From f472c60b18469ff8a06963708174dea1bfc08015 Mon Sep 17 00:00:00 2001
From: Evan O'Connell <oconn.e@gmail.com>
Date: Sun, 18 Aug 2013 18:29:07 -0400
Subject: Adds untracked changes

---
 admin/adjutant/functions.php              |  55 ++++-
 admin/adjutant/index.php                  |  13 +-
 admin/admins/functions.php                |  91 +++++--
 admin/admins/index.php                    |   4 +
 admin/index.php                           |   2 +-
 admin/newsreel/updateDB.php               |   2 +-
 admin/rudi/includes/functions.members.php |  44 +++-
 admin/rudi/views/view.awards.add.php      |   5 +-
 admin/rudi/views/view.awards.php          |   2 +-
 admin/rudi/views/view.members.delete.php  |  31 +++
 admin/rudi/views/view.members.new.php     | 381 ++++++++++++++++--------------
 admin/rudi/views/view.members.php         |  24 +-
 admin/rudi/views/view.members.profile.php |  11 +-
 13 files changed, 453 insertions(+), 212 deletions(-)
 create mode 100644 admin/rudi/views/view.members.delete.php

(limited to 'admin')

diff --git a/admin/adjutant/functions.php b/admin/adjutant/functions.php
index 87bc4b4..b38400e 100644
--- a/admin/adjutant/functions.php
+++ b/admin/adjutant/functions.php
@@ -67,6 +67,59 @@
 		echo "<input type=\"submit\" name=\"processed\" value=\"Update Points\" /></form>";
 
 	}
+
+/****** NEW CODE ADDED LARRABEE 11-20-2012 ********/
+        function EditPoints2(){
+
+                global $db;
+
+                $result = $db->Query("SELECT * FROM `rudi_unit_members` JOIN `rudi_ranks` ON rudi_unit_members.rank_id=rudi_ranks.rank_id WHERE rudi_unit_members.status_id < 4  ORDER BY rudi_ranks.weight DESC , rudi_unit_members.date_promotion ASC , rudi_unit_members.date_enlisted ASC");
+                $row = $db->Fetch($result);
+
+                if(isset($_POST['processed'])){
+                        echo "Updating data... Please wait.";
+                        foreach($row as $soldier){
+                                $mID = $soldier['member_id'];
+                        $missed = $_POST[$mID.'missed'];
+                        $attended = $_POST[$mID.'attended'];
+                        $points = $_POST[$mID.'points'];
+
+                        if($missed !="" && $points != ""){
+                                $db->Query("UPDATE `rudi_unit_members` SET `points` = $points, `drillcount` = $missed, `attendcount` = $attended WHERE `member_id` = $mID LIMIT 1");
+                        }else{
+                                ReportError("Error updating points for soldier id# '$mID'. Please contact administrator.");
+                        }
+                        }
+                        PageRedirect(1,"?op=adjutant&edit=pointsnew");
+                        return;
+                }
+?>
+                <form method="POST" action="<?php $_SERVER['PHP_SELF']?>">
+                <table style="text-align:center;" width="100%" cellspacing="0">
+                <?php //OpenTable(); ?>
+                <tr><th>Rank</th><th>Soldier</th><th>Status</th><th>Points</th><th>Drills Missed</th><th>Drills Attended</th></tr>
+<?php
+                foreach($row as $soldier){
+                        $memberID = $soldier['member_id'];
+                        if($soldier['status_id'] != 1)
+                                echo "<tr class=\"inactive\">";
+                        else
+                                echo "<tr>";
+                        echo "<td>{$soldier['shortname']}</td>
+          <td>{$soldier['first_name']} {$soldier['last_name']}</td>
+          <td>".getStatus($soldier['status_id'])."</td>
+          <td><input type=\"text\" class=\"lrg\" value=\"{$soldier['points']}\" name=\"{$memberID}points\" size=\"1\" maxlength=\"3\" />/100</td>
+          <td><input type=\"text\" class=\"lrg\" value=\"{$soldier['drillcount']}\" name=\"{$memberID}missed\" size=\"1\" maxlength=\"1\" />/3</td>
+          <td><input type=\"text\" class=\"lrg\" value=\"{$soldier['attendcount']}\" name=\"{$memberID}attended\" size=\"1\" maxlength=\"1\" />/3</td>";
+
+
+                echo "<input type=\"hidden\" value=\"{$memberID}\" name=\"{$memberID}id\" />\n";
+                }
+                CloseTable();
+                echo "<input type=\"submit\" name=\"processed\" value=\"Update Points\" /></form>";
+
+        }
+/****** END NEW CODE ADDED *******/
 	
 	function EditLOAs($status_id = 1){
 	
@@ -160,4 +213,4 @@ $num = 1;
 		
 	return $row['name'];
   }
- ?>
\ No newline at end of file
+ ?>
diff --git a/admin/adjutant/index.php b/admin/adjutant/index.php
index 5149c28..d8491ac 100644
--- a/admin/adjutant/index.php
+++ b/admin/adjutant/index.php
@@ -19,8 +19,10 @@
  
