2013-07-02 14:07:55 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
function change_info(){
|
|
|
|
|
|
|
|
try{
|
|
|
|
//if logged in
|
|
|
|
if(WebUsers::isLoggedIn()){
|
|
|
|
|
|
|
|
if(isset($_POST['target_id'])){
|
|
|
|
|
|
|
|
|
|
|
|
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
|
|
|
if($_POST['target_id'] == $_SESSION['id']){
|
|
|
|
$target_username = $_SESSION['user'];
|
|
|
|
}else{
|
|
|
|
$target_username = WebUsers::getUsername($_POST['target_id']);
|
|
|
|
}
|
|
|
|
|
|
|
|
$webUser = new WebUsers();
|
2013-07-03 01:05:01 +00:00
|
|
|
//use current info to check for changes
|
2013-07-02 14:36:44 +00:00
|
|
|
$current_info = $webUser->getInfo($_POST['target_id']);
|
|
|
|
//TODO: XSS filtering
|
2013-07-03 01:05:01 +00:00
|
|
|
|
|
|
|
//make the query that will update the data.
|
|
|
|
$updated = false;
|
|
|
|
$values = Array();
|
|
|
|
$values['user'] = $target_username;
|
2013-07-02 14:36:44 +00:00
|
|
|
$query = "UPDATE ams_user SET ";
|
|
|
|
if(($_POST['FirstName'] != "") && ($_POST['FirstName'] != $current_info['FirstName'])){
|
|
|
|
$query = $query . "FirstName = :fName ";
|
2013-07-03 01:05:01 +00:00
|
|
|
$updated = true;
|
|
|
|
$values['fName'] = $_POST['FirstName'];
|
2013-07-02 14:36:44 +00:00
|
|
|
}
|
|
|
|
if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){
|
|
|
|
$query = $query . "LastName = :lName ";
|
2013-07-03 01:05:01 +00:00
|
|
|
$updated = true;
|
|
|
|
$values['lName'] = $_POST['LastName'];
|
2013-07-02 14:36:44 +00:00
|
|
|
}
|
|
|
|
//TODO: add the other fields too
|
|
|
|
$query = $query . "WHERE Login = :user";
|
|
|
|
|
2013-07-03 01:05:01 +00:00
|
|
|
//if some field is update then:
|
|
|
|
if($updated){
|
|
|
|
global $cfg;
|
|
|
|
//execute the query in the web DB.
|
|
|
|
$dbw = new DBLayer($cfg['db']['web']);
|
|
|
|
$dbw->execute($query,$values);
|
|
|
|
}
|
|
|
|
|
|
|
|
global $SITEBASE;
|
|
|
|
require_once($SITEBASE . 'inc/settings.php');
|
|
|
|
$result = settings();
|
|
|
|
if($updated){
|
|
|
|
$result['info_updated'] = "OK";
|
|
|
|
}
|
|
|
|
$result['permission'] = $_SESSION['permission'];
|
|
|
|
$result['username'] = $_SESSION['user'];
|
|
|
|
$result['no_visible_elements'] = 'FALSE';
|
|
|
|
$result['target_id'] = $_POST['target_id'];
|
|
|
|
if(isset($_GET['id'])){
|
|
|
|
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
|
|
|
$result['isAdmin'] = "TRUE";
|
2013-07-02 14:07:55 +00:00
|
|
|
}
|
|
|
|
}
|
2013-07-03 01:05:01 +00:00
|
|
|
helpers :: loadtemplate( 'settings', $result);
|
|
|
|
exit;
|
2013-07-02 14:07:55 +00:00
|
|
|
|
|
|
|
}else{
|
|
|
|
//ERROR: permission denied!
|
|
|
|
}
|
|
|
|
|
|
|
|
}else{
|
|
|
|
//ERROR: The form was not filled in correclty
|
|
|
|
}
|
|
|
|
}else{
|
|
|
|
//ERROR: user is not logged in
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
}catch (PDOException $e) {
|
|
|
|
//go to error page or something, because can't access website db
|
|
|
|
print_r($e);
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|