function get_spouse($spouse1, $spouse2, $spouse3)
{
$spouse1 = test_input($spouse1);
$spouse2 = test_input($spouse2);
$spouse3 = test_input($spouse3);
$num = rand(1, 3);
switch ($num) {
case 1:
return $spouse1;
case 2:
return $spouse2;
case 3:
return $spouse3;
default:
return "Mystery spouse";
}
}
public function add_question()
{
$arr['question'] = test_input($_POST['judge_des']);
$arr['point'] = test_input($_POST['point']);
$arr['answer'] = $_POST['answer'];
$arr['easycount'] = intval($_POST['easycount']);
$arr['isprivate'] = intval($_POST['isprivate']);
$arr['creator'] = $_SESSION['user_id'];
$arr['addtime'] = date('Y-m-d H:i:s');
if (M('ex_judge')->add($arr)) {
return true;
} else {
return false;
}
}
function register_seller()
{
global $host, $user, $pass, $dbname;
$db = new mysqli($host, $user, $pass, $dbname);
$email = test_input($_POST["semail"]);
$password = test_input($_POST["spassword"]);
$confirm_pass = test_input($_POST["sconfirm-password"]);
$fname = test_input($_POST["sfname"]);
$lname = test_input($_POST["slname"]);
$query = "SELECT * FROM SELLER WHERE SELLER.email = '" . $email . "'";
$result = $db->query($query);
//echo $query;
if ($result->num_rows > 0) {
echo '{"created": false}';
} else {
$count_query = "SELECT COUNT(*) FROM SELLER";
$result2 = $db->query($count_query);
if ($result2->num_rows > 0) {
$row = $result2->fetch_assoc();
$sid = $row["COUNT(*)"];
} else {
$sid = 0;
}
$insert = "INSERT INTO SELLER (sid, email, password, fname, lname) VALUES (" . $sid . ", '" . $email . "', '" . $password . "', '" . $fname . "', '" . $lname . "');";
$db->query($insert);
$token = 256;
echo '{"created": true, "sid": ' . $sid . ', "fname": "' . $fname . '", "token": ' . $token . '}';
}
}
/**
* Test savingForm
* Test so a proper form is saved, with correct data.
* Also test if it is possible to enter incorrect data that might ruin something.
* @author Fredrik Andersson
* @small
* @test
*/
public function formFunctions()
{
// Create new user class
$a = new PP();
// Check if the object was created
$this->assertNotNull($a);
// Adding some variables into the form class PP
$a->student1 = "StudentName";
$this->assertEquals("StudentName", $a->student1);
//Test of the function test_num($data)
$this->assertEquals(1, test_num(1));
$this->assertEquals("-", test_num("-"));
$this->assertEquals("-", test_num(10));
//Test of the function test_input($data)
$this->assertEquals("123", test_input(" 123 "));
//trim() removes spaces before the first char and after the last one.
$this->assertEquals("123'hihi\ttab", test_input("123\\'hi\\hi\ttab"));
//stripslashes() removes all slashes exept proper slashes like \t and \n etc.
$this->assertEquals("& " < >", test_input("& \" < >"));
//htmlspecialchars() changes some special characters to code that html can handle.
