//user name null $error = true; $errormessage .= MESSAGE_NAME_REQUIRED . "<br>"; } if (isNotNull($_POST["txtEmail"])) { $sql = "Select nCompId from sptbl_users where nUserId='" . $_SESSION["sess_userid"] . "'"; $rs = executeSelect($sql, $conn); if (mysql_num_rows($rs) > 0) { $row = mysql_fetch_array($rs); $company = $row["nCompId"]; } $email = $_POST["txtEmail"]; if (!isValidEmail($email)) { $error = true; $errormessage .= MESSAGE_INVALID_EMAIL . "<br>"; } elseif (!isUniqueEmail($email, $_SESSION["sess_userid"], $company)) { $error = true; $errormessage .= MESSAGE_NONUNIQUE_EMAIL . "<br>"; } } else { //user Email null $error = true; $errormessage .= MESSAGE_EMAIL_REQUIRED . "<br>"; } if ($error) { $errormessage = MESSAGE_ERRORS_FOUND . "<br>" . $errormessage; } else { //no error so validate $sql1 = " UPDATE sptbl_users "; $sql1 .= " SET vUserName = '******', vEmail = '" . mysql_real_escape_string($email) . "' WHERE nUserId = '" . $_SESSION["sess_userid"] . "' "; $result1 = executeQuery($sql1, $conn);
$error = true; $errormessage .= MESSAGE_NAME_REQUIRED . "<br>"; } if (isNotNull($_POST["ddlCompany"])) { $company = $_POST["ddlCompany"]; } else { //user Company null $error = true; $errormessage .= MESSAGE_COMPANY_REQUIRED . "<br>"; } if (isNotNull($_POST["txtEmail"])) { $email = $_POST["txtEmail"]; if (!isValidEmail($email)) { $error = true; $errormessage .= MESSAGE_INVALID_EMAIL . "<br>"; } elseif (!isUniqueEmail($email, 0, $company)) { $error = true; $errormessage .= MESSAGE_NONUNIQUE_EMAIL . "<br>"; } } else { //user Email null $error = true; $errormessage .= MESSAGE_EMAIL_REQUIRED . "<br>"; } if ($error) { $errormessage = MESSAGE_ERRORS_FOUND . "<br>" . $errormessage; $registered = false; } else { //no error so validate //if authenticate user is yes then set vDelStatus=2 in sptbl_users if ($auth_Status == '1') {
break; default: $file_name = $uploadstatus; break; } } if ($errorcode == "" && $file_name != "") { $path_parts = pathinfo($file_name); $ext = $path_parts['extension']; $newfile = "staff_" . $var_id . "." . $ext; if ($oldimg != "") { unlink("images/" . $oldimg); } rename("images/" . $file_name, "images/" . $newfile); } if (isUniqueEmail($var_email, $var_id) == true) { $sql = "Update sptbl_staffs set\r\n vStaffname='" . mysql_real_escape_string($var_staffName) . "',\r\n " . ($var_password != "" ? "vPassword='******'," : "") . "vMail='" . mysql_real_escape_string($var_email) . "',\r\n vYIM='" . mysql_real_escape_string($var_yim) . "',\r\n vSMSMail='" . mysql_real_escape_string($var_smsMail) . "',\r\n vMobileNo='" . mysql_real_escape_string($var_mobile) . "',\r\n nCSSId='" . mysql_real_escape_string($var_cssId) . "',\r\n nRefreshRate='" . mysql_real_escape_string($var_refreshRate) . "',\r\n nNotifyAssign='" . $var_notifyAssign . "',\r\n nNotifyPvtMsg='" . $var_notifyPvtMsg . "',\r\n nNotifyKB='" . $var_notifyKB . "',\r\n\t\t\t\t\t\t\t\t\t\t\t\tnNotifyArrival='" . $var_notifyArrival . "',\r\n\t\t\t\t\t\t\t\t\t\t\t\ttSignature='" . mysql_real_escape_string($var_signature) . "',\r\n\t\t\t\t\t\t\t\t\t\t\t\tvLogin='******',\r\n\t\t\t\t\t\t\t\t\t\t\t\tacsa_sector_id='" . mysql_real_escape_string($var_sector) . "'\r\n\t\t\t\t\t\t\t\t\t\t\t\twhere