if ($debugEnable) {
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
/*
* Prepare the data base.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableElev = DB_PREFIX . 'Elev';
$viewMalsman = DB_PREFIX . 'ListaMalsman';
/*
* Om $idPerson har ett värde så ska en användare editeras. Hämta då den
* nuvarande informationen ur databasen.
*/
if ($idPerson) {
$idPerson = $dbAccess->WashParameter($idPerson);
$query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};";
$result = $dbAccess->SingleQuery($query);
$arrayPerson = $result->fetch_row();
$result->close();
} else {
// Nollställ alla parametrar om vi ska skapa en ny person.
$arrayPerson = array("", "", "", "", "", "", "", "", "", "");
}
/*
* Skapa ett slumplösenord.
*/
$min = 5;
// minimum length of password
$max = 10;
// maximum length of password
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database.
$dbAccess = new CdbAccess();
$tableBook = DB_PREFIX . 'Book';
$tableChild = DB_PREFIX . 'Child';
$tablePage = DB_PREFIX . 'Page';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Get input for the book and clean it.
$nameBook = isset($_POST['nameBook']) ? $_POST['nameBook'] : NULL;
$idBook = isset($_POST['idBook']) ? $_POST['idBook'] : NULL;
$idChild = isset($_POST['idChild']) ? $_POST['idChild'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
// Clean the input parameters.
$idBook = $dbAccess->WashParameter($idBook);
$idChild = $dbAccess->WashParameter($idChild);
$nameBook = $dbAccess->WashParameter(strip_tags($nameBook));
if ($idBook) {
// Edit an existing book
// Check if the session id is owner of the book.
$query = <<<QUERY
SELECT child_idUser FROM
({$tableBook} JOIN {$tableChild} ON book_idChild = idChild)
WHERE idBook = {$idBook};
QUERY;
} else {
// Add a new book.
$query = <<<QUERY
INSERT INTO {$tableBook} (nameBook, book_idChild)
VALUES ('{$nameBook}', '{$idChild}');
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input.
$idBook = isset($_GET['idBook']) ? $_GET['idBook'] : NULL;
$idChild = isset($_GET['idChild']) ? $_GET['idChild'] : NULL;
// Initiate aBook if we are going to generate a new account.
$aBook = array("", "", "", "", "", "");
///////////////////////////////////////////////////////////////////////////////////////////////////
// If $idBook has a value then idBook shall be edited. Get the old info.
$redirect = "my_page";
if ($idBook) {
$dbAccess = new CdbAccess();
$idBook = $dbAccess->WashParameter($idBook);
$tableBook = DB_PREFIX . 'Book';
$query = "SELECT * FROM {$tableBook} WHERE idBook = {$idBook};";
$result = $dbAccess->SingleQuery($query);
$aBook = $result->fetch_row();
$result->close();
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Make a form for editing the book.
$mainTextHTML = <<<HTMLCode
<form action='?p=save_book' method='post'>
<table>
<tr><td>Boktitel</td>
<td><input type='text' name='nameBook' size='20' maxlength='20' value='{$aBook[1]}' /></td></tr>
<tr><td>
<input type='image' title='Spara' src='../images/b_enter.gif' alt='Spara' />
$arrayPerson = array("", "", "", "", "", "");
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kontrollera om personen har behörighet till sidan, d v s är personen på sidan, målsman till
// personen på sidan eller adm.
$showPage = FALSE;
if ($idPerson == $_SESSION['idUser']) {
$showPage = TRUE;
}
if ($_SESSION['authorityUser'] == "adm") {
$showPage = TRUE;
}
// Målsman kontrolleras längre ner.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Hämta den nuvarande informationen ur databasen.
$dbAccess = new CdbAccess();
$idPerson = $dbAccess->WashParameter($idPerson);
$tablePerson = DB_PREFIX . 'Person';
$tableRelationon = DB_PREFIX . 'Relation';
$query = "SELECT * FROM {$tablePerson} WHERE idPerson = {$idPerson};";
$result = $dbAccess->SingleQuery($query);
$arrayPerson = $result->fetch_row();
$result->close();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kontrollera om SESSION idUser är målsman till idPerson.
