1) and ($p <> $p_id)) { // establish showpersoninfo array $r = query ("select * from persons where personid=" . $p . ";"); $p_info = mysql_fetch_array($r, MYSQL_ASSOC) or die ("Error accessing database for person id=" . $p); // administrators can delete if ($userinfo['sa']) { $deleteok = TRUE; // sponsors can delete } elseif ($p_info['sponsorid'] == $p_id) { $deleteok = TRUE; } } if ($deleteok) { // adjust sponsorship info for persons sponsored by the deleted person $newsponsor = $p_info['sponsorid']; $r = query ('update persons set sponsorid=' . $newsponsor . ' where sponsorid=' . $p . ';') or die ('Error updating sponsorship information.'); // perform delete $r = query ('delete from persons where personid=' . $p . ';') or die ('Error deleting member.'); $r = query ('delete from memberships where memberid=' . $p . ';') or die ('Error deleting group memberships!'); $p = 0; $change_report = 'Member successfully deleted.'; } else { include "accessdenied.php"; } } // establish whether current user has permission to create new members // - may create members if a SA // - may create members if an administrator of any group in the system $maycreatemember = $userinfo["sa"]; if (($g>0) and !$maycreatemember) { // non-sa trying to create new member of existing group $q = 'select * from memberships,access where memberid = ' . $p_id; $q .= ' and functiongroupid = ' . $g; $q .= ' and groupid = usergroupid and functionid in (' . ACCESS_ADMIN . ',' . ACCESS_DATAENTRY . ');'; $r = query ($q) or die ('Error accessing security table.'); // at least one line returned, therefore has admin-access to the specified group $maycreatemember = ($line = mysql_fetch_array($r, MYSQL_ASSOC)); } else if (!$maycreatemember) { $q = 'select * from memberships,access where memberid = ' . $p_id; $q .= ' and groupid = usergroupid and functionid = ' . ACCESS_ADMIN . ';'; $r = query ($q) or die ('Error accessing security table.'); // at least one line returned, therefore has admin-access to at least one group $maycreatemember = ($line = mysql_fetch_array($r, MYSQL_ASSOC)); } // handle unspecified target if ($p == 0) { // system-admins default to search if ($userinfo['sa']) { printhtmlheader('Edit Member'); printmasthead ('Edit Member','masthead_memberedit'); printeditfeedback(); print (''); die (); } else { // non-sa's just edit their own info $p = $p_id; } } if ($p > 0) { $r = query ("select * from persons where personid=" . $p . ";"); $p_info = mysql_fetch_array($r, MYSQL_ASSOC) or die ("Error accessing database for person id=" . $p); $editable = (($p == $p_id) or $userinfo["sa"] or ($p_info['sponsorid'] == $p_id)); if (!$editable) { include "accessdenied.php"; } } elseif ($newperson and ($p_id > 0)) { // person < 0: indicates new person to be created! // must be SA or any person with group-admin authorization if (!$maycreatemember) { include "accessdenied.php"; } } else { include "accessdenied.php"; } // enter form results: install POST-ed variables into database if ($_POST["edit"]) { $changed = FALSE; if ($p<0) { // negative person code means create new member! $sql = 'insert into persons set '; $p_info = array ( "sponsorid" => $p_id, "lastname" => '', "firstname" => '', "mailaddress" => '', "homephone" => '', "workphone" => '', "celphone" => '', "fax" => '', "email" => '', "webpage" => '', "nickname" => '', "password" => '', "privacy" => '-1', "sa" => 0 ); } else { $sql = 'update persons set '; } function installvalue ($fieldname) { global $sendwelcomeemail,$p_info,$changed,$error_report,$sql; $postfieldname = "edit_" . $fieldname; if (($p_info[$fieldname] != $_POST[$postfieldname]) and (!$error_report)) { if ($changed) $sql .= ', '; $changed = TRUE; $newvalue=$_POST[$postfieldname]; $sql .= $fieldname . '="' . sqlsafe($newvalue) . '"'; $p_info[$fieldname] = $newvalue; if ($fieldname == 'email') { $sendwelcomeemail = TRUE; } } } // name: ensure no duplicates! $q = 'select * from persons where (firstname="' . sqlsafe($_POST["edit_firstname"]) . '")'; $q .= ' and (lastname="' . sqlsafe($_POST["edit_lastname"]) . '")'; $q .= ' and (personid<>' . $p . ');'; $r = query ($q) or die ('Error accessing database.'); if (mysql_num_rows($r)) { noteerror ('"' . crunchtext($_POST["edit_firstname"] . ' ' . $_POST["edit_lastname"]) . '" is already a member.'); $_POST["edit_lastname"] = $p_info["lastname"]; $_POST["edit_firstname"] = $p_info["firstname"]; } // ensure required fields function checkrequiredfield ($fieldname,$title) { if ($_POST['edit_' . $fieldname]) { return TRUE; } else { noteerror ('"' . $title . '" is a required field.'); return FALSE; } } if (checkrequiredfield ("lastname","Last Name")) installvalue ("lastname"); if (checkrequiredfield ("firstname","First Name")) installvalue ("firstname"); // contact information installvalue ("mailaddress"); installvalue ("homephone"); installvalue ("workphone"); installvalue ("celphone"); installvalue ("fax"); installvalue ("email"); // webpage: coerce "http://" correctly if (strtolower($_POST['edit_webpage']) == 'http://') { $_POST['edit_webpage'] = ''; } else if ($_POST['edit_webpage'] <> '') { $test=strtolower(substr($newvalue,0,7)); if ($test <> 'http://') { $newvalue = 'http://' . $newvalue; } } installvalue ("webpage"); // nickname // new member auto-nickname: firstname+lastname w/ no whitespace if ($newperson and (!$_POST["edit_nickname"])) { $newnick = $_POST["edit_firstname"] . $_POST["edit_lastname"]; $newnick = preg_replace('/[^a-zA-Z0-9_]/','',$newnick); $_POST["edit_nickname"] = $newnick; } if ($_POST["edit_nickname"]) { // ensure legal nickname $newnick = $_POST["edit_nickname"]; if (!validnickname($newnick)) { $errorstr = 'Could not set nickname "' . crunchtext($_POST["edit_nickname"]) . '":'; $errorstr .