<?php
include_once '../database.php';
$account = find_admin();
if (isset($_POST['pass'])) {
if ($_POST['currentpass'] == $account['password']) {
if ($_POST['pass1'] == $_POST['pass2']) {
adminpass_edit($_POST);
header('Location:index.php?page=admin-account');
}
}
}
?>
<html>
<body>
<span>Account</span>
<div id="user">
<span>Username:</span>
<span class="second"><?php
echo $account['username'];
?>
</span>
<span></span>
</div>
<form method="post">
<div id="editpass">
<span>Password:</span>
<span class="second"></span>
<span class="pull-right">Edit</span>
</div>
<?php
$viewAdmin = view_admin();
$get_admin = find_admin($_SESSION['id']);
?>
<html>
<body>
<div class="container">
<div class="row">
<div class="col-md-4"></div>
<div class="col-md-4">
<img src="photo.php?id=<?php
echo htmlentities($_SESSION['id']);
?>
" height="250" width="250" style="border-radius:10em;border:2px solid blue;margin:15px 55px 15px;">
</div>
<div class="col-md-4"></div>
</div><!-- end row of profile picture-->
<div class="row">
<div class="col-md-4"></div>
<div class="col-md-4">
<?php
if ($get_admin['LABSTAT'] == 1) {
?>
<div class="alert alert-success text-center" >ACTIVE</div>
<?php
} else {
?>
<div class="alert alert-warning text-center" >INACTIVE</div>
<?php
function delete_user($U)
{
extract($U);
//echo $newowner;
#$db = $_SESSION['db'];
#user_to_delete CANNOT BE EMPTY - don't take any chances!
if (is_numeric($user_to_delete)) {
$sql = "update s3db_account set account_status='I' where account_id='" . $user_to_delete . "'";
#echo $sql;
$db->query($sql, __LINE__, __FILE__);
if ($projects_new_owner == '') {
//$sql = "delete from s3db_account where account_id='".$oldowner."'";
$sql = "delete from s3db_account_group where account_id='" . $user_to_delete . "'";
$db->query($sql, __LINE__, __FILE__);
$sql = "update s3db_project set project_status='I' and project_owner='" . find_admin($db) . "' where project_owner='" . $user_to_delete . "'";
$db->query($sql, __LINE__, __FILE__);
$sql = "delete from s3db_project_acl where acl_account='" . $user_to_delete . "'";
$db->query($sql, __LINE__, __FILE__);
$sql = "delete from s3db_project_acl s3db_project where acl_project_id in (select project_id from s3db_project where project_owner='" . $user_to_delete . "')";
$db->query($sql, __LINE__, __FILE__);
return True;
} else {
#$sql = "delete from s3db_account where account_id='".$user_to_delete."'";
#$db->query($sql, __LINE__, __FILE__);
$sql = "delete from s3db_account_group where account_id='" . $user_to_delete . "'";
$db->query($sql, __LINE__, __FILE__);
$sql = "update s3db_project set project_owner='" . $projects_new_owner . "' where project_owner='" . $user_to_delete . "'";
$db->query($sql, __LINE__, __FILE__);
$sql = "update s3db_project_acl set acl_account='" . $projects_new_owner . "' where acl_account='" . $user_to_delete . "'";
$db->query($sql, __LINE__, __FILE__);
return True;
}
return False;
}
return False;
}
<?php
$message = '';
$id = intval($_GET['id']);
$name = trim($_GET['name']);
//we use $_GET because data input came from the URL
if (isset($_GET['id'])) {
$id = trim($id);
$deleteAdmin = find_admin($id);
if ($deleteAdmin) {
delete_admin(0, $id);
delete_photo(0, $id);
$message = "<div class = 'alert alert-success' style = 'width: 350px;'>{$name} is successfully deleted.</div>";
echo "<script>";
//go back to viewMed page after 3 seconds.
echo "setTimeout(function(){ document.location = '?p=manageAdmin/profileAdmin'; }, 2000);";
echo "</script>";
} else {
$message = "<div class = 'alert alert-warning' style = 'width: 350px;'>Specified admin cannot be found</div>";
}
}
?>
<html>
<body>
<div class="container">
<div class="row">
<div class="col-lg-4">
<?php
echo $message;
?>
</div>
$user = $_SESSION['user'];
update_photo($name, $type, $bytes, $user, $id);
update_admin($fName, $mName, $lName, $id);
update_account($pass, $id);
$message = "<div class = 'alert alert-success' style = 'width: 350px;'>Account is successfully updated.</div>";
echo "<script>";
//go back to viewMed page after 3 seconds.
echo "setTimeout(function(){ document.location = '?p=profileAdmin'; }, 2000);";
echo "</script>";
} else {
$message = "<div class = 'alert alert-warning' style = 'width: 350px;'>Invalid File.</div>";
}
}
} else {
//if not submitted we retrieve the data from the database
$adminFind = find_admin($id);
$user_pass = get_pass($id);
if ($adminFind) {
$fName = $adminFind['LABSUPFNAME'];
$mName = $adminFind['LABSUPMNAME'];
$lName = $adminFind['LABSUPLNAME'];
$pass = $user_pass['PASSWORD'];
} else {
$message = '<div class="alert alert-warning">The specified admin record cannot be found.</div>';
}
}
?>
<html>
<body>
<div class="container">
<h4>Update Account</h4>
<?php
$id = intval($_GET['id']);
$get_info = get_photo($id);
$admin = find_admin($id);
?>
<html>
<style>
.box{max-width:330px;}
</style>
<body>
<div class="container">
<div class="row">
<div class="col-md-6">
<h3>Profile</h3>
<h4>
<?php
echo htmlentities($admin['LABSUPLNAME']) . ' , ' . htmlentities($admin['LABSUPFNAME']) . ' ' . htmlentities($admin['LABSUPMNAME']);
?>
</h4>
<img src="photo.php?id=<?php
echo htmlentities($id);
?>
" height="300" width="300" style="border:2px black solid;padding:10px 10px;" />
</div>
<div class="col-md-6"></div>
</div>
<div class="row">
<div class="box col-md-12 text-center">
<?php
