function confirm($_POST) { # get vars foreach ($_POST as $key => $value) { ${$key} = $value; } # validate input require_lib("validate"); $v = new validate(); $v->isOk($password, "string", 1, 20, "Invalid password."); $v->isOk($passwd, "string", 1, 20, "Invalid new password."); $v->isOk($passwd2, "string", 1, 20, "Invalid new password."); $v->pwMatch($passwd, $passwd2, "New Passwords do not match."); # display errors, if any if ($v->isError()) { $confirm = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $confirm .= "<li class=err>-" . $e["msg"] . "<br>"; } return $confirm . "</li>" . view(); } # Make MD#5 of old password $MD5_PASS = md5($password); db_connect(); $sql = "SELECT * FROM users WHERE username = '******'"; $rslt = db_exec($sql) or errDie("Unable to insert stock category to Cubit.", SELF); $user = pg_fetch_array($rslt); if ($MD5_PASS != $user['password']) { return "<li class=err> - Invalid Old Password</li>" . view(); } // Layout $confirm = "<h3>Change Password</h3>\r\n\t<h4>Confirm entry</h4>\r\n\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "'>\r\n\t<form action='" . SELF . "' method=post>\r\n\t<input type=hidden name=key value=write>\r\n\t<input type=hidden name=password value='{$password}'>\r\n\t<input type=hidden name=passwd value='{$passwd}'>\r\n\t<tr><th width=40%>Field</th><th width=60%>Value</th></tr>\r\n\t<tr class='bg-odd'><td>Username</td><td>" . USER_NAME . "</td></tr>\r\n\t<tr class='bg-odd'><td>New Password</td></td><td>******</td></tr>\r\n\t<tr><td><br></td></tr>\r\n\t<tr><td></td><td align=right><input type=submit value='Write »'></td></tr>\r\n\t</form>\r\n\t</table>\r\n\t<p>\r\n\t<table border=0 cellpadding='" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width=100>\r\n\t\t<tr><th>Quick Links</th></tr>\r\n\t\t<tr class='bg-odd'><td><a href='main.php'>Main Menu</a></td></tr>\r\n\t</table>"; return $confirm; }
function confirmUser($_POST) { extract($_POST); # validate input require_lib("validate"); $v = new validate(); $v->isOk($oldusrnme, "string", 1, 20, "Invalid old username."); $v->isOk($username, "string", 1, 20, "Invalid username."); $v->isOk($chgpass, "string", 2, 3, "Tempering with 'change pass' detected."); # change to upper case $chgpass = strtoupper($chgpass); # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "<li class='err'>" . $e["msg"] . "</li>"; } $theseErrors .= "\n\t\t\t<p>\n\t\t\t<input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>Quick Links</th>\n\t\t\t\t</tr>\n\t\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t\t</table>"; return $theseErrors; } $OUTPUT = ""; db_conn("cubit"); if ($chgpass == "YES") { $v->isOk($password, "string", 1, 20, "Invalid password."); $v->isOk($password2, "string", 1, 20, "Invalid password."); $v->pwMatch($password, $password2, "Passwords do not match."); # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "<li class='err'>" . $e["msg"] . "</li>"; } $theseErrors .= "<p><input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>"; return $theseErrors; } # make MD#5 of new password $MD5_PASS = md5($password); } else { $sql = db_exec("SELECT password FROM users WHERE username='******'"); if (pg_num_rows($sql) < 1) { errDie("No such user :/", SELF); } $MD5_PASS = pg_result($sql, 0, 0); } $_POST['MD5_PASS'] = $MD5_PASS; $_POST['empnum'] = $empnum; $_POST['tool'] = $tool; // write user $OUTPUT .= writeUser($_POST); db_connect(); #we only remove the department that the user selected ... $get_dept_scripts = "SELECT script FROM deptscripts WHERE dept = '{$old_dept}'"; $run_dept_scripts = db_exec($get_dept_scripts) or errDie("Unable to get department script information."); if (pg_numrows($run_dept_scripts) < 1) { #no scripts for this department } else { while ($ddarr = pg_fetch_array($run_dept_scripts)) { $Sql = "DELETE FROM userscripts WHERE username='******' AND script = '{$ddarr['script']}'"; $Ex = db_exec($Sql) or errDie("Unable to clear old user script permissions."); } } // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'top_menu.