$pagescript = array(); $pagestyle = array(); $sqltext = "SELECT * from staff WHERE staffid=?"; // print "<br/>$sqltext"; $q = $db->select($sqltext, array($staffid), 'i'); $r = $q[0]; $addsid = $r->addsid; $errors = array(); if (isset($_GET['go']) && $_GET['go'] == "y") { // Add to Address table $addsid = db_updateAddress($_POST, $addsid); // Update DB $staffUpdate = new Staff(); $staffUpdate->setStaffid($staffid); $staffUpdate->setFname($_POST['fname']); $staffUpdate->setSname($_POST['sname']); $staffUpdate->setJobtitle($_POST['jobtitle']); $staffUpdate->updateDB(); header("Location: /"); exit; } $pagetitle = "Edit Staff Member"; $pagescript = array(); $pagestyle = array(); if ($seclevel > 3 && $r->staffid != $staffid) { header("Location: /staff/?Oooopppsss=1"); exit; } include "tmpl/header.php"; ?>
$done = 0; $fields = array("sname", "fname", 'jobtitle'); foreach ($fields as $field) { if (!isset($_POST[$field])) { $_POST[$field] = ''; } } if (isset($_GET['go']) && $_GET['go'] == "y") { $logContent = ""; $pw = generatePassword(); // Add to Address table $addsid = db_addAddress($_POST); # Insert into DB $staffNew = new Staff(); $staffNew->setFname($_POST['fname']); $staffNew->setSname($_POST['sname']); $staffNew->setAddsid($addsid); $staffNew->setJobtitle($_POST['jobtitle']); $stfid = $staffNew->insertIntoDB(); $usr = generateStafflogon($_POST['fname'], $_POST['sname']); $staffPwd = mkPwd($pw); # Insert Pwd into DB $pwdNew = new Pwd(); $pwdNew->setUsr($usr); $pwdNew->setStaffid($stfid); $pwdNew->setPw($staffPwd); $pwdNew->insertIntoDB(); file_put_contents('/etc/athenace/pwd', "Staff\t{$stfid}\t{$usr}\t{$pw}\n", FILE_APPEND); $logresult = logEvent(15, $logContent); $done = 1; }