'.__('You don\'t have enough privileges to view this section').''); } } /* REMOVE IMAGE */ if (isset($_POST['removeImage']) && isset($_POST['uimg']) && isset($_POST['img'])) { $_delete = $dbs->query(sprintf('UPDATE user SET user_image=NULL WHERE user_id=%d', $_POST['uimg'])); if ($_delete) { @unlink(sprintf(IMGBS.'persons/%s',$_POST['img'])); exit(''); } exit(); } /* RECORD OPERATION */ if (isset($_POST['saveData'])) { $userName = trim(strip_tags($_POST['userName'])); $realName = trim(strip_tags($_POST['realName'])); $passwd1 = trim($_POST['passwd1']); $passwd2 = trim($_POST['passwd2']); // check form validity if (empty($userName) OR empty($realName)) { utility::jsAlert(__('User Name or Real Name can\'t be empty')); exit(); } else if (($userName == 'admin' OR $realName == 'Administrator') AND $_SESSION['uid'] != 1) { utility::jsAlert(__('Login username or Real Name is probihited!')); exit(); } else if (($passwd1 AND $passwd2) AND ($passwd1 !== $passwd2)) { utility::jsAlert(__('Password confirmation does not match. See if your Caps Lock key is on!')); exit(); } else { $data['username'] = $dbs->escape_string(trim($userName)); $data['realname'] = $dbs->escape_string(trim($realName)); $data['user_type'] = (integer)$_POST['userType']; $data['email'] = $dbs->escape_string(trim($_POST['eMail'])); $social_media = array(); foreach ($_POST['social'] as $id => $social) { $social_val = $dbs->escape_string(trim($social)); if ($social_val != '') { $social_media[$id] = $social_val; } } if ($social_media) { $data['social_media'] = $dbs->escape_string(serialize($social_media)); } if (isset($_POST['noChangeGroup'])) { // parsing groups data $groups = ''; if (isset($_POST['groups']) AND !empty($_POST['groups'])) { $groups = serialize($_POST['groups']); } else { $groups = 'literal{NULL}'; } $data['groups'] = trim($groups); } if (($passwd1 AND $passwd2) AND ($passwd1 === $passwd2)) { $data['passwd'] = password_hash($passwd2, PASSWORD_BCRYPT); // $data['passwd'] = 'literal{MD5(\''.$passwd2.'\')}'; } $data['input_date'] = date('Y-m-d'); $data['last_update'] = date('Y-m-d'); if (!empty($_FILES['image']) AND $_FILES['image']['size']) { // create upload object $upload = new simbio_file_upload(); $upload->setAllowableFormat($sysconf['allowed_images']); $upload->setMaxSize($sysconf['max_image_upload']*1024); // approx. 100 kb $upload->setUploadDir(IMGBS.'persons'); // give new name for upload file $new_filename = 'user_'.str_replace(array(',', '.', ' ', '-'), '_', strtolower($data['username'])); $upload_status = $upload->doUpload('image', $new_filename); if ($upload_status == UPLOAD_SUCCESS) { $data['user_image'] = $dbs->escape_string($upload->new_filename); } } else if (!empty($_POST['base64picstring'])) { list($filedata, $filedom) = explode('#image/type#', $_POST['base64picstring']); $filedata = base64_decode($filedata); $fileinfo = getimagesizefromstring($filedata); $valid = strlen($filedata)/1024 < $sysconf['max_image_upload']; $valid = (!$fileinfo || $valid === false) ? false : in_array($fileinfo['mime'], $sysconf['allowed_images_mimetype']); $new_filename = 'user_'.str_replace(array(',', '.', ' ', '-'), '_', strtolower($data['username'])).'.'.strtolower($filedom); if ($valid AND file_put_contents(IMGBS.'persons/'.$new_filename, $filedata)) { $data['user_image'] = $dbs->escape_string($new_filename); if (!defined('UPLOAD_SUCCESS')) define('UPLOAD_SUCCESS', 1); $upload_status = UPLOAD_SUCCESS; } } // create sql op object $sql_op = new simbio_dbop($dbs); if (isset($_POST['updateRecordID'])) { /* UPDATE RECORD MODE */ // remove input date unset($data['input_date']); // filter update record ID $updateRecordID = (integer)$_POST['updateRecordID']; // update the data $update = $sql_op->update('user', $data, 'user_id='.$updateRecordID); if ($update) { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' update user data ('.$data['realname'].') with username ('.$data['username'].')'); utility::jsAlert(__('User Data Successfully Updated')); // upload status alert if (isset($upload_status)) { if ($upload_status == UPLOAD_SUCCESS) { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system/user', $_SESSION['realname'].' upload image file '.$upload->new_filename); utility::jsAlert(__('Image Uploaded Successfully')); } else { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system/user', 'ERROR : '.$_SESSION['realname'].' FAILED TO upload image file '.$upload->new_filename.', with error ('.$upload->error.')'); utility::jsAlert(__('Image FAILED to upload')); } } echo ''; } else { utility::jsAlert(__('User Data FAILED to Updated. Please Contact System Administrator')."\nDEBUG : ".