if (isset($_POST['submit'])) {\r
$id = intval($_POST['id']);\r
\r
+ //check if student id (public field) is already being used\r
+ if (!$_POST['overwrite'] && !empty($_POST['student_id'])) {\r
+ $result = mysql_query("SELECT * FROM ".TABLE_PREFIX."master_list WHERE public_field='$_POST[student_id]' && member_id<>0",$db);\r
+ if (mysql_num_rows($result) != 0) {\r
+ $msg->addError('CREATE_MASTER_USED');\r
+ }\r
+ }\r
+\r
/* email check */\r
if ($_POST['email'] == '') {\r
$msg->addError('EMAIL_MISSING');\r
exit;\r
}\r
\r
+\r
if (defined('AT_MASTER_LIST') && AT_MASTER_LIST) {\r
$_POST['student_id'] = $addslashes($_POST['student_id']);\r
- $student_pin = md5($addslashes($_POST['student_pin']));\r
+ $student_pin = sha1($addslashes($_POST['student_pin']));\r
\r
- $sql = "UPDATE ".TABLE_PREFIX."master_list SET member_id=0 WHERE member_id=$id";\r
- $result = mysql_query($sql, $db);\r
-\r
- if ($_POST['student_id']) {\r
- $sql = "UPDATE ".TABLE_PREFIX."master_list SET member_id=$id WHERE public_field='$_POST[student_id]'";\r
+ //if changed, delete old stud id\r
+ if (!empty($_POST['old_student_id']) && $_POST['old_student_id'] != $_POST['student_id']) {\r
+ $sql = "DELETE FROM ".TABLE_PREFIX."master_list WHERE public_field=".$_POST['old_student_id']." AND member_id=$id";\r
+ $result = mysql_query($sql, $db);\r
+ }\r
+ //if new is set\r
+ if (!empty($_POST['student_id']) && $_POST['old_student_id'] != $_POST['student_id']) {\r
+ $sql = "REPLACE INTO ".TABLE_PREFIX."master_list VALUES ('$_POST[student_id]', '', $id)";\r
$result = mysql_query($sql, $db);\r
- if (mysql_affected_rows($db) == 0) {\r
- $sql = "SELECT member_id FROM ".TABLE_PREFIX."master_list WHERE member_id=$id AND public_field='$_POST[student_id]'";\r
- $result = mysql_query($sql, $db);\r
- if (!$row = mysql_fetch_assoc($result)) {\r
- $sql = "REPLACE INTO ".TABLE_PREFIX."master_list VALUES ('$_POST[student_id]', '$student_pin', $id)";\r
- mysql_query($sql, $db);\r
- }\r
- }\r
}\r
}\r
\r
$sql = "SELECT public_field FROM ".TABLE_PREFIX."master_list WHERE member_id=$id";\r
$result = mysql_query($sql, $db);\r
if ($row = mysql_fetch_assoc($result)) {\r
+ $_POST['old_student_id'] = $row['public_field'];\r
$_POST['student_id'] = $row['public_field'];\r
}\r
}\r
</div>
<?php if (admin_authenticate(AT_ADMIN_PRIV_USERS, TRUE) && defined('AT_MASTER_LIST') && AT_MASTER_LIST): ?>
+ <input type="hidden" name="old_student_id" value="<?php echo $_POST['old_student_id']; ?>" />
<div class="row">
<label for="student_id"><?php echo _AT('student_id'); ?></label><br />
<input type="text" name="student_id" value="<?php echo $_POST['student_id']; ?>" size="20" /><br />
</div>
- <div class="row">
+ <!-- div class="row">
<label for="student_pin"><?php echo _AT('student_pin'); ?></label><br />
<input id="student_pin" name="student_pin" type="password" size="15" maxlength="15" value="<?php echo stripslashes(htmlspecialchars($_POST['student_pin'])); ?>" /><br />
- </div>
+ </div -->
<div class="row">
<input type="checkbox" id="overwrite" name="overwrite" value="1" <?php if ($_POST['overwrite']) { echo 'checked="checked"'; } ?> /><label for="overwrite"><?php echo _AT('overwrite_master');?></label>
</div>