I'm new to php and am working on my first large scale project. I am making a custom ticketing system that requires users to login and let's technicians login to work tickets. I am trying to implement a account disabling feature so tech's that are no longer with the company don't have to have there accounts deleted when they are gone for a time. I want admins to be able to edit the users profile and use a checkbox to mark the account as disabled I have a table called profiles with the username and profile information. I have added a tinyint field called "disabled" with a 1 char limit.
I have successfully programmed my login script to only let you login if the disabled field is equal to 0 but i can't get my edit profile script to update the database with any value at all. I have searched this and other forums and can only find info on using an array for mutliple checkboxes but I have only 1 checkbox so I'm not sure that is the best way. Once the checkbox updates to the database I will also need to make so when viewing and editing the users profile you can tell whether the account is disabled already by having the checkbox marked only if the account is disabled.
Below is my adminprofile.php file. The edit profile section starts on line 59 and my database update starts on line 112. Parts of this page currently work as expected except the disabled checkbox. Any help would be appreciated.
<?php
session_start();
include 'config.php';
include 'opendb.php';
include("login.php");
echo '<link rel="stylesheet" type="text/css" href="profile.css">';
echo '<center><div id="page"><img src="images/profhead.gif" width="955" height="90" /></center>';
if($logged_in){
loggedgroup();
if($_SESSION[grptype] == 'Admin' or $_SESSION[grptype] == 'Superadmin' or $_SESSION[grptype2] == 'Admin' or $_SESSION[grptype2] == 'Superadmin'){
if ($_SESSION['uid'] == NULL){
echo '<META HTTP-EQUIV="refresh" content="0;URL=admin.php">';
}else{
displayLogin();
echo '<hr>';
if( isset($_GET['pg']) ) {
switch( $_GET['pg']) {
case 'view':
global $conn;
$sql = "SELECT * FROM `profiles` WHERE id='$_SESSION[uid]'";
$query = mysql_query($sql, $conn) or die(mysql_error());
$row = mysql_num_rows($query);
while ($row = mysql_fetch_array($query)) {echo '<div id="vwprof"><center><h2>Personal Information</h2><table width="28%" align="center" background="images/trimmtext.gif" style="border-style:groove;border-color:navy;margin-top:12px;">
<tr><td width="50% align="left"><h3>Username:</h3></td><td width="50% align="right"><h4><input type="text" name="user" value="'.$row['username'].'" readonly></h4>
<tr><td width="50% align="left"><h3>Disabled:</h3></td><td width="50% align="right"><h4><input type="checkbox" name="disabled" value="" readonly></h4>';
echo '</td></tr><tr><td width="50% align="left"><h3>Name:</h3></td><td width="50% align="right"><h4><input type="text" name="name" value="'.$row['first_name'].' '.$row['last_name'].'" readonly></h4>';
echo '</td><tr><tr><td width="50% align="left"><h3>Group:</h3></td><td width="50% align="right"><h4><input type="text" name="group" value="'.$_SESSION['grpname'].'" readonly></h4>';
echo '</td><tr><tr><td width="50% align="left"><h3>Group 2:</h3></td><td width="50% align="right"><h4><input type="text" name="group2" value="'.$_SESSION['grp2name'].'" readonly></h4>';
echo '</td></tr><tr><td width="50% algin="left"><h3>Home Phone:</h3></td><td width="50% align="right"><h4><input type="text" name="phone" value="'. $row['phone'].'" readonly></h4></td></tr>';
echo '<tr><td width="50% algin="left"><h3>Alt Phone:</h3></td><td width="50% align="right"><h4><input type="text" name="altphone" value="'. $row['altphone'].'" readonly></h4></td></tr>';
echo '<tr><td width="50% algin="left"><h3>Alt Phone Type:</h3></td><td width="50% align="right"><h4><input type="text" name="altphn_title" value="'. $row['altphn_title'].'" readonly></h4></td></tr>';
echo '<tr><td width="50% algin="left"><h3>Email Address:</h3></td><td width="50% align="right"><h4><input type="text" name="email" value="'. $row['email'].'" readonly></h4></td></tr>
<tr align="left"><center><td><a href="adminprofile.php?pg=edit">Edit Personal Profile</a></td></center><td><a href="adminprofile.php?pg=systems">View System Profiles</a></td> <td align="right"></tr></table>
<h2>Physical Address</h2><table width="28%" align="center" background="images/trimmtext.gif" style="border-style:groove;border-color:navy;margin-top:12px;">
<tr><td width="50% align="left"><h3>Address:</h3></td><td width="50% align="right"><h4><input type="text" name="address" value="'.$row['address'].'" readonly></h4></td></tr>
<tr><td width="50% align="left"><h3>Address Line 2:</h3></td><td width="50% align="right"><h4><input type="text" name="address2" value="'.$row['address2'].'" readonly></h4></td></tr>
<tr><td width="50% align="left"><h3>City, State:</h3></td><td width="50% align="right"><h4><input type="text" name="city" value="'.$row['city'].', '.$row['state'].'" readonly></h4></td></tr>
<tr><td width="50% align="left"><h3>Zip Code:</h3></td><td width="50% align="right"><h4><input type="text" name="zip" value="'.$row['zip'].'-'.$row['zip4'].'" readonly></h4></td></tr>
