function UpdateTeam($tn, $data) { DenyGuest(); // Don't allow Guests to do this... $loc = "teamlib.php->UpdateTeam"; $fields = array(array("BestPicID", "int"), array("NickName", "str")); $tn = intval($tn); if ($tn < 1 || $tn > 9999) { DieWithMsg($loc, "illegal tn value."); } $row = GetTeamInfo($tn); if ($row == false) { // This will be the first insert! // Add the teamnumber field and data. $fields[] = array("TeamNumber", "int"); $data["TeamNumber"] = $tn; $sql = "INSERT INTO Teams " . GenerateSqlInsert($data, $fields); SqlQuery($loc, $sql); return true; } else { // This will be an update. $set = GenerateSqlSet($data, $fields); if ($set == false) { return false; } $sql = "UPDATE Teams SET " . $set . " WHERE TeamNumber = " . intval($tn); SqlQuery($loc, $sql); return true; } }
$doform = false; $link_to_view = false; $picid = 0; $param_list = array(array("FieldName" => "Title", "FieldType" => "Text", "Caption" => "Title of New Work Order"), array("FieldName" => "Project", "FieldType" => "Selection", "Selection" => $WOProjects, "Caption" => "Project"), array("FieldName" => "DateNeedBy", "FieldType" => "Date", "Caption" => "Date Needed"), array("FieldName" => "Priority", "FieldType" => "Selection", "Selection" => $WOPriorities, "Caption" => "Priority"), array("FieldName" => "Requestor", "FieldType" => "Selection", "Selection" => $WOIPTeams, "Caption" => "Requesting IPT"), array("FieldName" => "Receiver", "FieldType" => "Selection", "Selection" => $WOIPTeams, "Caption" => "Receiving IPT"), array("FieldName" => "Description", "FieldType" => "TextArea", "Rows" => 10, "Columns" => 72, "Caption" => "Describe Work")); if ($_SERVER["REQUEST_METHOD"] == "GET") { // Set up defaults... $data["Priority"] = $WOPriorities[0]; $data["Requestor"] = $userIPT; $data["Receiver"] = $userIPT; $data["DateNeedBy"] = date('Y-m-d', time() + 5 * 24 * 3600); PopulateParamList($param_list, $data); $doform = true; goto GenerateHtml; } if ($_SERVER["REQUEST_METHOD"] == "POST") { DenyGuest(); PopulateParamList($param_list, $_POST); // Check for required inputs: $sEmpty = array(); if (empty($_POST["Title"])) { $sEmpty[] = "Title"; } if (empty($_POST["Priority"])) { $sEmpty[] = "Priority"; } if (empty($_POST["Project"])) { $sEmpty[] = "Project"; } if (empty($_POST["Requestor"])) { $sEmpty[] = "Requesting IPT"; }
function PicFileUpload($FileInfo) { $loc = rmabs(__FILE__ . ".PicFileUpload"); DenyGuest(); // Don't allow guests to do this. $missing = ""; if (!isset($FileInfo["name"])) { $missing .= '"name" '; } if (!isset($FileInfo["type"])) { $missing .= '"type" '; } if (!isset($FileInfo["tmp_name"])) { $missing .= '"tmp_name" '; } if (!isset($FileInfo["error"])) { $missing .= '"error" '; } if (!isset($FileInfo["size"])) { $missing .= '"size" '; } if (!empty($missing)) { echo 'missing'; log_error($loc, array("Error on Pic Upload.", "Input Array missing elements:", $missing)); return false; } $name = $FileInfo["name"]; $type = $FileInfo["type"]; $tmpfile = $FileInfo["tmp_name"]; $errors = $FileInfo["error"]; $size = $FileInfo["size"]; if ($errors != 0) { echo 'error not zero'; log_error($loc, array("Error on Pic Upload." . "Error Not Zero.")); return false; } if ($size <= 0) { echo 'size'; log_error($loc, "Error on Pic Upload. Size is zero."); return false; } if ($type != "image/jpeg") { echo 'type'; log_error($loc, "Error on Pic Upload. Wrong Type, should be image/jpeg. Found: " . $type); return false; } $picid = StorePicture($tmpfile, true); return $picid; }