//Test of the function is_empty($data)
$this->assertEquals(false, is_empty(array('apple', 'banana ', ' cranberry ')));
$this->assertEquals(false, is_empty(array('', '', '')));
$temp[10] = "something";
$this->assertEquals(false, is_empty($temp));
//Test of the function input_length()
$string128 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa";
$string129 = "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaab";
$this->assertEquals($string128, input_length($string129));
//Test of the function length_one()
$this->assertEquals("1", length_one("12345"));
}
public function addFillInfo()
{
$reqResult = new Result();
$arr = FillConvert::convertFillFromPost();
$arr['addtime'] = date('Y-m-d H:i:s');
$arr['creator'] = $_SESSION['user_id'];
$fillId = FillBaseModel::instance()->insertData($arr);
if ($fillId) {
for ($i = 1; $i <= $arr['answernum']; $i++) {
$answer = test_input($_POST["answer{$i}"]);
$arr2['fill_id'] = $fillId;
$arr2['answer_id'] = $i;
$arr2['answer'] = $answer;
M('fill_answer')->add($arr2);
}
$pointIds = I('post.point', array());
KeyPointService::instance()->saveExamPoint($pointIds, $fillId, FillBaseModel::FILL_PROBLEM_TYPE);
$reqResult->setMessage("填空题添加成功!");
$reqResult->setData("fill");
} else {
$reqResult->setStatus(false);
$reqResult->setMessage("填空题添加失败!");
}
return $reqResult;
}
function setValuesWhenSubmitIsClicked()
{
$GLOBALS['pkstu_id'] = test_input($_POST['pkstu_id']);
$GLOBALS['fkstu_lug_id'] = test_input($_POST['fkstu_lug_id']);
$GLOBALS['stu_nombre'] = test_input($_POST['stu_nombre']);
$GLOBALS['stu_fecha_creacion'] = test_input($_POST['stu_fecha_creacion']);
}
function setMessage($data)
{
if (empty($data)) {
echo "E-mail couldn't be send without a message";
} else {
return test_input($data);
}
}
function test_num_meals($data)
{
$data = test_input($data);
if (!is_numeric($data)) {
return FALSE;
}
return $data;
}
function nomChercheur($bdd)
{
$id = test_input($_SESSION['id']);
$requete = $bdd->query("SELECT * FROM chercheur WHERE ID = {$id}");
$data = $requete->fetch();
$resultat = $data['PrenomChercheur'] . " " . $data['NomChercheur'];
$requete->closeCursor();
return $resultat;
}
public static function convertJudgeFromPost()
{
$arr = array();
$arr['question'] = test_input($_POST['judge_des']);
$arr['answer'] = $_POST['answer'];
$arr['easycount'] = intval($_POST['easycount']);
$arr['isprivate'] = intval($_POST['isprivate']);
return $arr;
}
function setValuesWhenSubmitIsClicked()
{
$GLOBALS['pkusu_id'] = test_input($_POST['pkusu_id']);
$GLOBALS['fkusu_rol_id'] = test_input($_POST['fkusu_rol_id']);
$GLOBALS['usu_nombre'] = test_input($_POST['usu_nombre']);
$GLOBALS['usu_correo'] = test_input($_POST['usu_correo']);
$GLOBALS['usu_clave'] = test_input($_POST['usu_clave']);
$GLOBALS['usu_imagen'] = test_input($_POST['usu_imagen']);
}
public static function convertFillFromPost()
{
$arr = array();
$arr['question'] = test_input($_POST['fill_des']);
$arr['easycount'] = intval($_POST['easycount']);
$arr['answernum'] = intval($_POST['numanswer']);
$arr['kind'] = intval($_POST['kind']);
$arr['isprivate'] = intval($_POST['isprivate']);
return $arr;
}
function setValuesWhenSubmitIsClicked()
{
$GLOBALS['pkins_id'] = test_input($_POST['pkins_id']);
$GLOBALS['fkins_car_id'] = test_input($_POST['fkins_car_id']);
$GLOBALS['fkins_cor_id'] = test_input($_POST['fkins_cor_id']);
$GLOBALS['ins_valor'] = test_input($_POST['ins_valor']);
$GLOBALS['ins_gualdrapa'] = test_input($_POST['ins_gualdrapa']);
$GLOBALS['ins_puesto_partida'] = test_input($_POST['ins_puesto_partida']);
$GLOBALS['ins_favorito'] = test_input($_POST['ins_favorito']);
}
/**
* 修改菜单
**/
function updateBaseCodeDef($baseCodeDefId)
{
mysql_query("set character_set_connection=utf8");
$fatherBaseCodeDef = isset($_POST['fatherBaseCodeDef']) ? test_input($_POST['fatherBaseCodeDef']) : "";
// 父字典code
$codeValue = isset($_POST['codeValue']) ? test_input($_POST['codeValue']) : "";
