function process_remove_shift($post, $shift, $day, $time, $frequency) { if (!array_key_exists('_submit_remove_shift', $post)) { return false; } $id = $frequency . $day . $time; if (delete_dbMasterSchedule($id)) { echo "<br>Deleted " . ucfirst($frequency) . " shift for " . $shift[2] . " (" . do_name($time) . ")<br><br>"; $returnpoint = "viewSchedule.php?frequency=" . $frequency; echo "<table align=\"center\"><tr><td align=\"center\" width=\"442\">\r\n\t\t\t\t<br><a href=\"" . $returnpoint . "\">\r\n\t\t\t\tBack to Master Schedule</a></td></tr></table>"; add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> deleted a new master schedule shift: <a href=\\"editMasterSchedule.php?' . "day=" . $day . "&shift=" . $shift . "&frequency=" . $frequency . '\\">' . $frequency . " " . $day . " " . $shift . '</a>.'); return true; } return false; }
function update_room_info($currentRoom) { // Get the info of the user who is making the update $user = retrieve_dbPersons($_SESSION['_id']); $name = $user->get_first_name() . " " . $user->get_last_name(); // Grab all of the variables and sanitize them $newBeds = sanitize($_POST['beds']); $newCapacity = sanitize($_POST['capacity']); $newBath = sanitize($_POST['bath']); if ($newBath == "Yes") { $newBath = "y"; } else { $newBath = "n"; } $newStatus = sanitize($_POST['status']); $newRoomNotes = sanitize($_POST['room_notes']); $newBooking = sanitize($_POST['assign_booking']); if ($newBooking == "Leave Room Unassigned" || $newBooking == "No") { // don't update the booking $newBooking = false; } // Now update the current room object. // Update the booking last // Note that the room class automatically updates the database // Only update the status if you're a volunteer or manager // social workers cannot edit rooms if ($_SESSION['access_level'] == 1 || $_SESSION['access_level'] == 3) { // add a log only if the status actually changed // then update the status if ($newStatus != $currentRoom->get_status() && $currentRoom->get_status() != "booked") { $currentRoom->set_status($newStatus); // Create the log message $message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has changed the status of <a href='room.php?room=" . $currentRoom->get_room_no() . "'>room " . $currentRoom->get_room_no() . "</a>"; add_log_entry($message); } } // Update everything else only if you're a manager if ($_SESSION['access_level'] == 3) { $currentRoom->set_beds($newBeds); $currentRoom->set_capacity($newCapacity); $currentRoom->set_bath($newBath); $currentRoom->set_room_notes($newRoomNotes); if ($newBooking) { // Checkout the booking if the option was selected if ($newBooking == "Yes") { $currentRoom->set_status("dirty"); //retrieve the booking and check it out $newBooking = retrieve_dbBookings($currentRoom->get_booking_id()); if ($newBooking) { $newBooking->check_out(date("y-m-d")); // Add a log to show that the family was checked out // Get the info of the primary guest $pGuest = retrieve_dbPersons($newBooking->get_guest_id()); if ($pGuest) { $guestName = $pGuest->get_first_name() . " " . $pGuest->get_last_name(); // Create the log message $message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has checked out <a href='viewPerson.php?id=" . $pGuests[0] . "'>" . $guestName . "</a>"; add_log_entry($message); } } } else { // retrieve the booking and update it $newBooking = retrieve_dbBookings($newBooking); //$newBooking->assign_room($currentRoom->get_room_no()); // Add a log to show that the family was checked in // Get the info of the primary guest $pGuest = retrieve_dbPersons($newBooking->get_guest_id()); $guestName = $pGuest->get_first_name() . " " . $pGuest->get_last_name(); // Create the log message $message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has checked in <a href='viewPerson.php?id=" . $pGuests[0] . "'>" . $guestName . "</a>"; // quick fix: don't add a log if the check in was not successful if ($newBooking->assign_room($currentRoom->get_room_no(), date('y-m-d'))) { add_log_entry($message); } } } } }
/** * uses the master schedule to create a new week in dbWeeks and * 7 new dates in dbDates and new shifts in dbShifts * * @param DateTime $date The Sunday that this week starts with * @return false if the week-creation process fails */ function generate_new_week(DateTime $date) { // set the group names the format used by master schedule $weekdays = ["Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"]; $dates = []; foreach ($weekdays as $day) { $venue_shifts = get_master_shifts($venue, $day); /* Each row in the array is an associative array * of (venue, my_group, day, time, start, end, slots,notes) */ $shifts = []; foreach ($venue_shifts as $venue_shift) { /** @noinspection PhpUndefinedMethodInspection */ $shifts[] = generate_and_populate_shift($date->format("m-d-y"), $venue, $venue_shift->get_start_time(), $venue_shift->get_end_time(), ""); } // makes a new date with these shifts $new_date = new BSCAHdate($date->format("m-d-y"), $shifts, "", ""); // Exits this method if the ID was not properly set in the constructor if ($new_date->get_id() == null) { return false; } $dates[] = $new_date; $date->modify("+1 day"); } // creates a new week from the dates // Week is set to "archived" if the week has already passed, otherwise is set to "unpublished" $newweek = new Week($dates, $date->getTimestamp() < time() ? "archived" : "unpublished"); if ($newweek == null) { return false; } $insert_status = insert_dbWeeks($newweek); add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> generated a new week: <a href=\\"calendar.php?id=' . $newweek->get_id() . '&edit=true\\">' . $newweek->get_name() . '</a>.'); return $insert_status; }
