function showUserEditor($userid, $add = FALSE) { $inputwidth = 200; $selectwidth = $inputwidth; $textareawidth = 300; if (!$add) { $user_details = mysql_query("SELECT * FROM `users` WHERE `id` = {$userid} LIMIT 1"); $user_details = mysql_fetch_object($user_details); } $years = mysql_query("SELECT `year` FROM `users_years`"); ?> <div style="margin-bottom: 10px;"><u>Edit User Details</u></div> <form action="formsubmit.php" method="post"> <label for="new_username">Username:</label><input style="width: 200px;" id="new_username" name="new_username" type="text" maxlength="50" value="<?php if (!$add) { print $user_details->username; } ?> "><br> <label for="new_password">Password:</label><input style="width: 200px;" id="new_password" name="new_password" type="password" maxlength="50"><br /><?php if (!$add) { print "(leave blank to keep current password)<br />"; } ?> <label for="new_firstname">Firstname:</label><input style="width: 200px;" id="new_firstname" name="new_firstname" type="text" maxlength="50" value="<?php if (!$add) { print $user_details->firstname; } ?> "><br> <label for="new_lastname">Surname:</label><input style="width: 200px;" id="new_lastname" name="new_lastname" type="text" maxlength="50" value="<?php if (!$add) { print $user_details->lastname; } ?> "><br> <label for="new_email">E-Mail:<br />(leave blank for user@emaildomain defined in settings.)</label><input style="width: 200px;" id="new_email" name="new_email" type="text" maxlength="50" value="<?php if (!$add) { print $user_details->email; } ?> "><br> <label for="new_year">Select Year:</label> <select name="new_year" id="new_year" size="1" style="width: 200px;" onchange="updateGroupList('newuser');"> <option <?php if ($add == "TRUE") { print "selected=\"\""; } ?> disabled="">Select...</option> <?php while ($year = mysql_fetch_object($years)) { print "<option "; if (!$add && $user_details->year == $year->year) { print "selected=\"\" "; } print "value=\"" . $year->year . "\">" . $year->year . "</option>\n"; } ?> </select><br /> <div id="newuser_groupselect"><?php if (!$add) { $vars['year'] = $user_details->year; $vars['group'] = $user_details->group_id; $vars['newuser'] = "******"; showGroupList($vars); } ?> </div> <label for="new_admin">Admin? Y for YES, N for NO</label><input style="width: 200px;" id="new_admin" name="new_admin" type="text" maxlength="1" <?php if (!$add && $user_details->admin) { print "value=\"Y\""; } ?> ><br> <?php if (!$add) { ?> <input name="userid" type="hidden" value="<?php print $user_details->id; ?> " /> <input type="submit" name="submit" onclick="return validateUserDetailsForm();" id="userdetailsubmit" value="Update User Details"> <a id="deletebtn" href="javascript:deleteUser('<?php print $user_details->id; ?> ');"></a> <?php } else { ?> <input class="sysbutton" type="submit" name="submit" onclick="return validateUserDetailsForm();" id="newusersubmit" value="Add New User"> <?php } ?> </form> <?php }
if (filter_has_var(INPUT_POST, "logout")) { // 清除所有session session_unset(); echo "<script>window.location = 'index.php'</script>"; } else { if (isset($_SESSION["user_id"])) { if (filter_has_var(INPUT_POST, "isAccept")) { $isAccept = filter_input(INPUT_POST, "isAccept"); $user_id = filter_input(INPUT_POST, "user_id"); $group_id = filter_input(INPUT_POST, "group_id"); joinApprove($isAccept, $user_id, $group_id); } if (needApproveJoinGroup()) { showJoinApprove(); } else { showGroupList(); } } else { echo "<script>window.location = 'index.php'</script>"; } } function joinApprove($isAccept, $user_id, $group_id) { try { $pdo = new PDO("mysql:host=" . DBHOST . "; port=" . DBPORT . "; dbname=" . DBNAME, DBUSER, DBPASS); //$pdo = new PDO("mysql:host=localhost; dbname=pray","pray", "pray"); // 把用户加入到组成员中 if ($isAccept) { $smt = $pdo->prepare("INSERT INTO groupMember VALUES (NULL, ?, ?, 0)"); $smt->bindParam(1, $user_id); $smt->bindParam(2, $group_id);
showAdminPane($_REQUEST); break; case "getactivity": getActivityByID($_REQUEST['actid']); break; case "deleteactivity": deleteActivity($_REQUEST['actid']); break; case "deletebooking": deleteBooking($_REQUEST['uid']); break; case "generateuserlist": showUserList($_REQUEST); break; case "generategrouplist": showGroupList($_REQUEST); break; case "editbooking": editBooking($_REQUEST['userid']); break; case "getpaperwork": getPaperworkByID($_REQUEST['papid']); break; case "deletepaperwork": deletePaperwork($_REQUEST['papid']); break; case "loadyearrecopts": display_year_recognition(); break; case "updateuseryearrec": updateUserYearRecognition($_REQUEST);