public function Delete() { if (!$this->ID) { return false; } $q = "DELETE FROM SurveyAnswers WHERE ID='{$this->ID}' LIMIT 1"; return DB::Run($q); }
private function Revoke($objectID, $objectType) { if ($objectType != "Member" && $objectType != "Calling" || !$objectID || !$this->ID) { return false; } $q = "DELETE FROM GrantedPrivileges WHERE PrivilegeID='{$this->ID}' AND {$objectType}ID='{$objectID}' LIMIT 1"; if (!DB::Run($q)) { die("ERROR > Could not revoke that privilege... sorry! " . mysql_error()); } return true; }
public function Save() { // Can we have multiple answer options of the exact // same value for the same question? // Right now... NO. // Make safe the answer value before our preliminary query (including stripping HTML tags) $safeAns = DB::Safe($this->AnswerValue); $q = "SELECT 1 FROM SurveyAnswerOptions WHERE QuestionID='{$this->QuestionID}' AND AnswerValue='{$safeAns}' LIMIT 1"; if (mysql_num_rows(DB::Run($q)) > 0) { fail("Hmmm, this answer option ({$this->AnswerValue}) already exists for this question. Are you sure you didn't mean something else?"); } $q = DB::BuildSaveQuery($this, get_object_vars($this)); $r = DB::Run($q); if (!$this->ID) { $this->ID = mysql_insert_id(); } return $r ? true : false; }
public function Save() { if (!$this->GroupName || !$this->WardID) { return false; } if (!$this->ID) { $this->ID = 0; } // Pascal-case the FHE group name for consistency $this->GroupName = ucwords(strtolower(trim($this->GroupName))); // Sanitize the name before we use it in our query below... $safeName = DB::Safe($this->GroupName); // Make sure the group title is unique $q = "SELECT 1 FROM FheGroups WHERE GroupName='{$safeName}' AND ID!='{$this->ID}' LIMIT 1"; if (mysql_num_rows(DB::Run($q)) > 0) { fail("Oops. Could not save the FHE group; the name is already the name of another group, and they must be unique."); } $q = DB::BuildSaveQuery($this, get_object_vars($this)); $r = DB::Run($q); if (!$this->ID) { $this->ID = mysql_insert_id(); } return $r ? true : false; }
public function Save() { if (!$this->Name) { return false; } if (!$this->ID) { $this->ID = 0; } $this->Name = str_ireplace("stake", "", $this->Name); $this->Name = trim(strip_tags($this->Name)); // Sanitize the name before we use it in our query below... $safeName = DB::Safe($this->Name); // Make sure the calling title is unique $q = "SELECT 1 FROM Stakes WHERE Name='{$safeName}' AND ID!='{$this->ID}' LIMIT 1"; if (mysql_num_rows(DB::Run($q)) > 0) { fail("Oops. Could not save Stake information; the name of the stake already exists."); } $q = DB::BuildSaveQuery($this, get_object_vars($this)); $r = DB::Run($q); if (!$this->ID) { $this->ID = mysql_insert_id(); } return $r ? true : false; }
exit; } @($yyyy = $_POST['year']); @($mm = $_POST['month']); @($dd = $_POST['day']); if (!$yyyy || !$mm || !$dd || $yyyy < 2011 || $yyyy > date("Y") || $mm < 1 || $mm > 12 || $dd < 1 || $dd > 31 || !is_numeric($yyyy) || !is_numeric($mm) || !is_numeric($dd)) { fail("Please be sure to select a cutoff date: day, month, and year."); } // The filename of the to-be-downloaded file. Make safe and strip out common words $safeName = str_replace(" ", "_", strtolower($WARD->Name)); $safeName = preg_replace("/[^0-9A-Za-z_]+/", "", $safeName); $safeName = preg_replace("/provo|utah|ysa|logan|ogden|orem|alpine|salt_lake_city|slc|salt_lake/", "", $safeName); $safeName = trim($safeName, "_- "); $filename = "{$safeName}_mls.csv"; // Run query; prepare to use results $q = DB::Run("SELECT ID FROM Members WHERE WardID='{$WARD->ID()}' AND RegistrationDate >= '{$yyyy}-{$mm}-{$dd}' ORDER BY RegistrationDate ASC"); // Prepare the csv file $csv = new CSVBuilder(); // Fields for the header of the file $csv->AddField("Name"); $csv->AddField("Birth Date"); $csv->AddField("Address"); $csv->AddField("City"); $csv->AddField("State"); $csv->AddField("Postal"); $csv->AddField("Phone"); $csv->AddField("Prior Unit"); // Add all the data to the file while ($r = mysql_fetch_array($q)) { $m = Member::Load($r['ID']); $res = $m->Residence();
