forked from science-ation/science-ation
- Turn the personal editor into an ajax save
- Do away with the embed_submit_url, instead, since this could be called from inside /admin, or just /, we'll specifiy the full path to the php file.
This commit is contained in:
dave
parent
d821a6402e
commit
8c79d88b5a
@ -68,31 +68,21 @@
|
||||
|
||||
);
|
||||
|
||||
/* Sort out who we're editting */
|
||||
if($_POST['users_id'])
|
||||
$eid = intval($_POST['users_id']); /* From a save form */
|
||||
else if(array_key_exists('embed_edit_id', $_SESSION))
|
||||
$eid = $_SESSION['embed_edit_id']; /* From the embedded editor */
|
||||
else
|
||||
$eid = $_SESSION['users_id']; /* Regular entry */
|
||||
|
||||
if($eid != $_SESSION['users_id']) {
|
||||
/* Not editing ourself, we had better be
|
||||
* a committee member */
|
||||
user_auth_required('committee','admin');
|
||||
}
|
||||
|
||||
/* See if there is an edit request */
|
||||
if($_SESSION['embed_edit_id'])
|
||||
$eid = $_SESSION['embed_edit_id'];
|
||||
else
|
||||
$eid = intval($_GET['edit']);
|
||||
|
||||
/* Force them to edit themselves if no eid found */
|
||||
if($eid == 0) $eid = $_SESSION['users_id'];
|
||||
|
||||
if($_SESSION['users_id'] != $eid) {
|
||||
/* There is an edit request for someone other than the logged in user,
|
||||
* the user must be:
|
||||
* - on the committee
|
||||
* - with admin access */
|
||||
user_auth_required('committee', 'admin');
|
||||
$ext_editor = true;
|
||||
} else {
|
||||
/* Else, they are just editing themselves */
|
||||
$ext_editor = false;
|
||||
}
|
||||
$u = user_load($eid);
|
||||
|
||||
|
||||
/* Load the fields the user can edit, and theones that are required */
|
||||
$fields = array();
|
||||
$required = array();
|
||||
@ -110,8 +100,15 @@
|
||||
$fields[] = 'password';
|
||||
}
|
||||
|
||||
if($_POST['action']=="save")
|
||||
{
|
||||
|
||||
switch($_GET['action']) {
|
||||
case 'save':
|
||||
$users_id = intval($_POST['users_id']);
|
||||
if($users_id != $_SESSION['users_id']) {
|
||||
user_auth_required('committee','admin');
|
||||
}
|
||||
$u = user_load($users_id);
|
||||
|
||||
$save = true;
|
||||
/* Set values */
|
||||
foreach($fields as $f) {
|
||||
@ -140,7 +137,7 @@
|
||||
/* Trying to save a committee member eh? Well, we established above
|
||||
* that we're allowed to be here, so go ahead and save it */
|
||||
$u['displayemail'] = ($_POST['displayemail'] == 'yes') ? 'yes' : 'no';
|
||||
$u['emailprivate'] = mysql_escape_string(stripslashes($_POST['emailprivate']));
|
||||
$u['emailprivate'] = mysql_real_escape_string(stripslashes($_POST['emailprivate']));
|
||||
|
||||
if(committee_auth_has_access('super')) {
|
||||
/* But only superusers can save these ones */
|
||||
@ -155,31 +152,25 @@
|
||||
$em = mysql_escape_string(stripslashes($_POST['email']));
|
||||
$q=mysql_query("SELECT id FROM users WHERE email='$em' AND uid!='{$u['uid']}' AND deleted='no'");
|
||||
if(mysql_num_rows($q) > 0) {
|
||||
message_push(error(i18n("That email address is in use by another user")));
|
||||
error_("That email address is in use by another user");
|
||||
$save = false;
|
||||
}
|
||||
|
||||
if($save == true) {
|
||||
user_save($u);
|
||||
message_push(notice(i18n("%1 %2 successfully updated",array($_POST['firstname'],$_POST['lastname']))));
|
||||
happy_("%1 %2 successfully updated",array($_POST['firstname'],$_POST['lastname']));
|
||||
}
|
||||
|
||||
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
|
||||
$type = $_SESSION['users_type'];
|
||||
//send the header
|
||||
if($_SESSION['embed'] == true) {
|
||||
echo "<br/>";
|
||||
display_messages();
|
||||
echo "<h3>".i18n("Personal Information")."</h3>";
|
||||
echo "<br/>";
|
||||
} else if($ext_editor == true) {
|
||||
$m = ($type == 'committee') ? 'Committee' : $user_what[$type];
|
||||
send_header("Personal Information",
|
||||
array("$m Main" => "{$type}_main.php")
|
||||
,"edit_profile"
|
||||
);
|
||||
} else {
|
||||
send_header("Personal Information for {$u['firstname']} {$u['lastname']}",
|
||||
array($user_what[$type]." Registration" => "{$type}_main.php")
|
||||
@ -187,6 +178,18 @@
|
||||
);
|
||||
}
|
||||
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
function personal_save()
|
||||
{
|
||||
$("#debug").load("<?=$config['SFIABDIRECTORY']?>/user_personal.php?action=save", $("#personal_form").serializeArray());
|
||||
return false;
|
||||
}
|
||||
</script>
|
||||
|
||||
<?
|
||||
|
||||
|
||||
foreach($errorfields as $f) {
|
||||
echo error(i18n('\'%1\' must use the format: %2',
|
||||
array(i18n($user_personal_fields[$f]['name']),
|
||||
@ -247,13 +250,8 @@ function item($user, $fname, $subtext='')
|
||||
|
||||
}
|
||||
|
||||
if($_SESSION['embed'] != true) {
|
||||
echo "<form name=\"personalform\" method=\"post\" action=\"user_personal.php?edit=$eid\">\n";
|
||||
} else {
|
||||
echo "<form name=\"personalform\" method=\"post\" action=\"{$_SESSION['embed_submit_url']}\">\n";
|
||||
}
|
||||
|
||||
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
|
||||
echo "<form name=\"personalform\" id=\"personal_form\">\n";
|
||||
echo "<input type=\"hidden\" name=\"users_id\" value=\"{$u['id']}\" />";
|
||||
echo "<table>\n";
|
||||
|
||||
echo "<tr>\n";
|
||||
@ -356,7 +354,7 @@ if(in_array('committee', $u['types'])) {
|
||||
|
||||
|
||||
|
||||
echo "<input type=\"submit\" value=\"".i18n("Save Personal Information")."\" />\n";
|
||||
echo "<input type=\"submit\" onclick=\"personal_save();return false;\" value=\"".i18n("Save Personal Information")."\" />\n";
|
||||
echo "</form>";
|
||||
|
||||
echo "<br />";
|
||||
|
||||
Loading…
Reference in New Issue
Block a user