Home Explore Help
Sign In
fusionpbx
/
fusionpbx-framework
mirror of https://github.com/fusionpbx/fusionpbx-framework.git
2
0
Fork 0
Files Issues 0 Wiki
Branch: master
Branches Tags
fusionpbx-frame...
/
core
/
users
/
users.php

users.php 14 KB
Permalink History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339 
  1. <?php
    2. 

  2. /*
    3. 

  3. 	FusionPBX
    4. 

  4. 	Version: MPL 1.1
    5. 

  5. 

  6. 	The contents of this file are subject to the Mozilla Public License Version
    7. 

  7. 	1.1 (the "License"); you may not use this file except in compliance with
    8. 

  8. 	the License. You may obtain a copy of the License at
    9. 

  9. 	http://www.mozilla.org/MPL/
    10. 

  10. 

  11. 	Software distributed under the License is distributed on an "AS IS" basis,
    12. 

  12. 	WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
    13. 

  13. 	for the specific language governing rights and limitations under the
    14. 

  14. 	License.
    15. 

  15. 

  16. 	The Original Code is FusionPBX
    17. 

  17. 

  18. 	The Initial Developer of the Original Code is
    19. 

  19. 	Mark J Crane <[email protected]>
    20. 

  20. 	Portions created by the Initial Developer are Copyright (C) 2008-2024
    21. 

  21. 	the Initial Developer. All Rights Reserved.
    22. 

  22. 

  23. 	Contributor(s):
    24. 

  24. 	Mark J Crane <[email protected]>
    25. 

  25. */
    26. 

  26. 

  27. //includes files
    28. 

  28. 	require_once dirname(__DIR__, 2) . "/resources/require.php";
    29. 

  29. 	require_once "resources/check_auth.php";
    30. 

  30. 	require_once "resources/paging.php";
    31. 

  31. 

  32. //check permissions
    33. 

  33. 	if (permission_exists('user_view')) {
    34. 

  34. 		//access granted
    35. 

  35. 	}
    36. 

  36. 	else {
    37. 

  37. 		echo "access denied";
    38. 

  38. 		exit;
    39. 

  39. 	}
    40. 

  40. 

  41. //connect to the database
    42. 

  42. 	$database = new database;
    43. 

  43. 

  44. //add multi-lingual support
    45. 

  45. 	$language = new text;
    46. 

  46. 	$text = $language->get();
    47. 

  47. 

  48. //get the http post data
    49. 

  49. 	if (!empty($_POST['users'])) {
    50. 

  50. 		$action = $_POST['action'] ?? '';
    51. 

  51. 		$search = $_POST['search'] ?? '';
    52. 

  52. 		$users = $_POST['users'] ?? '';
    53. 

  53. 	}
    54. 

  54. 

  55. //check to see if contact details are in the view
    56. 

  56. 	$sql = "select * from view_users ";
    57. 

  57. 	$sql .= "where domain_uuid = :domain_uuid ";
    58. 

  58. 	$parameters = null;
    59. 

  59. 	$parameters['domain_uuid'] = $_SESSION['domain_uuid'];
    60. 

  60. 	$row = $database->select($sql, $parameters, 'row');
    61. 

  61. 	if (isset($row['contact_organization'])) {
    62. 

  62. 		$show_contact_fields = true;
    63. 

  63. 	}
    64. 

  64. 	else {
    65. 

  65. 		$show_contact_fields = false;
    66. 

  66. 	}
    67. 

  67. 	unset($parameters);
    68. 

  68. 

  69. //process the http post data by action
    70. 

  70. 	if (!empty($action) && is_array($users) && @sizeof($users) != 0) {
    71. 

  71. 		switch ($action) {
    72. 

  72. 			case 'copy':
    73. 

  73. 				if (permission_exists('user_add')) {
    74. 

  74. 					$obj = new users;
    75. 

  75. 					$obj->copy($users);
    76. 

  76. 				}
    77. 

  77. 				break;
    78. 

  78. 			case 'toggle':
    79. 

  79. 				if (permission_exists('user_edit')) {
    80. 

  80. 					$obj = new users;
    81. 

  81. 					$obj->toggle($users);
    82. 

  82. 				}
    83. 

  83. 				break;
    84. 

  84. 			case 'delete':
    85. 

  85. 				if (permission_exists('user_delete')) {
    86. 

  86. 					$obj = new users;
    87. 

  87. 					$obj->delete($users);
    88. 