  ?>
  <link rel="stylesheet" type="text/css" href="adjutant/style.css" media="screen"/>
+ <script type="text/javascript" src="scripts/jquery-ui-1.7.1.custom.min.js"></script>
  <div style="text-align:left;"><h2>- Adjutant Control Panel</h2></div>
  <a href="?op=adjutant&edit=points">Edit Points</a>&nbsp;&nbsp;
+ <a href="?op=adjutant&edit=pointsnew">Edit Points *NEW*</a>&nbsp;&nbsp;
  <a href="?op=adjutant&edit=loas">Edit LOAs</a>
  <table class="panel" width="100%">
  	<tr><td style="text-align:center; vertical-align:top;">
@@ -39,6 +41,10 @@
  			echo "<h3>Edit Points</h3>";
  			EditPoints();
  		} 
+    if($_GET['edit'] == "pointsnew"){
+       echo "<h3>Edit Points *NEW*</h3>";
+       EditPoints();
+    }                    
  		if($_GET['edit'] == "loas"){
  			echo "<h3>Edit LOAs</h3>";
  			if(isset($_GET['member'])){
@@ -53,6 +59,11 @@
  			}
  		} 	
  	}
+ 	else if(isset($_GET['drills'])){
+ 		if($_GET['drills'] == "new"){
+ 			
+ 		}
+ 	}
  ?>
  	</td></tr>
- 	</table>
\ No newline at end of file
+ 	</table>
diff --git a/admin/admins/functions.php b/admin/admins/functions.php
index f3da1be..016b7a1 100644
--- a/admin/admins/functions.php
+++ b/admin/admins/functions.php
@@ -101,25 +101,15 @@
 			ReportError("The email and or username you entered is already in use.");
 			return;
 		}
-		
-		
-		$Name = "Rocky the Marne Dog";
-		$subject = "3rd ID Admin Password";
-		$header = "From: ". $Name . " < DO NOT RESPOND >\r\n"; //optional headerfields 
-		$mail_body = "Do not respond to this email.\n\n------------------------------\nUsername: ".$username."\nPassword: ".$password."\n------------------------------\n\nTo login click on this link. http://testbed.3rd-infantry-division.org/cms/admin/ \n\nIt is recommended that you change your password once you login. To do so, click on Account Settings>Change Password.";
-		
-		$sent = mail($email, $subject, $mail_body, $header);
-		if(!$sent){
-			ReportError("Error validating email. This user was not saved.");
-			return;		
-		} 
-				
+
+		EmailPassword($username, $password, $email);
+
 		$db->Query("INSERT INTO `bayonet_users` (`user_id` ,`username` ,`password` ,`lastname` ,`firstname` ,`email` ,`joined` ,`level` ,`all` ,`squadleader` ,`adjutant` ,`quartermaster`) VALUES (NULL, '$username', '$cryptpassword', '$last', '$first', '$email', CURRENT_TIMESTAMP, $level, $all, $squadleader, $adjutant, $quartermaster)");
 									
    		echo "Admin, '$username' level '$level' has been added. An email has been sent to him with his username and password.\n <br /><br /> 
 			Please wait while you are redirected. <br /><br /> 
 			<a href=\"?op=admins\">Click here if you don't feel like waiting.</a>";
-					
+
 	    // 3 second redirect to go back to the edit page
    		PageRedirect(2, "?op=admins");
 	    return;
@@ -158,6 +148,22 @@
 <?php
  }
  
+ function EmailPassword($username, $password, $email)
+ {
+ 		$name = "Bayonet CMS";
+		$subject = "Bayonet CMS Admin Password";
+		$header = "From: ". $name . " < DO NOT RESPOND >\r\n"; //optional headerfields 
+		$mail_body = "Do not respond to this email.\n\n------------------------------\nUsername: ".$username."\nPassword: ".$password."\n------------------------------\n\nTo login click on this link. ".Bayonet_Config::$ini['site']['url']."admin/ \n\nIt is recommended that you change your password once you login. To do so, click on Account Settings>Change Password.";
+
+		$sent = mail($email, $subject, $mail_body, $header);
+		if(!$sent){
+			ReportError("Error validating email. This user was not saved.");
+			return false;		
+		}
+		
+		return true;
+ }
+ 
  function GetPermissions($user = NULL)
  {
  ?>
@@ -217,7 +223,7 @@
     while(strlen($string)<$length) { 
         $string .= substr($possible_charactors, rand()%(strlen($possible_charactors)),1); 
     } 
-    return($string); 
+    return($string);
  }
  
  function EditAdmin($user_id)
@@ -264,7 +270,11 @@
 		Edit the attributes of this administrator.<br />
 		<form method="POST" action="<?php $_SERVER['PHP_SELF']?>">
 		<table>
-			<tr><th>Username:</th><td><input type="text" value="<?php echo $admin['username']; ?>" name="username" /></td></tr>
+			<tr><th>Username:</th><td><input type="text" value="<?php echo $admin['username']; ?>" name="username" />
+		<?php if($maxLevel >= 2): ?>
+			<a href="?op=admins&resetpassword=<?php echo $user_id; ?>"><input type="button" value="Reset Password" /></a>
+		<?php endif; ?>
+			</td></tr>
 			<tr>
 				<th>Level:</th>
 				<td>
@@ -299,8 +309,8 @@
 	global $db;
 	$maxLevel = $_SESSION['level'];
 		  
