//////////////////////////////////
if ($_POST["staff_id"] == "") {
$record->insertRecord();
$ok_record_id = $record->getRecordId();
} else {
$record->updateRecord("brief");
}
// Show feedback
$feedback = $record->getMessage();
// See query?
//$record->deBug();
} else {
/////////////////////
// Start the record display
////////////////////
$record = new Staff($ok_record_id, '', TRUE);
// show feedback if it isn't already set
if (!$feedback) {
$feedback = $record->getMessage();
}
echo "<div class=\"feedback\">{$feedback}</div><br /><br />";
}
$record->outputSelfEditForm();
//$record->deBug();
include "../includes/footer.php";
?>
<script type="text/javascript">
var headshot_location = "<?php
print $record->getHeadshotLoc();
// make sure there's a record_id
if ($ok_record_id != "") {
// do the delete
$record = new Staff($ok_record_id, "delete", TRUE);
$record->deleteRecord();
//$record->deBug();
// Show feedback
$feedback = $record->getMessage();
// Make form empty
} else {
$feedback = _("There is no record by that ID.");
}
}
if (isset($_POST["submit_record"])) {
// Submit form
$record = new Staff($_POST["staff_id"], "post", TRUE);
//////////////////////////////////
// Is this an insert or an update?
//////////////////////////////////
if ($_POST["staff_id"] == "") {
$record->insertRecord();
$ok_record_id = $record->getRecordId();
} else {
$record->updateRecord();
}
// Show feedback
$feedback = $record->getMessage();
// See query?
// $record->deBug();
}
/////////////////////
exit;
}
if (is_numeric($_REQUEST["staff_id"])) {
$staff_id = $_REQUEST["staff_id"];
} else {
print _("Perhaps you have come here by a funny path?");
exit;
}
/// Create our record
$record = new Staff($staff_id);
$staff_name = $record->getFullName();
// See if a password has been submitted
if (isset($_POST['add_bio'])) {
$p_result = $record->updateBio($_POST["bio"]);
if ($p_result) {
$feedback = "<div class=\"feedback\">" . _("Bio updated. Close window to continue.") . "</div><br />";
} else {
$feedback = "<div class=\"feedback\">" . _("There was a problem. Contact the admin.") . "</div><br />";
}
/// Create our record again
$record = new Staff($staff_id);
$staff_name = $record->getFullName();
} else {
$feedback = "";
}
print "{$feedback}\n<div id=\"maincontent\">\n<h2 class=\"bw_head\">" . _("Update Biography for ") . " {$staff_name}</h2>\n<form id=\"bio_form\" action=\"\" method=\"post\">\n<input type=\"hidden\" name=\"staff_id\" value=\"" . $_REQUEST["staff_id"] . "\" />\n<div class=\"box no_overflow\">\n<p>" . _("Please only include professional details.") . "</p><br />";
// Create our box now
$record->outputBioForm();
print "</div>\n <div class=\"box no_overflow\">\n <button class=\"button\" id=\"add_bio\" name=\"add_bio\">" . _("Update Bio") . "</button>\n </div>\n </form>\n </div>";
include "../includes/footer.php";
//$record->deBug();
include "../includes/header.php";
// Connect to database
// Make sure they have permission to change a password
// needs to be either theirs, or they're an admin
if ($_REQUEST["staff_id"] != $_SESSION["staff_id"] && $_SESSION["admin"] != "1") {
echo "<p>" . _("You are not authorized to view this.") . "</p>";
exit;
}
if (is_numeric($_REQUEST["staff_id"])) {
$staff_id = $_REQUEST["staff_id"];
} else {
print _("Perhaps you have come here by a funny path?");
exit;
}
/// Create our record
$record = new Staff($staff_id);
// Generate form box
$password_box = $record->outputPasswordForm();
$staff_name = $record->getFullName();
// See if a password has been submitted
if (isset($_POST['action']) && $_POST['action'] == 'password') {
if ($_POST["password"] != "") {
if ($record->correctPassword($_POST['password'])) {
$pass_result = $record->updatePassword($_POST["password"]);
if ($pass_result == TRUE) {
$feedback = "<div class=\"box\">" . _("Password updated. Close this box to continue.") . "</div>";
$password_box = "";
} else {
$feedback = "<div class=\"box\">" . _("There was a problem. Contact the admin.") . "</div>";
}
} else {
<?php
/**
* @file index.php
* @brief Splash page for admin (after successful login)
*
* @author adarby
* @date May 2011
*/
use SubjectsPlus\Control\Staff;
$page_title = "SubjectsPlus";
$subcat = "home";
include __DIR__ . '/includes/header.php';
$full_name = $_SESSION["fname"] . " " . $_SESSION["lname"];
$recent_activity = seeRecentChanges($_SESSION["staff_id"]);
$user = new Staff($_SESSION["staff_id"]);
$headshot = $user->getHeadshot($_SESSION["email"], "medium");
//////////////
//Permissions
//////////////
$mod_bio = "";
$mod_photo = "";
$view_contact_info = "";
if ($_SESSION['user_type_id'] == '1') {
// allow user to update their own bio?
