function update(Volunteer $obj)
{
$dir = realpath(root . DIRECTORY_SEPARATOR . "assets" . DIRECTORY_SEPARATOR . "images" . DIRECTORY_SEPARATOR . "volunteers");
$file = new File($dir);
$columns = array('name', 'fb', 'tw', 'gp', 'email', 'about');
$data = array($_REQUEST['name'], $_REQUEST['fb'], $_REQUEST['tw'], $_REQUEST['gp'], $_REQUEST['email'], $_REQUEST['about']);
if (isset($_FILES['image']['name']) && !empty($_FILES['image']['name'])) {
$unique_name = uniqid() . "." . pathinfo(basename($_FILES['image']['name']), PATHINFO_EXTENSION);
$images = $unique_name;
$file->uploadFile($unique_name, $_FILES['image']['tmp_name']);
$columns[] = 'image';
$data[] = $unique_name;
}
return $obj->updateVolunteerInfo($_REQUEST['id'], $columns, $data);
}
public function showHome()
{
$user_id = $_SESSION['user_id'];
$this->setGroup();
$user = Volunteer::find($user_id);
return View::make('home')->with('user', $user);
}
/**
* Run the database seeds.
*
* @return void
*/
public function run()
{
Eloquent::unguard();
DB::table('propel_fellow_wingman')->delete();
DB::table('propel_student_wingman')->delete();
Subject::truncate();
DB::table('propel_city_subject')->delete();
CalendarEvent::truncate();
CancelledCalendarEvent::truncate();
WingmanModule::truncate();
WingmanTime::truncate();
VolunteerTime::truncate();
WingmanJournal::truncate();
$fellow = Fellow::find(1);
$wingman1 = Wingman::find(2);
$wingman2 = Wingman::find(3);
$fellow->wingman()->attach($wingman1);
$fellow->wingman()->attach($wingman2);
$student1 = Student::find(3);
$student2 = Student::find(4);
$wingman1->student()->attach($student1);
$wingman1->student()->attach($student2);
$cEvent1 = new CalendarEvent();
$cEvent1->type = 'volunteer_time';
$cEvent1->student()->associate($student1);
$cEvent1->status = 'created';
$cEvent1->save();
$vTime1 = new VolunteerTime();
$vTime1->calendarEvent()->associate($cEvent1);
$volunteer1 = Volunteer::find(4);
$vTime1->volunteer()->associate($volunteer1);
$subject1 = new Subject();
$subject1->name = "English";
$subject1->save();
$vTime1->subject()->associate($subject1);
$vTime1->save();
$cEvent2 = new CalendarEvent();
$cEvent2->type = 'wingman_time';
$cEvent2->student()->associate($student1);
$cEvent2->status = 'created';
$cEvent2->save();
$wTime1 = new WingmanTime();
$wTime1->calendarEvent()->associate($cEvent2);
$wTime1->wingman()->associate($wingman1);
$wModule1 = new WingmanModule();
$wModule1->name = "Programming";
$wModule1->save();
$wTime1->wingmanModule()->associate($wModule1);
$wTime1->save();
$city1 = City::find(1);
$subject1->city()->attach($city1);
$wJournal1 = new WingmanJournal();
$wJournal1->type = 'formal';
$wJournal1->title = "Day at Navy Camp";
$wJournal1->mom = "It was awesome";
$wJournal1->student()->associate($student1);
$wJournal1->wingman()->associate($wingman1);
$wJournal1->save();
}
public function selectStudents($wingman_id)
{
$user_id = $wingman_id;
$city_id = Volunteer::find($user_id)->city_id;
$wingman = Wingman::where('id', '=', $user_id)->first();
$selected_student = DB::table('propel_student_wingman as A')->join('Student as B', 'B.id', '=', 'A.student_id')->join('Center as C', 'C.id', '=', 'B.center_id')->select('A.student_id as id', 'B.name as student_name', 'C.name as center_name')->where('A.wingman_id', '=', $user_id)->get();
$student_list = DB::table('Student as A')->join('Center as D', 'D.id', '=', 'A.center_id')->join('City as E', 'E.id', '=', 'D.city_id')->select('A.id as id', 'A.name as name', 'D.name as center_name', 'A.description as grade')->distinct()->where('E.id', $city_id)->where('D.status', '=', '1')->orderBy('A.name', 'ASC')->get();
foreach ($student_list as $student) {
foreach ($selected_student as $selected) {
if ($student->id == $selected->id) {
$student->grade = "checked";
}
}
}
return View::make('settings/select-students')->with('selected_student', $selected_student)->with('wingman', $wingman)->with('student_list', $student_list);
}
public function showList($user_id)
{
