function pdtError()
{
global $debug;
//error(__LINE__);
pdoError(__LINE__, $pdtQuery, '$pdtQuery', 1);
$ipnErrorQuery = "INSERT INTO\n\tpdtError\nSET\n\ttime = '" . DATETIME . "',\n\ttx = '" . $tx . "',\n\terrorMessage = '" . $debug . "'";
mysql_query($ipnErrorQuery);
}
function maintSwitch()
{
//All date and time values stored in mysql should be in UTC.
global $debug, $message, $success, $Dbc;
$output = '';
try {
if (MODE == 'setMaintMode') {
if (empty($_POST['maintModeStartTime']) || empty($_POST['maintModeEndTime'])) {
$params = array($_SESSION['userId'], null, null);
} else {
$maintModeStartTime = Adrlist_Time::localToUtc($_POST['maintModeStartTime'], false);
$maintModeStartTime = $maintModeStartTime->format('Y-m-d H:i:s');
$maintModeEndTime = Adrlist_Time::localToUtc($_POST['maintModeEndTime'], false);
$maintModeEndTime = $maintModeEndTime->format('Y-m-d H:i:s');
$params = array($_SESSION['userId'], $maintModeStartTime, $maintModeEndTime);
}
$stmt = $Dbc->prepare("UPDATE\n\tadminControl\nSET\n\tuserId = ?,\n\tmaintModeStartTime = ?,\n\tmaintModeEndTime = ?");
$stmt->execute($params);
$success = true;
pdoError(__LINE__, $stmt, $params, 0);
returnData();
} else {
$stmt = $Dbc->query("SELECT\n\tmaintModeStartTime AS 'maintModeStartTime',\n\tmaintModeEndTime AS 'maintModeEndTime'\nFROM\n\tadminControl");
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$startTimeDisplay = TIMESTAMP > strtotime($row['maintModeStartTime']) ? TIMESTAMP : $row['maintModeStartTime'];
$startTimeDisplay = Adrlist_Time::utcToLocal($startTimeDisplay, false)->format('F d, Y H:i:s');
$endTimeDisplay = Adrlist_Time::addToDate(TIMESTAMP, 'hour', 1);
$endTimeDisplay = TIMESTAMP > strtotime($row['maintModeEndTime']) ? $endTimeDisplay : $row['maintModeEndTime'];
$endTimeDisplay = Adrlist_Time::utcToLocal($endTimeDisplay, false)->format('F d, Y H:i:s');
$output .= ' <p>
Maintenance mode will prevent all non-admin user access to the authorized sections of the site. It is highly recommended that this mode be used to perform updates and changes to the site.
</p>
<p>
Both must be valid dates for maint mode to function. All dates are shown in local time according to your saved timezone setting.
</p>
<div class="center textCenter">
<div class="ui-field-contain">
<label class="bold" for="maintModeStartTime">Start on</label>
<input type="text" id="maintModeStartTime" value="' . $startTimeDisplay . '">
</div>
<button class="ui-btn ui-btn-inline ui-btn-a ui-shadow ui-corner-all" id="clearMaintModeStartTime">Clear</button>
<div class="ui-field-contain">
<label class="bold" for="maintModeEndTime">End on</label>
<input type="text" id="maintModeEndTime" value="' . $endTimeDisplay . '">
</div>
<button class="ui-btn ui-btn-inline ui-btn-a ui-shadow ui-corner-all" id="clearMaintModeEndTime">Clear</button>
<button class="ui-btn ui-btn-inline ui-btn-a ui-shadow ui-corner-all" id="maintModeSave">Save</button>
</div>
';
}
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
returnData();
}
return $output;
}
function testDb()
{
global $Dbc, $debug, $message, $success;
if (!empty($_POST['email']) && emailValidate($_POST['email']) && !empty($_POST['firstName']) && !empty($_POST['lastName']) && !empty($_POST['password']) && passwordValidate($_POST['password'])) {
destroySession();
$email = trim($_POST['email']);
$pass = sha1(trim($_POST['password']));
$firstName = trim($_POST['firstName']);
$lastName = trim($_POST['lastName']);
$rememberMeCode = sha1($email);
$Dbc->beginTransaction();
try {
$stmt = $Dbc->prepare("SELECT getUserIdByEmail(?) AS 'userId'");
$stmt .= $stmt->execute(array($email));
while ($row = $stmt->fetch()) {
$debug->add('$row[\'userId\']: ' . $row['userId']);
$debug->printArray($row, '$row');
if (empty($row['userId'])) {
//There are no users with the email address, so continue.
pdoError(__LINE__, $stmt, 1);
$stmt = $Dbc->prepare("INSERT INTO\n\tusers\nSET\n\tprimaryEmail = ?,\n\tuserPassword = ?,\n\tfirstName = ?,\n\tlastName = ?,\n\tjoinDate = ?");
if ($stmt->execute(array($email, $pass, $firstName, $lastName, DATETIME))) {
$debug->add('last id: ' . $Dbc->lastInsertId());
} else {
pdoError(__LINE__, $stmt);
}
} else {
$message .= 'That email address is already associated with an account. Please enter a different email address.<br>';
}
}
} catch (PDOException $e) {
//Rollback occurs automatically if an exception is thrown.
error(__LINE__, '', '<pre>' . $e . '</pre>');
pdoError(__LINE__);
}
} elseif (empty($_POST['email'])) {
$debug->add('email is empty on line ' . __LINE__ . '');
$message .= 'Please enter an email address.';
} elseif (!emailValidate($_POST['email'])) {
$message .= 'Please enter a valid email address.';
$debug->add('Email address is not valid.');
} elseif (empty($_POST['firstName'])) {
$debug->add('first name is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a First Name.';
} elseif (empty($_POST['lastName'])) {
$debug->add('last name is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a Last Name.';
} elseif (empty($_POST['password'])) {
$debug->add('password is empty on line ' . __LINE__ . '.');
$message .= 'Please enter a password.';
} else {
$debug->add('Something is missing.');
}
returnData();
}
function buildLogin()
{
/*
This function builds the login form for existing users and the "create new account" link for new users. If an invitation code is detected it will lock in the email address.
*/
global $debug, $message, $Dbc;
$output = '';
try {
//See if the user has selected to remember their login email address.
if (!empty($_COOKIE[REMEMBERME])) {
$stmt = $Dbc->prepare("SELECT\n\tusers.primaryEmail AS 'primaryEmail'\nFROM\n\tusers\nJOIN\n\tuserSiteSettings ON userSiteSettings.userId = users.userId AND\n\tuserSiteSettings.rememberMeCode = ?");
$stmt->execute(array($_COOKIE[REMEMBERME]));
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($row)) {
error(__LINE__);
pdoError(__LINE__, $stmt, 1);
}
}
//Build the output.
$checked = '';
$email = '';
if (!empty($_GET['email'])) {
$email = $_GET['email'];
} elseif (!empty($row['primaryEmail'])) {
$checked = ' checked="yes"';
$email = $row['primaryEmail'];
}
$output .= '<div class="validationWarningPlaceholder textCenter"></div>
<div class="textCenter center">
<input autocapitalize="off" autocorrect="off" data-clear-btn="true" data-wrapper-class="center" id="loginEmail" goswitch="loginButton" name="loginEmail" placeholder="Email" value="' . $email . '" type="email">
<input autocapitalize="off" autocorrect="off" data-clear-btn="true" data-wrapper-class="center" id="loginPassword" goswitch="loginButton" name="loginPassword" placeholder="Password" value="" type="password">
<form>
<label class="ui-hidden-accessible" for="rememberMe">Remember Me</label>
<input data-role="flipswitch" name="rememberMe" id="rememberMe" data-on-text="Remember" data-off-text="Forget" data-wrapper-class="custom-size-flipswitch" type="checkbox"' . $checked . '>
</form>
<button class="ui-btn ui-btn-inline ui-shadow ui-corner-all ui-btn-icon-left ui-icon-lock" id="loginButton">Login</button>
<div class="hr1" style="margin:1em"></div>
<fieldset class="ui-grid-a">
<a data-ajax="false" href="' . LINKFORGOTPASSWORD . '" class="ui-btn ui-mini ui-btn-inline ui-corner-all"><i class="absolute fa fa-question-circle fa-2x" style="color:#AAA;left:.2em;top:.2em"></i><span style="margin-left:1.5em">Forgot Password<span></a>
<a data-ajax="false" href="' . LINKCREATEACCOUNT . '" class="ui-btn ui-mini ui-btn-icon-left ui-icon-plus ui-btn-inline ui-corner-all">Create Account</a>
</fieldset>
</div>
';
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
return $output;
}
function reconcileLists($userId)
{
/*
Automatically lock lists beyond the account credit balance, starting with the list with the oldest modified date.
