<?php require_once('../Connections/training.php'); ?>
<?php require_once('../Connections/mambo.php'); ?>
<?
error_reporting(E_ALL ^ E_NOTICE);
session_start();
$id=$_SESSION['mambo_user_id'];
$AccessID=$_SESSION['AccessID'];
$AppName= $_SESSION['web_app_id'];
mysql_select_db($database_training, $training);
$query_rsApps = "SELECT * FROM skills_access WHERE mambo_user_id = '$id'";
$rsApps = mysql_query($query_rsApps, $training) or die(mysql_error());
$row_rsApps = mysql_fetch_assoc($rsApps);
$totalRows_rsApps = mysql_num_rows($rsApps);
mysql_select_db($database_mambo, $mambo);
$query_rsUser = "SELECT * FROM mos_corpusers WHERE id = '$id'";
$rsUser = mysql_query($query_rsUser, $mambo) or die(mysql_error());
$row_rsUser = mysql_fetch_assoc($rsUser);
$totalRows_rsUser = mysql_num_rows($rsUser);
mysql_select_db($database_training, $training);
$query_rsAppName = "SELECT * FROM web_access_applications WHERE web_app_id = '$AppName' ";
$rsAppName = mysql_query($query_rsAppName, $training) or die(mysql_error());
$row_rsAppName = mysql_fetch_assoc($rsAppName);
$totalRows_rsAppName = mysql_num_rows($rsAppName);
$var= $row_rsAppName['app_description'];
mysql_select_db($database_training, $training);
$query_rsMenu = "SELECT * FROM menu";
$rsMenu = mysql_query($query_rsMenu, $training) or die(mysql_error());
$row_rsMenu = mysql_fetch_assoc($rsMenu);
$totalRows_rsMenu = mysql_num_rows($rsMenu);
mysql_select_db($database_mambo, $mambo);
$query_rsYN = "SELECT * FROM yn";
$rsYN = mysql_query($query_rsYN, $mambo) or die(mysql_error());
$row_rsYN = mysql_fetch_assoc($rsYN);
$totalRows_rsYN = mysql_num_rows($rsYN);
mysql_select_db($database_training, $training);
$query_rsRestrict = "SELECT * FROM skills_access WHERE mambo_user_id = '$id' AND skills_access_id = '$AccessID' ";
//$query_rsRestrict = "SELECT * FROM skills_access WHERE web_app_id ='40' AND mambo_user_id= '$MUID'";
$rsRestrict = mysql_query($query_rsRestrict, $training) or die(mysql_error());
$row_rsRestrict = mysql_fetch_assoc($rsRestrict);
$totalRows_rsRestrict = mysql_num_rows($rsRestrict);
mysql_select_db($database_mambo, $mambo);
$query_rsAccess = "SELECT * FROM assignedmenu WHERE mambo_user_id = '$id' ";
$rsAccess = mysql_query($query_rsAccess, $mambo) or die(mysql_error());
$row_rsAccess = mysql_fetch_assoc($rsAccess);
$totalRows_rsAccess = mysql_num_rows($rsAccess);
//validation
//validate the proper form fields have been entered
$AddData="no";
$warnstart="no";
$MM_flag="MM_insert";
if((isset($_POST["Submit"])) && ($_POST["MM_insert"] == "access1"))
{
$AddData="yes";
$warnstart="no";
if (!$_POST['restrict'])
{
$AddData = "no";
?>
<?php
if ($warnstart=="no")
{ ?>
<div class="warningstart">Please complete the missing item(s) indicated. </div>
<?php
}
$warnstart="yes";
if (!