$entries = WingmanJournal::where('wingman_id', '=', $user_id)->get();
$session_id = $_SESSION['user_id'];
$user = Volunteer::find($session_id);
$groups = $user->group()->get();
foreach ($groups as $group) {
if ($group->name == 'Propel Multiplier' || $group->name == 'Propel Fellow') {
$user_group = 'Propel Fellow';
} elseif ($group->name == 'Propel Wingman') {
$user_group = 'Propel Wingman';
} elseif ($group->name == 'Propel Strat') {
$user_group = 'Propel Strat';
} elseif ($group->name == 'Aftercare Wingman') {
$user_group = 'Aftercare Wingman';
} elseif ($group->name == 'Program Director, Propel') {
$user_group = 'Program Director, Propel';
}
}
return View::make('wingman-journal', ['entries' => $entries, 'user_group' => $user_group]);
}
$listing = Listing::getListingByListingId($pdo, $id);
if ($listing === null) {
throw new RuntimeException("Listing does not exist", 404);
}
$listing = Listing::getListingByListingId($pdo, $id);
$listing->setListingClaimedBy($requestObject->listingClaimedBy);
$listing->setListingClosed($requestObject->listingClosed);
$listing->setListingCost($requestObject->listingCost);
$listing->setListingMemo($requestObject->listingMemo);
$listing->setListingParentId($requestObject->listingParentId);
$listing->setListingPostTime($requestObject->listingPostTime);
$listing->setListingTypeId($requestObject->listingTypeId);
$listing->update($pdo);
$pusher->trigger("listing", "update", $listing);
//if this isn't supposed to be an admin, take away the temporary admin access
$security = Volunteer::getVolunteerByVolId($pdo, $_SESSION["volunteer"]->getVolId());
if ($security->getVolIsAdmin() === false) {
$_SESSION["volunteer"]->setVolIsAdmin(false);
}
$reply->message = "Listing updated OK";
} elseif ($method === "POST") {
//create new listing
$listing = new Listing(null, $_SESSION["volunteer"]->getOrgId(), $requestObject->listingClaimedBy, $requestObject->listingClosed, $requestObject->listingCost, $requestObject->listingMemo, $requestObject->listingParentId, $requestObject->listingPostTime, $requestObject->listingTypeId);
$listing->insert($pdo);
$pusher->trigger("listing", "new", $listing);
$reply->message = "Listing created OK";
}
} elseif ($method === "DELETE") {
$listing = Listing::getListingByListingId($pdo, $id);
if ($listing === null) {
throw new RuntimeException("Listing does not exist", 404);
/**
* The function that decides what to do and which page to view.
*
* @param $getvars an associative array, representing the GET variables
* from the URL
* @return void
*/
function controlHandler($getvars)
{
global $dao;
//first authorize the user
$ac = new AccessController($getvars);
if (!$ac->isAuthorized()) {
return;
}
//if authorized, move on to displaying the correct page
switch ($getvars['vm_action']) {
case 'process_add':
global $dao;
/*
* First set up a Volunteer object to store all of the
* POST data
*/
if ($_SESSION['logged_in'] && !$dao->isVolunteer($_SESSION['user_id'])) {
$v = new Volunteer();
$v->info['ids'] = array();
$v->p_uuid = $_SESSION['user_id'];
$shn_user = true;
} else {
if (isset($getvars['p_uuid'])) {
$v = new Volunteer($getvars['p_uuid']);
$shn_user = false;
} else {
$v = new Volunteer();
$v->info['ids'] = array();
$shn_user = false;
}
}
$v->info['full_name'] = $getvars['full_name'];
$v->info['ids'][$getvars['id_type']] = trim($getvars['serial']);
$v->info['gender'] = $getvars['gender'];
$v->info['dob'] = $getvars['dob'];
$v->info['date_start'] = $getvars['start_date'];
$v->info['date_end'] = $getvars['end_date'];
$v->info['hour_start'] = $getvars['hrs_avail_start'];
$v->info['hour_end'] = $getvars['hrs_avail_end'];
$v->info['occupation'] = $getvars['occupation'];
$v->info['affiliation'] = $getvars['affiliation'];
$v->info['special_needs'] = $getvars['special_needs'];
$v->info['locations'] = array();
shn_get_parents(shn_location_get_form_submit_loc(), $v->info['locations']);
$v->info['contact'] = array();
// put every input that begins with 'contact_' into the contact array
