$ERROR++; $ERRORSTR[] = "You must provide the firstname of the key contact."; } if (isset($_POST["keys_lastname"]) && ($tmp_input = clean_input($_POST["keys_lastname"], array("trim", "notags")))) { $PROCESSED["keys_lastname"] = $tmp_input; } else { $ERROR++; $ERRORSTR[] = "You must provide the lastname of the key contact."; } if (isset($_POST["keys_phone"]) && ($tmp_input = clean_input($_POST["keys_phone"], array("trim", "notags")))) { $PROCESSED["keys_phone"] = $tmp_input; } else { $ERROR++; $ERRORSTR[] = "You must provide the telephone number of the key contact."; } if (isset($_POST["keys_email"]) && ($tmp_input = clean_input($_POST["keys_email"], array("trim", "notags"))) && valid_address($tmp_input)) { $PROCESSED["keys_email"] = $tmp_input; } else { $ERROR++; $ERRORSTR[] = "You must provide a valid e-mail address for the key contact."; } } /** * Required field "release_date" / Available Start (validated through validate_calendars function). * Non-required field "release_until" / Available Finish (validated through validate_calendars function). */ $available_date = validate_calendars("available", true, false, false); if (isset($available_date["start"]) && (int) $available_date["start"]) { $PROCESSED["available_start"] = (int) $available_date["start"]; } else { $PROCESSED["available_start"] = 0;
if (isset($_POST['submit_edits'])) { $firstname = $_POST['textbox_FirstName']; $lastname = $_POST['textbox_LastName']; $address = $_POST['textbox_Address']; $gender = $_POST['gender']; $mobile = $_POST['textbox_Mobile']; $firstname = htmlspecialchars($firstname); $lastname = htmlspecialchars($lastname); $address = htmlspecialchars($address); if (!valid_name($firstname)) { echo "Invalid First name<br/>"; } else { if (!valid_name($lastname)) { echo "Invalid Last name<br/>"; } else { if (!valid_address($address)) { echo "Invalid Address name<br/>"; } else { if (!ctype_digit($mobile)) { echo "Invalid Mobile Number<br/>"; } else { update_user($user_id, 'FirstName', $firstname); update_user($user_id, 'LastName', $lastname); update_user($user_id, 'Address', $address); update_user($user_id, 'Gender', $gender); update_user($user_id, 'Mobile', $mobile); } } } } }
switch ($STEP) { case 6: case 5: if (isset($_POST["admin_firstname"]) && ($admin_firstname = clean_input($_POST["admin_firstname"], "trim"))) { $PROCESSED["admin_firstname"] = $admin_firstname; } else { $ERROR++; $ERRORSTR[] = "The first name of the administrator for your install of Entrada must be entered before continuing."; } if (isset($_POST["admin_lastname"]) && ($admin_lastname = clean_input($_POST["admin_lastname"], "trim"))) { $PROCESSED["admin_lastname"] = $admin_lastname; } else { $ERROR++; $ERRORSTR[] = "The last name of the administrator for your install of Entrada must be entered before continuing."; } if (isset($_POST["admin_email"]) && ($admin_email = clean_input($_POST["admin_email"], array("trim", "lower"))) && @valid_address($admin_email)) { $PROCESSED["admin_email"] = $admin_email; } else { $ERROR++; $ERRORSTR[] = "A valid E-mail for the administrator of your install of Entrada must be entered before continuing."; } if (isset($_POST["admin_username"]) && ($admin_username = clean_input($_POST["admin_username"], "credentials"))) { $PROCESSED["admin_username"] = $admin_username; } else { $ERROR++; $ERRORSTR[] = "The username of the administrator for your install of Entrada must be entered before continuing."; } if (isset($_POST["admin_password"]) && ($admin_password = $_POST["admin_password"])) { if (isset($_POST["re_admin_password"]) && ($re_admin_password = $_POST["re_admin_password"]) && $re_admin_password == $admin_password) { $PROCESSED["admin_password_hash"] = md5($re_admin_password); } else {
