<?php
include_layout_template('admin_menu.php');
?>
<div class="span9">
<h2>Send Mail To Admin</h2>
<hr>
<h3>Note:</h3>
<ul>
<li>This function is used for sending of mails to other admins</li>
<li>You will be required to enter your unijos mail password before you can send the mail</li>
</ul>
<?php
$database = new MySQLDatabase();
$sql_all_users = $database->query("SELECT * FROM admin_users");
$admin_details = AdminLog::find_by_sql("SELECT * FROM admin_users WHERE user_id='" . $session->applicant_id . "'");
$admin_details = array_shift($admin_details);
?>
<form action="" method="POST" class="form-horizontal sendmail" id="sendmail" >
<div class="control-group">
<label class="control-label" for="inputEmail">Email: </label>
<div class="controls">
<div class="input-prepend">
<span class="add-on"><i class="icon-envelope"></i></span>
<input type="text" class="input-large" value="<?php
echo $admin_details->email;
?>
" id="email" name="email" readonly />
</div>
</div>
<?php
require_once "../../inc/initialize.php";
//print_r ($_POST);
$email = htmlspecialchars($_POST['email'], ENT_QUOTES);
$staff_id = htmlspecialchars($_POST['staffid'], ENT_QUOTES);
//checks if an account with the email & phone number already exists
$sql = "SELECT * FROM `admin_users` WHERE `email`='" . $email . "' OR `staff_id`= '" . $staff_id . "' LIMIT 1";
$user_exists = AdminLog::find_by_sql($sql);
foreach ($user_exists as $user_exist) {
$user_exist->email;
$user_exist->staff_id;
}
if ($user_exist->email == $email) {
sleep(2);
echo '<h4 class="alert alert-error">Error</h4>';
echo '<hr>';
echo "The E-mail:<font color='#FF0000'>'" . $user_exist->email . "'</font> already exists in our database";
echo '<br>';
echo 'Use the Close Button to Continue';
} elseif ($user_exist->staff_id == $staff_id) {
sleep(2);
echo '<h4 class="alert alert-error">Error</h4>';
echo '<hr>';
echo "The Staff ID:<font color='#FF0000'> '" . $user_exist->staff_id . "'</font> already exists in our database";
echo '<br>';
echo 'Use the Close Button to Continue';
} else {
$user = new AdminLog();
$user->surname = htmlspecialchars($_POST['surname'], ENT_QUOTES);
$user->othernames = htmlspecialchars($_POST['othernames'], ENT_QUOTES);
require_once "../../inc/initialize.php";
$staff_id = htmlspecialchars($_POST['staff_id'], ENT_QUOTES);
$pass = htmlspecialchars($_POST['apassword'], ENT_QUOTES);
// Ensure password is not the default
// if($pass == '' || $pass == 'pass' || $pass == 'password') {
// sleep(2);
// echo '<h4 class="alert alert-error">Error</h4>';
// echo '<hr>';
// echo 'Your password is too predictable.';
// }
$password = sha1($pass);
//Create the greeting message
$display_greeting = greeting();
//check if an admin account with the staff_id & password already exists
$sql = "SELECT * FROM `admin_users` WHERE `staff_id`='" . $staff_id . "' AND `password`= '" . $password . "' LIMIT 1";
$user = AdminLog::find_by_sql($sql);
$user = array_shift($user);
if (empty($user)) {
// Your don't have an account yet or email and password combination wrong
sleep(2);
echo '<h4 class="alert alert-error">Error</h4>';
echo '<hr>';
echo 'Your information does not exist in our database it may be due to the following reasons.';
echo '<ol>';
echo '<li>Your staff_id and password combination is wrong.</li>';
echo '<li>You do not have an account.</li>';
echo '</ol>';
} else {
// store applicant_id in session
$adminLog = new AdminLog();
$adminLog->user_id = $user->user_id;
