khanat-opennel-code/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php

<?php

function change_info(){
    
 try{
	//if logged in
        if(WebUsers::isLoggedIn()){
            
            if(isset($_POST['target_id'])){
		
                
                if(  ($_POST['target_id'] == $_SESSION['id']) || Ticket_User::isMod($_SESSION['ticket_user'] ) ){
                    if($_POST['target_id'] == $_SESSION['id']){
                        $target_username = $_SESSION['user'];
                    }else{
                        $target_username = WebUsers::getUsername($_POST['target_id']);
                    }
                    
                    $webUser = new WebUsers();
                    //use current info to check for changes
                    $current_info = $webUser->getInfo($_POST['target_id']);
		    
       
		    $current_info['FirstName'] = filter_var($current_info['FirstName'], FILTER_SANITIZE_STRING);
		    $current_info['LastName'] = filter_var($current_info['LastName'], FILTER_SANITIZE_STRING);
		    $current_info['Country'] = filter_var($current_info['Country'], FILTER_SANITIZE_STRING);
		    $current_info['Gender'] = filter_var($current_info['Gender'], FILTER_SANITIZE_NUMBER_INT);
		
                    
                    $updated = false;
                    $values = Array();
                    $values['user'] = $target_username;
		    
		    //make the query that will update the data.
                    $query = "UPDATE ams_user SET ";
                    if(($_POST['FirstName'] != "") && ($_POST['FirstName'] != $current_info['FirstName'])){
                        $query = $query . "FirstName = :fName ";
                        $updated = true;
                        $values['fName'] = filter_var($_POST['FirstName'], FILTER_SANITIZE_STRING);
                    }
                    if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){
			if($updated){
			 $query = $query . ", LastName = :lName ";
			}else{
			 $query = $query . "LastName = :lName ";
			}
                        $updated = true;
                        $values['lName'] = filter_var($_POST['LastName'], FILTER_SANITIZE_STRING);
                    }
		    if(($_POST['Country'] != "AA") && ($_POST['Country'] != $current_info['Country'])){
			if($updated){
			 $query = $query . ", Country = :country ";
			}else{
			 $query = $query . "Country = :country ";
			}
                        $updated = true;
                        $values['country'] = filter_var($_POST['Country'], FILTER_SANITIZE_STRING);
		    }
		    if($_POST['Gender'] != $current_info['Gender']){
			if($updated){
			 $query = $query . ", Gender = :gender ";
			}else{
			 $query = $query . "Gender = :gender ";
			}
                        $updated = true;
                        $values['gender'] = filter_var($_POST['Gender'], FILTER_SANITIZE_NUMBER_INT);
		    } 
                    //finish the query!
                    $query = $query . "WHERE Login = :user";

                    //if some field is update then:
                    if($updated){
                        //execute the query in the web DB.
                        $dbw = new DBLayer("web");
                        $dbw->execute($query,$values);  
                    }

                    global $SITEBASE;
                    require_once($SITEBASE . 'inc/settings.php');
                    $result = settings();
                    if($updated){
                        $result['info_updated'] = "OK";
                    }
                    $result['permission'] = $_SESSION['ticket_user']->getPermission();
                    $result['username'] = $_SESSION['user'];
                    $result['no_visible_elements'] = 'FALSE';
                    $result['target_id'] = $_POST['target_id'];
                    helpers :: loadtemplate( 'settings', $result);
                    exit;
                    
                }else{
                    //ERROR: permission denied!
		    $_SESSION['error_code'] = "403";
                    header("Location: index.php?page=error");
                    exit;
                }
        
            }else{
                //ERROR: The form was not filled in correclty
		header("Location: index.php?page=settings");
		exit;
            }    
        }else{
            //ERROR: user is not logged in
	    header("Location: index.php");
	    exit;
        }
                  
    }catch (PDOException $e) {
         //go to error page or something, because can't access website db
         print_r($e);
         exit;
    }   
}
change info page basics 2013-07-02 14:07:55 +00:00			`<?php`

			`function change_info(){`

			`try{`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00			`//if logged in`
change info page basics 2013-07-02 14:07:55 +00:00			`if(WebUsers::isLoggedIn()){`

			`if(isset($_POST['target_id'])){`


changed system to mod/admin permissions, though there's still a bug in show_ticket 2013-07-18 10:43:33 +00:00			`if( ($_POST['target_id'] == $_SESSION['id']) \|\| Ticket_User::isMod($_SESSION['ticket_user'] ) ){`
change info page basics 2013-07-02 14:07:55 +00:00			`if($_POST['target_id'] == $_SESSION['id']){`
			`$target_username = $_SESSION['user'];`
			`}else{`
			`$target_username = WebUsers::getUsername($_POST['target_id']);`
			`}`

