diegods/homelabdspbx
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Users: Preserve query string parameters across list and edit pages (#7922)

Browse Source 
* Users: Preserve query string parameters across list and edit pages

* Update user_edit.php

* Update user_json.php
This commit is contained in:
Alex
2026-04-28 03:12:18 +00:00
committed by GitHub
parent bab249f057
commit c9dfa0d0cf
3 changed files with 113 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files
core/users/user_edit.php
+34 -14
View File
@@ -39,12 +39,6 @@
$language = new text; $language = new text;
$text = $language->get(); $text = $language->get();
//get order and order by, page
$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_REQUEST["order_by"] ?? ''));
$order = $_REQUEST["order"] ?? 'asc';
$page = isset($_REQUEST['page']) && is_numeric($_REQUEST['page']) ? $_REQUEST['page'] : null;
$search = $_REQUEST['search'] ?? null;
//get user uuid //get user uuid
if (permission_exists('user_edit') && !empty($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) { if (permission_exists('user_edit') && !empty($_REQUEST["id"]) && is_uuid($_REQUEST["id"])) {
$user_uuid = $_REQUEST["id"]; $user_uuid = $_REQUEST["id"];
@@ -55,6 +49,32 @@
$action = 'add'; $action = 'add';
} }
// Set variables from http GET parameters
$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'username'));
$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
$search = $_GET['search'] ?? '';
$show = $_GET['show'] ?? '';
// Build the query string
$url_params = [];
if (!empty($page)) {
$url_params['page'] = $page;
}
if (!empty($_GET['order_by'])) {
$url_params['order_by'] = $order_by;
}
if (!empty($_GET['order'])) {
$url_params['order'] = $order;
}
if (!empty($search)) {
$url_params['search'] = $search;
}
if (!empty($show) && $show == 'all' && permission_exists('user_all')) {
$url_params['show'] = $show;
}
$query_string = http_build_query($url_params);
//get total user count from the database, check limit, if defined //get total user count from the database, check limit, if defined
if (permission_exists('user_add') && $action == 'add' && $settings->get('limit', 'users') != '') { if (permission_exists('user_add') && $action == 'add' && $settings->get('limit', 'users') != '') {
$sql = "select count(*) "; $sql = "select count(*) ";
@@ -66,7 +86,7 @@
if ($num_rows >= $settings->get('limit', 'users')) { if ($num_rows >= $settings->get('limit', 'users')) {
message::add($text['message-maximum_users'].' '.$settings->get('limit', 'users'), 'negative'); message::add($text['message-maximum_users'].' '.$settings->get('limit', 'users'), 'negative');
header('Location: users.php?'.(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header('Location: users.php'.($query_string ? '?'.$query_string : ''));
exit; exit;
} }
} }
@@ -91,7 +111,7 @@
$token = new token; $token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) { if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative'); message::add($text['message-invalid_token'],'negative');
header("Location: users.php?".(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header("Location: users.php".($query_string ? '?'.$query_string : ''));
exit; exit;
} }
@@ -103,7 +123,7 @@
//redirect the user //redirect the user
message::add($text['message-delete']); message::add($text['message-delete']);
header("Location: user_edit.php?id=".urlencode($user_uuid).(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header("Location: user_edit.php?id=".urlencode($user_uuid).($query_string ? '&'.$query_string : ''));
exit; exit;
} }
@@ -158,7 +178,7 @@
$token = new token; $token = new token;
if (!$token->validate($_SERVER['PHP_SELF'])) { if (!$token->validate($_SERVER['PHP_SELF'])) {
message::add($text['message-invalid_token'],'negative'); message::add($text['message-invalid_token'],'negative');
header('Location: users.php?'.(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header('Location: users.php'.($query_string ? '?'.$query_string : ''));
exit; exit;
} }
@@ -267,7 +287,7 @@
if (message::count() != 0 || !empty($invalid)) { if (message::count() != 0 || !empty($invalid)) {
if ($invalid) { message::add($text['message-required'].implode(', ', $invalid), 'negative', 7500); } if ($invalid) { message::add($text['message-required'].implode(', ', $invalid), 'negative', 7500); }
