$ReceivingIPTGroup = SQLClean($_POST["ReceivingIPTGroup"]);
}
if (!empty($_POST["Quantity"])) {
$Quantity = SQLClean($_POST["Quantity"]);
}
if (!empty($_POST["Description"])) {
$Description = SQLClean($_POST["Description"]);
}
if (!empty($_POST["Prereq"])) {
$Prereq = SQLClean($_POST["Prereq"]);
}
if (!empty($_POST["UnitPrice"])) {
$UnitPrice = SQLClean($_POST["UnitPrice"]);
}
if (!empty($_POST["FilePath"])) {
$FilePath = SQLClean($_POST["FilePath"]);
}
$Requestor = GetUserName();
// Check for duplicate name
$sql = 'SELECT WorkOrderName FROM WorkOrders WHERE WorkOrderName ="' . $WorkOrderName . '"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$error_msg = 'Unable to add new Work Order. Duplicate Work Order Name. (' . $WorkOrderName . ')';
log_msg($loc, $msg);
goto GenerateHtml;
}
// Build the sql to add workorder
$sql = 'INSERT INTO WorkOrders (WorkOrderName, DateNeeded, Priority, DayEstimate, Revision, Requestor, ' . 'Project, RequestingIPTGroup, ReceivingIPTGroup,RequestingIPTLeadApproval, AssignedIPTLeadApproval, ProjectOfficeApproval, DateRequested) ';
$sql .= ' VALUES(';
$sql .= ' "' . $WorkOrderName . '"';
$sql .= ', "' . $DateNeeded . '"';
function CreateNewUser($params)
{
global $config;
$loc = "userlib.php->CreateNewUser";
// Check inputs
if (!isset($params["LastName"]) || !isset($params["FirstName"]) || !isset($params["UserName"]) || !isset($params["Password"])) {
DieWithMsg($loc, "Required input keys not found.");
}
if (empty($params["LastName"])) {
return "Last name cannot be empty.";
}
if (empty($params["FirstName"])) {
return "First name cannot be empty.";
}
if (empty($params["UserName"])) {
return "Username cannot be empty.";
}
if (empty($params["Password"])) {
return "Password cannot be empty.";
}
$username = SqlClean($params["UserName"]);
$lastname = SqlClean($params["LastName"]);
$firstname = SqlClean($params["FirstName"]);
$nickname = "";
$title = "";
$badgeid = "";
$email = "";
$tags = "";
$active = false;
if (isset($params["NickName"])) {
$nickname = SQLClean($params["NickName"]);
}
if (isset($params["Title"])) {
$title = SQLClean($params["Title"]);
}
if (isset($params["BadgeID"])) {
$badgeid = SQLClean($params["BadgeID"]);
}
if (isset($params["Email"])) {
$email = SQLClean($params["Email"]);
}
if (isset($params["Tags"])) {
$tags = SQLClean($params["Tags"]);
}
if (isset($params["Active"])) {
$active = $params["Active"];
}
// Check for duplicate username.
$sql = 'SELECT UserID FROM Users WHERE UserName="******"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$msg = 'Unable to add new user. Duplicate username. (' . $username . ')';
log_msg($loc, $msg);
return $msg;
}
// Check for duplicate first/last name
$sql = 'SELECT UserID FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$msg = 'Unable to add new user. Duplicate first/last name. (' . $lastname . ', ' . $firstname . ')';
log_msg($loc, $msg);
return $msg;
}
// Check for invalid BadgeID.
if (!VerifyBadgeFormat($badgeid)) {
$msg = 'Bad Badge Format. Must be in form of "A000".';
log_msg($loc, $msg);
return $msg;
}
if (!blank($badgeid)) {
// Check for duplicate BadgeID
$sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$msg = 'Unable to add new user. Duplicate BadgeID. (' . $badgeid . ').';
log_msg($loc, $msg);
return $msg;
}
}
// Build the sql to add user.