Returns true if lists were locked.
*/
global $debug, $message, $Dbc;
try {
$locked = false;
$userBillingInfo = Adrlist_Billing::getUserPlan($_SESSION['userId']);
$_SESSION['credits'] = $_SESSION['siteRoleId'] == 5 ? 9999 : $userBillingInfo['credits'];
$activeLists = getActiveLists($_SESSION['userId']);
$_SESSION['activeLists'] = count($activeLists);
$creditBalance = $_SESSION['credits'] - $_SESSION['activeLists'];
if ($creditBalance < 0) {
$Dbc->beginTransaction();
//Get a list of the user's currently unlocked lists.
$unlockedListsStmt = $Dbc->prepare("SELECT\n\tlists.listId AS 'listId',\n\tlists.listName AS 'listName',\n\tlists.modified AS 'modified'\nFROM\n\tlists\nJOIN\n\tuserListSettings ON userListSettings.listId = lists.listId AND\n\tuserListSettings.userId = ? AND\n\tuserListSettings.listRoleId = 4\nWHERE\n\tlists.locked = 0\nORDER BY\n\tmodified ASC");
$unlockedListsParams = array($_SESSION['userId']);
$unlockedListsStmt->execute($unlockedListsParams);
$preUnlockedLists = array();
$listsToLock = abs($creditBalance);
$lockListId = '';
$x = 1;
while ($row = $unlockedListsStmt->fetch(PDO::FETCH_ASSOC)) {
$preUnlockedLists[] = $row;
$lockListId .= empty($lockListId) ? $row['listId'] : ', ' . $row['listId'];
if ($x = $listsToLock) {
//Only lock as many lists as we need to.
break;
}
}
$debug->add('$listsToLock: ' . $listsToLock);
$lockStmt = $Dbc->query("UPDATE\n\tlists\nSET\n\tlocked = 1\nWHERE\n\tlistId IN (" . $lockListId . ")");
pdoError(__LINE__, $lockStmt, '');
$lockStmt->execute();
//Re-run the unlocked list query to check for differences.
$unlockedListsStmt->execute($unlockedListsParams);
$postUnlockedLists = array();
while ($row = $unlockedListsStmt->fetch(PDO::FETCH_ASSOC)) {
$postUnlockedLists[] = $row;
}
$debug->printArray($postUnlockedLists, '$postUnlockedLists');
$difference = arrayRecursiveDiff($preUnlockedLists, $postUnlockedLists);
$debug->printArray($difference, '$difference');
$message .= 'As you have more active lists than credits, the following lists were locked ' . faqLink(29) . ':<br>';
foreach ($difference as $key => $value) {
$message .= $value['listName'] . '<br>';
}
$Dbc->commit();
$locked = true;
//$Dbc->rollback();
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
return $locked;
}
}
}
} elseif ($_REQUEST['operation'] == 'REFUND') {
if (empty($_REQUEST['transactionId'])) {
$messageCenter->newMessage(1, 1, 'Failed Amazon Payments transaction needs attention', 'see admin note', 'There was a failure with an IPN refund response sent from Amazon Payments. $_REQUEST[\'transactionId\'] was empty. That value is required to continue and process the payment.<br>
<br>
Debug follows: ' . $debug->output());
} else {
//A refund IPN returns transactionId and transactionStatus. Get the billingOfferId and userId.
$billingStmt = $Dbc->prepare("SELECT\n\tuserBillingActions.userId AS 'userId',\n\tuserBillingActions.billingOfferId AS 'billingOfferId'\nFROM\n\tuserBillingActions\nJOIN\n\tamazonIPNListener ON amazonIPNListener.userBillingActionId = userBillingActions.userBillingActionId AND\n\tamazonIPNListener.transactionId = ?\nWHERE\n\tuserBillingActions.billingActionId = 4");
$billingParams = array($_REQUEST['parentTransactionId']);
$billingStmt->execute($billingParams);
$billingRow = $billingStmt->fetch(PDO::FETCH_ASSOC);
$debug->printArray($billingRow, '$billingRow');
if (empty($billingRow)) {
pdoError(__LINE__, $billingStmt, $billingParams, true);
throw new Adrlist_CustomException('', 'No billing information was found for the refund request.');
}
if ($_REQUEST['transactionStatus'] == 'FAILURE' || $_REQUEST['transactionStatus'] == 'CANCELLED' || $_REQUEST['transactionStatus'] == 'RESERVED') {
$messageCenter->newMessage(1, $billingRow['userId'], 'An Amazon Payments transaction needs your attention', $transactionStatusArray[$_REQUEST['transactionStatus']]['userMessage'], $transactionStatusArray[$_REQUEST['transactionStatus']]['adminMessage'] . '
Debug follows: ' . $debug->output());
} else {
if ($_REQUEST['transactionStatus'] == 'PENDING') {
$billingActionId = 5;
} elseif ($_REQUEST['transactionStatus'] == 'SUCCESS') {
$billingActionId = 6;
}
//Add a payment billing action.
$userBillingActionId = Adrlist_Billing::addBillingAction($billingRow['userId'], $billingRow['billingOfferId'], $billingActionId, 1, __FILE__ . ' ' . __LINE__);
if ($billingActionId == 6) {
$messageCenter->newMessage(1, $billingRow['userId'], 'Refund', 'A refund was made to your account in the amount of ' . $_REQUEST['transactionAmount'] . '.<br>
public function __construct($action, $uniqueId, $itemCount, $defaultSearchValue = false, $fromSearch = false, $offsetLimit = false)
{
/**
* Initiate the properties.
*
* It uses globally available variables to get the offset and limit given the uniqueId and itemCount.
*
* @param $action string The function or method to call when sending the AJAX search request.
* @param $uniqueId string A unique identifier. This is necessary to prevent collision with other search fields. Best practice is to use the name of the calling function to prevent conflicts.
* @param $itemCount int The item count for the list. This is used to insure the offset is never greater than the count.
* @param $defaultSearchValue int The initial text to display in the search input.
* @param $fromSearch int To specify which searchfield has initiated the search.
* @param $offsetLimit int If known, this will skip the getOffsetLimit call.
