Basic User Management
Basic User Management

file:a/README.md -> file:b/README.md
--- a/README.md
+++ b/README.md

--- a/Resources/main.js
+++ b/Resources/main.js
@@ -1,7 +1,63 @@
 var count=30;
 var counter=''
 
+	
+	function comparePwds(){
+	  
+	  
+	  var pass = document.getElementById('frmPass');
+	  var nomatch = document.getElementById('PassNoMatch');
+	  
+	 if (pass.value != document.getElementById('frmPassConf').value){
+	   nomatch.innerHTML = "Passwords don't match";
+	   nomatch.style.display = 'inline-block';
+	   
+	   return false;
+	 }
+	 
+	 if (pass.value == null || pass.value == ''){
+	   
+	   document.getElementById('PassNoMatch').innerHTML = "You must set a password";
+	   nomatch.style.display = 'inline-block';
+	   return false;
+	 }
+	 nomatch.style.display = 'none';
+	  return true;  
+	  
+	}
+	
+	
+	function validateUserAdd(){
+	  var username = document.getElementById('frmUsername');
+	  var RealName = document.getElementById('frmRName');
+	  var error = 0;
+	  
+	 if (username.value == null || username.value == ''){
+	  username.className = 'frmEntryMissed'; 
+	  error = 1;
+	 }
+	 
+	 
+	   if (RealName.value == null || RealName.value == ''){
+	  RealName.className = 'frmEntryMissed'; 
+	  error = 1;
+	 }
+	  
+	  if (!comparePwds()){
 	    
+	   error = 1; 
+	  }
+	  
+	  if (error == 1){
+	    
+	   alert("Please correct input errors and re-submit");
+	   return false;
+	  }
+	  
+	  return true;
+	}
+	
+	
 function getCreds(id){
 
   var xmlhttp;

