/**
* Generates the RSS XML
* @author Paul Heaney
* @return string The XML string for the feed
*/
function generate_feed_xml()
{
global $CONFIG, $application_version_string;
if (!empty($_SESSION['lang'])) {
$lang = $_SESSION['lang'];
} else {
$lang = $CONFIG['default_i18n'];
}
$xml = "<rss version=\"2.0\" xmlns:atom=\"http://www.w3.org/2005/Atom\">";
$xml .= "<channel><title>{$this->title}</title>\n";
$xml .= "<link>" . application_url() . "</link>\n";
$xml .= "<atom:link href=\"{$this->feedurl}\" rel=\"self\" type=\"application/rss+xml\" />\n";
$xml .= "<description>{$this->description}</description>\n";
$xml .= "<language>{$lang}</language>\n";
$xml .= "<pubDate>" . date('r', $this->pubdate) . "</pubDate>\n";
$xml .= "<lastBuildDate>" . date('r', $this->pubdate) . "</lastBuildDate>\n";
$xml .= "<docs>http://blogs.law.harvard.edu/tech/rss</docs>";
$xml .= "<generator>{$CONFIG['application_name']} {$application_version_string}</generator>\n";
$xml .= "<webMaster>" . user_email($CONFIG['support_manager']) . " (Support Manager)</webMaster>\n";
if (is_array($this->items)) {
foreach ($this->items as $item) {
$xml .= $item->generateItem();
}
}
$xml .= "</channel></rss>\n";
return $xml;
}
"><?php
_e("Edit");
?>
</a> | </span>
<span class='delete'><a onclick="return confirm('Bạn có chắc muốn xóa <?php
course_name();
?>
?');" href="<?php
deletecourselink();
?>
"><?php
_e("Delete");
?>
</a></span>
<!--<span class='email'> | <?php
echo make_clickable(user_email());
?>
</span>-->
</div>
</td>
<td class="column-cfaculty"><?php
faculty_name();
?>
</td>
<td class="column-ccredit"><?php
course_credit();
?>
</td>
<td class="column-numstudent"><?php
course_num_students('', true);
?>
/**
Send a template email without using a trigger
@author Ivan Lucas
@param int $templateid: The ID number of the template to use
@param array $paramarray. An associative array of template parameters
This should at the very least be
array('incidentid' => $id, 'triggeruserid' => $sit[2])
@param string $attach. Path and filename of file to attach
@param string $attachtype. Type of file to attach (Default 'OCTET')
@param string $attachdesc. Description of the attachment, (Default, same as filename)
@retval bool TRUE: The email was sent successfully
@retval bool FALSE: There was an error sending the mail
@note This is v2 of this function, it has different paramters than v1
**/
function send_email_template($templateid, $paramarray, $attach = '', $attachtype = '', $attachdesc = '')
{
global $CONFIG, $application_version_string, $sit;
if (!is_array($paramarray)) {
trigger_error("Invalid Parameter Array", E_USER_NOTICE);
$paramarray = array('triggeruserid' => $sit[2]);
}
if (!is_numeric($templateid)) {
trigger_error("Invalid Template ID '{$templateid}'", E_USER_NOTICE);
}
// Grab the template
$tsql = "SELECT * FROM `{$dbEmailTemplates}` WHERE id={$templateid} LIMIT 1";
$tresult = mysql_query($tsql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
if (mysql_num_rows($tresult) > 0) {
$template = mysql_fetch_object($tresult);
}
$paramarray = array('incidentid' => $paramarray['incidentid'], 'triggeruserid' => $sit[2]);
$from = replace_specials($template->fromfield, $paramarray);
$replyto = replace_specials($template->replytofield, $paramarray);
$ccemail = replace_specials($template->ccfield, $paramarray);
$bccemail = replace_specials($template->bccfield, $paramarray);
$toemail = replace_specials($template->tofield, $paramarray);
$subject = replace_specials($template->subjectfield, $paramarray);
$body = replace_specials($template->body, $paramarray);
$extra_headers = "Reply-To: {$replyto}\nErrors-To: " . user_email($sit[2]) . "\n";