*
*/
global $debug, $message, $Dbc;
try {
if (empty($action)) {
throw new Adrlist_CustomException('', '$action is empty.');
} elseif (empty($uniqueId)) {
throw new Adrlist_CustomException('', '$uniqueId is empty.');
} elseif (!is_numeric($itemCount)) {
throw new Adrlist_CustomException('', '$itemCount is not numeric.');
}
$itemCount = empty($itemCount) ? 1 : $this->intThis($itemCount);
if (is_array($offsetLimit)) {
list($offset, $limit) = $offsetLimit;
} else {
if (isset($_POST[$uniqueId . 'Offset']) || isset($_POST[$uniqueId . 'Limit'])) {
$debug->add('in 1');
if (empty($_SESSION['userId'])) {
$debug->add('in 1.5');
setcookie($uniqueId . 'Offset', $_POST[$uniqueId . 'Offset'], time() + 60 * 60 * 24 * 365, COOKIEPATH, COOKIEDOMAIN, false);
setcookie($uniqueId . 'Limit', $_POST[$uniqueId . 'Limit'], time() + 60 * 60 * 24 * 365, COOKIEPATH, COOKIEDOMAIN, false);
}
$offset = $_POST[$uniqueId . 'Offset'];
$limit = empty($_POST[$uniqueId . 'Limit']) ? $itemCount : $_POST[$uniqueId . 'Limit'];
} else {
$debug->add('in 1.8');
if (empty($_SESSION['userId'])) {
$debug->add('in 2');
if (isset($_COOKIE[$uniqueId . 'Offset'])) {
$offset = $_COOKIE[$uniqueId . 'Offset'];
$limit = $_COOKIE[$uniqueId . 'Limit'];
} else {
$debug->add('in 3');
$offset = 0;
$limit = 20;
//If the user is not logged in and no previous limit exists, this will set the default.
setcookie($uniqueId . 'Offset', $offset, time() + 60 * 60 * 24 * 365, COOKIEPATH, COOKIEDOMAIN, false);
setcookie($uniqueId . 'Limit', $limit, time() + 60 * 60 * 24 * 365, COOKIEPATH, COOKIEDOMAIN, false);
}
} else {
$debug->add('in 4');
$offsetLimit = $this->getOffsetLimit($_SESSION['userId'], $uniqueId);
$offset = $offsetLimit[0];
$limit = empty($offsetLimit[1]) ? 20 : $offsetLimit[1];
//If no previous limit exists, this will set the default.
}
}
}
$offset = $offset > $itemCount ? 0 : $offset;
//When changing list viewing options the offset may be larger than the count.
$offset = $this->intThis($offset);
$limit = $this->intThis($limit);
$debug->add('From Pagination: offset: ' . $offset . ', limit: ' . $limit . ', $itemCount: ' . $itemCount);
if (!empty($_SESSION['userId'])) {
$debug->add('in 5');
//Check for an existing record.
$checkStmt = $Dbc->prepare("SELECT\n\tpaginationId AS 'paginationId'\nFROM\n\tpagination\nWHERE\n\tuserId = ? AND\n\tscriptName = ? AND\n\tuniqueId = ?");
$checkParams = array($_SESSION['userId'], $_SERVER['SCRIPT_NAME'], $uniqueId);
$checkStmt->execute($checkParams);
$existingRecord = $checkStmt->fetch(PDO::FETCH_ASSOC);
if ($existingRecord) {
$debug->add('in 6');
$paginationStmt = $Dbc->prepare("UPDATE\n\tpagination\nSET\n\tscriptName = ?,\n\tuniqueId = ?,\n\tpageOffset = ?,\n\tpageLimit = ?\nWHERE\n\tpaginationId = ?");
$paginationParams = array($_SERVER['SCRIPT_NAME'], $uniqueId, $offset, $limit, $existingRecord['paginationId']);
pdoError(__LINE__, $paginationStmt, $paginationParams);
} else {
$debug->add('in 7');
$paginationStmt = $Dbc->prepare("INSERT INTO\n\tpagination\nSET\n\tuserId = ?,\n\tscriptName = ?,\n\tuniqueId = ?,\n\tpageOffset = ?,\n\tpageLimit = ?,\n\tdateAdded = ?");
$paginationParams = array($_SESSION['userId'], $_SERVER['SCRIPT_NAME'], $uniqueId, $offset, $limit, DATETIME);
pdoError(__LINE__, $paginationStmt, $paginationParams);
}
$paginationStmt->execute($paginationParams);
$lastInsertId = $Dbc->lastInsertId();
$debug->add('$lastInsertId: ' . $lastInsertId);
}
$this->_action = $action;
$this->_itemCount = $itemCount;
$this->_offset = $offset;
$this->_limit = $limit;
$this->_uniqueId = $uniqueId;
$this->_defaultSearchValue = empty($defaultSearchValue) ? 'Search Term' : $defaultSearchValue;
$this->_fromSearch = $fromSearch;
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre class="red">' . $e . '</pre>');
}
}
throw new Adrlist_CustomException('', '$_POST[\'password\'] is not set.');
}
$loggedEmail = trim($_POST['email']);
//use trim to clear any white space from the beginning and end
$loggedPassword = trim($_POST['password']);
$sha1loggedPassword = sha1($loggedPassword);
$emailCheck = emailValidate($_POST['email']);
if (!$emailCheck) {
throw new Adrlist_CustomException('', 'Please enter a valid email address.');
}
$loginStmt = $Dbc->prepare("SELECT\n\tusers.userId AS 'userId',\n\tusers.primaryEmail AS 'primaryEmail',\n\tusers.secondaryEmail AS 'secondaryEmail',\n\tusers.firstName AS 'firstName',\n\tusers.lastName AS 'lastName',\n\tuserSiteSettings.timeZone AS 'timeZone',\n\tuserSiteSettings.siteRoleId AS 'siteRoleId',\n\tdateFormat.dateFormat AS 'dateFormat'\nFROM\n\tusers\nJOIN\n\tuserSiteSettings ON userSiteSettings.userId = users.userId AND\n\tusers.primaryEmail = ? AND\n\tusers.userPassword = ?\nJOIN\n\tdateFormat ON dateFormat.dateFormatId = userSiteSettings.dateFormatId");
$loginParams = array($loggedEmail, $sha1loggedPassword);
$loginStmt->execute($loginParams);
$row = $loginStmt->fetch(PDO::FETCH_ASSOC);
if (empty($row)) {
pdoError(__LINE__, $loginStmt, $loginParams, 1);
throw new Adrlist_CustomException('Your email/password was not found. Please try again.', '');
}
if (empty($row['siteRoleId'])) {
$message .= 'An administrative action is preventing you from logging in. Please <a href="' . LINKSUPPORT . '">contact support</a> for help.';
returnData();
}
$row['uniqueId'] = md5(DATETIME . $row['userId']);
if (isset($_POST['rememberMe'])) {
$rememberMe = $_POST['rememberMe'] === 'true' ? 1 : 0;
$rememberMeCode = sha1($row['primaryEmail']);
if ($rememberMe) {
setcookie(REMEMBERME, $rememberMeCode, time() + 60 * 60 * 24 * 365, COOKIEPATH, COOKIEDOMAIN, false);
$setRememberMeCodeQuery = $Dbc->prepare("UPDATE\n\tuserSiteSettings\nSET\n\trememberMeCode = ?\nWHERE\n\tuserId = ?");
$setRememberMeCodeParams = array($rememberMeCode, $row['userId']);
} else {
function editLinePart1()
{
//Build the edit line div.
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
try {
if (!isset($_SESSION['listRoleId']) || $_SESSION['listRoleId'] < 2) {
throw new Adrlist_CustomException("Your role doesn't allow you to edit this list.", '');
} elseif (empty($_POST['lineId'])) {
throw new Adrlist_CustomException('', 'editLinePart1: $_POST[\'lineId\'] is empty.');
}
$lineId = intval($_POST['lineId']);
$stmt = $Dbc->prepare("SELECT\n\tlinesTable.charId AS 'charId',\n\tlinesTable.lineId as lineId,\n\tlinesTable.reel AS 'reel',\n\tlinesTable.scene AS 'scene',\n\tlinesTable.tcIn AS 'tcIn',\n\tlinesTable.tcOut AS 'tcOut',\n\tlinesTable.line AS 'line',\n\tlinesTable.notes AS 'notes'\nFROM\n\tlinesTable\nWHERE\n\tlinesTable.lineId = ? AND\n\tlinesTable.listId = ?");
$params = array($lineId, $_SESSION['listId']);
$stmt->execute($params);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($row)) {
error(__LINE__);
pdoError(__LINE__, $stmt, $params, 1);
} else {
$row = charToHtml($row);
//Convert all special characters to html.
