include_once '../permission.php'; include_once ROOT_DIR . '/database/dbUserProfile.php'; $errors = array(); if (isset($_POST['form_token']) && validateTokenField($_POST)) { //post data was valid perform the functions } else { if (isset($_POST['form_token']) && !validateTokenField($_POST)) { //invalid token, display error } else { if (isset($_GET['view']) && isset($_GET['group']) && isAjax()) { //if it is a GET ajax request then do the following $user_profile_id = sanitize($_GET['view']); $user_category = sanitize($_GET['group']); switch ($user_category) { case 'RMH Administrator': $profileObjArray = retrieve_UserProfile_RMHAdmin($user_profile_id); $profileObj = is_array($profileObjArray) ? current($profileObjArray) : false; if ($profileObj) { $profile = array('Username' => $profileObj->get_usernameId(), 'Category' => $profileObj->get_userCategory(), 'Name' => $profileObj->get_rmhStaffTitle() . ' ' . $profileObj->get_rmhStaffFirstName() . ' ' . $profileObj->get_rmhStaffLastName(), 'Phone' => $profileObj->get_rmhStaffPhone(), 'Email' => $profileObj->get_userEmail()); } else { $errors['invalid_profile'] = "Could not retrieve profile information"; } break; case 'RMH Staff Approver': $profileObj = retrieve_UserProfile_RMHApprover_OBJ($user_profile_id); if ($profileObj) { $profile = array('Username' => $profileObj->get_usernameId(), 'Category' => $profileObj->get_userCategory(), 'Name' => $profileObj->get_rmhStaffTitle() . ' ' . $profileObj->get_rmhStaffFirstName() . ' ' . $profileObj->get_rmhStaffLastName(), 'Phone' => $profileObj->get_rmhStaffPhone(), 'Email' => $profileObj->get_userEmail()); } else { $errors['invalid_profile'] = "Could not retrieve profile information"; } break;
function S_WorkerUpdate() { $user_profile_id = sanitize($_GET['view']); if (isset($_POST['go'])) { $profileObjArray = retrieve_UserProfile_RMHAdmin($user_profile_id); $profileObj = is_array($profileObjArray) ? current($profileObjArray) : false; if ($profileObj) { $profileObj->set_usernameId($_POST["SW_Username"]); $profileObj->set_userCategory($_POST["SW_Category"]); $profileObj->set_userEmail($_POST["SW_Email"]); $ReturnValue = update_UserProfile($user_profile_id); if ($ReturnValue) { $profileObj->set_swTitle($_POST["SW_Title"]); $profileObj->set_swFirstName($_POST["SW_FirstName"]); $profileObj->set_swLastName($_POST["SW_LastName"]); $profileObj->set_swPhone($_POST["SW_Phone"]); $ReturnValue1 = update_SocialWorkerProfile($user_profile_id); if ($ReturnValue1) { header('Location: admin/listUsers.php'); } else { $errors['invalid_profile'] = "Could not complete request"; } } else { $errors['invalid_profile'] = "Could not update admin information"; } } else { $errors['invalid_profile'] = "Could not update profile information"; } } }
function retrieveCurrentUserProfile() { //since access level is stored in the session, use that to find the user category //1 is for social worker //2 is for staff approver //3 is for admin //if there is a db function available for this, this function is not needed $accessLevel = getUserAccessLevel(); $userProfileId = getUserProfileID(); switch ($accessLevel) { case 1: return retrieve_UserProfile_SW_OBJ($userProfileId); break; case 2: return retrieve_UserProfile_RMHApprover_OBJ($userProfileId); break; case 3: $userProfile = retrieve_UserProfile_RMHAdmin($userProfileId); return is_array($userProfile) ? current($userProfile) : false; break; default: return false; break; } }