function confirm($_POST)
{
# get vars
foreach ($_POST as $key => $value) {
${$key} = $value;
}
# validate input
require_lib("validate");
$v = new validate();
$v->isOk($password, "string", 1, 20, "Invalid password.");
$v->isOk($passwd, "string", 1, 20, "Invalid new password.");
$v->isOk($passwd2, "string", 1, 20, "Invalid new password.");
$v->pwMatch($passwd, $passwd2, "New Passwords do not match.");
# display errors, if any
if ($v->isError()) {
$confirm = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$confirm .= "<li class=err>-" . $e["msg"] . "<br>";
}
return $confirm . "</li>" . view();
}
# Make MD#5 of old password
$MD5_PASS = md5($password);
db_connect();
$sql = "SELECT * FROM users WHERE username = '******'";
$rslt = db_exec($sql) or errDie("Unable to insert stock category to Cubit.", SELF);
$user = pg_fetch_array($rslt);
if ($MD5_PASS != $user['password']) {
return "<li class=err> - Invalid Old Password</li>" . view();
}
// Layout
$confirm = "<h3>Change Password</h3>\r\n\t<h4>Confirm entry</h4>\r\n\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "'>\r\n\t<form action='" . SELF . "' method=post>\r\n\t<input type=hidden name=key value=write>\r\n\t<input type=hidden name=password value='{$password}'>\r\n\t<input type=hidden name=passwd value='{$passwd}'>\r\n\t<tr><th width=40%>Field</th><th width=60%>Value</th></tr>\r\n\t<tr class='bg-odd'><td>Username</td><td>" . USER_NAME . "</td></tr>\r\n\t<tr class='bg-odd'><td>New Password</td></td><td>******</td></tr>\r\n\t<tr><td><br></td></tr>\r\n\t<tr><td></td><td align=right><input type=submit value='Write »'></td></tr>\r\n\t</form>\r\n\t</table>\r\n\t<p>\r\n\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width=100>\r\n\t\t<tr><th>Quick Links</th></tr>\r\n\t\t<tr class='bg-odd'><td><a href='main.php'>Main Menu</a></td></tr>\r\n\t</table>";
return $confirm;
}
function confirmUser($_POST)
{
extract($_POST);
# validate input
require_lib("validate");
$v = new validate();
$v->isOk($oldusrnme, "string", 1, 20, "Invalid old username.");
$v->isOk($username, "string", 1, 20, "Invalid username.");
$v->isOk($chgpass, "string", 2, 3, "Tempering with 'change pass' detected.");
# change to upper case
$chgpass = strtoupper($chgpass);
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "<li class='err'>" . $e["msg"] . "</li>";
}
$theseErrors .= "\n\t\t\t<p>\n\t\t\t<input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>Quick Links</th>\n\t\t\t\t</tr>\n\t\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t\t</table>";
return $theseErrors;
}
$OUTPUT = "";
db_conn("cubit");
if ($chgpass == "YES") {
$v->isOk($password, "string", 1, 20, "Invalid password.");
$v->isOk($password2, "string", 1, 20, "Invalid password.");
$v->pwMatch($password, $password2, "Passwords do not match.");
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "<li class='err'>" . $e["msg"] . "</li>";
}
$theseErrors .= "<p><input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>";
return $theseErrors;
}
# make MD#5 of new password
$MD5_PASS = md5($password);
} else {
$sql = db_exec("SELECT password FROM users WHERE username='******'");
if (pg_num_rows($sql) < 1) {
errDie("No such user :/", SELF);
}
$MD5_PASS = pg_result($sql, 0, 0);
}
$_POST['MD5_PASS'] = $MD5_PASS;
$_POST['empnum'] = $empnum;
$_POST['tool'] = $tool;
// write user
$OUTPUT .= writeUser($_POST);
db_connect();
#we only remove the department that the user selected ...
