Location: PHPKode > projects > ArcaneBase Knowledgebase System > arcanebase/usermod.php
<?php
/*****************************
Arcanebase
http://ab.electronicembassy.com/
(C) 2003 Mike Kober
hide@address.com
released under the GNU Lesser Public License
---------------
usermod.php - Handles the Actual DB Add/Remove/Update of Users
******************************/
	require ("inc/conf.inc");
	require ("checklogin.php");
	require ("inc/DB.php");
	include ('inc/clsCheckEmail.php');

	if ($_REQUEST['action'] == "add") {
		
        if ($username) {
        	$newusername = $_REQUEST["username"];
        }Else{
	     	MissingField("Sorry Username Missing - No user Added.");
        }

        if ($first_name) {
	    	$newfirstname = $_REQUEST["first_name"];
        }Else{
            MissingField("Sorry First Name is Missing - No user Added.");
        }
        
		if ($last_name) {
        	$newlastname = $_REQUEST["last_name"];
		}Else{
            MissingField("Sorry Last Name is Missing - No user Added.");
        }
	
		if ($email_address) {
        	$newemail = $_REQUEST["email_address"];
		}Else{
    		MissingField("Sorry Email Address Missing - No user Added.");
        }

        $CheckEmail = &new CheckEmail;
        $CheckEmail->email = $newemail;
        $valid_email = $CheckEmail->check_email();
          
        if (!$valid_email){
        	MissingField("Sorry Email Address was Invalid - No user added.");
        }
        
		if ($newpassword) {
        	$newpassword = md5($_REQUEST["newpassword"]);        
        }Else{
            MissingField("Sorry Password is Missing - No user Added.");
        }
        
        if ($info) {
            $newinfo = $_REQUEST["info"];
        }
		
		$newsecurity = $_POST["user_level"];
                $newsignupdate = date("Y-m-d H:i:s");

    	  
	 	$sql = "INSERT INTO ab_users VALUES
               (\"\",\"$newfirstname\",\"$newlastname\",
			   \"$newemail\",\"$newusername\",\"$newpassword\",
		   		\"$newinfo\",\"$newsecurity\",\"$newsignupdate\",
		    	\"\")";

		$dbh = DB::connect("$Config_DB_String");
		$sql_result = $dbh->query($sql);

	        if (DB::isError($result)) {
        		die ($result->getMessage());
	        }

		echo "<p style=\"color:red\">User Successsfully Added.</p>";
	    echo "<a href=javascript:history.back()>Back</a>";
	}
	elseif ($_REQUEST['action'] == "delete"){


       $usertodelete = $_REQUEST['userid'];
       if ($AB_Is_Demo == '0')  {
              $sql = "DELETE FROM ab_users WHERE ab_userid = $usertodelete";

	   		  $dbh = DB::connect("$Config_DB_String");
              $sql_result = $dbh->query($sql);
                if (DB::isError($result)) {                                                             die ($result->getMessage());
                  die ($result->getMessage());
                }


			   echo "<p style=\"color:red\">User successfully deleted</p>";

	   		   echo "<a href=javascript:history.back()>Back</a>";

        }else{
               echo "<p style=\"color:red\">Can Not Edit or Delete Users In Demo Mode!<BR>
                          No Changes where Made.</p>";
               echo "<a href=javascript:history.back()>Back</a>";
             }

    }
	elseif ($_REQUEST['action'] == "edituser"){

        if ($_REQUEST['username']){
	    	 if ($_REQUEST['username'] != $_REQUEST['orgusername']) {
		     	 $updatesql = $updatesql . ", ab_username = '" . $_REQUEST['username'] . "'";
                 echo "<p style=\"color:red\"> * Found: Username Changed</p>";
	      	 }
        }else{
        	 MissingField("Sorry Username Can Not Be Blank - User not modified.");
        }

