Пример #1
0
    IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
    require IPP_PATH . 'security_error.php';
    exit;
}
//check if we are deleting some people
if (isset($_GET['delete_users']) || isset($_GET['delete_users_x'])) {
    if (!connectIPPDB()) {
        $system_message = $system_message . $error_message;
        //just to remember we need this
        IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
    }
    $delete_query = "";
    if ($permission_level == 0) {
        $delete_query = "DELETE FROM support_member WHERE ";
    } else {
        $delete_query = "DELETE FROM support_member WHERE school_code='" . getUserSchoolCode($_SESSION['egps_username']) . "' AND ";
    }
    foreach ($_GET as $key => $value) {
        if ($key != "delete_users" && $value == "on") {
            $delete_query = $delete_query . "egps_username='******' or ";
        }
    }
    //strip trailing 'or' and whitespace
    $delete_query = substr($delete_query, 0, -4);
    //echo $delete_query;
    $delete_result = mysql_query($delete_query);
    if (!$delete_result) {
        $error_message = "Database query failed (" . __FILE__ . ":" . __LINE__ . "): " . mysql_error() . "<BR>Query: '{$delete_query}'<BR>";
        $system_message = $system_message . $error_message;
        IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
    }
Пример #2
0
                        <SELECT tabindex="8" name="school_code" <?php 
//if($permission_level != 0) echo "disabled";
?>
>
                              <?php 
if ($permission_level == 0) {
    while ($school_row = mysql_fetch_array($school_result)) {
        if (isset($_GET['school_code']) && $_GET['school_code'] == $school_row['school_code']) {
            echo "<option value=\"" . $school_row['school_code'] . "\" selected>" . $school_row['school_name'] . "\n";
        } else {
            echo "<option value=\"" . $school_row['school_code'] . "\">" . $school_row['school_name'] . "\n";
        }
    }
} else {
    //get our school code
    $our_code = getUserSchoolCode($_SESSION['egps_username']);
    while ($school_row = mysql_fetch_array($school_result)) {
        if ($school_row['school_code'] == $our_code) {
            echo "<option value=\"" . $school_row['school_code'] . "\" selected>" . $school_row['school_name'] . "\n";
        } else {
            echo "<option value=\"" . $school_row['school_code'] . "\">" . $school_row['school_name'] . "\n";
        }
    }
}
?>
                        </SELECT>
                        </td>
                        </tr>
                        <tr><td bgcolor="#E0E2F2" colspan="2">&nbsp;</td></tr>
                        <tr>
                            <td bgcolor="#E0E2F2">