$query = "SELECT * FROM {$tableRelationon} WHERE relation_idElev = {$idPerson};";
if ($result = $dbAccess->SingleQuery($query)) {
while ($row = $result->fetch_object()) {
if ($row->relation_idMalsman == $_SESSION['idUser']) {
$showPage = TRUE;
}
//Behörighet till sidan som målsman.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input.
$idPage = isset($_GET['idPage']) ? $_GET['idPage'] : NULL;
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare database.
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$tableBook = DB_PREFIX . 'Book';
$tablePage = DB_PREFIX . 'Page';
$tableField = DB_PREFIX . 'Field';
$idPage = $dbAccess->WashParameter($idPage);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Sheck if session id is approved to see the page and edit the page.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Get info about this page.
$query = "SELECT * FROM {$tablePage} WHERE idPage = {$idPage};";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$style = $row->stylePage;
$header = $row->headerPage;
$result->close();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Fetch data about the page.
$query = "SELECT * FROM {$tableField} WHERE field_idPage = {$idPage};";
if ($result = $dbAccess->SingleQuery($query)) {
while ($row = $result->fetch_object()) {
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
//$intFilter->UserIsAuthorisedOrDie('adm'); //Must be adm to access the page.
/*
* Prepare the database.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
/*
* Process input if exists.
*/
$idAlbum = isset($_GET['album']) ? $_GET['album'] : NULL;
$idPicture = isset($_GET['pict']) ? $_GET['pict'] : NULL;
$idAlbum = $dbAccess->WashParameter($idAlbum);
$idPicture = $dbAccess->WashParameter($idPicture);
if ($debugEnable) {
$debug .= "idAlbum=" . $idAlbum . " idPicture=" . $idPicture . "<br /> \r\n";
}
/*
* Update the DB.
*/
$timeEditedAlbum = time();
$query = "\n UPDATE {$tableAlbum} SET \n signaturePictId = '{$idPicture}',\n timeEditedAlbum = '{$timeEditedAlbum}'\n WHERE idAlbum = '{$idAlbum}';\n";
$dbAccess->SingleQuery($query);
if ($debugEnable) {
$mainTextHTML = "<a title='Vidare' href='?p=glry'>\n <img src='../images/b_enter.gif' alt='Vidare' /></a>\n <br />\r\n";
} else {
// Annars hoppa vidare.
header('Location: ' . WS_SITELINK . "?p=glry");
//
$idPost = isset($_POST['idPost']) ? $_POST['idPost'] : NULL;
$titelPost = isset($_POST['titelPost']) ? $_POST['titelPost'] : NULL;
$textPost = isset($_POST['textPost']) ? $_POST['textPost'] : NULL;
$internPost = isset($_POST['internPost']) ? $_POST['internPost'] : 0;
$post_idPerson = $_SESSION['idUser'];
if ($debugEnable) {
$debug .= "idPost=" . $idPost . " idPerson=" . $post_idPerson . " titelPost=" . $titelPost . " textPost=" . $textPost . " internPost=" . $internPost . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Uppdatera idPost om den är satt annars skapa ett nytt inlägg.
$dbAccess = new CdbAccess();
$tableBlogg = DB_PREFIX . 'Blogg';
$tidPost = time();
//Tvätta inparametrarna.
$idPost = $dbAccess->WashParameter($idPost);
$internPost = $dbAccess->WashParameter($internPost);
$tagsAllowed = '<h1><h2><h3><h4><h5><h6><p><a><br><i><em><b><strong><li><ol>
<ul><a><style><font><span><img>';
$titelPost = $dbAccess->WashParameter(strip_tags($titelPost));
$textPost = $dbAccess->WashParameter(strip_tags($textPost, $tagsAllowed));
if ($idPost) {
$query = <<<QUERY
UPDATE {$tableBlogg} SET
post_idPerson = '{$post_idPerson}',
titelPost = '{$titelPost}',
textPost = '{$textPost}',
tidPost = '{$tidPost}',
internPost = '{$internPost}'
WHERE idPost = '{$idPost}';
QUERY;
// generated.
