public function Delete()
{
if (!$this->ID) {
return false;
}
$q = "DELETE FROM SurveyAnswers WHERE ID='{$this->ID}' LIMIT 1";
return DB::Run($q);
}
private function Revoke($objectID, $objectType)
{
if ($objectType != "Member" && $objectType != "Calling" || !$objectID || !$this->ID) {
return false;
}
$q = "DELETE FROM GrantedPrivileges WHERE PrivilegeID='{$this->ID}' AND {$objectType}ID='{$objectID}' LIMIT 1";
if (!DB::Run($q)) {
die("ERROR > Could not revoke that privilege... sorry! " . mysql_error());
}
return true;
}
public function Save()
{
// Can we have multiple answer options of the exact
// same value for the same question?
// Right now... NO.
// Make safe the answer value before our preliminary query (including stripping HTML tags)
$safeAns = DB::Safe($this->AnswerValue);
$q = "SELECT 1 FROM SurveyAnswerOptions WHERE QuestionID='{$this->QuestionID}' AND AnswerValue='{$safeAns}' LIMIT 1";
if (mysql_num_rows(DB::Run($q)) > 0) {
fail("Hmmm, this answer option ({$this->AnswerValue}) already exists for this question. Are you sure you didn't mean something else?");
}
$q = DB::BuildSaveQuery($this, get_object_vars($this));
$r = DB::Run($q);
if (!$this->ID) {
$this->ID = mysql_insert_id();
}
return $r ? true : false;
}
public function Save()
{
if (!$this->GroupName || !$this->WardID) {
return false;
}
if (!$this->ID) {
$this->ID = 0;
}
// Pascal-case the FHE group name for consistency
$this->GroupName = ucwords(strtolower(trim($this->GroupName)));
// Sanitize the name before we use it in our query below...
$safeName = DB::Safe($this->GroupName);
// Make sure the group title is unique
$q = "SELECT 1 FROM FheGroups WHERE GroupName='{$safeName}' AND ID!='{$this->ID}' LIMIT 1";
if (mysql_num_rows(DB::Run($q)) > 0) {
fail("Oops. Could not save the FHE group; the name is already the name of another group, and they must be unique.");
}
$q = DB::BuildSaveQuery($this, get_object_vars($this));
$r = DB::Run($q);
if (!$this->ID) {
$this->ID = mysql_insert_id();
}
return $r ? true : false;
}
public function Save()
{
if (!$this->Name) {
return false;
}
if (!$this->ID) {
$this->ID = 0;
}
$this->Name = str_ireplace("stake", "", $this->Name);
$this->Name = trim(strip_tags($this->Name));
// Sanitize the name before we use it in our query below...
$safeName = DB::Safe($this->Name);
// Make sure the calling title is unique
$q = "SELECT 1 FROM Stakes WHERE Name='{$safeName}' AND ID!='{$this->ID}' LIMIT 1";
if (mysql_num_rows(DB::Run($q)) > 0) {
fail("Oops. Could not save Stake information; the name of the stake already exists.");
}
$q = DB::BuildSaveQuery($this, get_object_vars($this));
$r = DB::Run($q);
if (!$this->ID) {
$this->ID = mysql_insert_id();
}
return $r ? true : false;
}
exit;
}
@($yyyy = $_POST['year']);
@($mm = $_POST['month']);
@($dd = $_POST['day']);
if (!$yyyy || !$mm || !$dd || $yyyy < 2011 || $yyyy > date("Y") || $mm < 1 || $mm > 12 || $dd < 1 || $dd > 31 || !is_numeric($yyyy) || !is_numeric($mm) || !is_numeric($dd)) {
fail("Please be sure to select a cutoff date: day, month, and year.");
}
// The filename of the to-be-downloaded file. Make safe and strip out common words
$safeName = str_replace(" ", "_", strtolower($WARD->Name));
