$title = 'Add Administrator'; #Fills <title> tag //END CONFIG AREA ---------------------------------------------------------- $access = "superadmin"; #superadmin or above can add new administrators include_once INCLUDE_PATH . 'admin_only_inc.php'; #session protected page - level is defined in $access var if (isset($_POST['Email'])) { # if Email is set, check for valid data if (!onlyEmail($_POST['Email'])) { //data must be valid email feedback("Data entered for email is not valid", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } if (!onlyAlphaNum($_POST['PWord1'])) { //data must be alphanumeric or punctuation only feedback("Password must contain letters and numbers only.", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } $params = array('FirstName', 'LastName', 'PWord1', 'Email', 'Privilege'); #required fields if (!required_params($params)) { //abort - required fields not sent feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } $iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error())); $FirstName = dbIn($_POST['FirstName'], $iConn);
function updateExecute() { global $config; if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) { $myID = (int) $_POST['AdminID']; #Convert to integer, will equate to zero if fails } else { feedback("AdminID not numeric", "warning"); myRedirect($config->adminReset); } if (!onlyAlphaNum($_POST['PWord1'])) { //data must be alphanumeric or punctuation only feedback("Data entered for password must be alphanumeric only"); myRedirect(THIS_PAGE); } $myConn = conn('', FALSE); $redirect = $config->adminReset; # global var used for following formReq redirection on failure $AdminID = formReq('AdminID'); # calls dbIn internally, to check form data $AdminPW = formReq('PWord1'); # SHA() is the MySQL function that encrypts the password $sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID); @mysql_query($sql, $myConn) or die(trigger_error(mysql_error(), E_USER_ERROR)); //feedback success or failure of insert if (mysql_affected_rows($myConn) > 0) { feedback("Password Successfully Reset!", "notice"); } else { feedback("Password NOT Reset! (or not changed from original value)"); } get_header(); echo ' <div align="center"><h3>Reset Administrator Password</h3></div> <div align="center"><a href="' . $config->adminReset . '">Reset More</a></div> <div align="center"><a href="' . $config->adminDashboard . '">Exit To Admin</a></div> '; get_footer(); }
function updateExecute($nav1 = '') { $params = array('AdminID', 'PWord1'); #required fields if (!required_params($params)) { //abort - required fields not sent feedback("Data not entered/updated. (error code #" . createErrorCode(THIS_PAGE, __LINE__) . ")", "error"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } if (isset($_POST['AdminID']) && (int) $_POST['AdminID'] > 0) { $AdminID = (int) $_POST['AdminID']; #Convert to integer, will equate to zero if fails } else { feedback("AdminID not numeric", "warning"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } if (!onlyAlphaNum($_POST['PWord1'])) { //data must be alphanumeric or punctuation only feedback("Data entered for password must be alphanumeric only"); header('Location:' . ADMIN_PATH . THIS_PAGE); die; } $iConn = @mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME) or die(myerror(__FILE__, __LINE__, mysqli_connect_error())); $AdminPW = dbIn($_POST['PWord1'], $iConn); # SHA() is the MySQL function that encrypts the password $sql = sprintf("UPDATE " . PREFIX . "Admin set AdminPW=SHA('%s') WHERE AdminID=%d", $AdminPW, $AdminID); @mysqli_query($iConn, $sql) or die(myerror(__FILE__, __LINE__, mysqli_error($iConn))); //feedback success or failure of insert if (mysqli_affected_rows($iConn) > 0) { feedback("Password Successfully Reset!", "notice"); } else { feedback("Password NOT Reset! (or not changed from original value)"); } @mysqli_close($iConn); include INCLUDE_PATH . 'header.php'; echo ' <p align="center"><h3>Reset Administrator Password</h3></p> <p align="center"><a href="' . ADMIN_PATH . THIS_PAGE . '">Reset More</a></p> <p align="center"><a href="' . ADMIN_PATH . 'admin_dashboard.php">Exit To Admin</a></p> '; include INCLUDE_PATH . 'footer.php'; }