Location: PHPKode > projects > PhpRechnung > phpRechnung/addressbook/editf_a.php
<?php
/*	editf.php

	phpInvoice - is easy-to-use Web-based multilingual accounting software.
	Copyright (C) 2001 - 2008 Edy Corak < phprechnung at ecorak dot net >

	This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

require_once("../include/phprechnung.inc.php");
require_once("../include/smarty.inc.php");
CheckUser();
CheckSession();

if(isset($_POST['myID']))
{
	$myID = $_POST['myID'];
}
if(isset($_POST['page']))
{
	$page = $_POST['page'];
}
if(isset($_POST['infoID']))
{
	$infoID = $_POST['infoID'];
}
if(isset($_POST['Customer']))
{
	$Customer = $_POST['Customer'];
}

if(isset($_POST['PrintName1']))
{
	$PrintName1 = $_POST['PrintName1'];
}
if(isset($_POST['Date_From1']))
{
	$Date_From1 = $_POST['Date_From1'];
}
if(isset($_POST['Date_Till1']))
{
	$Date_Till1 = $_POST['Date_Till1'];
}
if(isset($_POST['CustomerID']))
{
	$CustomerID = $_POST['CustomerID'];
}
if(isset($_POST['Prefix1']))
{
	$Prefix1 = $_POST['Prefix1'];
}
if(isset($_POST['Firstname1']))
{
	$Firstname1 = $_POST['Firstname1'];
}
if(isset($_POST['Lastname1']))
{
	$Lastname1 = $_POST['Lastname1'];
}
if(isset($_POST['Title11']))
{
	$Title11 = $_POST['Title11'];
}
if(isset($_POST['Company1']))
{
	$Company1 = $_POST['Company1'];
}
if(isset($_POST['Department1']))
{
	$Department1 = $_POST['Department1'];
}
if(isset($_POST['Address1']))
{
	$Address1 = $_POST['Address1'];
}
if(isset($_POST['Country1']))
{
	$Country1 = $_POST['Country1'];
}
if(isset($_POST['Postalcode1']))
{
	$Postalcode1 = $_POST['Postalcode1'];
}
if(isset($_POST['City1']))
{
	$City1 = $_POST['City1'];
}
if(isset($_POST['Stateprov1']))
{
	$Stateprov1 = $_POST['Stateprov1'];
}
if(isset($_POST['Position11']))
{
	$Position11 = $_POST['Position11'];
}
if(isset($_POST['Initials1']))
{
	$Initials1 = $_POST['Initials1'];
}
if(isset($_POST['Salutation1']))
{
	$Salutation1 = $_POST['Salutation1'];
}
if(isset($_POST['Phonehome1']))
{
	$Phonehome1 = $_POST['Phonehome1'];
}
if(isset($_POST['Phoneoffi1']))
{
	$Phoneoffi1 = $_POST['Phoneoffi1'];
}
if(isset($_POST['Phoneothe1']))
{
	$Phoneothe1 = $_POST['Phoneothe1'];
}
if(isset($_POST['Phonework1']))
{
	$Phonework1 = $_POST['Phonework1'];
}
if(isset($_POST['Mobile1']))
{
	$Mobile1 = $_POST['Mobile1'];
}
if(isset($_POST['Pager1']))
{
	$Pager1 = $_POST['Pager1'];
}
if(isset($_POST['Fax1']))
{
	$Fax1 = $_POST['Fax1'];
}
if(isset($_POST['Email1']))
{
	$Email1 = $_POST['Email1'];
}
if(isset($_POST['Url1']))
{
	$Url1 = $_POST['Url1'];
}
if(isset($_POST['Note1']))
{
	$Note1 = $_POST['Note1'];
}
if(isset($_POST['AltField11']))
{
	$AltField11 = $_POST['AltField11'];
}
if(isset($_POST['AltField21']))
{
	$AltField21 = $_POST['AltField21'];
}
if(isset($_POST['AltField31']))
{
	$AltField31 = $_POST['AltField31'];
}
if(isset($_POST['AltField41']))
{
	$AltField41 = $_POST['AltField41'];
}
if(isset($_POST['Category1']))
{
	$Category1 = $_POST['Category1'];
}
if(isset($_POST['MethodOfPayment1']))
{
	$MethodOfPayment1 = $_POST['MethodOfPayment1'];
}
if(isset($_POST['Birthday1']))
{
	$Birthday1 = $_POST['Birthday1'];
}
if(isset($_POST['Order']))
{
	$Order = $_POST['Order'];
}
if(isset($_POST['Sort']))
{
	$Sort = $_POST['Sort'];
}
if(isset($_POST['UserActive']))
{
	$UserActive = $_POST['UserActive'];
}
if(isset($_POST['UserName']))
{
	$UserName = $_POST['UserName'];
}
if(isset($_POST['UserLanguage']))
{
	$UserLanguage = $_POST['UserLanguage'];
}
if(isset($_POST['Password1']))
{
	$Password1 = $_POST['Password1'];
}
if(isset($_POST['Password2']))
{
	$Password2 = $_POST['Password2'];
}

