Exemplo n.º 1
0
function CreateNewUser($params)
{
    global $config;
    $loc = "userlib.php->CreateNewUser";
    // Check inputs
    if (!isset($params["LastName"]) || !isset($params["FirstName"]) || !isset($params["UserName"]) || !isset($params["Password"])) {
        DieWithMsg($loc, "Required input keys not found.");
    }
    if (empty($params["LastName"])) {
        return "Last name cannot be empty.";
    }
    if (empty($params["FirstName"])) {
        return "First name cannot be empty.";
    }
    if (empty($params["UserName"])) {
        return "Username cannot be empty.";
    }
    if (empty($params["Password"])) {
        return "Password cannot be empty.";
    }
    $username = SqlClean($params["UserName"]);
    $lastname = SqlClean($params["LastName"]);
    $firstname = SqlClean($params["FirstName"]);
    $nickname = "";
    $title = "";
    $badgeid = "";
    $email = "";
    $tags = "";
    $active = false;
    if (isset($params["NickName"])) {
        $nickname = SQLClean($params["NickName"]);
    }
    if (isset($params["Title"])) {
        $title = SQLClean($params["Title"]);
    }
    if (isset($params["BadgeID"])) {
        $badgeid = SQLClean($params["BadgeID"]);
    }
    if (isset($params["Email"])) {
        $email = SQLClean($params["Email"]);
    }
    if (isset($params["Tags"])) {
        $tags = SQLClean($params["Tags"]);
    }
    if (isset($params["Active"])) {
        $active = $params["Active"];
    }
    // Check for duplicate username.
    $sql = 'SELECT UserID FROM Users WHERE UserName="******"';
    $result = SqlQuery($loc, $sql);
    if ($result->num_rows > 0) {
        $msg = 'Unable to add new user. Duplicate username. (' . $username . ')';
        log_msg($loc, $msg);
        return $msg;
    }
    // Check for duplicate first/last name
    $sql = 'SELECT UserID FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"';
    $result = SqlQuery($loc, $sql);
    if ($result->num_rows > 0) {
        $msg = 'Unable to add new user. Duplicate first/last name. (' . $lastname . ', ' . $firstname . ')';
        log_msg($loc, $msg);
        return $msg;
    }
    // Check for invalid BadgeID.
    if (!VerifyBadgeFormat($badgeid)) {
        $msg = 'Bad Badge Format.  Must be in form of "A000".';
        log_msg($loc, $msg);
        return $msg;
    }
    if (!blank($badgeid)) {
        // Check for duplicate BadgeID
        $sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"';
        $result = SqlQuery($loc, $sql);
        if ($result->num_rows > 0) {
            $msg = 'Unable to add new user. Duplicate BadgeID. (' . $badgeid . ').';
            log_msg($loc, $msg);
            return $msg;
        }
    }
    // Build the sql to add user.
    $pwhash = crypt($params["Password"], $config["Salt"]);
    $sql = 'INSERT INTO Users (UserName, PasswordHash, LastName, FirstName, NickName, ' . 'Title, BadgeID, Email, Tags, Active) ';
    $sql .= ' VALUES(';
    $sql .= '  "' . $username . '"';
    $sql .= ', "' . $pwhash . '"';
    $sql .= ', "' . $lastname . '"';
    $sql .= ', "' . $firstname . '"';
    $sql .= ', "' . $nickname . '"';
    $sql .= ', "' . $title . '"';
    $sql .= ', "' . $badgeid . '"';
    $sql .= ', "' . $email . '"';
    $sql .= ', "' . $tags . '"';
    $sql .= ', ' . TFstr($active);
    $sql .= ')';
    $result = SqlQuery($loc, $sql);
    log_msg($loc, array("New User added!  Username="******"Full name= " . $lastname . ', ' . $firstname, "tags=" . $tags . ", Active=" . TFstr($active)));
    return true;
}
Exemplo n.º 2
0
function GenerateSqlInsert($data, $fields)
{
    $loc = "database.php->GenerateSqlInsert";
    // First make an array that is an intersection of the two inputs.
    $final = array();
    foreach ($fields as $f) {
        $fn = $f[0];
        // Field name
        $ft = $f[1];
        // Field type
        if (!isset($data[$fn])) {
            continue;
        }
        if (is_null($data[$fn])) {
            continue;
        }
        $v = $data[$fn];
        $final[] = array("FieldName" => $fn, "FieldType" => $ft, "Value" => $v);
    }
    if (count($final) <= 0) {
        return false;
    }
    // First, list the columns...
