Pannello gestione utenti/moduli

2015-10-15 13:40:45 +02:00
parent 6c42d75681
commit 1bacc3232e
12 changed files with 284 additions and 144 deletions
--- a/core/function.php
+++ b/core/function.php
@@ -336,18 +336,29 @@ function lista_moduli () {
 			FROM
 				utenti
 			JOIN
-				permessi ON utenti.id = permessi.id_utenti
+				permessi ON utenti.id = permessi.id_utenti AND permessi.accesso > 0
 			JOIN
 				moduli ON moduli.id = permessi.id_moduli
 			WHERE
 				utenti.utente = '".$_SESSION['username']."'
 			AND
 				moduli.attivo = 1
 		";
 	$menu[] =	array("Home", $CONF['base_url']."/core/main.php");
 	if ($UTENTE['admin']) {
 		$menu[]	=	array("Configurazione", $CONF['base_url']."/core/conf.php");
-		$query .= " OR  moduli.superadmin = 1";
+		$query .= "	UNION DISTINCT SELECT
 					moduli.nome AS nome,
 					moduli.directory AS directory
 				FROM
 					moduli
 				WHERE
 					moduli.superadmin > 0
 				AND
 					moduli.attivo = 1
 			";
 	}
 	$res = mysql_query( $query, $DB_ID );
@@ -379,4 +390,57 @@ function lista_moduli () {
 <?php
 }
 function diritti () {
 	global $UTENTE, $DB_ID, $CONF;
 	preg_match ('/^'.preg_replace('/\//','\/',$CONF['base_url']).'\/([^\/]+)\/.*/', $_SERVER['REQUEST_URI'], $trovato);
 	$modulo = $trovato[1];
 	$query = "	SELECT 
 				permessi.accesso AS accesso
 			FROM
 				moduli
 			JOIN
 				permessi ON moduli.id = permessi.id_moduli AND permessi.id_utenti = ".$UTENTE['id']."
 			WHERE
 				moduli.directory = '$modulo'
 			AND
 				moduli.attivo = 1
 			UNION DISTINCT SELECT 
 				moduli.superadmin 
 			FROM 
 				moduli 
 			JOIN 
 				utenti ON utenti.id = ".$UTENTE['id']." AND utenti.admin = 1 
 			WHERE 
 				moduli.directory = '$modulo'
 		";
 	$res = mysql_query( $query, $DB_ID );
 	if ($dato = mysql_fetch_array ($res)) {
 		$risposta = $dato['accesso'];
 	} else {
 		$risposta = 0;
 	}
 	if ($risposta) {
 		return $risposta;
 	} else {
 		header("location: ".$CONF['base_url']."/index.php");
 		exit;
 	}
 }
 function get_levels () {
 	global $DB_ID;
 	$query = "SELECT nome, livello FROM livelli ORDER BY livello";
 	$res = mysql_query( $query, $DB_ID );
 	$livelli = array();
 	while ($dato = mysql_fetch_array ($res)) {
 		$livelli[$dato['livello']] = $dato['nome'];
 	}
 	return $livelli;
 }
 ?>
--- a/out.txt
+++ b/out.txt
@@ -1,2 +0,0 @@
 0
 DELETE FROM utenti2defrule WHERE idutente = 4 AND iddefrule = 10
--- a/permessiutenti.php
+++ b/permessiutenti.php
@@ -1,98 +0,0 @@
 <?php
 include_once ("core/config.php");
 $UTENTE = login();
 isadmin();
 ?>
 <?php include_once ("top.php");
 $querypermessi = "SELECT iddefrule FROM utenti2defrule WHERE idutente = ".$_GET['id'];
 $res = mysql_query( $querypermessi, $DB_ID );
 $permessiutente = array();
 while ($dato = mysql_fetch_array ( $res )) { $permessiutente[] = $dato['iddefrule']; }
 ?>
 <script type="text/javascript" src="jquery/jquery-1.8.0.min.js"></script>
 <script type="text/javascript">
 $(function(){
 	$(".checkrule").click(function(){
 		var stato = $(this).is(':checked');
 		var id = $(this).val();
 		$.post("updatepermessi.php", {
 			stato: stato,
 			iddefrule: id,
 			idutente: <?php print $_GET['id'] ?>
 		});
 	});
 });
 </script>
 <table cellpadding="0" cellspacing="0" border="0" width="90%">
 	<tr>
