<?php include_once '../database.php'; $account = find_admin(); if (isset($_POST['pass'])) { if ($_POST['currentpass'] == $account['password']) { if ($_POST['pass1'] == $_POST['pass2']) { adminpass_edit($_POST); header('Location:index.php?page=admin-account'); } } } ?> <html> <body> <span>Account</span> <div id="user"> <span>Username:</span> <span class="second"><?php echo $account['username']; ?> </span> <span></span> </div> <form method="post"> <div id="editpass"> <span>Password:</span> <span class="second"></span> <span class="pull-right">Edit</span> </div>
<?php $viewAdmin = view_admin(); $get_admin = find_admin($_SESSION['id']); ?> <html> <body> <div class="container"> <div class="row"> <div class="col-md-4"></div> <div class="col-md-4"> <img src="photo.php?id=<?php echo htmlentities($_SESSION['id']); ?> " height="250" width="250" style="border-radius:10em;border:2px solid blue;margin:15px 55px 15px;"> </div> <div class="col-md-4"></div> </div><!-- end row of profile picture--> <div class="row"> <div class="col-md-4"></div> <div class="col-md-4"> <?php if ($get_admin['LABSTAT'] == 1) { ?> <div class="alert alert-success text-center" >ACTIVE</div> <?php } else { ?> <div class="alert alert-warning text-center" >INACTIVE</div> <?php
function delete_user($U) { extract($U); //echo $newowner; #$db = $_SESSION['db']; #user_to_delete CANNOT BE EMPTY - don't take any chances! if (is_numeric($user_to_delete)) { $sql = "update s3db_account set account_status='I' where account_id='" . $user_to_delete . "'"; #echo $sql; $db->query($sql, __LINE__, __FILE__); if ($projects_new_owner == '') { //$sql = "delete from s3db_account where account_id='".$oldowner."'"; $sql = "delete from s3db_account_group where account_id='" . $user_to_delete . "'"; $db->query($sql, __LINE__, __FILE__); $sql = "update s3db_project set project_status='I' and project_owner='" . find_admin($db) . "' where project_owner='" . $user_to_delete . "'"; $db->query($sql, __LINE__, __FILE__); $sql = "delete from s3db_project_acl where acl_account='" . $user_to_delete . "'"; $db->query($sql, __LINE__, __FILE__); $sql = "delete from s3db_project_acl s3db_project where acl_project_id in (select project_id from s3db_project where project_owner='" . $user_to_delete . "')"; $db->query($sql, __LINE__, __FILE__); return True; } else { #$sql = "delete from s3db_account where account_id='".$user_to_delete."'"; #$db->query($sql, __LINE__, __FILE__); $sql = "delete from s3db_account_group where account_id='" . $user_to_delete . "'"; $db->query($sql, __LINE__, __FILE__); $sql = "update s3db_project set project_owner='" . $projects_new_owner . "' where project_owner='" . $user_to_delete . "'"; $db->query($sql, __LINE__, __FILE__); $sql = "update s3db_project_acl set acl_account='" . $projects_new_owner . "' where acl_account='" . $user_to_delete . "'"; $db->query($sql, __LINE__, __FILE__); return True; } return False; } return False; }
<?php $message = ''; $id = intval($_GET['id']); $name = trim($_GET['name']); //we use $_GET because data input came from the URL if (isset($_GET['id'])) { $id = trim($id); $deleteAdmin = find_admin($id); if ($deleteAdmin) { delete_admin(0, $id); delete_photo(0, $id); $message = "<div class = 'alert alert-success' style = 'width: 350px;'>{$name} is successfully deleted.</div>"; echo "<script>"; //go back to viewMed page after 3 seconds. echo "setTimeout(function(){ document.location = '?p=manageAdmin/profileAdmin'; }, 2000);"; echo "</script>"; } else { $message = "<div class = 'alert alert-warning' style = 'width: 350px;'>Specified admin cannot be found</div>"; } } ?> <html> <body> <div class="container"> <div class="row"> <div class="col-lg-4"> <?php echo $message; ?> </div>
$user = $_SESSION['user']; update_photo($name, $type, $bytes, $user, $id); update_admin($fName, $mName, $lName, $id); update_account($pass, $id); $message = "<div class = 'alert alert-success' style = 'width: 350px;'>Account is successfully updated.</div>"; echo "<script>"; //go back to viewMed page after 3 seconds. echo "setTimeout(function(){ document.location = '?p=profileAdmin'; }, 2000);"; echo "</script>"; } else { $message = "<div class = 'alert alert-warning' style = 'width: 350px;'>Invalid File.</div>"; } } } else { //if not submitted we retrieve the data from the database $adminFind = find_admin($id); $user_pass = get_pass($id); if ($adminFind) { $fName = $adminFind['LABSUPFNAME']; $mName = $adminFind['LABSUPMNAME']; $lName = $adminFind['LABSUPLNAME']; $pass = $user_pass['PASSWORD']; } else { $message = '<div class="alert alert-warning">The specified admin record cannot be found.</div>'; } } ?> <html> <body> <div class="container"> <h4>Update Account</h4>
<?php $id = intval($_GET['id']); $get_info = get_photo($id); $admin = find_admin($id); ?> <html> <style> .box{max-width:330px;} </style> <body> <div class="container"> <div class="row"> <div class="col-md-6"> <h3>Profile</h3> <h4> <?php echo htmlentities($admin['LABSUPLNAME']) . ' , ' . htmlentities($admin['LABSUPFNAME']) . ' ' . htmlentities($admin['LABSUPMNAME']); ?> </h4> <img src="photo.php?id=<?php echo htmlentities($id); ?> " height="300" width="300" style="border:2px black solid;padding:10px 10px;" /> </div> <div class="col-md-6"></div> </div> <div class="row"> <div class="box col-md-12 text-center"> <?php