require 'includes/check-editor-id.php';
//if user is logged in, different buttons will appear in the account links div.
if (isset($editor_id)) {
$loggedIn = true;
}
//error array starts empty, but will contain any errors generated.
$errorArray = array();
//set variables for form fields to empty strings
$loginEmail = '';
$loginPassword = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
//check to make sure all required fields are filled out and put data into variables
//note that check_if_empty also cleans the data, if found.
$loginEmail = check_if_empty('loginEmail', 'Email Address cannot be empty!');
$loginPassword = check_if_empty('loginPassword', 'Password cannot be empty!');
//if everything is valid, log the editor in by setting a session variable.
if (empty($errorArray)) {
//get database connection named $geologyDBConnection
require '../secure-includes/db-connection.php';
//escape data for mySQL database
$loginEmail = mysqli_real_escape_string($geologyDBConnection, $loginEmail);
$loginPassword = mysqli_real_escape_string($geologyDBConnection, $loginPassword);
//check for an editor with the given email and password
$loginSQL = "SELECT * FROM geology_instructor_editors WHERE email = '{$loginEmail}' AND password = SHA1('{$loginPassword}')";
$loginResult = mysqli_query($geologyDBConnection, $loginSQL);
//if the editor exists, set session variable. otherwise, display error about invalid email/password.
if ($loginResult && mysqli_num_rows($loginResult) == 1) {
//get editor id from result
$row = mysqli_fetch_array($loginResult);
$editor_id = $row['editor_id'];
if (isset($editor_id)) {
$loggedIn = true;
}
//error array starts empty, but will contain any errors generated.
$errorArray = array();
//set variables for form fields to empty strings
$addEditorEmail = '';
$addEditorPassword = '';
$addEditorConfirmPassword = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
//check to make sure all required fields are filled out and put data into variables
//note that check_if_empty also cleans the data, if found.
$addEditorEmail = check_if_empty('addEditorEmail', 'Email Address cannot be empty!');
$addEditorPassword = check_if_empty('addEditorPassword', 'Password cannot be empty!');
$addEditorConfirmPassword = check_if_empty('addEditorConfirmPassword', 'Repeat Password cannot be empty!');
//both passwords must match to continue. only show this error if both fields were entered.
if (!empty($errorArray['addEditorPassword']) && !empty($errorArray['addEditorConfirmPassword']) && $addEditorPassword != $addEditorConfirmPassword) {
$errorArray['passwordsDoNotMatch'] = '<p><span class="form-error">Passwords do not match. Try again.</span></p>';
}
//if everything is valid, add instructor contact data to database and redirect to table page.
if (empty($errorArray)) {
//get database connection named $geologyDBConnection
require '../secure-includes/db-connection.php';
//escape data for mySQL database
$addEditorEmail = mysqli_real_escape_string($geologyDBConnection, $addEditorEmail);
$addEditorPassword = mysqli_real_escape_string($geologyDBConnection, $addEditorPassword);
//check to make sure the email is not already being used in the database (each editor has a unique email address)
$checkEmailSQL = "SELECT * FROM geology_instructor_editors WHERE email = '{$addEditorEmail}'";
$emailCheckResult = mysqli_query($geologyDBConnection, $checkEmailSQL);
//only continue if no editor already exists with this email. show an error otherwise.
//redirect the user if not logged in
if (!isset($editor_id)) {
//redirect to login
header('location: login.php');
}
//set variables for form fields to empty strings
$updatePassword = '';
$updatePasswordNew = '';
$updatePasswordConfirm = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
//check to make sure all required fields are filled out and put data into variables
//note that check_if_empty also cleans the data, if found.