$safeName = preg_replace("/[^0-9A-Za-z_]+/", "", $safeName);
$safeName = preg_replace("/provo|utah|ysa|logan|ogden|orem|alpine|salt_lake_city|slc|salt_lake/", "", $safeName);
$safeName = trim($safeName, "_- ");
$filename = "{$safeName}_mls.csv";
// Run query; prepare to use results
$q = DB::Run("SELECT ID FROM Members WHERE WardID='{$WARD->ID()}' AND RegistrationDate >= '{$yyyy}-{$mm}-{$dd}' ORDER BY RegistrationDate ASC");
// Prepare the csv file
$csv = new CSVBuilder();
// Fields for the header of the file
$csv->AddField("Name");
$csv->AddField("Birth Date");
$csv->AddField("Address");
$csv->AddField("City");
$csv->AddField("State");
$csv->AddField("Postal");
$csv->AddField("Phone");
$csv->AddField("Prior Unit");
// Add all the data to the file
while ($r = mysql_fetch_array($q)) {
$m = Member::Load($r['ID']);
$res = $m->Residence();
public function Delete($sure = false)
{
// Safety
if ($sure !== true || !$this->ID) {
return false;
}
// Delete any password reset tokens
$q = "DELETE FROM PwdResetTokens WHERE CredentialsID='{$this->CredentialsID}'";
if (!DB::Run($q)) {
fail("Could not delete password reset tokens: " . mysql_error());
}
// Delete credentials
$q = "DELETE FROM Credentials WHERE ID='{$this->CredentialsID}'";
if (!DB::Run($q)) {
fail("Deleted password reset tokens but not anything else (stake leader can still login): " . mysql_error());
}
// Delete stake leader record
$q = "DELETE FROM StakeLeaders WHERE ID='{$this->ID}' LIMIT 1";
if (!DB::Run($q)) {
fail("Deleted password reset tokens and credentials but not account (stake leader CANNOT login, but record still exists!), problem - " . mysql_error());
}
return true;
}
?>
<?php
if ($MEMBER->HasPrivilege(PRIV_DELETE_ACCTS)) {
?>
<a href="/manage/prune">Delete Accounts</a><?php
}
}
?>
<?php
} elseif ($MEMBER == null && $LEADER != null) {
?>
<b>Wards</b>
<?php
// Show list of other wards they can view
$wardsQuery = DB::Run("SELECT Name, ID FROM Wards WHERE StakeID='{$LEADER->StakeID}' AND Deleted != 1 ORDER BY Name ASC");
while ($wardRow = mysql_fetch_array($wardsQuery)) {
?>
<a href="/api/changeward?id=<?php
echo $wardRow['ID'];
?>
"><i class="fa fa-asterisk"></i><?php
echo $wardRow['Name'];
?>
</a></li>
<?php
}
?>
<b>Membership</b>
<a href="/directory?stake"><i class="fa fa-list-alt"></i>Stake Directory</a>
private function DeleteWardItems()
{
// Delete calling assignments
$q = "DELETE FROM MembersCallings WHERE MemberID='{$this->ID}'";
if (!DB::Run($q)) {
fail("Tried to delete member ID {$this->ID}'s calling assignments, but failed: " . mysql_error());
}
// Delete permissions for this MEMBER (not his/her calling)
$q = "DELETE FROM Permissions WHERE ObjectType='Member' AND ObjectID='{$this->ID}'";
if (!DB::Run($q)) {
fail("Deleted calling assignments for this member, but could not delete permissions. MySQL error: " . mysql_error());
}
// Delete privileges for this MEMBER (not his/her calling)
$q = "DELETE FROM GrantedPrivileges WHERE MemberID='{$this->ID}'";
if (!DB::Run($q)) {
fail("Deleted calling assignments, and permissions for this member, but could not delete granted privileges. MySQL error: " . mysql_error());
}
// Delete any password reset tokens
$q = "DELETE FROM PwdResetTokens WHERE CredentialsID='{$this->CredentialsID}'";
