$_POST["emerCont1Cell"] = format_phone($_POST["emerCont1Cell"]);
$_POST["emerCont2Phone"] = format_phone($_POST["emerCont2Phone"]);
$_POST["emerCont2Cell"] = format_phone($_POST["emerCont2Cell"]);
if ($isAdmin) {
$email_address = $_POST["email"];
//db_enter is going to mess it up; i should fix that!
$id = db_enter("intranet_users", "firstname nickname lastname title email rankID *startDate *endDate #corporationID #departmentID #officeID phone bio homeAddress1 homeAddress2 homeCity homeStateID homeZIP homePhone homeCell homeEmail emerCont1Name emerCont1Relationship emerCont1Phone emerCont1Cell emerCont1Email emerCont2Name emerCont2Relationship emerCont2Phone emerCont2Cell emerCont2Email", "userID");
//if new user, reset password, delete request, and send invite
if (!isset($_GET["id"])) {
db_query("UPDATE intranet_users SET password = PWDENCRYPT('') WHERE userID = " . $id);
if (isset($_GET["requestID"])) {
db_query("DELETE FROM users_requests WHERE id = " . $_GET["requestID"]);
}
//send invitation
$name = str_replace("'", "", $_POST["nickname"] == "NULL" ? $_POST["firstname"] : $_POST["nickname"]);
email_invite($id, $email_address, $name);
}
//update permissions
db_checkboxes("permissions", "administrators", "userID", "moduleID", $id);
db_checkboxes("skills", "users_to_skills", "user_id", "skill_id", $id);
//check long distance code
if ($locale == "/_seedco/" && $_POST["officeID"] == "1") {
if (!db_grab("SELECT longdistancecode FROM intranet_users WHERE userID = " . $id)) {
$code = db_grab("SELECT code FROM ldcodes WHERE code NOT IN ( SELECT longdistancecode FROM intranet_users WHERE isActive = 1 AND longdistancecode IS NOT NULL)");
db_query("UPDATE intranet_users SET longDistanceCode = {$code} WHERE userID = " . $id);
}
}
} else {
$id = db_enter("intranet_users", "firstname nickname lastname email title #corporationID departmentID officeID phone bio homeAddress1 homeAddress2 homeCity homeStateID homeZIP homePhone homeCell homeEmail emerCont1Name emerCont1Relationship emerCont1Phone emerCont1Cell emerCont1Email emerCont2Name emerCont2Relationship emerCont2Phone emerCont2Cell emerCont2Email", "userID");
}
//upload new staff image
<?php
include "include.php";
if (url_action("deletereq")) {
db_query("DELETE FROM users_requests WHERE id = " . $_GET["id"]);
url_query_drop("action,id");
} elseif (url_action("invite")) {
$result = db_query("SELECT userID, nickname, email, firstname FROM intranet_users WHERE lastlogin IS NULL AND isactive = 1");
while ($r = db_fetch($result)) {
$name = !$r["nickname"] ? $r["firstname"] : $r["nickname"];
email_invite($r["userID"], $r["email"], $name);
}
url_query_drop("action");
}
drawTop();
echo drawJumpToStaff();
echo drawTableStart();
echo drawHeaderRow("", 3);
$result = db_query("SELECT id, lastname, firstname, createdOn FROM users_requests ORDER BY createdOn DESC");
if (db_found($result)) {
?>
<tr>
<th width="70%">Name</th>
<th width="30%" class="r">Invited On</th>
<th></th>
</tr>
<?php
while ($r = db_fetch($result)) {
?>
<tr>
<td><a href="add_edit.php?requestID=<?php
include "include.php";
//delete user handled by include
if (url_action("undelete")) {
//undelete user
db_query("UPDATE intranet_users SET isActive = 1, deletedBy = NULL, deletedOn = NULL, endDate = NULL, updatedBy = {$user["id"]}, updatedOn = GETDATE() WHERE userID = " . $_GET["id"]);
url_query_drop("action");
} elseif (url_action("passwd")) {
db_query("UPDATE intranet_users SET password = PWDENCRYPT('') WHERE userID = " . $_GET["id"]);
$r = db_grab("SELECT userID, email FROM intranet_users WHERE userID = " . $_GET["id"]);
email_user($r["email"], "Intranet Password Reset", drawEmptyResult($user["first"] . ' has just reset your password on the Intranet. To pick a new password, please <a href="http://' . $_josh["request"]["host"] . '/login/password_reset.php?id=' . $r["userID"] . '">follow this link</a>.'));
url_query_drop("action");
} elseif (url_action("invite")) {
$r = db_grab("SELECT nickname, email, firstname FROM intranet_users WHERE userID = " . $_GET["id"]);
$name = !$r["nickname"] ? $r["firstname"] : $r["nickname"];
email_invite($_GET["id"], $r["email"], $name);
url_query_drop("action");
}
url_query_require();
drawTop();
$r = db_grab("SELECT \n\t\tu.firstname,\n\t\tu.lastname,\n\t\tu.nickname, \n\t\tu.bio, \n\t\tu.email,\n\t\t" . db_pwdcompare("", "u.password") . " password,\n\t\tu.phone, \n\t\tu.lastlogin, \n\t\tu.title,\n\t\tf.name office, \n\t\td.departmentName,\n\t\tu.corporationID,\n\t\tc.description corporationName,\n\t\tu.homeAddress1,\n\t\tu.homeAddress2,\n\t\tu.homeCity,\n\t\ts.stateAbbrev,\n\t\tu.homeZIP,\n\t\tu.homePhone,\n\t\tu.homeCell,\n\t\tu.homeEmail,\n\t\tu.emerCont1Name,\n\t\tu.emerCont1Relationship,\n\t\tu.emerCont1Phone,\n\t\tu.emerCont1Cell,\n\t\tu.emerCont1Email,\n\t\tu.emerCont2Name,\n\t\tu.emerCont2Relationship,\n\t\tu.emerCont2Phone,\n\t\tu.emerCont2Cell,\n\t\tu.emerCont2Email,\n\t\tu.startDate,\n\t\tu.longDistanceCode,\n\t\tu.endDate,\n\t\tu.isActive,\n\t\tr.description rank\n\tFROM intranet_users u\n\tJOIN intranet_ranks r ON u.rankID = r.id\n\tLEFT JOIN organizations\t\t\tc ON u.corporationID = c.id\n\tLEFT JOIN intranet_departments\t\td ON d.departmentID\t= u.departmentID \t\t\t\t\n\tLEFT JOIN intranet_offices \t\tf ON f.id\t\t\t= u.officeID \t\t\t\t\n\tLEFT JOIN intranet_us_states\t\ts ON u.homeStateID\t= s.stateID\n\tWHERE u.userID = " . $_GET["id"]);
$r["corporationName"] = empty($r["corporationName"]) ? '<a href="organizations.php?id=0">Shared</a>' : '<a href="organizations.php?id=' . $r["corporationID"] . '">' . $r["corporationName"] . '</a>';
if (!isset($r["isActive"])) {
url_change("./");
}
echo drawJumpToStaff($_GET["id"]);
if (!$r["isActive"]) {
$msg = "This is a former staff member. ";
if ($r["endDate"]) {
$msg .= $r["nickname"] ? $r["nickname"] : $r["firstname"];
$msg .= "'s last day was " . format_date($r["endDate"]) . ".";
