function start() { if (!empty($_POST)) { if (!isset($_POST['id'])) { createUser($_POST); } else { editUser($_POST); } require '../views/list.php'; return; } if (!isset($_GET['id']) && !isset($_GET['page'])) { $people = getPeople(); require '../views/list.php'; return; } if (isset($_GET['page']) && $_GET['page'] === 'add') { require '../views/add.php'; return; } if (isset($_GET['page']) && $_GET['page'] === 'edit') { if (!isset($_GET['id'])) { die('veuillez spécifier un id d\'utilisateur'); } $id = $_GET['id']; $editable = ORM::for_table('users')->find_one($id); require '../views/edit.php'; return; } $user = getUser(); require '../views/show.php'; }
function start() { if (!empty($_POST)) { if (!isset($_POST['id'])) { addUser($_POST); $fla = flash("Ajout reussie"); } else { editUser($_POST); $fla = flash("Edition reussie"); } $people = getPeople(); require '../views/list.php'; return; } if (!isset($_GET['id']) && !isset($_GET['page'])) { $people = getPeople(); return require '../views/list.php'; } if (isset($_GET['page']) && $_GET['page'] === 'add') { return require '../views/add.php'; } if (isset($_GET['page']) && $_GET['page'] === 'list') { $people = getPeople(); return require '../views/list.php'; } if (isset($_GET['page']) && $_GET['page'] === 'edit') { if (!isset($_GET['id'])) { die('Nope, ou est ID ?'); } $id = $_GET['id']; $editable = ORM::for_table('users')->find_one($id); return require '../views/edit.php'; } if (isset($_GET['id'])) { $user = getUser(); $message = getMessages($_GET['id']); require '../views/show.php'; } }
function start() { if (!empty($_POST)) { if (isset($_POST['_method']) && $_POST['_method'] === 'delete') { removeUser($_POST['id']); $flashMessage = flash('L\'utilisateur a bien été supprimé'); } elseif (isset($_POST['content'])) { createMessage($_POST); $flashMessage = flash('Le message a bien été ajouté !'); return go2page('user', $_POST['user_id']); } elseif (!isset($_POST['id'])) { createUser($_POST); $flashMessage = flash('L\'utilisateur a été créé avec succès'); } else { editUser($_POST); $flashMessage = flash('L\'utilisateur a bien été modifié !'); } return go2page('list'); } if (!isset($_GET['id']) && !isset($_GET['page'])) { return go2page('list'); } if (isset($_GET['page']) && $_GET['page'] === 'add') { require '../views/add.php'; return; } if (isset($_GET['page']) && $_GET['page'] === 'edit') { if (!isset($_GET['id'])) { die('veuillez spécifier un id d\'utilisateur'); } $id = $_GET['id']; $editable = ORM::for_table('users')->find_one($id); require '../views/edit.php'; return; } $id = $_GET['id']; return go2page('user', $id); }
} elseif (isset($_POST['u_id']) && $_POST['u_id'] != -1) { $query = "SELECT * from users where user_id=" . $_POST['u_id']; $result = $db->query($query); if ($myrow = $result->fetch_assoc()) { $activeStat = $myrow['isActive'] == "Y"; $sql2 = "Select first_name, last_name from users where user_id=" . $myrow['created_by']; $result2 = $db->query($sql2); $row2 = $result2->fetch_assoc(); $t = "Modify User Information"; $action = "index.php?lev=" . $_SESSION[$_CONF['sess_name'] . '_lev'] . "&cat=" . $_SESSION[$_CONF['sess_name'] . '_cat']; $isAdmin = $_SESSION[$_CONF['sess_name'] . '_isAdmin'] == 'Y'; // && $_GET['lev'] == 'admin'); $user = $row2; $result = get_user_info($_SESSION[$_CONF['sess_name'] . '_myUID']); $editor = $result->fetch_assoc(); $b = "\n <center>" . editUser($action, $myrow, $isAdmin, $editor, $usr_lev) . "\n </center>\n "; } $main .= make_box($t, $b); /** Modify User **/ $t = "Modify User Roles"; $b = "<center>"; $sql = "SELECT user2center.center_id,isStudent,isParent,isTeacher,isGuidance,isOffice,isAdmin,isActive, center_name\n\t\t\tFROM user2center, ed_centers \n\t\t\tWHERE user2center.user_id=" . $_POST['u_id'] . "\n\t\t\tAND ed_centers.center_id=user2center.center_id"; $result = $db->query($sql); while ($row = $result->fetch_assoc()) { $c_id = $row['center_id']; $editStudent = $row['isStudent'] == "Y"; $editParent = $row['isParent'] == "Y"; $editTeacher = $row['isTeacher'] == "Y"; $editGuidance = $row['isGuidance'] == "Y";