-	$result = $db->Query("SELECT `username` FROM `bayonet_users` WHERE `user_id` = '$user_id'");
-	$admin = $db->Fetch($result);
+	$result = $db->Query("SELECT `username` FROM `bayonet_users` WHERE `user_id` = '$user_id' LIMIT 1");
+	$admin = $db->FetchRow($result);
 		  
 	if(isset($_POST['proceed']))
 	{
@@ -326,4 +336,49 @@
 	</center>
 	<?php
  }
+ 
+ function ResetPassword($user_id)
+ {
+ 	global $db;
+ 	$result = $db->Query("SELECT `username`, `email` FROM `bayonet_users` WHERE `user_id` = '$user_id' LIMIT 1");
+ 	$admin = $db->FetchRow($result);
+ 	decho($admin);
+ 	
+ 	if(isset($_POST['proceed']))
+ 	{
+ 		$password = GeneratePassword(8);		
+		$cryptpassword = crypt(md5($password),'iamnotadirtywhorebitch');
+		
+		$status = EmailPassword($admin['username'], $password, $admin['email']);
+		
+		if($status)
+		{
+			$db->Query("UPDATE `bayonet_users` SET `password` = '$cryptpassword' WHERE `user_id` = '$user_id' LIMIT 1");
+			echo "Password has been reset and emailed to '{$admin['username']}'";
+ 			PageRedirect(3, "?op=admins");
+		}
+		else
+		{
+			ReportError("An error has occured emailing the new password. It will not take effect.");
+		}
+ 		
+ 		return;
+ 	}
+ 	if(isset($_POST['cancel']))
+ 	{
+ 		echo "The password <b>WILL NOT</b> be reset for '{$admin['username']}'";
+ 		PageRedirect(3, "?op=admins");
+ 		return;
+ 	}
+ 	?>
+	<center>
+	<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
+	<table>
+	<th>Are you SURE you want to reset this user's password: '<?php echo $admin['username']?>'?</th>
+	<tr><th><button name="proceed">Yes</button>&nbsp;&nbsp;&nbsp;<button name="cancel">No</button></th></tr>
+	</table>
+	</form>
+	</center>
+	<?php
+ }
  ?>
\ No newline at end of file
diff --git a/admin/admins/index.php b/admin/admins/index.php
index a2e71e9..87ce2a0 100644
--- a/admin/admins/index.php
+++ b/admin/admins/index.php
@@ -48,6 +48,10 @@ else if(isset($_GET['delete'])){
 else if(isset($_GET['create'])){
   NewAdmin();
 }
+else if(isset($_GET['resetpassword'])){
+  $user_id = $_GET['resetpassword'];
+  ResetPassword($user_id);
+}
 ?>
 	</td>
 	</tr>
diff --git a/admin/index.php b/admin/index.php
index c1da495..3ae793c 100644
--- a/admin/index.php
+++ b/admin/index.php
@@ -21,7 +21,7 @@
 session_start();
 
 define('BAYONET_INCLUDE', '../include');
-define('BAYONET_CONFIG', '../include/config.ini');
+define('BAYONET_CONFIG', '../include/config.php');
 
 include BAYONET_INCLUDE . '/debug.php';
 include BAYONET_INCLUDE . '/sql.class.php';
diff --git a/admin/newsreel/updateDB.php b/admin/newsreel/updateDB.php
index 0e5efda..09516d0 100644
--- a/admin/newsreel/updateDB.php
+++ b/admin/newsreel/updateDB.php
@@ -5,7 +5,7 @@ $dirname = "/path/to/bayonet/here";
 
 define('BAYONET_ROOT', $dirname);
 define('BAYONET_INCLUDE', BAYONET_ROOT . '/include');
-define('BAYONET_CONFIG', BAYONET_ROOT . '/include/config.ini');
+define('BAYONET_CONFIG', BAYONET_ROOT . '/include/config.php');
 
 require BAYONET_INCLUDE . '/debug.php';
 require BAYONET_INCLUDE . '/sql.class.php';
diff --git a/admin/rudi/includes/functions.members.php b/admin/rudi/includes/functions.members.php
index 86848dc..4a93134 100644
--- a/admin/rudi/includes/functions.members.php
+++ b/admin/rudi/includes/functions.members.php
@@ -37,8 +37,13 @@
  	function GetMembersRoles($member_id){
  		global $db;
 	  	$row = NULL;
-		$query = sprintf("SELECT r.role_id, r.name AS role_name FROM rudi_roles AS r LEFT OUTER JOIN rudi_roles_container AS rl USING(role_id) INNER JOIN rudi_unit_members AS rm USING(member_id) WHERE rm.member_id = %d AND r.name IS NOT NULL ORDER BY r.role_id ASC", 
-		(int)$member_id);	
+		$query = sprintf("SELECT r.role_id, r.name AS role_name 
+		                  FROM rudi_roles AS r 
+		                  LEFT OUTER JOIN rudi_roles_container AS rl USING(role_id) 
+		                  INNER JOIN rudi_unit_members AS rm USING(member_id) 
+		                  WHERE rm.member_id = %d 
+		                  AND r.name IS NOT NULL 
+		                  ORDER BY r.role_id ASC", (int)$member_id);	
 	    