--- /dev/null
+++ b/Resources/main.js~
@@ -1,1 +1,474 @@
-
+var count=30;
+var counter=''
+
+	
+	function comparePwds(){
+	  
+	  
+	  var pass = document.getElementById('frmPass');
+	  var nomatch = document.getElementById('PassNoMatch');
+	  
+	 if (pass.value != document.getElementById('frmPassConf').value){
+	   nomatch.innerHTML = "Passwords don't match";
+	   nomatch.style.display = 'inline-block';
+	   
+	   return false;
+	 }
+	 
+	 if (pass.value == null || pass.value == ''){
+	   
+	   document.getElementById('PassNoMatch').innerHTML = "You must set a password";
+	   nomatch.style.display = 'inline-block';
+	   return false;
+	 }
+	 nomatch.style.display = 'none';
+	  return true;  
+	  
+	}
+	
+	
+	function validateUserAdd(){
+	  var username = document.getElementById('frmUsername');
+	  var RealName = document.getElementById('frmRName');
+	  var error = 0;
+	  
+	 if (username.value == null || username.value == ''){
+	  username.className = 'frmEntryMissed'; 
+	  error = 1;
+	 }
+	 
+	 
+	   if (RealName.value == null || RealName.value == ''){
+	  username.className = 'frmEntryMissed'; 
+	  error = 1;
+	 }
+	  
+	  if (!comparePwds()){
+	    
+	   error = 1; 
+	  }
+	  
+	  if (error == 1){
+	    
+	   alert("Please correct input errors and re-submit");
+	   return false;
+	  }
+	  
+	  return true;
+	}
+	
+	
+function getCreds(id){
+
+  var xmlhttp;
+var resp;
+var jsonObj;
+
+var clicky = document.getElementById('retrievePassword'+id);
+var Address = document.getElementById('Address'+id);
+var User = document.getElementById('UserName'+id);
+var Pass = document.getElementById('Password'+id);
+
+  if (window.XMLHttpRequest)
+  {// code for IE7+, Firefox, Chrome, Opera, Safari
+xmlhttp=new XMLHttpRequest();
+  }
+else
+ {// code for IE6, IE5
+  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
+  }
+xmlhttp.onreadystatechange=function()
+  {
+if (xmlhttp.readyState==4 && xmlhttp.status==200)
+    {
+    resp = xmlhttp.responseText.split('|..|');
+    if (resp[0] == 0){
+     // Request failed, authentication issue maybe? 
+      clicky.innerHTML = 'Failed to retrieve credentials. Click to try again';
+      return false;
+    }
+     
+      Address.innerHTML = resp[2];
+      Pass.innerHTML = resp[1];
+      User.innerHTML = resp[3];
+      count=30;
+      clicky.innerHTML = 'Displaying Password for ' +count+ ' seconds';
+      counter=setInterval("Credtimer('"+id+"')", 1000);
+      
+      }
+      
+      
+      
+      
+
+    }
+  
+  
+  
+xmlhttp.open("POST","api.php",true);
+xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
+xmlhttp.send('option=retCred&id='+id);
+ 
+}
+
+
+
+
+function DelCust(id){
+
+  var xmlhttp;
+var resp;
+var jsonObj;
+
+
+if (!confirm("Are you sure you want to delete this customer and all associated credentials?")){
+ return false; 
+}
+
+
+var credrow = document.getElementById('CustDisp'+id);
+var notify = document.getElementById('NotificationArea');
+   
+if (document.getElementById('Custmenu'+id)){
+	var menu = document.getElementById('Custmenu'+id);
+      }
+     
+
+
+  if (window.XMLHttpRequest)
+  {// code for IE7+, Firefox, Chrome, Opera, Safari
+xmlhttp=new XMLHttpRequest();
+  }
+else
+ {// code for IE6, IE5
+  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
+  }
+xmlhttp.onreadystatechange=function()
+  {
+if (xmlhttp.readyState==4 && xmlhttp.status==200)
+    {
+    resp = xmlhttp.responseText.split('|..|');
+    if (resp[0] == 0 || resp[1] == 0){
+     // Request failed, authentication issue maybe? 
+      notify.innerHTML += '<div class="alert alert-error">Failed to Delete</div>';
+      return false;
+    }
+      credrow.parentNode.removeChild(credrow);
+    notify.innerHTML += '<div class="alert alert-success">Customer and all associated credentials Deleted</div>';
+
+
+      
+	  if (menu){
+	  menu.parentNode.removeChild(menu);
+	  }
+      
+      }
+      
+      
+      
+      
+
+    }
+  
+  
+  
+xmlhttp.open("POST","api.php",true);
+xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
+xmlhttp.send('option=delCust&id='+id);
+ 
+}
+
+
+
+
+function delGroup(id){
+
+  var xmlhttp;
+var resp;
+var jsonObj;
+
+
+if (!confirm("Are you sure you want to delete this group (any credentials recorded against the group will be deleted)?")){
+ return false; 
+}
+
+
+var credrow = document.getElementById('GroupDisp'+id);
+
+
+
+var notify = document.getElementById('NotificationArea');
+
+
+  if (window.XMLHttpRequest)
+  {// code for IE7+, Firefox, Chrome, Opera, Safari
+xmlhttp=new XMLHttpRequest();
+  }
+else
+ {// code for IE6, IE5
+  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
+  }
+xmlhttp.onreadystatechange=function()
+  {
+if (xmlhttp.readyState==4 && xmlhttp.status==200)
+    {
+    resp = xmlhttp.responseText.split('|..|');
+    if (resp[0] == 0 || resp[1] == 0){
+     // Request failed, authentication issue maybe? 
+       notify.innerHTML += '<div class="alert alert-error">Failed to Delete</div>';
+      return false;
+    }
+      credrow.parentNode.removeChild(credrow);
+      notify.innerHTML += '<div class="alert alert-success">Group Deleted</div>';
+    
+     
+      
+      }
+      
+      
+      
+      
+
+    }
+  
+  
+  
+xmlhttp.open("POST","api.php",true);
+xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
+xmlhttp.send('option=delGroup&id='+id);
+ 
+}
+
+
+function delCredType(id){
+
+  var xmlhttp;
+var resp;
+var jsonObj;
+
+
+if (!confirm("Are you sure you want to delete this Credential Type (any associated credentials will be deleted)?")){
+ return false; 
+}
+
+
+var credrow = document.getElementById('CredType'+id);
+
+
+
+var notify = document.getElementById('NotificationArea');
+
+
+  if (window.XMLHttpRequest)
+  {// code for IE7+, Firefox, Chrome, Opera, Safari
+xmlhttp=new XMLHttpRequest();
+  }
+else
+ {// code for IE6, IE5
+  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
+  }
+xmlhttp.onreadystatechange=function()
+  {
+if (xmlhttp.readyState==4 && xmlhttp.status==200)
+    {
+    resp = xmlhttp.responseText.split('|..|');
+    if (resp[0] == 0 || resp[1] == 0){
+     // Request failed, authentication issue maybe? 
+       notify.innerHTML += '<div class="alert alert-error">Failed to Delete</div>';
+      return false;
+    }
+      credrow.parentNode.removeChild(credrow);
+      notify.innerHTML += '<div class="alert alert-success">Credential Type Deleted</div>';
+    
+     
+      
+      }
+      
+      
+      
+      
+
+    }
+  
+  
+  
+xmlhttp.open("POST","api.php",true);
+xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
+xmlhttp.send('option=delCredType&id='+id);
+ 
+}
+
+
+
+
+function DelCred(id){
+
+  var xmlhttp;
+var resp;
+var jsonObj;
+
+
+if (!confirm("Are you sure you want to delete this credential?")){
+ return false; 
+}
+
+
+var credrow = document.getElementById('CredDisp'+id);
+
+
+
+var notify = document.getElementById('NotificationArea');
+
+
+  if (window.XMLHttpRequest)
+  {// code for IE7+, Firefox, Chrome, Opera, Safari
+xmlhttp=new XMLHttpRequest();
+  }
+else
+ {// code for IE6, IE5
+  xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");
+  }
+xmlhttp.onreadystatechange=function()
+  {
+if (xmlhttp.readyState==4 && xmlhttp.status==200)
+    {
+    resp = xmlhttp.responseText.split('|..|');
+    if (resp[0] == 0 || resp[1] == 0){
+     // Request failed, authentication issue maybe? 
+       notify.innerHTML += '<div class="alert alert-error">Failed to Delete</div>';
+      return false;
+    }
+      credrow.parentNode.removeChild(credrow);
+      notify.innerHTML += '<div class="alert alert-success">Customer and all associated credentials Deleted</div>';
+    
+     
+      
+      }
+      
+      
+      
+      
+
+    }
+  
+  
+  
+xmlhttp.open("POST","api.php",true);
+xmlhttp.setRequestHeader("Content-type","application/x-www-form-urlencoded");
+xmlhttp.send('option=delCred&id='+id);
+ 
+}
+
+
+
+
+
+function Credtimer(id)
+{
+  count=count-1;
+  
+  var field = document.getElementById('retrievePassword'+id);
+  
+  
+  
+  if (count <= 0)
+  {
+     clearInterval(counter);
+     field.innerHTML = 'Display Password';
+     document.getElementById('Address'+id).innerHTML = '';
+     document.getElementById('UserName'+id).innerHTML = '';
+     document.getElementById('Password'+id).innerHTML = '';
+     return;
+  }
+
+  field.innerHTML = 'Displaying Password for ' +count+ ' seconds';
+}
+
+
+function checkNewCred(){
+
+  
+  var cred = document.getElementById('frmCredential');
+  var user = document.getElementById('frmUser');
+  var addr = document.getElementById('frmAddress');
+  
+if (cred.value.indexOf("http") !== -1){
+
+
+if (confirm("Click OK to make this credential a hyperlink in the database, click cancel to set not clicky")){
+
+document.getElementById('frmClicky').value = 1;
+}
+
+
+
+
+
+
+
+}
+}
+
+
+function checkEditCred(){
+
+  
+  var cred = document.getElementById('frmCredential');
+  var user = document.getElementById('frmUser');
+  var addr = document.getElementById('frmAddress');
+  
+if (cred.value.indexOf("http") !== -1){
+
+
+if (confirm("Click OK to make this credential a hyperlink in the database, click cancel to set not clicky")){
+
+document.getElementById('frmClicky').value = 1;
+}
+
+
+
+
+
+
+
+}
+
+
+// See if any have been blanked
+
+if (cred.value == null || cred.value == ''){
+ cred.value = ' '; 
+}
+
+if (user.value == null || user.value == ''){
+ user.value = ' '; 
+}
+
+if (addr.value == null || addr.value == ''){
+ cred.value = ' '; 
+}
+
+
+return true;
+}
+
+
+function noCredTypes(){
+  
+  $(document).ready(function(){
+    if (document.getElementById('AddCredBtnTop')){
+     var btntop =  document.getElementById('AddCredBtnTop');
+     btntop.parentNode.removeChild(btntop);
+    }
+
+    if (document.getElementById('AddCredBtnBottom')){
+     var btntop =  document.getElementById('AddCredBtnBottom');
+     btntop.parentNode.removeChild(btntop);
+    }
+  });
+  
+  
+  
+  
+  
+}

--- a/VirCreds.sql
+++ b/VirCreds.sql
@@ -1,8 +1,8 @@
--- MySQL dump 10.13  Distrib 5.1.41, for debian-linux-gnu (i486)
+-- MySQL dump 10.13  Distrib 5.1.37, for debian-linux-gnu (i486)
 --
 -- Host: localhost    Database: VirCreds
 -- ------------------------------------------------------
--- Server version	5.1.41-3ubuntu12.10
+-- Server version	5.1.37-1ubuntu5
 
 /*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
 /*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
@@ -188,6 +188,7 @@
   `pass` varchar(150) NOT NULL,
   `Name` varchar(255) NOT NULL,
   `membergroup` longtext,
+  `Usergroup` int(11) DEFAULT NULL,
   PRIMARY KEY (`username`)
 ) ENGINE=MyISAM DEFAULT CHARSET=latin1;
 /*!40101 SET character_set_client = @saved_cs_client */;
@@ -198,7 +199,7 @@
 
 LOCK TABLES `Users` WRITE;
 /*!40000 ALTER TABLE `Users` DISABLE KEYS */;
-INSERT INTO `Users` VALUES ('ben','bafae57c37864b8787f0204e1d8f195c:1234','Ben','-1,');
+INSERT INTO `Users` VALUES ('ben','bafae57c37864b8787f0204e1d8f195c:1234','Ben','-1,',NULL);
 /*!40000 ALTER TABLE `Users` ENABLE KEYS */;
 UNLOCK TABLES;
 
@@ -215,5 +216,5 @@
 /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
 /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
 
