function reject()
{
global $message;
$id = $_POST['pk1'];
$messageid = $_POST['pk2'];
$sql = "SELECT A.weeknumber, A.memberid, A.swapmemberid " . "FROM {$_SESSION['DB_PREFIX']}oncallswap A " . "WHERE A.id = {$id}";
$result = mysql_query($sql);
if ($result) {
/* Show children. */
while ($member = mysql_fetch_assoc($result)) {
$qry = "UPDATE {$_SESSION['DB_PREFIX']}oncallswap " . "SET agreed = 'X', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$id}";
$itemresult = mysql_query($qry);
if (!$itemresult) {
logError($qry . " = " . mysql_error());
}
$qry = "UPDATE {$_SESSION['DB_PREFIX']}messages " . "SET status = 'R', metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$messageid}";
$itemresult = mysql_query($qry);
if (!$itemresult) {
logError($qry . " = " . mysql_error());
}
sendInternalUserMessage($member['memberid'], "On Call Swap Request", "Your request for on call cover for week " . $member['weeknumber'] . " has been rejected by " . GetUserName($member['swapmemberid']));
$message = "Request has been rejected";
}
}
}
function AskQuestionAdminMail($to, $userEmail, $category, $question, $date)
{
$res = "-1";
$mailBody = "";
try {
$subject = "MR - Connect Question Asked";
$headers = "MIME-Version: 1.0" . "\r\n";
$headers .= "Content-type:text/html;charset=UTF-8" . "\r\n";
$headers .= "From: guide@mentored-research.com" . "\r\n";
// write the mail body here.
$mailBody .= "<h1>MR - Connect Question Asked</h1><br />";
$mailBody .= "Dear Admin, " . "<br />";
$mailBody .= "Following are the details of the question asked on MR-Connect Home: <br /><br />";
$mailBody .= "Name: <b>" . GetUserName($userEmail) . "</b><br />";
$mailBody .= "Email Address: <b>" . $userEmail . "</b><br />";
$mailBody .= "Question Category: <b>" . GetCategoryName($category) . "</b><br />";
$mailBody .= "Question Asked: <b>" . $question . "</b><br />";
$mailBody .= "Request on<b>: " . $date . "</b><br />";
$mailBody .= "<br /><br />Thank You.";
$mailBody .= "<br />MR - Connect";
$mailBody .= "<br /><a href='http://mentored-research.com'>Mentored-Research</a>";
if (mail($to, $subject, $mailBody, $headers) == true) {
$res = "1";
} else {
$res = "-1";
}
return $res;
} catch (Exception $e) {
$res = "-1";
return $res;
}
}
function newPage()
{
$this->Image("images/logomain2.png", 245.6, 1);
$this->Image("images/footer.png", 134, 190);
$size = $this->addText(10, 13, "Conversion Statistics : " . GetUserName($_POST['userid']), 12, 4, 'B') + 5;
$this->SetFont('Arial', '', 6);
$cols = array("Customer" => 72, "Customer Code" => 35, "Quotation Number" => 39, "Quotation Date" => 37, "Conversion Date" => 37, "Time Taken" => 29, "Total" => 28);
$this->addCols($size, $cols);
$cols = array("Customer" => "L", "Customer Code" => "L", "Quotation Number" => "L", "Quotation Date" => "L", "Conversion Date" => "L", "Time Taken" => "L", "Total" => "R");
$this->addLineFormat($cols);
$this->SetY(30);
}
<?php
include_once "common.php";
if (LoggedIn() === true) {
$ownerid = GetUserIdByName(GetUserName());
if (isset($_POST['firstsubmit'])) {
$allowedExts = array("mp3");
// add ogg support eventually
$temp = explode(".", $_FILES["file"]["name"]);
$extension = end($temp);
if ($_FILES["file"]["type"] == "audio/mp3" && in_array($extension, $allowedExts)) {
if ($_FILES["file"]["error"] > 0) {
echo "Error: " . $_FILES["file"]["error"] . "<br>";
} else {
/*echo "Upload: " . $_FILES["file"]["name"] . "<br>";
echo "Type: " . $_FILES["file"]["type"] . "<br>";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " kB<br>";
echo "Stored in: " . $_FILES["file"]["tmp_name"];*/
$finalfilename = md5($ownerid . time()) . ".mp3";
// Store the file if it doesn't already exist.
if (file_exists("aud/" . $finalfilename)) {
echo $_FILES["file"]["name"] . " already exists. ";
// boot out?
} else {
//move_uploaded_file( $_FILES["file"]["tmp_name"], "aud/" . $_FILES["file"]["name"] );
move_uploaded_file($_FILES["file"]["tmp_name"], "aud/" . $finalfilename);
//echo "Stored in: " . "aud/" . $_FILES["file"]["name"];
// Next, let's grab all the other info, generate a key and stuff the data into the DB.
$filepathname = $finalfilename;
// Process mp3 file and prepare for display of second page.
