function save($id, $vars, &$errors)
{
include_once INCLUDE_DIR . 'class.dept.php';
if ($id && $id != $vars['staff_id']) {
$errors['err'] = 'Error Interno';
}
if (!$vars['firstname'] || !$vars['lastname']) {
$errors['name'] = 'Nombre y apellidos requerido';
}
if (!$vars['username'] || strlen($vars['username']) < 3) {
$errors['username'] = '******';
} else {
//check if the username is already in-use.
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE username='******'username']);
if ($id) {
$sql .= ' AND staff_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['username'] = '******';
}
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Se requiere email Valido';
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = 'Este Email ya se esta usando como Email del sistema';
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = 'Numero de teláfono requerido';
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = 'Numero de movil Requerido';
}
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = '******';
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = '******';
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = '******';
}
}
if (!$vars['dept_id']) {
$errors['dept'] = 'Departamento requerido';
}
if (!$vars['group_id']) {
$errors['group'] = 'Grupo requerido';
}
if (!$errors) {
$sql = ' SET updated=NOW() ' . ',isadmin=' . db_input($vars['isadmin']) . ',isactive=' . db_input($vars['isactive']) . ',isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ',onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ',dept_id=' . db_input($vars['dept_id']) . ',group_id=' . db_input($vars['group_id']) . ',username='******'username'])) . ',firstname=' . db_input(Format::striptags($vars['firstname'])) . ',lastname=' . db_input(Format::striptags($vars['lastname'])) . ',email=' . db_input($vars['email']) . ',phone="' . db_input($vars['phone'], false) . '"' . ',phone_ext=' . db_input($vars['phone_ext']) . ',mobile="' . db_input($vars['mobile'], false) . '"' . ',signature=' . db_input(Format::striptags($vars['signature']));
if ($vars['npassword']) {
$sql .= ',passwd=' . db_input(md5($vars['npassword']));
}
if (isset($vars['resetpasswd'])) {
$sql .= ',change_passwd=1';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = 'No se puede actualizar el usuario. Error interno';
}
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ',created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = 'No se puede crear el usuario. Error interno';
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
$vars['username'] = Format::striptags($vars['username']);
$vars['firstname'] = Format::striptags($vars['firstname']);
$vars['lastname'] = Format::striptags($vars['lastname']);
if ($id && $id != $vars['id']) {
$errors['err'] = __('Internal Error');
}
if (!$vars['firstname']) {
$errors['firstname'] = __('First name required');
}
if (!$vars['lastname']) {
$errors['lastname'] = __('Last name required');
}
$error = '';
if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) {
$errors['username'] = $error ? $error : __('Username is required');
} elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) {
$errors['username'] = __('Username already in use');
}
if (!$vars['email'] || !Validator::is_valid_email($vars['email'])) {
$errors['email'] = __('Valid email is required');
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = __('Already in use system email');
} elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) {
$errors['email'] = __('Email already in use by another agent');
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = __('Valid phone number is required');
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = __('Valid phone number is required');
}
if ($vars['passwd1'] || $vars['passwd2'] || !$id) {
if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2'] = __('Passwords do not match');
} elseif ($vars['backend'] != 'local' || $vars['welcome_email']) {
// Password can be omitted
} elseif (!$vars['passwd1'] && !$id) {
$errors['passwd1'] = __('Temporary password is required');
$errors['temppasswd'] = __('Required');
} elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) {
$errors['passwd1'] = __('Password must be at least 6 characters');
}
}
if (!$vars['dept_id']) {
$errors['dept_id'] = __('Department is required');
}
if (!$vars['group_id']) {
$errors['group_id'] = __('Group is required');
}
if (!$vars['timezone_id']) {
$errors['timezone_id'] = __('Time zone selection is required');