 	    $result = $db->Query($query);
 	    $row = $db->Fetch($result);
@@ -299,4 +304,39 @@
 		CloseTable();
 		$form->__destruct(); 	
  	}
+ 	
+ 	
+ 	
+ 	
+ 	function DeleteMember($member_id)
+ 	{
+ 		// FROM unit_members, service_record, award_record FOR member_id
+ 		global $db;
+ 		
+ 		$db->Query("DELETE FROM `rudi_unit_members`, 
+                              `rudi_service_record`, 
+                              `rudi_award_record`, 
+                              `rudi_combat_record`, 
+                              `rudi_drills_record`
+                 USING `rudi_unit_members`
+                       INNER JOIN `rudi_award_record` USING(member_id)
+                       INNER JOIN `rudi_service_record` USING(member_id)
+                       INNER JOIN `rudi_combat_record` USING(member_id)
+                       INNER JOIN `rudi_drills_record` USING(member_id) 
+                 WHERE `member_id` = $member_id");
+ 		decho("DELETE FROM `rudi_unit_members`, 
+                              `rudi_service_record`, 
+                              `rudi_award_record`, 
+                              `rudi_combat_record`, 
+                              `rudi_drills_record`
+                 USING `rudi_unit_members`
+                       INNER JOIN `rudi_award_record` USING(member_id)
+                       INNER JOIN `rudi_service_record` USING(member_id)
+                       INNER JOIN `rudi_combat_record` USING(member_id)
+                       INNER JOIN `rudi_drills_record` USING(member_id) 
+                 WHERE `member_id` = $member_id");
+ 		decho("Done.");
+ 		return;
+ 	}
+ 	
 ?>
\ No newline at end of file
diff --git a/admin/rudi/views/view.awards.add.php b/admin/rudi/views/view.awards.add.php
index 9c97c54..71f6a91 100644
--- a/admin/rudi/views/view.awards.add.php
+++ b/admin/rudi/views/view.awards.add.php
@@ -6,12 +6,13 @@
 		global $db;
 		$name = $form->request['name'];
 		$text = $form->request['text'];
+		decho("INSERT INTO `rudi_awards` SET `class_id` = '$class_id', `name` = '$name', `description` = '$text'");
 		$db->Query("INSERT INTO `rudi_awards` SET `class_id` = '$class_id', `name` = '$name', `image` = '', `description` = '$text'");
 		
-		PageRedirect(1, "?op=rudi&show=awards&cid={$class_id}");
+		PageRedirect(1, "?op=rudi&show=awards&cid=".$class_id);
 		return;		
 	}
-	echo LinkInternal("Cancel","?op=rudi&show=awards&cid={$class_id}");
+	echo LinkInternal("Cancel","?op=rudi&show=awards&cid=".$class_id);
 	OpenTable();
 ?>
 