  88. 				}
    89. 

  89. 				break;
    90. 

  90. 		}
    91. 

  91. 

  92. 		header('Location: users.php'.($search != '' ? '?search='.urlencode($search) : null));
    93. 

  93. 		exit;
    94. 

  94. 	}
    95. 

  95. 

  96. //get order and order by
    97. 

  97. 	$order_by = $_GET["order_by"] ?? '';
    98. 

  98. 	$order = $_GET["order"] ?? '';
    99. 

  99. 

  100. //set additional variables
    101. 

  101. 	$context = !empty($_GET["context"]) ? $_GET["context"] : '';
    102. 

  102. 	$search = !empty($_GET["search"]) ? $_GET["search"] : '';
    103. 

  103. 	$show = !empty($_GET["show"]) ? $_GET["show"] : '';
    104. 

  104. 

  105. //set from session variables
    106. 

  106. 	$list_row_edit_button = !empty($_SESSION['theme']['list_row_edit_button']['boolean']) ? $_SESSION['theme']['list_row_edit_button']['boolean'] : 'false';
    107. 

  107. 

  108. //add the search string
    109. 

  109. 	if (!empty($search)) {
    110. 

  110. 		$search =  strtolower($_GET["search"]);
    111. 

  111. 		$sql_search = " (";
    112. 

  112. 		$sql_search .= "	lower(username) like :search ";
    113. 

  113. 		$sql_search .= "	or lower(group_names) like :search ";
    114. 

  114. 		$sql_search .= "	or lower(contact_organization) like :search ";
    115. 

  115. 		$sql_search .= "	or lower(contact_name) like :search ";
    116. 

  116. 		//$sql_search .= "	or lower(user_status) like :search ";
    117. 

  117. 		$sql_search .= ") ";
    118. 

  118. 		$parameters['search'] = '%'.$search.'%';
    119. 

  119. 	}
    120. 

  120. 

  121. //get the count
    122. 

  122. 	$sql = "select count(*) from view_users ";
    123. 

  123. 	if ($show == "all" && permission_exists('user_all')) {
    124. 

  124. 		if (isset($sql_search)) {
    125. 

  125. 			$sql .= "where ".$sql_search;
    126. 

  126. 		}
    127. 

  127. 		else {
    128. 

  128. 			$sql.= "where true ";
    129. 

  129. 		}
    130. 

  130. 	}
    131. 

  131. 	else {
    132. 

  132. 		$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
    133. 

  133. 		if (!empty($sql_search)) {
    134. 

  134. 			$sql .= "and ".$sql_search;
    135. 

  135. 		}
    136. 

  136. 		$parameters['domain_uuid'] = $domain_uuid;
    137. 

  137. 	}
    138. 

  138. 	$sql .= "and ( ";
    139. 

  139. 	$sql .= "	group_level <= :group_level ";
    140. 

  140. 	$sql .= "	or group_level is null ";
    141. 

  141. 	$sql .= ") ";
    142. 

  142. 	$parameters['group_level'] = $_SESSION['user']['group_level'];
    143. 

  143. 	$num_rows = $database->select($sql, $parameters, 'column');
    144. 

  144. 

  145. //prepare to page the results
    146. 

  146. 	$rows_per_page = ($_SESSION['domain']['paging']['numeric'] != '') ? $_SESSION['domain']['paging']['numeric'] : 50;
    147. 

  147. 	$param = $search ? "&search=".$search : null;
    148. 

  148. 	$param .= ($show == 'all' && permission_exists('user_all')) ? "&show=all" : null;
    149. 

  149. 	$page = !empty($_GET['page']) ? $_GET['page'] : 0;
    150. 

  150. 	list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);
    151. 

  151. 	list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true);
    152. 

  152. 	$offset = $rows_per_page * $page;
    153. 

  153. 

  154. //get the list
    155. 

  155. 	$sql = "select domain_name, domain_uuid, user_uuid, username, group_names, ";
    156. 

  156. 	if ($show_contact_fields) {
    157. 

  157. 		$sql .= "contact_organization,contact_name, ";
    158. 

  158. 	}
    159. 

  159. 	$sql .= "cast(user_enabled as text) ";
    160. 

  160. 	$sql .= "from view_users ";
    161. 

  161. 	if ($show == "all" && permission_exists('user_all')) {
    162. 

  162. 		if (isset($sql_search)) {
    163. 