<body> <div class="container"> <div class="jumbotron"> </div> <div class="tables"> <?php if (isset($_GET["action"])) { switch ($_GET["action"]) { case "createUser": editUser($mysqli, 0); break; case "editUser": editUser($mysqli, $_GET["id"]); break; case "updateUser": updateUser($mysqli); break; case "insertUser": insertUser($mysqli); break; case "deleteUser": deleteUser($mysqli); break; case "unsetUsername": unset($_SESSION['username']); unset($_SESSION['password']); unset($_SESSION['admin']); header("location: index.php");
search($connection, "SELECT * FROM users WHERE mail LIKE '%{$textInput}%'", "users"); break; case 14: changePassword($connection, $textInput, $password); break; case 15: setActive($connection, $textInput); break; case 16: upgradeAccount($connection, $textInput); break; case 17: addUser($connection, $firstname, $sirname, $username, $sex, $password, $tel, $mail, $geb, $plz, $country, $city, $street, $housenr, $picture, $isActivated, $isRetailer, $maximum); break; case 18: editUser($connection, $username, $mail); break; case 19: contactUser($connection, $firstname, $mail); break; case 20: delete($connection, "DELETE FROM notice WHERE ID='{$textInput}'", "notice", "ID", $textInput); break; case 21: search($connection, "SELECT * FROM notice WHERE title LIKE '%{$textInput}%' OR category LIKE '%{$textInput}%' OR UserID LIKE '%{$textInput}%'", "notice"); break; case 22: search($connection, "SELECT * FROM notice WHERE title LIKE '%{$textInput}%'", "notice"); break; case 23: search($connection, "SELECT * FROM notice WHERE category LIKE '%{$textInput}%' OR UserID LIKE '%{$textInput}%'", "notice");
$tpl->assign('bank_number', $_POST['bank_number']); $tpl->assign('bank_iban', $_POST['bank_iban']); $tpl->assign('bank_name', $_POST['bank_name']); $tpl->assign('bank_account', $_POST['bank_account']); //Alle Rollen $roles_query = DB_query("SELECT\n\t\t\t\t\t\t\trole_id,\n\t\t\t\t\t\t\tname\n\t\t\t\t\t\t\tFROM roles"); $roles = array(); while ($role = DB_fetchArray($roles_query)) { $roles[] = array("id" => $role['role_id'], "name" => $role['name']); } $tpl->assign('roleslist', $roles); $tpl->display(); } } elseif ($_POST['action'] == 'edit') { $LOG->write('3', 'admin/editUser.php: action=edit'); editUser(); $LOG->write('2', 'Nutzer ' . $_GET['catID'] . ' bearbeitet'); redirectURI('/admin/users.php'); } elseif ($_POST['action'] == 'editSelf') { $LOG->write('3', 'admin/editUser.php: action=editSelf'); if ($_POST['password'] == $_POST['repeatPassword']) { editSelfUser(); $LOG->write('2', 'Nutzer ' . $_GET['catID'] . ' bearbeitet'); redirectURI('/admin/index.php'); } else { // falsche Passwortwiederholung $passwordError = "1"; $tpl->assign('action', 'editSelf'); $tpl->assign('uID', $user->getID()); $tpl->assign('user_name', $user->getName()); $tpl->assign('user_lastname', $user->getLastname());
$data = $_REQUEST; //do relevant stuff with path[1] switch ($path[0]) { case "users": switch ($method) { case "GET": $data["username"] = $path[1]; $results = getUser($data); break; case "PUT": $data["username"] = $path[1]; $results = addUser($data); break; case "PATCH": $data["username"] = $path[1]; $results = editUser($data); break; default: $results["meta"] = methodNotAllowed($method, $path); } break; case "goals": switch ($method) { case "GET": $results = getGoals($data); break; case "POST": $results = addGoal($data); break; case "PATCH": $data["goalID"] = $path[1];
