<?php require_once '../includes/helpers.php'; require_once '../includes/DB.php'; $loggedInUser = checkLoggedInUser(); if ($loggedInUser->isLoggedIn && $loggedInUser->isAdmin) { $userID = DB::getInstance()->escape($_SESSION['user_id']); $sql = "SELECT user.*, role.role_name\n\t\t\t\tFROM user\n\t\t\t\tINNER JOIN role\n\t\t\t\ton(role.role_id = user.id_role)"; $usersResult = DB::getInstance()->select($sql); } else { gotolink('index.php'); } ?> <?php include '../includes/header.php'; ?> <nav role="navigation" class="navbar navbar-default"> <div class="container-fluid"> <div class="collapse navbar-collapse pull-right" style="padding-top: 8px"> <a class="btn btn-success" href="<?php echo SITE_ROOT; ?> /account/account_new.php?return_url=users">Krijo Perdorues te Ri</a> </div> </div> </nav> <div class="row">
$loggedInUser = checkLoggedInUser(); if ($loggedInUser->isLoggedIn && $loggedInUser->isAdmin) { //ON LOGIN SUBMIT if (isset($_POST['save_acc_details'])) { $db = new DB(); $userID = $db->escape($_POST['hidden_user_id']); $firstname = $db->escape($_POST['firstname']); $lastname = $db->escape($_POST['lastname']); $description = $db->escape($_POST['description']); $email = $db->escape($_POST['email']); $active = $db->escape($_POST['active_chbox']); $active = isset($active) && $active != "" ? 1 : 0; $id_role = $db->escape($_POST['id_role']); $sql = "SELECT *\n\t\t\t\t\tFROM USER\n\t\t\t\t\tWHERE user_id = {$userID}\n\t\t\t\t\tLimit 1"; $existingUser = $db->select($sql); if (count($existingUser) > 0) { $sql = "UPDATE user SET \n\t\t\t\t\t\tfirstname = '{$firstname}'\n\t\t\t\t\t\t, lastname = '{$lastname}'\n\t\t\t\t\t\t, description = '{$description}'\n\t\t\t\t\t\t, email = '{$email}'\n\t\t\t\t\t\t, active = {$active}\n\t\t\t\t\t\t, id_role = {$id_role}\n\t\t\t\t\t\tWHERE user_id = {$userID}"; if (!$db->query($sql)) { die('error'); } if (isset($_POST['return_url']) && $_POST['return_url'] == 'users') { gotolink('/users.php'); } else { gotolink('/account.php'); } } else { echo "user doesn't exist"; exit; } } }
<?php require_once '../../includes/helpers.php'; require_once '../../includes/DB.php'; $loggedInUser = checkLoggedInUser(); if ($loggedInUser->isLoggedIn && $loggedInUser->isAdmin) { if (isset($_GET['user_id'])) { $db = new DB(); $userID = $db->escape($_GET['user_id']); $sql = "SELECT *\n\t\t\t\t\tFROM USER\n\t\t\t\t\tWHERE user_id = {$userID}\n\t\t\t\t\tLimit 1"; $existingUser = $db->select($sql); if (count($existingUser) > 0) { $sql = "DELETE FROM user \n\t\t\t\t\t\tWHERE user_id = {$userID}"; if (!$db->query($sql)) { die('error'); } gotolink('/users.php'); } else { echo "user doesn't exist"; exit; } } }
$loggedInUser = checkLoggedInUser(); if ($loggedInUser->isLoggedIn && ($loggedInUser->isAdmin || $_GET['user_id'] == $_SESSION['user_id'])) { if (isset($_GET['user_id'])) { $userID = DB::getInstance()->escape($_GET['user_id']); $sql = "SELECT * \n\t\t\t\t\tFROM USER\n\t\t\t\t\tWHERE user_id = {$userID}\n\t\t\t\t\tLimit 1"; $result = DB::getInstance()->select($sql); $userDetails = $result[0]; $sqlRoles = "SELECT role_id, role_name\n\t\t\t\t\t\t FROM role"; $rolesList = DB::getInstance()->select($sqlRoles); } else { //insert gotolink('/account/account_new.php'); } } else { //header('Location: http://localhost/'.SITE_ROOT.'login.php'); gotolink('login.php'); } ?> <?php include '../../includes/header.php'; ?> <div class="row"> <h4 style="padding: 20px 100px 30px">Ndrysho te dhenat e perdoruesit <span class="label label-info"><?php echo $userDetails->username; ?> <span></h4> <form class="form-horizontal" role="form" action="<?php