public function Delete($sure = false) { // Safety if ($sure !== true || !$this->ID) { return false; } // Delete any password reset tokens $q = "DELETE FROM PwdResetTokens WHERE CredentialsID='{$this->CredentialsID}'"; if (!DB::Run($q)) { fail("Could not delete password reset tokens: " . mysql_error()); } // Delete credentials $q = "DELETE FROM Credentials WHERE ID='{$this->CredentialsID}'"; if (!DB::Run($q)) { fail("Deleted password reset tokens but not anything else (stake leader can still login): " . mysql_error()); } // Delete stake leader record $q = "DELETE FROM StakeLeaders WHERE ID='{$this->ID}' LIMIT 1"; if (!DB::Run($q)) { fail("Deleted password reset tokens and credentials but not account (stake leader CANNOT login, but record still exists!), problem - " . mysql_error()); } return true; }
?> <?php if ($MEMBER->HasPrivilege(PRIV_DELETE_ACCTS)) { ?> <a href="/manage/prune">Delete Accounts</a><?php } } ?> <?php } elseif ($MEMBER == null && $LEADER != null) { ?> <b>Wards</b> <?php // Show list of other wards they can view $wardsQuery = DB::Run("SELECT Name, ID FROM Wards WHERE StakeID='{$LEADER->StakeID}' AND Deleted != 1 ORDER BY Name ASC"); while ($wardRow = mysql_fetch_array($wardsQuery)) { ?> <a href="/api/changeward?id=<?php echo $wardRow['ID']; ?> "><i class="fa fa-asterisk"></i><?php echo $wardRow['Name']; ?> </a></li> <?php } ?> <b>Membership</b> <a href="/directory?stake"><i class="fa fa-list-alt"></i>Stake Directory</a>
private function DeleteWardItems() { // Delete calling assignments $q = "DELETE FROM MembersCallings WHERE MemberID='{$this->ID}'"; if (!DB::Run($q)) { fail("Tried to delete member ID {$this->ID}'s calling assignments, but failed: " . mysql_error()); } // Delete permissions for this MEMBER (not his/her calling) $q = "DELETE FROM Permissions WHERE ObjectType='Member' AND ObjectID='{$this->ID}'"; if (!DB::Run($q)) { fail("Deleted calling assignments for this member, but could not delete permissions. MySQL error: " . mysql_error()); } // Delete privileges for this MEMBER (not his/her calling) $q = "DELETE FROM GrantedPrivileges WHERE MemberID='{$this->ID}'"; if (!DB::Run($q)) { fail("Deleted calling assignments, and permissions for this member, but could not delete granted privileges. MySQL error: " . mysql_error()); } // Delete any password reset tokens $q = "DELETE FROM PwdResetTokens WHERE CredentialsID='{$this->CredentialsID}'"; if (!DB::Run($q)) { fail("Deleted this member's calling assignments, privileges, and permissions, but not password reset tokens: " . mysql_error()); } // Delete survey answers $q = "DELETE FROM SurveyAnswers WHERE MemberID='{$this->ID}'"; if (!DB::Run($q)) { fail("Deleted permissions, callings, privileges, and password reset tokens, but not survey answers. Problem was: " . mysql_error()); } // Delete custom Residence, if any if ($this->HasCustomResidence()) { $q = "DELETE FROM Residences WHERE ID='{$this->ResidenceID}' AND Custom=1"; if (!DB::Run($q)) { fail("Deleted permissions, callings, privileges, password reset tokens, survey answers, and credentials, but not Residence: " . mysql_error()); } } }
public function Members() { $q = "SELECT `MemberID` FROM `MembersCallings` WHERE `CallingID`={$this->ID}"; $r = DB::Run($q); $members = array(); while ($row = mysql_fetch_array($r)) { $members[] = Member::Load($row['MemberID']); } return $members; }
