exit; } if (is_numeric($_REQUEST["staff_id"])) { $staff_id = $_REQUEST["staff_id"]; } else { print _("Perhaps you have come here by a funny path?"); exit; } /// Create our record $record = new Staff($staff_id); $staff_name = $record->getFullName(); // See if a password has been submitted if (isset($_POST['add_bio'])) { $p_result = $record->updateBio($_POST["bio"]); if ($p_result) { $feedback = "<div class=\"feedback\">" . _("Bio updated. Close window to continue.") . "</div><br />"; } else { $feedback = "<div class=\"feedback\">" . _("There was a problem. Contact the admin.") . "</div><br />"; } /// Create our record again $record = new Staff($staff_id); $staff_name = $record->getFullName(); } else { $feedback = ""; } print "{$feedback}\n<div id=\"maincontent\">\n<h2 class=\"bw_head\">" . _("Update Biography for ") . " {$staff_name}</h2>\n<form id=\"bio_form\" action=\"\" method=\"post\">\n<input type=\"hidden\" name=\"staff_id\" value=\"" . $_REQUEST["staff_id"] . "\" />\n<div class=\"box no_overflow\">\n<p>" . _("Please only include professional details.") . "</p><br />"; // Create our box now $record->outputBioForm(); print "</div>\n <div class=\"box no_overflow\">\n <button class=\"button\" id=\"add_bio\" name=\"add_bio\">" . _("Update Bio") . "</button>\n </div>\n </form>\n </div>"; include "../includes/footer.php"; //$record->deBug();
require_once "includes/functions.php"; use SubjectsPlus\Control\Querier; use SubjectsPlus\Control\Staff; $db = new Querier(); $lstrForm = ''; if (!isset($_GET['id'])) { if (isset($_POST['email'])) { $lobjStaff = new Staff('', 'forgot'); if ($lobjStaff->getRecordId() == NULL) { $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br />" . _("{$lobjStaff->getMessage()}") . "</p>"; $lstrForm = $lobjStaff->outputEmailForm(); } else { $lobjTodayDate = new DateTime(); //The code is a hased string composed of the user's email, installation's salt, and today's date MMDDYYYY $lstrCode = md5($lobjStaff->getEmail() . $salt . $lobjTodayDate->format('mdY')); $lstrMessage = "Hello {$lobjStaff->getFullName()},\n\nHere is the link to reset your password. Link only works for three days. {$BaseURL}control/forgotpassword.php?id={$lobjStaff->getRecordID()}&code={$lstrCode}"; mail($lobjStaff->getEmail(), 'Reset password for SubjectsPlus', $lstrMessage, "From: {$administrator_email}"); $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br /><strong>" . _("An email has been sent to reset your password. Please click the link in the email and follow the instructions.") . "</strong></p>"; } } else { $lobjStaff = new Staff(); $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br />" . _("Please enter your <strong>email</strong> so we can email you a link to reset your password.") . "</p>"; $lstrForm = $lobjStaff->outputEmailForm(); } } else { $_SESSION['staff_id'] = $_GET['id']; $lobjStaff = new Staff($_GET['id']); if (isset($_POST['password'])) { if ($lobjStaff->correctPassword($_POST['password'])) { if ($_POST['password'] == $_POST['password_confirm']) { $lobjStaff->updatePassword(trim($_POST['password']));