function deleteUser($userid) { $query = mysql_query("SELECT type FROM users WHERE userid = {$userid}"); $type = @mysql_result($query, 0); $query = mysql_query("DELETE FROM users WHERE userid = {$userid} LIMIT 1") or die("DeleteFunction.php: Unable to delete selected User(s) - " . mysql_error()); switch ($type) { case "Teacher": // Get the list of teachers/substitutes that will also be deleted and delete them // $query = mysql_query("SELECT teacherid FROM teachers WHERE userid = {$userid}") or die("DeleteFunctions.php: Unable to get list of teachers to delete for deleteUser() - " . mysql_error()); while ($teacherid = mysql_fetch_row($query)) { deleteTeacher($teacherid[0]); } break; case "Student": // Get the list of students that will also be deleted and delete them // $query = mysql_query("SELECT studentid FROM students WHERE userid = {$userid}") or die("DeleteFunctions.php: Unable to get list of students to delete for deleteUser() - " . mysql_error()); while ($studentid = @mysql_result($query, 0)) { deleteStudent($studentid); } break; case "Parent": // Get the list of parents that will also be deleted and delete them // $query = mysql_query("SELECT parentid FROM parents WHERE userid = {$userid}") or die("DeleteFunctions.php: Unable to get list of parents to delete for deleteUser() - " . mysql_error()); while ($parentid = @mysql_result($query, 0)) { deleteParent($parentid); } break; case "Admin": // Get the list of administration staff that will also be deleted and delete them // $query = mysql_query("SELECT adminid FROM adminstaff WHERE userid = {$userid}") or die("DeleteFunctions.php: Unable to get list of admins to delete for deleteUser() - " . mysql_error()); while ($adminid = @mysql_result($query, 0)) { deleteAdmin($adminid); } break; } }
<?php require_once __DIR__ . "/../includes/init.php"; $pagename = "docenten"; checkSession(); checkIfAdmin(); if (isset($_GET['verwijderdocent'])) { $verwijder = $_GET['verwijderdocent']; deleteTeacher($verwijder); } if ($_SERVER["REQUEST_METHOD"] == "POST") { //**************** DOCENT TOEVOEGEN ******************// if (isset($_POST['submit_docent'])) { if (isset($_POST['voornaam'], $_POST['achternaam'], $_POST['afkorting'], $_POST['emailadres'])) { //checken of er geen lege waarden zijn ingevoerd if ($_POST['voornaam'] == "" or $_POST['achternaam'] == "" or $_POST['afkorting'] == "" or $_POST['emailadres'] == "") { $_SESSION['message'] = "Je moet alle gegevens invullen!"; } else { // overbodige ingevoerde spaties weghalen met functie trim $voornaam = filter_var(trim($_POST['voornaam']), FILTER_SANITIZE_STRING); $achternaam = filter_var(trim($_POST['achternaam']), FILTER_SANITIZE_STRING); $tussenvoegsel = filter_var($_POST['tussenvoegsel'], FILTER_SANITIZE_STRING); //tussenvoegsel mag spatie bevatten $docent_afkorting = filter_var(trim($_POST['afkorting']), FILTER_SANITIZE_STRING); $emailadres = filter_var(trim($_POST['emailadres']), FILTER_VALIDATE_EMAIL); if (!$emailadres) { $_SESSION['message'] = 'Voer een geldig e-mailadres in.'; } else { $role = 2; // is leraar $account_activated = 0;
} } // If all is good, insert the new teacher into the database // $query = mysql_query("INSERT INTO teachers (userid, fname, lname) VALUES( '{$_POST['username']}', '{$_POST['fname']}', '{$_POST['lname']}')") or die("ManageTeachers.php: Unable to insert new teacher - " . mysql_error()); } } // Edit the teacher if one is being edited // if ($_POST["editteacher"] == 1 && $_POST["fname"] != "" && $_POST["lname"] != "") { $query = mysql_query("UPDATE `teachers` SET `userid`='{$_POST['username']}', `fname`='{$_POST['fname']}', `lname`='{$_POST['lname']}' WHERE `teacherid`='{$_POST['teacherid']}' LIMIT 1") or die("Manageteachers.php: Unable to update the teacher information - " . mysql_error()); } // Delete the teacher(s) that the teacher has requested as well as the classes belonging to those teachers // if ($_POST["deleteteacher"] == 1) { require_once "DeleteFunctions.php"; $delete = $_POST["delete"]; for ($i = 0; $i < sizeof($delete); $i++) { deleteTeacher($delete[$i]); } } print "<script language='JavaScript'>\n\n // Function to make sure the teacher wants to delete the teacher(s) //\n function validate()\n {\n if( document.teachers.selectteacher.value > 0 )\n {\n\tvar confirmed = confirm(\"Are you sure you want to delete this teacher?\");\n\n\tif( confirmed == true )\n\t{\n\t document.teachers.submit();\n\t}\n }\n else\n {\n\talert('You must select a teacher to delete.');\n }\n }\n\n\n // Function to make sure only one checkbox has been selected //\n function checkboxes()\n {\n if( document.teachers.selectteacher.value == 1 )\n {\n\tdocument.teachers.submit();\n }\n else\n {\n\tif( document.teachers.selectteacher.value > 1 )\n\t{\n\t alert('You can only edit one teacher at a time.');\n\t}\n\telse\n\t{\n\t alert('You must select a teacher to edit.');\n\t}\n }\n }\n\n\n // Function to keep track of how many checkboxes are checked //\n function updateboxes(row)\n {\n row = row + 2;\n if(document.teachers.elements[row].checked)\n {\n\tdocument.teachers.selectteacher.value = Math.round(document.teachers.selectteacher.value) + 1;\n }\n else\n {\n\tdocument.teachers.selectteacher.value = Math.round(document.teachers.selectteacher.value) - 1;\n }\n }\n </script>\n\n <h1>Manage Teachers</h1>\n <br><br>\n <table align='center' width='400' cellspacing='0' cellpadding='0' border='0'>\n <tr>\n <td>\n <form name='teachers' action='./index.php' method='POST'>\n <input type='button' value='Add' onClick='document.teachers.page2.value=16;document.teachers.submit();'>\n <input type='button' value='Edit' onClick='document.teachers.page2.value=17;checkboxes();'>\n <input type='button' value='Delete' onClick='document.teachers.deleteteacher.value=1;validate();'>\n <br><br>\n <table cellspacing='0' width='400' cellpadding='8' class='dynamiclist'>\n <tr class='header'>\n\t<td> </td>\n\t<th>First Name</th>\n\t<th>Last Name</th>\n\t<th>Username</th>\n </tr>"; // Get the total number of teachers to know how many pages to have // $query = mysql_query("SELECT COUNT(*) FROM teachers") or die("ManageTeachers.php: Unable to retrieve total number of teachers - " . mysql_error()); $numrows = mysql_result($query, 0); $numpages = ceil($numrows / 25); if ($_POST["onpage"] == "") { $_POST["onpage"] = 1; } // Get and display the teachers // $query = mysql_query("SELECT t.teacherid,t.fname,t.lname,u.username FROM teachers t, users u WHERE t.userid = u.userid"); $row = 0; $actualrow = 0; while ($teacher = mysql_fetch_row($query)) {