function writeUser($_POST) { # get vars foreach ($_POST as $key => $value) { ${$key} = $value; } # validate input require_lib("validate"); $v = new validate(); $v->isOk($div, "num", 1, 20, "Invalid Branch."); $v->isOk($username, "string", 1, 20, "Invalid user name."); $v->isOk($password, "string", 1, 20, "Invalid password."); //$v->isOk ($tool, "string", 1, 3, "Invalid tooltips selection."); if ($postype != 'P' && $postype != 'S') { $v->addError("", "Invalid POS user."); } $v->isOk($username, "string", 1, 20, "Invalid user name."); $username2 = str_replace(" ", "", $username); if (strlen($username) > strlen($username2)) { $v->addError("", "Error : user name must not contain spaces."); } $v->isOk($div, "num", 1, 20, "Invalid Branch."); $v->isOk($password, "string", 1, 20, "Invalid password."); if ($postype != 'P' && $postype != 'S') { $v->addError("", "Invalid POS user."); } if (isset($f1)) { $v->isOk($password2, "string", 1, 20, "Invalid password 2."); $v->pwMatch($password, $password2, "Passwords do not match."); } # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "-" . $e["msg"] . "<br>"; } $theseErrors = "<tr><td class=err colspan=2>{$theseErrors}</td></tr>\n\t\t<tr><td colspan=2><br></td></tr>"; return enterUser($username, $postype, $manager == "Yes" ? true : false, $theseErrors); exit; } # connect to db db_connect(); if (!isset($admin)) { $admin = 0; } if (isset($f2)) { # exit if user exists $sql = "SELECT username FROM users WHERE username='******'"; $usrRslt = db_exec($sql) or errDie("Unable to check database for existing username."); if (pg_numrows($usrRslt) > 0) { return "User, {$username}, already exists in database."; } # get md5 hash of password $password = md5($password); if ($manager == "Yes") { $abo = 1000; } else { $abo = 0; } $sql = "INSERT INTO users (username, password, services_menu, admin,div, usertype,abo)\n\t\tVALUES ('{$username}', '{$password}', 'L', {$admin}, '{$div}', '{$postype}','{$abo}')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } else { // update the admin variable db_exec("UPDATE users SET admin={$admin} WHERE username='******'"); } $Sql = "DELETE FROM userscripts WHERE username='******'"; $Ex = db_exec($Sql); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'top_menu.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary-day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary-day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'todo.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-services.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-new.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-slip.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-print.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-sales.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); # status report $writeUser = "******" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width='50%'>\n <tr><th>New user added to database</th></tr>\n <tr class=datacell><td>New user, {$username}, was successfully added to Cubit.</td></tr>\n </table>\n <p>\n <tr>\n <table border=0 cellpadding='2' cellspacing='1'>\n <tr><th>Quick Links</th></tr>\n <tr bgcolor='#88BBFF'><td><a href='" . SELF . "'>Add another user</a></td></tr>\n <tr bgcolor='#88BBFF'><td><a href='main.php'>Main Menu</a></td></tr>\n </tr>"; return $writeUser; }
$OUTPUT = confirmUser($_POST); break; case "write": $OUTPUT = writeUser($_POST); break; default: $OUTPUT = enterUser(); } } elseif (isset($_GET["err"])) { # get vars from _GET foreach ($_GET as $key => $value) { ${$key} = $value; } $OUTPUT = enterUser($username, $err); } else { $OUTPUT = enterUser(); } require "template.php"; ## # functions ## # enter new user's details function enterUser($username = "", $err = "") { # connect to db db_connect(); $enterUser = "******" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "'>\r\n <form action='" . SELF . "' method=post>\r\n <input type=hidden name=key value=confirm>\r\n {$err}\r\n <tr><th>Field</th><th>Value</th></tr>\r\n <tr class='bg-even'><td>Username</td><td><input type=text size=20 name=username value='{$username}'></td></tr>\r\n <tr class='bg-odd'><td>Password</td><td><input type=password size=20 name=password> (MIN 6 Characters MAX 20 Characters)</td></tr>\r\n <tr class='bg-even'><td>Confirm password</td><td><input type=password size=20 name=password2></td></tr>\r\n\r\n <tr><td align=right colspan=2><input type=submit value='Confirm »'></td></tr>\r\n </form>\r\n </table>\r\n <p>\r\n\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "'>\r\n\t<tr><th>Quick Links</th></tr>\r\n\t<script>document.write(getQuicklinkSpecial());</script>\r\n\t<tr class='bg-odd'><td><a href='main.php'>Main Menu</a></td></tr>\r\n\t</table>"; return $enterUser; } # confirm entered info function confirmUser($_POST)
