X-Git-Url: http://wagnertech.de/gitweb/gitweb.cgi/timetracker.git/blobdiff_plain/fd0872d9e582113346fa1e93557f370286c5c9f2..refs/heads/master:/swap_roles.php diff --git a/swap_roles.php b/swap_roles.php index 0c525704..1652ae2a 100644 --- a/swap_roles.php +++ b/swap_roles.php @@ -30,31 +30,48 @@ require_once('initialize.php'); import('form.Form'); import('ttUserHelper'); -// Access check. +// Access checks. if (!ttAccessAllowed('swap_roles')) { header('Location: access_denied.php'); exit(); } - -$users = ttTeamHelper::getUsersForSwap(); - +$users_for_swap = ttTeamHelper::getUsersForSwap(); +if (!is_array($users_for_swap) || sizeof($users_for_swap) == 0) { + header('Location: access_denied.php'); + exit(); +} if ($request->isPost()) { - $cl_id = $request->getParameter('swap_with'); + $user_id = (int)$request->getParameter('swap_with'); + $user_details = $user->getUserDetails($user_id); + if (!$user_details) { + header('Location: access_denied.php'); + exit(); + } } +// End of access checks. $form = new Form('swapForm'); -$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users,'datakeys'=>array('id','name'))); +$form->addInput(array('type'=>'combobox','name'=>'swap_with','style'=>'width: 250px;','data'=>$users_for_swap,'datakeys'=>array('id','name'))); $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit'))); +$form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel'))); if ($request->isPost()) { - if (ttTeamHelper::swapRolesWith($cl_id)) { + if ($request->getParameter('btn_submit')) { + if (ttTeamHelper::swapRolesWith($user_id)) { + header('Location: users.php'); + exit(); + } else + $err->add($i18n->get('error.db')); + } + + if ($request->getParameter('btn_cancel')) { header('Location: users.php'); exit(); - } else - $err->add($i18n->get('error.db')); + } } $smarty->assign('forms', array($form->getName()=>$form->toArray())); +$smarty->assign('onload', 'onLoad="document.swapForm.btn_cancel.focus()"'); $smarty->assign('title', $i18n->get('title.swap_roles')); $smarty->assign('content_page_name', 'swap_roles.tpl'); $smarty->display('index.tpl');