foreach ($getvars as $key => $value) {
if (substr($key, 0, strlen('contact_')) == 'contact_') {
$v->info['contact'][substr($key, strlen('contact_'))] = $value;
}
}
$v->info['contact_prefer'] = $getvars['prefered_confirm_medium'];
//add skills information
$v_skills = array();
$skill_ids = $dao->getSkillIDs();
foreach ($skill_ids as $skill) {
if ($getvars["SKILL_{$skill}"] == 'on') {
$v_skills[] = $skill;
}
}
$v->info['skills'] = $v_skills;
//add Sahana account information if necessary
if ($getvars['reg_account'] == 'true') {
$v->info['account_info'] = array('account_name' => $getvars['full_name'], 'user_name' => $getvars['user_name'], 'pass' => $getvars['pass1']);
$v->p_uuid = $getvars['existing_puuid'];
}
View::View($v);
/*
* Check to see if the POST data is valid and act accordingly
*/
if ($this->validateAddForm($getvars = array_merge($_REQUEST, $_FILES))) {
$v->save($shn_user);
// picture
$p = $_FILES['picture'];
if (!empty($p['tmp_name'])) {
$pic = new VMPicture();
$pic->original = file_get_contents($p['tmp_name']);
$pic->name = $p['name'];
$pic->type = $p['type'];
$pic->size = $p['size'];
$pic->p_uuid = $v->p_uuid;
if ($pic->resize()) {
$pic->save();
} else {
add_error(_("The image file is invalid, or is not of a supported type."));
}
}
add_confirmation(_('Changes saved.'));
//if we just created a Sahana account, direct the user to log in
if (!$_SESSION['logged_in']) {
$this->displayPleaseLogin();
} else {
$this->displayVolunteer($v->p_uuid);
}
} else {
if (!empty($getvars['p_uuid'])) {
$this->addVolunteer(new Volunteer($getvars['p_uuid']));
} else {
$this->addVolunteer();
}
}
break;
case 'display_add':
View::View();
if ($dao->isVolunteer($_SESSION['user_id'])) {
//if this user is a volunteer already, display the edit form
$this->addVolunteer(new Volunteer($_SESSION['user_id']));
} else {
//otherwise display the add form
$this->addVolunteer();
}
break;
case 'display_edit':
View::View();
$this->addVolunteer(new Volunteer($getvars['p_uuid']));
break;
case 'display_confirm_delete':
View::View();
$this->confirmDelete($getvars['p_uuid']);
break;
case 'display_change_pass':
View::View();
$this->changePass($_SESSION['user_id']);
break;
case 'process_change_pass':
global $global;
require_once $global['approot'] . 'inc/lib_security/lib_auth.inc';
if ($this->validateChangePassForm($getvars = $_REQUEST)) {
if (shn_change_password($getvars['p_uuid'], $getvars['cur_pass'], $getvars['pass1']) === true) {
add_error(SHN_ERR_VM_PASSWORD_NOT_MATCH);
$this->changePass($getvars['p_uuid']);
} else {
add_confirmation(_("Your Password has been updated"));
}
} else {
$this->changePass($getvars['p_uuid']);
}
break;
case 'process_delete':
$v = new Volunteer();
$v->delete($getvars['p_uuid']);
View::View();
$this->displayConfirmation('The requested user was deleted.');
$extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
$this->listVolunteers($dao->getVolunteers(), $extra_opts);
break;
case 'display_list_all':
View::View();
$extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
$this->listVolunteers($dao->getVolunteers(), $extra_opts);
$this->showPagingNavigation("index.php?mod=vm&act=volunteer&vm_action=display_list_all");
break;
case 'display_list_assigned':
View::View();
$extra_opts = array('showPictures' => true, 'showAvailability' => true, 'showLocation' => true, 'showStatus' => true, 'showAffiliation' => true);
$this->listVolunteers($dao->getVolunteers(null, VM_SHOW_ALL_VOLUNTEERS_ASSIGNED), $extra_opts);
$this->showPagingNavigation("index.php?mod=vm&act=volunteer&vm_action=display_list_assigned");
break;
case 'display_mailbox':
View::View(new Volunteer($_SESSION['user_id']));
$this->displayMailbox($getvars['box']);
break;
case 'display_message':
/*
* Since we are passing $_SESSION['user_id'] as the p_uuid of the user here,
* we can only view the message (i.e., the query will only succeed) if it belongs
* to the current logged in user. Therefore, there is no need for extra access
* control checks on displaying a message here.
