function updateExecute()
{
global $config;
$myConn = conn('', FALSE);
# MUST precede formReq() function, which uses active connection to parse data
$redirect = $config->adminEdit;
# global var used for following formReq redirection on failure
$FirstName = formReq('FirstName');
# formReq calls dbIn() internally, to check form data
$LastName = formReq('LastName');
$Email = strtolower(formReq('Email'));
$Privilege = formReq('Privilege');
$AdminID = formReq('AdminID');
#check for duplicate email
$sql = sprintf("select AdminID from " . PREFIX . "Admin WHERE (Email='%s') and AdminID != %d", $Email, $AdminID);
$result = mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
# someone already has email!
feedback("Email already exists - please choose a different email.");
myRedirect($config->adminEdit);
# duplicate email
}
#sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero
$sql = sprintf("UPDATE " . PREFIX . "Admin set FirstName='%s',LastName='%s',Email='%s',Privilege='%s' WHERE AdminID=%d", $FirstName, $LastName, $Email, $Privilege, (int) $AdminID);
mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
//feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
$msg = "Admin Updated!";
feedback("Successfully Updated!", "notice");
if ($_SESSION["AdminID"] == $AdminID) {
#this is me! update current session info:
$_SESSION["Privilege"] = $Privilege;
$_SESSION["FirstName"] = $FirstName;
}
} else {
feedback("Data NOT Updated! (or not changed from original values)");
}
get_header();
echo '
<div align="center"><h3>Edit Administrator</h3></div>
<div align="center"><a href="' . $config->adminEdit . '">Edit More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
get_footer();
}
function updateExecute()
{
global $config;
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "warning");
myRedirect($config->adminReset);
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for password must be alphanumeric only");
myRedirect(THIS_PAGE);
}
$myConn = conn('', FALSE);
$redirect = $config->adminReset;
# global var used for following formReq redirection on failure
$AdminID = formReq('AdminID');
# calls dbIn internally, to check form data
$AdminPW = formReq('PWord1');
# SHA() is the MySQL function that encrypts the password
$sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID);
@mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
//feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
feedback("Password Successfully Reset!", "notice");
} else {
feedback("Password NOT Reset! (or not changed from original value)");
}
get_header();
echo '
<div align="center"><h3>Reset Administrator Password</h3></div>
<div align="center"><a href="' . $config->adminReset . '">Reset More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
get_footer();
}
//data must be alphanumeric or punctuation only
feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
if (!onlyEmail($_POST['em'])) {
//login must be a legal email address only
feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
$myConn = conn("", FALSE);
# mysql classic conn, MUST precede formReq() which uses active connection to parse data
$redirect = $config->adminLogin;
# global var used for following formReq redirection on failure
$Email = formReq('em');
# formReq()requires a form element with data, redirects to $redirect if no data sent
$MyPass = formReq('pw');
# formReq() calls dbIn() internally, to check form data
$sql = sprintf("select AdminID,FirstName,Privilege,NumLogins from " . PREFIX . "Admin WHERE Email='%s' AND AdminPW=SHA('%s')", $Email, $MyPass);
$result = @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
# valid user, create session vars, redirect!
$row = mysql_fetch_array($result);
#no while statement, should be single record
startSession();
#wrapper for session_start()
$AdminID = (int) $row["AdminID"];
# use (int) cast to for conversion to integer
$_SESSION["AdminID"] = $AdminID;
# create session variables to identify admin
$_SESSION["FirstName"] = dbOut($row["FirstName"]);
#use dbOut() to clean strings, replace escaped quotes
feedback("Data entered for email is not valid", "error");
myRedirect($config->adminAdd);
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Password must contain letters and numbers only.", "error");
myRedirect($config->adminAdd);
}
$myConn = conn('', FALSE);
# MUST precede formReq() function, which uses active connection to parse data
$FirstName = formReq('FirstName');
# formReq calls dbIn() internally, to check form data
$LastName = formReq('LastName');
$AdminPW = formReq('PWord1');
$Email = strtolower(formReq('Email'));
$Privilege = formReq('Privilege');
#sprintf() function allows us to filter data by type while inserting DB values. Illegal data is neutralized, ie: numerics become zero
$sql = sprintf("INSERT into " . PREFIX . "Admin (FirstName,LastName,AdminPW,Email,Privilege,DateAdded) VALUES ('%s','%s',SHA('%s'),'%s','%s',NOW())", $FirstName, $LastName, $AdminPW, $Email, $Privilege);
@mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
# insert is done here
# feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
feedback("Administrator Added!", "notice");
} else {
feedback("Administrator NOT Added!", "error");
}
get_header();
echo '
<div align="center"><h3>Add Administrator</h3></div>
<div align="center"><a href="' . $config->adminAdd . '">Add More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>