} $BREADCRUMB[] = array("url" => ENTRADA_RELATIVE . "/", "title" => APPLICATION_NAME); $BREADCRUMB[] = array("url" => ENTRADA_RELATIVE . "/password_reset", "title" => "Password Reset"); if (!isset($_SESSION["reset_page_accesses"])) { $_SESSION["reset_page_accesses"] = 1; } else { $_SESSION["reset_page_accesses"]++; } /** * Fetch the hash from the URL if it exists. */ $hash = isset($_GET["hash"]) && ($tmp_input = clean_input($_GET["hash"], array("notags", "nows"))) ? $tmp_input : false; /** * Fetch the e-mail address from the form post if it exists. */ if (isset($_POST["email_address"]) && valid_address($_POST["email_address"]) && ($tmp_input = clean_input($_POST["email_address"]))) { $email_address = $tmp_input; } else { $email_address = false; } ?> <h1><?php echo APPLICATION_NAME; ?> Password Reset</h1> <?php if ($hash) { if (isset($_POST["npassword1"]) && isset($_POST["npassword2"])) { $STEP = 4;
$ERROR++; $ERRORSTR[] = "The primary e-mail address is a required field."; } /** * Non-required field "office_hours" / Office Hours. */ if (isset($_POST["office_hours"]) && ($office_hours = clean_input($_POST["office_hours"], array("notags", "encode", "trim")))) { $PROCESSED["office_hours"] = strlen($office_hours) > 100 ? substr($office_hours, 0, 97) . "..." : $office_hours; } else { $PROCESSED["office_hours"] = ""; } /** * Non-required field "email_alt" / Alternative E-Mail. */ if (isset($_POST["email_alt"]) && ($email_alt = clean_input($_POST["email_alt"], "trim", "lower"))) { if (@valid_address($email_alt)) { $PROCESSED["email_alt"] = $email_alt; } else { $ERROR++; $ERRORSTR[] = "The alternative e-mail address you have provided is invalid. Please make sure that you provide a properly formatted e-mail address or leave this field empty if you do not wish to display one."; } } else { $PROCESSED["email_alt"] = ""; } /** * Non-required field "telephone" / Telephone Number. */ if (isset($_POST["telephone"]) && ($telephone = clean_input($_POST["telephone"], "trim")) && strlen($telephone) >= 10 && strlen($telephone) <= 25) { $PROCESSED["telephone"] = $telephone; } else { $PROCESSED["telephone"] = "";
$ERRORSTR[] = "The firstname of the user is a required field."; } /** * Required field "lastname" / Lastname. */ if (isset($_POST["lastname"]) && ($lastname = clean_input($_POST["lastname"], "trim"))) { $PROCESSED["lastname"] = $lastname; } else { $ERROR++; $ERRORSTR[] = "The lastname of the user is a required field."; } /** * Required field "email" / Primary E-Mail. */ if (isset($_POST["email"]) && ($email = clean_input($_POST["email"], "trim", "lower"))) { if (@valid_address($email)) { $query = "SELECT * FROM `" . AUTH_DATABASE . "`.`user_data`\n\t\t\t\t\t\t\t\t\t\t\t\tLEFT JOIN `" . AUTH_DATABASE . "`.`user_access` ON `user_access`.`user_id` = `user_data`.`id`\n\t\t\t\t\t\t\t\t\t\t\t\tWHERE `user_data`.`email` = " . $db->qstr($email) . "\n\t\t\t\t\t\t\t\t\t\t\t\tAND (`user_access`.`group` != 'guest' && `user_access`.`role` != 'communityinvite');"; $result = $db->GetRow($query); if ($result) { $ERROR++; $ERRORSTR[] = "The e-mail address <strong>" . html_encode($email) . "</strong> already exists in the system for username <strong>" . html_encode($result["username"]) . "</strong>. Please provide a unique e-mail address for this user or select the existing user on the <strong>Add Members</strong> tab."; } else { $PROCESSED["email"] = $email; } } else { $ERROR++; $ERRORSTR[] = "The primary e-mail address you have provided is invalid. Please make sure that you provide a properly formatted e-mail address."; } } else { $ERROR++; $ERRORSTR[] = "The primary e-mail address is a required field.";
