function testdbPersonsModule() { // creates an empty dbPersons table $this->assertTrue(create_dbPersons()); //creates some people to add to the database $person1 = new Person("Smith", "John", "123 College Street", "Brunswick", "ME", "04011", 2075551234, "", "*****@*****.**", "guest", "", "Jane Smith", "98-01-01", "parent", ""); $person2 = new Person("Jones", "Bob", "100 Union Street", "Bangor", "ME", "04401", 2075555678, null, "*****@*****.**", "guest", "", "Dan Jones", "95-07-15", "grandfather", ""); $person3 = new Person("Adams", "Will", "12 River Road", "Augusta", "ME", "04330", 207551212, 2075553434, "*****@*****.**", "socialworker", "", null, null, null, ""); $person4 = new Person("Williams", "Elizabeth", "50 Main Street", "Portland", "ME", "04110", 2075555432, null, "*****@*****.**", "volunteer", "", null, null, null, ""); $person5 = new Person("Roberts", "Jill", "200 Main Street", "Portland", "ME", "04110", 2075556666, 2075550000, "*****@*****.**", "manager", "", null, null, null, ""); // tests the insert function $this->assertTrue(insert_dbPersons($person1)); $this->assertTrue(insert_dbPersons($person2)); $this->assertTrue(insert_dbPersons($person3)); $this->assertTrue(insert_dbPersons($person4)); $this->assertTrue(insert_dbPersons($person5)); //tests the retrieve function $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_id(), "John2075551234"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_first_name(), "John"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_last_name(), "Smith"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_address(), "123 College Street"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_city(), "Brunswick"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_state(), "ME"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_zip(), "04011"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_phone1(), 2075551234); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_phone2(), null); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_email(), "*****@*****.**"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_patient_name(), "Jane Smith"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_patient_birthdate(), "98-01-01"); $this->assertEqual(retrieve_dbPersons($person1->get_id())->get_patient_relation(), "parent"); $this->assertTrue(retrieve_dbPersons($person1->get_id())->check_type("guest")); //tests the update function $person2->set_address("5 Maine Street"); $this->assertTrue(update_dbPersons($person2)); $this->assertEqual(retrieve_dbPersons($person2->get_id())->get_address(), "5 Maine Street"); $this->assertFalse(retrieve_dbPersons($person3->get_id())->check_type("guest")); $person3->add_type("guest"); $this->assertTrue(update_dbPersons($person3)); $p3 = retrieve_dbPersons($person3->get_id()); $a = $p3->get_type(); $this->assertTrue(retrieve_dbPersons($person3->get_id())->check_type("guest")); $this->assertTrue(retrieve_dbPersons($person3->get_id())->check_type("socialworker")); //tests the delete function $this->assertTrue(delete_dbPersons($person1->get_id())); $this->assertTrue(delete_dbPersons($person2->get_id())); $this->assertTrue(delete_dbPersons($person3->get_id())); $this->assertTrue(delete_dbPersons($person4->get_id())); $this->assertTrue(delete_dbPersons($person5->get_id())); $this->assertFalse(retrieve_dbPersons($person4->get_id())); echo "testdbPersons complete"; }
//DEFAULT PASSWORD CHECK if (md5($person->get_id()) == $person->get_password()) { if (!isset($_POST['_rp_submitted'])) { echo '<div class="warning"><form method="post"><p><strong>We recommend that you change your password, which is currently default.</strong><table class="warningTable"><tr><td class="warningTable">Old Password:</td><td class="warningTable"><input type="password" name="_rp_old"></td></tr><tr><td class="warningTable">New password</td><td class="warningTable"><input type="password" name="_rp_newa"></td></tr><tr><td class="warningTable">New password<br />(confirm)</td><td class="warningTable"><input type="password" name="_rp_newb"></td></tr><tr><td colspan="2" align="right" class="warningTable"><input type="hidden" name="_rp_submitted" value="1"><input type="submit" value="Change Password"></td></tr></table></p></form></div>'; } else { //they've submitted if ($_POST['_rp_newa'] != $_POST['_rp_newb'] || !$_POST['_rp_newa']) { echo '<div class="warning"><form method="post"><p>Error with new password. Ensure passwords match.</p><br /><table class="warningTable"><tr><td class="warningTable">Old Password:</td><td class="warningTable"><input type="password" name="_rp_old"></td></tr><tr><td class="warningTable">New password</td><td class="warningTable"><input type="password" name="_rp_newa"></td></tr><tr><td class="warningTable">New password<br />(confirm)</td><td class="warningTable"><input type="password" name="_rp_newb"></td></tr><tr><td colspan="2" align="center" class="warningTable"><input type="hidden" name="_rp_submitted" value="1"><input type="submit" value="Change Password"></form></td></tr></table></div>'; } else { if (md5($_POST['_rp_old']) != $person->get_password()) { echo '<div class="warning"><form method="post"><p>Error with old password.