//user name null
$error = true;
$errormessage .= MESSAGE_NAME_REQUIRED . "<br>";
}
if (isNotNull($_POST["txtEmail"])) {
$sql = "Select nCompId from sptbl_users where nUserId='" . $_SESSION["sess_userid"] . "'";
$rs = executeSelect($sql, $conn);
if (mysql_num_rows($rs) > 0) {
$row = mysql_fetch_array($rs);
$company = $row["nCompId"];
}
$email = $_POST["txtEmail"];
if (!isValidEmail($email)) {
$error = true;
$errormessage .= MESSAGE_INVALID_EMAIL . "<br>";
} elseif (!isUniqueEmail($email, $_SESSION["sess_userid"], $company)) {
$error = true;
$errormessage .= MESSAGE_NONUNIQUE_EMAIL . "<br>";
}
} else {
//user Email null
$error = true;
$errormessage .= MESSAGE_EMAIL_REQUIRED . "<br>";
}
if ($error) {
$errormessage = MESSAGE_ERRORS_FOUND . "<br>" . $errormessage;
} else {
//no error so validate
$sql1 = " UPDATE sptbl_users ";
$sql1 .= " SET vUserName = '******', vEmail = '" . mysql_real_escape_string($email) . "' WHERE nUserId = '" . $_SESSION["sess_userid"] . "' ";
$result1 = executeQuery($sql1, $conn);
$error = true;
$errormessage .= MESSAGE_NAME_REQUIRED . "<br>";
}
if (isNotNull($_POST["ddlCompany"])) {
$company = $_POST["ddlCompany"];
} else {
//user Company null
$error = true;
$errormessage .= MESSAGE_COMPANY_REQUIRED . "<br>";
}
if (isNotNull($_POST["txtEmail"])) {
$email = $_POST["txtEmail"];
if (!isValidEmail($email)) {
$error = true;
$errormessage .= MESSAGE_INVALID_EMAIL . "<br>";
} elseif (!isUniqueEmail($email, 0, $company)) {
$error = true;
$errormessage .= MESSAGE_NONUNIQUE_EMAIL . "<br>";
}
} else {
//user Email null
$error = true;
$errormessage .= MESSAGE_EMAIL_REQUIRED . "<br>";
}
if ($error) {
$errormessage = MESSAGE_ERRORS_FOUND . "<br>" . $errormessage;
$registered = false;
} else {
//no error so validate
//if authenticate user is yes then set vDelStatus=2 in sptbl_users
if ($auth_Status == '1') {
break;
default:
$file_name = $uploadstatus;
break;
}
}
if ($errorcode == "" && $file_name != "") {
$path_parts = pathinfo($file_name);
$ext = $path_parts['extension'];
$newfile = "staff_" . $var_id . "." . $ext;
if ($oldimg != "") {
unlink("images/" . $oldimg);
}
rename("images/" . $file_name, "images/" . $newfile);
}
if (isUniqueEmail($var_email, $var_id) == true) {
$sql = "Update sptbl_staffs set\r\n vStaffname='" . mysql_real_escape_string($var_staffName) . "',\r\n " . ($var_password != "" ? "vPassword='******'," : "") . "vMail='" . mysql_real_escape_string($var_email) . "',\r\n vYIM='" . mysql_real_escape_string($var_yim) . "',\r\n vSMSMail='" . mysql_real_escape_string($var_smsMail) . "',\r\n vMobileNo='" . mysql_real_escape_string($var_mobile) . "',\r\n nCSSId='" . mysql_real_escape_string($var_cssId) . "',\r\n nRefreshRate='" . mysql_real_escape_string($var_refreshRate) . "',\r\n nNotifyAssign='" . $var_notifyAssign . "',\r\n nNotifyPvtMsg='" . $var_notifyPvtMsg . "',\r\n nNotifyKB='" . $var_notifyKB . "',\r\n\t\t\t\t\t\t\t\t\t\t\t\tnNotifyArrival='" . $var_notifyArrival . "',\r\n\t\t\t\t\t\t\t\t\t\t\t\ttSignature='" . mysql_real_escape_string($var_signature) . "',\r\n\t\t\t\t\t\t\t\t\t\t\t\tvLogin='******',\r\n\t\t\t\t\t\t\t\t\t\t\t\tacsa_sector_id='" . mysql_real_escape_string($var_sector) . "'\r\n\t\t\t\t\t\t\t\t\t\t\t\twhere nStaffId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