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'getimg.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary-day.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary-day.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'todo.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index_die.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index-services.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); #add permissions from this department if (isset($perm) and $perm != '') { foreach ($perm as $key => $value) { $sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$value}', '" . USER_DIV . "')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } } #add whole department if they were selected if (isset($deps)) { foreach ($deps as $key => $value) { $sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'"; $depRs = db_exec($sql); while ($depscr = pg_fetch_array($depRs)) { $sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$depscr['script']}', '" . USER_DIV . "')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } } } #remove whole departments if they were selected if (isset($depsrem)) { foreach ($depsrem as $key => $value) { $sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'"; $depRs = db_exec($sql); while ($depscr = pg_fetch_array($depRs)) { $sql = "DELETE FROM userscripts WHERE username='******' AND script='{$depscr['script']}'"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } } } // Provide some info on status $OUTPUT = "\n\t\t<table " . TMPL_tblDflts . " width='50%'>\n\t\t\t<tr>\n\t\t\t\t<th>Committed changes to user</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>User, {$username}, was successfully edited.</td>\n\t\t\t</tr>\n\t\t</table>"; $OUTPUT .= editUser($_POST); return $OUTPUT; }
function writeUser($_POST) { # get vars foreach ($_POST as $key => $value) { ${$key} = $value; } # validate input require_lib("validate"); $v = new validate(); $v->isOk($username, "string", 1, 20, "Invalid user name."); $v->isOk($password, "string", 6, 20, "Invalid password."); $v->isOk($password2, "string", 6, 20, "Invalid password 2."); $v->pwMatch($password, $password2, "Passwords do not match."); # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "<li class=err>" . $e["msg"]; } $theseErrors .= "<p><input type=button onClick='JavaScript:history.back();' value='« Correct submission'>"; return $theseErrors; } # connect to db db_connect(); # exit if user exists $sql = "SELECT username FROM users WHERE username='******'"; $usrRslt = db_exec($sql) or errDie("Unable to check database for existing username."); if (pg_numrows($usrRslt) > 0) { return "User, {$username}, already exists in database."; } # get md5 hash of password $password = md5($password); $sql = "INSERT INTO users (username, password) VALUES ('{$username}', '{$password}')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); # write defualt permissions $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'new_con.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'die_day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'req_gen.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'die_one.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'die_view.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_cons.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_reqs.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'view_req.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); # write permissions if (isset($perm)) { foreach ($perm as $key => $value) { $sql = "SELECT script FROM deptscripts WHERE dept = '{$value}'"; $depRs = db_exec($sql); while ($depscr = pg_fetch_array($depRs)) { $sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', '{$depscr['script']}')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } } } # status report $writeUser = "******" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width='50%'>\r\n <tr><th>New user added to database</th></tr>\r\n <tr class=datacell><td>New user, {$username}, was successfully added to Cubit.</td></tr>\r\n </table>\r\n <p>\r\n <tr>\r\n <table border=0 cellpadding='2' cellspacing='1'>\r\n <tr><th>Quick Links</th></tr>\r\n <tr bgcolor='#88BBFF'><td><a href='admin-usradd.php'>Add another user</a></td></tr>\r\n <script>document.write(getQuicklinkSpecial());</script>\r\n <tr bgcolor='#88BBFF'><td><a href='main.php'>Main Menu</a></td></tr>\r\n </tr>"; return $writeUser; }
