function updateExecute()
{
if (!is_numeric($_POST['CustomerID'])) {
//data must be alphanumeric only
feedback("id passed was not a number. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect(THIS_PAGE);
}
$iConn = IDB::conn();
//must have DB as variable to pass to mysqli_real_escape() via iformReq()
$redirect = THIS_PAGE;
//global var used for following formReq redirection on failure
$CustomerID = iformReq('CustomerID', $iConn);
//calls mysqli_real_escape() internally, to check form data
$FirstName = strip_tags(iformReq('FirstName', $iConn));
$LastName = strip_tags(iformReq('LastName', $iConn));
$Email = strip_tags(iformReq('Email', $iConn));
//next check for specific issues with data
if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation", "warning");
myRedirect(THIS_PAGE);
}
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid", "warning");
myRedirect(THIS_PAGE);
}
//build string for SQL insert with replacement vars, %s for string, %d for digits
$sql = "UPDATE test_Customers set \n FirstName='%s',\n LastName='%s',\n Email='%s'\n WHERE CustomerID=%d";
# sprintf() allows us to filter (parameterize) form data
$sql = sprintf($sql, $FirstName, $LastName, $Email, (int) $CustomerID);
@mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
#feedback success or failure of update
if (mysqli_affected_rows($iConn) > 0) {
//success! provide feedback, chance to change another!
feedback("Data Updated Successfully!", "success");
} else {
//Problem! Provide feedback!
feedback("Data NOT changed!", "warning");
}
myRedirect(THIS_PAGE);
}
function insertExecute()
{
$iConn = IDB::conn();
//must have DB as variable to pass to mysqli_real_escape() via iformReq()
$redirect = THIS_PAGE;
//global var used for following formReq redirection on failure
$FirstName = strip_tags(iformReq('FirstName', $iConn));
$LastName = strip_tags(iformReq('LastName', $iConn));
$Email = strip_tags(iformReq('Email', $iConn));
//next check for specific issues with data
if (!ctype_graph($_POST['FirstName']) || !ctype_graph($_POST['LastName'])) {
//data must be alphanumeric or punctuation only
feedback("First and Last Name must contain letters, numbers or punctuation");
myRedirect(THIS_PAGE);
}
if (!onlyEmail($_POST['Email'])) {
//data must be alphanumeric or punctuation only
feedback("Data entered for email is not valid");
myRedirect(THIS_PAGE);
}
//build string for SQL insert with replacement vars, %s for string, %d for digits
$sql = "INSERT INTO test_Customers (FirstName, LastName, Email) VALUES ('%s','%s','%s')";
# sprintf() allows us to filter (parameterize) form data
$sql = sprintf($sql, $FirstName, $LastName, $Email);
@mysqli_query($iConn, $sql) or die(trigger_error(mysqli_error($iConn), E_USER_ERROR));
#feedback success or failure of update
if (mysqli_affected_rows($iConn) > 0) {
//success! provide feedback, chance to change another!
feedback("Customer Added Successfully!", "notice");
} else {
//Problem! Provide feedback!
feedback("Customer NOT added!");
}
myRedirect(THIS_PAGE);
}
if (isset($_POST['em']) && isset($_POST['pw'])) {
//if POST is set, prepare to process form data
$params = array('em', 'pw', 'red');
#required fields for login - true disallows other fields
if (!required_params($params, true)) {
//abort - required fields not sent
feedback("Data not properly submitted. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
die;
}
if (!ctype_graph($_POST['pw'])) {
//data must be alphanumeric or punctuation only
feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
if (!onlyEmail($_POST['em'])) {
//login must be a legal email address only
feedback("Illegal characters were entered. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error");
myRedirect($config->adminLogin);
}
// Remove all illegal characters
$Email = trim($_POST['em']);
$Email = filter_var($Email, FILTER_SANITIZE_STRING);
$Password = trim($_POST['pw']);
$Password = filter_var($Password, FILTER_SANITIZE_EMAIL);
/*
$Email = trim($_POST['em']);
$Email = filter_var($Email, FILTER_SANITIZE_STRING);
*/
//dumpDie($Email,$Password);
//dumpDie($Password);
* @license http://www.apache.org/licenses/LICENSE-2.0
* @see admin_only_inc.php
* @todo none
*/
require 'includes/config.php';
#provides configuration, pathing, error handling, db credentials
$title = 'Add Administrator';
#Fills <title> tag
//END CONFIG AREA ----------------------------------------------------------
$access = "superadmin";
#superadmin or above can add new administrators
include_once INCLUDE_PATH . 'admin_only_inc.php';
#session protected page - level is defined in $access var
if (isset($_POST['Email'])) {
# if Email is set, check for valid data
if (!onlyEmail($_POST['Email'])) {
//data must be valid email
feedback("Data entered for email is not valid", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
if (!onlyAlphaNum($_POST['PWord1'])) {
//data must be alphanumeric or punctuation only
feedback("Password must contain letters and numbers only.", "error");
header('Location:' . ADMIN_PATH . THIS_PAGE);
die;
}
$params = array('FirstName', 'LastName', 'PWord1', 'Email', 'Privilege');
#required fields
if (!required_params($params)) {
//abort - required fields not sent