if (!DB::Run($q)) {
fail("Deleted this member's calling assignments, privileges, and permissions, but not password reset tokens: " . mysql_error());
}
// Delete survey answers
$q = "DELETE FROM SurveyAnswers WHERE MemberID='{$this->ID}'";
if (!DB::Run($q)) {
fail("Deleted permissions, callings, privileges, and password reset tokens, but not survey answers. Problem was: " . mysql_error());
}
// Delete custom Residence, if any
if ($this->HasCustomResidence()) {
$q = "DELETE FROM Residences WHERE ID='{$this->ResidenceID}' AND Custom=1";
if (!DB::Run($q)) {
fail("Deleted permissions, callings, privileges, password reset tokens, survey answers, and credentials, but not Residence: " . mysql_error());
}
}
}
public function Members()
{
$q = "SELECT `MemberID` FROM `MembersCallings` WHERE `CallingID`={$this->ID}";
$r = DB::Run($q);
$members = array();
while ($row = mysql_fetch_array($r)) {
$members[] = Member::Load($row['MemberID']);
}
return $members;
}
@($ldr1 = $_POST['ldr1']);
@($ldr2 = $_POST['ldr2']);
@($ldr3 = $_POST['ldr3']);
if (!$name) {
Response::Send(400, "Please type a group name.");
}
// Make sure new leaders are removed from old group leaderships.
// This next for loop is the exact same as the loop above near the top of this file.
// TODO: This setup is awful. I want to redo this another time. What if the
// leadership becomes discombobulated? (e.g. removes a leader1 but keeps leader 2... just looks weird)
// This is a messy implementation. That's what I get for being in a hurry, I guess.
//DB::Run("UPDATE FheGroups SET Leader1=0 WHERE Leader1='$ldr1' OR Leader1='$ldr2' OR Leader1='$ldr3'");
//DB::Run("UPDATE FheGroups SET Leader2=0 WHERE Leader2='$ldr1' OR Leader2='$ldr2' OR Leader2='$ldr3'");
//DB::Run("UPDATE FheGroups SET Leader3=0 WHERE Leader3='$ldr1' OR Leader3='$ldr2' OR Leader3='$ldr3'");
for ($i = 1; $i <= 3; $i++) {
DB::Run("UPDATE FheGroups SET Leader{$i}=0 WHERE Leader{$i}='{$ldr1}' OR Leader{$i}='{$ldr2}' OR Leader{$i}='{$ldr3}'");
}
// Make assignments, but don't save changes yet.
$group->GroupName = $_POST['groupname'];
$group->Leader1 = $_POST['ldr1'];
$group->Leader2 = $_POST['ldr2'];
$group->Leader3 = $_POST['ldr3'];
// Move the leaders into their new groups
if ($group->Leader1 > 0) {
$mem = Member::Load($group->Leader1);
$mem->FheGroup = $id;
$mem->Save();
}
if ($group->Leader2 > 0) {
$mem = Member::Load($group->Leader2);
$mem->FheGroup = $id;
public function Delete($sure = false)
{
if ($sure !== true) {
fail("Could not delete this question; pass in boolean true to be sure.");
}
if (!$this->ID) {
fail("Could not delete this question, because no valid ID was associated with it.");
}
// "Make safe the harbor!" ... or ... "Make safe the city!" (pick your movie; I prefer the latter)
$safeID = DB::Safe($this->ID);
// Delete all SurveyAnswerOptions to it
$this->DeleteAllAnswerOptions(true);
// Delete all permissions for it
$q = "DELETE FROM Permissions WHERE QuestionID='{$safeID}'";
if (!DB::Run($q)) {
fail("Could not delete permissions for this question with ID {$this->ID}, reason: " . mysql_error());
}
// Delete all answers to this question
foreach ($this->Answers() as $ans) {
$ans->Delete();
}
// Delete the question, at last.
