database, $query) == FALSE &&
strstr(pg_errormessage($this->database), "already exists") == false)
{
echo "You can not create a new user: " . pg_errormessage($this->database) . ".
";
}
else
{
pg_exec($this->database, "INSERT INTO usr (username, security_level) VALUES ('"
. $_POST['username'] . "','" . $_POST['seclevel'] . "')");
}
}
if (isset($_POST['action']) && $_POST['action'] == 'Remove' && !empty($_POST['username']))
{
pg_exec($this->database, "DELETE FROM usr WHERE username='" . $_POST['username'] . "'");
pg_exec($this->database, "DROP USER " . $_POST['username']);
}
if (isset($_POST['action']) && $_POST['action'] == 'Change Password')
{
pg_exec($this->database, "ALTER USER " . $_SESSION['username'] .
" PASSWORD '" . $_POST['passwd'] . "'");
}
if (isset($_GET['username']))
{
echo "
";
if (isset($_POST['action']) && $_POST['action'] == 'Save Changes')
{
$qry = "UPDATE usr SET display_name='" . $_POST['dspname'] . "'";
$qry .= ", email='" . $_POST['email'] . "'";
$qry .= ", security_level='" . $_POST['seclevel'] . "'";
$qry .= " WHERE username='" . $_GET['username'] . "'";
pg_exec($this->database, $qry);
}
$res = pg_exec($this->database, "SELECT * from usr
WHERE username='" . $_GET['username'] . "'");
$usr = pg_fetch_object($res, 0);
echo "