function get_all_accounts()
{
$loc = rmabs(__FILE__ . ".get_all_accounts");
$sql = "SELECT UserID from Users";
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
$aws[] = intval($row["UserID"]);
}
return $aws;
}
function changeactive($wid, $active)
{
global $username;
$loc = rmabs(__FILE__ . ".changeactive");
$sql = 'UPDATE WorkOrders SET Active=' . intval($active) . ' WHERE WID=' . intval($wid);
$result = SqlQuery($loc, $sql);
$action = "archvied";
if ($active) {
$action = "resurrected";
}
return 'Work Order ' . intval($wid) . ' has been ' . $action . ' by ' . $username . '.';
}
function GetPicCaption($wid, $picid)
{
$loc = rmabs(__FILE__ . ".GetPicCaption");
if (empty($wid) || empty($picid)) {
return "";
}
$sql = 'SELECT * From AppendedData Where WID=' . intval($wid) . ' AND PicID=' . intval($picid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
return "";
}
$row = $result->fetch_assoc();
return $row["TextInfo"];
}
function delete_workorder($woinfo)
{
global $username;
$loc = rmabs(__FILE__ . ".delete_workorder");
$wid = $woinfo["WID"];
$sql = "DELETE FROM Assignments WHERE WID=" . intval($wid);
SqlQuery($loc, $sql);
$sql = "DELETE FROM AppendedData WHERE WID=" . intval($wid);
SqlQuery($loc, $sql);
$sql = "DELETE FROM WorkOrders WHERE WID=" . intval($wid);
SqlQuery($loc, $sql);
$widstr = WIDStr($wid, $woinfo["Revision"], $woinfo["IsApproved"]);
$msg = "Work Order " . $widstr . " deleted by " . $username . ".";
log_msg($loc, $msg);
return $msg;
}
function merge_workorders($wo1, $wo2)
{
$loc = rmabs(__FILE__ . ".merge_workorders");
$wid1 = $wo1["WID"];
$wid2 = $wo2["WID"];
$wo1["Description"] .= "\n\n" . $wo2["Description"];
UpdateWorkOrder($wid1, $wo1);
$data = GetAppendedData($wid2);
$nd = 0;
foreach ($data as $d) {
if ($d["UserID"] == 0) {
continue;
}
// Skip sys generated msg.
if ($d["Removed"]) {
continue;
}
// Skip deleted data.
AppendWorkOrderData($wid1, $d["UserID"], $d["TextInfo"], $d["PicID"], false);
$nd++;
}
$workers = GetAssignedWorkers($wid2);
$nw = 0;
foreach ($workers as $w) {
MakeAssignment($wid1, $w["UserID"]);
RemoveAssignment($wid2, $w["UserID"]);
$nw++;
}
$userid = GetUserID();
$userinfo = GetUserInfo($userid);
$username = MakeFullName($userinfo);
if (!$wo2["Closed"]) {
ChangeWOStatus($wid2, $username, "Closed", true);
}
$newwostr = WIDStr($wid1, $wo1["Revision"], $wo1["IsApproved"]);
AttachSystemNote($wid2, "This WO Merged into " . $newwostr . " by " . $username . '.');
$oldwostr = WIDStr($wid2, $wo2["Revision"], $wo2["IsApproved"]);
AttachSystemNote($wid1, "Data from " . $oldwostr . " merged into this one by " . $username . '.');
$msg = 'Workorder ' . $oldwostr . ' merged into ' . $newwostr . '. ';
$msg .= 'Number Items Copied=' . $nd . '. ';
$msg .= 'Number of Workers Reassigned=' . $nw . '. ';
log_msg($loc, array($msg, "By " . $username));
return $msg;
}
<?php // -------------------------------------------------------------------- // admin.php -- The main admin page. Come here on "admin" in nav menu. // // Created: 12/29/14 DLB // -------------------------------------------------------------------- require_once "../maindef.php"; $loc = rmabs(__FILE__); session_start(); log_page(); CheckLogin(); CheckAdmin(); /* $menubar = array( array( "caption" => "List Users", "href" => "admin_listusers.php"), array( "caption" => "Add User", "href" => "admin_adduser.php"), array( "caption" => "Upload Users", "href" => "admin_uploadusers.php"), array( "caption" => "Show Log", "href" => "admin_showlog.php"), array( "caption" => "Masquerade", "href" => "admin_masquerade.php")); */ include "forms/header.php"; include "forms/nav_form.php"; include "forms/admin_menubar.php"; echo '<div class="content_area">'; echo '<h2>Administration for This Website</h2>'; echo '<p>Use the links above for various admin tasks.</p>'; echo '</div>'; include "forms/footer.php";
function PicFileUpload($FileInfo)
{
$loc = rmabs(__FILE__ . ".PicFileUpload");
DenyGuest();
// Don't allow guests to do this.