// From this page you are sent to PSaveChild and then to PMyPage.
// Input: 'id'
// Output: 'firstName', 'famillyNamn', 'birthDate', 'id', 'redirect' as POST.
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input.
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$idChild = isset($_GET['id']) ? $_GET['id'] : NULL;
$idChild = $dbAccess->WashParameter($idChild);
if ($debugEnable) {
$debug .= "Input: id=" . $idChild . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Fetch the present information regarding the child if the child exists.
$aChild = array("", "", "", "", "", "");
// Initiate arrayUser if we are going to generate a new account.
if ($idChild) {
$query = "SELECT * FROM {$tableChild} WHERE idChild = {$idChild};";
$result = $dbAccess->SingleQuery($query);
$aChild = $result->fetch_row();
if ($debugEnable) {
$debug .= "Child = " . print_r($aChild, TRUE) . "<br /> \n";
}
$result->close();
exit;
}
$mainTextHTML = "<div id='content'>";
if (isset($_POST['submitBtn'])) {
// If the submit button has been pressed, process the form information.
require_once 'src/maxImageUpload.class.php';
$maxPhoto = new maxImageUpload();
$result = TRUE;
$msg = "";
$error = "";
// Prepare the database.
$dbAccess = new CdbAccess();
$tablePicture = DB_PREFIX . 'Picture';
$tableAlbum = DB_PREFIX . 'Album';
// Get form values.
$namePicture = $dbAccess->WashParameter(strip_tags($_POST['mytitle']));
$descriptionPicture = $dbAccess->WashParameter(strip_tags($_POST['mydesc']));
// Register picture in DB and store the information.
$query = "\n INSERT INTO {$tablePicture} (\n picture_idAlbum, \n namePicture, \n descriptionPicture)\n VALUES (\n '{$idAlbum}', \n '{$namePicture}',\n '{$descriptionPicture}'\n );\n ";
$dbAccess->SingleQuery($query);
// Get the picture id.
$idPicture = $dbAccess->LastId();
if ($debugEnable) {
$debug .= "idPicture=" . $idPicture . " Type=" . $_FILES['myfile']['type'] . " Name=" . $_FILES['myfile']['name'] . "<br />\r\n";
}
//Check image type. Only jpeg images are allowed
if (strcasecmp($_FILES['myfile']['type'], 'image/pjpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpeg') && strcasecmp($_FILES['myfile']['type'], 'image/jpg')) {
$error = "Bara jpeg-bilder kan laddas upp!";
$result = false;
}
if ($result) {
$debug .= "row = " . $row . "<br /> \n";
}
if (preg_match("/-*-/", $row)) {
$header = trim(trim($row, "-*"));
}
} while (!feof($fh) && !$header);
if ($debugEnable) {
$debug .= "header = " . $header . "<br /> \n";
}
// Read the file row by row and fill the DB untill there is an empty row or
// eof.
$i = 0;
while (!feof($fh) && ($row = trim(fgets($fh, $maxTextLength)))) {
$segments = explode($delimiter, $row);
for ($j = 0; $j < count($segments); $j++) {
$segments[$j] = $dbAccess->WashParameter($segments[$j]);
}
if ($debugEnable) {
$debug .= "segments = " . print_r($segments, TRUE) . "<br />\r\n";
}
// Different querys dependent on the header.