$_POST['restrict']) { ?> <div
class=
"warning"><li>Please set the Restrict Record Edit Options</li></div>
<?php }
}
foreach($_POST['menuassignment'] as $row=> $assigned)
{
$assigned= $assigned;
$id=$_SESSION['mambo_user_id'];
$username = $row_rsUser['username'];
$menu=$_POST['menu'][$row];
$MenuID = $_POST['menu'][$row];
$MName=$_POST['menuname'][$row];
///echo out error message
if ($assigned =="")
{
$AddData = "no";
if ($warnstart=="no")
{ ?>
<div class="warningstart">Please complete the missing item(s) indicated. </div>
<?php } $warnstart="yes";?>
<div class="warning"><li>Please set the Menu Assignment Options for <? echo $MName; ?> Menu</li></div>
<?php }
}
if ($warnstart=="yes")
{ ?><div
class=
"warningend"></div>
<?php }
}
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;
switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}
if((isset($_POST["Submit"])) && ($_POST["MM_insert"] == "access1") && $AddData=="yes" )
{
$updateApps= sprintf("UPDATE `skills_access` SET `restrict`=%s WHERE `mambo_user_id`=%s AND `web_app_id`=%s",
GetSQLValueString($restrict, "text"),
GetSQLValueString($mambo_user_id, "text"),
GetSQLValueString($web_app_id, "int"));
mysql_select_db($database_training, $training);
$result2 = mysql_query($updateApps, $training) or die(mysql_error());
//echo $updateApps;
if((isset($_POST['menu']))|| (isset($_POST['menuassignment']))|| (isset($_POST['id']))|| (isset($_POST['username'])))
{
foreach($_POST['menuassignment'] as $row=> $assigned){
$assigned= $assigned;
$id=$_SESSION['mambo_user_id'];
$username = $row_rsUser['username'];
$menu=$_POST['menu'][$row];
$MenuID = $_POST['menu'][$row];
$MName=$_POST['menuname'][$row];
$insertApps = "INSERT INTO assignedmenu(`username`, `mambo_user_id`, `Access`, `menuname`, `MenuID`) VALUES('".$username."', '".$id."', '".$assigned."','".$MName."', '".$menu."')";
$result1 = mysql_query($insertApps) or die(mysql_error());
}
}
///////////////////////////
// here put the insertgoto page
$insertGoTo = "access2.php";
header(sprintf("Location: %s", $insertGoTo));
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Assign Restricted Access - Training Module</title>
<style type="text/css">
<!--
.style1 {color: #FF0000}
.warning {
background-color: #ffffee;
color: #660000;
width: 650px;
padding: 5px;
border-right-width: thin;
border-left-width: thin;
border-right-style: solid;
border-left-style: solid;
border-right-color: #FF0000;
border-left-color: #FF0000;
text-indent: 20px;
}
.warningend {
background-color: #ffffee;
color: #660000;
width: 650px;
padding: 5px;
border-right-width: thin;
border-left-width: thin;
border-right-style: solid;
border-left-style: solid;
border-right-color: #FF0000;
border-left-color: #FF0000;
border-bottom-width: thin;
border-bottom-style: solid;
border-bottom-color: #FF0000;
}
.warningstart {
background-color: #ffffee;
color: #660000;
width: 650px;
padding: 5px;
border-right-width: thin;
border-left-width: thin;
border-right-style: solid;
border-left-style: solid;
border-right-color: #FF0000;
border-left-color: #FF0000;
border-top-width: thin;
border-top-style: solid;
border-top-color: #FF0000;
}
.notify {
border: 1px solid #336699;
background-color: #ffffee;
color: #336699;
width: 650px;
padding: 5px;
}
-->
</style>
<style type="text/css">
<!--
body,td,th {
font-family: Verdana, Arial, Helvetica, sans-serif;
font-size: 12px;
color: #000066;
}
.style1 {font-weight: bold}
-->
</style>
</head>
<body>
<? $_SESSION['AccessID']; ?>
<form id="access1" name="access1" method="POST" >
<? $AppName= $_SESSION['web_app_id'];?>
<table width="550" border="1" bordercolor="#000066">
<tr>
<td colspan=
"2" scope=
"row"><div align=
"center"><strong>Training Database Menu Security & Restrict Record Edit </strong></div></td>
</tr>
<tr>
<td colspan=
"2" scope=
"row"><div align=
"left"><b>
<?php echo $row_rsUser['username']; ?>
<input name="web_app_id" type="hidden" id="web_app_id" value="<? echo $AppName; ?>" />
<input name="username" type="hidden" value="<? echo $row_rsUser['username'] ; ?>" />
<input name="id[]" type="hidden" value="<? echo $_SESSION['mambo_user_id']; ?>">
<input name="skill_access_id" type="hidden" value="<? echo $_SESSION['AccessID']; ?>" /><? //echo $_SESSION['AccessID']; ?>
</div></td>
</tr>
<tr>
<td width="218" valign="middle" scope="row"><? echo $var; ?></td>
<td width="316" valign="middle" scope="row">Restrict Record Edit?
