function SavePrefsForUser($userid, $prefs)
{
$loc = "preflib.php->SavePrefsForUser";
// First, start with current set of preferences so that we
// don't duplicate any new ones.
$current_prefs = GetPrefsForUser($userid);
// Separate the new prefs into those that already exist,
// and those that are truely new.
$new_prefs = array();
$changed_prefs = array();
foreach ($prefs as $key => $value) {
if (array_key_exists($key, $current_prefs)) {
// The key is alreay in the database. If the value is the
// same, then we don't need to re-save it.
if ($value != $current_prefs[$key]) {
$changed_prefs[$key] = $value;
}
} else {
// The key is new.
$new_prefs[$key] = $value;
}
}
// Now, update the database table for each pref that is
// already in the table.
foreach ($changed_prefs as $key => $value) {
$sql = 'UPDATE Prefs SET PrefValue = "' . $value . '" WHERE UserID=' . intval($userid) . ' AND PrefName="' . SqlClean($key) . '"';
$result = SqlQuery($loc, $sql);
}
// Finally, insert the new prefereces into the table.
foreach ($new_prefs as $key => $value) {
$sql = 'INSERT INTO Prefs (UserID, PrefName, PrefValue) VALUES (' . intval($userid) . ', "' . SqlClean($key) . '", "' . SqlClean($value) . '")';
$result = SqlQuery($loc, $sql);
}
log_msg($loc, count($prefs) . ' preferences updated/saved successfully for user ' . intval($userid));
}
function GetWorkOrderFiles($workorderid)
{
$loc = rmabs(__FILE__ . ".GetWorkOrderFiles");
$sql = 'SELECT * FROM RelatedFiles WHERE WorkOrderID=' . SqlClean($workorderid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows != 1) {
return false;
}
$row = $result->fetch_assoc();
return $row;
}
function GetWorkOrderPrereqInfo($userid)
{
$loc = "userlib.php->GetUserInfo";
$sql = 'SELECT * FROM UserView WHERE UserID=' . SqlClean($userid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows != 1) {
return false;
}
$row = $result->fetch_assoc();
return $row;
}
function StoreEvent($fields)
{
$loc = 'readerlib.php=>StoreEvent';
$sql = 'INSERT INTO EventTimes (Name, StartTime, EndTime, Type, Purpose) ';
$sql .= 'VALUES (';
$sql .= ' "' . SqlClean($fields["Name"]) . '"';
$sql .= ', "' . SqlClean($fields["StartTime"]) . '"';
$sql .= ', "' . SqlClean($fields["EndTime"]) . '"';
$sql .= ', "' . SqlClean($fields["Type"]) . '"';
$sql .= ', "' . SqlClean($fields["Purpose"]) . '"';
$sql .= ')';
SqlQuery($loc, $sql);
}
function IsSqlTextOkay($s)
{
if (!is_array($s)) {
if (SqlClean($s) !== $s) {
return false;
} else {
return true;
}
}
foreach ($s as $t) {
if (SqlClean($t) !== $t) {
return false;
}
}
return true;
}
function UpdateUser($param_list, $userid = 0)
{
global $config;
$loc = "userlib.php->UpdateUser";
$pwchanged = false;
$fields = array(array("LastName", "str"), array("FirstName", "str"), array("PasswordHash", "str"), array("NickName", "str"), array("Title", "str"), array("BadgeID", "str"), array("Email", "str"), array("Tags", "str"), array("Active", "bool"));
if ($userid != 0) {
$sql = "SELECT * FROM Users WHERE UserID=" . intval($userid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
$error_msg = "Unable to update user. UserID=" . intval($userid) . " not found.";
log_msg($loc, $error_msg);
return $error_msg;
}
} else {
if (!IsFieldInParamList("UserName", $param_list)) {
$error_msg = 'Unable to update user. No UserName or UserID Given.';
log_msg($loc, $error_msg);
return $error_msg;
}
$username = GetValueFromParamList($param_list, "UserName");
$sql = 'SELECT * FROM Users WHERE UserName="******"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
$error_msg = 'Unable to update user. UserName="******" not found.';
log_msg($loc, $error_msg);
return $error_msg;
}
$row = $result->fetch_assoc();
$userid = intval($row["UserID"]);
}
// If the BadgeID is being changed we need to make sure its not a duplicate.
if (IsFieldInParamList("BadgeID", $param_list)) {
$badgeid = GetValueFromParamList($param_list, "BadgeID");
if (!blank($badgeid)) {
if (!VerifyBadgeFormat($badgeid)) {
$error_msg = 'Unable to update user. Bad Format for BadgeID. Must be in form of "A000".';
log_msg($loc, $error_msg);
return $error_msg;
}
$sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"';
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
if ($row["UserID"] != $userid) {
$error_msg = 'Unable to update user. BadgeID ' . $badgeid . ' already in use.';
log_msg($loc, $error_msg);
return $error_msg;
}
}
}
}
// At this point, move all values into a seperate array, but treat password special.
$data = array();
$c = 0;
foreach ($param_list as $param_spec) {
if (!isset($param_spec["FieldName"])) {
continue;
}
if (!isset($param_spec["Value"])) {
continue;
}
if ($param_spec["FieldName"] == "Password") {
$pw = $param_spec["Value"];
if (empty($pw)) {
continue;
}
$v = crypt($pw, $config["Salt"]);
$pwchanged = true;
$fn = "PasswordHash";
$data[$fn] = $v;
$c++;
continue;
}
$fn = $param_spec["FieldName"];
$v = $param_spec["Value"];
$data[$fn] = $v;
$c++;
}
if ($c <= 0) {
$error_msg = "Unable to update user. UserID=" . intval($userid) . ". Nothing to update.";
log_msg($loc, $error_msg);
return $error_msg;
}
// At this point, we have a userid that we can count on, and the data.
$sql = 'UPDATE Users SET ';
$sql .= GenerateSqlSet($data, $fields);
$sql .= " WHERE UserID=" . intval($userid);
SqlQuery($loc, $sql);
$msg = 'Info for User ' . $userid . ' updated by ' . GetUserName() . '. ';
if ($pwchanged) {
$msg .= '(Including a password change.)';
}
log_msg($loc, $msg);
return true;
}