switch ($header) {
case 'tableBostad':
$query = "\n INSERT INTO {$tableBostad} (\n idBostad, \n telefonBostad, \n adressBostad, \n stadsdelBostad, \n postnummerBostad, \n statBostad)\n VALUES (\n '{$segments[0]}', \n '{$segments[1]}', \n '{$segments[2]}', \n '{$segments[3]}', \n '{$segments[4]}', \n '{$segments[5]}'\n );\n ";
break;
case 'tablePerson':
$query = "\n INSERT INTO {$tablePerson} (\n idPerson, \n accountPerson, \n passwordPerson, \n behorighetPerson, \n fornamnPerson, \n efternamnPerson, \n ePostPerson, \n mobilPerson, \n person_idBostad, \n senastInloggadPerson)\n VALUES (\n '{$segments[0]}', \n '{$segments[1]}', \n '{$segments[2]}', \n '{$segments[3]}', \n '{$segments[4]}', \n '{$segments[5]}', \n '{$segments[6]}', \n '{$segments[7]}', \n '{$segments[8]}', \n '{$segments[9]}'\n );\n ";
break;
case 'tableFunktionar':
$query = "\n INSERT INTO {$tableFunktionar} (\n idFunktion, \n funktionar_idPerson, \n funktionFunktionar)\n VALUES (\n '{$segments[0]}', \n '{$segments[1]}', \n '{$segments[2]}'\n );\n ";
break;
$buttons->addElement('static', 'cancelButton')->setContent('<a title="Avbryt" href="?p=main" >
<img src="../images/b_cancel.gif" alt="Avbryt" /></a>');
/*
* Behandla informationen i formuläret.
*/
// Ta bort 'space' först och sist på alla värden.
$form->addRecursiveFilter('trim');
$mainTextHTML = "";
if ($form->validate()) {
// Om sidan är riktigt ifylld.
// Förbered databasen
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
//Tvätta inparametrarna.
$formValues = $form->getValue();
$eMailAdr = $dbAccess->WashParameter($formValues['ePost']);
// Skapa ett slumplösenord.
$min = 5;
// minimum length of password
$max = 10;
// maximum length of password
$pwd = "";
// to store generated password
for ($i = 0; $i < rand($min, $max); $i++) {
$num = rand(48, 122);
if ($num > 97 && $num < 122) {
$pwd .= chr($num);
} else {
if ($num > 65 && $num < 90) {
$pwd .= chr($num);
} else {
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
$intFilter->UserIsAuthorisedOrDie('adm');
//Must be adm to access the page.
/*
* Prepare the data base.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
/*
* Handle input to the page.
*/
$accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL;
$fornamnPerson = isset($_POST['fornamn']) ? $_POST['fornamn'] : NULL;
$efternamnPerson = isset($_POST['efternamn']) ? $_POST['efternamn'] : NULL;
$accountPerson = $dbAccess->WashParameter($accountPerson);
$fornamnPerson = $dbAccess->WashParameter($fornamnPerson);
$efternamnPerson = $dbAccess->WashParameter($efternamnPerson);
if ($debugEnable) {
$debug .= $accountPerson . $fornamnPerson . $efternamnPerson . "<br />\r\n";
}
/*
* Definiera query utifrån sökkriterie.
*/
$query = "SELECT * FROM {$tablePerson} ";
if ($accountPerson) {
$query .= "WHERE accountPerson LIKE '%{$accountPerson}%'";
} elseif ($efternamnPerson) {
$query .= "WHERE efternamnPerson LIKE '%{$efternamnPerson}%'";
} elseif ($fornamnPerson) {
$query .= "WHERE fornamnPerson LIKE '%{$fornamnPerson}%'";
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
//
$accountUser = isset($_POST['account']) ? $_POST['account'] : NULL;
$firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL;
if ($debugEnable) {
$debug .= $accountUser . $firstNameUser . $familyNameUser . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Query the database and clean input.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$accountUser = $dbAccess->WashParameter($accountUser);
$firstNameUser = $dbAccess->WashParameter($firstNameUser);
$familyNameUser = $dbAccess->WashParameter($familyNameUser);
$query = "SELECT * FROM {$tableUser} ";
if ($accountUser) {
$query .= "WHERE accountUser LIKE '%{$accountUser}%'";
} elseif ($familyNameUser) {
$query .= "WHERE familyNameUser LIKE '%{$familyNameUser}%'";
} elseif ($firstNameUser) {
$query .= "WHERE firstNameUser LIKE '%{$firstNameUser}%'";
}
$query .= " ORDER BY familyNameUser;";
$result = $dbAccess->SingleQuery($query);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare a table
// Headers
if (!isset($nextPage)) {
die('Direct access to the page is not allowed.');
}
$intFilter = new CAccessControl();
$intFilter->UserIsSignedInOrRedirect();
/*
* Prepare the data base.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableRelationon = DB_PREFIX . 'Relation';
/*
* Handle input to the page.