include "CMP3File.class.php";
<p class=MsoNormal style='margin-top:0cm;margin-right:0cm;margin-bottom:1.25pt;
margin-left:-.25pt'>En caso de que se considere la existencia de indicios que
podrían configurar un fraude, asimismo, se presentará el caso ante la Unidad de
Análisis de Litigiosidad y Control de Fraude de la Superintendencia de Riesgos
del Trabajo. </p>
<br>
</div>
</i>
<div style="background-color:#6FB43F; <?php
echo $fechaAceptacion != "" ? "height:36px;" : "";
?>
margin-top:8px; padding:18px;">
<div class="auto-style1">
<span style="margin-left:5px; color:#FFFFFF" class="auto-style3">Nombre y apellido: </span>
<span class="auto-style3"><?php
echo strtoupper(GetUserName());
?>
</span></div>
<div style="margin-left:37px; margin-top:4px;" class="auto-style1">
<span class="auto-style3">
<?php
if ($muestroCotrol) {
?>
</span>
<span style="color:#FFFFFF" class="auto-style3"> Me notifico:</span><i>
<input id="notificado" name="notificado" style="margin-left:5px; vertical-align:-3px;" type="checkbox" class="auto-style3" />
<input class="auto-style3" type="button" value="GUARDAR" onClick="guardar()" />
</i><span class="auto-style3">
<?php
$doform = true;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
DenyGuest();
if (empty($_POST["User"])) {
goto GenerateHtml;
}
$lastnamefirst = $_POST["User"];
$newuserid = FindUser("LastNameFirst", $lastnamefirst);
if (!$newuserid) {
$error_msg = "Unable to find user id. (Two users with same name?)";
$doform = true;
goto GenerateHtml;
}
$newuserinfo = GetUserInfo($newuserid);
$newusername = $newuserinfo["UserName"];
$currentuser = GetUserName();
log_msg($loc, 'User ' . $currentuser . ' is attemping to masquerade as ' . $newusername);
session_unset();
session_destroy();
session_start();
$okay = StartLogin($newusername, "", true);
if ($okay === false) {
log_msg($loc, "Login failure for masquerade. Starting ALL over.");
session_unset();
session_destroy();
JumpToPage("pages/login.php");
}
SetMasquerader($currentuser);
JumpToPage("pages/welcome.php");
}
GenerateHtml:
$arResult["ForumPrintSmilesList"] = ForumPrintSmilesList(3, LANGUAGE_ID);
$arResult["SMILES"] = CForumSmile::getSmiles("S", LANGUAGE_ID);
$arResult["FolderName"] = $arParams["FID"] <= $arResult["SystemFolder"] ? GetMessage("PM_FOLDER_ID_" . $arParams["FID"]) : $arResult["UserFolder"][$arParams["FID"]]["TITLE"];
// *****************************************************************************************
$arResult["POST_VALUES"] = array();
if (!$bVarsFromForm && ($mode == "edit" || $mode == "reply")) {
$arResult["POST_VALUES"] = $arResult["MESSAGE"];
if ($arParams["FID"] != 2) {
$arParams["FID"] = intVal($res["FOLDER_ID"]);
}
if ($mode == "reply") {
$arResult["POST_VALUES"]["POST_SUBJ"] = GetMessage("PM_REPLY") . $arResult["POST_VALUES"]["POST_SUBJ"];
$arResult["POST_VALUES"]["~POST_MESSAGE"] = "[QUOTE]" . $arResult["POST_VALUES"]["~POST_MESSAGE"] . "[/QUOTE]";
$arResult["POST_VALUES"]["POST_MESSAGE"] = "[QUOTE]" . $arResult["POST_VALUES"]["POST_MESSAGE"] . "[/QUOTE]";
$arResult["POST_VALUES"]["USER_ID"] = $arResult["POST_VALUES"]["AUTHOR_ID"];
$arResult["POST_VALUES"]["USER_LOGIN"] = htmlspecialcharsEx(GetUserName($arResult["POST_VALUES"]["USER_ID"], $arParams["NAME_TEMPLATE"]));
}
} elseif ($bVarsFromForm) {
$arResult["POST_VALUES"]["POST_SUBJ"] = htmlspecialcharsEx($_REQUEST["POST_SUBJ"]);
$arResult["POST_VALUES"]["~POST_MESSAGE"] = $_REQUEST["POST_MESSAGE"];
$arResult["POST_VALUES"]["POST_MESSAGE"] = htmlspecialcharsEx($_REQUEST["POST_MESSAGE"]);
$arResult["POST_VALUES"]["USER_ID"] = htmlspecialcharsEx($_REQUEST["USER_ID"]);
$arResult["POST_VALUES"]["USE_SMILES"] = $_POST["USE_SMILES"] != "Y" ? "N" : "Y";
} elseif ($arParams["UID"] > 0) {
$arResult["POST_VALUES"]["USER_ID"] = intVal($arParams["UID"]);
}
if (intVal($arResult["POST_VALUES"]["USER_ID"]) > 0) {
$db_res = CForumUser::GetList(array(), array("USER_ID" => $arResult["POST_VALUES"]["USER_ID"], "SHOW_ABC" => ""), array("sNameTemplate" => $arParams["NAME_TEMPLATE"]));
if ($db_res && ($res = $db_res->GetNext())) {
$arResult["POST_VALUES"]["SHOW_NAME"] = array("link" => CComponentEngine::MakePathFromTemplate($arParams["URL_TEMPLATES_PROFILE_VIEW"], array("UID" => $res["USER_ID"])), "text" => $res["SHOW_ABC"]);
}
$session_data = sql_result($uolresult, $uoli, "session_data");
$serialized_data = sql_result($uolresult, $uoli, "serialized_data");
$session_user_agent = sql_result($uolresult, $uoli, "user_agent");
$session_ip_address = sql_result($uolresult, $uoli, "ip_address");
//$UserSessInfo = unserialize_session($session_data);
$UserSessInfo = unserialize($serialized_data);
if (!isset($UserSessInfo['UserGroup'])) {
$UserSessInfo['UserGroup'] = $Settings['GuestGroup'];
}
$AmIHiddenUser = "******";
$user_agent_check = false;
if (user_agent_check($session_user_agent)) {
$user_agent_check = user_agent_check($session_user_agent);
}
if ($UserSessInfo['UserGroup'] != $Settings['GuestGroup'] || $user_agent_check !== false) {
$PreAmIHiddenUser = GetUserName($UserSessInfo['UserID'], $Settings['sqltable'], $SQLStat);
$AmIHiddenUser = $PreAmIHiddenUser['Hidden'];
if ($AmIHiddenUser == "no" && $UserSessInfo['UserID'] > 0 || $user_agent_check !== false) {
if ($olmbn > 0) {
$MembersOnline .= ", ";
}
if ($user_agent_check === false) {
$uatitleadd = null;
if ($GroupInfo['CanViewUserAgent'] == "yes") {
$uatitleadd = " title=\"" . htmlentities($session_user_agent, ENT_QUOTES, $Settings['charset']) . "\"";
}
$MembersOnline .= "<a" . $uatitleadd . " href=\"" . url_maker($exfile['member'], $Settings['file_ext'], "act=view&id=" . $UserSessInfo['UserID'], $Settings['qstr'], $Settings['qsep'], $prexqstr['member'], $exqstr['member']) . "\">" . $UserSessInfo['MemberName'] . "</a>";
if ($GroupInfo['CanViewIPAddress'] == "yes") {
