-
Notifications
You must be signed in to change notification settings - Fork 7
/
editar_usuario.php
executable file
·133 lines (126 loc) · 5.2 KB
/
editar_usuario.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
<?php
require_once('includes/load.php');
$page_title = 'Editar Usuário';
// Checkin What level user has permission to view this page
page_require_level(1);
$e_user = find_by_id('users',(int)$_GET['id']);
$groups = find_all('user_groups');
if(!$e_user){
$session->msg("d","Usuário não encontrado.");
redirect('usuarios.php');
}
//Update User basic info
if(isset($_POST['update'])) {
$req_fields = array('name','username','level');
validate_fields($req_fields);
if(empty($errors)){
$id = (int)$e_user['id'];
$name = remove_junk($db->escape($_POST['name']));
$username = remove_junk($db->escape($_POST['username']));
$level = (int)$db->escape($_POST['level']);
$status = remove_junk($db->escape($_POST['status']));
$sql = "UPDATE users SET name ='{$name}', username ='{$username}',user_level='{$level}',status='{$status}' WHERE id='{$db->escape($id)}'";
$result = $db->query($sql);
if($result && $db->affected_rows() === 1){
$session->msg('s',"Usuário alterado com sucesso!");
redirect('usuarios.php?id='.(int)$e_user['id'], false);
} else {
$session->msg('d','Desculpe, falha ao alterar o usuário.');
redirect('editar_usuario.php?id='.(int)$e_user['id'], false);
}
} else {
$session->msg("d", $errors);
redirect('editar_usuario.php?id='.(int)$e_user['id'],false);
}
}
// Update user password
if(isset($_POST['update-pass'])) {
$req_fields = array('password');
validate_fields($req_fields);
if(empty($errors)){
$id = (int)$e_user['id'];
$password = remove_junk($db->escape($_POST['password']));
$h_pass = sha1($password);
$sql = "UPDATE users SET password='{$h_pass}' WHERE id='{$db->escape($id)}'";
$result = $db->query($sql);
if($result && $db->affected_rows() === 1){
$session->msg('s',"Senha alterada com sucesso! ");
redirect('usuarios.php?id='.(int)$e_user['id'], false);
} else {
$session->msg('d','Desculpe, falha ao alterar a senha.');
redirect('editar_usuario.php?id='.(int)$e_user['id'], false);
}
} else {
$session->msg("d", $errors);
redirect('editar_usuario.php?id='.(int)$e_user['id'],false);
}
}
?>
<?php include_once('layouts/header.php'); ?>
<div class="row">
<div class="col-md-12"> <?= display_msg($msg); ?> </div>
<div class="col-md-6">
<div class="panel panel-default">
<div class="panel-heading">
<strong>
<span class="glyphicon glyphicon-th"></span>
Atualizar conta de <?= remove_junk(ucwords($e_user['name'])); ?>
</strong>
</div>
<div class="panel-body">
<form method="post" action="editar_usuario.php?id=<?= (int)$e_user['id'];?>" class="clearfix">
<div class="form-group">
<label for="name" class="control-label">Nome</label>
<input type="name" class="form-control" name="name" value="<?= remove_junk(ucwords($e_user['name'])); ?>" required>
</div>
<div class="form-group">
<label for="username" class="control-label">Usuário</label>
<input type="text" class="form-control" name="username" value="<?= remove_junk($e_user['username']); ?>" required>
</div>
<div class="form-group">
<label for="level">Papel do Usuário</label>
<select class="form-control" name="level" required>
<?php foreach ($groups as $group ):?>
<option <?php if($group['group_level'] === $e_user['user_level']) echo 'selected="selected"';?> value="<?= $group['group_level'];?>"><?= ucwords($group['group_name']);?></option>
<?php endforeach;?>
</select>
</div>
<div class="form-group">
<label for="status">Status</label>
<select class="form-control" name="status" required>
<option <?php if($e_user['status'] === '1') echo 'selected="selected"';?>value="1">Ativo</option>
<option <?php if($e_user['status'] === '0') echo 'selected="selected"';?> value="0">Inativo</option>
</select>
</div>
<div class="form-group clearfix">
<button type="submit" name="update" class="btn btn-primary">Atualizar</button>
<a href="usuarios.php" class="btn btn-danger">Cancelar</a>
</div>
</form>
</div>
</div>
</div>
<!-- Change password form -->
<div class="col-md-6">
<div class="panel panel-default">
<div class="panel-heading">
<strong>
<span class="glyphicon glyphicon-th"></span>
Alterar senha de <?= remove_junk(ucwords($e_user['name'])); ?>
</strong>
</div>
<div class="panel-body">
<form action="editar_usuario.php?id=<?= (int)$e_user['id'];?>" method="post" class="clearfix">
<div class="form-group">
<label for="password" class="control-label">Senha</label>
<input type="password" class="form-control" name="password" placeholder="Digite a nova senha" required>
</div>
<div class="form-group clearfix">
<button type="submit" name="update-pass" class="btn btn-info pull-right">Atualizar</button>
</div>
</form>
</div>
</div>
</div>
</div>
<?php include_once('layouts/footer.php'); ?>