function process_edit_scl($post) { $id = $post['_shiftid']; $shift = select_dbShifts($id); $venue = substr($id, 9); $venue = substr($venue, strlen($venue) - 3); $scl = select_dbSCL($id); $persons_old = $scl->get_persons(); $vacancies = $shift->num_vacancies(); $new_acceptances = 0; for ($i = 0; $i < count($persons_old); ++$i) { $p_new = [$persons_old[$i][0], $persons_old[$i][1], $persons_old[$i][2], $persons_old[$i][3], $persons_old[$i][4], trim(str_replace(',', ',', str_replace('+', '+', str_replace('\'', '\\\'', htmlentities($post['datecalled_' . $i]))))), trim(str_replace(',', ',', str_replace('+', '+', str_replace('\'', '\\\'', htmlentities($post['notes_' . $i]))))), $post['accepted_' . $i]]; $persons_new[] = $p_new; if ($post['accepted_' . $i] == "Yes" && $persons_old[$i][7] != "Yes") { ++$new_acceptances; $accepted_people[] = $i; } } if ($new_acceptances > $vacancies) { for ($j = 0; $j < count($accepted_people); ++$j) { if ($j == 0) { $s = $persons_new[$accepted_people[$j]][1] . " " . $persons_new[$accepted_people[$j]][2]; } else { if ($j == count($accepted_people) - 1) { $s = $s . " and " . $persons_new[$accepted_people[$j]][1] . " " . $persons_new[$accepted_people[$j]][2]; } else { $s = $s . ", " . $persons_new[$accepted_people[$j]][1] . " " . $persons_new[$accepted_people[$j]][2]; } } $persons_new[$accepted_people[$j]][7] = "?"; } if ($vacancies == 1) { echo "You assigned <b>" . $s . "</b> to this shift, but there is only " . $vacancies . " open slot.<br>\n\t\t\t\t\tPlease assign volunteers again.</p>"; } else { echo "You assigned <b>" . $s . "</b> to this shift, but there are only " . $vacancies . " open slots.<br>\n\t\t\t\t\tPlease assign volunteers again.</p>"; } update_sub_call_list($scl, $persons_new, $vacancies, "open"); return $id; } else { $p = $shift->get_persons(); for ($j = 0; $j < count($accepted_people); ++$j) { $s = $persons_new[$accepted_people[$j]][0] . "+" . $persons_new[$accepted_people[$j]][1] . "+" . $persons_new[$accepted_people[$j]][2]; $p[] = $s; --$vacancies; $shift->ignore_vacancy(); } $shift->assign_persons($p); update_dbShifts($shift); for ($j = 0; $j < count($accepted_people); ++$j) { add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> assigned <a href=\\"personEdit.php?id=' . $persons_new[$accepted_people[$j]][0] . '\\">' . $persons_new[$accepted_people[$j]][1] . ' ' . $persons_new[$accepted_people[$j]][2] . '</a> to the shift: <a href=\\"editShift.php?shift=' . $shift->get_id() . '&venue=' . $venue . '\\">' . get_shift_name_from_id($shift->get_id()) . '</a>.'); } //print_r($shift); if ($vacancies == 0) { $status = "closed"; } else { $status = "open"; } update_sub_call_list($scl, $persons_new, $vacancies, $status); } }
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en"> <?php add_log_entry(); function add_log_entry() { $ip = $_SERVER['REMOTE_ADDR']; $currenttime = date("D dS M,Y h:i a"); include_once "./db.inc.php"; $db1 = new DB(); $db1->open(); $query1 = "SELECT * from sitelog where userhost = '{$ip}'"; $result1 = $db1->query($query1); $num_results = $db1->numRows($result1); if ($num_results > 0) { include_once "./db.inc.php"; $db2 = new DB(); $db2->open(); $query2 = "UPDATE sitelog set lastupdate = '{$currenttime}' where userhost = '{$ip}'"; $result2 = $db2->query($query2); } else { include_once "./db.inc.php"; $db3 = new DB(); $db3->open(); $query3 = "INSERT into sitelog (userhost, lastupdate) VALUES ('{$ip}','{$currenttime}')"; $result3 = $db3->query($query3); } } function get_page($page) { include_once "./db.inc.php";
/** * process_form sanitizes data, concatenates needed data, and enters it all into a database */ function process_form($id) { //echo($_POST['first_name']); //step one: sanitize data by replacing HTML entities and escaping the ' character $first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name'])))); // $first_name = str_replace(' ', '_', $first_name); $last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name']))); if ($_POST['DateOfBirth_Year'] == "") { $birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX'; } else { $birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year']; } $gender = trim(htmlentities($_POST['gender'])); $address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address']))); $city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city']))); $state = trim(htmlentities($_POST['state'])); $zip = trim(htmlentities($_POST['zip'])); $county = trim(htmlentities($_POST['county'])); $phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1']))); $clean_phone1 = ereg_replace("[^0-9]", "", $phone1); $phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2']))); $clean_phone2 = ereg_replace("[^0-9]", "", $phone2); $email = $_POST['email']; $contact_preference = $_POST['contact_preference']; $dateAdded = $_POST['dateadded']; //Edited out by James Loeffler because these are not included in the new person.php /* $contact_preference = $_POST['contact_preference']; $emergency_contact = $_POST['emergency_contact']; $emergency_phone = trim(str_replace(' ', '', htmlentities($_POST['emergency_phone']))); $clean_emergency_phone = ereg_replace("[^0-9]", "", $emergency_phone); $screening_type = $_POST['screening_type']; if ($screening_type!