}
// Ensure we will still have an administrator with access
if ($vars['isadmin'] !== '1' || $vars['isactive'] !== '1') {
$sql = 'select count(*), max(staff_id) from ' . STAFF_TABLE . ' WHERE isadmin=1 and isactive=1';
if (($res = db_query($sql)) && (list($count, $sid) = db_fetch_row($res))) {
if ($count == 1 && $sid == $id) {
$errors['isadmin'] = __('Cowardly refusing to remove or lock out the only active administrator');
}
}
}
if ($errors) {
return false;
}
$sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes']));
if ($vars['passwd1']) {
$sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1']));
if (isset($vars['change_passwd'])) {
$sql .= ' ,change_passwd=1';
}
} elseif (!isset($vars['change_passwd'])) {
$sql .= ' ,change_passwd=0';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (db_query($sql) && db_affected_rows()) {
return true;
}
$errors['err'] = sprintf(__('Unable to update %s.'), __('this agent')) . ' ' . __('Internal error occurred');
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()';
if (db_query($sql) && ($uid = db_insert_id())) {
return $uid;
}
$errors['err'] = sprintf(__('Unable to create %s.'), __('this agent')) . ' ' . __('Internal error occurred');
}
return false;
}
$error_flag = false;
$rule = "";
$totalHours = 0;
// On submit
if (isset($_POST["submit"])) {
$total = 0;
$selectedCourses = array();
// Get an array of selected courses
foreach ($courses as $courseId) {
array_push($selectedCourses, CourseRepository::GetById($courseId));
}
// Iterate through the array and sum the weekly hours
foreach ($selectedCourses as $course) {
$totalHours += $course->getHours();
}
if (!$val->is_valid($username) || !$val->is_phone($phone) || !$val->is_postal($postal) || !$val->is_strong_pass($pass) || !$val->compare($pass, $confirmPass) || !$val->has_items($courses) || $totalHours < 10 || $totalHours > 20) {
$error_flag = true;
}
if (!$error_flag) {
// Create a student from the data
$student = new Student($username, $courses);
// Store the student object in the session
session_start();
$_SESSION["student"] = $student;
// Redirect to result page
header("Location: results.php");
die;
}
} else {
if (isset($_POST["reset"])) {
// Clear form fields
function save($id, $vars, &$errors)
{
$vars['username'] = Format::striptags($vars['username']);
$vars['firstname'] = Format::striptags($vars['firstname']);
$vars['lastname'] = Format::striptags($vars['lastname']);
if ($id && $id != $vars['id']) {
$errors['err'] = 'Internal Error';
}
if (!$vars['firstname']) {
$errors['firstname'] = 'First name required';
}
if (!$vars['lastname']) {
$errors['lastname'] = 'Last name required';
}
$error = '';
if (!$vars['username'] || !Validator::is_username($vars['username'], $error)) {
$errors['username'] = $error ? $error : 'Username required';
} elseif (($uid = Staff::getIdByUsername($vars['username'])) && $uid != $id) {
$errors['username'] = '******';
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Valid email required';
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = 'Already in-use system email';
} elseif (($uid = Staff::getIdByEmail($vars['email'])) && $uid != $id) {
$errors['email'] = 'Email already in use by another staff member';
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = 'Valid number required';
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = 'Valid number required';
}
if ($vars['passwd1'] || $vars['passwd2'] || !$id) {
if ($vars['passwd1'] && strcmp($vars['passwd1'], $vars['passwd2'])) {
$errors['passwd2'] = 'Password(s) do not match';
} elseif ($vars['backend'] != 'local' || $vars['welcome_email']) {
// Password can be omitted
} elseif (!$vars['passwd1'] && !$id) {
$errors['passwd1'] = 'Temp. password required';
$errors['temppasswd'] = 'Required';
} elseif ($vars['passwd1'] && strlen($vars['passwd1']) < 6) {
$errors['passwd1'] = 'Must be at least 6 characters';
}
}
if (!$vars['dept_id']) {
$errors['dept_id'] = 'Department required';
}
if (!$vars['group_id']) {
$errors['group_id'] = 'Group required';
}
if (!$vars['timezone_id']) {
$errors['timezone_id'] = 'Time zone required';
}
if ($errors) {
return false;
}
