';
$sql = "
# Update user, password is set
Update dw_user set
userLevel = ?,
userFirst = ?,
userLast = ?,
userTitle = ?,
userCOA = ?,
userRelease = ?
Where userID = ?
";
$change = true;
$types = 'isssiii';
$array = array(
$userLevel,
$userFirst,
$userLast,
$userTitle,
$userCOA,
$userRelease,
$userID
);
if (!savesql($link, $sql, $types, $array, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
if ($debug)
echo $sql . ' ';
} else {
//need to check for duplicates
//check email, count should be 0 or 1
$sql = "
Select userID
From dw_auth
Where userEmail = ?
";
if (!$qry = mysqli_prepared_query($auth_link, $sql, "s", array($userEmail), __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
if ($debug)
echo $sql . ' ' . mysqli_prepared_num_rows($qry) . ' rows ';
switch (mysqli_prepared_num_rows($qry)) {
case 0:
//user is changing email to a new one
$sql = "
# Update auth, no password
Update dw_auth set
userFirst = ?,
userEmail = ?,
userActive = ?
Where userID = ?
";
$types = 'ssii';
$values = array(
$userFirst,
$userEmail,
$userActive,
$userID
);
if (!savesql($auth_link, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
if ($debug)
echo $sql . ' ';
$sql = "
# Update user, no password
Update dw_user set
userLevel = ?,
userFirst = ?,
userLast = ?,
userTitle = ?,
userCOA = ?,
userDate = ?,
userRelease = ?
Where userID = ?
";
$types = 'isssisii';
$values = array(
$userLevel,
$userFirst,
$userLast,
$userTitle,
$userCOA,
date('Y-m-d'),
$userRelease,
$userID
);
if (!savesql($link, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
if ($debug)
echo $sql . ' ';
$change = true;
break;
case 1:
//normal situation, email already exists, check if userid is ok
if (!isset($_SESSION['userID']))
reporterror("userID is not set", 'none', $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
$sql = "
# Update auth, no password
Update dw_auth set
userFirst = ?,
userEmail = ?,
userActive = ?
Where userID = ?
";
$types = 'ssii';
$values = array(
$userFirst,
$userEmail,
$userActive,
$userID
);
if (!savesql($auth_link, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
if ($debug)
echo $sql . ' ';
$sql = "
# Update user, no password
Update dw_user set
userLevel = ?,
userFirst = ?,
userLast = ?,
userTitle = ?,
userCOA = ?,
userDate = ?,
userRelease = ?
Where userID = ?
";
$types = 'isssisii';
$values = array(
$userLevel,
$userFirst,
$userLast,
$userTitle,
$userCOA,
date('Y-m-d'),
$userRelease,
$userID
);
if (!savesql($link, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
if ($debug)
echo $sql . ' ';
$change = true;
break;
default:
$message['type'] = "error";
$message['text'] = $userEmail . " already exists. " . $userFirst . " " . $userLast . "'s details were not updated";
}
}
if ($change) {
$message['type'] = "ok";
$message['text'] = $userFirst . " " . $userLast . "'s details have been updated";
if (!$debug) {
//inform user
$body = 'Your profile was changed in DairyWindow by ' . $_SESSION['userFirst'] . ' ' . $_SESSION['userLast'] . ' at ' . date('D d M y H:m') . ' by IP address ' . $_SERVER['REMOTE_ADDR'];
if (isset($_POST['userPassword'])) {
$body .= ' Your password is now ' . $_POST['userPassword'] . '
Don\'t forget that passwords are cAsE sEnSiTiVe. Ensure you copy and paste the whole thing.
If you didn\'t make this change, please let us know.';
}
if (email($userEmail, 'DW profile change', $body))
$message['text'] .= ", and an email was sent";
if (isset($phone) && $phone != "" && $phone != null && isset($_POST['userPassword'])) {
require "inc/sms.php";
$text = substr("Your DW profile has changed. Your password is now '" . $_POST['userPassword'] . "'. If you didnt make this change, please contact admin@dairywindow.nz immediately", 0, 159);
sms($text, $phone);
}
}
}
} else {
//add new user
$sql = "
# need to check that the user doesnt already exist
Select userID
From dw_auth
Where userEmail = ?
