try {
$resdb = db_resident(2007);
if ($_POST['submit'] && $ACCESS >= 50) {
$strippost = str_replace('"', "'", $_POST);
// make all double quotes to be single
extract($strippost, EXTR_SKIP);
if (!is_numeric($prog_id) || strlen($prog_id) != 6) {
throw new Exception('Program ID is invalid', __LINE__);
}
$phone = preg_replace('/[^0-9]/', '', $phone);
if ($editf) {
$sql = "update resprograms set program=" . chknul($program) . ",addr1=" . chknul($addr1) . ",city=" . chknul($city) . ",state='{$state}',zip=" . chknul($zip) . ",dir_name=" . chknul($dir_name) . ",phone=" . chknul($phone) . ",uid_mod={$UUID} where prog_id='{$prog_id}'";
} elseif ($ACCESS < 400) {
throw new Exception('Insufficient Access Level', __LINE__);
} else {
$sql = "insert into resprograms values ('{$prog_id}'," . chknul($program) . "," . chknul($addr1) . "," . chknul($city) . ",'{$state}'," . chknul($zip) . "," . chknul($dir_name) . "," . chknul($phone) . ",{$UUID},NULL)";
}
$result = $resdb->query($sql);
if (!$result) {
throw new Exception(DEBUG ? "{$resdb->error} : %sql" : 'Could not add/edit program', __LINE__);
}
$resdb = db_amalist();
$result = $resdb->query($sql);
if (!$result) {
throw new Exception(DEBUG ? "{$resdb->error} : %sql" : 'Could not add/edit AMA program', __LINE__);
}
}
// update done, now to select
$wher = '';
if (!empty($statesel)) {
$wher = " where state >= '{$statesel}'";
unset($opp);
$opp = new Opportunity($db, $ooid);
}
if ($_POST['submit2'] || $_POST['submit3']) {
//$redir = '1; URL=specific.php?oid='.$ooid;
$redir = "specificadmin.php?oid={$ooid}&acct={$uacct}&cid={$usid}&mas={$masid}";
//$mesg = "Saving your opportunity, please wait a moment... If automatic redirection would not work, please <a href=\"specific.php?oid=$ooid\">click here to proceed</a>.";
}
} elseif (is_numeric($_POST['o_location']) && $_POST['spec'] && $_POST['spec'] != '---') {
// no ooid = assume it was the create opp form
// o_name, o_location, spec
$opp = new Opportunity($db, 0, $_POST['o_location'], $usid, $uacct);
$opp->o_name = $_POST['o_name'];
$opp->specialty = $_POST['spec'];
//$opp->save();
$db->query("update opportunities set specialty = '{$opp->spec}', o_name = " . chknul(addslashes($opp->o_name)) . " where oid = {$opp->oid}");
$ooid = $opp->oid;
$opp->specswap();
}
}
// no master override yet, may be later
if (!$ooid) {
// list all what we have here
if ($oopdate === "yes") {
$sql = "update opportunities set o_datemod=now(), avail_date=now() where status= 1 and o_uid = {$usid}";
$result = $db->query($sql);
// ignore result
$mesg = $db->affected_rows ? 'Jobs were refreshed successfully' : 'Nothing to Refresh';
if (!$result) {
throw new Exception(DEBUG ? "{$db->error}: {$sql}" : 'Can not refresh opportunities', __LINE__);
}
$avail_date = 'curdate()';
}
$pref_region = chknul(addslashes(trim($imp->pref_region)));
// *
$pref_states = addslashes(trim($imp->pref_states));
// *
if (!$pref_states || $pref_states == '--') {
$pref_stopen = 1;
$pref_states = 'NULL';
} else {
$pref_stopen = 0;
$pref_states = "'{$pref_states}'";
}
$languages = chknul(addslashes(trim($imp->languages)));
// *
$phg_source = chknul(addslashes(trim($imp->phg_source)));
// *
if (empty($fname) || empty($lname)) {
throw new Exception('First & Last name are required', __LINE__);
}
if (empty($email)) {
throw new Exception('Email address is required', __LINE__);
}
$sql = "insert into physicians (fname,lname,email,pending,avail_date,data_entry,spec_2nd,school,amg,bcbe,bcbe_year, licensed, pstatus, visa_status,pref_region,pref_states,languages,res_id,`year`,`source`,phg_source) values ('{$fname}','{$lname}','{$email}',2,{$avail_date},now(), {$spec_2nd}, {$school}, {$amg}, {$bcbe}, {$bcbe_year}, {$licensed}, {$pstatus}, {$visa_status},{$pref_region},{$pref_states},{$languages},{$phg},2000,20,{$phg_source})";
$result = $resdb->query($sql);
if (!$result) {
throw new Exception(DEBUG ? "{$resdb->error} : {$sql}" : 'Can not insert, may be email address is already registered', __LINE__);
}
$docid = $resdb->insert_id;
$sql = "insert into gestapo (phid,opid,action) values ({$docid},{$UUID},'IMPORT')";
$result = $nodb->query($sql);
function save()
{
// does not save app_date and ph_msg, see PC version for that
$sql = "update applications set `read_date`=" . chknul($this->obj->read_date) . ", `notes`=" . chknul($this->obj->notes) . ", `status`=" . $this->obj->status . " where opid = " . $this->obj->opid . " and phid = " . $this->obj->phid;
$result = $this->cdb->query($sql);
if (!$result) {
throw new Exception(DEBUG ? "{$this->cdb->error}: {$sql}" : 'Can not update response', __LINE__);
}
}
}
if ($notifications3) {
$subscription |= 128;
}
//if( $practice ) $subscription |= 2;
if ($training) {
$subscription |= 2;
}
$subsql = '';
$subspc = '';
if ($client->subscription != $subscription) {
$subsql .= ($subsql ? ', ' : '') . "subscription={$subscription}";
}
$client->subscription = $subscription;
if ($client->specs != $cli_specs) {
$subsql .= ($subsql ? ', ' : '') . "specs=" . chknul($cli_specs);
}
$client->specs = $cli_specs;
if (is_numeric($opplimit) && $client->opplimit != $opplimit) {
$subsql .= ($subsql ? ', ' : '') . "opplimit={$opplimit}";
}
if (is_numeric($opplimit)) {
$client->opplimit = $opplimit;
}
if (is_numeric($emaillimit) && $client->emaillimit != $emaillimit) {
$subsql .= ($subsql ? ', ' : '') . "emaillimit={$emaillimit}";
}
if (is_numeric($emaillimit)) {
$client->emaillimit = $emaillimit;
}
//$mesg = $cli_specs;