/var/www/enzatesting.onesolution.hk/master_user_add.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89

<?php 
$formid "Usr";
require_once "inc/configure.php";

//$refid                 = (int) filter_var($_REQUEST['refid'], FILTER_SANITIZE_STRING);
$userid             filter_var($_REQUEST['userid'], FILTER_SANITIZE_STRING);

//vdump($_REQUEST); 
if( $_REQUEST['action']=="master_user_addform" && !empty($userid) ){

    $pwd                 $_REQUEST['userpwd'];
    
    $username             filter_var($_REQUEST['username'], FILTER_SANITIZE_STRING);    
    $companyid             filter_var($_REQUEST['companyid'], FILTER_SANITIZE_STRING);
    $department         filter_var($_REQUEST['department'], FILTER_SANITIZE_STRING);
    $lang                 strtolower(filter_var($_REQUEST['lang'], FILTER_SANITIZE_STRING));
    $status             filter_var($_REQUEST['status'], FILTER_SANITIZE_STRING);
    $createby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    $lastupby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    
    // check existance of user before insert    
    $sql "SELECT count(*) as count from master_user 
            where userid=:userid";
    $sth $dbh->prepare($sql);
    $q$sth->execute( array(':userid'=> $userid) );
    pdo_showerror($sth$q);
    $row $sth->fetch(); 
    if( $row['count']>){
        $msg="User ID already existed";
        header("Location: master_user_addform.php?error=$msg");
        exit;    
    }
    unset($sth);
    
//exit;
    $sql_param = array(    ':userid' => $userid
                            ':username' => $username
                            ':companyid' => $companyid
                            ':department' => $department
                            ':lang' => $lang
                            ':status' => $status,
                            ':canlogin' => 1,
                            ':userpwd' => md5salt($pwd),
                            ':createby' => $createby,
                            ':lastupby' => $lastupby
                            );

    $sql "INSERT INTO master_user (
                userid,
                username,
                userpwd,
                companyid,
                department,
                lang,
                status,
                canlogin,
                createby,
                createdate,                
                lastupby, 
                lastupdate
            ) VALUES (
                :userid,
                :username,
                :userpwd,
                :companyid,
                :department,
                :lang,
                :status,
                :canlogin,
                :createby, 
                getdate(),
                :lastupby, 
                getdate()
            )";
    
                
    $sth $dbh->prepare($sql);
    $q$sth->execute$sql_param );
    pdo_showerror($sth$q);
/*echo $sth->getSQL( $sql_param ) . HTML_EOL; exit;    */    
    $refid $dbh->lastInsertId();    
            
    header("Location: master_user_modifyform.php?refid=$refid&msg=Saved."); 
    print "Saved.";
    exit;
    
    
}
myerror("Invalid Request");