Codi de la pàgina gestio.php
<?php $link=mysql_pconnect('','pame','pame'); switch ($basemodificar){ case "newusuario": mysql_select_db("basepame",$link); $total=0;$total2=0; $result = mysql_query("SELECT id FROM usuarios WHERE usuario='$uusuario'", $link); $total =@mysql_num_rows($result); if ($total!=0) { echo "<script> \n"; echo "alert('Operació NO realitzada. L'usuari $uusuario ja está donat d'alta'); \n"; echo "</script> \n"; } $result = mysql_query("SELECT id FROM usuarios WHERE nombre='$unombre'", $link); $total2 =@mysql_num_rows($result); if ($total2!=0) { echo "<script> \n"; echo "alert('Operació NO realitzada. Nombre d'usuari $unombre repetit'); \n"; echo "</script> \n"; } if ($total==0 AND $total2==0){ $sql= "INSERT INTO usuarios (nombre, clave, cargo, usuario) "; $sql.= "VALUES ('$unombre', '$uclave', '$ucargo', '$uusuario')"; mysql_query($sql,$link); echo "<script> \n"; echo "alert('Operació realitzada'); \n"; echo "</script> \n"; } break; case "baixausuari": mysql_select_db("basepame",$link); $sql= "DELETE FROM usuarios WHERE id='$idbaixa'"; mysql_query($sql,$link); echo "<script> \n"; echo "alert('Operació realitzada'); \n"; echo "</script> \n"; break; } ?> <? include ("seguridad.php"); if ($_SESSION['cargo'] !='coordinador informàtica'){ echo "<script> \n"; echo "history.go(-1); \n"; echo "</script> \n"; } ?> <? include ("cabecera.inc"); ?> <? include ("intranet.inc"); ?> <script language="JavaScript"> function openWindow(){ url="gestiocodi.htm"; windowprops ="top=30,left=30,toolbar=no,location=no,status=no, menubar=no,scrollbars=no, resizable=no,width=660 ,height=300"; window.open(url,"",windowprops); } </script> <div id="Layer2" style="position:absolute; width:32px; height:19px; z-index:205; left: 0px; top: 85px;"> <a href="#" onClick='openWindow()' title="Codi de la pàgina"><img src="imagenes/tachuela.jpg" width="35" height="39" border="0"></a><br><br> <a href="gestioflujo.php" title="Diagrma de la pàgina"><img src="imagenes/diagrama.jpg" width="30" height="21" border="0"></a> </div> <script language="JavaScript" type="text/javascript"> function mirar(x){ switch (x){ case 1: if (document.altausuario.unombre.value!='' && document.altausuario.uusuario.value!='' && document.altausuario.uclave.value!=''){ document.altausuario.submit(); } else { alert("Dades incompletes");} break; } } </script> <div id="Layer6" style="position:absolute; width:650px; height:115px; z-index:77; left: 50px; top: 250px;" class="menupr"> <?php switch ($gestio){ case "usuarios": switch ($opcio){ case"alta": $link = mysql_pconnect('','pame','pame'); mysql_select_db("basepame",$link); echo "<form action='gestio.php?gestio=usuarios&opcio=alta' method='post' name='altausuario' target='_parent'> \n"; echo "<table width='100%' border='0' cellspacing='0'> \n"; echo "<tr> \n"; echo "<td colspan='2'><strong>Donar d'alta a nous usuaris</strong></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'><input type='hidden' name='basemodificar' value='newusuario'></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td width='20%'>Nom</td> \n"; echo "<td width='80%'><input type='text' name='uusuario' size='40'></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Usuari</td> \n"; echo "<td><input type='text' name='unombre' size='20'></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Clau</td> \n"; echo "<td><input type='text' name='uclave' size='8'></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Àmbit</td> \n"; echo "<td> \n"; $sql = "SELECT ambito FROM ambitos ORDER BY ambito"; $result = mysql_query($sql, $link); echo "<select name='ucargo'> \n"; while ($row = mysql_fetch_row($result)){ echo "<option value='".$row[0]."'>".$row[0]."