$extra_headers .= "X-Mailer: {$CONFIG['application_shortname']} {$application_version_string}/PHP " . phpversion() . "\n";
$extra_headers .= "X-Originating-IP: {$_SERVER['REMOTE_ADDR']}\n";
if ($ccemail != '') {
$extra_headers .= "CC: {$ccemail}\n";
}
if ($bccemail != '') {
$extra_headers .= "BCC: {$bccemail}\n";
}
$extra_headers .= "\n";
// add an extra crlf to create a null line to separate headers from body
// this appears to be required by some email clients - INL
// Removed $mailerror as MIME_mail expects 5 args and not 6 of which is it not expect errors
$mime = new MIME_mail($from, $toemail, html_entity_decode($subject), '', $extra_headers);
$mime->attach($body, '', "text-plain; charset={$GLOBALS['i18ncharset']}", 'quoted-printable');
if (!empty($attach)) {
if (empty($attachdesc)) {
$attachdesc = "Attachment named {$attach}";
}
$disp = "attachment; filename=\"{$attach}\"; name=\"{$attach}\";";
$mime->fattach($attach, $attachdesc, $attachtype, 'base64', $disp);
}
// actually send the email
$rtnvalue = $mime->send_mail();
return $rtnvalue;
}
});
// The url router wasn't matching "/users/:email" probably something to do with the @ and the dots in emails
if (startsWith(request_uri(), '/users/') && strlen(trim(request_uri(), '/')) > 5) {
$email = remove_first(request_uri(), '/users/');
if (!account_exists($email)) {
render('err404', null, false);
die;
}
if ($email !== user_email() && !is_reviewer()) {
render('err403', null, false);
die;
}
$data = account_data($email);
$email = $data['email'];
if (request_method() == 'GET') {
render('user', array('head_title' => $data['email'], 'user' => $data, 'user_apps' => app_get_user($data['email'], valid_bool(from($_REQUEST, 'show-deleted'))), 'is_self' => user_email() == $email));
} else {
if (request_method() == 'POST') {
$action = from($_REQUEST, 'action');
switch (strtolower($action)) {
case 'desc':
account_change_desc($email, from($_REQUEST, 'desc'));
redirect('/users/' . $email);
break;
case 'username':
account_change_username($email, from($_REQUEST, 'username'));
redirect('/users/' . $email);
break;
case 'group':
if (!is_admin()) {
render('err403', null, false);
function app_add_note($app, $text)
{
if (!is_reviewer()) {
return false;
}
$note = array('reviewer' => user_email(), 'type' => 'comment', 'time' => time(), 'text' => $text);
$app->notes[] = $note;
app_save($app);
return true;
}
?>
<div class="message"><?php
echo $message;
?>
</div>
<?php
}
?>
<form action="profile-update.php" method="POST">
<label><span class="label">Mật khẩu hiện tại:</span> <input type="password" name="password" value=""/></label>
<label><span class="label">Họ tên:</span> <input type="text" name="full_name" value="<?php
user_fullname();
?>
"/></label>
<label><span class="label">Email: </span> <input type="text" name="email" value="<?php
user_email();
?>
"/></label>
<label><span class="label">Ngày sinh:</span> <input type="text" name="birdthday" value="<?php
user_birthday();
?>
"/></label>
<label><span class="label">Địa chỉ:</span> <input type="text" name="address" value="<?php
user_address();
?>
"/></label>
<label><span class="label">Mật khẩu mới:</span> <input type="password" name="newpass" value=""/></label>
<label><span class="label">Nhập lại:</span> <input type="password" name="newpass_retype" value=""/></label>
<input type="hidden" name="action" value="update"/>
<input type="submit" value="<?php
_e("Cập nhật");
echo SITE_URL;
?>
users">users</a>
<?php
}
?>
</div>
<div id="user-top">
<?php
if (logged_in()) {
?>
<a href="<?php
echo SITE_URL;
?>
users/<?php
echo user_email();
?>
"><?php
echo get_username();
?>
</span>
<a href="<?php
echo SITE_URL;
?>
logout">logout</a>
<?php
} else {
?>
<a href="<?php