if (isset($user_bio_update) && $user_bio_update == TRUE) {
$mod_bio = "<p class=\"tight\"><img src=\"{$IconPath}/required.png\" class=\"bullet\" alt=\"bullet\" /> <a href=\"includes/set_bio.php?staff_id=" . $_SESSION['staff_id'] . "\" class=\"showsmall\">Update Your Biographical Details</a></p>";
}
// allow user to update their own photo?
if (isset($user_photo_update) && $user_photo_update == TRUE) {
$mod_photo = "<p class=\"tight\"><img src=\"{$IconPath}/required.png\" class=\"bullet\" alt=\"bullet\" /> <a href=\"includes/set_picture.php?staff_id=" . $_SESSION['staff_id'] . "\" id=\"load_photo\">Update Headshot</a></p>";
} else {
$lobjTodayDate = new DateTime();
//The code is a hased string composed of the user's email, installation's salt, and today's date MMDDYYYY
$lstrCode = md5($lobjStaff->getEmail() . $salt . $lobjTodayDate->format('mdY'));
$lstrMessage = "Hello {$lobjStaff->getFullName()},\n\nHere is the link to reset your password. Link only works for three days. {$BaseURL}control/forgotpassword.php?id={$lobjStaff->getRecordID()}&code={$lstrCode}";
mail($lobjStaff->getEmail(), 'Reset password for SubjectsPlus', $lstrMessage, "From: {$administrator_email}");
$introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br /><strong>" . _("An email has been sent to reset your password. Please click the link in the email and follow the instructions.") . "</strong></p>";
}
} else {
$lobjStaff = new Staff();
$introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br />" . _("Please enter your <strong>email</strong> so we can email you a link to reset your password.") . "</p>";
$lstrForm = $lobjStaff->outputEmailForm();
}
} else {
$_SESSION['staff_id'] = $_GET['id'];
$lobjStaff = new Staff($_GET['id']);
if (isset($_POST['password'])) {
if ($lobjStaff->correctPassword($_POST['password'])) {
if ($_POST['password'] == $_POST['password_confirm']) {
$lobjStaff->updatePassword(trim($_POST['password']));
$introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br />" . _("Password has been updated.") . "</p>";
$introtext .= '<br><p align="center"><a href="login.php">Login</a></p>';
} else {
$introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br /><span style=\"background-color:yellow;\">" . _("Passwords did not match.") . "</span><br />" . _("Please enter your new password.") . "<br /><strong>" . _("Password must have at least one letter, one number, one special character, and be at least 6 characters long.") . "</strong></p>";
$lstrForm = $lobjStaff->outputResetPasswordForm();
}
} else {
$introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br /><span style=\"background-color:yellow;\">" . _("Password doesn't meet requirements.") . "</span><br />" . _("Please enter your new password.") . "<br /><strong>" . _("Password must have at least one letter, one number, one special character, and be at least 6 characters long.") . "</strong></p>";
$lstrForm = $lobjStaff->outputResetPasswordForm();
}
} else {