= ' nicknames must be a single word consisting only of letters, numbers, or the underscore "_" character.'; noteerror ($errorstr); } else { // ensure unique nickname $q = 'select * from persons where (nickname="' . $_POST["edit_nickname"] . '")'; $q .= ' and (personid<>' . $p . ');'; $r = query ($q) or die ('Error accessing database.'); if (mysql_fetch_array($r, MYSQL_ASSOC)) { // another user has that nickname! noteerror ('Could not set nickname: "' . $_POST["edit_nickname"] . '" is already taken.'); } else { installvalue ("nickname"); } } } // password // new member auto-password if ($newperson and (!$_POST["edit_password"])) { $newpassword = makepassword(); $_POST["edit_password"] = $_POST["edit_password2"] = $newpassword; } if ($_POST["edit_password"]) { if (!validnickname($_POST["edit_password"])) { $errorstr = 'Could not change password:'; $errorstr .= ' passwords must be a single word consisting only of letters, numbers, or the underscore "_" character.'; noteerror ($errorstr); } elseif ($_POST["edit_password"] == $_POST["edit_password2"]) { $_POST["edit_password"] = crypt ($_POST["edit_password"]); installvalue ("password"); } else { noteerror ('Could not change password: the new password must be entered correctly in both fields.'); } } // miscellany installvalue ("privacy"); installvalue ("sa"); // new-member sponsorship if ($p<0) { if ($changed) $sql .= ', '; $changed = TRUE; $sql .= 'sponsorid="' . $p_id . '"'; } // FINISH SQL STATEMENT AND CHANGE DATABASE if ($p > 0) $sql .= ' where personid=' . $p . ';'; // do not update database if there was an error! if ($error_report) $changed = FALSE; if ($changed) { $r = query ($sql) or die ('Error updating information with "'.$sql.'"'); if ($newperson) { // CREATED NEW MEMBER $change_report = 'New member successfully created.'; $r = query ('select * from persons where nickname="' . sqlsafe($_POST["edit_nickname"]) . '"') or die ('Error finding new person id #'); $p_info = mysql_fetch_array($r, MYSQL_ASSOC); $p = $p_info["personid"]; // if $g variable set, automatically make new person a member of specified group $r = query('insert into memberships set memberid=' . $p . ', groupid=' . $g . ', positionid=0;') or die ('Error updating membership table.'); } elseif ($p == $p_id) { // editing self: update info in memory $change_report = 'Member information successfully updated.'; $userinfo = $p_info; } else { $change_report = 'Member information successfully updated.'; } if ($sendwelcomeemail) { // EMAIL WELCOME NOTICE // get top-level group for info $r = query ("select * from groups where groupid=1;"); $topgroupinfo = mysql_fetch_array($r, MYSQL_ASSOC) or die ("Error accessing database for default group."); $email_sender = '"' . $topgroupinfo["groupname"] . '" <>'; $email_xtrahdrs= 'From: ' . $email_sender . "\nReply-To: " . $email_sender; $email_subject = "Welcome to the " . $topgroupinfo["groupname"] . " Directory, "; $email_subject .= crunchtext($p_info["firstname"] . ' ' . $p_info["lastname"]) . "!"; if ($newperson) { $email_message .= "Your name and contact information has been entered in the "; } else { $email_message .= "Your contact information has been updated in the "; } $email_message .= $topgroupinfo["groupname"] . " online directory, which can be found at "; $email_message .= $topgroupinfo["webpage"] . ".\n\n"; if ($newperson) { $email_message .= "To guard against internet mischief, certain information fields (email addresses, fax numbers and celphone numbers) "; $email_message .= "are only displayed to directory members. Members are also permitted to edit their own "; $email_message .= "directory information. To log in as a member, you may identify yourself using "; $email_message .= "the following nickname and password:\n\n"; $email_message .= ' Nickname: "' . $p_info["nickname"] . '"' . "\n"; $email_message .= ' Password: "' . $newpassword . '"' . "\n\n"; } $email_message .= "If you would like to adjust your nickname, password or other information, "; $email_message .= "you may browse directly to http://" . $_SERVER["SERVER_NAME"] . $_SERVER["PHP_SELF"] . "?p=" . $p; $email_message .= " and make whatever changes you wish.\n\n"; if (!$newperson) { $email_message .= "If you do not know your nickname and password for this directory, you may "; $email_message .= "click on the help icon on the upper-right corner of the page for instructions "; $email_message .= "on how to have that information emailed to you.\n\n"; } mail ($p_info["email"], $email_subject, $email_message, $email_xtrahdrs); } } // if changed } // end form-processing // ====================================================================================================== // BEGIN VISIBLE PAGE // ====================================================================================================== function masthead_memberedit () { global $maycreatemember, $p_id, $userinfo, $p, $p_info, $BGCOLOUR_LIGHT, $BGCOLOUR_DARK, $g, $g_info; if ($userinfo["sa"]) { masthead_person_search(); } print ''; if ($_GET["deleteconfirm"]) { print ' Delete this directory member - Are you sure? '; print '| Yes '; print '| No '; print '|'; } else { if ($maycreatemember) { print ' '; print 'New member'; if ($g > 0) { print ' of ' . crunchtext($g_info["groupname"]); } print ' |'; } if ($p>1) { if (($userinfo['sa']) or ($p_info['sponsorid'] == $p_id)) { print ' Delete |'; } } if ($p > 0) { print ' Browse |'; } else if ($g > 0) { print ' Edit ' . crunchtext($g_info["groupname"]) . ' |'; } else { print ' Return to Directory |'; } if (($userinfo["sa"]) or ($p_info["sponsorid"] == $p_id) or ($p == $p_id)) { print ' '; print 'Transfer sponsorship |'; } } print ""; } if ($p>0) { $pagetitle = crunchtext($p_info["firstname"] . ' ' . $p_info["lastname"]) . ' (edit)'; } else { $pagetitle = "Create New Member"; } printhtmlheader ($pagetitle); printmasthead ('Edit Member Details','masthead_memberedit'); printeditfeedback(); if ($p>0) { print '

