1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
<?
require("inc/configure.php");
require("inc/global.php");
require("inc/checklogin.php");
if ($logged_in == 0) {
//echo 'Not logged in. <a href="login.php">Login</a>';
header('Window-target: _parent');
header('Location: login.php');
exit();
}
if (checkObject(19) <> 1){
die("Unauthorized Access");
exit();
}
?>
<?
$roleid = $_POST['roleid'];
$rolename = $_POST['rolename'];
$objectid = $_POST['objectid'];
$status = $_POST['status'];
$creationdate = date("YmdGis");
if ($roleid == "")
{
$sql = "select * from SYS_ROLE where rolename = '$rolename'";
$result = mysql_query($sql);
if ($row = mysql_fetch_array($result,MYSQL_ASSOC))
{
$msg = "Role name duplicate!";
}
else
{
//**addnew
$sql = "insert into SYS_ROLE
(rolename, status, creationdate, creationby)
values('$rolename', $status, '$creationdate', '$creationby')";
$result = mysql_query($sql);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
$sql = "delete from SYS_ROLEOBJECT where roleid = $roleid";
$result = mysql_query($sql);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
if ($objectid){
foreach ($objectid as $t)
{
$sql = "insert into SYS_ROLEOBJECT (roleid, objectid) values($roleid, $t)";
$result = mysql_query($sql);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
}
}
$msg = "Created!";
}
}
else
{
$sql = "select * from SYS_ROLE where rolename = '$rolename' and roleid <> $roleid";
$result = mysql_query($sql);
if ($row = mysql_fetch_array($result,MYSQL_ASSOC))
{
$msg = "Role name duplicate!";
}
else
{
//**update
$sql = "update SYS_ROLE
set rolename = '$rolename'
, status = $status
, updateddate = '$creationdate'
, updatedby = '$creationby'
where roleid = $roleid
";
$result = mysql_query($sql);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
$sql = "delete from SYS_ROLEOBJECT where roleid = $roleid";
$result = mysql_query($sql);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
if ($objectid){
foreach ($objectid as $t)
{
$sql = "insert into SYS_ROLEOBJECT (roleid, objectid) values($roleid, $t)";
$result = mysql_query($sql);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
}
}
$msg = "Updated!";
}
}
header("Location: role.php?msg=$msg");
?>
|