editmember.php

通达OA部分源代码

<?
include_once "logincheck.php";
include_once("myconnect.php");

$errcnt=0;
if(count($_POST)<>0)		//IF SOME FORM WAS POSTED DO VALIDATION
{
//		ob_start();
		if(!get_magic_quotes_gpc())
		{
			$firstname=str_replace("$","\$",addslashes($_REQUEST["firstname"]));
			$lastname=str_replace("$","\$",addslashes($_REQUEST["lastname"]));
			$street=str_replace("$","\$",addslashes($_REQUEST["street"]));
			$city=str_replace("$","\$",addslashes($_REQUEST["city"]));
			$state=str_replace("$","\$",addslashes($_REQUEST["state"]));
			$other_state=str_replace("$","\$",addslashes($_REQUEST["other_state"]));
			$phone=str_replace("$","\$",addslashes($_REQUEST["phone"]));
			$phone1=str_replace("$","\$",addslashes($_REQUEST["phone1"]));
			$phone2=str_replace("$","\$",addslashes($_REQUEST["phone2"]));
			$fax=str_replace("$","\$",addslashes($_REQUEST["fax"]));
			$fax1=str_replace("$","\$",addslashes($_REQUEST["fax1"]));
			$fax2=str_replace("$","\$",addslashes($_REQUEST["fax2"]));
			$mobile=str_replace("$","\$",addslashes($_REQUEST["mobile"]));
			$zip_code=str_replace("$","\$",addslashes($_REQUEST["zip_code"]));
			$pwd=str_replace("$","\$",addslashes($_REQUEST["pwd"]));
		}
		else
		{
			$firstname=str_replace("$","\$",$_REQUEST["firstname"]);
			$lastname=str_replace("$","\$",$_REQUEST["lastname"]);
			$street=str_replace("$","\$",$_REQUEST["street"]);
			$city=str_replace("$","\$",$_REQUEST["city"]);
			$state=str_replace("$","\$",$_REQUEST["state"]);
			$other_state=str_replace("$","\$",$_REQUEST["other_state"]);
			$phone=str_replace("$","\$",$_REQUEST["phone"]);
			$phone1=str_replace("$","\$",$_REQUEST["phone1"]);
			$phone2=str_replace("$","\$",$_REQUEST["phone2"]);
			$fax=str_replace("$","\$",$_REQUEST["fax"]);
			$fax1=str_replace("$","\$",$_REQUEST["fax1"]);
			$fax2=str_replace("$","\$",$_REQUEST["fax2"]);
			$mobile=str_replace("$","\$",$_REQUEST["mobile"]);
			$zip_code=str_replace("$","\$",$_REQUEST["zip_code"]);
			$pwd=str_replace("$","\$",$_REQUEST["pwd"]);
	}

	if($state=="")
	{ $state=$other_state; }
	
	$phone_no="";
	if(strlen(trim($phone))<>0)
	{$phone_no.=$phone;}
	$phone_no.="-";
	if(strlen(trim($phone1))<>0)
	{$phone_no.=$phone1;}
	$phone_no.="-";
	if(strlen(trim($phone2))<>0)
	{$phone_no.=$phone2;}

	$fax_no="";
	if(strlen(trim($fax))<>0)
	{$fax_no.=$fax;}
	$fax_no.="-";
	if(strlen(trim($fax1))<>0)
	{$fax_no.=$fax1;}
	$fax_no.="-";
	if(strlen(trim($fax2))<>0)
	{$fax_no.=$fax2;}
	if ( strlen(trim($pwd)) == 0 )
	{
		$errs[$errcnt]="Password  must be provided";
   		$errcnt++;
	}

	if ( strlen(trim($firstname)) == 0 )
	{
		$errs[$errcnt]="Firstname must be provided";
   		$errcnt++;
	}
	elseif(preg_match ("/[;<>&]/", $_REQUEST["firstname"]))
	{
		$errs[$errcnt]="Firstname can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}

	if ( strlen(trim($lastname)) == 0 )
	{
		$errs[$errcnt]="Lastname must be provided";
   		$errcnt++;
	}
	elseif(preg_match ("/[;<>&]/", $_REQUEST["lastname"]))
	{
		$errs[$errcnt]="Lastname can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}

	if ( strlen(trim($street)) == 0 )
	{
		$errs[$errcnt]="Street must be provided";
   		$errcnt++;
	}
	elseif(preg_match ("/[;<>&]/", $_REQUEST["street"]))
	{
		$errs[$errcnt]="Street can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}
	