</option> \n"; } echo "</select> \n"; echo "</td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'> </td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td><div align='center'><a href='#' onClick='mirar(1)'>donar d'alta</a></div></td> \n"; echo "<td> </td> \n"; echo "</tr> \n"; echo "</table> \n"; echo "</form> \n"; break; case "baixa": $link=mysql_pconnect('','pame','pame'); mysql_select_db("basepame",$link); if ($id==''){ echo "<form action='gestio.php?gestio=usuarios&opcio=baixa' method='post' name='seleccio'> \n"; echo "<table width='100%' border='0'> \n"; echo "<tr> \n"; echo "<td><strong>Donar de baixa a usuaris</strong></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td> </td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td width='15%'>Usuari \n"; $result = mysql_query("SELECT id,usuario FROM usuarios ORDER BY usuario", $link); echo "<select name='id' onChange='seleccio.submit()'> \n"; echo "<option value=''> </option> \n"; while ($row = mysql_fetch_row($result)){ echo "<option value=$row[0]>".$row[1]."</option> \n"; } echo "</select> \n"; echo "</td> \n"; echo "</tr> \n"; echo "</table> \n"; echo "</form> \n"; } else { $result = mysql_query("SELECT usuario FROM usuarios WHERE id='$id'", $link); $row = mysql_fetch_row($result); echo "<form action='gestio.php?gestio=usuarios&opcio=baixa' method='post' name='seleccio'> \n"; echo "<table width='100%' border='0'> \n"; echo "<tr> \n"; echo "<td colspan='2'><strong>Donar de baixa a l'usuari</strong></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'><input type='hidden' name='basemodificar' value='baixausuari'><input type='hidden' name='idbaixa' value=$id></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Usuari <strong>$row[0]</strong></td> \n"; echo "<td><a href='#' onClick='seleccio.submit()'>donar de baixa</a></td> \n"; echo "</tr> \n"; echo "</table> \n"; echo "</form> \n"; } break; case "dades": $link=mysql_pconnect('','pame','pame'); mysql_select_db("basepame",$link); if ($id==''){ echo "<form action='gestio.php?gestio=usuarios&opcio=dades' method='post' name='seleccio'> \n"; echo "<table width='100%' border='0'> \n"; echo "<tr> \n"; echo "<td><strong>Seleccioneu a l'usuari</strong></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td> </td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td width='15%'>Usuari \n"; $result = mysql_query("SELECT id,usuario FROM usuarios ORDER BY usuario", $link); echo "<select name='id' onChange='seleccio.submit()'> \n"; echo "<option value=''> </option> \n"; while ($row = mysql_fetch_row($result)){ echo "<option value=$row[0]>".$row[1]."</option> \n"; } echo "</select> \n"; echo "</td> \n"; echo "</tr> \n"; echo "</table> \n"; echo "</form> \n"; } else { $result = mysql_query("SELECT usuario FROM usuarios WHERE id='$id'", $link); $row = mysql_fetch_row($result); $usuario=$row[0]; if ($eliminarfoto!=''){ $eliminarfoto= explode('-',$eliminarfoto); $sql="UPDATE usuarios SET foto='' WHERE usuario='$usuario'"; $result=mysql_query($sql); @unlink('imagenes/fotos/'.$eliminarfoto[1]); } if ($eliminarvideo!=''){ $eliminarvideo= explode('-',$eliminarvideo); $sql="UPDATE usuarios SET nomvideo='' WHERE usuario='$usuario'"; $result=mysql_query($sql); @unlink('imagenes/videos/'.$eliminarvideo[1]); } if ($foto!=''){ if ($cambiofoto!=''){ @unlink('imagenes/fotos/'.$cambiofoto); } $fotonombre=$_FILES['foto']['name']; $upfile='imagenes/fotos/'.$fotonombre; move_uploaded_file($foto,$upfile); $sql="UPDATE usuarios SET foto='$fotonombre' WHERE usuario='$usuario'"; $result=mysql_query($sql); } if ($video!=''){ if ($cambiovideo!=''){ @unlink('imagenes/videos/'.$cambiovideo); } $videonombre=$_FILES['video']['name']; $upfile='imagenes/videos/'.$videonombre; move_uploaded_file($video,$upfile); $sql="UPDATE usuarios SET nomvideo='$videonombre' WHERE usuario='$usuario'"; $result=mysql_query($sql); } if ($canvinova!