sql_fetchrow($db->sql_query("SELECT user_level FROM ".$prefix."_users WHERE username='$aid'"));
if($row2['user_level'] == 1) { // if user_level=1 => administrator
//================================= Admins =================================
function displayAdmins() {
global $prefix, $db, $aid, $admin, $admin_file, $message, $minpass;
define('NO_EDITOR',1); //turn off editor
include("header_login.php");
GraphicAdmin();
$query = "SELECT * FROM " . $prefix . "_users WHERE username='".$admin[0]."'";
$result = $db->sql_query($query);
$numrows = $db->sql_numrows($result);
if($numrows>0) {
$userinfo = $db->sql_fetchrow($result);
$user_id = intval($userinfo['user_id']);
$username = $userinfo['username'];
$user_password = $userinfo['user_password'];
$user_selftitle = $userinfo['user_selftitle'];
$user_firstname = $userinfo['user_firstname'];
$user_lastname = $userinfo['user_lastname'];
$user_position = $userinfo['user_position'];
$user_department = $userinfo['user_department'];
$user_org = $userinfo['user_org'];
$user_phone = $userinfo['user_phone'];
$user_phone2 = $userinfo['user_phone2'];
$user_fax = $userinfo['user_fax'];
$user_mobile = $userinfo['user_mobile'];
$user_street = $userinfo['user_street'];
$user_suburb = $userinfo['user_suburb'];
$user_state = $userinfo['user_state'];
$user_country = $userinfo['user_country'];
$user_postcode = $userinfo['user_postcode'];
$user_email = $userinfo['user_email'];
$user_email2 = $userinfo['user_email2'];
$user_website = $userinfo['user_website'];
$user_regdate = $userinfo['user_regdate'];
OpenTable();
echo "Home >> Edit Administrator Info";
echo "
";
if($message!=""){
echo "$message
";
}
echo "Please enter a value for the First Name and Last Name or Organisation field!
";
echo ""._YOUPASSMUSTBE . " $minpass "._CHARLONG."
";
echo "" . _PASSDIFFERENT . "
";
echo "Please enter a complete email address in format: yourname@yourdomain.com!
";
echo "
";
echo "";
CloseTable();
} else {
OpenTable();
echo "" . _USERNOEXIST . "
"
."" . _GOBACK . "";
CloseTable();
}
include("footer.php");
}
function updateAdmins($params=null){
global $prefix, $db, $admin_file;
$params['USER_ID'] = intval($params['USER_ID']);
if(($params['USERNAME']!=$params['OLD_USERNAME'])) {
$result = $db->sql_query("SELECT user_id FROM ".$prefix."_users WHERE username='".$params['USER_NAME']."'");
if ($db->sql_numrows($result)>0) {
$existuser = $db->sql_fetchrow($result);
global $message;
$message = _USERALREADYEXISTS. " [ Click here to view user details ]";
displayAdmins();
}
}
if((($params['USER_FIRSTNAME']!=$params['OLD_USER_FIRSTNAME']) || ($params['USER_LASTNAME']!=$params['OLD_USER_LASTNAME'])) && (trim($params['USER_FIRSTNAME']) && $params['USER_LASTNAME'])) {
$result = $db->sql_query("SELECT user_id FROM ".$prefix."_users WHERE user_firstname='".$params['USER_FIRSTNAME']."' AND user_lastname='".$params['USER_LASTNAME']."'");
if ($db->sql_numrows($result)>0) {
$existuser = $db->sql_fetchrow($result);
global $message;
$message = _USERALREADYEXISTS. " [ Click here to view user details ]";
displayAdmins();
}
}
$tmp = 0;
if ($params['CHNG_PASSWORD'] != "") {
if($params['USER_PASSWORD'] != $params['CHNG_PASSWORD']) {
global $message;
$message = _PASSWDNOMATCH;
modifyUser($params['USER_ID']);
}
$tmp = 1;
}
if ($tmp == 0) {
$user_last_update = date('Y-m-d H:i:s', time());
$arrayField=array( "user_id" =>'null',
"username" => $params['USERNAME'],
"user_selftitle" => $params['USER_SELFTITLE'],
"user_firstname" => $params['USER_FIRSTNAME'],
"user_lastname" => $params['USER_LASTNAME'],
"user_position" => $params['USER_POSITION'],
"user_department" => $params['USER_DEPARTMENT'],
"user_org" => $params['USER_ORG'],
"user_phone" => $params['USER_PHONE'],
"user_phone2" => $params['USER_PHONE2'],
"user_fax" => $params['USER_FAX'],
"user_mobile" => $params['USER_MOBILE'],
"user_street" => $params['USER_STREET'],
"user_suburb" => $params['USER_SUBURB'],
"user_state" => $params['USER_STATE'],
"user_country" => $params['USER_COUNTRY'],
"user_postcode" => $params['USER_POSTCODE'],
"user_email" => $params['USER_EMAIL'],