// ============================================================================ // POST Method // ============================================================================ if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Prevent editors to administrate other users. if ($Login->role() !== 'admin') { $_POST['username'] = $Login->username(); unset($_POST['role']); } if (isset($_POST['delete-user-all'])) { deleteUser($_POST, true); } elseif (isset($_POST['delete-user-associate'])) { deleteUser($_POST, false); } elseif (!empty($_POST['new-password']) && !empty($_POST['confirm-password'])) { setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']); } else { editUser($_POST); } } // ============================================================================ // Main after POST // ============================================================================ if ($Login->role() !== 'admin') { $layout['parameters'] = $Login->username(); } $_user = $dbUsers->getDb($layout['parameters']); // If the user doesn't exist, redirect to the users list. if ($_user === false) { Redirect::page('admin', 'users'); } $_user['username'] = $layout['parameters'];
} else { $app->halt(200); } } if ($result === false) { $app->flash('error', $statement->errorInfo()[2]); $app->redirect($app->urlFor('userAdd')); } else { $app->redirect($app->urlFor('userList', array('active' => 'active'))); } })->name('userAdd'); $app->get('/admin/users/edit/:user', function ($userID) use($app, $roles) { $app->render('html/editUser.html', array('user' => getUserDetails($app->db, $userID), 'departments' => getDepartments($app->db), 'roles' => $roles)); })->name('editUser'); $app->post('/admin/users/edit/:user', function ($userID) use($app) { $result = editUser($app->db, $userID, $app->request->post('user'), $app->request->post('email'), $app->request->post('department'), $app->request->post('role'), $app->request->post('archiveEnabled'), $app->request->post('archiveDate'), $app->request->post('archiveReason')); if (!empty($result)) { $app->flash('error', $result); $app->redirect($app->urlFor('editUser', array('user' => $userID))); } else { $app->redirect($app->urlFor('userList', array('active' => 'active'))); } }); $app->get('/admin/departments', function () use($app) { $app->redirect($app->urlFor('departmentsList')); }); $app->get('/admin/departments/list', function () use($app) { $app->render('html/departments.html', array('departments' => getDepartments($app->db))); })->name('departmentsList'); $app->get('/admin/departments/add', function () use($app) { $app->render('html/adddepartment.html');
} require_once $mainframe->getPath('admin_html'); $task = trim(mosGetParam($_REQUEST, 'task', null)); $cid = mosGetParam($_REQUEST, 'cid', array(0)); if (!is_array($cid)) { $cid = array(0); } switch ($task) { case 'new': editUser(0, $option); break; case 'edit': editUser(intval($cid[0]), $option); break; case 'editA': editUser($id, $option); break; case 'save': case 'apply': saveUser($option, $task); break; case 'remove': removeUsers($cid, $option); break; case 'block': changeUserBlock($cid, 1, $option); break; case 'unblock': changeUserBlock($cid, 0, $option); break; case 'logout':
function process_post() { /* We switch according to the $_POST[action] variable, which is a hidden * submit formfield in each <form>. see html/add*.txt for more information. */ switch ("{$_POST['action']}") { /* * Add new user. We wont touch that here. Let auth() handle that. */ case "newuser": addNewUser(); break; /* * Update to the about box in profiles. */ /* * Update to the about box in profiles. */ case "modprofile": modProfile(); break; /* * Change password. We wont touch that here. Let auth() handle that. */ /* * Change password. We wont touch that here. Let auth() handle that. */ case "changepw": changePassword(); break; /* * Change email. */ /* * Change email. */ case "changeemail": changeEmail(); break; /* * Change can view preferences. */ /* * Change can view preferences. */ case "changecanpage": changeCanPrefs(); break; /* * Update API Key */ /* * Update API Key */ case "update_api": global $MySelf; $api = new api($MySelf->getID()); if ($_POST[deleteKey]) { // Delete api Key $api->deleteApiKey(); makeNotice("Your API key has been delete from the database.", "notice", "API Key wipe success", "index.php?action=preferences"); } else { // Update api key $api->setApiKey($_POST[apiID], $_POST[apiKey]); makeNotice("Your