コード例 #1
0
require 'includes/check-editor-id.php';
//if user is logged in, different buttons will appear in the account links div.
if (isset($editor_id)) {
    $loggedIn = true;
}
//error array starts empty, but will contain any errors generated.
$errorArray = array();
//set variables for form fields to empty strings
$loginEmail = '';
$loginPassword = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
    //check to make sure all required fields are filled out and put data into variables
    //note that check_if_empty also cleans the data, if found.
    $loginEmail = check_if_empty('loginEmail', 'Email Address cannot be empty!');
    $loginPassword = check_if_empty('loginPassword', 'Password cannot be empty!');
    //if everything is valid, log the editor in by setting a session variable.
    if (empty($errorArray)) {
        //get database connection named $geologyDBConnection
        require '../secure-includes/db-connection.php';
        //escape data for mySQL database
        $loginEmail = mysqli_real_escape_string($geologyDBConnection, $loginEmail);
        $loginPassword = mysqli_real_escape_string($geologyDBConnection, $loginPassword);
        //check for an editor with the given email and password
        $loginSQL = "SELECT * FROM geology_instructor_editors WHERE email = '{$loginEmail}' AND password = SHA1('{$loginPassword}')";
        $loginResult = mysqli_query($geologyDBConnection, $loginSQL);
        //if the editor exists, set session variable. otherwise, display error about invalid email/password.
        if ($loginResult && mysqli_num_rows($loginResult) == 1) {
            //get editor id from result
            $row = mysqli_fetch_array($loginResult);
            $editor_id = $row['editor_id'];
コード例 #2
0
if (isset($editor_id)) {
    $loggedIn = true;
}
//error array starts empty, but will contain any errors generated.
$errorArray = array();
//set variables for form fields to empty strings
$addEditorEmail = '';
$addEditorPassword = '';
$addEditorConfirmPassword = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
    //check to make sure all required fields are filled out and put data into variables
    //note that check_if_empty also cleans the data, if found.
    $addEditorEmail = check_if_empty('addEditorEmail', 'Email Address cannot be empty!');
    $addEditorPassword = check_if_empty('addEditorPassword', 'Password cannot be empty!');
    $addEditorConfirmPassword = check_if_empty('addEditorConfirmPassword', 'Repeat Password cannot be empty!');
    //both passwords must match to continue. only show this error if both fields were entered.
    if (!empty($errorArray['addEditorPassword']) && !empty($errorArray['addEditorConfirmPassword']) && $addEditorPassword != $addEditorConfirmPassword) {
        $errorArray['passwordsDoNotMatch'] = '<p><span class="form-error">Passwords do not match. Try again.</span></p>';
    }
    //if everything is valid, add instructor contact data to database and redirect to table page.
    if (empty($errorArray)) {
        //get database connection named $geologyDBConnection
        require '../secure-includes/db-connection.php';
        //escape data for mySQL database
        $addEditorEmail = mysqli_real_escape_string($geologyDBConnection, $addEditorEmail);
        $addEditorPassword = mysqli_real_escape_string($geologyDBConnection, $addEditorPassword);
        //check to make sure the email is not already being used in the database (each editor has a unique email address)
        $checkEmailSQL = "SELECT * FROM geology_instructor_editors WHERE email = '{$addEditorEmail}'";
        $emailCheckResult = mysqli_query($geologyDBConnection, $checkEmailSQL);
        //only continue if no editor already exists with this email. show an error otherwise.
//redirect the user if not logged in
if (!isset($editor_id)) {
    //redirect to login
    header('location: login.php');
}
//set variables for form fields to empty strings
$updatePassword = '';
$updatePasswordNew = '';
$updatePasswordConfirm = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
    //check to make sure all required fields are filled out and put data into variables
    //note that check_if_empty also cleans the data, if found.