    $sql = ' (';
    $c = 0;
    foreach ($final as $f) {
        if ($c != 0) {
            $sql .= ', ';
        }
        $sql .= $f["FieldName"];
        $c++;
    }
    $sql .= ') VALUES (';
    $c = 0;
    foreach ($final as $f) {
        if ($c != 0) {
            $sql .= ', ';
        }
        if ($f["FieldType"] == 'int') {
            $sql .= intval($f["Value"]);
        } else {
            if ($f["FieldType"] == 'str') {
                $sql .= '"' . SqlClean($f["Value"]) . '"';
            } else {
                if ($f["FieldType"] == 'bool') {
                    $sql .= TFstr($f["Value"]);
                } else {
                    DieWithMsg($loc, "Bad Sql type: " . $f["FieldType"] . " for field " . $f["FieldName"] . '.');
                }
            }
        }
        $c++;
    }
    $sql .= ') ';
    return $sql;
}
Exemplo n.º 3
0
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
    $pagetext = "No Users Exist!!  (How can that be?)";
    goto GenerateHtml;
}
$tableheader = array("ID", "", "Username", "Last Name", "First Name", "IPT", "Active", "Tags");
$tabledata = array();
while ($row = $result->fetch_assoc()) {
    $r = array();
    $r[] = $row["UserID"];
    $r[] = "";
    $r[] = '<a href="admin_edituser.php?UserID=' . $row["UserID"] . '">' . $row["UserName"] . '</a>';
    $r[] = $row["LastName"];
    $r[] = $row["FirstName"];
    $r[] = $row["IPT"];
    $r[] = TFstr($row["Active"]);
    $r[] = $row["Tags"];
    $tabledata[] = $r;
}
GenerateHtml:
$stylesheet = array("../css/global.css", "../css/nav.css", "../css/admin_listusers.css");
include 'forms/header.php';
include 'forms/nav_form.php';
include 'forms/admin_menubar.php';
include 'forms/admin_listusers_form.php';
include 'forms/footer.php';
/*
echo '<div class="content_area">' . "\n";
echo '<h2 class="page_title">User Accounts</h2>';

$sql = 'SELECT UserID, UserName, LastName, FirstName, NickName, Title, Email, Tags, IPT, Active FROM Users ORDER BY LastName, FirstName';
Exemplo n.º 4
0
function ChangeWOStatus($wid, $username, $statusField, $state)
{
    $loc = rmabs(__FILE__ . "ChangeWOStatus");
    DenyGuest();
    // Don't allow Guests to do this...
    $sql = 'UPDATE WorkOrders SET ' . $statusField . ' = ' . TFstr($state) . ' WHERE WID=' . intval($wid);
    SqlQuery($loc, $sql);
    $msg = 'Status "' . $statusField . '" changed to ' . TFstr($state) . ' by ' . $username . '.';
    AttachSystemNote($wid, $msg);
}
Exemplo n.º 5
0
function CreateNewUser($params)
{
    global $config;
    $loc = "userlib.php->CreateNewUser";
    DenyGuest();
    // Don't allow Guests to do this...
    if (empty($params["LastName"])) {
        return "Last name cannot be empty.";
    }
    if (empty($params["FirstName"])) {
        return "First name cannot be empty.";
    }
    if (empty($params["UserName"])) {
        return "Username cannot be empty.";
    }
    if (empty($params["PasswordHash"])) {
        if (empty($params["Password"])) {
            return "Password cannot be empty.";
        }
    }
    $username = SqlClean($params["UserName"]);
    $lastname = SqlClean($params["LastName"]);
    $firstname = SqlClean($params["FirstName"]);
    $nickname = "";
    $title = "";
    $email = "";
    $tags = "";
    $ipt = "";
    $active = false;
    if (isset($params["NickName"])) {
        $nickname = SQLClean($params["NickName"]);
    }
    if (isset($params["Title"])) {
        $title = SQLClean($params["Title"]);
    }
    if (isset($params["Email"])) {
        $email = SQLClean($params["Email"]);
    }
    if (isset($params["Tags"])) {
        $tags = SQLClean($params["Tags"]);
    }
    if (isset($params["IPT"])) {
        $ipt = SqlClean($params["IPT"]);
    }
    if (isset($params["Active"])) {
        $active = $params["Active"];
    }
    // Check for duplicate username.
