addnew.php
3.26 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
<?php
#echo $_SESSION['uid'];
#die(var_dump($_POST));
if(!$_SESSION['logged']) {
die();
}
if( is_group_leader($db, $_SESSION['uid'])) {
if(!is_in_leaders_group($db, $_SESSION['uid'], $_GET['uid'])) {
die("cheat1");
}
} else {
if($_SESSION['uid'] != $_GET['uid']) {
die("cheat2");
}
}
if($_POST['uid']) {
if($_POST['sessuid'] != $_SESSION['uid']) {
die("cheat3");
}
if( is_group_leader($db, $_SESSION['uid'])) {
if(!is_in_leaders_group($db, $_SESSION['uid'], $_POST['uid'])) {
die("cheat4");
}
} else {
if($_SESSION['uid'] != $_POST['uid']) {
die("cheat5");
}
}
if($_POST['delete'] === "TRUE") {
if($_POST['uid'] != $_SESSION['uid']) {
if (!ticket_is_locked($db, $_POST['uid'])) {
$delid = $_POST['uid'];
$db->delete('USER', "ID=$delid");
$db->delete('USERGROUP_USER', "members_ID=$delid");
Header('Location:index.php?pid=details');
} else {
Header('Location:index.php?pid=details&mid=1');
}
}
}
$validator = array(
"nick" => "/[a-zA-Z0-9]+/",
"email" => "(\w+@[a-zA-Z_]+?\.[a-zA-Z]{2,6})",
"name" => "/[a-zA-Z- ]+/",
"address" => "/[a-zA-Z0-9- \.]+/",
"zip" => "/\d+/",
"town" => "/[a-zA-Z0-9- \.]+/",
"phone" => "/[0-9 ]+/",
"female" => "/[0-1]{1}/",
"birthyear" => "/[0-9]{4}/",
);
$inp = array();
foreach ($validator as $key => $val) {
if(preg_match($val, $_POST[$key])) {
$inp[strtoupper($key)] = $_POST[$key];
}
}
# TODO: VALIDATE
if(count($inp) == 0) {
Header('Location:index.php?pid=details&mid=1');
}
$uid = $db->quote($_POST['uid']);
if($db->update('USER', $inp, 'ID=' . $uid)) {
Header('Location:index.php?pid=details');
} else {
Header('Location:index.php?pid=details&mid=1');
}
}
if($_GET['uid']) {
$asia .= "<div id='left'>";
$uid = $_GET['uid'];
$r = $db->fetchRow("SELECT * FROM USER WHERE ID = '$uid' LIMIT 1");
$f = new renderForm();
$uid = $_GET['uid'];
$f->start("/index.php?pid=editdetail&uid=$uid", 'POST');
$f->inp('', 'sessuid', 'hidden', $_SESSION['uid']);
$f->inp('', 'uid', 'hidden', $r['ID']);
$f->inp('Nimi', 'name', 'text', $r['NAME']);
$f->inp('Nick', 'nick', 'text', $r['NICK']);
$f->inp('Sähköposti', 'email', 'text', $r['EMAIL']);
$f->inp('Osoite', 'address', 'text', $r['ADDRESS']);
$f->inp('Postinumero', 'zip', 'text', $r['ZIP']);
$f->inp('Paikkakunta', 'town', 'text', $r['TOWN']);
$f->inp('Syntymävuosi', 'birthyear', 'text', $r['BIRTHYEAR']);
$f->inp('Mies', 'female', 'radio', '0', $r['FEMALE'] === '0' ? TRUE : FALSE);
$f->inp('Nainen', 'female', 'radio', '1', $r['FEMALE'] === '1' ? TRUE : FALSE);
$f->inp('Poista tämä lippu?', 'delete', 'checkbox', 'TRUE');
$f->inp('', 'submit', 'submit', 'Muuta tiedot');
$asia .= $f->end();
$asia .= "</div>";
$asia .= "<div id='right'>";
$asia .= note("Tunnuksen poisto", "Voit poistaa tunnuksen laittamalla rastin ruutuun \"Poista tämä lippu\" ja klikkaamalla \"Muuta tiedot\".");
$asia .= "</div>";
}
?>