function writeUser($_POST) { # get vars foreach ($_POST as $key => $value) { ${$key} = $value; } # validate input require_lib("validate"); $v = new validate(); $v->isOk($div, "num", 1, 20, "Invalid Branch."); $v->isOk($username, "string", 1, 20, "Invalid user name."); $v->isOk($password, "string", 1, 20, "Invalid password."); //$v->isOk ($tool, "string", 1, 3, "Invalid tooltips selection."); if ($postype != 'P' && $postype != 'S') { $v->addError("", "Invalid POS user."); } $v->isOk($username, "string", 1, 20, "Invalid user name."); $username2 = str_replace(" ", "", $username); if (strlen($username) > strlen($username2)) { $v->addError("", "Error : user name must not contain spaces."); } $v->isOk($div, "num", 1, 20, "Invalid Branch."); $v->isOk($password, "string", 1, 20, "Invalid password."); if ($postype != 'P' && $postype != 'S') { $v->addError("", "Invalid POS user."); } if (isset($f1)) { $v->isOk($password2, "string", 1, 20, "Invalid password 2."); $v->pwMatch($password, $password2, "Passwords do not match."); } # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "-" . $e["msg"] . "<br>"; } $theseErrors = "<tr><td class=err colspan=2>{$theseErrors}</td></tr>\n\t\t<tr><td colspan=2><br></td></tr>"; return enterUser($username, $postype, $manager == "Yes" ? true : false, $theseErrors); exit; } # connect to db db_connect(); if (!isset($admin)) { $admin = 0; } if (isset($f2)) { # exit if user exists $sql = "SELECT username FROM users WHERE username='******'"; $usrRslt = db_exec($sql) or errDie("Unable to check database for existing username."); if (pg_numrows($usrRslt) > 0) { return "User, {$username}, already exists in database."; } # get md5 hash of password $password = md5($password); if ($manager == "Yes") { $abo = 1000; } else { $abo = 0; } $sql = "INSERT INTO users (username, password, services_menu, admin,div, usertype,abo)\n\t\tVALUES ('{$username}', '{$password}', 'L', {$admin}, '{$div}', '{$postype}','{$abo}')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } else { // update the admin variable db_exec("UPDATE users SET admin={$admin} WHERE username='******'"); } $Sql = "DELETE FROM userscripts WHERE username='******'"; $Ex = db_exec($Sql); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'top_menu.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'diary-day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'glodiary-day.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'todo.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index_die.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-services.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-new.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-slip.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'pos-invoice-print.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); $Sql = "INSERT INTO userscripts (username, script) VALUES ('{$username}', 'index-sales.php')"; $Ex = db_exec($Sql) or errDie("Unable to add user to database."); # status report $writeUser = "******" . TMPL_tblCellPadding . "' cellspacing='" . TMPL_tblCellSpacing . "' width='50%'>\n <tr><th>New user added to database</th></tr>\n <tr class=datacell><td>New user, {$username}, was successfully added to Cubit.</td></tr>\n </table>\n <p>\n <tr>\n <table border=0 cellpadding='2' cellspacing='1'>\n <tr><th>Quick Links</th></tr>\n <tr bgcolor='#88BBFF'><td><a href='" . SELF . "'>Add another user</a></td></tr>\n <tr bgcolor='#88BBFF'><td><a href='main.php'>Main Menu</a></td></tr>\n </tr>"; return $writeUser; }