@($ldr1 = $_POST['ldr1']); @($ldr2 = $_POST['ldr2']); @($ldr3 = $_POST['ldr3']); if (!$name) { Response::Send(400, "Please type a group name."); } // Make sure new leaders are removed from old group leaderships. // This next for loop is the exact same as the loop above near the top of this file. // TODO: This setup is awful. I want to redo this another time. What if the // leadership becomes discombobulated? (e.g. removes a leader1 but keeps leader 2... just looks weird) // This is a messy implementation. That's what I get for being in a hurry, I guess. //DB::Run("UPDATE FheGroups SET Leader1=0 WHERE Leader1='$ldr1' OR Leader1='$ldr2' OR Leader1='$ldr3'"); //DB::Run("UPDATE FheGroups SET Leader2=0 WHERE Leader2='$ldr1' OR Leader2='$ldr2' OR Leader2='$ldr3'"); //DB::Run("UPDATE FheGroups SET Leader3=0 WHERE Leader3='$ldr1' OR Leader3='$ldr2' OR Leader3='$ldr3'"); for ($i = 1; $i <= 3; $i++) { DB::Run("UPDATE FheGroups SET Leader{$i}=0 WHERE Leader{$i}='{$ldr1}' OR Leader{$i}='{$ldr2}' OR Leader{$i}='{$ldr3}'"); } // Make assignments, but don't save changes yet. $group->GroupName = $_POST['groupname']; $group->Leader1 = $_POST['ldr1']; $group->Leader2 = $_POST['ldr2']; $group->Leader3 = $_POST['ldr3']; // Move the leaders into their new groups if ($group->Leader1 > 0) { $mem = Member::Load($group->Leader1); $mem->FheGroup = $id; $mem->Save(); } if ($group->Leader2 > 0) { $mem = Member::Load($group->Leader2); $mem->FheGroup = $id;
public function Delete($sure = false) { if ($sure !== true) { fail("Could not delete this question; pass in boolean true to be sure."); } if (!$this->ID) { fail("Could not delete this question, because no valid ID was associated with it."); } // "Make safe the harbor!" ... or ... "Make safe the city!" (pick your movie; I prefer the latter) $safeID = DB::Safe($this->ID); // Delete all SurveyAnswerOptions to it $this->DeleteAllAnswerOptions(true); // Delete all permissions for it $q = "DELETE FROM Permissions WHERE QuestionID='{$safeID}'"; if (!DB::Run($q)) { fail("Could not delete permissions for this question with ID {$this->ID}, reason: " . mysql_error()); } // Delete all answers to this question foreach ($this->Answers() as $ans) { $ans->Delete(); } // Delete the question, at last. $q = "DELETE FROM SurveyQuestions WHERE ID='{$safeID}' LIMIT 1"; if (!DB::Run($q)) { fail("Could not delete question with ID {$this->ID} from database (but answers, answer options, and permissions for it were all deleted), reason: " . mysql_error()); } return true; }
<br> <input type="submit" value="Grant to Calling" class="button sm"> </form> <br> <h2 id="by-calling">Privileges granted to callings</h2> <table class="privList"> <tr> <th>Calling</th> <th>Privilege</th> <th>Options</th> </tr> <?php $rm = DB::Run("SELECT CallingID, PrivilegeID FROM GrantedPrivileges INNER JOIN Callings ON Callings.ID = CallingID INNER JOIN Privileges ON Privileges.ID = GrantedPrivileges.PrivilegeID WHERE CallingID > 0 AND Callings.WardID={$MEMBER->WardID} ORDER BY Callings.Name ASC, Privileges.Privilege ASC"); while ($row = mysql_fetch_array($rm)) { $priv = Privilege::Load($row['PrivilegeID']); $call = Calling::Load($row['CallingID']); ?> <tr> <td> <b><?php echo $call->Name; ?> </b> </td> <td> <span title="<?php echo $priv->HelpText(); ?>
