Location: PHPKode > projects > PPCIS > Brianetta-PPCIS-8952160/usermanageredit.inc
<?
// Copyright 2002 Brian Ronald.  All rights reserved.
// Portable PHP/MySQL Corporate Intranet System
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.

//////////////////////////////////////////////////////////////////////////////

// This file allows useradmins and directoryadmins to alter the directory
// entry of a specified user.  Sorry it's such a mess.  Roughly the first
// half of the code will update the user's records when the forms are submitted.
// Roughly the second half of the code is the form and the database code to
// provide the default values.  This code submits to itself.

if(strlen($_FILES["uploadfile"]["name"])>0)
{ // This bit is to make file uploads work if register_globals is off.
   $uploadfile = $_FILES["uploadfile"]["tmp_name"];
   $uploadfile_name = $_FILES["uploadfile"]["name"];
   $uploadfile_size = $_FILES["uploadfile"]["size"];
   $uploadfile_type = $_FILES["uploadfile"]["type"];
}
if(isset($uploadfile))
{
   if($uploadfile_size>0 and isset($photo_userid))
   {
      if(is_uploaded_file($uploadfile))
      {
         move_uploaded_file($uploadfile,$file_store."p".$photo_userid);
         print("<span class=\"message\">".$lang['photo_uploaded']."</span><br>\n");
      }
      else
      {
         print("<span class=\"message\">".$lang['photo_upload_failed']."</span><br>\n");
      }
   }
}

if(isset($delphoto) and isset($delconf))
{
   if (is_writeable($file_store."p".$photo_userid))
   {
      if(unlink($file_store."p".$photo_userid))
      {
         printf("<span class=\"message\">".$lang['user_deleted_photo']."</span><br>\n",$photo_userid);
      }
   }
}