		if ($_REQUEST['first_name']){
        	if ($_REQUEST['first_name'] != $_REQUEST['orgfirstname']) {
            	$updatesql = $updatesql . ", ab_firstname  = '" . $_REQUEST['first_name'] . "'";
                echo "<p style=\"color:red\"> * Found: First Name Changed</p>";
            }
	    }else{
           	MissingField("Sorry First Name Can Not Be Blank - User not modified.");
        }

        if ($_REQUEST['last_name']){
        	if ($_REQUEST['last_name'] != $_REQUEST['orglastname']) {
             	$updatesql = $updatesql . ", ab_lastname = '" . $_REQUEST['last_name'] . "'";
                echo "<p style=\"color:red\"> * Found: Last Name Changed</p>";
            }
        }else{
            MissingField("Sorry Last Name Can Not Be Blank - User not modified.");
        }

		if ($_REQUEST['email_address']){
        	$CheckEmail = &new CheckEmail;
			$CheckEmail->email = $_REQUEST['email_address'];
            $valid_email = $CheckEmail->check_email();
            if (!$valid_email){
            	MissingField("Sorry Email Address was Invalid - User not modified.");
            }

	     	if ($_REQUEST['email_address'] != $_REQUEST['orgemail']) {
            	$updatesql = $updatesql . ", ab_email = '" . $_REQUEST['email_address'] . "'";
                echo "<p style=\"color:red\"> * Found: Email Address Changed</p>";
            }
        }else{
            MissingField("Sorry Email Address Can Not Be Blank - User not modified.");
        }


        if ($_REQUEST['newpassword']) {
        	if ($_REQUEST['newpassword'] == $_REQUEST['newpasswordconfirm']) {
	    		$newpassword = md5($_REQUEST['newpassword']);
                $updatesql = $updatesql . ", ab_password = '$newpassword'";
			 	echo "<p style=\"color:red\"> * Found: Password Changed and Confirm Matches</p>";
	   		}else{
          		MissingField("Sorry Password and Confirm Password do not match. - User not modified.");
         	}
		}

		if ($_REQUEST['newuser_level'] != $_REQUEST['orgsecurity']) {
        	$updatesql = $updatesql . ", ab_userlevel = '" . $_REQUEST['newuser_level'] . "'";
            echo "<p style=\"color:red\"> * Found: Security Level Changed</p>";
		}

		if ($_REQUEST['info'] != $_REQUEST['orginfo']) {
        	$updatesql = $updatesql . ", info = '" . $_REQUEST['info'] . "'";
            echo "<p style=\"color:red\"> * Found: Info Changed</p>";
        }
        if ($AB_Is_Demo == '0') {
	    	//remove the coma from in front of first update command,
		    $updatesql = substr($updatesql, 2, strlen($updatesql));
            $updatesql = "UPDATE ab_users SET " . $updatesql . " WHERE ab_userid='$thisuserid'";
            $dbh = DB::connect("$Config_DB_String");

	        //echo "Query SQL : $updatesql<BR>";

			if ($updatesql == "UPDATE ab_users SET WHERE ab_userid='$thisuserid'") {
                	echo "<p style=\"color:red\"> Nothing has changed, so Nothing has been updated.</p>";
                    echo "<a href=javascript:history.back()>Back</a>";
            }else{
        	      	$results = $dbh->query($updatesql);

					if (DB::isError($results)) {
                        	die ($results->getMessage());
                   	}
                    echo "<p style=\"color:red\">User Successsfully Updated.</p>";
                    echo "<a href=javascript:history.back()>Back</a>";
             }
        }else{
                    echo "<p style=\"color:red\">Can Not Edit or Delete Users In Demo Mode!<BR>
                          No Changes where Made.</p>";
                    echo "<a href=javascript:history.back()>Back</a>";
             }

}
function MissingField ($message) {
         echo "<p style='color:red'>" .$message ."</p>";;
         echo "<a href=javascript:history.back()>Back</a>";
         exit;
}
?>
Return current item: ArcaneBase Knowledgebase System