contenido/adminprocess.php

   1 <?php
   2 require_once("../include/sesion.php");
   3 require_once("../include/database.php");
   4
   5       /* Make sure administrator is accessing page */
   6       if($session->isAdmin()){
   7
   8       /* Admin submitted update user level form */
   9       if(isset($_POST['subupdlevel'])){
  10          procUpdateLevel();
  11       }
  12       /* Admin submitted delete user form */
  13       else if(isset($_POST['subdeluser'])){
  14          procDeleteUser();
  15       }
  16       /* Admin submitted delete inactive users form */
  17       else if(isset($_POST['subdelinact'])){
  18          procDeleteInactive();
  19       }
  20    } else {
  21
  22    return;
  23
  24    }
  25
  26    /**
  27     * procUpdateLevel - If the submitted username is correct,
  28     * their user level is updated according to the admin's
  29     * request.
  30     */
  31    function procUpdateLevel(){
  32       global $session, $database, $form;
  33       /* Username error checking */
  34       $subuser = checkUsername("upduser");
  35           $database->REGISTRAR("USUARIO_NIVEL", "Se cambió el nivel de acceso de un usuario.", "Usuario afectado: $subuser");
  36
  37       /* Errors exist, have user correct them */
  38       if($form->num_errors > 0){
  39          $_SESSION['value_array'] = $_POST;
  40          $_SESSION['error_array'] = $form->getErrorArray();
  41          header("Location: ../?accion=gestionar+clientes");
  42       }
  43       /* Update user level */
  44       else{
  45          $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']);
  46          header("Location: ../?accion=gestionar+clientes");
  47       }
  48    }
  49
  50    /**
  51     * procDeleteUser - If the submitted username is correct,
  52     * the user is deleted from the database.
  53     */
  54    function procDeleteUser(){
  55       global $session, $database, $form;
  56       /* Username error checking */
  57       $subuser = checkUsername("deluser");
  58       $database->REGISTRAR("USUARIO_ELIMINAR", "Se eliminó un usuario.", "Usuario afectado: $subuser");
  59       /* Errors exist, have user correct them */
  60       if($form->num_errors > 0){
  61          $_SESSION['value_array'] = $_POST;
  62          $_SESSION['error_array'] = $form->getErrorArray();
  63          header("Location: ../?accion=gestionar+clientes");
  64       }
  65       /* Delete user from database */
  66       else{
  67          $q = "DELETE FROM ".TBL_USERS." WHERE codigo = '$subuser'";
  68          $database->query($q);
  69          header("Location: ../?accion=gestionar+clientes");
  70       }
  71    }
  72
  73    /**
  74     * checkUsername - Helper function for the above processing,
  75     * it makes sure the submitted username is valid, if not,
  76     * it adds the appropritate error to the form.
  77     */
  78    function checkUsername($uname, $ban=false){
  79       global $database, $form;
  80       /* Username error checking */
  81       $subuser = $_POST[$uname];
  82       $field = $uname;  //Use field name for username
  83       if(!$subuser || strlen($subuser = trim($subuser)) == 0){
  84          $form->setError($field, "* Usuario no ingresado<br>");
  85       }
  86       else{
  87          /* Make sure username is in database */
  88          $subuser = stripslashes($subuser);
  89          if(strlen($subuser) < 5 || strlen($subuser) > 30 ||
  90             !eregi("^([0-9a-z])+$", $subuser) ||
  91             (!$ban && !$database->codigoTaken($subuser))){
  92             $form->setError($field, "* Usuario no existe<br>");
  93          }
  94       }
  95       return $subuser;
  96 }
  97
  98 ?>