function testdbPersonsModule()
{
// add two people to the database
$myPerson = new Person("Susan", "L", "portland", "928 SU", "Portland", "ME", 04011, 2074415902, "home", 2072654046, "cell", "*****@*****.**", "volunteer", "", "", "active", "USM", "student", 3, "semester", "I like helping out", "cooking", "", "Mon:9-12:portland,Sun:evening:portland", "", "", "89-02-19", "08-03-14", "internet", "this is a note", "");
$m = new Person("Gabrielle", "Booth", "bangor", "14 Way St", "Harpswell", "ME", 0407, 1112345679, "cell", 7778889999.0, "work", "*****@*****.**", "volunteer", "", "", "active", "National Semiconductor", "VP", "", "year", "a motivation", "a specialty", "", "Mon:9-12:bangor,Sun:morning:bangor", "", "15-01-05:0930-1300:bangor:3.5", "89-02-19", "08-03-14", "friend", "Some notes", "");
$this->assertTrue(add_person($m));
$m2 = new Person("Fred", "Wilson", "portland", "14 Boyer Ave", "Portland", "ME", 04503, 5093456789.0, "home", 5098889999.0, "cell", "*****@*****.**", "volunteer", "", "", "active", "McDonalds", "manager", "", "year", "a motivation2", "First Aid", "", "Wed:9-12:portland,Sun:afternoon:portland", "", "15-02-27:1730-2100:portland:3.5", "91-09-25", "07-04-14", "other", "Some notes", "");
$this->assertTrue(add_person($m2));
// retrieve the person and test the fields
$p = retrieve_person("Gabrielle1112345679");
$this->assertTrue($p !== false);
$this->assertTrue($p->get_status() == "active");
$this->assertTrue($p->get_email() == "*****@*****.**");
$this->assertEqual($p->get_type(), array("volunteer"));
$this->assertEqual($p->get_hours(), array("15-01-05:0930-1300:bangor:3.5"));
$this->assertTrue($p->get_birthday() == "89-02-19");
$p2 = retrieve_person("Fred5093456789");
$this->assertTrue($p2 !== false);
$this->assertTrue($p2->get_status() == "active");
$this->assertTrue($p2->get_email() == "*****@*****.**");
$this->assertEqual($p2->get_type(), array("volunteer"));
$this->assertEqual($p2->get_hours(), array("15-02-27:1730-2100:portland:3.5"));
$this->assertTrue($p2->get_birthday() == "91-09-25");
// remove the person
$this->assertTrue(remove_person("Gabrielle1112345679"));
$this->assertTrue(remove_person("Fred5093456789"));
echo "testdbPersons complete";
}
function testRetrieve_persons_by_name()
{
// $m = new Person("John", "Smith", "Male", "555 Main Street", "Flushing", "NY", "11111", "Queens", PHONE, "2072654046", "*****@*****.**", "volunteer", "applicant","Schedule", "I like helping out", "55555", "03-14-14");
$newProject = new Project(PROJID, "03-12-14", "Main Building", "UnloadDelivery", 10, 13, 15, "", "notes");
echo 'will test retrieve_persons_by_name </br>';
$result = add_person($m);
if ($result) {
echo "add_person - person was inserted </br>";
} else {
echo "add_person - person not inserted </br>";
}
echo "test retrieve_persons_by_name</br>";
$personList = retrieve_persons_by_name("John Smith");
if ($personList == null) {
echo 'Retrieve failed</br>';
} else {
checkEquals($personList[0]->get_id(), ID);
checkEquals($personList[0]->get_phone1(), PHONE);
checkEquals($personList[0]->get_email(), "*****@*****.**");
}
$res = remove_person(ID);
if ($res == null) {
echo 'Retrieve failed</br>';
}
}
function createPerson()
{
$m = new Person("John", "Smith", "10-12-87", "Male", "555 Main Street", "Flushing", "NY", "11111", "7188475582", "2072654046", "*****@*****.**", "volunteer", " ", "Schedule", "I like helping out", "55555", "03-14-14", "email");
$result = add_person($m);
echo 'result is ' . $result . '</br>';
if ($result) {
echo "person was added </br>";
} else {
echo "person already exists in db, not added</br>";
}
}
function testdbPersonsModule()
{
//add a manager
//setup_dbPersons();
$m = new Person("Taylor", "Talmage", "928 SU", "Brunswick", "ME", 04011, 2074415902, 2072654046, "*****@*****.**", "volunteer", "soupkitchen", "C", "active", "Mon:1,Tue:3,Wed:1", "09-19-13,09-16-13", "02-19-89", "03-14-08", "this is a note", "Taylor2074415902");
$this->assertTrue(add_person($m));
//get a person
$p = retrieve_person("Taylor2074415902");
$this->assertTrue($p !== false);
$this->assertEqual($p->get_status(), "active");
$this->assertTrue(remove_person("Taylor2074415902"));
echo "testdbPersons complete";
}
<script src="../../helper/jquery-1.11.1.min.js" type="text/javascript"></script>
<script src="../../css/sweetalert/sweetalert.min.js"></script>
