Location: PHPKode > projects > wawp > wawp/administration/users.update.php
<?php
/********************** WEB AUTHENTICATION with PHP **************************
This package provide a set of tools for web authentication with php and mysql.


GNU GENERAL PUBLIC LICENSE
Version 2, June 1991

WEB AUTHENTICATION with PHP

Copyright (C) 2005-2006  Naldi Stefano

This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA


CONTACT

Please send any question, bug or communication to the author:


Naldi Stefano


ITALY

e-mail: hide@address.com

*****************************************************************************/

$infi = str_replace ("\\", "/", get_included_files());
if(!in_array(stripslashes(dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/admin.php"), $infi)
   || !in_array(stripslashes(dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/config.php"), $infi))
  {
    require (dirname($_SERVER['DOCUMENT_ROOT'])."/wawp_admin/php_pages_header.php");
  }

function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
  $theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

  switch ($theType) {
    case "text":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "long":
    case "int":
      $theValue = ($theValue != "") ? intval($theValue) : "NULL";
      break;
    case "double":
      $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
      break;
    case "date":
      $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
      break;
    case "defined":
      $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
      break;
  }
  return $theValue;
}

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

$err_pw='<br>';
if(isset($_POST["passwd"]) && isset($_POST["cpasswd"])){
 if($_POST["passwd"] == $_POST["cpasswd"]){
  if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form1")) {
  if($_POST["passwd"] <> ""){
  $updateSQL = sprintf("UPDATE users_and_groups SET passwd=%s, email=%s, nstatus=%s, fullname=%s, tel=%s, login_redirect=%s, ntype=%s WHERE name=%s",
                       GetSQLValueString(md5($_POST['passwd']), "text"),
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['nstatus'], "text"),
                       GetSQLValueString($_POST['fullname'], "text"),
                       GetSQLValueString($_POST['tel'], "text"),
                       GetSQLValueString($_POST['login_redirect'], "text"),
                       GetSQLValueString($_POST['ntype'], "text"),
                       GetSQLValueString($_POST['name'], "text"));
					   }
  else {
  $updateSQL = sprintf("UPDATE users_and_groups SET email=%s, nstatus=%s, fullname=%s, tel=%s, login_redirect=%s, ntype=%s WHERE name=%s",
                       GetSQLValueString($_POST['email'], "text"),
                       GetSQLValueString($_POST['nstatus'], "text"),
                       GetSQLValueString($_POST['fullname'], "text"),
                       GetSQLValueString($_POST['tel'], "text"),
                       GetSQLValueString($_POST['login_redirect'], "text"),
                       GetSQLValueString($_POST['ntype'], "text"),
                       GetSQLValueString($_POST['name'], "text"));
                      }

  mysql_select_db($mydbname, $mylink);
  $Result1 = mysql_query($updateSQL, $mylink) or die(mysql_error());

  $updateGoTo = "users.php";
  if (isset($_SERVER['QUERY_STRING'])) {
    $updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
    $updateGoTo .= $_SERVER['QUERY_STRING'];
  }
  header(sprintf("Location: %s", $updateGoTo));
}
}
else {
$err_pw='<br>WARNING: fields &laquo;Passwd&raquo; and &laquo;Confirm Passwd&raquo; are empy or not equal !!! <br>';
 }
}
$colname_Recordset1 = "1";
if (isset($_POST['un'])) {
  $colname_Recordset1 = (get_magic_quotes_gpc()) ? $_POST['un'] : addslashes($_POST['un']);
}
mysql_select_db($mydbname, $mylink);
$query_Recordset1 = sprintf("SELECT * FROM users_and_groups WHERE name = '%s'", $colname_Recordset1);
$Recordset1 = mysql_query($query_Recordset1, $mylink) or die(mysql_error());
$row_Recordset1 = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1 = mysql_num_rows($Recordset1);
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Web Authentication with PHP</title>
<style type="text/css">
<!--
.style4 {
	color: #FFFF00;
	font-weight: bold;
}
.style5 {color: #FF0000}
.style7 {color: #FF0000; font-weight: bold; }
-->
</style>
</head>

<body>

<table width="100%" border="0" cellpadding="0" cellspacing="0">
  <!--DWLayoutTable-->
  <tr>
    <td width="100%" height="50" align="center" valign="middle" bgcolor="#0000FF"><div align="center" class="style4">Web Authentication with PHP  &nbsp;    v. 1.1<br>
    <small><small style="font-style: italic;">
	<span style="color: rgb(255, 255, 0);">Released under the GNU General Public License</span></small></small><br>
      </div></td>
  </tr>
  <tr>
    <td height="50" align="center" valign="middle" bgcolor="#FFCC33"><div align="center" class="style5">
      <table width="80%" cellspacing="1" bgcolor="#0000FF">
        <tr align="center" bgcolor="#FFCC33">
          <td width="20%"><a href="../index.php">Administration</a></td>
          <td width="20%"><a href="../setup/setup.php">Setup</a></td>
          <td width="20%" bgcolor="#FFFFFF"><a href="users.php">Users</a></td>
          <td width="20%"><a href="groups.php">Groups</a></td>
          <td width="20%"><a href="locations.php">Locations</a></td>
        </tr>
      </table>
    </div></td>
  </tr>
  <tr>
    <td height="350" align="center" valign="top"><br>
      <span class="style7">Update user data<br>
      <?php echo $err_pw; ?></span>
      <form action="<?php echo $editFormAction; ?>" method="post" enctype="multipart/form-data" name="form1">
        <table align="center" cellspacing="1" bgcolor="#0000FF">
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td width="107" align="right" nowrap>Name:</td>
            <td width="567"><input name="un" type="text" id="un" value="<?php echo $row_Recordset1['name']; ?>" size="32" readonly="true"></td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>Passwd:</td>
            <td><input type="password" name="passwd" size="32">
              &nbsp;<span class="style5">Fill this field only if you  want to change the password !</span> </td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>Confirm Passwd: </td>
            <td><input name="cpasswd" type="password" id="cpasswd" size="32">
            &nbsp;<span class="style5">Fill this field only if you want to change the password !</span></td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>Email:</td>
            <td><input type="text" name="email" value="<?php echo $row_Recordset1['email']; ?>" size="32"></td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>Nstatus:</td>
            <td><select name="nstatus" id="nstatus">
              <option value="A" selected>ACTIVE</option>
              <option value="I">INACTIVE</option>
            </select></td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>Fullname:</td>
            <td><input type="text" name="fullname" value="<?php echo $row_Recordset1['fullname']; ?>" size="32"></td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>Tel:</td>
            <td><input type="text" name="tel" value="<?php echo $row_Recordset1['tel']; ?>" size="32"></td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>Login_redirect:</td>
            <td><input type="text" name="login_redirect" value="<?php echo $row_Recordset1['login_redirect']; ?>" size="32"></td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>Ntype:</td>
            <td><input name="ntype" type="text" value="<?php echo $row_Recordset1['ntype']; ?>" size="32" readonly="true"></td>
          </tr>
          <tr valign="baseline" bgcolor="#FFFFFF">
            <td align="right" nowrap>&nbsp;</td>
            <td><input type="submit" value="Update record"></td>
          </tr>
        </table>
        <input type="hidden" name="MM_update" value="form1">
        <input type="hidden" name="name" value="<?php echo $row_Recordset1['name']; ?>">
      </form>
    <p>&nbsp;</p></td>
  </tr>
</table>
</body>
</html>
<?php
mysql_free_result($Recordset1);
?>

Return current item: wawp