public function modifyUser() { $post = $this->input->post(); if (isset($post['id']) && $post['id'] !== null) { if ($this->session->admin == true) { $mode = 'enabled'; } else { $mode = 'disabled'; } if ($mode == 'disabled' && $post['id'] != $this->uid) { $error = array('status' => 'error', 'msg' => 'You do not have permission to edit this user.'); echo json_encode($error); exit; } $userForm = array('name' => 'update', 'id' => 'modifyUserForm', 'enctype' => 'multipart/form-data', 'class' => 'form-horizontal'); $data = array('userDetails' => User_Model::getAllUserDetails($post['id']), 'allDepts' => Department_Model::getAllDepartments(), 'userReviewDepts' => Reviewer_Model::getDepartmentsForReviewer($post['id']), 'newUserObj' => new User_Model($post['id']), 'mode' => $mode, 'formDetails' => $userForm); $this->load->view('user/modify_user_view', $data); } else { $this->session->set_flashdata('error', 'You attempted to access the profile page in an unauthorized manner.'); redirect($_SERVER['HTTP_REFERER']); } }
public function processUserInformation($post) { $newUserObj = new User_Model($post['id']); if ($post['id'] !== $this->session->id && !$this->session->admin) { $error = array('status' => 'error', 'msg' => 'You do not have permission to edit this user.'); echo json_encode($error); exit; } if (!isset($post['admin']) or $post['admin'] == '') { $post['admin'] = '0'; } if (!isset($post['can_add']) or $post['can_add'] == '') { $post['can_add'] = '0'; } if (!isset($post['can_checkin']) or $post['can_checkin'] == '') { $post['can_checkin'] = '0'; } // UPDATE admin info if ($this->admin) { $adminArray = array('admin' => $post['admin'], 'id' => $post['id']); self::updateAdmin($adminArray); } // UPDATE into user if ($this->session->admin) { $this->db->set('username', $post['username']); $this->db->set('can_add', $post['can_add']); $this->db->set('can_checkin', $post['can_checkin']); } if (!empty($post['password'])) { $this->db->set('password', password_hash($post['password'], PASSWORD_DEFAULT)); } if ($newUserObj->isAdmin()) { if (isset($post['department'])) { $this->db->set('department', $post['department']); } } if (isset($post['phonenumber'])) { $this->db->set('phone', $post['phone']); } if (isset($post['email'])) { $this->db->set('email', $post['email']); } if (isset($post['last_name'])) { $this->db->set('last_name', $post['last_name']); } if (isset($post['first_name'])) { $this->db->set('first_name', $post['first_name']); } $this->db->where('id', $post['id']); $this->db->update('user'); if ($this->session->admin) { Reviewer_Model::deleteReviewer($post['id']); if (isset($post['department_review'])) { for ($i = 0; $i < sizeof($post['department_review']); $i++) { $reviewerArray = array('dept_id' => $post['department_review'][$i], 'user_id' => $post['id']); Reviewer_Model::newReviewer($reviewerArray); } } } $msg = array('status' => 'success', 'msg' => 'You have successfully updated this users profile.'); echo json_encode($msg); }