	if ( strlen(trim($city)) == 0 )
	{
		$errs[$errcnt]="City must be provided";
   		$errcnt++;
	}
	elseif(preg_match ("/[;<>&]/", $_REQUEST["city"]))
	{
		$errs[$errcnt]="City can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}
	
	if ( strlen(trim($state)) == 0 )
	{
		$errs[$errcnt]="State must be provided";
   		$errcnt++;
	}
	elseif(preg_match ("/[;<>&]/", $_REQUEST["state"]))
	{
		$errs[$errcnt]="State can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}
	
	if ( strlen(trim($zip_code)) == 0 )
	{
		$errs[$errcnt]="Zip/Postal Code must be provided";
   		$errcnt++;
	}
	elseif(preg_match ("/[;<>&]/", $_REQUEST["zip_code"]))
	{
		$errs[$errcnt]="Zip/Postal Code can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}
	
	if ( $_REQUEST["country"]== 0 )
	{
		$errs[$errcnt]="Country must be choosen";
   		$errcnt++;
	}
	
	if(preg_match ("/[;<>&]/", $phone_no))
	{
		$errs[$errcnt]="Phone No. can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}

	if(preg_match ("/[;<>&]/", $fax_no))
	{
		$errs[$errcnt]="Fax can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}

	if(preg_match ("/[;<>&]/", $mobile))
	{
		$errs[$errcnt]="Mobile can not have any special character (e.g. & ; < >)";
   		$errcnt++;
	}

	if($errcnt==0)
	{
 	$suspended="no";
	$config=mysql_fetch_array(mysql_query("select * from sbbleads_config"));
	
	if($config["sb_mem_approval"]=="admin")
	{$suspended="no";}
	
	$query_update="update `sbbleads_members` set 
	sb_suspended='$suspended',
	sb_firstname='$firstname' ,
	sb_lastname='$lastname' , 
	sb_street='$street' , 
	sb_city='$city' , 
	sb_state='$state' , 
	sb_zip='$zip_code' , 
	sb_country=".$_REQUEST["country"]." , 
	sb_phone='$phone_no', 
	sb_fax='$fax_no' , 
	sb_password='$pwd',
	sb_mobile='$mobile' 
	where sb_id=".$_REQUEST["id"];
//echo $query_update;
//die();
	$rs_update=mysql_query($query_update);
	
	if(mysql_affected_rows()>0)
	{
		header("Location: members.php?msg=".urlencode("Member profile has been updated."));
		die();
	}
	else
	{
		header("Location: members.php?msg=".urlencode("No updations carried out. Please try again!"));
		die();
	}
 }			//end if-errcnt==0
}			//end if count-post


function main()
{
global $errs, $errcnt;

$mem=mysql_fetch_array(mysql_query("select * from sbbleads_members where sb_id=".$_REQUEST["id"]));

//IF SOME FORM WAS POSTED DO VALIDATION
if ( $mem )
{
$pwd=$mem["sb_password"];
$firstname=$mem["sb_firstname"];
$lastname=$mem["sb_lastname"];
$street=$mem["sb_street"];
$city=$mem["sb_city"];
$state=$mem["sb_state"];
$country=$mem["sb_country"];
$zip_code=$mem["sb_zip"];

$phone_arr=explode("-",$mem["sb_phone"]);
//if(count
$phone=$phone_arr[0];
$phone1=$phone_arr[1];
$phone2=$phone_arr[2];

$fax_arr=explode("-",$mem["sb_fax"]);
$fax=$fax_arr[0];
$fax1=$fax_arr[1];
$fax2=$fax_arr[2];

$mobile=$mem["sb_mobile"];
$other_state=$mem["sb_state"];
}
else
{
echo "<p>&nbsp;</p><p>&nbsp;</p><br><br><br><div align='center'><font class='normal'>Member Not Found. Click <a href='index.php' >here</a> to continue</font></div><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p><p>&nbsp;</p>";
return;
}

if  (count($_POST)>0)
{

if ( $errcnt<>0 )
{
?>
<table width="90%" border="0" align="center" cellpadding="2" cellspacing="0" class="errorstyle">
  <tr> 
    <td colspan="2"><strong>&nbsp;Your Request cannot be processed due 
      to following Reasons</strong></td>
  </tr>
  <tr height="10"> 
    <td colspan="2"></td>
  </tr>
  <?

for ($i=0;$i<$errcnt;$i++)
{
?>
  <tr valign="top"> 
    <td width="6%">&nbsp;<?php echo $i+1;?></td>
    <td width="94%"><?php echo  $errs[$i]; ?></td>
  </tr>