function StoreEvent($fields) { DenyGuest(); // Don't allow Guests to do this... $loc = 'readerlib.php=>StoreEvent'; $sql = 'INSERT INTO EventTimes (Name, StartTime, EndTime, Type, Purpose) '; $sql .= 'VALUES ('; $sql .= ' "' . SqlClean($fields["Name"]) . '"'; $sql .= ', "' . SqlClean($fields["StartTime"]) . '"'; $sql .= ', "' . SqlClean($fields["EndTime"]) . '"'; $sql .= ', "' . SqlClean($fields["Type"]) . '"'; $sql .= ', "' . SqlClean($fields["Purpose"]) . '"'; $sql .= ')'; SqlQuery($loc, $sql); }
function UpdateAssignementCount($wid) { $loc = rmabs(__FILE__ . "UpdateAssignementCount"); DenyGuest(); // Don't allow Guests to do this... $workers = GetAssignedWorkers($wid); $assgined = 0; if (count($workers) > 0) { $assgined = 1; } $sql = "UPDATE WorkOrders SET Assigned=" . $assgined . ' WHERE WID=' . $wid; SqlQuery($loc, $sql); }
function CreateNewUser($params) { global $config; $loc = "userlib.php->CreateNewUser"; DenyGuest(); // Don't allow Guests to do this... if (empty($params["LastName"])) { return "Last name cannot be empty."; } if (empty($params["FirstName"])) { return "First name cannot be empty."; } if (empty($params["UserName"])) { return "Username cannot be empty."; } if (empty($params["PasswordHash"])) { if (empty($params["Password"])) { return "Password cannot be empty."; } } $username = SqlClean($params["UserName"]); $lastname = SqlClean($params["LastName"]); $firstname = SqlClean($params["FirstName"]); $nickname = ""; $title = ""; $email = ""; $tags = ""; $ipt = ""; $active = false; if (isset($params["NickName"])) { $nickname = SQLClean($params["NickName"]); } if (isset($params["Title"])) { $title = SQLClean($params["Title"]); } if (isset($params["Email"])) { $email = SQLClean($params["Email"]); } if (isset($params["Tags"])) { $tags = SQLClean($params["Tags"]); } if (isset($params["IPT"])) { $ipt = SqlClean($params["IPT"]); } if (isset($params["Active"])) { $active = $params["Active"]; } // Check for duplicate username. $sql = 'SELECT UserID FROM Users WHERE UserName="******"'; $result = SqlQuery($loc, $sql); if ($result->num_rows > 0) { $msg = 'Unable to add new user. Duplicate username. (' . $username . ')'; log_msg($loc, $msg); return $msg; } // Check for duplicate first/last name $sql = 'SELECT UserID FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"'; $result = SqlQuery($loc, $sql); if ($result->num_rows > 0) { $msg = 'Unable to add new user. Duplicate first/last name. (' . $lastname . ', ' . $firstname . ')'; log_msg($loc, $msg); return $msg; } // Build the sql to add user. $pwhash = ""; if (!empty($params["PasswordHash"])) { $pwhash = $params["PasswordHash"]; } else { $pwhash = crypt($params["Password"], $config["Salt"]); } $sql = 'INSERT INTO Users (UserName, PasswordHash, LastName, FirstName, NickName, ' . 'Title, Email, Tags, IPT, Active) '; $sql .= ' VALUES('; $sql .= ' "' . $username . '"'; $sql .= ', "' . $pwhash . '"'; $sql .= ', "' . $lastname . '"'; $sql .= ', "' . $firstname . '"'; $sql .= ', "' . $nickname . '"'; $sql .= ', "' . $title . '"'; $sql .= ', "' . $email . '"'; $sql .= ', "' . $tags . '"'; $sql .= ', "' . $ipt . '"'; $sql .= ', ' . TFstr($active); $sql .= ')'; $result = SqlQuery($loc, $sql); log_msg($loc, array("New User added! Username="******"Full name= " . $lastname . ', ' . $firstname, "tags=" . $tags . ", Active=" . TFstr($active))); return true; }