////////////////////////////////// if ($_POST["staff_id"] == "") { $record->insertRecord(); $ok_record_id = $record->getRecordId(); } else { $record->updateRecord("brief"); } // Show feedback $feedback = $record->getMessage(); // See query? //$record->deBug(); } else { ///////////////////// // Start the record display //////////////////// $record = new Staff($ok_record_id, '', TRUE); // show feedback if it isn't already set if (!$feedback) { $feedback = $record->getMessage(); } echo "<div class=\"feedback\">{$feedback}</div><br /><br />"; } $record->outputSelfEditForm(); //$record->deBug(); include "../includes/footer.php"; ?> <script type="text/javascript"> var headshot_location = "<?php print $record->getHeadshotLoc();
// make sure there's a record_id if ($ok_record_id != "") { // do the delete $record = new Staff($ok_record_id, "delete", TRUE); $record->deleteRecord(); //$record->deBug(); // Show feedback $feedback = $record->getMessage(); // Make form empty } else { $feedback = _("There is no record by that ID."); } } if (isset($_POST["submit_record"])) { // Submit form $record = new Staff($_POST["staff_id"], "post", TRUE); ////////////////////////////////// // Is this an insert or an update? ////////////////////////////////// if ($_POST["staff_id"] == "") { $record->insertRecord(); $ok_record_id = $record->getRecordId(); } else { $record->updateRecord(); } // Show feedback $feedback = $record->getMessage(); // See query? // $record->deBug(); } /////////////////////
exit; } if (is_numeric($_REQUEST["staff_id"])) { $staff_id = $_REQUEST["staff_id"]; } else { print _("Perhaps you have come here by a funny path?"); exit; } /// Create our record $record = new Staff($staff_id); $staff_name = $record->getFullName(); // See if a password has been submitted if (isset($_POST['add_bio'])) { $p_result = $record->updateBio($_POST["bio"]); if ($p_result) { $feedback = "<div class=\"feedback\">" . _("Bio updated. Close window to continue.") . "</div><br />"; } else { $feedback = "<div class=\"feedback\">" . _("There was a problem. Contact the admin.") . "</div><br />"; } /// Create our record again $record = new Staff($staff_id); $staff_name = $record->getFullName(); } else { $feedback = ""; } print "{$feedback}\n<div id=\"maincontent\">\n<h2 class=\"bw_head\">" . _("Update Biography for ") . " {$staff_name}</h2>\n<form id=\"bio_form\" action=\"\" method=\"post\">\n<input type=\"hidden\" name=\"staff_id\" value=\"" . $_REQUEST["staff_id"] . "\" />\n<div class=\"box no_overflow\">\n<p>" . _("Please only include professional details.") . "</p><br />"; // Create our box now $record->outputBioForm(); print "</div>\n <div class=\"box no_overflow\">\n <button class=\"button\" id=\"add_bio\" name=\"add_bio\">" . _("Update Bio") . "</button>\n </div>\n </form>\n </div>"; include "../includes/footer.php"; //$record->deBug();
include "../includes/header.php"; // Connect to database // Make sure they have permission to change a password // needs to be either theirs, or they're an admin if ($_REQUEST["staff_id"] != $_SESSION["staff_id"] && $_SESSION["admin"] != "1") { echo "<p>" . _("You are not authorized to view this.") . "</p>"; exit; } if (is_numeric($_REQUEST["staff_id"])) { $staff_id = $_REQUEST["staff_id"]; } else { print _("Perhaps you have come here by a funny path?"); exit; } /// Create our record $record = new Staff($staff_id); // Generate form box $password_box = $record->outputPasswordForm(); $staff_name = $record->getFullName(); // See if a password has been submitted if (isset($_POST['action']) && $_POST['action'] == 'password') { if ($_POST["password"] != "") { if ($record->correctPassword($_POST['password'])) { $pass_result = $record->updatePassword($_POST["password"]); if ($pass_result == TRUE) { $feedback = "<div class=\"box\">" . _("Password updated. Close this box to continue.") . "</div>"; $password_box = ""; } else { $feedback = "<div class=\"box\">" . _("There was a problem. Contact the admin.") . "</div>"; } } else {
