<?php
if ($logged_in) {
$dao = new DAO(false);
if (isset($_GET["cohort_id"])) {
$cohort_request = $dao->escape($_GET["cohort_id"]);
if ($cohort_request == $user->cohort_id) {
$dao->myquery("SELECT cohort_id,cohort.group_id,group_name,cohort_start,course.course_name,university.university_name FROM cohort \n\t\t\t\t\tJOIN course ON cohort.course_id=course.course_id \n\t\t\t\t\tJOIN university ON university.university_id=course.university_id\n\t\t\t\t\tJOIN user_group ON cohort.group_id=user_group.group_id WHERE cohort_id=\"{$cohort_request}\";");
$row = $dao->fetch_one_obj();
if ($dao->fetch_num_rows() > 0) {
//It exists
$selected_group = new stdClass();
$selected_group->cohort_id = $row->cohort_id;
$selected_group->course_name = $row->course_name;
$selected_group->university_name = $row->university_name;
$selected_group->group_id = $row->group_id;
$selected_group->group_name = $row->course_name . " at " . $row->university_name . " " . date("Y", strtotime($row->cohort_start));
$selected_group->can_be_added_to = false;
$d = new DateTime($row->cohort_start);
$selected_group->cohort_start = $d->format('jS F Y');
$selected_group->posting_enabled = $selected_group->cohort_id == $user->cohort_id;
$_SESSION["selected_group"] = $selected_group;
unset($_SESSION["selected_user"]);
}
} else {
redirect("../");
}
}
}
/**
* Select all objects from the database where the WHERE clause is entirely true.
* Every argument will match a value in a column in the database.
* @param DAO $dao a reference to a instance of DAO
* @param string $table the name of the table of the objects
* @param array $keys the associative array naming the properties of these objects for selection
* @param array $where the associative array describing the properties of these objects (used in the WHERE clause)
* @return array An array of DataObject instances with the variables specified in $assoc which can
* be committed to the table $table.
*/
static function select_all($dao, $table, $keys, $where)
{
$obj = new DataObject();
$obj->table = $table;
$obj->dao = $dao;
//Reference to the dao stored
$obj->update = true;
//This will be updated on commit
$objects = array();
$query_where = $obj->key_values($where);
$query_part = implode(",", $keys);
$query = "SELECT " . $query_part . " FROM " . $table . " WHERE " . implode(" AND ", $query_where) . " ORDER BY " . $keys[0] . " DESC;";
$dao->myquery($query);
$query_objects = $dao->fetch_all_part($keys);
//determine primary key and value
$dao->myquery("SHOW index FROM {$obj->table} where Key_name = 'PRIMARY';");
// var_dump($dao->fetch_one_obj());
$obj->primary_key = $dao->fetch_one_obj()->Column_name;
foreach ($query_objects as $query_obj) {
$new_obj = clone $obj;
//Copy the default obj
foreach ($keys as $key) {
$new_obj->{$key} = $query_obj[$key];
}
$new_obj->primary_id = $new_obj->{$new_obj->primary_key};
$objects[] = $new_obj;
}
return $objects;
}
<!DOCTYPE>
<html><head><style>*{font-family: Arial,sans-serif}</style></head><body>
<?php
include "../script/util/mysql.php";
include "../script/util/redirect.php";
if (isset($_POST["user_email"])) {
include "../script/mail/send.php";
$dao = new DAO(false);
$user_email = $dao->escape($_POST["user_email"]);
$query = "SELECT user_email,user_id,user_name FROM user WHERE user_email=\"{$user_email}\";";
$dao->myquery($query);
if ($dao->fetch_num_rows() == 1) {
//Store intent to reset in the database with a checksum as the old password?
$user = $dao->fetch_one_obj();
$names = explode(" ", $user->user_name);
if (count($names) == 0) {
$user_first_name = $user->user_name;
} else {
$user_first_name = $names[0];
}
$conf_rnd = md5("lsdfuh.uh3" . rand(0, 10000000) . "g.adugi213y");
$query = "INSERT INTO reset_request VALUES (NULL,\"{$user->user_id}\",\"{$conf_rnd}\")" . "ON DUPLICATE KEY UPDATE conf_rnd=\"{$conf_rnd}\";";
$dao->myquery($query);
$body = "<p>Hello {$user_first_name},</p>" . "<p>It appears you are having trouble remembering your password for Unify. " . "As such, someone (hopefully you) has requested that you reset your password. " . "If you have no idea what's going on, feel free to take no further action, " . "it's possible someone entered your email by mistake or is dillberately trying to " . "confuse you. However, if you really do want to reset your password, click the " . "link below!</p>" . "<p><a href=\"http://unify.lukebarnard.co.uk/reset-password/confirm.php?user_id={$user->user_id}&conf_rnd={$conf_rnd}\">RESET YOUR PASSWORD</a></p>" . "<p>Best Wishes,<br>" . "The Unify Team</p>";
if (mail_message($user_email, "Password Reset", $body)) {
echo "A message has been sent to your email account. When you get the email, click on the link it contains and you will be taken to a page where you can reset your password. ";
} else {
echo "Something has gone wrong when trying to email you. <a href=\".\">Try again?</a>";
}
} else {
echo "Your email could not be found in our database. Perhaps you made a mistake when typing it? <a href=\".\">Try again?</a>";
