} // send us back Session::setMessage('You commented on this update.'); $json = array('success' => '1'); echo json_encode($json); } } elseif ($action == 'comment-reply') { // validate update $updateID = Filter::numeric($_GET['u']); $update = Update::load($updateID); if ($update == null) { header('Location: ' . Url::error()); exit; } $commentID = Filter::numeric($_POST['commentID']); $message = Filter::formattedText($_POST['message']); if ($message == '') { $json = array('error' => 'Your reply cannot be empty.'); exit(json_encode($json)); } else { // post the comment $reply = new Comment(array('creator_id' => Session::getUserID(), 'project_id' => $project->getID(), 'update_id' => $updateID, 'parent_id' => $commentID, 'message' => $message)); $reply->save(); // log it $logEvent = new Event(array('event_type_id' => 'create_update_comment_reply', 'project_id' => $project->getID(), 'user_1_id' => Session::getUserID(), 'item_1_id' => $commentID, 'item_2_id' => $reply->getID(), 'item_3_id' => $updateID, 'data_1' => $message)); $logEvent->save(); // send email notification, if desired $creator = User::load($update->getCreatorID()); if ($creator->getID() != Session::getUserID()) { // don't email yourself if ($creator->getNotifyCommentTaskUpdate()) {
<?php require_once "../../global.php"; $action = Filter::text($_POST['action']); if ($action == 'edit') { // assign POST data to variables $username = Filter::text($_GET['un']); $pw = Filter::text($_POST['txtPassword']); $pw2 = Filter::text($_POST['txtConfirmPassword']); $email = Filter::email($_POST['txtEmail']); $name = Filter::text($_POST['txtName']); $month = Filter::text($_POST['selBirthMonth']); $year = Filter::text($_POST['selBirthYear']); $sex = Filter::text($_POST['selGender']); $location = Filter::text($_POST['txtLocation']); $biography = Filter::formattedText($_POST['txtBiography']); $user = User::loadByUsername($username); // make sure user exists if ($user === null) { $json = array('error' => 'That user does not exist.'); exit(json_encode($json)); } // new passwords provided? if ($pw != "" || $pw2 != "") { // do the passwords match? if ($pw != $pw2) { $json = array('error' => 'Sorry, your new passwords do not match.'); exit(json_encode($json)); } } // validate email address
<?php require_once "../../global.php"; require_once TEMPLATE_PATH . '/site/helper/format.php'; $subject = Filter::text($_POST['subject']); $body = Filter::formattedText($_POST['body']); if (empty($subject) || empty($body)) { $json = array('error' => 'You must provide a subject and body for the email.'); exit(json_encode($json)); } $massEmailAddresses = User::getMassEmailAddresses(); $newEmail = array('to' => SMTP_FROM_EMAIL, 'subject' => '[' . PIPELINE_NAME . '] ' . $subject, 'message' => $body, 'bcc' => $massEmailAddresses); $sendEmail = Email::send($newEmail); if (!$sendEmail !== true) { $json = array('error' => $sendEmail); exit(json_encode($json)); } $numMassEmails = formatCount(count($massEmailAddresses), 'user', 'users'); // send us back Session::setMessage("Your mass email was sent to " . $numMassEmails . "."); $json = array('success' => '1'); echo json_encode($json);
<?php require_once './../../global.php'; include_once TEMPLATE_PATH . '/site/helper/format.php'; // get submitted data $title = Filter::text($_POST['txtTitle']); $pitch = Filter::formattedText($_POST['txtPitch']); $specs = Filter::text($_POST['txtSpecs']); $rules = Filter::text($_POST['txtRules']); $deadline = Filter::text($_POST['txtDeadline']); $private = Filter::text($_POST['chkPrivate']); // validate data if (empty($title)) { $json = array('error' => 'You must provide a project title.'); exit(json_encode($json)); } if (empty($pitch)) { $json = array('error' => 'You must provide a project pitch.'); exit(json_encode($json)); } // must be valid deadline or empty $formattedDeadline = strtotime($deadline); if ($formattedDeadline === false && $deadline != '') { $json = array('error' => 'Deadline must be a valid date or empty.'); exit(json_encode($json)); } // format deadline for MYSQL $formattedDeadline = $formattedDeadline != '' ? date("Y-m-d H:i:s", $formattedDeadline) : null; // format private $private = empty($private) ? 0 : 1; // create the project
<?php require_once './../../global.php'; // check project $slug = Filter::text($_GET['slug']); $project = Project::getProjectFromSlug($slug); if ($project == null) { $json = array('error' => 'That project does not exist.'); exit(json_encode($json)); } $action = Filter::text($_POST['action']); if ($action == "pitch") { // edit the pitch $newPitch = Filter::formattedText($_POST['pitch']); $oldPitch = $project->getPitch(); if ($oldPitch != $newPitch) { $project->setPitch($newPitch); $project->save(); $logEvent = new Event(array('event_type_id' => 'edit_pitch', 'project_id' => $project->getID(), 'user_1_id' => Session::getUserID(), 'data_1' => $oldPitch, 'data_2' => $newPitch)); $logEvent->save(); $json = array('success' => '1'); Session::setMessage("You edited the pitch."); echo json_encode($json); } else { $json = array('error' => 'You did not make any changes.'); exit(json_encode($json)); } } elseif ($action == "specs") { // edit the specs $newSpecs = Filter::text($_POST['specs']); $oldSpecs = $project->getSpecs();