--- Dump completed on 2012-11-26 18:58:56
-
+-- Dump completed on 2012-11-28 20:03:21
+

--- a/conf/config.php
+++ b/conf/config.php
@@ -12,10 +12,10 @@
 $conf->ProgName = 'PHPCredLocker';
 
 // Set the DB details
-$conf->dbname = "";
-$conf->dbserver = "";
-$conf->dbuser = "";
-$conf->dbpass = "";
+$conf->dbname = "VirCreds";
+$conf->dbserver = "localhost";
+$conf->dbuser = "root";
+$conf->dbpass = "Password12";
 
 // Session expiry time (minutes)
 $conf->sessionexpiry = 15;

--- a/lib/Framework/main.php
+++ b/lib/Framework/main.php
@@ -92,7 +92,7 @@
 $groups = BTMain::getUser()->groups;
 
 if (!in_array("-1",$groups)){
-return "`Group`=" . implode(" OR `Group`=",$groups) . "''";
+return "`Group`=" . implode(" OR `Group`=",$groups) ;
 }else{
 return "`Group` LIKE \"%\" ";
 }

--- /dev/null
+++ b/lib/Framework/main.php~
@@ -1,1 +1,352 @@
-
+<?php
+/** BTMain Class
+*
+* System's central class, contains often used resources
+*
+* Copyright (C) 2012 Ben Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/
+
+
+
+
+
+class BTMain{
+
+
+
+
+/** Load in the system config and return as an object
+*
+* @return object
+*
+*/
+function getConf(){
+
+include 'conf/config.php';
+return $conf;
+
+}
+
+
+/** Set the name of the current user
+*
+* @arg user - username
+*
+*/
+function setUser($user){
+$GLOBALS['curruser']->name = $user;
+}
+
+
+/** Get details of current user
+*
+* @return object
+*/
+function getUser(){
+return $GLOBALS['curruser'];
+}
+
+
+/** Set details for the current user
+*
+* @arg detail - the element of the user object to set
+* @arg value - the value to set for that element
+*
+*/
+function setUserDetails($detail,$value){
+$GLOBALS['curruser']->$detail = $value;
+}
+
+
+
+/** Get the IP of the currently connected client
+*
+* @return string
+*/
+function getip(){
+
+return $_SERVER['REMOTE_ADDR'];
+
+}
+
+
+
+/** Create a URI string containing Session ID and Hash
+*
+* @return string
+*/
+function embedSessionURI(){
+
+return "sess=" . BTMain::getVar('sess') . "&hsh=" . BTMain::getVar('hsh');
+
+}
+
+
+/** Take the User's groups and turn into part of a WHERE statement
+*
+*/
+function buildACLQuery(){
+$groups = BTMain::getUser()->groups;
+
+if (!in_array("-1",$groups)){
+return "`Group`=" . implode(" OR `Group`=",$groups) . "' '";
+}else{
+return "`Group` LIKE \"%\" ";
+}
+
+
+
+
+
+}
+
+
+
+function FixPostVars(){
+$postdata = file_get_contents("php://input");
+
+
+if (strpos($postdata,"%80") !== false){
+
+ $pairs = explode("&", file_get_contents("php://input"));
+    $vars = array();   
+    foreach ($pairs as $pair) {
+        $nv = explode("=", $pair);
+        $name = urldecode($nv[0]);
+        //$value = urldecode(str_replace("%0D","",$nv[1]));
+
+if (strpos($nv[1],"%80") !== false){
+$field = explode("[",$name);
+$field = str_replace("]","",$field[1]);
+
+$GLOBALS['_POST']['fields'][$field] = urldecode(str_replace("%80","&euro;",$nv[1]));
+}
+
+
+
+
+
+    }
+$GLOBALS['POSTDATAFIXED'] = 1;
+}
+
+
+
+
+
+
+}
+
+
+
+
+/** Retrieve a variable from the request
+*
+* May return an array if one was submitted by a form, usually a string though
+*
+* @return string/array
+*/
+function getVar($req){
+
+if (!$GLOBALS['POSTDATAFIXED']){
+BTMain::FixPostVars();
+}
+
+
+if (isset($_POST[$req])){
+
+return $_POST[$req];
+}
+
+return $_GET[$req];
+
+
+}
+
+/** Push a value to a global used by getVar
+*
+*/
+function setVar($name,$value){
+$GLOBALS['_POST'][$name] = $value;
+
+
+
+}
+
+
+/** Retrieve a variable from the session
+*
+* May return an array if one was submitted by a form, usually a string though
+*
+* @return string/array
+*/
+function getSessVar($req){
+
+if (isset($_SESSION[$req])){
+
+return $_SESSION[$req];
+}
+
+return false;
+
+
+}
+
+
+/** Push a variable from the session
+*
+*/
+function setSessVar($req,$val){
+
+
+
+$_SESSION[$req] = $val;
+
+
+
+}
+
+
+/** Unset a session variable
+*
+*/
+function unsetSessVar($req){
+
+
+
+unset($_SESSION[$req]);
+
+
+
+}
+
+
+
+/** Check the user is an Admin
+* If not, output an error and stop output
+*
+*/
+function checkAdmin(){
+$user = BTMain::getUser()->Role;
+
+if (substr($user,0,1) != "A"){
+
+echo "Access Denied";
+die;
+
+}
+
+
+
+
+}
+
+
+
+
+
+/** Check the user is an Admin
+* If not, output an error and stop output
+*
+* @return boolean
+*
+*/
+function checkisAdmin(){
+$user = BTMain::getUser()->Role;
+
+if (substr($user,0,1) == "A"){
+
+return true;
+
+}
+
+return false;
+
+
+
+
+}
+
+
+/** Check the user is an Admin
+* If not, output an error and stop output
+*
+* @return boolean
+*
+*/
+function checkSuperAdmin(){
+$groups = BTMain::getUser()->groups;
+
+if (!in_array("-1",$groups)){
+
+echo 'Access Denied';
+die;
+
+}
+
+
+
+
+
+
+}
+
+
+/** Check the user is an Admin
+* If not, output an error and stop output
+*
+* @return boolean
+*
+*/
+function checkisSuperAdmin(){
+$groups = BTMain::getUser()->groups;
+
+if (in_array("-1",$groups)){
+return true;
+
+}
+
+return false;
+
+
+
+
+}
+
+
+
+
+/** Remove characters that may cause issues in URLs
+*
+* @arg str - String to be processed
+*
+* @return string
+*/
+function stripDodgyChars($str){
+
+return str_replace(" ","",str_replace("&","",str_replace("?","",$str)));
+
+
+
+}
+
+
+
+
+
+
+
+
+
+
+}
+
+
+
+
+
+
+?>

--- a/lib/Handler.php
+++ b/lib/Handler.php
@@ -125,9 +125,12 @@
 
 
 case 'addUser':
-
+$html->content = $html->loadView('user.add');
 break;
 
+case 'viewUsers':
+$html->content = $html->loadView('user.list');
+break;
 
 default:
 $html->content = $html->genDefaultPage();

file:b/lib/Handler.php~ (new)
--- /dev/null
+++ b/lib/Handler.php~
@@ -1,1 +1,149 @@
+<?php
+/** Main Handler
+*
+* Copyright (C) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/
+defined('_CREDLOCK') or die;
+require_once 'lib/output.php';
+require_once 'lib/db/db_common.php';
+require_once 'lib/auth.class.php';
+require_once 'lib/plugins.php';
+require_once 'lib/db/loggingdb.class.php';
 
