Location: PHPKode > projects > PhpMyInventory > pmi281/editUser.php
<?
  Include("Includes/global.inc.php");
  checkPermissions(1, 900);

  If ($userID == $editID) {
      redirect("userAccount.php");
  } ElseIf ($btnSubmit) {
      $strFirstName    = validateText("First Name", $txtFirstName, 2, 40, TRUE, FALSE);
      $strMiddleInit   = validateText("Middle Initial", $txtMiddleInit, 1, 1, FALSE, FALSE);
      $strLastName     = validateText("Last Name", $txtLastName, 2, 40, TRUE, FALSE);
      If (($cboLevel == "") AND ($sessionSecurity < 1)) {
          fillError("Please select a security level.");
      } ElseIf (($cboLevel < 3) AND ($sessionSecurity > 0)) {
          fillError("Nice try. Your actions have been recorded");
          $msgBody = makeHomeURL("editUser.php")." user: $userID";
          mail($adminEmail, "Hack Attempt: ".date("m-d-Y H:i"), $msgBody,
            "From: $adminEmail\r\nReply-To: $adminEmail\r\n");
      } ElseIf ($cboLevel < 3) {
          $requireExtras = TRUE;
      }
      $strUserID      = validateText("User ID", $txtUserID, 3, 20, $requireExtras, FALSE);
      $strEmail       = validateEmail("Email Address", $txtEmail, $requireExtras);

      If (!$strError AND ($requireExtras OR $strUserID)) {
          $strSQL = "SELECT id FROM tblSecurity WHERE userID='$strUserID' AND id != ".$editID;
          $result = dbquery($strSQL);
          $intFound = mysql_num_rows($result);
          If ($intFound != 0) {
               $strError = "That userID has been taken. Please choose another.";
          }
      }
      If (!$strError AND ($requireExtras OR $strEmail)) {
          $strSQL = "SELECT id FROM tblSecurity WHERE email='$strEmail' AND id != ".$editID;
          $result = dbquery($strSQL);
          $intFound = mysql_num_rows($result);
          If ($intFound != 0) {
              $strError = "That email address already exists.";
          }
      }
      
      If (!$strError) {
          If (($oldLevel == 3) AND ($cboLevel < 3)) {
              $strTempString = "ABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
              for ($i = 0; $i < 8; $i++) {
                   srand ((double) microtime() * 1000000);
                   $intPos = rand(0, 33);
                   $strTempChar = substr($strTempString, $intPos, 1);
                   $strPassword = $strPassword.$strTempChar;
              }
              $strPassword2 = md5($strPassword);
              $strSQL = "UPDATE tblSecurity SET userID='$strUserID', firstName='$strFirstName',
                middleInit='$strMiddleInit', lastName='$strLastName', email='$strEmail',
                securityLevel=$cboLevel, password='$strPassword2' WHERE accountID=$accountID AND id=".$editID;
          } Else {
              $strSQL = "UPDATE tblSecurity SET userID='$strUserID', firstName='$strFirstName',
                middleInit='$strMiddleInit', lastName='$strLastName', email='$strEmail',
                securityLevel=$cboLevel WHERE accountID=$accountID AND id=".$editID;
          }
          $result = dbquery($strSQL);

          If (($oldLevel == 3) AND ($cboLevel < 3)) {
              $strURL = makeHomeURL("editUser.php");
              $msgBody = "Your PMI username is '$strUserID' and your temporary password is '$strPassword'. ";
              $msgBody .= "You may log in at $strURL.";
              mail($strEmail, "PMI account update: ".date("m-d-Y"), $msgBody,
                "From: $adminEmail\r\nReply-To: $adminEmail\r\n");
                $strError2 = "They have been emailed login instructions, and their password.";
          }
          $strError = "This account has been updated successfully. $strError2";
      }
  } ElseIf ($editID) {
      $strSQL = "SELECT userID, firstName, middleInit, lastName, email, securityLevel FROM tblSecurity WHERE accountID=$accountID AND id=".$editID;
      $result = dbquery($strSQL);
      $row = mysql_fetch_row($result);

      $strUserID      = $row[0];
      $strFirstName   = $row[1];
      $strMiddleInit  = $row[2];
      $strLastName    = $row[3];
      $strEmail       = $row[4];
      $cboLevel       = $row[5];
      $oldLevel       = $row[5];

      If (($cboLevel < 3) AND ($sessionSecurity > 0)) {
          $msgBody = makeHomeURL("editUser.php")." user: $userID";
          mail($adminEmail, "Hack Attempt: ".date("m-d-Y H:i"), $msgBody,
            "From: $adminEmail\r\nReply-To: $adminEmail\r\n");
          die("Nice try. Your actions have been recorded.");
      }
  } Else {
      $strError = "Querystring error; please try again.";
      $noEditID = TRUE;
  }

  writeHeader("Edit a User");
  declareError(TRUE);

  If (!$noEditID) {
?>
<p>
<font color='ff0000'>*</font> Indicates a required field.<br>
<font color='006633'>*</font> Indicates a required field, except for "No Access" users.
<p>
<form name="form1" method="POST" action="editUser.php">
  <p><table border='0' width='406' cellpadding='2'>
    <tr>
      <td width='106'><font color='006633'>*</font> UserID:</td>
      <td width='300'><input type="text" name="txtUserID" value="<?echo $strUserID;?>" size="20" maxlength="20"></td>
    </tr>
    <tr>
      <td width='106'><font color='ff0000'>*</font> First Name:</td>
      <td width='300'><input type="text" name="txtFirstName" value="<?echo $strFirstName;?>" size="40" maxlength="40"></td>
    </tr>
    <tr>
      <td width='106'>Middle Initial:</td>
      <td width='300'><input type="text" name="txtMiddleInit" value="<?echo $strMiddleInit;?>" size="1" maxlength="1"></td>
    </tr>
    <tr>
      <td width='106'><font color='ff0000'>*</font> Last Name:</td>
      <td width='300'><input type="text" name="txtLastName" value="<?echo $strLastName;?>" size="40" maxlength="40"></td>
    </tr>
    <tr>
      <td width='106'><font color='006633'>*</font> Email:</td>
      <td width='300'><input type="text" name="txtEmail" value="<?echo $strEmail;?>" size="40" maxlength="50"></td>
    </tr>
    <tr>
      <td width='106'><font color='ff0000'>*</font> Security Level:</td>
      <td width='300'>
          <select name='cboLevel'>
  <? If ($sessionSecurity < 1) { ?>
              <option value=''>&nbsp;</option>
              <option value='0' <? echo writeSelected($cboLevel, "0"); ?>>Full Access</option>
              <option value='1' <? echo writeSelected($cboLevel, "1"); ?>>Limited Access</option>
              <option value='2' <? echo writeSelected($cboLevel, "2"); ?>>Read Only</option>
  <? } ?>
              <option value='3' <? echo writeSelected($cboLevel, "3"); ?>>No Access</option>
          </select>
      </td>
    </tr>
  </table><p>

  <input type="hidden" value="<? echo $oldLevel; ?>" name="oldLevel">
  <input type="hidden" value="<? echo $editID; ?>" name="editID">
  <input type="submit" value="Submit" name="btnSubmit">
  <input type="reset" value="Reset" name="reset">
</form>

<?
  }

  writeFooter();
?>
Return current item: PhpMyInventory