// 字典编码
$displayValue = isset($_POST['displayValue']) ? test_input($_POST['displayValue']) : "";
// 字典名称
mysql_query("update base_code_def set father_base_code ='" . $fatherBaseCodeDef . "', code_value='" . $codeValue . "', display_value='" . $displayValue . "' where base_code_id = " . $baseCodeDefId);
}
function setValuesWhenSubmitIsClicked()
{
$GLOBALS['pkfac_id'] = test_input($_POST['pkfac_id']);
// $GLOBALS['pkapu_id'] = test_input($_POST['pkapu_id']);
// $GLOBALS['fkapu_cor_id'] = test_input($_POST['fkapu_cor_id']);
// $GLOBALS['fkapu_jug_id'] = test_input($_POST['fkapu_jug_id']);
// $GLOBALS['fkapu_fac_id'] = test_input($_POST['fkapu_fac_id']);
// $GLOBALS['fkapu_taq_id'] = test_input($_POST['fkapu_taq_id']);
// $GLOBALS['apu_monto'] = test_input($_POST['apu_monto']);
// $GLOBALS['apu_lugar_llegada'] = test_input($_POST['apu_lugar_llegada']);
}
public function getAverageSalary()
{
// I am using javascript to validate on the client side, but I am validating on the server side too just in case
if (empty($_GET["name"])) {
echo "Search string is required";
return false;
} else {
$name = test_input(cleanGet($_GET));
//echo $name;
//exit;
//$name = test_input($_GET["name"]);
if (preg_match("/^[a-zA-Z ]*\$/", $name)) {
echo "The search string is O.K. Look here for the results <br>";
//exit;
} else {
echo "Model1.php says Only letters and white space allowed";
exit;
}
}
// again, I could have used curl to get the JSON data, but just keeping it simple
$this->response = file_get_contents('https://data.cityofboston.gov/resource/4swk-wcg8.json');
$this->response = json_decode($this->response);
// now, this just loops through the returned object
foreach ($this->response as $num => &$values) {
// gets the object properties
$thevals = get_object_vars($values);
// assign property values to variables
$searchstring = $name;
$mystring1 = $thevals['title'];
$mystring2 = $thevals['title'];
$pos1 = stripos($mystring2, $searchstring);
// Note our use of ===. Simply == would not work as expected
// because the positional issues of the 0th (first) character per api documentation.
if ($pos1 !== false) {
echo "Found '{$searchstring}' in '{$mystring2}' ==> \$" . $thevals['total_earnings'] . "<br>";
$totalrows++;
$sum += $thevals['total_earnings'];
}
}
//calculate the average salary
if ($totalrows > 0) {
$average = $sum / $totalrows;
// report back earnings information as required
echo "<br>The Grand Total Salary for the " . $searchstring . " positions-> is : " . money_format('%i', $sum) . "<br>";
echo "The total rows is : " . $totalrows . "<br>";
echo "The Average salary for the " . $searchstring . " position based on Total Earnings is Grand Total Salary: " . money_format('%i', $sum) . " divided by total number of records " . $totalrows . " = " . money_format('%i', $average) . "<br>";
return 1;
} else {
// no data found, the program will return to the start page, but inform the user. The message may be visible on a slower system.
echo "Sorry no data found for: " . $searchstring . "<br>";
return 0;
}
}
function setValuesWhenSubmitIsClicked()
{
$GLOBALS['pkent_id'] = test_input($_POST['pkent_id']);
$GLOBALS['fkent_lug_id'] = test_input($_POST['fkent_lug_id']);
$GLOBALS['ent_ci'] = test_input($_POST['ent_ci']);
$GLOBALS['ent_primer_nombre'] = test_input($_POST['ent_primer_nombre']);
$GLOBALS['ent_segundo_nombre'] = test_input($_POST['ent_segundo_nombre']);
$GLOBALS['ent_primer_apellido'] = test_input($_POST['ent_primer_apellido']);
$GLOBALS['ent_segundo_apellido'] = test_input($_POST['ent_segundo_apellido']);
$GLOBALS['ent_fecha_nacimiento'] = test_input($_POST['ent_fecha_nacimiento']);
$GLOBALS['tel_codigo'] = test_input($_POST['tel_codigo']);
$GLOBALS['tel_numero'] = test_input($_POST['tel_numero']);
}
function test_string_name($name_field)
{
if (empty($_POST["name"])) {
$data_correct = 0;