$output .= '<div id="lineDiv' . $lineId . '" class="lineMain ui-corner-all center textCenter" style="border:none">
' . buildCharacters($row['charId'], 'editLineCharacter', 13) . '
<div class="ui-field-contain">
<label for="editReel" unused="ui-hidden-accessible">Reel</label>
<input autocapitalize="off" autocorrect="off" data-mini="true" data-wrapper-class="true" id="editReel" goswitch="addLineButton" name="editReel" placeholder="" type="text" value="' . $row['reel'] . '">
</div>
<div class="ui-field-contain">
<label for="editScene" unused="ui-hidden-accessible">Scene</label>
<input autocapitalize="off" autocorrect="off" data-mini="true" data-wrapper-class="true" id="editScene" goswitch="addLineButton" name="editScene" placeholder="" type="text" value="' . $row['scene'] . '">
</div>
<div class="ui-field-contain">
<label for="editTcIn" unused="ui-hidden-accessible">TC In</label>
<input autocapitalize="off" autocorrect="off" class="tcValidate" data-mini="true" data-wrapper-class="true" entry="edit" id="editTcIn" framerate="' . $_SESSION['framerate'] . '" goswitch="addLineButton" maxlength="14" name="editTcIn" otherfield="editTcOut" placeholder="" type="text" value="' . $row['tcIn'] . '">
</div>
<button lineId="2351" class="swapTc ui-btn ui-mini ui-btn-inline ui-corner-all" entry="edit"><i class="fa fa-exchange fa-lg fa-rotate-90"></i>Swap</button>
<div class="ui-field-contain">
<label for="editTcOut" unused="ui-hidden-accessible">TC Out</label>
<input autocapitalize="off" autocorrect="off" class="tcValidate" data-mini="true" data-wrapper-class="true" entry="edit" id="editTcOut" framerate="' . $_SESSION['framerate'] . '" goswitch="addLineButton" maxlength="14" name="editTcOut" otherfield="editTcIn" placeholder="" type="text" value="' . $row['tcOut'] . '">
</div>
<div class="ui-field-contain">
<label for="editLine" unused="ui-hidden-accessible">Line</label>
<textarea autocapitalize="off" autocorrect="off" data-mini="true" data-wrapper-class="true" id="editLine" framerate="' . $_SESSION['framerate'] . '" goswitch="addLineButton" name="addLine" placeholder="" rows="5">' . $row['line'] . '</textarea>
</div>
<div class="ui-field-contain">
<label for="editNotes" unused="ui-hidden-accessible">Notes</label>
<textarea autocapitalize="off" autocorrect="off" data-mini="false" data-wrapper-class="true" id="editNotes" framerate="' . $_SESSION['framerate'] . '" goswitch="addLineButton" name="addNotes" placeholder="" rows="5">' . $row['notes'] . '</textarea>
</div>
<button class="ui-btn ui-btn-inline ui-shadow ui-corner-all ui-btn-icon-left ui-icon-heart" id="saveLineButton" lineId="' . $row['lineId'] . '">Save Changes</button><button class="ui-btn ui-btn-b ui-btn-inline ui-shadow ui-corner-all ui-btn-icon-left ui-icon-delete" id="cancelEditLine">Cancel</button>
</div>';
$success = MODE == 'editLinePart1' ? true : $success;
$returnThis['returnEditLinePart1'] = $output;
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
if (MODE == 'editLinePart1') {
returnData();
}
}
function buildCreateAccount()
{
/*
This function builds "create new account" form for new users. If an invitation code is detected it will lock in the email address.
*/
global $debug, $message, $Dbc, $returnThis;
$output = '';
/*
Build the create form. If an invitation code is present get the associated email from the record and lock in the email field so the user can't change it.
*/
try {
if (isset($_REQUEST['invitationCode']) && strlen($_REQUEST['invitationCode']) == 40) {
$selectInviteQuery = $Dbc->prepare("SELECT\n\temail as 'email'\nFROM\n\tinvitations\nWHERE\n\tinvitationCode = ? AND\n\trespondDate IS NULL");
$inviteParams = array($_REQUEST['invitationCode']);
$selectInviteQuery->execute($inviteParams);
$invited = $selectInviteQuery->fetch(PDO::FETCH_ASSOC);
if ($invited['email'] === '' || $invited['email'] === NULL) {
//The invitation code wasn't found.
$invitedEmail = false;
pdoError(__LINE__, $selectInviteQuery, $inviteParams, 1);
$output .= '<div class="red" style="padding:10px;">An invitation wasn\'t found. It may have been cancelled by the person who made the invitation. You can continue creating your free account any way.</div>';
} else {
$invitedEmail = $invited['email'];
}
} else {
$invitedEmail = false;
}
$createForm = '<div class="textCenter center">
<div class="ui-field-contain">
<label for="createFirstName" unused="ui-hidden-accessible">First Name</label>
<input autocapitalize="on" autocorrect="off" data-wrapper-class="true" id="createFirstName" goswitch="createNewUser" name="createFirstName" placeholder="" type="text" value="">
</div>
<div class="ui-field-contain">
<label for="createLastName" unused="ui-hidden-accessible">Last Name</label>
<input autocapitalize="on" autocorrect="off" data-wrapper-class="true" id="createLastName" goswitch="createNewUser" name="createLastName" placeholder="" type="text" value="">
</div>
<div class="ui-field-contain">
<label for="createEmail" unused="ui-hidden-accessible">Email</label>
<input autocapitalize="off" autocorrect="off" data-wrapper-class="true" id="createEmail" goswitch="createNewUser" name="createEmail" placeholder="" type="email" value="';
$createForm .= $invitedEmail ? $invitedEmail . '" disabled="disabled">' : '">';
$createForm .= '
</div>
<div class="ui-field-contain">
<label for="loginPassword" unused="ui-hidden-accessible">Password</label>
<input id="createPass1" goswitch="createNewUser" name="createPass1" placeholder="" value="" type="password">
</div>
<div class="center textCenter" id="timeZoneHolder" goswitch="createNewUser" label="What city best represents your time zone?"></div>
<div class="ui-field-contain">
<input name="termsConfirmation" id="termsConfirmation" goswitch="createNewUser" type="checkbox">
<label for="termsConfirmation">Click here to agree to the terms and conditions</label>
<a href="' . LINKLEGAL . '" target="_new">terms and conditions</a> <img src="' . LINKIMAGES . '/newWindow.gif">
</div>
<input checked="checked" class="hide" id="rememberMe" name="rememberMe" type="checkbox">';
$createForm .= isset($_REQUEST['invitationCode']) ? ' <div class="hide" id="invitationCode"> ' . $_REQUEST['invitationCode'] . '</div>' : '';
$createForm .= '
<div>
<button class="ui-btn ui-btn-inline ui-shadow ui-corner-all ui-btn-icon-left ui-icon-plus" id="createNewUser">Create My Account</button>
</div>
</div>
';
/*
Build the output.
*/
$output .= '<div class="overflowauto relative" style="padding:5px 0;margin:10px 0">
<div class="red textCenter" style="padding-bottom:5px">
<noscript>(javascript required)</noscript>
</div>
' . $createForm . '
</div>
';
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
return $output;
}
function buildFaqs()
{
//This gets FAQs with and without searching.
