$mainTextHTML = <<<HTMLCode
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="{$stylesheet}" rel="stylesheet" type="text/css" />
<title> </title>
</head>
<body id="if">
HTMLCode;
if ($idPicture) {
// Prepare the database.
$dbAccess = new CdbAccess();
$tablePicture = DB_PREFIX . 'Picture';
// Get picture information from the DB.
$query = "SELECT * FROM {$tablePicture} WHERE idPicture = {$idPicture};";
$result = $dbAccess->SingleQuery($query);
$row = $result->fetch_object();
$imageTitle = $row->namePicture;
$imageDesc = nl2br($row->descriptionPicture);
$normalImage = WS_PICTUREARCHIVE . PA_NORMALPREFIX . $idPicture . ".jpg";
$mainTextHTML .= <<<HTMLCode
<img src='{$normalImage}' alt='a' /><br/>
<div id='imgInfo'>
<h2>{$imageTitle}</h2>
<p>{$imageDesc}</p>
</div>
HTMLCode;
}
$mainTextHTML .= "</body>";
echo $mainTextHTML;
?>
$familyNameUser = isset($_POST['familyName']) ? $_POST['familyName'] : NULL;
$eMail1User = isset($_POST['eMail1']) ? $_POST['eMail1'] : NULL;
$eMail2User = isset($_POST['eMail2']) ? $_POST['eMail2'] : NULL;
$redirect = isset($_POST['redirect']) ? $_POST['redirect'] : NULL;
$idUser = $dbAccess->WashParameter($idUser);
$firstNameUser = $dbAccess->WashParameter(strip_tags($firstNameUser));
$familyNameUser = $dbAccess->WashParameter(strip_tags($familyNameUser));
$eMail1User = $dbAccess->WashParameter(strip_tags($eMail1User));
$eMail2User = $dbAccess->WashParameter(strip_tags($eMail2User));
$query = <<<QUERY
UPDATE {$tableUser} SET
firstNameUser = '******',
familyNameUser = '******',
eMail1User = '******',
eMail2User = '******'
WHERE idUser = '******';
QUERY;
$dbAccess->SingleQuery($query);
///////////////////////////////////////////////////////////////////////////////////////////////////
// Redirect to another page
//
// If in debug mode show info and exit.
if ($debugEnable) {
echo $debug;
exit;
}
header("Location: " . WS_SITELINK . "?p={$redirect}");
exit;
?>
$debug .= "idAlbum: " . $idAlbum . "<br /> \r\n";
}
/*
* Prepare the database.
*/
$dbAccess = new CdbAccess();
$tablePerson = DB_PREFIX . 'Person';
$tableAlbum = DB_PREFIX . 'Album';
$tablePicture = DB_PREFIX . 'Picture';
/*
* If $idAlbum exists the DB will be updated. Get the existing info.
*/
if ($idAlbum) {
$idAlbum = $dbAccess->WashParameter($idAlbum);
$query = "SELECT * FROM {$tableAlbum} WHERE idAlbum = {$idAlbum};";
$result = $dbAccess->SingleQuery($query);
$arrayAlbum = $result->fetch_row();
$result->close();
} else {
// Clear all parameters if a new user will be created.
$arrayAlbum = array("", "", "", "", "", "", "");
}
/*
* Create the form with QuickForm2.
*/
require_once 'HTML/QuickForm2.php';
require_once 'HTML/QuickForm2/Renderer.php';
// Point back to the same page for validation.
$formAction = WS_SITELINK . "?p=edit_alb&id=" . $idAlbum;
// Create a new form object.
$form = new HTML_QuickForm2('album', 'post', array('action' => $formAction), array('name' => 'album'));
///////////////////////////////////////////////////////////////////////////////////////////////////
// Kolla om account med det lösenordet finns i databasen och använd resultatet för att skapa en
// session med userId, userPassword och behörighet.
