public function build_query()
{
// Add selectors to WHERE clause
foreach ($this->selectors as $key => $value) {
$this->wherefields[] = "{$key} = " . dbize($value, $this->get_column_datatype($key));
}
$wherestring = $this->wherefields_to_string();
$query = "DELETE FROM " . $this->table_with_schema() . $wherestring;
$this->query = $query;
return $this->query;
}
public function dbGet($params = array())
{
if (empty($params) && $this->id > 0) {
$params = array("id" => $this->id);
}
if (empty($params)) {
return false;
}
$query = "SELECT " . implode(",", $this->params) . " FROM " . $this->schema . $this->table . " WHERE ";
foreach ($params as $key => $val) {
$query .= $key . "=" . dbize($val);
}
$dbvals = db_get($query, "row");
if ($dbvals != NULL) {
$this->setFromArray($dbvals[0]);
}
$this->afterDbGet();
}
public function build_query()
{
$setstring = "";
// If insertIfAbsent is set, check for the row
if ($this->insertIfAbsent) {
$sel = new SQLSelect($this->table, $this->schema);
$sel->selectfields[] = "1";
$sel->wherearray = $this->selectors;
$val = $sel->execute();
if ($val == NULL || empty($val) || $val[1] == array()) {
$ins = new SQLInsert($this->table, $this->values);
$q = $ins->build_query();
$this->query = $q;
return $this->query;
}
}
// Perform the UPDATE
foreach ($this->values as $key => $value) {
// Skip selectors
if (isset($this->selectors[$key])) {
continue;
}
// Build 'SET' string
if ($setstring != "") {
$setstring .= ",";
}
$setstring .= $key . "=" . dbize($value, $this->get_column_datatype($key));
}
if ($setstring != "") {
$setstring = " SET " . $setstring;
}
// Add selectors to WHERE clause
foreach ($this->selectors as $key => $value) {
$this->wherefields[] = "{$key} = " . dbize($value, $this->get_column_datatype($key));
}
$wherestring = $this->wherefields_to_string();
if ($setstring != "" && $wherestring != "") {
$query = "UPDATE " . $this->table_with_schema() . $setstring . $wherestring;
$this->query = $query;
}
return $this->query;
}
public function findRow($idfields)
{
// Create a key=>value pair of the idfields
$idvals = array();
foreach ($idfields as $field) {
if (isset($this->values[$field])) {
$idvals[$field] = $this->values[$field];
} else {
// Couldn't find value for field $field
return false;
}
}
// Check for a row where the idfields are identical to the values in $values
$sqls = new SQLSelect($this->table);
$sqls->international = $this->international;
$sqls->selectfields = array("1");
foreach ($idvals as $key => $value) {
$sqls->wherefields[] = "{$key} = " . dbize($value, $this->getElementAttribute($key, "type"));
}
$ret = $sqls->execute();
if (empty($ret[1])) {
// Did not find row
//error_out("Could not find matching record");
return false;
} else {
return $idvals;
}
}
foreach ($newusers as $user) {
if (isset($user['USERNAME'])) {
echo "<li><a href='?username="******"'>" . $user['USERNAME'] . ': ' . $user['FIRSTNAME'] . " " . $user['LASTNAME'] . "</a></li>";
}
}
echo "</ul>";
} else {
echo "<div class='status success'>No unapproved accounts! You're all good</div>";
}
echo "</div></body></html>";
exit;
}
$action = "";
$newuser = $_REQUEST["username"];
// Check for user
$newuserinfo_raw = $db->get("SELECT id, username, email, firstname, lastname, created FROM login_user WHERE username = "******"row");
$newuserinfo = $newuserinfo_raw[0];
$suquery = "SELECT id, username, email, firstname, lastname, created, pending,(SELECT listagg(login_group.fullname, ', ') within group (order by login_group.fullname) FROM login_user_group_map LEFT JOIN login_group ON login_group.id=login_user_group_map.login_group_id WHERE login_user_group_map.login_user_id = login_user.id) login_groups FROM login_user WHERE (upper(firstname) LIKE upper('%" . $newuserinfo["FIRSTNAME"] . "%') OR upper(lastname) LIKE upper('%" . $newuserinfo["LASTNAME"] . "%')) AND id <> " . $newuserinfo["ID"];
$similar_users = $db->get($suquery, "row");
if (isset($_REQUEST["action"])) {
$action = $_REQUEST["action"];
$useremail = $newuserinfo["EMAIL"];
$headers = "From: " . $db->admin_email . "\r\n";
$headers .= "Reply-To: " . $db->admin_email . "\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
if ($action == 'approve') {
$db->execute("UPDATE login_user SET pending = NULL WHERE username = "******"User account approved";
$body = "You have been granted access to the " . $system_name . ". You can now log in with your username: {$newuser}";
mail($useremail, $subject, $body, $headers);
$field = 'email';
} else {
$form->errors[] = "No user found with username or email <strong>" . $unvalue . "</strong>";
$form->valid = false;
}
}
if (isset($field)) {
$userinfo = db_get("SELECT id,email FROM login_user WHERE {$field} = '{$unvalue}'", 'row');
$email = $userinfo[0]["EMAIL"];
$userid = $userinfo[0]["ID"];
$length = 10;
$randomString = substr(str_shuffle("0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, $length);
//$randomString = "TestPassword1";
$newpassword = $randomString;
$hash = db_hash_password($newpassword);
db_execute("UPDATE login_user SET pass = "******" WHERE id = " . dbize($userid));
$to = $email;
$subject = "New Password for RMV Data System";
$message = "Your new password is: {$newpassword}";
$headers = 'From: ' . $admin_email . "\r\n" . 'Reply-To: ' . $admin_email . "\r\n" . 'X-Mailer: PHP/' . phpversion();
$sent = mail($to, $subject, $message, $headers, "-f" . $admin_email);
if ($sent) {
$status = "<div class='success status'>An email has been sent to your email address on file, " . $email . ", with your new password.</div>";
$form->valid = true;
} else {
$form->errors[] = "Could not send mail.";
$form->valid = false;
}
}
}
?>