function regionaled_apartment_notification($type, $to = array(), $keywords = array()) { global $ERROR, $NOTICE, $SUCCESS, $ERRORSTR, $NOTICESTR, $SUCCESSSTR, $AGENT_CONTACTS, $ENTRADA_TEMPLATE; if (!is_array($to) || !isset($to["email"]) || !valid_address($to["email"]) || !isset($to["firstname"]) || !isset($to["lastname"])) { application_log("error", "Attempting to send a regionaled_apartment_notification() how the recipient information was not complete."); return false; } if (!in_array($type, array("delete", "confirmation", "rejected"))) { application_log("error", "Encountered an unrecognized notification type [" . $type . "] when attempting to send a regionaled_apartment_notification()."); return false; } $xml_file = $ENTRADA_TEMPLATE->absolute() . "/email/regionaled-learner-accommodation-" . $type . ".xml"; $xml = @simplexml_load_file($xml_file); if ($xml && isset($xml->lang->{DEFAULT_LANGUAGE})) { $subject = trim($xml->lang->{DEFAULT_LANGUAGE}->subject); $message = trim($xml->lang->{DEFAULT_LANGUAGE}->body); foreach ($keywords as $keyword => $value) { $subject = str_ireplace("%" . strtoupper($keyword) . "%", $value, $subject); $message = str_ireplace("%" . strtoupper($keyword) . "%", $value, $message); } /** * Notify the learner they have been removed from this apartment. */ $mail = new Zend_Mail(); $mail->addHeader("X-Originating-IP", $_SERVER["REMOTE_ADDR"]); $mail->addHeader("X-Section", $keywords["department_tile"] . " Accommodations Module", true); $mail->clearFrom(); $mail->clearSubject(); $mail->setFrom($AGENT_CONTACTS["agent-regionaled"][$keywords["department_id"]]["email"], APPLICATION_NAME . $keywords["department_tile"] . " Accommodation System"); $mail->setSubject($subject); $mail->setBodyText(clean_input($message, "emailcontent")); $mail->clearRecipients(); $mail->addTo($to["email"], $to["firstname"] . " " . $to["lastname"]); if ($mail->send()) { return true; } else { $NOTICE++; $NOTICESTR[] = "We were unable to e-mail an e-mail notification <strong>" . $to["email"] . "</strong>.<br /><br />A system administrator was notified of this issue, but you may wish to contact this learner manually and let them know their accommodation has ben removed."; application_log("error", "Unable to send accommodation notification to [" . $to["email"] . "] / type [" . $type . "]. Zend_Mail said: " . $mail->ErrorInfo); } } else { application_log("error", "Unable to load the XML file [" . $xml_file . "] or the XML file did not contain the language requested [" . DEFAULT_LANGUAGE . "], when attempting to send a regional education notification."); } return false; }
$ERRORSTR[] = "You have selected "Other Teacher" from the teacher list but have not provided their firstname."; } /** * Required: other_teacher_lname / Lastname */ if (isset($_POST["other_teacher_lname"]) && ($other_teacher_lname = clean_input($_POST["other_teacher_lname"], array("trim", "notags")))) { $PROCESSED_TEACHER["lastname"] = $other_teacher_lname; } else { $ERROR++; $ERRORSTR[] = "You have selected "Other Teacher" from the teacher list but have not provided their lastname."; } /** * Not Required: other_teacher_email / E-Mail Address */ if (isset($_POST["other_teacher_email"]) && ($other_teacher_email = clean_input($_POST["other_teacher_email"], array("trim", "notags")))) { if (valid_address($other_teacher_email)) { $PROCESSED_TEACHER["email"] = $other_teacher_email; } else { $ERROR++; $ERRORSTR[] = "You have selected "Other Teacher" from the teacher list but you have provided us with an invalid e-mail address."; } } else { $PROCESSED_TEACHER["email"] = ""; } if (!