Skip to main content

Overview

The Seguridad system provides comprehensive user management capabilities through the alta_usuarios.php interface. Administrators can create, modify, and manage user accounts with role-based access control.

Adding New Users

1

Access User Management

Navigate to the user management interface at alta_usuarios.php (requires administrative permissions - Category 100)
2

Fill User Information

Complete the following required fields:
id
string
required
Username (lowercase, max 16 characters)
clave
password
required
User password (max 16 characters)
confirma
password
required
Password confirmation (must match)
iniciales
string
User description or full name (max 50 characters)
dependencia
select
required
Circunscripción (department/jurisdiction)
categoria
string
required
Permission category/role code
3

Optional Fields

telefono
string
Contact phone number(s)
email
string
Email address
fecha_fuera_periodo
date
Authorized loading date (format: dd-mm-yyyy)Users cannot load data before this date
4

Save User

Click Guardar (Save) to create the user accountThe system validates:
  • Username uniqueness
  • Password matching
  • Required field completion
The system checks for duplicate usernames in the hs_pswod table before creating new accounts.

Database Schema

User information is stored in the hs_pswod table: 
INSERT INTO hs_pswod (
  usuario,      -- Username
  pass,         -- Password (stored as plain text)
  categoria,    -- Permission category
  iniciales,    -- Description
  grupo,        -- Group
  dependencia,  -- Department
  autorizado,   -- Authorization flag
  telefono,     -- Phone
  email,        -- Email
  sistema       -- System identifier (default: 'horas_laborales')
) VALUES (...);
Security Notice: The current implementation stores passwords in plain text. This is a security vulnerability that should be addressed by implementing password hashing (bcrypt, Argon2, etc.).

Modifying Users

1

Select User

From the user list, click Modificar next to the username
2

Update Information

Modify any of the user fields as needed
The username (id) cannot be changed once created
3

Save Changes

Click Modificar button to update the user record

Modification Query

UPDATE hs_pswod 
SET  
  pass = '$clave', 
  categoria = $categoria, 
  iniciales = '$iniciales', 
  grupo = '$grupo', 
  dependencia = '$dependencia', 
  autorizado = $autorizado, 
  telefono = '$telefono', 
  email = '$email'
WHERE usuario = '$id'

Bulk Operations

Disable Loading for All Users

Administrators can prevent all non-admin users from loading data before a specified date:
1

Set Date

Enter date in format dd-mm-yyyy (e.g., 01-01-2026)
2

Apply Restriction

Click Inhabilitar CFP a TODOS (Disable CFP for All)This updates all users with permisos <> 0 (non-system users)
UPDATE usuario
SET autorizado = '$fecha_fuera_periodo_todos'
WHERE permisos <> 0

User List View

The system displays all users with the following information: 
Usuario > Permisos > Circunscripcion > Nota > Fecha de Carga Autorizada

Sorting

Users are sorted by:
  1. autorizado_carga_fuera_periodo (authorized loading date)
  2. usd (username) in ascending order

Access Control

User management requires administrative access: 
if ($_SESSION["_categoria"] == 0 ||  
    $_SESSION["_categoria"] == 1 || 
    $_SESSION["_categoria"] == 2 || 
    // ... other allowed categories
    $_SESSION["_categoria"] == 100)
{
    // Access granted
} else {
    // Access denied - redirect
}

Client-Side Validation

The form includes JavaScript validation: 
function Valida(formulario) {
  if (formulario.usuario.value == '') {
    alert("campo usuario vacio");
    return false;
  }
  
  if (document.formulario.clave.value != 
      document.formulario.confirma.value) {
    alert("No coincide el Campo Clave con el Campo Confirmar Clave");
    return false;
  }
}

Best Practices

  • Use lowercase characters only
  • Keep usernames concise (max 16 chars)
  • Use meaningful identifiers (e.g., department codes)
The system does not enforce password complexity. Consider implementing:
  • Minimum length requirements
  • Character diversity (uppercase, numbers, symbols)
  • Password hashing before storage
  • Assign the minimum required permission level
  • Document role assignments for audit purposes
  • Review user permissions regularly
  • See Permissions for role codes
  • Verify department assignments match organizational structure
  • Keep contact information up to date
  • Set appropriate authorized loading dates

Permissions

Learn about role codes and access control

Regional Units

Understand departmental structure

Database Setup

Configure PostgreSQL and schema

System Configuration

PHP and web server settings

Troubleshooting

Ya existe un usuario con esa cuenta
Solution: Choose a different username or modify the existing user
No coincide el campo Clave con el campo Confirma
Solution: Ensure both password fields match exactly
Error al insertar el usuario en la base de datos local
Solution: Check:
  • Database connection is active
  • Table hs_pswod exists
  • User has INSERT permissions
  • Required fields are not NULL

Build docs developers (and LLMs) love

Get started for freeTalk to us