Esempio n. 1
0
$pagestyle = array();
$sqltext = "SELECT * from staff WHERE staffid=?";
// print "<br/>$sqltext";
$q = $db->select($sqltext, array($staffid), 'i');
$r = $q[0];
$addsid = $r->addsid;
$errors = array();
if (isset($_GET['go']) && $_GET['go'] == "y") {
    // Add to Address table
    $addsid = db_updateAddress($_POST, $addsid);
    // Update DB
    $staffUpdate = new Staff();
    $staffUpdate->setStaffid($staffid);
    $staffUpdate->setFname($_POST['fname']);
    $staffUpdate->setSname($_POST['sname']);
    $staffUpdate->setJobtitle($_POST['jobtitle']);
    $staffUpdate->updateDB();
    header("Location: /");
    exit;
}
$pagetitle = "Edit Staff Member";
$pagescript = array();
$pagestyle = array();
if ($seclevel > 3 && $r->staffid != $staffid) {
    header("Location: /staff/?Oooopppsss=1");
    exit;
}
include "tmpl/header.php";
?>

<h1>
Esempio n. 2
0
foreach ($fields as $field) {
    if (!isset($_POST[$field])) {
        $_POST[$field] = '';
    }
}
if (isset($_GET['go']) && $_GET['go'] == "y") {
    $logContent = "";
    $pw = generatePassword();
    // Add to Address table
    $addsid = db_addAddress($_POST);
    # Insert into DB
    $staffNew = new Staff();
    $staffNew->setFname($_POST['fname']);
    $staffNew->setSname($_POST['sname']);
    $staffNew->setAddsid($addsid);
    $staffNew->setJobtitle($_POST['jobtitle']);
    $stfid = $staffNew->insertIntoDB();
    $usr = generateStafflogon($_POST['fname'], $_POST['sname']);
    $staffPwd = mkPwd($pw);
    # Insert Pwd into DB
    $pwdNew = new Pwd();
    $pwdNew->setUsr($usr);
    $pwdNew->setStaffid($stfid);
    $pwdNew->setPw($staffPwd);
    $pwdNew->insertIntoDB();
    file_put_contents('/etc/athenace/pwd', "Staff\t{$stfid}\t{$usr}\t{$pw}\n", FILE_APPEND);
    $logresult = logEvent(15, $logContent);
    $done = 1;
}
include "../tmpl/header.php";
if ($done) {