function deleteVehiclePOST() { $vehicleID = $_POST['vehicleID']; deleteVehicleFromEvents($vehicleID); mysql_query("DELETE FROM vehicles WHERE vehicleID = '{$vehicleID}'"); exitVehicleScript(); }
function adminDisplayUserInfoPage() { $hashUsername = getCookie('ID'); $check = mysql_query("SELECT * FROM users WHERE sha256_user = '******'") or die(mysql_error()); $info = mysql_fetch_array($check); if ($info['admin'] != 1) { die("ERROR: You are not an admin."); } $username = $_GET['USER']; $check = mysql_query("SELECT * FROM users WHERE username = '******'") or die(mysql_error()); while ($info = mysql_fetch_array($check)) { if ($info['admin'] == 1) { die("ERROR: Not allowed to edit admin info"); } if (isset($_POST['submitEdit'])) { $storedMemberType = $info['member']; $postFname = addslashes($_POST['firstName']); $postLname = addslashes($_POST['lastName']); $postAddr1 = addslashes($_POST['address1']); $postAddr2 = addslashes($_POST['address2']); $postCity = addslashes($_POST['city']); $postState = addslashes($_POST['state']); $postZip = addslashes($_POST['zipCode']); $postHphone = addslashes($_POST['homePhone']); $postCphone = addslashes($_POST['cellPhone']); $postEmail = addslashes($_POST['email']); $postEcontact = addslashes($_POST['eContact']); $postEcPhone = addslashes($_POST['eContactPhone']); $postEcRel = addslashes($_POST['eContactRel']); $postClub = addslashes($_POST['club']); if ($storedMemberType == 0 || $storedMemberType == 2 || $storedMemberType == 3) { if ($postClub == "SCCNH") { $postMemberType = 2; } else { if ($postClub == "None") { $postMemberType = 0; } else { $postMemberType = 3; } } // Partner-member } else { if ($storedMemberType == 1) { $postClub = "SCCNH"; $postMemberType = 1; // SCCNH member (registered on-line) } } // now we insert it into the database $update = "UPDATE users SET \n fname='{$postFname}', \n lname='{$postLname}', \n addr1='{$postAddr1}', \n addr2='{$postAddr2}', \n city='{$postCity}', \n state='{$postState}', \n zip='{$postZip}', \n hphone='{$postHphone}',\n cphone='{$postCphone}',\n email='{$postEmail}',\n econtact='{$postEcontact}',\n econtact_phone='{$postEcPhone}',\n econtact_rel='{$postEcRel}',\n member='{$postMemberType}',\n club='{$postClub}'\n WHERE username='******'"; mysql_query($update); $check2 = mysql_query("SELECT * FROM users WHERE username = '******'") or die(mysql_error()); $info2 = mysql_fetch_array($check2); if ($info2 && !isUserInfoComplete($info2)) { mysql_close(); die("Required user info not complete. Please <a href=\"userinfo.php\">go back</a> to continue.</html>"); } else { mysql_close(); // echo "Saved?".$update."!"; // below lines must be html commented when working outside of php system or it will be interpreted and executed // reload the admin/user screen. echo "<script type=\"text/javascript\">parent.main_setBodyFrame('admin_users.php');\n"; // return to the user screen. echo "parent.main_popupWindowCancel();</script></body></html>"; } } else { if (isset($_POST['submitDelete'])) { // check for vehicles first... $vehcheck = mysql_query("SELECT * FROM vehicles WHERE userOwner = '{$username}'") or die(mysql_error()); while ($vehinfo = mysql_fetch_assoc($vehcheck)) { $qVehID = $vehinfo['vehicleID']; // first delete the owners vehicles from any events deleteVehicleFromEvents($qVehID); // then delete the vehicle. mysql_query("DELETE FROM vehicles WHERE vehicleID = '{$qVehID}'"); } // now delete the user mysql_query("DELETE FROM users WHERE username = '******'"); mysql_close(); // below lines must be html commented when working outside of php system or it will be interpreted and executed // reload the admin/user screen. echo "<script type=\"text/javascript\">parent.main_setBodyFrame('admin_users.php');\n"; // return to the user screen. echo "parent.main_popupWindowCancel();</script></body></html>"; } else { displayUserInfoForm($info); } } } }