Location: PHPKode > scripts > PHP Users > php_users-1.0-b1/php_users-1.0-b1/htdocs/users_edit.php
<?php
/* vim: set expandtab tabstop=4 shiftwidth=4: */
// +----------------------------------------------------------------------+
// | PHP version 4                                                        |
// +----------------------------------------------------------------------+
// | Copyright (c) 1997-2002 The PHP Group                                |
// +----------------------------------------------------------------------+
// | This source file is subject to version 2.0 of the PHP license,       |
// | that is bundled with this package in the file LICENSE, and is        |
// | available through the world-wide-web at                              |
// | http://www.php.net/license/2_02.txt.                                 |
// | If you did not receive a copy of the PHP license and are unable to   |
// | obtain it through the world-wide-web, please send a note to          |
// | hide@address.com so we can mail you a copy immediately.               |
// +----------------------------------------------------------------------+
// | Authors: Byrne Reese <byrne at majordojo dot com                     |
// +----------------------------------------------------------------------+
//
// $Id: users_edit.php,v 1.1.1.1 2003/06/03 14:12:24 byrnereese Exp $

require_once("users.inc");
connect_to_users_db();

if ($_CURRENT_USER->is_anonymous) {
  show_error("You must be logged in to edit a profile.",
	     $PHP_USERS_HEADER_FILE,
	     $PHP_USERS_FOOTER_FILE);
}

$id = $_GET['id'];
if (!isset($id)) {
  $id = $_CURRENT_USER->id;
}

if (!$_CURRENT_USER->can_edit_users() && ($id == $_CURRENT_USER->id && !$_CURRENT_USER->can_edit_self())) {
  show_error("
  You are not allowed to edit this user. Either: 
  <ul>
    <li>you are not the owner of this account</li>
    <li>you have not been granted permission to edit other people's accounts</li>
    <li>the account has not been confirmed and enabled yet</li>
  </ul>",$PHP_USERS_HEADER_FILE,$PHP_USERS_FOOTER_FILE);
} 

if (isset($_POST['submit'])) {
  $sql = "
  SELECT userId,email 
    FROM $USERS_DB.Users 
   WHERE email='".$_POST['email']."'";
  //echo "<pre><tt>$sql</tt></pre>";
  $query = mysql_query($sql);

  if ($query && (mysql_num_rows($query) > 0)) {
    list($uid,$uemail) = mysql_fetch_row($query);
    if ($uemail != $_POST['email']) {
      echo "That email address already is in use.<br>";
      exit;
    }
  }

  if ($_CURRENT_USER->can_edit_users()) {
    $sql = sprintf("
 UPDATE $USERS_DB.Users 
    SET seclev=%d,
        status='%s' 
  WHERE userId=%d",
		   $_POST['seclev'],
		   $_POST['status'],
		   $_POST['user_id']);
    //echo "<pre><tt>$sql</tt></pre>";
    mysql_query($sql);
  }

  if ($_CURRENT_USER->can_set_perm()) {
    $sql = sprintf("DELETE FROM $USERS_DB.permissions WHERE user_id=%d",$_POST['user_id']);
    mysql_query($sql);
    //echo "<pre><tt>$sql</tt></pre>";
    while (list($domain,$labels) = each($_POST['permission'])) {
      while (list($label,$value) = each($labels)) {
	$sql = sprintf("INSERT INTO $USERS_DB.permissions (value,user_id,label,domain) VALUES (%d,%d,'%s','%s')",
		       $value,
		       $_POST['user_id'],
		       mysql_escape_string($label),
		       mysql_escape_string($domain)
		       );
	//echo "<pre><tt>$sql</tt></pre>";
	mysql_query($sql);
      }
    }
  }

  $photow = $_POST['photow'];
  $photoh = $_POST['photoh'];

  $start = $_POST['starty']."-".$_POST['startm']."-".$_POST['startd'];
  if (!is_numeric($photoh)) { $photoh = 0; }
  if (!is_numeric($photow)) { $photow = 0; }
  $department = ${$dept_type."_department"};

  $sql = sprintf("
   UPDATE $USERS_DB.Profiles 
      SET photoUrl='%s',
          photoWidth=%d,
          photoHeight=%d,
          startDate='%s',
          lastModified=NOW(),
          department='%s',
          firstName='%s',
          lastName='%s',
          title='%s',
          biography='%s',
          phone1='%s',
          phone1Type='%s',
          phone2='%s',
          phone2Type='%s',
          phone3='%s',
          phone3Type='%s',
          im_type='%s',
          im_userid='%s'
    WHERE userId=%d",
		 mysql_escape_string($_POST['photourl']),
		 $photow,
		 $photoh,
		 $start,
		 mysql_escape_string($_POST['department']),
		 mysql_escape_string($_POST['fname']),
		 mysql_escape_string($_POST['lname']),
		 mysql_escape_string($_POST['title']),
		 mysql_escape_string($_POST['biography']),
		 mysql_escape_string($_POST['phone1']),
		 mysql_escape_string($_POST['p1type']),
		 mysql_escape_string($_POST['phone2']),
		 mysql_escape_string($_POST['p2type']),
		 mysql_escape_string($_POST['phone3']),
		 mysql_escape_string($_POST['p3type']),
		 mysql_escape_string($_POST['im_type']),
		 mysql_escape_string($_POST['im_username']),
		 $_POST['user_id']
		 );
  //echo "<pre><tt>$sql</tt></pre>";
  $query = mysql_query($sql) or die ("The query failed (".mysql_error().") " . $sql); 
  
  $returnto = $_POST['returnto'];
  if (!isset($returnto)) {
    $returnto = "$USERS_BASE_URL/users.php"; 
  }
  Header("Location: $returnto");
  exit;
}

$sql = "
    SELECT userId, email, status, seclev 
      FROM Users 
     WHERE userId = $id";
$query = mysql_query($sql) or die ("The query failed! (".mysql_error()."): $sql"); 

if (mysql_num_rows($query) > 0) { 
  list($user_id, $email, $status, $seclev) = mysql_fetch_row($query);
  $sql = "
    SELECT photoUrl,photoWidth,photoHeight,startDate,firstName,lastName,
           title,b.department,biography,phone1Type,phone1,phone2Type,phone2,
           phone3Type,phone3,im_type,im_userid 
      FROM $USERS_DB.Profiles b 
     WHERE b.userId=$id";
  $query2 = mysql_query($sql) or die ("The query failed! (".mysql_error()."): $sql");
  list($photourl,$photow,$photoh,$start,$fname,$lname,$title,$department,$bio,$p1type,$p1,$p2type,$p2,$p3type,$p3,$im_type,$im_username) = mysql_fetch_row($query2);
}
include $PHP_USERS_HEADER_FILE; 
if (mysql_num_rows($query) > 0) { 
  include "users_form.php";
} else { 
  echo "<p>No user found.</p>";
} 
include $PHP_USERS_FOOTER_FILE;
?>
Return current item: PHP Users