new API key has been stored.", "notice", "API Key update success", "index.php?action=preferences"); } break; /* * Add a Rank */ /* * Add a Rank */ case "addnewrank": addRank(); break; /* * Edit the ranks */ /* * Edit the ranks */ case "editranks": editRanks(); break; /* * Change opt-in status. */ /* * Change opt-in status. */ case "optIn": toggleOptIn(); break; /* * Change See Inoffical Runs Setting (sir) */ /* * Change See Inoffical Runs Setting (sir) */ case "sirchange": sirchange(); break; /* * Submiting a template change form */ /* * Submiting a template change form */ case "editTemplate": editTemplate(); break; /* * Change ore value. */ /* * Change ore value. */ case "changeore": changeOreValue(); break; /* * Change ship value. */ /* * Change ship value. */ case "changeship": changeShipValue(); break; /* * Delete pending payout request */ /* * Delete pending payout request */ case "deleteRequest": deletePayoutRequest(); break; /* * Modify online time. */ /* * Modify online time. */ case "modonlinetime": modOnlineTime(); break; /* * Modify site settings. */ /* * Modify site settings. */ case "configuration": modConfiguration(); break; /* * Add an event to the DB */ /* * Add an event to the DB */ case "addevent": addEventToDB(); break; /* * Request payout. */ /* * Request payout. */ case "requestPayout": requestPayout(); break; /* * Transfer Money */ /* * Transfer Money */ case "transferMoney": transferMoney(); break; /* * Do the payouts */ /* * Do the payouts */ case "payout": doPayout(); break; /* * Create a new can in the Database. */ /* * Create a new can in the Database. */ case "addcan": addCanToDatabase(); break; /* * Admin request to change a user. */ /* * Admin request to change a user. */ case "edituser": editUser(); break; /* * AddRun * This adds a new run to the database. */ /* * AddRun * This adds a new run to the database. */ case "addrun": addRun(); break; /* * Analog to AddRun, just for Hauls. */ /* * Analog to AddRun, just for Hauls. */ case "addhaul": addHaul(); break; /* * Create a new transaction. */ /* * Create a new transaction. */ case "transaction": createTransaction(); break; /* * Lotto stuff */ /* * Lotto stuff */ case "editLottoTickets": lotto_editCreditsInDB(); break; case "createDrawing": lotto_createDrawing(); break; case "lottoBuyCredits": lotto_buyTickets(); break; } }
$action = $_POST['action']; switch ($action) { case 'getAllUsersDT': echo getAllUsersDT(); break; case 'deleteUser': $id = $_POST['id']; echo deleteUser($id); break; case 'editUser': $id = $_POST['id']; $name = $_POST['name']; $login = $_POST['login']; $pass = $_POST['pass']; $valid = $_POST['valid']; echo editUser($id, $name, $login, $pass, $valid); break; case 'createUser': $name = $_POST['name']; $login = $_POST['login']; $pass = $_POST['pass']; $valid = $_POST['valid']; echo createUser($name, $login, $pass, $valid); break; } } function getAllUsersDT() { global $bdd, $_TABLES; if (!is_null($bdd) && !is_null($_TABLES)) { $content = '<thead>';
function editUser() { empty($_POST['password_field']) ? $password = "" : $password = "******".md5($_POST['password_field'])."'," ; $sql = "UPDATE ".TB_PREFIX."user SET email = :email, $password role_id = :role, enabled = :enabled WHERE id = :id "; return dbQuery($sql, ':email',$_POST['email'], ':role',$_POST['role'], ':enabled',$_POST['enabled'], ':id',$_POST['id']); } if( editUser() ) { $saved = true; } } $smarty -> assign('saved',$saved); $smarty -> assign('pageActive', 'user'); $smarty -> assign('active_tab', '#people'); $smarty -> assign('errm',$errm[2]) ?>