$nameErr = "Name is required";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z0-9_\\- ]*\$/", $name)) {
$nameErr = "Only letters and white space allowed";
$data_correct = 0;
}
}
}
public function check($source, $items = array())
{
foreach ($items as $item => $rules) {
foreach ($rules as $rule => $rule_value) {
$value = test_input($source[$item]);
if ($rule === 'required' && empty($value)) {
$this->addError(" Your {$this->getFieldName($rules)} is required.");
} else {
if (!empty($value)) {
switch ($rule) {
case 'min':
if (strlen($value) < $rule_value) {
$this->addError("{$this->getFieldName($rules)} must be a minimum of {$rule_value} characters.");
}
break;
case 'max':
if (strlen($value) > $rule_value) {
$this->addError("{$this->getFieldName($rules)} must be no more than {$rule_value} characters.");
}
break;
case 'matches':
if ($value !== $source[$rule_value]) {
$this->addError("{$this->getFieldName($rules)} must match your {$rule_value}");
}
break;
case 'unique':
$check = $this->_db->get($rule_value, array($item, '=', $value));
if ($check->count()) {
$this->addError("{$this->getFieldName($rules)} already exists.");
}
break;
case 'contains':
if ($rule_value == 'alnum()' && !ctype_alnum(str_replace([" ", "'"], "", $value))) {
$this->addError("Your {$this->getFieldName($rules)} should only contain letters and spaces.");
} else {
if ($rule_value == 'alnum(m:letters)') {
if (!ctype_alnum($value) || ctype_digit($value)) {
$this->addError("Your {$this->getFieldName($rules)} can have alphanumerics but not all numeric.");
}
}
}
}
}
}
}
}
if (empty($this->_errors)) {
$this->_passed = true;
}
return $this;
}
function setValuesWhenSubmitIsClicked()
{
$GLOBALS['pkeje_id'] = test_input($_POST['pkeje_id']);
$GLOBALS['fkeje_har_id'] = test_input($_POST['fkeje_har_id']);
$GLOBALS['fkeje_pel_id'] = test_input($_POST['fkeje_pel_id']);
$GLOBALS['fkeje_raz_id'] = test_input($_POST['fkeje_raz_id']);
$GLOBALS['fkeje_mad_id'] = test_input($_POST['fkeje_mad_id']);
$GLOBALS['fkeje_pad_id'] = test_input($_POST['fkeje_pad_id']);
$GLOBALS['eje_fecha_nacimiento'] = test_input($_POST['eje_fecha_nacimiento']);
$GLOBALS['eje_nombre'] = test_input($_POST['eje_nombre']);
$GLOBALS['eje_precio'] = test_input($_POST['eje_precio']);
$GLOBALS['eje_sexo'] = test_input($_POST['eje_sexo']);
$GLOBALS['eje_tatuaje'] = test_input($_POST['eje_tatuaje']);
}
function setValuesWhenSubmitIsClicked()
{
$GLOBALS['pkjin_id'] = test_input($_POST['pkjin_id']);
$GLOBALS['fkjin_lug_id'] = test_input($_POST['fkjin_lug_id']);
$GLOBALS['jin_ci'] = test_input($_POST['jin_ci']);
$GLOBALS['jin_primer_nombre'] = test_input($_POST['jin_primer_nombre']);
$GLOBALS['jin_segundo_nombre'] = test_input($_POST['jin_segundo_nombre']);
$GLOBALS['jin_primer_apellido'] = test_input($_POST['jin_primer_apellido']);
$GLOBALS['jin_segundo_apellido'] = test_input($_POST['jin_segundo_apellido']);
$GLOBALS['jin_fecha_nacimiento'] = test_input($_POST['jin_fecha_nacimiento']);
$GLOBALS['jin_altura'] = test_input($_POST['jin_altura']);
$GLOBALS['jin_experiencia'] = test_input($_POST['jin_experiencia']);
$GLOBALS['tel_codigo'] = test_input($_POST['tel_codigo']);
$GLOBALS['tel_numero'] = test_input($_POST['tel_numero']);
}
static function setLoginCookies($user_id, $time)
{
$user_id_cookie = 'user_id';
$nonce_cookie = 'token';
$user_id = test_input($user_id);
$token = md5(mt_rand());
$user_ip = $_SERVER['REMOTE_ADDR'];
$expire_date = strtotime('+' . $time . ' days', time());
setcookie($user_id_cookie, $user_id, time() + 86400 * $time, "/");
// 86400 = 1 day
setcookie($nonce_cookie, $token, time() + 86400 * $time, "/");
// 86400 = 1 day
$query = "INSERT INTO c_nonce (user_id, token, user_ip, expire_date) VALUES ({$user_id}, '{$token}', '{$user_ip}', '{$expire_date}')";
$conn = MySQL::open_conn();
$conn->query($query);
$cookie_names = [$user_id_cookie, $nonce_cookie];
return $cookie_names;
}
/**
* 修改角色
**/
function updateRole($roleId)
{
