function process_remove_shift($post, $shift, $day, $time, $frequency)
{
if (!array_key_exists('_submit_remove_shift', $post)) {
return false;
}
$id = $frequency . $day . $time;
if (delete_dbMasterSchedule($id)) {
echo "<br>Deleted " . ucfirst($frequency) . " shift for " . $shift[2] . " (" . do_name($time) . ")<br><br>";
$returnpoint = "viewSchedule.php?frequency=" . $frequency;
echo "<table align=\"center\"><tr><td align=\"center\" width=\"442\">\r\n\t\t\t\t<br><a href=\"" . $returnpoint . "\">\r\n\t\t\t\tBack to Master Schedule</a></td></tr></table>";
add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> deleted a new master schedule shift: <a href=\\"editMasterSchedule.php?' . "day=" . $day . "&shift=" . $shift . "&frequency=" . $frequency . '\\">' . $frequency . " " . $day . " " . $shift . '</a>.');
return true;
}
return false;
}
function update_room_info($currentRoom)
{
// Get the info of the user who is making the update
$user = retrieve_dbPersons($_SESSION['_id']);
$name = $user->get_first_name() . " " . $user->get_last_name();
// Grab all of the variables and sanitize them
$newBeds = sanitize($_POST['beds']);
$newCapacity = sanitize($_POST['capacity']);
$newBath = sanitize($_POST['bath']);
if ($newBath == "Yes") {
$newBath = "y";
} else {
$newBath = "n";
}
$newStatus = sanitize($_POST['status']);
$newRoomNotes = sanitize($_POST['room_notes']);
$newBooking = sanitize($_POST['assign_booking']);
if ($newBooking == "Leave Room Unassigned" || $newBooking == "No") {
// don't update the booking
$newBooking = false;
}
// Now update the current room object.
// Update the booking last
// Note that the room class automatically updates the database
// Only update the status if you're a volunteer or manager
// social workers cannot edit rooms
if ($_SESSION['access_level'] == 1 || $_SESSION['access_level'] == 3) {
// add a log only if the status actually changed
// then update the status
if ($newStatus != $currentRoom->get_status() && $currentRoom->get_status() != "booked") {
$currentRoom->set_status($newStatus);
// Create the log message
$message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has changed the status of <a href='room.php?room=" . $currentRoom->get_room_no() . "'>room " . $currentRoom->get_room_no() . "</a>";
add_log_entry($message);
}
}
// Update everything else only if you're a manager
if ($_SESSION['access_level'] == 3) {
$currentRoom->set_beds($newBeds);
$currentRoom->set_capacity($newCapacity);
$currentRoom->set_bath($newBath);
$currentRoom->set_room_notes($newRoomNotes);
if ($newBooking) {
// Checkout the booking if the option was selected
if ($newBooking == "Yes") {
$currentRoom->set_status("dirty");
//retrieve the booking and check it out
$newBooking = retrieve_dbBookings($currentRoom->get_booking_id());
if ($newBooking) {
$newBooking->check_out(date("y-m-d"));
// Add a log to show that the family was checked out
// Get the info of the primary guest
$pGuest = retrieve_dbPersons($newBooking->get_guest_id());
if ($pGuest) {
$guestName = $pGuest->get_first_name() . " " . $pGuest->get_last_name();
// Create the log message
$message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has checked out <a href='viewPerson.php?id=" . $pGuests[0] . "'>" . $guestName . "</a>";
add_log_entry($message);
}
}
} else {
// retrieve the booking and update it
$newBooking = retrieve_dbBookings($newBooking);
//$newBooking->assign_room($currentRoom->get_room_no());
// Add a log to show that the family was checked in
// Get the info of the primary guest
$pGuest = retrieve_dbPersons($newBooking->get_guest_id());
$guestName = $pGuest->get_first_name() . " " . $pGuest->get_last_name();
// Create the log message
$message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has checked in <a href='viewPerson.php?id=" . $pGuests[0] . "'>" . $guestName . "</a>";
// quick fix: don't add a log if the check in was not successful
if ($newBooking->assign_room($currentRoom->get_room_no(), date('y-m-d'))) {