"user_email2" => $params['USER_EMAIL2'],
"user_website" => $params['USER_WEBSITE'],
"user_last_update" => $user_last_update);
update_record($prefix."_users",$params['USER_ID'],$arrayField);
}
if ($tmp == 1) {
$cpass = md5($params['USER_PASSWORD'] . $params['USER_REGDATE']);
$user_last_update = date('Y-m-d H:i:s', time());
$arrayField=array( "user_id" =>'null',
"username" => $params['USERNAME'],
"user_password" => $cpass,
"user_selftitle" => $params['USER_SELFTITLE'],
"user_firstname" => $params['USER_FIRSTNAME'],
"user_lastname" => $params['USER_LASTNAME'],
"user_position" => $params['USER_POSITION'],
"user_department" => $params['USER_DEPARTMENT'],
"user_org" => $params['USER_ORG'],
"user_phone" => $params['USER_PHONE'],
"user_phone2" => $params['USER_PHONE2'],
"user_fax" => $params['USER_FAX'],
"user_mobile" => $params['USER_MOBILE'],
"user_street" => $params['USER_STREET'],
"user_suburb" => $params['USER_SUBURB'],
"user_state" => $params['USER_STATE'],
"user_country" => $params['USER_COUNTRY'],
"user_postcode" => $params['USER_POSTCODE'],
"user_email" => $params['USER_EMAIL'],
"user_email2" => $params['USER_EMAIL2'],
"user_website" => $params['USER_WEBSITE'],
"user_last_update" => $user_last_update);
update_record($prefix."_users",$params['USER_ID'],$arrayField);
}
$sql = "SELECT user_id, user_regdate, username, user_password, user_lang, user_lastvisit FROM ".$prefix."_users WHERE username='".$params['USERNAME']."'";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) == 1) {
$userinfo = $db->sql_fetchrow($result);
$aid = $userinfo['username'];
$salt = $userinfo['user_regdate'];
$pwd = $userinfo['user_password'];
$admlanguage = addslashes($userinfo['user_lang']);
$date_last=date('d/m/Y', strtotime($userinfo['user_lastvisit']));
$hour_last=date('H', strtotime($userinfo['user_lastvisit']));
$min_last=date('i', strtotime($userinfo['user_lastvisit']));
$admin = base64_encode("$aid:$pwd:$admlanguage:$date_last:$hour_last:$min_last");
//set cookie here
setcookie("admin","$admin",time()+1200); // set to 20 minutes
} else {
echo ""._SOMETHINGWRONG."
";
}
global $message;
$message = "Record%20Updated%20!";
Header("Location: admin.php?op=displayAdmins&message=$message");
}
//================================================================
//================================================================
//====================== NEW MAIL OUT FUNCTIONS ==================
function listEmails($list_by,$email_op,$user_email) {
global $prefix, $db, $admin, $admin_file, $message, $minpass;
define('NO_EDITOR',1); //turn off editor
include("header_login.php");
GraphicAdmin();
OpenTable();
echo "Home >> Email List:
ISA Mailing List:
ALL |
ANZSA";
/* |
Remove All Duplicated Emails
*/
echo "
";
If ($email_op == "Search"){
$query = "SELECT * FROM isa_email WHERE user_email LIKE '%".$user_email."%' ORDER BY user_email";
$result = $db->sql_query($query);
if ($db->sql_numrows($result) > 0){
echo "";
while ($row = $db->sql_fetchrow($result)) {
echo "| ";
echo $row['user_email'];
echo " |
Remove
|
";
}
echo "
";
}Else{
$message = "No Record Found.";
}
}Else If ($email_op == "remove"){
checkDuplicateEmail();
}Else{
If ($list_by != ""){
If ($list_by == "ALL"){
$query = "SELECT user_email FROM isa_email ORDER BY user_email";
}Else If ($list_by == "ANZSA"){
$query = "SELECT DISTINCT user_email FROM isa_email WHERE ".$list_by."= 1 ORDER BY user_email";
}
$result = $db->sql_query($query);
if ($db->sql_numrows($result) > 0) {
while ($row = $db->sql_fetchrow($result)) {
if($row[user_email]!=""){echo $row[user_email]."
";}
}
} else {
echo "No Email List Found";
}
}
}
if($message!=""){
echo "$message";
}
CloseTable();
include ("footer_login.php");
}
function updateEmails($user_id,$user_email,$email_type,$email_op){
If ($user_id != ""){
If ($email_op == "Update"){
Echo "Email Updated.";
listEmails();
}Else If ($email_op == "Delete"){
Echo "Email Deleted";
listEmails();
}Else{
Echo "No Email Found";
listEmails();
}
}Else{
Echo "No Email Found.";
listEmails();
}
}
function runQuery($query){
global $prefix, $db, $admin, $admin_file, $message, $minpass;
//echo $query ."