$MembersOnline .= " (<a title=\"" . $session_ip_address . "\" onclick=\"window.open(this.href);return false;\" href=\"" . sprintf($IPCheckURL, $session_ip_address) . "\">" . $session_ip_address . "</a>)";
}
++$olmn;
$arResult["SortingEx"]["POST_DATE"] = SortingEx("post_date");
$arFilter = array("USER_ID" => $arParams["UID"], "FOLDER_ID" => $arParams["FID"]);
if ($arParams["FID"] == 2) {
//If this is outbox folder
$arFilter = array("OWNER_ID" => $arParams["UID"]);
}
$dbrMessages = CForumPrivateMessage::GetListEx(array($by => $order), $arFilter);
$dbrMessages->NavStart($arParams["PM_PER_PAGE"]);
$dbrMessages->bShowAll = false;
$dbrMessages->nPageWindow = $arParams["PAGE_NAVIGATION_WINDOW"];
$arResult["NAV_RESULT"] = $dbrMessages;
$arResult["NAV_STRING"] = $dbrMessages->GetPageNavStringEx($navComponentObject, GetMessage("PM_TITLE_PAGES"), $arParams["PAGE_NAVIGATION_TEMPLATE"]);
if ($dbrMessages && ($arMsg = $dbrMessages->GetNext())) {
do {
$arMsg["POST_SUBJ"] = wordwrap($arMsg["POST_SUBJ"], 100, " ", 1);
$arMsg["~SHOW_NAME"] = GetUserName($arMsg[$arResult["InputOutput"]], $arParams["NAME_TEMPLATE"]);
$arMsg["SHOW_NAME"] = htmlspecialcharsEx($arMsg["~SHOW_NAME"]);
$arMsg["URL"] = array("MESSAGE" => CComponentEngine::MakePathFromTemplate($arParams["URL_TEMPLATES_PM_READ"], array("FID" => $arParams["FID"], "MID" => $arMsg["ID"])), "MESSAGE_EDIT" => CComponentEngine::MakePathFromTemplate($arParams["URL_TEMPLATES_PM_EDIT"], array("FID" => $arParams["FID"], "mode" => "new", "MID" => 0, "UID" => $arMsg[$arResult["InputOutput"]])), "RECIPIENT" => CComponentEngine::MakePathFromTemplate($arParams["URL_TEMPLATES_PROFILE_VIEW"], array("UID" => $arMsg["RECIPIENT_ID"])), "SENDER" => CComponentEngine::MakePathFromTemplate($arParams["URL_TEMPLATES_PROFILE_VIEW"], array("UID" => $arMsg["AUTHOR_ID"])));
$arMsg["pm_read"] = $arMsg["URL"]["MESSAGE"];
$arMsg["pm_edit"] = $arMsg["URL"]["MESSAGE_EDIT"];
$arMsg["profile_view"] = CComponentEngine::MakePathFromTemplate($arParams["URL_TEMPLATES_PROFILE_VIEW"], array("UID" => $arMsg[$arResult["InputOutput"]]));
$arMsg["POST_DATE"] = CForumFormat::DateFormat($arParams["DATE_TIME_FORMAT"], MakeTimeStamp($arMsg["POST_DATE"], CSite::GetDateFormat()));
$arMsg["checked"] = "";
if (in_array($arMsg["ID"], $message)) {
$arMsg["checked"] = " checked ";
}
$arResult["MESSAGE"][$arMsg["ID"]] = $arMsg;
} while ($arMsg = $dbrMessages->GetNext());
}
/************** Folders ********************************************/
$resFolder = CForumPMFolder::GetList(array(), array("USER_ID" => $USER->GetID()));
// --------------------------------------------------------------------
// wo_new.php -- Adds a new work order.
//
// Created: 12/31/15 DLB
// --------------------------------------------------------------------
require_once "../maindef.php";
$loc = rmabs(__FILE__);
session_start();
log_page();
CheckLogin();
$timer = new timer();
$error_msg = "";
$success_msg = "";
$userid = GetUserID();
$username = GetUserName();
$userIPT = GetUserIPT($userid);
$doform = false;
$link_to_view = false;
$picid = 0;
$param_list = array(array("FieldName" => "Title", "FieldType" => "Text", "Caption" => "Title of New Work Order"), array("FieldName" => "Project", "FieldType" => "Selection", "Selection" => $WOProjects, "Caption" => "Project"), array("FieldName" => "DateNeedBy", "FieldType" => "Date", "Caption" => "Date Needed"), array("FieldName" => "Priority", "FieldType" => "Selection", "Selection" => $WOPriorities, "Caption" => "Priority"), array("FieldName" => "Requestor", "FieldType" => "Selection", "Selection" => $WOIPTeams, "Caption" => "Requesting IPT"), array("FieldName" => "Receiver", "FieldType" => "Selection", "Selection" => $WOIPTeams, "Caption" => "Receiving IPT"), array("FieldName" => "Description", "FieldType" => "TextArea", "Rows" => 10, "Columns" => 72, "Caption" => "Describe Work"));
if ($_SERVER["REQUEST_METHOD"] == "GET") {
// Set up defaults...
$data["Priority"] = $WOPriorities[0];
$data["Requestor"] = $userIPT;
$data["Receiver"] = $userIPT;
$data["DateNeedBy"] = date('Y-m-d', time() + 5 * 24 * 3600);
PopulateParamList($param_list, $data);
$doform = true;
goto GenerateHtml;
}
$j33number = "";
$casenumber = "";
$parties = "";
if (!$result) {
logError("Error: " . mysql_error());
}
//Check whether the query was successful or not
while ($member = mysql_fetch_assoc($result)) {
$j33number = $member['j33number'];
$casenumber = $member['casenumber'];
$parties = $member['plaintiff'];
}
for ($ix = 0; $ix < count($_POST["notificationid"]); $ix++) {
$description = "<h3>Typist Invoice Upload.</h3><table>";
$description .= "<tr><td><b>J33 Number : </b></td><td>{$j33number}</td></tr>";
$description .= "<tr><td><b>Case Number : </b></td><td>{$casenumber}</td></tr>";
$description .= "<tr><td><b>Parties : </b></td><td>{$parties}</td></tr>";
$description .= "<tr><td><b>Pages : </b></td><td>{$page}</td></tr>";
$description .= "</table><h4>Invoice has been uploaded by " . GetUserName() . "</h4>";
sendInternalUserMessage($_POST["notificationid"][$ix], "Typist Invoice", $description);
}
} else {
$qry = "UPDATE {$_SESSION['DB_PREFIX']}typistinvoices SET " . "pages = {$page}, metamodifieddate = NOW(), metamodifieduserid = " . getLoggedOnMemberID() . " " . "WHERE id = {$pageid}";
$result = mysql_query($qry);
if (!$result) {
logError($qry);
}
}
}
array_push($json, array("pages" => $totalpage));
echo json_encode($json);
?>
');
<?
}
else {
$params = array(":id" => $_REQUEST["MotivoAusencia"]);
$sql =
"SELECT ma_detalle
FROM rrhh.rma_motivosausencia
WHERE ma_id = :id";
$motivo = ValorSql($sql, "", $params);
// Envío un e-mail de aviso a RRHH..
$body = "Se registró una nueva ausencia.\n".
"El empleado ausente es: ".$empleado.".\n".
"Reportado por: ".GetUserName().".\n".