    $updatePassword = check_if_empty('updatePassword', 'You must enter your current password.');
    $updatePasswordNew = check_if_empty('updatePasswordNew', 'You must enter a new password.');
    $updatePasswordConfirm = check_if_empty('updatePasswordConfirm', 'You must enter your new password.');
    //only continue if the new password and confirm password fields match and are not empty.
    if ($updatePasswordNew != $updatePasswordConfirm) {
        $errorArray['passwordMismatch'] = '<p class="form-error">New password and confirm password fields do not match.</p>';
    }
    if (empty($errorArray)) {
        //get database connection named $geologyDBConnection
        require '../secure-includes/db-connection.php';
        //escape current password for mySQL
        $updatePassword = mysqli_real_escape_string($geologyDBConnection, $updatePassword);
        //check to make sure the email is already being used in the database (each editor has a unique email address)
        $checkPasswordSQL = "SELECT * FROM geology_instructor_editors WHERE";
        $checkPasswordSQL .= " editor_id = {$editor_id} AND password = SHA1('{$updatePassword}')";
        $passwordCheckResult = mysqli_query($geologyDBConnection, $checkPasswordSQL);
        //only continue if an editor is found with this password. show an error otherwise.
        if (!$passwordCheckResult || $passwordCheckResult && mysqli_num_rows($passwordCheckResult) != 1) {
if ($editorPrivileges['super_user'] == 1) {
    $superEditor = true;
} else {
    header('location:login.php');
}
//close connection
mysqli_close($geologyDBConnection);
//set variables for form fields to empty strings
$updateStatePrivilegesEmailAddress = '';
$updateStatePrivilegesState = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
    //check to make sure all required fields are filled out and put data into variables
    //note that check_if_empty also cleans the data, if found.
    $updateStatePrivilegesEmailAddress = check_if_empty('updateStatePrivilegesEmailAddress', 'Email Address cannot be empty!');
    $updateStatePrivilegesState = check_if_empty('updateStatePrivilegesState', 'You must select a State!');
    //check to make sure State data is in the array of valid states, or "Not a State Editor". if not, show an error.
    if (empty($errorArray['updateStatePrivilegesState'])) {
        if (!in_array($updateStatePrivilegesState, $listOfStates) && $updateStatePrivilegesState != 'Not a State Editor') {
            $errorArray['updateStatePrivilegesState'] = '<p class="form-error">You must select a State from the dropdown list!</p>';
        }
    }
    //get database connection named $geologyDBConnection
    require '../secure-includes/db-connection.php';
    //check to make sure the email is already being used in the database (each editor has a unique email address)
    $checkEmailSQL = "SELECT * FROM geology_instructor_editors WHERE email = '{$updateStatePrivilegesEmailAddress}'";
    $emailCheckResult = mysqli_query($geologyDBConnection, $checkEmailSQL);
    //only continue if an editor already exists with this email. show an error otherwise.
    if (!$emailCheckResult || $emailCheckResult && mysqli_num_rows($emailCheckResult) != 1) {
        $errorArray['noEditorWithThatEmail'] = '<p class="form-error">No editor exists with that email!</p>';
    }
コード例 #5
0
}
//if form was submitted and a contact id was found in the get array, and the row with the given contact id exists, validate submitted data
if (isset($_POST['submit']) && !empty($contact_id) && !isset($noRowFound)) {
    //check to make sure all required fields are filled out and put data into variables
    //note that check_if_empty also cleans the data, if found.
    $updateContactFName = check_if_empty('updateContactFName', 'First Name cannot be empty!');
    $updateContactLName = check_if_empty('updateContactLName', 'Last Name cannot be empty!');
    $updateContactEmailAddress = check_if_empty('updateContactEmailAddress', 'Email Address cannot be empty!');
    $updateContactPhoneNumber = check_if_empty('updateContactPhoneNumber', 'Phone Number cannot be empty!');
    $updateContactState = check_if_empty('updateContactState', 'You must select a State!');
    $updateContactCity = check_if_empty('updateContactCity', 'City cannot be empty!');
    $updateContactZIP = check_if_empty('updateContactZIP', 'ZIP cannot be empty!');
    $updateContactAddressLine1 = check_if_empty('updateContactAddressLine1', 'Address Line 1 cannot be empty!');
    $updateContactInstitution = check_if_empty('updateContactInstitution', 'Institution cannot be empty!');
    $updateContactDepartment = check_if_empty('updateContactDepartment', 'Department cannot be empty!');
    $updateContactPrimaryTitle = check_if_empty('updateContactPrimaryTitle', 'Primary Title cannot be empty!');
    //optional fields; therefore, they are allowed to be empty.