";
$db->sql_query($query);
}
function deleteEmails($email_id) {
global $prefix, $db, $admin, $admin_file, $message, $minpass;
$email_id = intval($email_id);
$query = "DELETE FROM isa_email WHERE user_id = ".$email_id;
runQuery($query);
$message = "Record Deleted!";
listEmails($list_by);
}
function emptyEmailTemp(){
global $prefix, $db, $admin, $admin_file, $message, $minpass;
$query = "DELETE FROM isa_email_temp";
$db->sql_query($query);
$query = "DELETE FROM isa_email WHERE user_email = '' OR user_email is Null";
$db->sql_query($query);
}
function insertBackupEmail(){
global $prefix, $db, $admin, $admin_file, $message, $minpass;
$query = "SELECT DISTINCT user_email FROM isa_email_temp";
$result = $db->sql_query($query);
if ($db->sql_numrows($result) > 0) {
while ($row = $db->sql_fetchrow($result)) {
$query1 = "INSERT INTO isa_email (user_email) VALUES ('".$row[user_email]."')";
runQuery ($query1);
}
$message = "Duplicate Emails Removed.";
} else {
$message = "No Matching Email Address Found";
}
}
function removeDuplicateEmail(){
global $prefix, $db, $admin, $admin_file, $message, $minpass;
$query2 = "SELECT DISTINCT user_email FROM isa_email_temp";
$result2 = $db->sql_query($query2);
if ($db->sql_numrows($result2) > 0) {
while ($row2 = $db->sql_fetchrow($result2)) {
$query2 = "DELETE FROM isa_email WHERE user_email = '".$row2[user_email]."'";
runQuery ($query2);
}
insertBackupEmail();
emptyEmailTemp();
} else {
$message = "No Matching Email Address Found";
}
}
function checkDuplicateEmail(){
global $prefix, $db, $admin, $admin_file, $message, $minpass;
$query = "SELECT DISTINCT A.user_email FROM isa_email AS A, isa_email AS B
WHERE A.user_email = B.user_email AND A.user_id <> B.user_id ORDER BY A.user_email";
$result = $db->sql_query($query);
if ($db->sql_numrows($result) > 0) {
while ($row = $db->sql_fetchrow($result)) {
$query1 = "INSERT INTO isa_email_temp (user_email) VALUES ('".$row[user_email]."')";
runQuery ($query1);
}
removeDuplicateEmail();
} else {
$message = "No Duplicate Emails Found";
}
}
function saveNewEmailList($user_email,$email_type){
global $prefix, $db, $admin, $admin_file, $message, $minpass,$email_type;
$query = "SELECT user_id,user_email FROM isa_email WHERE user_email = '".$user_email."'";
$result = $db->sql_query($query);
If ($db->sql_numrows($result) > 0) {
If ($email_type == "ANZSA"){
$query = "UPDATE isa_email SET ANZSA = 1 WHERE user_email = '".$user_email."'";
runQuery($query);
$message = "This Email is already in the list.";
}Else{
$message = "This Email is already in the list.";
}
}
Else{
If ($email_type == "ANZSA"){
$query = "INSERT INTO isa_email (user_email,ANZSA) VALUES ('".trim($user_email)."',1)";
}Else{
$query = "INSERT INTO isa_email (user_email,ANZSA) VALUES ('".trim($user_email)."',0)";
}
//echo $query;
runQuery ($query);
$message = "Email Saved.";
}
addEmailList();
}
function addEmailList(){
global $db, $admin_file, $prefix, $message;
define('NO_EDITOR',1);
include("header_login.php");
GraphicAdmin();
OpenTable();
echo "Home >> Add Email";
echo "
";
if($message!=""){echo "$message";}
CloseTable();
Include("footer_login.php");
}
function addNewMail(){
global $db, $admin_file, $prefix, $message;
define('NO_EDITOR',1);
include("header_login.php");
GraphicAdmin();
OpenTable();
echo "
";
CloseTable();
Include("footer.php");
}
function sendMailOut()
{
global $db, $admin_file, $prefix, $message;
include("header_login.php");
GraphicAdmin();
$subject = $_POST['Subject'];
$recipient = $_POST['ToEmail'];
$FromEmail = $_POST['FromEmail'];
$SendMessage = $_POST['Message'];
$_ARRAY_RECIPIENT = split(",",$_POST['ToEmail']);
OpenTable();
//echo $SendMessage;
foreach($_ARRAY_RECIPIENT as $key => $value){
TO_SEND_EMAIL($subject,$value,$FromEmail,$SendMessage);
}
CloseTable();
Include("footer.php");
}
function TO_SEND_EMAIL($subject,$recipient,$FromEmail,$SendMessage){
$dateSend = date('d/m/Y');
$headers = 'MIME-Version: 1.0' . "\r\n";
$headers .= 'Content-type: text/html; charset=iso-8859-1' . "\r\n";
$headers .= 'From: '.$FromEmail."\r\n";
if(mail($recipient, $subject, $SendMessage, $headers)){
echo "Email to : ".$recipient." has been sent at:".date("h:i:s a")."
";
}
else{
echo "Email Failed";
}
}
//================================================================
//================================================================
//======================= Activity Log ===========================
function displayLogs() {
global $db, $prefix, $admin_file, $message;
include("header_login.php");
GraphicAdmin();
OpenTable();
echo "Home >> "._LOGLIST ;
echo "
";
if($message!=""){
echo "$message
";
}
echo "
";
if(is_null($order_by)) {
$query = "SELECT * FROM ".$prefix."_log ORDER BY 'log_date' DESC, 'log_id' DESC";
}
$query_result = $db->sql_query($query);
echo "";
if ($db->sql_numrows($query_result) > 0) {
echo "| "._LOGREGDATE." | "
.""._LOGTITLE." | "
." |
";
$i=1;
while ($row = $db->sql_fetchrow($query_result)) {
$log_id = intval($row['log_id']);
$log_date = date('d/m/Y', strtotime($row['log_date']));
$log_title = $row['log_title'];
$sql = "SELECT user_firstname, user_lastname FROM ".$prefix."_users WHERE user_id='".$row['log_author']."'";
$result = $db->sql_query($sql);
$therow = $db->sql_fetchrow($result);
$log_author = $therow['user_firstname']." ".$therow['user_lastname'];
//check if column odd or event give different bgcolor
if(($i+1)%2==0) {
echo "";
}
else {
echo "
";
}
echo "| $log_date | ";
echo "$log_title ( $log_author ) ";
$sql = "SELECT log_details_id, log_update_date, log_by FROM ".$prefix."_log_details WHERE log_id='".$row['log_id']."' ORDER BY 'log_update_date' DESC";
$result = $db->sql_query($sql);
if ($db->sql_numrows($result) > 0) {
while ($therow = $db->sql_fetchrow($result)) {
$log_details_id = intval($therow['log_details_id']);
$log_update_date = date('d/m/Y H:i', strtotime($therow['log_update_date']));
$sql = "SELECT user_firstname, user_lastname FROM ".$prefix."_users WHERE user_id='".$therow['log_by']."'";
$resultname = $db->sql_query($sql);
$name = $db->sql_fetchrow($resultname);
if(($name['user_lastname'] && $name['user_firstname'])==""){
$log_by = "N/A";
} else {
$log_by = $name['user_firstname']." ".$name['user_lastname'];
}
echo "Comment On: ".$log_update_date." By: ".$log_by."";
echo "";
echo " - Edit | Delete";
echo " ";
} // end while
} // end if
echo " | ";
echo "[ Edit/Read ]
";
echo "[ "._DELETE." ] |
";
$i++;
} //end while
} else {
echo "No List of Discussion Found | ";
} //end if
echo "
";
CloseTable();
include("footer.php");
}
function editLogs($log_id) {
global $db, $admin_file, $prefix, $message;
define("NO_EDITOR",1);
include("header_login.php");
GraphicAdmin();
OpenTable();
$query = "SELECT * FROM ".$prefix."_log WHERE log_id='".$log_id."'";
$result = $db->sql_query($query);
if ($db->sql_numrows($result) == 1) {
echo "Home >> Discussion List >> Edit Discussion Subject";
echo "
";
if($message!=""){
echo "$message
";
}
echo "Please enter a value for the Title field!
