示例#1
0
文件: usereg.php 项目: uhtoff/eCRF
<?php

$showSearch = true;
if (isset($_POST['userSelect']) && is_numeric($_POST['userSelect'])) {
    $userEdit = new eCRFUser($_POST['userSelect']);
    if ($userEdit->get('email') && $userEdit->getPrivilege() >= $user->getPrivilege()) {
        $showSearch = false;
        echo "<h4>Edit the user's details below</h4>";
        $form = new HTMLForm('process.php', 'post');
        $fields = $trial->getFormFields($page);
        $form->processFields($fields, $userEdit);
        if (isset($_SESSION['inputErr'])) {
            // If any errors then add them to the form
            $form->addErrors($_SESSION['inputErr']);
            unset($_SESSION['inputErr']);
        }
        $centre = new Data($userEdit->getCentre(), 'Centre');
        $form->addInputValue('usereg-country', $centre->get('country_id'));
        $form->addInput('hidden', 'userID', $userEdit->getID());
        $form->addInput('hidden', 'page', $page);
        $form->addInput('hidden', 'deleteUser', 'false');
        $form->addButton('Delete', array('btn-danger', 'hidden'));
        $form->addCancelButton('index.php?page=usereg');
        $_SESSION['csrfToken'] = $token = base64_encode(openssl_random_pseudo_bytes(32));
        $form->addInput('hidden', 'csrfToken', $token);
        echo $form->writeHTML();
    }
}
if ($showSearch) {
    $sql = "SELECT *, user.id as userID, centre.name as centreName, country.name as countryName, privilege.name as privilegeName, privilege_id FROM user\n        LEFT JOIN centre ON centre_id = centre.id\n        LEFT JOIN country ON country_id = country.id\n        LEFT JOIN privilege ON privilege_id = privilege.id";
    if ($user->isLocal()) {