="") { $screening = retrieve_dbApplicantScreenings($screening_type); $step_array = $screening->get_steps(); $step_count = count($step_array); $date_array = array(); for ($i = 0; $i < $step_count; $i++) { $date_array[$i] = $_POST['ss_month'][$i] . '-' . $_POST['ss_day'][$i] . '-' . $_POST['ss_year'][$i]; if ($date_array[$i]!="--" && strlen($date_array[$i]) != 8) { if (strlen($date_array[$i] != 2)) echo('<p>Date of completion for step: "' . $step_array[$i] . '" is in error, please select month, day <i>and</i> year.<br>'); $date_array[$i] = null; } } } $status = $_POST['status']; $occupation = $_POST['occupation']; $refs = $_POST['refs']; $motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation']))); $specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties']))); */ $type = $_POST['type']; // added by James Loeffler $status = $_POST['status']; $schedule = $_POST['schedule']; //concatenate birthday and start_date strings /* if ($_POST['DateOfBirth_Year'] == "") $birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX'; else $birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year']; if (strlen($birthday) < 8) $birthday = ''; $start_date = $_POST['DateOfStart_Month'] . '-' . $_POST['DateOfStart_Day'] . '-' . $_POST['DateOfStart_Year']; if (strlen($start_date) < 8) $start_date = ''; */ $notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes']))); $skills = trim(str_replace('\\\'', '\'', htmlentities($_POST['skills']))); $reason_interested = trim(str_replace('\\\'', '\'', htmlentities($_POST['reason_interested']))); //password here? if ($_POST['availability'] != null) { $availability = implode(',', $_POST['availability']); } else { $availability = ""; } // these two are not visible for editing, so they go in and out unchanged //used for url path in linking user back to edit form $path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/'))); //step two: try to make the deletion, password change, addition, or change if ($_POST['deleteMe'] == "DELETE") { $result = retrieve_person($id); if (!$result) { echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.'; } else { //What if they're the last remaining manager account? if (strpos($type, 'manager') !== false) { //They're a manager, we need to check that they can be deleted $managers = getall_type('manager'); if (!$managers || mysql_num_rows($managers) <= 1) { echo '<p class="error">You cannot remove the last remaining manager from the database.</p>'; } else { $result = remove_person($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } else { $result = remove_person($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } } else { if ($_POST['reset_pass'] == "RESET") { $id = $_POST['old_id']; $result = remove_person($id); $pass = $first_name . $clean_phone1; //edited by James Loeffler $newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager."; } else { echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>"; } } else { if ($_POST['old_id'] == 'new') { $id = $first_name . $clean_phone1; //check if there's already an entry $dup = retrieve_person($id); if ($dup) { echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.'; } else { //edited by James Loeffler $newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.'; } else { if ($_SESSION['access_level'] == 0) { /* $to = '*****@*****.**'; $subject = 'Your Login!'; $message = 'Your Login ID id: XXXXXXXXXXXXX' . "\r\n" 'Your Login Password is: XXXXXXXXXXXXX'; $headers = 'From: webmaster@example.com' . "\r\n" . 'Reply-To: webmaster@example.com' . "\r\n" . 'X-Mailer: PHP/' . phpversion(); mail($to, $subject, $message, $headers); */ //this is a possible email function template that we can use echo "<p>Your application has been successfully submitted.<br> You will be recieving an email shortly with your ID and Password soon!"; error_log('The Email has been sent!'); } else { echo "<p>You have successfully added " . $first_name . " " . $last_name . " to the database.</p>"; } } } } else { $id = $_POST['old_id']; $pass = $_POST['old_pass']; $result = remove_person($id); if (!$result) { echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.'; } else { //Edited by James Loeffler $newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.'; } else { echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>'; } add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.'); } } } } }
