function displayUpdateProfile($config) { //Get pass search results //var_dump($_POST); //DEBUG $foundUserFNAME = ''; $foundUserLNAME = ''; $foundUserName = ''; $foundUserID = $_SESSION['userIDnum']; $totalRows = isset($_POST['totalRows']) ? $_POST['totalRows'] : 0; if ($totalRows > 0) { //get post info providied from search results for ($i = 0; $i <= $totalRows; $i++) { if (isset($_POST['foundUser' . $i])) { $foundUserID = $_POST['foundUserID' . $i]; break; } //end if } //end for } //end If Nothing passed $mysqli = $config->mysqli; if (isset($_POST['updateBtn'])) { $fname = isset($_POST['fname']) ? $mysqli->real_escape_string(strtoupper($_POST['fname'])) : false; $lname = isset($_POST['lname']) ? $mysqli->real_escape_string(strtoupper($_POST['lname'])) : false; $rankID = isset($_POST['rankID']) ? $mysqli->real_escape_string($_POST['rankID']) : ''; $divisionID = isset($_POST['divisionID']) ? $mysqli->real_escape_string($_POST['divisionID']) : false; $assignID = isset($_POST['assignID']) ? $mysqli->real_escape_string($_POST['assignID']) : false; $supvID = isset($_POST['supvID']) ? $mysqli->real_escape_string($_POST['supvID']) : false; $hireDate = isset($_POST['hireDate']) ? $mysqli->real_escape_string($_POST['hireDate']) : false; $radioID = isset($_POST['radioID']) ? $mysqli->real_escape_string($_POST['radioID']) : false; $munisID = isset($_POST['munisID']) ? $mysqli->real_escape_string($_POST['munisID']) : false; $userID = isset($_POST['userID']) ? $mysqli->real_escape_string($_POST['userID']) : false; $address = isset($_POST['address']) ? $mysqli->real_escape_string($_POST['address']) : false; $hphone = isset($_POST['hphone']) ? $mysqli->real_escape_string($_POST['hphone']) : false; $cphone = isset($_POST['cphone']) ? $mysqli->real_escape_string($_POST['cphone']) : false; $wphone = isset($_POST['wphone']) ? $mysqli->real_escape_string($_POST['wphone']) : false; $dob = isset($_POST['dob']) ? $mysqli->real_escape_string($_POST['dob']) : false; $emergency = isset($_POST['emergency']) ? $mysqli->real_escape_string($_POST['emergency']) : false; $postAminLvl = isset($_POST['adminLvl']) ? $mysqli->real_escape_string($_POST['adminLvl']) : "0"; $email = isset($_POST['empEmail']) ? $mysqli->real_escape_string($_POST['empEmail']) : false; if ($config->adminLvl >= 50) { $myq = "UPDATE `EMPLOYEE` SET \n `MUNIS` = '" . $munisID . "',\n `LNAME` = '" . $lname . "',\n `FNAME` = '" . $fname . "',\n `GRADE` = '" . $rankID . "',\n `DIVISIONID` = '" . $divisionID . "',\n `SUPV` = '" . $supvID . "',\n `ASSIGN` = '" . $assignID . "',\n `TIS` = '" . Date('Y-m-d', strtotime($hireDate)) . "', \n `RADIO` = '" . $radioID . "',\n ADDRESS = '" . $address . "',\n HOMEPH = '" . $hphone . "',\n CELLPH = '" . $cphone . "',\n WORKPH = '" . $wphone . "',\n EMAIL = '" . $email . "',\n DOB = '" . Date('Y-m-d', strtotime($dob)) . "',\n EMERGCON = '" . $emergency . "',\n ADMINLVL = '" . $postAminLvl . "',\n IS_VERIFY = 1,\n AUDITID = '" . $_SESSION['userIDnum'] . "',\n AUDIT_TIME = NOW(),\n AUDIT_IP = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')\n WHERE IDNUM = '" . $userID . "'"; } else { $myq = "UPDATE `EMPLOYEE` SET \n `MUNIS` = '" . $munisID . "',\n `LNAME` = '" . $lname . "',\n `FNAME` = '" . $fname . "',\n `GRADE` = '" . $rankID . "',\n `DIVISIONID` = '" . $divisionID . "',\n `SUPV` = '" . $supvID . "',\n `ASSIGN` = '" . $assignID . "', \n AUDITID = '" . $_SESSION['userIDnum'] . "',\n