$q = "DELETE FROM SurveyQuestions WHERE ID='{$safeID}' LIMIT 1";
if (!DB::Run($q)) {
fail("Could not delete question with ID {$this->ID} from database (but answers, answer options, and permissions for it were all deleted), reason: " . mysql_error());
}
return true;
}
<br>
<input type="submit" value="Grant to Calling" class="button sm">
</form>
<br>
<h2 id="by-calling">Privileges granted to callings</h2>
<table class="privList">
<tr>
<th>Calling</th>
<th>Privilege</th>
<th>Options</th>
</tr>
<?php
$rm = DB::Run("SELECT CallingID, PrivilegeID FROM GrantedPrivileges INNER JOIN Callings ON Callings.ID = CallingID INNER JOIN Privileges ON Privileges.ID = GrantedPrivileges.PrivilegeID WHERE CallingID > 0 AND Callings.WardID={$MEMBER->WardID} ORDER BY Callings.Name ASC, Privileges.Privilege ASC");
while ($row = mysql_fetch_array($rm)) {
$priv = Privilege::Load($row['PrivilegeID']);
$call = Calling::Load($row['CallingID']);
?>
<tr>
<td>
<b><?php
echo $call->Name;
?>
</b>
</td>
<td>
<span title="<?php
echo $priv->HelpText();
?>
<?php
require_once "../lib/init.php";
@($eml = trim($_POST['eml']));
@($pwd = trim($_POST['pwd']));
// Login; returns null if bad credentials.
// First see if they're a regular member...
$m = Member::Login($eml, $pwd);
// Where to potentially redirect the member after login
$afterLogin = isset($_SESSION['after_login']) ? $_SESSION['after_login'] : "******";
if (!$m) {
// No? Maybe a stake leader?
$s = StakeLeader::Login($eml, $pwd);
if (!$s) {
Response::Send(400);
} else {
// Choose the first ward in the stake... alphabetically I guess... as default view for them.
$r = mysql_fetch_array(DB::Run("SELECT ID FROM Wards WHERE StakeID='{$s->StakeID}' AND Deleted != 1 ORDER BY Name ASC LIMIT 1"));
$_SESSION['wardID'] = $r['ID'];
// Stake leader logged in.
Response::Send(200, $afterLogin);
}
} else {
Response::Send(200, $afterLogin);
}
if ($pwd1 != $pwd2) {
Response::Send(400, "Your passwords don't match. Make sure they match.");
}
// Check length
if (strlen($pwd1) < 8) {
Response::Send(400, "Your password is too short. Please make it at least 8 characters.");
}
// Verify that the credentials ID matches the token
$credID = DB::Safe($credID);
$token = DB::Safe($token);
$r = DB::Run("SELECT 1 FROM `PwdResetTokens` WHERE `CredentialsID`='{$credID}' AND `Token`='{$token}' LIMIT 1");
if (mysql_num_rows($r) == 0) {
Response::Send(400, "Account ID and token do not appear to match. Maybe try again from the link in your email?");
}
// Get account object (Member or Leader) -- first we have to determine which type it is
$q2 = DB::Run("SELECT * FROM Credentials WHERE ID='{$credID}' LIMIT 1");
$r = mysql_fetch_array($q2);
$memberID = $r['MemberID'];
$leaderID = $r['StakeLeaderID'];
$user = null;
if ($memberID && !$leaderID) {
$user = @Member::Load($memberID);
} else {
if ($leaderID && !$memberID) {
$user = @StakeLeader::Load($leaderID);
}
}
if (!$user) {
Response::Send(500, "Could not load account with ID '{$memberID}' or '{$leaderID}', from credentials ID {$credID} -- please report this exact error message. Thanks...");
}
// Reset password.