+
+$html = new genOutput;
+
+    // See if the user has an active session
+    if (BTMain::getsessVar('Session')){
+    $auth = new ProgAuth;
+    $auth->SetUserDets(BTMain::getsessVar('Session'));
+    }
+
+
+   if (empty(BTMain::getUser()->name)){
+   $html->content = $html->genDefaultPage();
+   $html->callTemplate();
+   ob_end_flush();
+   die;
+   }
+
+
+// Load some extra libraries
+require_once 'lib/db/Customer.php';
+require_once 'lib/crypto.php';
+require_once 'lib/db/Credentials.php';
+
+$cred = new CredDB;
+if(!$cred->checkCredTypesDefined()){
+$notifications->setNotification("NoCredTypes");
+}
+unset($cred);
+
+
+$option = BTMain::getVar('option');
+
+
+
+switch ($option){
+
+// Log the current user out
+case 'logout':
+$auth->killSession();
+break;
+
+
+case 'addCustomer':
+$html->content = $html->loadView('Customer.add');
+break;
+
+case 'viewCust':
+$html->content = $html->loadView('Customer.view');
+break;
+
+case 'EditCustomer':
+$html->content = $html->loadView('Customer.edit');
+break;
+
+case 'viewCustomers':
+$html->content = $html->loadView('Customer.list');
+break;
+
+
+
+
+case 'addCred':
+$html->content = $html->loadView('Creds.add');
+break;
+
+case 'editCred':
+$html->content = $html->loadView('Creds.edit');
+break;
+
+case 'addCredType':
+$html->content = $html->loadView('Creds.addtype');
+break;
+
+case 'listCredTypes':
+$html->content = $html->loadView('Creds.listtypes');
+break;
+
+case 'editCredType':
+$html->content = $html->loadView('Creds.edittype');
+break;
+
+
+
+case 'addGrp':
+$html->content = $html->loadView('Group.add');
+break;
+
+case 'editGrp':
+$html->content = $html->loadView('Group.edit');
+break;
+
+
+case 'viewGrps':
+$html->content = $html->loadView('Group.list');
+break;
+
+
+
+
+
+
+case 'pluginInfo':
+$html->content = $html->loadView('plugins.loaded');
+break;
+
+
+case 'plgInfo':
+$html->content = $html->loadView('plugins.readme');
+break;
+
+
+case 'addUser':
+$html->content = $html->loadView('user.add');
+break;
+
+case 'viewUsers':
+$html->content = $html->loadView('user.list');
+break;
+
+default:
+$html->content = $html->genDefaultPage();
+
+
+}
+
+
+$html->callTemplate();
+
+ob_end_flush();
+
+
+
+
+?>

--- /dev/null
+++ b/lib/db/Customer.php~
@@ -1,1 +1,202 @@
-
+<?php
+/** Customer related Database functions
+*
+* Copyright (C) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/ 
+defined('_CREDLOCK') or die;
+
+
+class CustDB extends BTDB{
+
+/** Add a customer to the database
+*
+* @arg name string
+* @arg group INT
+* @arg firstname string
+* @arg lastname string
+* @arg email string
+*
+* @return boolean
+*/
+function addCustomer($name,$group,$firstname,$lastname,$email){
+
+
+$crypt = new Crypto;
+$name = $crypt->encrypt($name,'Customer');
+$firstname = $crypt->encrypt($firstname,'Customer');
+$lastname = $crypt->encrypt($lastname,'Customer');
+$email = $crypt->encrypt($email,'Customer');
+
+$firstname = $this->StringEscape($firstname);
+$lastname = $this->StringEscape($lastname);
+$email = $this->StringEscape($email);
+$group = $this->StringEscape($group);
+$name = $this->StringEscape($name);
+$sql = "INSERT INTO Cust (`name`,`Group`,`ContactName`,`ContactSurname`,`Email`) VALUES ('$name','$group','$firstname','$lastname','$email')";
+$this->setQuery($sql);
+
+$newcust = $this->insertID();
+
+  if (!$newcust){
+  return false;
+  }
+
+
+$log = new Logging;
+$log->logEntry($newcust,3);
+
+return true;
+
+
+
+}
+
+
+
+
+/** Edit specified customer record
+*
+* @arg id INT
+* @arg name string
+* @arg group INT
+* @arg firstname string
+* @arg lastname string
+* @arg email string
+*
+* @return boolean
+*/
+function editCustomer($id,$name,$group,$firstname,$lastname,$email){
+
+$ACL = BTMain::buildACLQuery();
+$crypt = new Crypto;
+$name = $crypt->encrypt($name,'Customer');
+$firstname = $crypt->encrypt($firstname,'Customer');
+$lastname = $crypt->encrypt($lastname,'Customer');
+$email = $crypt->encrypt($email,'Customer');
+
+$id = $this->StringEscape($id);
+$firstname = $this->StringEscape($firstname);
+$lastname = $this->StringEscape($lastname);
+$email = $this->StringEscape($email);
+$group = $this->StringEscape($group);
+$name = $this->StringEscape($name);
+
+$sql = "UPDATE Cust SET `name`='$name',`Group`='$group',`ContactName`='$firstname',".
+"`ContactSurname`='$lastname',`Email`='$email' WHERE `id`='$id' AND ($ACL);";
+$this->setQuery($sql);
+
+
+
+  if (!$this->runQuery()){
+  return false;
+  }
+
+
+$log = new Logging;
+$log->logEntry($id,4);
+
+return true;
+
+
+
+}
+
+
+
+/** Delete specified customer and all associated credentials
+*
+* @arg id - INT 
+*
+* @return boolean
+*/
+function DelCust($id){
+$id = $this->StringEscape($id);
+$ACL = BTMain::buildACLQuery();
+
+
+$sql = "DELETE FROM Cust WHERE id='$id' AND ($ACL)";
+$this->setQuery($sql);
+
+if (!$this->runQuery()){
+return false;
+}
+
+// Log the deletion then clear the creds
+$log = new Logging;
+$log->logEntry($id,6);
+
+// Remove associated creds
+$sql = "DELETE FROM Cred WHERE cust='$id' AND ($ACL)";
+$this->setQuery($sql);
+return $this->runQuery();
+
+
+
+}
+
+
+
+/** Retrieve all customers (Will need decrypting by the calling function)
+*
+* @return object
+*/
+function getAllCustomers(){
+
+$ACL = BTMain::buildACLQuery();
+
+$sql = "SELECT * FROM Cust WHERE $ACL";
+echo $sql;
+$this->setQuery($sql);
+return $this->loadResults();
+}
+
+
+
+/** Get Details of all creds for a customer (The creds themselves won't be retrieved yet)
+*
+* @arg id - INT
+*
+* @return object
+*/
+function getCustomerViewData($id){
+$id = $this->StringEscape($id);
+
+
+
+// Log the request
+$log = new Logging;
+$log->logEntry($id,5);
+
+$ACL = BTMain::buildACLQuery();
+
+$sql = "SELECT a.CredType, a.id, b.Name as CredName, c.Name FROM Cred as a LEFT JOIN CredTypes as b on a.CredType = b.id LEFT JOIN Cust as c ON a.cust = c.id ".
+"WHERE a.cust='$id' AND (" . str_replace("`Group`","a.`Group`",$ACL) . ") AND (" . str_replace("`Group`","c.`Group`",$ACL) . ")";
+$this->setQuery($sql);
+return $this->loadResults();
+}
+
+
+
+/** Get Customer Details
+*
+* @arg id - INT
+*
+* @return object
+*/
+function getCustomerDetail($id){
+$id = $this->StringEscape($id);
+$ACL = BTMain::buildACLQuery();
+
+$sql = "SELECT * FROM Cust WHERE id='$id' AND ($ACL)";
+$this->setQuery($sql);
+return $this->loadResult();
+}
+
+
+
+
+
+}