' . crunchtext($p_info["firstname"] . ' ' . $p_info["lastname"]) . "

\n"; } else if ($g > 0) { print "

New Member of "; print crunchtext($g_info["groupname"]); print "

\n"; } else { print "

New Member

\n"; } // append '?p=#' for existing people; for new members (negative numbers) leave it hidden in the form $urltag = ''; if ($p > 0) $urltag = '?p=' . $p; formstart($urltag); print "\n"; function showsectiontitle ($titletext) { print "

\n"; print "

$titletext

\n"; print "\n"; } function showeditabletext ($fieldname, $displayname, $inputtype='TEXT') { global $p_info; print ""; print "\n"; } // hidden fields $_POST["p"] = $p; formhiddeninput ("p"); $_POST["g"] = $g; formhiddeninput ("g"); $_POST["edit"] = TRUE; formhiddeninput ("edit"); // basic info showsectiontitle ("Basic Information"); showeditabletext ("lastname","Last Name:"); showeditabletext ("firstname","First Name:"); showeditabletext ("mailaddress","Mailing Address:"); showeditabletext ("homephone","Home Phone:"); showeditabletext ("workphone","Work Phone:"); showeditabletext ("fax","Fax:"); showeditabletext ("celphone","Cel:"); showeditabletext ("email","Email:"); // webpage: coerce "http://" correctly if (strtolower($_POST['edit_webpage']) == '') { $_POST['edit_webpage'] = 'http://'; } showeditabletext ("webpage","Web Page:"); // nick/pass showsectiontitle ("Nickname & Password"); showeditabletext ("nickname","Nickname:"); showeditabletext ("password","New Password:",'PASS'); showeditabletext ("password2","New Password (again):",'PASS'); // misc showsectiontitle ("Miscellaneous Options"); // privacy print ""; print "\n"; // SA toggle (only SA's get this option; may not adjust root user!) if ($userinfo["sa"] and ($p > 1)) { print ""; print "\n"; } print "

$displayname	"; // create and install "edit_[fieldname]" POST variables for use in the form $formfield = "edit_" . $fieldname; $_POST[$formfield] = $p_info[$fieldname]; if ($inputtype == 'INT') { formnumberinput ($formfield, 50); } elseif ($inputtype == 'PASS'){ formpasswordinput ($formfield, 50); } else { formtextinput ($formfield, 50); } print "
Phone/Email Visible To:	"; $formfield = "edit_privacy"; $_POST[$formfield] = $p_info["privacy"]; $privoptions = array ( '0' => 'Members Only', '-1' => 'Everyone' ); formpopupinput ($formfield,$privoptions); print "
System Administrator:	"; $formfield = "edit_sa"; $_POST[$formfield] = $p_info["sa"]; $saoptions = array ( '0' => 'No', '1' => 'Yes' ); formpopupinput ($formfield,$saoptions); print "

\n"; formend(); ?>