Ejemplo n.º 1
0
function displayUserInfoPage()
{
    require 'include/configGlobals.php';
    $hashUsername = getCookie('ID');
    $check = mysql_query("SELECT * FROM users WHERE sha256_user = '******'") or die(mysql_error());
    while ($info = mysql_fetch_array($check)) {
        $username = $info['username'];
        if (isset($_POST['submitEdit'])) {
            $storedMemberType = $info['member'];
            $postFname = addslashes($_POST['firstName']);
            $postLname = addslashes($_POST['lastName']);
            $postAddr1 = addslashes($_POST['address1']);
            $postAddr2 = addslashes($_POST['address2']);
            $postCity = addslashes($_POST['city']);
            $postState = addslashes($_POST['state']);
            $postZip = addslashes($_POST['zipCode']);
            $postHphone = addslashes($_POST['homePhone']);
            $postCphone = addslashes($_POST['cellPhone']);
            $postEmail = addslashes($_POST['email']);
            $postEcontact = addslashes($_POST['eContact']);
            $postEcPhone = addslashes($_POST['eContactPhone']);
            $postEcRel = addslashes($_POST['eContactRel']);
            $postClub = addslashes($_POST['club']);
            if ($storedMemberType == 0 || $storedMemberType == 2 || $storedMemberType == 3) {
                if ($postClub == $club_Abbr) {
                    $postMemberType = 2;
                } else {
                    if ($postClub == "None") {
                        $postMemberType = 0;
                    } else {
                        $postMemberType = 3;
                    }
                }
                // Partner-member
            } else {
                if ($storedMemberType == 1) {
                    $postClub = $club_Abbr;
                    $postMemberType = 1;
                    // Club member (registered on-line)
                }
            }
            // now we insert it into the database
            $update = "UPDATE users SET \n                        fname='{$postFname}', \n                        lname='{$postLname}', \n                        addr1='{$postAddr1}', \n                        addr2='{$postAddr2}', \n                        city='{$postCity}', \n                        state='{$postState}', \n                        zip='{$postZip}', \n                        hphone='{$postHphone}',\n                        cphone='{$postCphone}',\n                        email='{$postEmail}',\n                        econtact='{$postEcontact}',\n                        econtact_phone='{$postEcPhone}',\n                        econtact_rel='{$postEcRel}',\n                        member='{$postMemberType}',\n                        club='{$postClub}'\n                 WHERE username='******'";
            mysql_query($update);
            $check2 = mysql_query("SELECT * FROM users WHERE username = '******'") or die(mysql_error());
            $info2 = mysql_fetch_array($check2);
            if ($info2 && !isUserInfoComplete($info2)) {
                mysql_close();
                echo "<script type=\"text/javascript\">\n";
                echo "parent.main_enablePopupBackButtonHistory();\n";
                echo "</script>\n";
                die("Required user info not complete. Please go back to continue.</body></html>");
            } else {
                ignore_user_abort(true);
                updateMemberStatus();
                echo "<html><body>\n";
                echo "<script language=\"javascript\" type=\"text/javascript\">\n";
                echo "parent.main_enableVehiclesButton(true)\n";
                if (doesUserHaveVehicles()) {
                    echo "parent.main_enableRegisterButton(true);\n";
                } else {
                    echo "parent.main_enableRegisterButton(false);\n";
                }
                echo "parent.main_popupWindowCancel();\n";
                echo "</script></body></html>";
            }
        } else {
            displayUserInfoForm($info);
        }
    }
}
Ejemplo n.º 2
0
function adminDisplayUserInfoPage()
{
    $hashUsername = getCookie('ID');
    $check = mysql_query("SELECT * FROM users WHERE sha256_user = '******'") or die(mysql_error());
    $info = mysql_fetch_array($check);
    if ($info['admin'] != 1) {
        die("ERROR: You are not an admin.");
    }
    $username = $_GET['USER'];
    $check = mysql_query("SELECT * FROM users WHERE username = '******'") or die(mysql_error());
    while ($info = mysql_fetch_array($check)) {
        if ($info['admin'] == 1) {
            die("ERROR: Not allowed to edit admin info");
        }