if ($errorcode == "" && $file_name != "") {
$sql = "Update sptbl_staffs set vStaffImg='" . mysql_real_escape_string($newfile) . "' where nStaffId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
}
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Staff','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
//update css
$sql = "Select vCSSURL from sptbl_css where nCSSId='{$var_cssId}'";
$result = executeSelect($sql, $conn);
if (mysql_num_rows($result) > 0) {
array_push($charr, $var_id);
$charr = array_unique($charr);
array_push($charr, $var_parentid);
$cnt_arr1 = count($charr);
$charr = array_unique($charr);
$cnt_arr2 = count($charr);
}
if ($cnt_arr1 != $cnt_arr2) {
$dup_flag = 1;
} else {
if ($var_id == $var_parentid) {
$dup_flag = 1;
}
}
if (validateUpdation($var_id, $var_companyid, $var_parentid) == true and $dup_flag == 0) {
if (!isUniqueEmail($var_email, $var_id, "d")) {
$var_message = MESSAGE_NONUNIQUE_EMAIL;
$flag_msg = 'class="msg_error"';
} else {
//fetch the old parent
$qry = "select * from sptbl_depts where nDeptId='" . $var_id . "'";
$rsgetdept = mysql_query($qry);
$deptrow = mysql_fetch_array($rsgetdept);
$oldparentid = $deptrow['nDeptParent'];
$sql = "Update sptbl_depts set nCompId='" . mysql_real_escape_string($var_companyid) . "',\n\t\t\t\t\t\t\t\tvDeptDesc='" . mysql_real_escape_string($var_deptname) . "',\n\t\t\t\t\t\t\t\tnDeptParent='" . mysql_real_escape_string($var_parentid) . "',\n\t\t\t\t\t\t\t\tvDeptCode='" . mysql_real_escape_string($var_deptcode) . "',\n\t\t\t\t\t\t\t\tvDeptMail='" . mysql_real_escape_string($var_email) . "',\n\t\t\t\t\t\t\t\tnResponseTime='" . mysql_real_escape_string($var_responsetime) . "' \n\t\t\t\t\t\t\t\twhere nDeptId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
$qry = "delete from sptbl_staffdept where nDeptId='" . $var_parentid . "'";
mysql_query($qry);
$updatePop3 = "Update sptbl_pop3settings set vDeptEMail='" . mysql_real_escape_string($var_email) . "', vUserName='******'\n\t\t\t\t\t\t\t\twhere nDeptId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($updatePop3, $conn);
//assign staff dept where parent dept is leaf
function validateUpdation($var_email, &$var_message)
{
global $conn, $var_id, $flag_msg;
//implement logic here
$sql = "Select nCompId from sptbl_companies where nCompId='" . mysql_real_escape_string($var_id) . "' AND vDelStatus='0'";
if (mysql_num_rows(executeSelect($sql, $conn)) > 0) {
if (trim($_POST["txtCompanyName"]) == "" || trim($_POST["txtAddress1"]) == "" || trim($_POST["txtCity"]) == "" || trim($_POST["txtEmail"]) == "" || preg_match('/[><]/', trim($_POST["txtCompanyName"])) > 0) {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
return false;
}
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = 'class="msg_error"';
return false;
}
$sql = "Select nCompId from sptbl_companies Where vCompName='" . mysql_real_escape_string(trim($_POST["txtCompanyName"])) . "' AND nCompId !='" . mysql_real_escape_string($var_id) . "' ";