$sql_op->error); } exit(); } else { /* INSERT RECORD MODE */ // insert the data if ($sql_op->insert('user', $data)) { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' add new user ('.$data['realname'].') with username ('.$data['username'].')'); utility::jsAlert(__('New User Data Successfully Saved')); // upload status alert if (isset($upload_status)) { if ($upload_status == UPLOAD_SUCCESS) { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system/user', $_SESSION['realname'].' upload image file '.$upload->new_filename); utility::jsAlert(__('Image Uploaded Successfully')); } else { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system/user', 'ERROR : '.$_SESSION['realname'].' FAILED TO upload image file '.$upload->new_filename.', with error ('.$upload->error.')'); utility::jsAlert(__('Image FAILED to upload')); } } echo ''; } else { utility::jsAlert(__('User Data FAILED to Save. Please Contact System Administrator')."\n".$sql_op->error); } exit(); } } exit(); } else if (isset($_POST['itemID']) AND !empty($_POST['itemID']) AND isset($_POST['itemAction'])) { if (!($can_read AND $can_write)) { die(); } /* DATA DELETION PROCESS */ $sql_op = new simbio_dbop($dbs); $failed_array = array(); $error_num = 0; if (!is_array($_POST['itemID'])) { // make an array $_POST['itemID'] = array((integer)$_POST['itemID']); } // loop array foreach ($_POST['itemID'] as $itemID) { $itemID = (integer)$itemID; // get user data $user_q = $dbs->query('SELECT username, realname FROM user WHERE user_id='.$itemID); $user_d = $user_q->fetch_row(); if (!$sql_op->delete('user', "user_id='$itemID'")) { $error_num++; } else { // write log utility::writeLogs($dbs, 'staff', $_SESSION['uid'], 'system', $_SESSION['realname'].' DELETE user ('.$user_d[1].') with username ('.$user_d[0].')'); } } // error alerting if ($error_num == 0) { utility::jsAlert(__('All Data Successfully Deleted')); echo ''; } else { utility::jsAlert(__('Some or All Data NOT deleted successfully!\nPlease contact system administrator')); echo ''; } exit(); } /* RECORD OPERATION END */ if (!$changecurrent) { /* search form */ ?>
'.__('You don\'t have enough privileges to view this section').''); } /* RECORD FORM */ // try query $itemID = (integer)isset($_POST['itemID'])?$_POST['itemID']:0; if ($changecurrent) { $itemID = (integer)$_SESSION['uid']; } $rec_q = $dbs->query('SELECT * FROM user WHERE user_id='.$itemID); $rec_d = $rec_q->fetch_assoc(); // create new instance $form = new simbio_form_table_AJAX('mainForm', $_SERVER['PHP_SELF'].'?'.$_SERVER['QUERY_STRING'], 'post'); $form->submit_button_attr = 'name="saveData" value="'.__('Save').'" class="btn btn-default"'; // form table attributes $form->table_attr = 'align="center" id="dataList" cellpadding="5" cellspacing="0"'; $form->table_header_attr = 'class="alterCell" style="font-weight: bold;"'; $form->table_content_attr = 'class="alterCell2"'; // edit mode flag set if ($rec_q->num_rows > 0) { $form->edit_mode = true; // record ID for delete process if (!$changecurrent) { // form record id $form->record_id = $itemID; } else { $form->addHidden('updateRecordID', $itemID); $form->back_button = false; } // form record title $form->record_title = $rec_d['realname']; // submit button attribute $form->submit_button_attr = 'name="saveData" value="'.__('Update').'" class="btn btn-default"'; } /* Form Element(s) */ // user name $form->addTextField('text', 'userName', __('Login Username').'*', $rec_d['username'], 'style="width: 50%;"'); // user real name $form->addTextField('text', 'realName', __('Real Name').'*', $rec_d['realname'], 'style="width: 50%;"'); // user type $utype_options = array(); foreach ($sysconf['system_user_type'] as $id => $name) { $utype_options[] = array($id, $name); } $form->addSelectList('userType', __('User Type').'*', $utype_options, $rec_d['user_type']); // user e-mail $form->addTextField('text', 'eMail', __('E-Mail'), $rec_d['email'], 'style="width: 50%;"'); // social media link $str_input = ''; $social_media = array(); if ($rec_d['social_media']) { $social_media = @unserialize($rec_d['social_media']); } foreach ($sysconf['social'] as $id => $social) { $str_input .= ' '."\n"; } $form->addAnything(__('Social Media'), $str_input); // user photo $str_input = ''; if ($rec_d['user_image']) { $str_input = ''; } $str_input .= simbio_form_element::textField('file', 'image'); $str_input .= ' '.__('Maximum').' '.$sysconf['max_image_upload'].' KB'; if ($sysconf['webcam'] !== false) { $str_input .= ''.__('or take a photo').'
'; $str_input .= ''; $str_input .= ' | '; $str_input .= __('Ratio:').' | '; $str_input .= __('Format:').' | '; $str_input .= ' | '; $str_input .= ''; $str_input .= '