}
if (strlen($_POST['location']) > 0) {
$location = $_POST['location'];
} else {
$location = NULL;
}
$status = 'pending';
function validate()
{
if (strlen($_POST['title']) > 0 && ($_POST['year'] != -1 || $_POST['month'] != -1 || $_POST['day'] != -1) && strlen($_POST['name']) > 0) {
return true;
} else {
return false;
}
}
if (validate() && email_validation($email)) {
$sql = mysql_query("INSERT INTO \r\n\t\t\t\t\t\t\t\tevents (\r\n\t\t\t\t\t\t\t\t\t\tID, \r\n\t\t\t\t\t\t\t\t\t\ttitle, \r\n\t\t\t\t\t\t\t\t\t\tdescription, \r\n\t\t\t\t\t\t\t\t\t\tdate, \r\n\t\t\t\t\t\t\t\t\t\ttime, \r\n\t\t\t\t\t\t\t\t\t\tlocation, \r\n\t\t\t\t\t\t\t\t\t\tstatus\r\n\t\t\t\t\t\t\t\t\t\t) \r\n\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\tNULL, \r\n\t\t\t\t\t\t\t\t\t\t'{$title}', \r\n\t\t\t\t\t\t\t\t\t\t'{$description}', \r\n\t\t\t\t\t\t\t\t\t\t'{$date}', \r\n\t\t\t\t\t\t\t\t\t\t'{$time}', \r\n\t\t\t\t\t\t\t\t\t\t'{$location}', \r\n\t\t\t\t\t\t\t\t\t\t'{$status}'\r\n\t\t\t\t\t\t\t\t\t\t)");
if (mysql_affected_rows($conn) > 0) {
$success_message = "Your request has been added successfully";
}
echo '<span class="green_message">' . $success_message . '</span>';
// send the confirmation email
$email_to = $email;
$email_bcc = "";
$email_subject = "News/event request confirmation";
$email_from = '"EES"' . '<*****@*****.**>';
$email_message = "";
$email_message .= "<p style='font-size:16px; color:#003300; text-shadow:1px 1px 1px #E3FFE3'>";
$email_message .= "Your news/event request has been succussfully added. A moderator will approve your request shortly." . "</p><br />";
sendEmail($email_from, $email_to, $email_subject, $email_message, $email_bcc);
//send an email to the moderator
$transportLimit = TRUE;
} elseif ($_POST['desiredTransportation'] == 2 && $ccCount >= 6) {
$transportLimit = TRUE;
}
// duplicate entries
$dups = FALSE;
$sqlSID = "SELECT * FROM fieldtrippeople";
$resultsSID = mysql_query($sqlSID);
while ($row = mysql_fetch_array($resultsSID)) {
if (strtolower(trim($row['email'])) == strtolower(trim($_POST['email']))) {
$dups = TRUE;
$errorDuplicates = "The record already exists. Please check your inbox for the confirmation email.";
}
}
// error checking
if ($_POST['datePreffered'] == -1 || $_POST['desiredTransportation'] == -1 || strlen($_POST['sID']) == 0 || !is_numeric($_POST['sID']) || strlen($_POST['sID']) != 10 || strlen($_POST['firstName']) == 0 || strlen($_POST['lastName']) == 0 || $_POST['labSection'] == -1 || strlen($_POST['email']) == 0 || !email_validation($_POST['email']) || !uta_email_validation($_POST['email']) || $transportLimit == TRUE || $dups == TRUE) {
$errors = TRUE;
} else {
$errors = FALSE;
}
if (!$errors) {
$datePreffered = $_POST['datePreffered'];
$prefferedTransportation = $_POST['desiredTransportation'];
$studentID = $_POST['sID'];
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$labSection = $_POST['labSection'];
$email = $_POST['email'];
$status = 'pending';
$rand = strtolower(substr($firstName, 0, 1)) . strtolower(substr($lastName, 0, 1)) . rand(100000, 999999);
