goto GenerateHtml; } $update = false; if (!empty($_POST["Password"]) || !empty($_POST["Password2"])) { if ($_POST["Password"] != $_POST["Password2"]) { $error_msg = "Error: new passwords do not match."; goto GenerateHtml; } $update = true; } // Check for changes. foreach ($data as $key => $value) { if (!IsFieldInParamList($key, $param_list)) { continue; } if ($value != GetValueFromParamList($param_list, $key)) { $update = true; break; } } if ($update === false) { $success_msg = "No changes given."; goto GenerateHtml; } // Looks like we are okay to update database! $okay = UpdateUser($param_list, $userid); if ($okay === true) { $success_msg = "Data Updated!"; $data = GetUserInfo($userid); PopulateParamList($param_list, $data); } else {
function UpdateUser($param_list, $userid = 0) { global $config; $loc = "userlib.php->UpdateUser"; $pwchanged = false; $fields = array(array("LastName", "str"), array("FirstName", "str"), array("PasswordHash", "str"), array("NickName", "str"), array("Title", "str"), array("BadgeID", "str"), array("Email", "str"), array("Tags", "str"), array("Active", "bool")); if ($userid != 0) { $sql = "SELECT * FROM Users WHERE UserID=" . intval($userid); $result = SqlQuery($loc, $sql); if ($result->num_rows <= 0) { $error_msg = "Unable to update user. UserID=" . intval($userid) . " not found."; log_msg($loc, $error_msg); return $error_msg; } } else { if (!IsFieldInParamList("UserName", $param_list)) { $error_msg = 'Unable to update user. No UserName or UserID Given.'; log_msg($loc, $error_msg); return $error_msg; } $username = GetValueFromParamList($param_list, "UserName"); $sql = 'SELECT * FROM Users WHERE UserName="******"'; $result = SqlQuery($loc, $sql); if ($result->num_rows <= 0) { $error_msg = 'Unable to update user. UserName="******" not found.'; log_msg($loc, $error_msg); return $error_msg; } $row = $result->fetch_assoc(); $userid = intval($row["UserID"]); } // If the BadgeID is being changed we need to make sure its not a duplicate. if (IsFieldInParamList("BadgeID", $param_list)) { $badgeid = GetValueFromParamList($param_list, "BadgeID"); if (!blank($badgeid)) { if (!VerifyBadgeFormat($badgeid)) { $error_msg = 'Unable to update user. Bad Format for BadgeID. Must be in form of "A000".'; log_msg($loc, $error_msg); return $error_msg; } $sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"'; $result = SqlQuery($loc, $sql); while ($row = $result->fetch_assoc()) { if ($row["UserID"] != $userid) { $error_msg = 'Unable to update user. BadgeID ' . $badgeid . ' already in use.'; log_msg($loc, $error_msg); return $error_msg; } } } } // At this point, move all values into a seperate array, but treat password special. $data = array(); $c = 0; foreach ($param_list as $param_spec) { if (!isset($param_spec["FieldName"])) { continue; } if (!isset($param_spec["Value"])) { continue; } if ($param_spec["FieldName"] == "Password") { $pw = $param_spec["Value"]; if (empty($pw)) { continue; } $v = crypt($pw, $config["Salt"]); $pwchanged = true; $fn = "PasswordHash"; $data[$fn] = $v; $c++; continue; } $fn = $param_spec["FieldName"]; $v = $param_spec["Value"]; $data[$fn] = $v; $c++; } if ($c <= 0) { $error_msg = "Unable to update user. UserID=" . intval($userid) . ". Nothing to update."; log_msg($loc, $error_msg); return $error_msg; } // At this point, we have a userid that we can count on, and the data. $sql = 'UPDATE Users SET '; $sql .= GenerateSqlSet($data, $fields); $sql .= " WHERE UserID=" . intval($userid); SqlQuery($loc, $sql); $msg = 'Info for User ' . $userid . ' updated by ' . GetUserName() . '. '; if ($pwchanged) { $msg .= '(Including a password change.)'; } log_msg($loc, $msg); return true; }