Location: PHPKode > projects > PhpRechnung > phpRechnung/user/editf.php
<?php
/*
	editf.php

	phpInvoice - is easy-to-use Web-based multilingual accounting software.
	Copyright (C) 2001 - 2008 Edy Corak < phprechnung at ecorak dot net >

	This program is free software; you can redistribute it and/or modify
	it under the terms of the GNU General Public License as published by
	the Free Software Foundation; either version 2 of the License, or
	(at your option) any later version.

	This program is distributed in the hope that it will be useful,
	but WITHOUT ANY WARRANTY; without even the implied warranty of
	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
	GNU General Public License for more details.

	You should have received a copy of the GNU General Public License
	along with this program; if not, write to the Free Software
	Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
*/

require_once("../include/phprechnung.inc.php");
require_once("../include/smarty.inc.php");
CheckUser();
CheckSession();

if(isset($_POST['userID']))
{
	$userID = $_POST['userID'];
}
if(isset($_POST['page']))
{
	$page = $_POST['page'];
}
if(isset($_POST['infoID']))
{
	$infoID = $_POST['infoID'];
}
if(isset($_POST['UserActive']))
{
	$UserActive = $_POST['UserActive'];
}
if(isset($_POST['FullName']))
{
	$FullName = $_POST['FullName'];
}
if(isset($_POST['UserLanguage']))
{
	$UserLanguage = $_POST['UserLanguage'];
}
if(isset($_POST['UserGroup1']))
{
	$UserGroup1 = $_POST['UserGroup1'];
}
if(isset($_POST['UserGroup2']))
{
	$UserGroup2 = $_POST['UserGroup2'];
}
if(isset($_POST['Password1']))
{
	$Password1 = $_POST['Password1'];
}
if(isset($_POST['Password2']))
{
	$Password2 = $_POST['Password2'];
}
if(isset($_POST['UserActive_1']))
{
	$UserActive_1 = $_POST['UserActive_1'];
}
if(isset($_POST['FullName_1']))
{
	$FullName_1 = $_POST['FullName_1'];
}
if(isset($_POST['UserName_1']))
{
	$UserName_1 = $_POST['UserName_1'];
}
if(isset($_POST['UserLanguage_1']))
{
	$UserLanguage_1 = $_POST['UserLanguage_1'];
}
if(isset($_POST['UserGroup_1']))
{
	$UserGroup_1 = $_POST['UserGroup_1'];
}
if(isset($_POST['Order']))
{
	$Order = $_POST['Order'];
}
if(isset($_POST['Sort']))
{
	$Sort = $_POST['Sort'];
}

// Database connection
//
DBConnect();

// Get the username
//
$query = $db->GetAll("SELECT USERID, DECODE(USERNAME,'$pkey') AS USERNAME FROM {$TBLName}user WHERE USERID=$userID");

// If an error has occurred, display the error message
//
if (!$query)
	print($db->ErrorMsg());
else
	foreach($query as $f)
	{
		$Username = $f['USERNAME'];
	}

function UserInput($mark)
{
	global $smarty, $userID, $page, $infoID, $UserActive, $FullName, $UserLanguage,
	$UserGroup1, $UserGroup2, $UserActive_1, $FullName1, $UserName1, $UserLanguage1, $UserGroup1, $Sort, $Order;
	$smarty->assign("userID","$userID");
	$smarty->assign("page",$page);
	$smarty->assign("infoID","$infoID");
	$smarty->assign("UserActive","$UserActive");
	$smarty->assign("FullName","$FullName");
	$smarty->assign("UserLanguage","$UserLanguage");
	$smarty->assign("UserGroup1","$UserGroup1");
	$smarty->assign("UserGroup2","$UserGroup2");
	$smarty->assign("UserActive_1","$UserActive_1");
	$smarty->assign("FullName_1","$FullName_1");
	$smarty->assign("UserName_1","$UserName_1");
	$smarty->assign("UserLanguage_1","$UserLanguage_1");
	$smarty->assign("UserGroup_1","$UserGroup_1");
	$smarty->assign("Order",$Order);
	$smarty->assign("Sort",$Sort);
	$smarty->assign("Mark",$mark);
}