$sql = 'SET updated=NOW() ' . ' ,isadmin=' . db_input($vars['isadmin']) . ' ,isactive=' . db_input($vars['isactive']) . ' ,isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ' ,onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ' ,assigned_only=' . db_input(isset($vars['assigned_only']) ? 1 : 0) . ' ,dept_id=' . db_input($vars['dept_id']) . ' ,group_id=' . db_input($vars['group_id']) . ' ,timezone_id=' . db_input($vars['timezone_id']) . ' ,daylight_saving=' . db_input(isset($vars['daylight_saving']) ? 1 : 0) . ' ,username='******'username']) . ' ,firstname=' . db_input($vars['firstname']) . ' ,lastname=' . db_input($vars['lastname']) . ' ,email=' . db_input($vars['email']) . ' ,backend=' . db_input($vars['backend']) . ' ,phone="' . db_input(Format::phone($vars['phone']), false) . '"' . ' ,phone_ext=' . db_input($vars['phone_ext']) . ' ,mobile="' . db_input(Format::phone($vars['mobile']), false) . '"' . ' ,signature=' . db_input(Format::sanitize($vars['signature'])) . ' ,notes=' . db_input(Format::sanitize($vars['notes']));
if ($vars['passwd1']) {
$sql .= ' ,passwd=' . db_input(Passwd::hash($vars['passwd1']));
if (isset($vars['change_passwd'])) {
$sql .= ' ,change_passwd=1';
}
} elseif (!isset($vars['change_passwd'])) {
$sql .= ' ,change_passwd=0';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (db_query($sql) && db_affected_rows()) {
return true;
}
$errors['err'] = 'Unable to update the user. Internal error occurred';
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ', created=NOW()';
if (db_query($sql) && ($uid = db_insert_id())) {
return $uid;
}
$errors['err'] = 'Unable to create user. Internal error';
}
return false;
}
function save($id, $vars, &$errors)
{
if ($id && $id != $vars['client_id']) {
$errors['err'] = _('Internal Error');
}
// Check email.
if (!$vars['client_email'] || !Validator::is_email($vars['client_email'])) {
$errors['email'] = _('Valid email required');
} elseif (Email::getIdByEmail($vars['client_email'])) {
$errors['email'] = _('Already in-use system email');
} else {
//check if the email is already in-use.
$sql = 'SELECT client_id FROM ' . CLIENT_TABLE . ' WHERE client_email=' . db_input($vars['client_email']);
if ($id) {
$sql .= ' AND client_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['email'] = _('Already in-use email');
}
}
if ($vars['client_phone'] && !Validator::is_phone($vars['client_phone'])) {
$errors['phone'] = _('Valid number required');
}
if ($vars['client_mobile'] && !Validator::is_phone($vars['client_mobile'])) {
$errors['mobile'] = _('Valid number required');
}
// Check passwords
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = _('Password required');
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = _('Password(s) do not match');
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = _('Must be at least 6 characters');
} elseif ($vars['npassword'] && strlen($vars['npassword']) > 128) {
$errors['npassword'] = _('Password too long');
}
}
if (!$errors) {
$sql = ' SET client_isactive=' . db_input($vars['client_isactive']) . ',client_email=' . db_input(Format::striptags($vars['client_email'])) . ',client_firstname=' . db_input(Format::striptags($vars['client_firstname'])) . ',client_lastname=' . db_input(Format::striptags($vars['client_lastname'])) . ',client_organization=' . db_input(Format::striptags($vars['client_organization'])) . ',client_phone="' . db_input($vars['client_phone'], false) . '"' . ',client_mobile="' . db_input($vars['client_mobile'], false) . '"';
if ($vars['npassword']) {
$hash = PhpassHashedPass::hash($vars['npassword']);
$sql .= ',client_password='******'UPDATE ' . CLIENT_TABLE . ' ' . $sql . ' WHERE client_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = _('Unable to update the user. Internal error occured');
}
if ($vars['old_client_email'] != $vars['client_email']) {
// Email changed? Update the tickets!
$sql = 'UPDATE ' . TICKET_TABLE . ' SET email=' . db_input(Format::striptags($vars['client_email'])) . ' WHERE email=' . db_input($vars['old_client_email']);
if (!db_query($sql)) {
$errors['err'] = _('Unable to update the user. Internal error occured');
}
//TODO: reverse the previous db operation!
}
} else {
$sql = 'INSERT INTO ' . CLIENT_TABLE . ' ' . $sql . ',client_created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = _('Unable to create user. Internal error');
}
}
return $errors ? false : true;
}
function save($id, $vars, &$errors)
{
include_once INCLUDE_DIR . 'class.dept.php';
if ($id && $id != $vars['staff_id']) {
$errors['err'] = 'Internal Error';
}
if (!$vars['firstname'] || !$vars['lastname']) {
$errors['name'] = 'First and last name required';
}
if (!$vars['username'] || strlen($vars['username']) < 3) {
$errors['username'] = '******';
} else {
//check if the username is already in-use.
