$flag_msg = "class='msg_success'";
} else {
$var_message = MESSAGE_RECORD_ERROR;
$flag_msg = "class='msg_error'";
}
} elseif ($_POST["postback"] == "U") {
$var_userName = $_POST["txtUserName"];
$var_userLogin = $_POST["txtUserLogin"];
$var_password = $_POST["txtPassword"];
$var_online = "";
$var_email = $_POST["txtEmail"];
$var_banned = $_POST["rdBanned"] == "1" ? $_POST["rdBanned"] : "0";
$var_compId = $_POST["cmbCompanyId"];
$var_date = date("m-d-Y h:i:s");
if (validateUpdation() == true) {
if (isUniqueEmailUser($var_email, $var_id, $var_compId)) {
$sql = "Update sptbl_users set vUserName='******',\n\t\t\t\t\t\t\t\t" . ($var_password != "" ? "vPassword='******'," : "") . "vEmail='" . mysql_real_escape_string($var_email) . "',\n\t\t\t\t\t\t\t\tnCompId='" . mysql_real_escape_string($var_compId) . "',\n\t\t\t\t\t\t\t\tvBanned='" . mysql_real_escape_string($var_banned) . "'\n\t\t\t\t\t\t\t\twhere nUserId='" . mysql_real_escape_string($var_id) . "'";
executeQuery($sql, $conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Users','" . mysql_real_escape_string($var_id) . "',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_UPDATED;
$flag_msg = "class='msg_success'";
if ($var_password != "") {
//mail the user the changed password
$sql = "Select * from sptbl_lookup where vLookUpName IN('MailFromName','MailFromMail','MailReplyName','MailReplyMail','Emailfooter','Emailheader')";
$result = executeSelect($sql, $conn);
if (mysql_num_rows($result) > 0) {
while ($row = mysql_fetch_array($result)) {
$line_count .= $rec_count . ",";
} else {
$var_userName = trim($linearray[0]);
$var_email = trim($linearray[1]);
$var_userLogin = trim($linearray[2]);
$var_password = trim($linearray[3]);
if (!isValidUsername(trim($var_userName))) {
$fl = @fopen("../csvfiles/invalidusername{$var_compId}.txt", "a+");
@fwrite($fl, "{$var_userName}" . ',');
@fclose($fl);
$message_user .= "<br>{$var_userName}";
$var_invalid_username = 1;
$invalid_username_flag = 1;
}
//check duplicate email address
if (!isUniqueEmailUser($var_email, 0, $var_compId)) {
$fl = @fopen("../csvfiles/nonuniqueemail{$var_compId}.txt", "a+");
@fwrite($fl, "{$var_email}" . ',');
@fclose($fl);
$message_email .= "<br>{$var_email}";
$var_nonunique_email = 1;
$nonunique_email_flag = 1;
}
if ($var_invalid_username == "0" && $var_nonunique_email == "0") {
$sql = "Insert into sptbl_users(nUserId,nCompId,vUserName,vEmail,vLogin,vPassword,ddate,vOnline,";
$sql .= "vBanned,vDelStatus) Values('','" . mysql_real_escape_string($var_compId) . "',\r\n\t\t\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($var_userName) . "','" . mysql_real_escape_string($var_email) . "','" . mysql_real_escape_string($var_userLogin) . "',\r\n\t\t\t\t\t\t\t\t\t\t\t'" . md5($var_password) . "',now(),'0','0','0')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Users','{$var_insert_id}',now())";
$citacion["citacion_plantilla"] = $_POST["citacion_plantilla"];
if ( $_POST["citacion_cliente"] == 1 ) $citacion["cliente_id"] = $var_userid;
elseif ( $_POST["citacion_cliente"] == 2 ) $citacion["cliente_id"] = $var_userid_dos;
}*/
if ($_POST["citacion_multiple_tipo"] != "" and $_POST["citacion_multiple_cliente"] != "") {
$citacion["citacion_tipo"] = strpos($_POST["citacion_multiple_tipo"], ',') === false ? $_POST["citacion_multiple_tipo"] : explode(',', $_POST["citacion_multiple_tipo"]);
$citacion["citacion_plantilla"] = strpos($_POST["citacion_multiple_plantilla"], ',') === false ? $_POST["citacion_multiple_plantilla"] : explode(',', $_POST["citacion_multiple_plantilla"]);
$citacion["citacion_cliente"] = strpos($_POST["citacion_multiple_cliente"], ',') === false ? $_POST["citacion_multiple_cliente"] : explode(',', $_POST["citacion_multiple_cliente"]);
}
//////////////////////////////////////////////
if ($var_userid == "0") {
$vEmail = $_POST["newUserEmail"];
$var_email = $vEmail;
$var_userLogin = $_POST["newUserLogin"];
$var_password = $_POST["newUserPassword"];
if (isUniqueEmailUser($vEmail, 0, 1)) {
//Insert into the company table
$sql = "INSERT INTO sptbl_users(nCompId,vUserName,vEmail,vLogin,vPassword,dDate,vOnline,";
$sql .= "vBanned,vDelStatus) VALUES ('1',\r\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_userLogin) . "',\r\n '" . mysql_real_escape_string($vEmail) . "',\r\n '" . mysql_real_escape_string($var_userLogin) . "',\r\n\t\t\t\t\t\t'" . md5($var_password) . "',\r\n now(),\r\n '0',\r\n '0',\r\n '0')";
executeQuery($sql, $conn);
$var_insert_id = mysql_insert_id($conn);
$var_userid = $var_insert_id;
//Insert the actionlog
if (logActivity()) {
$sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . mysql_real_escape_string(TEXT_ADDITION) . "','Users','{$var_insert_id}',now())";
executeQuery($sql, $conn);
}
$var_message = MESSAGE_RECORD_ADDED;
$flag_msg = "class='msg_success'";
//Send mail with the password to the user here
$sql = "Select * from sptbl_lookup where vLookUpName IN('MailFromName','MailFromMail','MailReplyName','MailReplyMail','Emailfooter','Emailheader','HelpdeskTitle','LoginURL')";