add_log_entry($message);
}
}
}
}
}
/**
* uses the master schedule to create a new week in dbWeeks and
* 7 new dates in dbDates and new shifts in dbShifts
*
* @param DateTime $date The Sunday that this week starts with
* @return false if the week-creation process fails
*/
function generate_new_week(DateTime $date)
{
// set the group names the format used by master schedule
$weekdays = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"];
$dates = [];
foreach ($weekdays as $day) {
$venue_shifts = get_master_shifts($venue, $day);
/* Each row in the array is an associative array
* of (venue, my_group, day, time, start, end, slots,notes)
*/
$shifts = [];
foreach ($venue_shifts as $venue_shift) {
/** @noinspection PhpUndefinedMethodInspection */
$shifts[] = generate_and_populate_shift($date->format("m-d-y"), $venue, $venue_shift->get_start_time(), $venue_shift->get_end_time(), "");
}
// makes a new date with these shifts
$new_date = new BSCAHdate($date->format("m-d-y"), $shifts, "", "");
// Exits this method if the ID was not properly set in the constructor
if ($new_date->get_id() == null) {
return false;
}
$dates[] = $new_date;
$date->modify("+1 day");
}
// creates a new week from the dates
// Week is set to "archived" if the week has already passed, otherwise is set to "unpublished"
$newweek = new Week($dates, $date->getTimestamp() < time() ? "archived" : "unpublished");
if ($newweek == null) {
return false;
}
$insert_status = insert_dbWeeks($newweek);
add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> generated a new week: <a href=\\"calendar.php?id=' . $newweek->get_id() . '&edit=true\\">' . $newweek->get_name() . '</a>.');
return $insert_status;
}
function process_edit_scl($post)
{
$id = $post['_shiftid'];
$shift = select_dbShifts($id);
$venue = substr($id, 9);
$venue = substr($venue, strlen($venue) - 3);
$scl = select_dbSCL($id);
$persons_old = $scl->get_persons();
$vacancies = $shift->num_vacancies();
$new_acceptances = 0;
for ($i = 0; $i < count($persons_old); ++$i) {
$p_new = [$persons_old[$i][0], $persons_old[$i][1], $persons_old[$i][2], $persons_old[$i][3], $persons_old[$i][4], trim(str_replace(',', ',', str_replace('+', '+', str_replace('\'', '\\\'', htmlentities($post['datecalled_' . $i]))))), trim(str_replace(',', ',', str_replace('+', '+', str_replace('\'', '\\\'', htmlentities($post['notes_' . $i]))))), $post['accepted_' . $i]];
$persons_new[] = $p_new;
if ($post['accepted_' . $i] == "Yes" && $persons_old[$i][7] != "Yes") {
++$new_acceptances;
$accepted_people[] = $i;
}
}
if ($new_acceptances > $vacancies) {
for ($j = 0; $j < count($accepted_people); ++$j) {
if ($j == 0) {
$s = $persons_new[$accepted_people[$j]][1] . " " . $persons_new[$accepted_people[$j]][2];
} else {
if ($j == count($accepted_people) - 1) {
$s = $s . " and " . $persons_new[$accepted_people[$j]][1] . " " . $persons_new[$accepted_people[$j]][2];
} else {
$s = $s . ", " . $persons_new[$accepted_people[$j]][1] . " " . $persons_new[$accepted_people[$j]][2];
}
}
$persons_new[$accepted_people[$j]][7] = "?";
}
if ($vacancies == 1) {
echo "You assigned <b>" . $s . "</b> to this shift, but there is only " . $vacancies . " open slot.<br>\n\t\t\t\t\tPlease assign volunteers again.</p>";
} else {
echo "You assigned <b>" . $s . "</b> to this shift, but there are only " . $vacancies . " open slots.<br>\n\t\t\t\t\tPlease assign volunteers again.</p>";
}
update_sub_call_list($scl, $persons_new, $vacancies, "open");
return $id;
} else {
$p = $shift->get_persons();
for ($j = 0; $j < count($accepted_people); ++$j) {
$s = $persons_new[$accepted_people[$j]][0] . "+" . $persons_new[$accepted_people[$j]][1] . "+" . $persons_new[$accepted_people[$j]][2];
$p[] = $s;
--$vacancies;
$shift->ignore_vacancy();
}
$shift->assign_persons($p);
update_dbShifts($shift);
for ($j = 0; $j < count($accepted_people); ++$j) {