diff --git a/admin/rudi/views/view.awards.php b/admin/rudi/views/view.awards.php
index 3a5729f..4902577 100644
--- a/admin/rudi/views/view.awards.php
+++ b/admin/rudi/views/view.awards.php
@@ -23,7 +23,7 @@
 				$class_id = $_GET['cid'];
 				$awards = getAwardsByClass($class_id);
 				echo "<h3>Awards</h3>";
-				echo LinkInternal('<img src="images/add.png" />&nbsp;Add New Award','?op=rudi&show=awards&cid={$class_id}&add=true');
+				echo LinkInternal('<img src="images/add.png" />&nbsp;Add New Award','?op=rudi&show=awards&cid='.$class_id.'&add=true');
 				OpenTable();
 				foreach($awards as $award){
 					echo "<tr><td>".$award['name']."</td>
diff --git a/admin/rudi/views/view.members.delete.php b/admin/rudi/views/view.members.delete.php
new file mode 100644
index 0000000..e0adf5e
--- /dev/null
+++ b/admin/rudi/views/view.members.delete.php
@@ -0,0 +1,31 @@
+<?php
+  global $db;
+  
+  $result = $db->Query("SELECT CONCAT(last_name,', ',first_name) AS name FROM `rudi_unit_members` WHERE `member_id` = '$member_id' LIMIT 1");
+  $member = $db->FetchRow($result);
+  $form = new BayonetForm("", "POST");
+  
+  if(isset($_POST['proceed']))
+  {
+    //echo "Soldier '{$member['name']}', was deleted.";
+    ReportError("This is not completed yet.");
+    // DELETE unit_members, service_record, award_record FOR member_id
+    //DeleteMember($member_id);
+    PageRedirect(2, "?op=rudi&show=members");
+    return;
+  }
+  if(isset($_POST['cancel']))
+  {
+    echo "User cancelled deletion of soldier: '{$member['name']}'";
+    PageRedirect(2, "?op=rudi&show=members&profile={$member_id}");
+    return;
+  }
+  
+  OpenTable();
+?>
+  <th>Are you <u>SURE</u> you want to delete soldier: '<?php echo $member['name'];?>'?<br />All records for this soldier will be permenantly removed.</th>
+  <tr><th><button name="proceed">Yes</button>&nbsp;&nbsp;&nbsp;<button name="cancel">No</button></th></tr>
+<?php
+	CloseTable();
+	$form->__destruct();
+?>
\ No newline at end of file
diff --git a/admin/rudi/views/view.members.new.php b/admin/rudi/views/view.members.new.php
index cbc086f..ab309ea 100644
--- a/admin/rudi/views/view.members.new.php
+++ b/admin/rudi/views/view.members.new.php
@@ -1,179 +1,204 @@
-<?php
-		 global $db;
-		 
-		 if(isset($_POST['processed'])){
-		 	
-	 		echo "Please wait while the information is processed...";
-		 	
-		 	$rank_id = $_POST['rank'];
-		 	$country_id = $_POST['country'];
-		 	$status_id = $_POST['status'];
-		 	$role_id = $_POST['role'];
-		 	$unit_id = $_POST['unit'];
-			$weapon_id = $_POST['weapon'];
-		 	$first_name = addslashes($_POST['first']);
-		 	$last_name = addslashes($_POST['last']);
-		 	$username = addslashes($_POST['username']);
-		 	$city = addslashes($_POST['city']);
-		 	$province = addslashes($_POST['province']);
-		 	$primary_mos = addslashes($_POST['primmos']);		 	
-		 	$enlisted = addslashes($_POST['enlist']);
-		 	$promoted = addslashes($_POST['promote']);
-		 	$discharged = addslashes($_POST['discharge']);
-		 	$xfire = addslashes($_POST['xfire']);
-		 	$email = addslashes($_POST['email']);
-		 	$bio = addslashes($_POST['bio']);
-		 	
-		 	//$discharged = empty($discharged) ? NULL : "'{$discharged}'";
-
- 			$query = "INSERT INTO `rudi_unit_members` SET"
-			 		." `rank_id` = '$rank_id',"
-			 		." `country_id` = '$country_id',"
-					." `status_id` = '$status_id',"
-					." `cunit_id` = '$unit_id',"
-					." `weapon_id` = '$weapon_id',"
-					." `username` = '$username',"
-					." `email` = '$email',"
-					." `xfire` = '$xfire',"
-					." `first_name` = '$first_name',"
-					." `last_name` = '$last_name',"
-					." `location_city` = '$city',"
-					." `location_province` = '$province',"
-					." `bio` = '$bio',"
-					." `date_enlisted` = '$enlisted',"
-					." `date_promotion` = '$promoted',"
-					." `primary_mos` = '$primary_mos',";
-			if(empty($discharged))
-				$query = $query." `date_discharged` = null";
-			else
-				$query = $query." `date_discharged` = '$discharged'";	
-			decho($query);
-		 	$db->Query($query);
-		 	
-		 	$member_id = $db->InsertID();
-		 	decho($member_id);
-		 	$db->Query("INSERT INTO `rudi_roles_container` SET `role_id` = '$role_id', `member_id` = '$member_id'");
-		 	
-		 	PageRedirect(1, "?op=rudi&show=members");
-		 	return;		 
-		 } 	
-?>
-		<a href="?op=rudi&show=members">Cancel</a><br />
-		<form method="POST" action="">
-		<table width="100%" style="text-align:center;">