if (empty($FullName))
{
	$smarty->assign("FieldError","$a[fullname] - $a[field_error]");
	UserInput("FullName");
	$smarty->display('user/editf.tpl');
}
else if (empty($Password1))
{
	$smarty->assign("FieldError","$a[password] - $a[field_error]");
	UserInput("Password1");
	$smarty->display('user/editf.tpl');
}
else if (empty($Password2))
{
	$smarty->assign("FieldError","$a[password] - $a[field_error]");
	UserInput("Password1");
	$smarty->display('user/editf.tpl');
}
else if ($Password1 != $Password2)
{
	$smarty->assign("FieldError","$a[password_error]");
	UserInput("Password1");
	$smarty->display('user/editf.tpl');
}
else if(isset($_SESSION['Username']) && $_SESSION['Username'] != $root && $_SESSION['Usergroup1'] != $admingroup_1 && $_SESSION['Usergroup2'] != $admingroup_2 && $_SESSION['Username'] != $Username)
{
	$smarty->assign("FieldError","$a[no_permission]");
	UserInput("");
	$smarty->display('user/editf.tpl');
}
else
{
	if(isset($_SESSION['Username']) && $_SESSION['Username'] == $root && $userID == 1)
	{
		$query = $db->Execute("UPDATE {$TBLName}user SET FULLNAME=ENCODE('$FullName','$pkey'), PASSWORD=ENCODE('$Password1','$pkey'), LANGUAGE='$UserLanguage', MODIFIEDBY='$_SESSION[Username]', MODIFIED='$CurrentDateTime' WHERE USERID=$userID");
	}
	else if(isset($_SESSION['Username']) && $_SESSION['Username'] == $Username)
	{
		$query = $db->Execute("UPDATE {$TBLName}user SET FULLNAME=ENCODE('$FullName','$pkey'), PASSWORD=ENCODE('$Password1','$pkey'), LANGUAGE='$UserLanguage', MODIFIEDBY='$_SESSION[Username]', MODIFIED='$CurrentDateTime' WHERE USERID=$userID");
	}
	else
	{
		$query = $db->Execute("UPDATE {$TBLName}user SET FULLNAME=ENCODE('$FullName','$pkey'), PASSWORD=ENCODE('$Password1','$pkey'), LANGUAGE='$UserLanguage', USERGROUP1=ENCODE('$UserGroup1','$pkey'), USERGROUP2=ENCODE('$UserGroup2','$pkey'), USER_ACTIVE='$UserActive', MODIFIEDBY='$_SESSION[Username]', MODIFIED='$CurrentDateTime' WHERE USERID=$userID");
	}

	$query2 = "INSERT INTO {$TBLName}syslog (SYSLOGID, CREATED, DESCRIPTION, CREATEDBY, USERGROUP1, USERGROUP2)";
	$query2 .= "VALUES(NULL, '$CurrentDateTime', 'User: $FullName - User-No.: $userID was MODIFIED by user $_SESSION[Username] (uid=$_SESSION[UserID]) from $IPAddress', 'admin', '1', '2')";
	if ($db->Execute($query2) === false)
	{
		die($db->ErrorMsg());
	}

	$_SESSION['EditID'] = "1";

	if($infoID == '9')
	{
		Header("Location: $web/user/searchlist.php?userID=$userID&page=$page&UserActive_1=$UserActive_1&FullName_1=$FullName_1&UserName_1=$UserName_1&UserLanguage_1=$UserLanguage_1&UserGroup_1=$UserGroup_1&Order=$Order&Sort=$Sort&$sessname=$sessid#$userID");
	}
	else
	{
		Header("Location: $web/user/list.php?userID=$userID&page=$page&Order=$Order&Sort=$Sort&$sessname=$sessid#$userID");
	}
}
?>
Return current item: PhpRechnung