display_errorbox("Must select the target sub-account.");
$bapi = connect_bronto_session($fm_sessionid);
$accounts = get_all_accounts($bapi);
sort_accounts_by_name($accounts);
print_agency_login_form($fm_username, $fm_password, $fm_sitename, $fm_siteid, $fm_sessionid, $accounts);
} else {
$login_info = bronto_user_login($fm_username, $fm_password, $fm_sitename, $fm_siteid);
process_login($login_info, $fm_username, $fm_password, $fm_sitename);
}
}
} else {
if ($fm_stage == "userinfo") {
$dbh = open_db();
// we could obtain the username from the userinfo form itself, but this could allow a malicious user to
// change the user information for a user other than him/herself; a DB lookup is used instead
$username = db_get_session_user($dbh, $fm_sessionid);
if ($username) {
$got_error = false;
$userinfo = array('firstname' => $fm_firstname, 'lastname' => $fm_lastname, 'email' => $fm_email, 'phone' => $fm_phone);
if ($fm_firstname && $fm_lastname && $fm_email && $fm_phone) {
if (is_valid_email($fm_email)) {
if (db_update_user_info($dbh, $username, $userinfo) == true) {
print_message_select_form($bapi, $fm_sessionid);
} else {
display_errorbox("Unable to update user information for user " . $username . ".");
print_request_login_form($username);
}
} else {
display_errorbox("Must provide a valid e-mail address.");
$got_error = true;
}
function db_get_session_user_email($p_dbh, $session_id)
{
$dbh = $p_dbh == null ? open_db() : $p_dbh;
$username = db_get_session_user($dbh, $session_id);
$email = null;
if ($username) {
$email = db_get_user_email($dbh, $username);
}
$dbh = null;
return $email;
}