}
}
if ($abort) {
break;
}
waitIfNeeded($start);
}
if ($abort) {
for ($i = $lasti; $i < count($job->Recipients); $i++) {
$job->AddFailedRecipient($job->Recipients[$i]->memberID, $job->Recipients[$i]->name, $job->Recipients[$i]->number, $errorCode, $errorReason . " (job terminated safely)");
}
}
// Finish
// Only deduct balance if a ward member sent it.
if ($job->IsMemberSender()) {
DB::Run("UPDATE Wards SET Balance = Balance - {$job->Cost} WHERE ID={$job->WardID} LIMIT 1");
}
$job->NumbersUsed = json_encode($numbers);
$job->Finished = now();
$job->Save();
exit;
function waitIfNeeded($start)
{
// Wait a certain amount of time before going to the next message, if necessary
$end = microtime(true);
$duration = $end - $start;
if ($duration * 1000 < SMS_MS_BETWEEN_MESSAGES) {
millisleep(SMS_MS_BETWEEN_MESSAGES - $duration + 50);
}
// add a short duration for integrity against network latency
}
$credID = mysql_result($r, 0);
// Make sure they haven't requested a reset in the last 15 minutes.
$q = "SELECT `Timestamp` FROM `PwdResetTokens` WHERE `CredentialsID`='{$credID}' ORDER BY `ID` DESC LIMIT 1";
// Find most recent
$result = mysql_fetch_array(DB::Run($q));
$tooSoon = strtotime("+15 minutes", strtotime($result['Timestamp']));
if (time() < $tooSoon) {
Response::Send(403, "Please wait at least 15 minutes before requesting another email to be sent.");
}
// Generate reset token
$token = urlencode(randomString(15, false));
// Prepare the email
$subj = "Reset your ward website password";
$msg = "Hi!\n\nYou or somebody else is trying to log in with this account on " . SITE_DOMAIN . ".\n\nTo reset your password, go to:\n\n----------------------------------------------------\nhttps://" . SITE_DOMAIN . "/newpwd?key={$token}\n----------------------------------------------------\n\nIf you didn't ask for a password reset, just ignore and delete this message. It expires in 48 hours anyway.\n\nHave a great day!\n-" . SITE_DOMAIN;
// Save the reset token in the DB
$q = "INSERT INTO `PwdResetTokens` (CredentialsID, Token, Timestamp) VALUES ('{$credID}', '{$token}', CURRENT_TIMESTAMP)";
if (!DB::Run($q)) {
Response::Send(500, "Couldn't save password reset token. Please report this: " . mysql_error());
}
// Send the email
$mail = new Mailer();
$mail->FromAndReplyTo(SITE_NAME, "no-reply@" . SITE_DOMAIN);
$mail->Subject("Reset your ward website password");
$mail->Body($msg);
$mail->To("", $eml);
$mail->Send();
if (count($mail->FailedRecipients()) > 0) {
Response::Send(500, "Could not send password reset email. Please try again, or report this if the problem persists.");
}
// Send 200 OK. Email sent; we're done here.
Response::Send(200);
<?php
require_once "../lib/init.php";
protectPage(0, true);
// Get the ward ID. "$WARD" is defined in init.php for convenience.
