$system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); require IPP_PATH . 'index.php'; exit; } } else { if (!validate()) { $system_message = $system_message . $error_message; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); require IPP_PATH . 'index.php'; exit; } } //************* SESSION active past here ************************** //check permission levels if (getPermissionLevel($_SESSION['egps_username']) > $MINIMUM_AUTHORIZATION_LEVEL && !isLocalAdministrator($_SESSION['egps_username'])) { $system_message = $system_message . "You do not have permission to view this page (IP: " . $_SERVER['REMOTE_ADDR'] . ")"; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); require IPP_PATH . 'security_error.php'; exit; } //************** validated past here SESSION ACTIVE**************** $szBackGetVars = ""; foreach ($_GET as $key => $value) { $szBackGetVars = $szBackGetVars . $key . "=" . $value . "&"; } //strip trailing '&' $szBackGetVars = substr($szBackGetVars, 0, -1); ?> <!DOCTYPE HTML>
$system_message = $system_message . "You do not have permission to view this page. You must be in the same school as this person to edit their information. (" . $user_row['school_code'] . "!=" . $us_row['school_code'] . ")"; IPP_LOG($system_message, $_SESSION['egps_username'], 'ERROR'); require IPP_PATH . 'security_error.php'; exit; } } //************** validated past here SESSION ACTIVE**************** if (isset($_POST['Update'])) { //we are updating this users information... $update_query = "UPDATE support_member SET egps_username='******',"; //do this so we start with a comma. $update_query .= "first_name='" . mysql_real_escape_string($_POST['first_name']) . "',"; $update_query .= "last_name='" . mysql_real_escape_string($_POST['last_name']) . "',"; $update_query .= "email='" . mysql_real_escape_string($_POST['email']) . "',"; if ($permission_level <= 20 || isLocalAdministrator($_SESSION['egps_username'])) { if ($_POST['permission_level'] > 20 && isLocalAdministrator($_SESSION['egps_username']) || $permission_level == 0) { $update_query .= " permission_level=" . mysql_real_escape_string($_POST['permission_level']) . ","; } else { $system_message .= "You do not have permission to make this modification to this IPP members permission level<BR>"; } if ($permission_level == 0) { $update_query .= " school_code=" . mysql_real_escape_string($_POST['school_code']) . ","; $update_query .= " is_local_ipp_administrator='"; if (isset($_POST['is_local_ipp_administrator'])) { $update_query .= "Y"; } else { $update_query .= "N"; } $update_query .= "',"; } //strip off trailing ','...