<link rel="stylesheet" type="text/css" href="../../css/sweetalert/sweetalert.css">
<?php
error_reporting(E_ERROR | E_PARSE);
include '../../helper/db_connect.php';
connect_database();
$id = $_GET['id'];
if (isset($_POST["parent"]) && !empty($_POST["parent"])) {
$iparr = split("\\ ", $_POST["parent"]);
$parent_name = $iparr[0];
$parent_surname = $iparr[1];
$parent_status = $_POST["parent_status"];
$parent_id = add_person($parent_name, $parent_surname, '', $parent_status, '', '', '');
add_parent($id, $parent_id, $parent_status);
$persons = get_person_detial($id);
$person = mysql_fetch_assoc($persons);
if ($person['BROTHER_LIST'] != '') {
$brother_array = explode(',', $person['BROTHER_LIST']);
foreach ($brother_array as $brother) {
if ($brother != $id) {
add_parent($brother, $parent_id, $parent_status);
clear_brother_list($brother);
}
}
}
clear_brother_list($id);
}
echo "<script type='text/javascript'>";
//echo "alert('เพิ่มข้อมูลเรียบร้อย');";
echo "\$(document).ready(function() {";
} elseif ($_GET['project_id']) {
$project_id = $_REQUEST['project_id'];
require_once 'edit_project.php';
} elseif ($_POST['action'] == 'edit_project') {
$project_id = $_REQUEST['project_id'];
$new_name = $_POST['project_name'];
$new_url = $_POST['project_url'];
$new_parked = $_POST['parked'];
edit_project($project_id, $new_name, $new_url, $new_parked);
} elseif ($_GET['person_id']) {
$person_id = $_REQUEST['person_id'];
require_once 'edit_person.php';
} elseif ($_POST['action'] == 'add_person') {
$person_name = $_REQUEST['person_name'];
$person_long_name = $_REQUEST['person_long_name'];
$person_role = $_REQUEST['person_role'];
add_person($person_name, $person_long_name, $person_role);
} elseif ($_POST['action'] == 'edit_person') {
$person_id = $_REQUEST['person_id'];
$new_name = $_POST['person_name'];
$new_long_name = $_POST['person_long_name'];
$new_role = $_POST['person_role'];
edit_person($person_id, $new_name, $new_long_name, $new_role);
} elseif ($_GET['action'] == 'list_latest_changes') {
list_latest_changes(get_changes());
} else {
require_once 'trac.php';
require_once 'display.php';
}
/* close MySQL connection */
mysql_close();
<script src="../../helper/jquery-1.11.1.min.js" type="text/javascript"></script>
<script src="../../css/sweetalert/sweetalert.min.js"></script>
<link rel="stylesheet" type="text/css" href="../../css/sweetalert/sweetalert.css">
<?php
error_reporting(E_ERROR | E_PARSE);
include '../../helper/db_connect.php';
connect_database();
$data_id = $_GET['id'];
$count_child = $_POST['count_child'];
if ($count_child > 0) {
for ($i = 1; $i <= $count_child; $i++) {
if (isset($_POST["namechild{$i}"]) && !empty($_POST["namechild{$i}"])) {
echo $_POST["namechild{$i}"];
$iparr = split("\\ ", $_POST["namechild{$i}"]);
$namechild_name = $iparr[0];
$namechild_surname = $iparr[1];
$child_status = $_POST["child" . $i . "_status"];
$child_bday = $_POST["child" . $i . "_bday"];
$namechild_id = add_person($namechild_name, $namechild_surname, $child_bday, $child_status, '', '', '');
$child_relation = $_POST['child' . $i . '_relation'];
add_child($data_id, $namechild_id, $child_relation);
}
}
}
echo "<script type='text/javascript'>";
//echo "alert('เพิ่มข้อมูลเรียบร้อย');";
echo "\$(document).ready(function() {";
echo "sweetAlert('เพิ่มข้อมูลเรียบร้อย','', 'success');";
echo "});";
echo "window.close();";
echo "</script>";
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id, $person)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
if ($person->get_first_name() == "new") {
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
} else {
$first_name = $person->get_first_name();
}
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
$location = $_POST['location'];
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
if ($person->get_first_name() == "new") {
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
$clean_phone1 = preg_replace("/[^0-9]/", "", $phone1);
$phone1type = $_POST['phone1type'];
} else {
$clean_phone1 = $person->get_phone1();
$phone1type = $person->get_phone1type();
}
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = preg_replace("/[^0-9]/", "", $phone2);
$phone2type = $_POST['phone2type'];
$email = $_POST['email'];
$type = implode(',', $_POST['type']);
$screening_type = $_POST['screening_type'];
if ($screening_type != "") {
$screening = retrieve_dbApplicantScreenings($screening_type);