$wardID = DB::Safe($WARD->ID());
// Load a list of the members in order of apartment or address
$members = array();
$q = DB::Run("SELECT\n\tMembers.ID,\n\tTRIM(CONCAT_WS(\" \", Residences.Address, Residences.City, Residences.State)) AS FullAddr,\n\tTRIM(CONCAT_WS(\" \", Residences.Name, Members.Apartment)) AS RegularAddr\nFROM Members\nLEFT JOIN Residences\nON Members.ResidenceID = Residences.ID\nWHERE Members.WardID='{$WARD->ID()}'\nORDER BY RegularAddr, FullAddr, FirstName, LastName ASC;");
$lastApt = "";
// The apartment/address string of the last member in the loop
$i = 0;
// New line (float clearing) counter
$j = 0;
// Incremented for each apartment group we encounter
?>
<html>
<head>
<title><?php
echo $WARD->Name;
?>
Ward Directory — <?php
echo SITE_NAME;
?>
</title>
<?php
include "../includes/head.php";
?>
<style>
html,
<?php
// Build the list of wards by stake
$r = DB::Run("SELECT `ID`, `Name`, `StakeID` FROM `Wards` WHERE `Deleted` != 1 ORDER BY `StakeID`, `Name`");
$stakes = array();
while ($row = mysql_fetch_array($r)) {
$sid = $row['StakeID'];
$wid = $row['ID'];
if (!array_key_exists($sid, $stakes)) {
$stakes[$sid] = array();
}
$stakes[$sid][] = $wid;
}
?>
<select size="1" name="ward_id" id="wardid">
<option value="" <?php
if (!isset($WARD)) {
echo 'selected';
}
?>
>Select a ward</option>
<?php
foreach ($stakes as $sid => $wards) {
$stakeObj = Stake::Load($sid);
?>
<optgroup label="<?php
echo $stakeObj->Name;
?>
">
<?php
public function NameUnique()
{
$name = DB::Safe($this->Name);
$q = DB::Run("SELECT 1 FROM Residences WHERE Name='{$name}' AND WardID='{$this->WardID}' AND ID!='{$this->ID}' LIMIT 1");
return mysql_num_rows($q) == 0;
}
public function Residences($includeCustom = false)
{
$res = array();
$query = "SELECT ID FROM Residences WHERE WardID='{$this->ID()}' ";
if (!$includeCustom) {
$query .= "AND Custom=0";
}
$query .= " ORDER BY Name ASC";
$q = DB::Run($query);
while ($row = mysql_fetch_array($q)) {
$res[] = Residence::Load($row['ID']);
}
return $res;
}
require_once "lib/init.php";
protectPage();
// Build list of callings and members who hold those callings
// to render it below.
$list = '';
$r = DB::Run("SELECT ID FROM Callings WHERE WardID={$MEMBER->WardID} ORDER BY Name ASC");
if (!$r) {
fail("ERROR > Could not request callings. Please report this: " . mysql_error());
}
$callings = array();
while ($row = mysql_fetch_array($r)) {
$c = Calling::Load($row['ID']);
if (!$c) {
continue;
}
$r2 = DB::Run("SELECT MemberID FROM MembersCallings WHERE CallingID={$c->ID()}");
if (!$r2) {
fail("ERROR > Can't list members' callings. Please report this: " . mysql_error());
}
if (mysql_num_rows($r2) > 0) {
$callings[$c->Name] = array();
// Get a list of members with this calling
while ($row2 = mysql_fetch_array($r2)) {
$m = Member::Load($row2['MemberID']);
if (!$m) {
continue;
}
$callings[$c->Name][] = $m;
}
}
}
$q = "SELECT * FROM PwdResetTokens WHERE Token='{$key}' LIMIT 1";
$r = DB::Run($q);
if (mysql_num_rows($r) == 0) {
die("ERROR > Sorry, that is not a valid password reset token. Please go back to your email and try again?");
}
// Get the associated credentials ID...
$row = mysql_fetch_array($r);
$credID = $row['CredentialsID'];
if (!$credID) {
die("ERROR > That token doesn't seem associated with any account...");
}
// Make sure it hasn't expired; delete it if it has
$tokenID = $row['ID'];
$tooLate = strtotime("+48 hours", strtotime($row['Timestamp']));
if (time() > $tooLate) {
DB::Run("DELETE FROM PwdResetTokens WHERE ID='{$tokenID}' LIMIT 1");
die("ERROR > Sorry, that token has expired. They only last 48 hours.");
}
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Finish password reset — <?php
echo SITE_NAME;
?>
</title>
<?php
include "includes/head.php";
?>
</head>
<?php
/*
Performs resizing operations on all profile pictures.
