} if (strlen($_POST['location']) > 0) { $location = $_POST['location']; } else { $location = NULL; } $status = 'pending'; function validate() { if (strlen($_POST['title']) > 0 && ($_POST['year'] != -1 || $_POST['month'] != -1 || $_POST['day'] != -1) && strlen($_POST['name']) > 0) { return true; } else { return false; } } if (validate() && email_validation($email)) { $sql = mysql_query("INSERT INTO \r\n\t\t\t\t\t\t\t\tevents (\r\n\t\t\t\t\t\t\t\t\t\tID, \r\n\t\t\t\t\t\t\t\t\t\ttitle, \r\n\t\t\t\t\t\t\t\t\t\tdescription, \r\n\t\t\t\t\t\t\t\t\t\tdate, \r\n\t\t\t\t\t\t\t\t\t\ttime, \r\n\t\t\t\t\t\t\t\t\t\tlocation, \r\n\t\t\t\t\t\t\t\t\t\tstatus\r\n\t\t\t\t\t\t\t\t\t\t) \r\n\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\tNULL, \r\n\t\t\t\t\t\t\t\t\t\t'{$title}', \r\n\t\t\t\t\t\t\t\t\t\t'{$description}', \r\n\t\t\t\t\t\t\t\t\t\t'{$date}', \r\n\t\t\t\t\t\t\t\t\t\t'{$time}', \r\n\t\t\t\t\t\t\t\t\t\t'{$location}', \r\n\t\t\t\t\t\t\t\t\t\t'{$status}'\r\n\t\t\t\t\t\t\t\t\t\t)"); if (mysql_affected_rows($conn) > 0) { $success_message = "Your request has been added successfully"; } echo '<span class="green_message">' . $success_message . '</span>'; // send the confirmation email $email_to = $email; $email_bcc = ""; $email_subject = "News/event request confirmation"; $email_from = '"EES"' . '<*****@*****.**>'; $email_message = ""; $email_message .= "<p style='font-size:16px; color:#003300; text-shadow:1px 1px 1px #E3FFE3'>"; $email_message .= "Your news/event request has been succussfully added. A moderator will approve your request shortly." . "</p><br />"; sendEmail($email_from, $email_to, $email_subject, $email_message, $email_bcc); //send an email to the moderator
$transportLimit = TRUE; } elseif ($_POST['desiredTransportation'] == 2 && $ccCount >= 6) { $transportLimit = TRUE; } // duplicate entries $dups = FALSE; $sqlSID = "SELECT * FROM fieldtrippeople"; $resultsSID = mysql_query($sqlSID); while ($row = mysql_fetch_array($resultsSID)) { if (strtolower(trim($row['email'])) == strtolower(trim($_POST['email']))) { $dups = TRUE; $errorDuplicates = "The record already exists. Please check your inbox for the confirmation email."; } } // error checking if ($_POST['datePreffered'] == -1 || $_POST['desiredTransportation'] == -1 || strlen($_POST['sID']) == 0 || !is_numeric($_POST['sID']) || strlen($_POST['sID']) != 10 || strlen($_POST['firstName']) == 0 || strlen($_POST['lastName']) == 0 || $_POST['labSection'] == -1 || strlen($_POST['email']) == 0 || !email_validation($_POST['email']) || !uta_email_validation($_POST['email']) || $transportLimit == TRUE || $dups == TRUE) { $errors = TRUE; } else { $errors = FALSE; } if (!$errors) { $datePreffered = $_POST['datePreffered']; $prefferedTransportation = $_POST['desiredTransportation']; $studentID = $_POST['sID']; $firstName = $_POST['firstName']; $lastName = $_POST['lastName']; $labSection = $_POST['labSection']; $email = $_POST['email']; $status = 'pending'; $rand = strtolower(substr($firstName, 0, 1)) . strtolower(substr($lastName, 0, 1)) . rand(100000, 999999); $sql = "INSERT INTO \r\n\t\t\t\t\t\t\t\tfieldtrippeople (\r\n\t\t\t\t\t\t\t\t\t\tID, \r\n\t\t\t\t\t\t\t\t\t\tfirstName, \r\n\t\t\t\t\t\t\t\t\t\tlastName, \r\n\t\t\t\t\t\t\t\t\t\teid, \r\n\t\t\t\t\t\t\t\t\t\tdatePreffered, \r\n\t\t\t\t\t\t\t\t\t\ttransportation,\r\n\t\t\t\t\t\t\t\t\t\tsection,\r\n\t\t\t\t\t\t\t\t\t\tdateSigned,\r\n\t\t\t\t\t\t\t\t\t\temail,\r\n\t\t\t\t\t\t\t\t\t\tstatus,\r\n\t\t\t\t\t\t\t\t\t\trand\r\n\t\t\t\t\t\t\t\t\t\t) \r\n\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\tNULL, \r\n\t\t\t\t\t\t\t\t\t\t'{$firstName}', \t\r\n\t\t\t\t\t\t\t\t\t\t'{$lastName}', \r\n\t\t\t\t\t\t\t\t\t\t'{$studentID}',\r\n\t\t\t\t\t\t\t\t\t\t'{$datePreffered}', \r\n\t\t\t\t\t\t\t\t\t\t'{$prefferedTransportation}', \r\n\t\t\t\t\t\t\t\t\t\t'{$labSection}',\r\n\t\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t\t'{$email}',\r\n\t\t\t\t\t\t\t\t\t\t'{$status}',\r\n\t\t\t\t\t\t\t\t\t\t'{$rand}'\r\n\t\t\t\t\t\t\t\t\t\t)";
if (isset($_POST['comments'])) { $comments = $_POST['comments']; } // if (isset($_POST['submit_event'])) { $errors = TRUE; if (strlen($_POST['name']) == 0) { $errorName = "required"; $errors = TRUE; } else { $errors = FALSE; } if (strlen($_POST['email']) == 0) { $errorEmail = "required"; $errors = TRUE; } elseif (!email_validation($_POST['email'])) { $errorEmail = "invalid email address"; $errors = TRUE; } else { $errors = FALSE; } if (strlen($_POST['title']) == 0) { $errorTitle = "required"; $errors = TRUE; } else { $errors = FALSE; } if ($_POST['dateRadio'] == 'oneDay') { if ($_POST['month'] == -1 || $_POST['day'] == -1 || $_POST['year'] == -1) { $errorDate = "invalid date"; $errors = TRUE;
if (strlen($_POST['firstName']) == 0) { $errorFN = " required"; $errors = 1; } else { $errors = 0; } if (strlen($_POST['lastName']) == 0) { $errorLN = " required"; $errors = 1; } else { $errors = 0; } if (strlen($_POST['emailAddress']) == 0) { $errorEmail = " required"; $errors = 1; } elseif (!email_validation($_POST['emailAddress'])) { $errorEmail = " Invalid email address"; $errors = 1; } else { $errors = 0; } if (strlen($_POST['comments']) == 0) { $errorComments = " required"; $errors = 1; } else { $errors = 0; } $firstName = $_POST['firstName']; $lastName = $_POST['lastName']; $email = $_POST['emailAddress']; $telephone = $_POST['telephone'];
} else { redirect_to("error.php?errors=" . urlencode(implode(",", $errors))); } } //updating email if ($_POST['submit'] == "Update Email") { connect_to_database(); select_database(); $user_id = $_SESSION['user_id']; $email = mysql_prep($_POST['email']); $current_email = get_value_from_db("users", "email", "user_id", $user_id); $errors = array(); if ($current_email == $email) { redirect_to("message.php?message=No changes made."); } foreach (email_validation($email) as $error) { $errors[] = $error; } //checks if email is already in the database if (get_num_rows("users", "email", $email, true) != 0) { $errors[] = "Email already used by another member."; } if (empty($errors)) { $query = " UPDATE users"; $query .= " SET email='{$email}'"; $query .= " WHERE user_id='{$user_id}' "; $result = mysql_query($query, $connection); if (!$result) { die("Error executing query: " . mysql_error()); } else { close_connection($connection);