$flag_msg = "class='msg_success'"; } else { $var_message = MESSAGE_RECORD_ERROR; $flag_msg = "class='msg_error'"; } } elseif ($_POST["postback"] == "U") { $var_userName = $_POST["txtUserName"]; $var_userLogin = $_POST["txtUserLogin"]; $var_password = $_POST["txtPassword"]; $var_online = ""; $var_email = $_POST["txtEmail"]; $var_banned = $_POST["rdBanned"] == "1" ? $_POST["rdBanned"] : "0"; $var_compId = $_POST["cmbCompanyId"]; $var_date = date("m-d-Y h:i:s"); if (validateUpdation() == true) { if (isUniqueEmailUser($var_email, $var_id, $var_compId)) { $sql = "Update sptbl_users set vUserName='******',\n\t\t\t\t\t\t\t\t" . ($var_password != "" ? "vPassword='******'," : "") . "vEmail='" . mysql_real_escape_string($var_email) . "',\n\t\t\t\t\t\t\t\tnCompId='" . mysql_real_escape_string($var_compId) . "',\n\t\t\t\t\t\t\t\tvBanned='" . mysql_real_escape_string($var_banned) . "'\n\t\t\t\t\t\t\t\twhere nUserId='" . mysql_real_escape_string($var_id) . "'"; executeQuery($sql, $conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_UPDATION . "','Users','" . mysql_real_escape_string($var_id) . "',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_UPDATED; $flag_msg = "class='msg_success'"; if ($var_password != "") { //mail the user the changed password $sql = "Select * from sptbl_lookup where vLookUpName IN('MailFromName','MailFromMail','MailReplyName','MailReplyMail','Emailfooter','Emailheader')"; $result = executeSelect($sql, $conn); if (mysql_num_rows($result) > 0) { while ($row = mysql_fetch_array($result)) {
$line_count .= $rec_count . ","; } else { $var_userName = trim($linearray[0]); $var_email = trim($linearray[1]); $var_userLogin = trim($linearray[2]); $var_password = trim($linearray[3]); if (!isValidUsername(trim($var_userName))) { $fl = @fopen("../csvfiles/invalidusername{$var_compId}.txt", "a+"); @fwrite($fl, "{$var_userName}" . ','); @fclose($fl); $message_user .= "<br>{$var_userName}"; $var_invalid_username = 1; $invalid_username_flag = 1; } //check duplicate email address if (!isUniqueEmailUser($var_email, 0, $var_compId)) { $fl = @fopen("../csvfiles/nonuniqueemail{$var_compId}.txt", "a+"); @fwrite($fl, "{$var_email}" . ','); @fclose($fl); $message_email .= "<br>{$var_email}"; $var_nonunique_email = 1; $nonunique_email_flag = 1; } if ($var_invalid_username == "0" && $var_nonunique_email == "0") { $sql = "Insert into sptbl_users(nUserId,nCompId,vUserName,vEmail,vLogin,vPassword,ddate,vOnline,"; $sql .= "vBanned,vDelStatus) Values('','" . mysql_real_escape_string($var_compId) . "',\r\n\t\t\t\t\t\t\t\t\t\t\t'" . mysql_real_escape_string($var_userName) . "','" . mysql_real_escape_string($var_email) . "','" . mysql_real_escape_string($var_userLogin) . "',\r\n\t\t\t\t\t\t\t\t\t\t\t'" . md5($var_password) . "',now(),'0','0','0')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . TEXT_ADDITION . "','Users','{$var_insert_id}',now())";
$citacion["citacion_plantilla"] = $_POST["citacion_plantilla"]; if ( $_POST["citacion_cliente"] == 1 ) $citacion["cliente_id"] = $var_userid; elseif ( $_POST["citacion_cliente"] == 2 ) $citacion["cliente_id"] = $var_userid_dos; }*/ if ($_POST["citacion_multiple_tipo"] != "" and $_POST["citacion_multiple_cliente"] != "") { $citacion["citacion_tipo"] = strpos($_POST["citacion_multiple_tipo"], ',') === false ? $_POST["citacion_multiple_tipo"] : explode(',', $_POST["citacion_multiple_tipo"]); $citacion["citacion_plantilla"] = strpos($_POST["citacion_multiple_plantilla"], ',') === false ? $_POST["citacion_multiple_plantilla"] : explode(',', $_POST["citacion_multiple_plantilla"]); $citacion["citacion_cliente"] = strpos($_POST["citacion_multiple_cliente"], ',') === false ? $_POST["citacion_multiple_cliente"] : explode(',', $_POST["citacion_multiple_cliente"]); } ////////////////////////////////////////////// if ($var_userid == "0") { $vEmail = $_POST["newUserEmail"]; $var_email = $vEmail; $var_userLogin = $_POST["newUserLogin"]; $var_password = $_POST["newUserPassword"]; if (isUniqueEmailUser($vEmail, 0, 1)) { //Insert into the company table $sql = "INSERT INTO sptbl_users(nCompId,vUserName,vEmail,vLogin,vPassword,dDate,vOnline,"; $sql .= "vBanned,vDelStatus) VALUES ('1',\r\n\t\t\t\t\t\t'" . mysql_real_escape_string($var_userLogin) . "',\r\n '" . mysql_real_escape_string($vEmail) . "',\r\n '" . mysql_real_escape_string($var_userLogin) . "',\r\n\t\t\t\t\t\t'" . md5($var_password) . "',\r\n now(),\r\n '0',\r\n '0',\r\n '0')"; executeQuery($sql, $conn); $var_insert_id = mysql_insert_id($conn); $var_userid = $var_insert_id; //Insert the actionlog if (logActivity()) { $sql = "Insert into sptbl_actionlog(nALId,nStaffId,vAction,vArea,nRespId,dDate) Values('','{$var_staffid}','" . mysql_real_escape_string(TEXT_ADDITION) . "','Users','{$var_insert_id}',now())"; executeQuery($sql, $conn); } $var_message = MESSAGE_RECORD_ADDED; $flag_msg = "class='msg_success'"; //Send mail with the password to the user here $sql = "Select * from sptbl_lookup where vLookUpName IN('MailFromName','MailFromMail','MailReplyName','MailReplyMail','Emailfooter','Emailheader','HelpdeskTitle','LoginURL')";