add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> assigned <a href=\\"personEdit.php?id=' . $persons_new[$accepted_people[$j]][0] . '\\">' . $persons_new[$accepted_people[$j]][1] . ' ' . $persons_new[$accepted_people[$j]][2] . '</a> to the shift: <a href=\\"editShift.php?shift=' . $shift->get_id() . '&venue=' . $venue . '\\">' . get_shift_name_from_id($shift->get_id()) . '</a>.');
}
//print_r($shift);
if ($vacancies == 0) {
$status = "closed";
} else {
$status = "open";
}
update_sub_call_list($scl, $persons_new, $vacancies, $status);
}
}
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<?php
add_log_entry();
function add_log_entry()
{
$ip = $_SERVER['REMOTE_ADDR'];
$currenttime = date("D dS M,Y h:i a");
include_once "./db.inc.php";
$db1 = new DB();
$db1->open();
$query1 = "SELECT * from sitelog where userhost = '{$ip}'";
$result1 = $db1->query($query1);
$num_results = $db1->numRows($result1);
if ($num_results > 0) {
include_once "./db.inc.php";
$db2 = new DB();
$db2->open();
$query2 = "UPDATE sitelog set lastupdate = '{$currenttime}' where userhost = '{$ip}'";
$result2 = $db2->query($query2);
} else {
include_once "./db.inc.php";
$db3 = new DB();
$db3->open();
$query3 = "INSERT into sitelog (userhost, lastupdate) VALUES ('{$ip}','{$currenttime}')";
$result3 = $db3->query($query3);
}
}
function get_page($page)
{
include_once "./db.inc.php";
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
// $first_name = str_replace(' ', '_', $first_name);
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
if ($_POST['DateOfBirth_Year'] == "") {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
} else {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
}
$gender = trim(htmlentities($_POST['gender']));
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
$county = trim(htmlentities($_POST['county']));
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
$clean_phone1 = ereg_replace("[^0-9]", "", $phone1);
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = ereg_replace("[^0-9]", "", $phone2);
$email = $_POST['email'];
$contact_preference = $_POST['contact_preference'];
$dateAdded = $_POST['dateadded'];
//Edited out by James Loeffler because these are not included in the new person.php
/* $contact_preference = $_POST['contact_preference'];
$emergency_contact = $_POST['emergency_contact'];
$emergency_phone = trim(str_replace(' ', '', htmlentities($_POST['emergency_phone'])));
$clean_emergency_phone = ereg_replace("[^0-9]", "", $emergency_phone);
$screening_type = $_POST['screening_type'];
if ($screening_type!="") {
$screening = retrieve_dbApplicantScreenings($screening_type);
$step_array = $screening->get_steps();
$step_count = count($step_array);
$date_array = array();
for ($i = 0; $i < $step_count; $i++) {
$date_array[$i] = $_POST['ss_month'][$i] . '-' . $_POST['ss_day'][$i] . '-' . $_POST['ss_year'][$i];
if ($date_array[$i]!="--" && strlen($date_array[$i]) != 8) {
if (strlen($date_array[$i] != 2))
echo('<p>Date of completion for step: "' . $step_array[$i] . '" is in error, please select month, day <i>and</i> year.<br>');
$date_array[$i] = null;
}
}
}
$status = $_POST['status'];
$occupation = $_POST['occupation'];
$refs = $_POST['refs'];
$motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation'])));
$specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties']))); */
$type = $_POST['type'];
// added by James Loeffler
$status = $_POST['status'];
$schedule = $_POST['schedule'];
//concatenate birthday and start_date strings
/* if ($_POST['DateOfBirth_Year'] == "")
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
else
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
if (strlen($birthday) < 8)
$birthday = '';
$start_date = $_POST['DateOfStart_Month'] . '-' . $_POST['DateOfStart_Day'] . '-' . $_POST['DateOfStart_Year'];
if (strlen($start_date) < 8)
$start_date = ''; */
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
$skills = trim(str_replace('\\\'', '\'', htmlentities($_POST['skills'])));
$reason_interested = trim(str_replace('\\\'', '\'', htmlentities($_POST['reason_interested'])));
//password here?
