<?php
/*
editf.php
phpInvoice - is easy-to-use Web-based multilingual accounting software.
Copyright (C) 2001 - 2008 Edy Corak < phprechnung at ecorak dot net >
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*/
require_once("../include/phprechnung.inc.php");
require_once("../include/smarty.inc.php");
CheckUser();
CheckSession();
if(isset($_POST['userID']))
{
$userID = $_POST['userID'];
}
if(isset($_POST['page']))
{
$page = $_POST['page'];
}
if(isset($_POST['infoID']))
{
$infoID = $_POST['infoID'];
}
if(isset($_POST['UserActive']))
{
$UserActive = $_POST['UserActive'];
}
if(isset($_POST['FullName']))
{
$FullName = $_POST['FullName'];
}
if(isset($_POST['UserLanguage']))
{
$UserLanguage = $_POST['UserLanguage'];
}
if(isset($_POST['UserGroup1']))
{
$UserGroup1 = $_POST['UserGroup1'];
}
if(isset($_POST['UserGroup2']))
{
$UserGroup2 = $_POST['UserGroup2'];
}
if(isset($_POST['Password1']))
{
$Password1 = $_POST['Password1'];
}
if(isset($_POST['Password2']))
{
$Password2 = $_POST['Password2'];
}
if(isset($_POST['UserActive_1']))
{
$UserActive_1 = $_POST['UserActive_1'];
}
if(isset($_POST['FullName_1']))
{
$FullName_1 = $_POST['FullName_1'];
}
if(isset($_POST['UserName_1']))
{
$UserName_1 = $_POST['UserName_1'];
}
if(isset($_POST['UserLanguage_1']))
{
$UserLanguage_1 = $_POST['UserLanguage_1'];
}
if(isset($_POST['UserGroup_1']))
{
$UserGroup_1 = $_POST['UserGroup_1'];
}
if(isset($_POST['Order']))
{
$Order = $_POST['Order'];
}
if(isset($_POST['Sort']))
{
$Sort = $_POST['Sort'];
}
// Database connection
//
DBConnect();
// Get the username
//
$query = $db->GetAll("SELECT USERID, DECODE(USERNAME,'$pkey') AS USERNAME FROM {$TBLName}user WHERE USERID=$userID");
// If an error has occurred, display the error message
//
if (!$query)
print($db->ErrorMsg());
else
foreach($query as $f)
{
$Username = $f['USERNAME'];
}
function UserInput($mark)
{
global $smarty, $userID, $page, $infoID, $UserActive, $FullName, $UserLanguage,
$UserGroup1, $UserGroup2, $UserActive_1, $FullName1, $UserName1, $UserLanguage1, $UserGroup1, $Sort, $Order;
$smarty->assign("userID","$userID");
$smarty->assign("page",$page);
$smarty->assign("infoID","$infoID");
$smarty->assign("UserActive","$UserActive");
$smarty->assign("FullName","$FullName");
$smarty->assign("UserLanguage","$UserLanguage");
$smarty->assign("UserGroup1","$UserGroup1");
$smarty->assign("UserGroup2","$UserGroup2");
$smarty->assign("UserActive_1","$UserActive_1");
$smarty->assign("FullName_1","$FullName_1");
$smarty->assign("UserName_1","$UserName_1");
$smarty->assign("UserLanguage_1","$UserLanguage_1");
$smarty->assign("UserGroup_1","$UserGroup_1");
$smarty->assign("Order",$Order);
$smarty->assign("Sort",$Sort);
$smarty->assign("Mark",$mark);
}
if (empty($FullName))
{
$smarty->assign("FieldError","$a[fullname] - $a[field_error]");
UserInput("FullName");
$smarty->display('user/editf.tpl');
}
else if (empty($Password1))
{
$smarty->assign("FieldError","$a[password] - $a[field_error]");
UserInput("Password1");
$smarty->display('user/editf.tpl');
}
else if (empty($Password2))
{
$smarty->assign("FieldError","$a[password] - $a[field_error]");
UserInput("Password1");
$smarty->display('user/editf.tpl');
}
else if ($Password1 != $Password2)
{
$smarty->assign("FieldError","$a[password_error]");
UserInput("Password1");
$smarty->display('user/editf.tpl');
}
else if(isset($_SESSION['Username']) && $_SESSION['Username'] != $root && $_SESSION['Usergroup1'] != $admingroup_1 && $_SESSION['Usergroup2'] != $admingroup_2 && $_SESSION['Username'] != $Username)
{
$smarty->assign("FieldError","$a[no_permission]");
UserInput("");
$smarty->display('user/editf.tpl');
}
else
{
if(isset($_SESSION['Username']) && $_SESSION['Username'] == $root && $userID == 1)
{
$query = $db->Execute("UPDATE {$TBLName}user SET FULLNAME=ENCODE('$FullName','$pkey'), PASSWORD=ENCODE('$Password1','$pkey'), LANGUAGE='$UserLanguage', MODIFIEDBY='$_SESSION[Username]', MODIFIED='$CurrentDateTime' WHERE USERID=$userID");
}
else if(isset($_SESSION['Username']) && $_SESSION['Username'] == $Username)
{
$query = $db->Execute("UPDATE {$TBLName}user SET FULLNAME=ENCODE('$FullName','$pkey'), PASSWORD=ENCODE('$Password1','$pkey'), LANGUAGE='$UserLanguage', MODIFIEDBY='$_SESSION[Username]', MODIFIED='$CurrentDateTime' WHERE USERID=$userID");
}
else
{
$query = $db->Execute("UPDATE {$TBLName}user SET FULLNAME=ENCODE('$FullName','$pkey'), PASSWORD=ENCODE('$Password1','$pkey'), LANGUAGE='$UserLanguage', USERGROUP1=ENCODE('$UserGroup1','$pkey'), USERGROUP2=ENCODE('$UserGroup2','$pkey'), USER_ACTIVE='$UserActive', MODIFIEDBY='$_SESSION[Username]', MODIFIED='$CurrentDateTime' WHERE USERID=$userID");
}
$query2 = "INSERT INTO {$TBLName}syslog (SYSLOGID, CREATED, DESCRIPTION, CREATEDBY, USERGROUP1, USERGROUP2)";
$query2 .= "VALUES(NULL, '$CurrentDateTime', 'User: $FullName - User-No.: $userID was MODIFIED by user $_SESSION[Username] (uid=$_SESSION[UserID]) from $IPAddress', 'admin', '1', '2')";
if ($db->Execute($query2) === false)
{
die($db->ErrorMsg());
}
$_SESSION['EditID'] = "1";
if($infoID == '9')
{
Header("Location: $web/user/searchlist.php?userID=$userID&page=$page&UserActive_1=$UserActive_1&FullName_1=$FullName_1&UserName_1=$UserName_1&UserLanguage_1=$UserLanguage_1&UserGroup_1=$UserGroup_1&Order=$Order&Sort=$Sort&$sessname=$sessid#$userID");
}
else
{
Header("Location: $web/user/list.php?userID=$userID&page=$page&Order=$Order&Sort=$Sort&$sessname=$sessid#$userID");
}
}
?>