  163. 			$sql .= "where ".$sql_search;
    164. 

  164. 		}
    165. 

  165. 		else {
    166. 

  166. 			$sql.= "where true ";
    167. 

  167. 		}
    168. 

  168. 	}
    169. 

  169. 	else {
    170. 

  170. 		$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
    171. 

  171. 		if (isset($sql_search)) {
    172. 

  172. 			$sql .= "and ".$sql_search;
    173. 

  173. 		}
    174. 

  174. 		$parameters['domain_uuid'] = $domain_uuid;
    175. 

  175. 	}
    176. 

  176. 	$sql .= "and ( ";
    177. 

  177. 	$sql .= "	group_level <= :group_level ";
    178. 

  178. 	$sql .= "	or group_level is null ";
    179. 

  179. 	$sql .= ") ";
    180. 

  180. 	$parameters['group_level'] = $_SESSION['user']['group_level'];
    181. 

  181. 	$sql .= order_by($order_by, $order, 'username', 'asc');
    182. 

  182. 	$sql .= limit_offset($rows_per_page, $offset);
    183. 

  183. 	$users = $database->select($sql, $parameters, 'all');
    184. 

  184. 	unset($sql, $parameters);
    185. 

  185. 

  186. //create token
    187. 

  187. 	$object = new token;
    188. 

  188. 	$token = $object->create($_SERVER['PHP_SELF']);
    189. 

  189. 

  190. //include the header
    191. 

  191. 	$document['title'] = $text['title-users'];
    192. 

  192. 	require_once "resources/header.php";
    193. 

  193. 

  194. //show the content
    195. 

  195. 	echo "<div class='action_bar' id='action_bar'>\n";
    196. 

  196. 	echo "	<div class='heading'><b>".$text['title-users']."</b><div class='count'>".number_format($num_rows)."</div></div>\n";
    197. 

  197. 	echo "	<div class='actions'>\n";
    198. 

  198. 	if (permission_exists('user_add')) {
    199. 

  199. 		if (!isset($id)) {
    200. 

  200. 			echo button::create(['type'=>'button','label'=>$text['button-import'],'icon'=>$_SESSION['theme']['button_icon_import'],'style'=>'margin-right: 15px;','link'=>'user_imports.php']);
    201. 

  201. 		}
    202. 

  202. 		echo button::create(['type'=>'button','label'=>$text['button-add'],'icon'=>$_SESSION['theme']['button_icon_add'],'id'=>'btn_add','link'=>'user_edit.php']);
    203. 

  203. 	}
    204. 

  204. 	if (permission_exists('user_add') && $users) {
    205. 

  205. 		echo button::create(['type'=>'button','label'=>$text['button-copy'],'icon'=>$_SESSION['theme']['button_icon_copy'],'id'=>'btn_copy','name'=>'btn_copy','style'=>'display: none;','onclick'=>"modal_open('modal-copy','btn_copy');"]);
    206. 

  206. 	}
    207. 

  207. 	if (permission_exists('user_edit') && $users) {
    208. 

  208. 		echo button::create(['type'=>'button','label'=>$text['button-toggle'],'icon'=>$_SESSION['theme']['button_icon_toggle'],'id'=>'btn_toggle','name'=>'btn_toggle','style'=>'display: none;','onclick'=>"modal_open('modal-toggle','btn_toggle');"]);
    209. 

  209. 	}
    210. 

  210. 	if (permission_exists('user_delete') && $users) {
    211. 

  211. 		echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$_SESSION['theme']['button_icon_delete'],'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','onclick'=>"modal_open('modal-delete','btn_delete');"]);
    212. 

  212. 	}
    213. 

  213. 	echo 		"<form id='form_search' class='inline' method='get'>\n";
    214. 

  214. 	if (permission_exists('user_all')) {
    215. 

  215. 		if ($show == 'all') {
    216. 

  216. 			echo "		<input type='hidden' name='show' value='all'>\n";
    217. 

  217. 		}
    218. 

  218. 		else {
    219. 

  219. 			echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$_SESSION['theme']['button_icon_all'],'link'=>'?show=all']);
    220. 

  220. 		}
    221. 

  221. 	}
    222. 

  222. 	echo 		"<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
    223. 

  223. 	echo button::create(['label'=>$text['button-search'],'icon'=>$_SESSION['theme']['button_icon_search'],'type'=>'submit','id'=>'btn_search']);
    224. 