/** * process_form sanitizes data, concatenates needed data, and enters it all into the database */ function process_form($id, $person) { // Get the info of the user who is making the update $user = retrieve_dbPersons($_SESSION['_id']); $name = $user->get_first_name() . " " . $user->get_last_name(); $first_name = trim(str_replace("'", "\\'", htmlentities(str_replace('&', 'and', $_POST['first_name'])))); $last_name = trim(str_replace("'", "\\'", htmlentities($_POST['last_name']))); $address = trim(str_replace("'", "\\'", htmlentities($_POST['address']))); $city = trim(str_replace("'", "\\'", htmlentities($_POST['city']))); $state = $_POST['state']; $zip = trim(htmlentities($_POST['zip'])); $phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1']))); $clean_phone1 = ereg_replace("[^0-9]", "", $phone1); $phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2']))); $clean_phone2 = ereg_replace("[^0-9]", "", $phone2); $email = trim(str_replace("'", "\\'", htmlentities($_POST['email']))); $patient_name = trim(str_replace("'", "\\'", htmlentities($_POST['patient_name']))); $patient_birthdate = $_POST['DateOfBirth_Year'] . '-' . $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day']; $patient_relation = trim(str_replace('\\\'', '\'', htmlentities($_POST['patient_relation']))); $type = implode(',', $_POST['type']); $prior_bookings = implode(',', $person->get_prior_bookings()); $newperson = new Person($last_name, $first_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $prior_bookings, $patient_name, $patient_birthdate, $patient_relation, ""); if (!retrieve_dbPersons($newperson->get_id())) { insert_dbPersons($newperson); return $newperson; } else { if ($_POST['deleteMe'] != "DELETE" && $_POST['reset_pass'] != "RESET") { update_dbPersons($newperson); return $newperson; } } //step two: try to make the deletion or password change if ($_POST['deleteMe'] == "DELETE") { $result = retrieve_dbPersons($id); if (!$result) { echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.'; } else { //What if they're the last remaining manager account? if (strpos($type, 'manager') !== false) { //They're a manager, we need to check that they can be deleted $managers = getall_type('manager'); if (!$managers || mysql_num_rows($managers) <= 1) { echo '<p class="error">You cannot remove the last remaining manager from the database.</p>'; } else { $result = delete_dbPersons($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } else { $result = delete_dbPersons($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } // Create the log message $message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has removed " . $first_name . " " . $last_name . " from the database"; add_log_entry($message); } return $person; } else { if ($_POST['reset_pass'] == "RESET") { $id = $_POST['old_id']; // $result = delete_dbPersons($id); // $pass = $first_name . $phone1; $person = new Person($last_name, $first_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, implode(',', $person->get_prior_bookings()), $patient_name, $patient_birthdate, $patient_relation, ""); $result = insert_dbPersons($person); if (!$result) { echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager."; } else { echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>"; // Create the log message $message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $name . "</a>" . " has reset the password for <a href='viewPerson.php?id=" . $id . "'>" . $first_name . " " . $last_name . "</a>"; add_log_entry($message); } return $person; } } }
/** * process_form sanitizes data, concatenates needed data, and enters it all into a database */ function process_form($id) { //echo($_POST['first_name']); //step one: sanitize data by replacing HTML entities and escaping the ' character if (substr($_POST['date'], 0, 2) == 20) { $eurodate = explode('-', $_POST['date']); $eurodate[0] = substr($eurodate[0], 2, 3); $swapdate = [$eurodate[1], $eurodate[2], $eurodate[0]]; $amerdate = implode('/', $swapdate); $mm_dd_yy = $amerdate; } else { $mm_dd_yy = $_POST['date']; } error_log("In process form this is " . $mm_dd_yy); $address = $_POST['address']; //trim(str_replace('\\\'', '\'', htmlentities($_POST['address']))); $name = $_POST['name']; //trim(htmlentities($_POST['name'])); $type = $_POST['project_type']; $start_time = $_POST['start_time']; //ereg_replace("[^0-9]", "", $_POST['start_time']); $end_time = $_POST['end_time']; //ereg_replace("[^0-9]", "", $_POST['end_time']); //$dayOfWeek = trim(htmlentities($_POST['dayOfWeek'])); $vacancies = $_POST['vacancies']; //ereg_replace("[^0-9]", "", $_POST['vacancies']); //$persons = trim(htmlentities($_POST['persons']));_log("In process form this is ".$mm_dd_yy); $age = $_POST['age']; $id = $_POST['old_id']; //trim(htmlentities($_POST['old_id'])); $project_description = $_POST['notes']; //trim(htmlentities($_POST['notes'])); $path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/'))); //step two: try to make the deletion, password change, addition, or change if ($_POST['deleteMe'] == "DELETE") { $result = select_dbProjects($id); if (!$result) { echo '<p>Unable to delete. ' . $mm_dd_yy . ' is not in the database. <br>Please report this error to the House Manager.'; } else { //What if they're the last remaining manager account? if (strpos($type, 'manager') !== false) { //They're a manager, we need to check that they can be deleted $managers = getall_type('manager'); if (!