$ERROR) { if ($PROCESSED_TEACHER["email"]) { $query = "SELECT `id` FROM `" . AUTH_DATABASE . "`.`user_data` WHERE `email` = " . $db->qstr($PROCESSED_TEACHER["email"]); $result = $db->GetRow($query); if ($result) { $PROCESSED["instructor_id"] = $result["id"]; }
*/ if (isset($_POST["fax"]) && ($fax = clean_input($_POST["fax"], array("notags", "trim")))) { $PROCESSED["fax"] = $fax; } /** * Non-required field "phone" / Phone. */ if (isset($_POST["phone"]) && ($phone = clean_input($_POST["phone"], array("notags", "trim")))) { $PROCESSED["phone"] = $phone; } /** * Required field "email" / Email. */ if (isset($_POST["email"]) && ($email = clean_input($_POST["email"], array("notags", "trim", "emailcontent")))) { $PROCESSED["email"] = $email; if (!valid_address($email)) { $ERROR++; $ERRORSTR[] = "The <strong>Email</strong> you provided is not valid."; } } else { $ERROR++; $ERRORSTR[] = "The <strong>Email</strong> field is required."; } /** * Required field "status" / Status. */ if (isset($_POST["event_status"]) && ($status = clean_input($_POST["event_status"], array("notags")))) { $PROCESSED["event_status"] = $status; } else { $ERROR++; $ERRORSTR[] = "The <strong>Status</strong> field is required.";
<?php include "../controller/headers.php"; $conn = db_connect(_DB_SERVER_, _DB_USER_, _DB_PASSWD_, _DB_NAME_); if (isset($_SESSION['id_customer']) && isset($_POST["mail"]) && valid_mail($_POST["mail"]) && isset($_POST["phone"]) && valid_phone($_POST["phone"]) && isset($_POST["address"]) && valid_address($_POST["address"]) && isset($_POST["delivery_address"]) && valid_address($_POST["delivery_address"]) && isset($_POST["shipping_address"]) && valid_address($_POST["shipping_address"]) && isset($_POST["postal"]) && valid_postal($_POST["postal"]) && isset($_POST["city"]) && valid_name($_POST["city"]) && isset($_POST["shipping_postal"]) && valid_postal($_POST["shipping_postal"]) && isset($_POST["shipping_city"]) && valid_name($_POST["shipping_city"]) && isset($_POST["delivery_postal"]) && valid_postal($_POST["delivery_postal"]) && isset($_POST["delivery_city"]) && valid_name($_POST["delivery_city"])) { $stmt = $conn->prepare("UPDATE gc_customers SET mail=:r_mail, phone=:r_phone, address=:r_address, \n\t\tdelivery_address=:r_delivery_address, shipping_address=:r_shipping_address, postal_code=:r_postal_code, city=:r_city, \n\t\tdelivery_postal_code=:r_delivery_postal_code, delivery_city=:r_delivery_city, \n\t\tshipping_postal_code=:r_shipping_postal_code, shipping_city=:r_shipping_city WHERE id_customer=:r_customer"); $stmt->execute(array('r_mail' => $_POST['mail'], 'r_phone' => $_POST['phone'], 'r_address' => $_POST['address'], 'r_delivery_address' => $_POST['delivery_address'], 'r_shipping_address' => $_POST['shipping_address'], 'r_postal_code' => $_POST['postal'], 'r_city' => $_POST['city'], 'r_delivery_postal_code' => $_POST['delivery_postal'], 'r_delivery_city' => $_POST['delivery_city'], 'r_shipping_postal_code' => $_POST['shipping_postal'], 'r_shipping_city' => $_POST['shipping_city'], 'r_customer' => $_SESSION['id_customer'])); $stmt->closeCursor(); } if (isset($_SESSION['id_customer']) && isset($_POST["firstname"]) && isset($_POST["lastname"]) && isset($_POST["card_type"]) && isset($_POST["card_number"]) && isset($_POST["cryptogram"]) && isset($_POST["expiring_date"])) { $stmt = $conn->prepare("UPDATE gc_cards SET firstname_customer=:r_firstname_card, lastname_customer=:r_lastname_card, \n\t\tcard_type=:r_card_type, card_number=:r_card_number, cryptogram=:r_cryptogram, expiring_date=:r_expiring_date\n\t\tWHERE id_customer=:r_customer"); $stmt->execute(array('r_firstname_card' => ucfirst(strtolower($_POST['firstname'])), 'r_lastname_card' => ucfirst(strtolower($_POST['lastname'])), 'r_card_type' => $_POST['card_type'], 'r_card_number' => $_POST['card_number'], 'r_cryptogram' => $_POST['cryptogram'], 'r_expiring_date' => $_POST['expiring_date'], 'r_customer' => $_SESSION['id_customer'])); $stmt->closeCursor(); } header('Location: ../view/account.php');
<?php include "../controller/headers.php"; $conn = db_connect(_DB_SERVER_, _DB_USER_, _DB_PASSWD_, _DB_NAME_); if (is_Not_Null($_POST["lastname"]) && valid_name($_POST["lastname"]) && is_Not_Null($_POST["firstname"]) && valid_name($_POST["firstname"]) && is_Not_Null($_POST["birthday"]) && valid_birthday($_POST["birthday"]) && is_Not_Null($_POST["phone"]) && valid_phone($_POST["phone"]) && is_Not_Null($_POST["address"]) && valid_address($_POST["address"]) && is_Not_Null($_POST["postal"]) && valid_postal($_POST["postal"]) && is_Not_Null($_POST["city"]) && valid_name($_POST["city"]) && is_Not_Null($_POST["email"]) && valid_mail($_POST["email"]) && is_Not_Null($_POST["pwd"]) && is_Not_Null($_POST["pwd2"]) && valid_pwd($_POST["pwd"], $_POST["pwd2"])) { $stmt3 = $conn->prepare("SELECT mail FROM gc_customers WHERE mail = :r_mail"); $stmt3->execute(array('r_mail' => $_POST['email'])); if ($stmt3->fetch() == false) { $stmt = $conn->prepare("INSERT INTO gc_customers (firstname_customer, lastname_customer, birthday, mail, \n\t\t\tphone, pwd, address ,delivery_address, shipping_address, postal_code, city, delivery_postal_code, delivery_city, shipping_postal_code, \n\t\t\tshipping_city) VALUES(:r_firstname, :r_lastname, :r_birthday, :r_mail, :r_phone, :r_pwd, :r_address, :r_address, :r_address, :r_postal, \n\t\t\t:r_city, :r_postal, :r_city, :r_postal, :r_city)"); $stmt->execute(array('r_lastname' => ucfirst(strtolower($_POST["lastname"])), 'r_firstname' => ucfirst(strtolower($_POST["firstname"])), 'r_birthday' => $_POST["birthday"], 'r_phone' => $_POST["phone"], 'r_address' => $_POST["address"], 'r_postal' => $_POST["postal"], 'r_city' => $_POST["city"], 'r_mail' => $_POST['email'], 'r_pwd' => md5($_POST['pwd']))); $stmt->closeCursor(); $stmt = $conn->prepare("SELECT id_customer, firstname_customer FROM gc_customers WHERE mail = :r_mail"); $stmt->execute(array('r_mail' => $_POST['email'])); $res = $stmt->fetch(); $stmt2 = $conn->prepare("INSERT INTO gc_cards (firstname_customer, lastname_customer, card_type, id_customer) \n\t\t\t\t\tVALUES('','','',:r_customer)"); $stmt2->execute(array('r_customer' => $res['id_customer'])); $_SESSION['id_customer'] = $res['id_customer']; $_SESSION['firstname_customer'] = $res['firstname_customer']; header('Location: ../view/index.php'); $stmt2->closeCursor(); $stmt->closeCursor(); } else { echo '<script>alert("' . utf8_decode("Ce compte existe déja!") . '")</script>'; header('Refresh: 0; URL=../view/login.php'); } } else { header('Location: ../view/login.php'); }
