function edit($pdo) { global $page_display_title; $page_display_title = 'ویرایش اطلاعات کاربر'; $page = 1; $fragment = ''; if ($_SESSION['permission'] == 'admin') { if (isset($_GET['token']) && $_GET['token'] == $_SESSION['token']) { if (!isset($_POST['edit_user'])) { if (isset($_GET['username']) && !empty($_GET['username']) && intval($_GET['username'])) { $sql = "select * from user where username = :u"; $stmt = $pdo->prepare($sql); $stmt->bindvalue(':u', trim(filter_var($_GET['username'], FILTER_SANITIZE_STRING)), PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount()) { $user = $stmt->fetch(PDO::FETCH_ASSOC); $tpl = ' <form method="post" action="' . BASE_PATH . '/user/?do=edit&token=' . $_SESSION['token'] . '"> <input type="hidden" name="edit_user" value="' . trim($_GET['username']) . '"/> <div class="edit_form_user"> <div class="col"><input type="text" name="fname" value="{fname}"/></div> <div class="col">نام:</div> <div class="col"><input type="text" name="lname" value="{lname}"/></div> <div class="col">نام خانوادگی:</div> <div class="col"><input type="text" name="email" value="{email}"/></div> <div class="col">ایمیل:</div> <div class="col">{fields}</div> <div class="col">رشته:</div> <div class="col"><input type="submit" class="perfect_btn" value="ذخیره" /></div> <div class="col"></div> </div> </form> <br/><br/> <div class="edit_form_user"> <form method="post" action="' . BASE_PATH . '/user/?do=status&token=' . $_SESSION['token'] . '"> <input type="hidden" name="status" value="{status}" /> <input type="hidden" name="user" value="' . $_GET['username'] . '"/> <div class="col"></div><div class="col"></div> <div class="col"><input type="submit" class="perfect_btn" value="{status_caption}" /></div> <div class="col"></div> </form> </div> <br/><br/> '; $field_dropdown = ''; if ($user['type'] == 3) { $sql = "select id,title from field"; $stmt = $pdo->query($sql); if ($stmt->rowCount()) { $rows = $stmt->fetchAll(PDO::FETCH_ASSOC); $field_dropdown = dropdown($rows, 'field', 'title', 'id', $user['f_id']); } } else { if ($user['type'] == 2) { $field_dropdown = $user['f_id'] . '<input type="hidden" name="field" value="1"/>'; } } $tpl = str_replace('{fields}', $field_dropdown, $tpl); $tpl = str_replace('{fname}', $user['fname'], $tpl); $tpl = str_replace('{lname}', $user['lname'], $tpl); $tpl = str_replace('{email}', $user['email'], $tpl); $tpl = str_replace('{status}', $user['active'] == 1 ? 0 : 1, $tpl); $tpl = str_replace('{status_caption}', $user['active'] == 1 ? 'غیر فعال کردن کاربر' : 'فعال کردن کاربر', $tpl); echo $tpl; } } } else { if (isset($_POST['fname']) && isset($_POST['lname']) && isset($_POST['email']) && isset($_POST['field'])) { $email_error = false; $fname_error = true; $lname_error = true; $field_error = true; $email = $_POST['email']; if (!empty($_POST['email'])) { if (!check_email_address($_POST['email'])) { $email_error = true; } } #=Fname====================================================== $fn = preg_replace('/\\s*/', '', $_POST['fname']); $fn = preg_replace('/\\/*/', '', $fn); if (!empty($fn)) { if (preg_match('/^[\\w\\d\\x{600}-\\x{6FF}\\s\\-]+$/u', $_POST['fname'])) { $fn = str_replace('-', ' ', $_POST['fname']); $fnx = preg_replace('/\\s*/', '', $fn); if (!empty($fnx)) { $fname_error = false; $fname = $fn; } } } #=Lname====================================================== $ln = preg_replace('/\\s*/', '', $_POST['lname']); $ln = preg_replace('/\\/*/', '', $ln); if (!empty($ln)) { if (preg_match('/^[\\w\\d\\x{600}-\\x{6FF}\\s\\-]+$/u', $_POST['lname'])) { $ln = str_replace('-', ' ', $_POST['lname']); $lnx = preg_replace('/\\s*/', '', $ln); if (!empty($lnx)) { $lname_error = false; $lname = $ln; } } } #=Field====================================================== if (intval($_POST['field'])) { $field_error = false; $field = intval($_POST['field']); } if (!$email_error && !$fname_error && !$lname_error && !$field_error && isset($_POST['edit_user']) && intval($_POST['edit_user'])) { $sql = "select type from user where username="******"update user set fname=:fn,lname=:ln,email=:em,f_id=:f where username=:u"; } else { if ($type == 2) { $sql = "update user set fname=:fn,lname=:ln,email=:em where username=:u"; } } $stmt = $pdo->prepare($sql); $stmt->bindvalue(':fn', $fname, PDO::PARAM_STR); $stmt->bindvalue(':ln', $lname, PDO::PARAM_STR); $stmt->bindvalue(':em', $email, PDO::PARAM_STR); if ($type == 3) { $stmt->bindvalue(':f', $field, PDO::PARAM_STR); } $stmt->bindvalue(':u', filter_var($_POST['edit_user'], FILTER_SANITIZE_STRING), PDO::PARAM_STR); $stmt->execute(); $sql = "select id from user where username=:u"; $stmt = $pdo->prepare($sql); $stmt->bindvalue(':u', filter_var($_POST['edit_user'], FILTER_SANITIZE_STRING), PDO::PARAM_STR); $stmt->execute(); if ($stmt->rowCount()) { $id = $stmt->fetchColumn(); $sql = "select count(*)+1 from user where id > {$id}"; $stmt = $pdo->query($sql); $row_number = $stmt->fetchColumn(0); $page = pagination::page($row_number, 40); $fragment = '#' . filter_var($_POST['edit_user'], FILTER_SANITIZE_STRING); } } } } redirect(BASE_PATH . '/user/?do=manage&page=' . $page . '&token=' . $_SESSION['token'] . $fragment, 1); } } } }
if ($_SESSION['permission'] == 'admin' && isset($_GET['thesis']) && !empty($_GET['thesis']) && intval($_GET['thesis']) && is_numeric($_GET['thesis'])) { if (isset($_POST['grade']) && is_numeric($_POST['grade'])) { $sql = "update thesis set grade=:g where id=:t"; $stmt = $pdo->prepare($sql); $stmt->bindvalue(':g', filter_var($_POST['grade'], FILTER_SANITIZE_STRING), PDO::PARAM_STR); $stmt->bindvalue(':t', filter_var($_GET['thesis'], FILTER_SANITIZE_STRING), PDO::PARAM_INT); $stmt->execute(); #============================= $page = ''; $sql = "select count(*)+1 from thesis where id > :i"; $stmt = $pdo->prepare($sql); $stmt->bindvalue(':i', $_GET['thesis'], PDO::PARAM_INT); $stmt->execute(); if ($stmt->rowCount()) { $row_number = $stmt->fetchColumn(0); $page = '&page=' . pagination::page($row_number, 10); } #============================= redirect(BASE_PATH . '/event/?do=thesis&token=' . $_SESSION['token'] . $page . '#' . trim($_GET['thesis']), 1); } else { $msg = ''; if (isset($_POST['grade'])) { $msg = '<br/><b>' . 'دوباره سعی کنید و از صحت اطلاعات ورودی اطمینان حاصل نمایید' . '</b><br/>'; } echo ' <form method="post" class="addgrade"> <center> ' . $msg . ' <input type="text" name="grade" value="" placeholder="ورود نمره" /> <br/><br/> <input type="submit" value="ذخیره" />