$step_array = $screening->get_steps();
$step_count = count($step_array);
$date_array = array();
for ($i = 0; $i < $step_count; $i++) {
$date_array[$i] = $_POST['screening_status'][$i];
if ($date_array[$i] != "" && $date_array[$i] != "--" && strlen($date_array[$i]) != 8) {
echo '<p>Completion Date for step: "' . $step_array[$i] . '" is in error, please enter mm-dd-yy.<br>';
}
}
$screening_status = implode(',', $date_array);
}
$status = $_POST['status'];
if ($_POST['isstudent'] == "yes") {
$position = "student";
$employer = $_POST['nameofschool'];
} else {
$position = $_POST['position'];
$employer = $_POST['employer'];
}
$credithours = $_POST['credithours'];
$motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation'])));
$specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties'])));
$convictions = $_POST['convictions'];
if (!$_POST['availability']) {
$availability = null;
} else {
$availability = implode(',', $_POST['availability']);
}
// these two are not visible for editing, so they go in and out unchanged
$schedule = $_POST['schedule'];
$hours = $_POST['hours'];
$birthday = $_POST['birthday'];
$start_date = $_POST['start_date'];
$howdidyouhear = $_POST['howdidyouhear'];
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if ($_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if ($_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, "");
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if ($_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, "");
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
echo "<p>Your application has been successfully submitted.<br> The House Manager will contact you soon. Thank you!";
} else {
echo '<p>You have successfully added <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> to the database.</p>';
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, $pass);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id, $person)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
if ($id == "new") {
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
} else {
$first_name = $person->get_first_name();
}
// $first_name = str_replace(' ', '_', $first_name);
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
if ($id == "new") {
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
} else {
$phone1 = $person->get_phone1();
}
$clean_phone1 = mb_ereg_replace("[^0-9]", "", $phone1);
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = mb_ereg_replace("[^0-9]", "", $phone2);
$email = $_POST['email'];
$type = implode(',', $_POST['type']);
if ($_POST['group']) {
$group = implode(',', $_POST['group']);
} else {
$group = "";
}
if ($_POST['role']) {
$role = implode(' ', $_POST['role']);
} else {
$role = "";
}
$status = $_POST['status'];
if ($_POST['availability'] != null) {
$availability = implode(',', $_POST['availability']);
} else {
$availability = "";
}
// these two are not visible for editing, so they go in and out unchanged
$schedule = $_POST['schedule'];
//concatenate birthday and start_date strings
if ($_POST['DateOfBirth_Year'] == "") {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
} else {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
}
if (strlen($birthday) < 8) {
$birthday = '';
}
$start_date = $_POST['DateOfStart_Month'] . '-' . $_POST['DateOfStart_Day'] . '-' . $_POST['DateOfStart_Year'];
if (strlen($start_date) < 8) {
$start_date = '';
}
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if (@$_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the admin.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if (@$_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the Operations Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if (@$_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
$pass = $_POST['old_pass'];
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the Operations Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
echo "<p>Your application has been successfully submitted.<br> An MCHPP staff member will contact you soon. Thank you!";
} else {
echo "<p>You have successfully added " . $first_name . " " . $last_name . " to the database.</p>";
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the Operations Manager.';
} else {
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the Operations Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
