Location: PHPKode > projects > eqEpic > eqEpic0.7.8/secadd.php
<?php 
/******************************************************************************
* secadd.php                                                                  *
* Add Users                                                                   *
* See readme.txt for additional information                                   *
*******************************************************************************
* eqEpic - The Epic Raid Manager                                              *
* Open-Source Project By Ryan Christenson                                     *
* =========================================================================== *
* Software Version:           eqEpic 0.7.8                                    *
* Software by:                The RSWR Network (http://www.rswr.net)          *
* Copyright 2006-2007 by:     Ryan Christenson (http://www.rswr.net)          *
* Support, News, Updates at:  http://forum.rswr.net/                          *
*******************************************************************************
* This program is free software; you can redistribute it and/or modify        *
* it under the terms of the GNU General Public License as published by        *
* the Free Software Foundation; either version 2 of the License, or           *
* (at your option) any later version.                                         *
*                                                                             *
* This program is distributed in the hope that it will be useful,             *
* but WITHOUT ANY WARRANTY; without even the implied warranty of              *
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the               *
* GNU General Public License for more details.                                *
*                                                                             *
* You should have received a copy of the GNU General Public License           *
* along with DownloadCounter; if not, write to the Free Software              *
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA   *
******************************************************************************/
session_start();
ob_start();
?>
<?php
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); // Date in the past
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // Always modified
header("Cache-Control: private, no-store, no-cache, must-revalidate"); // HTTP/1.1 
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache"); // HTTP/1.0
?>
<?php include ("ewconfig.php") ?>
<?php include ("db.php") ?>
<?php include ("secinfo.php") ?>
<?php include ("advsecu.php") ?>
<?php include ("phpmkrfn.php") ?>
<?php
if (!IsLoggedIn() && (@$_COOKIE[ewCookieAutoLogin] == "autologin" && @$_COOKIE[ewCookiePassword] <> "")) {
	ob_end_clean();
	header("Location: login.php");
	exit();
}
LoadUserLevel();
$ewCurSec = (IsLoggedIn())? CurrentUserLevelPriv("sec") : GetAnonymousPriv("sec");	
if (($ewCurSec & ewAllowAdd) <> ewAllowAdd) {
	ob_end_clean();
	header("Location: seclist.php");
	exit();
}
if (IsLoggedIn() && CurrentUserID() == "") {
	ob_end_clean();
	header("Location: login.php");
	exit();
}
?>
<?php

// Initialize common variables
$x_id = NULL;
$ox_id = NULL;
$z_id = NULL;
$ar_x_id = NULL;
$ari_x_id = NULL;
$x_idList = NULL;
$x_idChk = NULL;
$cbo_x_id_js = NULL;
$x_user = NULL;
$ox_user = NULL;
$z_user = NULL;
$ar_x_user = NULL;
$ari_x_user = NULL;
$x_userList = NULL;
$x_userChk = NULL;
$cbo_x_user_js = NULL;
$x_pass = NULL;
$ox_pass = NULL;
$z_pass = NULL;
$ar_x_pass = NULL;
$ari_x_pass = NULL;
$x_passList = NULL;
$x_passChk = NULL;
$cbo_x_pass_js = NULL;
$x_email = NULL;
$ox_email = NULL;
$z_email = NULL;
$ar_x_email = NULL;
$ari_x_email = NULL;
$x_emailList = NULL;
$x_emailChk = NULL;
$cbo_x_email_js = NULL;
$x_UserLevel = NULL;
$ox_UserLevel = NULL;
$z_UserLevel = NULL;
$ar_x_UserLevel = NULL;
$ari_x_UserLevel = NULL;
$x_UserLevelList = NULL;
$x_UserLevelChk = NULL;
$cbo_x_UserLevel_js = NULL;
?>
<?php

// Load key from QueryString
$bCopy = true;
$x_id = @$_GET["id"];
if (($x_id == "") || (is_null($x_id))) $bCopy = false;

// Get action
$sAction = @$_POST["a_add"];
if (($sAction == "") || ((is_null($sAction)))) {
	if ($bCopy) {
		$sAction = "C"; // Copy record
	} else {
		$sAction = "I"; // Display blank record
	}
} else {