echo SITE_URL;
?>
$holidaylist .= $strAfternoon;
}
if ($holiday->length == 'day') {
$holidaylist .= $strFullDay;
}
$holidaylist .= ", ";
$holidaylist .= holiday_type($holiday->type) . "\n";
}
if (strlen($memo) > 3) {
$holidaylist .= "\n{$SYSLANG['strCommentsSentWithRequest']}:\n\n";
$holidaylist .= "---\n{$memo}\n---\n\n";
}
}
// Mark the userid of the person who will approve the request so that they can see them
$sql = "UPDATE `{$dbHolidays}` SET approvedby='{$approvaluser}' ";
$sql .= "WHERE userid='{$user}' AND approved = " . HOL_APPROVAL_NONE;
mysql_query($sql);
if (mysql_error()) {
trigger_error(mysql_error(), E_USER_WARNING);
}
$rtnvalue = trigger('TRIGGER_HOLIDAY_REQUESTED', array('userid' => $user, 'approvaluseremail' => user_email($approvaluser), 'listofholidays' => $holidaylist));
if ($rtnvalue === TRUE) {
echo "<h2>{$strRequestSent}</h2>";
echo "<p align='center'>" . nl2br($holidaylist) . "</p>";
} else {
echo "<p class='error'>{$strThereWasAProblemSendingYourRequest}</p>";
}
}
echo "<p align='center'><a href='holidays.php?user={$user}'>{$strMyHolidays}</p></p>";
}
include APPLICATION_INCPATH . 'htmlfooter.inc.php';
$update->execute($data);
$error = $q->errorInfo();
}
//notify users via email
//figure out who needs to receive this notification
$q = $dbh->prepare("SELECT reader,username FROM cm_journals WHERE id =?");
$q->bindParam(1, $id[0]);
$q->execute();
$u = $q->fetch(PDO::FETCH_ASSOC);
$involved = $u['reader'] . $u['username'];
$inv = explode(',', $involved);
$this_user = array($_SESSION['login']);
$notify = array_diff($inv, $this_user);
foreach ($notify as $user) {
$commenter = username_to_fullname($dbh, $_SESSION['login']);
$email = user_email($dbh, $user);
$subject = "ClinicCases: {$commenter} has commented on a journal.";
$body = "{$commenter} has commented on a journal.n\n" . CC_EMAIL_FOOTER;
mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM);
}
//TODO test on mail server
break;
case 'delete_comment':
//Get current comment array for this journal
$q = $dbh->prepare('SELECT comments FROM cm_journals WHERE id = ?');
$q->bindParam(1, $id[0]);
$q->execute();
$error = $q->errorInfo();
$result = $q->fetch(PDO::FETCH_ASSOC);
$old = unserialize($result['comments']);
unset($old[$comment_id]);
$resps[] = all_active_users_a($dbh);
} else {
$resps[] = $responsible;
}
}
$resps_flat = flatten_array($resps);
$add_resp = $dbh->prepare("INSERT INTO cm_events_responsibles (id,event_id,username,time_added) VALUES (NULL, :last_id,:resp,NOW())");
for ($i = 0; $i < sizeof($resps_flat); $i++) {
$data = array('last_id' => $event_id, 'resp' => $resps_flat[$i]);
$add_resp->execute($data);
}
//Then notify only the newly-added users of the assignement via email
$new_assignees = array_diff($resps_flat, $curs_flat);
if (!empty($new_assignees)) {
foreach ($new_assignees as $n) {
$email = user_email($dbh, $resps_flat[$i]);
$subject = "ClinicCases: You have been assigned to an event";
$body = "You have been assigned to an event (" . $_POST['task'] . ")in the " . case_id_to_casename($dbh, $case_id) . " case.\n\n" . CC_EMAIL_FOOTER;
mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM);
//TODO test on mail server
}
}
}
break;
case 'delete':
$delete_event = $dbh->prepare("DELETE FROM cm_events WHERE id = :event_id");
$data = array('event_id' => $event_id);
$delete_event->execute($data);
$error = $delete_event->errorInfo();
//also remove all event assignments
if (!$error[1]) {
}
$forward_names_string = substr($forward_names, 0, -2);
$forward_text = "<<<Forwarded this message to {$forward_names_string}" . "\n\n" . $reply_text;
$tos = generate_recipients($dbh, $thread_id);
$to = $tos['from'] . ',' . $tos['tos'];
