foreach ($ap as $key => $a) { $q = $dbh->prepare("INSERT INTO cm_adverse_parties (id, case_id, name) VALUES (NULL, :case_id, :name);"); $data = array('case_id' => $_POST['id'], 'name' => $key); $q->execute($data); } } } break; case 'edit': //First, determine if we are opening or closing a case if (!empty($_POST['date_close'])) { $open_close = 'close'; } else { $open_close = 'edit'; } $post = bindPostVals($_POST, $open_close); $q = $dbh->prepare("UPDATE cm SET " . $post['columns'] . " WHERE id = :id"); $q->execute($post['values']); $error = $q->errorInfo(); if ($error[1]) { print_r($error); } //deal with any changes to adverse parties if (!$error[1]) { if (isset($_POST['adverse_parties'])) { //remove old adverse parties $q = $dbh->prepare("DELETE FROM cm_adverse_parties WHERE case_id = ?"); $q->bindParam(1, $_POST['id']); $q->execute(); //put in new adverse parties $ap = unserialize($_POST['adverse_parties']);
$error = $q->errorInfo(); //see if new was set to yes; if so send email. if ($_POST['new'] === 'yes' || $_POST['status'] === 'active') { //Notify new user $email = $_POST['email']; $subject = "ClinicCases: Your ClinicCases account is now activated."; $body = "You new ClinicCases account has been activated. Your username is " . userid_to_username($dbh, $_POST['id']) . ".\n\nPlease log on to ClinicCases at " . CC_BASE_URL; mail($email, $subject, $body, CC_EMAIL_HEADERS, "-f " . CC_EMAIL_FROM); //Set to not new $q = $dbh->prepare("UPDATE cm_users SET new = '' WHERE id = ?"); $q->bindParam(1, $_POST['id']); $q->execute(); } break; case 'create': $post = bindPostVals($_POST); $q = $dbh->prepare("UPDATE cm_users SET " . $post['columns'] . " WHERE id = :id"); $q->execute($post['values']); $error = $q->errorInfo(); if (!$error[1]) { //Create username $fname = trim(str_replace(' ', '', $_POST['first_name'])); $lname = trim(str_replace(' ', '', $_POST['last_name'])); $concat_name = substr($fname, 0, 1) . $lname; $proposed_username = preg_replace("/[^a-zA-Z0-9]/", "", $concat_name); function check_uniqueness($dbh, $proposed_username) { $q = $dbh->prepare("SELECT username FROM cm_users WHERE username = '******'"); $q->execute(); if ($q->rowCount() > 0) { return true;