	// Get fields from form
	$x_id = @$_POST["x_id"];
	$x_user = @$_POST["x_user"];
	$x_pass = @$_POST["x_pass"];
	$x_email = @$_POST["x_email"];
	$x_UserLevel = @$_POST["x_UserLevel"];
}
$conn = phpmkr_db_connect(HOST, USER, PASS, DB, PORT);
switch ($sAction) {
	case "C": // Copy record
		if (!LoadData($conn)) { // Load record
			$_SESSION[ewSessionMessage] = "No Users Found";
			phpmkr_db_close($conn);
			ob_end_clean();
			header("Location: seclist.php");
			exit();
		}
		break;
	case "A": // Add
		if (AddData($conn)) { // Add new record
			$_SESSION[ewSessionMessage] = "New User Added Successfully";
			phpmkr_db_close($conn);
			ob_end_clean();
			header("Location: seclist.php");
			exit();
		}
		break;
}
?>
<?php include ("sources/header.php") ?>
<script type="text/javascript">
<!--
EW_LookupFn = "ewlookup.php"; // ewlookup file name
EW_AddOptFn = "ewaddopt.php"; // ewaddopt.php file name

//-->
</script>
<script type="text/javascript" src="ewp.js"></script>
<script type="text/javascript">
<!--
EW_dateSep = "-"; // set date separator
EW_UploadAllowedFileExt = "gif,jpg,jpeg,bmp,png,doc,xls,pdf,zip"; // allowed upload file extension

//-->
</script>
<script type="text/javascript">
<!--
function EW_checkMyForm(EW_this) {
if (EW_this.x_user && !EW_hasValue(EW_this.x_user, "TEXT")) {
	if (!EW_onError(EW_this, EW_this.x_user, "TEXT", "Please Enter & Create a Username"))
		return false;
}
if (EW_this.x_pass && !EW_hasValue(EW_this.x_pass, "TEXT")) {
	if (!EW_onError(EW_this, EW_this.x_pass, "TEXT", "Please Enter & Create a Password"))
		return false;
}
if (EW_this.x_email && !EW_hasValue(EW_this.x_email, "TEXT")) {
	if (!EW_onError(EW_this, EW_this.x_email, "TEXT", "Please Enter User's E-mail Address"))
		return false;
}
if (EW_this.x_UserLevel && !EW_hasValue(EW_this.x_UserLevel, "SELECT")) {
	if (!EW_onError(EW_this, EW_this.x_UserLevel, "SELECT", "Please Select a User Level"))
		return false;
}
return true;
}

//-->
</script>
<script type="text/javascript">
<!--
	var EW_DHTMLEditors = [];

//-->
</script>
<form name="fsecadd" id="fsecadd" action="secadd.php" method="post" onsubmit="return EW_checkMyForm(this);">
<p>
<input type="hidden" name="a_add" value="A" />
<?php
if (@$_SESSION[ewSessionMessage] <> "") {
?>
<p><div class="ewmsg"><?php echo $_SESSION[ewSessionMessage]; ?></div></p>
<?php
	$_SESSION[ewSessionMessage] = ""; // Clear message
}
?>
<table align="center" class="table_other">
	<tr>
		<td>User<span class='ewmsg'>&nbsp;*</span></td>
		<td><span id="cb_x_user">
<?php if (CurrentUserID() == -1) { // System admin ?>
<input type="text" name="x_user" id="x_user" size="30" maxlength="20" value="<?php echo htmlspecialchars(@$x_user) ?>" class="text" />
<?php } else { // Non system admin ?>
<?php $x_user = stripslashes($_SESSION["eqplan_status_UserID"]); ?>
<?php echo $x_user; ?>
<input type="hidden" id="x_user" name="x_user" value="<?php echo $x_user; ?>" />
<?php } ?>
</span></td>
	</tr>
	<tr>
		<td>Pass<span class='ewmsg'>&nbsp;*</span></td>
		<td><span id="cb_x_pass">
<input type="text" name="x_pass" id="x_pass" size="30" maxlength="20" value="<?php echo htmlspecialchars(@$x_pass) ?>" class="text" />
</span></td>
	</tr>
	<tr>
		<td>E-mail<span class='ewmsg'>&nbsp;*</span></td>
		<td><span id="cb_x_email">
<input type="text" name="x_email" id="x_email" size="30" maxlength="255" value="<?php echo htmlspecialchars(@$x_email) ?>" class="text" />
</span></td>
	</tr>
	<tr>
		<td>User Level<span class='ewmsg'>&nbsp;*</span></td>
		<td><span id="cb_x_UserLevel">
<?php if (($ewCurSec & ewAllowAdmin) == ewAllowAdmin) { // System admin ?>
<?php
$x_UserLevelList = "<select id='x_UserLevel' name='x_UserLevel'>";
$x_UserLevelList .= "<option value=''>Please Select</option>";
	$x_UserLevelList .= "<option value=\"-1\"";
	if (@$x_UserLevel == "-1") {
		$x_UserLevelList .= " selected";
	}
	$x_UserLevelList .= ">" . "Administrator" . "</option>";
	$x_UserLevelList .= "<option value=\"0\"";
	if (@$x_UserLevel == "0") {
		$x_UserLevelList .= " selected";
	}
	$x_UserLevelList .= ">" . "Anonymous" . "</option>";
	$x_UserLevelList .= "<option value=\"1\"";
	if (@$x_UserLevel == "1") {
		$x_UserLevelList .= " selected";
	}
	$x_UserLevelList .= ">" . "Normal" . "</option>";
$x_UserLevelList .= "</select>";
echo $x_UserLevelList;
?>
<?php } else { ?>
********
<?php } ?>
</span></td>
	</tr>
</table>
<p align="center">
<input type="submit" name="btnAction" id="btnAction" value="Add User" class="button" />
</form>
<?php include ("footer.php") ?>
<?php
phpmkr_db_close($conn);
?>
<?php