=''){ $sql="SELECT clave FROM usuarios WHERE usuario='$usuario'"; $result=mysql_query($sql,$link); $row=mysql_fetch_row($result); if ($canviantiga==$row[0]){ $sql="UPDATE usuarios SET clave='$canvinova' WHERE usuario='$usuario'"; $result=mysql_query($sql); echo "<script language='JavaScript' type='text/javascript'> \n"; echo "alert('SI'); \n"; echo "</script> \n"; } else { echo "<script language='JavaScript' type='text/javascript'> \n"; echo "alert('NO'); \n"; echo "</script> \n"; } } $sql="SELECT * FROM usuarios WHERE usuario='$usuario'"; $result=mysql_query($sql,$link); $row=mysql_fetch_row($result); $extension= explode('.',$row[6]); if ($row[5]!=''){ echo "Foto -<img src='imagenes/fotos/".$row[5]."' width='100' height='100' border='0'>\n"; $fototexto=$row[5]; } if ($row[6]!=''){ $videotexto=$row[6]; echo " Vídeo -\n"; switch ($extension[1]){ case"avi": echo "<OBJECT ID='MediaPlayer' WIDTH=100 HEIGHT=146 classid='CLSID:22D6F312-B0F6-11D0-94AB-0080C74C7E95' codebase='http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab#Version=6,4,7,1112' type='application/x-oleobject' > \n"; echo "<PARAM NAME='FileName' VALUE='imagenes/videos/".$row[6]."'> \n"; echo "<PARAM NAME='ShowControls' VALUE='1'> \n"; echo "<PARAM NAME='Autostart' VALUE='false'> \n"; echo "<Embed type='application/x-mplayer2' pluginspage='http://www.microsoft.com/windows/windowsmedia/download/' src='imagenes/videos/".$row[6]."' Name=MediaPlayer WIDTH=100 HEIGHT=146 > \n"; echo "</EMBED> \n"; echo "</OBJECT> \n"; break; case"mov": echo "<object classid='clsid:02bf25d5-8c17-4b23-bc80-d3488abddc6b' width=100 height=146 codebase='http://www.apple.com/qtactivex/qtplugin.cab' border='0'> \n"; echo "<param name='src' value='imagenes/videos/".$row[6]."'> \n"; echo "<param name='autoplay' value='true'> \n"; echo "<param name='controller' value='true'> \n"; echo "<embed src='imagenes/videos/".$row[6]."' width=100 height=146 controller='true' pluginspage='http://www.apple.com/quicktime/download/'> \n"; echo "</object> \n"; break; } } echo "<table width='100%' border='0' cellspacing='0'> \n"; echo "<tr> \n"; echo "<td width='10%' > </td> \n"; echo "<td width='12%' > </td> \n"; echo "<td width='78%' > </td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Foto/Vídeo</td> \n"; echo "<td colspan='2' ><a href='#' onClick='hideLayer('contraw'); showLayer('fotow')'><font color='#FF6666' size='-2'>canviar</font></a></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Usuari </td> \n"; echo "<td colspan='2'>".$usuario."</td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Nom </td> \n"; echo "<td colspan='2'>".$row[1]."</td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Àmbit </td> \n"; echo "<td colspan='2'>".$row[7]."</td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>Contrasenya </td> \n"; echo "<td>******</td> \n"; echo "<td ><a href='#' onClick='hideLayer('fotow'); showLayer('contraw')'><font color='#FF6666' size='-2'>canviar</font></a></td> \n"; echo "</tr> \n"; echo "</table> \n"; echo "<div id='fotow' style='position:absolute; width:350px; height:70px; z-index:25; left: 225px; top:90px; visibility: hidden; background-color: #FAFFF0; layer-background-color: #FAFFF0; border: 1px none #000000;' class='menupr'; > \n"; echo "<form name='canvifoto' method='post' enctype='multipart/form-data' action='gestio.php?gestio=usuarios&opcio=dades&id=$id'> \n"; echo "<table width='100%' border='0' cellspacing='5'> \n"; echo "<tr> \n"; echo "<td colspan='2'> </td> \n"; echo "<input name='opersonal' type='hidden' value='dades'>"; echo "<input name='cambiofoto' type='hidden' value='$fototexto'>"; echo "<input name='cambiovideo' type='hidden' value='$videotexto'>"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'><div align='center'><u>Canvi de fotografia / vídeo</u></div></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'> </td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td width='18%'><strong>Fotografia</strong></td> \n"; echo "<td>format: jpg - tamany i pes 100x100px 2Kb</td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'><input name='foto' type='file' size='50'></td> \n"; echo "</tr> \n"; if ($fototexto!