display_errorbox("Must select the target sub-account."); $bapi = connect_bronto_session($fm_sessionid); $accounts = get_all_accounts($bapi); sort_accounts_by_name($accounts); print_agency_login_form($fm_username, $fm_password, $fm_sitename, $fm_siteid, $fm_sessionid, $accounts); } else { $login_info = bronto_user_login($fm_username, $fm_password, $fm_sitename, $fm_siteid); process_login($login_info, $fm_username, $fm_password, $fm_sitename); } } } else { if ($fm_stage == "userinfo") { $dbh = open_db(); // we could obtain the username from the userinfo form itself, but this could allow a malicious user to // change the user information for a user other than him/herself; a DB lookup is used instead $username = db_get_session_user($dbh, $fm_sessionid); if ($username) { $got_error = false; $userinfo = array('firstname' => $fm_firstname, 'lastname' => $fm_lastname, 'email' => $fm_email, 'phone' => $fm_phone); if ($fm_firstname && $fm_lastname && $fm_email && $fm_phone) { if (is_valid_email($fm_email)) { if (db_update_user_info($dbh, $username, $userinfo) == true) { print_message_select_form($bapi, $fm_sessionid); } else { display_errorbox("Unable to update user information for user " . $username . "."); print_request_login_form($username); } } else { display_errorbox("Must provide a valid e-mail address."); $got_error = true; }
function db_get_session_user_email($p_dbh, $session_id) { $dbh = $p_dbh == null ? open_db() : $p_dbh; $username = db_get_session_user($dbh, $session_id); $email = null; if ($username) { $email = db_get_user_email($dbh, $username); } $dbh = null; return $email; }