  224. 	//echo button::create(['label'=>$text['button-reset'],'icon'=>$_SESSION['theme']['button_icon_reset'],'type'=>'button','id'=>'btn_reset','link'=>'users.php','style'=>($search == '' ? 'display: none;' : null)]);
    225. 

  225. 	if ($paging_controls_mini != '') {
    226. 

  226. 		echo 	"<span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n";
    227. 

  227. 	}
    228. 

  228. 	echo "		</form>\n";
    229. 

  229. 	echo "	</div>\n";
    230. 

  230. 	echo "	<div style='clear: both;'></div>\n";
    231. 

  231. 	echo "</div>\n";
    232. 

  232. 

  233. 	if (permission_exists('user_add') && $users) {
    234. 

  234. 		echo modal::create(['id'=>'modal-copy','type'=>'copy','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_copy','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('copy'); list_form_submit('form_list');"])]);
    235. 

  235. 	}
    236. 

  236. 	if (permission_exists('user_edit') && $users) {
    237. 

  237. 		echo modal::create(['id'=>'modal-toggle','type'=>'toggle','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_toggle','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('toggle'); list_form_submit('form_list');"])]);
    238. 

  238. 	}
    239. 

  239. 	if (permission_exists('user_delete') && $users) {
    240. 

  240. 		echo modal::create(['id'=>'modal-delete','type'=>'delete','actions'=>button::create(['type'=>'button','label'=>$text['button-continue'],'icon'=>'check','id'=>'btn_delete','style'=>'float: right; margin-left: 15px;','collapse'=>'never','onclick'=>"modal_close(); list_action_set('delete'); list_form_submit('form_list');"])]);
    241. 

  241. 	}
    242. 

  242. 

  243. 	echo $text['description-users']."\n";
    244. 

  244. 	echo "<br /><br />\n";
    245. 

  245. 

  246. 	echo "<form id='form_list' method='post'>\n";
    247. 

  247. 	echo "<input type='hidden' id='action' name='action' value=''>\n";
    248. 

  248. 	echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";
    249. 

  249. 

  250. 	echo "<div class='card'>\n";
    251. 

  251. 	echo "<table class='list'>\n";
    252. 

  252. 	echo "<tr class='list-header'>\n";
    253. 

  253. 	if (permission_exists('user_add') || permission_exists('user_edit') || permission_exists('user_delete')) {
    254. 

  254. 		echo "	<th class='checkbox'>\n";
    255. 

  255. 		echo "		<input type='checkbox' id='checkbox_all' name='checkbox_all' onclick='list_all_toggle(); checkbox_on_change(this);' ".(!empty($users) ?: "style='visibility: hidden;'").">\n";
    256. 

  256. 		echo "	</th>\n";
    257. 

  257. 	}
    258. 

  258. 	if ($show == 'all' && permission_exists('user_all')) {
    259. 

  259. 		echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, null, null, $param);
    260. 

  260. 	}
    261. 

  261. 	echo th_order_by('username', $text['label-username'], $order_by, $order, null, null, $param);
    262. 

  262. 	echo th_order_by('group_names', $text['label-groups'], $order_by, $order, null, null, $param);
    263. 

  263. 	if ($show_contact_fields) {
    264. 

  264. 		echo th_order_by('contact_organization', $text['label-organization'], $order_by, $order, null, null, $param);
    265. 

  265. 		echo th_order_by('contact_name', $text['label-name'], $order_by, $order, null, null, $param);
    266. 

  266. 	}
    267. 

  267. 	//echo th_order_by('contact_name_family', $text['label-contact_name_family'], $order_by, $order);
    268. 

  268. 	//echo th_order_by('user_status', $text['label-user_status'], $order_by, $order);
    269. 

  269. 	//echo th_order_by('add_date', $text['label-add_date'], $order_by, $order);
    270. 

  270. 	echo th_order_by('user_enabled', $text['label-user_enabled'], $order_by, $order, null, "class='center'", $param);
    271. 

  271. 	if (permission_exists('user_edit') && $list_row_edit_button == 'true') {
    272. 

  272. 		echo "	<td class='action-button'>&nbsp;</td>\n";
    273. 

  273. 	}
    274. 

  274. 	echo "</tr>\n";
    275. 

  275. 

  276. 	if (is_array($users) && @sizeof($users) != 0) {
    277. 

  277. 		$x = 0;
    278. 

  278. 		foreach ($users as $row) {
    279. 

