function editDisplay()
{
    global $config;
    if ($_SESSION["Privilege"] == "admin") {
        #use session data if logged in as admin only
        $myID = (int) $_SESSION['AdminID'];
    } else {
        if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
            $myID = (int) $_POST['AdminID'];
            #Convert to integer, will equate to zero if fails
        } else {
            feedback("AdminID not numeric", "error");
            myRedirect($config->adminReset);
        }
    }
    $privileges = getENUM(PREFIX . 'Admin', 'Privilege');
    #grab all possible 'Privileges' from ENUM
    $myConn = conn('', FALSE);
    $sql = sprintf("select FirstName,LastName,Email,Privilege from " . PREFIX . "Admin WHERE AdminID=%d", $myID);
    $result = @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
    if (mysql_num_rows($result) > 0) {
        //show results
        while ($row = mysql_fetch_array($result)) {
            //dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
            $FirstName = dbOut($row['FirstName']);
            $LastName = dbOut($row['LastName']);
            $Email = dbOut($row['Email']);
            $Privilege = dbOut($row['Privilege']);
        }
    } else {
        //no records
        //put links on page to reset form, exit
        echo '
      <div align="center"><h3>No such administrator.</h3></div>
      <div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
      ';
    }
    $config->loadhead = '
	<script type="text/javascript" src="<?php echo VIRTUAL_PATH; ?>include/util.js"></script>
	<script type="text/javascript">
			function checkForm(thisForm)
			{//check form data for valid info
				if(empty(thisForm.FirstName,"Please enter first name.")){return false;}
				if(empty(thisForm.LastName,"Please enter last name.")){return false;}
				if(!isEmail(thisForm.Email,"Please enter a valid Email Address")){return false;}
				return true;//if all is passed, submit!
			}
	</script>
	';
    get_header();
    echo '
	<h3 align="center">Edit Administrator</h3>
	<form action="' . $config->adminEdit . '" method="post" onsubmit="return checkForm(this);">
	<table align="center">
		<tr>
			<td align="right">First Name</td>
			<td>
				<input type="text" name="FirstName" value="' . $FirstName . '" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
		<tr>
			<td align="right">Last Name</td>
			<td>
				<input type="text" name="LastName" value="' . $LastName . '" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
		<tr>
			<td align="right">Email</td>
			<td>
				<input type="text" name="Email" value="' . $Email . '" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
	';
    if ($_SESSION["Privilege"] == "developer" || $_SESSION["Privilege"] == "superadmin") {
        # uses createSelect() function to preload the select option
        echo '
			<tr>
				<td align="right">Privilege</td>
				<td>
				';
        # createSelect(element-type,element-name,values-array,db-array,labels-array,concatentator) - creates preloaded radio, select, checkbox set
        createSelect("select", "Privilege", $privileges, $Privilege, $privileges, ",");
        #privileges is from ENUM
        echo '
				</td>
			</tr>';
    } else {
        echo '<input type="hidden" name="Privilege" value="' . $_SESSION["Privilege"] . '" />';
    }
    echo '
	   <input type="hidden" name="AdminID" value="', $myID . '" />
	   <input type="hidden" name="act" value="update" />
	   <tr>
			<td align="center" colspan="2">
				<input type="submit" value="Update Admin" />
				<em>(<font color="red"><b>*</b> required field</font>)</em>
			</td>
		</tr>
	</table>    
	</form>
	<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
	';
    @mysql_free_result($result);
    //free resources
    get_footer();
}
				<font color="red"><b>*</b></font>
			</td>
		</tr>
		<tr>
			<td align="right">Email</td>
			<td>
				<input type="email" required name="Email" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
	   <tr>
	   		<td align="right">Privilege:</td>
	   		<td>
	   	';
    $iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
    $privileges = getENUM(PREFIX . 'Admin', 'Privilege', $iConn);
    #grab all possible 'Privileges' from ENUM
    echo returnSelect("select", "Privilege", $privileges, "", $privileges, ",");
    echo '
	   		</td>
	   </tr>
	   <tr>
	   		<td align="right">Password</td>
	   		<td>
	   			<input type="password" name="PWord1" />
	   				<font color="red"><b>*</b></font> 
	   				<em>(6-20 alphanumeric chars)</em>
	   		</td>
	   	</tr>
	   <tr>