";
echo "
";
$row = $db->sql_fetchrow($result);
$log_id = intval($row['log_id']);
$log_title = $row['log_title'];
echo "";
$sql = "SELECT log_update_date, log_comment, log_by FROM ".$prefix."_log_details WHERE log_id='".$log_id."' ORDER BY 'log_update_date' DESC";
$logs = $db->sql_query($sql);
if ($db->sql_numrows($logs) > 0) {
echo "";
while ($thelog = $db->sql_fetchrow($logs)) {
$sub_log_update_date = date('d/m/Y H:i', strtotime($thelog['log_update_date']));
$sub_log_comment=nl2br($thelog['log_comment']);
$queryname = "SELECT user_firstname, user_lastname FROM ".$prefix."_users WHERE user_id='".$thelog['log_by']."'";
$resultname = $db->sql_query($queryname);
$name = $db->sql_fetchrow($resultname);
if(($name['user_lastname'] && $name['user_firstname'])==""){
$sub_log_by = "N/A";
} else {
$sub_log_by = $name['user_firstname']." ".$name['user_lastname'];
}
echo ""._DATE.": ".$sub_log_update_date." By: ".$sub_log_by;
echo "";
}
}
}
else {
echo "| No List of Discussion Found |
";
}
CloseTable();
include("footer.php");
}
function editLogDetails($log_details_id) {
global $db, $admin_file, $prefix, $message;
define("NO_EDITOR",1);
include("header_login.php");
GraphicAdmin();
OpenTable();
$query = "SELECT * FROM ".$prefix."_log_details WHERE log_details_id='".$log_details_id."'";
$result = $db->sql_query($query);
if ($db->sql_numrows($result) == 1) {
echo "Home >> Discussion List >> Edit Discussion Comments";
echo "
";
if($message!=""){
echo "$message
";
}
echo "Please enter a value for the Comment field!
";
$row = $db->sql_fetchrow($result);
$log_details_id = intval($row['log_details_id']);
$log_id = intval($row['log_id']);
$log_update_date = date('d/m/Y H:i', strtotime($row['log_update_date']));
$log_comment = $row['log_comment'];
$log_by = $row['log_by'];
echo "";
$sql = "SELECT log_update_date, log_comment, log_by FROM ".$prefix."_log_details WHERE log_id='".$log_id."' AND log_details_id<>'".$log_details_id."' ORDER BY 'log_update_date' DESC";
$logs = $db->sql_query($sql);
if ($db->sql_numrows($logs) > 0) {
echo "| Other Discussion Comments: |
";
while ($thelog = $db->sql_fetchrow($logs)) {
$sub_log_update_date = date('d/m/Y H:i', strtotime($thelog['log_update_date']));
$sub_log_comment=nl2br($thelog['log_comment']);
$queryname = "SELECT user_firstname, user_lastname FROM ".$prefix."_users WHERE user_id='".$thelog['log_by']."'";
$resultname = $db->sql_query($queryname);
$name = $db->sql_fetchrow($resultname);
if(($name['user_lastname'] && $name['user_firstname'])==""){
$sub_log_by = "N/A";
} else {
$sub_log_by = $name['user_firstname']." ".$name['user_lastname'];
}
echo ""._DATE.": ".$sub_log_update_date." By: ".$sub_log_by;
echo "";
}
}
}
else {
echo "| No List of Discussion Found |
";
}
CloseTable();
include("footer.php");
}
function delLogs($log_id) {
global $prefix;
$log_id = intval($log_id);
delete_record($prefix. "_log","log_id",$log_id);
delete_record($prefix."_log_details","log_id",$log_id);
global $message;
$message = "Record Deleted !";
displayLogs();
}
function delLogDetails($log_details_id) {
global $prefix;
$log_details_id = intval($log_details_id);
delete_record($prefix."_log_details","log_details_id",$log_details_id);
global $message;
$message = "Record Deleted !";
displayLogs();
}
function saveLogs($params=null) {
global $db, $prefix;
if (!($params['LOG_TITLE'])) {
global $message;
$message = _NEEDTOCOMPLETE;
editLogs($params['LOG_ID']);
}
$arrayField=array("log_id" =>'null',
"log_type" =>$params['LOG_TYPE'],
"log_trial" =>$params['LOG_TRIAL'],
"log_review" =>$params['LOG_REVIEW'],
"log_short" =>$params['LOG_SHORT'],
"log_title" =>$params['LOG_TITLE'],
"log_client" =>$params['LOG_CLIENT']); // parse all field names & values
update_record($prefix."_log",$params['LOG_ID'],$arrayField);
global $message;
$message = "Record Updated !";
displayLogs();
}
function saveLogDetails($params=null) {
global $db, $prefix;
$arrayField=array("log_details_id" =>'null',
"log_id" =>$params['LOG_ID'],
"log_update_date" =>$params['LOG_UPDATE_DATE'],
"log_query" =>$params['LOG_QUERY'],
"log_action" =>$params['LOG_ACTION'],
"log_outcome" =>$params['LOG_OUTCOME'],
"log_comment" =>$params['LOG_COMMENT']); // parse all field names & values
update_record($prefix."_log_details",$params['LOG_DETAILS_ID'],$arrayField);
global $message;
$message = "Record Updated !";