  279. 			if (permission_exists('user_edit')) {
    280. 

  280. 				$list_row_url = "user_edit.php?id=".urlencode($row['user_uuid']);
    281. 

  281. 			}
    282. 

  282. 			echo "<tr class='list-row' href='".$list_row_url."'>\n";
    283. 

  283. 			if (permission_exists('user_add') || permission_exists('user_edit') || permission_exists('user_delete')) {
    284. 

  284. 				echo "	<td class='checkbox'>\n";
    285. 

  285. 				echo "		<input type='checkbox' name='users[$x][checked]' id='checkbox_".$x."' value='true' onclick=\"checkbox_on_change(this); if (!this.checked) { document.getElementById('checkbox_all').checked = false; }\">\n";
    286. 

  286. 				echo "		<input type='hidden' name='users[$x][uuid]' value='".escape($row['user_uuid'])."' />\n";
    287. 

  287. 				echo "	</td>\n";
    288. 

  288. 			}
    289. 

  289. 			if ($show == 'all' && permission_exists('user_all')) {
    290. 

  290. 				echo "	<td>".escape($_SESSION['domains'][$row['domain_uuid']]['domain_name'])."</td>\n";
    291. 

  291. 			}
    292. 

  292. 			echo "	<td>\n";
    293. 

  293. 			if (permission_exists('user_edit')) {
    294. 

  294. 				echo "	<a href='".$list_row_url."' title=\"".$text['button-edit']."\">".escape($row['username'])."</a>\n";
    295. 

  295. 			}
    296. 

  296. 			else {
    297. 

  297. 				echo "	".escape($row['username']);
    298. 

  298. 			}
    299. 

  299. 			echo "	</td>\n";
    300. 

  300. 			echo "	<td>".escape($row['group_names'])."</td>\n";
    301. 

  301. 			if ($show_contact_fields) {
    302. 

  302. 				echo "	<td>".escape($row['contact_organization'])."</td>\n";
    303. 

  303. 				echo "	<td>".escape($row['contact_name'])."</td>\n";
    304. 

  304. 			}
    305. 

  305. 			//echo "	<td>".escape($row['contact_name_given'])."</td>\n";
    306. 

  306. 			//echo "	<td>".escape($row['contact_name_family'])."</td>\n";
    307. 

  307. 			//echo "	<td>".escape($row['user_status'])."</td>\n";
    308. 

  308. 			//echo "	<td>".escape($row['add_date'])."</td>\n";
    309. 

  309. 			if (permission_exists('user_edit')) {
    310. 

  310. 				echo "	<td class='no-link center'>\n";
    311. 

  311. 				echo button::create(['type'=>'submit','class'=>'link','label'=>$text['label-'.$row['user_enabled']],'title'=>$text['button-toggle'],'onclick'=>"list_self_check('checkbox_".$x."'); list_action_set('toggle'); list_form_submit('form_list')"]);
    312. 

  312. 			}
    313. 

  313. 			else {
    314. 

  314. 				echo "	<td class='center'>\n";
    315. 

  315. 				echo $text['label-'.$row['user_enabled']];
    316. 

  316. 			}
    317. 

  317. 			echo "	</td>\n";
    318. 

  318. 			if (permission_exists('user_edit') && $list_row_edit_button == 'true') {
    319. 

  319. 				echo "	<td class='action-button'>\n";
    320. 

  320. 				echo button::create(['type'=>'button','title'=>$text['button-edit'],'icon'=>$_SESSION['theme']['button_icon_edit'],'link'=>$list_row_url]);
    321. 

  321. 				echo "	</td>\n";
    322. 

  322. 			}
    323. 

  323. 			echo "</tr>\n";
    324. 

  324. 			$x++;
    325. 

  325. 		}
    326. 

  326. 		unset($users);
    327. 

  327. 	}
    328. 

  328. 

  329. 	echo "</table>\n";
    330. 

  330. 	echo "</div>\n";
    331. 

  331. 	echo "<br />\n";
    332. 

  332. 	echo "<div align='center'>".$paging_controls."</div>\n";
    333. 

  333. 	echo "<input type='hidden' name='".$token['name']."' value='".$token['hash']."'>\n";
    334. 

  334. 	echo "</form>\n";
    335. 

  335. 

  336. //include the footer
    337. 

  337. 	require_once "resources/footer.php";
    338. 

  338. 

  339. ?>
    340.