Location: PHPKode > projects > ERPSOD > erpsod/sysuser_edit.php
<?PHP
include_once("config.php");
// Are you authorised?
$ok=role_check('Admin');
if (!$ok){
	header("Location: login.php"); 
}

$form1=$_GET["form"];
$action=$_POST["command"];
$id=$_POST["sysuserlist"] ;


if ($form1=="sysuser_edit"){
	if ($action == "Cancel") {
		header('Location: sysuser_list.php');
	} else{
		$id=$_POST["id"] ;
		$sysrole = $_POST["sysrole"] ;
		$active = $_POST["active"] ;
		$error_txt = '';
		
		if ($_POST["username"] =="" ){
			$error_txt = "Username can not be blank";
		} else {
			if ($id==0){
				$sql = "select * from users where upper(username)=upper('$username')" ;
				$result = mysql_query($sql);
				$num_rows = mysql_num_rows($result);

				if ($num_rows ==0){

					// this makes sure both passwords entered match
					if ($_POST['pass'] != $_POST['pass2']) {
						die('Your passwords did not match. ');
					}
					// here we encrypt the password and add slashes if needed
					$_POST['pass'] = md5($_POST['pass']);
					if (!get_magic_quotes_gpc()) {
						$_POST['pass'] = addslashes($_POST['pass']);
						$_POST['username'] = addslashes($_POST['username']);
					}	
					$password=$_POST['pass'];
					$username = $_POST["username"] ;
					$sql="INSERT INTO users (username,password,sysrole,active) VALUES ( '$username','$password','$sysrole','$active')";
					$result = mysql_query($sql);
				}
			} else{
				if ($_POST["chgpwd"]=='1'){
					// this makes sure both passwords entered match
					if ($_POST['pass'] != $_POST['pass2']) {
						die('Your passwords did not match. ');
					}
					// here we encrypt the password and add slashes if needed
					$_POST['pass'] = md5($_POST['pass']);
					if (!get_magic_quotes_gpc()) {
						$_POST['pass'] = addslashes($_POST['pass']);
					}	
					$password=$_POST['pass'];
					$sql="UPDATE users SET sysrole='$sysrole', password='$password',active='$active' WHERE id = $id";
				} else {
					$sql="UPDATE users SET sysrole='$sysrole',active='$active' WHERE id = $id";
				}
				$result = mysql_query($sql);
			} 
		}
		header('Location: sysuser_list.php');
	}
} else {
	if ($action == "New"){
		$id = 0;
		$username= "";
		$password="";
		$password2="";
		$sysrole='Viewer';
		$active='Y';
	}
	if ($action == "Delete"){
		$sql="DELETE FROM users WHERE id = $id";
		$result = mysql_query($sql);
		header('Location: sysuser_list.php');
	}
	if ($action == "Edit"){
		$sql="SELECT * FROM users WHERE id = $id";
		$result = mysql_query($sql);
		$num_rows = mysql_num_rows($result);
		if ($num_rows <>0){
			$row = mysql_fetch_row($result);
			$id1 = $row[0];
			$username= $row[1];
			$sysrole = $row[3];
			$active = $row[4];
		}
	}
}
?>
<HTML>
<HEAD>
<link rel="stylesheet" type="text/css" href="<?PHP echo $style ?>">
<script language="JavaScript1.2" src="js/coolmenus4.js">
</script>
</HEAD>
<body bgcolor="#ffffff">
<script language="JavaScript1.2" src="js/erpsod.js">
</script><br><br>
<center>
<h3>System users</h3>
<?php
if ($error_txt <>""){
	echo $error_txt ;
	echo "<br>";
}
?>
<FORM ACTION="sysuser_edit.php?form=sysuser_edit" METHOD="POST">
<INPUT TYPE="HIDDEN" NAME="id" VALUE="<?php echo $id ?>">
<table border=0 cellpadding=4 cellspacing=0 bgcolor="AQUA"><tr><td>
<tr>
<td>Username</td>
<td><Input Name="username" MaxLength="25" Size="25" Value="<?php echo $username ?>"></td>
</tr>
<tr><td>System role:</td><td>
<INPUT TYPE=RADIO NAME="sysrole" VALUE="Viewer"  CHECKED       >Viewer<BR>
<INPUT TYPE=RADIO NAME="sysrole" VALUE="Updater" 			>Updater<BR>
<INPUT TYPE=RADIO NAME="sysrole" VALUE="Admin"         >Admin<P>
</td></tr>
<tr>
<td>Active User Y/N</td>
<td><Input Name="active" MaxLength="1" Size="1" Value="<?php echo $active ?>"></td>
</tr>
<tr><td>
<input type="checkbox" name="chgpwd" value="1"> Update Password<br>
</td></tr>
<tr><td>Password:</td><td>
<input type="password" name="pass" maxlength="10">
</td></tr>
<tr><td>Confirm Password:</td><td>
<input type="password" name="pass2" maxlength="10">
</td></tr>

<br>
<tr>
<td colspan=2 align="center">
<INPUT TYPE="SUBMIT" NAME="command" VALUE="Submit">
<INPUT TYPE="SUBMIT" NAME="command" VALUE="Cancel">
</td></tr>
</table>
</td></tr></table>
</center>
</FORM>
</BODY>
<?php
include_once("footer.php");
?>
</HTML>
Return current item: ERPSOD