--- a/lib/db/authdb.class.php
+++ b/lib/db/authdb.class.php
@@ -265,6 +265,27 @@
 }
 
 
+
+
+/** Retrieve a User list
+*
+* @return object
+*/
+function listUsers(){
+
+$sql = "SELECT username, Name FROM Users ORDER BY username ASC";
+$this->setQuery($sql);
+
+return $this->loadResults();
+
+
+
+}
+
+
+
+
+
 }
 
 

--- /dev/null
+++ b/lib/db/authdb.class.php~
@@ -1,1 +1,300 @@
-
+<?php
+/** Authentication related DB functions
+*
+* Copyright (C) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/
+defined('_CREDLOCK') or die;
+
+class AuthDB extends BTDB{
+
+
+/** Create a new user in the database
+*
+* @arg user - Object containing all User details to be inserted
+* 
+* @return boolean
+*/
+function addUser($user){
+
+
+
+$user->username = $this->StringEscape($user->username);
+$user->groups = $this->StringEscape(implode(",",$user->groups));
+$user->pass = $this->StringEscape($user->pass);
+$user->RealName = $this->StringEscape($user->RealName);
+
+$sql = "INSERT INTO Users (`username`,`Name`,`pass`,`membergroup`) ".
+"VALUES('{$user->username}','{$user->RealName}','{$user->pass}:{$user->salt}','{$user->groups}')";
+
+$this->setQuery($sql);
+
+$result = $this->runQuery();
+
+    
+    if ($result){
+    // Insert was successful, we need to add to the audit log
+    $log = new Logging;
+    $log->logEntry($user->username,0);
+    return true;
+
+    }else{
+    // Insert failed, return false.
+
+    return false;
+
+    }
+
+}
+
+
+
+/** Called when a user attempts to log in
+* Retrieves everything needed to verify authentication and create the session
+*
+* @arg username - string
+*
+* @return object or boolean
+*/
+function retrieveUserCreds($username){
+
+
+$username = $this->StringEscape($username);
+
+$sql = "SELECT pass,membergroup,Name FROM Users WHERE username='$username'";
+$this->setQuery($sql);
+
+if ($res = $this->runQuery()){
+
+return mysql_fetch_object($res);
+}
+
+return false;
+
+
+}
+
+
+/** Add a User Group
+*
+* @arg group string
+*
+*/
+function addGroup($name){
+
+$crypt = new Crypto;
+$name = $crypt->encrypt($name,'Groups');
+
+$name = $this->StringEscape($name);
+$sql = "INSERT INTO Groups (`Name`) VALUES('$name')";
+$this->setQuery($sql);
+
+$id = $this->insertID();
+
+if ($id){
+ $log = new Logging;
+    $log->logEntry($id,13);
+return true;
+}else{
+return false;
+}
+}
+
+
+/** Edit a User Group
+*
+* @arg id - INT 
+* @arg group string
+*
+*/
+function editGroup($id,$name){
+
+$crypt = new Crypto;
+$name = $crypt->encrypt($name,'Groups');
+$id = $this->StringEscape($id);
+$name = $this->StringEscape($name);
+$sql = "UPDATE Groups SET `Name`='$name' WHERE `id`='$id'";
+$this->setQuery($sql);
+
+
+
+  if ($this->runQuery()){
+    $log = new Logging;
+    $log->logEntry($id,18);
+    return true;
+    }else{
+    return false;
+    }
+
+}
+
+
+/** Establish a database session for the current user
+*
+* @arg SessionID - string
+*
+* @return boolean
+*/
+function EstablishSession($sessionID){
+$sessionID = $this->StringEscape($sessionID);
+
+$user = BTMain::getUser()->name;
+$created = date('Y-m-d H:i:s');
+$expires = date('Y-m-d H:i:s',strtotime('+15 Minutes'));
+
+// IP is provided by the client, so we're not going to just trust it!
+$ip = $this->StringEscape(BTMain::getip());
+
+$sql = "INSERT INTO Sessions (`SessionID`,`Created`,`User`,`Expires`,`ClientIP`) ".
+"VALUES ('$sessionID','$created','$user','$expires','$ip')";
+
+$this->setQuery($sql);
+return $this->runQuery();
+
+
+
+}
+
+
+/** Grab user details based on the provided sessionID
+*
+* @arg sess - String 
+*
+* @return object
+*/
+function getUserSession($sess){
+
+$sess = $this->StringEscape($sess);
+$date = date('Y-m-d H:i:s');
+$ip = BTMain::getip();
+
+$sql = "SELECT a.ClientIP, b.* FROM Sessions as a LEFT JOIN Users as b ON a.User = b.username WHERE a.SessionID = '$sess' AND a.Expires > '$date' AND a.`ClientIP` = '$ip'";
+$this->setQuery($sql);
+
+return $this->loadResult();
+
+
+}
+
+
+
+/** Remove a session from the database
+*
+* @arg SessionID - string
+*
+* @return boolean
+*/
+function KillSession($sessID){
+
+$sessID = $this->StringEscape($sessID);
+
+$sql = "DELETE FROM Sessions WHERE `SessionID`='$sessID'";
+$this->setQuery($sql);
+$res = $this->runQuery();
+
+// Log the event
+$log = new Logging;
+$log->logEntry('',12);
+
+return $res;
+}
+
+
+/** Retrieve group data (Names will need decrypting)
+*
+*/
+function retrieveGroupNames(){
+
+
+$sql = "SELECT * FROM Groups";
+$this->setQuery($sql);
+return $this->loadResults();
+
+}
+
+
+
+/** Retrieve the name of a Group based on ID
+*
+* @arg id INT
+*
+* @return object
+*/
+function retrieveGrpById($id){
+
+$id = $this->StringEscape($id);
+$sql = "SELECT Name FROM Groups WHERE id='$id'";
+$this->setQuery($sql);
+return $this->loadResult();
+
+}
+
+
+
+
+/** Delete the specified group
+*
+* Any credentials still recorded against the group will be set to SuperAdmin only
+*
+* @arg id -INT
+*
+* @return boolean
+*/
+function delGroup($id){
+
+$id = $this->StringEscape($id);
+$sql = "DELETE FROM Cred WHERE `Group`='$id'";
+$this->setQuery($sql);
+$this->runQuery();
+
+$sql = "DELETE FROM Groups WHERE `id`='$id'";
+$this->setQuery($sql);
+
+if($this->runQuery()){
+
+
+$log = new Logging;
+$log->logEntry($id,14);
+return true;
+}else{
+return false;
+}
+
+}
+
+
+
+
+/** Retrieve a User list
+*
+* @return object
+*/
+function listUsers(){
+
+$sql = "SELECT username, name FROM Users ORDER BY username ASC";
+$this->setQuery($sql);
+
+return $this->loadResults();
+
+
+
+}
+
+
+
+
+
+}
+
+
+
+
+
+
+
+
+
+
+?>