$Searchstring = "CustomerID=$CustomerID&Prefix1=$Prefix1&Title11=$Title11&Firstname1=$Firstname1&Initials1=$Initials1&Lastname1=$Lastname1&Phonehome1=$Phonehome1&Salutation1=$Salutation1&Mobile1=$Mobile1&Address1=$Address1&Fax1=$Fax1&Stateprov1=$Stateprov1&Email1=$Email1&Postalcode1=$Postalcode1&City1=$City1&Url1=$Url1&Company1=$Company1&Phonework1=$Phonework1&Department1=$Department1&Phoneoffi1=$Phoneoffi1&Position11=$Position11&Phoneothe1=$Phoneothe1&Pager1=$Pager1&Note1=$Note1&Altfield11=$AltField11&Altfield21=$AltField21&Altfield31=$AltField31&Altfield41=$AltField41&Country1=$Country1&Date_From1=$Date_From1&Date_Till1=$Date_Till1&Birthday1=$Birthday1&Category1=$Category1&MethodOfPayment1=$MethodOfPayment1&PrintName1=$PrintName1";

// Database connection
//
DBConnect();

// Get the creator
//
$query = $db->Execute("SELECT MYID, CREATEDBY FROM {$TBLName}addressbook WHERE MYID=$myID");
$row = $query->GetRows();

// If an error has occurred, display the error message
//
if (!$query)
	print $db->ErrorMsg();
else
	foreach($row as $f)
	{
		$CreatedBy = $f['CREATEDBY'];
	}

function UserInput($mark)
{
	global $smarty, $a, $myID, $page, $infoID, $Date_From1, $Date_Till1, $CustomerID, $Prefix1,
	$Title11, $Firstname1, $Initials1, $Lastname1, $Phonehome1, $Salutation1, $Mobile1, $Address1,
	$Fax1, $Stateprov1, $Email1, $Postalcode1, $City1, $Url1, $Company1, $Phonework1, $Department1,
	$Phoneoffi1, $Position11, $Phoneothe1, $Pager1, $Note1, $AltField11, $AltField21, $AltField31,
	$AltField41, $Country1, $Birthday1, $Category1, $MethodOfPayment1, $PrintName1, $Customer, $Order,
	$Sort, $UserName, $UserActive, $UserLanguage;
	$smarty->assign("myID","$myID");
	$smarty->assign("page",$page);
	$smarty->assign("infoID","$infoID");
	$smarty->assign("Customer","$Customer");
	$smarty->assign("Date_From1","$Date_From1");
	$smarty->assign("Date_Till1","$Date_Till1");
	$smarty->assign("CustomerID","$CustomerID");
	$smarty->assign("Prefix1","$Prefix1");
	$smarty->assign("Firstname1","$Firstname1");
	$smarty->assign("Lastname1","$Lastname1");
	$smarty->assign("Title11","$Title11");
	$smarty->assign("Company1","$Company1");
	$smarty->assign("Department1","$Department1");
	$smarty->assign("Address1","$Address1");
	$smarty->assign("Country1","$Country1");
	$smarty->assign("Postalcode1","$Postalcode1");
	$smarty->assign("City1","$City1");
	$smarty->assign("Stateprov1","$Stateprov1");
	$smarty->assign("Position11","$Position11");
	$smarty->assign("Initials1","$Initials1");
	$smarty->assign("Salutation1","$Salutation1");
	$smarty->assign("Phonehome1","$Phonehome1");
	$smarty->assign("Phoneoffi1","$Phoneoffi1");
	$smarty->assign("Phoneothe1","$Phoneothe1");
	$smarty->assign("Phonework1","$Phonework1");
	$smarty->assign("Mobile1","$Mobile1");
	$smarty->assign("Pager1","$Pager1");
	$smarty->assign("Fax1","$Fax1");
	$smarty->assign("Email1","$Email1");
	$smarty->assign("Url1","$Url1");
	$smarty->assign("Note1","$Note1");
	$smarty->assign("AltField11","$AltField11");
	$smarty->assign("AltField21","$AltField21");
	$smarty->assign("AltField31","$AltField31");
	$smarty->assign("AltField41","$AltField41");
	$smarty->assign("Category1","$Category1");
	$smarty->assign("MathodOfPayment1","$MethodOfPayment1");
	$smarty->assign("PrintName1","$PrintName1");
	$smarty->assign("Birthday1","$Birthday1");
	$smarty->assign("Order",$Order);
	$smarty->assign("Sort",$Sort);
	$smarty->assign("Mark",$mark);
	$smarty->assign("UserActive","$UserActive");
	$smarty->assign("UserName","$UserName");
	$smarty->assign("UserLanguage","$UserLanguage");
	$smarty->assign("EditForm","3");
}