*/
View::View();
$this->displayMessage($_SESSION['user_id'], $getvars['msg_id'], $getvars['box']);
break;
case 'process_delete_message':
global $dao;
$dao->deleteMessage($_SESSION['user_id'], $getvars['msg_id'], $getvars['box'] != 'outbox');
//add_confirmation('_(Message has been deleted'));
View::View(new Volunteer($_SESSION['user_id']));
$this->displayMailbox($getvars['box']);
break;
case 'display_send_message':
$this->displaySendMessageForm();
break;
case 'process_send_message':
global $dao;
if ($this->validateSendMessageForm($getvars = $_REQUEST)) {
$message = stripslashes($getvars['message']);
$message = strtr($message, array("'" => "\\'"));
//have to escape any single quotes otherwise querying won't work
$dao->sendMessage($_SESSION['user_id'], $getvars['to'], $message);
add_confirmation(_("Message Sent"));
} else {
$to_list = array();
$to = $getvars['to'];
if (isset($to)) {
foreach ($to as $person) {
$to_list[$person] = $dao->getPersonName($person);
}
}
$this->displaySendMessageForm($to_list);
}
break;
case 'display_search':
$advanced = $getvars['advanced'] == 'true';
$this->openSearchForm();
$this->displaySearchForm($advanced);
break;
case 'process_search':
global $dao, $global;
include_once $global['approot'] . 'mod/vm/lib/vm_validate.inc';
View::View();
//print_r($getvars);
$vol_name = $getvars['vol_name'];
//name to search by
$vol_id = $getvars['vol_iden'];
//Identification number to search by
$loose = false;
$soundslike = false;
$start_date = $getvars['start_date'];
//availability start
$end_date = $getvars['end_date'];
//availability end
$skills_matching = $getvars['skills_matching'] == 'and_skills' ? VM_SKILLS_ALL : VM_SKILLS_ANY;
//search for all or any of the skills present
$unassigned = $getvars['unassigned'] == 'true';
//true to search for only unassigned volunteers
$assigning = $getvars['assigning'];
//true if we are using the search to assign volunteers
$advanced = $getvars['advanced'] == 'true';
//true if we are using an advanced search
$just_assigned_vol = $getvars['p_uuid'] != '' && $assigning;
//true if we just assigned a volunteer to a project (nice to know if no results are found to not display an error)
$date_constraint = $getvars['date_constraint'] == 'full_date';
//true if we must check for availability for the entire date range specified, false to check for any portion of the data range
$positions = $getvars['positions'];
if ($assigning) {
$assigning_proj = $getvars['proj_id'];
} else {
$assigning_proj = null;
}
$location = '';
if (shn_vm_location_selected()) {
$location = shn_location_get_form_submit_loc();
}
$skills = array();
$skill_ids = $dao->getSkillIDs();
foreach ($skill_ids as $sk) {
if ($getvars["SKILL_{$sk}"] == 'on') {
$skills[] = $sk;
}
}
//if we're not using the search results to do assigning, open the form here so that all of our paging navigation
//will also be part of the form
if (!$assigning) {
$this->openSearchForm();
}
//Validate the fields
if ($this->validateSearchForm($getvars)) {
//get the search results and display them
$results = $dao->getVolSearchResults($vol_id, $vol_name, $skills, $skills_matching, $start_date, $end_date, $location, $date_constraint, $unassigned, $loose, $soundslike, $assigning_proj);
$this->displaySearchResults($results, $assigning, $assigning_proj, $advanced, $just_assigned_vol, $positions);
}
if (!$assigning) {
$this->displaySearchForm($advanced, false);
} else {
$this->displaySearchForm(true, true);
}
break;
case 'display_single':
$v = new Volunteer($getvars['p_uuid']);
View::View($v);
$this->displayVolunteer($getvars['p_uuid']);
break;
case 'process_remove_picture':
$dao->deletePicture($dao->getPictureID($_GET['id']));
View::View();
if (empty($getvars['p_uuid'])) {
$this->addVolunteer();
} else {
$this->addVolunteer(new Volunteer($getvars['p_uuid']));
}
break;
case 'display_portal':
View::View(new Volunteer($_SESSION['user_id']));
$this->displayPortal();
break;
case 'display_report_all':
View::View();
$this->displayVolunteerReport($dao->getVolunteersForReport());
break;
case 'display_custom_report_select_for_mgrs':
$this->displayCustomReportFilterForMgrs($dao->listProjects($_SESSION['user_id'], true, true));
break;
case 'display_custom_report_select':
View::View();
$projects = array('ALL_PROJECTS' => '(all)') + $dao->listProjects(null, false, true);
$orgs = array('ALL_ORGS' => '(all)') + $dao->getOrganizations(true);
$this->displayCustomReportFilter($projects, $orgs, $dao->getVolunteerNames(true));
break;
case 'display_custom_report':
View::View();
$extra_opts = array();
$proj_id = null;
$org_id = null;
$vols = array();
if (isset($getvars['proj_id']) && $getvars['proj_id'] != 'ALL_PROJECTS') {
$proj_id = $getvars['proj_id'];
$extra_opts['reportProjName'] = $dao->getProjectName($proj_id);
}
if (isset($getvars['org_id']) && $getvars['org_id'] != 'ALL_ORGS') {
$org_id = $getvars['org_id'];
$temp = $dao->getOrganizationInfo($org_id);
$extra_opts['reportOrgName'] = $temp['name'];
}
if (!empty($getvars['vols']) && is_array($getvars['vols'])) {
$extra_opts['reportingSpecificVolunteers'] = true;
$vols = $getvars['vols'];
}
$this->displayVolunteerReport($dao->getVolunteersForReport($proj_id, $org_id, $vols), $extra_opts);
break;
case 'display_modify_skills':
$this->displayModifySkills();
break;
case 'process_add_skill':
