case 0: $error[$num_errors++] = "The Name must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the name"; break; case 1: $current = List_Units('', $units[0][1], $bd); if ($current) { if ($current[0][0] != $units[0][0]) { $error[$num_errors++] = "This unit name is already in use"; } } break; } switch (User_Validate_Simple_Field($units[0][2], 15)) { case 0: $error[$num_errors++] = "The Acronym must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the acronym"; break; } if (empty($error)) { Update_Unit($units[0][0], $units[0][1], $units[0][2], $units[0][3], $bd); $alert[$num_alerts++] = "Unit Updated Successfully"; include "adm_units.php"; exit; } } else { $units = List_Units($_GET['unit_id'], '', $bd);
$cur_room = List_Rooms($rooms[0][0], '', '', '', '', $bd); $cur_email = $cur_person[0][5]; switch (User_Validate_Simple_Field($rooms[0][1], 15)) { case 0: $error[$num_errors++] = "The Name must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the name"; break; } switch (User_Validate_Simple_Field($rooms[0][2], 256)) { case -2: $error[$num_errors++] = "There are invalid characteres at the comments"; break; } switch (User_Validate_Simple_Field($rooms[0][5], 100)) { case -2: $error[$num_errors++] = "There are invalid characteres at the location"; break; } switch (User_Validate_Numeric_Field($rooms[0][4])) { case -1: $error[$num_errors++] = "The capacity must be a integer greater than 0"; break; case 0: $error[$num_errors++] = "The capacity must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the location"; break; }
if (!isset($num_alerts)) { $num_alerts = 0; } if (Validate_Session($complete_sess_id, $_SERVER['REMOTE_ADDR'], $bd)) { Get_Account_Id($sess_id, $account_id, $bd); if ($account_id != 'admin') { $error[$num_errors++] = "You are not the administrator"; include "logout.php"; exit; } if (!empty($_POST['create'])) { $categories[0][0] = ''; $categories[0][1] = $_POST['name']; $categories[0][2] = $_POST['description']; echo $_POST['description']; switch (User_Validate_Simple_Field($categories[0][1], 30)) { case 0: $error[$num_errors++] = "The Name must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the name"; break; case 1: $current = List_Categories('', $categories[0][1], $bd); if ($current) { $error[$num_errors++] = "This category name is already in use"; } break; } if (empty($error)) { Insert_Category($categories[0][1], $categories[0][2], $bd);
$category = $cat[0][1]; $commentaries = $_POST['commentaries']; $type_array = $role . "_type"; $image_enable = ""; for ($i = 0; $cfg[$type_array][$i]; $i++) { $field_type = $cfg[$type_array][$i]; if ($_POST[$field_type] == 'on') { $image_enable .= "1"; } else { $image_enable .= "0"; } } if (!User_Authenticate_Password($account_id, $cur_password, $bd)) { $error[$num_errors++] = "The Current Password is Wrong"; } switch (User_Validate_Simple_Field($name, 50)) { case 0: $error[$num_errors++] = "The name is blank"; break; case -1: $error[$num_errors++] = "The name length is more than 50 characters"; break; } switch (User_Validate_Email($email, 70)) { case 0: $error[$num_errors++] = "The e-mail is invalid"; break; case -1: $error[$num_errors++] = "The e-mail length is more than 70 characters"; break; case 1:
case -2: $error[$num_errors++] = "There are invalid characteres at the group acronym"; break; case 1: $current = List_Groups('', '', '', $groups[0][3], 1, $bd); if ($current) { $error[$num_errors++] = "This Group Acronym is already in use"; } break; } switch (User_Validate_Simple_Field($groups[0][2], 256)) { case -2: $error[$num_errors++] = "There are invalid characteres at the group category"; break; } switch (User_Validate_Simple_Field($groups[0][3], 256)) { case -2: $error[$num_errors++] = "There are invalid characteres at the group description"; break; } if (empty($error)) { Insert_Group($groups[0][1], $groups[0][2], $groups[0][3], $groups[0][4], $bd); $groups_new = List_Groups('', $groups[0][1], '', '', 1, $bd); Insert_Group_Member($groups_new[0][0], $account_id, 'O', '', $bd); $alert[$num_alerts++] = "New Group Inserted Successfully"; include "groups.php"; exit; } } $result_xsl = "xsl/" . $default_xsl . "/groups_new.xsl"; } else {
