add/update user implemented

prithwirajbose · Aug 31, 2017 · f489404 · f489404
1 parent 25fa033
commit f489404
Show file tree

Hide file tree

Showing 14 changed files with 274 additions and 71 deletions.
diff --git a/ajax.php b/ajax.php
@@ -1,5 +1,5 @@
 <?php
-require_once('db.php');
+include_once('config.php');
 if(!isset($_SESSION)) {
     session_start();
 }
@@ -57,6 +57,33 @@ function fn_logout() {
     return array("status"=>200);
 }
 
+function fn_addUser() {
+    return array("status"=>200);
+}
+
+function fn_updateUser() {
+    $authStatus = authCheck(1);
+    if($authStatus!==true) {
+        return $authStatus;
+    }
+    $conn = connect();
+    $user_id = mysqli_real_escape_string($conn, $_REQUEST['user_id']);
+    $username = mysqli_real_escape_string($conn, $_REQUEST['username']);
+    $password = mysqli_real_escape_string($conn, $_REQUEST['password']);
+    $email_id = mysqli_real_escape_string($conn, $_REQUEST['email_id']);
+    $full_name = mysqli_real_escape_string($conn, $_REQUEST['full_name']);
+    $active_in = mysqli_real_escape_string($conn, isset($_REQUEST['active_in']) ? $_REQUEST['active_in'] : 0);
+    $access_level = mysqli_real_escape_string($conn, isset($_REQUEST['access_level']) ? $_REQUEST['access_level'] : 2);
+    $qry = "update user set username='".$username."', password='".$password."', email_id='".$email_id."',"
+        . "full_name='".$full_name."' ";
+    if($user_id!=$_SESSION['user']['user_id']) {
+        $qry .= ", active_in=".$active_in.", access_level=".$access_level." ";
+    }
+    $qry .= " where user_id=".$user_id;
+    mysqli_query($conn, $qry) or die(mysqli_error($conn));
+    return array("status"=>200,"message"=>"successfully updated");
+}
+
 function fn_productList() {
     $authStatus = authCheck(2);
     if($authStatus!==true) {
@@ -136,11 +163,11 @@ function fn_userList() {
         }
     }
 