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
try {
$faqQuery = "SELECT\n\tfaqs.faqId AS 'faqId',\n\tfaqs.q AS 'q',\n\tfaqs.a AS 'a',\n\tfaqTopics.topicId AS 'topicId',\n\tfaqTopics.topic AS 'topic'\nFROM\n\tfaqs\nJOIN\n\tfaqTopics ON faqTopics.topicId = faqs.topicId AND\n\tfaqs.hidden = '0'\n";
if (empty($_POST['searchVal'])) {
$search = false;
$stmt = $Dbc->query($faqQuery . "\nORDER BY\n\tfaqTopics.topic");
$faqCountStmt = $Dbc->query("SELECT COUNT(*) AS 'count' FROM faqs WHERE hidden = 0");
} else {
$search = true;
$searchVal = '%' . trim($_POST['searchVal']) . '%';
$faqSearchQuery = "\n AND (faqTopics.topic LIKE ? || faqs.q LIKE ? || faqs.a LIKE ?)\nGROUP BY\n\tfaqs.faqId";
$stmt = $Dbc->prepare($faqQuery . $faqSearchQuery);
$stmt->execute(array($searchVal, $searchVal, $searchVal));
$faqCountStmt = $Dbc->prepare("SELECT COUNT(*) AS 'count' FROM faqs JOIN\n\tfaqTopics ON faqTopics.topicId = faqs.topicId AND\n\tfaqs.hidden = '0'" . $faqSearchQuery);
$faqCountStmt->execute(array($searchVal, $searchVal, $searchVal));
}
$row = $faqCountStmt->fetch(PDO::FETCH_ASSOC);
$itemCount = empty($row['count']) ? 0 : $row['count'];
$debug->add('$itemCount: ' . $itemCount);
$success = true;
$lastTopic = '';
$topicNumber = 0;
$foundRows = false;
$rowsArray = array();
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
$foundRows = true;
$question = convertFaqLink($row['q']);
$answer = convertFaqLink($row['a']);
$currentTopic = $row['topic'];
if ($currentTopic != $lastTopic) {
$topicNumber++;
$lastTopic = $currentTopic;
}
$rowsArray[$currentTopic][] = array('<div class="faq hand" faqid="' . $row['faqId'] . '">
<div class="faqQuestion" id="faq' . $row['faqId'] . '" toggle="faqAnswer' . $row['faqId'] . '">' . nl2br($question, 1) . ' <span class="faqId">FAQ #' . $row['faqId'] . '</span></div>
<div class="faqAnswer textLeft" id="faqAnswer' . $row['faqId'] . '">' . nl2br($answer, 1) . '</div>
</div>
');
}
//$debug->printArray($rowsArray,'$rowsArray');
$cssWidths = array('100%');
$temp = $search ? '<div class="red textCenter">Results for "' . $_POST['searchVal'] . '"</div>' : '';
foreach ($rowsArray as $key => $value) {
$temp .= '<div class="sectionTitle textCenter">' . $key . '</div>
';
$faqRows = new Adrlist_BuildRows('faqs', '', $value, false);
$temp .= $faqRows->output();
}
$pagination = new Adrlist_Pagination('buildFaqs', 'buildFaqs', $itemCount, 'Search FAQs', $search);
$pagination->_searchOnly();
$output .= '<div class="textCenter">
Click on a topic to view FAQs
<div class="break" style="margin:1em">
<button class="ui-btn ui-btn-inline ui-btn-a ui-shadow ui-corner-all" id="faqHideAll" data-role="false">Hide All</button><button class="ui-btn ui-btn-inline ui-btn-a ui-shadow ui-corner-all" id="faqShowAll" data-role="false">Show All</button>
</div>
</div>
' . $pagination->output() . $temp;
if (empty($foundRows)) {
pdoError(__LINE__, $stmt, $params = false, true);
if ($search) {
$output .= '<div class="red textCenter" style="margin:1em">There were no matches for ' . $_POST['searchVal'] . '.</div>';
} else {
$output .= '<div class="break" style="padding:5px 0px 10px 0px;">
There are no faqs to show.
</div>
';
// <span class="buttonBlueThin" id="faqHideAll">Hide All</span><span class="buttonBlueThin" id="faqShowAll">Show All</button>
}
}
$returnThis['holder'] = 'buildFaqsHolder';
$returnThis['output'] = $output;
$returnThis['buildFaqs'] = $output;
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
if (MODE == 'buildFaqs') {
returnData();
} else {
return $output;
}
}
function updatePendingRole()
{
//Update the pending user's role id. Invitations are handled in one database table, so one function can handle both.
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
try {
if (empty($_POST['invitationId'])) {
throw new Adrlist_CustomException('', '$_POST[\'invitationId\'] is empty.');
} elseif (empty($_POST['type'])) {
throw new Adrlist_CustomException('', '$_POST[\'type\'] is empty.');
} elseif (empty($_POST['typeId'])) {
throw new Adrlist_CustomException('', '$_POST[\'typeId\'] is empty.');
} elseif (!isset($_POST['newRoleId'])) {
//The newRoleId may be zero, so check that the value isset rather than empty.
throw new Adrlist_CustomException('', '$_POST[\'newRoleId\'] is not set.');
}
if ($_POST['type'] == 'list') {
$type = 'list';
$listInfo = getListInfo($_SESSION['userId'], $_POST['typeId']);
$role = $listInfo['listRoleId'];
} else {
$type = 'folder';
$folderInfo = getFolderInfo($_SESSION['userId'], $_POST['typeId']);
$role = $folderInfo['folderRoleId'];
}
//Verify the user has a sufficient role to delete invitations.
if (empty($role) || $role < 3) {
throw new Adrlist_CustomException('Your role does not allow you to edit this ' . $_POST['type'] . '.', '');
}
//Update the roleId.
$stmt = $Dbc->prepare("UPDATE\n\tinvitations\nSET\n\t{$type}RoleId = ?\nWHERE\n\tinvitationId = ?\nLIMIT 1");
$params = array($_POST['newRoleId'], $_POST['invitationId']);
$stmt->execute($params);
$rowCount = $stmt->rowCount();
if (empty($rowCount)) {
pdoError(__LINE__, $stmt, $params, true);
}
//Get the id of the folder or list to pass to the buildUser functions.
$getIdQuery = $Dbc->prepare("SELECT\n\t{$type}Id AS '{$type}Id'\nFROM\n\tinvitations\nWHERE\n\tinvitationId = ?");
$getIdQuery->execute(array($_POST['invitationId']));
$row = $getIdQuery->fetch(PDO::FETCH_ASSOC);
if ($type == 'folder') {
$_POST['folderId'] = $row['folderId'];
//We will not update user's role id for all of the folder's lists. That occurs when the pending user creates an account.
$returnThis['buildUsers'] = buildFolderUsers();
} else {
$_POST['listId'] = $row['listId'];
$returnThis['buildUsers'] = buildListUsers();
}
if (MODE == 'updatePendingRole') {
$success = true;
$message .= 'Updated';
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
if (MODE == 'updatePendingRole') {
returnData();
}
}
function viewUserRole()
{
global $debug, $message, $success, $Dbc;
$output = '';
if (isset($_POST['userId'])) {
$userId = intval($_POST['userId']);
try {
$viewUserSiteRoleStmt = $Dbc->prepare("SELECT\n\tsiteRoleId AS 'siteRoleId'\nFROM\n\tuserSiteSettings\nWHERE\n\tuserId = ?");
$viewUserSiteRoleParams = array($userId);
$viewUserSiteRoleStmt->execute($viewUserSiteRoleParams);
$foundRows = false;
$userSiteRoleRow = NULL;
$roles = array('0' => 'Blocked', '1' => 'Allow', '5' => 'Site Admin');
//('mysql role' => 'display role')
while ($row = $viewUserSiteRoleStmt->fetch(PDO::FETCH_ASSOC)) {
$foundRows = true;
foreach ($roles as $key => $value) {
//Build all the radio buttons with a unique name containing the userId.