$roleName = isset($_POST['roleName']) ? test_input($_POST['roleName']) : "";
// 角色名称
$roleDesc = isset($_POST['roleDesc']) ? test_input($_POST['roleDesc']) : "";
// 角色描述
$menuList = isset($_POST['menuList']) ? $_POST['menuList'] : "";
// 角色拥有的菜单
if ($menuList != "") {
if ($roleName != "" && $roleDesc != "") {
mysql_query("set character_set_connection=utf8");
mysql_query("update role set role_name='" . $roleName . "',role_desc='" . $roleDesc . "' where role_id = " . $roleId);
}
mysql_query("delete from role_menu_relation where role_id = " . $roleId);
foreach ($menuList as $menuId) {
mysql_query("insert into role_menu_relation(role_id, menu_id) values(" . $roleId . "," . $menuId . ")");
}
}
}
public function addProgram2Exam($eid)
{
$ansnum = I('post.numanswer', 0, 'intval');
$sql = "DELETE FROM `exp_question` WHERE `exam_id`={$eid} AND `type`='4'";
M()->execute($sql);
$dataList = array();
for ($i = 1; $i <= $ansnum; $i++) {
$programid = test_input($_POST["answer{$i}"]);
if (!is_numeric($programid)) {
return false;
} else {
$programid = intval($programid);
$data = array('exam_id' => $eid, 'type' => ProblemService::PROGRAM_PROBLEM_TYPE, 'question_id' => $programid);
$dataList[] = $data;
M('problem')->where('problem_id=%d', $programid)->data(array("defunct" => "Y"))->save();
}
}
M('exp_question')->addAll($dataList);
return true;
}
public function addprogram($eid)
{
$ansnum = I('post.numanswer', 0, 'intval');
$sql = "DELETE FROM `exp_question` WHERE `exam_id`={$eid} AND `type`='4'";
M()->execute($sql);
for ($i = 1; $i <= $ansnum; $i++) {
$programid = test_input($_POST["answer{$i}"]);
if (!is_numeric($programid)) {
return false;
} else {
$programid = intval($programid);
$arr['exam_id'] = $eid;
$arr['type'] = 4;
$arr['question_id'] = $programid;
M('exp_question')->data($arr)->add();
M('problem')->where('problem_id=%d', $programid)->data(array("defunct" => "Y"))->save();
}
}
return true;
}
function parse_input($postdata)
{
$error = "";
$email_to1 = "*****@*****.**";
$email_to2 = "*****@*****.**";
/*******
$sender_name = $_POST['sender_name']." 1";
$email_from = $_POST['email_from']." 2";
$email_subject = $_POST['subject']." 3";
$category = $_POST['category']." 4";
$email_message .= $_POST['message']." 5";
********/
//print_r($_POST);
error_log("From POST: sender_name = " . $sender_name . " email_from = " . $email_from . " email_subject = " . $email_subject . " category = " . $category . " email_message = " . $email_message, 0);
/******
$keyValueStr = "";
foreach ($_POST as $key => $value) {
$keyValueStr .= $key." = ".$value."^";
}
echo $keyValueStr;
********/
//echo $postdata;
error_log("postdata = " . $postdata, 0);
$clean_key_value_pairs = array();
$jasonStrResponse = "";
$jasonStr = "{";
$pairs = explode("&", $postdata);
foreach ($pairs as $pair) {
error_log("pair = " . $pair, 0);
list($key, $value) = explode("=", $pair);
$processedKey = test_input($key);
$processedValue = test_input($value);
$clean_key_value_pairs[$processedKey] = $processedValue;
$jasonStr .= '"' . $processedKey . '": "' . $processedValue . '",';
error_log("processedKey = " . $processedKey . " processedValue = " . $processedValue, 0);
}
$jasonStr = rtrim($jasonStr, ",");
$jasonStr .= "}";
return $clean_key_value_pairs;
}
function validate_informations()
{
$data = array();
$data['validate'] = false;
$data['now'] = date('F j, Y, g:i a');
if (isset($_POST['form_contact_submit'])) {
if (empty($_POST['form_name'])) {
return 0;
}
if (empty($_POST['form_email'])) {
return 0;
}
if (empty($_POST['form_message'])) {
return 0;
}
$data['name'] = test_input($_POST['form_name']);
$data['email'] = test_input($_POST['form_email']);
$data['message'] = test_input($_POST['form_message']);
// Only letters and white space allowed
if (!preg_match('/^[a-zA-Z ]*$/', $data['name'])) {
return 0;
}
// Test email address
if (!filter_var($data['email'], FILTER_VALIDATE_EMAIL)) {
return 0;
}