-		<tr><th colspan="2" style="background-color:#c4c4c4;">Personnel File of <?php echo $member['first_name']." ".$member['last_name']; ?></th></tr>
-		<tr><td class="right" width="50%">Rank:</td><td class="left">
-			<select name="rank">
-<?php		$ranks = GetRanks();
-			foreach($ranks as $rank){
-				echo "<option value=\"{$rank['rank_id']}\">{$rank['longname']}</option>";			
-			}
-?>
-			</select>
-		</td></tr>
-		<tr><td class="right">Country:</td><td class="left">
-			<select name="country">
-<?php		$countries = GetCountry();
-			foreach($countries as $country){
-				echo "<option value=\"{$country['country_id']}\">{$country['name']}</option>";			
-			}
-?>
-			</select>
-		</td></tr>
-		</table>
-		<table width="100%" style="text-align:center;">
-		<tr><th colspan="2" style="background-color:#c4c4c4;">Vital Statistics</th></tr>
-		<tr>
-			<td class="right" width="50%">First:</td>
-			<td class="left"><input type="text" name="first" value="" /></td>
-		</tr>
-		<tr>
-			<td class="right">Last:</td>
-			<td class="left"><input type="text" name="last" value="" /></td>
-		</tr>
-		<tr><td class="right">Username:</td><td class="left"><input type="text" name="username" value="" /></td></tr>
-		<tr><td class="right">City:</td><td class="left"><input type="text" name="city" value=""/></td></tr>
-		<tr><td class="right">Province:</td><td class="left"><input type="text" name="province" value="" /></td></tr>
-		<tr><td class="right">Status:</td><td class="left">
-			<select name="status">
-<?php		$statuses = GetStatuses();
-			foreach($statuses as $status){
-				echo "<option value=\"{$status['status_id']}\">{$status['name']}</option>";			
-			}
-?>
-		</select>
-		</td></tr>
-		<tr><td class="right">Primary MOS:</td><td class="left"><input type="text" name="primmos" value="" /></td></tr>
-		<tr>
-			<td class="right">Role:</td>
-			<td class="left">
-			<select name="role">
-<?php
-			$roles = GetRoles();	
-			foreach($roles as $role){
-				echo "<option value=\"{$role['role_id']}\">{$role['name']}</option>";			
-			}
-?>
-				</select>
-			</td>
-		</tr>
-		<tr>
-			<td class="right" style="font-weight:bold;">Unit:</td>
-			<td class="left">
-			<select name="unit">
-		    	<option value="0">N/A</option>
-<?php
-					$result = $db->Query("SELECT `unit_id`, `name` FROM `rudi_combat_units` WHERE `detachment` = 0 ");
-	    			$row = $db->Fetch($result);
-	    			foreach($row as $unit){
-	    				$unit_name = $unit['name'];
-	    				$unit_id = $unit['unit_id'];
-						if($member['cunit_id']==$unit_id)
-	    					echo '<option value="'.$unit_id.'" selected>'.$unit_name.'</option>';
-	       				else
- 							echo '<option value="'.$unit_id.'">'.$unit_name.'</option>';
-						selectUnits($unit_id, 0, $member['cunit_id']);
-					}
-?>
-		    	</select>
-			</td>
-		</tr>
-		<tr><td class="right">Weapons:</td><td class="left">
-			<select name="weapon">
-<?php		$weapons = GetWeapons();
-			foreach($weapons as $weapon){
-				echo "<option value=\"{$weapon['weapon_id']}\">{$weapon['model']}</option>";			
-			}
-?>
-		</select>
-		</td></tr>
-		<tr>
-			<td class="right">Enlisted Date:</td>
-			<td class="left"><input type="text" name="enlist" value="" /></td>
-		</tr>
-		<tr>
-			<td class="right">Promotion Date:</td>
-			<td class="left">
-				<input type="text" name="promote" value="" />
-			</td>
-		</tr>
-		<tr>
-			<td class="right">Discharge Date:</td>
-			<td class="left"><input type="text" name="discharge" value="" /></td>
-		</tr>
-		<tr>	
-			<td class="right">Xfire:</td>
-			<td class="left"><input type="text" name="xfire" value=""/></td>
-		</tr>
-		<tr>
-			<td class="right">E-Mail:</td>
-			<td class="left"><input type="text" name="email" value=""/></td>
-		</tr>
-		</table>
-		<br />
-		<table width="100%" style="text-align:center;">
-		<tr><th colspan="2" style="background-color:#c4c4c4;">Personal Bio</th></tr>
-		<tr><td><textarea rows="7" name="bio" cols="60"></textarea></td></tr>
-		<tr><td colspan="2"><input type="submit" value="Submit" name="processed" /></td>
-		</table>
+<?php
+		 global $db;
+		 
+		 if(isset($_POST['processed'])){
+		 	
+	 		echo "Please wait while the information is processed...";
+		 	
+		 	$rank_id = $_POST['rank'];
+		 	$country_id = $_POST['country'];
+		 	$status_id = $_POST['status'];
+		 	$role_id = $_POST['role'];
+		 	$unit_id = $_POST['unit'];
+			$a2_id = $_POST['a2_id'];
+		 	$oa_id = $_POST['oa_id'];
+			$weapon_id = $_POST['weapon'];
+			$weapon2_id = $_POST['weapon2'];
+		 	$first_name = addslashes($_POST['first']);