global $global;
require_once $global['approot'] . 'mod/vm/lib/vm_validate.inc';
if (empty($getvars['skill_desc']) || empty($getvars['skill_code'])) {
add_error(_('Please specify both a skill description and skill code'));
} else {
//validate skill code length
if (strlen(trim($getvars['skill_code'])) < 4 || strlen(trim($getvars['skill_code'])) > 5) {
add_error(_('Skill code should be 4 - 5 letters'));
} else {
$find = array("/ *" . VM_SKILLS_DELIMETER . " */", "/^ +/", "/ +\$/");
$replace = array("-", '', '');
$description = preg_replace($find, $replace, $getvars['skill_desc']);
if (!$dao->addSkill($getvars['skill_code'], $description)) {
add_error(_('The specified skill code already exists. Please choose another'));
} else {
add_confirmation("Skill '{$description}' added");
unset($_POST);
}
}
}
$this->displayModifySkills();
break;
case 'process_remove_skill':
if (!empty($_REQUEST['skills'])) {
foreach ($_REQUEST['skills'] as $code) {
$dao->removeSkill($code);
add_confirmation("Deleted {$code}");
}
}
$this->displayModifySkills();
break;
case 'display_approval_management':
//currently only site manager approval is allowed, later credential approval will be added
$this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
break;
case 'process_approval_modifications':
//currently only site manager approval is allowed, later credential approval will be added
$dao->updateAbilityStatus($getvars['vol_id'], 'MGR', isset($getvars['approve']));
add_confirmation(_('Approval information has been updated'));
$this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
break;
case 'process_approval_upgrades':
//currently only site manager approval is allowed, later credential approval will be added
$dao->updateAbilityStatus($getvars['vol_id'], 'MGR', true);
add_confirmation(_('Approval information has been updated'));
$this->displayApprovalForm($dao->getVolunteerNames(), $dao->getVolunteersByAbility('MGR'));
break;
case 'process_log_time':
$start = strtotime($getvars['startDate'] . ' ' . $getvars['startTime']);
if (empty($getvars['numHours'])) {
$end = strtotime($getvars['endDate'] . ' ' . $getvars['endTime']);
} else {
$end = $start + $getvars['numHours'] * 60 * 60;
}
if (($e = validateShiftTimes($start, $end)) === VM_OK) {
if ($dao->logShift($getvars['p_uuid'], $getvars['pos_id'], $start, $end)) {
$this->displayConfirmation('Your time was logged successfully.');
$v = new Volunteer($getvars['p_uuid']);
View::View($v);
$this->displayVolunteer($getvars['p_uuid']);
} else {
add_error(_("There was a problem logging your time. Please go back and try again."));
}
} else {
add_error(_("Error logging time:") . $e);
$this->showLogTime($getvars['p_uuid'], $getvars['pos_id']);
}
break;
case 'review_hours':
if (empty($getvars['proj_id'])) {
$this->displaySelectReviewHours();
} else {
$this->displayReviewHours($getvars['proj_id']);
}
break;
case 'process_review_hours':
$this->dao->reviewShift($getvars['shift_id'], $getvars['status']);
$this->displayReviewHours($getvars['p_uuid'], $getvars['pos_id']);
break;
default:
if ($_SESSION['logged_in']) {
View::View(new Volunteer($_SESSION['user_id']));
$this->displayPortal();
}
}
}
<?php
$config = new Config();
$volunteer = new Volunteer();
$client = new Clients();
$Volunteers = $volunteer->getVolunteers();
$clients = $client->getClinets();
$pm = new PageManager();
?>
<!DOCTYPE html>
<html ng-app="WomenLine" lang="en">
<head>
<meta charset="UTF-8">
<base href="<?php
echo $config->site_address;
?>
">
<script src="<?php
echo assets;
?>
pace/pace.min.js"></script>
<link href="<?php
echo assets;
?>
pace/pace.css" rel="stylesheet" />
<meta name="viewport" content="width=device-width,initial-scale=1.0"/>
<meta http-equiv="content-type" content="text/html; charset=UTF-8"/>
<meta name="description" content="WomenLine" />
<meta name="keywords" content="building,business,construction,cleaning,transport,workshop" />
<meta name="author" content="WomenLine" />
<title>Loading...</title>
/**
* retrieves all volunteers
*
* @param PDO $pdo pdo connection object
* @return SplFixedArray all organizations
* @throws PDOException if mySQL errors occur
*/
public static function getAllVolunteers(PDO $pdo)
{
//create query template
$query = "SELECT volId, orgId, volEmail, volEmailActivation, volFirstName, volHash, volIsAdmin, volLastName, volPhone, volSalt FROM volunteer";
$statement = $pdo->prepare($query);
$statement->execute();
///call the function to build an array of the retrieved results
try {
$retrievedVol = Volunteer::storeSQLResultsInArray($statement);
} catch (Exception $exception) {
//rethrow the exception if retrieval failed
throw new PDOException($exception->getMessage(), 0, $exception);
}
return $retrievedVol;
}
public function find($id)
{
$event = Volunteer::find($id);
return $event;
}
/**
* Returns the data model based on the primary key given in the GET variable.
* If the data model is not found, an HTTP exception will be raised.
* @param integer $id the ID of the model to be loaded
* @return Volunteer the loaded model
* @throws CHttpException
*/
public function loadModel($id)
{
$model = Volunteer::model()->findByPk($id);
if ($model === null) {
throw new CHttpException(404, 'The requested page does not exist.');
}
return $model;
}
<?php
/**
* Created by PhpStorm.
