public function createChecklist($newClArr)
{
$sqlInsert = "";
$sqlValues = "";
foreach ($newClArr as $k => $v) {
$sqlInsert .= ',' . $k;
if ($v) {
$sqlValues .= ',"' . $this->cleanInStr($v) . '"';
} else {
$sqlValues .= ',NULL';
}
}
$sql = "INSERT INTO fmchecklists (" . substr($sqlInsert, 1) . ") VALUES (" . substr($sqlValues, 1) . ")";
//echo $sql; exit;
$newClId = 0;
if ($this->conn->query($sql)) {
$newClId = $this->conn->insert_id;
//Set permissions to allow creater to be an editor
$this->conn->query('INSERT INTO userroles (uid, role, tablename, tablepk) VALUES(' . $GLOBALS["SYMB_UID"] . ',"ClAdmin","fmchecklists",' . $newClId . ') ');
//$this->conn->query("INSERT INTO userpermissions (uid, pname) VALUES(".$GLOBALS["symbUid"].",'ClAdmin-".$newClId."') ");
$newPManager = new ProfileManager();
$newPManager->setUserName($GLOBALS['USERNAME']);
$newPManager->authenticate();
}
return $newClId;
}
<?php
include_once '../config/symbini.php';
include_once $serverRoot . '/classes/PermissionsManager.php';
include_once $serverRoot . '/classes/ProfileManager.php';
header("Content-Type: text/html; charset=" . $charset);
$loginAs = array_key_exists("loginas", $_REQUEST) ? trim($_REQUEST["loginas"]) : "";
$searchTerm = array_key_exists("searchterm", $_REQUEST) ? trim($_REQUEST["searchterm"]) : "";
$userId = array_key_exists("userid", $_REQUEST) ? $_REQUEST["userid"] : "";
$delRole = array_key_exists("delrole", $_REQUEST) ? $_REQUEST["delrole"] : "";
$tablePk = array_key_exists("tablepk", $_REQUEST) ? $_REQUEST["tablepk"] : "";
$userManager = new PermissionsManager();
if ($isAdmin) {
if ($loginAs) {
$pHandler = new ProfileManager();
$pHandler->setUserName($loginAs);
$pHandler->authenticate();
header("Location: ../index.php");
} elseif ($delRole) {
$userManager->deletePermission($userId, $delRole, $tablePk);
} elseif (array_key_exists("apsubmit", $_POST)) {
foreach ($_POST["p"] as $pname) {
$role = $pname;
$tablePk = '';
if (strpos($pname, '-')) {
$tok = explode('-', $pname);
$role = $tok[0];
$tablePk = $tok[1];
}
$userManager->addPermission($userId, $role, $tablePk);
}
$useRecaptcha = true;
}
header("Content-Type: text/html; charset=" . $charset);
header('Cache-Control: no-cache, no-cache="set-cookie", no-store, must-revalidate');
header('Pragma: no-cache');
// HTTP 1.0.
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT");
// Date in the past
$login = array_key_exists('login', $_POST) ? $_POST['login'] : '';
$emailAddr = array_key_exists('emailaddr', $_POST) ? $_POST['emailaddr'] : '';
$action = array_key_exists("submit", $_REQUEST) ? $_REQUEST["submit"] : '';
$pHandler = new ProfileManager();
$displayStr = '';
//Sanitation
if ($login) {
if (!$pHandler->setUserName($login)) {
$login = '';
$displayStr = 'Invalid login name';
}
}
if ($emailAddr) {
if (!$pHandler->validateEmailAddress($emailAddr)) {
$emailAddr = '';
$displayStr = 'Invalid login name';
}
}
if ($action && !preg_match('/^[a-zA-Z0-9\\s_]+$/', $action)) {
$action = '';
}
if ($action == "Create Login") {
$okToCreateLogin = true;
public function createChecklist($postArr)
{
$sqlInsert = "";
$sqlValues = "";
$fieldArr = array('name' => 's', 'authors' => 's', 'type' => 's', 'locality' => 's', 'publication' => 's', 'abstract' => 's', 'notes' => 's', 'latcentroid' => 'n', 'longcentroid' => 'n', 'pointradiusmeters' => 'n', 'footprintWKT' => 's', 'parentclid' => 'n', 'access' => 's', 'uid' => 'n');
foreach ($fieldArr as $fieldName => $fieldType) {
$sqlInsert .= ',' . $fieldName;
$v = $this->cleanInStr($postArr[$fieldName]);
if ($fieldName != 'abstract') {
$v = strip_tags($v, '<i><u><b><a>');
}
if ($v) {
if ($fieldType == 's') {
$sqlValues .= ',"' . $v . '"';
} else {
if (is_numeric($v)) {
$sqlValues .= ',' . $v;
} else {
$sqlValues .= ',NULL';
}
}
} else {
$sqlValues .= ',NULL';
}
}
$sql = "INSERT INTO fmchecklists (" . substr($sqlInsert, 1) . ") VALUES (" . substr($sqlValues, 1) . ")";
$newClId = 0;
if ($this->conn->query($sql)) {
$newClId = $this->conn->insert_id;
//Set permissions to allow creater to be an editor
$this->conn->query('INSERT INTO userroles (uid, role, tablename, tablepk) VALUES(' . $GLOBALS["SYMB_UID"] . ',"ClAdmin","fmchecklists",' . $newClId . ') ');
//$this->conn->query("INSERT INTO userpermissions (uid, pname) VALUES(".$GLOBALS["symbUid"].",'ClAdmin-".$newClId."') ");
$newPManager = new ProfileManager();
$newPManager->setUserName($GLOBALS['USERNAME']);
$newPManager->authenticate();
}
return $newClId;
}
