isAdmin()){ memberField(); // creates an empty field for making a new member $db = dil_connect(); $queryString = "SELECT username FROM members"; if($result = mysql_query($queryString,$db)){ if(($numRows = mysql_num_rows($result)) && ($numRows > 0)){ for($cnt=0; $cnt<$numRows; $cnt++){ $username = mysql_result($result, $cnt, "username"); memberField($username); } } } } else { memberField($user->getUsername()); } } // end formCreateModfiy() //// // Makes a form field for the given username. If no username // is provided, a blank field is used. //// function memberField($username=""){ print "

WARNING: This hasn't been ported to OffhandWay from the old table style yet.

\n"; print "

\n"; print "\n"; $password = $email = $properName = $college = $bio = $shouldBeDoing = $avatarPic = $bioPic = ""; $id = "new"; if($username != ""){ $db = dil_connect(); $queryString = "SELECT * FROM members WHERE username='$username'"; if($result = mysql_query($queryString,$db)){ if(($numRows = mysql_num_rows($result)) && ($numRows > 0)){ $cnt=0; $id = mysql_result($result, $cnt, "id"); $email = mysql_result($result, $cnt, "email"); $properName = mysql_result($result, $cnt, "properName"); $college = mysql_result($result, $cnt, "college"); $bio = mysql_result($result, $cnt, "bio"); $shouldBeDoing = mysql_result($result, $cnt, "shouldBeDoing"); $avatarPic = mysql_result($result, $cnt, "avatarPic"); $bioPic = mysql_result($result, $cnt, "bioPic"); } } } else { $id = "_$id"; $username = getPost("newUsername$id"); $password = getPost("newPassword$id"); $email = getPost("newEmail$id"); $properName = getPost("newProperName$id"); $college = getPost("newCollege$id"); $bio = getPost("newBio$id"); $shouldBeDoing = getPost("newShouldBeDoing$id"); $avatarPic = getPost("newAvatarPic$id"); $bioPic = getPost("newBioPic$id"); $id = substr($id,1); } print "\n"; $id = "_$id"; $bgString = ($id=="_new")?"background-color:#cccccc":""; print "

\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "

".(($id == "_new")?"Add Staff Member":"Change Profile")."
\n"; //$dis = ($id =="_new")?"":" DISABLED"; print " Username \n"; if($id == "_new"){ print " Password \n"; } print " Email \n"; print " Real Name \n"; print "	\n"; print " College \n"; print " URL of tiny pic \n"; print " URL of bio pic \n"; print "
\n"; print "Bio: $bio\n"; print "	\n"; print "What you should be doing (later): $shouldBeDoing\n"; print "
"; print " \n"; print " \n"; print "

\n"; print "

\n"; } // end memberField(...) //// // Processes the creation or modification of a staff member. //// function processCreateModify(){ $id = getPost("id", "new"); $id = "_$id"; $username = getPost("newUsername$id"); $password = getPost("newPassword$id"); $email = getPost("newEmail$id"); $properName = getPost("newProperName$id"); $college = getPost("newCollege$id"); $bio = getPost("newBio$id"); $shouldBeDoing = getPost("newShouldBeDoing$id"); $avatarPic = getPost("newAvatarPic$id"); $bioPic = getPost("newBioPic$id"); $db = dil_connect(); if($id == "_new"){ $password = md5($password); $queryString = "INSERT INTO members (username,password,email,properName,joinedOn,"; $queryString.= "college,bio,shouldBeDoing,avatarPic,bioPic) VALUES ("; $queryString.= "'$username', '$password', '$email', '$properName', NOW(), '$college', "; $queryString.= "'$bio', '$shouldBeDoing', '$avatarPic', '$bioPic')"; $user = getUser(); if($user->isAdmin()){ $numAlready = simpleQuery("SELECT COUNT(*) FROM members WHERE username='$username'"); if($numAlready > 0){ dispError("That username is already taken."); } else { if(mysql_query($queryString,$db)){ dispSuccess("Staff member created"); $_POST = array(); // On success, consume the POST array so that the form is not reinitialized. } else { dispError("Error with query:
$queryString

".mysql_error()); } } } else { dispError("Only admins can add new staff members"); $user = getUser(); $username_curr = $user->getUsername(); logEvent("$username_curr attempted to create a new member but does not have admin priviledges"); } } else { $id = substr($id, 1); // chops off the leading underscore $queryString = "UPDATE members SET username='$username', email='$email', properName='$properName', "; $queryString.= "college='$college', bio='$bio', shouldBeDoing='$shouldBeDoing', "; $queryString.= "avatarPic='$avatarPic', bioPic='$bioPic' WHERE id=$id"; $user = getUser(); $username = $user->getUsername(); $activeId = simpleQuery("SELECT id FROM members WHERE username='$username'"); if($user->isAdmin() || ($activeId == $id)){ // 'user' is who is logged in, not the original user for this id. $origUser = simpleQuery("SELECT username FROM members WHERE id=$id"); $numAlready = simpleQuery("SELECT COUNT(*) FROM members WHERE username='$username'"); if(($origUser != $username) && ($numAlready > 0)){ dispError("That username is already taken"); } else { if(mysql_query($queryString,$db)){ dispSuccess("Profile updated"); } else { dispError("Error with query:
$queryString

".mysql_error()); } } } else { dispError("You do not have priviledges to modify that staff member's profile."); logEvent("$user (id: $activeId) attempted to modify $username's profile (id: $id)."); } } } // end processCreateModify() ?>