//-------------------------------------------------------------------------------
// Function LoadData
// - Variables setup: field variables

function LoadData($conn)
{
	global $x_id;
	$sFilter = ewSqlKeyWhere;
	if (!is_numeric($x_id)) return false;
	$x_id =  (get_magic_quotes_gpc()) ? stripslashes($x_id) : $x_id;
	$sFilter = str_replace("@id", AdjustSql($x_id), $sFilter); // Replace key value
	if ((CurrentUserID() <> "-1") && (CurrentUserID() <> "")) {

	//$sFilter .= " AND " . str_replace("#UserID", AdjustSql(CurrentuserID()), ewSqlUserIDFilter);
	$sFilter .= " AND " . ewSqlUserIDFilter;
	$sFilter = str_replace("#Key", "`user`", $sFilter);
	$sFilter = str_replace("#UserID", AdjustSql(CurrentUserID()), $sFilter);
	}
	$sSql = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
	$rs = phpmkr_query($sSql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br />SQL: ' . $sSql);
	if (phpmkr_num_rows($rs) == 0) {
		$bLoadData = false;
	} else {
		$bLoadData = true;
		$row = phpmkr_fetch_array($rs);

		// Get the field contents
		$GLOBALS["x_id"] = $row["id"];
		$GLOBALS["x_user"] = $row["user"];
		$GLOBALS["x_pass"] = $row["pass"];
		$GLOBALS["x_email"] = $row["email"];
		$GLOBALS["x_UserLevel"] = $row["UserLevel"];
	}
	phpmkr_free_result($rs);
	return $bLoadData;
}
?>
<?php

//-------------------------------------------------------------------------------
// Function AddData
// - Add Data
// - Variables used: field variables

function AddData($conn)
{
	global $x_id;
	global $x_user;
	global $x_email;
	$sFilter = ewSqlKeyWhere;

	// Check for duplicate key
	$bCheckKey = true;
	if ((@$x_id == "") || (is_null(@$x_id))) {
		$bCheckKey = false;
	} else {
		$sFilter = str_replace("@id", AdjustSql($x_id), $sFilter); // Replace key value
	}
	if ($bCheckKey) {
		$sSqlChk = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
		$rsChk = phpmkr_query($sSqlChk, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br />SQL: ' . $sSqlChk);
		if (phpmkr_num_rows($rsChk) > 0) {
			$_SESSION[ewSessionMessage] = "Duplicate Value For Primary Key";
			phpmkr_free_result($rsChk);
			return false;
		}
		phpmkr_free_result($rsChk);
	}
	if (@$x_user == "" || (is_null(@$x_user))) { // Check field with unique index