<?php /** * @file index.php * @brief Splash page for admin (after successful login) * * @author adarby * @date May 2011 */ use SubjectsPlus\Control\Staff; $page_title = "SubjectsPlus"; $subcat = "home"; include __DIR__ . '/includes/header.php'; $full_name = $_SESSION["fname"] . " " . $_SESSION["lname"]; $recent_activity = seeRecentChanges($_SESSION["staff_id"]); $user = new Staff($_SESSION["staff_id"]); $headshot = $user->getHeadshot($_SESSION["email"], "medium"); ////////////// //Permissions ////////////// $mod_bio = ""; $mod_photo = ""; $view_contact_info = ""; if ($_SESSION['user_type_id'] == '1') { // allow user to update their own bio? if (isset($user_bio_update) && $user_bio_update == TRUE) { $mod_bio = "<p class=\"tight\"><img src=\"{$IconPath}/required.png\" class=\"bullet\" alt=\"bullet\" /> <a href=\"includes/set_bio.php?staff_id=" . $_SESSION['staff_id'] . "\" class=\"showsmall\">Update Your Biographical Details</a></p>"; } // allow user to update their own photo? if (isset($user_photo_update) && $user_photo_update == TRUE) { $mod_photo = "<p class=\"tight\"><img src=\"{$IconPath}/required.png\" class=\"bullet\" alt=\"bullet\" /> <a href=\"includes/set_picture.php?staff_id=" . $_SESSION['staff_id'] . "\" id=\"load_photo\">Update Headshot</a></p>";
} else { $lobjTodayDate = new DateTime(); //The code is a hased string composed of the user's email, installation's salt, and today's date MMDDYYYY $lstrCode = md5($lobjStaff->getEmail() . $salt . $lobjTodayDate->format('mdY')); $lstrMessage = "Hello {$lobjStaff->getFullName()},\n\nHere is the link to reset your password. Link only works for three days. {$BaseURL}control/forgotpassword.php?id={$lobjStaff->getRecordID()}&code={$lstrCode}"; mail($lobjStaff->getEmail(), 'Reset password for SubjectsPlus', $lstrMessage, "From: {$administrator_email}"); $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br /><strong>" . _("An email has been sent to reset your password. Please click the link in the email and follow the instructions.") . "</strong></p>"; } } else { $lobjStaff = new Staff(); $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br />" . _("Please enter your <strong>email</strong> so we can email you a link to reset your password.") . "</p>"; $lstrForm = $lobjStaff->outputEmailForm(); } } else { $_SESSION['staff_id'] = $_GET['id']; $lobjStaff = new Staff($_GET['id']); if (isset($_POST['password'])) { if ($lobjStaff->correctPassword($_POST['password'])) { if ($_POST['password'] == $_POST['password_confirm']) { $lobjStaff->updatePassword(trim($_POST['password'])); $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br />" . _("Password has been updated.") . "</p>"; $introtext .= '<br><p align="center"><a href="login.php">Login</a></p>'; } else { $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br /><span style=\"background-color:yellow;\">" . _("Passwords did not match.") . "</span><br />" . _("Please enter your new password.") . "<br /><strong>" . _("Password must have at least one letter, one number, one special character, and be at least 6 characters long.") . "</strong></p>"; $lstrForm = $lobjStaff->outputResetPasswordForm(); } } else { $introtext = "<p align=\"center\" style=\"clear: both;\" class=\"smaller\"><br /><span style=\"background-color:yellow;\">" . _("Password doesn't meet requirements.") . "</span><br />" . _("Please enter your new password.") . "<br /><strong>" . _("Password must have at least one letter, one number, one special character, and be at least 6 characters long.") . "</strong></p>"; $lstrForm = $lobjStaff->outputResetPasswordForm(); } } else {