$managers || mysql_num_rows($managers) <= 1) { echo '<p class="error">You cannot remove the last remaining manager from the database.</p>'; } else { $result = delete_dbProjects($id); echo "<p>You have successfully removed " . mm_dd_yy . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } else { $result = delete_dbProjects($id); echo "<p>You have successfully removed " . $mm_dd_yy . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } } // try to add a new project to the database //else { if ($_POST['old_id'] == 'new') { $id = $mm_dd_yy; //check if there's already an entry $dup = select_dbProjects($id); if ($dup) { echo '<p class="error">Unable to add ' . $mm_dd_yy . ' to the database. <br>Another project with the same name is already there.'; } else { $newproject = new Project($mm_dd_yy, $address, $type, $name, $start_time, $end_time, $vacancies, $persons, $age, $project_description); $result = insert_dbProjects($newproject); $db_date_format = str_replace("/", "-", $mm_dd_yy); $update = update_dbDates_projects($db_date_format); if (!$update) { delete_dbProjects($newproject); error_log("Project has not been added"); echo "<p class='error'>The week of " . $mm_dd_yy . " must be added to the weekly calendar first. Select the Project Calendar tab and then choose Manage Weeks"; } else { if ($_SESSION['access_level'] == 0) { echo "<p>Your application has been successfully submitted.<br> The House Manager will contact you soon. Thank you!"; } else { echo "<p>You have successfully added " . $newproject->get_id() . " to the database.</p>"; } } } } else { $id = $_POST['old_id']; $result = delete_dbProjects($id); if (!$result) { echo '<p class="error">Unable to update ' . $mm_dd_yy . '. <br>Please report this error to the House Manager.'; } else { $newproject = new Project($mm_dd_yy, $address, $name, $start_time, $end_time, $vacancies, $persons, $project_description); echo '<p>You have successfully edited <a href="' . $path . 'projectEdit.php?id=' . $id . '"><b>' . $mm_dd_yy . ' </b></a> in the database.</p>'; } add_log_entry('<a href=\\"projectEdit.php?id=' . $id . '\\">' . $mm_dd_yy . ' </a>\'s Project Edit Form has been changed.'); } }
/** * process_form sanitizes data, concatenates needed data, and enters it all into a database */ function process_form($id, $person) { //echo($_POST['first_name']); //step one: sanitize data by replacing HTML entities and escaping the ' character if ($id == "new") { $first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name'])))); } else { $first_name = $person->get_first_name(); } // $first_name = str_replace(' ', '_', $first_name); $last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name']))); $address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address']))); $city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city']))); $state = trim(htmlentities($_POST['state'])); $zip = trim(htmlentities($_POST['zip'])); if ($id == "new") { $phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1']))); } else { $phone1 = $person->get_phone1(); } $clean_phone1 = mb_ereg_replace("[^0-9]", "", $phone1); $phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2']))); $clean_phone2 = mb_ereg_replace("[^0-9]", "", $phone2); $email = $_POST['email']; $type = implode(',', $_POST['type']); if ($_POST['group']) { $group = implode(',', $_POST['group']); } else { $group = ""; } if ($_POST['role']) { $role = implode(' ', $_POST['role']); } else { $role = ""; } $status = $_POST['status']; if ($_POST['availability'] != null) { $availability = implode(',', $_POST['availability']); } else { $availability = ""; } // these two are not visible for editing, so they go in and out unchanged $schedule = $_POST['schedule']; //concatenate birthday and start_date strings if ($_POST['DateOfBirth_Year'] == "") { $birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX'; } else { $birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year']; } if (strlen($birthday) < 8) { $birthday = ''; } $start_date = $_POST['DateOfStart_Month'] . '-' . $_POST['DateOfStart_Day'] . '-' . $_POST['DateOfStart_Year']; if (strlen($start_date) < 8) { $start_date = ''; } $notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes']))); //used for url path in linking user back to edit form $path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/'))); //step two: try to make the deletion, password change, addition, or change if (@$_POST['deleteMe'] == "DELETE") { $result = retrieve_person($id); if (!$result) { echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the admin.'; } else { //What if they're the last remaining manager account? if (strpos($type, 'manager') !== false) { //They're a manager, we need to check that they can be deleted $managers = getall_type('manager'); if (!$managers || mysql_num_rows($managers) <= 1) { echo '<p class="error">You cannot remove the last remaining manager from the database.