$get_dept_scripts = "SELECT script FROM deptscripts WHERE dept = '{$old_dept}'";
$run_dept_scripts = db_exec($get_dept_scripts) or errDie("Unable to get department script information.");
if (pg_numrows($run_dept_scripts) < 1) {
#no scripts for this department
} else {
while ($ddarr = pg_fetch_array($run_dept_scripts)) {
$Sql = "DELETE FROM userscripts WHERE username='******' AND script = '{$ddarr['script']}'";
$Ex = db_exec($Sql) or errDie("Unable to clear old user script permissions.");
}
}
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'top_menu.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'getimg.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary-day.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary-day.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'todo.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index_die.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
// $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index-services.php', '".USER_DIV."')";
// $Ex = db_exec ($Sql) or errDie ("Unable to add user to database.");
#add permissions from this department
if (isset($perm) and $perm != '') {
foreach ($perm as $key => $value) {
$sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$value}', '" . USER_DIV . "')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
#add whole department if they were selected
if (isset($deps)) {
foreach ($deps as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$depscr['script']}', '" . USER_DIV . "')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
}
#remove whole departments if they were selected
if (isset($depsrem)) {
foreach ($depsrem as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "DELETE FROM userscripts WHERE username='******' AND script='{$depscr['script']}'";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
}
// Provide some info on status
$OUTPUT = "\n\t\t<table " . TMPL_tblDflts . " width='50%'>\n\t\t\t<tr>\n\t\t\t\t<th>Committed changes to user</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>User, {$username}, was successfully edited.</td>\n\t\t\t</tr>\n\t\t</table>";
$OUTPUT .= editUser($_POST);
return $OUTPUT;
}
function writeUser($_POST)
{
# get vars
foreach ($_POST as $key => $value) {
${$key} = $value;
}
# validate input
require_lib("validate");
$v = new validate();
$v->isOk($username, "string", 1, 20, "Invalid user name.");
$v->isOk($password, "string", 6, 20, "Invalid password.");
$v->isOk($password2, "string", 6, 20, "Invalid password 2.");
$v->pwMatch($password, $password2, "Passwords do not match.");
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "<li class=err>" . $e["msg"];
}
$theseErrors .= "<p><input type=button onClick='JavaScript:history.back();' value='« Correct submission'>";
return $theseErrors;
}
# connect to db
db_connect();
# exit if user exists
$sql = "SELECT username FROM users WHERE username='******'";
$usrRslt = db_exec($sql) or errDie("Unable to check database for existing username.");
if (pg_numrows($usrRslt) > 0) {
return "User, {$username}, already exists in database.";
}
# get md5 hash of password
$password = md5($password);
$sql = "INSERT INTO users (username, password) VALUES ('{$username}', '{$password}')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
# write defualt permissions
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'new_con.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'die_day.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'req_gen.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'die_one.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'die_view.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_cons.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_reqs.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'view_req.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
# write permissions
if (isset($perm)) {
foreach ($perm as $key => $value) {
$sql = "SELECT script FROM deptscripts WHERE dept = '{$value}'";
$depRs = db_exec($sql);
while ($depscr = pg_fetch_array($depRs)) {
$sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', '{$depscr['script']}')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
}
}
}
# status report
$writeUser = "******" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width='50%'>\r\n <tr><th>New user added to database</th></tr>\r\n <tr class=datacell><td>New user, {$username}, was successfully added to Cubit.</td></tr>\r\n </table>\r\n <p>\r\n <tr>\r\n <table border=0 cellpadding='2' cellspacing='1'>\r\n <tr><th>Quick Links</th></tr>\r\n <tr bgcolor='#88BBFF'><td><a href='admin-usradd.php'>Add another user</a></td></tr>\r\n <script>document.write(getQuicklinkSpecial());</script>\r\n <tr bgcolor='#88BBFF'><td><a href='main.php'>Main Menu</a></td></tr>\r\n </tr>";
return $writeUser;
}
function writeUser($_POST)
{
# get vars
foreach ($_POST as $key => $value) {
${$key} = $value;
}
# validate input
require_lib("validate");
$v = new validate();
$v->isOk($div, "num", 1, 20, "Invalid Branch.");
$v->isOk($username, "string", 1, 20, "Invalid user name.");
$v->isOk($password, "string", 1, 20, "Invalid password.");
//$v->isOk ($tool, "string", 1, 3, "Invalid tooltips selection.");
if ($postype != 'P' && $postype != 'S') {
$v->addError("", "Invalid POS user.");
}
$v->isOk($username, "string", 1, 20, "Invalid user name.");
$username2 = str_replace(" ", "", $username);
if (strlen($username) > strlen($username2)) {
$v->addError("", "Error : user name must not contain spaces.");
}
$v->isOk($div, "num", 1, 20, "Invalid Branch.");
$v->isOk($password, "string", 1, 20, "Invalid password.");
if ($postype != 'P' && $postype != 'S') {
$v->addError("", "Invalid POS user.");
}
if (isset($f1)) {
$v->isOk($password2, "string", 1, 20, "Invalid password 2.");
$v->pwMatch($password, $password2, "Passwords do not match.");
}
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "-" . $e["msg"] . "<br>";
}
$theseErrors = "<tr><td class=err colspan=2>{$theseErrors}</td></tr>\n\t\t<tr><td colspan=2><br></td></tr>";
return enterUser($username, $postype, $manager == "Yes" ? true : false, $theseErrors);
exit;
}
# connect to db
db_connect();
if (!isset($admin)) {
$admin = 0;
}
if (isset($f2)) {
# exit if user exists
$sql = "SELECT username FROM users WHERE username='******'";
$usrRslt = db_exec($sql) or errDie("Unable to check database for existing username.");
if (pg_numrows($usrRslt) > 0) {
return "User, {$username}, already exists in database.";
}
# get md5 hash of password
$password = md5($password);
if ($manager == "Yes") {
$abo = 1000;
} else {
$abo = 0;
}
$sql = "INSERT INTO users (username, password, services_menu, admin,div, usertype,abo)\n\t\tVALUES ('{$username}', '{$password}', 'L', {$admin}, '{$div}', '{$postype}','{$abo}')";
$nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database.");
} else {
// update the admin variable
db_exec("UPDATE users SET admin={$admin} WHERE username='******'");
}
$Sql = "DELETE FROM userscripts WHERE username='******'";
$Ex = db_exec($Sql);
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'top_menu.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary-day.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary-day.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'todo.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-services.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-new.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-slip.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-print.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
$Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-sales.php')";
$Ex = db_exec($Sql) or errDie("Unable to add user to database.");
# status report
$writeUser = "******" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width='50%'>\n <tr><th>New user added to database</th></tr>\n <tr class=datacell><td>New user, {$username}, was successfully added to Cubit.</td></tr>\n </table>\n <p>\n <tr>\n <table border=0 cellpadding='2' cellspacing='1'>\n <tr><th>Quick Links</th></tr>\n <tr bgcolor='#88BBFF'><td><a href='" . SELF . "'>Add another user</a></td></tr>\n <tr bgcolor='#88BBFF'><td><a href='main.php'>Main Menu</a></td></tr>\n </tr>";