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE username='******'username']);
if ($id) {
$sql .= ' AND staff_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['username'] = '******';
}
}
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = 'Valid email required';
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = 'Already in-use system email';
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = 'Valid number required';
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = 'Valid number required';
}
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = '******';
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = '******';
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = '******';
}
}
if (!$vars['dept_id']) {
$errors['dept'] = 'Department required';
}
if (!$vars['group_id']) {
$errors['group'] = 'Group required';
}
if (!$errors) {
$sql = ' SET updated=NOW() ' . ',isadmin=' . db_input($vars['isadmin']) . ',isactive=' . db_input($vars['isactive']) . ',new_tkt_not=' . db_input($vars['new_tkt_not']) . ',close_tkt_not=' . db_input($vars['close_tkt_not']) . ',isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ',onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ',dept_id=' . db_input($vars['dept_id']) . ',group_id=' . db_input($vars['group_id']) . ',username='******'username'])) . ',firstname=' . db_input(Format::striptags($vars['firstname'])) . ',lastname=' . db_input(Format::striptags($vars['lastname'])) . ',email=' . db_input($vars['email']) . ',phone="' . db_input($vars['phone'], false) . '"' . ',phone_ext=' . db_input($vars['phone_ext']) . ',mobile="' . db_input($vars['mobile'], false) . '"' . ',signature=' . db_input(Format::striptags($vars['signature']));
if ($vars['npassword']) {
$sql .= ',passwd=' . db_input(md5($vars['npassword']));
}
if (isset($vars['resetpasswd'])) {
$sql .= ',change_passwd=1';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = 'Unable to update the user. Internal error occured';
}
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ',created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = 'Unable to create user. Internal error';
}
}
return $errors ? false : true;
}
break;
case 'info':
//Update profile info
if (!$_POST['firstname']) {
$errors['firstname'] = 'First name required';
}
if (!$_POST['lastname']) {
$errors['lastname'] = 'Last name required';
}
if (!$_POST['email'] || !Validator::is_email($_POST['email'])) {
$errors['email'] = 'Valid email required';
}
if ($_POST['phone'] && !Validator::is_phone($_POST['phone'])) {
$errors['phone'] = 'Enter a valid number';
}
if ($_POST['mobile'] && !Validator::is_phone($_POST['mobile'])) {
$errors['mobile'] = 'Enter a valid number';
}
if ($_POST['phone_ext'] && !is_numeric($_POST['phone_ext'])) {
$errors['phone_ext'] = 'Invalid ext.';
}
if (!$errors) {
$sql = 'UPDATE ' . STAFF_TABLE . ' SET updated=NOW() ' . ',firstname=' . db_input(Format::striptags($_POST['firstname'])) . ',lastname=' . db_input(Format::striptags($_POST['lastname'])) . ',email=' . db_input($_POST['email']) . ',phone="' . db_input($_POST['phone'], false) . '"' . ',phone_ext=' . db_input($_POST['phone_ext']) . ',mobile="' . db_input($_POST['mobile'], false) . '"' . ',signature=' . db_input(Format::striptags($_POST['signature'])) . ' WHERE staff_id=' . db_input($thisuser->getId());
if (db_query($sql) && db_affected_rows()) {
$msg = 'Profile Updated Successfully';
} else {
$errors['err'] = 'Error(s) occured. Profile NOT updated';
}
} else {
$errors['err'] = 'Error(s) below occured. Try again';
}
function save($id, $vars, &$errors)
{
if ($id && $id != $vars['staff_id']) {
$errors['err'] = _('Internal Error');
}
if (!$vars['firstname'] || !$vars['lastname']) {
$errors['name'] = _('First and last name required');
}
if (!$vars['username'] || strlen($vars['username']) < 3) {
$errors['username'] = _('Username required');
} else {
//check if the username is already in-use.