if ($_POST['availability'] != null) {
$availability = implode(',', $_POST['availability']);
} else {
$availability = "";
}
// these two are not visible for editing, so they go in and out unchanged
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if ($_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if ($_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
//edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if ($_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
//edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
/*
$to = '*****@*****.**';
$subject = 'Your Login!';
$message = 'Your Login ID id: XXXXXXXXXXXXX' . "\r\n"
'Your Login Password is: XXXXXXXXXXXXX';
$headers = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
*/
//this is a possible email function template that we can use
echo "<p>Your application has been successfully submitted.<br> You will be recieving an email shortly with your ID and Password soon!";
error_log('The Email has been sent!');
} else {
echo "<p>You have successfully added " . $first_name . " " . $last_name . " to the database.</p>";
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
//Edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
/**
* process_form sanitizes data, concatenates needed data, and enters it all into the database
*/
function process_form($id, $person)
{
// Get the info of the user who is making the update
$user = retrieve_dbPersons($_SESSION['_id']);
$name = $user->get_first_name() . " " . $user->get_last_name();
$first_name = trim(str_replace("'", "\\'", htmlentities(str_replace('&', 'and', $_POST['first_name']))));
$last_name = trim(str_replace("'", "\\'", htmlentities($_POST['last_name'])));
$address = trim(str_replace("'", "\\'", htmlentities($_POST['address'])));
$city = trim(str_replace("'", "\\'", htmlentities($_POST['city'])));
$state = $_POST['state'];
$zip = trim(htmlentities($_POST['zip']));
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
$clean_phone1 = ereg_replace("[^0-9]", "", $phone1);
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = ereg_replace("[^0-9]", "", $phone2);
$email = trim(str_replace("'", "\\'", htmlentities($_POST['email'])));
$patient_name = trim(str_replace("'", "\\'", htmlentities($_POST['patient_name'])));
$patient_birthdate = $_POST['DateOfBirth_Year'] . '-' . $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'];
$patient_relation = trim(str_replace('\\\'', '\'', htmlentities($_POST['patient_relation'])));
$type = implode(',', $_POST['type']);
$prior_bookings = implode(',', $person->get_prior_bookings());
$newperson = new Person($last_name, $first_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $prior_bookings, $patient_name, $patient_birthdate, $patient_relation, "");
if (!retrieve_dbPersons($newperson->get_id())) {
insert_dbPersons($newperson);
return $newperson;
} else {
if ($_POST['deleteMe'] != "DELETE" && $_POST['reset_pass'] != "RESET") {
update_dbPersons($newperson);
return $newperson;
}
}
//step two: try to make the deletion or password change
if ($_POST['deleteMe'] == "DELETE") {
$result = retrieve_dbPersons($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = delete_dbPersons($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = delete_dbPersons($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
// Create the log message
$message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has removed " . $first_name . " " . $last_name . " from the database";
add_log_entry($message);
}
return $person;
} else {
if ($_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
// $result = delete_dbPersons($id);
// $pass = $first_name . $phone1;
$person = new Person($last_name, $first_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, implode(',', $person->get_prior_bookings()), $patient_name, $patient_birthdate, $patient_relation, "");
$result = insert_dbPersons($person);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
// Create the log message
$message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has reset the password for <a href='viewPerson.php?id=" . $id . "'>" . $first_name . " " . $last_name . "</a>";
add_log_entry($message);
}
return $person;
}
}
}
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
if (substr($_POST['date'], 0, 2) == 20) {
$eurodate = explode('-', $_POST['date']);
$eurodate[0] = substr($eurodate[0], 2, 3);
$swapdate = [$eurodate[1], $eurodate[2], $eurodate[0]];