    $sql = 'SELECT UserID FROM Users WHERE UserName="******"';
    $result = SqlQuery($loc, $sql);
    if ($result->num_rows > 0) {
        $msg = 'Unable to add new user. Duplicate username. (' . $username . ')';
        log_msg($loc, $msg);
        return $msg;
    }
    // Check for duplicate first/last name
    $sql = 'SELECT UserID FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"';
    $result = SqlQuery($loc, $sql);
    if ($result->num_rows > 0) {
        $msg = 'Unable to add new user. Duplicate first/last name. (' . $lastname . ', ' . $firstname . ')';
        log_msg($loc, $msg);
        return $msg;
    }
    // Build the sql to add user.
    $pwhash = "";
    if (!empty($params["PasswordHash"])) {
        $pwhash = $params["PasswordHash"];
    } else {
        $pwhash = crypt($params["Password"], $config["Salt"]);
    }
    $sql = 'INSERT INTO Users (UserName, PasswordHash, LastName, FirstName, NickName, ' . 'Title, Email, Tags, IPT, Active) ';
    $sql .= ' VALUES(';
    $sql .= '  "' . $username . '"';
    $sql .= ', "' . $pwhash . '"';
    $sql .= ', "' . $lastname . '"';
    $sql .= ', "' . $firstname . '"';
    $sql .= ', "' . $nickname . '"';
    $sql .= ', "' . $title . '"';
    $sql .= ', "' . $email . '"';
    $sql .= ', "' . $tags . '"';
    $sql .= ', "' . $ipt . '"';
    $sql .= ', ' . TFstr($active);
    $sql .= ')';
    $result = SqlQuery($loc, $sql);
    log_msg($loc, array("New User added!  Username="******"Full name= " . $lastname . ', ' . $firstname, "tags=" . $tags . ", Active=" . TFstr($active)));
    return true;
}
Exemplo n.º 6
0
    // output data of each row
    echo "<br>\n";
    echo '<table class="admin_userlist">' . "\n<tr>\n";
    echo "<th align=right width=20><u>ID</u></th>";
    echo "<th width=10> </th>";
    echo "<th align=left width=100><u>Username</u></th>";
    echo "<th align=left width=140><u>Last Name</u></th>";
    echo "<th align=left width=140><u>First Name</u></th>";
    echo "<th align=left width=150><u>Title</u></th>";
    echo "<th align=left width=60><u>BadgeID</u></th>";
    echo "<th align=left width=100><u>Active</u></th>";
    echo "<th align=left width=100><u>Tags</u></th></tr>\n";
    while ($row = $result->fetch_assoc()) {
        echo "\n<tr>";
        echo '<th align=right>' . $row["UserID"] . "</th>";
        echo '<th> </th>';
        echo '<th align=left> <a href="admin_edituser.php?UserID=' . $row["UserID"] . '">' . $row["UserName"] . '</a></th>';
        echo '<th align=left>' . $row["LastName"] . '</th>';
        echo '<th align=left>' . $row["FirstName"] . '</th>';
        echo '<th align=left>' . $row["Title"] . '</th>';
        echo '<th align=left>' . $row["BadgeID"] . '</th>';
        echo '<th align=left>' . TFstr($row["Active"]) . '</th>';
        echo '<th align=left>' . $row["Tags"] . '</th>';
        echo "</tr>\n";
    }
    echo "</table>\n";
} else {
    echo "No Users Exist!!  (How can that be?)";
}
echo '</div>' . "\n";
include 'forms/footer.php';
Exemplo n.º 7
0
// --------------------------------------------------------------------
require_once "../maindef.php";
$loc = rmabs(__FILE__);
session_start();
log_page();
$timer = new Timer();
include "forms/header.php";
include "forms/nav_form.php";
$d = array();
$d["IsOne"] = 1;
$d["IsZero"] = 0;
$d["Active"] = true;
$d["NotAct"] = false;
echo 'isset IsOne=' . TFstr(isset($d["IsOne"])) . '<br>';
echo 'isset IsZero=' . TFstr(isset($d["IsZero"])) . '<br>';
echo 'isset IsNone=' . TFstr(isset($d["IsNone"])) . '<br>';
echo '$d["IsOne"] =' . $d["IsOne"] . '<br>';
echo '$d["IsZero"] =' . $d["IsZero"] . '<br>';
echo '$d["Active"]=true =' . $d["Active"] . '<br>';
echo '$d["NotAct"]=false =' . $d["NotAct"] . '<br>';
echo 'intval($d["NotAct"] =' . intval($d["NotAct"]) . '<br>';
$mysqlnd = function_exists('mysqli_fetch_all');
if ($mysqlnd) {
    echo 'mysqlnd enabled!';
} else {
    echo 'nysqlnd not enabled.';
}
include "forms/footer.php";
//include "forms/header.php";
//include "forms/nav_form.php";
//