if (mysql_num_rows(executeSelect($sql, $conn)) > 0) {
$var_message = TEXT_COMPANY_DUPLICATE;
$flag_msg = 'class="msg_error"';
return false;
}
if (!isUniqueEmail($var_email, $var_id, "c")) {
$var_message = MESSAGE_NONUNIQUE_EMAIL;
$flag_msg = 'class="msg_error"';
return false;
}
return true;
}
function checkUserDetails(&$returnList, &$command, $num)
{
global $conn;
$flag = true;
$returnList = "<SELECT name='cmbUserList[]' id='cmbUserList' MULTIPLE Size=5 style=\"width:300px;\" class=\"button\"> ";
$sql = "Select nUserId,nCompId,vLogin,vEmail,vDelStatus from sptbl_users";
$rs_company = mysql_query($sql, $conn) or die("Cannot access sptbl_users");
if (mysql_num_rows($rs_company) > 0) {
while ($row = mysql_fetch_array($rs_company)) {
if (!isUniqueEmail($row["vEmail"], $row["nUserId"], "u", $row["nCompId"])) {
if ($row["vDelStatus"] == "0") {
$flag = false;
$returnList .= "<OPTION VALUE=\"" . $row["nUserId"] . "\">" . htmlentities($row["vLogin"] . " - [" . $row["vEmail"] . "]") . "</OPTION>";
} else {
$var_newmail = uniqid("u") . "@yoursite.com";
while (!isUniqueEmail($var_newmail, $row["nUserId"], "u", $row["nCompId"])) {
$var_newmail = uniqid("u") . "@yoursite.com";
}
$sql = "Update sptbl_users set vEmail='" . addslashes($var_newmail) . "' Where \r\n\t\t\t\t\t\t\tnUserId='" . $row["nUserId"] . "'";
mysql_query($sql, $conn) or die("Cannot update table sptbl_users. Please contact administrator for details.");
}
}
}
} else {
$returnList = "Passed user table check!";
$command = "";
return true;
}
if ($flag == false) {
$returnList .= "</SELECT>";
$command = "<input type=\"button\" name=\"btUser\" id=\"btUser\" class=\"button\" onClick=\"javascript:clickFixUser();\" value=\"Fix User\"" . ($num == 11 ? "" : "disabled") . ">";
return false;
} else {
$returnList = "Passed user table check!";
$command = "";
return true;
}
}
$var_mail_body_withoutheader = $var_body;
$var_mail_body = $var_emailheader . "<br>" . ($var_mail_body .= htmlentities($var_body) . "<br>");
$var_mail_body .= "<br>";
$var_mail_body .= $var_emailfooter;
$var_body = $var_mail_body;
$Headers_CC = "";
if ($_POST['txtToCC'] != "") {
$Headers_CC = "CC: " . $_POST['txtToCC'] . "\n";
}
$Headers = "From: {$var_fromName} <{$var_fromMail}>\n";
$Headers .= "Reply-To: {$var_replyName} <{$var_replyMail}>\n";
$Headers .= $Headers_CC;
$Headers .= "MIME-Version: 1.0\n";
$Headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
/* create ticket for user*/
if ($_POST['rdCreateTicket'] == "YES" && !isUniqueEmail($var_email_to, 0, 0)) {
$flag = false;
$var_message .= MESSAGE_NONUNIQUE_EMAIL;
$flag_msg = "class='msg_error'";
} else {
// it is for smtp mail sending
if ($_SESSION["sess_smtpsettings"] == 1) {
$var_smtpserver = $_SESSION["sess_smtpserver"];
$var_port = $_SESSION["sess_smtpport"];
SMTPMail($var_fromMail, $var_email_to, $var_smtpserver, $var_port, $var_subject, $var_body);
} else {
@mail($var_email_to, $var_subject, $var_body, $Headers);
}
$var_message .= TEXT_EMAIL_SENT;
$flag_msg = "class='msg_success'";
}