$amerdate = implode('/', $swapdate);
$mm_dd_yy = $amerdate;
} else {
$mm_dd_yy = $_POST['date'];
}
error_log("In process form this is " . $mm_dd_yy);
$address = $_POST['address'];
//trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$name = $_POST['name'];
//trim(htmlentities($_POST['name']));
$type = $_POST['project_type'];
$start_time = $_POST['start_time'];
//ereg_replace("[^0-9]", "", $_POST['start_time']);
$end_time = $_POST['end_time'];
//ereg_replace("[^0-9]", "", $_POST['end_time']);
//$dayOfWeek = trim(htmlentities($_POST['dayOfWeek']));
$vacancies = $_POST['vacancies'];
//ereg_replace("[^0-9]", "", $_POST['vacancies']);
//$persons = trim(htmlentities($_POST['persons']));_log("In process form this is ".$mm_dd_yy);
$age = $_POST['age'];
$id = $_POST['old_id'];
//trim(htmlentities($_POST['old_id']));
$project_description = $_POST['notes'];
//trim(htmlentities($_POST['notes']));
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if ($_POST['deleteMe'] == "DELETE") {
$result = select_dbProjects($id);
if (!$result) {
echo '<p>Unable to delete. ' . $mm_dd_yy . ' is not in the database. <br>Please report this error to the House Manager.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = delete_dbProjects($id);
echo "<p>You have successfully removed " . mm_dd_yy . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = delete_dbProjects($id);
echo "<p>You have successfully removed " . $mm_dd_yy . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
}
// try to add a new project to the database
//else {
if ($_POST['old_id'] == 'new') {
$id = $mm_dd_yy;
//check if there's already an entry
$dup = select_dbProjects($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $mm_dd_yy . ' to the database. <br>Another project with the same name is already there.';
} else {
$newproject = new Project($mm_dd_yy, $address, $type, $name, $start_time, $end_time, $vacancies, $persons, $age, $project_description);
$result = insert_dbProjects($newproject);
$db_date_format = str_replace("/", "-", $mm_dd_yy);
$update = update_dbDates_projects($db_date_format);
if (!$update) {
delete_dbProjects($newproject);
error_log("Project has not been added");
echo "<p class='error'>The week of " . $mm_dd_yy . " must be added to the weekly calendar first. Select the Project Calendar tab and then choose Manage Weeks";
} else {
if ($_SESSION['access_level'] == 0) {
echo "<p>Your application has been successfully submitted.<br> The House Manager will contact you soon. Thank you!";
} else {
echo "<p>You have successfully added " . $newproject->get_id() . " to the database.</p>";
}
}
}
} else {
$id = $_POST['old_id'];
$result = delete_dbProjects($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $mm_dd_yy . '. <br>Please report this error to the House Manager.';
} else {
$newproject = new Project($mm_dd_yy, $address, $name, $start_time, $end_time, $vacancies, $persons, $project_description);
echo '<p>You have successfully edited <a href="' . $path . 'projectEdit.php?id=' . $id . '"><b>' . $mm_dd_yy . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"projectEdit.php?id=' . $id . '\\">' . $mm_dd_yy . ' </a>\'s Project Edit Form has been changed.');
}
}
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id, $person)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
if ($id == "new") {
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
} else {
$first_name = $person->get_first_name();
}
// $first_name = str_replace(' ', '_', $first_name);
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
if ($id == "new") {
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
} else {
$phone1 = $person->get_phone1();
}
$clean_phone1 = mb_ereg_replace("[^0-9]", "", $phone1);
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = mb_ereg_replace("[^0-9]", "", $phone2);
$email = $_POST['email'];
$type = implode(',', $_POST['type']);
if ($_POST['group']) {
$group = implode(',', $_POST['group']);
} else {
$group = "";
}
if ($_POST['role']) {
$role = implode(' ', $_POST['role']);
} else {
$role = "";
}
$status = $_POST['status'];
if ($_POST['availability'] != null) {
$availability = implode(',', $_POST['availability']);
} else {
$availability = "";
}
// these two are not visible for editing, so they go in and out unchanged
$schedule = $_POST['schedule'];
//concatenate birthday and start_date strings
if ($_POST['DateOfBirth_Year'] == "") {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