/** * Processes the personal info update. source data retrieved from POST. modifies the $PROCESSED variable */ function profile_update_personal_info() { global $db, $PROCESSED, $PROFILE_NAME_PREFIX, $ERROR, $ERRORSTR, $SUCCESS, $SUCCESSSTR, $NOTICE, $NOTICESTR, $PROCESSED_PHOTO, $PROCESSED_PHOTO_STATUS, $PROCESSED_NOTIFICATIONS, $VALID_MIME_TYPES, $ENTRADA_USER; if (isset($_POST["custom"]) && $_POST["custom"]) { /* * Fetch the custom fields */ $query = "SELECT * FROM `profile_custom_fields` WHERE `organisation_id` = " . $db->qstr($ENTRADA_USER->getActiveOrganisation()) . " ORDER BY `organisation_id`, `department_id`, `id`"; $dep_fields = $db->GetAssoc($query); if ($dep_fields) { foreach ($dep_fields as $field_id => $field) { switch (strtolower($field["type"])) { case "checkbox": if (isset($_POST["custom"][$field["department_id"]][$field_id])) { $PROCESSED["custom"][$field_id] = "1"; } else { $PROCESSED["custom"][$field_id] = "0"; } break; default: if ($_POST["custom"][$field["department_id"]][$field_id]) { if ($field["length"] != NULL && strlen($_POST["custom"][$field["department_id"]][$field_id]) > $field["length"]) { add_error("<strong>" . $field["title"] . "</strong> has a character limit of <strong>" . $field["length"] . "</strong> and you have entered <strong>" . strlen($_POST["custom"][$field["department_id"]][$field_id]) . "</strong> characters. Please edit your response and re-save your profile."); } else { $PROCESSED["custom"][$field_id] = clean_input($_POST["custom"][$field["department_id"]][$field_id], array("trim", strtolower($field["type"]) == "richtext" ? "html" : (strtolower($field["type"]) == "twitter" ? "alphanumeric" : "striptags"))); } } else { if ($field["mandatory"] == "1") { add_error("<strong>" . $field["title"] . "</strong> is a required field, please enter a response and re-save your profile."); } } break; } } } } if (isset($_POST["publications"]) && $_POST["publications"]) { foreach ($_POST["publications"] as $pub_type => $ppublications) { foreach ($ppublications as $department_id => $publications) { foreach ($publications as $publication_id => $status) { $PROCESSED["publications"][$pub_type][$department_id][] = clean_input($publication_id, "numeric"); } } } } if (isset($PROFILE_NAME_PREFIX) && is_array($PROFILE_NAME_PREFIX) && isset($_POST["prefix"]) && in_array($_POST["prefix"], $PROFILE_NAME_PREFIX)) { /* * To prevent students from providing a prefix when they shouldn't be setting * one I need to know if they already have one or not. */ if ($ENTRADA_USER->getGroup() == "student") { $query = "SELECT `prefix` FROM `" . AUTH_DATABASE . "`.`user_data` WHERE `id` = " . $db->qstr($ENTRADA_USER->GetProxyId()); $prefix = $db->GetOne($query); } else { $prefix = false; } if ($ENTRADA_USER->getGroup() != "student" || $prefix) { /* * Doing this safe because we are checking that the value of $_POST["prefix"] is set in the $PROFILE_NAME_PREFIX array above. */ $PROCESSED["prefix"] = $_POST["prefix"]; } } else { $PROCESSED["prefix"] = ""; } if (isset($_POST["office_hours"]) && ($office_hours = clean_input($_POST["office_hours"], array("notags", "encode", "trim"))) && $_SESSION["details"]["group"] != "student") { $PROCESSED["office_hours"] = strlen($office_hours) > 100 ? substr($office_hours, 0, 97) . "..." : $office_hours; } else { $PROCESSED["office_hours"] = ""; } if ($_SESSION["permissions"][$ENTRADA_USER->getAccessId()]["group"] == "faculty") { if (isset($_POST["email"]) && ($email = clean_input($_POST["email"], "trim", "lower"))) { if (valid_address($email)) { $PROCESSED["email"] = $email; } else { $ERROR++; $ERRORSTR[] = "The primary e-mail