"Motivo: ".$motivo.".\n".
"Enviar médico: ".(($_REQUEST["enviarMedico"] == "T")?"Sí":"No").".\n";
if ($_REQUEST["enviarMedico"] == "F")
$body.= "Justificación: ".$_REQUEST["justifique"].".";
SendEmail($body, "Aviso Intranet", "Aviso de Ausencia", array("rrhh-provinciaart"), array(), array());
echo "window.parent.document.getElementById('spanMensaje').style.display = 'block';";
echo "window.parent.LimpiarForm(window.parent.document.getElementById('formAusentismo'))";
}
?>
</script>
</head>
<body>
ok
</body>
<td class="TableMenuColumn4"> </td>
</tr>
</table>
</div>
<?php
}
if ($_POST['act'] == "editmember" && $_POST['update'] == "now" && $_GET['act'] == "editmember" && ($_POST['id'] != "0" || $_POST['id'] != "-1")) {
$ggidquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"Name\"='%s' LIMIT 1", array($Settings['GuestGroup']));
$ggidresult = sql_query($ggidquery, $SQLStat);
$GuestGroupID = sql_result($ggidresult, 0, "id");
sql_free_result($ggidresult);
$vgidquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "groups\" WHERE \"Name\"='%s' LIMIT 1", array($Settings['ValidateGroup']));
$vgidresult = sql_query($vgidquery, $SQLStat);
$ValidateGroupID = sql_result($vgidresult, 0, "id");
sql_free_result($vgidresult);
$DMemName = GetUserName($_POST['id'], $Settings['sqltable']);
$DMemName = $DMemName['Name'];
$_POST['MemName'] = stripcslashes(htmlspecialchars($_POST['MemName'], ENT_QUOTES, $Settings['charset']));
//$_POST['MemName'] = preg_replace("/&#(x[a-f0-9]+|[0-9]+);/i", "&#$1;", $_POST['MemName']);
$_POST['MemName'] = remove_spaces($_POST['MemName']);
$_POST['MemEmail'] = remove_spaces($_POST['MemEmail']);
$username_check = null;
if ($_POST['MemName'] != $DMemName) {
$tquery = sql_pre_query("UPDATE \"" . $Settings['sqltable'] . "topics\" SET \"GuestName\"='%s' WHERE \"UserID\"=%i", array($_POST['MemName'], $_POST['id']));
sql_query($tquery, $SQLStat);
$r1query = sql_pre_query("UPDATE \"" . $Settings['sqltable'] . "posts\" SET \"GuestName\"='%s' WHERE \"UserID\"=%i", array($_POST['MemName'], $_POST['id']));
sql_query($r1query, $SQLStat);
$r2query = sql_pre_query("UPDATE \"" . $Settings['sqltable'] . "posts\" SET \"EditUserName\"='%s' WHERE \"EditUser\"=%i", array($_POST['MemName'], $_POST['id']));
sql_query($r2query, $SQLStat);
$sql_username_check = sql_query(sql_pre_query("SELECT \"Name\" FROM \"" . $Settings['sqltable'] . "members\" WHERE \"Name\"='%s'", array($_POST['MemName'])), $SQLStat);
$username_check = sql_num_rows($sql_username_check);
// Estado según el motivo para el usuario original...
$sql = "SELECT 'A la espera de la autorización de ' || InitCap(SE_NOMBRE)
FROM ART.USE_USUARIOS, COMPUTOS.CMS_MOTIVOSOLICITUD
WHERE MS_ID = :id
AND SE_ID = COMPUTOS.GENERAL.GET_USUARIORESPONSABLE(:usuariosolicitud, MS_NIVEL)";
$params = array(":id" => $_REQUEST['DetallePedido'], ":usuariosolicitud" => $_REQUEST["UsuarioSolicitud"]);
$stmt = DBExecSql($conn, $sql, $params);
$useraux = ValorSql($sql, "", $params);
if (($useraux != "") and ($id_estado == 1)) {
$id_estado = 10;
}
}
else {
$user = $user."\r\n"."Ticket cargado por ".GetUserName();
}
}
// Se setea esta variable que se utiliza en el trigger trg_css_permisosolicitud de la tabla computos.css_solicitudsistemas..
$curs = null;
$sql = "BEGIN COMPUTOS.GENERAL.v_nombreusuario := UPPER(:usuario); END;";
$params = array(":usuario" => GetWindowsLoginName());
$stmt = DBExecSP($conn, $curs, $sql, $params, false);
// Doy de alta el ticket...
$sql =
"INSERT INTO computos.css_solicitudsistemas (ss_id, ss_idusuario_carga, ss_fecha_solicitud, ss_idusuario_solicitud, ss_fecha_carga,
ss_idsector_asignado, ss_idequipo, ss_idestadoactual, ss_idmotivosolicitud, ss_notas,
ss_observaciones, ss_prioridad ".$campoEjecutable.", ss_presencial, ss_indicaciones)
VALUES (:id, :idusuario, ART.ACTUALDATE, :idusuariosolicitud, SYSDATE, :idsectorasignado, :idequipo,
</tr> <tr> <td style="border-bottom-style: solid; border-bottom-width: 1px; padding-left: 4px; padding-right: 4px" colspan="2" height="13"></td> </tr> </table> </td> </tr> <tr> <td width="377" height="50" valign="top" rowspan="2"> <table border="0" id="table3" bgcolor="#FFFFFF" cellspacing="0"> <tr> <td width="10"></td> <td><p align="center"><img border="0" src="images/user.jpg" width="26" height="28"></td> <td><font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#808080">Usuario Actual:</font></td> <td><font face="Verdana" style="font-size: 8pt" color="#336699"> <?php echo GetUserName($_SESSION["identidad"]); ?