*/
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br />\r\n";
}
/*
* Kontrollera om personen har behörighet till sidan, d v s är personen på
* sidan, målsman till personen på sidan eller adm.
*/
$showPage = FALSE;
if ($idPerson == $_SESSION['idUser']) {
$showPage = TRUE;
}
if ($_SESSION['authorityUser'] == "adm") {
$showPage = TRUE;
}
// Kontrollera om SESSION idUser är målsman till idPerson.
// Output:
//
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
$idUser = isset($_GET['id']) ? $_GET['id'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
if ($debugEnable) {
$debug .= "Input: idUser="******"<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Remove the user from all tables.
$totalStatements = 1;
$query = <<<QUERY
DELETE FROM {$tableUser} WHERE idUser = '******';
QUERY;
// Uppdate with code for removing everything related to the user.
$statements = $dbAccess->MultiQueryNoResultSet($query);
if ($debugEnable) {
$debug .= "{$statements} statements av {$totalStatements} kördes.<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check that the page is reached from the front controller and authority etc.
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input and query the database.
//
$dbAccess = new CdbAccess();
$tableChild = DB_PREFIX . 'Child';
$idChild = isset($_POST['id']) ? $_POST['id'] : NULL;
$firstNameChild = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$famillyNameChild = isset($_POST['famillyName']) ? $_POST['famillyName'] : NULL;
$birthDateChild = isset($_POST['birthDate']) ? $_POST['birthDate'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
$idChild = $dbAccess->WashParameter($idChild);
$firstNameChild = $dbAccess->WashParameter(strip_tags($firstNameChild));
$famillyNameChild = $dbAccess->WashParameter(strip_tags($famillyNameChild));
$birthDateChild = $dbAccess->WashParameter(strip_tags($birthDateChild));
$idUser = $_SESSION['idUser'];
if ($idChild) {
// If the child exists check that it's the users child and update the database.
$query = "SELECT child_idUser FROM {$tableChild} WHERE idChild = {$idChild};";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$result->close();
if ($idUser != $row->child_idUser) {
$_SESSION['errorMessage'] = "Du har inte behörighet att ändra informationen om det här barnet";
header('Location: ' . WS_SITELINK . "?p=main");
exit;
}
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('fnk');
// Måste vara minst funktionär för att nå sidan.
///////////////////////////////////////////////////////////////////////////////////////////////////
// Input till sidan plus rensa bort HTML-taggar.
//
$idPost = isset($_GET['idPost']) ? $_GET['idPost'] : NULL;
$post_idPerson = $_SESSION['idUser'];
if ($debugEnable) {
$debug .= "Input: idPost=" . $idPost . ", post_idPerson=" . $post_idPerson . "<br /> \n";
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Radera idPost från databasen om du är ägare eller adm.
$dbAccess = new CdbAccess();
$tableBlogg = DB_PREFIX . 'Blogg';
$idPost = $dbAccess->WashParameter($idPost);
// Kolla först om du är ägare till posten.
$query = "SELECT post_idPerson FROM {$tableBlogg} WHERE idPost = '{$idPost}'";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$postOwner = $row->post_idPerson;
$result->close();
if ($_SESSION['idUser'] == $postOwner || $_SESSION['authorityUser'] == "adm") {
$query = "DELETE FROM {$tableBlogg} WHERE idPost = '{$idPost}'";
$dbAccess->SingleQuery($query);
}
///////////////////////////////////////////////////////////////////////////////////////////////////
// Redirect to another page
//
// Om i debugmode så visa och avbryt innan redirect.
if ($debugEnable) {
$intFilter->UserIsSignedInOrRedirect();
/*
* Förbered databasen.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableBostad = DB_PREFIX . 'Bostad';
$tableFunktionar = DB_PREFIX . 'Funktionar';
$tableElev = DB_PREFIX . 'Elev';
$tableMalsman = DB_PREFIX . 'Malsman';
$tableRelation = DB_PREFIX . 'Relation';
/*
* Tag hand om inparametrar till sidan.
