/var/www/enzatesting.onesolution.hk/master_worker_modify.php

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83

<?php 
$formid "Usr";
require_once "inc/configure.php";

$refid                 = (int) filter_var($_REQUEST['refid'], FILTER_SANITIZE_STRING);
$userid             filter_var($_REQUEST['userid'], FILTER_SANITIZE_STRING);

//vdump($_REQUEST); 
if( $_POST['action']=="master_worker_modifyform" && !empty($refid) ){
    $pwd0                 $_REQUEST['userpwd'];
    $pwd                 'WK'.$_REQUEST['userpwd'];
    
    $username             filter_var($_REQUEST['username'], FILTER_SANITIZE_STRING);    
    $username_sc        filter_var($_REQUEST['username_sc'], FILTER_SANITIZE_STRING);    
    $companyid             filter_var($_REQUEST['companyid'], FILTER_SANITIZE_STRING);
    $department         filter_var($_REQUEST['department'], FILTER_SANITIZE_STRING);
    $status             filter_var($_REQUEST['status'], FILTER_SANITIZE_STRING);
    $createby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    $lastupby            filter_var($_SESSION['user'], FILTER_SANITIZE_STRING);
    
    if($_REQUEST['userpwd'] != $_REQUEST['userpwd_confirm']){
        $msg "Passwords do not match";
        header("Location: master_worker_modifyform.php?refid=$refid&error=$msg");
        exit;
    }

    // check existance of barcode before insert    
    $sql "SELECT count(*) as count from master_user 
            where barcodepwd=:barcodepwd";
    $sth $dbh->prepare($sql);
    $q$sth->execute( array(':barcodepwd'=> $pwd) );
    pdo_showerror($sth$q);
    $row $sth->fetch(); 
    if( $row['count']>){
        $msg="Barcode Password already existed";
        header("Location: master_worker_modifyform.php?refid=$refid&error=$msg");
        exit;    
    }
    unset($sth);
    
//exit;
    $sql_param = array(':refid' => $refid,
                            ':userid' => $userid
                            ':username_en' => $username
                            ':username_sc' => $username_sc
                            ':username' => $username
                            ':companyid' => $companyid
                            ':department' => $department
                            ':status' => $status,
                            ':lastupby' => $lastupby);

    if(!empty($pwd0)){ 
        $sql_PPu_field="barcodepwd = :barcodepwd,";                                            
        $sql_param[':barcodepwd'] = $pwd;
    }
    unset($pwd);

    $sql "UPDATE master_user SET 
                username_en = :username_en,
                username_sc = :username_sc,
                username = :username,
                companyid = :companyid,
                department = :department,
                status = :status,
                lastupby = :lastupby, 
                $sql_PPu_field
                lastupdate = getdate()
            WHERE refid=:refid and userid=:userid";
    
                
    $sth $dbh->prepare($sql);
    $q$sth->execute$sql_param );
    pdo_showerror($sth$q);
/*echo $sth->getSQL( $sql_param ) . HTML_EOL;
        
    exit;    */            
    header("Location: master_worker_modifyform.php?refid=$refid&msg=Saved."); 
    print "Saved.";
    exit;
    
    
}
myerror("Invalid Request");