		// Ignore
	} else {
		$sFilter = "(`user` = '" . AdjustSql($x_user) . "')";
		$sSqlChk = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
		$rsChk = phpmkr_query($sSqlChk, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br />SQL: ' . $sSqlChk);
		if (phpmkr_num_rows($rsChk) > 0) {
			$_SESSION[ewSessionMessage] = "Duplicate value for index or primary key -- `user`, value = " . $x_user;
			phpmkr_free_result($rsChk);			
			return false;
		}
		phpmkr_free_result($rsChk);
	}
	if (@$x_email == "" || (is_null(@$x_email))) { // Check field with unique index

		// Ignore
	} else {
		$sFilter = "(`email` = '" . AdjustSql($x_email) . "')";
		$sSqlChk = ewBuildSql(ewSqlSelect, ewSqlWhere, ewSqlGroupBy, ewSqlHaving, ewSqlOrderBy, $sFilter, "");
		$rsChk = phpmkr_query($sSqlChk, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br />SQL: ' . $sSqlChk);
		if (phpmkr_num_rows($rsChk) > 0) {
			$_SESSION[ewSessionMessage] = "Duplicate value for index or primary key -- `email`, value = " . $x_email;
			phpmkr_free_result($rsChk);			
			return false;
		}
		phpmkr_free_result($rsChk);
	}

	// Field user
	$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_user"]) : $GLOBALS["x_user"]; 
	$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
	$sTmp = $theValue;
	$srchFld = $sTmp;
	$strsql = "SELECT * FROM `sec` WHERE `user` = " . $srchFld;
	$rschk = phpmkr_query($strsql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br />SQL:' . $strsql);
	if (phpmkr_num_rows($rschk) > 0) {
		echo "Duplicate value for index or primary key -- user, value = " . $sTmp . "<br />";
		echo "Press [Previous Page] key to continue!";
		die();
	}
	@phpmkr_free_result($rschk);
	$fieldList["`user`"] = $theValue;

	// Field pass
	$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_pass"]) : $GLOBALS["x_pass"]; 
	$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
	$fieldList["`pass`"] = $theValue;

	// Field email
	$theValue = (!get_magic_quotes_gpc()) ? addslashes($GLOBALS["x_email"]) : $GLOBALS["x_email"]; 
	$theValue = ($theValue != "") ? " '" . $theValue . "'" : "NULL";
	$sTmp = $theValue;
	$srchFld = $sTmp;
	$strsql = "SELECT * FROM `sec` WHERE `email` = " . $srchFld;
	$rschk = phpmkr_query($strsql,$conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br />SQL:' . $strsql);
	if (phpmkr_num_rows($rschk) > 0) {
		echo "Duplicate value for index or primary key -- email, value = " . $sTmp . "<br />";
		echo "Press [Previous Page] key to continue!";
		die();
	}
	@phpmkr_free_result($rschk);
	$fieldList["`email`"] = $theValue;

	// Field UserLevel
	global $ewCurSec;
if (($ewCurSec & ewAllowAdmin) == ewAllowAdmin) { // System admin
	$theValue = ($GLOBALS["x_UserLevel"] != "") ? intval($GLOBALS["x_UserLevel"]) : "NULL";
	$fieldList["`UserLevel`"] = $theValue;
	}

	// User ID field
	if ((CurrentUserID() <> -1) && (CurrentUserID() <> "")) { // Non system admin
		$fieldList["`user`"] = "'" . CurrentUserID() . "'";
	}

	// Inserting event
	if (Recordset_Inserting($fieldList)) {

		// Insert
		$sSql = "INSERT INTO `sec` (";
		$sSql .= implode(",", array_keys($fieldList));
		$sSql .= ") VALUES (";
		$sSql .= implode(",", array_values($fieldList));
		$sSql .= ")";	
		phpmkr_query($sSql, $conn) or die("Failed to execute query at line " . __LINE__ . ": " . phpmkr_error($conn) . '<br />SQL: ' . $sSql);
		$fieldList["`id`"] = phpmkr_insert_id($conn);
		$result = (phpmkr_affected_rows($conn) > 0);

		// Inserted event
		if ($result) Recordset_Inserted($fieldList);
	} else {
		$result = false;
	}
	return $result;
}

// Inserting event
function Recordset_Inserting(&$newrs)
{

	// Enter your customized codes here
	return true;
}

// Inserted event
function Recordset_Inserted($newrs)
{
	$table = "sec";
}
?>
Return current item: eqEpic