<?php require_once "../lib/init.php"; @($eml = trim($_POST['eml'])); @($pwd = trim($_POST['pwd'])); // Login; returns null if bad credentials. // First see if they're a regular member... $m = Member::Login($eml, $pwd); // Where to potentially redirect the member after login $afterLogin = isset($_SESSION['after_login']) ? $_SESSION['after_login'] : "******"; if (!$m) { // No? Maybe a stake leader? $s = StakeLeader::Login($eml, $pwd); if (!$s) { Response::Send(400); } else { // Choose the first ward in the stake... alphabetically I guess... as default view for them. $r = mysql_fetch_array(DB::Run("SELECT ID FROM Wards WHERE StakeID='{$s->StakeID}' AND Deleted != 1 ORDER BY Name ASC LIMIT 1")); $_SESSION['wardID'] = $r['ID']; // Stake leader logged in. Response::Send(200, $afterLogin); } } else { Response::Send(200, $afterLogin); }
if ($pwd1 != $pwd2) { Response::Send(400, "Your passwords don't match. Make sure they match."); } // Check length if (strlen($pwd1) < 8) { Response::Send(400, "Your password is too short. Please make it at least 8 characters."); } // Verify that the credentials ID matches the token $credID = DB::Safe($credID); $token = DB::Safe($token); $r = DB::Run("SELECT 1 FROM `PwdResetTokens` WHERE `CredentialsID`='{$credID}' AND `Token`='{$token}' LIMIT 1"); if (mysql_num_rows($r) == 0) { Response::Send(400, "Account ID and token do not appear to match. Maybe try again from the link in your email?"); } // Get account object (Member or Leader) -- first we have to determine which type it is $q2 = DB::Run("SELECT * FROM Credentials WHERE ID='{$credID}' LIMIT 1"); $r = mysql_fetch_array($q2); $memberID = $r['MemberID']; $leaderID = $r['StakeLeaderID']; $user = null; if ($memberID && !$leaderID) { $user = @Member::Load($memberID); } else { if ($leaderID && !$memberID) { $user = @StakeLeader::Load($leaderID); } } if (!$user) { Response::Send(500, "Could not load account with ID '{$memberID}' or '{$leaderID}', from credentials ID {$credID} -- please report this exact error message. Thanks..."); } // Reset password.
} } if ($abort) { break; } waitIfNeeded($start); } if ($abort) { for ($i = $lasti; $i < count($job->Recipients); $i++) { $job->AddFailedRecipient($job->Recipients[$i]->memberID, $job->Recipients[$i]->name, $job->Recipients[$i]->number, $errorCode, $errorReason . " (job terminated safely)"); } } // Finish // Only deduct balance if a ward member sent it. if ($job->IsMemberSender()) { DB::Run("UPDATE Wards SET Balance = Balance - {$job->Cost} WHERE ID={$job->WardID} LIMIT 1"); } $job->NumbersUsed = json_encode($numbers); $job->Finished = now(); $job->Save(); exit; function waitIfNeeded($start) { // Wait a certain amount of time before going to the next message, if necessary $end = microtime(true); $duration = $end - $start; if ($duration * 1000 < SMS_MS_BETWEEN_MESSAGES) { millisleep(SMS_MS_BETWEEN_MESSAGES - $duration + 50); } // add a short duration for integrity against network latency }
$credID = mysql_result($r, 0); // Make sure they haven't requested a reset in the last 15 minutes. $q = "SELECT `Timestamp` FROM `PwdResetTokens` WHERE `CredentialsID`='{$credID}' ORDER BY `ID` DESC LIMIT 1"; // Find most recent $result = mysql_fetch_array(DB::Run($q)); $tooSoon = strtotime("+15 minutes", strtotime($result['Timestamp'])); if (time() < $tooSoon) { Response::Send(403, "Please wait at least 15 minutes before requesting another email to be sent."); } // Generate reset token $token = urlencode(randomString(15, false)); // Prepare the email $subj = "Reset your ward website password"; $msg = "Hi!\n\nYou or somebody else is trying to log in with this account on " . SITE_DOMAIN . ".\n\nTo reset your password, go to:\n\n----------------------------------------------------\nhttps://" . SITE_DOMAIN . "/newpwd?key={$token}\n----------------------------------------------------\n\nIf you didn't ask for a password reset, just ignore and delete this message. It expires in 48 hours anyway.\n\nHave a great day!