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE username='******'username']);
if ($id) {
$sql .= ' AND staff_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['username'] = _('Username already in-use');
}
}
// Check email.
if (!$vars['email'] || !Validator::is_email($vars['email'])) {
$errors['email'] = _('Valid email required');
} elseif (Email::getIdByEmail($vars['email'])) {
$errors['email'] = _('Already in-use system email');
} else {
//check if the email is already in-use.
$sql = 'SELECT staff_id FROM ' . STAFF_TABLE . ' WHERE email=' . db_input($vars['email']);
if ($id) {
$sql .= ' AND staff_id!=' . db_input($id);
}
if (db_num_rows(db_query($sql))) {
$errors['email'] = _('Already in-use email');
}
}
if ($vars['phone'] && !Validator::is_phone($vars['phone'])) {
$errors['phone'] = _('Valid number required');
}
if ($vars['mobile'] && !Validator::is_phone($vars['mobile'])) {
$errors['mobile'] = _('Valid number required');
}
// Chek password
if ($vars['npassword'] || $vars['vpassword'] || !$id) {
if (!$vars['npassword'] && !$id) {
$errors['npassword'] = _('Temp password required');
} elseif ($vars['npassword'] && strcmp($vars['npassword'], $vars['vpassword'])) {
$errors['vpassword'] = _('Password(s) do not match');
} elseif ($vars['npassword'] && strlen($vars['npassword']) < 6) {
$errors['npassword'] = _('Must be at least 6 characters');
} elseif ($vars['npassword'] && strlen($vars['npassword']) > 128) {
$errors['npassword'] = _('Password too long');
}
}
// Check department
if (!$vars['dept_id']) {
$errors['dept'] = _('Department required');
} elseif ($id && $this->getDeptId() != $vars['dept_id']) {
//check if the user is still dept. manager.
$sql = 'SELECT dept_name FROM ' . DEPT_TABLE . ' WHERE dept_id=' . db_input($this->getDeptId()) . ' AND manager_id=' . db_input($id);
if (db_num_rows(db_query($sql))) {
$errors['dept'] = _('The user is currently manager of his/her department');
}
}
// Check if the role is select and that it remains at least one administrator
if (!$vars['role_id']) {
$errors['role'] = _('Role required');
} elseif ($vars['role_id'] == "1") {
$isadmin = "1";
} elseif ($id && db_count('SELECT COUNT(*) FROM ' . STAFF_TABLE . ' WHERE staff_id = ' . db_input($id) . ' AND isadmin = 1') == 1 && db_count('SELECT COUNT(*) FROM ' . STAFF_TABLE . ' WHERE isadmin = 1') == 1) {
$errors['role'] = _('At least an administrator must remain');
} else {
$isadmin = "0";
}
if (!$errors) {
$sql = ' SET updated=NOW() ' . ',isadmin=' . db_input($isadmin) . ',isactive=' . db_input($vars['isactive']) . ',isvisible=' . db_input(isset($vars['isvisible']) ? 1 : 0) . ',onvacation=' . db_input(isset($vars['onvacation']) ? 1 : 0) . ',dept_id=' . db_input($vars['dept_id']) . ',role_id=' . db_input($vars['role_id']) . ',username='******'username'])) . ',firstname=' . db_input(Format::striptags($vars['firstname'])) . ',lastname=' . db_input(Format::striptags($vars['lastname'])) . ',email=' . db_input($vars['email']) . ',phone="' . db_input($vars['phone'], false) . '"' . ',mobile="' . db_input($vars['mobile'], false) . '"' . ',signature=' . db_input(Format::striptags($vars['signature']));
if ($vars['npassword']) {
$hash = PhpassHashedPass::hash($vars['npassword']);
$sql .= ',passwd=' . db_input($hash);
}
if (isset($vars['resetpasswd'])) {
$sql .= ',change_passwd=1';
}
if ($id) {
$sql = 'UPDATE ' . STAFF_TABLE . ' ' . $sql . ' WHERE staff_id=' . db_input($id);
if (!db_query($sql) || !db_affected_rows()) {
$errors['err'] = _('Unable to update the user. Internal error occured');
}
} else {
$sql = 'INSERT INTO ' . STAFF_TABLE . ' ' . $sql . ',created=NOW()';
if (db_query($sql) && ($uID = db_insert_id())) {
return $uID;
}
$errors['err'] = _('Unable to create user. Internal error');
}
}
return $errors ? false : true;
}