			`$webUser = new WebUsers();`
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00			`//use current info to check for changes`
Checking filled in data for change_info has to be updated 2013-07-02 14:36:44 +00:00			`$current_info = $webUser->getInfo($_POST['target_id']);`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00
create ticket works, also admins can create other people's tickets 2013-07-08 07:40:48 +00:00
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00			`$current_info['FirstName'] = filter_var($current_info['FirstName'], FILTER_SANITIZE_STRING);`
			`$current_info['LastName'] = filter_var($current_info['LastName'], FILTER_SANITIZE_STRING);`
			`$current_info['Country'] = filter_var($current_info['Country'], FILTER_SANITIZE_STRING);`
			`$current_info['Gender'] = filter_var($current_info['Gender'], FILTER_SANITIZE_NUMBER_INT);`

Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00
			`$updated = false;`
			`$values = Array();`
			`$values['user'] = $target_username;`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00
			`//make the query that will update the data.`
Checking filled in data for change_info has to be updated 2013-07-02 14:36:44 +00:00			`$query = "UPDATE ams_user SET ";`
			`if(($_POST['FirstName'] != "") && ($_POST['FirstName'] != $current_info['FirstName'])){`
			`$query = $query . "FirstName = :fName ";`
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00			`$updated = true;`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00			`$values['fName'] = filter_var($_POST['FirstName'], FILTER_SANITIZE_STRING);`
Checking filled in data for change_info has to be updated 2013-07-02 14:36:44 +00:00			`}`
			`if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){`
added a userlist to browse users and edit their settings as admin 2013-07-03 03:57:50 +00:00			`if($updated){`
			`$query = $query . ", LastName = :lName ";`
			`}else{`
			`$query = $query . "LastName = :lName ";`
			`}`
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00			`$updated = true;`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00			`$values['lName'] = filter_var($_POST['LastName'], FILTER_SANITIZE_STRING);`
Checking filled in data for change_info has to be updated 2013-07-02 14:36:44 +00:00			`}`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00			`if(($_POST['Country'] != "AA") && ($_POST['Country'] != $current_info['Country'])){`
			`if($updated){`
			`$query = $query . ", Country = :country ";`
			`}else{`
			`$query = $query . "Country = :country ";`
			`}`
			`$updated = true;`
			`$values['country'] = filter_var($_POST['Country'], FILTER_SANITIZE_STRING);`
			`}`
			`if($_POST['Gender'] != $current_info['Gender']){`
			`if($updated){`
			`$query = $query . ", Gender = :gender ";`
			`}else{`
			`$query = $query . "Gender = :gender ";`
			`}`
			`$updated = true;`
			`$values['gender'] = filter_var($_POST['Gender'], FILTER_SANITIZE_NUMBER_INT);`
			`}`
			`//finish the query!`
Checking filled in data for change_info has to be updated 2013-07-02 14:36:44 +00:00			`$query = $query . "WHERE Login = :user";`
added a userlist to browse users and edit their settings as admin 2013-07-03 03:57:50 +00:00
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00			`//if some field is update then:`
			`if($updated){`
			`//execute the query in the web DB.`
Refacoring of DBLayer seems to work now :) 2013-07-10 10:36:14 +00:00			`$dbw = new DBLayer("web");`
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00			`$dbw->execute($query,$values);`
			`}`

			`global $SITEBASE;`
			`require_once($SITEBASE . 'inc/settings.php');`
			`$result = settings();`
			`if($updated){`
			`$result['info_updated'] = "OK";`
			`}`
refactored to admin/mod + changed install file + added mod menu 2013-07-18 19:12:03 +00:00			`$result['permission'] = $_SESSION['ticket_user']->getPermission();`
Change info works, without whiping the other fiels now! :) 2013-07-03 01:05:01 +00:00			`$result['username'] = $_SESSION['user'];`
			`$result['no_visible_elements'] = 'FALSE';`
			`$result['target_id'] = $_POST['target_id'];`
			`helpers :: loadtemplate( 'settings', $result);`
			`exit;`
change info page basics 2013-07-02 14:07:55 +00:00
			`}else{`
			`//ERROR: permission denied!`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00			`$_SESSION['error_code'] = "403";`
			`header("Location: index.php?page=error");`
			`exit;`
change info page basics 2013-07-02 14:07:55 +00:00			`}`

			`}else{`
			`//ERROR: The form was not filled in correclty`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00			`header("Location: index.php?page=settings");`
			`exit;`
change info page basics 2013-07-02 14:07:55 +00:00			`}`
			`}else{`
			`//ERROR: user is not logged in`
Added functionality to update country + gender + added some xss security 2013-07-04 22:37:48 +00:00			`header("Location: index.php");`
			`exit;`
change info page basics 2013-07-02 14:07:55 +00:00			`}`

			`}catch (PDOException $e) {`
			`//go to error page or something, because can't access website db`
			`print_r($e);`
			`exit;`
			`}`
			`}`