<?
Include("Includes/global.inc.php");
checkPermissions(1, 900);
If ($userID == $editID) {
redirect("userAccount.php");
} ElseIf ($btnSubmit) {
$strFirstName = validateText("First Name", $txtFirstName, 2, 40, TRUE, FALSE);
$strMiddleInit = validateText("Middle Initial", $txtMiddleInit, 1, 1, FALSE, FALSE);
$strLastName = validateText("Last Name", $txtLastName, 2, 40, TRUE, FALSE);
If (($cboLevel == "") AND ($sessionSecurity < 1)) {
fillError("Please select a security level.");
} ElseIf (($cboLevel < 3) AND ($sessionSecurity > 0)) {
fillError("Nice try. Your actions have been recorded");
$msgBody = makeHomeURL("editUser.php")." user: $userID";
mail($adminEmail, "Hack Attempt: ".date("m-d-Y H:i"), $msgBody,
"From: $adminEmail\r\nReply-To: $adminEmail\r\n");
} ElseIf ($cboLevel < 3) {
$requireExtras = TRUE;
}
$strUserID = validateText("User ID", $txtUserID, 3, 20, $requireExtras, FALSE);
$strEmail = validateEmail("Email Address", $txtEmail, $requireExtras);
If (!$strError AND ($requireExtras OR $strUserID)) {
$strSQL = "SELECT id FROM tblSecurity WHERE userID='$strUserID' AND id != ".$editID;
$result = dbquery($strSQL);
$intFound = mysql_num_rows($result);
If ($intFound != 0) {
$strError = "That userID has been taken. Please choose another.";
}
}
If (!$strError AND ($requireExtras OR $strEmail)) {
$strSQL = "SELECT id FROM tblSecurity WHERE email='$strEmail' AND id != ".$editID;
$result = dbquery($strSQL);
$intFound = mysql_num_rows($result);
If ($intFound != 0) {
$strError = "That email address already exists.";
}
}
If (!$strError) {
If (($oldLevel == 3) AND ($cboLevel < 3)) {
$strTempString = "ABCDEFGHIJKLMNPQRSTUVWXYZ123456789";
for ($i = 0; $i < 8; $i++) {
srand ((double) microtime() * 1000000);
$intPos = rand(0, 33);
$strTempChar = substr($strTempString, $intPos, 1);
$strPassword = $strPassword.$strTempChar;
}
$strPassword2 = md5($strPassword);
$strSQL = "UPDATE tblSecurity SET userID='$strUserID', firstName='$strFirstName',
middleInit='$strMiddleInit', lastName='$strLastName', email='$strEmail',
securityLevel=$cboLevel, password='$strPassword2' WHERE accountID=$accountID AND id=".$editID;
} Else {
$strSQL = "UPDATE tblSecurity SET userID='$strUserID', firstName='$strFirstName',
middleInit='$strMiddleInit', lastName='$strLastName', email='$strEmail',
securityLevel=$cboLevel WHERE accountID=$accountID AND id=".$editID;
}
$result = dbquery($strSQL);
If (($oldLevel == 3) AND ($cboLevel < 3)) {
$strURL = makeHomeURL("editUser.php");
$msgBody = "Your PMI username is '$strUserID' and your temporary password is '$strPassword'. ";
$msgBody .= "You may log in at $strURL.";
mail($strEmail, "PMI account update: ".date("m-d-Y"), $msgBody,
"From: $adminEmail\r\nReply-To: $adminEmail\r\n");
$strError2 = "They have been emailed login instructions, and their password.";
}
$strError = "This account has been updated successfully. $strError2";
}
} ElseIf ($editID) {
$strSQL = "SELECT userID, firstName, middleInit, lastName, email, securityLevel FROM tblSecurity WHERE accountID=$accountID AND id=".$editID;
$result = dbquery($strSQL);
$row = mysql_fetch_row($result);
$strUserID = $row[0];
$strFirstName = $row[1];
$strMiddleInit = $row[2];
$strLastName = $row[3];
$strEmail = $row[4];
$cboLevel = $row[5];
$oldLevel = $row[5];
If (($cboLevel < 3) AND ($sessionSecurity > 0)) {
$msgBody = makeHomeURL("editUser.php")." user: $userID";
mail($adminEmail, "Hack Attempt: ".date("m-d-Y H:i"), $msgBody,
"From: $adminEmail\r\nReply-To: $adminEmail\r\n");
die("Nice try. Your actions have been recorded.");
}
} Else {
$strError = "Querystring error; please try again.";
$noEditID = TRUE;
}
writeHeader("Edit a User");
declareError(TRUE);
If (!$noEditID) {
?>
<p>
<font color='ff0000'>*</font> Indicates a required field.<br>
<font color='006633'>*</font> Indicates a required field, except for "No Access" users.
<p>
<form name="form1" method="POST" action="editUser.php">
<p><table border='0' width='406' cellpadding='2'>
<tr>
<td width='106'><font color='006633'>*</font> UserID:</td>
<td width='300'><input type="text" name="txtUserID" value="<?echo $strUserID;?>" size="20" maxlength="20"></td>
</tr>
<tr>
<td width='106'><font color='ff0000'>*</font> First Name:</td>
<td width='300'><input type="text" name="txtFirstName" value="<?echo $strFirstName;?>" size="40" maxlength="40"></td>
</tr>
<tr>
<td width='106'>Middle Initial:</td>
<td width='300'><input type="text" name="txtMiddleInit" value="<?echo $strMiddleInit;?>" size="1" maxlength="1"></td>
</tr>
<tr>
<td width='106'><font color='ff0000'>*</font> Last Name:</td>
<td width='300'><input type="text" name="txtLastName" value="<?echo $strLastName;?>" size="40" maxlength="40"></td>
</tr>
<tr>
<td width='106'><font color='006633'>*</font> Email:</td>
<td width='300'><input type="text" name="txtEmail" value="<?echo $strEmail;?>" size="40" maxlength="50"></td>
</tr>
<tr>
<td width='106'><font color='ff0000'>*</font> Security Level:</td>
<td width='300'>
<select name='cboLevel'>
<? If ($sessionSecurity < 1) { ?>
<option value=''> </option>
<option value='0' <? echo writeSelected($cboLevel, "0"); ?>>Full Access</option>
<option value='1' <? echo writeSelected($cboLevel, "1"); ?>>Limited Access</option>
<option value='2' <? echo writeSelected($cboLevel, "2"); ?>>Read Only</option>
<? } ?>
<option value='3' <? echo writeSelected($cboLevel, "3"); ?>>No Access</option>
</select>
</td>
</tr>
</table><p>
<input type="hidden" value="<? echo $oldLevel; ?>" name="oldLevel">
<input type="hidden" value="<? echo $editID; ?>" name="editID">
<input type="submit" value="Submit" name="btnSubmit">
<input type="reset" value="Reset" name="reset">
</form>
<?
}
writeFooter();
?>