// reCaptcha validation
$recaptchaResponse = $_POST['g-recaptcha-response'];
$request = file_get_contents('https://www.google.com/recaptcha/api/siteverify?secret=' . G_RE_CAPTCHA_SECRET_KEY . '&response=' . $recaptchaResponse);
$response = json_decode($request);
// This will decode JSON to object
if (!$response->success) {
return 0;
}
$data['validate'] = true;
return $data;
}
return 0;
}
public function register()
{
if ($this->isPost) {
$username = $_POST['username'];
if ($username == null || strlen($username) < 3) {
$this->addFieldValue('username', $username);
$this->validationErrors('username', 'Потребителското име трябва да бъде по-дълго от три символа');
$this->addErrorMessage('Невалидно потребителско име');
}
$email = $_POST['email'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$this->addFieldValue('username', $username);
$this->validationErrors('email', 'Невалиден формат');
$this->addErrorMessage('Невалиден email адрес');
}
$password = $_POST['password'];
if (!empty($_POST['password']) && $_POST['password'] == $_POST['cpassword']) {
$password = test_input($_POST["password"]);
if (strlen($_POST["password"]) < '6') {
$this->addFieldValue('password', $password);
$this->validationErrors('password', 'Паролата трябва да бъде по-дълго от шест символа');
}
} elseif (!empty($_POST["password"])) {
$this->addErrorMessage('Няма съвпадение');
}
$isRegistered = $this->db->register($username, $password);
if ($isRegistered) {
$_SESSION['username'] = $username;
$this->addInfoMessage("Успешна регистрация");
$this->redirect("home", "index");
} else {
$this->addErrorMessage("Неуспешна регистрация");
}
}
$this->renderView("register");
}
public function add_question()
{
$arr['question'] = test_input($_POST['fill_des']);
$arr['point'] = test_input($_POST['point']);
$arr['easycount'] = intval($_POST['easycount']);
$arr['answernum'] = intval($_POST['numanswer']);
$arr['kind'] = intval($_POST['kind']);
$arr['isprivate'] = intval($_POST['isprivate']);
$arr['addtime'] = date('Y-m-d H:i:s');
$arr['creator'] = $_SESSION['user_id'];
$fillid = M('ex_fill')->add($arr);
if ($fillid) {
for ($i = 1; $i <= $arr['answernum']; $i++) {
$answer = test_input($_POST["answer{$i}"]);
$arr2['fill_id'] = $fillid;
$arr2['answer_id'] = $i;
$arr2['answer'] = $answer;
M('fill_answer')->add($arr2);
}
return true;
} else {
return false;
}
}
function createInstructor()
{
$flag = true;
if (empty($_POST["lastname"])) {
global $lastnameErr;
$lastnameErr = "Last name is required";
$flag = false;
} else {
$lastname = test_input($_POST["lastname"]);
}
if (empty($_POST["firstname"])) {
global $firstnameErr;
$firstnameErr = "First name is required";
$flag = false;
} else {
$firstname = test_input($_POST["firstname"]);
}
if (empty($_POST["email"])) {
global $emailErr;
$emailErr = "Email is required";
$flag = false;
} else {
$email = test_input($_POST["email"]);
}
$position = $_POST["position"];
if ($flag == true) {
$firstname = mysql_real_escape_string($firstname);
$lastname = mysql_real_escape_string($lastname);
$email = mysql_real_escape_string($email);
$position = mysql_real_escape_string($position);
$pw = generatePassword($firstname . " " . $lastname);
$query = "SELECT * FROM Instructor WHERE firstname='{$firstname}' AND lastname='{$lastname}'";
//change tablename
$result = mysql_query($query);
if ($result != null && mysql_num_rows($result) >= 1) {
echo "<p class=notice>Unable to create. Instructor already exists. If you want to change information please first delete from the list below.</p>";
} else {
$query = "INSERT INTO Instructor (firstname, lastname, email, position,pass) VALUES ( '{$firstname}', '{$lastname}', '{$email}', '{$position}', '{$pw}')";
//change tablename
$result = mysql_query($query);
if (!$result) {
die("Cannot create instructor: " . mysql_error());
} else {
echo "<p class=notice>New instructor " . $firstname . " " . $lastname . " is created.</p>";
}
}
}
}