> </font></td> </tr> </table> </td> <td align="left" width="293" height="21" valign="top"> <table bgcolor="#FFFFFF" border="0" cellspacing="0" width="293"> <tr> <td style="border-left-style: solid; border-left-width: 1px; border-top-style: solid; border-top-width: 1px; border-bottom-style: solid; border-bottom-width: 0px; padding-left: 4px; padding-right: 4px; width: 120px;" bgcolor="#C0C0C0" bordercolor="#808080"><font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#FFFFFF">Año: </font></td> <td style="border-top-style: solid; border-top-width: 1px; border-bottom-style: solid; border-bottom-width: 0px; padding-left: 4px; padding-right: 4px; border-right-style:solid; border-right-width:1px" bgcolor="#C0C0C0" bordercolor="#808080"><select id="Ano" name="Ano" size="1" validar="true" title="Año" style="color: #808080; font-family: Verdana; font-size: 8pt; font-weight: bold; border: 1px solid #808080; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px;" onChange="cambiarAno()"></select></td> </tr> </table> <table bgcolor="#FFFFFF" border="0" cellspacing="0" id="tableUsuariosAEvaluar" name="tableUsuariosAEvaluar" width="293"> <tr> <td bgcolor="#C0C0C0" bordercolor="#808080" style="border-bottom-style: solid; border-bottom-width: 1px; border-left-style: solid; border-left-width: 1px; border-top-style: solid; border-top-width: 1px; padding-left: 4px; padding-right: 4px; width: 120px;"><font face="Verdana" style="font-size: 8pt; font-weight: 700" color="#FFFFFF">Usuario a evaluar: </font></td>
<?php
require "app/model.php";
$userInfoDefault = [["userName" => "Guest", "profileImage" => "icons/guest.png"]];
$clientAdress = $_SERVER["REMOTE_ADDR"];
$logined = empty($_SESSION['logined']) ? false : $_SESSION['logined'];
$RegistrationAdress = GetIPAdress($clientAdress);
//渡されたIPアドレスが登録されいるかDBへ問い合わせるメソッド
if (isset($RegistrationAdress)) {
$userInfo = GetUserName($_COOKIE["PHPSESSID"]);
//渡されたセッションIDをもとにユーザー情報をDBへ問い合わせるメソッド(戻り値:ユーザー名とアイコンのURL)
if (empty($userInfo)) {
$userInfo = $userInfoDefault;
} else {
$_SESSION['profileImage'] = $userInfo[0]['profileImage'];
$_SESSION['userName'] = $userInfo[0]['userName'];
if (empty($_SESSION['TwitterID'])) {
$in_twitterID = GetTwitterID($_COOKIE["PHPSESSID"]);
$_SESSION['TwitterID'] = $in_twitterID[0]['TwitterID'];
}
$logined = true;
$_SESSION['logined'] = $logined;
}
} else {
$userInfo = $userInfoDefault;
}
?>
<div id="user" >
<img class="user_content" id="user_icon" src=<?php
echo $userInfo[0]['profileImage'];
?>
$arResult["SHOW_SELF_CLOSE"] = "Y";
$arResult["UID"] = $UID;
$arResult["SHOW_NAME"] = $res["SHOW_ABC"];
$arResult["profile_view"] = CComponentEngine::MakePathFromTemplate($arParams["URL_TEMPLATES_PROFILE_VIEW"], array("UID" => $UID));
}
} else {
$arResult["SHOW_SELF_CLOSE"] = "Y";
$arResult["SHOW_MODE"] = "none";
$db_res = CForumUser::GetList(array("ID" => "DESC"), array("SHOW_ABC" => str_replace(array("*", "%"), "", $_REQUEST["search_by_login"])), array("sNameTemplate" => $arParams["NAME_TEMPLATE"]));
if ($db_res && ($res = $db_res->getNext())) {
$arResult["SHOW_MODE"] = "full";
$arResult["SHOW_NAME"] = $res["SHOW_ABC"];
$arResult["profile_view"] = CComponentEngine::MakePathFromTemplate($arParams["URL_TEMPLATES_PROFILE_VIEW"], array("UID" => $res["USER_ID"]));
$arResult["UID"] = $res["USER_ID"];
} else {
$db_res = CUser::GetByLogin($_REQUEST["search_by_login"]);
if ($db_res && ($res = $db_res->GetNext())) {
$arResult["SHOW_MODE"] = "light";
$arResult["SHOW_NAME"] = GetUserName($res["ID"], $arParams["NAME_TEMPLATE"]);
$arResult["UID"] = $res["ID"];
}
}
}
// $arResult["SHOW_NAME"] = htmlspecialcharsback($arResult["SHOW_NAME"]);
}
// *****************************************************************************************
$APPLICATION->RestartBuffer();
header("Pragma: no-cache");
$this->IncludeComponentTemplate();
die;
// *****************************************************************************************
$NewUserID = -1;
$NewGuestsName = "Guest";
}
if ($UsersID === 0 && $GuestsName == null) {
$NewUserID = -1;
$NewGuestsName = "Guest";
}
if ($UsersID == $NewUserID && $GuestsName == $NewGuestsName) {
$NewUserID = $UsersID;
$NewGuestsName = $GuestsName;
}
$EditUserID = sql_result($result, $i, "EditUser");
$EditUserName = sql_result($result, $i, "EditUserName");
$NewEditUserID = $EditUserID;
$NewEditUserName = $EditUserName;
$NewEditUserName = GetUserName($NewEditUserID, $Settings['sqltable']);
$NewEditUserName = $NewEditUserName['Name'];
if ($EditUserID == -1 && $EditUserName != null) {
$NewEditUserName = $EditUserName;
}
if ($NewEditUserName == null && $EditUserName != null && $EditUserID !== 0) {
$NewEditUserID = -1;
$NewEditUserName = $EditUserName;
}
if ($EditUserID == -1 && $EditUserName == null) {
$NewEditUserID = -1;
$NewEditUserName = "******";
}
if ($EditUserID === 0 && $EditUserName != null) {
$NewEditUserID = "0";
$NewEditUserName = null;
// --------------------------------------------------------------------
require_once "libs/all.php";
session_start();
log_page();
CheckLogin();
CheckEditor();
$loc = 'workorders_listids.php';
$timer = new Timer();
include "forms/header.php";
include "forms/navform.php";
include "forms/workorders_menubar.php";
echo '<div class="content_area">';
echo '<h2>List of Known Work Order IDs</h2>';
echo '<br>';
echo '<h2>Completed Work Orders</h2>';
$user = GetUserName();
$sql = 'SELECT * FROM WorkOrders WHERE Completed="1" AND AssignedTo = "' . $user . '" ORDER BY DateNeeded';
//$sql = 'SELECT * FROM WorkOrders';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
// output data of each row
echo "<br>\n";
echo '<table class="members_userlist">' . "\n<tr>\n";
echo "<th align=left width=80><u>WorkOrder ID</u></th>";