* User: Asus
* Date: 5/30/2015
* Time: 1:28 PM
*/
require_once "../../includes/loader.php";
$volunteers = new Volunteer();
header("Content-type: application/json; charset=utf-8");
echo json_encode($volunteers->getVolunteers());
<?php
$config = new Config();
$url = new URL();
$obj = new Volunteer();
$item_list = $obj->getVolunteers();
$id = $url->getRequestedItem();
echo Comman::loadView('admin-header');
if ($url->getRequestedFunction() != 'edit') {
?>
<div class="container">
<div class="row">
<div class="col-md-4 col-md-offset-4">
<div class="panel">
<div class="panel-heading">
<div class="panel-title">Add Volunteer</div>
</div>
<div class="panel-body">
<form action="<?php
echo Comman::getController('volunteer');
?>
?action=create" method="post">
<label for="name">Name</label>
<input type="text" required name="name" id="name" placeholder="Name" class="form-control">
<input type="hidden" name="return_path" value="<?php
echo $url->getRequestedUri();
?>
/edit/">
<button type="submit" class="btn btn-primary" style="margin-top: 10px;">Add</button>
</form>
</div>
public function testValidPut()
{
//create a new volunteer, and insert into the database
$volunteer = new Volunteer(null, $this->valid_org_id, $this->VALID_EMAIL, $this->VALID_EMAIL_ACTIVATION, $this->VALID_FIRST_NAME, $this->VALID_HASH, $this->VALID_ADMIN, $this->VALID_LAST_NAME, $this->VALID_PHONE, $this->VALID_SALT);
$volunteer->insert($this->getPDO());
//update the volunteer
$volunteer->setVolPhone($this->VALID_ALT_PHONE);
//$volunteer->setVolEmail($this->VALID_ALT_EMAIL);
// var_dump($volunteer->getVolId());
//send the info to update the API
$response = $this->guzzle->put('https://bootcamp-coders.cnm.edu/~kkeller13/bread-basket/public_html/php/api/volunteer/' . $volunteer->getVolId(), ['allow-redirects' => ['strict' => true], 'json' => $volunteer, 'headers' => ['X-XSRF-TOKEN' => $this->token]]);
// var_dump($response);
$newVolunteer = Volunteer::getVolunteerByVolId($this->getPDO(), $volunteer->getVolId());
var_dump($newVolunteer);
//ensure the response was sent, and the api returned a positive status
$this->assertSame($response->getStatusCode(), 200);
$body = $response->getBody();
var_dump((string) $response->getBody());
$retrievedVol = json_decode($body);
// var_dump($retrievedVol);
$this->assertSame(200, $retrievedVol->status);
//pull the value from the DB, and make sure it was properly updated
$newvol = Volunteer::getVolunteerByVolId($this->getPDO(), $volunteer->getVolId());
$this->assertSame($newvol->getVolPhone(), $this->VALID_ALT_PHONE);
}
function form_insert()
{
$MyVolunteer = new Volunteer();
$MyVolunteer->UserId = $_POST['user_id'];
$MyVolunteer->FirstName = $_POST['first_name'];
$MyVolunteer->MiddleName = $_POST['middle_name'];
$MyVolunteer->LastName = $_POST['last_name'];
$MyVolunteer->DOBMonth = $_POST['dob_month'];
$MyVolunteer->DOBDay = $_POST['dob_day'];
$MyVolunteer->DOBYear = $_POST['dob_year'];
$MyVolunteer->Gender = $_POST['gender'];
$MyVolunteer->HomeAddress = $_POST['home_address1'];
$MyVolunteer->HomeAddress2 = $_POST['home_address2'];
$MyVolunteer->HomeCity = $_POST['home_city'];
$MyVolunteer->HomeState = $_POST['home_state'];
$MyVolunteer->HomeZip = $_POST['home_zip'];
$MyVolunteer->HomeCountry = $_POST['home_country'];
$MyVolunteer->Phone1 = $_POST['phone1'];
$MyVolunteer->Phone2 = $_POST['phone2'];
$MyVolunteer->Email1 = $_POST['email1'];
$MyVolunteer->Email2 = $_POST['email2'];
$MyVolunteer->Branch = $_POST['branch'];
$MyVolunteer->ValueCenter = $_POST['value_center'];
$MyVolunteer->WorkAddress = $_POST['work_address1'];
$MyVolunteer->WorkAddress2 = $_POST['work_address2'];
$MyVolunteer->WorkCity = $_POST['work_city'];
$MyVolunteer->WorkState = $_POST['work_state'];
$MyVolunteer->WorkZip = $_POST['work_zip'];
$MyVolunteer->WorkCountry = $_POST['work_country'];
$MyVolunteer->AmbassadorChampion = $_POST['ambassador_champion'];
$MyVolunteer->KnowAmbassadorChampion = $_POST['know_ambassador_champion'];
$MyVolunteer->AmbassadorChampionNames = $_POST['ambassador_champion_names'];
$MyVolunteer->Participated = $_POST['participated'];
$MyVolunteer->Which = $_POST['which'];
