$system_message = $system_message . $error_message;
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
require IPP_PATH . 'index.php';
exit;
}
} else {
if (!validate()) {
$system_message = $system_message . $error_message;
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
require IPP_PATH . 'index.php';
exit;
}
}
//************* SESSION active past here **************************
//check permission levels
if (getPermissionLevel($_SESSION['egps_username']) > $MINIMUM_AUTHORIZATION_LEVEL && !isLocalAdministrator($_SESSION['egps_username'])) {
$system_message = $system_message . "You do not have permission to view this page (IP: " . $_SERVER['REMOTE_ADDR'] . ")";
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
require IPP_PATH . 'security_error.php';
exit;
}
//************** validated past here SESSION ACTIVE****************
$szBackGetVars = "";
foreach ($_GET as $key => $value) {
$szBackGetVars = $szBackGetVars . $key . "=" . $value . "&";
}
//strip trailing '&'
$szBackGetVars = substr($szBackGetVars, 0, -1);
?>
<!DOCTYPE HTML>
$system_message = $system_message . "You do not have permission to view this page. You must be in the same school as this person to edit their information. (" . $user_row['school_code'] . "!=" . $us_row['school_code'] . ")";
IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR');
require IPP_PATH . 'security_error.php';
exit;
}
}
//************** validated past here SESSION ACTIVE****************
if (isset($_POST['Update'])) {
//we are updating this users information...
$update_query = "UPDATE support_member SET egps_username='******',";
//do this so we start with a comma.
$update_query .= "first_name='" . mysql_real_escape_string($_POST['first_name']) . "',";
$update_query .= "last_name='" . mysql_real_escape_string($_POST['last_name']) . "',";
$update_query .= "email='" . mysql_real_escape_string($_POST['email']) . "',";
if ($permission_level <= 20 || isLocalAdministrator($_SESSION['egps_username'])) {
if ($_POST['permission_level'] > 20 && isLocalAdministrator($_SESSION['egps_username']) || $permission_level == 0) {
$update_query .= " permission_level=" . mysql_real_escape_string($_POST['permission_level']) . ",";
} else {
$system_message .= "You do not have permission to make this modification to this IPP members permission level<BR>";
}
if ($permission_level == 0) {
$update_query .= " school_code=" . mysql_real_escape_string($_POST['school_code']) . ",";
$update_query .= " is_local_ipp_administrator='";
if (isset($_POST['is_local_ipp_administrator'])) {
$update_query .= "Y";
} else {
$update_query .= "N";
}
$update_query .= "',";
}
//strip off trailing ','...