$user = getUserById($_GET['id']); // Si l'utilisateur n'existe pas, on repasse en mode ajout if ($user === false) { $editMode = false; } // On verifie si l'utilisateur essaie de s'auto-modifier ou si c'est un admin if ($user['user_id'] != userID() && !userIsAdmin()) { abort('Vous n\'avez pas le droit de modifier cet utilisateur'); } } // Gestion de l'envoi du formulaire if (verifyKeysIn($_POST, 'submit')) { // Si les champs du formulaire sont valides if (verifyKeysIn($_POST, 'name', 'fname', 'mail', 'username', 'pwd', 'birth', 'desc')) { if ($editMode) { editUser($_GET['id'], $_POST['name'], $_POST['fname'], $_POST['mail'], $_POST['username'], $_POST['pwd'], $_POST['birth'], $_POST['desc']); } else { insertUser($_POST['name'], $_POST['fname'], $_POST['mail'], $_POST['username'], $_POST['pwd'], $_POST['birth'], $_POST['desc']); } // Retour à la liste des utilisateurs redirect('list-users.php'); } else { $errors[] = "Il manque des champs dans le formulaire"; } } function userValueOrEmpty($key) { global $user; if ($user === false) { return ''; }
case "CreateUser": CreateUser(); break; case "addUser": $newUser = getRequestVar('newUser'); $pass1 = getRequestVar('pass1'); $userType = getRequestVar('userType'); addUser($newUser, $pass1, $userType); break; case "deleteUser": $user_id = getRequestVar('user_id'); deleteUser($user_id); break; case "editUser": $user_id = getRequestVar('user_id'); editUser($user_id); break; case "updateUser": $user_id = getRequestVar('user_id'); $org_user_id = getRequestVar('org_user_id'); $pass1 = getRequestVar('pass1'); $userType = getRequestVar('userType'); $hideOffline = getRequestVar('hideOffline'); updateUser($user_id, $org_user_id, $pass1, $userType, $hideOffline); break; case "configSettings": configSettings(); break; case "updateConfigSettings": if (!array_key_exists("debugTorrents", $_REQUEST)) { $_REQUEST["debugTorrents"] = false;
function renew($username, $client) { try { $user = find_user($username, $client)->return; $user->status = STATUS_NEW; $user->password = "******"; editUser($user, $client); return generateCert($username, $client); } catch (Exception $e) { var_dump($e); exit(1); } }
$password = trim($_POST['password']); $required = array("username", "password"); foreach ($required as $require) { $value = trim($_POST[$require]); if (!has_value($value)) { if ($require == 'password') { $errors[$require] = "Please type in your password to save your changes."; } else { $errors[$require] = ucfirst($require) . " can't be blank."; } } } $max_lengths = array("firstname" => 15, "lastname" => 8, "username" => 15); max_length($max_lengths); if (empty($errors)) { $updateuser = editUser($id, $firstname, $lastname, $username, $password); $message = $updateuser; } } ?> <!doctype html> <html> <head> <meta charset="UTF-8"> <title>EDFC | Admin - Edit a User</title> <link rel="stylesheet" href="../css/normalize.css"/> <link rel="stylesheet" href="../css/foundation.css" /> <link href='https://fonts.googleapis.com/css?family=Montserrat:400,700' rel='stylesheet' type='text/css'> <link rel="stylesheet" href="css/main.css"/> </head> <body>
if (!($fp = fopen('/etc/squid3/basic.passwd', 'w+'))) { print "Cannot open file (" . $fileName . ")"; exit; } if ($fp) { foreach ($fileName as $line) { fwrite($fp, $line); } fclose($fp); } } // function for encrypting password function htpasswd($pass) { $pass = crypt(trim($pass), base64_encode(CRYPT_STD_DES)); return $pass; } if (isset($_POST['changePass'])) { editUser($_POST['uname'], $_POST['pass']); } if (isset($_POST['delete'])) { delUser($_POST['uname']); } $out = "\n<html>\n<body>\n<table>\n"; $users = showUser(); foreach ($users as $user) { $out .= "\n\t<tr><td>" . $user['username'] . "</td><td>" . $user['password'] . "</td>\n\t<td>\n\t<form action=" . $_SERVER['PHP_SELF'] . " method=post name=delUserForm id=delUserForm>\n\t\t<input type=hidden name=uname value=" . $user['username'] . " />\n\t\t<input type=submit name=delete value=delete />\n\t</form>\n\t</td>\n\t</tr>\n"; } $out .= "\n</table>\n<table>\n<form action=" . $_SERVER['PHP_SELF'] . " method=post name=squidUserForm id=squidUserForm>\n\t<tr><td>Username:</td><td align=left><input name=uname type=text size=20 /></td></tr>\n\t<tr><td>Password:</td><td align=left><input name=pass type=pass size=20 /></td></tr>\n\t<tr><td colspan=2><input type=submit name=changePass value=Change /></td></tr>\n</form>\n</table>\n"; $out .= "\n</body>\n</html>"; print $out;