if(isset($mod_userid))
{ // Here we clean up the data.  Empty strings are turned to NULLS, strings are escaped.
   if($mod_title <> "")
   {
      $mod_title = "'".safe_escape($mod_title)."'";
   } else {
      $mod_title = "NULL";
   }
   if($mod_firstname <> "")
   {
      $mod_firstname = "'".safe_escape($mod_firstname)."'";
   } else {
      $mod_firstname = "NULL";
   }
   if($mod_lastname <> "")
   {
      $mod_lastname = "'".safe_escape($mod_lastname)."'";
   } else {
      $mod_lastname = "NULL";
   }
   if($mod_email <> "")
   {
      $mod_email = "'".safe_escape($mod_email)."'";
   } else {
      $mod_email = "NULL";
   }
   if($mod_telephone <> "")
   {
      $mod_telephone = "'".safe_escape($mod_telephone)."'";
   } else {
      $mod_telephone = "NULL";
   }
   if($mod_mobile <> "")
   {
      $mod_mobile = "'".safe_escape($mod_mobile)."'";
   } else {
      $mod_mobile = "NULL";
   }
   if($mod_post <> "")
   {
      $mod_post = "'".safe_escape($mod_post)."'";
   } else {
      $mod_post = "NULL";
   }
   if($mod_location <> "NULL") $mod_location = safe_escape($mod_location);
   if($mod_manager <> "NULL") $mod_manager = safe_escape($mod_manager);
   if($mod_info <> "")
   {
      $mod_info = "'".safe_escape($mod_info)."'";
   } else {
      $mod_info = "NULL";
   }
   $sql = "UPDATE users SET firstname = $mod_firstname, lastname = $mod_lastname WHERE userid = $mod_userid";
   $result = @ mysql_query($sql, $intranet_db);
   if (mysql_error())
      showerror();
   $sql = "REPLACE INTO userdirectory (userid, title, post, location, email, manager, telephone, mobile, info) VALUES ($mod_userid, $mod_title, $mod_post, $mod_location, $mod_email, $mod_manager, $mod_telephone, $mod_mobile, $mod_info)";
   $result = @ mysql_query($sql, $intranet_db);
   if (mysql_error())
      showerror();
   print("<span class=\"message\">".$lang['user_successfully_amended']."</span>");
}
if(isset($makexdir))
{
   $sql = "DELETE FROM userdirectory WHERE userid = $makexdir";
   $result = @ mysql_query($sql, $intranet_db);
   if (mysql_error())
      showerror();
   print("<span class=\"message\">".$lang['user_successfully_removed from directory'] ."</span>");
}
$sql = "SELECT *,users.userid AS userid FROM users LEFT JOIN  userdirectory ON users.userid = userdirectory.userid WHERE users.userid = ".safe_escape($showuserid);
$result = @ mysql_query($sql, $intranet_db);
if (mysql_error())
   showerror();
if(@ mysql_num_rows($result) != 0)
{
   print("<table>");
   while($row = @ mysql_fetch_array($result))
   {
      print("<form method=\"post\" id=\"usermod\" action=\"admin.php?callmodule=".rawurlencode($callmodule)."&showuserid=".$row["userid"]."\">\n");
      print("<input type=\"hidden\" name=\"mod_userid\" value=\"".$row["userid"]."\">");
      print("<tr>");
      print("<th colspan=\"2\"><h2>");
      print($lang['modifying_user'].": ");
      print($row["firstname"] . " " . $row["lastname"] ."</h2></th>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['title']."</td>");
      print("<td><input size=\"25\" type=\"text\" name=\"mod_title\" value=\"" . $row["title"] ."\"></td>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['firstname']."</td>");
      print("<td><input size=\"25\" type=\"text\" name=\"mod_firstname\" value=\"" . $row["firstname"] ."\"></td>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['lastname']."</td>");
      print("<td><input size=\"25\" type=\"text\" name=\"mod_lastname\" value=\"" . $row["lastname"] ."\"></td>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td colspan=\"2\">&nbsp;</td>\n");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['email_address']."</td>");
      print("<td><input size=\"25\" type=\"text\" name=\"mod_email\" value=\"" . $row["email"] ."\"></td>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['telephone_number']."</td>");
      print("<td><input size=\"25\" type=\"text\" name=\"mod_telephone\" value=\"" . $row["telephone"] ."\"></td>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['mobile_number']."</td>");
      print("<td><input size=\"25\" type=\"text\" name=\"mod_mobile\" value=\"" . $row["mobile"] ."\"></td>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td colspan=\"2\">&nbsp;</td>\n");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['post']."</td>");
      print("<td><input size=\"25\" type=\"text\" name=\"mod_post\" value=\"" . $row["post"] ."\"></td>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['location']."</td>\n");
      print("<td>\n");
      $sql = "SELECT * FROM locations ORDER BY name";
      $sub_result = @ mysql_query($sql, $intranet_db);
      if (mysql_error())
         showerror();
      print("<select name=\"mod_location\">\n");
      print("<option label=\"".$lang['nowhere']."\" value=\"NULL\">".$lang['nowhere']."</option>");
      if(@ mysql_num_rows($sub_result) != 0)
      {
         while($sub_row = @ mysql_fetch_array($sub_result))
         {
            if($row["location"]==$sub_row["locationid"])
            {
               print("<option selected label=\"".$sub_row["name"]."\" value=\"".$sub_row["locationid"]."\">");
               print($sub_row["name"]."</option>");
            }
            else
            {
               print("<option label=\"".$sub_row["name"]."\" value=\"".$sub_row["locationid"]."\">");
               print($sub_row["name"]."</option>");
            }
         }
      }
      print($sub_row["name"]);
      print("</select>");
      print("</td>");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['manager']."</td>");
      print("<td>");
      $sql = "SELECT * FROM users ORDER BY lastname";
      $sub_result = @ mysql_query($sql, $intranet_db);
      if (mysql_error())
         showerror();
      print("<select name=\"mod_manager\">\n");
      print("<option label=\"".$lang['nobody']."\" value=\"NULL\">".$lang['nobody']."</option>");
      if(@ mysql_num_rows($sub_result) != 0)
      {
         while($sub_row = @ mysql_fetch_array($sub_result))
         {
            if($row["manager"]==$sub_row["userid"])
            {
               print("<option selected label=\"".$sub_row["lastname"].", ".$sub_row["firstname"]."\" value=\"".$sub_row["userid"]."\">");
               print($sub_row["lastname"].", ".$sub_row["firstname"]."</option>");
            }
            else
            {
               print("<option label=\"".$sub_row["lastname"].", ".$sub_row["firstname"]."\" value=\"".$sub_row["userid"]."\">");
               print($sub_row["lastname"].", ".$sub_row["firstname"]."</option>\n");
            }
         }
      }
      print("</select>");
      print("</td>\n");
      print("</tr>\n");
      print("<tr>\n");
      print("<td class=\"right\">".$lang['info']."</td>");
      print("<td>");
      print("<textarea rows=\"5\" cols=\"30\" name=\"mod_info\">".$row["info"]."</textarea>\n");
      print("</td>");
      print("</tr>\n");
      print("<tr>\n");
      printf("<td class=\"centered\" colspan=\"2\"><INPUT value=\"".$lang['save_details_to_directory_for_user']."\" class=\"button\" type=\"submit\"></td>\n",$showuserid);
      print("</tr>\n");
      print("</form>\n");
   }
   print("<form method=\"post\" id=\"userexd\" action=\"admin.php?callmodule=".rawurlencode($callmodule)."&showuserid=$showuserid\">\n");
	print("<tr>");
	print("<td colspan=\"2\" class=\"centered\">");
   print("<INPUT name=\"makexdir\" value=\"$showuserid\" type=\"hidden\">\n");
   printf("<INPUT value=\"".$lang['remove_details_from_directory_for_user']."\" class=\"button\" type=\"submit\">\n",$showuserid);
	print("</td>");
	print("</tr>");
   print("</form>");
	print("<tr>");
	print("<td colspan=\"2\" class=\"centered\">");
   // Create photograph upload form
   print("<form enctype=\"multipart/form-data\" action=\"$PHP_SELF?callmodule=$callmodule&showuserid=$showuserid\" method=\"post\">\n");
   print("<input type=\"hidden\" name=\"MAX_FILE_SIZE\" value=\"20000000\">\n");
   print("<input type=\"hidden\" name=\"photo_userid\" value=\"$showuserid\">\n");
   print($lang['upload_a_photo'].": <input name=\"uploadfile\" type=\"file\"><br>\n");
   print("<input class=\"button\" type=\"submit\" value=\"".$lang['upload_photo']."\">\n");
   print("</form>\n");
	print("</td>");
	print("</tr>");
	print("<tr>");
	print("<td colspan=\"2\" class=\"centered\">");
   // Create photograph delete form
   print("<form enctype=\"multipart/form-data\" action=\"$PHP_SELF?callmodule=$callmodule&showuserid=$showuserid\" method=\"post\">\n");
   print("<input type=\"hidden\" name=\"photo_userid\" value=\"$showuserid\">\n");
   print($lang['tick_confirm_delete'].":<input type=\"checkbox\" name=\"delconf\" value=\"confirm\">\n");
   print("<input class=\"button\" type=\"submit\" name=\"delphoto\" value=\"".$lang['delete_photo']."\">\n");
   print("</form>\n");
	print("</td>");
	print("</tr>");
   print("</table>");
}
else
{
   printf("<span class=\"message\">".$lang['user_not_on_system'] ."</span>",$showuserid);
}

$help_keyword="usermanageredit";
?>
Return current item: PPCIS