$sql = "INSERT INTO \r\n\t\t\t\t\t\t\t\tfieldtrippeople (\r\n\t\t\t\t\t\t\t\t\t\tID, \r\n\t\t\t\t\t\t\t\t\t\tfirstName, \r\n\t\t\t\t\t\t\t\t\t\tlastName, \r\n\t\t\t\t\t\t\t\t\t\teid, \r\n\t\t\t\t\t\t\t\t\t\tdatePreffered, \r\n\t\t\t\t\t\t\t\t\t\ttransportation,\r\n\t\t\t\t\t\t\t\t\t\tsection,\r\n\t\t\t\t\t\t\t\t\t\tdateSigned,\r\n\t\t\t\t\t\t\t\t\t\temail,\r\n\t\t\t\t\t\t\t\t\t\tstatus,\r\n\t\t\t\t\t\t\t\t\t\trand\r\n\t\t\t\t\t\t\t\t\t\t) \r\n\t\t\t\t\t\t\t\tVALUES (\r\n\t\t\t\t\t\t\t\t\t\tNULL, \r\n\t\t\t\t\t\t\t\t\t\t'{$firstName}', \t\r\n\t\t\t\t\t\t\t\t\t\t'{$lastName}', \r\n\t\t\t\t\t\t\t\t\t\t'{$studentID}',\r\n\t\t\t\t\t\t\t\t\t\t'{$datePreffered}', \r\n\t\t\t\t\t\t\t\t\t\t'{$prefferedTransportation}', \r\n\t\t\t\t\t\t\t\t\t\t'{$labSection}',\r\n\t\t\t\t\t\t\t\t\t\tNOW(),\r\n\t\t\t\t\t\t\t\t\t\t'{$email}',\r\n\t\t\t\t\t\t\t\t\t\t'{$status}',\r\n\t\t\t\t\t\t\t\t\t\t'{$rand}'\r\n\t\t\t\t\t\t\t\t\t\t)";
if (isset($_POST['comments'])) {
$comments = $_POST['comments'];
}
//
if (isset($_POST['submit_event'])) {
$errors = TRUE;
if (strlen($_POST['name']) == 0) {
$errorName = "required";
$errors = TRUE;
} else {
$errors = FALSE;
}
if (strlen($_POST['email']) == 0) {
$errorEmail = "required";
$errors = TRUE;
} elseif (!email_validation($_POST['email'])) {
$errorEmail = "invalid email address";
$errors = TRUE;
} else {
$errors = FALSE;
}
if (strlen($_POST['title']) == 0) {
$errorTitle = "required";
$errors = TRUE;
} else {
$errors = FALSE;
}
if ($_POST['dateRadio'] == 'oneDay') {
if ($_POST['month'] == -1 || $_POST['day'] == -1 || $_POST['year'] == -1) {
$errorDate = "invalid date";
$errors = TRUE;
if (strlen($_POST['firstName']) == 0) {
$errorFN = " required";
$errors = 1;
} else {
$errors = 0;
}
if (strlen($_POST['lastName']) == 0) {
$errorLN = " required";
$errors = 1;
} else {
$errors = 0;
}
if (strlen($_POST['emailAddress']) == 0) {
$errorEmail = " required";
$errors = 1;
} elseif (!email_validation($_POST['emailAddress'])) {
$errorEmail = " Invalid email address";
$errors = 1;
} else {
$errors = 0;
}
if (strlen($_POST['comments']) == 0) {
$errorComments = " required";
$errors = 1;
} else {
$errors = 0;
}
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['emailAddress'];
$telephone = $_POST['telephone'];
} else {
redirect_to("error.php?errors=" . urlencode(implode(",", $errors)));
}
}
//updating email
if ($_POST['submit'] == "Update Email") {
connect_to_database();
select_database();
$user_id = $_SESSION['user_id'];
$email = mysql_prep($_POST['email']);
$current_email = get_value_from_db("users", "email", "user_id", $user_id);
$errors = array();
if ($current_email == $email) {
redirect_to("message.php?message=No changes made.");
}
foreach (email_validation($email) as $error) {
$errors[] = $error;
}
//checks if email is already in the database
if (get_num_rows("users", "email", $email, true) != 0) {
$errors[] = "Email already used by another member.";
}
if (empty($errors)) {
$query = " UPDATE users";
$query .= " SET email='{$email}'";
$query .= " WHERE user_id='{$user_id}' ";
$result = mysql_query($query, $connection);
if (!$result) {
die("Error executing query: " . mysql_error());
} else {
close_connection($connection);
