public function action_save_contact() { // Must be an administrator or the actual user saving their information if (!$this->is_level(3) and Yii::app()->user->cid != $_REQUEST["cid"]) { return print "You do not have permission to edit this contact."; } $contact = new ContactObj($_REQUEST["cid"]); if (!$contact->loaded) { return print "Contact could not be found."; } $name = $contact->firstname . " " . $contact->lastname; foreach ($_REQUEST as $item => $value) { $contact->{$item} = $value; } $log = new LogObj(); if (!$contact->save()) { $log->type = "error"; $log->log_message = "Attempting to update information of contact (" . $contact->cid . ") \"{$name}\" bio.\n"; $log->log_message .= $contact->get_error(); if (!$log->save()) { die($log->get_error()); } return print $log->log_message; } $name = $contact->firstname . " " . $contact->lastname; $log->type = "update"; $log->log_message = "Successfully updated information of contact (" . $contact->cid . ") \"{$name}\"."; $log->save(); if (isset($contact->username) and $contact->username != "") { $user = new UserObj($contact->username); if (isset($_REQUEST["permission"])) { $permission = $_REQUEST["permission"]; if ($permission > @Yii::app()->user->userobj->permission) { $permission = @Yii::app()->user->userobj->permission; } $user->permission = $permission; $user->email = $user->username . "@colorado.edu"; $user->active = @$_REQUEST["makeuser"]; if (!$user->save()) { return print $user->get_error(); } } } return print 1; }