$options->set_user(); $actionMsg = $lang['MSG_PREF_CHANGED']; break; case "ro": $options->reset_user(); $options->set_user(); $actionMsg = $lang['MSG_PREF_RESET']; break; // CHANGE PASSWORD (all users) // CHANGE PASSWORD (all users) case "changepass": // Check to see if password and confirmation matches if ($_POST['passwordNew'] == $_POST['passwordNewRetype']) { // SQL query checks to make sure username and old password is corrrect. $sql = "UPDATE " . TABLE_USERS . " SET password=MD5('" . $_POST['passwordNew'] . "') WHERE username='******'username'] . "' AND password=MD5('" . $_POST['passwordOld'] . "') LIMIT 1"; $updatePassword = mysql_query($sql, $db_link) or die(ReportSQLError($sql)); if (mysql_affected_rows() < 1) { $actionMsg = $lang['ERR_USER_PASSWORD_WRONG']; } else { $actionMsg = $lang['ERR_USER_PASSWORD_CHANGED']; } } else { $actionMsg = $lang['ERR_USER_PASSWORD_SHORT']; } break; // CHANGE EMAIL (all users) // CHANGE EMAIL (all users) case "changeemail": $username = $_SESSION['username']; $new_email = $_POST['emailNew']; if (validate_email($new_email)) {
* Displays other phone numbers. Can generate a useful list * of cell phone numbers. A hastily-coded feature for personal * use; may not be included in future versions, or will be * integrated in a more streamlined manner. * *************************************************************/ // ** GET CONFIGURATION DATA ** require_once 'constants.inc'; require_once FILE_FUNCTIONS; // ** OPEN CONNECTION TO THE DATABASE ** $db_link = openDatabase($db_hostname, $db_username, $db_password, $db_name); // ** CHECK FOR LOGIN ** checkForLogin("admin", "user"); // ** RETRIEVE INFORMATION ** $sql = "SELECT DISTINCT contact.id, otherphone.id, CONCAT(lastname,', ',firstname) AS fullname\n FROM " . TABLE_CONTACT . " as contact, " . TABLE_OTHERPHONE . " as otherphone\n WHERE contact.id=otherphone.id\n ORDER BY fullname"; $r_contact = mysql_query($sql, $db_link) or exit(ReportSQLError()); ?> <HTML> <HEAD> <TITLE>Address Book - Other Phone Numbers</TITLE> <LINK REL="stylesheet" HREF="styles.css" TYPE="text/css"> </HEAD> <BODY> <P> <CENTER> <TABLE BORDER=0 CELLPADDING=0 CELLSPACING=0 WIDTH=570> <TR><TD CLASS="headTitle"><B>Secondary Phone Information</B></TD></TR>
function doQuery($sql, $db_link) { mysql_query($sql, $db_link) or die(ReportSQLError($sql)); }
switch ($_GET['mode']) { // **LOGOUT ** case "logout": session_destroy(); require_once 'languages/' . $options->language . '.php'; // PRINT MESSAGE $errorMsg = $lang[MSG_LOGGED_OUT]; header("location: index.php"); //required to force site language to override user language at sign in screen break; // ** AUTHENTICATE A USER // ** AUTHENTICATE A USER case "auth": // LOOK FOR USERNAME AND PASSWORD IN THE DATABASE. $usersql = "SELECT username, usertype, nature, batch, department, designation, password, is_confirmed FROM " . TABLE_USERS . " AS users WHERE username='******'username'] . "' AND password=MD5('" . $_POST['password'] . "') LIMIT 1"; $r_getUser = mysql_query($usersql, $db_link) or die(ReportSQLError($usersql)); $numrows = mysql_num_rows($r_getUser); $t_getUser = mysql_fetch_array($r_getUser); // THE USERNAME IS FOUND AND ACCOUNT IS CONFIRMED if ($numrows != 0 && $t_getUser['is_confirmed'] == 1) { // REGISTER SESSION VARIABLES $_SESSION['username'] = $t_getUser['username']; $_SESSION['usertype'] = $t_getUser['usertype']; $_SESSION['nature'] = $t_getUser['nature']; $_SESSION['batch'] = $t_getUser['batch']; $_SESSION['department'] = $t_getUser['department']; $_SESSION['designation'] = $t_getUser['designation']; if (!isset($_SESSION['abspath'])) { $_SESSION['abspath'] = dirname($_SERVER['SCRIPT_FILENAME']); } // REDIRECT TO LIST