//update user in db
$encrypted_passwd = crypt($_POST['password']);
$query = "UPDATE users SET password='******' WHERE user_id ='{$_SESSION['userid']}'";
$result = mysqli_query($db, $query);
}
//END Derek Changes
//show success message
print '<h3 align="center"> User ' . $_POST['username'] . ' (' . $_POST['first_name'] . ' ' . $_POST['last_name'] . ') updated!</h3>';
print '<h4 align="center"><a href="index.php">Return to Homepage</a></h4>';
} else {
showEditPage($_SESSION['username'], $_SESSION['access'], validateUserChanges());
}
//if errors exist, show page again & fill in values
} elseif (!isset($_GET['user_id'])) {
//form has not been submitted
showEditPage($_SESSION['username'], $_SESSION['access']);
//uncomment the next line to toggle session dumps on and off
//include 'dump_all_page_contents.php';
}
} else {
showLogin('The current user is not authorized to view this page.');
//all other users types OWNED!!
}
} elseif ($_POST['username']) {
//if user has attempted to login, validate login
if (validateLogin($_POST['username'], $_POST['password'])) {
showPage($_SESSION['username'], $_SESSION['access']);
//valid user! Show page!
} else {
showLogin('Login invalid. Please try again');
}
include 'dump_all_page_contents.php';
if (!isset($_GET['report_id']) && !isset($_POST['report_id'])) {
if (array_key_exists('userid', $_SESSION)) {
//If user is logged, check for access level
if ($_SESSION['access'] == 'S' or $_SESSION['access'] == 'A' or $_SESSION['access'] == 'U') {
//check for $_GET['refund_id']. If set, show edit page for that user. Otherwise, show list of users
//if($_GET['refund_id']){
echo 'it loads before here <br>';
if (sizeof($_POST) == 0) {
echo 'am i within ';
if (!isset($_GET['refund_id']) || $_GET['refund_id'] != "" && $_GET['refund_id'] != NULL) {
if (isset($_GET['action']) && $_GET['action'] == 'edit') {
echo 'stopping here edit ';
die;
//ncurses_clear();
showEditPage();
} elseif (isset($_GET['action']) && $_GET['action'] == 'delete') {
echo 'stopping here delete ';
die;
showDelPage();
//this function doesn't seem to exist yet.
} elseif (isset($_GET['action']) && $_GET['action'] == 'reject') {
echo 'stopping here reject ';
die;
showRejPage();
//this function doesn't seem to exist yet.
} elseif (isset($_GET['action']) && $_GET['action'] == 'approve') {
echo 'stopping here approve ';
die;
showApprovePage();
//this function doesn't seem to exist yet
if (isset($_POST['_edit_submit']) && $_POST['Submit'] == "submit") {
//include 'dump_all_page_contents.php';
//build up the redirect string to redirect to the edit page of the refund you are currently editing (needs to reference correct refund_id)
//format:
//?refund_id=3&action=edit
$refresh_id = "?refund_id=";
$refresh_id .= $_POST['refund_id'];
$refresh_id .= "&action=edit";
@Header('Location: ' . $_SERVER['PHP_SELF'] . $refresh_id);
}
//END Derek Hack//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
} else {
//if submitted with errors and not approved/deleted
//echo 'Im in the else if submitted with errors and not approved/deleted';
//echo 'im right here';
showEditPage($_SESSION['username'], $_SESSION['access'], validateRefundChanges());
}
//if errors exist, show page again & fill in values
} elseif (isset($_POST['_del_submit']) && $_POST['_del_submit'] != "" && $_POST['_del_submit'] != NULL) {
$now = date("Y-m-d H:i:s");
//update the record in the DB as voided
$query = "UPDATE refund SET status='VOIDED', modfied_by={$_SESSION['userid']}, modified_dt='{$now}',voided =1 WHERE refund_id = {$_POST['refund_id']} ";
$result = mysqli_query($db, $query);
if (@mysqli_error($result)) {
print mysqli_error($result);
}
//START Derek Hack////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Hack inserted because app previously wasn't immediately displaying changes, forces a refresh of page if the form has been submitted.
//Refresh the page if you just edited a refund, but before you hit the back to refunds page
//Refresh the page if you just edited a refund, but before you hit the back to refunds page
if (isset($_POST['_del_submit']) && $_POST['Void'] == "void") {