To login to this system you need a username and a password. In the Users menu "Manage Users" sub menu (drop-down menu) is linked to manage_users.php file. Here you can create, edit and delete system users. In the database "users" table holds users information. Password of users are not encrypted in the database and saves as plain text format. This is not a secure method, you should always store passwords as encrypted texts where others can't recover. You simple can use a PHP hashing algorithm such as md5 hashing to store passwords. You can develop this option and improve the security of the system.
Privileges of users are stored as a comma separated text and later will be convert in to an array.
Source code of the manage_users.php file
<?php include("inc/page_header.php"); ?>
<script type="text/javascript">
function delUser(id){
var r=confirm("Are you sure you want to delete this user? all data associated with this user will be deleted or become unavailable!");
if(r==true){
window.location="func/delete_user.php?id="+id;
}
}
function addnew(){
window.location="manage_users.php";
}
</script>
<div class="wrapper">
<div class="s60">
<div class="boxtitle">Manage Users</div>
<?php
// form processing
if(isset($_POST['submit'])){
$username = $_POST['username'];
$password = $_POST['password'];
if(!isset($_POST['chkbox'])){
$error = "Please select one or more previleges for this user!";
}else{
$previleges = $_POST['chkbox'];
$prev = "";
for($i=0; $i<count($previleges); $i++){
$prev .= $previleges[$i].", ";
}
}
if($username == ''){ $error = "Please enter User Name!"; }
if($password == ''){ $error = "Please enter a Password!"; }
// duplicate check
if(isset($_GET['act'])){
$uid = $_GET['id'];
$q = mysql_query("SELECT * FROM users WHERE User_Name = '$username' AND User_ID != '$uid'");
}else{
$q = mysql_query("SELECT * FROM users WHERE User_Name = '$username'");
}
if(mysql_num_rows($q) > 0){
$error = "Another user with the same name already exists in the database. Please select a different name!";
}
if(!isset($error)){
if(isset($_GET['act'])){ // user update request
$uid = $_GET['id'];
mysql_query("
UPDATE users SET User_Name = '$username', User_Password = '$password', User_Previleges = '$prev'
WHERE User_ID = '$uid'
");
$noerror = "User details has been updated!";
}else{ // add new user request
mysql_query("
INSERT INTO users (User_Name, User_Password, User_Previleges)
VALUES ('$username', '$password','$prev')
");
$noerror = "User has been added to the database!";
}
}
}
// end of form processing
if(isset($error)){
echo "<div class=\"errordiv\">{$error}</div>";
}
if(isset($noerror)){
echo "<div class=\"noerrordiv\">";
echo $noerror;
echo "</div>";
}
?>
<?php
// user editing
if(isset($_GET['act'])){
$uid = $_GET['id'];
$q = mysql_query("SELECT * FROM users WHERE User_ID = '$uid'");
$r = mysql_fetch_assoc($q);
function checkprev($str){
$uid = $_GET['id'];
$a = mysql_query("SELECT * FROM users WHERE User_ID = '$uid'");
$b = mysql_fetch_assoc($a);
$c = $b['User_Previleges'];
if(stristr($c, $str)){
return "Checked";
}
}
}
?>
<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
<table>
<tr>
<td>User Name:</td><td><input type="text" size="35" name="username" value="<?php if(isset($_GET['act'])){ echo $r['User_Name']; } ?>"></td>
</tr>
<tr>
<td>Password:</td><td><input type="password" size="10" name="password"></td>
</tr>
<tr>
<td colspan="2" style="background-color:#D2F2D3; border:1px solid #B8F5C2; padding-left:3px; "><strong>Previleges</strong></td>
</tr>
<tr>
<td colspan="2" style="border:1px solid #B8F5C2; ">
<table>
<tr>
<td><input type="checkbox" name="chkbox[]" value="Add Stocks" <?php if(isset($_GET['act'])){ echo checkprev('Add Stocks'); } ?>> Add Stocks</td>
<td><input type="checkbox" name="chkbox[]" value="Edit Stocks" <?php if(isset($_GET['act'])){ echo checkprev('Edit Stocks'); } ?>> Edit Stocks</td>
<td><input type="checkbox" name="chkbox[]" value="View Stocks" <?php if(isset($_GET['act'])){ echo checkprev('View Stocks'); } ?>> View Stocks</td>
</tr>
<tr>
<td><input type="checkbox" name="chkbox[]" value="Manage Inventory" <?php if(isset($_GET['act'])){ echo checkprev('Manage Inventory'); } ?>> Manage Inventory</td>
<td><input type="checkbox" name="chkbox[]" value="Manage Returns/Disposals" <?php if(isset($_GET['act'])){ echo checkprev('Manage Returns/Disposals'); } ?>> Manage Returns/Disposals</td>
<td><input type="checkbox" name="chkbox[]" value="Issue Stocks" <?php if(isset($_GET['act'])){ echo checkprev('Issue Stocks'); } ?>> Issue Stocks</td>
</tr>
<tr>
<td><input type="checkbox" name="chkbox[]" value="Add/Edit Customers" <?php if(isset($_GET['act'])){ echo checkprev('Add/Edit Customers'); } ?>> Add / Edit Customers</td>
<td><input type="checkbox" name="chkbox[]" value="View Sales Reports" <?php if(isset($_GET['act'])){ echo checkprev('View Sales Reports'); } ?>> View Sales Reports</td>
<td><input type="checkbox" name="chkbox[]" value="Manage Users" <?php if(isset($_GET['act'])){ echo checkprev('Manage Users'); } ?>> Manage Users</td>
</tr>
<tr>
<td><input type="checkbox" name="chkbox[]" value="Upload Photos" <?php if(isset($_GET['act'])){ echo checkprev('Upload Photos'); } ?>> Upload Photos</td>
<td></td>
<td></td>
</tr>
</table>
</td>
</tr>
<tr><td colspan="2"> </td></tr>
<tr>
<td colspan="2"><input class="btn" type="submit" name="submit" value="<?php if(isset($_GET['act'])){ echo "Update User"; }else{ echo "Add User"; } ?>"> <?php if(isset($_GET['act'])){ echo " <input class='btn' type='button' value='« Back' onclick='addnew()' />"; } ?></td>
</tr>
</table>
</form>
</div>
<div class="s40">
<p><strong>System Users</strong></p>
<table width="97.5%" cellpadding="3px" cellspacing="1px">
<tr id="headrow">
<td>User ID</td>
<td>User Name</td>
<td>Actions</td>
</tr>
<?php
$q = mysql_query("SELECT User_ID, User_Name FROM users WHERE User_ID > '1'");
while($r = mysql_fetch_assoc($q)){
echo "<tr id=\"sh0\"><td>{$r['User_ID']}</td><td>{$r['User_Name']}</td><td>";
if($r['User_ID'] == 1){
echo " ";
}else{
echo "<a href=\"manage_users.php?act=&id={$r['User_ID']}\">Edit</a> | <a href=\"javascript: delUser({$r['User_ID']})\">Delete</a>";
}
echo "</td></tr>";
}
?>
</table>
</div>
</div>
<?php include("inc/page_footer.php"); ?>
Comments
Post a Comment