function CreateNewUser($params) { global $config; $loc = "userlib.php->CreateNewUser"; // Check inputs if (!isset($params["LastName"]) || !isset($params["FirstName"]) || !isset($params["UserName"]) || !isset($params["Password"])) { DieWithMsg($loc, "Required input keys not found."); } if (empty($params["LastName"])) { return "Last name cannot be empty."; } if (empty($params["FirstName"])) { return "First name cannot be empty."; } if (empty($params["UserName"])) { return "Username cannot be empty."; } if (empty($params["Password"])) { return "Password cannot be empty."; } $username = SqlClean($params["UserName"]); $lastname = SqlClean($params["LastName"]); $firstname = SqlClean($params["FirstName"]); $nickname = ""; $title = ""; $badgeid = ""; $email = ""; $tags = ""; $active = false; if (isset($params["NickName"])) { $nickname = SQLClean($params["NickName"]); } if (isset($params["Title"])) { $title = SQLClean($params["Title"]); } if (isset($params["BadgeID"])) { $badgeid = SQLClean($params["BadgeID"]); } if (isset($params["Email"])) { $email = SQLClean($params["Email"]); } if (isset($params["Tags"])) { $tags = SQLClean($params["Tags"]); } if (isset($params["Active"])) { $active = $params["Active"]; } // Check for duplicate username. $sql = 'SELECT UserID FROM Users WHERE UserName="******"'; $result = SqlQuery($loc, $sql); if ($result->num_rows > 0) { $msg = 'Unable to add new user. Duplicate username. (' . $username . ')'; log_msg($loc, $msg); return $msg; } // Check for duplicate first/last name $sql = 'SELECT UserID FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"'; $result = SqlQuery($loc, $sql); if ($result->num_rows > 0) { $msg = 'Unable to add new user. Duplicate first/last name. (' . $lastname . ', ' . $firstname . ')'; log_msg($loc, $msg); return $msg; } // Check for invalid BadgeID. if (!VerifyBadgeFormat($badgeid)) { $msg = 'Bad Badge Format. Must be in form of "A000".'; log_msg($loc, $msg); return $msg; } if (!blank($badgeid)) { // Check for duplicate BadgeID $sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"'; $result = SqlQuery($loc, $sql); if ($result->num_rows > 0) { $msg = 'Unable to add new user. Duplicate BadgeID. (' . $badgeid . ').'; log_msg($loc, $msg); return $msg; } } // Build the sql to add user. $pwhash = crypt($params["Password"], $config["Salt"]); $sql = 'INSERT INTO Users (UserName, PasswordHash, LastName, FirstName, NickName, ' . 'Title, BadgeID, Email, Tags, Active) '; $sql .= ' VALUES('; $sql .= ' "' . $username . '"'; $sql .= ', "' . $pwhash . '"'; $sql .= ', "' . $lastname . '"'; $sql .= ', "' . $firstname . '"'; $sql .= ', "' . $nickname . '"'; $sql .= ', "' . $title . '"'; $sql .= ', "' . $badgeid . '"'; $sql .= ', "' . $email . '"'; $sql .= ', "' . $tags . '"'; $sql .= ', ' . TFstr($active); $sql .= ')'; $result = SqlQuery($loc, $sql); log_msg($loc, array("New User added! Username="******"Full name= " . $lastname . ', ' . $firstname, "tags=" . $tags . ", Active=" . TFstr($active))); return true; }