function confirmUser($_POST) { # Get vars extract($_POST); # validate input require "libs/validate.lib.php"; $v = new validate(); $v->isOk($username, "string", 1, 20, "Invalid user name."); $username2 = str_replace(" ", "", $username); if (strlen($username) > strlen($username2)) { $v->isOk($username, "num", 0, 0, "Error : user name must not contain spaces."); } $v->isOk($div, "num", 1, 20, "Invalid Branch."); $v->isOk($password, "string", 1, 20, "Invalid password."); if (isset($f1)) { $v->isOk($password2, "string", 1, 20, "Invalid password 2."); $v->pwMatch($password, $password2, "Passwords do not match."); } $v->isOk($tool, "string", 1, 3, "Invalid tooltips selection."); $v->isOk($ispos, "string", 1, 3, "Invalid POS user selection."); # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "-" . $e["msg"] . "<br>"; } $theseErrors = "\n\t\t<tr>\n\t\t\t<td class='err' colspan='2'>{$theseErrors}</td>\n\t\t</tr>\n\t\t<tr>\n\t\t\t<td colspan='2'><br></td>\n\t\t</tr>"; return enterUser($username, $theseErrors); exit; } if (!isset($dept_sel)) { $dept_sel = "0"; } # Get branch name db_connect(); $sql = "SELECT branname FROM branches WHERE div = '{$div}'"; $branRslt = db_exec($sql); $bran = pg_fetch_array($branRslt); if (isset($f1)) { $ex = "<input type='hidden' name='f2' value=''>"; # exit if user exists $sql = "SELECT username FROM users WHERE username = '******'"; $usrRslt = db_exec($sql) or errDie("Unable to check cubit for existing username."); if (pg_numrows($usrRslt) > 0) { return "\n\t\t\t\t<li class='err'>User, {$username}, already exists in cubit.</li>\n\t\t\t\t<br>\n\t\t\t\t" . mkQuickLinks(ql("admin-usradd.php", "Add New User")); } } else { $ex = ""; } require "locale_codes.php"; $ar_locale = explode("_", $locale); // Retrieve the name of the langauge foreach ($ar_languages as $lang_name => $lang_code) { if ($ar_locale[0] == $lang_code) { $language = $lang_name; } } // Retrieve the name of the country foreach ($ar_countries as $country_name => $country_code) { if ($ar_locale[1] == $country_code) { $country = $country_name; } } if ($empnum) { $sql = "SELECT sname, fnames, enum FROM cubit.employees WHERE empnum='{$empnum}'"; $emp_rslt = db_exec($sql) or errDie("Unable to retrieve employee."); $emp_data = pg_fetch_array($emp_rslt); $employee = "{$emp_data['sname']} {$emp_data['fnames']} - {$emp_data['enum']}"; } else { $employee = "[None]"; } if (isset($payroll_group) and is_array($payroll_group)) { $sendpayroll = ""; foreach ($payroll_group as $each) { $sendpayroll .= "<input type='hidden' name='payroll_group[]' value='{$each}'>"; } } $confirmUser = "******" . TMPL_tblDflts . ">\n\t\t<form action='" . SELF . "' method='POST' name='form'>\n\t\t\t<input type='hidden' name='key' value='write'>\n\t\t\t<input type='hidden' name='username' value='{$username}'>\n\t\t\t<input type='hidden' name='div' value='{$div}'>\n\t\t\t<input type='hidden' name='password' value='{$password}'>\n\t\t\t<input type='hidden' name='locale' value='{$locale}'>\n\t\t\t<input type='hidden' name='tool' value='{$tool}'>\n\t\t\t<input type='hidden' name='ispos' value='{$ispos}'>\n\t\t\t<input type='hidden' name='empnum' value='{$empnum}' />\n\t\t\t<input type='hidden' name='old_dept' value='{$dept_sel}' />\n\t\t\t{$sendpayroll}\n\t\t\t{$ex}\n\t\t\t<tr>\n\t\t\t\t<th>Field</th>\n\t\t\t\t<th>Value</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Username</td>\n\t\t\t\t<td>{$username}</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Password</td>\n\t\t\t\t<td>*</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Locale</td>\n\t\t\t\t<td>{$language} ({$country})</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Show Tooltips</td>\n\t\t\t\t<td>{$tool}</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>POS User</td>\n\t\t\t\t<td>{$ispos}</td>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>Employee</td>\n\t\t\t\t<td>{$employee}</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td><br></td>\n\t\t\t</tr>\n\t\t</table>"; if ($ispos == 'No') { // add the department selection $confirmUser .