*/
$idPerson = isset($_GET['id']) ? $_GET['id'] : NULL;
$idPerson = $dbAccess->WashParameter($idPerson);
if ($debugEnable) {
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br /> \n";
}
/*
* Kontrollera om personen har behörighet till sidan, d v s är personen på
* sidan, målsman till personen på sidan eller adm. Om inte avbryt.
*/
$showPage = FALSE;
if ($idPerson == $_SESSION['idUser']) {
$showPage = TRUE;
}
if ($_SESSION['authorityUser'] == "adm") {
$showPage = TRUE;
}
// Kontrollera om SESSION idUser är målsman till idPerson.
//Spara hitCounter innan vi dödar sessionen.
require_once TP_SOURCE . 'FDestroySession.php';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Ta hand om inparametrar till sidan.
$accountPerson = isset($_POST['account']) ? $_POST['account'] : NULL;
$passwordPerson = isset($_POST['password']) ? $_POST['password'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main';
if ($debugEnable) {
$debug .= "Input: account={$accountPerson} password={$passwordPerson} redirect={$redirect}<br /> \n";
}
// Förbered databasen.
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableFunktionar = DB_PREFIX . 'Funktionar';
// Tvätta inparametrarna.
$accountPerson = $dbAccess->WashParameter($accountPerson);
$passwordPerson = $dbAccess->WashParameter($passwordPerson);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kolla om account med det lösenordet finns i databasen och använd resultatet för att skapa en
// session med userId, userPassword och behörighet.
$query = <<<Query
SELECT * FROM {$tablePerson}
WHERE
\taccountPerson = '{$accountPerson}' AND
\tpasswordPerson \t= md5('{$passwordPerson}')
;
Query;
session_start();
// Återstartar efter stängningen ovan.
session_regenerate_id();
$_SESSION["hitCounter"] = $hitCounter;
if ($debugEnable) {
$debug .= "row = " . $row . "<br /> \n";
}
if (preg_match("/-*-/", $row)) {
$header = trim(trim($row, "-*"));
}
} while (!feof($fh) && !$header);
if ($debugEnable) {
$debug .= "header = " . $header . "<br /> \n";
}
//Write row by row to the DB untill an empty row or an eof.
$i = 0;
while (!feof($fh) && ($row = trim(fgets($fh)))) {
$row = explode($delimiter, $row);
for ($i = 0; $i < count($row); $i++) {
$row[$i] = $dbAccess->WashParameter($row[$i]);
}
if ($debugEnable) {
$debug .= "row = " . print_r($row, TRUE) . "<br /> \n";
}
// Different querys depending on the header.
switch ($header) {
case 'tableUser':
$query = <<<Query
INSERT INTO {$tableUser} (idUser, accountUser, passwordUser, authorityUser, firstNameUser,
familyNameUser, email1User, email2User)
VALUES ('{$row[0]}', '{$row[1]}', '{$row[2]}', '{$row[3]}', '{$row[4]}', '{$row[5]}', '{$row[6]}', '{$row[7]}');
Query;
break;
case 'tableChild':
$query = <<<Query
$idAlbum = isset($_GET['id']) ? $_GET['id'] : NULL;
if ($debugEnable) {
$debug .= "idAlbum: " . $idAlbum . "<br /> \r\n";
}
/*
* Prepare the database.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
/*
* If $idAlbum exists the DB will be updated. Get the existing info.
*/
if ($idAlbum) {
$idAlbum = $dbAccess->WashParameter($idAlbum);
$query = "SELECT * FROM {$tableAlbum} WHERE idAlbum = {$idAlbum};";
$result = $dbAccess->SingleQuery($query);
$arrayAlbum = $result->fetch_row();
$result->close();
} else {
// Clear all parameters if a new user will be created.
$arrayAlbum = array("", "", "", "", "", "", "");
}
/*
* Create the form with QuickForm2.