connect_database();
$data_id = $_GET['id'];
$count_bro = $_POST['count_bro'];
$brother_array = array();
array_push($brother_array, $data_id);
$brother_list = "{$data_id},";
$has_brother = false;
if ($count_bro > 0) {
for ($i = 1; $i <= $count_bro; $i++) {
if (isset($_POST["namebro{$i}"]) && !empty($_POST["namebro{$i}"])) {
$iparr = split("\\ ", $_POST["namebro{$i}"]);
$namebro_name = $iparr[0];
$namebro_surname = $iparr[1];
$bro_status = $_POST["bro" . $i . "_status"];
$bro_bday = $_POST["bro" . $i . "_bday"];
$namebro1_id = add_person($namebro_name, $namebro_surname, $bro_bday, $bro_status, '', '', '');
$brother_list .= "{$namebro1_id},";
array_push($brother_array, $namebro1_id);
$has_brother = true;
}
}
}
if ($has_brother) {
if (isset($_POST["parent"]) && !empty($_POST["parent"])) {
foreach ($brother_array as $brother_id) {
add_parent($brother_id, $parent_id, $parent_status);
}
} else {
add_brother_array($brother_array);
// add_brother_list($brother_list);
}
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_set_charset($mysql, 'utf8');
session_start();
$action = isset($_REQUEST['action']) ? $_REQUEST['action'] : "";
//Common stuff on all of the pages
$page = "";
$page_title = "Main Page";
$page_errors = array();
$page_info = "";
switch ($action) {
case "add_avtale":
add_avtale();
break;
case "add_person":
add_person();
break;
case "add_gruppe":
add_gruppe();
break;
case "add_gruppe_person":
add_gruppe_person();
break;
case "add_avtale_person":
add_avtale_person();
break;
case "add_avtale_gruppe":
add_avtale_gruppe();
break;
case "list_person":
list_person();
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
// $first_name = str_replace(' ', '_', $first_name);
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
if ($_POST['DateOfBirth_Year'] == "") {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
} else {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
}
$gender = trim(htmlentities($_POST['gender']));
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
$county = trim(htmlentities($_POST['county']));
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
$clean_phone1 = ereg_replace("[^0-9]", "", $phone1);
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = ereg_replace("[^0-9]", "", $phone2);
$email = $_POST['email'];
$contact_preference = $_POST['contact_preference'];
$dateAdded = $_POST['dateadded'];
//Edited out by James Loeffler because these are not included in the new person.php
/* $contact_preference = $_POST['contact_preference'];
$emergency_contact = $_POST['emergency_contact'];
$emergency_phone = trim(str_replace(' ', '', htmlentities($_POST['emergency_phone'])));
$clean_emergency_phone = ereg_replace("[^0-9]", "", $emergency_phone);
$screening_type = $_POST['screening_type'];
if ($screening_type!="") {
$screening = retrieve_dbApplicantScreenings($screening_type);
$step_array = $screening->get_steps();
$step_count = count($step_array);
$date_array = array();
for ($i = 0; $i < $step_count; $i++) {
$date_array[$i] = $_POST['ss_month'][$i] . '-' . $_POST['ss_day'][$i] . '-' . $_POST['ss_year'][$i];
if ($date_array[$i]!="--" && strlen($date_array[$i]) != 8) {
if (strlen($date_array[$i] != 2))
echo('<p>Date of completion for step: "' . $step_array[$i] . '" is in error, please select month, day <i>and</i> year.<br>');
$date_array[$i] = null;
}
}
}
$status = $_POST['status'];
$occupation = $_POST['occupation'];
$refs = $_POST['refs'];
$motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation'])));
$specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties']))); */
$type = $_POST['type'];
// added by James Loeffler
$status = $_POST['status'];
$schedule = $_POST['schedule'];
//concatenate birthday and start_date strings
/* if ($_POST['DateOfBirth_Year'] == "")
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
else
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
if (strlen($birthday) < 8)
$birthday = '';
$start_date = $_POST['DateOfStart_Month'] . '-' . $_POST['DateOfStart_Day'] . '-' . $_POST['DateOfStart_Year'];
if (strlen($start_date) < 8)
$start_date = ''; */
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
$skills = trim(str_replace('\\\'', '\'', htmlentities($_POST['skills'])));
$reason_interested = trim(str_replace('\\\'', '\'', htmlentities($_POST['reason_interested'])));
//password here?