displayLogs();
}
//================================================================
/*********************************************************/
/* Users Functions */
/*********************************************************/
function makeUser() {
global $admin, $admin_file, $message, $minpass;
define('NO_EDITOR',1); //turn off editor
include("header_login.php");
GraphicAdmin();
OpenTable();
echo "Home >> Add New User
";
if($message!=""){echo "$message
";}
echo "";
CloseTable();
include("footer.php");
}
function displayUser($query) {
global $admin, $admin_file, $prefix, $db, $message;
include("header_login.php");
GraphicAdmin();
OpenTable();
echo "Home >> User List
";
if($message!=""){echo "$message
";}
echo "";
if(!is_null($query)) {
echo "";
$counter_num = 1;
$result = $db->sql_query($query);
if ($db->sql_numrows($result) > 0) {
echo "
| No. |
First Name |
Last Name |
Organisation |
Email |
Edit |
Delete |
";
while ($row = $db->sql_fetchrow($result)) {
echo "
| $counter_num |
$row[user_firstname] |
$row[user_lastname] |
$row[user_org] |
$row[user_email] |
Edit |
Delete |
";
$counter_num = $counter_num + 1;
} // end while
} else {
echo "0 User Found | ";
} //end if
echo "
";
}
CloseTable();
include("footer.php");
}
function modifyUser($chng_user) {
global $prefix, $db, $admin, $admin_file, $message, $minpass;
define('NO_EDITOR',1); //turn off editor
include("header_login.php");
GraphicAdmin();
$query = "SELECT * FROM ".$prefix."_users WHERE user_id = $chng_user ";
$result = $db->sql_query($query);
if($db->sql_numrows($result)>0) {
$row = $db->sql_fetchrow($result);
OpenTable();
echo "Home >>
User List >> Edit User
";
if($message!=""){echo "$message
";}
echo "Please enter a value for the First Name and Last Name field!
";
echo "Please enter a value for the Organisation field!
";
echo "Please enter a value for the Contact Type field!
";
echo "Please enter a complete Email Address in format: yourname@yourdomain.com!
";
echo "
";
echo "";
CloseTable();
} else {
OpenTable();
echo "0 Record Found
"._GOBACK;
CloseTable();
}
include("footer.php");
}
function updateUser($params=null){
global $prefix, $db, $admin_file;
$params['USER_ID'] = intval($params['USER_ID']);
if($params['USER_TYPE1']!="1" && (($params['USER_FIRSTNAME']!="") || ($params['USER_LASTNAME']!=""))) {
if($params['USERNAME']!=$params['OLD_USERNAME']){
$result = $db->sql_query("SELECT user_id FROM ".$prefix."_users WHERE username='".$params['USERNAME']."'");
if ($db->sql_numrows($result)>0) {
$existuser = $db->sql_fetchrow($result);
global $message;
$message = _USERALREADYEXISTS. " [ Click here to view user details ]";
modifyUser($params['USER_ID']);
}
}
if(($params['USER_FIRSTNAME']!=$params['OLD_USER_FIRSTNAME']) OR ($params['USER_LASTNAME']!=$params['OLD_USER_LASTNAME'])) {
$result = $db->sql_query("SELECT user_id FROM ".$prefix."_users WHERE user_firstname='".$params['USER_FIRSTNAME']."' AND user_lastname='".$params['USER_LASTNAME']."'");
if ($db->sql_numrows($result)>0) {
$existuser = $db->sql_fetchrow($result);
global $message;
$message = _USERALREADYEXISTS. " [ Click here to view user details ]";
modifyUser($params['USER_ID']);
}
}
}
$tmp = 0;
if ($params['CHNG_PASSWORD'] != "") {
if($params['USER_PASSWORD'] != $params['CHNG_PASSWORD']) {
global $message;
$message = _PASSWDNOMATCH;
modifyUser($params['USER_ID']);
}
$tmp = 1;
}
if ($tmp == 0) {
$user_last_update = date('Y-m-d H:i:s', time());
$arrayField=array( "user_id" =>'null',
"username" => $params['USERNAME'],
"user_selftitle" => $params['USER_SELFTITLE'],
"user_firstname" => $params['USER_FIRSTNAME'],
"user_lastname" => $params['USER_LASTNAME'],
"user_position" => $params['USER_POSITION'],
"user_department" => $params['USER_DEPARTMENT'],
"user_org" => $params['USER_ORG'],
"user_phone" => $params['USER_PHONE'],
"user_phone2" => $params['USER_PHONE2'],
"user_fax" => $params['USER_FAX'],
"user_mobile" => $params['USER_MOBILE'],
"user_street" => $params['USER_STREET'],
"user_suburb" => $params['USER_SUBURB'],
"user_state" => $params['USER_STATE'],
"user_country" => $params['USER_COUNTRY'],
"user_postcode" => $params['USER_POSTCODE'],
"user_email" => $params['USER_EMAIL'],
"user_email2" => $params['USER_EMAIL2'],
"user_website" => $params['USER_WEBSITE'],
"user_last_update" => $user_last_update,
"user_level" => $params['USER_LEVEL'],