} else {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
}
if (strlen($birthday) < 8) {
$birthday = '';
}
$start_date = $_POST['DateOfStart_Month'] . '-' . $_POST['DateOfStart_Day'] . '-' . $_POST['DateOfStart_Year'];
if (strlen($start_date) < 8) {
$start_date = '';
}
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if (@$_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the admin.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if (@$_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the Operations Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if (@$_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
$pass = $_POST['old_pass'];
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the Operations Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
echo "<p>Your application has been successfully submitted.<br> An MCHPP staff member will contact you soon. Thank you!";
} else {
echo "<p>You have successfully added " . $first_name . " " . $last_name . " to the database.</p>";
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the Operations Manager.';
} else {
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the Operations Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id, $person)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
if ($person->get_first_name() == "new") {
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
} else {
$first_name = $person->get_first_name();
}
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
$location = $_POST['location'];
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
if ($person->get_first_name() == "new") {
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
$clean_phone1 = preg_replace("/[^0-9]/", "", $phone1);
$phone1type = $_POST['phone1type'];
} else {
$clean_phone1 = $person->get_phone1();
$phone1type = $person->get_phone1type();
}
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = preg_replace("/[^0-9]/", "", $phone2);
$phone2type = $_POST['phone2type'];
$email = $_POST['email'];
$type = implode(',', $_POST['type']);
$screening_type = $_POST['screening_type'];
if ($screening_type != "") {
$screening = retrieve_dbApplicantScreenings($screening_type);
$step_array = $screening->get_steps();
$step_count = count($step_array);
$date_array = array();
for ($i = 0; $i < $step_count; $i++) {
$date_array[$i] = $_POST['screening_status'][$i];
if ($date_array[$i] != "" && $date_array[$i] != "--" && strlen($date_array[$i]) != 8) {
echo '<p>Completion Date for step: "' . $step_array[$i] . '" is in error, please enter mm-dd-yy.<br>';
}
}
$screening_status = implode(',', $date_array);
}
$status = $_POST['status'];
if ($_POST['isstudent'] == "yes") {
$position = "student";
$employer = $_POST['nameofschool'];
} else {
$position = $_POST['position'];
$employer = $_POST['employer'];
}
$credithours = $_POST['credithours'];
$motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation'])));
$specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties'])));
$convictions = $_POST['convictions'];
if (!$_POST['availability']) {
$availability = null;
} else {
$availability = implode(',', $_POST['availability']);
}
// these two are not visible for editing, so they go in and out unchanged
$schedule = $_POST['schedule'];
$hours = $_POST['hours'];
$birthday = $_POST['birthday'];
$start_date = $_POST['start_date'];
$howdidyouhear = $_POST['howdidyouhear'];
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if ($_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if ($_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, "");
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if ($_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, "");
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
echo "<p>Your application has been successfully submitted.<br> The House Manager will contact you soon. Thank you!";
} else {
echo '<p>You have successfully added <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> to the database.</p>';
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, $pass);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
function generate_populate_and_save_new_week($m, $d, $y, $venue)
{
// set the group names the format used by master schedule
$weekdays = array("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun");
$weeksofmonth = array(1 => "1st", 2 => "2nd", 3 => "3rd", 4 => "4th", 5 => "5th");