<tr><td width="50% align="left"><h3>Cross Streets:</h3></td><td width="50% align="right"><h4><input type="text" name="cross_roads" value="'.$row['cross_roads'].'" readonly></h4></td></tr></table>
</center></div>';
}
break;
case 'edit':
global $conn;
$sqle = "SELECT * FROM `profiles` WHERE id='$_SESSION[uid]'";
$querye = mysql_query($sqle, $conn) or die(mysql_error());
$rowe = mysql_num_rows($querye);
if ( !isset($_POST['submit'])) {
while ($rowe = mysql_fetch_array($querye)) {
echo '<form action="" method="post">';
echo '<div id="edtprof"><center><h2>Personal Information</h2><table width="28%" align="center" background="images/trimmtext.gif" style="border-style:groove;border-color:navy;margin-top:12px;">
<tr><td width="50% align="left"><h3>Username:</h3></td><td width="50% align="right"><h4><input type="text" name="username" value="'.$rowe['username'].'" readonly></h4>
<tr><td width="50% align="left"><h3>Disabled:</h3></td><td width="50% align="right"><h4><input type="checkbox" name="disabled" value=""></h4>';
echo '</td></tr><tr><td width="50% align="left"><h3>First Name:</h3></td><td width="50% align="right"><h4><input type="text" name="first_name" id="first_name" value="'.$rowe['first_name'].'"></h4>';
echo '</td></tr><tr><td width="50% align="left"><h3>Last Name:</h3></td><td width="50% align="right"><h4><input type="text" name="last_name" value="'.$rowe['last_name'].'"></h4>';
echo '</td><tr><tr><td width="50% align="left"><h3>Group:</h3></td><td width="50% align="right"><h4><input type="text" name="group" value="'.$_SESSION['grpname'].'" readonly></h4>';
echo '</td><tr><tr><td width="50% align="left"><h3>Group 2:</h3></td><td width="50% align="right"><h4><input type="text" name="group2" value="'.$_SESSION['grp2name'].'" readonly></h4>';
echo '</td></tr><tr><td width="50% algin="left"><h3>Home Phone:</h3></td><td width="50% align="right"><h4><input type="text" name="phone" value="'. $rowe['phone'].'"></h4></td></tr>';
echo '<tr><td width="50% algin="left"><h3>Alt Phone:</h3></td><td width="50% align="right"><h4><input type="text" name="altphone" value="'. $rowe['altphone'].'"></h4></td></tr>';
echo '<tr><td width="50% algin="left"><h3>Alt Phone Type:</h3></td><td width="50% align="right"><h4><input type="text" name="altphn_title" value="'. $rowe['altphn_title'].'"></h4></td></tr>';
echo '<tr><td width="50% algin="left"><h3>Email Address:</h3></td><td width="50% align="right"><h4><input type="text" name="email" value="'. $rowe['email'].'"></h4></td></tr></table>
<h2>Physical Address</h2><table width="28%" align="center" background="images/trimmtext.gif" style="border-style:groove;border-color:navy;margin-top:12px;">
<tr><td width="50% align="left"><h3>Address:</h3></td><td width="50% align="right"><h4><input type="text" name="address" value="'.$rowe['address'].'"></h4></td></tr>
<tr><td width="50% align="left"><h3>Address Line 2:</h3></td><td width="50% align="right"><h4><input type="text" name="address2" value="'.$rowe['address2'].'"></h4></td></tr>
<tr><td width="50% align="left"><h3>City:</h3></td><td width="50% align="right"><h4><input type="text" name="city" value="'.$rowe['city'].'"></h4></td></tr>
<tr><td width="50% align="left"><h3>State:</h3></td><td width="50% align="right"><h4><input type="text" name="state" value="'.$rowe['state'].'"></h4></td></tr>
<tr><td width="50% align="left"><h3>Zip Code:</h3></td><td width="50% align="right"><h4><input type="text" name="zip" value="'.$rowe['zip'].'">-<input type="text" name="zip4" value="'.$rowe['zip4'].'"></h4></td></tr>
<tr><td width="50% align="left"><h3>Cross Streets:</h3></td><td width="50% align="right"><h4><input type="text" name="cross_roads" value="'.$rowe['cross_roads'].'"></h4></td></tr>
<tr><td align="left"><input type="submit" name="submit" value="Save!"></td></tr></table></center></div></form>';
}
} else {
$first_name = $_POST[first_name];
$last_name = $_POST[last_name];
$phone = $_POST[phone];
$altphone = $_POST[altphone];
$altphn_title = $_POST[altphn_title];
$email = $_POST[email];
$address = $_POST[address];
$address2 = $_POST[address2];
$city = $_POST[city];
$state = $_POST[state];
$zip = $_POST[zip];
$zip4 = $_POST[zip4];
$cross_roads = $_POST[cross_roads];
$disabled = $_POST[disabled];
if ($disabled == NULL) {
$disabled = 1;
}
else {
$disabled = 0;
}
mysql_query("update profiles set disabled='$disabled', first_name='$first_name', last_name='$last_name', phone='$phone', altphone='$altphone', altphn_title='$altphn_title', email='$email', address='$address', address2='$address2',
city='$city', state='$state', zip='$zip', zip4='$zip4', cross_roads='$cross_roads' WHERE id='$_SESSION[gid]'");
mysql_close();
echo '<META HTTP-EQUIV="refresh" content="0;URL=adminprofile.php?pg=view">';
}
break;
} }
}
}else{
echo '<br><center><h3>You must be an admin to view this page. If you feel you have reached this message in error please contact the site admin.</h3></center>';
}
}
else{
echo '<br><center><h3>You must be logged in to view this page. Please login!</h3></center>';
displayLogin();
}
?>