if ($_POST['availability'] != null) {
$availability = implode(',', $_POST['availability']);
} else {
$availability = "";
}
// these two are not visible for editing, so they go in and out unchanged
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if ($_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if ($_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
//edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if ($_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
//edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
/*
$to = '*****@*****.**';
$subject = 'Your Login!';
$message = 'Your Login ID id: XXXXXXXXXXXXX' . "\r\n"
'Your Login Password is: XXXXXXXXXXXXX';
$headers = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
*/
//this is a possible email function template that we can use
echo "<p>Your application has been successfully submitted.<br> You will be recieving an email shortly with your ID and Password soon!";
error_log('The Email has been sent!');
} else {
echo "<p>You have successfully added " . $first_name . " " . $last_name . " to the database.</p>";
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
//Edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
}
if (isset($_POST['mic'])) {
$mic = 1;
} else {
$mic = 0;
}
if (isset($_POST['grounds_keeper'])) {
$grounds_keeper = 1;
} else {
$grounds_keeper = 0;
}
} else {
print '<p style="color: red;">Please submit data for all fields.</p>';
$problem = TRUE;
}
if (!$problem) {
$add_person_relpy =& add_person($gender, $f_name, $l_name, $email, $phone1, $phone2, $pub_type_id, $servant_type_id, $public_speaker, $chairman, $reader, $overseer, $prayer, $bible_high, $no_1, $no_2, $no_3, $serv_meet, $attend, $sound_panel, $stage, $mic, $grounds_keeper, $householder);
// Define the query in data_functions.php
if ($add_person_relpy == 1) {
$add_another = '<p>Publisher has been added. Add another...</p>';
} else {
$add_another = '<p style="color: red;">Could not add the entry because:<br />' . mysqli_error($dbc) . '.</p><p>The query being run was: ' . $pub_insert_query . '</p>';
}
}
// No problem!
}
}
// End of form submission IF
include 'view/form_add_person.html';
include 'include/footer.html';
//Include the footer
<?php
$fname = htmlspecialchars($_GET["fname"]);
$lname = htmlspecialchars($_GET["lname"]);
$picture = htmlspecialchars($_GET["picture"]);
function add_person($fname, $lname, $picture)
{
include 'dbconnect.php';
$query = "INSERT INTO Person (id, fname, lname, picture) VALUES (NULL,'" . $fname . "', '" . $lname . "', '" . $picture . "')";
$result = mysqli_query($connection, $query);
if ($result) {
echo "ok";
} else {
echo "nicht ok";
}
}
add_person($fname, $lname, $picture);
foreach( $cells as $cell )
{
$ind = $cell->getAttribute( 'Index' );
if ( $ind != null ) $index = $ind;
if ( $index == 1 ) $content = $cell->nodeValue;
if ( $index == 2 ) $reference = $cell->nodeValue;
if ( $index == 3 ) $time = $cell->nodeValue;
if ( $index == 4 ) $topics = $cell->nodeValue;
if ( $index == 5 ) $right_solution = $cell->nodeValue;
if ( $index == 6 ) $solutions = $cell->nodeValue;
if ( $index == 7 ) $creator = $cell->nodeValue;
$index += 1;
}
add_person( $content, $reference, $time, $topics,$right_solution,$solutions,$creator );
}
$first_row = false;
}
}
?>
<h3>你提交的数据如下:共<?php echo count($data); ?>条数据</h3>
<table width="100%" style="border:1px solid #ddd;text-align:left;line-height:40px;" cellspacing="0" cellpadding="0">
<tr style="background:#f2f2f2;border-bottom:1px solid #ddd;line-height:40px;">
<th>内容</th>
<th>引用的经文</th>
<th>所需的时间</th>