-    $whereclause = '';
+    $whereclause = ' where access_level>0 ';
     if(!empty($_REQUEST['search']['value'])) {
-        $whereclause = " where full_name like '%" . mysqli_real_escape_string($conn, $_REQUEST['search']['value']) ."%' or ";
+        $whereclause = " and (full_name like '%" . mysqli_real_escape_string($conn, $_REQUEST['search']['value']) ."%' or ";
         $whereclause .= "email_id like '" . mysqli_real_escape_string($conn, $_REQUEST["search"]["value"]) ."%' or ";
-        $whereclause .= "username like '" . mysqli_real_escape_string($conn, $_REQUEST["search"]["value"]) ."%' ";
+        $whereclause .= "username like '" . mysqli_real_escape_string($conn, $_REQUEST["search"]["value"]) ."%') ";
     }    
     $data = [];
     $totalcount=0;
@@ -149,7 +176,7 @@ function fn_userList() {
         . mysqli_real_escape_string($conn,$_REQUEST['start']).","
         . mysqli_real_escape_string($conn,$_REQUEST['length'])
         ) or die(mysqli_error($conn));
-    $countdata = mysqli_query($conn,"select count(*) from user") or die(mysqli_error($conn));
+    $countdata = mysqli_query($conn,"select count(*) from user where access_level>0") or die(mysqli_error($conn));
     $filtercountdata = mysqli_query($conn, "select count(*) from user ".$whereclause) or die(mysqli_error($conn));
     while($countrow=mysqli_fetch_array($countdata)) {
         $totalcount = $countrow[0];
@@ -174,10 +201,10 @@ function fn_userList() {
         showResponse($fnName());
     }
     else {
-        showResponse(array("status"=>400,"message"=>"Required parameter missing"));
+        showResponse(array("status"=>400,"message"=>"Invalid or unknown request parameters!"));
     }
 }
 else {
-    showResponse(array("status"=>400,"message"=>"Required parameter missing"));
+    showResponse(array("status"=>400,"message"=>"Required parameter missing!"));
 }
 ?>
diff --git a/config.php b/config.php
@@ -5,4 +5,15 @@
 $config['dbpass']="9883246001";
 $config['dbname']="gstinvoicedb";
 $config['site']="http://localhost/gst-invoice";
+
+function connect() {
+    global $config;
+    $conn = mysqli_connect($config['dbhost'], $config['dbuser'], $config['dbpass']) or die("Unable to connect to Database. Incorrect username or password.");
+    mysqli_select_db($conn,$config['dbname']) or die(mysqli_error($conn));
+    return $conn;
+}
+
+function disconnect($conn) {
+    mysqli_close($conn);
+}
 ?>
diff --git a/db.php b/db.php
diff --git a/font-style.css b/font-style.css
@@ -72,4 +72,31 @@
     font-weight: 400;
     src: local('Roboto'), local('Roboto-Regular'), url(fonts/CWB0XYA8bzo0kSThX0UTuA.woff2) format('woff2');
     unicode-range: U+0000-00FF, U+0131, U+0152-0153, U+02C6, U+02DA, U+02DC, U+2000-206F, U+2074, U+20AC, U+2212, U+2215;
+}
+
+
+/* fallback */
+
+@font-face {
+    font-family: 'Material Icons';
+    font-style: normal;
+    font-weight: 400;
+    src: url(fonts/2fcrYFNaTjcS6g4U3t-Y5ZjZjT5FdEJ140U2DJYC3mY.woff2) format('woff2');
+}
+
+.material-icons {
+    font-family: 'Material Icons';
+    font-weight: normal;
+    font-style: normal;
+    font-size: 1.2em;
+    line-height: 1;
+    letter-spacing: normal;
+    text-transform: none;
+    display: inline-block;
+    white-space: nowrap;
+    word-wrap: normal;
+    direction: ltr;
+    -webkit-font-feature-settings: 'liga';
+    -webkit-font-smoothing: antialiased;
+    vertical-align: middle;
 }
diff --git a/fonts/2fcrYFNaTjcS6g4U3t-Y5ZjZjT5FdEJ140U2DJYC3mY.woff2 b/fonts/2fcrYFNaTjcS6g4U3t-Y5ZjZjT5FdEJ140U2DJYC3mY.woff2
diff --git a/includes/head.php b/includes/head.php
@@ -4,6 +4,7 @@
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <script type="text/javascript">
 var APP = {};
+APP.grids = {};
 APP.site="<?php echo $config['site']; ?>";
 APP.currency="<?php echo !empty($_SESSION['currency']) ? $_SESSION['currency'] : 'INR'; ?>";
 </script>
@@ -19,6 +20,6 @@
 <link rel="stylesheet" href="<?php echo $config['site']; ?>/scripts/jquery.ui/jquery-ui.min.css">
 <link rel="stylesheet" href="<?php echo $config['site']; ?>/scripts/jquery.ui/jquery-ui.theme.min.css">
 <link rel="stylesheet" href="<?php echo $config['site']; ?>/scripts/jquery.datatables/css/jquery.dataTables.min.css">
-<link rel="stylesheet" href="<?php echo $config['site']; ?>/scripts/jquery.datatables/css/dataTables.jquery.min.css">
+<link rel="stylesheet" href="<?php echo $config['site']; ?>/scripts/jquery.datatables/css/jquery.dataTables.min.css">
 <link rel="stylesheet" href="<?php echo $config['site']; ?>/scripts/jquery.datatables/css/dataTables.jqueryui.min.css">
 <link href="<?php echo $config['site']; ?>/style.css" rel="stylesheet">
diff --git a/includes/membervalidation.php b/includes/membervalidation.php
@@ -5,4 +5,9 @@
 if(!isset($_SESSION['user']) || empty($_SESSION['user'])) {
     header("Location: login.php?redir=".$_SERVER['PHP_SELF']);
 }
+
+if(isset($GLOBALS["__LEVEL"]) && $_SESSION['user']['access_level']>$GLOBALS["__LEVEL"]) {
+    http_response_code(403);
+    die('You are not authorized to access this page!');
+}
 ?>
diff --git a/includes/uielements.php b/includes/uielements.php
@@ -3,6 +3,6 @@
   <div class="bd"></div>
 </div>
 <div id="viewerPopup" class="dialog" title="Details">
-  <div class="bd"></div>
+  <div class="bd" style="overflow-y:auto;"></div>
 </div>
 </div>
diff --git a/index.php b/index.php
@@ -18,12 +18,12 @@
         <div class="main">
             <?php include('includes/pageheading.php'); ?>
             <div class="content">
-                <div class="twocol widgetbox">
+                <div class="twocol widgetbox userGridContainer">
                     <h1 class="sectionheading">Users</h1>
                     <table id="userGrid" class="display datagrid" cellspacing="0" style="width:100%">
                     </table>
                 </div>
-                <div class="twocol widgetbox">
+                <div class="twocol widgetbox productGridContainer">
                     <h1 class="sectionheading">Products</h1>
                     <table id="productGrid" class="display datagrid" cellspacing="0" style="width:100%">
                     </table>

