require 'password_crypto.php'; //Hash the password using default Cobalt password hashing technique $hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method); $arr_form_data['password'] = $hashed_password; $arr_form_data['salt'] = $new_salt; $arr_form_data['iteration'] = $new_iteration; $arr_form_data['method'] = $new_method; $arr_form_data['role_id'] = 3; $arr_form_data['skin_id'] = 1; require_once 'subclasses/user.php'; $dbh_user = new user(); $dbh_user->add($arr_form_data); //Permissions from role, if role was chosen if ($arr_form_data['role_id'] != '') { $db = new data_abstraction(); $db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($arr_form_data['role_id']) . "'"); } redirect("notification.php"); } } if ($arr_form_data['region'] != "") { $chosen_region = $arr_form_data['region']; } if ($arr_form_data['province'] != "") { $chosen_province = $arr_form_data['province']; } if ($arr_form_data['city'] != "") { $chosen_city = $arr_form_data['city']; } if ($arr_form_data['barangay'] != "") { $chosen_barangay = $arr_form_data['barangay'];
function draw_select_field_from_query_mf($param, $cntr) { $detail_view = $this->detail_view; $query = ''; $list_value = ''; $list_items = ''; $form_control_name = ''; $extra = ''; $list_separators = ''; //$query, $list_value, $list_items, $form_control_name='', $extra='' /* if(isset($param[0])) $query = $param[0]; if(isset($param[1])) $list_value = $param[1]; if(isset($param[2])) $list_items = $param[2]; if(isset($param[3])) $form_control_name = $param[3]; if(isset($param[4])) $extra = $param[4]; if(isset($param[5])) $list_separators = $param[5]; */ if (isset($param[0])) { $query = $param[0]['query']; $list_value = $param[0]['list_value']; $list_items = $param[0]['list_items']; $list_separators = $param[0]['list_separators']; } if (isset($param[1])) { $form_control_name = $param[1]; } if (isset($param[2])) { $extra = $param[2]; } //The query may have the "{[ ]}" marking, which means get the current value (using cntr) of the variable which is named //inside the {[ ]} //For example, a query with "WHERE myfield = '{[status]}'" in it means the actual query to be executed should be: // WHERE myfield = '$status[$cntr]' while ($start_replace = strpos($query, '{[', 0)) { $end_replace = strpos($query, ']}', $start_replace); if ($end_replace > $start_replace) { $query_part1 = substr($query, 0, $start_replace); $query_part2 = substr($query, $end_replace + 2, strlen($query)); $var_length = $end_replace - ($start_replace + 2); $variable = substr($query, $start_replace + 2, $var_length); global ${$variable}; $query = $query_part1 . ${$variable}[$cntr] . $query_part2; } } global ${$form_control_name}; init_var(${$form_control_name}[$cntr]); $num_display = count($list_items); if ($detail_view != TRUE) { ++$this->tabindex; echo "<select name='{$form_control_name}" . "[{$cntr}]' tabindex='{$this->tabindex}' {$extra}>\r\n"; if (isset($this->fields[$form_control_name]['drop_down_has_blank'])) { if ($this->fields[$form_control_name]['drop_down_has_blank']) { echo "<option></option>\r\n"; } } elseif ($this->drop_down_has_blank) { echo "<option></option>\r\n"; } } $data_con = new data_abstraction(); $data_con->query = $query; if ($result = $data_con->execute_query('', LOG_SELECT_QUERIES)->result) { while ($data = $result->fetch_assoc()) { extract($data); $selected = ''; if ((string) ${$form_control_name}[$cntr] == (string) ${$list_value}) { $selected = 'selected'; } $dropdown_item_entry = ''; for ($a = 0; $a < $num_display; ++$a) { if (${$list_items[$a]} != '') { init_var($list_separators[$a]); if ($list_separators[$a] == '') { $list_separators[$a] = ' '; } $dropdown_item_entry .= ${$list_items[$a]} . $list_separators[$a]; } } if ($detail_view != TRUE) { echo '<option value="' . cobalt_htmlentities(${$list_value}) . '" ' . $selected . '>' . $dropdown_item_entry . '</option>' . "\r\n"; } else { if (trim($dropdown_item_entry) == '') { $dropdown_item_entry = ' '; } if ($selected == 'selected') { echo nl2br($dropdown_item_entry) . "\r\n"; } } } } else { die($data_con->error); } if ($detail_view != TRUE) { echo "</select>\r\n"; } return $this; }
$dbh = new data_abstraction(); $dbh->set_query_type('DELETE'); $dbh->set_table('user_passport'); $dbh->set_where("username='******'"); $dbh->make_query(); $dbh->close_db(); //Update user's assigned role $dbh = new data_abstraction(); $dbh->set_query_type('UPDATE'); $dbh->set_table('user'); $dbh->set_update("role_id='" . quote_smart($role) . "'"); $dbh->set_where("username='******'"); $dbh->make_query(); $dbh->close_db(); //Assign role permissions $dbh->execute_query("INSERT `user_passport` SELECT '" . quote_smart($Username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role) . "'"); } else { //Since non-exclusive, set user's role to 0 (no role assigned) $dbh = new data_abstraction(); $dbh->set_query_type('UPDATE'); $dbh->set_table('user'); $dbh->set_update("role_id='0'"); $dbh->set_where("username='******'"); $dbh->make_query(); $dbh->close_db(); //Get the role permissions require_once 'subclasses/user_role_links.php'; $obj_role = new user_role_links(); $obj_role->get_user_role_links($role); $arrLink = $obj_role->dump['link_id']; $numLinks = $obj_role->num_rows;
redirect("listview_user.php?{$query_string}"); } if ($_POST['btn_submit']) { log_action('Pressed submit button', $_SERVER['PHP_SELF']); $message .= $dbh_user->sanitize($arr_form_data)->lst_error; extract($arr_form_data); if ($dbh_user->check_uniqueness_for_editing($arr_form_data)->is_unique) { //Good, no duplicate in database } else { $message = "Record already exists with the same primary identifiers!"; } if ($message == "") { $dbh_user->edit($arr_form_data); //Permissions from role, if role was chosen if ($role_id != '') { $db = new data_abstraction(); $db->execute_query("DELETE FROM user_passport WHERE username = '******'"); $db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role_id) . "'"); } redirect("listview_user.php?{$query_string}"); } } } require 'subclasses/user_html.php'; $html = new user_html(); $html->draw_header('Edit User', $message, $message_type); $html->draw_listview_referrer_info($filter_field_used, $filter_used, $page_from, $filter_sort_asc, $filter_sort_desc); $html->draw_hidden('orig_username'); $html->exception = array('password'); $html->draw_controls('edit'); $html->draw_footer();