function SetTags($id, $Tags, $TagsType, $conn)
{
    sanitizeIn($id);
    if ($TagsType === 'Feedback') {
        $TABLE = 'FeedbackTags';
        $ID_COL = 'FeedbackID';
    } else {
        if ($TagsType === 'Subscriptions') {
            $TABLE = 'Subscriptions';
            $ID_COL = 'UserID';
        } else {
            return;
        }
    }
    //TODO: check that each tag is valid
    $sql = "INSERT INTO `" . $TABLE . "` (`" . $ID_COL . "`, `TName`) VALUES ";
    foreach ($Tags as $Tag) {
        sanitizeIn($Tag);
        $sql = $sql . "('" . $id . "', '" . $Tag . "'), ";
    }
    $conn->query("START TRANSACTION");
    $del = CheckedQuery("DELETE FROM `" . $TABLE . "` WHERE `" . $ID_COL . "`='" . $id . "'", $conn);
    //delete all existing tags (if any)
    if (count($Tags) == 0) {
        $success = true;
    } else {
        $success = CheckedQuery(substr($sql, 0, -2), $conn);
    }
    if ($success) {
        $conn->query("COMMIT");
    } else {
        $conn->query("ROLLBACK");
    }
    return $del && $success;
}
function onSigninPost()
{
    ///first, see if this page is responding to a login attempt
    $email = $_POST["Email"];
    $password = $_POST["Password"];
    if (empty($email) || empty($password)) {
        return;
        //if not, quit
    }
    sanitizeIn($email);
    sanitizeIn($password);
    ///if we are dealing with a real login attempt, setup the session state
    $user = getUser();
    ///then (finally) try to log in, and print success or failure to the screen
    if ($user->tryLogin($email, $password)) {
        $data = $user->getData();
        //redirect to the previous page, IFF it is in our website (TODO: can they use an @ or similar?)
        if (startsWith($_POST["referer"], WEBSITE_LOCATION)) {
            $_SESSION['Header'] = '<meta http-equiv="refresh" content="0; ' . $_POST["referer"] . '" />';
        }
        $_SESSION['OnLoginMessage'] = "<h6><center>Welcome, " . sanitizeOut($data['FirstName']) . " " . sanitizeOut($data['LastName']) . "!</center></h6>";
        $_SESSION['user'] = $user;
        //because I'm pretty sure $user isn't passed-by-reference
    } else {
        $_SESSION['OnLoginMessage'] = "<h6><center>Email or Password incorrect.</center></h6>";
    }
}
function setTagPrmpt($category, $tag, $prompt)
{
    sanitizeIn($category);
    sanitizeIn($tag);
    sanitizeIn($prompt);
    $conn = connectToDB();
    $sql = "UPDATE `Tags` SET TEntryAdvice='" . $prompt . "' WHERE CName='" . $cat . "' AND TName='" . $tag . "'";
    CheckedQuery($sql, $conn);
    $conn->close();
}
function setProfile($id, $FirstName, $MiddleName, $LastName, $Email, $Website, $Address, $Phone)
{
    sanitizeIn($FirstName);
    sanitizeIn($MiddleName);
    sanitizeIn($LastName);
    sanitizeIn($Email);
    sanitizeIn($Website);
    sanitizeIn($Address);
    sanitizeIn($Phone);
    $conn = connectToDB();
    $sql = "UPDATE `Users` SET FirstName='" . $FirstName . "', MiddleName='" . $MiddleName . "', LastName='" . $LastName . "', EmailAddress='" . $Email . "', Website='" . $Website . "', MailingAddress='" . $Address . "', Phone='" . $Phone . "' WHERE UserID=" . $id;
    CheckedQuery($sql, $conn);
    $conn->close();
}
function leaveFeedback($Feedback, $Tags, $Anon)
{
    $user = getUser();
    if (!$user->isStudent()) {
        //TODO: log
        die("Cannot leave feedback as a non-student. :P");
        //TODO: this doesn't seem to display to the screen...
    }
    //TODO: feedbacks per time
    sanitizeIn($Feedback);
    $conn = connectToDB();
    //NB: Anonymous value (0/1) MUST NOT BE QUOTED
    $id = CheckedQueryAndGetID("INSERT INTO `Feedbacks` (`UserID`, `Text`, `Anonymous`, `Edited`) VALUES ('" . $user->userID . "', '" . $Feedback . "', " . $Anon . ", NOW())", $conn);
    //Now apply any tags to the feedback
    if (isset($id) && count($Tags) != 0) {
        SetTags($id, $Tags, "Feedback", $conn);
    }
    $conn->close();
}
function onChangeEmailPost()
{
    $email = $_POST["Email"];
    $code = $_POST["Code"];
    $password = $_POST["Password"];
    sanitizeIn($email);
    sanitizeIn($code);
    sanitizeIn($password);
    if (empty($email)) {
        return;
    }
    if (empty($code) || empty($password)) {
        changeEmailMessage();
        return;
    }
    return;
}
 function makeDegreesSQL($id)
 {
     //remove whitespace, then remove empty
     trimAll($this->Majors);
     trimAll($this->Minors);
     $this->Majors = array_filter($this->Majors);
     $this->Minors = array_filter($this->Minors);
     if (count($this->Majors) + count($this->Minors) == 0) {
         return "";
     }
     //TODO: I think this is only supposed to add degrees that exist in the Degrees table...
     $sql = "INSERT INTO `UserDegrees` (UserID, DegName, IsMajor) VALUES ";
     foreach ($this->Majors as $deg) {
         sanitizeIn($deg);
         //TODO: checkme!!! Does this work properly?
         $sql = $sql . "('" . $id . "', '" . $deg . "', 1), ";
     }
     foreach ($this->Minors as $deg) {
         sanitizeIn($deg);
         //TODO: checkme!!! Does this work properly?
         $sql = $sql . "('" . $id . "', '" . $deg . "', 0), ";
     }
     return substr($sql, 0, -2);
 }