$userSiteRoleRow .= '<input type="radio" name="role' . $userId . '" value="' . $key . '"';
if ($key == $row['siteRoleId']) {
$userSiteRoleRow .= ' checked';
}
$userSiteRoleRow .= '>' . $value;
}
$userSiteRoleRow .= ' <span class="link" id="updateSiteRole' . $userId . '">Update</span>';
}
if ($foundRows) {
$userSiteRole = ' <div class="break textCenter">
<div class="rowTitle" style="width:375px">Site Role</div>
<div class="break" style="line-height:2em;">' . $userSiteRoleRow . '
</div>
</div>';
} else {
$userSiteRole = NULL;
pdoError(__LINE__, $viewUserSiteRoleStmt, $viewUserSiteRoleParams, true);
}
$viewUserFolderRoleStmt = $Dbc->prepare("SELECT\n\tuserFolderSettings.folderId AS 'folderId',\n\tuserFolderSettings.folderRoleId AS 'folderRoleId',\n\tfolders.folderName AS 'folderName'\nFROM\n\tuserFolderSettings\nJOIN\n\tfolders ON folders.folderId = userFolderSettings.folderId\nWHERE\n\tuserFolderSettings.userId = ?");
$viewUserFolderRoleParams = array($userId);
$viewUserFolderRoleStmt->execute($viewUserFolderRoleParams);
$foundRows = false;
$userFolderRoleRows = NULL;
$class = 'rowAlt';
while ($row = $viewUserFolderRoleStmt->fetch(PDO::FETCH_ASSOC)) {
$foundRows = true;
if ($class == 'rowWhite') {
$class = 'rowAlt';
} else {
$class = 'rowWhite';
}
$userFolderRoleRows .= ' <div class="break ' . $class . '" style="width:375">
<div class="row ' . $class . '" style="width:175px">' . $row['folderName'] . '</div>
<div class="row" style="width:120px">' . buildRoles('folderRoleUser' . $userId . 'folderId' . $row['folderId'] . 'folderRoleId' . $row['folderRoleId'], $row['folderRoleId'], 'folderRoleId') . '</div>
<div class="link row" id="updateFolderRoleUser' . $userId . 'folderId' . $row['folderId'] . '" style="width:55px">Update</div>
</div>
';
}
if ($foundRows) {
$userFolderRole = ' <div class="break" style="padding:10px 0px 0px 0px">
<div class="rowTitle" style="width:175px">Folder Name</div>
<div class="rowTitle" style="width:175px">Folder Role</div>
<div class="break left" style="line-height:2em;">' . $userFolderRoleRows . '
</div>
</div>';
} else {
$userFolderRole = NULL;
pdoError(__LINE__, $viewUserFolderRoleStmt, $viewUserFolderRoleParams, true);
}
$viewUserListRoleStmt = $Dbc->prepare("SELECT\n\tlists.listId AS 'listId',\n\tlists.listName AS 'listName',\n\tuserListSettings.listRoleId AS 'listRoleId',\n\tfolders.folderName AS 'folderName'\nFROM\n\tlists\nJOIN\n\tfolders ON folders.folderId = lists.folderId\nJOIN\n\tuserListSettings ON userListSettings.listId = lists.listId AND\n\tuserListSettings.userId = ?\nORDER BY\n\tfolders.folderName, lists.listName");
$viewUserListRoleParams = array($userId);
$viewUserListRoleStmt->execute($viewUserListRoleParams);
$foundRows = false;
$userListRoleRows = NULL;
$class = 'rowAlt';
while ($row = $viewUserListRoleStmt->fetch(PDO::FETCH_ASSOC)) {
if ($class == 'rowWhite') {
$class = 'rowAlt';
} else {
$class = 'rowWhite';
}
$userListRoleRows .= ' <div class="break right ' . $class . '" style="width:400px">
<div class="row" style="width:120px">' . $row['listName'] . '</div>
<div class="row" style="width:120px">' . $row['folderName'] . '</div>
<div class="row" style="width:160px; line-height:2em;">
' . buildRoles('user' . $userId . 'List' . $row['listId'] . 'Role' . $row['listRoleId'], $row['listRoleId']) . ' <span class="link" id="updateListRole' . $userId . '">Update</span>
</div>
</div>
';
}
if ($foundRows) {
$userListRole = ' <div class="break">
<div class="rowTitle" style="width:120px">List Name</div>
<div class="rowTitle" style="width:120px">Folder</div>
<div class="rowTitle" style="width:160px">List Role</div>
' . $userListRoleRows . '
</div>';
} else {
$userListRole .= 'The user has no role for this list.';
pdoError(__LINE__, $viewUserListRoleStmt, $viewUserListRoleParams, true);
}
$output .= ' <div class="left" style="width:375px">' . $userSiteRole . $userFolderRole . '</div>
<div class="right" style="width:400px">' . $userListRole . '</div>
';
$success = true;
$returnThis['returnCode'] = $output;
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
} else {
error(__LINE__);
if (empty($_POST['userId'])) {
$message .= '$_POST[\'userId\'] is empty on line ' . __LINE__ . '.';
} elseif (empty($_POST['newRole'])) {
$message .= '$_POST[\'newRole\'] is empty on line ' . __LINE__ . '.';
} else {
$message .= 'Something else is wrong.';
}
}
if (MODE == 'updateSiteRole') {
returnData();
} else {
return $output;
}
}
function modifyFaq()
{
global $debug, $message, $success, $Dbc, $returnThis;
$output = '';
if (empty($_POST['faqQ'])) {
error(__LINE__, '', '$_POST[\'faqQ\'] is empty.');
} elseif (empty($_POST['faqA'])) {
error(__LINE__, '', '$_POST[\'faqA\'] is empty.');
} elseif (empty($_POST['faqId'])) {
error(__LINE__, '', '$_POST[\'faqId\'] is empty.');
} else {
//Update the faq.
try {
$stmt = $Dbc->prepare("UPDATE\n\tfaqs\nSET\n\tfaqs.q = ?,\n\tfaqs.a = ?\nWHERE\n\tfaqs.faqId = ?");
$stmt->execute(array($_POST['faqQ'], $_POST['faqA'], $_POST['faqId']));
//Mysql does not return affected rows when the value does not change, so we won't check for it here.
//Get the newly updated faqs.
$stmt = $Dbc->prepare("SELECT\n\tfaqs.faqId as 'faqId',\n\tfaqs.q AS 'q',\n\tfaqs.a AS 'a'\nFROM\n\tfaqs\nWHERE\n\tfaqs.faqId = ?");
$params = array($_POST['faqId']);
$stmt->execute($params);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($row)) {
$message .= 'No records were found for faqId: ' . $_POST['faqId'] . '<br>';
pdoError(__LINE__, $stmt, $params, 1);
} else {
$message .= 'Saved';
$success = MODE == 'modifyFaq' ? true : $success;
$returnThis['returnQ'] = $row['q'];
$returnThis['returnA'] = $row['a'];
}
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
}
if (MODE == 'modifyFaq') {
returnData();
}
}
function saveMyInformation()
{
/*Save the updated user information.
//This has become a rather complex and lengthy script. The best way to handle it is to compare the current information to the new information to see what has changed. Then do verifications on the changed information.
*/
global $debug, $message, $success, $Dbc, $returnThis;
try {
//The secondary email and new password fields are optional, so we must test them separately from the rest.
if (empty($_POST['firstName'])) {
throw new Adrlist_CustomException('', '$_POST[\'firstName\'] is empty.');
} elseif (strlen($_POST['firstName']) > 255) {
throw new Adrlist_CustomException('', '$_POST[\'firstName\'] is more than 255 characters.');
} elseif (empty($_POST['lastName'])) {
throw new Adrlist_CustomException('', '$_POST[\'lastName\'] is empty.');
} elseif (strlen($_POST['lastName']) > 255) {
throw new Adrlist_CustomException('', '$_POST[\'lastName\'] is more than 255 characters.');
} elseif (empty($_POST['primaryEmail'])) {
throw new Adrlist_CustomException('', '$_POST[\'primaryEmail\'] is empty.');
} elseif (!emailValidate($_POST['primaryEmail'])) {
throw new Adrlist_CustomException('', '$_POST[\'primaryEmail\'] is not a valid email address.');
} elseif (empty($_POST['primaryEmailRetype'])) {
throw new Adrlist_CustomException('', '$_POST[\'primaryEmailRetype\'] is empty.');
} elseif ($_POST['primaryEmail'] != $_POST['primaryEmailRetype']) {
throw new Adrlist_CustomException("The primary email addresses don't match.", '');
} elseif (empty($_POST['currentPassword'])) {
throw new Adrlist_CustomException('', '$_POST[\'currentPassword\'] is empty.');
} elseif (!passwordValidate($_POST['currentPassword'])) {
throw new Adrlist_CustomException('', '$_POST[\'currentPassword\'] is not valid.');
}
$_POST['firstName'] = trim($_POST['firstName']);
$_POST['lastName'] = trim($_POST['lastName']);
$_POST['primaryEmail'] = trim($_POST['primaryEmail']);
$_POST['currentPassword'] = trim($_POST['currentPassword']);
$_POST['newPassword'] = trim($_POST['newPassword']);
$_POST['secondaryEmail'] = trim($_POST['secondaryEmail']);
$toAddress = array();
$Dbc->beginTransaction();
//Verify the user has entered the correct current password. Grab other info to check what has been changed.