$MyVolunteer->Hear = $_POST['hear'];
$MyVolunteer->PrimaryLanguage = $_POST['primary_language'];
$MyVolunteer->PrimaryLanguageProficiency = $_POST['primary_language_proficiency'];
$MyVolunteer->SecondaryLanguage = $_POST['secondary_language'];
$MyVolunteer->SecondaryLanguageProficiency = $_POST['secondary_language_proficiency'];
$MyVolunteer->OtherLanguages = $_POST['other_languages'];
$MyVolunteer->AdvancedDegree = $_POST['advanced_degree'];
$MyVolunteer->AdvancedDegreeYN = $_POST['advanced_degree_yn'];
$MyVolunteer->AdvancedDegree_list = $_POST['advanced_degree_list'];
$MyVolunteer->Certification = $_POST['certification'];
$MyVolunteer->Experience = implode(', ', $_POST['experience']);
$MyVolunteer->OtherList = $_POST['other_list'];
$MyVolunteer->CarryLoads = $_POST['carry_loads'];
$MyVolunteer->Feet = $_POST['feet'];
$MyVolunteer->SmartPhone = $_POST['smart_phone'];
$MyVolunteer->Travel = $_POST['travel'];
$MyVolunteer->SolveWater = $_POST['solve_water'];
$MyVolunteer->WhyTrip = $_POST['why_trip'];
$MyVolunteer->Learn = $_POST['learn'];
$MyVolunteer->Liability = $_POST['liability'];
$MyVolunteer->Responsibilities = $_POST['responsibilities'];
$MyVolunteer->Policies = $_POST['policies'];
$MyVolunteer->BlogPermission = $_POST['blog_permission'];
$MyVolunteer->PersonalInfo = $_POST['personal_info'];
$MyVolunteer->Save();
}
**/
if ($numSent !== count($recipients)) {
// the $failedRecipients parameter passed in the send() method now contains contains an array of the Emails that failed
throw new RuntimeException("unable to send email", 404);
}
}
} elseif ($method === "DELETE") {
//verifyXsrf();
//if they shouldn't have admin access to this method, kill the temp access and boot them
//check by retrieving their original volunteer from the DB and checking
$security = Volunteer::getVolunteerByVolId($pdo, $_SESSION["volunteer"]->getVolId());
if ($security->getVolIsAdmin() === false) {
$_SESSION["volunteer"]->setVolIsAdmin(false);
throw new RunTimeException("Access Denied", 403);
}
$volunteer = Volunteer::getVolunteerByVolId($pdo, $id);
if ($volunteer === null) {
throw new RangeException("Volunteer does not exist", 404);
}
$volunteer->delete($pdo);
$deletedObject = new stdClass();
$deletedObject->volunteerId = $id;
$reply->message = "Volunteer deleted OK";
}
} else {
//if not an admin, and attempting a method other than get, throw an exception
if (empty($method) === false && $method !== "GET") {
throw new RuntimeException("Only administrators are allowed to modify entries", 401);
}
}
//send exception back to the caller
public static function setGroup()
{
$user_id = $_SESSION['user_id'];
$user = Volunteer::find($user_id);
$groups = $user->group()->get();
$fellow = false;
$wingman = false;
foreach ($groups as $group) {
if ($group->name == 'Propel Multiplier') {
$fellow = true;
} elseif ($group->name == 'Propel Wingman') {
$wingman = true;
}
}
if ($fellow == true) {
View::share('user_group', 'Propel Multiplier');
} elseif ($wingman == true) {
View::share('user_group', 'Propel Wingman');
}
}
require_once "/etc/apache2/capstone-mysql/encrypted-config.php";
//composer for Swiftmailer
require_once dirname(dirname(dirname(dirname(__DIR__)))) . "/vendor/autoload.php";
//verify the xsrf challenge
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
// prepare default error message
$reply = new stdClass();
$reply->status = 200;
$reply->data = null;
try {
//grab the mySQL connection
$pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/breadbasket.ini");
$volEmailActivation = filter_input(INPUT_GET, "emailActivation", FILTER_SANITIZE_STRING);
$volunteer = Volunteer::getVolunteerByVolEmailActivation($pdo, $volEmailActivation);
if (empty($volunteer) === true) {
throw new InvalidArgumentException("Activation code has been activated or does not exist", 404);
} else {
$volunteer->setVolEmailActivation(null);
$volunteer->update($pdo);
}
$reply->data = "Congratulations, your account has been activated!";
//redirect them somewhere
// building the activation link that can travel to another server and still work. This is the link that will be clicked to confirm the account.