$updatePassword = check_if_empty('updatePassword', 'You must enter your current password.');
$updatePasswordNew = check_if_empty('updatePasswordNew', 'You must enter a new password.');
$updatePasswordConfirm = check_if_empty('updatePasswordConfirm', 'You must enter your new password.');
//only continue if the new password and confirm password fields match and are not empty.
if ($updatePasswordNew != $updatePasswordConfirm) {
$errorArray['passwordMismatch'] = '<p class="form-error">New password and confirm password fields do not match.</p>';
}
if (empty($errorArray)) {
//get database connection named $geologyDBConnection
require '../secure-includes/db-connection.php';
//escape current password for mySQL
$updatePassword = mysqli_real_escape_string($geologyDBConnection, $updatePassword);
//check to make sure the email is already being used in the database (each editor has a unique email address)
$checkPasswordSQL = "SELECT * FROM geology_instructor_editors WHERE";
$checkPasswordSQL .= " editor_id = {$editor_id} AND password = SHA1('{$updatePassword}')";
$passwordCheckResult = mysqli_query($geologyDBConnection, $checkPasswordSQL);
//only continue if an editor is found with this password. show an error otherwise.
if (!$passwordCheckResult || $passwordCheckResult && mysqli_num_rows($passwordCheckResult) != 1) {
if ($editorPrivileges['super_user'] == 1) {
$superEditor = true;
} else {
header('location:login.php');
}
//close connection
mysqli_close($geologyDBConnection);
//set variables for form fields to empty strings
$updateStatePrivilegesEmailAddress = '';
$updateStatePrivilegesState = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
//check to make sure all required fields are filled out and put data into variables
//note that check_if_empty also cleans the data, if found.
$updateStatePrivilegesEmailAddress = check_if_empty('updateStatePrivilegesEmailAddress', 'Email Address cannot be empty!');
$updateStatePrivilegesState = check_if_empty('updateStatePrivilegesState', 'You must select a State!');
//check to make sure State data is in the array of valid states, or "Not a State Editor". if not, show an error.
if (empty($errorArray['updateStatePrivilegesState'])) {
if (!in_array($updateStatePrivilegesState, $listOfStates) && $updateStatePrivilegesState != 'Not a State Editor') {
$errorArray['updateStatePrivilegesState'] = '<p class="form-error">You must select a State from the dropdown list!</p>';
}
}
//get database connection named $geologyDBConnection
require '../secure-includes/db-connection.php';
//check to make sure the email is already being used in the database (each editor has a unique email address)
$checkEmailSQL = "SELECT * FROM geology_instructor_editors WHERE email = '{$updateStatePrivilegesEmailAddress}'";
$emailCheckResult = mysqli_query($geologyDBConnection, $checkEmailSQL);
//only continue if an editor already exists with this email. show an error otherwise.
if (!$emailCheckResult || $emailCheckResult && mysqli_num_rows($emailCheckResult) != 1) {
$errorArray['noEditorWithThatEmail'] = '<p class="form-error">No editor exists with that email!</p>';
}
}
//if form was submitted and a contact id was found in the get array, and the row with the given contact id exists, validate submitted data
if (isset($_POST['submit']) && !empty($contact_id) && !isset($noRowFound)) {
//check to make sure all required fields are filled out and put data into variables
//note that check_if_empty also cleans the data, if found.
$updateContactFName = check_if_empty('updateContactFName', 'First Name cannot be empty!');
$updateContactLName = check_if_empty('updateContactLName', 'Last Name cannot be empty!');
$updateContactEmailAddress = check_if_empty('updateContactEmailAddress', 'Email Address cannot be empty!');
$updateContactPhoneNumber = check_if_empty('updateContactPhoneNumber', 'Phone Number cannot be empty!');
$updateContactState = check_if_empty('updateContactState', 'You must select a State!');
$updateContactCity = check_if_empty('updateContactCity', 'City cannot be empty!');
$updateContactZIP = check_if_empty('updateContactZIP', 'ZIP cannot be empty!');
$updateContactAddressLine1 = check_if_empty('updateContactAddressLine1', 'Address Line 1 cannot be empty!');
$updateContactInstitution = check_if_empty('updateContactInstitution', 'Institution cannot be empty!');
$updateContactDepartment = check_if_empty('updateContactDepartment', 'Department cannot be empty!');
$updateContactPrimaryTitle = check_if_empty('updateContactPrimaryTitle', 'Primary Title cannot be empty!');
//optional fields; therefore, they are allowed to be empty.