"user_type1" => $params['USER_TYPE1'],
"user_type2" => $params['USER_TYPE2'],
"user_type3" => $params['USER_TYPE3'],
"user_type4" => $params['USER_TYPE4'],
"user_type5" => $params['USER_TYPE5'],
"user_type6" => $params['USER_TYPE6'],
"user_type7" => $params['USER_TYPE7'],
"user_type8" => $params['USER_TYPE8'],
"user_type9" => $params['USER_TYPE9'],
"user_type10" => $params['USER_TYPE10'],
"user_type11" => $params['USER_TYPE11'],
"user_type12" => $params['USER_TYPE12']);
update_record($prefix."_users",$params['USER_ID'],$arrayField);
}
if ($tmp == 1) {
$cpass = md5($params['USER_PASSWORD'] . $params['USER_REGDATE']);
$user_last_update = date('Y-m-d H:i:s', time());
$arrayField=array( "user_id" =>'null',
"username" => $params['USERNAME'],
"user_password" => $cpass,
"user_selftitle" => $params['USER_SELFTITLE'],
"user_firstname" => $params['USER_FIRSTNAME'],
"user_lastname" => $params['USER_LASTNAME'],
"user_position" => $params['USER_POSITION'],
"user_department" => $params['USER_DEPARTMENT'],
"user_org" => $params['USER_ORG'],
"user_phone" => $params['USER_PHONE'],
"user_phone2" => $params['USER_PHONE2'],
"user_fax" => $params['USER_FAX'],
"user_mobile" => $params['USER_MOBILE'],
"user_street" => $params['USER_STREET'],
"user_suburb" => $params['USER_SUBURB'],
"user_state" => $params['USER_STATE'],
"user_country" => $params['USER_COUNTRY'],
"user_postcode" => $params['USER_POSTCODE'],
"user_email" => $params['USER_EMAIL'],
"user_email2" => $params['USER_EMAIL2'],
"user_website" => $params['USER_WEBSITE'],
"user_last_update" => $user_last_update,
"user_level" => $params['USER_LEVEL'],
"user_type1" => $params['USER_TYPE1'],
"user_type2" => $params['USER_TYPE2'],
"user_type3" => $params['USER_TYPE3'],
"user_type4" => $params['USER_TYPE4'],
"user_type5" => $params['USER_TYPE5'],
"user_type6" => $params['USER_TYPE6'],
"user_type7" => $params['USER_TYPE7'],
"user_type8" => $params['USER_TYPE8'],
"user_type9" => $params['USER_TYPE9'],
"user_type10" => $params['USER_TYPE10'],
"user_type11" => $params['USER_TYPE11'],
"user_type12" => $params['USER_TYPE12']);
update_record($prefix."_users",$params['USER_ID'],$arrayField);
}
global $message;
$message = "Record Updated !";
displayUser();
}
function addUser($params) {
global $db,$admin,$admin_file,$prefix;
if((is_null($params['USERNAME']) || $params['USERNAME']=="") && ($params['USER_FIRSTNAME'] && $params['USER_LASTNAME'])){
$params['USERNAME'] = trim($params['USER_FIRSTNAME'])."_".trim($params['USER_LASTNAME']);
} elseif($params['USER_FIRSTNAME']) {
$params['USERNAME'] = strtolower($params['USER_FIRSTNAME']);
} elseif($params['USER_LASTNAME']) {
$params['USERNAME'] = strtolower($params['USER_LASTNAME']);
} else {
$firstSpace=strpos($params['USER_ORG']," ");
$params['USERNAME'] = strtolower(removeSpace(substr($params['USER_ORG'],0,strpos($params['USER_ORG']," ",($firstSpace+1)))));
if($params['USERNAME']=="") {
$params['USERNAME'] = strtolower(removeSpace($params['USER_ORG']));
}
if($params['USERNAME']=="") {
$params['USERNAME'] = strtolower($params['USER_ORG']);
}
}
if($params['USER_TYPE1']!="1" && ($params['USER_FIRSTNAME'] || $params['USER_LASTNAME'])) {
$query = "SELECT user_id, user_firstname, user_lastname FROM ".$prefix."_users WHERE username='".$params['USERNAME']."' OR (user_firstname='".$params['USER_FIRSTNAME']."' AND user_lastname='".$params['USER_LASTNAME']."')";
} else {
$query = "SELECT user_id, user_org FROM ".$prefix."_users WHERE username='".$params['USERNAME']."' OR (user_org='".trim($params['USER_ORG'])."')";
}
$result = $db->sql_query($query);
if ($db->sql_numrows($result)>0) {
$existuser = $db->sql_fetchrow($result);
global $message;
$message = _USERALREADYEXISTS. " [ Click here to view user details ]";
makeUser();
} else {
$user_regdate = date('Y-m-d', strtotime(date("M d, Y")));
if($params['USER_PASSWORD']!="" || is_null($params['USER_PASSWORD'])) {
$user_password = md5($params['USER_PASSWORD'] . $user_regdate);
}
$sql="SELECT user_id FROM ".$prefix."_users WHERE username='".$admin[0]."'";
$userinfo=$db->sql_fetchrow($db->sql_query($sql));
$user_regby=$userinfo['user_id'];
$arrayField=array( "user_id" => 'null',
"username" => $params['USERNAME'],
"user_password" => $user_password,
"user_selftitle" => $params['USER_SELFTITLE'],
"user_firstname" => $params['USER_FIRSTNAME'],