address you have provided is invalid. Please make sure that you provide a properly formatted e-mail address."; } } else { $ERROR++; $ERRORSTR[] = "The primary e-mail address is a required field."; } } if (isset($_POST["email_alt"]) && $_POST["email_alt"] != "") { if (valid_address(trim($_POST["email_alt"]))) { $PROCESSED["email_alt"] = strtolower(trim($_POST["email_alt"])); } else { $ERROR++; $ERRORSTR[] = "The secondary e-mail address you have provided is invalid. Please make sure that you provide a properly formatted e-mail address or leave this field empty if you do not wish to display one."; } } else { $PROCESSED["email_alt"] = ""; } if (isset($_POST["telephone"]) && strlen(trim($_POST["telephone"])) >= 10 && strlen(trim($_POST["telephone"])) <= 25) { $PROCESSED["telephone"] = strtolower(trim($_POST["telephone"])); } else { $PROCESSED["telephone"] = ""; } if (isset($_POST["fax"]) && strlen(trim($_POST["fax"])) >= 10 && strlen(trim($_POST["fax"])) <= 25) { $PROCESSED["fax"] = strtolower(trim($_POST["fax"])); } else { $PROCESSED["fax"] = ""; } if (isset($_POST["address"]) && strlen(trim($_POST["address"])) >= 6 && strlen(trim($_POST["address"])) <= 255) { $PROCESSED["address"] = ucwords(strtolower(trim($_POST["address"]))); } else { $PROCESSED["address"] = ""; } if (isset($_POST["city"]) && strlen(trim($_POST["city"])) >= 3 && strlen(trim($_POST["city"])) <= 35) { $PROCESSED["city"] = ucwords(strtolower(trim($_POST["city"]))); } else { $PROCESSED["city"] = ""; } if (isset($_POST["postcode"]) && strlen(trim($_POST["postcode"])) >= 5 && strlen(trim($_POST["postcode"])) <= 12) { $PROCESSED["postcode"] = strtoupper(trim($_POST["postcode"])); } else { $PROCESSED["postcode"] = ""; } if (isset($_POST["country_id"]) && ($tmp_input = clean_input($_POST["country_id"], "int"))) { $query = "SELECT * FROM `global_lu_countries` WHERE `countries_id` = " . $db->qstr($tmp_input); $result = $db->GetRow($query); if ($result) { $PROCESSED["country_id"] = $tmp_input; } else { $ERROR++; $ERRORSTR[] = "The selected country does not exist in our countries database. Please select a valid country."; application_log("error", "Unknown countries_id [" . $tmp_input . "] was selected. Database said: " . $db->ErrorMsg()); } } else { $ERROR++; $ERRORSTR[] = "You must select a country."; } if (isset($_POST["prov_state"]) && ($tmp_input = clean_input($_POST["prov_state"], array("trim", "notags")))) { $PROCESSED["province_id"] = 0; $PROCESSED["province"] = ""; if (ctype_digit($tmp_input) && ($tmp_input = (int) $tmp_input)) { if ($PROCESSED["country_id"]) { $query = "SELECT * FROM `global_lu_provinces` WHERE `province_id` = " . $db->qstr($tmp_input) . " AND `country_id` = " . $db->qstr($PROCESSED["country_id"]); $result = $db->GetRow($query); if (!$result) { $ERROR++; $ERRORSTR[] = "The province / state you have selected does not appear to exist in our database. Please selected a valid province / state."; } } $PROCESSED["province_id"] = $tmp_input; } else { $PROCESSED["province"] = $tmp_input; } $PROCESSED["prov_state"] = $PROCESSED["province_id"] ? $PROCESSED["province_id"] : ($PROCESSED["province"] ? $PROCESSED["province"] : ""); } if (!