function requestRecommendation($user_id, $author, $email, $message)
{
if (!checkLock("peer")) {
return 6;
}
$config = $GLOBALS['config'];
$user_id = escape($user_id);
$author = escape($author);
$email = escape($email);
if (!validEmail($email)) {
return 1;
}
if (strlen($author) <= 3) {
return 2;
}
//make sure there aren't too many recommendations already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'");
$row = mysql_fetch_row($result);
if ($row[0] >= $config['max_recommend']) {
return 4;
//too many recommendations
}
//ensure this email hasn't been asked with this user already
$result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'");
$row = mysql_fetch_row($result);
if ($row[0] > 0) {
return 5;
//email address already asked
}
lockAction("peer");
//first create an instance
$instance_id = customCreate(customGetCategory('recommend', true), $user_id);
//insert into recommendations table
$auth = escape(uid(64));
mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')");
$recommend_id = mysql_insert_id();
$userinfo = getUserInformation($user_id);
//array (username, email address, name)
//send email now
$content = page_db("request_recommendation");
$content = str_replace('$USERNAME$', $userinfo[0], $content);
$content = str_replace('$USEREMAIL$', $userinfo[1], $content);
$content = str_replace('$NAME$', $userinfo[2], $content);
$content = str_replace('$AUTHOR$', $author, $content);
$content = str_replace('$EMAIL$', $email, $content);
$content = str_replace('$MESSAGE$', page_convert($message), $content);
$content = str_replace('$AUTH$', $auth, $content);
$content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content);
$result = one_mail("Recommendation request", $content, $email);
if ($result) {
return 0;
} else {
return 3;
}
}
<?php
include "../config.php";
include "../include/common.php";
include "../include/db_connect.php";
include "../include/session.php";
if (isset($_SESSION['admin'])) {
$club_id = $_SESSION['admin_club_id'];
$user_id = $_SESSION['user_id'];
$userInfo = getUserInformation($_SESSION['user_id']);
//array of (username, email, name)
if ($club_id > 0) {
if (isset($_REQUEST['old_password'])) {
$pass = $_REQUEST['old_password'];
if (verifyLogin($user_id, $_REQUEST['old_password']) === true) {
if (isset($_REQUEST['description']) && isset($_REQUEST['view_time']) && isset($_REQUEST['open_time']) && isset($_REQUEST['close_time'])) {
$description = escape($_REQUEST['description']);
$view_time = strtotime($_REQUEST['view_time']);
$open_time = strtotime($_REQUEST['open_time']);
$close_time = strtotime($_REQUEST['close_time']);
$num_recommend = escape($_REQUEST['num_recommend']);
mysql_query("UPDATE clubs SET description='{$description}', view_time='{$view_time}', open_time='{$open_time}', close_time='{$close_time}', num_recommend='{$num_recommend}' WHERE id='{$club_id}'");
$success = "Club information updated successfully.";
}
if (isset($_REQUEST['new_password']) && isset($_REQUEST['new_password_conf']) && isset($_REQUEST['email'])) {
$update_res = updateAccount($user_id, $pass, $_REQUEST['new_password'], $_REQUEST['new_password_conf'], $_REQUEST['email']);
if ($update_res == 0) {
$success = "Club and account info updated successfully!";
} else {
if (abs($update_res) == 1) {
$error = "Invalid New Password!";
function createApplicationPDF($user_id, $application_id, $targetDirectory)
{
$user_id = escape($user_id);
$application_id = escape($application_id);
//first verify that application belongs to user and has not been submitted yet
$checkArray = checkApplication($user_id, $application_id, true);
if ($checkArray[0] == -2 || $checkArray[0] == -1) {
return array(FALSE, "verification failure");
}
$club_id = $checkArray[1];
//get application fields
if ($club_id == 0) {
$result = mysql_query("SELECT baseapp.varname, baseapp.vardesc, baseapp.vartype, profiles.val, 0 AS sort_col, baseapp.orderId AS sort2_col FROM profiles, baseapp WHERE profiles.user_id = '{$user_id}' AND profiles.var_id = baseapp.id UNION ALL SELECT baseapp.varname, baseapp.vardesc, baseapp.vartype, answers.val, basecat.orderId AS sort_col, baseapp.orderId AS sort2_col FROM answers, baseapp, basecat WHERE answers.application_id = '{$application_id}' AND baseapp.id = answers.var_id AND basecat.id = baseapp.category ORDER BY sort_col, sort2_col");
$sectionheader = "General Application";
} else {
$result = mysql_query("SELECT supplements.varname, supplements.vardesc, supplements.vartype, answers.val FROM answers, supplements WHERE answers.application_id = '{$application_id}' AND supplements.id = answers.var_id ORDER BY supplements.orderId");
$clubInfo = clubInfo($club_id);
//array (club name, club description, open_time, close_time, num_recommendations)
$sectionheader = "Supplement: " . $clubInfo[0];
}
$userInfo = getUserInformation($user_id);
//array(username, email, name)
return generatePDFByResult($result, $targetDirectory, latexSpecialChars($sectionheader), "User ID: " . latexSpecialChars($user_id) . "\\\\" . latexSpecialChars($userInfo[2]));
}
<?php
include "../config.php";
include "../include/common.php";
include "../include/db_connect.php";
include "../include/session.php";
if (isset($_SESSION['admin']) && isset($_REQUEST['id'])) {
//todo: admins currently can get information of users that didn't apply to their club
$user_id = escape($_REQUEST['id']);
$userinfo = getUserInformation($user_id);
//userinfo is array(username, email)
$profile = getProfile($user_id);
get_page_advanced("user_detail", "admin", array('username' => $userinfo[0], 'email' => $userinfo[1], 'name' => $userinfo[2], 'profile' => $profile));
} else {
header('Location: index.php');
}
<? if(count($messages[$box_id]) != 0 ) {
foreach($messages[$box_id] as $message) { //message is array(message id, sender id, sender username, receiver id, receiver username, subject, time int) ?>
<tr class="message_info" >
<td><input type="checkbox" name="index[]" value="<?php
echo $message[0];
?>
" /></td>
<? if($box_name != "sent") {
$user_data = getUserInformation($message[1]);
$name = $user_data[2];
if(strlen($name) > 20) {
$name = substr($name, 0, 18) . "...";
}
} else {
$user_data = getUserInformation($message[1]);
$name = $user_data[2];
if(strlen($name) > 20) {
$name = substr($name, 0, 18) . "...";
}
}
$mess_title = $message[5];
if(strlen($mess_title) > 50) {
$mess_title = substr($mess_title, 0, 55) . "...";
}
?>
<td onclick="showmessage(<?php
echo $message[0];
?>
)" style="cursor:pointer"><?php
echo $name;
