function UpdateTeam($tn, $data)
{
DenyGuest();
// Don't allow Guests to do this...
$loc = "teamlib.php->UpdateTeam";
$fields = array(array("BestPicID", "int"), array("NickName", "str"));
$tn = intval($tn);
if ($tn < 1 || $tn > 9999) {
DieWithMsg($loc, "illegal tn value.");
}
$row = GetTeamInfo($tn);
if ($row == false) {
// This will be the first insert!
// Add the teamnumber field and data.
$fields[] = array("TeamNumber", "int");
$data["TeamNumber"] = $tn;
$sql = "INSERT INTO Teams " . GenerateSqlInsert($data, $fields);
SqlQuery($loc, $sql);
return true;
} else {
// This will be an update.
$set = GenerateSqlSet($data, $fields);
if ($set == false) {
return false;
}
$sql = "UPDATE Teams SET " . $set . " WHERE TeamNumber = " . intval($tn);
SqlQuery($loc, $sql);
return true;
}
}
function GenerateSqlSet_ParamList($param_list, $fields)
{
// Generate a data set.
$data = array();
foreach ($param_list as $param_spec) {
if (!isset($param_spec["FieldName"])) {
continue;
}
if (!isset($param_spec["Value"])) {
continue;
}
$fn = $param_spec["FieldName"];
$v = $param_spec["Value"];
$data[$fn] = $v;
}
return GenerateSqlSet($data, $fields);
}
function UpdateUser($param_list, $userid = 0)
{
global $config;
$loc = "userlib.php->UpdateUser";
$pwchanged = false;
$fields = array(array("LastName", "str"), array("FirstName", "str"), array("PasswordHash", "str"), array("NickName", "str"), array("Title", "str"), array("BadgeID", "str"), array("Email", "str"), array("Tags", "str"), array("Active", "bool"));
if ($userid != 0) {
$sql = "SELECT * FROM Users WHERE UserID=" . intval($userid);
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
$error_msg = "Unable to update user. UserID=" . intval($userid) . " not found.";
log_msg($loc, $error_msg);
return $error_msg;
}
} else {
if (!IsFieldInParamList("UserName", $param_list)) {
$error_msg = 'Unable to update user. No UserName or UserID Given.';
log_msg($loc, $error_msg);
return $error_msg;
}
$username = GetValueFromParamList($param_list, "UserName");
$sql = 'SELECT * FROM Users WHERE UserName="******"';
$result = SqlQuery($loc, $sql);
if ($result->num_rows <= 0) {
$error_msg = 'Unable to update user. UserName="******" not found.';
log_msg($loc, $error_msg);
return $error_msg;
}
$row = $result->fetch_assoc();
$userid = intval($row["UserID"]);
}
// If the BadgeID is being changed we need to make sure its not a duplicate.
if (IsFieldInParamList("BadgeID", $param_list)) {
$badgeid = GetValueFromParamList($param_list, "BadgeID");
if (!blank($badgeid)) {
if (!VerifyBadgeFormat($badgeid)) {
$error_msg = 'Unable to update user. Bad Format for BadgeID. Must be in form of "A000".';
log_msg($loc, $error_msg);
return $error_msg;
}
$sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"';
$result = SqlQuery($loc, $sql);
while ($row = $result->fetch_assoc()) {
if ($row["UserID"] != $userid) {
$error_msg = 'Unable to update user. BadgeID ' . $badgeid . ' already in use.';
log_msg($loc, $error_msg);
return $error_msg;
}
}
}
}
// At this point, move all values into a seperate array, but treat password special.
$data = array();
$c = 0;
foreach ($param_list as $param_spec) {
if (!isset($param_spec["FieldName"])) {
continue;
}
if (!isset($param_spec["Value"])) {
continue;
}
if ($param_spec["FieldName"] == "Password") {
$pw = $param_spec["Value"];
if (empty($pw)) {
continue;
}
$v = crypt($pw, $config["Salt"]);
$pwchanged = true;
$fn = "PasswordHash";
$data[$fn] = $v;
$c++;
continue;
}
$fn = $param_spec["FieldName"];
$v = $param_spec["Value"];
$data[$fn] = $v;
$c++;
}
if ($c <= 0) {
$error_msg = "Unable to update user. UserID=" . intval($userid) . ". Nothing to update.";
log_msg($loc, $error_msg);
return $error_msg;
}
// At this point, we have a userid that we can count on, and the data.
$sql = 'UPDATE Users SET ';
$sql .= GenerateSqlSet($data, $fields);
$sql .= " WHERE UserID=" . intval($userid);
SqlQuery($loc, $sql);
$msg = 'Info for User ' . $userid . ' updated by ' . GetUserName() . '. ';
if ($pwchanged) {
$msg .= '(Including a password change.)';
}
log_msg($loc, $msg);
return true;
}