function GenerateSqlInsert($data, $fields) { $loc = "database.php->GenerateSqlInsert"; // First make an array that is an intersection of the two inputs. $final = array(); foreach ($fields as $f) { $fn = $f[0]; // Field name $ft = $f[1]; // Field type if (!isset($data[$fn])) { continue; } if (is_null($data[$fn])) { continue; } $v = $data[$fn]; $final[] = array("FieldName" => $fn, "FieldType" => $ft, "Value" => $v); } if (count($final) <= 0) { return false; } // First, list the columns... $sql = ' ('; $c = 0; foreach ($final as $f) { if ($c != 0) { $sql .= ', '; } $sql .= $f["FieldName"]; $c++; } $sql .= ') VALUES ('; $c = 0; foreach ($final as $f) { if ($c != 0) { $sql .= ', '; } if ($f["FieldType"] == 'int') { $sql .= intval($f["Value"]); } else { if ($f["FieldType"] == 'str') { $sql .= '"' . SqlClean($f["Value"]) . '"'; } else { if ($f["FieldType"] == 'bool') { $sql .= TFstr($f["Value"]); } else { DieWithMsg($loc, "Bad Sql type: " . $f["FieldType"] . " for field " . $f["FieldName"] . '.'); } } } $c++; } $sql .= ') '; return $sql; }
$result = SqlQuery($loc, $sql); if ($result->num_rows <= 0) { $pagetext = "No Users Exist!! (How can that be?)"; goto GenerateHtml; } $tableheader = array("ID", "", "Username", "Last Name", "First Name", "IPT", "Active", "Tags"); $tabledata = array(); while ($row = $result->fetch_assoc()) { $r = array(); $r[] = $row["UserID"]; $r[] = ""; $r[] = '<a href="admin_edituser.php?UserID=' . $row["UserID"] . '">' . $row["UserName"] . '</a>'; $r[] = $row["LastName"]; $r[] = $row["FirstName"]; $r[] = $row["IPT"]; $r[] = TFstr($row["Active"]); $r[] = $row["Tags"]; $tabledata[] = $r; } GenerateHtml: $stylesheet = array("../css/global.css", "../css/nav.css", "../css/admin_listusers.css"); include 'forms/header.php'; include 'forms/nav_form.php'; include 'forms/admin_menubar.php'; include 'forms/admin_listusers_form.php'; include 'forms/footer.php'; /* echo '<div class="content_area">' . "\n"; echo '<h2 class="page_title">User Accounts</h2>'; $sql = 'SELECT UserID, UserName, LastName, FirstName, NickName, Title, Email, Tags, IPT, Active FROM Users ORDER BY LastName, FirstName';
function ChangeWOStatus($wid, $username, $statusField, $state) { $loc = rmabs(__FILE__ . "ChangeWOStatus"); DenyGuest(); // Don't allow Guests to do this... $sql = 'UPDATE WorkOrders SET ' . $statusField . ' = ' . TFstr($state) . ' WHERE WID=' . intval($wid); SqlQuery($loc, $sql); $msg = 'Status "' . $statusField . '" changed to ' . TFstr($state) . ' by ' . $username . '.'; AttachSystemNote($wid, $msg); }
function CreateNewUser($params) { global $config; $loc = "userlib.php->CreateNewUser"; DenyGuest(); // Don't allow Guests to do this... if (empty($params["LastName"])) { return "Last name cannot be empty."; } if (empty($params["FirstName"])) { return "First name cannot be empty."; } if (empty($params["UserName"])) { return "Username cannot be empty."; } if (empty($params["PasswordHash"])) { if (empty($params["Password"])) { return "Password cannot be empty."; } } $username = SqlClean($params["UserName"]); $lastname = SqlClean($params["LastName"]); $firstname = SqlClean($params["FirstName"]); $nickname = ""; $title = ""; $email = ""; $tags = ""; $ipt = ""; $active = false; if (isset($params["NickName"])) { $nickname = SQLClean($params["NickName"]); } if (isset($params["Title"])) { $title = SQLClean($params["Title"]); } if (isset($params["Email"])) { $email = SQLClean($params["Email"]); } if (isset($params["Tags"])) { $tags = SQLClean($params["Tags"]); } if (isset($params["IPT"])) { $ipt = SqlClean($params["IPT"]); } if (isset($params["Active"])) { $active = $params["Active"]; } // Check for duplicate username. $sql = 'SELECT UserID FROM Users WHERE UserName="******"'; $result = SqlQuery($loc, $sql); if ($result->num_rows > 0) { $msg = 'Unable to add new user. Duplicate username. (' . $username . ')'; log_msg($loc, $msg); return $msg; } // Check for duplicate first/last name $sql = 'SELECT UserID FROM Users WHERE LastName="' . $lastname . '" AND FirstName="' . $firstname . '"'; $result = SqlQuery($loc, $sql); if ($result->num_rows > 0) { $msg = 'Unable to add new user. Duplicate first/last name. (' . $lastname . ', ' . $firstname . ')'; log_msg($loc, $msg); return $msg; } // Build the sql to add user. $pwhash = ""; if (!empty($params["PasswordHash"])) { $pwhash = $params["PasswordHash"]; } else { $pwhash = crypt($params["Password"], $config["Salt"]); } $sql = 'INSERT INTO Users (UserName, PasswordHash, LastName, FirstName, NickName, ' . 'Title, Email, Tags, IPT, Active) '; $sql .= ' VALUES('; $sql .= ' "' . $username . '"'; $sql .= ', "' . $pwhash . '"'; $sql .= ', "' . $lastname . '"'; $sql .= ', "' . $firstname . '"'; $sql .= ', "' . $nickname . '"'; $sql .= ', "' . $title . '"'; $sql .= ', "' . $email . '"'; $sql .= ', "' . $tags . '"'; $sql .= ', "' . $ipt . '"'; $sql .= ', ' . TFstr($active); $sql .= ')'; $result = SqlQuery($loc, $sql); log_msg($loc, array("New User added! Username="******"Full name= " . $lastname . ', ' . $firstname, "tags=" . $tags . ", Active=" . TFstr($active))); return true; }
// output data of each row echo "<br>\n"; echo '<table class="admin_userlist">' . "\n<tr>\n"; echo "<th align=right width=20><u>ID</u></th>"; echo "<th width=10> </th>"; echo "<th align=left width=100><u>Username</u></th>"; echo "<th align=left width=140><u>Last Name</u></th>"; echo "<th align=left width=140><u>First Name</u></th>"; echo "<th align=left width=150><u>Title</u></th>"; echo "<th align=left width=60><u>BadgeID</u></th>"; echo "<th align=left width=100><u>Active</u></th>"; echo "<th align=left width=100><u>Tags</u></th></tr>\n"; while ($row = $result->fetch_assoc()) { echo "\n<tr>"; echo '<th align=right>' . $row["UserID"] . "</th>"; echo '<th> </th>'; echo '<th align=left> <a href="admin_edituser.php?UserID=' . $row["UserID"] . '">' . $row["UserName"] . '</a></th>'; echo '<th align=left>' . $row["LastName"] . '</th>'; echo '<th align=left>' . $row["FirstName"] . '</th>'; echo '<th align=left>' . $row["Title"] . '</th>'; echo '<th align=left>' . $row["BadgeID"] . '</th>'; echo '<th align=left>' . TFstr($row["Active"]) . '</th>'; echo '<th align=left>' . $row["Tags"] . '</th>'; echo "</tr>\n"; } echo "</table>\n"; } else { echo "No Users Exist!! (How can that be?)"; } echo '</div>' . "\n"; include 'forms/footer.php';
// -------------------------------------------------------------------- require_once "../maindef.php"; $loc = rmabs(__FILE__); session_start(); log_page(); $timer = new Timer(); include "forms/header.php"; include "forms/nav_form.php"; $d = array(); $d["IsOne"] = 1; $d["IsZero"] = 0; $d["Active"] = true; $d["NotAct"] = false; echo 'isset IsOne=' . TFstr(isset($d["IsOne"])) . '<br>'; echo 'isset IsZero=' . TFstr(isset($d["IsZero"])) . '<br>'; echo 'isset IsNone=' . TFstr(isset($d["IsNone"])) . '<br>'; echo '$d["IsOne"] =' . $d["IsOne"] . '<br>'; echo '$d["IsZero"] =' . $d["IsZero"] . '<br>'; echo '$d["Active"]=true =' . $d["Active"] . '<br>'; echo '$d["NotAct"]=false =' . $d["NotAct"] . '<br>'; echo 'intval($d["NotAct"] =' . intval($d["NotAct"]) . '<br>'; $mysqlnd = function_exists('mysqli_fetch_all'); if ($mysqlnd) { echo 'mysqlnd enabled!'; } else { echo 'nysqlnd not enabled.'; } include "forms/footer.php"; //include "forms/header.php"; //include "forms/nav_form.php"; //