$pwhash = crypt($params["Password"], $config["Salt"]);
$sql = 'INSERT INTO Users (UserName, PasswordHash, LastName, FirstName, NickName, ' . 'Title, BadgeID, Email, Tags, Active) ';
$sql .= ' VALUES(';
$sql .= ' "' . $username . '"';
$sql .= ', "' . $pwhash . '"';
$sql .= ', "' . $lastname . '"';
$sql .= ', "' . $firstname . '"';
$sql .= ', "' . $nickname . '"';
$sql .= ', "' . $title . '"';
$sql .= ', "' . $badgeid . '"';
$sql .= ', "' . $email . '"';
$sql .= ', "' . $tags . '"';
$sql .= ', ' . TFstr($active);
$sql .= ')';
$result = SqlQuery($loc, $sql);
log_msg($loc, array("New User added! Username="******"Full name= " . $lastname . ', ' . $firstname, "tags=" . $tags . ", Active=" . TFstr($active)));
return true;
}
function CreateNewUser($params)
{
global $config;
$loc = "userlib.php->CreateNewUser";
DenyGuest();
// Don't allow Guests to do this...
if (empty($params["LastName"])) {
return "Last name cannot be empty.";
}
if (empty($params["FirstName"])) {
return "First name cannot be empty.";
}
if (empty($params["UserName"])) {
return "Username cannot be empty.";
}
if (empty($params["PasswordHash"])) {
if (empty($params["Password"])) {
return "Password cannot be empty.";
}
}
$username = SqlClean($params["UserName"]);
$lastname = SqlClean($params["LastName"]);
$firstname = SqlClean($params["FirstName"]);
$nickname = "";
$title = "";
$email = "";
$tags = "";
$ipt = "";
$active = false;
if (isset($params["NickName"])) {
$nickname = SQLClean($params["NickName"]);
}
if (isset($params["Title"])) {
$title = SQLClean($params["Title"]);
}
if (isset($params["Email"])) {
$email = SQLClean($params["Email"]);
}
if (isset($params["Tags"])) {
$tags = SQLClean($params["Tags"]);
}
if (isset($params["IPT"])) {
$ipt = SqlClean($params["IPT"]);
}
if (isset($params["Active"])) {
$active = $params["Active"];
}
// Check for duplicate username.
$sql = 'SELECT UserID FROM Users WHERE UserName="******"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$msg = 'Unable to add new user. Duplicate username. (' . $username . ')';
log_msg($loc, $msg);
return $msg;
}
// Check for duplicate first/last name
$sql = 'SELECT UserID FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$msg = 'Unable to add new user. Duplicate first/last name. (' . $lastname . ', ' . $firstname . ')';
log_msg($loc, $msg);
return $msg;
}
// Build the sql to add user.
$pwhash = "";
if (!empty($params["PasswordHash"])) {
$pwhash = $params["PasswordHash"];
} else {
$pwhash = crypt($params["Password"], $config["Salt"]);
}
$sql = 'INSERT INTO Users (UserName, PasswordHash, LastName, FirstName, NickName, ' . 'Title, Email, Tags, IPT, Active) ';
$sql .= ' VALUES(';
$sql .= ' "' . $username . '"';
$sql .= ', "' . $pwhash . '"';
$sql .= ', "' . $lastname . '"';
$sql .= ', "' . $firstname . '"';
$sql .= ', "' . $nickname . '"';
$sql .= ', "' . $title . '"';
$sql .= ', "' . $email . '"';
$sql .= ', "' . $tags . '"';
$sql .= ', "' . $ipt . '"';
$sql .= ', ' . TFstr($active);
$sql .= ')';
$result = SqlQuery($loc, $sql);
log_msg($loc, array("New User added! Username="******"Full name= " . $lastname . ', ' . $firstname, "tags=" . $tags . ", Active=" . TFstr($active)));
return true;
}