AUDIT_TIME = NOW(),\n AUDIT_IP = INET_ATON('" . $_SERVER['REMOTE_ADDR'] . "')\n WHERE IDNUM = '" . $userID . "'"; } //popUpMessage($myq); //DEBUG //Perform SQL Query $result = $mysqli->query($myq); //show SQL error msg if query failed if (!SQLerrorCatch($mysqli, $result)) { echo "Successfully Updated Profile<br />"; } else { echo "Did not Update<br />"; } $fromVerify = strcmp(isset($_POST['formName']) ? $_POST['formName'] : false, "userVerify") == 0 ? true : false; if ($fromVerify) { echo '<form method="POST"><input type="button" name="backToVerify" value="Back To Users To Verify List" onClick="this.form.action=' . "'?userVerify=true'" . ';this.form.submit()" /></form>'; } } else { //Get stored information (first view) $sql_user = strtoupper($mysqli->real_escape_string($foundUserID)); $myq = "SELECT * FROM EMPLOYEE WHERE IDNUM=" . $foundUserID; $result = $mysqli->query($myq); //show SQL error msg if query failed if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } //no loop, should be exactly one result $resultAssoc = $result->fetch_assoc(); $fname = $resultAssoc['FNAME']; $lname = $resultAssoc['LNAME']; $rankID = $resultAssoc['GRADE']; $divisionID = $resultAssoc['DIVISIONID']; $assignID = $resultAssoc['ASSIGN']; $supvID = $resultAssoc['SUPV']; $hireDate = $resultAssoc['TIS']; $radioID = $resultAssoc['RADIO']; $munisID = $resultAssoc['MUNIS']; $address = $resultAssoc['ADDRESS']; $hphone = $resultAssoc['HOMEPH']; $cphone = $resultAssoc['CELLPH']; $wphone = $resultAssoc['WORKPH']; $email = $resultAssoc['EMAIL']; $dob = $resultAssoc['DOB']; $emergency = $resultAssoc['EMERGCON']; $adminLvl = $resultAssoc['ADMINLVL']; $username = strtoupper($_SESSION['userName']); ?> <form name="update" method="post" action="<?php echo $_SERVER['REQUEST_URI']; ?> "> <input type="hidden" name="formName" value="updateProfile" /> <?php //how does this double overloaded call work!!!! $fromVerify = strcmp(isset($_POST['formName']) ? $_POST['formName'] : false, "userVerify") == 0 ? true : false; if ($fromVerify) { echo '<input type="button" name="backToVerify" value="Back To Users To Verify List" onClick="this.form.action=' . "'?userVerify=true'" . ';this.form.submit()" /> <input type="hidden" name="formName" value="userVerify" />'; } ?> </div><div align="center" class="login"> <table> <?php if ($_SESSION['admin'] >= 25) { echo "<tr><td>User: </td><td>"; if ($totalRows > 0) { echo $lname . ', ' . $fname . ' '; echo '<input type="hidden" name="userID" value="' . $foundUserID . '" />'; echo '<input type="hidden" name="totalRows" value="1" />'; echo '<input type="hidden" name="foundUserName1" value="' . $foundUserID . '" />'; } else { echo $_SESSION['userName'] . " "; echo '<input type="hidden" name="userID" value="' . $_SESSION['userIDnum'] . '" />'; } displayUserLookup($config); echo '<input type="hidden" name="searchReserves" value="false" />'; echo '</td></tr>'; } else { ?> <h3>Username: <?php echo $username; ?> </h3> <input type="hidden" name="userID" value="<?php echo $foundUserID; ?> " /> <?php } ?> <tr><td>First Name: </td><td><input name="fname" type="text" <?php if (!$fname) { showInputBoxError(); } else { echo 'value="' . $fname . '"'; } ?> /></td></tr> <tr><td>Last Name: </td><td><input name="lname" type="text" <?php if (!$lname) { showInputBoxError(); } else { echo 'value="' . $lname . '"'; } ?