echo "<th align=left width=200><u>Name</u></th>";
echo "<th align=left width=200><u>Due Date</u></th>";
echo "<th align=left width=200><u>Requesting Approval</u></th>";
echo "<th align=left width=200><u>Receiving Approval</u></th>";
echo "<th align=left width=200><u>Office Approval</u></th>";
// echo "<th align=left width=200><u>Completed?</u></th>";
while ($row = $result->fetch_assoc()) {
//$perintah="SELECT * FROM xuser_pegawai WHERE level = 'STAF' ORDER BY level DESC";
break;
}
switch ($xlevel) {
case 7:
//$AdminlevelName = "Staf";
$perintah = "SELECT * FROM xuser_pegawai WHERE username != '" . $IdUser . "' AND KdUnit like '" . substr($_SESSION['MM__AdminKdSatker'], 0, 4) . "%' ORDER BY level DESC";
break;
}
//Eksekusi $perintah
$jalankan_perintah = mysql_query($perintah) or die(mysql_error());
while ($rows = mysql_fetch_array($jalankan_perintah)) {
if ($rows[username] == $IdUser) {
// echo "<OPTION VALUE='".$rows[username]."'selected>".GetUserName($rows[username])."</OPTION>";
} else {
echo "\n<OPTION VALUE='" . $rows[username] . "'>" . GetUserName($rows[username]) . "</OPTION>";
}
}
echo "</select>";
echo "<br clear=\"all\" >";
?>
</td>
</tr>
<tr>
<td class="key"><strong>Perihal</strong></td>
<td>
<input readonly name="Perihal" type="text" class="formAll" id="Perihal" size="100" value="<?php
echo $Perihal;
?>
WHERE BN_FECHAFIN IS NULL
AND BN_IDSISTEMATICKET = ".$sistema;
$texto_banner = ValorSQL($sql);
if ($texto_banner != "")
echo "<font size='2' color='#FF6600'><b>ATENCIÓN<br />".$texto_banner."</b></font><br /><br />";
?>
<br/><br/>
</td>
</tr>
<tr align="left">
<td width="200" align="right">
<img src="images/<?echo $sistema;?>/User_Accounts.png"/>
</td>
<td width="370">
<div align="justify">
<p><font color="#807F84">Bienvenido/a</font> <font color=<?echo $colorBienvenida;?>><b><?echo strtoupper(GetUserName());?></b>!</font>
<br />
<br />
<font color="#807F84"> <?echo $textoHome;?> <br />
<br />
Al realizar una solicitud, como constancia Ud. recibirá una confirmación por correo electrónico indicando
un número de ticket que le servirá como referencia para futuras consultas. </font><br />
<br />
<?
$sql = "SELECT COUNT(*)
FROM COMPUTOS.CSS_SOLICITUDSISTEMAS
WHERE SS_IDESTADOACTUAL = 5
AND SS_IDUSUARIO_SOLICITUD = :idusuario
AND SS_IDSISTEMATICKET = ".$sistema;
$params = array(":idusuario" => GetUserID());
$pending_tickets = ValorSQL($sql, "", $params);
sql_free_result($pmresult1);
/*
$pmquery2 = sql_pre_query("SELECT * FROM \"".$Settings['sqltable']."messenger\" WHERE \"SenderID\"=%i AND \"Read\"=0", array($_SESSION['UserID']));
$pmresult2=sql_query($pmquery2,$SQLStat);
$SentPMNumber=sql_num_rows($pmresult2);
sql_free_result($pmresult2); */
}
if ($ThemeSet['LogoStyle'] == null) {
$logostyle = "";
}
if ($ThemeSet['LogoStyle'] != null) {
$logostyle = "style=\"" . $ThemeSet['LogoStyle'] . "\" ";
}
// Am I hidden from everyone
if ($_SESSION['UserGroup'] != $Settings['GuestGroup']) {
$PreAmIHidden = GetUserName($_SESSION['UserID'], $Settings['sqltable'], $SQLStat);
$AmIHidden = $PreAmIHidden['Hidden'];
}
// Hide me from everyone! >_> ^_^ <_<
?>
<div class="NavBorder">
<?php
if ($ThemeSet['TableStyle'] == "div") {
?>
<div class="NavBarRow1">
<span class="NavBarSpan1">
<?php
echo $ThemeSet['PreLogo'];
?>
<a <?php
echo $logostyle;
return $result;
}
$user = $_SESSION["identidad"];
try {
if ($user == $_POST["Evaluado"]) {
// Si el que guarda es el evaluado..
$sql = "UPDATE rrhh.hfe_formularioevaluacion2008\n\t\t\t\t\tSET fe_fechaevaluado = SYSDATE,\n\t\t\t\t\t\t\tfe_comentarioevaluado = SUBSTR(:comentarioevaluado, 1, 2000),\n\t\t\t\t\t\t\tfe_usumodif = UPPER(:usumodif),\n\t\t\t\t\t\t\tfe_fechamodif = SYSDATE\n\t\t\t WHERE fe_id = :id";
$params = array(":comentarioevaluado" => $_POST["ComentariosEvaluado"], ":usumodif" => $user, ":id" => $_POST["FormularioId"]);
DBExecSql($conn, $sql, $params);
if ($_POST["CerrarEvaluacion"] == "true") {
$sql = "UPDATE rrhh.hue_usuarioevaluacion\n\t\t\t\t\t\tSET ue_evaluado_ok = 1\n\t\t\t\t\tWHERE ue_evaluado = UPPER(:evaluado)\n\t\t\t\t\t\tAND ue_anoevaluacion = :ano";
$params = array(":evaluado" => $_POST["Evaluado"], ":ano" => $_POST["Ano"]);
DBExecSql($conn, $sql, $params);
$sql = "SELECT ue_evaluador || ';' || ue_supervisor || ';' || ue_notificacion destinatarios\n\t\t\t\t\tFROM rrhh.hue_usuarioevaluacion\n\t\t\t\t WHERE ue_evaluado = :evaluado\n\t\t\t\t\t AND ue_anoevaluacion = :ano";
$params = array(":evaluado" => $_POST["Evaluado"], ":ano" => $_POST["Ano"]);
$body = "<html><body>" . GetUserName($_POST["Evaluado"]) . " ya se ha notificado de su evaluación, <a href='http://" . $_SERVER["HTTP_HOST"] . "/modules/encuestas/evaluacion_desempeno/'>haga click aquí</a> para consultar.<br><br>Si el link no funciona pegue esta dirección en su navegador: http://" . $_SERVER["HTTP_HOST"] . "/modules/encuestas/evaluacion_desempeno</body></html>";
SendEmail($body, "Aviso Intranet", "Evaluación notificada", GetEmail(explode(";", ValorSql($sql, "", $params))), array(), array(), "H");
}
}
if ($user == $_POST["Evaluador"]) {
// Si el que guarda es el evaluador..
// Tomo el valor de campos que pueden existir o no..
