function admin_users() { // Show Users Page if ($_SERVER['REQUEST_METHOD'] != 'POST') { if (!sr_is_signed_in()) { sr_redirect('/d/main/signin/'); } if (!sr_is_admin()) { sr_redirect('/d/'); } $db = sr_pdo(); $stmt = $db->prepare('SELECT * FROM user LIMIT 10'); $stmt->execute(); $user_list = $stmt->fetchAll(PDO::FETCH_CLASS, 'User'); $context = array('user_list' => $user_list); sr_response('views/admin/users.php', $context); // Handling Ajax Request } else { // Pagination or Filtering if ($_POST['type'] == 'pagination') { try { $db = sr_pdo(); $json = $_POST['filter']; $json = stripslashes($json); $filter = json_decode($json); $where = ''; $index = 0; foreach ($filter as $field => $value) { if ($index++ == 0) { $where .= 'WHERE '; } else { $where .= ' AND '; } $where .= $field . '=' . $value; } $total_record_number = User::getRecordNum($filter); if ($_POST['page_number'] == -1) { $beginRecordNum = (int) ($total_record_number / 10) * 10; } else { $beginRecordNum = ($_POST['page_number'] - 1) * 10; } $stmt = $db->prepare("SELECT * FROM user {$where} LIMIT {$beginRecordNum}, 10"); $stmt->execute(); $user_list = $stmt->fetchAll(PDO::FETCH_CLASS, 'User'); $result = array('user_list' => $user_list, 'total_record_number' => $total_record_number); echo json_encode($result); } catch (PDOException $e) { } // Update Authorized or Admin Authority } else { try { $db = sr_pdo(); $stmt = $db->prepare('SELECT * FROM user WHERE id = :id'); $stmt->bindParam(':id', $_POST['id']); $stmt->setFetchMode(PDO::FETCH_CLASS, 'User'); $stmt->execute(); $user = $stmt->fetch(); if ($_POST['type'] == 'authorized') { if ($_POST['checked'] == 'checked') { $user->is_authorized = 1; } else { $user->is_authorized = 0; } } else { if ($_POST['checked'] == 'checked') { $user->is_admin = 1; } else { $user->is_admin = 0; } } $result = $user->save($db); if (sr_user_id() == $user->id) { sr_set_admin($user->is_admin); sr_set_authorized($user->is_authorized); } } catch (PDOException $e) { } } } }
function main_profile() { if (!sr_is_signed_in()) { sr_response_error(400); } if ($_SERVER['REQUEST_METHOD'] === 'POST') { if ($_POST['which'] == 'basic') { global $sr_regex_name; global $sr_regex_email; $user = new User(); $context = array(); if (!preg_match($sr_regex_email, $_POST['profile_email'])) { $context['result'] = 2; $context['msg'] = 'Please enter a valid email address'; } else { if (!preg_match($sr_regex_name, $_POST['first_name'])) { $context['result'] = 3; $context['msg'] = 'Name should consist of only alphabets (uppercase or lowercase).'; } else { if (!preg_match($sr_regex_name, $_POST['last_name'])) { $context['result'] = 4; $context['msg'] = 'Name should consist of only alphabets (uppercase or lowercase).'; } else { try { $db = sr_pdo(); $user = $user->get($db, sr_user_id()); $user->first_name = ucfirst($_POST['first_name']); $user->last_name = ucfirst($_POST['last_name']); $user->email = strtolower($_POST['profile_email']); $user->save($db); $context['result'] = 1; $context['msg'] = 'Successfully updated'; sr_set_user_first_name($user->first_name); sr_set_user_last_name($user->last_name); sr_set_user_name($user->first_name . ' ' . $user->last_name); sr_set_user_email($user->email); } catch (PDOException $e) { $context['result'] = 99; $context['msg'] = 'Failed to save. Please try it again.'; } } } } $context['which'] = 'basic'; $context['first_name'] = sr_user_first_name(); $context['last_name'] = sr_user_last_name(); $context['email'] = sr_user_email(); $context['is_authorized'] = sr_is_authorized(); $context['is_admin'] = sr_is_admin(); sr_response('views/main/profile.php', $context); } else { if ($_POST['which'] == 'password') { global $sr_regex_password; $user = new User(); $context = array(); if (!preg_match($sr_regex_password, $_POST['old_password'])) { $context['result'] = 5; $context['msg'] = 'Please enter a valid password.<br />Password should be alphanumeric.'; } else { if (!preg_match($sr_regex_password, $_POST['new_password'])) { $context['result'] = 6; $context['msg'] = 'Please enter a valid password.<br />Password should be alphanumeric.'; } else { if ($_POST['new_password'] != $_POST['repeat_password']) { $context['result'] = 7; $context['msg'] = 'Please repeat your password.'; } else { try { $db = sr_pdo(); $user = $user->get($db, sr_user_id()); if ($user->password != md5($_POST['old_password'])) { $context['result'] = 8; $context['msg'] = 'Please check your old password.'; } else { $user->password = md5($_POST['new_password']); $user->save($db); $context['result'] = 1; $context['msg'] = 'Successfully updated'; } } catch (PDOException $e) { $context['result'] = 99; $context['msg'] = 'Failed to save. Please try it again.'; } } } } $context['which'] = 'password'; $context['first_name'] = sr_user_first_name(); $context['last_name'] = sr_user_last_name(); $context['email'] = sr_user_email(); $context['is_authorized'] = sr_is_authorized(); $context['is_admin'] = sr_is_admin(); sr_response('views/main/profile.php', $context); } else { $user = new User(); $result = array(); try { $db = sr_pdo(); $user = $user->get($db, sr_user_id()); $user->delete($db); sr_signout(); echo json_encode($result); } catch (PDOException $e) { } } } } else { // Show profile view $context = array('which' => 'basic', 'first_name' => sr_user_first_name(), 'last_name' => sr_user_last_name(), 'email' => sr_user_email(), 'is_authorized' => sr_is_authorized(), 'is_admin' => sr_is_admin()); sr_response('views/main/profile.php', $context); } }