function requestRecommendation($user_id, $author, $email, $message) { if (!checkLock("peer")) { return 6; } $config = $GLOBALS['config']; $user_id = escape($user_id); $author = escape($author); $email = escape($email); if (!validEmail($email)) { return 1; } if (strlen($author) <= 3) { return 2; } //make sure there aren't too many recommendations already $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}'"); $row = mysql_fetch_row($result); if ($row[0] >= $config['max_recommend']) { return 4; //too many recommendations } //ensure this email hasn't been asked with this user already $result = mysql_query("SELECT COUNT(*) FROM recommendations WHERE user_id = '{$user_id}' AND email = '{$email}'"); $row = mysql_fetch_row($result); if ($row[0] > 0) { return 5; //email address already asked } lockAction("peer"); //first create an instance $instance_id = customCreate(customGetCategory('recommend', true), $user_id); //insert into recommendations table $auth = escape(uid(64)); mysql_query("INSERT INTO recommendations (user_id, instance_id, author, email, auth, status, filename) VALUES ('{$user_id}', '{$instance_id}', '{$author}', '{$email}', '{$auth}', '0', '')"); $recommend_id = mysql_insert_id(); $userinfo = getUserInformation($user_id); //array (username, email address, name) //send email now $content = page_db("request_recommendation"); $content = str_replace('$USERNAME$', $userinfo[0], $content); $content = str_replace('$USEREMAIL$', $userinfo[1], $content); $content = str_replace('$NAME$', $userinfo[2], $content); $content = str_replace('$AUTHOR$', $author, $content); $content = str_replace('$EMAIL$', $email, $content); $content = str_replace('$MESSAGE$', page_convert($message), $content); $content = str_replace('$AUTH$', $auth, $content); $content = str_replace('$SUBMIT_ADDRESS$', $config['site_address'] . "/recommend.php?id={$recommend_id}&user_id={$user_id}&auth={$auth}", $content); $result = one_mail("Recommendation request", $content, $email); if ($result) { return 0; } else { return 3; } }
<?php include "../config.php"; include "../include/common.php"; include "../include/db_connect.php"; include "../include/session.php"; if (isset($_SESSION['admin'])) { $club_id = $_SESSION['admin_club_id']; $user_id = $_SESSION['user_id']; $userInfo = getUserInformation($_SESSION['user_id']); //array of (username, email, name) if ($club_id > 0) { if (isset($_REQUEST['old_password'])) { $pass = $_REQUEST['old_password']; if (verifyLogin($user_id, $_REQUEST['old_password']) === true) { if (isset($_REQUEST['description']) && isset($_REQUEST['view_time']) && isset($_REQUEST['open_time']) && isset($_REQUEST['close_time'])) { $description = escape($_REQUEST['description']); $view_time = strtotime($_REQUEST['view_time']); $open_time = strtotime($_REQUEST['open_time']); $close_time = strtotime($_REQUEST['close_time']); $num_recommend = escape($_REQUEST['num_recommend']); mysql_query("UPDATE clubs SET description='{$description}', view_time='{$view_time}', open_time='{$open_time}', close_time='{$close_time}', num_recommend='{$num_recommend}' WHERE id='{$club_id}'"); $success = "Club information updated successfully."; } if (isset($_REQUEST['new_password']) && isset($_REQUEST['new_password_conf']) && isset($_REQUEST['email'])) { $update_res = updateAccount($user_id, $pass, $_REQUEST['new_password'], $_REQUEST['new_password_conf'], $_REQUEST['email']); if ($update_res == 0) { $success = "Club and account info updated successfully!"; } else { if (abs($update_res) == 1) { $error = "Invalid New Password!";
function createApplicationPDF($user_id, $application_id, $targetDirectory) { $user_id = escape($user_id); $application_id = escape($application_id); //first verify that application belongs to user and has not been submitted yet $checkArray = checkApplication($user_id, $application_id, true); if ($checkArray[0] == -2 || $checkArray[0] == -1) { return array(FALSE, "verification failure"); } $club_id = $checkArray[1]; //get application fields if ($club_id == 0) { $result = mysql_query("SELECT baseapp.varname, baseapp.vardesc, baseapp.vartype, profiles.val, 0 AS sort_col, baseapp.orderId AS sort2_col FROM profiles, baseapp WHERE profiles.user_id = '{$user_id}' AND profiles.var_id = baseapp.id UNION ALL SELECT baseapp.varname, baseapp.vardesc, baseapp.vartype, answers.val, basecat.orderId AS sort_col, baseapp.orderId AS sort2_col FROM answers, baseapp, basecat WHERE answers.application_id = '{$application_id}' AND baseapp.id = answers.var_id AND basecat.id = baseapp.category ORDER BY sort_col, sort2_col"); $sectionheader = "General Application"; } else { $result = mysql_query("SELECT supplements.varname, supplements.vardesc, supplements.vartype, answers.val FROM answers, supplements WHERE answers.application_id = '{$application_id}' AND supplements.id = answers.var_id ORDER BY supplements.orderId"); $clubInfo = clubInfo($club_id); //array (club name, club description, open_time, close_time, num_recommendations) $sectionheader = "Supplement: " . $clubInfo[0]; } $userInfo = getUserInformation($user_id); //array(username, email, name) return generatePDFByResult($result, $targetDirectory, latexSpecialChars($sectionheader), "User ID: " . latexSpecialChars($user_id) . "\\\\" . latexSpecialChars($userInfo[2])); }
<?php include "../config.php"; include "../include/common.php"; include "../include/db_connect.php"; include "../include/session.php"; if (isset($_SESSION['admin']) && isset($_REQUEST['id'])) { //todo: admins currently can get information of users that didn't apply to their club $user_id = escape($_REQUEST['id']); $userinfo = getUserInformation($user_id); //userinfo is array(username, email) $profile = getProfile($user_id); get_page_advanced("user_detail", "admin", array('username' => $userinfo[0], 'email' => $userinfo[1], 'name' => $userinfo[2], 'profile' => $profile)); } else { header('Location: index.php'); }
<? if(count($messages[$box_id]) != 0 ) { foreach($messages[$box_id] as $message) { //message is array(message id, sender id, sender username, receiver id, receiver username, subject, time int) ?> <tr class="message_info" > <td><input type="checkbox" name="index[]" value="<?php echo $message[0]; ?> " /></td> <? if($box_name != "sent") { $user_data = getUserInformation($message[1]); $name = $user_data[2]; if(strlen($name) > 20) { $name = substr($name, 0, 18) . "..."; } } else { $user_data = getUserInformation($message[1]); $name = $user_data[2]; if(strlen($name) > 20) { $name = substr($name, 0, 18) . "..."; } } $mess_title = $message[5]; if(strlen($mess_title) > 50) { $mess_title = substr($mess_title, 0, 55) . "..."; } ?> <td onclick="showmessage(<?php echo $message[0]; ?> )" style="cursor:pointer"><?php echo $name;