nStaffId='" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); if ($errorcode == "" && $file_name != "") { $sql = "Update sptbl_staffs set vStaffImg='" . mysql_real_escape_string($newfile) . "' where nStaffId='" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); } //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Staff','" . mysql_real_escape_string($var_id) . "',now())"; executeQuery($sql, $conn); } //update css $sql = "Select vCSSURL from sptbl_css where nCSSId='{$var_cssId}'"; $result = executeSelect($sql, $conn); if (mysql_num_rows($result) > 0) {
array_push($charr, $var_id); $charr = array_unique($charr); array_push($charr, $var_parentid); $cnt_arr1 = count($charr); $charr = array_unique($charr); $cnt_arr2 = count($charr); } if ($cnt_arr1 != $cnt_arr2) { $dup_flag = 1; } else { if ($var_id == $var_parentid) { $dup_flag = 1; } } if (validateUpdation($var_id, $var_companyid, $var_parentid) == true and $dup_flag == 0) { if (!isUniqueEmail($var_email, $var_id, "d")) { $var_message = MESSAGE_NONUNIQUE_EMAIL; $flag_msg = 'class="msg_error"'; } else { //fetch the old parent $qry = "select * from sptbl_depts where nDeptId='" . $var_id . "'"; $rsgetdept = mysql_query($qry); $deptrow = mysql_fetch_array($rsgetdept); $oldparentid = $deptrow['nDeptParent']; $sql = "Update sptbl_depts set nCompId='" . mysql_real_escape_string($var_companyid) . "',\n\t\t\t\t\t\t\t\tvDeptDesc='" . mysql_real_escape_string($var_deptname) . "',\n\t\t\t\t\t\t\t\tnDeptParent='" . mysql_real_escape_string($var_parentid) . "',\n\t\t\t\t\t\t\t\tvDeptCode='" . mysql_real_escape_string($var_deptcode) . "',\n\t\t\t\t\t\t\t\tvDeptMail='" . mysql_real_escape_string($var_email) . "',\n\t\t\t\t\t\t\t\tnResponseTime='" . mysql_real_escape_string($var_responsetime) . "' \n\t\t\t\t\t\t\t\twhere nDeptId='" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); $qry = "delete from sptbl_staffdept where nDeptId='" . $var_parentid . "'"; mysql_query($qry); $updatePop3 = "Update sptbl_pop3settings set vDeptEMail='" . mysql_real_escape_string($var_email) . "', vUserName='******'\n\t\t\t\t\t\t\t\twhere nDeptId='" . mysql_real_escape_string($var_id) . "'"; executeQuery($updatePop3, $conn); //assign staff dept where parent dept is leaf
function validateUpdation($var_email, &$var_message) { global $conn, $var_id, $flag_msg; //implement logic here $sql = "Select nCompId from sptbl_companies where nCompId='" . mysql_real_escape_string($var_id) . "' AND vDelStatus='0'"; if (mysql_num_rows(executeSelect($sql, $conn)) > 0) { if (trim($_POST["txtCompanyName"]) == "" || trim($_POST["txtAddress1"]) == "" || trim($_POST["txtCity"]) == "" || trim($_POST["txtEmail"]) == "" || preg_match('/[><]/', trim($_POST["txtCompanyName"])) > 0) { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"'; return false; } } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = 'class="msg_error"'; return false; } $sql = "Select nCompId from sptbl_companies Where vCompName='" . mysql_real_escape_string(trim($_POST["txtCompanyName"])) . "' AND nCompId !='" . mysql_real_escape_string($var_id) . "' "; if (mysql_num_rows(executeSelect($sql, $conn)) > 0) { $var_message = TEXT_COMPANY_DUPLICATE; $flag_msg = 'class="msg_error"'; return false; } if (!isUniqueEmail($var_email, $var_id, "c")) { $var_message = MESSAGE_NONUNIQUE_EMAIL; $flag_msg = 'class="msg_error"'; return false; } return true; }
