function SavePrefsForUser($userid, $prefs) { $loc = "preflib.php->SavePrefsForUser"; // First, start with current set of preferences so that we // don't duplicate any new ones. $current_prefs = GetPrefsForUser($userid); // Separate the new prefs into those that already exist, // and those that are truely new. $new_prefs = array(); $changed_prefs = array(); foreach ($prefs as $key => $value) { if (array_key_exists($key, $current_prefs)) { // The key is alreay in the database. If the value is the // same, then we don't need to re-save it. if ($value != $current_prefs[$key]) { $changed_prefs[$key] = $value; } } else { // The key is new. $new_prefs[$key] = $value; } } // Now, update the database table for each pref that is // already in the table. foreach ($changed_prefs as $key => $value) { $sql = 'UPDATE Prefs SET PrefValue = "' . $value . '" WHERE UserID=' . intval($userid) . ' AND PrefName="' . SqlClean($key) . '"'; $result = SqlQuery($loc, $sql); } // Finally, insert the new prefereces into the table. foreach ($new_prefs as $key => $value) { $sql = 'INSERT INTO Prefs (UserID, PrefName, PrefValue) VALUES (' . intval($userid) . ', "' . SqlClean($key) . '", "' . SqlClean($value) . '")'; $result = SqlQuery($loc, $sql); } log_msg($loc, count($prefs) . ' preferences updated/saved successfully for user ' . intval($userid)); }
function GetWorkOrderFiles($workorderid) { $loc = rmabs(__FILE__ . ".GetWorkOrderFiles"); $sql = 'SELECT * FROM RelatedFiles WHERE WorkOrderID=' . SqlClean($workorderid); $result = SqlQuery($loc, $sql); if ($result->num_rows != 1) { return false; } $row = $result->fetch_assoc(); return $row; }
function GetWorkOrderPrereqInfo($userid) { $loc = "userlib.php->GetUserInfo"; $sql = 'SELECT * FROM UserView WHERE UserID=' . SqlClean($userid); $result = SqlQuery($loc, $sql); if ($result->num_rows != 1) { return false; } $row = $result->fetch_assoc(); return $row; }
function StoreEvent($fields) { $loc = 'readerlib.php=>StoreEvent'; $sql = 'INSERT INTO EventTimes (Name, StartTime, EndTime, Type, Purpose) '; $sql .= 'VALUES ('; $sql .= ' "' . SqlClean($fields["Name"]) . '"'; $sql .= ', "' . SqlClean($fields["StartTime"]) . '"'; $sql .= ', "' . SqlClean($fields["EndTime"]) . '"'; $sql .= ', "' . SqlClean($fields["Type"]) . '"'; $sql .= ', "' . SqlClean($fields["Purpose"]) . '"'; $sql .= ')'; SqlQuery($loc, $sql); }
function IsSqlTextOkay($s) { if (!is_array($s)) { if (SqlClean($s) !== $s) { return false; } else { return true; } } foreach ($s as $t) { if (SqlClean($t) !== $t) { return false; } } return true; }
function UpdateUser($param_list, $userid = 0) { global $config; $loc = "userlib.php->UpdateUser"; $pwchanged = false; $fields = array(array("LastName", "str"), array("FirstName", "str"), array("PasswordHash", "str"), array("NickName", "str"), array("Title", "str"), array("BadgeID", "str"), array("Email", "str"), array("Tags", "str"), array("Active", "bool")); if ($userid != 0) { $sql = "SELECT * FROM Users WHERE UserID=" . intval($userid); $result = SqlQuery($loc, $sql); if ($result->num_rows <= 0) { $error_msg = "Unable to update user. UserID=" . intval($userid) . " not found."; log_msg($loc, $error_msg); return $error_msg; } } else { if (!IsFieldInParamList("UserName", $param_list)) { $error_msg = 'Unable to update user. No UserName or UserID Given.'; log_msg($loc, $error_msg); return $error_msg; } $username = GetValueFromParamList($param_list, "UserName"); $sql = 'SELECT * FROM Users WHERE UserName="******"'; $result = SqlQuery($loc, $sql); if ($result->num_rows <= 0) { $error_msg = 'Unable to update user. UserName="******" not found.'; log_msg($loc, $error_msg); return $error_msg; } $row = $result->fetch_assoc(); $userid = intval($row["UserID"]); } // If the BadgeID is being changed we need to make sure its not a duplicate. if (IsFieldInParamList("BadgeID", $param_list)) { $badgeid = GetValueFromParamList($param_list, "BadgeID"); if (!blank($badgeid)) { if (!VerifyBadgeFormat($badgeid)) { $error_msg = 'Unable to update user. Bad Format for BadgeID. Must be in form of "A000".'; log_msg($loc, $error_msg); return $error_msg; } $sql = 'SELECT UserID FROM Users WHERE BadgeID="' . $badgeid . '"'; $result = SqlQuery($loc, $sql); while ($row = $result->fetch_assoc()) { if ($row["UserID"] != $userid) { $error_msg = 'Unable to update user. BadgeID ' . $badgeid . ' already in use.'; log_msg($loc, $error_msg); return $error_msg; } } } } // At this point, move all values into a seperate array, but treat password special. $data = array(); $c = 0; foreach ($param_list as $param_spec) { if (!isset($param_spec["FieldName"])) { continue; } if (!isset($param_spec["Value"])) { continue; } if ($param_spec["FieldName"] == "Password") { $pw = $param_spec["Value"]; if (empty($pw)) { continue; } $v = crypt($pw, $config["Salt"]); $pwchanged = true; $fn = "PasswordHash"; $data[$fn] = $v; $c++; continue; } $fn = $param_spec["FieldName"]; $v = $param_spec["Value"]; $data[$fn] = $v; $c++; } if ($c <= 0) { $error_msg = "Unable to update user. UserID=" . intval($userid) . ". Nothing to update."; log_msg($loc, $error_msg); return $error_msg; } // At this point, we have a userid that we can count on, and the data. $sql = 'UPDATE Users SET '; $sql .= GenerateSqlSet($data, $fields); $sql .= " WHERE UserID=" . intval($userid); SqlQuery($loc, $sql); $msg = 'Info for User ' . $userid . ' updated by ' . GetUserName() . '. '; if ($pwchanged) { $msg .= '(Including a password change.)'; } log_msg($loc, $msg); return true; }