/var/www/enzatesting.onesolution.hk/01_20240711_full_backup/master_worker_add.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92

<?php 
$formid "Usr";
require_once "inc/configure.php";

//$refid                 = (int) filter_var($_REQUEST['refid'], FILTER_SANITIZE_STRING);
$userid             filter_var($_REQUEST['userid'], FILTER_SANITIZE_STRING);

//vdump($_REQUEST); //exit;
if( $_REQUEST['action']=="master_worker_addform" && !empty($userid) ){

    $pwd                 'WK'.$_REQUEST['userpwd'];
    
    $username             filter_var($_REQUEST['username'], FILTER_SANITIZE_STRING);
    $username_sc        filter_var($_REQUEST['username_sc'], FILTER_SANITIZE_STRING);    
    $companyid             filter_var($_REQUEST['companyid'], FILTER_SANITIZE_STRING);
    $department         filter_var($_REQUEST['department'], FILTER_SANITIZE_STRING);
    $status             filter_var($_REQUEST['status'], FILTER_SANITIZE_STRING);
    $createby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    $lastupby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    
    // check existance of user before insert    
    $sql "SELECT count(*) as count from master_user 
            where userid=:userid";
    $sth $dbh->prepare($sql);
    $q$sth->execute( array(':userid'=> $userid) );
    pdo_showerror($sth$q);
    $row $sth->fetch(); 
    if( $row['count']>){
        $msg="User ID already existed";
        header("Location: master_worker_addform.php?error=$msg");
        exit;    
    }
    unset($sth);

    // check existance of barcode before insert    
    $sql "SELECT count(*) as count from master_user 
            where barcodepwd=:barcodepwd";
    $sth $dbh->prepare($sql);
    $q$sth->execute( array(':barcodepwd'=> $pwd) );
    pdo_showerror($sth$q);
    $row $sth->fetch(); 
    if( $row['count']>){
        $msg="Barcode Password already existed";
        header("Location: master_worker_addform.php?error=$msg");
        exit;    
    }
    unset($sth);
        
//exit;
    $sql_param = array(    ':userid' => $userid
                            ':username_en' => $username
                            ':username_sc' => $username_sc
                            ':username' => $username
                            ':companyid' => $companyid
                            ':status' => $status,
                            ':userpwd' => 'DISABLED',
                            ':department' => $department,
                            ':sign' => $sign,
                            ':barcodepwd' => $pwd,
                            ':lang' => 'en',
                            ':canlogin' => '0',
                            ':createby' => $createby,
                            ':lastupby' => $lastupby );

    $sql "INSERT INTO master_user (
                userid,    username, userpwd,
                username_en, username_sc,
                companyid, status, department,
                sign, barcodepwd, lang,    canlogin,    
                createby, createdate, lastupby, lastupdate
            ) VALUES (
                :userid, :username, :userpwd,
                :username_en, :username_sc,
                :companyid, :status, :department,
                :sign, :barcodepwd, :lang, :canlogin,
                :createby, getdate(), :lastupby, getdate()
            )";
    
                
    $sth $dbh->prepare($sql);
    $q$sth->execute$sql_param );
    pdo_showerror($sth$q);
//echo $sth->getSQL( $sql_param ) . HTML_EOL; exit;        
    $refid $dbh->lastInsertId();    
            
    header("Location: master_worker_modifyform.php?refid=$refid&msg=Saved."); 
    print "Saved.";
    exit;
    
    
}
myerror("Invalid Request");