$basePath = $_SERVER["SCRIPT_NAME"];
//iterate to get to the right path (gotta be a cleaner way to do this...)
for ($i = 0; $i < 3; $i++) {
$lastSlash = strrpos($basePath, "/");
$basePath = substr($basePath, 0, $lastSlash);
}
/**
* test grabbing a volunteer by Email Activation
*/
public function testGetVolunteerByVolEmailActivation()
{
// count the number of rows and save it for later
$numRows = $this->getConnection()->getRowCount("volunteer");
// create a new Volunteer and insert to into mySQL
$volunteer = new Volunteer(null, $this->organization->getOrgId(), $this->VALID_EMAIL, $this->VALID_EMAIL_ACTIVATION, $this->VALID_FIRST_NAME, $this->VALID_HASH, $this->VALID_VOL_IS_ADMIN, $this->VALID_LAST_NAME, $this->VALID_PHONE, $this->VALID_SALT);
$volunteer->insert($this->getPDO());
// grab the data from mySQL and enforce the fields match our expectations
$pdoVolunteer = Volunteer::getVolunteerByVolEmailActivation($this->getPDO(), $volunteer->getVolEmailActivation());
$this->assertSame($numRows + 1, $this->getConnection()->getRowCount("volunteer"));
$this->assertSame($pdoVolunteer->getOrgId(), $this->organization->getOrgId());
$this->assertSame($pdoVolunteer->getVolEmail(), $this->VALID_EMAIL);
$this->assertSame($pdoVolunteer->getVolEmailActivation(), $this->VALID_EMAIL_ACTIVATION);
$this->assertSame($pdoVolunteer->getVolFirstName(), $this->VALID_FIRST_NAME);
$this->assertSame($pdoVolunteer->getVolHash(), $this->VALID_HASH);
$this->assertSame($pdoVolunteer->getVolIsAdmin(), $this->VALID_VOL_IS_ADMIN);
$this->assertSame($pdoVolunteer->getVolLastName(), $this->VALID_LAST_NAME);
$this->assertSame($pdoVolunteer->getVolPhone(), $this->VALID_PHONE);
$this->assertSame($pdoVolunteer->getVolSalt(), $this->VALID_SALT);
}
$volEmail = filter_var($requestObject->volEmail, FILTER_SANITIZE_EMAIL);
$volunteer = Volunteer::getVolunteerByVolEmail($pdo, $volEmail);
if ($volunteer !== null) {
throw new RuntimeException("This email already has an account", 422);
}
// create a new salt and email activation
$volSalt = bin2hex(openssl_random_pseudo_bytes(32));
$volEmailActivation = bin2hex(openssl_random_pseudo_bytes(8));
// create the hash
$volHash = hash_pbkdf2("sha512", $requestObject->password, $volSalt, 262144, 128);
//create a new organization and insert into mySQL
$organization = new Organization(null, $requestObject->orgAddress1, $requestObject->orgAddress2, $requestObject->orgCity, $requestObject->orgDescription, $requestObject->orgHours, $requestObject->orgName, $requestObject->orgPhone, $requestObject->orgState, $requestObject->orgType, $requestObject->orgZip);
$organization->insert($pdo);
$reply->message = "New organization has been created";
//create a new Volunteer and insert into mySQL
$volunteer = new Volunteer(null, $organization->getOrgId(), $requestObject->volEmail, $volEmailActivation, $requestObject->volFirstName, $volHash, true, $requestObject->volLastName, $requestObject->volPhone, $volSalt);
$volunteer->insert($pdo);
$reply->message = "A new administrator has been created";
if ($volunteer->getVolIsAdmin() === true) {
$_SESSION["volunteer"] = $volunteer;
$reply->status = 200;
$reply->message = "Logged in as administrator";
}
// create Swift message
$swiftMessage = Swift_Message::newInstance();
// attach the sender to the message
// this takes the form of an associative array where the Email is the key for the real name
$swiftMessage->setFrom(["*****@*****.**" => "Bread Basket"]);
/**
* attach the recipients to the message
* notice this an array that can include or omit the the recipient's real name
$reply->status = 200;
$reply->message = null;
try {
//start the session and create a XSRF token
if (session_status() !== PHP_SESSION_ACTIVE) {
session_start();
}
//verifyXsrf();
// grab the my SQL connection
$pdo = connectToEncryptedMySQL("/etc/apache2/capstone-mysql/breadbasket.ini");
// convert POSTed JSON to an object
$requestContent = file_get_contents("php://input");
$requestObject = json_decode($requestContent);
// sanitize the email & search by volEmail
$email = filter_var($requestObject->email, FILTER_SANITIZE_EMAIL);
$volunteer = Volunteer::getVolunteerByVolEmail($pdo, $email);
if ($volunteer !== null) {
$volHash = hash_pbkdf2("sha512", $requestObject->password, $volunteer->getVolSalt(), 262144, 128);
if ($volHash === $volunteer->getVolHash()) {
$_SESSION["volunteer"] = $volunteer;
$reply->status = 200;
$reply->message = "Successfully logged in";
} else {
throw new InvalidArgumentException("email or password is invalid", 401);
}
} else {
throw new InvalidArgumentException("email or password is invalid", 401);
}
// create an exception to pass back to the RESTfull caller
} catch (Exception $exception) {
$reply->status = $exception->getCode();