 		<td width="5%"><img src="img/spazio.gif"></td>
 		<td>
 		<select name='device' onchange="window.location.href='?id=<?php print $_GET['id']?>&interfaccia='+this.options[this.selectedIndex].value;">
 			<option name='device' value='' >Selezionare interfaccia</option>
 <?php 	
 		$query = "SELECT id, device FROM interfacce";
 		$res = mysql_query( $query, $DB_ID );
 		while ($dato = mysql_fetch_array ( $res )) { ?>
 			<option name='device' value='<?php print $dato['id']?>' <?php if ($_GET['interfaccia'] == $dato['id']) { print "selected"; } ?>><?php print $dato['device'] ?></option>
 <?php		} ?>
 		</select>
 		</td>
 		<td><img src="img/spazio.gif"></td>
 	</tr>
 	<tr><td class="spaziov" colspan=5><img src="img/spazio.gif"></td></tr>
 	<table cellpadding="0" cellspacing="0" border="0" width="90%">
 <?php
 livelli ($_GET['interfaccia'], 0, 0, 10);
 ?>
 </table>
 <img src="img/spazio.gif" width="1" height="20" alt="">
 <?php include_once ("footer.php"); ?>
 <?php
 function livelli ($device, $parent, $livello, $maxliv) {
 	global $DB_ID, $permessiutente;
 	$query = "SELECT * FROM defrule WHERE stato <> 3 AND idparent = '$parent' AND idinterfacce = $device ORDER BY priorita";
 	$res = mysql_query( $query, $DB_ID );
 	while ($dato = mysql_fetch_array ( $res )) {
 		$queryint = "SELECT count(id) AS figli FROM defrule WHERE stato<>3 AND idparent = ".$dato['id'];
 		$queryrule = "SELECT COUNT(id) AS numrule FROM rule WHERE iddefrule = ".$dato['id'];
 		$resint = mysql_query( $queryint, $DB_ID );
 		$resrule = mysql_query( $queryrule, $DB_ID );
 		$datofigli = mysql_fetch_array ( $resint );
 		$datorule = mysql_fetch_array ( $resrule );
 		$numfigli = $datofigli['figli'];
 		$numrule = $datorule['numrule'];
 ?>
 	<tr>
 		<td class="spazioh" nowrap>
 <?php			if ($dato['attivo']) { ?>
 			<img border=0 src="img/attivo.gif" ALT="Disattiva regola" TITLE="Disattiva regola"></a>
 <?php			} else { ?>
 			<img border=0 src="img/non_attivo.gif" ALT="Attiva regola" TITLE="Attiva regola"></a>
 <?php			} ?>
 		</td>
 		<td class="defrulenome" nowrap>
 <?php 		for ($i=0; $i<$livello; $i++) { ?>
 			<img border=0 src="img/spaziocol.gif">
 <?php		} ?>
 			<?php printf ("%s",creanome($dato['id'])) ?>
 		</td>
 		<td class="spazioh"><img src="img/spazio.gif"></td>
 		<td class="defruletxt" nowrap><?php print $dato['descrizione'] ?></td>
 		<td class="spazioh">
 			<input class="checkrule" type="checkbox" value=<?php print $dato['id']?> <?php if (in_array($dato['id'], $permessiutente)) { print "checked=\"checked\""; } ?>>	
 		</td>
 	</tr>
 <?php	livelli ($device, $dato['id'], $livello+1, 10);
 	}
 }
 ?>
--- a/proxy/index.php
+++ b/proxy/index.php
@@ -0,0 +1,17 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
 $DIRITTI = diritti();
 ?>
 <?php include_once ("../core/top.php");?> 
 <?php include_once ("../core/footer.php"); ?>
--- a/updatepermessi.php
+++ b/updatepermessi.php
@@ -1,30 +0,0 @@
 <?php
 include_once ("core/config.php");
 $UTENTE = login();
 isadmin();
 if ($_POST['stato'] == 'true') {
 	$stato = 1;
 } else {
 	$stato = 0;
 }
 $iddefrule = $_POST['iddefrule'];
 $idutente = $_POST['idutente'];
 if ($stato) {
 	$query = "INSERT INTO utenti2defrule SET idutente = $idutente, iddefrule = $iddefrule";	
 } else {