$updateContactAddressLine2 = empty($_POST['updateContactAddressLine2']) ? '' : $_POST['updateContactAddressLine2'];
$updateContactDepartmentWebsite = empty($_POST['updateContactDepartmentWebsite']) ? '' : $_POST['updateContactDepartmentWebsite'];
$updateContactIndividualWebsite = empty($_POST['updateContactIndividualWebsite']) ? '' : $_POST['updateContactIndividualWebsite'];
$updateContactCampus = empty($_POST['updateContactCampus']) ? '' : $_POST['updateContactCampus'];
//check to make sure State data is in the array of valid states. if not, show an error.
if (empty($errorArray['updateContactState'])) {
if (!in_array($updateContactState, $listOfStates)) {
$errorArray['updateContactState'] = '<span class="form-error">You must select a State from the dropdown list!</span>';
}
}
//clean optional fields, as they were not checked using check_if_empty (and therefore were not cleaned).
$updateContactAddressLine2 = clean_data($updateContactAddressLine2);
$updateContactDepartmentWebsite = clean_data($updateContactDepartmentWebsite);
$updateContactIndividualWebsite = clean_data($updateContactIndividualWebsite);
$addContactCampus = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
//check to make sure all required fields are filled out and put data into variables
//note that check_if_empty also cleans the data, if found.
$addContactFName = check_if_empty('addContactFName', 'First Name cannot be empty!');
$addContactLName = check_if_empty('addContactLName', 'Last Name cannot be empty!');
$addContactEmailAddress = check_if_empty('addContactEmailAddress', 'Email Address cannot be empty!');
$addContactPhoneNumber = check_if_empty('addContactPhoneNumber', 'Phone Number cannot be empty!');
$addContactState = check_if_empty('addContactState', 'You must select a State!');
$addContactCity = check_if_empty('addContactCity', 'City cannot be empty!');
$addContactZIP = check_if_empty('addContactZIP', 'ZIP cannot be empty!');
$addContactAddressLine1 = check_if_empty('addContactAddressLine1', 'Address Line 1 cannot be empty!');
$addContactInstitution = check_if_empty('addContactInstitution', 'Institution cannot be empty!');
$addContactDepartment = check_if_empty('addContactDepartment', 'Department cannot be empty!');
$addContactPrimaryTitle = check_if_empty('addContactPrimaryTitle', 'Primary Title cannot be empty!');
//optional fields; therefore, they are allowed to be empty.
$addContactAddressLine2 = empty($_POST['addContactAddressLine2']) ? '' : $_POST['addContactAddressLine2'];
$addContactDepartmentWebsite = empty($_POST['addContactDepartmentWebsite']) ? '' : $_POST['addContactDepartmentWebsite'];
$addContactIndividualWebsite = empty($_POST['addContactIndividualWebsite']) ? '' : $_POST['addContactIndividualWebsite'];
$addContactCampus = empty($_POST['addContactCampus']) ? '' : $_POST['addContactCampus'];
//check to make sure State data is in the array of valid states. if not, show an error.
if (empty($errorArray['addContactState'])) {
if (!in_array($addContactState, $listOfStates)) {
$errorArray['addContactState'] = '<span class="form-error">You must select a State from the dropdown list!</span>';
}
}
//clean optional fields, as they were not checked using check_if_empty (and therefore were not cleaned).
$addContactAddressLine2 = clean_data($addContactAddressLine2);
$addContactDepartmentWebsite = clean_data($addContactDepartmentWebsite);
$addContactIndividualWebsite = clean_data($addContactIndividualWebsite);