case -2: $error[$num_errors++] = "There are invalid characteres at the year"; break; } switch (User_Validate_Numeric_Field($courses[0][6])) { case -1: $error[$num_errors++] = "The semester must be an integer value."; break; case 0: $error[$num_errors++] = "The semester must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the semester"; break; } switch (User_Validate_Simple_Field($courses[0][7], 32)) { case 0: $error[$num_errors++] = "A Lecturer must be chosen"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the Lecturer"; break; } $current = List_Courses('', '', $courses[0][3], $courses[0][4], '', $courses[5], $courses[0][6], $bd); if ($current) { $error[$num_errors++] = 'This course already exists'; } if (empty($error)) { Insert_Course($courses[0][0], $courses[0][1], $courses[0][2], $courses[0][3], $courses[0][4], $courses[0][6], $courses[0][5], $courses[0][7], $bd); $alert[$num_alerts++] = "New Course Inserted Successfully"; include "adm_acc_courses.php";
$array_type = $cfg[$var_type]; $array_color = $cfg[$var_color]; $array_image = $cfg[$var_image]; // If the user is actually owner of the group if (!($membership == 'O' || $membership != 'M')) { $error[$num_errors++] = "You are not moderator of this group."; include "groups.php"; exit; } if ($is_pop) { $result_xsl = "xsl/" . $default_xsl . "/groups_sch_ins_week_app_pop.xsl"; } else { $result_xsl = "xsl/" . $default_xsl . "/groups_sch_ins_week_app.xsl"; } if (!empty($_POST['submit_ins'])) { if (User_Validate_Simple_Field($_POST['description'], 100) <= 0) { $error[$num_errors++] = "The appointment description must be informed"; } if ($_POST['beg_time'] >= $_POST['end_time']) { $error[$num_errors++] = "The ending time must be greater than the beginning time"; } $check = Group_Check_Weekly_Appointment_Overlap($group_id, $_POST['day'], $_POST['beg_time'], $_POST['end_time'], $bd); if ($check) { $error[$num_errors++] = "One of the members has another weekly appointment within this time span"; } if (empty($error)) { Group_Insert_Weekly_Appointment($group_id, $_POST['description'], $_POST['type'], $_POST['day'], $_POST['beg_time'], $_POST['end_time'], $_POST['url'], $account_id, $bd); $alert[$num_alerts++] = "Appointment Inserted Successfully"; if (!$is_pop) { include "groups_schedule.php"; exit;
case 0: $error[$num_errors++] = "The E-mail must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the e-mail"; break; case 1: $current = List_People('', '', $people[0][5], '', '', $bd); if ($current) { if ($current[0][5] != $cur_email) { $error[$num_errors++] = "This e-mail is already in use"; } } break; } switch (User_Validate_Simple_Field($people[0][6], 100)) { case -2: $error[$num_errors++] = "There are invalid characteres at the url"; break; } if (empty($error)) { $comp_person = List_People($people[0][0], '', '', '', '', $bd); Update_Person($people[0][0], $people[0][1], $people[0][2], $people[0][5], $people[0][3], $people[0][6], $comp_person[0][7], $people[0][8], $bd); $alert[$num_alerts++] = "Person Updated Successfully"; include "adm_acc_people.php"; exit; } } else { $people = List_People($_GET['account_id'], '', '', '', '', $bd); } $departments = List_Departments('', '', '', $bd);
<?php require "./inc/script_inicialization.php"; require "./inc/nrp_api.php"; $num_errors = 0; $num_alerts = 0; if (isset($_REQUEST['submit']) && $_REQUEST['submit'] == "Login") { ob_start(); $val_id = User_Validate_Simple_Field($_REQUEST['id'], 32); $val_password = User_Validate_Password($_REQUEST['password'], 6); $user_ok = 0; if ($val_id && $val_password) { $auth_result = User_Authenticate_Password($_REQUEST['id'], $_REQUEST['password'], $bd); if ($auth_result == 1) { $user_ok = 1; } elseif ($auth_result == 0) { $error[$num_errors++] = "Wrong Password"; } else { $error[$num_errors++] = "User Not Found"; } } else { if ($val_id == 0) { $error[$num_errors++] = "The User ID is blank"; } else { if ($val_id == -2) { $error[$num_errors++] = "There are invalid characters in the User ID"; } } if ($val_password == 0) { $error[$num_errors++] = "The password is blank"; } elseif ($val_password == -1) {