 	$query = "DELETE FROM utenti2defrule WHERE idutente = $idutente AND iddefrule = $iddefrule";	
 }
 $res = mysql_query( $query, $DB_ID );
 /* Attivare solo per debug
 $fp = fopen('out.txt', 'w');
 fwrite($fp, $stato);
 fwrite($fp, "\n");
 fwrite($fp, $query);
 fwrite($fp, "\n");
 fclose($fp);
 */
 ?>
--- a/utenti/dettlogutenti.php
+++ b/utenti/dettlogutenti.php
@@ -1,7 +1,8 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-isadmin();
+$DIRITTI = diritti();
 //isadmin();
 ?>
 <body>
 <link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/css/stile.css" />
--- a/utenti/index.php
+++ b/utenti/index.php
@@ -1,7 +1,8 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-isadmin();
+$DIRITTI = diritti();
 //isadmin();
 ?>
 <?php include_once ("../core/top.php");?> 
--- a/utenti/logutenti.php
+++ b/utenti/logutenti.php
@@ -1,7 +1,8 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-isadmin();
+$DIRITTI = diritti();
 //isadmin();
 ?>
 <body>
 <link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/css/stile.css" />
--- a/utenti/modutenti.php
+++ b/utenti/modutenti.php
@@ -1,7 +1,7 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
-//isadmin();
+$DIRITTI = diritti();
 ?>
 <?php include_once ("../core/top.php"); ?>
@@ -16,6 +16,7 @@ if (isset($_GET['id'])) {
 } else if (isset ($_POST['id'])) {
 	$modifica = 2;
 	$id 		= $_POST['id'];
 	$rm 		= $_POST['rm'];
 	$utente 	= $_POST['utente'];
 	$password1 	= $_POST['password1'];
 	$password2	= $_POST['password2'];
@@ -33,7 +34,11 @@ if (isset($_GET['id'])) {
 		$querypwd = "";
 	}
-	if ($id > 0) {
+	if ( $rm == 1) {
 		$testo = "L'utente e' stato correttamente rimosso";
 		$query = "DELETE FROM permessi WHERE id_utenti = $id";
 		$query2 = "DELETE FROM utenti WHERE id = $id";
 	} elseif ($id > 0) {
 		$testo = "L'utente e' stato correttamente modificato";
 		$query = "UPDATE utenti SET $querypwd admin = $admin, attivo=$attivo, modifica = NOW(), mail='$mail'  WHERE `id`=$id";
 	} else {
@@ -47,7 +52,7 @@ if (isset($_GET['id'])) {
 	</tr>
 	<tr>
 		<td>
-<?php	if (mysql_query( $query, $DB_ID )) { ?>
+<?php	if (mysql_query( $query, $DB_ID ) && ((!is_null ($query2) && mysql_query( $query2, $DB_ID )) || (is_null ($query2)))) { ?>
 <?php print $testo ?><br>
 <?php	} else { ?>
 Non e' stato possibile eseguire l'operazione richiesta a causa di un errore: <?php print mysql_error() ?><br>
@@ -59,7 +64,7 @@ Non e' stato possibile eseguire l'operazione richiesta a causa di un errore: <?p
 		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td>
 	</tr>
 	<tr>
-		<td><input type="button" value="Ok" onclick="location.href = 'utenti.php';"></button></td>
+		<td><input type="button" value="Ok" onclick="location.href = '<?php print $CONF['base_url'] ?>/utenti/index.php';"></button></td>
 	</tr>
 	<tr>
 		<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td>
@@ -74,13 +79,17 @@ Non e' stato possibile eseguire l'operazione richiesta a causa di un errore: <?p
 <?php if (($modifica == 0 || $modifica == 1) && !isset($_GET['rm'])) { ?>
 <script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.js"></script>
 <script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.js"></script>
 <script type="text/javascript" src="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.password.js"></script>