$mes = editProv($where); } elseif ($act == "delProv") { $where = "id={$id}"; $mes = delProv($where); } elseif ($act == "addCity") { $mes = addCity(); } elseif ($act == "editCity") { $where = "id={$id}"; $mes = editCity($where); } elseif ($act == "delCity") { $where = "id={$id}"; $mes = delCity($where); } elseif ($act == "addUser") { $mes = addUser(); } elseif ($act == "editUser") { $mes = editUser($id); } elseif ($act == "delUser") { $mes = delUser($id); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Insert title here</title> </head> <body> <?php if ($mes) { echo $mes;
* Auteur : Romain Maillard * Date : 28.09.2015 * But: Permet d'éditer les informations d'un utilisateur */ session_start(); // Inclusion fichier de fonction. require_once "include/fonction.php"; // V?rifie si l'utilisateur est d?j? connect? sinon le redirige vers signin.php. if (!isConnected()) { header('Location: signout.php'); } if ($_SESSION['role'] != 2) { header('Location: index.php'); } if (isset($_POST['ok'])) { if (!editUser($_POST['iduser'], $_POST['password'], $_POST['passwordretape'], $_POST['active'], $_POST['role'])) { echo "<script>alert('Edit failed');</script>"; } else { unset($_SESSION['iduser']); header('Location: admin.php'); } } // *************************************************************************** ?> <!DOCTYPE html> <html lang="fr"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1">
require_once 'hortapp-core/hortapp.user.php'; require_once 'hortapp-core/hortapp.regexp.php'; $login = filter_input(INPUT_GET, 'login', FILTER_VALIDATE_REGEXP, $regexpAlphanumeric); //echo "login: $login"; $password = filter_input(INPUT_GET, 'password', FILTER_VALIDATE_REGEXP, $regexpPassword); //echo "password: $password"; $newPasword = filter_input(INPUT_GET, 'newPasword', FILTER_VALIDATE_REGEXP, $regexpAlphanumeric); //echo "newPasword: $newPasword"; $newPasword2 = filter_input(INPUT_GET, 'newPasword2', FILTER_VALIDATE_REGEXP, $regexpAlphanumeric); //echo "newPasword2: $newPasword2"; $email = filter_input(INPUT_GET, 'email', FILTER_VALIDATE_REGEXP, $regexpAlphanumeric); //echo "email: $email"; if ($password) { $msg = array(); if (strcmp($newPassword, $newPassword2) == 0) { $res = editUser($login, $password, $newPasword, $email); if (is_array($res)) { //success $msg = $res; $msg['success'] = true; } else { switch ($res) { case 0: $msg = array('success' => 'Dades actualitzades correctament'); break; case 1: $msg = array('error' => 'Actualització no realitzada. Intenta-ho més endavant'); break; case 2: $msg = array('error' => 'Error amb la BD'); break;
} $result = dbQuery("UPDATE [db]users SET status = -1 WHERE user_id = {$uid}"); if (!$result) { $msg = "Database Error: {$ax['usr_not_deleted']}"; break; } $msg = $ax['usr_deleted']; } while (false); return $msg; } //Control logic if ($privs >= 4) { //manager or admin $msg = ''; if (isset($_POST['addExe'])) { $msg = addUser(); } elseif (isset($_POST['updExe'])) { $msg = updateUser(); } elseif (isset($_GET['delExe'])) { $msg = deleteUser(); } echo "<p class='error'>{$msg}</p>\n\t\t<div class='scrollBoxAd'>\n\t\t<div class='centerBox'>\n"; if ($editUser != 'y' or isset($_POST["back"])) { showUsers(); } else { editUser($uid); } echo "</div>\n</div>\n"; } else { echo "<p class='error'>{$ax['no_way']}</p>\n"; }
</div> </div> <div class="divider"></div><br> <div class="row"> <div class="col s12"> <p class="center-align"> <button class="btn btn-block waves-effect waves-light" type="submit" name="delete">Delete</button> </p> </div> </div> </form> </div> </div> </div> </div> <?php } } if (isset($_POST['edit'])) { editUser($_POST['firstname'], $_POST['lastname'], $_POST['address'], $_POST['town'], $_POST['country'], $_POST['postcode'], $_POST['email'], $_POST['username']); $_SESSION['edit-user'] = '******'; header("location:user-page.php?page=" . $_GET['page']); } if (isset($_POST['delete'])) { removeUser($_POST['username']); $_SESSION['delete-user'] = '******'; header("location:user-page.php?page=" . $_GET['page']); } ?> <script src="../js/jquery-2.1.1.min.js"></script>