	   		<td align="right">Re-enter Password</td>
function editDisplay($nav1 = '')
{
    if ($_SESSION["Privilege"] == "admin") {
        #use session data if logged in as admin only
        $myID = (int) $_SESSION['AdminID'];
    } else {
        if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
            $myID = (int) $_POST['AdminID'];
            #Convert to integer, will equate to zero if fails
        } else {
            header('Location:' . ADMIN_PATH . THIS_PAGE);
            die;
        }
    }
    $iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
    $sql = sprintf("select FirstName,LastName,Email,Privilege from " . PREFIX . "Admin WHERE AdminID=%d", $myID);
    $result = @mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
    if (mysqli_num_rows($result) > 0) {
        //show results
        while ($row = mysqli_fetch_array($result)) {
            //dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
            $FirstName = dbOut($row['FirstName']);
            $LastName = dbOut($row['LastName']);
            $Email = dbOut($row['Email']);
            $Privilege = dbOut($row['Privilege']);
        }
    } else {
        //no records
        //put links on page to reset form, exit
        echo '
      <p align="center"><h3>No such administrator.</h3></p>
      <p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
      ';
    }
    $loadhead = '
	<script type="text/javascript" src="' . VIRTUAL_PATH . 'include/util.js"></script>
	<script type="text/javascript">
			function checkForm(thisForm)
			{//check form data for valid info
				if(empty(thisForm.FirstName,"Please enter first name.")){return false;}
				if(empty(thisForm.LastName,"Please enter last name.")){return false;}
				if(!isEmail(thisForm.Email,"Please enter a valid Email Address")){return false;}
				return true;//if all is passed, submit!
			}
	</script>
	';
    include INCLUDE_PATH . 'header.php';
    echo '
	<h1>Edit Administrator</h1>
	<form action="' . ADMIN_PATH . THIS_PAGE . '" method="post" onsubmit="return checkForm(this);">
	<table align="center">
		<tr>
			<td align="right">First Name</td>
			<td>
				<input type="text" autofocus required name="FirstName" value="' . $FirstName . '" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
		<tr>
			<td align="right">Last Name</td>
			<td>
				<input type="text" required name="LastName" value="' . $LastName . '" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
		<tr>
			<td align="right">Email</td>
			<td>
				<input type="email" required name="Email" value="' . $Email . '" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
	';
    if ($_SESSION["Privilege"] == "developer" || $_SESSION["Privilege"] == "superadmin") {
        # uses returnSelect() function to preload the select option
        echo '
			<tr>
				<td align="right">Privilege</td>
				<td>
				';
        #creates preloaded radio, select, checkbox set
        $privileges = getENUM(PREFIX . 'Admin', 'Privilege', $iConn);
        #grab all possible 'Privileges' from ENUM
        echo returnSelect("select", "Privilege", $privileges, "", $privileges, ",");
        echo '
				</td>
			</tr>';
    } else {
        echo '<input type="hidden" name="Privilege" value="' . $_SESSION["Privilege"] . '" />';
    }
    echo '
	   <input type="hidden" name="AdminID" value="', $myID . '" />
	   <input type="hidden" name="act" value="update" />
	   <tr>
			<td align="center" colspan="2">
				<input type="submit" value="Update Admin" />
				<em>(<font color="red"><b>*</b> required field</font>)</em>
			</td>
		</tr>
	</table>    
	</form>
	<p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
	';
    @mysqli_free_result($result);
    @mysqli_close($iConn);
    include INCLUDE_PATH . 'footer.php';
}
Beispiel #4
0
				<input type="text" name="LastName" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
		<tr>
			<td align="right">Email</td>
			<td>
				<input type="text" name="Email" />
				<font color="red"><b>*</b></font>
			</td>
		</tr>
	   <tr>
	   		<td align="right">Privilege:</td>
	   		<td>
	   	';
    $privileges = getENUM(PREFIX . 'Admin', 'Privilege');
    #grab all possible 'Privileges' from ENUM
    createSelect("select", "Privilege", $privileges, "", $privileges, ",");
    echo '
	   		</td>
	   </tr>
	   <tr>
	   		<td align="right">Password</td>
	   		<td>
	   			<input type="password" name="PWord1" />
	   				<font color="red"><b>*</b></font> 
	   				<em>(6-20 alphanumeric chars)</em>
	   		</td>
	   	</tr>
	   <tr>
	   		<td align="right">Re-enter Password</td>