$stmt = $Dbc->prepare("SELECT\n\tfirstName AS 'firstName',\n\tlastName AS 'lastName',\n\tprimaryEmail AS 'primaryEmail',\n\tsecondaryEmail AS 'secondaryEmail',\n\tuserPassword AS 'password'\nFROM\n\tusers\nWHERE\n\tuserId = ? AND\n\tuserPassword = ?");
$sha1CurrentPassword = sha1($_POST['currentPassword']);
$sha1NewPassword = sha1($_POST['newPassword']);
$params = array($_SESSION['userId'], $sha1CurrentPassword);
$stmt->execute($params);
$currentInfo = $stmt->fetch(PDO::FETCH_ASSOC);
$debug->printArray($currentInfo, '$currentInfo');
$debug->printArray($_POST, '$_POST');
if (empty($currentInfo['password'])) {
pdoError(__LINE__, $stmt, $params, true);
throw new Adrlist_CustomException('Your password could not be verified. Please re-enter your current password.', '');
}
$debug->add('The user has entered the correct current password.');
if (!empty($currentInfo['secondaryEmail'])) {
$toAddress[] = $currentInfo['secondaryEmail'];
}
$newInformationArray = array('First Name' => $_POST['firstName'], 'Last Name' => $_POST['lastName'], 'Primary Email Address' => $_POST['primaryEmail'], 'Secondary Email Address' => $_POST['secondaryEmail']);
//Check if the password has changed.
if (empty($_POST['newPassword'])) {
$returnThis['pass'] = $_POST['currentPassword'];
$newInformationArray['Password'] = $sha1CurrentPassword;
} elseif ($_POST['newPassword'] != $_POST['newPasswordRetype']) {
throw new Adrlist_CustomException('The new passwords don\'t match. Please re-enter a new password.', '');
} elseif (!passwordValidate($_POST['newPassword'])) {
throw new Adrlist_CustomException('The new password you entered contains invalid characters. Please enter a valid password.', '');
} else {
//Update the password.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tuserPassword = ?\nWHERE\n\tuserId = ?");
$params = array($sha1NewPassword, $_SESSION['userId']);
$stmt->execute($params);
$returnThis['pass'] = $_POST['newPassword'];
$newInformationArray['Password'] = $sha1NewPassword;
}
//Compare the information in the database with the new information to report what has changed.
$changes = array_diff($newInformationArray, $currentInfo);
$debug->printArray($changes, '$changes');
if (empty($changes)) {
$message .= 'No changes were made.<br>';
} else {
//Update the secondary email only if it has changed and isn't empty.
if (array_key_exists('Secondary Email Address', $changes)) {
$debug->add('I detect that the Secondary Email Address has been changed.');
//Verify the new secondary email is different from the current and new primary email, and the re-type matches.
if (empty($_POST['secondaryEmail'])) {
//The user has removed a secondary email. Set the secondary email to null.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tsecondaryEmail = ?\nWHERE\n\tuserId = ?");
$params = array(NULL, $_SESSION['userId']);
$stmt->execute($params);
} elseif ($_POST['secondaryEmail'] != $currentInfo['primaryEmail'] && $_POST['secondaryEmail'] != $_POST['primaryEmail'] && $_POST['secondaryEmail'] == $_POST['secondaryEmailRetype'] && emailValidate($_POST['secondaryEmail'])) {
//Check to see if secondaryEmail is used by another user as either a primary or secondary email.
$debug->add('About to check the Secondary Email Address.');
$stmt = $Dbc->prepare("SELECT\n\tuserId AS 'userId'\nFROM\n\tusers\nWHERE\n\tsecondaryEmail = ? OR\n\tprimaryEmail = ? AND\n\tuserId <> ?");
$params = array($_POST['secondaryEmail'], $_POST['secondaryEmail'], $_SESSION['userId']);
$stmt->execute($params);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (empty($row['userId']) && empty($row['userId'])) {
pdoError(__LINE__, $stmt, $params, true);
$debug->add('As there are no users with the secondary email address ' . $_POST['secondaryEmail'] . ' this user can use it.');
//Update secondary email.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tsecondaryEmail = ?\nWHERE\n\tuserId = ?");
$stmt->execute(array($_POST['secondaryEmail'], $_SESSION['userId']));
$toAddress[] = $_POST['secondaryEmail'];
} else {
throw new Adrlist_CustomException('The Secondary Email Address your entered is associated with another account.<br>
<div style="height:.6em"></div>
Please choose a different Secondary Email Address.<br>', '');
}
} else {
if ($_POST['secondaryEmail'] == $currentInfo['primaryEmail']) {
$message .= 'The Primary and Secondary Email Addresses must be different.<br>';
} elseif ($_POST['secondaryEmail'] != $_POST['secondaryEmailRetype']) {
$message .= 'The secondary email addresses don\'t match.<br>';
} elseif (!emailValidate($_POST['secondaryEmail'])) {
$debug->add('$_POST[\'secondaryEmail\'] is not a valid email address.<br>
<div style="height:.6em"></div>
Please enter a valid email address.');
}
}
}
//Update the Primary Email Address only if it has changed.
if (array_key_exists('Primary Email Address', $changes)) {
$debug->add('I detect that the Primary Email Address has been changed.');
//Verify the new Primary Email is different from the Secondary Email.
if ($_POST['primaryEmail'] == $currentInfo['secondaryEmail']) {
throw new Adrlist_CustomException('The Primary and Secondary email addresses must be different.', '');
}
//Check to see if the primary email address is used by another user.
$debug->add('About to check the Primary Email Address.');
$stmt = $Dbc->prepare("SELECT\n\tuserId AS 'userId'\nFROM\n\tusers\nWHERE\n\tsecondaryEmail = ? OR\n\tprimaryEmail = ? AND\n\tuserId <> ?");
$params = array($_POST['primaryEmail'], $_POST['primaryEmail'], $_SESSION['userId']);
$stmt->execute($params);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
if (!empty($row['userId'])) {
throw new Adrlist_CustomException('The Primary Email Address your entered is associated with another account.<br>
<div style="height:.6em"></div>
Please enter a different Primary Email Address.<br>', '');
}
pdoError(__LINE__, $stmt, $params, true);
$debug->add('As there are no users with the email address ' . $_POST['primaryEmail'] . ' this user can use it.');
//Update the user's Primary Email Address.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tprimaryEmail = ?\nWHERE\n\tuserId = ?");
$params = array($_POST['primaryEmail'], $_SESSION['userId']);
$stmt->execute($params);
$toAddress[] = $_POST['primaryEmail'];
}
//Update the rest of the info.
$stmt = $Dbc->prepare("UPDATE\n\tusers\nSET\n\tfirstName = ?,\n\tlastName = ?\nWHERE\n\tuserId = ? AND\n\tuserPassword = ?");
$params = array($_POST['firstName'], $_POST['lastName'], $_SESSION['userId'], $sha1CurrentPassword);
$stmt->execute($params);
//Record the changes made.
