. define('PEOPLE_DB_FIELDS', 'username,password,name,privs,balance'); require_once('code/wfpl/template.php'); require_once('code/wfpl/format.php'); require_once('code/wfpl/messages.php'); require_once('code/wfpl/email.php'); require_once('code/db_connect.php'); function people_get_fields() { $username = format_oneline($_REQUEST['username']); $password = format_oneline($_REQUEST['password']); $name = format_oneline($_REQUEST['name']); $privs = format_int($_REQUEST['privs']); $balance = format_decimal($_REQUEST['balance']); people_tem_sets($username, $password, $name, $privs, $balance); return array($username, $password, $name, $privs, $balance); } function people_tem_sets($username, $password, $name, $privs, $balance) { tem_set('username', $username); tem_set('password', $password); tem_set('name', $name); tem_set('privs', $privs); tem_set('balance', $balance); } # You may pass a "where clause" for the db query. function people_display_listing($where = 'order by name limit 100') { $rows = db_get_rows('people', 'id,name,username', $where); if($rows == false || count($rows) == 0) { tem_show('empty_listing'); tem_show('listings'); return false; } foreach($rows as $row) { list($id, $name, $username) = $row; tem_set('id', $id); if($username == '') { $username = '--'; } tem_set('name', $name); tem_set('username', $username); tem_show('listing_row'); } tem_show('populated_listing'); tem_show('listings'); return true; } function people_main() { if(!logged_in_as_contractor()) { $GLOBALS['url'] = this_url(); message('You must be logged in as an administrator to access that function'); return 'login'; } $ret = _people_main(); if($ret) { return $ret; } } function _people_main() { $edit_id = format_int($_REQUEST['people_edit_id']); unset($_REQUEST['people_edit_id']); if($edit_id) { # add hidden field for database id of row we're editing tem_set('people_edit_id', $edit_id); tem_show('editing'); } $delete_id = format_int($_REQUEST['people_delete_id']); unset($_REQUEST['people_delete_id']); if($delete_id) { db_delete('people', 'where id=%i', $delete_id); message('Entry deleted.'); return './people.html'; } if(!$edit_id) { if(!isset($_REQUEST['people_new']) && !isset($_REQUEST['username'])) { people_display_listing(); return; } tem_show('new_msg'); } if(isset($_REQUEST['username'])) { list($username, $password, $name, $privs, $balance) = people_get_fields(); if("you're happy with the POSTed values") { if(strlen($password) == 35 && substr($password, 32, 1) == ':') { $password_hash = $password; # so we can edit a record, and leave the password be } else { $password_hash = encrypt_password($password); } if($edit_id) { db_update('people', PEOPLE_DB_FIELDS, $username, $password_hash, $name, $privs, $balance, 'where id=%i', $edit_id); message('Entry updated.'); } else { db_insert('people', PEOPLE_DB_FIELDS . ',tiny_agreement', $username, $password_hash, $name, $privs, $balance, 1000); message('Entry saved.'); } if($error !== true) { return './people'; } } # otherwise, we display the form again. people_get_fields() has # already put the posted values back into the template engine, so they will # show up in the form fields. You should add some message asking people to # fix their entry in whatever way you require. } elseif($edit_id) { # we've recieved an edit id, but no data. So we grab the values to be edited from the database list($username, $password, $name, $privs, $balance) = db_get_row('people', PEOPLE_DB_FIELDS, 'where id=%i', $edit_id); people_tem_sets($username, $password, $name, $privs, $balance); } else { # form not submitted, you can set default values like so: #tem_set('username', 'Yes'); } # this has to be later in the file because it requres that username be set already if($edit_id) { tem_show('edit_msg'); } tem_show('form'); } ?>