"user_lastname" => $params['USER_LASTNAME'],
"user_position" => $params['USER_POSITION'],
"user_department" => $params['USER_DEPARTMENT'],
"user_org" => $params['USER_ORG'],
"user_phone" => $params['USER_PHONE'],
"user_phone2" => $params['USER_PHONE2'],
"user_fax" => $params['USER_FAX'],
"user_mobile" => $params['USER_MOBILE'],
"user_street" => $params['USER_STREET'],
"user_suburb" => $params['USER_SUBURB'],
"user_state" => $params['USER_STATE'],
"user_country" => $params['USER_COUNTRY'],
"user_postcode" => $params['USER_POSTCODE'],
"user_email" => $params['USER_EMAIL'],
"user_email2" => $params['USER_EMAIL2'],
"user_website" => $params['USER_WEBSITE'],
"user_regdate" => $user_regdate,
"user_regby" => $user_regby,
"user_mail_list" => $params['USER_MAIL_LIST'],
"user_level" => $params['USER_LEVEL'],
"user_type1" => $params['USER_TYPE1'],
"user_type2" => $params['USER_TYPE2'],
"user_type3" => $params['USER_TYPE3'],
"user_type4" => $params['USER_TYPE4'],
"user_type5" => $params['USER_TYPE5'],
"user_type6" => $params['USER_TYPE6'],
"user_type7" => $params['USER_TYPE7'],
"user_type8" => $params['USER_TYPE8'],
"user_type9" => $params['USER_TYPE9'],
"user_type10" => $params['USER_TYPE10'],
"user_type11" => $params['USER_TYPE11'],
"user_type12" => $params['USER_TYPE12']);
save_record($prefix. "_users",$arrayField);
global $message;
$message="Record Added !";
displayUser();
}
}
function delUser($chng_uid) {
global $db, $prefix;
if($chng_uid==3) {
global $message;
$message = "You can't delete admin account!";
displayUser();
}
else {
$result = $db->sql_query("SELECT * FROM " . $prefix."_users WHERE user_id='$chng_uid'");
$numrows = $db->sql_numrows($result);
if($numrows>0) {
delete_record($prefix."_users","user_id",$chng_uid);
// delete log details by
$log_details_result = $db->sql_query("SELECT * FROM " . $prefix."_log_details WHERE log_by='$chng_uid'");
$log_details_numrows = $db->sql_numrows($log_details_result);
if($log_details_numrows>0) {
delete_record($prefix."_log_details","log_by",$chng_uid);
}
//delete log author by including all the details
$log_result = $db->sql_query("SELECT * FROM " . $prefix."_log WHERE log_author='$chng_uid'");
$log_numrows = $db->sql_numrows($log_result);
if($log_numrows>0) {
$existlog = $db->sql_fetchrow($log_result);
delete_record($prefix."_log","log_author",$chng_uid);
delete_record($prefix."_log_details","log_id",$existlog[log_id]);
}
global $message;
$message = "Record Deleted !";
displayUser();
}
else{
global $message;
$message = _USERNOEXIST;
displayUser();
}
}
}
function searchUser($search_val1,$search_val2,$search_val3,$search_val4){
global $db, $user, $userinfo, $cookie, $module_name, $prefix, $message, $user_type;
$query = "SELECT * FROM ".$prefix."_users WHERE user_id <>1 ";
if($search_val1 != ""){
$query = $query." AND user_firstname LIKE '".$search_val1."%'";
}
if($search_val2 !=""){
$query = $query." AND user_lastname LIKE '".$search_val2."%'";
}
if($search_val3 !=""){
$query = $query." AND user_org LIKE '".$search_val3."%'";
}
if($search_val4 !=""){
$query = $query." AND ( user_email LIKE '".$search_val4."%' OR user_email2 LIKE '".$search_val4."%')";
}
$query = $query." ORDER BY user_lastname, user_org";
displayUser($query);
}
//====================================================================================
switch($op) {
case "checkDuplicateEmail":
checkDuplicateEmail();
break;
case "addEmailList":
addEmailList();
break;
case "saveNewEmailList":
saveNewEmailList($user_email,$email_type);
break;
case "addNewMail":
addNewMail();
break;
case "sendMailOut";
sendMailOut();
break;
case "deleteEmails":
deleteEmails($email_id);
break;
case "listEmails":
listEmails($list_by,$email_op,$user_email);
break;
case "displayAdmins":
displayAdmins();
break;
case "updateAdmins":
$params=array('USER_ID' => $user_id,
'USERNAME' => $username,
'OLD_USERNAME' => $old_username,
'USER_PASSWORD' => $user_password,
'CHNG_PASSWORD' => $chng_password,
'USER_SELFTITLE' => $user_selftitle,
'USER_FIRSTNAME' => $user_firstname,
'OLD_USER_FIRSTNAME' => $old_user_firstname,
'USER_LASTNAME' => $user_lastname,
'OLD_USER_LASTNAME' => $old_user_lastname,
'USER_POSITION' => $user_position,
'USER_DEPARTMENT' => $user_department,
'USER_ORG' => $user_org,
'USER_PHONE' => $user_phone,
'USER_PHONE2' => $user_phone2,
'USER_FAX' => $user_fax,
'USER_MOBILE' => $user_mobile,
