echo '<script>
alert("You has successfully changed your password. \\nPlease login to continue.");
</script>';
session_unset();
session_destroy();
echo '<meta http-equiv="refresh" content= "0;url=http://localhost/cls/login.php" />';
}
} else {
echo '<script>alert("The password you entered does not match with those in files.");</script>';
}
}
}
if (isset($_POST['chgEml'])) {
$newEml = checkInput($_POST['newEml']);
$Pwd = checkInput($_POST['Pwd']);
$valid = checkValidity();
if ($valid) {
if (sha1($Pwd) == $_SESSION['user_password']) {
$query = mysql_query("UPDATE profile SET email = '{$newEml}' WHERE user_name='{$username}';", $connect) or die(mysql_error());
if ($query) {
echo '<script>
alert("You has successfully changed your email. \\nPlease login to continue.");
</script>';
session_unset();
session_destroy();
echo '<meta http-equiv="refresh" content= "0;url=http://localhost/cls/login.php" />';
}
} else {
echo '<script>alert("The password you entered does not match with those in files.");</script>';
}
}
$id = null;
if (property_exists($data, "id") && $data->id != 'undefined') {
$id = $data->id;
}
if ($data->desc == 'undefined') {
$data->desc = '';
}
$nb = 1 + substr_count($concern, ",");
if ($id != null) {
$sql = "UPDATE compta_comptabilite SET Montant='" . $montant . "', Payeur='" . $payeur . "', Concernes='" . $concern . "', nbConcernes='" . $nb . "',Description='" . $desc . "' WHERE Id='" . $id . "'";
} else {
$sql = "INSERT INTO compta_comptabilite (Id, Montant, Payeur, Concernes, nbConcernes,Description, usergroup, docusland_user_id) VALUES (NULL,'";
$sql .= $montant . "','" . $payeur . "','" . $concern . "','" . $nb . "','" . $desc . "','" . $group . "', '" . $userId . "');";
}
$result = false;
if (checkValidity($payeur) && checkValidity($montant) && checkValidity($concern)) {
$result = $conn->query($sql);
}
if ($result) {
echo "{}";
} else {
echo "FAILURE for " . $sql;
}
break;
case "compta_users":
if (strlen($data->name) > 0) {
$sql = "INSERT INTO compta_users (Id, username,usergroup,docusland_user_id, usercolor) VALUES (NULL,'";
$sql .= $data->name . "','" . urldecode($data->group) . "','" . $userId . "', '" . $data->color . "');";
$result = $conn->query($sql);
}
if ($result) {