if ($is_pop) { $result_xsl = "xsl/" . $default_xsl . "/sch_ins_app_pop.xsl"; } else { $result_xsl = "xsl/" . $default_xsl . "/sch_ins_app.xsl"; } if (!empty($_POST['submit_ins'])) { if (User_Validate_Simple_Field($_POST['description'], 100) <= 0) { $error[$num_errors++] = "The appointment description must be informed"; } if ($_POST['beg_time'] >= $_POST['end_time']) { $error[$num_errors++] = "The ending time must be greater than the beginning time"; } if (User_Validate_Simple_Field($_POST['day'], 2) <= 0 && is_int($_POST['day'])) { $error[$num_errors++] = "The day must be informed correctly"; } if (User_Validate_Simple_Field($_POST['year'], 2) <= 0 && is_int($_POST['year'])) { $error[$num_errors++] = "The year must be informed correctly"; } else { $max_day = date('t', mktime(0, 0, 0, $_POST['month'], 1, $_POST['year'])); if ($_POST['day'] > $max_day) { $error[$num_errors++] = "Invalid day"; } } $check = Check_Appointment_Overlap($account_id, $_POST['day'], $_POST['month'], $_POST['year'], $_POST['beg_time'], $_POST['end_time'], '', $bd); if ($check) { $error[$num_errors++] = "There is another appointment within this time span"; } if ($ins_at_master) { $check = Check_Appointment_Overlap($owner, $_POST['day'], $_POST['month'], $_POST['year'], $_POST['beg_time'], $_POST['end_time'], '', $bd); if ($check) { $error[$num_errors++] = "There is another appointment on the owner's schedule within this time span";
case 1: $group_ok = 1; break; } switch (User_Validate_Simple_Field($permissions[0][5], 32)) { case 0: $category_ok = 0; break; case -2: $category_ok = 0; break; case 1: $category_ok = 1; break; } switch (User_Validate_Simple_Field($permissions[0][7], 16)) { case 0: $error[$num_errors++] = "A Slave Room must be chosen"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the slave id"; break; } if ($permissions[0][1] xor $permissions[0][3] xor $permissions[0][5]) { $current = List_Permissions('', $permissions[0][1], $permissions[0][3], $permissions[0][5], $permissions[0][7], 'room', $bd); if ($current) { $error[$num_errors++] = 'This permition already exists'; } } else { $error[$num_errors++] = "One (and only one) option of master must be chosen"; }
} if (!empty($_POST['modify'])) { $current_password = $_POST['current_password']; $new_password = $_POST['new_password']; $conf_password = $_POST['conf_password']; switch (User_Validate_Simple_Field($current_password, 20)) { case 0: $error[$num_errors++] = "The Current Password must be filled"; break; } switch (User_Validate_Simple_Field($new_password, 20)) { case 0: $error[$num_errors++] = "The New Password must be filled"; break; } switch (User_Validate_Simple_Field($conf_password, 20)) { case 0: $error[$num_errors++] = "The Password Confirmation must be filled"; break; } if ($new_password != $conf_password) { $error[$num_errors++] = "The password confirmation is not equal to the new password"; } if (empty($error)) { if (Admin_Set_Password($current_password, $new_password, $bd)) { $alert[$num_alerts++] = "Password Updated Successfully"; include "adm_main.php"; exit; } else { $error[$num_errors] = "The current password is wrong"; }
$departments[0][5] = $unit[0][1]; switch (User_Validate_Simple_Field($departments[0][1], 50)) { case 0: $error[$num_errors++] = "The Name must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the name"; break; case 1: $current = List_Departments('', $departments[0][1], '', $bd); if ($current) { $error[$num_errors++] = "This department name is already in use"; } break; } switch (User_Validate_Simple_Field($departments[0][2], 15)) { case 0: $error[$num_errors++] = "The Acronym must be filled"; break; case -2: $error[$num_errors++] = "There are invalid characteres at the acronym"; break; } if (empty($error)) { Insert_Department($departments[0][1], $departments[0][2], $departments[0][3], $departments[0][4], $bd); $alert[$num_alerts++] = "New Department Inserted Successfully"; include "adm_departments.php"; exit; } } $units = List_Units('', '', $bd);