\n-" . SITE_DOMAIN; // Save the reset token in the DB $q = "INSERT INTO `PwdResetTokens` (CredentialsID, Token, Timestamp) VALUES ('{$credID}', '{$token}', CURRENT_TIMESTAMP)"; if (!DB::Run($q)) { Response::Send(500, "Couldn't save password reset token. Please report this: " . mysql_error()); } // Send the email $mail = new Mailer(); $mail->FromAndReplyTo(SITE_NAME, "no-reply@" . SITE_DOMAIN); $mail->Subject("Reset your ward website password"); $mail->Body($msg); $mail->To("", $eml); $mail->Send(); if (count($mail->FailedRecipients()) > 0) { Response::Send(500, "Could not send password reset email. Please try again, or report this if the problem persists."); } // Send 200 OK. Email sent; we're done here. Response::Send(200);
<?php require_once "../lib/init.php"; protectPage(0, true); // Get the ward ID. "$WARD" is defined in init.php for convenience. $wardID = DB::Safe($WARD->ID()); // Load a list of the members in order of apartment or address $members = array(); $q = DB::Run("SELECT\n\tMembers.ID,\n\tTRIM(CONCAT_WS(\" \", Residences.Address, Residences.City, Residences.State)) AS FullAddr,\n\tTRIM(CONCAT_WS(\" \", Residences.Name, Members.Apartment)) AS RegularAddr\nFROM Members\nLEFT JOIN Residences\nON Members.ResidenceID = Residences.ID\nWHERE Members.WardID='{$WARD->ID()}'\nORDER BY RegularAddr, FullAddr, FirstName, LastName ASC;"); $lastApt = ""; // The apartment/address string of the last member in the loop $i = 0; // New line (float clearing) counter $j = 0; // Incremented for each apartment group we encounter ?> <html> <head> <title><?php echo $WARD->Name; ?> Ward Directory — <?php echo SITE_NAME; ?> </title> <?php include "../includes/head.php"; ?> <style> html,
<?php // Build the list of wards by stake $r = DB::Run("SELECT `ID`, `Name`, `StakeID` FROM `Wards` WHERE `Deleted` != 1 ORDER BY `StakeID`, `Name`"); $stakes = array(); while ($row = mysql_fetch_array($r)) { $sid = $row['StakeID']; $wid = $row['ID']; if (!array_key_exists($sid, $stakes)) { $stakes[$sid] = array(); } $stakes[$sid][] = $wid; } ?> <select size="1" name="ward_id" id="wardid"> <option value="" <?php if (!isset($WARD)) { echo 'selected'; } ?> >Select a ward</option> <?php foreach ($stakes as $sid => $wards) { $stakeObj = Stake::Load($sid); ?> <optgroup label="<?php echo $stakeObj->Name; ?> "> <?php
public function NameUnique() { $name = DB::Safe($this->Name); $q = DB::Run("SELECT 1 FROM Residences WHERE Name='{$name}' AND WardID='{$this->WardID}' AND ID!='{$this->ID}' LIMIT 1"); return mysql_num_rows($q) == 0; }
public function Residences($includeCustom = false) { $res = array(); $query = "SELECT ID FROM Residences WHERE WardID='{$this->ID()}' "; if (!$includeCustom) { $query .= "AND Custom=0"; } $query .= " ORDER BY Name ASC"; $q = DB::Run($query); while ($row = mysql_fetch_array($q)) { $res[] = Residence::Load($row['ID']); } return $res; }
require_once "lib/init.php"; protectPage(); // Build list of callings and members who hold those callings // to render it below. $list = ''; $r = DB::Run("SELECT ID FROM Callings WHERE WardID={$MEMBER->WardID} ORDER BY Name ASC"); if (!$r) { fail("ERROR > Could not request callings. Please report this: " . mysql_error()); } $callings = array(); while ($row = mysql_fetch_array($r)) { $c = Calling::Load($row['ID']); if (!$c) { continue; } $r2 = DB::Run("SELECT MemberID FROM MembersCallings WHERE CallingID={$c->ID()}"); if (!$r2) { fail("ERROR > Can't list members' callings. Please report this: " . mysql_error()); } if (mysql_num_rows($r2) > 0) { $callings[$c->Name] = array(); // Get a list of members with this calling while ($row2 = mysql_fetch_array($r2)) { $m = Member::Load($row2['MemberID']); if (!$m) { continue; } $callings[$c->Name][] = $m; } } }