$missing = "";
if (!isset($FileInfo["name"])) {
$missing .= '"name" ';
}
if (!isset($FileInfo["type"])) {
$missing .= '"type" ';
}
if (!isset($FileInfo["tmp_name"])) {
$missing .= '"tmp_name" ';
}
if (!isset($FileInfo["error"])) {
$missing .= '"error" ';
}
if (!isset($FileInfo["size"])) {
$missing .= '"size" ';
}
if (!empty($missing)) {
echo 'missing';
log_error($loc, array("Error on Pic Upload.", "Input Array missing elements:", $missing));
return false;
}
$name = $FileInfo["name"];
$type = $FileInfo["type"];
$tmpfile = $FileInfo["tmp_name"];
$errors = $FileInfo["error"];
$size = $FileInfo["size"];
if ($errors != 0) {
echo 'error not zero';
log_error($loc, array("Error on Pic Upload." . "Error Not Zero."));
return false;
}
if ($size <= 0) {
echo 'size';
log_error($loc, "Error on Pic Upload. Size is zero.");
return false;
}
if ($type != "image/jpeg") {
echo 'type';
log_error($loc, "Error on Pic Upload. Wrong Type, should be image/jpeg. Found: " . $type);
return false;
}
$picid = StorePicture($tmpfile, true);
return $picid;
}
function ProcessBulkUsers($filename, &$error_msg)
{
global $config;
$loc = rmabs(__FILE__ . ".ProcessBulkUsers");
$file = fopen($filename, "r");
if ($file === false) {
$error_msg = "Unable to open file.";
return 0;
}
$n_okay = 0;
$n_fail = 0;
$ln = 1;
// The first line is the column headers.
$header = fgetcsv($file);
$ln++;
if ($header === false) {
return $n;
}
// Now, do some sanity checks to make sure we have
// an appropriate file.
if (!in_array("UserName", $header) || !in_array("LastName", $header) || !in_array("FirstName", $header)) {
$error_msg = "Input file does not required columns.";
}
if (!in_array("Password", $header) && !in_array("PasswordHash", $header)) {
$error_msg = "Input file does not a password column.";
}
$tstart = microtime(true);
// Time the entire operation... Don't go over 4 minutes.
$btimeout = false;
while (true) {
$result = set_time_limit(60);
if ($result == false) {
log_error($loc, "Unable to set/reset time limit to 20 seconds.");
}
$data = fgetcsv($file);
$ln++;
if ($data === false) {
break;
}
// Don't process blank lines.
if (count($data) <= 0) {
continue;
}
if (is_null($data[0])) {
continue;
}
// Organize the data into an associtive array
$fields = JoinKeyValues($header, $data);
// Make sure none of the required fields are empty.
if (empty($fields["UserName"]) || empty($fields["LastName"]) || empty($fields["FirstName"]) || empty($fields["Password"]) && empty($fields["PasswordHash"])) {
log_msg($loc, 'User not added. Some requried fields are empty. Line ' . $ln);
$n_fail++;
continue;
}
if (empty($fields["NickName"])) {
$fields["NickName"] = "";
}
if (empty($fields["Title"])) {
$fields["Title"] = "";
}
if (empty($fields["Email"])) {
$fields["Email"] = "";
}
if (empty($fields["Active"])) {
$fields["Active"] = 0;
}
if (empty($fields["Tags"])) {
$fields["Tags"] = "";
}
if (empty($fields["Picture"])) {
$fields["Picture"] = "";
}
if (empty($fields["BadgeID"])) {
$fields["BadgeID"] = "";
}
if (empty($fields["IPT"])) {
$fields["IPT"] = "";
}
$error_msg = CreateNewUser($fields);
if ($error_msg === true) {
$n_okay++;
} else {
log_msg($loc, array('User not added. Line ' . $ln, $error_msg));
$n_fail++;
}
$telp = microtime(true) - $tstart;
if ($telp > 240.0) {
$btimeout = true;
break;
}
}
$error_msg = $n_okay . ' users added. ' . $n_fail . ' failures. ' . $ln . ' lines processed.';
if ($btimeout) {
$error_msg .= ' ** TimeOut Occured, Process aborted. **';
}
log_msg($loc, $error_msg);
}
function GetAllWorkers()
{
$loc = rmabs(__FILE__ . "GetAllWorkers");
$sql = 'SELECT * FROM AllActiveUsersView ORDER BY LastName, FirstName';
$result = SqlQuery($loc, $sql);
$d = array();
while ($row = $result->fetch_assoc()) {
$tags = ArrayFromSlashStr($row["Tags"]);
if (CheckArrayForEasyMatch($tags, "worker")) {
$row["AbbrivatedName"] = MakeAbbrivatedName($row);
$d[] = $row;
}
}
return $d;
}
function FindUser($fieldname, $info)
{
$loc = rmabs(__FILE__ . ".FindUser");
if ($fieldname == "UserID") {
$userinfo = GetUserInfo(intval($info));
if (!$userinfo) {
return false;
}
return $userinfo["UserID"];
}
if ($fieldname == "FullName") {
// Very inefficent but can work.
// Must do it this way cause some people have three parts to their name.
$sql = 'SELECT * FROM Users';
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
$fullname = $row["FirstName"] . ' ' . $row["LastName"];
if (trim($info) == trim($fullname)) {
return $row["UserID"];
}
}
return false;
}
if ($fieldname == "UserName") {
$sql = 'SELECT * FROM Users WHERE UserName="******"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows != 1) {
return false;
}
$row = $result->fetch_assoc();
return $row["UserID"];
}
if ($fieldname == "LastNameFirst") {
$words = explode(",", $info);
if (count($words) != 2) {
return false;
}
$lastname = trim($words[0]);
$firstname = trim($words[1]);
$sql = 'SELECT * FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows != 1) {
return false;
}
$row = $result->fetch_assoc();
return $row["UserID"];
}
log_error($loc, "Should be unreachable code. ");
return false;
}