$userChangesStmt = $Dbc->prepare("INSERT INTO userChanges SET\n\tuserId = ?,\n\toldPrimaryEmail = ?,\n\tnewPrimaryEmail = ?,\n\toldSecondaryEmail = ?,\n\tnewSecondaryEmail = ?,\n\toldPassword = ?,\n\tnewPassword = ?,\n\toldFirstName = ?,\n\tnewFirstName = ?,\n\toldLastName = ?,\n\tnewLastName = ?,\n\tdateChanged = ?");
$userChangesParams = array($_SESSION['userId'], $currentInfo['primaryEmail'], $_POST['primaryEmail'], $currentInfo['secondaryEmail'], $_POST['secondaryEmail'], $currentInfo['password'], $sha1NewPassword, $currentInfo['firstName'], $_POST['firstName'], $currentInfo['lastName'], $_POST['lastName'], DATETIME);
$userChangesStmt->execute($userChangesParams);
$changesListText = '';
$changesListHtml = '';
foreach ($changes as $key => $value) {
$changesListText .= "- {$key}\n";
$changesListHtml .= "• {$key}<br>";
}
$subject = 'Changes have been made to your ' . THENAMEOFTHESITE . ' account';
$bodyText = 'The following changes have been made to your ' . THENAMEOFTHESITE . ' account:
' . $changesListText . '
If you did not authorize these changes please <a href="' . LINKSUPPORT . '">contact support</a>.
This is an automated message. Please do not reply.';
$bodyHtml = 'The following changes have been made to your account:<br>
' . $changesListHtml . '<br>
If you did not authorize these changes please <a href="' . LINKSUPPORT . '">contact support</a>.';
$debug->printArray($toAddress, '$toAddress');
if (email(EMAILDONOTREPLY, $currentInfo['primaryEmail'], $subject, $bodyHtml, $bodyText)) {
$Dbc->commit();
$message .= 'Saved My Information';
$success = MODE == 'saveMyInformation' ? true : $success;
if (!empty($toAddress)) {
foreach ($toAddress as $value) {
email('donotreply@' . DOMAIN, $value, $subject, $bodyHtml, $bodyText);
}
}
} else {
throw new Adrlist_CustomException('', 'There was a problem trying to send an email.');
}
}
} catch (Adrlist_CustomException $e) {
} catch (PDOException $e) {
error(__LINE__, '', '<pre>' . $e . '</pre>');
}
if (MODE == 'saveMyInformation') {
returnData();
} else {
return $output;
}
}
function viewInvitations()
{
global $debug, $message, $success;
$output = ' <div class="textLeft" id="viewInvitationsReturn">';
$class = 'rowAlt';
$getInvitationsQuery = "SELECT\n\tfolders.folderName AS 'folderName',\n\tinvitations.invitationId AS 'invitationId',\n\tinvitations.folderRoleId AS 'folderRoleId',\n\tinvitations.email AS 'email',\n\tinvitations.listRoleId AS 'listRoleId',\n\tDATE_FORMAT(invitations.sentDate, '%b %e, %Y %l:%i %p') AS 'sentDate',\n\tDATE_FORMAT(invitations.responded, '%b %e, %Y %l:%i %p') AS 'responded',\n\tlists.listName AS 'listName'\nFROM\n\tinvitations\nLEFT JOIN\n\tlists ON lists.listId = invitations.listId\nJOIN\n\tfolders ON folders.folderId = invitations.folderId AND\n\tinvitations.senderId = '" . $_SESSION['userId'] . "'\nORDER BY\n\t(SELECT userSiteSettings.folderLinksOrderBy FROM userSiteSettings WHERE userSiteSettings.userId = '" . $_SESSION['userId'] . "')";
if ($result = mysql_query($getInvitationsQuery)) {
if (mysql_affected_rows() == 0) {
$message .= 'You haven\'t sent any invitations.';
pdoError(__LINE__, $getInvitationsQuery, '$getInvitationsQuery', 1);
} else {
$output .= ' <div class="break relative" style="width:100%">
<div class="rowTitle" style="width:140px; padding-left:5px"><br>
Email</div>
<div class="rowTitle" style="width:120px">Invited to Folder</div>
<div class="rowTitle" style="width:80px">Folder Role</div>
<div class="rowTitle" style="width:130px"><br>
Invited to ADR List</div>
<div class="rowTitle" style="width:80px">List Role</div>
<div class="rowTitle" style="width:110px"><br>
Sent</div>
<div class="rowTitle" style="width:110px"><br>
Responded</div>
</div>';
while ($row = mysql_fetch_assoc($result)) {
if ($class == 'rowWhite') {
$class = 'rowAlt';
} else {
$class = 'rowWhite';
}
$responded = empty($row['responded']) ? 'No response' : $row['responded'];
$listName = empty($row['listName']) ? ' ' : $row['listName'];
$output .= ' <div class="break relative ' . $class . '">
<div class="row" style="width:140px; padding-left:5px"><img alt="" class="left" height="16" id="deleteInvitation' . $row['invitationId'] . '" onClick="" src="' . LINKIMAGES . '/xRed.png" width="16"> ' . breakEmail($row['email'], 16) . '</div>
<div class="row" style="width:120px">' . $row['folderName'] . '</div>
<div class="row" style="width:80px;">' . roles($row['folderRoleId']) . '</div>
<div class="row" style="width:130px">' . $listName . '</div>
<div class="row" style="width:80px">' . roles($row['listRoleId']) . '</div>
<div class="row textSmall" style="width:110px">' . $row['sentDate'] . '</div>
<div class="row textSmall" style="width:110px">' . $responded . '</div>
</div>
';
}
$output .= ' </table>
</div>';
$success = true;
$returnThis['returnViewInvitations'] = $output;
}
} else {
error(__LINE__);
pdoError(__LINE__, $getInvitationsQuery, '$getInvitationsQuery');
}
if (MODE == 'viewInvitations') {
returnData();
} else {
return $output;
}
}
function buildScenes()
{
global $debug, $message, $success;
$output = '<div class="break relative" style="width:100%">
<div class="rowTitle" style="width:100px">Scene</div>
<div class="rowTitle" style="width:100px">Takes</div>
<div class="rowTitle" style="width:120px">Date</div>
<div class="rowTitle" style="width:100px">Circle Take</div>
<div class="rowTitle" style="width:300px">Notes</div>
</div>
';
$getScenesQuery = "SELECT\n\tscene AS 'scene',\n\ttakes AS 'takes',\n\tscenDatetime AS 'date',\n\tcircleTake AS 'circleTake',\n\tnotes AS 'notes'\nFROM\n\tscenes";
if ($result = mysql_query($getScenesQuery)) {
if (mysql_affected_rows() == 0) {
$output .= 'There are no scenes.';
pdoError(__LINE__, $getScenesQuery, '$getScenesQuery', 1);
} else {
$success = true;
$message .= '';
$test = array('49', 'A63', 'A124A', 'A124', '124', '124A');
$debug->printArray($test, '$test');
natcasesort($test);
$debug->printArray($test, '$test after natcasesort');
$scenes = array();
$scenesFolders = array();
while ($row = mysql_fetch_assoc($result)) {
$scenes[$row['scene']] = $row;
$scenesFolders[preg_replace('/\\D*/', '', $row['scene'])][] = $row['scene'];
}
$debug->printArray($scenes, '$scenes');
ksort($scenesFolders);
//Sort array by keys.
$debug->printArray($scenesFolders, '$scenesFolders after processing');
$class = 'rowWhite';
foreach ($scenesFolders as $key => $value) {
natcasesort($value);
//Sort scenes using natural order.
foreach ($value as $key2 => $value2) {
if ($class == 'rowWhite') {
$class = 'rowAlt';
} else {
$class = 'rowWhite';
}
$output .= ' <div class="break relative ' . $class . '">
<div class="row" style="width:100px">' . $scenes[$value2]['scene'] . '</div>
<div class="row" style="width:100px">' . $scenes[$value2]['takes'] . '</div>
<div class="row" style="width:120px">' . $scenes[$value2]['date'] . '</div>
<div class="row" style="width:100px">' . $scenes[$value2]['circleTake'] . '</div>
<div class="row" style="width:300px">' . $scenes[$value2]['notes'] . '</div>
</div>
';
}
}
}
} else {
error(__LINE__);
pdoError(__LINE__, $getScenesQuery, '$getScenesQuery');
}
if (MODE == 'buildScenes') {
$returnThis['returnBuildScenes'] = $output;
returnData();
} else {
return $output;
}
}
