Esempio n. 1
0
    exit;
}
if (is_numeric($_REQUEST["staff_id"])) {
    $staff_id = $_REQUEST["staff_id"];
} else {
    print _("Perhaps you have come here by a funny path?");
    exit;
}
/// Create our record
$record = new Staff($staff_id);
$staff_name = $record->getFullName();
// See if a password has been submitted
if (isset($_POST['add_bio'])) {
    $p_result = $record->updateBio($_POST["bio"]);
    if ($p_result) {
        $feedback = "<div class=\"feedback\">" . _("Bio updated.  Close window to continue.") . "</div><br />";
    } else {
        $feedback = "<div class=\"feedback\">" . _("There was a problem.  Contact the admin.") . "</div><br />";
    }
    /// Create our record again
    $record = new Staff($staff_id);
    $staff_name = $record->getFullName();
} else {
    $feedback = "";
}
print "{$feedback}\n<div id=\"maincontent\">\n<h2 class=\"bw_head\">" . _("Update Biography for ") . " {$staff_name}</h2>\n<form id=\"bio_form\" action=\"\" method=\"post\">\n<input type=\"hidden\" name=\"staff_id\" value=\"" . $_REQUEST["staff_id"] . "\" />\n<div class=\"box no_overflow\">\n<p>" . _("Please only include professional details.") . "</p><br />";
// Create our box now
$record->outputBioForm();
print "</div>\n    <div class=\"box no_overflow\">\n    <button class=\"button\" id=\"add_bio\" name=\"add_bio\">" . _("Update Bio") . "</button>\n    </div>\n    </form>\n    </div>";
include "../includes/footer.php";
//$record->deBug();
Esempio n. 2
0
require_once "includes/functions.php";
use SubjectsPlus\Control\Querier;
use SubjectsPlus\Control\Staff;
$db = new Querier();
$lstrForm = '';
if (!isset($_GET['id'])) {
    if (isset($_POST['email'])) {
        $lobjStaff = new Staff('', 'forgot');
        if ($lobjStaff->getRecordId() == NULL) {
            $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br />" . _("{$lobjStaff->getMessage()}") . "</p>";
            $lstrForm = $lobjStaff->outputEmailForm();
        } else {
            $lobjTodayDate = new DateTime();
            //The code is a hased string composed of the user's email, installation's salt, and today's date MMDDYYYY
            $lstrCode = md5($lobjStaff->getEmail() . $salt . $lobjTodayDate->format('mdY'));
            $lstrMessage = "Hello {$lobjStaff->getFullName()},\n\nHere is the link to reset your password. Link only works for three days. {$BaseURL}control/forgotpassword.php?id={$lobjStaff->getRecordID()}&code={$lstrCode}";
            mail($lobjStaff->getEmail(), 'Reset password for SubjectsPlus', $lstrMessage, "From: {$administrator_email}");
            $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br /><strong>" . _("An email has been sent to reset your password.  Please click the link in the email and follow the instructions.") . "</strong></p>";
        }
    } else {
        $lobjStaff = new Staff();
        $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br />" . _("Please enter your <strong>email</strong> so we can email you a link to reset your password.") . "</p>";
        $lstrForm = $lobjStaff->outputEmailForm();
    }
} else {
    $_SESSION['staff_id'] = $_GET['id'];
    $lobjStaff = new Staff($_GET['id']);
    if (isset($_POST['password'])) {
        if ($lobjStaff->correctPassword($_POST['password'])) {
            if ($_POST['password'] == $_POST['password_confirm']) {
                $lobjStaff->updatePassword(trim($_POST['password']));