return $writeUser;
}
function confirmUser($_POST)
{
# Get vars
extract($_POST);
# validate input
require "libs/validate.lib.php";
$v = new validate();
$v->isOk($username, "string", 1, 20, "Invalid user name.");
$username2 = str_replace(" ", "", $username);
if (strlen($username) > strlen($username2)) {
$v->isOk($username, "num", 0, 0, "Error : user name must not contain spaces.");
}
$v->isOk($div, "num", 1, 20, "Invalid Branch.");
$v->isOk($password, "string", 1, 20, "Invalid password.");
if (isset($f1)) {
$v->isOk($password2, "string", 1, 20, "Invalid password 2.");
$v->pwMatch($password, $password2, "Passwords do not match.");
}
$v->isOk($tool, "string", 1, 3, "Invalid tooltips selection.");
$v->isOk($ispos, "string", 1, 3, "Invalid POS user selection.");
# display errors, if any
if ($v->isError()) {
$theseErrors = "";
$errors = $v->getErrors();
foreach ($errors as $e) {
$theseErrors .= "-" . $e["msg"] . "<br>";
}
$theseErrors = "\n\t\t<tr>\n\t\t\t<td class='err' colspan='2'>{$theseErrors}</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td colspan='2'><br></td>\n\t\t</tr>";
return enterUser($username, $theseErrors);
exit;
}
if (!isset($dept_sel)) {
$dept_sel = "0";
}
# Get branch name
db_connect();
$sql = "SELECT branname FROM branches WHERE div = '{$div}'";
$branRslt = db_exec($sql);
$bran = pg_fetch_array($branRslt);
if (isset($f1)) {
$ex = "<input type='hidden' name='f2' value=''>";
# exit if user exists
$sql = "SELECT username FROM users WHERE username = '******'";
$usrRslt = db_exec($sql) or errDie("Unable to check cubit for existing username.");
if (pg_numrows($usrRslt) > 0) {
return "\n\t\t\t\t<li class='err'>User, {$username}, already exists in cubit.</li>\n\t\t\t\t<br>\n\t\t\t\t" . mkQuickLinks(ql("admin-usradd.php", "Add New User"));
}
} else {
$ex = "";
}
require "locale_codes.php";
$ar_locale = explode("_", $locale);
// Retrieve the name of the langauge
foreach ($ar_languages as $lang_name => $lang_code) {
if ($ar_locale[0] == $lang_code) {
$language = $lang_name;
}
}
// Retrieve the name of the country
foreach ($ar_countries as $country_name => $country_code) {
if ($ar_locale[1] == $country_code) {
$country = $country_name;
}
}
if ($empnum) {
$sql = "SELECT sname, fnames, enum FROM cubit.employees WHERE empnum='{$empnum}'";
$emp_rslt = db_exec($sql) or errDie("Unable to retrieve employee.");
$emp_data = pg_fetch_array($emp_rslt);
$employee = "{$emp_data['sname']} {$emp_data['fnames']} - {$emp_data['enum']}";
} else {
$employee = "[None]";
}
if (isset($payroll_group) and is_array($payroll_group)) {
$sendpayroll = "";
foreach ($payroll_group as $each) {
$sendpayroll .= "<input type='hidden' name='payroll_group[]' value='{$each}'>";
}
}
$confirmUser = "******" . TMPL_tblDflts . ">\n\t\t<form action='" . SELF . "' method='POST' name='form'>\n\t\t\t<input type='hidden' name='key' value='write'>\n\t\t\t<input type='hidden' name='username' value='{$username}'>\n\t\t\t<input type='hidden' name='div' value='{$div}'>\n\t\t\t<input type='hidden' name='password' value='{$password}'>\n\t\t\t<input type='hidden' name='locale' value='{$locale}'>\n\t\t\t<input type='hidden' name='tool' value='{$tool}'>\n\t\t\t<input type='hidden' name='ispos' value='{$ispos}'>\n\t\t\t<input type='hidden' name='empnum' value='{$empnum}' />\n\t\t\t<input type='hidden' name='old_dept' value='{$dept_sel}' />\n\t\t\t{$sendpayroll}\n\t\t\t{$ex}\n\t\t\t<tr>\n\t\t\t\t<th>Field</th>\n\t\t\t\t<th>Value</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Username</td>\n\t\t\t\t<td>{$username}</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Password</td>\n\t\t\t\t<td>*</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Locale</td>\n\t\t\t\t<td>{$language} ({$country})</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Show Tooltips</td>\n\t\t\t\t<td>{$tool}</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>POS User</td>\n\t\t\t\t<td>{$ispos}</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Employee</td>\n\t\t\t\t<td>{$employee}</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td><br></td>\n\t\t\t</tr>\n\t\t</table>";