$day_id = $y . "-" . $m . "-" . $d;
$dates = array();
$daysinmonth = date("t", mktime(0, 0, 0, $m, $d, $y));
foreach ($weekdays as $day) {
$my_date = mktime(0, 0, 0, $m, $d, $y);
$week_of_month = $weeksofmonth[floor(($d - 1) / 7) + 1];
// echo "weekofmonth,day,month,year,daysinmonth= ",$week_of_month.",".$d.",".$m.",".$y.",".$daysinmonth;
$weekno = date("W", $my_date);
if (date("Y", $my_date) % 2 == 0) {
// even years start at week 0 so that can't get 2 odds in a riw
$weekno--;
}
if ($weekno % 2 == 1) {
$week_of_year = "odd";
} else {
$week_of_year = "even";
}
$month_num = date("m", $my_date);
$venue_shifts1 = get_master_shifts($venue, $week_of_month, $day);
$venue_shifts2 = get_master_shifts($venue, $week_of_year, $day);
$venue_shifts = array_merge($venue_shifts1, $venue_shifts2);
/* Each row in the array is an associative array
* of (venue, my_group, day, time, start, end, slots, persons, notes)
* and persons is a comma-separated string of ids, like "alex2077291234"
*/
$shifts = array();
if (sizeof($venue_shifts) > 0) {
foreach ($venue_shifts as $venue_shift) {
$shifts[] = generate_and_populate_shift($day_id, $venue, $week_of_month, $week_of_year, $day, $venue_shift->get_hours(), "");
}
}
// makes a new date with these shifts
$new_date = new RMHdate($day_id, $venue, $shifts, "");
$dates[] = $new_date;
$d++;
if ($d > $daysinmonth) {
$d = 1;
if ($m == 12) {
$m = 1;
$y++;
} else {
$m++;
}
}
$day_id = date("y-m-d", mktime(0, 0, 0, $m, $d, $y));
}
// creates a new week from the dates
$newweek = new Week($dates, $venue, "unpublished");
insert_dbWeeks($newweek);
add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> generated a new week: <a href=\\"calendar.php?id=' . $newweek->get_id() . '&edit=true\\">' . $newweek->get_name() . '</a>.');
}
if ($month->get_status() == "published") {
$month->set_status("unpublished");
}
}
update_monthstatus($month);
add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> ' . $month->get_status() . ' the month of <a href=\\"calendar.php?id=' . $month->get_id() . '&edit=true&group=' . $_SESSION['mygroup'] . '\\">' . $month->get_name() . '</a>.');
echo "<p>Month \"" . $month->get_name() . "\" " . $month->get_status() . ".<br>";
include 'addMonth.inc';
} else {
if ($_GET['remove'] && $_SESSION['access_level'] >= 2) {
$id = $_GET['monthid'];
$month = retrieve_dbMonths($id);
if ($month) {
if ($month->get_status() == "unpublished" || $month->get_status() == "archived") {
delete_dbMonths($month);
add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> removed the month of <a href=\\"calendar.php?id=' . $month->get_id() . '&edit=true&group=' . $_SESSION['mygroup'] . '\\">' . $month->get_name() . '</a>.');
echo "<p>Month \"" . $month->get_name() . "\" removed.<br>";
} else {
echo "<p>Month \"" . $month->get_name() . "\" is published, so it cannot be removed.<br>";
}
include 'addMonth.inc';
}
} else {
if (!array_key_exists('_submit_check_newmonth', $_POST)) {
include 'addMonth.inc';
} else {
$month_id = $_POST['_new_month_timestamp'];
// add the newe month to the database and refresh the view
newMonth($month_id);
include 'addMonth.inc';
}
/**
* process_form gathers data and enters it into a database
*/
function process_form($oldScreening)
{
//step one: gather data.
$oldType = $_POST['_old_type'];
if ($_POST['_form_type'] == "new") {
$creator = $_SESSION['_id'];
} else {
$creator = $oldScreening->get_creator();
}
$steps = [];
// reset steps array
if (isset($_POST['steps'])) {
foreach ($_POST['steps'] as $step) {
$steps[] = $step;
}
} else {
$steps = $oldScreening->get_steps();
}
$type = $_POST['new_type'];
foreach ($steps as $key => $value) {
if (empty($value)) {
unset($steps[$key]);
}
}
$steps = implode(',', $steps);
// set published variable
if ($_POST['Status'] == "published") {
$newstatus = "published";
} else {
$newstatus = "unpublished";
}
$status = $newstatus;
if (empty($type)) {
$type = $oldType;
// keeps "new" screening free from predefined steps and status
if ($type == "new") {
$steps = null;
$status = "unpublished";
}
}
//used to put together url for return to screenings link
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to delete, add new, or replace
if ($_POST['deleteMe'] == "DELETE") {
$result = retrieve_dbApplicantScreenings($type);
if (!$result) {
echo '<p>Unable to delete. ' . $type . ' is not in the screenings database. To delete ' . $oldType . ',
try to delete again but do not rename screening type.';