</p>'; } else { $result = remove_person($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } else { $result = remove_person($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } } else { if (@$_POST['reset_pass'] == "RESET") { $id = $_POST['old_id']; $result = remove_person($id); $pass = $first_name . $clean_phone1; $newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass)); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the Operations Manager."; } else { echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>"; } } else { if (@$_POST['old_id'] == 'new') { $id = $first_name . $clean_phone1; //check if there's already an entry $dup = retrieve_person($id); if ($dup) { echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.'; } else { $pass = $_POST['old_pass']; $newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass)); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the Operations Manager.'; } else { if ($_SESSION['access_level'] == 0) { echo "<p>Your application has been successfully submitted.<br> An MCHPP staff member will contact you soon. Thank you!"; } else { echo "<p>You have successfully added " . $first_name . " " . $last_name . " to the database.</p>"; } } } } else { $id = $_POST['old_id']; $pass = $_POST['old_pass']; $result = remove_person($id); if (!$result) { echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the Operations Manager.'; } else { $newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass)); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the Operations Manager.'; } else { echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>'; } add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.'); } } } } }
/** * process_form sanitizes data, concatenates needed data, and enters it all into a database */ function process_form($id, $person) { //echo($_POST['first_name']); //step one: sanitize data by replacing HTML entities and escaping the ' character if ($person->get_first_name() == "new") { $first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name'])))); } else { $first_name = $person->get_first_name(); } $last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name']))); $location = $_POST['location']; $address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address']))); $city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city']))); $state = trim(htmlentities($_POST['state'])); $zip = trim(htmlentities($_POST['zip'])); if ($person->get_first_name() == "new") { $phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1']))); $clean_phone1 = preg_replace("/[^0-9]/", "", $phone1); $phone1type = $_POST['phone1type']; } else { $clean_phone1 = $person->get_phone1(); $phone1type = $person->get_phone1type(); } $phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2']))); $clean_phone2 = preg_replace("/[^0-9]/", "", $phone2); $phone2type = $_POST['phone2type']; $email = $_POST['email']; $type = implode(',', $_POST['type']); $screening_type = $_POST['screening_type']; if ($screening_type != "") { $screening = retrieve_dbApplicantScreenings($screening_type); $step_array = $screening->get_steps(); $step_count = count($step_array); $date_array = array(); for ($i = 0; $i < $step_count; $i++) { $date_array[$i] = $_POST['screening_status'][$i]; if ($date_array[$i] != "" && $date_array[$i] != "--" && strlen($date_array[$i]) != 8) { echo '<p>Completion Date for step: "' . $step_array[$i] . '" is in error, please enter mm-dd-yy.<br>'; } } $screening_status = implode(',', $date_array); } $status = $_POST['status']; if ($_POST['isstudent'] == "yes") { $position = "student"; $employer = $_POST['nameofschool']; } else { $position = $_POST['position']; $employer = $_POST['employer']; } $credithours = $_POST['credithours']; $motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation']))); $specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties']))); $convictions = $_POST['convictions']; if (!$_POST['availability']) { $availability = null; } else { $availability = implode(',', $_POST['availability']); } // these two are not visible for editing, so they go in and out unchanged $schedule = $_POST['schedule']; $hours = $_POST['hours']; $birthday = $_POST['birthday']; $start_date = $_POST['start_date']; $howdidyouhear = $_POST['howdidyouhear']; $notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes']))); //used for url path in linking user back to edit form $path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/'))); //step two: try to make the deletion, password change, addition, or change if ($_POST['deleteMe'] == "DELETE") { $result = retrieve_person($id); if (!$result) { echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.'; } else { //What if they're the last remaining manager account? if (strpos($type, 'manager') !== false) { //They're a manager, we need to check that they can be deleted $managers = getall_type('manager'); if (!$managers || mysql_num_rows($managers) <= 1) { echo '<p class="error">You cannot remove the last remaining manager from the database.