 <link rel="stylesheet" type="text/css" href="<?php print $CONF['base_url'] ?>/jquery/jquery.validate.password.css" />
 <script type="text/javascript">
 function DoSubmit(){
 	document.getElementById("rm").value = '1';
 	return true;
 }
 $(document).ready(function() 
 {
 	$("#modulo").validate( {
@@ -136,9 +145,10 @@ $(document).ready(function()
 <form action="modutenti.php" method="post" id="modulo">
 <table cellpadding="0" cellspacing="0" border="0" width="90%">
 <?php if ($modifica == 1) { ?>
-<input type="hidden" name="id" value="<?php print $dato['id'] ?>">
+<input type="hidden" name="id" id="id" value="<?php print $dato['id'] ?>">
 <input type="hidden" name="rm" id="rm" value="0">
 <?php } else { ?>
-<input type="hidden" name="id" value="-1">
+<input type="hidden" name="id" d="id" value="-1">
 <?php } ?>
 <tr>
 	<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="30" height="1" alt=""></td>
@@ -158,7 +168,11 @@ $(document).ready(function()
 	<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="80" height="1" alt=""></td>
 	<td>Attivo <input name="attivo" type="checkbox" value=1 <?php if ($dato['attivo']) { print "checked=\"checked\""; } ?>></td>
 	<td><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="20" height="1" alt=""></td>
 <?php	if ($UTENTE['admin']) { ?>
 	<td>Admin <input name="admin" type="checkbox" value=1 <?php if ($dato['admin']) { print "checked=\"checked\""; } ?>></td>
 <?php	} else { ?>
 	<td>&nbsp;</td>
 <?php	} ?>
 	<td colspan="4"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="250" height="1" alt=""></td>
 </tr>
 <tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="5" alt=""></td></tr>
@@ -195,7 +209,11 @@ $(document).ready(function()
 <tr><td align="center" colspan="9">
 	<input type="submit" value="<?php print $bottone ?>">
 	&nbsp;&nbsp;&nbsp;
-	<input type="button" value="Annulla" onclick="location.href = 'utenti.php';"></button>
+	<input type="button" value="Annulla" onclick="location.href = '<?php print $CONF['base_url'] ?>/utenti/index.php';"></button>
 <?php	if ($modifica == 1) { ?>
 	&nbsp;&nbsp;&nbsp;
 	<input type="submit" value="Rimuovi" onclick="DoSubmit()">
 <?php 	} ?>
 </td></tr>
 <tr><td colspan="9"><img src="<?php print $CONF['base_url'] ?>/img/spazio.gif" width="1" height="10" alt=""></td></tr>
@@ -203,4 +221,4 @@ $(document).ready(function()
 </form>
 <?php } ?>
-<?php include_once ("footer.php"); ?>
+<?php include_once ("../core/footer.php"); ?>
--- a/utenti/out.txt
+++ b/utenti/out.txt
@@ -0,0 +1,18 @@
 	INSERT INTO
 			permessi
 		SET
 			id_utenti = 2,
 			id_moduli = (	SELECT
 						id
 					FROM
 						moduli
 					WHERE
 						nome = 'Utenti' AND attivo = 1
 					),
 			accesso = 1,
 			modifica = NOW()
 		ON DUPLICATE KEY UPDATE
 			accesso = 1,
 			modifica = NOW()
--- a/utenti/permessiutenti.php
+++ b/utenti/permessiutenti.php
@@ -0,0 +1,112 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
 $DIRITTI = diritti();
 include_once ("../core/top.php");
 $query = "	SELECT
 			id,
 			nome,
 			max(accesso) AS accesso
 		FROM
 			(SELECT
 				moduli.id AS id,
 				moduli.nome AS nome,
 				permessi.accesso AS accesso
 			FROM
 				permessi
 			JOIN
 				moduli ON permessi.id_moduli = moduli.id AND moduli.attivo = 1
 			WHERE
 				permessi.id_utenti = ".$_GET['id']."