function confirmUser($_POST) { extract($_POST); # validate input require_lib("validate"); $v = new validate(); $v->isOk($oldusrnme, "string", 1, 20, "Invalid old username."); $v->isOk($username, "string", 1, 20, "Invalid username."); $v->isOk($chgpass, "string", 2, 3, "Tempering with 'change pass' detected."); # change to upper case $chgpass = strtoupper($chgpass); # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "<li class='err'>" . $e["msg"] . "</li>"; } $theseErrors .= "\n\t\t\t<p>\n\t\t\t<input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>\n\t\t\t<table " . TMPL_tblDflts . ">\n\t\t\t\t<tr>\n\t\t\t\t\t<th>Quick Links</th>\n\t\t\t\t</tr>\n\t\t\t\t<script>document.write(getQuicklinkSpecial());</script>\n\t\t\t</table>"; return $theseErrors; } $OUTPUT = ""; db_conn("cubit"); if ($chgpass == "YES") { $v->isOk($password, "string", 1, 20, "Invalid password."); $v->isOk($password2, "string", 1, 20, "Invalid password."); $v->pwMatch($password, $password2, "Passwords do not match."); # display errors, if any if ($v->isError()) { $theseErrors = ""; $errors = $v->getErrors(); foreach ($errors as $e) { $theseErrors .= "<li class='err'>" . $e["msg"] . "</li>"; } $theseErrors .= "<p><input type='button' onClick='JavaScript:history.back();' value='« Correct submission'>"; return $theseErrors; } # make MD#5 of new password $MD5_PASS = md5($password); } else { $sql = db_exec("SELECT password FROM users WHERE username='******'"); if (pg_num_rows($sql) < 1) { errDie("No such user :/", SELF); } $MD5_PASS = pg_result($sql, 0, 0); } $_POST['MD5_PASS'] = $MD5_PASS; $_POST['empnum'] = $empnum; $_POST['tool'] = $tool; // write user $OUTPUT .= writeUser($_POST); db_connect(); #we only remove the department that the user selected ... $get_dept_scripts = "SELECT script FROM deptscripts WHERE dept = '{$old_dept}'"; $run_dept_scripts = db_exec($get_dept_scripts) or errDie("Unable to get department script information."); if (pg_numrows($run_dept_scripts) < 1) { #no scripts for this department } else { while ($ddarr = pg_fetch_array($run_dept_scripts)) { $Sql = "DELETE FROM userscripts WHERE username='******' AND script = '{$ddarr['script']}'"; $Ex = db_exec($Sql) or errDie("Unable to clear old user script permissions."); } } // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'top_menu.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'getimg.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'diary-day.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'glodiary-day.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'todo.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index_die.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); // $Sql = "INSERT INTO userscripts (username, script, div) VALUES ('$username', 'index-services.php', '".USER_DIV."')"; // $Ex = db_exec ($Sql) or errDie ("Unable to add user to database."); #add permissions from this department if (isset($perm) and $perm != '') { foreach ($perm as $key => $value) { $sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$value}', '" . USER_DIV . "')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } } #add whole department if they were selected if (isset($deps)) { foreach ($deps as $key => $value) { $sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'"; $depRs = db_exec($sql); while ($depscr = pg_fetch_array($depRs)) { $sql = "INSERT INTO userscripts (username, script, div) VALUES ('{$username}', '{$depscr['script']}', '" . USER_DIV . "')"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } } } #remove whole departments if they were selected if (isset($depsrem)) { foreach ($depsrem as $key => $value) { $sql = "SELECT script FROM deptscripts WHERE dept = '{$key}'"; $depRs = db_exec($sql); while ($depscr = pg_fetch_array($depRs)) { $sql = "DELETE FROM userscripts WHERE username='******' AND script='{$depscr['script']}'"; $nwUsrRslt = db_exec($sql) or errDie("Unable to add user to database."); } } } // Provide some info on status $OUTPUT = "\n\t\t<table " . TMPL_tblDflts . " width='50%'>\n\t\t\t<tr>\n\t\t\t\t<th>Committed changes to user</th>\n\t\t\t</tr>\n\t\t\t<tr class='" . bg_class() . "'>\n\t\t\t\t<td>User, {$username}, was successfully edited.</td>\n\t\t\t</tr>\n\t\t</table>"; $OUTPUT .= editUser($_POST); return $OUTPUT; }
