href="#">'.$tab3.'</a>
        </div>
    ';

//Define Service and User enabled
$view .= '<div class="content-block tab-content active">
            <div class="form responsive-width-100">
                <label for="userkey">Active</label>
                <input type="text" name="" placeholder="" value="'.(($user['userkey']!='') ? $enabled : $disabled ).'" readonly>
                <label for="username">'.$User_username.'</label>
                <input id="name" type="email" name="" placeholder="'.$User_username.'" value="'.$user['username'].'" readonly">
                <label for="view">'.$User_permission.'</label>
                <input type="text" name="" placeholder="" value="'.${'permission'.$user['view']}.'" readonly>
                <label for="profile">'.$User_profile.'</label>
                <input type="text" name="" placeholder="" value="'.$user['settings'].'" readonly>
                <textarea id="" name="assigned_profile" placeholder="">'.$_SESSION['profile'].'</textarea>
                <label for="service">'.$User_service.'</label>
                <input type="text" name="" placeholder="" value="'.(($user['service']!='') ? $enabled : $disabled ).'" readonly>
                <label for="service">'.$User_language.'</label>
                <select id="language" name="language">
                    <option value="" '.(($user['language'] =='')?' selected':'').'></option>
                    <option value="US" '.(($user['language']=='US')?' selected':'').'>US</option>
                    <option value="NL" '.(($user['language']=='NL')?' selected':'').'>NL</option>
                </select>
                <input type="hidden" name="id" value="'.$user['id'].'">
        ';
    if ($update_allowed === 1 && $_SESSION['permission'] != 0){
        $view .= '<label for="service">'.$User_pw_reset .'</label>
                 <input type="submit" name="reset" value="Reset" class="btn" style="width: 15%;" onclick="return confirm(\'Are you sure you want to reset this user password?\')"> 
                ';
        }
$view .= '</div>
        </div>';

$view .= '<div class="content-block tab-content">
        <div class="form responsive-width-100">
            <label for="">'.$general_created.'</label>
            <input id="name" type="text" name="" placeholder="'.$general_created.'" value="'.$user['created'].'" readonly>
            <label for="">'.$User_lastlogin.'</label>
            <input id="name" type="text" name="" placeholder="'.$User_lastlogin.'" value="'.$user['lastlogin'].'" readonly>
        </div>
    </div>';

$view .= '</form>';

//Output
echo $view;
template_footer();