$query = <<<Query
SELECT * FROM {$tablePerson}
WHERE
\taccountPerson = '{$accountPerson}' AND
\tpasswordPerson \t= md5('{$passwordPerson}')
;
Query;
session_start();
// Återstartar efter stängningen ovan.
session_regenerate_id();
$_SESSION["hitCounter"] = $hitCounter;
//Återställ hitCounter så besökaren inte räknas dubbelt.
if ($result = $dbAccess->SingleQuery($query)) {
$row = $result->fetch_object();
if ($debugEnable) {
$debug .= print_r($row, TRUE);
}
$_SESSION['idUser'] = $row->idPerson;
$idPerson = $row->idPerson;
$_SESSION['accountUser'] = $row->accountPerson;
$_SESSION['nameUser'] = $row->fornamnPerson;
$_SESSION['authorityUser'] = $row->behorighetPerson;
if ($_SESSION['authorityUser'] != 'adm') {
// Kolla om personen är funktionär. I så fall sätt authority till fnk.
$query = "SELECT * FROM {$tableFunktionar} WHERE funktionar_idPerson = '{$idPerson}' ;";
if ($dbAccess->SingleQuery($query)) {
$_SESSION['authorityUser'] = '******';
}
$debug .= "Input: id=" . $idPerson . " Authority = " . $_SESSION['authorityUser'] . "<br /> \n";
}
/*
* Kontrollera om personen har behörighet till sidan, d v s är personen på
* sidan, målsman till personen på sidan eller adm. Om inte avbryt.
*/
$showPage = FALSE;
if ($idPerson == $_SESSION['idUser']) {
$showPage = TRUE;
}
if ($_SESSION['authorityUser'] == "adm") {
$showPage = TRUE;
}
// Kontrollera om SESSION idUser är målsman till idPerson.
$query = "SELECT * FROM {$tableRelation} WHERE relation_idElev = {$idPerson};";
if ($result = $dbAccess->SingleQuery($query)) {
while ($row = $result->fetch_object()) {
if ($row->relation_idMalsman == $_SESSION['idUser']) {
$showPage = TRUE;
}
}
}
if (!$showPage) {
// Om sidan inte får visas avbryt och visa felmeddelande.
$message = "Du kan bara ändra lösenord på dig själv eller ett barn till dig.";
require TP_PAGESPATH . 'login/PNoAccess.php';
}
/*
* Hämta den nuvarande informationen om personen ur databasen.
*/
$totalStatements = 5;
} else {
if ($num > 48 && $num < 57) {
$pwd .= chr($num);
} else {
if ($num == 95) {
$pwd .= chr($num);
} else {
$i--;
}
}
}
}
}
// Kolla om epostadressen finns i databasen.
$query = "\n SELECT idPerson, accountPerson FROM {$tablePerson} \n WHERE ePostPerson = '{$eMailAdr}';";
if ($eMailAdr and $result = $dbAccess->SingleQuery($query)) {
// Adressen finns i registret. Uppdatera och skicka nytt password.
$row = $result->fetch_object();
$result->close();
$query = <<<QUERY
UPDATE {$tablePerson} SET
passwordPerson = md5('{$pwd}')
WHERE idPerson = '{$row->idPerson}';
QUERY;
$dbAccess->SingleQuery($query);
// Send mail
$headers = WS_MAILHEADERS;
$subject = "Svenska skolföreningen";
$text = "Din användarinformation till Svenska skolföreningens hemsida." . "\r\n" . "\r\n" . "Användarnamn: " . $row->accountPerson . "\r\n" . "Lösenord: " . $pwd . "\r\n" . "\r\n" . "Du kan själv logga in och ändra ditt lösenord.";
mail($eMailAdr, $subject, $text, $headers);
if ($debugEnable) {
} else {
if ($num > 48 && $num < 57) {
$pwd .= chr($num);
} else {
if ($num == 95) {
$pwd .= chr($num);
} else {
$i--;
}
}
}
}
}
// Kolla om epostadressen finns i databasen.
$query = "SELECT idPerson, accountPerson FROM {$tablePerson} WHERE ePostPerson = '{$ePost}';";
if ($ePost and $result = $dbAccess->SingleQuery($query)) {
// Adressen finns i registret. Uppdatera och skicka nytt password.
$row = $result->fetch_object();
$result->close();
$query = <<<QUERY
UPDATE {$tablePerson} SET
passwordPerson = md5('{$pwd}')
WHERE idPerson = '{$row->idPerson}';
QUERY;
$dbAccess->SingleQuery($query);
$subject = "Nytt lösenord";
$text = <<<Text
Din användarinformation till Svenska skolföreningens hemsida.
Användarnamn: {$row->accountPerson}
Lösenord: {$pwd}