<?php
// initialize or capture variable
$XX = !isset($_POST['restrict'])? NULL : $_POST['restrict'];
?>
<select name="restrict">
<option value="<?php echo $XX;?>" SELECTED><?php echo $XX;?></option>
<option value="Yes">Yes</option>
<option value="No">No</option>
</select>
</td>
</tr>
<tr>
<td height=
"46" colspan=
"2" valign=
"middle" scope=
"row"><div align=
"center"><span
class=
"style1"><em>Please indicate which menus the user will have access to</em>. </span></div></td>
</tr>
</table>
<table width="550" border="1" bordercolor="#00066">
<?php do { ?>
<tr>
<td width="227" valign="middle" scope="row"><B>
<input name="menu[<?php echo $row_rsMenu['MenuID']; ?>]" type="hidden" id="menu" value="<?php echo $row_rsMenu['MenuID']; ?>" />
<?php echo $row_rsMenu['menuname']; ?>
<input name="menuname[<?php echo $row_rsMenu['MenuID']; ?>]" type="hidden" value="<? echo $row_rsMenu['menuname'] ; ?>" />
</B></td>
<td>
<select name="menuassignment[<?php echo $row_rsMenu['MenuID']; ?>]" id="menuassignment<?php echo $row_rsMenu['MenuID']; ?>">
<option value=""<?php if(!isset($_POST['menuassignment'][$row_rsMenu['MenuID']]) || $_POST['menuassignment'][$row_rsMenu['MenuID']] == ""){ ?> selected="selected"<?php } ?>></option>
<option value="Yes"<?php if(isset($_POST['menuassignment'][$row_rsMenu['MenuID']]) && $_POST['menuassignment'][$row_rsMenu['MenuID']] == "Yes"){ ?>selected="selected"<?php } ?>>Yes</option>
<option value="No"<?php if(isset($_POST['menuassignment'][$row_rsMenu['MenuID']]) && $_POST['menuassignment'][$row_rsMenu['MenuID']] == "No"){ ?>selected="selected"<?php } ?>>No</option>
</select>
</tr>
<?php } while ($row_rsMenu = mysql_fetch_assoc($rsMenu)); ?>
<tr>
<td colspan=
"2" valign=
"middle" scope=
"row"><div align=
"center">
<input name="Submit" type="Submit" id="Submit" value="Submit" />
<input type="button" name="Cancel" value="Return to Access Menu" onClick="self.location='index.php'" />
</div></td>
</tr>
</table>
<input type="hidden" name="MM_insert" value="access1">
</form>
<pre>
<?php
//if ($_POST) { print_r($_POST); }
?>
</pre>
</body>
</html>
<?php
mysql_free_result($rsApps);
mysql_free_result($rsUser);
mysql_free_result($rsAppName);
mysql_free_result($rsMenu);
mysql_free_result($rsYN);
mysql_free_result($rsRestrict);
mysql_free_result($rsAccess);
?>
Offline 
Marked 
