311 // another user that goes by the wanted username. So, go ahead! |
311 // another user that goes by the wanted username. So, go ahead! |
312 |
312 |
313 $query = "UPDATE users SET |
313 $query = "UPDATE users SET |
314 username = " . $db->quote($user, 'text') . ", |
314 username = " . $db->quote($user, 'text') . ", |
315 fullname = " . $db->quote($fullname, 'text') . ", |
315 fullname = " . $db->quote($fullname, 'text') . ", |
316 email = " . $db->quote($email, 'text') . ", |
316 email = " . $db->quote($email, 'text') . ","; |
317 perm_templ = " . $db->quote($perm_templ, 'integer') . ", |
317 if (verify_permission('user_edit_templ_perm')) { |
318 description = " . $db->quote($description, 'text') . ", |
318 $query .= "perm_templ = " . $db->quote($perm_templ, 'integer') . ","; |
|
319 } |
|
320 $query .= "description = " . $db->quote($description, 'text') . ", |
319 active = " . $db->quote($active, 'integer') ; |
321 active = " . $db->quote($active, 'integer') ; |
320 |
322 |
321 if($password != "") { |
323 if($password != "") { |
322 $query .= ", password = " . $db->quote(md5($password), 'text') ; |
324 $query .= ", password = " . $db->quote(md5($password), 'text') ; |
323 } |
325 } |
732 function add_new_user($details) { |
734 function add_new_user($details) { |
733 global $db; |
735 global $db; |
734 |
736 |
735 if (!verify_permission('user_add_new')) { |
737 if (!verify_permission('user_add_new')) { |
736 error(ERR_PERM_ADD_USER); |
738 error(ERR_PERM_ADD_USER); |
737 |
739 return false; |
738 } elseif (user_exists($details['username'])) { |
740 } elseif (user_exists($details['username'])) { |
739 error(ERR_USER_EXISTS); |
741 error(ERR_USER_EXISTS); |
740 |
742 return false; |
741 } elseif (!is_valid_email($details['email'])) { |
743 } elseif (!is_valid_email($details['email'])) { |
742 error(ERR_INV_EMAIL); |
744 error(ERR_INV_EMAIL); |
743 |
745 return false; |
744 } elseif ($details['active'] == 1) { |
746 } elseif ($details['active'] == 1) { |
745 $active = 1; |
747 $active = 1; |
746 } else { |
748 } else { |
747 $active = 0; |
749 $active = 0; |
748 } |
750 } |
749 |
751 |
750 $query = "INSERT INTO users (username, password, fullname, email, description, perm_templ, active) VALUES (" |
752 $query = "INSERT INTO users (username, password, fullname, email, description,"; |
|
753 if (verify_permission('user_edit_templ_perm')) { |
|
754 $query .= ' perm_templ,'; |
|
755 } |
|
756 $query .= " active) VALUES (" |
751 . $db->quote($details['username'], 'text') . ", " |
757 . $db->quote($details['username'], 'text') . ", " |
752 . $db->quote(md5($details['password']), 'text') . ", " |
758 . $db->quote(md5($details['password']), 'text') . ", " |
753 . $db->quote($details['fullname'], 'text') . ", " |
759 . $db->quote($details['fullname'], 'text') . ", " |
754 . $db->quote($details['email'], 'text') . ", " |
760 . $db->quote($details['email'], 'text') . ", " |
755 . $db->quote($details['descr'], 'text') . ", " |
761 . $db->quote($details['descr'], 'text') . ", "; |
756 . $db->quote($details['perm_templ'], 'integer') . ", " |
762 if (verify_permission('user_edit_templ_perm')) { |
757 . $db->quote($active, 'integer') |
763 $query .= $db->quote($details['perm_templ'], 'integer') . ", "; |
|
764 } |
|
765 $query .= $db->quote($active, 'integer') |
758 . ")"; |
766 . ")"; |
759 |
|
760 $response = $db->query($query); |
767 $response = $db->query($query); |
761 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
768 if (PEAR::isError($response)) { error($response->getMessage()); return false; } |
762 |
769 |
763 return true; |
770 return true; |
764 } |
771 } |