*/ // $Id: editUser.php,v 1.7 2006/01/29 08:15:18 atrommer Exp $ checkUser($_SESSION['USERTYPE'], 2); //if (!$_REQUEST['u_id'] && !$_REQUEST['action']){ // accessDenied("Please choose an employee first!"); //} doHeader("Edit User"); // first we check if we're doing an update // or a delete if ($_REQUEST['action'] == 'del') { deleteConfirm(); } elseif ($_POST['confirmDelete']) { deleteUser($_POST['hdUserID']); print "User deactivated sucessfully!"; } else { editUserForm(); } function deleteConfirm() { $aUserVals = getUserVals($_REQUEST['u_id']); ?> <form id="frmDelete" name="frmDelete" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?> "> <input type="hidden" name="hdUserID" value="<?php echo $_REQUEST['u_id']; ?> "> <input type="hidden" name="confirmDelete" value="1"> <input type="submit" name="delete" value="Are you sure you want to deactivate <?php
function insertNewUser() { $uname = $_POST['username']; $pw = $_POST['pw']; $ulevel = $_POST['userlevel']; $fname = $_POST['fname']; $lname = $_POST['lname']; $email = $_POST['email']; mysql_connect(DB_HOST, DB_USER, DB_PASS) or die(mysql_error()); mysql_select_db(DB_NAME) or die(mysql_error()); $sql = "SELECT * FROM " . DB_TABLE_PREFIX . "users WHERE username='******'"; $result = mysql_query($sql) or die(mysql_error()); $row = mysql_fetch_row($result); if (is_array($row)) { editUserForm("Add", "", $uname); } else { $sql = "INSERT INTO " . DB_TABLE_PREFIX . "users SET "; $sql .= "username='******', password='******', fname='{$fname}', lname='{$lname}', "; $sql .= "userlevel='{$ulevel}', email='{$email}'"; mysql_query($sql) or die(mysql_error()); header("location:useradmin.php"); } }