</p><br /><table class="warningTable"><tr><td class="warningTable">Old Password:</td><td class="warningTable"><input type="password" name="_rp_old"></td></tr><tr><td class="warningTable">New password</td><td class="warningTable"><input type="password" name="_rp_newa"></td></tr><tr><td class="warningTable">New password<br />(confirm)</td><td class="warningTable"><input type="password" name="_rp_newb"></td></tr><tr><td colspan="2" align="center" class="warningTable"><input type="hidden" name="_rp_submitted" value="1"><input type="submit" value="Change Password"></form></td></tr></table></div>'; } else { if (md5($_POST['_rp_old']) == $person->get_password() && $_POST['_rp_newa'] == $_POST['_rp_newb']) { $newPass = md5($_POST['_rp_newa']); $person->set_password($newPass); update_dbPersons($person); } } } } echo '<br clear="all">'; } //NOTES OUTPUT echo '<div class="infobox"><p class="notes"><strong>Notes to/from the manager:</strong><br />'; echo $person->get_mgr_notes() . '</div></p>'; // we have a guest authenticated if ($_SESSION['access_level'] == 0) { //SHOW STATUS echo '<div class="infobox"><p><strong>Your request has been submitted.</strong><br></p></div><br>'; } //We have a manager authenticated
/** * process_form sanitizes data, concatenates needed data, and enters it all into the database */ function process_form($id, $person) { // Get the info of the user who is making the update $user = retrieve_dbPersons($_SESSION['_id']); $name = $user->get_first_name() . " " . $user->get_last_name(); $first_name = trim(str_replace("'", "\\'", htmlentities(str_replace('&', 'and', $_POST['first_name'])))); $last_name = trim(str_replace("'", "\\'", htmlentities($_POST['last_name']))); $address = trim(str_replace("'", "\\'", htmlentities($_POST['address']))); $city = trim(str_replace("'", "\\'", htmlentities($_POST['city']))); $state = $_POST['state']; $zip = trim(htmlentities($_POST['zip'])); $phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1']))); $clean_phone1 = ereg_replace("[^0-9]", "", $phone1); $phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2']))); $clean_phone2 = ereg_replace("[^0-9]", "", $phone2); $email = trim(str_replace("'", "\\'", htmlentities($_POST['email']))); $patient_name = trim(str_replace("'", "\\'", htmlentities($_POST['patient_name']))); $patient_birthdate = $_POST['DateOfBirth_Year'] . '-' . $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day']; $patient_relation = trim(str_replace('\\\'', '\'', htmlentities($_POST['patient_relation']))); $type = implode(',', $_POST['type']); $prior_bookings = implode(',', $person->get_prior_bookings()); $newperson = new Person($last_name, $first_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $prior_bookings, $patient_name, $patient_birthdate, $patient_relation, ""); if (!retrieve_dbPersons($newperson->get_id())) { insert_dbPersons($newperson); return $newperson; } else { if ($_POST['deleteMe'] != "DELETE" && $_POST['reset_pass'] != "RESET") { update_dbPersons($newperson); return $newperson; } } //step two: try to make the deletion or password change if ($_POST['deleteMe'] == "DELETE") { $result = retrieve_dbPersons($id); if (!$result) { echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.'; } else { //What if they're the last remaining manager account? if (strpos($type, 'manager') !== false) { //They're a manager, we need to check that they can be deleted $managers = getall_type('manager'); if (!$managers || mysql_num_rows($managers) <= 1) { echo '<p class="error">You cannot remove the last remaining manager from the database.</p>'; } else { $result = delete_dbPersons($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } else { $result = delete_dbPersons($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } // Create the log message $message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has removed " . $first_name . " " . $last_name . " from the database"; add_log_entry($message); } return $person; } else { if ($_POST['reset_pass'] == "RESET") { $id = $_POST['old_id']; // $result = delete_dbPersons($id); // $pass = $first_name . $phone1; $person = new Person($last_name, $first_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, implode(',', $person->get_prior_bookings()), $patient_name, $patient_birthdate, $patient_relation, ""); $result = insert_dbPersons($person); if (!$result) { echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager."; } else { echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>"; // Create the log message $message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has reset the password for <a href='viewPerson.php?id=" . $id . "'>" . $first_name . " " . $last_name . "</a>"; add_log_entry($message); } return $person; } } }
function check_out($date) { $r = retrieve_dbRooms($this->room_no); $p = retrieve_dbPersons(substr($this->id, 8)); if ($r && $r->unbook_me($this->id)) { $this->status = "closed"; $this->date_out = $date; update_dbBookings($this); if ($p) { $p->add_prior_booking($this->id); update_dbPersons($p); } return $this; } else { return false; } }