<header>
<h2 class="title"><?php
echo $pname;
?>
: Submitted applications</h2>
<p>Click on an application to see more.</p>
<?php
if (!is_reviewer()) {
?>
<p>Only you and the staff can see your application.</p>
<?php
}
?>
</header>
<div class="app-list-sort push-group">
<a href="<?php
echo SITE_URL;
?>
list/<?php
echo $pname;
?>
/All" class="push">All</a>
<a href="<?php
echo SITE_URL;
?>
list/<?php
echo $pname;
?>
/Pending" class="push yellow">Pending</a>
<a href="<?php
db_update_request_status_user($dbh, $_SESSION['requestid'], "UNDER_REVIEW", "", $_SESSION['username']);
}
print_review_login_form("", "", $request_id);
}
//ab
} else {
if ($fm_stage == "auth") {
if (empty($fm_username) || empty($fm_password)) {
display_errorbox("Must specify both a username and a password.");
print_review_login_form($fm_username, $fm_password, $fm_requestid);
} else {
$dbh = open_db();
// attempt local (DB) authentication, or LDAP authentication
$userinfo = authenticate_reviewer($dbh, $fm_username, $fm_password);
if ($userinfo !== null) {
if (is_reviewer($userinfo)) {
$_SESSION['auth'] = true;
$_SESSION['username'] = $fm_username;
if (db_update_user_last_login($dbh, $fm_username) == false) {
echo "Unable to record login date/time.";
}
if (empty($fm_requestid)) {
require_once './include/display_listrequest.php';
//AB //show request list
print_requestid_form();
} else {
prepare_message_review($dbh, $fm_requestid);
}
} else {
display_errorbox("Only authorized Senate reviewers can use this site.");
print_review_login_form($fm_username, $fm_password, $fm_requestid);
function app_add_note($app, $text)
{
if (!is_reviewer()) {
return false;
}
$note = array('reviewer' => user_email(), 'type' => 'comment', 'time' => time(), 'text' => $text);
$app->notes[] = $note;
app_save($app);
return true;
}
if (!is_reviewer()) {
render('err403', null, false);
return;
}
$users = account_list();
uasort($users, 'account_group_cmp');
render('user_list', array('head_title' => 'Users', 'users' => $users));
});
// The url router wasn't matching "/users/:email" probably something to do with the @ and the dots in emails
if (startsWith(request_uri(), '/users/') && strlen(trim(request_uri(), '/')) > 5) {
$email = remove_first(request_uri(), '/users/');
if (!account_exists($email)) {
render('err404', null, false);
die;
}
if ($email !== user_email() && !is_reviewer()) {
render('err403', null, false);
die;
}
$data = account_data($email);
$email = $data['email'];
if (request_method() == 'GET') {
render('user', array('head_title' => $data['email'], 'user' => $data, 'user_apps' => app_get_user($data['email'], valid_bool(from($_REQUEST, 'show-deleted'))), 'is_self' => user_email() == $email));
} else {
if (request_method() == 'POST') {
$action = from($_REQUEST, 'action');
switch (strtolower($action)) {
case 'desc':
account_change_desc($email, from($_REQUEST, 'desc'));
redirect('/users/' . $email);
break;
}
</script>
</head>
<body>
<div id="page">
<div id="top">
<div id="title">
<a href="<?php
echo SITE_URL;
?>
"><h2><?php
echo site_title();
?>
</h2></a>
<?php
if (is_reviewer()) {
?>
<a href="<?php
echo SITE_URL;
?>
users">users</a>
<?php
}
?>
</div>
<div id="user-top">
<?php
if (logged_in()) {
?>
<a href="<?php
echo SITE_URL;