<?php require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("login.php"); } if (isset($_POST["groupid"]) && isset($_POST["newstatus"])) { if (!isValidID($_POST["groupid"]) || !isValidID($_POST["newstatus"])) { sendAjaxResErr("Group ID or Status invalid!"); } $result = executeChange($_SESSION["userID"], $_POST["groupid"], $_POST["newstatus"]); if ($result === true) { sendAjaxResSuc("Change group status successfully!"); } else { sendAjaxResErr($result); } } function executeChange($userID, $groupID, $newStatus) { $newStatus = $newStatus; if ($newStatus !== "1" && $newStatus !== "2" && $newStatus !== "3") { return "Invalid status!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); $groupDAO = new GroupDAO(); $group = $groupDAO->getGroupByID($groupID); if ($group === null) { return "Could not find this group!"; } if ($group->getActivateStatus() === $newStatus) {
<?php require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("login.php"); } if (isset($_POST["profile_firstname"]) && isset($_POST["profile_lastname"]) && isset($_POST["sex"]) && isset($_POST["departmentid"])) { $result = execChangeProfile($_POST["profile_firstname"], $_POST["profile_lastname"], $_POST["sex"], $_POST["departmentid"]); if ($result === true) { sendAjaxResSuc("Change profile successfully!"); } else { sendAjaxResErr($result); } } function execChangeProfile($firstname, $lastname, $sex, $departmentID) { if (!isValidName($firstname) || !isValidName($lastname)) { return "Please enter valid names!"; } if (!isValidID($departmentID)) { return "Invalid department id!"; } $departDAO = new DepartmentDAO(); $depart = $departDAO->getDepartmentByID($departmentID); if ($depart === null) { return "Could not find the depart!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); $user->setDepartment($depart); if ($user->getFirstName() != $firstname) {
require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("login.php"); } if (isset($_POST["parentid"]) && isset($_POST["departmentname"])) { $result = execCreateDep($_SESSION["userID"], $_POST["parentid"], $_POST["departmentname"]); if ($result === true) { sendAjaxResSuc(); } else { sendAjaxResErr($result); } } elseif (isset($_POST["departmentid"]) && isset($_POST["departmentname"])) { $result = execEditDep($_SESSION["userID"], $_POST["departmentid"], $_POST["departmentname"]); if ($result === true) { sendAjaxResSuc(); } else { sendAjaxResErr($result); } } function execCreateDep($userID, $parentID, $departmentName) { if (!isValidID($parentID)) { return "Invalid parent ID!"; } if (!isValidDepartmentName($departmentName)) { return "Invalid department name!"; } $departDAO = new DepartmentDAO(); $parent = $departDAO->getDepartmentByID($parentID); if ($parent === null) {
<?php require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("login.php"); } if (isset($_POST["password"]) && isset($_POST["newpassword"]) && isset($_POST["confirmpw"])) { $result = execChangePW($_POST["password"], $_POST["newpassword"], $_POST["confirmpw"]); if ($result === true) { sendAjaxResSuc("Change password successfully!"); } else { sendAjaxResErr($result); } } function execChangePW($password, $newpassword, $confirmpw) { if ($password == "" || $newpassword == "" || $confirmpw == "") { return "Please fill all the necessary information!"; } if (!isValidPassword($password) || !isValidPassword($newpassword)) { return "Please enter a valid password!"; } if ($newpassword !== $confirmpw) { return "The new password and the confirmed new password must be the same!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($_SESSION["userID"]); if (!verifyPassword($password, $user->getPassword())) { return "The old password you entered is not correct!"; } $encryptPW = encryptPassword($newpassword);
<?php require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("index.php"); } if (isset($_POST["userid"]) && isset($_POST["newrole"])) { if (!isValidID($_POST["userid"]) || !isValidID($_POST["newrole"])) { sendAjaxResErr("User or role status invalid!"); } $result = executeChange($_SESSION["userID"], $_POST["userid"], $_POST["newrole"]); if ($result === true) { sendAjaxResSuc("Change role status successfully!"); } else { sendAjaxResErr($result); } } function executeChange($currUser, $userid, $newrole) { if ($newrole !== "1" && $newrole !== "2" && $newrole !== "3" && $newrole !== "4") { return "Invalid status!"; } $userDAO = new UserDAO(); $userChan = $userDAO->getUserByID($userid); $userCurr = $userDAO->getUserByID($currUser); //get current session user if ($userCurr->getRole()->getRoleID() !== "1" && $userCurr->getRole()->getRoleID() !== "2") { return "You have no right to change user status!"; } if ($userChan === null) { //database
<?php require_once "libraries/head.php"; if (!isLogin()) { sendAjaxRedirect("login.php"); } if (isset($_POST["recordid"]) && isset($_POST["newrecordstatus"])) { if (!isValidID($_POST["recordid"]) || !isValidID($_POST["newrecordstatus"])) { sendAjaxResErr("Record ID or Status invalid!"); } $result = executeChange($_SESSION["userID"], $_POST["recordid"], $_POST["newrecordstatus"]); if ($result === true) { sendAjaxResSuc("Change record status successfully!"); } else { sendAjaxResErr($result); } } function executeChange($userID, $recordID, $newRecordStatus) { if ($newRecordStatus !== "1" && $newRecordStatus !== "2" && $newRecordStatus !== "3") { return "Invalid status!"; } $userDAO = new UserDAO(); $user = $userDAO->getUserByID($userID); $recordDAO = new RecordDAO(); $record = $recordDAO->getRecordByID($recordID); if ($record === null) { return "Could not find this record!"; } if ($record->getDisplayStatus() === $newRecordStatus) { return "Old status is equal to new status, don't need to change!";