function checkUserDetails(&$returnList, &$command, $num) { global $conn; $flag = true; $returnList = "<SELECT name='cmbUserList[]' id='cmbUserList' MULTIPLE Size=5 style=\"width:300px;\" class=\"button\"> "; $sql = "Select nUserId,nCompId,vLogin,vEmail,vDelStatus from sptbl_users"; $rs_company = mysql_query($sql, $conn) or die("Cannot access sptbl_users"); if (mysql_num_rows($rs_company) > 0) { while ($row = mysql_fetch_array($rs_company)) { if (!isUniqueEmail($row["vEmail"], $row["nUserId"], "u", $row["nCompId"])) { if ($row["vDelStatus"] == "0") { $flag = false; $returnList .= "<OPTION VALUE=\"" . $row["nUserId"] . "\">" . htmlentities($row["vLogin"] . " - [" . $row["vEmail"] . "]") . "</OPTION>"; } else { $var_newmail = uniqid("u") . "@yoursite.com"; while (!isUniqueEmail($var_newmail, $row["nUserId"], "u", $row["nCompId"])) { $var_newmail = uniqid("u") . "@yoursite.com"; } $sql = "Update sptbl_users set vEmail='" . addslashes($var_newmail) . "' Where \r\n\t\t\t\t\t\t\tnUserId='" . $row["nUserId"] . "'"; mysql_query($sql, $conn) or die("Cannot update table sptbl_users. Please contact administrator for details."); } } } } else { $returnList = "Passed user table check!"; $command = ""; return true; } if ($flag == false) { $returnList .= "</SELECT>"; $command = "<input type=\"button\" name=\"btUser\" id=\"btUser\" class=\"button\" onClick=\"javascript:clickFixUser();\" value=\"Fix User\"" . ($num == 11 ? "" : "disabled") . ">"; return false; } else { $returnList = "Passed user table check!"; $command = ""; return true; } }
$var_mail_body_withoutheader = $var_body; $var_mail_body = $var_emailheader . "<br>" . ($var_mail_body .= htmlentities($var_body) . "<br>"); $var_mail_body .= "<br>"; $var_mail_body .= $var_emailfooter; $var_body = $var_mail_body; $Headers_CC = ""; if ($_POST['txtToCC'] != "") { $Headers_CC = "CC: " . $_POST['txtToCC'] . "\n"; } $Headers = "From: {$var_fromName} <{$var_fromMail}>\n"; $Headers .= "Reply-To: {$var_replyName} <{$var_replyMail}>\n"; $Headers .= $Headers_CC; $Headers .= "MIME-Version: 1.0\n"; $Headers .= "Content-type: text/html; charset=iso-8859-1\r\n"; /* create ticket for user*/ if ($_POST['rdCreateTicket'] == "YES" && !isUniqueEmail($var_email_to, 0, 0)) { $flag = false; $var_message .= MESSAGE_NONUNIQUE_EMAIL; $flag_msg = "class='msg_error'"; } else { // it is for smtp mail sending if ($_SESSION["sess_smtpsettings"] == 1) { $var_smtpserver = $_SESSION["sess_smtpserver"]; $var_port = $_SESSION["sess_smtpport"]; SMTPMail($var_fromMail, $var_email_to, $var_smtpserver, $var_port, $var_subject, $var_body); } else { @mail($var_email_to, $var_subject, $var_body, $Headers); } $var_message .= TEXT_EMAIL_SENT; $flag_msg = "class='msg_success'"; }