2 require_once("../include/sesion.php");
3 require_once("../include/database.php");
5 /* Make sure administrator is accessing page */
6 if($session->isAdmin()){
8 /* Admin submitted update user level form */
9 if(isset($_POST['subupdlevel'])){
12 /* Admin submitted delete user form */
13 else if(isset($_POST['subdeluser'])){
16 /* Admin submitted delete inactive users form */
17 else if(isset($_POST['subdelinact'])){
27 * procUpdateLevel - If the submitted username is correct,
28 * their user level is updated according to the admin's
31 function procUpdateLevel(){
32 global $session, $database, $form;
33 /* Username error checking */
34 $subuser = checkUsername("upduser");
35 $database->REGISTRAR("USUARIO_NIVEL", "Se cambió el nivel de acceso de un usuario.", "Usuario afectado: $subuser");
37 /* Errors exist, have user correct them */
38 if($form->num_errors
> 0){
39 $_SESSION['value_array'] = $_POST;
40 $_SESSION['error_array'] = $form->getErrorArray();
41 header("Location: ../?accion=gestionar+clientes");
43 /* Update user level */
45 $database->updateUserField($subuser, "userlevel", (int)$_POST['updlevel']);
46 header("Location: ../?accion=gestionar+clientes");
51 * procDeleteUser - If the submitted username is correct,
52 * the user is deleted from the database.
54 function procDeleteUser(){
55 global $session, $database, $form;
56 /* Username error checking */
57 $subuser = checkUsername("deluser");
58 $database->REGISTRAR("USUARIO_ELIMINAR", "Se eliminó un usuario.", "Usuario afectado: $subuser");
59 /* Errors exist, have user correct them */
60 if($form->num_errors
> 0){
61 $_SESSION['value_array'] = $_POST;
62 $_SESSION['error_array'] = $form->getErrorArray();
63 header("Location: ../?accion=gestionar+clientes");
65 /* Delete user from database */
67 $q = "DELETE FROM ".TBL_USERS
." WHERE codigo = '$subuser'";
69 header("Location: ../?accion=gestionar+clientes");
74 * checkUsername - Helper function for the above processing,
75 * it makes sure the submitted username is valid, if not,
76 * it adds the appropritate error to the form.
78 function checkUsername($uname, $ban=false){
79 global $database, $form;
80 /* Username error checking */
81 $subuser = $_POST[$uname];
82 $field = $uname; //Use field name for username
83 if(!$subuser ||
strlen($subuser = trim($subuser)) == 0){
84 $form->setError($field, "* Usuario no ingresado<br>");
87 /* Make sure username is in database */
88 $subuser = stripslashes($subuser);
89 if(strlen($subuser) < 5 ||
strlen($subuser) > 30 ||
90 !eregi("^([0-9a-z])+$", $subuser) ||
91 (!$ban && !$database->codigoTaken($subuser))){
92 $form->setError($field, "* Usuario no existe<br>");