$title = 'Add Administrator';
#Fills <title> tag
//END CONFIG AREA ----------------------------------------------------------
$access = "superadmin";
#superadmin or above can add new administrators
include_once INCLUDE_PATH . 'admin_only_inc.php';
#session protected page - level is defined in $access var
if (isset($_POST['Email'])) {
# if Email is set, check for valid data
if (!onlyEmail($_POST['Email'])) {
//data must be valid email
feedback("Data entered for email is not valid", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Password must contain letters and numbers only.", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
$params = array('FirstName', 'LastName', 'PWord1', 'Email', 'Privilege');
#required fields
if (!required_params($params)) {
//abort - required fields not sent
feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$FirstName = dbIn($_POST['FirstName'], $iConn);
function updateExecute()
{
global $config;
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$myID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "warning");
myRedirect($config->adminReset);
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for password must be alphanumeric only");
myRedirect(THIS_PAGE);
}
$myConn = conn('', FALSE);
$redirect = $config->adminReset;
# global var used for following formReq redirection on failure
$AdminID = formReq('AdminID');
# calls dbIn internally, to check form data
$AdminPW = formReq('PWord1');
# SHA() is the MySQL function that encrypts the password
$sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID);
@mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR));
//feedback success or failure of insert
if (mysql_affected_rows($myConn) > 0) {
feedback("Password Successfully Reset!", "notice");
} else {
feedback("Password NOT Reset! (or not changed from original value)");
}
get_header();
echo '
<div align="center"><h3>Reset Administrator Password</h3></div>
<div align="center"><a href="' . $config->adminReset . '">Reset More</a></div>
<div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div>
';
get_footer();
}
function updateExecute($nav1 = '')
{
$params = array('AdminID', 'PWord1');
#required fields
if (!required_params($params)) {
//abort - required fields not sent
feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) {
$AdminID = (int) $_POST['AdminID'];
#Convert to integer, will equate to zero if fails
} else {
feedback("AdminID not numeric", "warning");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for password must be alphanumeric only");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
$iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error()));
$AdminPW = dbIn($_POST['PWord1'], $iConn);
# SHA() is the MySQL function that encrypts the password
$sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID);
@mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn)));
//feedback success or failure of insert
if (mysqli_affected_rows($iConn) > 0) {
feedback("Password Successfully Reset!", "notice");
} else {
feedback("Password NOT Reset! (or not changed from original value)");
}
@mysqli_close($iConn);
include INCLUDE_PATH . 'header.php';
echo '
<p align="center"><h3>Reset Administrator Password</h3></p>
<p align="center"><a href="' . ADMIN_PATH . THIS_PAGE . '">Reset More</a></p>
<p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p>
';
include INCLUDE_PATH . 'footer.php';
}