This was originally used to bring pictures up from a small thumb/medium
size to a larger size (about 2x) fit for retina/high-DPI displays.
Protect this file if you upload it. It has no security built-in.
*/
exit;
// SAFETY LINE; disable to use this file
require_once "../lib/init.php";
echo "<pre>";
set_time_limit(0);
$mems = DB::Run("SELECT ID FROM Members ORDER BY ID ASC");
$i = 0;
while ($row = mysql_fetch_array($mems)) {
$mem = Member::Load($row['ID']);
if (!$mem->PictureFile) {
continue;
}
$picFile = $mem->PictureFile;
$main = filename($mem->PictureFile);
$ext = extension($mem->PictureFile, "jpg");
$newRand = rand(1000, 9999);
$newMain = $mem->FirstName . "_" . $mem->LastName . "_" . $mem->ID() . "_" . $newRand;
$newFull = $newMain . "." . $ext;
$newMedium = $newMain . "_med." . $ext;
$newThumb = $newMain . "_thumb." . $ext;
echo "PICTURE:\n{$newMain}\n{$newFull}\n{$newMedium}\n{$newThumb}\n";
copy("uploads/" . $mem->PictureFile, "uploads/" . $newFull);
$ansObj->AnswerArrayToString();
}
// Save the answer now.
$ansObj->Save();
}
}
// Identify un-answered questions, both required and not.
// We poll the DB because un-checked checkboxes aren't submitted
// at all, so we have to manually check if they're missing.
// If the question requires an answer, enforce that requirement.
// If the question is not required, give un-filled answers an empty value.
// (This whole block isn't very efficient way to do this, but for
// the low traffic volume we get, it should be fine.... for now...
// especially considering how quickly this had to be ready!)
$q = "SELECT ID FROM SurveyQuestions WHERE WardID={$MEMBER->WardID} AND Visible='1'";
$r = DB::Run($q);
while ($row = mysql_fetch_array($r)) {
// Find out about the question and the user's answer to it, if any
$reqQu = SurveyQuestion::Load($row['ID']);
$userAns = isset($answers[$reqQu->ID()]) ? $answers[$reqQu->ID()] : null;
if (is_string($userAns)) {
$userAns = trim($userAns);
}
// If it IS required, and not answered, time to throw.
if ($reqQu->Required && (!$userAns || !is_array($userAns) && strlen(trim($userAns)) == 0 || $userAns == ' ')) {
Response::Send(400, "Please answer the required question:<br><br>\"" . $reqQu->Question . "\"");
}
// If NOT required, set to empty value if not filled out
if (!$reqQu->Required && (!$userAns || !is_array($userAns) && strlen(trim($userAns)) == 0 || $userAns == ' ')) {
// First we have to get it from the DB.