function editUserData() { $id = intval($_POST['id']); if ($id == 0) { die("error"); } $origin = intval($_POST['origin']); $status = intval($_POST['status']); $getmail = $_POST['getmail'] === "true" ? 1 : 0; if (isset($_SESSION['superadmin']) || isset($_SESSION['admin']) && getUserStatus($id) < 2 && $status < 2) { echo editUser($id, $origin, $status, $_POST['username'], $_POST['password'], $_POST['email'], $_POST['fullname'], $getmail); } else { die("error"); } }
if (!$deleted) { $msg = "Database Error: {$ax['usr_not_deleted']}"; break; } $msg = $ax['usr_deleted']; } while (false); return $msg; } //Control logic if ($privs >= 4) { //manager or admin $msg = ''; if (isset($_POST['addExe'])) { $msg = addUser($user); } elseif (isset($_POST['updExe'])) { $msg = updateUser($user); } elseif (isset($_GET['delExe'])) { $msg = deleteUser($user); } echo "<p class='error'>{$msg}</p>\n\t\t<div class='scrollBoxAd'>\n\t\t<div class='centerBox'>\n"; if (!$mode or isset($_POST["back"])) { showUsers(); //no add / no edit } else { editUser($user); //add or edit } echo "</div>\n</div>\n"; } else { echo "<p class='error'>{$ax['no_way']}</p>\n"; }
// update user if ($_SERVER['REQUEST_METHOD'] == 'PUT') { $error = array(); $post = json_decode(file_get_contents("php://input"), true); // TODO:: Validate post if (!isset($post['email']) || empty($post['email']) || !filter_var($post['email'], FILTER_VALIDATE_EMAIL)) { $error[] = 'E-posta adresinizi kontrol ediniz.'; } if (!isset($post['password']) || empty($post['password'])) { $error[] = 'Şifrenizi kontrol ediniz.'; } if (isset($error) && !empty($error) && is_array($error)) { header('HTTP/1.1 405 Reset Content'); Output::error($error); } else { $result = editUser($user_id, $post); } } // delete user if ($_SERVER['REQUEST_METHOD'] == 'DELETE') { $result = deleteUser($user_id); } // get user if ($_SERVER['REQUEST_METHOD'] == 'GET') { $result = getUser($user_id); } // if method does not found if (!$result) { $data = 'Tekrar deniyiniz!'; header('HTTP/1.1 405 Reset Content'); Output::error($data);
<?php DEFINE('INCLUDE_CHECK', 1); require_once 'lib/connections/db.php'; include 'lib/functions/functions.php'; checkLogin('2'); // we check if everything is filled in and perform checks if ($_POST['phone'] && !validateNumeric($_POST['phone'])) { die(msg(0, "Phone numbers must be of numeric type only.")); } if ($_POST['email'] && validateEmail($_POST['email'])) { die(msg(0, "Invalid Email!")); } if ($_POST['email'] && uniqueEmail($_POST['email'])) { die(msg(0, "Email already in database. Please select another email address.")); } $res = editUser($_SESSION['user_id'], $_POST['email'], $_POST['first_name'], $_POST['last_name'], $_POST['dialing_code'], $_POST['phone'], $_POST['city'], $_POST['country']); if ($res == 4) { die(msg(0, "An internal error has occured. Please contact the site admin!")); } if ($res == 99) { die(msg(1, "Profile updated successfully!")); } function msg($status, $txt) { return '{"status":' . $status . ',"txt":"' . $txt . '"}'; }
$reponse = getComm(); } else { if ($action == 'supprComm') { $reponse = supprComm(); } else { if ($action == 'listUser') { $reponse = listUser(); } else { if ($action == 'ajoutUser') { $reponse = ajoutUser(); } else { if ($action == 'supprUser') { $reponse = supprUser(); } else { if ($action == 'editUser') { $reponse = editUser(); } else { if ($action == 'listeTemplates') { $reponse = listeTemplates(); } else { if ($action == 'validConfTemplate') { $reponse = validConfTemplate(); } } } } } } } } }