--- a/lib/includes/groupSelection.php
+++ b/lib/includes/groupSelection.php
@@ -55,7 +55,8 @@
 </select>
 
 <?php else:?>
-<fieldset class='groupsMultiSelect'><legend>Select Groups</legend>
+
+<fieldset class='groupsMultiSelect' id='groupsMultiSelect'><legend>Select Groups</legend>
 <?php
 foreach ($groups as $group){
 

--- /dev/null
+++ b/lib/includes/groupSelection.php~
@@ -1,1 +1,73 @@
+<?php
+/** Single Group Selection Select Menu
+*
+* Copyright (C) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*
+* Set the variable multiselect to 1 before calling this file to display checkboxes
+*/
 
+defined('_CREDLOCK') or die;
+
+
+
+
+if (!isset($auth)){
+$auth = new AuthDB;
+}
+
+if (!isset($crypt)){
+$crypt = new Crypto;
+}
+
+
+
+$groups = $auth->retrieveGroupNames();
+
+if ($multiselect != 1):
+?> 
+<label for="frmGroup">Group</label><select name="frmGroup" id="frmGroup">
+<option value="0">All users</option>
+<?php
+
+foreach ($groups as $group){
+
+$plaintext = $crypt->decrypt($group->Name,'Groups');
+
+$str = "<option value='{$group->id}' ";
+
+if ($group->id == $preselect){
+$str .= "selected";
+}
+
+$str .= ">$plaintext</option>";
+
+$grps[$plaintext] = $str;
+
+}
+unset($crypt->keys);
+ksort($grps);
+echo implode("\n",$grps);
+unset($grps);
+?>
+</select>
+
+<?php else:?>
+<fieldset class='groupsMultiSelect'><legend>Select Groups</legend>
+<?php
+foreach ($groups as $group){
+
+$plaintext = $crypt->decrypt($group->Name,'Groups');
+
+$grps[$plaintext] = "<span class='checkbox'><input type='checkbox' name='frmGroup[]' value='{$group->id}'>$plaintext</span>";
+
+}
+unset($crypt->keys);
+ksort($grps);
+echo implode("\n",$grps);
+unset($grps);
+?>
+</fieldset>
+<?php endif;?>

--- a/lib/output.php
+++ b/lib/output.php
@@ -174,6 +174,16 @@
 $str[] = "<div class='alert alert-info' id='CredTypeNeedsAdding'>You need to specify some Credential Types in System Settings before you can add Credentials</div><script type='text/javascript'>noCredTypes();</script>";
 }
 
+if ($GLOBALS['Notifications']['UserStoreSuccess']){
+$str[] = "<div class='alert alert-success'>User Stored Successfully</div>";
+}
+
+if ($GLOBALS['Notifications']['UserStoreFail']){
+$str[] = "<div class='alert alert-error'>User Failed to Store</div>";
+}
+
+
+
 return implode("\n",$str);
 
 }

file:b/lib/output.php~ (new)
--- /dev/null
+++ b/lib/output.php~
@@ -1,1 +1,258 @@
-
+<?php
+/** Main HTML Output generation
+*
+* Copyright (C) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/
+
+defined('_CREDLOCK') or die;
+
+
+
+class genOutput{
+
+
+function genDefaultPage(){
+
+$str = "<span class='basic-content default-page'>";
+if (BTMain::getUser()->name){
+
+$str .= 'Welcome to the cred handling system. Please use the menu&apos;s to proceed';
+
+}else{
+
+$str .= 'Please log-in to continue';
+
+
+}
+
+return $str . "</span>\n";
+
+}
+
+
+
+
+
+/** Call the relevant template
+*
+*/
+function callTemplate(){
+
+
+// Load the config so we know which template to call
+
+$template = BTMain::getConf()->template;
+
+require "templates/$template/index.php";
+
+
+}
+
+
+/** Load a view and return the output
+*
+* @arg view string
+*/
+function loadView($view){
+
+ob_start;
+require "views/" . str_replace(".","/",$view) . ".php";
+return ob_get_clean();
+}
+
+
+
+function BreadCrumbs(){
+$count = count($GLOBALS['BREADCRUMB']);
+?>
+<ul class="breadcrumb">
+ <li>
+    <a href="index.php">Home</a>
+ </li>
+<?php foreach ($GLOBALS['BREADCRUMB'] as $crumb){?>
+ <li>
+  <span class="divider">/</span>
+    <a href="<?php echo $crumb['url']; ?>"><?php echo $crumb['name']; ?></a> 
+</li>
+  
+
+<?php }?>
+ 
+</ul>
+<?php
+
+}
+
+
+/** Generate the HTML for any relevant Notifications
+*
+*/
+function Notifications(){
+
+
+$str[] = '';
+if (BTMain::getVar('LoginSuccess')){
+
+$str[] = "<div class='alert alert-success'>Logged in Successfully</div>";
+
+}
+
+if (BTMain::getVar('LoginFailed')){
+
+$str[] = "<div class='alert alert-error'>Invalid Username or Password</div>";
+
+}
+
+if (BTMain::getVar('InvalidSession')){
+$str[] = "<div class='alert alert-error'>Your session is invalid (it may have expired) please log-in to continue</div>";
+}
+
+
+if (BTMain::getVar('LoggedOut')){
+
+$str[] = "<div class='alert alert-info'>You have been logged out</div>";
+}
+
+if ($GLOBALS['Notifications']['addCustSuccess']){
+$str[] = "<div class='alert alert-success'>Customer added successfully</div>";
+}
+
+
+if ($GLOBALS['Notifications']['addCustFail']){
+$str[] = "<div class='alert alert-error'>Customer not added</div>";
+}
+
+
+if ($GLOBALS['Notifications']['EditCustSuccess']){
+$str[] = "<div class='alert alert-success'>Customer edited successfully</div>";
+}
+
+if ($GLOBALS['Notifications']['NoSuchCustomer']){
+$str[] = "<div class='alert alert-error'>The Specified Record doesn't exist (or you don't have access to it)</div>";
+}
+
+
+if ($GLOBALS['Notifications']['EditCustFail']){
+$str[] = "<div class='alert alert-error'>Customer not edited</div>";
+}
+
+
+if ($GLOBALS['Notifications']['addCredSuccess']){
+$str[] = "<div class='alert alert-success'>Credential Stored successfully</div>";
+}
+
+
+if ($GLOBALS['Notifications']['addCredFail']){
+$str[] = "<div class='alert alert-error'>Credential Failed to Store</div>";
+}
+
+
+
+
+
+if ($GLOBALS['Notifications']['addGroupSuccess']){
+$str[] = "<div class='alert alert-success'>Group Successfully Stored</div>";
+}
+
+if ($GLOBALS['Notifications']['addGroupFail']){
+$str[] = "<div class='alert alert-error'>Group not Stored</div>";
+}
+
+if ($GLOBALS['Notifications']['addCredTypeSuccess']){
+$str[] = "<div class='alert alert-success'>Credential Type Stored</div>";
+}
+
+
+if ($GLOBALS['Notifications']['addCredTypeFail']){
+$str[] = "<div class='alert alert-error'>Credential Type Not Stored</div>";
+}
+
+if ($GLOBALS['Notifications']['NoCredTypes']){
+$str[] = "<div class='alert alert-info' id='CredTypeNeedsAdding'>You need to specify some Credential Types in System Settings before you can add Credentials</div><script type='text/javascript'>noCredTypes();</script>";
+}
+
+if ($GLOBALS['Notifications']['UserStoreSuccess']){
+$str[] = "<div class='alert alert-success'>User Stored Successfully</div>";
+}
+
+if ($GLOBALS['Notifications']['UserStoreFail']){
+$str[] = "<div class='alert alert-success'>User Failed to Store</div>";
+}
+
+
+
+return implode("\n",$str);
+
+}
+
+
+
+/** Push the required headers
+*
+*/
+function headContents(){
+?>
+<title><?php echo BTMain::getConf()->ProgName;?> - Work in Progress</title>
+<script src="Resources/main.js" type="text/javascript"></script>
+<?php
+
+}
+
+
+
+
+/** Load a module by name
+*
+* @arg module - string
+*
+*/
+function loadModule($module){
+
+require "modules/$module/$module.php";
+
+
+
+
+}
+
+
+
+
+}
+
+
+
+
+
+
+
+class notifications{
+
+
+function setNotification($notification){
+
+$GLOBALS['Notifications'][$notification] = 1;
+
+
+}
+
+
+
+function setBreadcrumb($path){
+
+$GLOBALS['BREADCRUMB'] = $path;
+
+}
+
+
+
+}
+
+$notifications = new notifications;
+
+
+
+?>