'USER_STREET' => $user_street,
'USER_SUBURB' => $user_suburb,
'USER_STATE' => $user_state,
'USER_COUNTRY' => $user_country,
'USER_POSTCODE' => $user_postcode,
'USER_EMAIL' => $user_email,
'USER_EMAIL2' => $user_email2,
'USER_WEBSITE' => $user_website,
'USER_MAIL_LIST' => $user_mail_list,
'USER_REGDATE' => $user_regdate);
updateAdmins($params);
case "displayLogs":
displayLogs();
break;
case "editLogs":
editLogs($log_id);
break;
case "editLogDetails":
editLogDetails($log_details_id);
break;
case "saveLogs":
$params = array('LOG_ID' => $log_id,
'LOG_TYPE' => $log_type,
'LOG_TRIAL' => $log_trial,
'LOG_REVIEW' => $log_review,
'LOG_SHORT' => $log_short,
'LOG_TITLE' => $log_title,
'LOG_CLIENT' => $log_client);
saveLogs($params);
break;
case "saveLogDetails":
$log_update_date = date('Y-m-d H:i:s', strtotime(date("M d, Y H:i:s")));
$log_query = check_html ($log_query, nohtml);
$log_action = check_html ($log_action, nohtml);
$log_outcome = check_html ($log_outcome, nohtml);
$log_comment = check_html ($log_comment, nohtml);
$params = array('LOG_DETAILS_ID'=> $log_details_id,
'LOG_ID' => $log_id,
'LOG_UPDATE_DATE'=> $log_update_date,
'LOG_QUERY' => $log_query,
'LOG_ACTION' => $log_action,
'LOG_OUTCOME' => $log_outcome,
'LOG_COMMENT' => $log_comment);
saveLogDetails($params);
break;
case "delLogs":
delLogs($log_id);
break;
case "delLogDetails":
delLogDetails($log_details_id);
break;
case "makeUser":
makeUser();
break;
case "displayUser":
displayUser($query);
break;
case "modifyUser":
modifyUser($chng_uid);
break;
case "updateUser":
$params=array('USER_ID' => $user_id,
'USERNAME' => $username,
'OLD_USERNAME' => $old_username,
'USER_PASSWORD' => $user_password,
'CHNG_PASSWORD' => $chng_password,
'USER_SELFTITLE' => $user_selftitle,
'USER_FIRSTNAME' => $user_firstname,
'OLD_USER_FIRSTNAME' => $old_user_firstname,
'USER_LASTNAME' => $user_lastname,
'OLD_USER_LASTNAME' => $old_user_lastname,
'USER_POSITION' => $user_position,
'USER_DEPARTMENT' => $user_department,
'USER_ORG' => $user_org,
'USER_PHONE' => $user_phone,
'USER_PHONE2' => $user_phone2,
'USER_FAX' => $user_fax,
'USER_MOBILE' => $user_mobile,
'USER_STREET' => $user_street,
'USER_SUBURB' => $user_suburb,
'USER_STATE' => $user_state,
'USER_COUNTRY' => $user_country,
'USER_POSTCODE' => $user_postcode,
'USER_EMAIL' => $user_email,
'USER_EMAIL2' => $user_email2,
'USER_WEBSITE' => $user_website,
'USER_MAIL_LIST' => $user_mail_list,
'USER_REGDATE' => $user_regdate,
'USER_LEVEL' => $user_level,
'USER_TYPE1' => $user_type1,
'USER_TYPE2' => $user_type2,
'USER_TYPE3' => $user_type3,
'USER_TYPE4' => $user_type4,
'USER_TYPE5' => $user_type5,
'USER_TYPE6' => $user_type6,
'USER_TYPE7' => $user_type7,
'USER_TYPE8' => $user_type8,
'USER_TYPE9' => $user_type9,
'USER_TYPE10' => $user_type10,
'USER_TYPE11' => $user_type11,
'USER_TYPE12' => $user_type12);
updateUser($params);
break;
case "delUser":
delUser($chng_uid);
break;
case "addUser":
$params=array('USERNAME' => $username,
'USER_PASSWORD' => $user_password,
'USER_SELFTITLE' => $user_selftitle,
'USER_FIRSTNAME' => $user_firstname,
'USER_LASTNAME' => $user_lastname,
'USER_POSITION' => $user_position,
'USER_DEPARTMENT' => $user_department,
'USER_ORG' => $user_org,
'USER_PHONE' => $user_phone,
'USER_PHONE2' => $user_phone2,
'USER_FAX' => $user_fax,
'USER_MOBILE' => $user_mobile,
'USER_STREET' => $user_street,
'USER_SUBURB' => $user_suburb,
'USER_STATE' => $user_state,
'USER_COUNTRY' => $user_country,
'USER_POSTCODE' => $user_postcode,
'USER_EMAIL' => $user_email,
'USER_EMAIL2' => $user_email2,
'USER_WEBSITE' => $user_website,
'USER_LEVEL' => $user_level,
'USER_TYPE1' => $user_type1,
'USER_TYPE2' => $user_type2,
'USER_TYPE3' => $user_type3,
'USER_TYPE4' => $user_type4,
'USER_TYPE5' => $user_type5,
'USER_TYPE6' => $user_type6,
'USER_TYPE7' => $user_type7,
'USER_TYPE8' => $user_type8,
'USER_TYPE9' => $user_type9,
'USER_TYPE10' => $user_type10,
'USER_TYPE11' => $user_type11,
'USER_TYPE12' => $user_type12);
addUser($params);
break;
case "searchUser":
searchUser($search_val1,$search_val2,$search_val3,$search_val4);
break;
}
} else {
include("header_login.php");
GraphicAdmin();
OpenTable();
echo ""._ERROR."
You do not have administration permission for module \"$module_name\"";
setcookie("admin", false);
$admin = "";
CloseTable();
echo "";
include("footer.php");
}
?>