4075 mysql_real_escape_string( */ $libdir = '/var/www/html/new/lib/'; $field1 = ''; $pageHdg = 'NCCS Request'; $libdir = '/var/www/html/new/lib/'; include($libdir.'settings.php'); require($libdir.'proclib.php'); include($libdir.'head.php'); include($libdir.'datacon.php'); echo "\n\n"; $smallBanner = 1; include($libdir.'head2.php'); $debug = 0; if (count($_POST) > 0) { foreach($_POST as $key => $value) { if (! empty($_POST[$key]) and ! is_numeric($_POST[$key])) { $_POST[$key] = addslashes($_POST[$key]); // echo "var: ".$_POST[$key]."
"; } } } if ( substr($email, 0,7) == 'tpollak'){ $debug = 0; } $idAuto = mysql_real_escape_string($HTTP_POST_VARS['idAuto']); $email = mysql_real_escape_string($email); debug("id: $idAuto"); // verify that if email changed, it is not a dup: if ($action == 'edit'){ $qry = "SELECT * FROM admin.sp_users WHERE email = '$email' AND idAuto <> $idAuto"; } else { $qry = "SELECT * FROM admin.sp_users WHERE email = '$email'"; } $result = runSql($qry); if (mysql_num_rows($result) > 0){ echo "

This email address already exists! Record cannot be updated. Press 'Back' to change.

\n"; return; } $lname = addslashes($lname); $reasons = addslashes($reasons); if ( ! validate_email($email)){ abortProgram("You must enter a valid email."); return; } if ($what2update == '1'){ if ($action == 'edit' ){ if ($idAuto <= 1){ abortProgam("Cannot update user record. ID is missing."); return; } $q = "update admin.sp_users SET passwd=MD5('$password'),email='$email',lname='$lname', fname='$fname',title='$title',org='$org',address='$address',city='$city',state='$state', zip='$zip',phone='$phone',OrgType='$OrgType',FaxNumber='$fax',notes=concat_ws('; ',notes,'$reqType','$comments'), Purpose=concat(Purpose,'$reasons') WHERE idAuto=$idAuto"; } elseif ($action == 'add') { $q = "INSERT INTO admin.sp_users SET passwd=MD5('$password'),email='$email',lname='$lname', fname='$fname',title='$title',org='$org',address='$address',city='$city',state='$state', zip='$zip',phone='$phone',OrgType='$OrgType',FaxNumber='$fax',notes=concat_ws('; ',notes,'$reqType','$comments'), Purpose=concat(Purpose,'$reasons')"; } debug("updating user table:
$q"); $result = runSql($q); if ($action == 'add'){ $idAuto = get1value("select idAuto from admin.sp_users where email = '$email'"); debug("New user id: $idAuto"); } } $today = date('Y-m-d'); // Add transaction record; $details = "RequestType: $reqType\nRequested password: $password\nComments: $comments\nReasons: $reasons"; debug( $details); $shortDetails = "RequestType: $reqType; Reasons: $reasons; Comments: $comments"; debug('what to update: '.what2update); debug('submit: '.$submit); debug('submitRequest: '.$submitRequest); debug( 'short: '.$shortDetails); $request = 0; if (strlen($reqType <>'none' and strlen( $reqType)>0) or strlen($reasons.$comments) > 0){ $query = "INSERT INTO admin.sp_list SET ticket_createdby_userid = $idAuto, ticket_owner_id = $idAuto, ticket_short_description = '$shortDetails', ticket_full_description = '$details', ticket_status = 'Open', ticket_severity = 'Medium', groups = 2, ticket_added_date = '$today'"; debug("updating tickets:
$query"); $result = runSql($query); $request = 1; } // send email; $nccsMail = '[email protected]'; if ($debug == 1){ $nccsMail = '[email protected]'; } $mailText = "Email: $email\nLast name: $lname\nFirst name: $fname\nTitle: $title\nOrganization: $org\nOrganization Type: $OrgType\nAddress: $address\nCity: $city\nState: $state\nZip: $zip\nPhone: $phone\nRequested password: $password\nComments: $comments\nReasons: $reasons\nRequest type: $reqType\nTo update this record: http://communityplatform.us/PubApps/regis/searchRequest.php?email=$email"; "Email: $email\nLast name: $lname\nFirst name: $fname\nTitle: $title\nOrganization: $org\nOrganization Type: $OrgType\nAddress: $address\nCity: $city\nState: $state\nZip: $zip\nPhone: $phone\nRequested password: $password\nComments: $comments\nReasons: $reasons\nRequest type: $reqType\nTo update this record: http://communityplatform.us/PubApps/regis/searchRequest.php?email=$email"; debug($mailText); if (1){ if ($reqType == "data") { debug( "id-b: $idAuto"); require('registration_data.php'); } else if ($reqType=="info") { mail($nccsMail,"Information Request", $mailText, "From: [email protected]\r\n"); include("registration_reg.php"); } else { mail($nccsMail,"Data Access Request", $mailText, "From: [email protected]\r\n"); include("registration_reg.php"); } } ?>