$q = "SELECT * FROM PwdResetTokens WHERE Token='{$key}' LIMIT 1"; $r = DB::Run($q); if (mysql_num_rows($r) == 0) { die("ERROR > Sorry, that is not a valid password reset token. Please go back to your email and try again?"); } // Get the associated credentials ID... $row = mysql_fetch_array($r); $credID = $row['CredentialsID']; if (!$credID) { die("ERROR > That token doesn't seem associated with any account..."); } // Make sure it hasn't expired; delete it if it has $tokenID = $row['ID']; $tooLate = strtotime("+48 hours", strtotime($row['Timestamp'])); if (time() > $tooLate) { DB::Run("DELETE FROM PwdResetTokens WHERE ID='{$tokenID}' LIMIT 1"); die("ERROR > Sorry, that token has expired. They only last 48 hours."); } } ?> <!DOCTYPE html> <html> <head> <title>Finish password reset — <?php echo SITE_NAME; ?> </title> <?php include "includes/head.php"; ?> </head>
<?php /* Performs resizing operations on all profile pictures. This was originally used to bring pictures up from a small thumb/medium size to a larger size (about 2x) fit for retina/high-DPI displays. Protect this file if you upload it. It has no security built-in. */ exit; // SAFETY LINE; disable to use this file require_once "../lib/init.php"; echo "<pre>"; set_time_limit(0); $mems = DB::Run("SELECT ID FROM Members ORDER BY ID ASC"); $i = 0; while ($row = mysql_fetch_array($mems)) { $mem = Member::Load($row['ID']); if (!$mem->PictureFile) { continue; } $picFile = $mem->PictureFile; $main = filename($mem->PictureFile); $ext = extension($mem->PictureFile, "jpg"); $newRand = rand(1000, 9999); $newMain = $mem->FirstName . "_" . $mem->LastName . "_" . $mem->ID() . "_" . $newRand; $newFull = $newMain . "." . $ext; $newMedium = $newMain . "_med." . $ext; $newThumb = $newMain . "_thumb." . $ext; echo "PICTURE:\n{$newMain}\n{$newFull}\n{$newMedium}\n{$newThumb}\n"; copy("uploads/" . $mem->PictureFile, "uploads/" . $newFull);
$ansObj->AnswerArrayToString(); } // Save the answer now. $ansObj->Save(); } } // Identify un-answered questions, both required and not. // We poll the DB because un-checked checkboxes aren't submitted // at all, so we have to manually check if they're missing. // If the question requires an answer, enforce that requirement. // If the question is not required, give un-filled answers an empty value. // (This whole block isn't very efficient way to do this, but for // the low traffic volume we get, it should be fine.... for now... // especially considering how quickly this had to be ready!) $q = "SELECT ID FROM SurveyQuestions WHERE WardID={$MEMBER->WardID} AND Visible='1'"; $r = DB::Run($q); while ($row = mysql_fetch_array($r)) { // Find out about the question and the user's answer to it, if any $reqQu = SurveyQuestion::Load($row['ID']); $userAns = isset($answers[$reqQu->ID()]) ? $answers[$reqQu->ID()] : null; if (is_string($userAns)) { $userAns = trim($userAns); } // If it IS required, and not answered, time to throw. if ($reqQu->Required && (!$userAns || !is_array($userAns) && strlen(trim($userAns)) == 0 || $userAns == ' ')) { Response::Send(400, "Please answer the required question:<br><br>\"" . $reqQu->Question . "\""); } // If NOT required, set to empty value if not filled out if (!$reqQu->Required && (!$userAns || !is_array($userAns) && strlen(trim($userAns)) == 0 || $userAns == ' ')) { // First we have to get it from the DB. $ansObj = $reqQu->Answers($memID);
public static function UnfinishedJobExistsWithLeaderID($id, $max = 1) { $id = DB::Safe($id); $r = DB::Run("SELECT ID FROM EmailJobs WHERE StakeLeaderID='{$id}' AND Ended = 0 LIMIT {$max}"); return mysql_num_rows($r) >= $max; }
