PHP Classes
elePHPant
Icontem

File: phpsecureweb/accountsModify.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Bulent Tezcan  >  phpsecureweb  >  phpsecureweb/accountsModify.php  >  Download  
File: phpsecureweb/accountsModify.php
Role: Application script
Content type: text/plain
Description: modify accounts
Class: phpsecureweb
Allow users certain rights, login with password.
Author: By
Last change:
Date: 12 years ago
Size: 3,703 bytes
 

Contents

Class file image Download
<?php
   
/*
    * @author Bulent Tezcan. bulent@greenpepper.ca
    */

   
require_once "Security.class.php";

    require_once
"Accounts.class.php";

   
session_start();

   
$Accounts = new Accounts();
   
$mySecurity = new Security( );
   
   
#
    # This should be added in every script. Ofcourse the action name
    # will be different for each script.
    #
   
if ($mySecurity-> isNotAllowedTo('Modify Account') and
           
$mySecurity-> isNotAllowedTo('Delete Account'))
    {
        if (
$mySecurity-> isAllowedTo('Show Admin Menu'))
           
$mySecurity-> GotoThisPage( "adminmenu.php" );
        else
           
$mySecurity-> GotoThisPage( "login.php" );
    }

   
ob_start( );

   
#
    # If the user manually enters some accountid, we should check if it does exist
    # originally in their database query......
    #
   
if (!array_key_exists ( $_GET['accountId'],
                                                   
$_SESSION['accounts_read_from_table']))
    {
       
$mySecurity-> GotoThisPage( "bogus.php" );
    }

    include
"header.inc.php";
   
   
$FormElements = array_merge($_POST['form_AccountsForm'],
                                                           
$_POST['form_accounts_group_information']);

    if (
$FormElements["B_clear"])
        unset (
$FormElements);

    if (
$_GET['mode'] == 'edit')
    {
        if (
$mySecurity-> isAllowedTo('Modify Account'))
        {
           
# we can modify the Account information
           
if ($FormElements["B_submit"])
            {
                if (!
$Accounts-> ErrCheckAccountsForm($FormElements,$_GET['accountId'],$_GET['mode']))
                    if (
$Accounts-> UpdateAccount($FormElements,$_GET['accountId']))
                       
$mySecurity-> GoToThisPage( "accountsList.php", "selectlisttype=".$_GET['selectlisttype'] );
            }
            if (
$FormElements["B_add_groups"])
            {
               
$Accounts-> AddGroupsToAccount($FormElements);
            }
            if (
$FormElements["B_remove_groups"])
            {
               
$Accounts-> RemoveGroupsFromAccount($FormElements);
            }
        }
        else
           
$mySecurity-> GotoNotAuthorized( );
    }
    elseif (
$_GET['mode'] == 'delete')
    {
        if (
$mySecurity-> isAllowedTo('Delete Account'))
        {
           
# we can delete the Account
           
if ($FormElements["B_submit"])
            {
                if (
$Accounts-> DeleteAccount($_GET['accountId']))
                   
$mySecurity-> GotoThisPage( "accountsList.php", "selectlisttype=".$_GET['selectlisttype'] );
            }
        }
        else
           
$mySecurity-> GotoNotAuthorized( );
    }
    else
    {
       
$mySecurity-> GotoThisPage( "adminmenu.php" );
    }
   
    if (
$FormElements["B_cancel"])
    {
       
$mySecurity-> GotoThisPage( "accountsList.php", "selectlisttype=".$_GET['selectlisttype'] );
    }


    if (
$_GET['accountId'] AND $FormElements['firstname'] == "")
    {
       
$ObjectResult = $Accounts-> GetAccount($_GET['accountId']);

       
$FormElements['accountId'] = $ObjectResult->fields("accountid");
       
$FormElements['firstname'] = $ObjectResult->fields("firstname");
       
$FormElements['lastname'] = $ObjectResult->fields("lastname");
       
$FormElements['initials'] = $ObjectResult->fields("initials");
       
$FormElements['username'] = $ObjectResult->fields("username");
       
$FormElements['groupid'] = $ObjectResult->fields("groupid");
       
$FormElements['email'] = $ObjectResult->fields("email");
       
$FormElements['hintquestion'] = $ObjectResult->fields("hintquestion");
       
$FormElements['hintanswer'] = $ObjectResult->fields("hintanswer");
       
$FormElements['expired'] = $ObjectResult->fields("expired");
       
$FormElements['tries'] = $ObjectResult->fields("tries");
       
$FormElements['lasttrieddate'] = $ObjectResult->fields("lasttrieddate");
    }

    if (
$_GET['mode'] == 'edit')
       
$alsoSendAccountsGroupForm = TRUE;
   
    echo
$Accounts->SendAccountsForm($FormElements,$alsoSendAccountsGroupForm);

    if (
$mySecurity-> isAllowedTo('Show Admin Menu'))
        include
"donate.inc.php";

    include
"footer.inc.php";

   
ob_end_flush( );

    return
true;
?>