$cc = $tos['ccs'];
$data = array('thread_id' => $thread_id, 'to' => $to, 'ccs' => $cc, 'sender' => $user, 'forward_text' => $forward_text);
$q->execute($data);
$error = $q->errorInfo();
//TODO notify forward recipients by email
if (!$error[1]) {
$msg_subject = get_subject($dbh, $thread_id);
$preview = snippet(20, $reply_text);
foreach ($forward_tos as $f) {
if ($f != $user) {
$email = user_email($dbh, $f);
$subject = "ClinicCases: New Message: '" . $msg_subject . "'";
$body = username_to_fullname($dbh, $user) . " forwarded '" . $msg_subject . "' to you:\n\n'{$preview}'\n\n" . CC_EMAIL_FOOTER;
mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM);
}
}
}
}
break;
case 'star_on':
//add start to message
$q = $dbh->prepare("UPDATE cm_messages SET `starred` = REPLACE(`starred`,:user,''),\n\t\t\tstarred = CONCAT(starred,:user) WHERE id = :id");
$user_string = $user . ",";
$data = array('user' => $user_string, 'id' => $id);
$q->execute($data);
$error = $q->errorInfo();
if (!empty($_SESSION['lang'])) {
$lang = $_SESSION['lang'];
} else {
$lang = $CONFIG['default_i18n'];
}
$count = 0;
$pubdate = $now;
$items = array();
while ($incident = mysql_fetch_object($result)) {
// Get Last Update
list($update_userid, $update_type, $update_currentowner, $update_currentstatus, $update_body, $update_timestamp, $update_nextaction, $update_id) = incident_lastupdate($incident->id);
if ($count == 0) {
$update_timestamp;
}
$authorname = user_realname($update_userid);
$author = user_email($update_userid) . " (" . $authorname . ")";
$fi = new FeedItem();
$fi->title = "[{$incident->id}] - {$incident->title} ({$update_type})";
$fi->author = $author;
$fi->link = "{$CONFIG['application_uriprefix']}{$CONFIG['application_webpath']}incident_details.php?id={$incident->id}";
$fi->description = "{$strUpdated} " . date($CONFIG['dateformat_datetime'], $update_timestamp) . " {$strby} <strong>{$authorname}</strong>. \n{$strStatus}: " . incidentstatus_name($update_currentstatus) . ". <br />\n\n" . strip_tags($update_body);
$fi->pubdate = $update_timestamp;
$fi->guid = "{$CONFIG['application_uriprefix']}{$CONFIG['application_webpath']}incident_details.php?id={$incident->id}#{$update_id}";
$count++;
$items[] = $fi;
}
$feed = new Feed();
$feed->title = "{$CONFIG['application_shortname']} {$strIncidents}";
$feed->feedurl = "{$CONFIG['application_uriprefix']}{$CONFIG['application_webpath']}incident_details.php?id={$incident->id}";
$feed->description = "{$CONFIG['application_name']}: {$strIncidents} {$strFor} " . user_realname($userid) . " ({$strActionNeeded})";
$feed->pubdate = $pubdate;
$error_string .= "<p class='error'>" . sprintf($strFieldMustNotBeBlank, $strFrom) . "</p>\n";
}
// check reply to field
if ($replytofield == '') {
$errors = 1;
$error_string .= "<p class='error'>" . sprintf($strFieldMustNotBeBlank, $strReplyTo) . "</p>\n";
}
// Store email body in session if theres been an error
if ($errors > 0) {
$_SESSION['temp-emailbody'] = $bodytext;
} else {
unset($_SESSION['temp-emailbody']);
}
// send email if no errors
if ($errors == 0) {
$extra_headers = "Reply-To: {$replytofield}\nErrors-To: " . user_email($sit[2]) . "\n";
$extra_headers .= "X-Mailer: {$CONFIG['application_shortname']} {$application_version_string}/PHP " . phpversion() . "\n";
$extra_headers .= "X-Originating-IP: {$_SERVER['REMOTE_ADDR']}\n";
if ($ccfield != '') {
$extra_headers .= "CC: {$ccfield}\n";
}
if ($bccfield != '') {
$extra_headers .= "BCC: {$bccfield}\n";
}
$extra_headers .= "\n";
// add an extra crlf to create a null line to separate headers from body
// this appears to be required by some email clients - INL