persistent_form_values('store', $_POST); persistent_form_values('store', $_POST);
header("Location: user_edit.php".(permission_exists('user_edit') && $action != 'add' ? "?id=".urlencode($user_uuid) : null).(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header("Location: user_edit.php".(permission_exists('user_edit') && $action != 'add' ? "?id=".urlencode($user_uuid) : null).($query_string ? '&'.$query_string : ''));
exit; exit;
} }
else { else {
@@ -690,7 +710,7 @@
else { else {
message::add($text['message-add'],'positive'); message::add($text['message-add'],'positive');
} }
header("Location: user_edit.php?id=".urlencode($user_uuid).(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header("Location: user_edit.php?id=".urlencode($user_uuid).($query_string ? '&'.$query_string : ''));
exit; exit;
} }
@@ -730,7 +750,7 @@
} }
else { else {
message::add($text['message-invalid_user'], 'negative', 7500); message::add($text['message-invalid_user'], 'negative', 7500);
header("Location: user_edit.php?id=".$_SESSION['user_uuid'].(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header("Location: user_edit.php?id=".$_SESSION['user_uuid'].($query_string ? '&'.$query_string : ''));
exit; exit;
} }
unset($sql, $parameters, $row); unset($sql, $parameters, $row);
@@ -816,7 +836,7 @@
echo "<div class='unsaved'>".$text['message-unsaved_changes']." <i class='fas fa-exclamation-triangle'></i></div>"; echo "<div class='unsaved'>".$text['message-unsaved_changes']." <i class='fas fa-exclamation-triangle'></i></div>";
} }
if (permission_exists('user_add') || permission_exists('user_edit')) { if (permission_exists('user_add') || permission_exists('user_edit')) {
echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','link'=>'users.php?'.(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)]); echo button::create(['type'=>'button','label'=>$text['button-back'],'icon'=>$settings->get('theme', 'button_icon_back'),'id'=>'btn_back','link'=>'users.php'.($query_string ? '?'.$query_string : '')]);
} }
$button_margin = 'margin-left: 15px;'; $button_margin = 'margin-left: 15px;';
if (permission_exists('ticket_add') || permission_exists('ticket_edit')) { if (permission_exists('ticket_add') || permission_exists('ticket_edit')) {
core/users/user_json.php
+1 -1
View File
@@ -40,7 +40,7 @@
//add the search string //add the search string
if (isset($_GET["search"])) { if (isset($_GET["search"])) {
$search = strtolower($_GET["search"]); $search = lower_case($_GET["search"]);
} }
//check to see if contact details are in the view //check to see if contact details are in the view
core/users/users.php
+78 -97
View File
@@ -17,7 +17,7 @@
The Initial Developer of the Original Code is The Initial Developer of the Original Code is
Mark J Crane <markjcrane@fusionpbx.com> Mark J Crane <markjcrane@fusionpbx.com>
Portions created by the Initial Developer are Copyright (C) 2008-2025 Portions created by the Initial Developer are Copyright (C) 2008-2026
the Initial Developer. All Rights Reserved. the Initial Developer. All Rights Reserved.
Contributor(s): Contributor(s):
@@ -39,20 +39,38 @@
$language = new text; $language = new text;
$text = $language->get(); $text = $language->get();
//set variables
$order_by = $_REQUEST["order_by"] ?? '';
$order = $_REQUEST["order"] ?? '';
$page = !empty($_REQUEST['page']) && is_numeric($_REQUEST['page']) ? $_REQUEST['page'] : 0;
$search = $_REQUEST["search"] ?? '';
$show = $_REQUEST["show"] ?? '';
$context = $_REQUEST["context"] ?? '';
//get the http post data //get the http post data
if (!empty($_POST['users'])) { if (!empty($_POST['users'])) {
$action = $_POST['action'] ?? ''; $action = $_POST['action'] ?? '';
$users = $_POST['users'] ?? ''; $users = $_POST['users'] ?? '';
} }
// Set variables from http GET parameters
$page = is_numeric($_GET['page'] ?? '') ? $_GET['page'] : 0;
$order_by = preg_replace('#[^a-zA-Z0-9_\-]#', '', ($_GET['order_by'] ?? 'username'));
$order = ($_GET['order'] ?? '') === 'desc' ? 'desc' : 'asc';
$search = $_GET['search'] ?? '';
$show = $_GET['show'] ?? '';
// Build the query string
$url_params = [];
if (!empty($page)) {
$url_params['page'] = $page;
}
if (!empty($_GET['order_by'])) {