=''){ echo "<tr> \n"; echo "<td colspan='2'><input name='eliminarfoto' type='submit' value='eliminar-$fototexto'></td> \n"; echo "</tr> \n"; echo "</tr> \n"; } echo "<tr> \n"; echo "<td width='18%'><strong>Vídeo</strong></td> \n"; echo "<td>format: mov ó avi - tamany i pes 100x75px màx.1990Kb</td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'><input name='video' type='file' size='50'></td> \n"; echo "</tr> \n"; if ($videotexto!=''){ echo "<tr> \n"; echo "<td colspan='2'><input name='eliminarvideo' type='submit' value='eliminar-$videotexto'></td> \n"; echo "</tr> \n"; } echo "</table> \n"; echo "<table width='100%' border='0' cellspacing='5'> \n"; echo "<tr> \n"; echo "<td><div align='center'><a href='#' onClick='hideLayer('fotow')'>cancelar</a></div></td> \n"; echo "<td><div align='center'><a href='#' onClick='canvifoto.submit()'>aceptar</a></div></td> \n"; echo "</tr> \n"; echo "</table> \n"; echo "</form> \n"; echo "</div> \n"; echo "<div id='contraw' style='position:absolute; width:200px; height:70px; z-index:27; left: 275px; top:90px; visibility: hidden; background-color: #FAFFF0; layer-background-color: #FAFFF0; border: 1px none #000000;' class='menupr'; > \n"; echo "<form name='canvi' method='post' action='gestio.php?gestio=usuarios&opcio=dades&id=$id'> \n"; echo "<table width='100%' border='0' cellspacing='5'> \n"; echo "<tr> \n"; echo "<td colspan='2'> </td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'><div align='center'><u>Canvi de contrasenya</u></div></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='2'> </td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>contrasenya antiga</td> \n"; echo "<td><input name='canviantiga' type='text' size='6'></td> \n"; echo "<input name='opersonal' type='hidden' value='dades'>"; echo "</tr> \n"; echo "<tr> \n"; echo "<td>contrasenya nova</td> \n"; echo "<td><input name='canvinova' type='text' size='6'></td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td><div align='center'><a href='#' onClick='hideLayer('contraw')'>cancelar</a></div></td> \n"; echo "<td><a href='#' onClick='canvi.submit()'>aceptar</a></td> \n"; echo "</tr> \n"; echo "</table> \n"; echo "</form> \n"; echo "</div> \n"; } break; } break; } ?> </div> <div id='titulos' style='position:absolute; left:50px; top:164px; width:650px; height:20px; z-index:9; border: 1px none #000000;' class='opaco' > <font color='#CC0000' size='5'> <?php switch ($gestio){ case "usuarios": echo "Gestió - Usuaris"; break; default: echo "Gestió"; } echo "<table width='100%' border='0' cellspacing='0'> \n"; echo "<tr bgcolor='#F7F7F7'> \n"; echo "<td width='25%' > </td> \n"; echo "<td colspan='3'><a href='gestio.php?gestio=usuarios'>Usuaris</a></td> \n"; echo "<td> </td> \n"; echo "</tr> \n"; echo "<tr> \n"; echo "<td colspan='5'> </td> \n"; echo "</tr> \n"; echo "<tr> \n"; switch ($gestio){ case "usuarios": echo "<td> </td> \n"; echo "<td><a href='gestio.php?gestio=usuarios&opcio=alta' title='donar d´alta a la INTRANET'>Altes</a></td> \n"; echo "<td><a href='gestio.php?gestio=usuarios&opcio=baixa' title='eliminar de la INTRANET'>Baixes</a></td> \n"; echo "<td colspan='4'><a href='gestio.php?gestio=usuarios&opcio=dades' title='dades personals dels usuaris'>Dades personals</a></td> \n"; echo "<td> </td> \n"; break; } echo "</tr> \n"; echo "</table> \n"; ?> </font> </div> <?php include ("pie.inc"); ?>