$row = mysql_fetch_object($r); if ($row->StakeID == $LEADER->StakeID) { $memInLeaderStake = true; } } if (!$memInWard && !$memInLeaderStake) { header("Location: /directory"); } $isCurrent = $MEMBER && $MEMBER->ID() == $mem->ID(); // Get parts of the birth date $bdate = strtotime($mem->Birthday); $mm = date("F", $bdate); $dd = date("j", $bdate); $ordinal = date("S", $bdate); // Load survey questions in order to get the answers $r = DB::Run("SELECT ID FROM SurveyQuestions WHERE WardID='{$mem->WardID}' AND Visible='1'"); if (!$r) { die("ERROR > Can't render this page because of a database problem. Please report this: " . mysql_error()); } ?> <!DOCTYPE html> <html> <head> <title><?php echo $mem->FirstName() . ' ' . $mem->LastName; ?> — <?php echo $WARD ? $WARD->Name . " Ward" : SITE_NAME; ?> </title> <?php
$mems = array(); $q = "SELECT ID FROM Members WHERE WardID={$MEMBER->WardID} ORDER BY FirstName, LastName ASC"; $r = DB::Run($q); while ($row = mysql_fetch_array($r)) { array_push($mems, Member::Load($row['ID'])); } // Build list of options $memList = ""; foreach ($mems as $mem) { $memList .= "\r\n<option value=\"{$mem->ID()}\">" . $mem->FirstName() . " " . $mem->LastName . "</option>"; } $memList .= "\r\n"; // Get a list of FHE groups $groups = array(); $q2 = "SELECT ID FROM FheGroups WHERE WardID={$MEMBER->WardID} ORDER BY GroupName ASC"; $r2 = DB::Run($q2); while ($row = mysql_fetch_array($r2)) { array_push($groups, FheGroup::Load($row['ID'])); } ?> <!DOCTYPE html> <html> <head> <title>Manage FHE groups — <?php echo $WARD ? $WARD->Name . " Ward" : SITE_NAME; ?> </title> <?php include "../includes/head.php"; ?> <style>
public function Delete($sure = false) { if ($sure !== true) { fail("Could not delete this permission. Please pass boolean true as an argument."); } if (!$this->ID) { return false; } $q = "DELETE FROM Permissions WHERE ID='{$this->ID}' LIMIT 1"; if (!DB::Run($q)) { fail("Could not delete permission, please report this: " . mysql_error()); } // De-construct this object $this->ID = null; $this->QuestionID = null; $this->ObjectID = null; $this->Object = null; return true; }
@($m = $_GET['m']); @($c = $_GET['c']); if ($action == "revoke") { // Revoke this privilege if (!$privID) { fail("Need a privilege ID to revoke; cannot revoke no privilege!"); } if ($m && $c || !$m && !$c) { fail("Please choose a member or a calling to revoke from."); } $priv = Privilege::Load($privID); if ($privID == 10) { // 10 is Manage Site Privileges; at least one member or calling from the ward should always have this. // This query gets a list of unique privileges. $epicQuery = "SELECT GrantedPrivileges.ID, Members.WardID FROM GrantedPrivileges\n\t\t\t\t\t\tINNER JOIN Members ON Members.ID = GrantedPrivileges.MemberID\n\t\t\t\t\t\tWHERE WardID = {$MEMBER->WardID} AND GrantedPrivileges.PrivilegeID = 10\n\t\t\t\t\t\tUNION\n\t\t\t\t\t\tSELECT GrantedPrivileges.ID, Callings.WardID FROM GrantedPrivileges\n\t\t\t\t\t\tINNER JOIN Callings ON Callings.ID = GrantedPrivileges.CallingID\n\t\t\t\t\t\tWHERE WardID = {$MEMBER->WardID} AND GrantedPrivileges.PrivilegeID = 10;"; if (mysql_num_rows(DB::Run($epicQuery)) == 1) { fail("At least one member or calling of your ward must be able to manage the site privileges. This was the last one; could not revoke."); } } if ($m) { $mem = Member::Load($m); if ($mem->WardID != $MEMBER->WardID) { fail("You can only revoke privileges from members of your ward."); } else { $priv->RevokeFromMember($m); } $redirectAppend = "?revoked#by-member"; } else { $call = Calling::Load($c); if ($call->WardID() != $MEMBER->WardID) { fail("You can only revoke privileges of callings in your ward.");