sitracker/edit_backup_users.php at master · dipohl/sitracker · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
<?php
// edit_backup_users.php
//
// SiT (Support Incident Tracker) - Support call tracking system
// Copyright (C) 2010-2014 The Support Incident Tracker Project
// Copyright (C) 2000-2009 Salford Software Ltd. and Contributors
//
// This software may be used and distributed according to the terms
// of the GNU General Public License, incorporated herein by reference.
//


// Author: Ivan Lucas <ivanlucas[at]users.sourceforge.net>

// This Page Is Valid XHTML 1.0 Transitional!   3Nov05
require ('core.php');
require (APPLICATION_LIBPATH . 'functions.inc.php');

if (empty($_REQUEST['user'])
    OR $_REQUEST['user'] == 'current'
    OR $_REQUEST['user'] == $_SESSION['userid']
    OR $_REQUEST['userid'] == $_SESSION['userid'])
{
    $permission = PERM_MYSKILLS_SET; // Edit your software skills
}
else
{
    $permission = PERM_USER_SKILLS_SET; // Manage users software skills
}

// This page requires authentication
require (APPLICATION_LIBPATH.'auth.inc.php');

// Valid user with Permission
// External variables
$save = clean_fixed_list($_REQUEST['save'], array('', 'save'));
$title = $strDefineSubstituteEngineer;

if (empty($save))
{
    // External variables
    $user = clean_int($_REQUEST['user']);
    if (empty($user) OR $_REQUEST['user'] == 'current')
    {
        $user = clean_int($sit[2]);
    }

    $default = clean_int($_REQUEST['default']);
    $softlist = cleanvar($_REQUEST['softlist']);

    include (APPLICATION_INCPATH . 'htmlheader.inc.php');
    echo "<h2>".icon('user', 32)." ".sprintf($strDefineSubstituteEngineersFor, user_realname($user, TRUE))."</h2>\n";
    plugin_do('edit_backup_users');
    echo "<form name='def' action='{$_SERVER['PHP_SELF']}' method='post'>";
    echo "<input type='hidden' name='user' value='{$user}' />";
    echo "<p align='center'>{$strDefaultSubstitute}: ";
    echo user_drop_down('default', $default, FALSE, $user, "onchange='javascript:this.form.submit();'");
    echo "</p>";
    echo "</form>";

    $sql = "SELECT * FROM `{$dbUserSoftware}` AS us, `{$dbSoftware}` AS s ";
    $sql .= "WHERE us.softwareid = s.id AND userid='{$user}' ORDER BY name";
    $result = mysqli_query($db, $sql);
    $countsw = mysqli_num_rows($result);

    if ($countsw >= 1)
    {
        echo "<form action='{$_SERVER['PHP_SELF']}' method='post'>\n";
        echo "<table class='maintable'>\n";
        echo "<tr><th>{$strSkill}</th><th>{$strSubstitute}</th></tr>";
        $class = 'shade1';
        while ($software = mysqli_fetch_object($result))
        {
            echo "<tr class='$class'>";
            echo "<td><strong>{$software->id}</strong>: {$software->name}</td>";
            if ($software->backupid == 0)
            {
                $software->backupid = $default;
            }

            echo "<td>".software_backup_dropdown('backup[]', $user, $software->id, $software->backupid)."</td>";
            echo "</tr>\n";
            if ($class == 'shade2') $class = "shade1";
            else $class = "shade2";
            flush();
            $softarr[] = $software->id;
        }
        $softlist = implode(',',$softarr);
        plugin_do('edit_backup_users_form');
        echo "</table>\n";
        echo "<input type='hidden' name='user' value='{$user}' />";
        echo "<input type='hidden' name='softlist' value='{$softlist}' />";
        echo "<input type='hidden' name='save' value='save' />";
        echo "<p class='formbuttons'><input name='reset' type='reset' value='{$strReset}' /> <input type='submit' value='{$strSave}' /></p>";
        echo "</form>";
    }
    else
    {
        echo user_alert($strNoSkillsDefined, E_USER_WARNING);
    }
    include (APPLICATION_INCPATH . 'htmlfooter.inc.php');
}
else
{
    // External variables
    $softlist = explode(',', cleanvar($_REQUEST['softlist']));
    $backup = clean_int($_REQUEST['backup']);
    $user = clean_int($_REQUEST['user']);

    // If user variable is zero edit your own
    if ($user < 1)
    {
        $user = clean_int($sit[2]);
    }
    plugin_do('edit_backup_users_submitted');

    foreach ($backup AS $key => $backupid)
    {
        $softlist[$key] = clean_int($softlist[$key]);
        $sql = "UPDATE `{$dbUserSoftware}` SET backupid='{$backupid}' WHERE userid='{$user}' AND softwareid='{$softlist[$key]}' LIMIT 1 ";
        mysqli_query($db, $sql);
        if (mysqli_error($db)) trigger_error(mysqli_error($db), E_USER_ERROR);
    }
    plugin_do('edit_backup_users_saved');
    if ($user == $sit[2]) html_redirect("edit_user_skills.php", TRUE);
    else html_redirect("manage_users.php");
}

?>