--- a/modules/menu/menu.php
+++ b/modules/menu/menu.php
@@ -61,9 +61,10 @@
  <li class="nav dropdown">
 <a class="dropdown-toggle" data-toggle="dropdown" href="#"><i class='icon-white icon-cog'></i></a>
       <ul class="dropdown-menu" role="menu" aria-Labelled-by='dLabel'>
+      <li><a href="index.php?option=viewUsers">Users</a></li>
       <li><a href="index.php?option=viewGrps">User Groups</a></li>
       <li><a href="index.php?option=listCredTypes">Credential Types</a></li>
-      <li><a href="index.php?option=pluginInfo">Plugins</a></li>
+      <li><a href="index.php?option=pluginInfo">Plugins</a></li>  
       </ul>
 
 </ul>

--- /dev/null
+++ b/modules/menu/menu.php~
@@ -1,1 +1,76 @@
+<?php 
+/** Menu module
+*
+* Copyright (C) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/ 
+defined('_CREDLOCK') or die;
+?>
+<a class="brand" href="index.php"><?php echo BTMain::getConf()->ProgName;?></a>
+<ul class="nav">
+<li class="divider-vertical"></li>
 
+  <li class="nav dropdown">
+<a class="dropdown-toggle" data-toggle="dropdown" href="#">Customers</a>
+      <ul class="dropdown-menu" role="menu" aria-Labelled-by='dLabel'>
+      <li><a href="index.php?option=addCustomer">Add Customer</a></li>
+      <li class="divider"></li>
+	  <?php if (BTMain::getUser()->name):
+
+
+	  $itemcount = 0;
+	  $custs = new CustDB;
+	  $customers = $custs->getAllCustomers();
+	  $crypt = new Crypto;
+	  $crypt->safety = 0;
+
+		foreach ($customers as $customer){
+
+		$plaintext = $crypt->decrypt($customer->Name,'Customer');
+		$cust[$plaintext] = "<li id='Custmenu{$customer->id}'><a href='index.php?option=viewCust&id={$customer->id}'>$plaintext</a></li>";
+		$itemcount++;
+
+		    if ($itemcount == 10){
+		    break;
+		    }
+		}
+	  
+	unset($crypt->keys);
+	ksort($cust);
+	echo implode("\n",$cust);
+	echo "<li class='divider'></li>\n<li><a href='index.php?option=viewCustomers'>View All</a></li>";
+
+
+
+endif; ?>
+
+
+    </ul>
+  </li>
+<li class="divider-vertical"></li>
+
+
+
+</ul>
+
+
+<?php if (BTMain::checkisSuperAdmin()):?>
+<ul class="nav settings-menu pull-right">
+ <li class="nav dropdown">
+<a class="dropdown-toggle" data-toggle="dropdown" href="#"><i class='icon-white icon-cog'></i></a>
+      <ul class="dropdown-menu" role="menu" aria-Labelled-by='dLabel'>
+      <li><a href="index.php?option=viewUsers">Users</a></li>
+      <li><a href="index.php?option=viewGrps">User Groups</a></li>
+      <li><a href="index.php?option=listCredTypes">Credential Types</a></li>
+      <li><a href="index.php?option=pluginInfo">Plugins</a></li>
+      
+      </ul>
+
+</ul>
+
+<?php endif;?>
+
+
+

 Binary files /dev/null and b/plugins/plg_AffinityLive_logging_v1.1.zip differ
--- a/templates/EstDeus/css/EstDeus.css
+++ b/templates/EstDeus/css/EstDeus.css
@@ -2,7 +2,7 @@
 .settings-menu {float: right;}
 .pluginDetails {font-size: smaller;}
 #FFContainer {height: 100%;}
-#contentArea {min-height: 100%; position: relative; background-color: #0FF; padding: 0px; padding-bottom: 50px;}
+#contentArea {min-height: 100%; position: relative; background-color: #333399; padding: 0px; padding-bottom: 50px;}
 #ContentWrap {width: 50%; margin: auto; background-color: white; border-radius: 5px; padding: 20px; box-shadow: 3px 3px #ccc; min-height: 70%; }
 .navbar {margin-bottom: 0px !important;}
 .BreadCrumbs {width: 50%; margin: auto;}
@@ -14,3 +14,8 @@
 #PluginReadme {margin-bottom: 20px;}
 td.editicon {width:2%;}
 td.delicon {width:2%;}
+
+#groupsMultiSelect input[type="checkbox"] {float: none; margin-left: 20px;}
+
+
+.frmEntryMissed {border: 1px red solid !important;}

--- /dev/null
+++ b/templates/EstDeus/css/EstDeus.css~
@@ -1,1 +1,21 @@
+#Sidebar {float: right; padding-right: 80px;} 
+.settings-menu {float: right;}
+.pluginDetails {font-size: smaller;}
+#FFContainer {height: 100%;}
+#contentArea {min-height: 100%; position: relative; background-color: #0FF; padding: 0px; padding-bottom: 50px;}
+#ContentWrap {width: 50%; margin: auto; background-color: white; border-radius: 5px; padding: 20px; box-shadow: 3px 3px #ccc; min-height: 70%; }
+.navbar {margin-bottom: 0px !important;}
+.BreadCrumbs {width: 50%; margin: auto;}
+.NotificationArea {width: 50%; margin: auto;}
+.login-module {background-color: white; border-radius: 5px; padding: 20px; box-shadow: 3px 3px #ccc; margin-left: 20px; width: 70%;}
+#mod_login input[type="text"], input[type="password"] {width: 100px;}
+#Sidebar {width: 18%;}
+#PluginReadme h3 {margin-top: 50px;}
+#PluginReadme {margin-bottom: 20px;}
+td.editicon {width:2%;}
+td.delicon {width:2%;}
 
+#groupsMultiSelect input[type="checkbox"] {float: none; margin-left: 20px;}
+
+
+.frmEntryMissed {border: 1px red solid !important;}