$url_params['order_by'] = $order_by;
}
if (!empty($_GET['order'])) {
$url_params['order'] = $order;
}
if (!empty($search)) {
$url_params['search'] = $search;
}
if (!empty($show) && $show == 'all' && permission_exists('user_all')) {
$url_params['show'] = $show;
}
$query_string = http_build_query($url_params);
//get total user count from the database, check limit, if defined //get total user count from the database, check limit, if defined
if (permission_exists('user_add') && !empty($action) && $action == 'copy' && !empty($settings->get('limit', 'users'))) { if (permission_exists('user_add') && !empty($action) && $action == 'copy' && !empty($settings->get('limit', 'users'))) {
$sql = "select count(*) "; $sql = "select count(*) ";
@@ -64,7 +82,7 @@
if ($num_rows >= $settings->get('limit', 'users')) { if ($num_rows >= $settings->get('limit', 'users')) {
message::add($text['message-maximum_users'].' '.$settings->get('limit', 'users'), 'negative'); message::add($text['message-maximum_users'].' '.$settings->get('limit', 'users'), 'negative');
header('Location: users.php?'.(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header('Location: users.php'.($query_string ? '?'.$query_string : ''));
exit; exit;
} }
} }
@@ -92,43 +110,30 @@
break; break;
} }
header('Location: users.php?'.(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(isset($page) && is_numeric($page) ? '&page='.$page : null).(!empty($search) ? '&search='.urlencode($search) : null)); header('Location: users.php'.($query_string ? '?'.$query_string : ''));
exit; exit;
} }
//set from session variables //set from session variables
$list_row_edit_button = $settings->get('theme', 'list_row_edit_button', false); $list_row_edit_button = $settings->get('theme', 'list_row_edit_button', false);
//add the search string
if (!empty($search)) {
$search = strtolower($_GET["search"]);
$sql_search = " (";
$sql_search .= " lower(username) like :search ";
$sql_search .= " or lower(group_names) like :search ";
$sql_search .= " or lower(contact_organization) like :search ";
$sql_search .= " or lower(contact_name) like :search ";
$sql_search .= " or lower(contact_note) like :search ";
$sql_search .= ") ";
$parameters['search'] = '%'.$search.'%';
}
//get the count //get the count
$sql = "select count(*) from view_users "; $sql = "select count(*) from view_users ";
if ($show == "all" && permission_exists('user_all')) { $sql .= "where true ";
if (isset($sql_search)) { if (!($show == "all" && permission_exists('user_all'))) {
$sql .= "where ".$sql_search; $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
}
else {
$sql.= "where true ";
}
}
else {
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
if (!empty($sql_search)) {
$sql .= "and ".$sql_search;
}
$parameters['domain_uuid'] = $domain_uuid; $parameters['domain_uuid'] = $domain_uuid;
} }
if (!empty($search)) {
$sql .= "and (";
$sql .= " lower(username) like :search ";
$sql .= " or lower(group_names) like :search ";
$sql .= " or lower(contact_organization) like :search ";
$sql .= " or lower(contact_name) like :search ";
$sql .= " or lower(contact_note) like :search ";
$sql .= ") ";
$parameters['search'] = '%'.lower_case($search).'%';
}
$sql .= "and ( "; $sql .= "and ( ";
$sql .= " group_level <= :group_level "; $sql .= " group_level <= :group_level ";
$sql .= " or group_level is null "; $sql .= " or group_level is null ";
@@ -138,50 +143,30 @@
//prepare to page the results //prepare to page the results
$rows_per_page = $settings->get('domain', 'paging', 50); $rows_per_page = $settings->get('domain', 'paging', 50);
$param = ''; list($paging_controls, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page);
if (!empty($search)) { list($paging_controls_mini, $rows_per_page) = paging($num_rows, $query_string, $rows_per_page, true);
$param .= "&search=".$search;
$param .= !empty($fields) ? "&fields=".$fields : null;
}
if ($show == "all" && permission_exists('user_all')) {
$param .= "&show=all";
}
if (!empty($order_by)) {
$param .= "&order_by=".$order_by;
}
if (!empty($order)) {
$param .= "&order=".$order;
}
list($paging_controls, $rows_per_page) = paging($num_rows, $param, $rows_per_page);
list($paging_controls_mini, $rows_per_page) = paging($num_rows, $param, $rows_per_page, true);
