function editDisplay()
{
global $config;
if ($_SESSION["Privilege"] == "admin") {
#use session data if logged in as admin only
$myID = (int) $_SESSION['AdminID'];
} else {
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "error");
myRedirect($config->adminReset);
}
}
$privileges = getENUM(PREFIX . 'Admin', 'Privilege');
#grab all possible 'Privileges' from ENUM
$myConn = conn('', FALSE);
$sql = sprintf("select FirstName,LastName,Email,Privilege from " . PREFIX . "Admin WHERE AdminID=%d", $myID);
$result = @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
if (mysql_num_rows($result) > 0) {
//show results
while ($row = mysql_fetch_array($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$FirstName = dbOut($row['FirstName']);
$LastName = dbOut($row['LastName']);
$Email = dbOut($row['Email']);
$Privilege = dbOut($row['Privilege']);
}
} else {
//no records
//put links on page to reset form, exit
echo '
<div align="center"><h3>No such administrator.</h3></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
}
$config->loadhead = '
<script type="text/javascript" src="<?php echo VIRTUAL_PATH; ?>include/util.js"></script>
<script type="text/javascript">
function checkForm(thisForm)
{//check form data for valid info
if(empty(thisForm.FirstName,"Please enter first name.")){return false;}
if(empty(thisForm.LastName,"Please enter last name.")){return false;}
if(!isEmail(thisForm.Email,"Please enter a valid Email Address")){return false;}
return true;//if all is passed, submit!
}
</script>
';
get_header();
echo '
<h3 align="center">Edit Administrator</h3>
<form action="' . $config->adminEdit . '" method="post" onsubmit="return checkForm(this);">
<table align="center">
<tr>
<td align="right">First Name</td>
<td>
<input type="text" name="FirstName" value="' . $FirstName . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Last Name</td>
<td>
<input type="text" name="LastName" value="' . $LastName . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Email</td>
<td>
<input type="text" name="Email" value="' . $Email . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
';
if ($_SESSION["Privilege"] == "developer" || $_SESSION["Privilege"] == "superadmin") {
# uses createSelect() function to preload the select option
echo '
<tr>
<td align="right">Privilege</td>
<td>
';
# createSelect(element-type,element-name,values-array,db-array,labels-array,concatentator) - creates preloaded radio, select, checkbox set
createSelect("select", "Privilege", $privileges, $Privilege, $privileges, ",");
#privileges is from ENUM
echo '
</td>
</tr>';
} else {
echo '<input type="hidden" name="Privilege" value="' . $_SESSION["Privilege"] . '" />';
}
echo '
<input type="hidden" name="AdminID" value="', $myID . '" />
<input type="hidden" name="act" value="update" />
<tr>
<td align="center" colspan="2">
<input type="submit" value="Update Admin" />
<em>(<font color="red"><b>*</b> required field</font>)</em>
</td>
</tr>
</table>
</form>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
@mysql_free_result($result);
//free resources
get_footer();
}
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Email</td>
<td>
<input type="email" required name="Email" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Privilege:</td>
<td>
';
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$privileges = getENUM(PREFIX . 'Admin', 'Privilege', $iConn);
#grab all possible 'Privileges' from ENUM
echo returnSelect("select", "Privilege", $privileges, "", $privileges, ",");
echo '
</td>
</tr>
<tr>
<td align="right">Password</td>
<td>
<input type="password" name="PWord1" />
<font color="red"><b>*</b></font>
<em>(6-20 alphanumeric chars)</em>
</td>
</tr>
<tr>
<td align="right">Re-enter Password</td>
function editDisplay($nav1 = '')
{
if ($_SESSION["Privilege"] == "admin") {
#use session data if logged in as admin only
$myID = (int) $_SESSION['AdminID'];
} else {
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
}
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$sql = sprintf("select FirstName,LastName,Email,Privilege from " . PREFIX . "Admin WHERE AdminID=%d", $myID);
$result = @mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
if (mysqli_num_rows($result) > 0) {
//show results
while ($row = mysqli_fetch_array($result)) {
//dbOut() function is a 'wrapper' designed to strip slashes, etc. of data leaving db
$FirstName = dbOut($row['FirstName']);
$LastName = dbOut($row['LastName']);
$Email = dbOut($row['Email']);
$Privilege = dbOut($row['Privilege']);
}
} else {
//no records
//put links on page to reset form, exit
echo '
<p align="center"><h3>No such administrator.</h3></p>
<p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
';
}
$loadhead = '
<script type="text/javascript" src="' . VIRTUAL_PATH . 'include/util.js"></script>
<script type="text/javascript">
function checkForm(thisForm)
{//check form data for valid info
if(empty(thisForm.FirstName,"Please enter first name.")){return false;}
if(empty(thisForm.LastName,"Please enter last name.")){return false;}
if(!isEmail(thisForm.Email,"Please enter a valid Email Address")){return false;}
return true;//if all is passed, submit!
}
</script>
';
include INCLUDE_PATH . 'header.php';
echo '
<h1>Edit Administrator</h1>
<form action="' . ADMIN_PATH . THIS_PAGE . '" method="post" onsubmit="return checkForm(this);">
<table align="center">
<tr>
<td align="right">First Name</td>
<td>
<input type="text" autofocus required name="FirstName" value="' . $FirstName . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Last Name</td>
<td>
<input type="text" required name="LastName" value="' . $LastName . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Email</td>
<td>
<input type="email" required name="Email" value="' . $Email . '" />
<font color="red"><b>*</b></font>
</td>
</tr>
';
if ($_SESSION["Privilege"] == "developer" || $_SESSION["Privilege"] == "superadmin") {
# uses returnSelect() function to preload the select option
echo '
<tr>
<td align="right">Privilege</td>
<td>
';
#creates preloaded radio, select, checkbox set
$privileges = getENUM(PREFIX . 'Admin', 'Privilege', $iConn);
#grab all possible 'Privileges' from ENUM
echo returnSelect("select", "Privilege", $privileges, "", $privileges, ",");
echo '
</td>
</tr>';
} else {
echo '<input type="hidden" name="Privilege" value="' . $_SESSION["Privilege"] . '" />';
}
echo '
<input type="hidden" name="AdminID" value="', $myID . '" />
<input type="hidden" name="act" value="update" />
<tr>
<td align="center" colspan="2">
<input type="submit" value="Update Admin" />
<em>(<font color="red"><b>*</b> required field</font>)</em>
</td>
</tr>
</table>
</form>
<p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
';
@mysqli_free_result($result);
@mysqli_close($iConn);
include INCLUDE_PATH . 'footer.php';
}
<input type="text" name="LastName" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Email</td>
<td>
<input type="text" name="Email" />
<font color="red"><b>*</b></font>
</td>
</tr>
<tr>
<td align="right">Privilege:</td>
<td>
';
$privileges = getENUM(PREFIX . 'Admin', 'Privilege');
#grab all possible 'Privileges' from ENUM
createSelect("select", "Privilege", $privileges, "", $privileges, ",");
echo '
</td>
</tr>
<tr>
<td align="right">Password</td>
<td>
<input type="password" name="PWord1" />
<font color="red"><b>*</b></font>
<em>(6-20 alphanumeric chars)</em>
</td>
</tr>
<tr>
<td align="right">Re-enter Password</td>