if (empty($myID))
{
	$smarty->assign("FieldError","$a[customer_no] - $a[field_error]");
	UserInput("");
	$smarty->display('addressbook/editf.tpl');
}
else if (empty($UserName))
{
	$smarty->assign("FieldError","$a[username] - $a[field_error]");
	UserInput("UserName");
	$smarty->display('addressbook/editf.tpl');
}
else if (empty($Password1))
{
	$smarty->assign("FieldError","$a[password] - $a[field_error]");
	UserInput("Password1");
	$smarty->display('addressbook/editf.tpl');
}
else if (empty($Password2))
{
	$smarty->assign("FieldError","$a[password] - $a[field_error]");
	UserInput("Password1");
	$smarty->display('addressbook/editf.tpl');
}
else if ($Password1 != $Password2)
{
	$smarty->assign("FieldError","$a[password_error]");
	UserInput("Password1");
	$smarty->display('addressbook/editf.tpl');
}
else if(isset($_SESSION['Username']) && $_SESSION['Username'] != $root && $_SESSION['Usergroup1'] != $admingroup_1 && $_SESSION['Usergroup2'] != $admingroup_2 && $_SESSION['Username'] != $CreatedBy)
{
	$smarty->assign("FieldError","$a[no_permission]");
	UserInput("");
	$smarty->display('addressbook/editf.tpl');
}
else
{
	$query1 = $db->Execute("SELECT MYID, DECODE(USERNAME,'$pkey') AS USERNAME FROM {$TBLName}addressbook WHERE DECODE(USERNAME,'$pkey')='$UserName' AND MYID != $myID");
	$numrows1 = $query1->RowCount();

	if ($numrows1) {
		$smarty->assign("FieldError","$a[entry_exist] - $a[username]");
		UserInput("UserName");
		$smarty->display('addressbook/editf.tpl');
	}
	else
	{
		$query3 = "UPDATE {$TBLName}addressbook SET MODIFIEDBY='$_SESSION[Username]', MODIFIED='$CurrentDateTime', PASSWORD=ENCODE('$Password1','$pkey'), USERLANGUAGE='$UserLanguage', USERNAME=ENCODE('$UserName','$pkey'), USER_ACTIVE='$UserActive' WHERE MYID=$myID";

		if ($db->Execute($query3) === false)
		{
			die($db->ErrorMsg());
		}

		$_SESSION['EditID'] = "1";
	}

	if($infoID == '9')
	{
		Header("Location: $web/addressbook/searchlist.php?myID=$myID&page=$page&Customer=$Customer&Order=$Order&Sort=$Sort&$sessname=$sessid#$myID");
	}
	else if($infoID == '10')
	{
		Header("Location: $web/addressbook/searchlist_e.php?myID=$myID&page=$page&$Searchstring&Order=$Order&Sort=$Sort&$sessname=$sessid#$myID");
	}
	else
	{
		Header("Location: $web/addressbook/list.php?myID=$myID&page=$page&Order=$Order&Sort=$Sort&$sessname=$sessid#$myID");
	}
}
?>
Return current item: PhpRechnung