+		 	$last_name = addslashes($_POST['last']);
+		 	$username = addslashes($_POST['username']);
+		 	$city = addslashes($_POST['city']);
+		 	$province = addslashes($_POST['province']);
+		 	$primary_mos = addslashes($_POST['primmos']);		 	
+		 	$enlisted = addslashes($_POST['enlist']);
+		 	$promoted = addslashes($_POST['promote']);
+		 	$discharged = addslashes($_POST['discharge']);
+		 	$xfire = addslashes($_POST['xfire']);
+		 	$email = addslashes($_POST['email']);
+		 	$bio = addslashes($_POST['bio']);
+		 	
+		 	//$discharged = empty($discharged) ? NULL : "'{$discharged}'";
+
+ 			$query = "INSERT INTO `rudi_unit_members` SET"
+			 		." `rank_id` = '$rank_id',"
+			 		." `country_id` = '$country_id',"
+			 		." `role_id` = '$role_id', "
+					." `status_id` = '$status_id',"
+					." `cunit_id` = '$unit_id',"
+					." `weapon_id` = '$weapon_id',"
+					." `weapon2_id` = '$weapon2_id',"
+					." `a2_id` = '$a2_id',"
+					." `oa_id` = '$oa_id',"
+					." `username` = '$username',"
+					." `email` = '$email',"
+					." `xfire` = '$xfire',"
+					." `first_name` = '$first_name',"
+					." `last_name` = '$last_name',"
+					." `location_city` = '$city',"
+					." `location_province` = '$province',"
+					." `bio` = '$bio',"
+					." `date_enlisted` = '$enlisted',"
+					." `date_promotion` = '$promoted',"
+					." `primary_mos` = '$primary_mos',";
+			if(empty($discharged))
+				$query = $query." `date_discharged` = null";
+			else
+				$query = $query." `date_discharged` = '$discharged'";	
+			decho($query);
+		 	$db->Query($query);
+		 	
+		 	$member_id = $db->InsertID();
+		 	decho($member_id);
+		 	//$db->Query("INSERT INTO `rudi_roles_container` SET `role_id` = '$role_id', `member_id` = '$member_id'");
+		 	
+		 	PageRedirect(1, "?op=rudi&show=members&profile=$member_id");
+		 	return;		 
+		 } 	
+?>
+		<a href="?op=rudi&show=members">Cancel</a><br />
+		<form method="POST" action="">
+		<table width="100%" style="text-align:center;">
+		<tr><th colspan="2" style="background-color:#c4c4c4;">Personnel File of <?php echo $member['first_name']." ".$member['last_name']; ?></th></tr>
+		<tr><td class="right" width="50%">Rank:</td><td class="left">
+			<select name="rank">
+<?php		$ranks = GetRanks();
+			foreach($ranks as $rank){
+				echo "<option value=\"{$rank['rank_id']}\">{$rank['longname']}</option>";			
+			}
+?>
+			</select>
+		</td></tr>
+		<tr><td class="right">Country:</td><td class="left">
+			<select name="country">
+<?php		$countries = GetCountry();
+			foreach($countries as $country){
+				echo "<option value=\"{$country['country_id']}\">{$country['name']}</option>";			
+			}
+?>
+			</select>
+		</td></tr>
+		<tr><td class="right" width="50%">ArmA2 ID</td><td class="left"><input type="text" name="a2_id" value="<?php echo $member['a2_id']; ?>"/></td></tr>
+		<tr><td class="right" width="50%">ArmA2:OA ID</td><td class="left"><input type="text" name="oa_id" value="<?php echo $member['oa_id']; ?>"/></td></tr>
+		</table>
+		<table width="100%" style="text-align:center;">
+		<tr><th colspan="2" style="background-color:#c4c4c4;">Vital Statistics</th></tr>
+		<tr>
+			<td class="right" width="50%">First:</td>
+			<td class="left"><input type="text" name="first" value="" /></td>
+		</tr>
+		<tr>
+			<td class="right">Last:</td>
+			<td class="left"><input type="text" name="last" value="" /></td>
+		</tr>
+		<tr><td class="right">Username:</td><td class="left"><input type="text" name="username" value="" /></td></tr>
+		<tr><td class="right">City:</td><td class="left"><input type="text" name="city" value=""/></td></tr>
+		<tr><td class="right">Province:</td><td class="left"><input type="text" name="province" value="" /></td></tr>
+		<tr><td class="right">Status:</td><td class="left">
+			<select name="status">
+<?php		$statuses = GetStatuses();
+			foreach($statuses as $status){
+				echo "<option value=\"{$status['status_id']}\">{$status['name']}</option>";			
+			}
+?>
+		</select>
+		</td></tr>
+		<tr><td class="right">Primary MOS:</td><td class="left"><input type="text" name="primmos" value="" /></td></tr>
+		<tr>
+			<td class="right">Role:</td>
+			<td class="left">
+			<select name="role">
+				<option value="0">---SELECT-POSITION---</option>
+<?php
+			$groups = GetRoles();
+			decho($groups);	
+			foreach($groups as $group){	
+				echo "<optgroup label=\"{$group['name']}\">";
+				foreach($group['roles'] as $role){
+					echo "<option value=\"{$role['role_id']}\">{$role['name']}</option>";			
+				}