if ($ispos == 'No') {
// add the department selection
$confirmUser .= "\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>User Settings</th>\n\t\t\t\t</tr>";
// create the administrator setting
$rslt = db_exec("SELECT admin FROM users WHERE username='******' ");
if (pg_num_rows($rslt) == 0 || pg_result($rslt, 0, 0) == 0) {
$Ch = "";
} else {
$Ch = "checked";
}
$confirmUser .= "\n\t\t\t<tr bgcolor=" . bgcolorg() . ">\n\t\t\t\t<td><input {$Ch} type='checkbox' name='admin' value='1'> ADMINISTRATOR</td>\n\t\t\t</tr>";
$confirmUser .= "\n\t\t\t</table>\n\t\t\t<br>";
// add the department selection
$confirmUser .= "\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<td align='right' colspan='3'><input type='submit' name='doneBtn' value='Done »'></td>\n\t\t\t\t</tr>\n\t\t\t\t" . TBL_BR . "\n\t\t\t</table>\n\t\t\t<br>";
$get_depts = "SELECT * FROM depts ORDER BY dept";
$run_depts = db_exec($get_depts) or errDie("Unable to get department information.");
if (pg_numrows($run_depts) < 1) {
return "<li class='err'>No Department Information Found.</li>";
} else {
$department_drop = "<select name='dept_sel' onChange='document.form.submit()'>";
$department_drop .= "<option value='0'>Select Department</option>";
while ($darr = pg_fetch_array($run_depts)) {
if ($dept_sel == $darr['deptid']) {
$department_drop .= "<option value='{$darr['deptid']}' selected>{$darr['dept']}</option>";
} else {
$department_drop .= "<option value='{$darr['deptid']}'>{$darr['dept']}</option>";
}
}
$department_drop .= "</select>";
}
$confirmUser .= "\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>Select Department</th>\n\t\t\t\t</tr>\n\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t<td>{$department_drop}</td>\n\t\t\t\t</tr>\n\t\t\t\t" . TBL_BR . "\n\t\t\t</table>";
$confirmUser .= "\n\t\t\t<table " . TMPL_tblDflts . " width='65%'>\n\t\t\t\t<tr>\n\t\t\t\t\t<th colspan='4'>Select user Permissions</th>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td valign='top' colspan='2'>\n\t\t\t\t\t\t<table width='100%' cellpadding='1' cellspacing='1'>";
db_connect();
$sql = "SELECT * FROM depts WHERE deptid = '{$dept_sel}'";
$rslt = db_exec($sql);
$i = 0;
while ($dep = pg_fetch_array($rslt)) {
$confirmUser .= "\n\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t<td colspan='2'><input type='submit' name='deps[{$dep['deptid']}]' value='Add'><input type='submit' name='depsrem[{$dep['deptid']}]' value='Remove'> {$dep['dept']}</td>\n\t\t\t\t</tr>";
$sql = "SELECT * FROM deptscripts WHERE dept='{$dep['deptid']}' ORDER BY script";
$srslt = db_exec($sql);
$i++;
// Remove checked = yes on the $confirmUser line in this while loop
while ($scr = pg_fetch_array($srslt)) {
$Tp['script'] = $scr['scriptname'];
$Sql = "SELECT script FROM userscripts WHERE username='******' and script='{$scr['script']}' LIMIT 1";
$Ex = db_exec($Sql);
if (pg_numrows($Ex) > 0) {
$Ch = "checked";
} else {
$Ch = "";
}
$Tp['script'] = strtoupper($Tp['script']);
$confirmUser .= "\n\t\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t\t<td colspan='2'>\n\t\t\t\t\t\t\t<table>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>.....</td>\n\t\t\t\t\t\t\t\t\t<td><input type='checkbox' name='perm[]' {$Ch} value='{$scr['script']}'></td>\n\t\t\t\t\t\t\t\t\t<td>{$Tp['script']}</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>";
}
$confirmUser .= "<tr class='" . bg_class() . "'><td colspan=2><br></td></tr>";
if ($i == "9") {
$confirmUser .= "\n\t\t\t\t\t\t</table>\n\t\t\t\t\t</td>\n\t\t\t\t\t<td valign='top'>\n\t\t\t\t\t\t<table width='100%' cellpadding='1' cellspacing='1'>";
}
}
}
$confirmUser .= "\n\t\t\t\t\t</table>\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td align='right' colspan='3'><input type='submit' name='doneBtn' value='Done »'></td>\n\t\t\t</tr>\n\t\t</form>\n\t\t</table>\n\t\t<p>\n\t\t<table " . TMPL_tblDflts . ">\n\t\t\t<tr>\n\t\t\t\t<th>Quick Links</th>\n\t\t\t</tr>\n\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t</table>";
return $confirmUser;
}