$ERROR) { if ($db->AutoExecute(AUTH_DATABASE . ".user_data", $PROCESSED, "UPDATE", "`id` = " . $db->qstr($ENTRADA_USER->getID()))) { $SUCCESS++; $SUCCESSSTR[] = "Your account profile has been successfully updated."; application_log("success", "User successfully updated their profile."); if (isset($PROCESSED["custom"])) { foreach ($PROCESSED["custom"] as $field_id => $value) { $query = "DELETE FROM `profile_custom_responses` WHERE `field_id` = " . $db->qstr($field_id) . " AND `proxy_id` = " . $db->qstr($ENTRADA_USER->getID()); $db->Execute($query); $query = "INSERT INTO `profile_custom_responses` (`field_id`, `proxy_id`, `value`) VALUES (" . $db->qstr($field_id) . ", " . $db->qstr($ENTRADA_USER->getID()) . ", " . $db->qstr($value) . ")"; $db->Execute($query); } } if (isset($PROCESSED["publications"])) { $query = "DELETE FROM `profile_publications` WHERE `proxy_id` = " . $db->qstr($ENTRADA_USER->getID()); if ($db->Execute($query)) { foreach ($PROCESSED["publications"] as $pub_type => $ppublications) { foreach ($ppublications as $dep_id => $publications) { foreach ($publications as $publication) { $query = "INSERT INTO `profile_publications` (`pub_type`, `pub_id`, `dep_id`, `proxy_id`) VALUES (" . $db->qstr($pub_type) . ", " . $db->qstr($publication) . ", " . $db->qstr($dep_id) . ", " . $db->qstr($ENTRADA_USER->getID()) . ")"; $db->Execute($query); } } } } } } else { $ERROR++; $ERRORSTR[] = "We were unfortunately unable to update your profile at this time. The system administrator has been informed of the problem, please try again later."; application_log("error", "Unable to update user profile. Database said: " . $db->ErrorMsg()); } } }
/** * Sends email based on the specified type using templates from $ENTRADA_TEMPLATE->absolute()/email directory * @param string $type One of "reason", "noreason" * @param array $to associative array consisting of firstname, lastname, and email * @param array $keywords Associative array of keywords mapped to the replacement contents */ function submission_rejection_notification($type, $to = array(), $keywords = array()) { global $AGENT_CONTACTS, $ENTRADA_TEMPLATE; if (!is_array($to) || !isset($to["email"]) || !valid_address($to["email"]) || !isset($to["firstname"]) || !isset($to["lastname"])) { application_log("error", "Attempting to send a submission_rejection_notification() however the recipient information was not complete."); return false; } if (!in_array($type, array("reason", "noreason"))) { application_log("error", "Encountered an unrecognized notification type [" . $type . "] when attempting to send a submission_rejection_notification()."); return false; } $xml_file = $ENTRADA_TEMPLATE->absolute() . "/email/mspr-rejection-" . $type . ".xml"; try { require_once "Models/utility/Template.class.php"; require_once "Models/utility/TemplateMailer.class.php"; $template = new Template($xml_file); $mail = new TemplateMailer(new Zend_Mail()); $mail->addHeader("X-Section", "MSPR Module", true); $from = array("email" => $AGENT_CONTACTS["agent-notifications"]["email"], "firstname" => "MSPR System", "lastname" => ""); if ($mail->send($template, $to, $from, DEFAULT_LANGUAGE, $keywords)) { return true; } else { add_notice("We were unable to e-mail a task notification <strong>" . $to["email"] . "</strong>.<br /><br />A system administrator was notified of this issue, but you may wish to contact this individual manually and let them know their task verification status."); application_log("error", "Unable to send task verification notification to [" . $to["email"] . "] / type [" . $type . "]. Zend_Mail said: " . $mail->ErrorInfo); } } catch (Exception $e) { application_log("error", "Unable to load the XML file [" . $xml_file . "] or the XML file did not contain the language requested [" . DEFAULT_LANGUAGE . "], when attempting to send a regional education notification."); } return false; }