$message = $err->GenerateErrorLink("help/help.html", "#host_search", $defined['good'], "You are currently editing record #" . $group_id, NULL, NULL); } } } // check for form submission first if (!empty($_POST)) { // setup our form variables $group_name = $_POST['group_name']; $group_manager = $_POST['group_manager']; $group_contact = $_POST['group_contact']; $group_description = $_POST['group_description']; $group_id = $_POST['group_id']; // check for empty variables if (!empty($group_name) && !empty($group_manager) && !empty($group_description) && !empty($group_contact)) { // do some validation checks on submitted data if ($val->ValidateParagraph($group_name) !== -1 && $val->ValidatePhone($group_contact) !== -1 && $val->ValidateParagraph($group_description) !== -1 && $val->ValidateParagraph($group_manager) !== -1) { // setup our SQL statements for add, edit and deleting records $insert = "INSERT INTO `auth_groups` ( `group`, `manager`, `contact`, `description` ) VALUES ( \"" . $group_name . "\", \"" . $group_manager . "\", \"" . $group_contact . "\", \"" . $group_description . "\" )"; $update = "UPDATE `auth_groups` SET `group` = \"" . $group_name . "\", `contact` = \"" . $group_contact . "\", `description` = \"" . $group_description . "\", `manager` = \"" . $group_manager . "\" WHERE `id` = \"" . $group_id . "\" LIMIT 1"; $delete = "DELETE FROM `auth_groups` WHERE `id` = \"" . $group_id . "\" LIMIT 1"; // now perform a check to see which statement to use if (!empty($_POST['AddGroup'])) { $sql = $insert; } if (!empty($_POST['EditGroup'])) { $sql = $update; } if (!empty($_POST['DelGroup'])) { $sql = $delete; } // begin processing our SQL object
$user_group = $_POST['user_group']; $user_department = $_POST['user_department']; $user_contact = $_POST['user_contact']; $user_address = $_POST['user_address']; $user_phone = $_POST['user_phone']; $user_email = $_POST['user_email']; $user_pw_list = $_POST['user_pw_list']; $user_pw_1 = $_POST['user_pw_1']; $user_pw_2 = $_POST['user_pw_2']; $GenRandomPw = $_POST['GenRandomPw']; // check for our form type if (!empty($_POST['AddUser']) || !empty($_POST['EditUser']) || !empty($_POST['DelUser'])) { // check for empty variables if (!empty($user_username) && !empty($user_fname) && !empty($user_lname) && !empty($user_access_level) && !empty($user_group) && !empty($user_department) && !empty($user_fname) && !empty($user_lname) && !empty($user_phone) && !empty($user_email)) { // do some validation checks on submitted data if ($val->ValidateAlphaChar($user_username) !== -1 && $val->ValidateString($user_fname) !== -1 && $val->ValidateString($user_lname) !== -1 && $val->ValidateString($user_access_level) !== -1 && $val->ValidateString($user_group) !== -1 && $val->ValidateParagraph($user_department) !== -1 && $val->ValidateString($user_contact) !== -1 && $val->ValidatePhone($user_phone) !== -1 && $val->ValidateEmail($user_email) !== -1) { // leave the owner assignment alone if owner is not admin if ($group === "admin") { $group = $user_group; } // generate random password if this is a new user if (!empty($_POST['AddUser'])) { $user_password = $val->GenerateRandomPassword("12", "normal"); } // setup our SQL statements for add, edit and deleting records $insert = "INSERT INTO `auth_users` ( `username`, `password`, `level`, `group`, `dept`, `first`, `last`, `phone`, `email`, `ip`, `host`, `create_date`, `create_time`, `access_date`, `access_time`, `session`, `reset`, `owner` ) VALUES ( \"" . $user_username . "\", \"" . sha1($user_password) . "\", \"" . $user_access_level . "\", \"" . $user_group . "\", \"" . $user_deptartment . "\", \"" . $user_fname . "\", \"" . $user_lname . "\", \"" . $user_phone . "\", \"" . $user_email . "\", \"" . $user_ip . "\", \"" . $user_host . "\", \"" . $user_create_date . "\", \"" . $user_create_time . "\", \"" . $user_access_date . "\", \"" . $user_access_time . "\", \"" . $user_session . "\", \"TRUE\", \"" . $group . "\" )"; $update = "UPDATE `auth_users` SET `username` = \"" . $user_username . "\", `level` = \"" . $user_access_level . "\", `group` = \"" . $user_group . "\", `dept` = \"" . $user_department . "\", `first` = \"" . $user_fname . "\", `last` = \"" . $user_lname . "\", `phone` = \"" . $user_phone . "\", `email` = \"" . $user_email . "\", `ip` = \"" . $user_ip . "\", `host` = \"" . $user_host . "\", `owner` = \"" . $group . "\" WHERE `id` = \"" . $user_id . "\" LIMIT 1"; $delete = "DELETE FROM `auth_users` WHERE `id` = \"" . $user_id . "\" LIMIT 1"; // now perform a check to see which statement to use if (!empty($_POST['AddUser'])) { $sql = $insert;