AdminProg.prg

<?php
    $monLibrary= dirname(__FILE__) . "/../library";
    require_once("$monLibrary/cu_top.i");
    require_once("$monLibrary/ck_hticket.i");

  if (!CheckPerm($link, $Hu, basename($_SERVER['SCRIPT_NAME']), $_SERVER['REMOTE_ADDR'])) {
    // ** Permissions failed
    // ** redirect to new page
    header("Location: /hcuadm/hcu_noperm.prg");
    exit;
  }

$dms_ok=array('opt'=>'string','pg'=>'string','rowid'=>'string');
dms_import($dms_ok);
$print_msg = "";
$print_err = "";

    cu_header("Allowed Program List");
    $msg = "";
    if (isset($opt) && isset($pg)) {
        // Here it needs to set the switch for the program
        // Either delete the record from the cuadminexclude
        // or add it
        switch ($opt) {
            case "on":
                // Turn this program ON fro the credit union
                // this is done by DELETING it from the
                // cuadminexclude table
                $sql = "DELETE FROM cuadminexclude
                                WHERE trim(program) = '" . pg_escape_string($pg) . "'
                                    AND trim(user_name) = '" . pg_escape_string($rowid) . "' ";
                if ($exc_rs = db_query($sql, $link)) {
                    $print_msg = "Program {$pg} was turned ON for {$rowid}";
                } else {
                    $print_msg = "Error -- Status not changed for program {$pg}";
                }
                db_free_result($exc_rs);
                break;
            case "off":
                // Turn off this program for this credit union
                // This is done by ADDING the record to the
                // cuadminexclude table

                // First -- I have the user_name -- I want to
                // Guarantee the correct cu value by grabbing
                // the value from the cuadminusers
                $sql = "SELECT cu
                                FROM cuadminusers
                                WHERE user_name = '" . pg_escape_string($rowid) . "' ";
                $cu_rs = db_query($sql, $link);
                $cu_row = db_fetch_array($cu_rs, 0);
                db_free_result($cu_rs);
                $cu = trim($cu_row['cu']);
                // But make sure we have a cu code -- only insert if we do
                if ($cu != '') {
                    $sql = "INSERT INTO cuadminexclude
                                        (cu, user_name, program)
                                            VALUES
                                        ('" . pg_escape_string($cu) . "',
                                         '" . pg_escape_string($rowid) . "',
                                         '" . pg_escape_string($pg) . "' ) ";
                    if ($exc_rs = db_query($sql, $link)) {
                        $print_msg = "Program {$pg} was turned OFF for {$rowid}";
                    } else {
                        $print_msg = "Error -- Status not changed for program {$pg}";
                    }
                    db_free_result($exc_rs);
                }
                break;
        }
    }


    $sql = "SELECT programs.program, programs.displaytext,
                        programs.description, programs.def_set, exclude.user_name
                    FROM cuadminprogs as programs
                    LEFT JOIN (
                        SELECT cuadminexclude.program, cuadminexclude.user_name, cuadminexclude.cu
                        FROM cuadminexclude
                        WHERE trim(cuadminexclude.user_name) = '" . pg_escape_string($rowid) . "')
                    as exclude on exclude.program = programs.program
                    ORDER BY programs.sort_order ";
    $prod_list = db_query($sql, $link);

    if ($print_msg != '') {
        $print_err = "<tr><td class='msg' colspan='3' align='center'>$print_msg</td></tr>";
    }
    print <<< EOF
        <form action="{$_SERVER['PHP_SELF']}" method="post">
            <table cellpadding=3 cellspacing=0 border=0 align=center class='dmsbg' width=700>
                <tr><td>
                    <table cellpadding=3 cellspacing=0 border=0 align=left bgcolor=white width="100%">
                        <tr><td class='bar' align=center colspan=3>
                            Credit Union's Allowed Program List
                        </td></tr>
                        $print_err
                        <tr><td class='hdr' align=right nowrap width="30%">Program</td>
                            <td class='hdr' align='center' width="5%">Allowed</td>
                            <td class='hdr' width="65%">Description</td></tr>
EOF;
        $cntr = 0;
        while($prod_row = db_fetch_array($prod_list, $cntr++)) {
            printf ("<tr>
                             <td class=\"dtlr\" align=right valign=top>%s</td>
                                 <td class=\"dtlc\" valign=top><a href=\"{$_SERVER['PHP_SELF']}?pg=%s&opt=%s&rowid=%s\" class='%s'>%s</a></td>
                             <td class=\"dtll\" align=left valign=top>%s</td>
                             </tr>\n", htmlspecialchars(trim($prod_row['displaytext'])),
                                                 urlencode($prod_row['program']),
                                                 ($prod_row['user_name'] == "" ? "off" : "on"),
                                                 urlencode($rowid),
                                                 ($prod_row['user_name'] == "" ? "" : "error"),
                                                 ($prod_row['user_name'] == "" ? "On" : "Off"),
                                                 htmlspecialchars(trim($prod_row['description'])));
        }

?>
                    </table>
                </td></tr>
            </table>
        </form>
    </body>
</html>