$mime = new MIME_mail($fromfield, $tofield, html_entity_decode($subjectfield), '', $extra_headers, $mailerror);
// INL 5 Aug 09, quoted-printable seems to split lines in unexpected places, base64 seems to work ok
$mime->attach($bodytext, 'bodytext', "text/plain; charset={$GLOBALS['i18ncharset']}", 'quoted-printable', 'inline');
// check for attachment
}
// Don't send email when approving 'all' to avoid an error message
if ($user != 'all') {
$bodytext = "Message from {$CONFIG['application_shortname']}: " . user_realname($sit[2]) . " has ";
if ($approve == 'FALSE') {
$bodytext .= "rejected";
} else {
$bodytext .= "approved";
}
$bodytext .= " your request for ";
if ($startdate == 'all') {
$bodytext .= "all days requested\n\n";
} else {
$bodytext .= "the ";
$bodytext .= date('l j F Y', mysql2date($startdate));
$bodytext .= "\n";
}
$email_from = user_email($sit[2]);
$email_to = user_email($user);
$email_subject = "Re: {$CONFIG['application_shortname']}: Holiday Approval Request";
$rtnvalue = send_email($email_to, $email_from, $email_subject, $bodytext);
// FIXME this should use triggers
}
//if ($rtnvalue===TRUE) echo "<p align='center'>".user_realname($user)." has been notified of your decision</p>";
//else echo "<p class='error'>There was a problem sending your notification</p>";
plugin_do('holiday_ack');
if (mysql_error()) {
trigger_error("MySQL Query Error " . mysql_error(), E_USER_ERROR);
}
header("Location: holiday_request.php?user={$view}&mode=approval");
exit;
$data = array('title' => $title, 'body' => $text, 'color' => $color, 'id' => $id);
$q->execute($data);
$error = $q->errorInfo();
//now, update cm_board_viewers with users who are allowed to see post
//first, delete old viewers
$del_viewers = $dbh->prepare("DELETE FROM cm_board_viewers WHERE post_id = ?");
$del_viewers->bindParam(1, $id);
$del_viewers->execute();
//second, add current viewers
$viewers_query = $dbh->prepare("INSERT INTO cm_board_viewers (`id`, `post_id`,`viewer`) VALUES (NULL,:post_id,:viewer)");
foreach ($viewers as $v) {
$data = array('post_id' => $id, 'viewer' => $v);
$viewers_query->execute($data);
//Notify viewer; TODO test with mail server
$author = username_to_fullname($dbh, $_SESSION['login']);
$email = user_email($dbh, $v);
$subject = "ClinicCases: {$author} posted on your Board";
$body = "{$author} posted on your Board in ClinicCases: {$title}.\n\n" . CC_EMAIL_FOOTER;
mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM);
}
break;
case 'delete':
$q = $dbh->prepare("DELETE FROM cm_board WHERE id = ?");
$q->bindParam(1, $item_id);
$q->execute();
$error = $q->errorInfo();
//check for attachments and delete them
$attch = $dbh->prepare("SELECT * FROM cm_board_attachments WHERE post_id = ?");
$attch->bindParam(1, $item_id);
$attch->execute();
if ($attch->rowCount() > 0) {
ini_set('session.cookie_lifetime', 0);
// ini_set('session.cookie_secure', 1); only on https
ini_set('session.cookie_httponly', 1);
ini_set('session.use_cookies', 1);
ini_set('session.use_only_cookies', 1);
ini_set('session.cache_expire', 30);
ini_set('default_socket_timeout', 60);
ini_set('session.entropy_file', '/dev/urandom');
ini_set('session.entropy_length', 256);
ini_set('session.gc_maxlifetime', 2678400);
session_set_cookie_params(0);
session_start();
// Reset session variables in case stuff changed
if (logged_in()) {
if (account_exists(user_email())) {
create_session(user_email(), false);
} else {
destroy_session();
}
}
function destroy_session()
{
if (ini_get("session.use_cookies")) {
$params = session_get_cookie_params();
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
}
if (isset($_COOKIE['login'])) {
unset($_COOKIE['login']);
setcookie('login', '', time() - 3600, '/');
}
session_unset();