function writeUser($_POST) { # get vars extract($_POST); // if(!isset($doneBtn)) // return confirmUser($_POST); # validate input require "libs/validate.lib.php"; $v = new validate(); $v->isOk($div, "num", 1, 20, "Invalid Branch."); $v->isOk($username, "string", 1, 20, "Invalid user name."); $v->isOk($password, "string", 1, 20, "Invalid password."); $v->isOk($tool, "string", 1, 3, "Invalid tooltips selection."); $v->isOk($ispos, "string", 1, 3, "Invalid POS user selection."); # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "<li class='err'>" . $e["msg"] . "</li>"; } $theseErrors .= "<p><input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>"; return $theseErrors; } # connect to db db_connect(); if (!isset($admin)) { $admin = 0; } if (!isset($doneBtn) or $admin == "1") { if (isset($f2)) { # exit if user exists $sql = "SELECT username FROM users WHERE username = '******'"; $usrRslt = db_exec($sql) or errDie("Unable to check cubit for existing username."); if (pg_numrows($usrRslt) > 0) { return "\n\t\t\t\t\t<li class='err'>User, {$username}, already exists in cubit.</li>\n\t\t\t\t\t<br>\n\t\t\t\t\t" . mkQuickLinks(ql("admin-usradd.php", "Add New User")); } # get md5 hash of password $password = md5($password); $sql = "\n\t\t\t\tINSERT INTO users (\n\t\t\t\t\tusername, password, services_menu, admin, locale, div, help, empnum, payroll_groups\n\t\t\t\t) VALUES (\n\t\t\t\t\t'{$username}', '{$password}', 'L', {$admin}, '{$locale}', '{$div}', '{$tool}', '{$empnum}', '" . implode(",", $payroll_group) . "'\n\t\t\t\t)"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to cubit."); } else { // update the admin variable db_exec("UPDATE users SET admin = '{$admin}' WHERE username='******'"); } } #remove all entries for seleted department ... $get_dept_scripts = "SELECT script FROM deptscripts WHERE dept = '{$old_dept}'"; $run_dept_scripts = db_exec($get_dept_scripts) or errDie("Unable to get department script information."); if (pg_numrows($run_dept_scripts) < 1) { #no scripts for this department } else { while ($ddarr = pg_fetch_array($run_dept_scripts)) { $Sql = "DELETE FROM userscripts WHERE username='******' AND script = '{$ddarr['script']}'"; $Ex = db_exec($Sql) or errDie("Unable to clear old user script permissions."); } } if ($ispos == "No") { $Sql = "DELETE FROM userscripts WHERE username = '******'"; // $Ex = db_exec($Sql); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'top_menu.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary-day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary-day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'todo.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-services.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); # write permissions if (isset($perm)) { foreach ($perm as $key => $value) { $sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', '{$value}')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to cubit."); } } if (isset($deps)) { foreach ($deps as $key => $value) { $sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'"; $depRs = db_exec($sql); while ($depscr = pg_fetch_array($depRs)) { $sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', '{$depscr['script']}')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to cubit."); } } } if (isset($depsrem)) { foreach ($depsrem as $key => $value) { $sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'"; $depRs = db_exec($sql); while ($depscr = pg_fetch_array($depRs)) { $sql = "DELETE FROM userscripts WHERE username='******' AND script='{$depscr['script']}'"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to cubit."); } } } } else { $Sql = "DELETE FROM userscripts WHERE username='******'"; // $Ex = db_exec($Sql); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'top_menu.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary-day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary-day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'todo.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-services.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-new.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-slip.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-print.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-sales.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to cubit."); } // if(isset($doneBtn)){ // $get_real_scripts = "SELECT distinct(script) FROM userscripts WHERE username = '******'"; // $run_real_scripts = db_exec($get_real_scripts) or errDie ("Unable to get script information."); // if(pg_numrows($run_real_scripts) < 1){ // return "No Scripts Permission For This User Found."; // } // $remove_all_temp = "DELETE FROM userscripts WHERE username = '******'"; // $run_remove_temp = db_exec($remove_all_temp) or errDie ("Unable to remove temporary permission files."); // // while ($sc_arr = pg_fetch_array ($run_real_scripts)){ // $insert_this_perm = "INSERT INTO userscripts (username,script) VALUES ('$username', '$sc_arr[script]')"; // $run_insert_perm = db_exec($insert_this_perm) or errDie ("Unable to update permission information."); // } // } if (!isset($doneBtn)) { return confirmUser($_POST); } # status report $writeUser = "******" . TMPL_tblDflts . " width='50%'>\n\t\t\t<tr>\n\t\t\t\t<th>New user added to cubit</th>\n\t\t\t</tr>\n\t\t\t<tr class='datacell'>\n\t\t\t\t<td>New user, {$username}, was successfully added to Cubit.</td>\n\t\t\t</tr>\n\t\t</table>\n\t\t<p>\n\t\t<table border='0' cellpadding='2' cellspacing='1'>\n\t\t\t<tr>\n\t\t\t\t<th>Quick Links</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td><a href='admin-usradd.php'>Add another user</a></td>\n\t\t\t</tr>\n\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t</table>"; return enterUser($username, "<li class='yay'>Successfully added {$username}</li><br>"); return $writeUser; }