    $updateContactAddressLine2 = empty($_POST['updateContactAddressLine2']) ? '' : $_POST['updateContactAddressLine2'];
    $updateContactDepartmentWebsite = empty($_POST['updateContactDepartmentWebsite']) ? '' : $_POST['updateContactDepartmentWebsite'];
    $updateContactIndividualWebsite = empty($_POST['updateContactIndividualWebsite']) ? '' : $_POST['updateContactIndividualWebsite'];
    $updateContactCampus = empty($_POST['updateContactCampus']) ? '' : $_POST['updateContactCampus'];
    //check to make sure State data is in the array of valid states. if not, show an error.
    if (empty($errorArray['updateContactState'])) {
        if (!in_array($updateContactState, $listOfStates)) {
            $errorArray['updateContactState'] = '<span class="form-error">You must select a State from the dropdown list!</span>';
        }
    }
    //clean optional fields, as they were not checked using check_if_empty (and therefore were not cleaned).
    $updateContactAddressLine2 = clean_data($updateContactAddressLine2);
    $updateContactDepartmentWebsite = clean_data($updateContactDepartmentWebsite);
    $updateContactIndividualWebsite = clean_data($updateContactIndividualWebsite);
コード例 #6
0
$addContactCampus = '';
//if form was submitted, validate submitted data
if (isset($_POST['submit'])) {
    //check to make sure all required fields are filled out and put data into variables
    //note that check_if_empty also cleans the data, if found.
    $addContactFName = check_if_empty('addContactFName', 'First Name cannot be empty!');
    $addContactLName = check_if_empty('addContactLName', 'Last Name cannot be empty!');
    $addContactEmailAddress = check_if_empty('addContactEmailAddress', 'Email Address cannot be empty!');
    $addContactPhoneNumber = check_if_empty('addContactPhoneNumber', 'Phone Number cannot be empty!');
    $addContactState = check_if_empty('addContactState', 'You must select a State!');
    $addContactCity = check_if_empty('addContactCity', 'City cannot be empty!');
    $addContactZIP = check_if_empty('addContactZIP', 'ZIP cannot be empty!');
    $addContactAddressLine1 = check_if_empty('addContactAddressLine1', 'Address Line 1 cannot be empty!');
    $addContactInstitution = check_if_empty('addContactInstitution', 'Institution cannot be empty!');
    $addContactDepartment = check_if_empty('addContactDepartment', 'Department cannot be empty!');
    $addContactPrimaryTitle = check_if_empty('addContactPrimaryTitle', 'Primary Title cannot be empty!');
    //optional fields; therefore, they are allowed to be empty.
    $addContactAddressLine2 = empty($_POST['addContactAddressLine2']) ? '' : $_POST['addContactAddressLine2'];
    $addContactDepartmentWebsite = empty($_POST['addContactDepartmentWebsite']) ? '' : $_POST['addContactDepartmentWebsite'];
    $addContactIndividualWebsite = empty($_POST['addContactIndividualWebsite']) ? '' : $_POST['addContactIndividualWebsite'];
    $addContactCampus = empty($_POST['addContactCampus']) ? '' : $_POST['addContactCampus'];
    //check to make sure State data is in the array of valid states. if not, show an error.
    if (empty($errorArray['addContactState'])) {
        if (!in_array($addContactState, $listOfStates)) {
            $errorArray['addContactState'] = '<span class="form-error">You must select a State from the dropdown list!</span>';
        }
    }
    //clean optional fields, as they were not checked using check_if_empty (and therefore were not cleaned).
    $addContactAddressLine2 = clean_data($addContactAddressLine2);
    $addContactDepartmentWebsite = clean_data($addContactDepartmentWebsite);
    $addContactIndividualWebsite = clean_data($addContactIndividualWebsite);