function showUserEditor($userid, $add = FALSE)
{
$inputwidth = 200;
$selectwidth = $inputwidth;
$textareawidth = 300;
if (!$add) {
$user_details = mysql_query("SELECT * FROM `users` WHERE `id` = {$userid} LIMIT 1");
$user_details = mysql_fetch_object($user_details);
}
$years = mysql_query("SELECT `year` FROM `users_years`");
?>
<div style="margin-bottom: 10px;"><u>Edit User Details</u></div>
<form action="formsubmit.php" method="post">
<label for="new_username">Username:</label><input style="width: 200px;" id="new_username" name="new_username" type="text" maxlength="50" value="<?php
if (!$add) {
print $user_details->username;
}
?>
"><br>
<label for="new_password">Password:</label><input style="width: 200px;" id="new_password" name="new_password" type="password" maxlength="50"><br /><?php
if (!$add) {
print "(leave blank to keep current password)<br />";
}
?>
<label for="new_firstname">Firstname:</label><input style="width: 200px;" id="new_firstname" name="new_firstname" type="text" maxlength="50" value="<?php
if (!$add) {
print $user_details->firstname;
}
?>
"><br>
<label for="new_lastname">Surname:</label><input style="width: 200px;" id="new_lastname" name="new_lastname" type="text" maxlength="50" value="<?php
if (!$add) {
print $user_details->lastname;
}
?>
"><br>
<label for="new_email">E-Mail:<br />(leave blank for user@emaildomain defined in settings.)</label><input style="width: 200px;" id="new_email" name="new_email" type="text" maxlength="50" value="<?php
if (!$add) {
print $user_details->email;
}
?>
"><br>
<label for="new_year">Select Year:</label>
<select name="new_year" id="new_year" size="1" style="width: 200px;" onchange="updateGroupList('newuser');">
<option <?php
if ($add == "TRUE") {
print "selected=\"\"";
}
?>
disabled="">Select...</option>
<?php
while ($year = mysql_fetch_object($years)) {
print "<option ";
if (!$add && $user_details->year == $year->year) {
print "selected=\"\" ";
}
print "value=\"" . $year->year . "\">" . $year->year . "</option>\n";
}
?>
</select><br />
<div id="newuser_groupselect"><?php
if (!$add) {
$vars['year'] = $user_details->year;
$vars['group'] = $user_details->group_id;
$vars['newuser'] = "******";
showGroupList($vars);
}
?>
</div>
<label for="new_admin">Admin? Y for YES, N for NO</label><input style="width: 200px;" id="new_admin" name="new_admin" type="text" maxlength="1" <?php
if (!$add && $user_details->admin) {
print "value=\"Y\"";
}
?>
><br>
<?php
if (!$add) {
?>
<input name="userid" type="hidden" value="<?php
print $user_details->id;
?>
" />
<input type="submit" name="submit" onclick="return validateUserDetailsForm();" id="userdetailsubmit" value="Update User Details">
<a id="deletebtn" href="javascript:deleteUser('<?php
print $user_details->id;
?>
');"></a>
<?php
} else {
?>
<input class="sysbutton" type="submit" name="submit" onclick="return validateUserDetailsForm();" id="newusersubmit" value="Add New User">
<?php
}
?>
</form>
<?php
}
if (filter_has_var(INPUT_POST, "logout")) {
// 清除所有session
session_unset();
echo "<script>window.location = 'index.php'</script>";
} else {
if (isset($_SESSION["user_id"])) {
if (filter_has_var(INPUT_POST, "isAccept")) {
$isAccept = filter_input(INPUT_POST, "isAccept");
$user_id = filter_input(INPUT_POST, "user_id");
$group_id = filter_input(INPUT_POST, "group_id");
joinApprove($isAccept, $user_id, $group_id);
}
if (needApproveJoinGroup()) {
showJoinApprove();
} else {
showGroupList();
}
} else {
echo "<script>window.location = 'index.php'</script>";
}
}
function joinApprove($isAccept, $user_id, $group_id)
{
try {
$pdo = new PDO("mysql:host=" . DBHOST . "; port=" . DBPORT . "; dbname=" . DBNAME, DBUSER, DBPASS);
//$pdo = new PDO("mysql:host=localhost; dbname=pray","pray", "pray");
// 把用户加入到组成员中
if ($isAccept) {
$smt = $pdo->prepare("INSERT INTO groupMember VALUES (NULL, ?, ?, 0)");
$smt->bindParam(1, $user_id);
$smt->bindParam(2, $group_id);
showAdminPane($_REQUEST);
break;
case "getactivity":
getActivityByID($_REQUEST['actid']);
break;
case "deleteactivity":
deleteActivity($_REQUEST['actid']);
break;
case "deletebooking":
deleteBooking($_REQUEST['uid']);
break;
case "generateuserlist":
showUserList($_REQUEST);
break;
case "generategrouplist":
showGroupList($_REQUEST);
break;
case "editbooking":
editBooking($_REQUEST['userid']);
break;
case "getpaperwork":
getPaperworkByID($_REQUEST['papid']);
break;
case "deletepaperwork":
deletePaperwork($_REQUEST['papid']);
break;
case "loadyearrecopts":
display_year_recognition();
break;
case "updateuseryearrec":
updateUserYearRecognition($_REQUEST);
