require 'password_crypto.php';
//Hash the password using default Cobalt password hashing technique
$hashed_password = cobalt_password_hash('NEW', $password, $username, $new_salt, $new_iteration, $new_method);
$arr_form_data['password'] = $hashed_password;
$arr_form_data['salt'] = $new_salt;
$arr_form_data['iteration'] = $new_iteration;
$arr_form_data['method'] = $new_method;
$arr_form_data['role_id'] = 3;
$arr_form_data['skin_id'] = 1;
require_once 'subclasses/user.php';
$dbh_user = new user();
$dbh_user->add($arr_form_data);
//Permissions from role, if role was chosen
if ($arr_form_data['role_id'] != '') {
$db = new data_abstraction();
$db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($arr_form_data['role_id']) . "'");
}
redirect("notification.php");
}
}
if ($arr_form_data['region'] != "") {
$chosen_region = $arr_form_data['region'];
}
if ($arr_form_data['province'] != "") {
$chosen_province = $arr_form_data['province'];
}
if ($arr_form_data['city'] != "") {
$chosen_city = $arr_form_data['city'];
}
if ($arr_form_data['barangay'] != "") {
$chosen_barangay = $arr_form_data['barangay'];
function draw_select_field_from_query_mf($param, $cntr)
{
$detail_view = $this->detail_view;
$query = '';
$list_value = '';
$list_items = '';
$form_control_name = '';
$extra = '';
$list_separators = '';
//$query, $list_value, $list_items, $form_control_name='', $extra=''
/*
if(isset($param[0])) $query = $param[0];
if(isset($param[1])) $list_value = $param[1];
if(isset($param[2])) $list_items = $param[2];
if(isset($param[3])) $form_control_name = $param[3];
if(isset($param[4])) $extra = $param[4];
if(isset($param[5])) $list_separators = $param[5];
*/
if (isset($param[0])) {
$query = $param[0]['query'];
$list_value = $param[0]['list_value'];
$list_items = $param[0]['list_items'];
$list_separators = $param[0]['list_separators'];
}
if (isset($param[1])) {
$form_control_name = $param[1];
}
if (isset($param[2])) {
$extra = $param[2];
}
//The query may have the "{[ ]}" marking, which means get the current value (using cntr) of the variable which is named
//inside the {[ ]}
//For example, a query with "WHERE myfield = '{[status]}'" in it means the actual query to be executed should be:
// WHERE myfield = '$status[$cntr]'
while ($start_replace = strpos($query, '{[', 0)) {
$end_replace = strpos($query, ']}', $start_replace);
if ($end_replace > $start_replace) {
$query_part1 = substr($query, 0, $start_replace);
$query_part2 = substr($query, $end_replace + 2, strlen($query));
$var_length = $end_replace - ($start_replace + 2);
$variable = substr($query, $start_replace + 2, $var_length);
global ${$variable};
$query = $query_part1 . ${$variable}[$cntr] . $query_part2;
}
}
global ${$form_control_name};
init_var(${$form_control_name}[$cntr]);
$num_display = count($list_items);
if ($detail_view != TRUE) {
++$this->tabindex;
echo "<select name='{$form_control_name}" . "[{$cntr}]' tabindex='{$this->tabindex}' {$extra}>\r\n";
if (isset($this->fields[$form_control_name]['drop_down_has_blank'])) {
if ($this->fields[$form_control_name]['drop_down_has_blank']) {
echo "<option></option>\r\n";
}
} elseif ($this->drop_down_has_blank) {
echo "<option></option>\r\n";
}
}
$data_con = new data_abstraction();
$data_con->query = $query;
if ($result = $data_con->execute_query('', LOG_SELECT_QUERIES)->result) {
while ($data = $result->fetch_assoc()) {
extract($data);
$selected = '';
if ((string) ${$form_control_name}[$cntr] == (string) ${$list_value}) {
$selected = 'selected';
}
$dropdown_item_entry = '';
for ($a = 0; $a < $num_display; ++$a) {
if (${$list_items[$a]} != '') {
init_var($list_separators[$a]);
if ($list_separators[$a] == '') {
$list_separators[$a] = ' ';
}
$dropdown_item_entry .= ${$list_items[$a]} . $list_separators[$a];
}
}
if ($detail_view != TRUE) {
echo '<option value="' . cobalt_htmlentities(${$list_value}) . '" ' . $selected . '>' . $dropdown_item_entry . '</option>' . "\r\n";
} else {
if (trim($dropdown_item_entry) == '') {
$dropdown_item_entry = ' ';
}
if ($selected == 'selected') {
echo nl2br($dropdown_item_entry) . "\r\n";
}
}
}
} else {
die($data_con->error);
}
if ($detail_view != TRUE) {
echo "</select>\r\n";
}
return $this;
}
$dbh = new data_abstraction();
$dbh->set_query_type('DELETE');
$dbh->set_table('user_passport');
$dbh->set_where("username='******'");
$dbh->make_query();
$dbh->close_db();
//Update user's assigned role
$dbh = new data_abstraction();
$dbh->set_query_type('UPDATE');
$dbh->set_table('user');
$dbh->set_update("role_id='" . quote_smart($role) . "'");
$dbh->set_where("username='******'");
$dbh->make_query();
$dbh->close_db();
//Assign role permissions
$dbh->execute_query("INSERT `user_passport` SELECT '" . quote_smart($Username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role) . "'");
} else {
//Since non-exclusive, set user's role to 0 (no role assigned)
$dbh = new data_abstraction();
$dbh->set_query_type('UPDATE');
$dbh->set_table('user');
$dbh->set_update("role_id='0'");
$dbh->set_where("username='******'");
$dbh->make_query();
$dbh->close_db();
//Get the role permissions
require_once 'subclasses/user_role_links.php';
$obj_role = new user_role_links();
$obj_role->get_user_role_links($role);
$arrLink = $obj_role->dump['link_id'];
$numLinks = $obj_role->num_rows;
redirect("listview_user.php?{$query_string}");
}
if ($_POST['btn_submit']) {
log_action('Pressed submit button', $_SERVER['PHP_SELF']);
$message .= $dbh_user->sanitize($arr_form_data)->lst_error;
extract($arr_form_data);
if ($dbh_user->check_uniqueness_for_editing($arr_form_data)->is_unique) {
//Good, no duplicate in database
} else {
$message = "Record already exists with the same primary identifiers!";
}
if ($message == "") {
$dbh_user->edit($arr_form_data);
//Permissions from role, if role was chosen
if ($role_id != '') {
$db = new data_abstraction();
$db->execute_query("DELETE FROM user_passport WHERE username = '******'");
$db->execute_query("INSERT `user_passport` SELECT '" . quote_smart($username) . "', `link_id` FROM user_role_links WHERE role_id='" . quote_smart($role_id) . "'");
}
redirect("listview_user.php?{$query_string}");
}
}
}
require 'subclasses/user_html.php';
$html = new user_html();
$html->draw_header('Edit User', $message, $message_type);
$html->draw_listview_referrer_info($filter_field_used, $filter_used, $page_from, $filter_sort_asc, $filter_sort_desc);
$html->draw_hidden('orig_username');
$html->exception = array('password');
$html->draw_controls('edit');
$html->draw_footer();