        if (isset($_POST['submitEdit'])) {
            $storedMemberType = $info['member'];
            $postFname = addslashes($_POST['firstName']);
            $postLname = addslashes($_POST['lastName']);
            $postAddr1 = addslashes($_POST['address1']);
            $postAddr2 = addslashes($_POST['address2']);
            $postCity = addslashes($_POST['city']);
            $postState = addslashes($_POST['state']);
            $postZip = addslashes($_POST['zipCode']);
            $postHphone = addslashes($_POST['homePhone']);
            $postCphone = addslashes($_POST['cellPhone']);
            $postEmail = addslashes($_POST['email']);
            $postEcontact = addslashes($_POST['eContact']);
            $postEcPhone = addslashes($_POST['eContactPhone']);
            $postEcRel = addslashes($_POST['eContactRel']);
            $postClub = addslashes($_POST['club']);
            if ($storedMemberType == 0 || $storedMemberType == 2 || $storedMemberType == 3) {
                if ($postClub == "SCCNH") {
                    $postMemberType = 2;
                } else {
                    if ($postClub == "None") {
                        $postMemberType = 0;
                    } else {
                        $postMemberType = 3;
                    }
                }
                // Partner-member
            } else {
                if ($storedMemberType == 1) {
                    $postClub = "SCCNH";
                    $postMemberType = 1;
                    // SCCNH member (registered on-line)
                }
            }
            // now we insert it into the database
            $update = "UPDATE users SET \n                        fname='{$postFname}', \n                        lname='{$postLname}', \n                        addr1='{$postAddr1}', \n                        addr2='{$postAddr2}', \n                        city='{$postCity}', \n                        state='{$postState}', \n                        zip='{$postZip}', \n                        hphone='{$postHphone}',\n                        cphone='{$postCphone}',\n                        email='{$postEmail}',\n                        econtact='{$postEcontact}',\n                        econtact_phone='{$postEcPhone}',\n                        econtact_rel='{$postEcRel}',\n                        member='{$postMemberType}',\n                        club='{$postClub}'\n                 WHERE username='******'";
            mysql_query($update);
            $check2 = mysql_query("SELECT * FROM users WHERE username = '******'") or die(mysql_error());
            $info2 = mysql_fetch_array($check2);
            if ($info2 && !isUserInfoComplete($info2)) {
                mysql_close();
                die("Required user info not complete. Please <a href=\"userinfo.php\">go back</a> to continue.</html>");
            } else {
                mysql_close();
                //  echo "Saved?".$update."!";
                // below lines must be html commented when working outside of php system or it will be interpreted and executed
                // reload the admin/user screen.
                echo "<script type=\"text/javascript\">parent.main_setBodyFrame('admin_users.php');\n";
                // return to the user screen.
                echo "parent.main_popupWindowCancel();</script></body></html>";
            }
        } else {
            if (isset($_POST['submitDelete'])) {
                // check for vehicles first...
                $vehcheck = mysql_query("SELECT * FROM vehicles WHERE userOwner = '{$username}'") or die(mysql_error());
                while ($vehinfo = mysql_fetch_assoc($vehcheck)) {
                    $qVehID = $vehinfo['vehicleID'];
                    // first delete the owners vehicles from any events
                    deleteVehicleFromEvents($qVehID);
                    // then delete the vehicle.
                    mysql_query("DELETE FROM vehicles WHERE vehicleID = '{$qVehID}'");
                }
                // now delete the user
                mysql_query("DELETE FROM users WHERE username = '******'");
                mysql_close();
                // below lines must be html commented when working outside of php system or it will be interpreted and executed
                // reload the admin/user screen.
                echo "<script type=\"text/javascript\">parent.main_setBodyFrame('admin_users.php');\n";
                // return to the user screen.
                echo "parent.main_popupWindowCancel();</script></body></html>";
            } else {
                displayUserInfoForm($info);
            }
        }
    }
}