> /></td></tr> <?php echo "<tr><td>Division:</td><td>"; displayDivisionID("divisionID", $divisionID); echo "</td></tr>"; echo "<tr><td>Supervisor:</td><td>"; displaySUPVDropDown("supvID", $supvID); echo "</td></tr>"; //Payrate dependent if ($config->adminLvl >= 50) { echo "<tr><td>Rank:</td><td>"; displayRanks("rankID", $rankID); echo "</td></tr>"; echo "<tr><td>Assigned Shift:</td><td>"; displayAssign("assignID", $assignID); echo "</td></tr>"; ?> <tr><td>MUNIS ID: </td><td><input name="munisID" type="text" <?php if (!$munisID) { showInputBoxError(); } else { echo 'value="' . $munisID . '"'; } ?> /></td></tr> <?php } else { ?> <input type="hidden" name="rankID" value="<?php echo $rankID; ?> " /> <input type="hidden" name="assignID" value="<?php echo $assignID; ?> " /> <input type="hidden" name="munisID" value="<?php echo $munisID; ?> " /> <?php } if ($config->adminLvl >= 50) { ?> <tr><td>Hire Date: </td><td><?php displayDateSelect("hireDate", "date_1", $hireDate, $required = true); ?> </td></tr> <tr><td>Radio Number: </td><td><input name="radioID" type="text" <?php if (!$radioID) { showInputBoxError(); } else { echo 'value="' . $radioID . '"'; } ?> /></td></tr> <tr><td >Address: </td><td><textarea rows="3" cols="40" name="address" <?php if (!$address) { showInputBoxError(); } ?> ><?php echo $address; ?> </textarea></td></tr> <tr><td>Home Phone: </td><td><input name="hphone" type="text" <?php if (!$hphone && !$cphone && !$wphone) { showInputBoxError(); } else { echo 'value="' . $hphone . '"'; } ?> /></td></tr> <tr><td>Cell Phone: </td><td><input name="cphone" type="text" <?php if (!$hphone && !$cphone && !$wphone) { showInputBoxError(); } else { echo 'value="' . $cphone . '"'; } ?> /></td></tr> <tr><td>Work Phone: </td><td><input name="wphone" type="text" <?php if (!$hphone && !$cphone && !$wphone) { showInputBoxError(); } else { echo 'value="' . $wphone . '"'; } ?> /></td></tr> <tr><td>Email: </td><td><input size="40" name="empEmail" type="text" <?php if (!$email) { showInputBoxError(); } else { echo 'value="' . $email . '"'; } ?> /></td></tr> <tr><td>Date of Birth: </td><td><?php displayDateSelect("dob", "date_2", $dob, $required = true); ?> </td></tr> <tr><td>Emergency Contact: </td><td><textarea rows="2" cols="40" name="emergency" <?php if (!$emergency) { showInputBoxError(); } ?> ><?php echo $emergency; ?> </textarea></td></tr> <tr><td>Admin Level:</td><td><?php selectAdminLevel($config, $adminLvl); ?> </td></tr> <tr><td></td><td><input type="submit" name="updateBtn" value="Update Profile" /></td></tr> <?php } else { ?> <tr><td>Hire Date: </td><td><?php echo $hireDate; ?> </td></tr> <tr><td>Radio Number: </td><td> <?php echo $radioID; ?> </td></tr> <tr><td>Address: </td><td> <?php echo $address; ?> </td></tr> <tr><td>Home Phone: </td><td> <?php echo $hphone; ?> </td></tr> <tr><td>Cell Phone: </td><td> <?php echo $cphone; ?> </td></tr> <tr><td>Work Phone: </td><td> <?php echo $wphone; ?> </td></tr> <tr><td>Email: </td><td><?php echo $email; ?> </td></tr> <tr><td>Date of Birth: </td><td><?php echo $dob; ?> </td></tr> <tr><td>Emergency Contact: </td><td> <?php echo $emergency; ?> </td></tr> <tr><td></td><td><?php if ($_SESSION['userIDnum'] == $foundUserID || $config->adminLvl >= 25) { echo '<input type="submit" name="updateBtn" value="Update Profile" />'; } ?> </td></tr> <?php } ?> </table> </div><div class="clear"></div> </form> <div class="divider"></div> <?php } }