= "\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>User Settings</th>\n\t\t\t\t</tr>"; // create the administrator setting $rslt = db_exec("SELECT admin FROM users WHERE username='******' "); if (pg_num_rows($rslt) == 0 || pg_result($rslt, 0, 0) == 0) { $Ch = ""; } else { $Ch = "checked"; } $confirmUser .= "\n\t\t\t<tr bgcolor=" . bgcolorg() . ">\n\t\t\t\t<td><input {$Ch} type='checkbox' name='admin' value='1'> ADMINISTRATOR</td>\n\t\t\t</tr>"; $confirmUser .= "\n\t\t\t</table>\n\t\t\t<br>"; // add the department selection $confirmUser .= "\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<td align='right' colspan='3'><input type='submit' name='doneBtn' value='Done »'></td>\n\t\t\t\t</tr>\n\t\t\t\t" . TBL_BR . "\n\t\t\t</table>\n\t\t\t<br>"; $get_depts = "SELECT * FROM depts ORDER BY dept"; $run_depts = db_exec($get_depts) or errDie("Unable to get department information."); if (pg_numrows($run_depts) < 1) { return "<li class='err'>No Department Information Found.</li>"; } else { $department_drop = "<select name='dept_sel' onChange='document.form.submit()'>"; $department_drop .= "<option value='0'>Select Department</option>"; while ($darr = pg_fetch_array($run_depts)) { if ($dept_sel == $darr['deptid']) { $department_drop .= "<option value='{$darr['deptid']}' selected>{$darr['dept']}</option>"; } else { $department_drop .= "<option value='{$darr['deptid']}'>{$darr['dept']}</option>"; } } $department_drop .= "</select>"; } $confirmUser .= "\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>Select Department</th>\n\t\t\t\t</tr>\n\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t<td>{$department_drop}</td>\n\t\t\t\t</tr>\n\t\t\t\t" . TBL_BR . "\n\t\t\t</table>"; $confirmUser .= "\n\t\t\t<table " . TMPL_tblDflts . " width='65%'>\n\t\t\t\t<tr>\n\t\t\t\t\t<th colspan='4'>Select user Permissions</th>\n\t\t\t\t</tr>\n\t\t\t\t<tr>\n\t\t\t\t\t<td valign='top' colspan='2'>\n\t\t\t\t\t\t<table width='100%' cellpadding='1' cellspacing='1'>"; db_connect(); $sql = "SELECT * FROM depts WHERE deptid = '{$dept_sel}'"; $rslt = db_exec($sql); $i = 0; while ($dep = pg_fetch_array($rslt)) { $confirmUser .= "\n\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t<td colspan='2'><input type='submit' name='deps[{$dep['deptid']}]' value='Add'><input type='submit' name='depsrem[{$dep['deptid']}]' value='Remove'> {$dep['dept']}</td>\n\t\t\t\t</tr>"; $sql = "SELECT * FROM deptscripts WHERE dept='{$dep['deptid']}' ORDER BY script"; $srslt = db_exec($sql); $i++; // Remove checked = yes on the $confirmUser line in this while loop while ($scr = pg_fetch_array($srslt)) { $Tp['script'] = $scr['scriptname']; $Sql = "SELECT script FROM userscripts WHERE username='******' and script='{$scr['script']}' LIMIT 1"; $Ex = db_exec($Sql); if (pg_numrows($Ex) > 0) { $Ch = "checked"; } else { $Ch = ""; } $Tp['script'] = strtoupper($Tp['script']); $confirmUser .= "\n\t\t\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t\t\t<td colspan='2'>\n\t\t\t\t\t\t\t<table>\n\t\t\t\t\t\t\t\t<tr>\n\t\t\t\t\t\t\t\t\t<td>.....</td>\n\t\t\t\t\t\t\t\t\t<td><input type='checkbox' name='perm[]' {$Ch} value='{$scr['script']}'></td>\n\t\t\t\t\t\t\t\t\t<td>{$Tp['script']}</td>\n\t\t\t\t\t\t\t\t</tr>\n\t\t\t\t\t\t\t</table>\n\t\t\t\t\t\t</td>\n\t\t\t\t\t</tr>"; } $confirmUser .= "<tr class='" . bg_class() . "'><td colspan=2><br></td></tr>"; if ($i == "9") { $confirmUser .= "\n\t\t\t\t\t\t</table>\n\t\t\t\t\t</td>\n\t\t\t\t\t<td valign='top'>\n\t\t\t\t\t\t<table width='100%' cellpadding='1' cellspacing='1'>"; } } } $confirmUser .= "\n\t\t\t\t\t</table>\n\t\t\t\t</td>\n\t\t\t</tr>\n\t\t\t<tr>\n\t\t\t\t<td align='right' colspan='3'><input type='submit' name='doneBtn' value='Done »'></td>\n\t\t\t</tr>\n\t\t</form>\n\t\t</table>\n\t\t<p>\n\t\t<table " . TMPL_tblDflts . ">\n\t\t\t<tr>\n\t\t\t\t<th>Quick Links</th>\n\t\t\t</tr>\n\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t</table>"; return $confirmUser; }