Esempio n. 1
0
*/
// $Id: editUser.php,v 1.7 2006/01/29 08:15:18 atrommer Exp $
checkUser($_SESSION['USERTYPE'], 2);
//if (!$_REQUEST['u_id'] && !$_REQUEST['action']){
//	accessDenied("Please choose an employee first!");
//}
doHeader("Edit User");
// first we check if we're doing an update
// or a delete
if ($_REQUEST['action'] == 'del') {
    deleteConfirm();
} elseif ($_POST['confirmDelete']) {
    deleteUser($_POST['hdUserID']);
    print "User deactivated sucessfully!";
} else {
    editUserForm();
}
function deleteConfirm()
{
    $aUserVals = getUserVals($_REQUEST['u_id']);
    ?>
	<form id="frmDelete" name="frmDelete" method="post" action="<?php 
    echo $_SERVER['PHP_SELF'];
    ?>
">
		<input type="hidden" name="hdUserID" value="<?php 
    echo $_REQUEST['u_id'];
    ?>
">
		<input type="hidden" name="confirmDelete" value="1">
		<input type="submit" name="delete" value="Are you sure you want to deactivate <?php 
Esempio n. 2
0
function insertNewUser()
{
    $uname = $_POST['username'];
    $pw = $_POST['pw'];
    $ulevel = $_POST['userlevel'];
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $email = $_POST['email'];
    mysql_connect(DB_HOST, DB_USER, DB_PASS) or die(mysql_error());
    mysql_select_db(DB_NAME) or die(mysql_error());
    $sql = "SELECT * FROM " . DB_TABLE_PREFIX . "users WHERE username='******'";
    $result = mysql_query($sql) or die(mysql_error());
    $row = mysql_fetch_row($result);
    if (is_array($row)) {
        editUserForm("Add", "", $uname);
    } else {
        $sql = "INSERT INTO " . DB_TABLE_PREFIX . "users SET ";
        $sql .= "username='******', password='******', fname='{$fname}', lname='{$lname}', ";
        $sql .= "userlevel='{$ulevel}', email='{$email}'";
        mysql_query($sql) or die(mysql_error());
        header("location:useradmin.php");
    }
}