<? include('includes/main.php'); ?>
<? include('includes/arfunctions.php'); ?>
<script language="JavaScript" src="js/validatephone.js">
</script>
<?
if ($custcompanyid) { //if external customer
$customerid=$custcompanyid; //only allow them to edit their info
};
if ($delete&&$extuserid) {
if ($conn->Execute('update extuser set cancel=1,canceluserid='.sqlprep($userid).',canceldate=NOW() where id='.sqlprep($extuserid)) === false) die(texterror('Delete failed'));
echo textsuccess('User deleted successfully.');
unset($extuserid);
if (!$custcompanyid) unset($customerid);
};
if ($customerid) { //if user has selected a company
$custmsg="";
$recordSet=&$conn->Execute('select company.companyname from company,customer where company.id=customer.companyid and customer.id='.sqlprep($customerid));
if (!$recordSet->EOF) $custmsg="Company=".$recordSet->fields[0];
if ($add) {
if ($final&&$name&&($password1==$password2)) {
unset($passstr);
if ($password1&&($password1==$password2)) $passstr=','.sqlprep(pwencrypt($password1));
if ($conn->Execute('insert into extuser (name,password,stylesheetid,customer,entryuserid,lastchangeuserid,entrydate) values ('.sqlprep($name).$passstr.','.sqlprep($stylesheetid).','.sqlprep($customerid).','.sqlprep($userid).','.sqlprep($userid).',NOW())') === false) die(texterror('Insert failed'));
echo textsuccess('User added successfully.');
} else {
echo '<form action="arcustextuser.php" method="post"><input type="hidden" name="nonprintable" value="1"><table>';
echo '<input type="hidden" name="customerid" value="'.$customerid.'"><input type="hidden" name="add" value="1"><input type="hidden" name="final" value="1">';
echo '<tr><th colspan="3">'.$custmsg.'</th></tr>';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">User name:</td><td><input type="text" name="name" size="30" maxlength="30"'.INC_TEXTBOX.'></td></tr>';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">Password:</td><td><input type="password" name="password1" size="30" maxlength="30"'.INC_TEXTBOX.'></td></tr>';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">(Verify):</td><td><input type="password" name="password2" size="30" maxlength="30"'.INC_TEXTBOX.'></td></tr>';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">Style:</td><td><select name="stylesheetid"'.INC_TEXTBOX.'>';
$recordSet2 = &$conn->Execute('select id,name from genstylesheet order by name');
while (!$recordSet2->EOF) {
echo '<option value="'.$recordSet2->fields[0].'">'.$recordSet2->fields[1]."\n";
$recordSet2->MoveNext();
};
echo '</select></td></tr>';
echo '</table><input type="submit" value="Add"></form>';
};
} elseif ($extuserid) {
if ($update&&$name) {
unset($passstr);
if ($password1&&($password1==$password2)) $passstr=', password='.sqlprep(pwencrypt($password1));
if ($conn->Execute('update extuser set name='.sqlprep($name).', stylesheetid='.sqlprep($stylesheetid).', lastchangeuserid='.sqlprep($userid).$passstr.' where id='.sqlprep($extuserid)) === false) die(texterror('Update failed'));
echo textsuccess('User updated successfully.');
} else {
$recordSet = &$conn->Execute('select name,stylesheetid from extuser where id='.sqlprep($extuserid));
if (!$recordSet->EOF) {
echo '<form action="arcustextuser.php" method="post"><input type="hidden" name="nonprintable" value="1"><table>';
echo '<input type="hidden" name="customerid" value="'.$customerid.'"><input type="hidden" name="update" value="1"><input type="hidden" name="extuserid" value="'.$extuserid.'">';
echo '<tr><th colspan="3">'.$custmsg.'</th></tr>';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">User name:</td><td><input type="text" name="name" size="30" maxlength="30" value="'.$recordSet->fields[0].'"'.INC_TEXTBOX.'></td></tr>';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">Password:</td><td><input type="password" name="password1" size="30" maxlength="30"'.INC_TEXTBOX.'></td></tr>';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">(Verify):</td><td><input type="password" name="password2" size="30" maxlength="30"'.INC_TEXTBOX.'></td></tr>';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">Style:</td><td><select name="stylesheetid"'.INC_TEXTBOX.'>';
$recordSet2 = &$conn->Execute('select id,name from genstylesheet order by name');
while (!$recordSet2->EOF) {
echo '<option value="'.$recordSet2->fields[0].'"'.checkequal($recordSet->fields[1],$recordSet2->fields[0],' selected').'>'.$recordSet2->fields[1]."\n";
$recordSet2->MoveNext();
};
echo '</select></td></tr>';
echo '</table><input type="submit" value="Save Changes"></form>';
echo '<a href="arcustextuser.php?delete=1&extuserid='.$extuserid.'">Delete this user</a>';
} else {
die(texterror('Invalid entuserid'));
};
};
} else { //let user pick login
echo texttitle('Customer External User Update');
$recordSet=&$conn->Execute('select extuser.id,extuser.name from extuser where extuser.cancel=0 and extuser.customer='.sqlprep($customerid));
if (!$recordSet->EOF) {
echo '<form action="arcustextuser.php" method="post"><input type="hidden" name="nonprintable" value="1"><table>';
echo '<tr><th colspan="3">'.$custmsg.'</th></tr>';
echo '<input type="hidden" name="customerid" value="'.$customerid.'">';
echo '<tr><td align="'.TABLE_LEFT_SIDE_ALIGN.'">User name:</td><td><select name="extuserid">';
while (!$recordSet->EOF) {
echo '<option value="'.$recordSet->fields[0].'">'.$recordSet->fields[1];
$recordSet->MoveNext();
};
echo '</select></td></tr>';
echo '</table><input type="submit" value="Edit Selected User"></form>';
};
echo '<a href="arcustextuser.php?add=1&customerid='.$customerid.'">Add new External User</a>';
};
} else { //let user pick customer
echo texttitle('Customer External User Update');
echo '<form action="arcustextuser.php" method="post" name="mainform"><table>';
formarcustomerselect('customerid');
echo '</table><input type="submit" value="Continue"></form>';
};
?>
<? include('includes/footer.php'); ?>