function displayAdminAnnounce($config) { echo '<div align="center"><h2>Announcement Manager</h3></div> '; if ($config->adminLvl >= 30) { $editorDisplay = isset($_GET['editAnnounce']) ? $_GET['editAnnounce'] : false; if (!$editorDisplay && !isset($_POST['addAnnounce'])) { //Show available announcements to edit (or add new) $mysqli = connectToSQL(); $myq = "SELECT * FROM `NEWS` WHERE 1"; $result = $mysqli->query($myq); if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } $result->data_seek(0); while ($row = $result->fetch_assoc()) { echo '<a href="' . $_SERVER['REQUEST_URI'] . '&editAnnounce=' . $row['IDNUM'] . '" >' . $row['TITLE'] . '</a><br /> Published: ' . $row['TSTAMP'] . ' <br />by ' . $row['AUDITID'] . '<br /><br />'; } ?> <form action="<?php echo $_SERVER['REQUEST_URI']; ?> " method="post" name="registerform"> <input type="submit" name="addAnnounce" value="Add Announcement" /> </form> <?php } if (isset($_GET['editAnnounce'])) { //User attempting to edit, get passed form fields $editorID = isset($_POST['editorID']) ? $_POST['editorID'] : $_GET['editAnnounce']; $editorTitle = isset($_POST['editorTitle']) ? $_POST['editorTitle'] : ''; $editorShort = isset($_POST['editorShort']) ? $_POST['editorShort'] : ''; $editorDivID = isset($_POST['editorDivID']) ? $_POST['editorDivID'] : ''; $editorOldShort = isset($_POST['editorOldShort']) ? $_POST['editorOldShort'] : ''; $editorPublish = isset($_POST['editorPublish']) ? $_POST['editorPublish'] : '1'; $editorData = isset($_POST['editor110']) ? $_POST['editor110'] : ''; if (isset($_POST['editor110']) && !isset($_POST['editorPublish'])) { $editorPublish = 0; } if (!isset($_POST['editorOldShort'])) { //no valid announcement was passed so get data within SQL $mysqli = connectToSQL(); $myq = "SELECT `SHORTNAME` , `TITLE` , `BODY` , `PUBLISH`, `DIVID` FROM `NEWS` \r\n WHERE `IDNUM` = '" . $editorID . "'"; $result = $mysqli->query($myq); SQLerrorCatch($mysqli, $result); $result->data_seek(0); $row = $result->fetch_assoc(); $editorTitle = $row['TITLE']; $editorShort = $row['SHORTNAME']; $editorDivID = $row['DIVID']; $editorPublish = $row['PUBLISH']; $editorData = $row['BODY']; } ?> <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?isAnounceAdmin=true" >Back</a> <script type="text/javascript" src="ckeditor/ckeditor.js"></script> <form action ="<?php echo $_SERVER['REQUEST_URI']; ?> " method="post"> <p> <?php echo '<input type="hidden" name="editorID" value="' . $editorID . '" />'; ?> Announcement Title: <input type="text" name="editorTitle" value="<?php if (isset($editorTitle)) { echo $editorTitle; } ?> "/><br /><br /> Short Name: <?php if (isset($editorShort)) { echo $editorShort; } ?> <br /><br /> Publish to Division: <?php displayDivisionID("editorDivID", $editorDivID, $showAllOpt = true); ?> <br/><Br/> <input type="hidden" name="editorOldShort" value="<?php echo $editorShort; ?> " /> Publish Announcement: <input type="checkbox" name="editorPublish" value="1" <?php if ($editorPublish == 0) { } else { echo 'checked="checked"'; } ?> /><br /><br /> <textarea id="editor1" name="editor110"><?php echo $editorData; ?> </textarea> <script type="text/javascript"> CKEDITOR.replace( 'editor110' ); </script> </p> <p> <input type="submit" name="saveBtn" value="Save" /> </p> </form> <?php if (isset($_POST['saveBtn'])) { //User pressed Save Button, so update with presented information $mysqli = connectToSQL(); $myq = "UPDATE `PAYROLL`.