$orientacion = getCheckValue("Orientacion");
$orientacionEsp = getCheckValue("OrientacionEsp");
$orientacionFuturo = getCheckValue("OrientacionFuturo");
$adaptabilidad = getCheckValue("Adaptabilidad");
$adaptabilidadEsp = getCheckValue("AdaptabilidadEsp");
$adaptabilidadFuturo = getCheckValue("AdaptabilidadFuturo");
$equipo = getCheckValue("TrabajoEnEquipo");
$equipoEsp = getCheckValue("TrabajoEnEquipoEsp");
$equipoFuturo = getCheckValue("TrabajoEnEquipoFuturo");
while ($is < $num) {
$PMID = sql_result($result, $is, "id");
$SenderID = sql_result($result, $is, "SenderID");
$SenderIP = sql_result($result, $is, "IP");
$PreSenderName = GetUserName($SenderID, $Settings['sqltable'], $SQLStat);
if ($PreSenderName['Name'] === null) {
$SenderID = -1;
$PreSenderName = GetUserName($SenderID, $Settings['sqltable'], $SQLStat);
}
$SenderName = $PreSenderName['Name'];
$SenderHidden = $PreSenderName['Hidden'];
$ReciverID = sql_result($result, $is, "ReciverID");
$PreReciverName = GetUserName($ReciverID, $Settings['sqltable'], $SQLStat);
if ($PreReciverName['Name'] === null) {
$ReciverID = -1;
$PreReciverName = GetUserName($ReciverID, $Settings['sqltable'], $SQLStat);
}
$ReciverName = $PreReciverName['Name'];
$ReciverHidden = $PreReciverName['Hidden'];
$PMGuest = sql_result($result, $is, "GuestName");
$MessageName = sql_result($result, $is, "MessageTitle");
$DateSend = sql_result($result, $is, "DateSend");
$DateSend = GMTimeChange($_SESSION['iDBDateFormat'] . ", " . $_SESSION['iDBTimeFormat'], $DateSend, $_SESSION['UserTimeZone'], 0, $_SESSION['UserDST']);
$MessageText = sql_result($result, $is, "MessageText");
$MessageDesc = sql_result($result, $is, "Description");
$ipshow = "two";
$requery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "members\" WHERE \"id\"=%i", array($SenderID));
$reresult = sql_query($requery, $SQLStat);
$renum = sql_num_rows($reresult);
$rei = 0;
$memrequery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "mempermissions\" WHERE \"id\"=%i LIMIT 1", array($SenderID));
<?
require_once($_SERVER["DOCUMENT_ROOT"]."/constants.php");
require_once($_SERVER["DOCUMENT_ROOT"]."/../Classes/provart/list_of_items.php");
if (isset($_REQUEST["mdl"])) {
require_once($_SERVER["DOCUMENT_ROOT"]."/modules/control_gestion/informes_de_gestion/".$_REQUEST["mdl"]);
return false;
}
?>
<div align="center">
<table width="770" cellspacing="0" cellpadding="0" id="table1">
<tr>
<td width="45" style="border-bottom-style: solid; border-bottom-width: 1px; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px"><p align="right" style="margin-left: 7px"><b><font size="2"><img src="/modules/control_gestion/informes_de_gestion/images/usuario.jpg" width="26" height="28"></td>
<td width="101" style="border-bottom-style: solid; border-bottom-width: 1px; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px"><font color="#808080" style="font-size: 10pt">Usuario Actual:</font></td>
<td align="left" width="529" style="border-bottom-style: solid; border-bottom-width: 1px; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px"><font style="font-size: 8pt; " color="#000000"><?php
echo GetUserName();
?>
</font></td>
<td width="54" style="border-bottom-style: solid; border-bottom-width: 1px; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px"><p align="right"> </td>
</tr>
</table>
</div>
<br />
<div align="center">
<table width="652" cellspacing="0" cellpadding="0" id="table4">
<tr>
<td style="border-bottom-style: dotted; border-bottom-width: 1px; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px" width="21"><b><font size="2"><a href="/index.php?pageid=34"><img height="27" src="/modules/control_gestion/informes_de_gestion/images/administracion.jpg" title="Administración" width="30"></a></td>
<td style="border-bottom-style: dotted; border-bottom-width: 1px; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px" width="72"><span style="font-weight: 700"><font size="3" color="#00A4E4">Administración</font></span></td>
<td style="border-bottom-style: dotted; border-bottom-width: 1px; padding-left: 4px; padding-right: 4px; padding-top: 1px; padding-bottom: 1px"><font size="2"><p style="margin-top: 0; margin-bottom: 0"> </td>
margin-top:60px;
}
</style>
</head>
<body style="background-color:#eeeeee">
<div>
<?php
// This division is for user to log in.
if (isset($_COOKIE["SavedUserInfo"]) && $_COOKIE["SavedUserInfo"] != "999999999") {
?>
<form>
<label for="LoggedInUsername"> Welcome, <?php
echo GetUserName($_COOKIE["SavedUserInfo"]);
?>
!</label> <br>
<label>Have a great time. </label>
</form>
<form action="<?php
echo $_SERVER['PHP_SELF'];
?>
" method="post">
<input type="submit" name="submitLogOut" value="Log Out">
</form>
<?php
} else {
?>
<form action="<?php
echo $_SERVER['PHP_SELF'];
} else {
$cmd = $_GET['cmd'];
}
$sql = "select id,name,video from {$tbl_columns} where id = " . intval($_GET['catalog_id']);
$column = $db->GetRow($sql);
if ($cmd == "article_add") {
if (isset($_POST['step'])) {
$step = $_POST['step'];
} else {
$step = "1";
}
if ($step == "1") {
$object_id = GetSeq();
$article['catalog'] = intval($_GET['catalog_id']);
$article['id'] = intval($object_id);
$article['editor'] = GetUserName();
$smarty->assign("data", $article);
$smarty->assign("catalog", $column);
$smarty->assign("flow_basedir", $cfg['flow_basedir']);
$smarty->assign("cmd", "article_add");
$smarty->display("article_edit.html");
} else {
if ($step == "2") {
if (!isset($_POST['heading']) || strlen(trim($_POST['heading'])) == 0) {
alert("必须有文章标题");
exit;
}
$sql = "select * from {$tbl_article} where 0";
if ($_POST['id'] == 0) {
$_POST['id'] = NULL;
}