";
if (!$qry = mysqli_prepared_query($auth_link, $sql, "s", array($userEmail), __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
if (mysqli_prepared_num_rows($qry) > 0) {
$message['type'] = "error";
$message['text'] = "Sorry but user with email '" . $userEmail . "' already exists";
} else {
$userPassword = password_hash($_POST['userPassword'], PASSWORD_DEFAULT);
$sql = "#insert into auth table
Insert Into dw_auth ( userFirst, userEmail, userPassword, userActive, userSite )
Values ( ? , ? , ? , ? , ? )";
$types = ' s s s i i ';
$values = array($userFirst, $userEmail, $userPassword, 1, $_SESSION['userSite']);
if (!$userID = savesql($auth_link, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
if ($debug)
echo '
';
$sql = "#insert into normal table
Insert Into dw_user ( userID, userLevel, userLast, userTitle, userCOA, userDate, userOOS, userStyle, userRelease)
Values ( ? , ? , ? , ? , ? , ? , ? , ? , ? )";
$types = ' i i s s i s s i i ';
$values = array($userID, $userLevel, $userLast, $userTitle, $userCOA, date('Y-m-d'), 1, 1, $userRelease);
$userodl = false;
switch ($_SESSION['userSite']) {
case 4: //odl
$userodl = true;
$link7 = new mysqli($server, $dbusername, $dbpassword, 'dw_7');
if (!savesql($link7, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
$link8 = new mysqli($server, $dbusername, $dbpassword, 'dw_8');
if (!savesql($link8, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
break;
$link13 = new mysqli($server, $dbusername, $dbpassword, 'dw_13');
if (!savesql($link13, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
break;
case 7: //uht
$userodl = true;
$link4 = new mysqli($server, $dbusername, $dbpassword, 'dw_4');
if (!savesql($link4, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
$link8 = new mysqli($server, $dbusername, $dbpassword, 'dw_8');
if (!savesql($link8, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
break;
$link13 = new mysqli($server, $dbusername, $dbpassword, 'dw_13');
if (!savesql($link13, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
break;
case 8: //c&b
$userodl = true;
$link4 = new mysqli($server, $dbusername, $dbpassword, 'dw_4');
if (!savesql($link4, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
$link7 = new mysqli($server, $dbusername, $dbpassword, 'dw_7');
if (!savesql($link7, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
break;
$link13 = new mysqli($server, $dbusername, $dbpassword, 'dw_13');
if (!savesql($link13, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
break;
case 13: //m&s
$userodl = true;
$link4 = new mysqli($server, $dbusername, $dbpassword, 'dw_4');
if (!savesql($link4, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
$link7 = new mysqli($server, $dbusername, $dbpassword, 'dw_7');
if (!savesql($link7, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
break;
$link8 = new mysqli($server, $dbusername, $dbpassword, 'dw_8');
if (!savesql($link8, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
break;
}
if (!savesql($link, $sql, $types, $values, __FILE__, __LINE__))
reporterror(get_error(), $sql, $_SERVER['REQUEST_URI'], __FILE__, __LINE__);
$message['type'] = "ok";
$message['text'] = $userFirst . " " . $userLast . "'s profile was created, you will need to send an email to inform them";
//inform user
$body = "Your profile has been created in DairyWindow.
Your username is " . $userEmail . "
Your password is " . $_POST['userPassword'] . "
The address for DairyWindow is https://www.dairywindow.nz/home.php
If you need any help, please email admin@dairywindow.nz";
if (email($userEmail, 'DairyWindow profile', $body)) {
if ($userodl) {
$message['text'] = $userFirst . " " . $userLast . "'s profile was created in all 3 plants, and an email was sent to inform them";
} else {
$message['text'] = $userFirst . " " . $userLast . "'s profile was created, and an email was sent to inform them";
}
} else {
$message['text'] = $userFirst . " " . $userLast . "'s profile was created, but an email could NOT be sent to inform them. Is the email address correct?";
}
}
}
}
$title = "Users";
require "inc/head.php";
$menu = "user";
require "inc/menu.php";
if ($debug)
showdebug();
?>