</p>'; } else { $result = remove_person($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } else { $result = remove_person($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } } else { if ($_POST['reset_pass'] == "RESET") { $id = $_POST['old_id']; $result = remove_person($id); $pass = $first_name . $clean_phone1; $newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, ""); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager."; } else { echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>"; } } else { if ($_POST['old_id'] == 'new') { $id = $first_name . $clean_phone1; //check if there's already an entry $dup = retrieve_person($id); if ($dup) { echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.'; } else { $newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, ""); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.'; } else { if ($_SESSION['access_level'] == 0) { echo "<p>Your application has been successfully submitted.<br> The House Manager will contact you soon. Thank you!"; } else { echo '<p>You have successfully added <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> to the database.</p>'; } } } } else { $id = $_POST['old_id']; $pass = $_POST['old_pass']; $result = remove_person($id); if (!$result) { echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.'; } else { $newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, $pass); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.'; } else { echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>'; } add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.'); } } } } }
function generate_populate_and_save_new_week($m, $d, $y, $venue) { // set the group names the format used by master schedule $weekdays = array("Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun"); $weeksofmonth = array(1 => "1st", 2 => "2nd", 3 => "3rd", 4 => "4th", 5 => "5th"); $day_id = $y . "-" . $m . "-" . $d; $dates = array(); $daysinmonth = date("t", mktime(0, 0, 0, $m, $d, $y)); foreach ($weekdays as $day) { $my_date = mktime(0, 0, 0, $m, $d, $y); $week_of_month = $weeksofmonth[floor(($d - 1) / 7) + 1]; // echo "weekofmonth,day,month,year,daysinmonth= ",$week_of_month.",".$d.",".$m.",".$y.",".$daysinmonth; $weekno = date("W", $my_date); if (date("Y", $my_date) % 2 == 0) { // even years start at week 0 so that can't get 2 odds in a riw $weekno--; } if ($weekno % 2 == 1) { $week_of_year = "odd"; } else { $week_of_year = "even"; } $month_num = date("m", $my_date); $venue_shifts1 = get_master_shifts($venue, $week_of_month, $day); $venue_shifts2 = get_master_shifts($venue, $week_of_year, $day); $venue_shifts = array_merge($venue_shifts1, $venue_shifts2); /* Each row in the array is an associative array * of (venue, my_group, day, time, start, end, slots, persons, notes) * and persons is a comma-separated string of ids, like "alex2077291234" */ $shifts = array(); if (sizeof($venue_shifts) > 0) { foreach ($venue_shifts as $venue_shift) { $shifts[] = generate_and_populate_shift($day_id, $venue, $week_of_month, $week_of_year, $day, $venue_shift->get_hours(), ""); } } // makes a new date with these shifts $new_date = new RMHdate($day_id, $venue, $shifts, ""); $dates[] = $new_date; $d++; if ($d > $daysinmonth) { $d = 1; if ($m == 12) { $m = 1; $y++; } else { $m++; } } $day_id = date("y-m-d", mktime(0, 0, 0, $m, $d, $y)); } // creates a new week from the dates $newweek = new Week($dates, $venue, "unpublished"); insert_dbWeeks($newweek); add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> generated a new week: <a href=\\"calendar.php?id=' . $newweek->get_id() . '&edit=true\\">' . $newweek->get_name() . '</a>.'); }
if ($month->get_status() == "published") { $month->set_status("unpublished"); } } update_monthstatus($month); add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> ' . $month->get_status() . ' the month of <a href=\\"calendar.php?id=' . $month->get_id() . '&edit=true&group=' . $_SESSION['mygroup'] . '\\">' . $month->get_name() . '</a>.'); echo "<p>Month \"" . $month->get_name() . "\" " . $month->get_status() . ".<br>"; include 'addMonth.inc'; } else { if ($_GET['remove'] && $_SESSION['access_level'] >= 2) { $id = $_GET['monthid']; $month = retrieve_dbMonths($id); if ($month) { if ($month->get_status() == "unpublished" || $month->get_status() == "archived") { delete_dbMonths($month); add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> removed the month of <a href=\\"calendar.php?id=' . $month->get_id() . '&edit=true&group=' . $_SESSION['mygroup'] . '\\">' . $month->get_name() . '</a>.'); echo "<p>Month \"" . $month->get_name() . "\" removed.<br>"; } else { echo "<p>Month \"" . $month->get_name() . "\" is published, so it cannot be removed.<br>"; } include 'addMonth.inc'; } } else { if (!array_key_exists('_submit_check_newmonth', $_POST)) { include 'addMonth.inc'; } else { $month_id = $_POST['_new_month_timestamp']; // add the newe month to the database and refresh the view newMonth($month_id); include 'addMonth.inc'; }