if (!empty($_POST["Quantity"])) {
$Quantity = SQLClean($_POST["Quantity"]);
}
if (!empty($_POST["Description"])) {
$Description = SQLClean($_POST["Description"]);
}
if (!empty($_POST["Prereq"])) {
$Prereq = SQLClean($_POST["Prereq"]);
}
if (!empty($_POST["UnitPrice"])) {
$UnitPrice = SQLClean($_POST["UnitPrice"]);
}
if (!empty($_POST["FilePath"])) {
$FilePath = SQLClean($_POST["FilePath"]);
}
$Requestor = GetUserName();
// Check for duplicate name
$sql = 'SELECT WorkOrderName FROM WorkOrders WHERE WorkOrderName ="' . $WorkOrderName . '"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows > 0) {
$error_msg = 'Unable to add new Work Order. Duplicate Work Order Name. (' . $WorkOrderName . ')';
log_msg($loc, $msg);
goto GenerateHtml;
}
// Build the sql to add workorder
$sql = 'INSERT INTO WorkOrders (WorkOrderName, DateNeeded, Priority, DayEstimate, Revision, Requestor, ' . 'Project, RequestingIPTGroup, ReceivingIPTGroup,RequestingIPTLeadApproval, AssignedIPTLeadApproval, ProjectOfficeApproval, DateRequested) ';
$sql .= ' VALUES(';
$sql .= ' "' . $WorkOrderName . '"';
$sql .= ', "' . $DateNeeded . '"';
$sql .= ', "' . $Priority . '"';
$sql .= ', "' . $DayEstimate . '"';
}
if ($PermissionInfo['CanViewForum'][$ForumID] == "yes" && $CatPermissionInfo['CanViewCategory'][$CategoryID] == "yes" && $TopicStat >= 0 && $TopicStat < 3 || $PermissionInfo['CanViewForum'][$ForumID] == "yes" && $CatPermissionInfo['CanViewCategory'][$CategoryID] == "yes" && $PermissionInfo['CanModForum'][$ForumID] == "yes" && $TopicStat == 3) {
$LastReply = " <br /> ";
$glrquery = sql_pre_query("SELECT * FROM \"" . $Settings['sqltable'] . "posts\" WHERE \"TopicID\"=%i ORDER BY \"TimeStamp\" DESC LIMIT 1", array($TopicID));
$glrresult = sql_query($glrquery, $SQLStat);
$glrnum = sql_num_rows($glrresult);
if ($glrnum > 0) {
$ReplyID1 = sql_result($glrresult, 0, "id");
$UsersID1 = sql_result($glrresult, 0, "UserID");
$GuestsName1 = sql_result($glrresult, 0, "GuestName");
$TimeStamp1 = sql_result($glrresult, 0, "TimeStamp");
$TimeStamp1 = GMTimeChange($_SESSION['iDBDateFormat'] . ", " . $_SESSION['iDBTimeFormat'], $TimeStamp1, $_SESSION['UserTimeZone'], 0, $_SESSION['UserDST']);
$PreUsersName1 = GetUserName($UsersID1, $Settings['sqltable'], $SQLStat);
if ($PreUsersName1['Name'] === null) {
$UsersID1 = -1;
$PreUsersName1 = GetUserName($UsersID1, $Settings['sqltable'], $SQLStat);
}
$UsersName1 = $PreUsersName1['Name'];
$UsersHidden1 = $PreUsersName1['Hidden'];
}
$NumPages = null;
$NumRPosts = $NumReply + 1;
if (!isset($Settings['max_posts'])) {
$Settings['max_posts'] = 10;
}
if ($NumRPosts > $Settings['max_posts']) {
$NumPages = ceil($NumRPosts / $Settings['max_posts']);
}
if ($NumRPosts <= $Settings['max_posts']) {
$NumPages = 1;
}
function UpdateUser($param_list, $userid = 0)
{
global $config;
$loc = "userlib.php->UpdateUser";
$pwchanged = false;
$fields = array(array("LastName", "str"), array("FirstName", "str"), array("PasswordHash", "str"), array("NickName", "str"), array("Title", "str"), array("BadgeID", "str"), array("Email", "str"), array("Tags", "str"), array("Active", "bool"));
if ($userid != 0) {
$sql = "SELECT * FROM Users WHERE UserID=" . intval($userid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
$error_msg = "Unable to update user. UserID=" . intval($userid) . " not found.";
log_msg($loc, $error_msg);
return $error_msg;
}
} else {
if (!IsFieldInParamList("UserName", $param_list)) {
$error_msg = 'Unable to update user. No UserName or UserID Given.';
log_msg($loc, $error_msg);
return $error_msg;
}
$username = GetValueFromParamList($param_list, "UserName");
$sql = 'SELECT * FROM Users WHERE UserName="******"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
$error_msg = 'Unable to update user. UserName="******" not found.';
log_msg($loc, $error_msg);
return $error_msg;
}
$row = $result->fetch_assoc();
$userid = intval($row["UserID"]);
}
// If the BadgeID is being changed we need to make sure its not a duplicate.
if (IsFieldInParamList("BadgeID", $param_list)) {
$badgeid = GetValueFromParamList($param_list, "BadgeID");
if (!blank($badgeid)) {
if (!VerifyBadgeFormat($badgeid)) {
$error_msg = 'Unable to update user. Bad Format for BadgeID. Must be in form of "A000".';
log_msg($loc, $error_msg);
return $error_msg;
}
$sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"';
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
if ($row["UserID"] != $userid) {
$error_msg = 'Unable to update user. BadgeID ' . $badgeid . ' already in use.';
log_msg($loc, $error_msg);
return $error_msg;
}
}
}
}
// At this point, move all values into a seperate array, but treat password special.
$data = array();
$c = 0;
foreach ($param_list as $param_spec) {
if (!isset($param_spec["FieldName"])) {
continue;
}
if (!isset($param_spec["Value"])) {
continue;
}
if ($param_spec["FieldName"] == "Password") {
$pw = $param_spec["Value"];
if (empty($pw)) {
continue;
}
$v = crypt($pw, $config["Salt"]);
$pwchanged = true;
$fn = "PasswordHash";
$data[$fn] = $v;
$c++;
continue;
}
$fn = $param_spec["FieldName"];
$v = $param_spec["Value"];
$data[$fn] = $v;
$c++;
}
if ($c <= 0) {
$error_msg = "Unable to update user. UserID=" . intval($userid) . ". Nothing to update.";
log_msg($loc, $error_msg);
return $error_msg;
}
// At this point, we have a userid that we can count on, and the data.
$sql = 'UPDATE Users SET ';
$sql .= GenerateSqlSet($data, $fields);
$sql .= " WHERE UserID=" . intval($userid);
SqlQuery($loc, $sql);
$msg = 'Info for User ' . $userid . ' updated by ' . GetUserName() . '. ';
if ($pwchanged) {
$msg .= '(Including a password change.)';
}
log_msg($loc, $msg);
return true;
}