<th>所属的游戏主题</th>
<th>可选答案</th>
<th>正确答案</th>
<th>创建人</th>
}
if ($index == 9) {
$diem5 = $cell->nodeValue;
}
if ($index == 10) {
$diem6 = $cell->nodeValue;
}
if ($index == 11) {
$diem7 = $cell->nodeValue;
}
if ($index == 12) {
$diem8 = $cell->nodeValue;
}
$index += 1;
}
add_person($ma_hv, $hoten, $ma_lop, $tenlop, $diem1, $diem2, $diem3, $diem4, $diem5, $diem6, $diem7, $diem8);
}
$first_row = false;
}
$date = date('Y-m-d H:i:s');
foreach ($data as $row) {
$sql = "INSERT INTO daotao_bangdiem (name, id_lophoc, id_hocvien, diem1, diem2, diem3, diem4, diem5, diem6, diem7, diem8, date_create, date_update, user_create) VALUES ('{$row['tenlop']} | {$row['hoten']}','{$row['ma_lop']}','{$row['ma_hv']}','{$row['diem1']}','{$row['diem2']}','{$row['diem3']}','{$row['diem4']}','{$row['diem5']}','{$row['diem6']}','{$row['diem7']}','{$row['diem8']}','{$date}','{$date}','{$user}')";
if ($row['ma_lop'] != '' && $row['ma_hv'] != '') {
mysql_query($sql);
}
}
$strHtml = '<p class="message" style="font-size:120%">Import thành công</p>';
unlink($_FILES['file_ecxel']['tmp_name']);
// xoa file
} else {
$strHtml = '<p class="error">File size max 512KB</p>';
public function actionImportDataExel()
{
if ($_FILES['file']['tmp_name']) {
$dom = DOMDocument::load($_FILES['file']['tmp_name']);
$rows = $dom->getElementsByTagName('Row');
$first_row = true;
foreach ($rows as $row) {
if (!$first_row) {
$tieude = "";
$tacgia = "";
$gia = "";
$index = 1;
$cells = $row->getElementsByTagName('Cell');
foreach ($cells as $cell) {
$ind = $cell->getAttribute('Index');
if ($ind != null) {
$index = $ind;
}
if ($index == 1) {
$tieude = $cell->nodeValue;
}
if ($index == 2) {
$tacgia = $cell->nodeValue;
}
if ($index == 3) {
$gia = $cell->nodeValue;
}
$index += 1;
}
add_person($tieude, $tacgia, $gia);
}
$first_row = false;
}
}
echo '<pre>';
print_r($arraydata);
echo '</pre>';
}
}
if ($index == 3) {
$gioitinh = $cell->nodeValue;
}
if ($index == 4) {
$email = $cell->nodeValue;
}
if ($index == 5) {
$phone = $cell->nodeValue;
}
if ($index == 6) {
$diachi = $cell->nodeValue;
}
$index += 1;
}
add_person($name, $ngaysinh, $gioitinh, $email, $phone, $diachi);
}
$first_row = false;
}
$date = date('Y-m-d H:i:s');
foreach ($data as $row) {
$sql = "INSERT INTO daotao_hocvien (name, ngaysinh, gioitinh, email, phone, diachi, date_create, date_update, user_create) VALUES ('{$row['name']}','{$row['ngaysinh']}','{$row['gioitinh']}','{$row['email']}','{$row['phone']}','{$row['diachi']}','{$date}','{$date}','{$user}')";
if ($row['name'] != '') {
mysql_query($sql);
}
}
$strHtml = '<p class="message" style="font-size:120%">Import thành công</p>';
unlink($_FILES['file_ecxel']['tmp_name']);
// xoa file
} else {
$strHtml = '<p class="error">File size max 512KB</p>';
function testChange_password()
{
$m = new Person("John", "Smith", "10-12-87", "Male", "555 Main Street", "Flushing", "NY", "11111", PHONE, "2072654046", "*****@*****.**", "volunteer", " ", "Schedule", "I like helping out", "55555", "03-14-14", "email");
echo 'will test change_password </br>';
$result = add_person($m);
echo 'result is ' . $result;
if ($result) {
echo "add_person person was inserted </br>";
} else {
echo "add_person - person was not inserted</br>";
}
$result = change_password('John2072445902', 'newpassword');
if ($result) {
echo "change_password succeeded </br>";
} else {
echo "change_password failed</br>";
}
$p = retrieve_person(ID);
if ($p == null) {
echo 'Retrieve failed</br>';
} else {
checkEquals($p->get_password(), "newpassword");
}
$res = remove_person(ID);
if ($res == null) {
echo 'Retrieve failed</br>';
}
}