--- /dev/null
+++ b/views/user/add.php
@@ -1,1 +1,74 @@
+<?php
+/** Authentication: Add User
+*
+* Copyright (c) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/ 
 
+
+defined('_CREDLOCK') or die;
+BTMain::checkSuperAdmin();
+global $notifications;
+
+
+if (BTMain::getVar('addUserSubmitted')){
+
+$username = BTMain::getVar('frmUsername');
+$pass = BTMain::getVar('frmPass');
+$RName = BTMain::getVar('frmRName');
+
+$groups = BTMain::getVar('frmGroup');
+
+if (BTMain::getVar('frmSuperAdmin')){
+$groups[] = "-1";
+}
+
+
+
+$authname = new ProgAuth;
+
+if ($authname->createUser($username,$pass,$RName, $groups)){
+$notifications->setNotification('UserStoreSuccess');
+
+}else{
+$notifications->setNotification('UserStoreFail');
+
+}
+
+}
+
+
+$path = array(array('name'=>'Users','url'=>'index.php?option=viewUsers'),array('name'=>'Add','url'=>'index.php?option=addUser'));
+
+$notifications->setBreadcrumb($path);
+
+?>
+<h1>Add User</h1>
+<form method="POST" onsubmit="return validateUserAdd();">
+<input type="hidden" name="option" value="addUser">
+<input type="hidden" name="addUserSubmitted" value="1">
+
+<label for="frmUsername">Username</label><input type="text" name="frmUsername" id="frmUsername">
+
+
+
+<label for="frmPass">Password</label><input type="password" name="frmPass" id="frmPass"><span id="PassNoMatch" style="display: none;" class="alert alert-error"></span>
+
+<label for="frmPassConf">Password Confirm</label><input type="password" name="frmPassConf" id="frmPassConf">
+
+<label for="frmRName">Real Name</label><input type="text" name="frmRName" id="frmRName">
+
+<label for="frmSuperAdmin">SuperAdmin</label><input type="checkbox" value="1" name="frmSuperAdmin" id="frmSuperAdmin">
+
+<?php 
+
+$multiselect = 1;
+include('lib/includes/groupSelection.php');
+?>
+
+<br />
+<input type="submit" class="btn btn-primary" value="Add User">
+</form>
+

--- /dev/null
+++ b/views/user/add.php~
@@ -1,1 +1,74 @@
+<?php
+/** Authentication: Add User
+*
+* Copyright (c) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/ 
 
+
+defined('_CREDLOCK') or die;
+BTMain::checkSuperAdmin();
+global $notifications;
+
+
+if (BTMain::getVar('addUserSubmitted')){
+
+$username = BTMain::getVar('frmUsername');
+$pass = BTMain::getVar('frmPass');
+$RName = BTMain::getVar('frmRName');
+
+$groups = implode(",",BTMain::getVar('frmGroup'));
+
+if (BTMain::getVar('frmSuperAdmin')){
+$groups = "-1,".$groups;
+}
+
+
+
+$authname = new ProgAuth;
+
+if ($authname->createUser($username,$pass,$RName, $groups)){
+$notifications->setNotification('UserStoreSuccess');
+
+}else{
+$notifications->setNotification('UserStoreFail');
+
+}
+
+}
+
+
+$path = array(array('name'=>'Users','url'=>'index.php?option=viewUsers'),array('name'=>'Add','url'=>'index.php?option=addUser'));
+
+$notifications->setBreadcrumb($path);
+
+?>
+<h1>Add User</h1>
+<form method="POST" onsubmit="return validateUserAdd();">
+<input type="hidden" name="option" value="addUser">
+<input type="hidden" name="addUserSubmitted" value="1">
+
+<label for="frmUsername">Username</label><input type="text" name="frmUsername" id="frmUsername">
+
+
+
+<label for="frmPass">Password</label><input type="password" name="frmPass" id="frmPass"><span id="PassNoMatch" style="display: none;" class="alert alert-error"></span>
+
+<label for="frmPassConf">Password Confirm</label><input type="password" name="frmPassConf" id="frmPassConf">
+
+<label for="frmRName">Real Name</label><input type="text" name="frmRName" id="frmRName">
+
+<label for="frmSuperAdmin">SuperAdmin</label><input type="checkbox" value="1" name="frmSuperAdmin" id="frmSuperAdmin">
+
+<?php 
+
+$multiselect = 1;
+include('lib/includes/groupSelection.php');
+?>
+
+<br />
+<input type="submit" class="btn btn-primary" value="Add User">
+</form>
+

--- /dev/null
+++ b/views/user/index.html
@@ -1,1 +1,8 @@
-
+<html>
+  <head>
+    <title></title>
+    <meta content="">
+    <style></style>
+  </head>
+  <body></body>
+</html>

--- /dev/null
+++ b/views/user/list.php
@@ -1,1 +1,54 @@
+<?php
+/** Authentication: List Users
+*
+* Copyright (c) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/ 
 
+
+defined('_CREDLOCK') or die;
+BTMain::checkSuperAdmin();
+global $notifications;
+
+
+
+
+$auth = new AuthDB;
+
+$users = $auth->listUsers();
+
+$path = array(array('name'=>'Users','url'=>'index.php?option=viewUsers'));
+
+$notifications->setBreadcrumb($path);
+
+?>
+<h1>System Users</h1>
+
+
+<button class="btn btn-primary" onclick="window.location.href= 'index.php?option=addUser';">Add User</button><br /><br />
+
+<table class="table table-hover">
+<tr><th>Username</th><th>Name</th><th></th><th></th></tr>
+
+<?php 
+foreach ($users as $user){
+
+?>
+
+<tr id="User<?php echo $user->username; ?>">
+  <td><?php echo $user->username; ?></td>
+  <td><?php echo $user->Name;?></td>
+  <td class="editicon"><i class='icon-pencil'></i></td>
+  <td class="delicon"><i class='icon-remove'></i></td>
+</tr>
+
+
+<?php
+}
+?>
+
+</table>
+
+<button class="btn btn-primary" onclick="window.location.href= 'index.php?option=addUser';">Add User</button><br /><br />

--- /dev/null
+++ b/views/user/list.php~
@@ -1,1 +1,49 @@
+<?php
+/** Authentication: List Users
+*
+* Copyright (c) 2012 B Tasker
+* Released under GNU GPL V2
+* See LICENSE
+*
+*/ 
 
+
+defined('_CREDLOCK') or die;
+BTMain::checkSuperAdmin();
+global $notifications;
+
+
+
+
+$auth = new AuthDB;
+
+$users = $auth->listUsers();
+
+$path = array(array('name'=>'Users','url'=>'index.php?option=viewUsers'));
+
+$notifications->setBreadcrumb($path);
+
+?>
+<h1>System Users</h1>
+
+<table class="table table-hover">
+<tr><th>Username</th><th>Name</th><th></th><th></th></tr>
+
+<?php 
+foreach ($users as $user){
+
+?>
+
+<tr id="User<?php echo $user->username; ?>">
+  <td><?php echo $user->username; ?></td>
+  <td><?php echo $user->Name;?></td>
+  <td class="editicon"><i class='icon-pencil'></i></td>
+  <td class="delicon"><i class='icon-remove'></i></td>
+</tr>
+
+
+<?php
+}
+?>
+
+</table>