`NEWS` SET \r\n `SHORTNAME` = '" . $editorOldShort . "',\r\n `TITLE` = '" . $editorTitle . "',\r\n `BODY` = '" . $editorData . "',\r\n `PUBLISH` = '" . $editorPublish . "',\r\n `DIVID` = '" . $editorDivID . "',\r\n `TSTAMP` = NOW( ),\r\n `AUDITID` = '" . strtoupper($_SESSION['userName']) . "',\r\n `IP` = 'INET_ATON(\\'" . $_SERVER['REMOTE_ADDR'] . "\\')' \r\n WHERE IDNUM= '" . $editorID . "' LIMIT 1 ;"; $result = $mysqli->query($myq); if (!SQLerrorCatch($mysqli, $result)) { addLog($config, 'Announcement Updated with title ' . $editorTitle); echo '<h3>Successful Save</h3>'; } } } if (isset($_POST['addAnnounce'])) { //User pressed Add an Announcement $editorTitle = isset($_POST['editorTitle']) ? $_POST['editorTitle'] : ''; $editorShort = isset($_POST['editorShort']) ? $_POST['editorShort'] : ''; $editorDivID = isset($_POST['editorDivID']) ? $_POST['editorDivID'] : '1'; $editorPublish = isset($_POST['editorPublish']) ? $_POST['editorPublish'] : '1'; $editorData = isset($_POST['editor110']) ? $_POST['editor110'] : ''; if (isset($_POST['editor110']) && !isset($_POST['editorPublish'])) { $editorPublish = 0; } $isShort = false; if (isset($_POST['saveBtn']) && empty($editorShort)) { $isShort = true; } ?> <a href="<?php echo $_SERVER['PHP_SELF']; ?> ?isAnounceAdmin=true" >Back</a> <script type="text/javascript" src="ckeditor/ckeditor.js"></script> <form action ="<?php echo $_SERVER['REQUEST_URI']; ?> " method="post"> <p> Announcement Title: <input type="text" name="editorTitle" value="<?php if (isset($editorTitle)) { echo $editorTitle; } ?> "/><br /><br /> Short Name: <input type="text" name="editorShort" value="<?php if (isset($editorShort)) { echo $editorShort; } ?> " <?php if ($isShort) { echo "style=\"background:#FFFFFF;border:1px solid #FF0000;\""; } ?> /><br /><br /> Publish to Division: <?php displayDivisionID("editorDivID", $editorDivID, $showAllOpt = true); ?> <br/><Br/> Publish Announcement: <input type="checkbox" name="editorPublish" value="1" <?php if ($editorPublish == 0) { } else { echo 'checked="checked"'; } ?> /><br /><br /> <textarea id="editor1" name="editor110"><?php echo $editorData; ?> </textarea> <script type="text/javascript"> CKEDITOR.replace( 'editor110' ); </script> </p> <p> <input type="hidden" name="addAnnounce" value="Add Announcement" /> <input type="submit" name="saveBtn" value="Save" /> </p> </form> <?php if (isset($_POST['saveBtn'])) { //Save button pressed, save data to database $mysqli = connectToSQL(); //$myq = "INSERT INTO `PAYROLL`.`NEWS` (`SHORTNAME`, `TITLE`, `BODY`, `PUBLISH`, `TSTAMP`, `AUDITID`, 'IP') VALUES ('".$editorShort."', '".$editorTitle."', '".$editorData."', '".$editorPublish."', NOW(), 'awturner', '10.1.30.57');"; $myq = "INSERT INTO `NEWS` (`SHORTNAME`, `TITLE`, `BODY`, DIVID, `PUBLISH`, `TSTAMP`, `AUDITID`, `IP`) \r\n VALUES ('" . $editorShort . "', '" . $editorTitle . "', '" . $editorData . "', '" . $editorDivID . "', '" . $editorPublish . "', NOW(), '" . strtoupper($_SESSION['userName']) . "', INET_ATON('{$_SERVER['REMOTE_ADDR']}'))"; $result = $mysqli->query($myq); if (!$result) { throw new Exception("Database Error [{$mysqli->errno}] {$mysqli->error}"); } else { addLog($config, 'Announcement Added with title ' . $editorTitle); echo '<h3>Successful Save</h3>'; } } } echo '<div align="center">Note: No Announcement is private to the selected division.<br/> All users may see the announcement if published</div><Br/>'; } else { echo 'Access Denied'; } }