<?php
/********************** WEB AUTHENTICATION with PHP **************************
This package provide a set of tools for web authentication with php and mysql.
GNU GENERAL PUBLIC LICENSE
Version 2, June 1991
WEB AUTHENTICATION with PHP
Copyright (C) 2005-2006 Naldi Stefano
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
CONTACT
Please send any question, bug or communication to the author:
Naldi Stefano
ITALY
e-mail: hide@address.com
*****************************************************************************/
$infi = str_replace ("\\", "/", get_included_files());
if(!in_array(stripslashes(dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/admin.php"), $infi)
|| !in_array(stripslashes(dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/config.php"), $infi))
{
require (dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/php_pages_header.php");
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
$err_pw='<br>';
if(isset($_POST["passwd"]) && isset($_POST["cpasswd"])){
if($_POST["passwd"] == $_POST["cpasswd"]){
if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
if($_POST["passwd"] <> ""){
$updateSQL = sprintf("UPDATE users_and_groups SET passwd=%s, email=%s, nstatus=%s, fullname=%s, tel=%s, login_redirect=%s, ntype=%s WHERE name=%s",
GetSQLValueString(md5($_POST['passwd']), "text"),
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['nstatus'], "text"),
GetSQLValueString($_POST['fullname'], "text"),
GetSQLValueString($_POST['tel'], "text"),
GetSQLValueString($_POST['login_redirect'], "text"),
GetSQLValueString($_POST['ntype'], "text"),
GetSQLValueString($_POST['name'], "text"));
}
else {
$updateSQL = sprintf("UPDATE users_and_groups SET email=%s, nstatus=%s, fullname=%s, tel=%s, login_redirect=%s, ntype=%s WHERE name=%s",
GetSQLValueString($_POST['email'], "text"),
GetSQLValueString($_POST['nstatus'], "text"),
GetSQLValueString($_POST['fullname'], "text"),
GetSQLValueString($_POST['tel'], "text"),
GetSQLValueString($_POST['login_redirect'], "text"),
GetSQLValueString($_POST['ntype'], "text"),
GetSQLValueString($_POST['name'], "text"));
}
mysql_select_db($mydbname, $mylink);
$Result1 = mysql_query($updateSQL, $mylink) or die(mysql_error());
$updateGoTo = "users.php";
if (isset($_SERVER['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $_SERVER['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}
}
else {
$err_pw='<br>WARNING: fields «Passwd» and «Confirm Passwd» are empy or not equal !!! <br>';
}
}
$colname_Recordset1 = "1";
if (isset($_POST['un'])) {
$colname_Recordset1 = (get_magic_quotes_gpc()) ? $_POST['un'] : addslashes($_POST['un']);
}
mysql_select_db($mydbname, $mylink);
$query_Recordset1 = sprintf("SELECT * FROM users_and_groups WHERE name = '%s'", $colname_Recordset1);
$Recordset1 = mysql_query($query_Recordset1, $mylink) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Web Authentication with PHP</title>
<style type="text/css">
<!--
.style4 {
color: #FFFF00;
font-weight: bold;
}
.style5 {color: #FF0000}
.style7 {color: #FF0000; font-weight: bold; }
-->
</style>
</head>
<body>
<table width="100%" border="0" cellpadding="0" cellspacing="0">
<!--DWLayoutTable-->
<tr>
<td width="100%" height="50" align="center" valign="middle" bgcolor="#0000FF"><div align="center" class="style4">Web Authentication with PHP v. 1.1<br>
<small><small style="font-style: italic;">
<span style="color: rgb(255, 255, 0);">Released under the GNU General Public License</span></small></small><br>
</div></td>
</tr>
<tr>
<td height="50" align="center" valign="middle" bgcolor="#FFCC33"><div align="center" class="style5">
<table width="80%" cellspacing="1" bgcolor="#0000FF">
<tr align="center" bgcolor="#FFCC33">
<td width="20%"><a href="../index.php">Administration</a></td>
<td width="20%"><a href="../setup/setup.php">Setup</a></td>
<td width="20%" bgcolor="#FFFFFF"><a href="users.php">Users</a></td>
<td width="20%"><a href="groups.php">Groups</a></td>
<td width="20%"><a href="locations.php">Locations</a></td>
</tr>
</table>
</div></td>
</tr>
<tr>
<td height="350" align="center" valign="top"><br>
<span class="style7">Update user data<br>
<?php echo $err_pw; ?></span>
<form action="<?php echo $editFormAction; ?>" method="post" enctype="multipart/form-data" name="form1">
<table align="center" cellspacing="1" bgcolor="#0000FF">
<tr valign="baseline" bgcolor="#FFFFFF">
<td width="107" align="right" nowrap>Name:</td>
<td width="567"><input name="un" type="text" id="un" value="<?php echo $row_Recordset1['name']; ?>" size="32" readonly="true"></td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap>Passwd:</td>
<td><input type="password" name="passwd" size="32">
<span class="style5">Fill this field only if you want to change the password !</span> </td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap>Confirm Passwd: </td>
<td><input name="cpasswd" type="password" id="cpasswd" size="32">
<span class="style5">Fill this field only if you want to change the password !</span></td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap>Email:</td>
<td><input type="text" name="email" value="<?php echo $row_Recordset1['email']; ?>" size="32"></td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap>Nstatus:</td>
<td><select name="nstatus" id="nstatus">
<option value="A" selected>ACTIVE</option>
<option value="I">INACTIVE</option>
</select></td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap>Fullname:</td>
<td><input type="text" name="fullname" value="<?php echo $row_Recordset1['fullname']; ?>" size="32"></td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap>Tel:</td>
<td><input type="text" name="tel" value="<?php echo $row_Recordset1['tel']; ?>" size="32"></td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap>Login_redirect:</td>
<td><input type="text" name="login_redirect" value="<?php echo $row_Recordset1['login_redirect']; ?>" size="32"></td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap>Ntype:</td>
<td><input name="ntype" type="text" value="<?php echo $row_Recordset1['ntype']; ?>" size="32" readonly="true"></td>
</tr>
<tr valign="baseline" bgcolor="#FFFFFF">
<td align="right" nowrap> </td>
<td><input type="submit" value="Update record"></td>
</tr>
</table>
<input type="hidden" name="MM_update" value="form1">
<input type="hidden" name="name" value="<?php echo $row_Recordset1['name']; ?>">
</form>
<p> </p></td>
</tr>
</table>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>