$ansObj = $reqQu->Answers($memID);
public static function UnfinishedJobExistsWithLeaderID($id, $max = 1)
{
$id = DB::Safe($id);
$r = DB::Run("SELECT ID FROM EmailJobs WHERE StakeLeaderID='{$id}' AND Ended = 0 LIMIT {$max}");
return mysql_num_rows($r) >= $max;
}
$row = mysql_fetch_object($r);
if ($row->StakeID == $LEADER->StakeID) {
$memInLeaderStake = true;
}
}
if (!$memInWard && !$memInLeaderStake) {
header("Location: /directory");
}
$isCurrent = $MEMBER && $MEMBER->ID() == $mem->ID();
// Get parts of the birth date
$bdate = strtotime($mem->Birthday);
$mm = date("F", $bdate);
$dd = date("j", $bdate);
$ordinal = date("S", $bdate);
// Load survey questions in order to get the answers
$r = DB::Run("SELECT ID FROM SurveyQuestions WHERE WardID='{$mem->WardID}' AND Visible='1'");
if (!$r) {
die("ERROR > Can't render this page because of a database problem. Please report this: " . mysql_error());
}
?>
<!DOCTYPE html>
<html>
<head>
<title><?php
echo $mem->FirstName() . ' ' . $mem->LastName;
?>
— <?php
echo $WARD ? $WARD->Name . " Ward" : SITE_NAME;
?>
</title>
<?php
$mems = array();
$q = "SELECT ID FROM Members WHERE WardID={$MEMBER->WardID} ORDER BY FirstName, LastName ASC";
$r = DB::Run($q);
while ($row = mysql_fetch_array($r)) {
array_push($mems, Member::Load($row['ID']));
}
// Build list of options
$memList = "";
foreach ($mems as $mem) {
$memList .= "\r\n<option value=\"{$mem->ID()}\">" . $mem->FirstName() . " " . $mem->LastName . "</option>";
}
$memList .= "\r\n";
// Get a list of FHE groups
$groups = array();
$q2 = "SELECT ID FROM FheGroups WHERE WardID={$MEMBER->WardID} ORDER BY GroupName ASC";
$r2 = DB::Run($q2);
while ($row = mysql_fetch_array($r2)) {
array_push($groups, FheGroup::Load($row['ID']));
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Manage FHE groups — <?php
echo $WARD ? $WARD->Name . " Ward" : SITE_NAME;
?>
</title>
<?php
include "../includes/head.php";
?>
<style>
public function Delete($sure = false)
{
if ($sure !== true) {
fail("Could not delete this permission. Please pass boolean true as an argument.");
}
if (!$this->ID) {
return false;
}
$q = "DELETE FROM Permissions WHERE ID='{$this->ID}' LIMIT 1";
if (!DB::Run($q)) {
fail("Could not delete permission, please report this: " . mysql_error());
}
// De-construct this object
$this->ID = null;
$this->QuestionID = null;
$this->ObjectID = null;
$this->Object = null;
return true;
}
@($m = $_GET['m']);
@($c = $_GET['c']);
if ($action == "revoke") {
// Revoke this privilege
if (!$privID) {
fail("Need a privilege ID to revoke; cannot revoke no privilege!");
}
if ($m && $c || !$m && !$c) {
fail("Please choose a member or a calling to revoke from.");
}
$priv = Privilege::Load($privID);
if ($privID == 10) {
// 10 is Manage Site Privileges; at least one member or calling from the ward should always have this.
// This query gets a list of unique privileges.
$epicQuery = "SELECT GrantedPrivileges.ID, Members.WardID FROM GrantedPrivileges\n\t\t\t\t\t\tINNER JOIN Members ON Members.ID = GrantedPrivileges.MemberID\n\t\t\t\t\t\tWHERE WardID = {$MEMBER->WardID} AND GrantedPrivileges.PrivilegeID = 10\n\t\t\t\t\t\tUNION\n\t\t\t\t\t\tSELECT GrantedPrivileges.ID, Callings.WardID FROM GrantedPrivileges\n\t\t\t\t\t\tINNER JOIN Callings ON Callings.ID = GrantedPrivileges.CallingID\n\t\t\t\t\t\tWHERE WardID = {$MEMBER->WardID} AND GrantedPrivileges.PrivilegeID = 10;";
if (mysql_num_rows(DB::Run($epicQuery)) == 1) {
fail("At least one member or calling of your ward must be able to manage the site privileges. This was the last one; could not revoke.");
}
}
if ($m) {
$mem = Member::Load($m);
if ($mem->WardID != $MEMBER->WardID) {
fail("You can only revoke privileges from members of your ward.");
} else {
$priv->RevokeFromMember($m);
}
$redirectAppend = "?revoked#by-member";
} else {
$call = Calling::Load($c);
if ($call->WardID() != $MEMBER->WardID) {
fail("You can only revoke privileges of callings in your ward.");