} else {
$result = delete_dbApplicantScreenings($type);
echo "<p>You have successfully removed " . $type . " from the screnings database.</p>";
echo '<p><a href="' . $path . 'viewScreenings.php?type=' . $type . '"><b>click here</b> to
return to applicant screenings.</a><br><br></p>';
add_log_entry('ApplicantScreening type <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\'
has been deleted.');
}
} else {
if ($_POST['_form_type'] == "new") {
if ($_POST['$type_s']) {
$dup = retrieve_dbApplicantScreenings($type);
}
if ($dup) {
echo '<p class="error">Unable to add new screening type: ' . $type . ' to the screenings database. <br>
Another screening with the same type is already there.';
} else {
$screening = new ApplicantScreening($type, $creator, $steps, $status);
$result = insert_dbApplicantScreenings($screening);
if (!$result) {
echo '<p class="error">Unable to add ' . $type . ' in the screenings database. <br>
Please report this error to the House Manager.';
} else {
echo "<p>You have successfully added '{$type}' to the screenings database.</p>";
}
echo '<p>click <a href="' . $path . 'viewScreenings.php?type=' . $type . '">here</a> to
return to applicant screenings.<br><br></p>';
add_log_entry('ApplicantScreening process <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\'
has been added.');
}
} else {
$result = delete_dbApplicantScreenings($oldType);
if (!$result) {
echo '<p class="error">Unable to update ' . $oldType . ' as ' . $type;
} else {
$newscreening = new ApplicantScreening($type, $creator, $steps, $status);
$result = insert_dbApplicantScreenings($newscreening);
if (!$result) {
echo '<p class="error">Unable to update ' . $type . ' in the screenings database. <br>
Please report this error to the House Manager.';
} else {
echo '<p>You have successfully edited "' . $type . '" in the screenings database.</p>';
}
echo '<p><a href="' . $path . 'viewScreenings.php?type=' . $type . '"><b>click here</b> to
return to applicant screenings.</a><br><br></p>';
add_log_entry('ApplicantScreening process <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\'
has been changed.');
}
}
}
//if (retrieve_dbApplicantScreenings("new")!= null)
// delete_dbApplicantScreenings("new");
}
include 'autofillReferralForm.inc';
}
// now process the form that has been submitted
if ($_POST['submit'] == 'Submit') {
// check for errors
include 'bookingValidate.inc';
$errors = validate_form();
if ($errors) {
show_errors($errors);
} else {
$primaryGuest = process_form();
$tempBooking = build_POST_booking($primaryGuest, $referralid);
echo "Thank you, your referral form has been submitted for review by the House Manager.";
// Create the log message
$message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $user_name . "</a>" . " has added a referral for <a href='viewPerson.php?id=" . $primaryGuest->get_id() . "'>" . $primaryGuest->get_first_name() . " " . $primaryGuest->get_last_name() . "</a>";
add_log_entry($message);
}
}
include_once "footer.inc";
?>
</div>
</div>
</body>
</html>
<?php
// sanitize the primary guest data and reconcile with dbPersons
function process_form()
{
$first_name = trim(str_replace("'", "\\'", htmlentities(str_replace('&', 'and', $_POST['first_name_1']))));
$last_name = trim(str_replace("'", "\\'", htmlentities($_POST['last_name_1'])));
function process_remove_shift($post, $msentry, $group, $day, $time, $venue)
{
if (!array_key_exists('_submit_remove_shift', $post)) {
return false;
}
if ($msentry->get_id()) {
if (delete_dbMasterSchedule($msentry->get_id())) {
// the next 3 lines are a 1-time cleanup for the database and should be removed
if (substr($msentry->get_id(), 4) == "Sat:9-5:bangor") {
delete_dbMasterSchedule(substr($msentry->get_id(), 0, 4) . "Sat:9-9:bangor");
delete_dbMasterSchedule("1st:Sat:10-1:bangor");
}
echo "<br>Removed a master schedule shift <br><br>";
$returnpoint = "viewSchedule.php?venue=" . $venue;
echo "<table align=\"center\"><tr><td align=\"center\" width=\"442\">\n\t\t\t\t\t\t\t\t\t<a href=\"" . $returnpoint . "\">\n\t\t\t\t\t\t\t\t\tBack to Master Schedule</a></td></tr></table>";
add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> deleted a new master schedule shift: <a href=\\"editMasterSchedule.php?group=' . $group . "&day=" . $day . "&shift=" . $time . "&venue=" . $venue . '\\">' . $group . ":" . $day . ":" . $time . ":" . $venue . '</a>.');
return true;
}
}
return false;
}