diff --git a/partialpages/addUpdateUser.php b/partialpages/addUpdateUser.php
@@ -1 +1,51 @@
-User details of <?php echo $_REQUEST['id']; ?>
+<?php 
+if(!isset($_SESSION))
+    session_start();
+include_once("../config.php");
+$GLOBALS["__LEVEL"]= 1;
+include_once("../includes/membervalidation.php");
+$user = array();
+if(isset($_REQUEST['id']) && !empty($_REQUEST['id'])) {
+$conn = connect();
+$id = mysqli_real_escape_string($conn,$_REQUEST['id']);
+    $data = mysqli_query($conn,"select * from user where user_id=".$id." and access_level>0 limit 1");
+    if(mysqli_num_rows($data)<=0) {
+        die("User doesn't exist or you are not authorized to view this user's details");
+    }
+    while($row = mysqli_fetch_assoc($data)) {
+        $user = $row;
+    }
+disconnect($conn);
+}
+?>
+<div><form name="addUpdateUserForm" method="post" action="<?php echo $config['site']; ?>">
+<div class="onecol"><table border="0" cellpadding="5" cellspacing="0" class="fullwidth">
+<tr><td>Full Name</td><td><input type="text" name="full_name" id="full_name" class="fullwidth" 
+    value="<?php echo !empty($user['full_name']) ? $user['full_name'] : ''; ?>"></td></tr>
+<tr><td>Email ID</td><td><input type="text" name="email_id" id="email_id" class="fullwidth" 
+    value="<?php echo !empty($user['email_id']) ? $user['email_id'] : ''; ?>"></td></tr>
+<tr><td>Username</td><td><input type="text" name="username" id="username" class="fullwidth" 
+    value="<?php echo !empty($user['username']) ? $user['username'] : ''; ?>"></td></tr>
+<tr><td>Password</td><td><input type="password" name="password" id="password" class="fullwidth" 
+    value="<?php echo !empty($user['password']) ? $user['password'] : ''; ?>"></td></tr>
+<?php if(!isset($_REQUEST['id']) || $_SESSION['user']['user_id']!=$_REQUEST['id']) { 
+    ?>
+<tr><td>Type</td><td>
+    <select name="access_level" id="access_level" class="fullwidth">
+        <option value="1"<?php echo !empty($user['access_level']) && $user['access_level']=="1" ? ' selected ="selected"' : ''; ?>>Admin</option>
+        <option value="2"<?php echo !empty($user['access_level']) && $user['access_level']=="2" ? ' selected ="selected"' : ''; ?>>End User</option>
+    </select> 
+</td></tr> 
+<tr><td>Active</td><td><input type="checkbox" name="active_in" id="active_in" value="1"<?php echo isset($user['active_in']) && $user['active_in']=='1' ? ' checked="true"' : ''; ?>></td></tr>
+
+<?php
+}  
+?>
+<tr><td colspan="2" style="text-align:right">
+    <input type="hidden" name="user_id" id="user_id" value="<?php echo !empty($user['user_id']) ? $user['user_id'] : ''; ?>">
+    <input type="button" value="Save" onclick="javascript:addUpdateUser(window.event);" /></td></tr>
+</table>
+</div>
+
+<div class="clear"></div>
+</form></div>
diff --git a/scripts/common.js b/scripts/common.js
@@ -43,8 +43,11 @@ APP.redirecting = function() {
         'text-align:center;border-radius:0px 0px 5px 5px;">Please wait, Redirecting...</div>');
 };
 
-APP.openUrlInPopup = function(pageUrl, title, dimension) {
+function alert(msg) {
+    APP.showInfo(msg);
+}
 
+APP.openUrlInPopup = function(pageUrl, title, dimension) {
     $.ajax({
         url: APP.site + pageUrl,
         method: 'get',

diff --git a/scripts/product.js b/scripts/product.js
@@ -13,7 +13,7 @@ function renderProductListGrid(el) {
                     "sType": "string"
                 }, {
                     "sTitle": "Name",
-                    "sWidth": "35%",
+                    "sWidth": "34%",
                     "mDataProp": "prod_name",
                     "sType": "string"
                 }, {
@@ -51,5 +51,6 @@ function renderProductListGrid(el) {
                 }
             ]
         });
+        APP.grids.productTable = productTable;
     }
 }