 			UNION DISTINCT
 			SELECT 
 				moduli.id AS id,
 				moduli.nome AS nome,
 				0 AS accesso
 			FROM
 				moduli
 			WHERE
 				moduli.attivo = 1) s
 			GROUP BY
 				nome
 			ORDER BY
 				nome
 ";
 $permessi = mysql_query( $query, $DB_ID );
 $query = "	SELECT 
 			utente, 
 			admin
 		FROM 
 			utenti
 		WHERE
 			id = ".$_GET['id']."
 		AND
 			attivo = 1
 ";
 $res = mysql_query( $query, $DB_ID );
 $dato = mysql_fetch_array ($res);
 $livelli = get_levels();
 //$livelli = array(0=>"Negato", 5=>"Utente", 10=>"Admin");
 ?>
 <script type="text/javascript" src="<?php print $CONF['base_url']?>/jquery/jquery-1.8.0.min.js"></script>
 <table cellpadding="0" cellspacing="0" border="0" width="40%">
 <tr>
 <?php	if ($dato['admin']) { ?>
 		<td rowspan=2 class="col3btn"><img border=0 src="<?php print $CONF['base_url'] ?>/img/admin.png" ALT="Admin" TITLE="Admin"></td>
 <?php	} else { ?>
 		<td rowspan=2 class="col3btn"><img border=0 src="<?php print $CONF['base_url'] ?>/img/utente.png" ALT="Utente" TITLE="Utente"></td>
 <?php	} ?>
 		<td class="col3campo2"><?php print $dato['utente'] ?></td>
 </tr>
 </table>
 <img src="img/spazio.gif" width="1" height="20" alt="">
 <table cellpadding="0" cellspacing="0" border="0" width="60%">
 <?php while ($dato = mysql_fetch_array ( $permessi )) { ?>
 <tr>
 <td class="col3campo2"><?php print $dato['nome']?></td>
 <td>
 	<select name='<?php print $dato['nome']?>' class="cambio" >
 <?php 	foreach ($livelli as $i => $v) { ?>
 		<option name='<?php print $dato['nome']?>' value='<?php print $i ?>' <?php if ($i == $dato['accesso']) { print "selected"; } ?>><?php print $livelli[$i] ?></option>
 <?php } ?>
 	</select>
 </td>
 </tr>
 <tr><td colspan=2><img src="img/spazio.gif" width="1" height="5" alt=""></td></tr>
 <?php } ?>
 </table>
 <img src="img/spazio.gif" width="1" height="20" alt="">
 <script type="text/javascript">
 $(function(){
 	$('.cambio').on('change', function(){
 		var usr = <?php print $_GET['id'] ?>;
 		var acc = $(this).val();
 		var mod = $(this).attr('name');
 	$.ajax({
 		url: "updatepermessi.php",
 		dataType: "json",
 		data: {
 			user_id: usr,
 			accesso: acc,
 			modulo: mod
 		},
 		success: function(data) {
 //        data contiene i ritorni dalla pagina chiamata ma devono essere in json
 		}
 	}	);
 	});
 })
 </script>
 <?php include_once ("../core/footer.php"); ?>
--- a/utenti/updatepermessi.php
+++ b/utenti/updatepermessi.php
@@ -0,0 +1,38 @@
 <?php
 include_once ("../core/config.php");
 $UTENTE = login();
 $DIRITTI = diritti();
 $user_id = $_GET['user_id'];
 $accesso = $_GET['accesso'];
 $modulo = $_GET['modulo'];
 $query = "	INSERT INTO
 			permessi
 		SET
 			id_utenti = $user_id,
 			id_moduli = (	SELECT
 						id
 					FROM
 						moduli
 					WHERE
 						nome = '$modulo' AND attivo = 1
 					),
 			accesso = $accesso,
 			modifica = NOW()
 		ON DUPLICATE KEY UPDATE
 			accesso = $accesso,
 			modifica = NOW()
 ";
 $res = mysql_query( $query, $DB_ID );
 /* Attivare solo per debug
 $fp = fopen('out.txt', 'w');
 fwrite($fp, $stato);
 fwrite($fp, "\n");
 fwrite($fp, $query);
 fwrite($fp, "\n");
 fclose($fp);
 */
 ?>
		`@@ -1,2 +0,0 @@`
			`0`
			`DELETE FROM utenti2defrule WHERE idutente = 4 AND iddefrule = 10`