+				echo "</optgroup>";
+			}
+?>
+				</select>
+			</td>
+		</tr>
+		<tr>
+			<td class="right" style="font-weight:bold;">Unit:</td>
+			<td class="left">
+			<select name="unit">
+		    	<option value="0">N/A</option>
+<?php
+					$result = $db->Query("SELECT `unit_id`, `name` FROM `rudi_combat_units` WHERE `detachment` = 0 ");
+	    			$row = $db->Fetch($result);
+	    			foreach($row as $unit){
+	    				$unit_name = $unit['name'];
+	    				$unit_id = $unit['unit_id'];
+						if($member['cunit_id']==$unit_id)
+	    					echo '<option value="'.$unit_id.'" selected>'.$unit_name.'</option>';
+	       				else
+ 							echo '<option value="'.$unit_id.'">'.$unit_name.'</option>';
+						selectUnits($unit_id, 0, $member['cunit_id']);
+					}
+?>
+		    	</select>
+			</td>
+		</tr>
+		<tr><td class="right">Primary Weapon:</td><td class="left">
+			<select name="weapon">
+<?php		$weapons = GetWeapons();
+			foreach($weapons as $weapon){
+				echo "<option value=\"{$weapon['weapon_id']}\">{$weapon['model']}</option>";			
+			}
+?>
+		</select>
+		</td></tr>
+		<tr><td class="right">Secondary Weapon:</td><td class="left">
+			<select name="weapon2">
+				<option value="0">None</option>
+<?php
+			foreach($weapons as $weapon){
+				echo "<option value=\"{$weapon['weapon_id']}\">{$weapon['model']}</option>";			
+			}
+?>
+		</select>
+		</td></tr>
+		<tr>
+			<td class="right">Enlisted Date:</td>
+			<td class="left"><input type="text" name="enlist" value="" /></td>
+		</tr>
+		<tr>
+			<td class="right">Promotion Date:</td>
+			<td class="left">
+				<input type="text" name="promote" value="" />
+			</td>
+		</tr>
+		<tr>
+			<td class="right">Discharge Date:</td>
+			<td class="left"><input type="text" name="discharge" value="" /></td>
+		</tr>
+		<tr>	
+			<td class="right">Xfire:</td>
+			<td class="left"><input type="text" name="xfire" value=""/></td>
+		</tr>
+		<tr>
+			<td class="right">E-Mail:</td>
+			<td class="left"><input type="text" name="email" value=""/></td>
+		</tr>
+		</table>
+		<br />
+		<table width="100%" style="text-align:center;">
+		<tr><th colspan="2" style="background-color:#c4c4c4;">Personal Bio</th></tr>
+		<tr><td><textarea rows="7" name="bio" cols="60"></textarea></td></tr>
+		<tr><td colspan="2"><input type="submit" value="Submit" name="processed" /></td>
+		</table>
 		</form>
\ No newline at end of file
diff --git a/admin/rudi/views/view.members.php b/admin/rudi/views/view.members.php
index 9013b8e..7aabb89 100644
--- a/admin/rudi/views/view.members.php
+++ b/admin/rudi/views/view.members.php
@@ -1,17 +1,31 @@
 <?php
 		include $basedir.'rudi/includes/functions.members.php';
-		if(isset($_GET['profile'])){
+		if(isset($_GET['profile']))
+		{
 			$member_id = $_GET['profile'];
 			include 'view.members.profile.php';	
-		}else if(isset($_GET['service'])){
+		}
+		else if(isset($_GET['delete']))
+		{
+			$member_id = $_GET['delete'];
+			include 'view.members.delete.php';
+		}
+		else if(isset($_GET['service']))
+		{
 			$member_id = $_GET['service'];
 			include 'view.members.service.php';
-		}else if(isset($_GET['award'])){
+		}
+		else if(isset($_GET['award']))
+		{
 			$member_id = $_GET['award'];
 			include 'view.members.award.php';
-		}else if(isset($_GET['create']) && $_GET['create'] == "soldier"){
+		}
+		else if(isset($_GET['create']) && $_GET['create'] == "soldier")
+		{
 			include 'view.members.new.php';
-		}else{
+		}
+		else
+		{
 					
 			 global $db;
 			 
diff --git a/admin/rudi/views/view.members.profile.php b/admin/rudi/views/view.members.profile.php
index 6355d2e..31bbb2d 100644
--- a/admin/rudi/views/view.members.profile.php
+++ b/admin/rudi/views/view.members.profile.php
@@ -219,7 +219,14 @@
 		<br />
 		<table width="100%" style="text-align:center;">
 		<tr><th colspan="2" style="background-color:#c4c4c4;">Personal Bio</th></tr>
-		<tr><td><textarea rows="7" name="bio" cols="60"><?php echo $member['bio'];?></textarea></td></tr>
-		<tr><td colspan="2"><input type="submit" value="Submit" name="processed" /></td>
+		<tr><td colspan="2"><textarea rows="7" name="bio" cols="60"><?php echo $member['bio'];?></textarea></td></tr>
+		<tr>
+			<td class="right" width="55%"><input type="submit" value="Submit" name="processed" /></td>
+			<td class="right">
+				<a href="?op=rudi&show=members&delete=<?php echo $member_id; ?>">
+					<input type="button" value="Delete Soldier" />
+				</a>
+			</td>
+		</tr>
 		</table>
 		</form>
\ No newline at end of file
-- 
cgit