DECOHAS Online Library System
location.href = 'manage_user.php'");
}
if (isset($_POST['change'])) {
include 'sql.php';
$user = $_POST['uname'];
$grp = $_POST['groups'];
$pos = $_POST['position'];
$SQL = "SELECT * FROM info WHERE groups = '$grp' AND position = 'HOD'";
$result = mysql_query($SQL);
while($db_field = mysql_fetch_assoc($result)){
$led = $db_field['username'];
if($led != ""){
$timailhan = true;
}
}
if($pos == "leader"){
if($timailhan){
die("");
}
}
//unwanted HTML (scripting attacks)
$user = htmlspecialchars($user);
$grp = htmlspecialchars($grp);
$pos = htmlspecialchars($pos);
//function
$user = quote_smart($user, $db_handle);
$grp = quote_smart($grp, $db_handle);
$pos = quote_smart($pos, $db_handle);
$SQL = "UPDATE group_title SET group_leader = '' WHERE group_leader = $user";
$result = mysql_query($SQL);
$SQL = "UPDATE info SET groups = $grp, position = $pos WHERE username = $user";
$result = mysql_query($SQL);
$SQL = "SELECT * FROM info WHERE username = $user";
$result = mysql_query($SQL);
while ($db_field = mysql_fetch_assoc($result)) {
$pos = $db_field['position'];
}
if($pos == "HOD"){
$SQL = "UPDATE group_title SET group_leader = $user WHERE group_name = $grp";
mysql_query($SQL);
}
else{
$SQL = "UPDATE info SET group_task = '' WHERE username = $user";
mysql_query($SQL);
$SQL = "UPDATE group_title SET group_leader = '' WHERE group_leader = $user";
mysql_query($SQL);
}
$SQL = "UPDATE info SET task_status_indi = '', individ_task = '' WHERE username = $user";
mysql_query($SQL);
mysql_close($db_handle);
?>
");
//print("
");
}
else{
$namekey = $_REQUEST['key'];
include 'sql.php';
$SQL = "SELECT * FROM info WHERE username = '$namekey'";
$result = mysqli_query($con,$SQL);
while ($db_field = mysqli_fetch_assoc($result)) {
$user = $db_field['username'];
$grp = $db_field['groups'];
$pos = $db_field['position'];
}
print("
");
print("
Edit user:
");
print("");
print("
");
}
?>
Update password
Logout