/** * process_form gathers data and enters it into a database */ function process_form($oldScreening) { //step one: gather data. $oldType = $_POST['_old_type']; if ($_POST['_form_type'] == "new") { $creator = $_SESSION['_id']; } else { $creator = $oldScreening->get_creator(); } $steps = []; // reset steps array if (isset($_POST['steps'])) { foreach ($_POST['steps'] as $step) { $steps[] = $step; } } else { $steps = $oldScreening->get_steps(); } $type = $_POST['new_type']; foreach ($steps as $key => $value) { if (empty($value)) { unset($steps[$key]); } } $steps = implode(',', $steps); // set published variable if ($_POST['Status'] == "published") { $newstatus = "published"; } else { $newstatus = "unpublished"; } $status = $newstatus; if (empty($type)) { $type = $oldType; // keeps "new" screening free from predefined steps and status if ($type == "new") { $steps = null; $status = "unpublished"; } } //used to put together url for return to screenings link $path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/'))); //step two: try to delete, add new, or replace if ($_POST['deleteMe'] == "DELETE") { $result = retrieve_dbApplicantScreenings($type); if (!$result) { echo '<p>Unable to delete. ' . $type . ' is not in the screenings database. To delete ' . $oldType . ', try to delete again but do not rename screening type.'; } else { $result = delete_dbApplicantScreenings($type); echo "<p>You have successfully removed " . $type . " from the screnings database.</p>"; echo '<p><a href="' . $path . 'viewScreenings.php?type=' . $type . '"><b>click here</b> to return to applicant screenings.</a><br><br></p>'; add_log_entry('ApplicantScreening type <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\' has been deleted.'); } } else { if ($_POST['_form_type'] == "new") { if ($_POST['$type_s']) { $dup = retrieve_dbApplicantScreenings($type); } if ($dup) { echo '<p class="error">Unable to add new screening type: ' . $type . ' to the screenings database. <br> Another screening with the same type is already there.'; } else { $screening = new ApplicantScreening($type, $creator, $steps, $status); $result = insert_dbApplicantScreenings($screening); if (!$result) { echo '<p class="error">Unable to add ' . $type . ' in the screenings database. <br> Please report this error to the House Manager.'; } else { echo "<p>You have successfully added '{$type}' to the screenings database.</p>"; } echo '<p>click <a href="' . $path . 'viewScreenings.php?type=' . $type . '">here</a> to return to applicant screenings.<br><br></p>'; add_log_entry('ApplicantScreening process <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\' has been added.'); } } else { $result = delete_dbApplicantScreenings($oldType); if (!$result) { echo '<p class="error">Unable to update ' . $oldType . ' as ' . $type; } else { $newscreening = new ApplicantScreening($type, $creator, $steps, $status); $result = insert_dbApplicantScreenings($newscreening); if (!$result) { echo '<p class="error">Unable to update ' . $type . ' in the screenings database. <br> Please report this error to the House Manager.'; } else { echo '<p>You have successfully edited "' . $type . '" in the screenings database.</p>'; } echo '<p><a href="' . $path . 'viewScreenings.php?type=' . $type . '"><b>click here</b> to return to applicant screenings.</a><br><br></p>'; add_log_entry('ApplicantScreening process <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\' has been changed.'); } } } //if (retrieve_dbApplicantScreenings("new")!= null) // delete_dbApplicantScreenings("new"); }
include 'autofillReferralForm.inc'; } // now process the form that has been submitted if ($_POST['submit'] == 'Submit') { // check for errors include 'bookingValidate.inc'; $errors = validate_form(); if ($errors) { show_errors($errors); } else { $primaryGuest = process_form(); $tempBooking = build_POST_booking($primaryGuest, $referralid); echo "Thank you, your referral form has been submitted for review by the House Manager."; // Create the log message $message = "<a href='viewPerson.php?id=" . $_SESSION['_id'] . "'>" . $user_name . "</a>" . " has added a referral for <a href='viewPerson.php?id=" . $primaryGuest->get_id() . "'>" . $primaryGuest->get_first_name() . " " . $primaryGuest->get_last_name() . "</a>"; add_log_entry($message); } } include_once "footer.inc"; ?> </div> </div> </body> </html> <?php // sanitize the primary guest data and reconcile with dbPersons function process_form() { $first_name = trim(str_replace("'", "\\'", htmlentities(str_replace('&', 'and', $_POST['first_name_1'])))); $last_name = trim(str_replace("'", "\\'", htmlentities($_POST['last_name_1'])));
function process_remove_shift($post, $msentry, $group, $day, $time, $venue) { if (!array_key_exists('_submit_remove_shift', $post)) { return false; } if ($msentry->get_id()) { if (delete_dbMasterSchedule($msentry->get_id())) { // the next 3 lines are a 1-time cleanup for the database and should be removed if (substr($msentry->get_id(), 4) == "Sat:9-5:bangor") { delete_dbMasterSchedule(substr($msentry->get_id(), 0, 4) . "Sat:9-9:bangor"); delete_dbMasterSchedule("1st:Sat:10-1:bangor"); } echo "<br>Removed a master schedule shift <br><br>"; $returnpoint = "viewSchedule.php?venue=" . $venue; echo "<table align=\"center\"><tr><td align=\"center\" width=\"442\">\n\t\t\t\t\t\t\t\t\t<a href=\"" . $returnpoint . "\">\n\t\t\t\t\t\t\t\t\tBack to Master Schedule</a></td></tr></table>"; add_log_entry('<a href=\\"personEdit.php?id=' . $_SESSION['_id'] . '\\">' . $_SESSION['f_name'] . ' ' . $_SESSION['l_name'] . '</a> deleted a new master schedule shift: <a href=\\"editMasterSchedule.php?group=' . $group . "&day=" . $day . "&shift=" . $time . "&venue=" . $venue . '\\">' . $group . ":" . $day . ":" . $time . ":" . $venue . '</a>.'); return true; } } return false; }