*/
require_once 'HTML/QuickForm2.php';
require_once 'HTML/QuickForm2/Renderer.php';
// Point back to the same page for validation.
$formAction = WS_SITELINK . "?p=edit_alb&id=" . $idAlbum;
$hitCounter = $_SESSION["hitCounter"];
//Spara hitCounter innan vi dödar sessionen.
require_once TP_SOURCEPATH . 'FDestroySession.php';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Take care of input to the page.
$accountUser = isset($_POST['account']) ? $_POST['account'] : NULL;
$passwordUser = isset($_POST['password']) ? $_POST['password'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : 'main';
if ($debugEnable) {
$debug .= "Input: account={$accountUser} password={$passwordUser} redirect={$redirect}<br /> \n";
}
// Prepare the database.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
// Clean input.
$accountUser = $dbAccess->WashParameter($accountUser);
$passwordUser = $dbAccess->WashParameter($passwordUser);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Check if an account with this password exists in the database and if so start a new session with
// userId, userPassword and authority.
$query = <<<Query
SELECT * FROM {$tableUser}
WHERE
\taccountUser = '******' AND
\tpasswordUser \t= md5('{$passwordUser}')
;
Query;
session_start();
// Restart the session after closing abowe.
session_regenerate_id();
$_SESSION["hitCounter"] = $hitCounter;
$intFilter = new CAccessControl();
$intFilter->FrontControllerIsVisitedOrDie();
$intFilter->UserIsSignedInOrRedirectToSignIn();
$intFilter->UserIsAuthorisedOrDie('adm');
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database and clean input and query the database.
//
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
$idUser = isset($_POST['id']) ? $_POST['id'] : NULL;
$firstNameUser = isset($_POST['firstName']) ? $_POST['firstName'] : NULL;
$familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL;
$eMail1User = isset($_POST['eMail1']) ? $_POST['eMail1'] : NULL;
$eMail2User = isset($_POST['eMail2']) ? $_POST['eMail2'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
$firstNameUser = $dbAccess->WashParameter(strip_tags($firstNameUser));
$familyNameUser = $dbAccess->WashParameter(strip_tags($familyNameUser));
$eMail1User = $dbAccess->WashParameter(strip_tags($eMail1User));
$eMail2User = $dbAccess->WashParameter(strip_tags($eMail2User));
$query = <<<QUERY
UPDATE {$tableUser} SET
firstNameUser = '******',
familyNameUser = '******',
eMail1User = '******',
eMail2User = '******'
WHERE idUser = '******';
QUERY;
$dbAccess->SingleQuery($query);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Redirect to another page
///////////////////////////////////////////////////////////////////////////////////////////////////
// Prepare the database.
$dbAccess = new CdbAccess();
$tableUser = DB_PREFIX . 'User';
///////////////////////////////////////////////////////////////////////////////////////////////////
// Get account input for the user, clean the parameters, check if the user exists ($idUser is set)
// and update the database.
$idUser = isset($_POST['id']) ? $_POST['id'] : NULL;
$accountUser = isset($_POST['account']) ? $_POST['account'] : NULL;
$password1User = isset($_POST['password1']) ? $_POST['password1'] : NULL;
$password2User = isset($_POST['password2']) ? $_POST['password2'] : NULL;
$authorityUser = isset($_POST['authority']) ? $_POST['authority'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
$send = isset($_POST['send']) ? $_POST['send'] : NULL;
// Clean the input parameters.
$idUser = $dbAccess->WashParameter($idUser);
$accountUser = $dbAccess->WashParameter(strip_tags($accountUser));
$authorityUser = $dbAccess->WashParameter(strip_tags($authorityUser));
$password1User = $dbAccess->WashParameter(strip_tags($password1User));
// If the password is not entered or they are different then exit and go to edit_account.
if (!$idUser) {
$redirect = "edit_account";
}
if (!$password1User || $password1User != $password2User) {
$_SESSION['errorMessage'] = "Fel på lösenordet!";
header("Location: " . WS_SITELINK . $redirect);
exit;
}
if ($idUser) {
// If the user exists update the database.
$query = <<<QUERY
