Exemplo n.º 1
0
             display_errorbox("Must select the target sub-account.");
             $bapi = connect_bronto_session($fm_sessionid);
             $accounts = get_all_accounts($bapi);
             sort_accounts_by_name($accounts);
             print_agency_login_form($fm_username, $fm_password, $fm_sitename, $fm_siteid, $fm_sessionid, $accounts);
         } else {
             $login_info = bronto_user_login($fm_username, $fm_password, $fm_sitename, $fm_siteid);
             process_login($login_info, $fm_username, $fm_password, $fm_sitename);
         }
     }
 } else {
     if ($fm_stage == "userinfo") {
         $dbh = open_db();
         // we could obtain the username from the userinfo form itself, but this could allow a malicious user to
         // change the user information for a user other than him/herself; a DB lookup is used instead
         $username = db_get_session_user($dbh, $fm_sessionid);
         if ($username) {
             $got_error = false;
             $userinfo = array('firstname' => $fm_firstname, 'lastname' => $fm_lastname, 'email' => $fm_email, 'phone' => $fm_phone);
             if ($fm_firstname && $fm_lastname && $fm_email && $fm_phone) {
                 if (is_valid_email($fm_email)) {
                     if (db_update_user_info($dbh, $username, $userinfo) == true) {
                         print_message_select_form($bapi, $fm_sessionid);
                     } else {
                         display_errorbox("Unable to update user information for user " . $username . ".");
                         print_request_login_form($username);
                     }
                 } else {
                     display_errorbox("Must provide a valid e-mail address.");
                     $got_error = true;
                 }
Exemplo n.º 2
0
function db_get_session_user_email($p_dbh, $session_id)
{
    $dbh = $p_dbh == null ? open_db() : $p_dbh;
    $username = db_get_session_user($dbh, $session_id);
    $email = null;
    if ($username) {
        $email = db_get_user_email($dbh, $username);
    }
    $dbh = null;
    return $email;
}