$offset = $rows_per_page * $page; $offset = $rows_per_page * $page;
if (!empty($order_by)) {
$param = str_replace("&order_by=".$order_by, '', $param);
}
if (!empty($order)) {
$param = str_replace("&order=".$order, '', $param);
}
//get the list //get the list
$sql = "select domain_name, domain_uuid, user_uuid, username, group_names, "; $sql = "select domain_name, domain_uuid, user_uuid, username, group_names, ";
$sql .= "contact_organization,contact_name,contact_note, "; $sql .= "contact_organization,contact_name,contact_note, ";
$sql .= "cast(user_enabled as text) "; $sql .= "cast(user_enabled as text) ";
$sql .= "from view_users "; $sql .= "from view_users ";
if ($show == "all" && permission_exists('user_all')) { $sql .= "where true ";
if (isset($sql_search)) { if (!($show == "all" && permission_exists('user_all'))) {
$sql .= "where ".$sql_search; $sql .= "and (domain_uuid = :domain_uuid or domain_uuid is null) ";
}
else {
$sql.= "where true ";
}
}
else {
$sql .= "where (domain_uuid = :domain_uuid or domain_uuid is null) ";
if (isset($sql_search)) {
$sql .= "and ".$sql_search;
}
$parameters['domain_uuid'] = $domain_uuid; $parameters['domain_uuid'] = $domain_uuid;
} }
if (!empty($search)) {
$sql .= "and (";
$sql .= " lower(username) like :search ";
$sql .= " or lower(group_names) like :search ";
$sql .= " or lower(contact_organization) like :search ";
$sql .= " or lower(contact_name) like :search ";
$sql .= " or lower(contact_note) like :search ";
$sql .= ") ";
$parameters['search'] = '%'.lower_case($search).'%';
}
$sql .= "and ( "; $sql .= "and ( ";
$sql .= " group_level <= :group_level "; $sql .= " group_level <= :group_level ";
$sql .= " or group_level is null "; $sql .= " or group_level is null ";
@@ -219,20 +204,20 @@
if (permission_exists('user_delete') && $users) { if (permission_exists('user_delete') && $users) {
echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$settings->get('theme', 'button_icon_delete'),'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','onclick'=>"modal_open('modal-delete','btn_delete');"]); echo button::create(['type'=>'button','label'=>$text['button-delete'],'icon'=>$settings->get('theme', 'button_icon_delete'),'id'=>'btn_delete','name'=>'btn_delete','style'=>'display: none;','onclick'=>"modal_open('modal-delete','btn_delete');"]);
} }
echo "<form id='form_search' class='inline' method='get'>\n"; echo " <form id='form_search' class='inline' method='get'>\n";
if (permission_exists('user_all')) { foreach ($url_params as $key => $value) {
if ($show == 'all') { if ($key !== 'search' && $key !== 'page') {
echo " <input type='hidden' name='show' value='all'>\n"; echo " <input type='hidden' name='".escape($key)."' value='".escape($value)."'>\n";
}
else {
echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$settings->get('theme', 'button_icon_all'),'link'=>'?show=all']);
} }
} }
echo "<input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>"; if ($show !== 'all' && permission_exists('user_all')) {
echo button::create(['type'=>'button','label'=>$text['button-show_all'],'icon'=>$settings->get('theme', 'button_icon_all'),'link'=>'?show=all']);
}
echo " <input type='text' class='txt list-search' name='search' id='search' value=\"".escape($search)."\" placeholder=\"".$text['label-search']."\" onkeydown=''>";
echo button::create(['label'=>$text['button-search'],'icon'=>$settings->get('theme', 'button_icon_search'),'type'=>'submit','id'=>'btn_search']); echo button::create(['label'=>$text['button-search'],'icon'=>$settings->get('theme', 'button_icon_search'),'type'=>'submit','id'=>'btn_search']);
//echo button::create(['label'=>$text['button-reset'],'icon'=>$settings->get('theme', 'button_icon_reset'),'type'=>'button','id'=>'btn_reset','link'=>'users.php','style'=>($search == '' ? 'display: none;' : null)]); //echo button::create(['label'=>$text['button-reset'],'icon'=>$settings->get('theme', 'button_icon_reset'),'type'=>'button','id'=>'btn_reset','link'=>'users.php','style'=>($search == '' ? 'display: none;' : null)]);
if ($paging_controls_mini != '') { if ($paging_controls_mini != '') {
echo "<span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n"; echo " <span style='margin-left: 15px;'>".$paging_controls_mini."</span>\n";
