-
Notifications
You must be signed in to change notification settings - Fork 0
/
edituserl.php
69 lines (53 loc) · 1.45 KB
/
edituserl.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
<?php
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
function run_q($c,$sq){
if ($c->query($sq) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sq . "<br>" . $c->error;
}
}
$newlev = test_input($_POST["newlev"]);
$equipment = test_input($_POST["eq"]);
$user = test_input($_POST["user"]);
$admin = $_POST['admin'];
echo $newlev;
echo $equipment;
echo $user;
echo $admin;
include 'db_connect.php';
if($newlev == 'M'){
$level = 'Manager';
}elseif($newlev=='A'){
$level = 'superuser';
}elseif($newlev=='B'){
$level = 'B user';
}elseif($newlev=='C'){
$level = 'C user';
}elseif($newlev=='T'){
$level = 'Trainee';
}elseif($newlev=='REM'){
$sql = "DELETE FROM ".$equipment." WHERE Name = '".$user."'";
echo $sql;
$level = 'Removed';
//header("location:manageuserlist.php");
run_q($conn_equipt,$sql);
$sql = "DELETE FROM ".$user." WHERE Equipment_Name = '".$equipment."'";
run_q($conn_users,$sql);
header("location:adminuserlist.php");
}
if($newlev != 'REM'){
$sql = "UPDATE ".$equipment." SET Level = '".$level."' WHERE Name = '".$user."'";
echo $sql;
run_q($conn_equipt,$sql);
$sql = "UPDATE ".$user." SET User_Level = '".$level."' WHERE Equipment_Name = '".$equipment."'";
run_q($conn_users,$sql);
header("location:adminuserlist.php");
}
//header("location:manageuserlist.php");
?>