} }
echo " </form>\n"; echo " </form>\n";
echo " </div>\n"; echo " </div>\n";
@@ -254,10 +239,6 @@
echo "<form id='form_list' method='post'>\n"; echo "<form id='form_list' method='post'>\n";
echo "<input type='hidden' id='action' name='action' value=''>\n"; echo "<input type='hidden' id='action' name='action' value=''>\n";
echo "<input type='hidden' name='order_by' value=\"".escape($order_by)."\">\n";
echo "<input type='hidden' name='order' value=\"".escape($order)."\">\n";
echo "<input type='hidden' name='page' value=\"".escape($page)."\">\n";
echo "<input type='hidden' name='search' value=\"".escape($search)."\">\n";
echo "<div class='card'>\n"; echo "<div class='card'>\n";
echo "<table class='list'>\n"; echo "<table class='list'>\n";
@@ -268,17 +249,17 @@
echo " </th>\n"; echo " </th>\n";
} }
if ($show == 'all' && permission_exists('user_all')) { if ($show == 'all' && permission_exists('user_all')) {
echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, null, null, $param); echo th_order_by('domain_name', $text['label-domain'], $order_by, $order, null, null, $query_string);
} }
echo th_order_by('username', $text['label-username'], $order_by, $order, null, null, $param); echo th_order_by('username', $text['label-username'], $order_by, $order, null, null, $query_string);
echo th_order_by('group_names', $text['label-groups'], $order_by, $order, null, null, $param); echo th_order_by('group_names', $text['label-groups'], $order_by, $order, null, null, $query_string);
echo th_order_by('contact_organization', $text['label-organization'], $order_by, $order, null, null, $param); echo th_order_by('contact_organization', $text['label-organization'], $order_by, $order, null, null, $query_string);
echo th_order_by('contact_name', $text['label-name'], $order_by, $order, null, null, $param); echo th_order_by('contact_name', $text['label-name'], $order_by, $order, null, null, $query_string);
//echo th_order_by('contact_name_family', $text['label-contact_name_family'], $order_by, $order); //echo th_order_by('contact_name_family', $text['label-contact_name_family'], $order_by, $order, null, null, $query_string);
//echo th_order_by('user_status', $text['label-user_status'], $order_by, $order); //echo th_order_by('user_status', $text['label-user_status'], $order_by, $order, null, null, $query_string);
//echo th_order_by('add_date', $text['label-add_date'], $order_by, $order); //echo th_order_by('add_date', $text['label-add_date'], $order_by, $order, null, null, $query_string);
echo th_order_by('contact_note', $text['label-contact_note'], $order_by, $order, null, "class='center'", $param); echo th_order_by('contact_note', $text['label-contact_note'], $order_by, $order, null, "class='center'", $query_string);
echo th_order_by('user_enabled', $text['label-user_enabled'], $order_by, $order, null, "class='center'", $param); echo th_order_by('user_enabled', $text['label-user_enabled'], $order_by, $order, null, "class='center'", $query_string);
if (permission_exists('user_edit') && $list_row_edit_button) { if (permission_exists('user_edit') && $list_row_edit_button) {
echo " <td class='action-button'>&nbsp;</td>\n"; echo " <td class='action-button'>&nbsp;</td>\n";
} }
@@ -288,7 +269,7 @@
foreach ($users as $row) { foreach ($users as $row) {
$list_row_url = ''; $list_row_url = '';
if (permission_exists('user_edit')) { if (permission_exists('user_edit')) {
$list_row_url = "user_edit.php?id=".urlencode($row['user_uuid']).(!empty($order_by) ? '&order_by='.$order_by.'&order='.$order : null).(is_numeric($page) ? '&page='.urlencode($page) : null).(!empty($search) ? '&search='.$search : null); $list_row_url = "user_edit.php?id=".urlencode($row['user_uuid']).($query_string ? '&'.$query_string : '');
if ($row['domain_uuid'] != $_SESSION['domain_uuid'] && permission_exists('domain_select')) { if ($row['domain_uuid'] != $_SESSION['domain_uuid'] && permission_exists('domain_select')) {
$list_row_url .= '&domain_uuid='.urlencode($row['domain_uuid']).'&domain_change=true'; $list_row_url .= '&domain_uuid='.urlencode($row['domain_uuid']).'&domain_change=true';
} }
@@ -349,4 +330,4 @@
//include the footer //include the footer
require_once "resources/footer.php"; require_once "resources/footer.php";
?> ?>