function testdbApplicantScreeningsModule() { //create empty dbApplicantScreenings table //$this->assertTrue(create_dbApplicantScreenings()); // create several applicant screening objects to add to table $screening1 = new ApplicantScreening("guestchef", "Gabrielle1111234567", "complete application,background check,complete interview", "unpublished"); $screening2 = new ApplicantScreening("volunteer", "Jackson6269170632", "complete interview", "published"); $screening3 = new ApplicantScreening("manager", "Jill2075556666", null, null); $screening4 = new ApplicantScreening("socialworker", "Jackson6269170632", null, "unpublished"); $this->assertTrue(insert_dbApplicantScreenings($screening1)); $this->assertTrue(insert_dbApplicantScreenings($screening2)); $this->assertTrue(insert_dbApplicantScreenings($screening3)); $this->assertTrue(insert_dbApplicantScreenings($screening4)); //tests the retrieve function $this->assertEqual(retrieve_dbApplicantScreenings($screening1->get_type())->get_type(), "guestchef"); $this->assertEqual(retrieve_dbApplicantScreenings($screening1->get_type())->get_creator(), "Gabrielle1111234567"); $this->assertEqual(retrieve_dbApplicantScreenings($screening1->get_type())->get_steps(), array("complete application", "background check", "complete interview")); $this->assertEqual(retrieve_dbApplicantScreenings($screening1->get_type())->get_status(), "unpublished"); //tests the update function $screening1->set_status("published"); $this->assertTrue(update_dbApplicantScreenings($screening1)); $this->assertEqual(retrieve_dbApplicantScreenings($screening1->get_type())->get_status(), "published"); // tests get_all function $allscreenings = getall_ApplicantScreenings(); $this->assertTrue($allscreenings); // tests delete function $this->assertTrue(delete_dbApplicantScreenings($screening1->get_type())); $this->assertTrue(delete_dbApplicantScreenings($screening2->get_type())); $this->assertTrue(delete_dbApplicantScreenings($screening3->get_type())); $this->assertTrue(delete_dbApplicantScreenings($screening4->get_type())); echo "testdbApplicantScreenings complete"; }
/** * process_form sanitizes data, concatenates needed data, and enters it all into a database */ function process_form($id, $person) { //echo($_POST['first_name']); //step one: sanitize data by replacing HTML entities and escaping the ' character if ($person->get_first_name() == "new") { $first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name'])))); } else { $first_name = $person->get_first_name(); } $last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name']))); $location = $_POST['location']; $address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address']))); $city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city']))); $state = trim(htmlentities($_POST['state'])); $zip = trim(htmlentities($_POST['zip'])); if ($person->get_first_name() == "new") { $phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1']))); $clean_phone1 = preg_replace("/[^0-9]/", "", $phone1); $phone1type = $_POST['phone1type']; } else { $clean_phone1 = $person->get_phone1(); $phone1type = $person->get_phone1type(); } $phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2']))); $clean_phone2 = preg_replace("/[^0-9]/", "", $phone2); $phone2type = $_POST['phone2type']; $email = $_POST['email']; $type = implode(',', $_POST['type']); $screening_type = $_POST['screening_type']; if ($screening_type != "") { $screening = retrieve_dbApplicantScreenings($screening_type); $step_array = $screening->get_steps(); $step_count = count($step_array); $date_array = array(); for ($i = 0; $i < $step_count; $i++) { $date_array[$i] = $_POST['screening_status'][$i]; if ($date_array[$i] != "" && $date_array[$i] != "--" && strlen($date_array[$i]) != 8) { echo '<p>Completion Date for step: "' . $step_array[$i] . '" is in error, please enter mm-dd-yy.<br>'; } } $screening_status = implode(',', $date_array); } $status = $_POST['status']; if ($_POST['isstudent'] == "yes") { $position = "student"; $employer = $_POST['nameofschool']; } else { $position = $_POST['position']; $employer = $_POST['employer']; } $credithours = $_POST['credithours']; $motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation']))); $specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties']))); $convictions = $_POST['convictions']; if (!$_POST['availability']) { $availability = null; } else { $availability = implode(',', $_POST['availability']); } // these two are not visible for editing, so they go in and out unchanged $schedule = $_POST['schedule']; $hours = $_POST['hours']; $birthday = $_POST['birthday']; $start_date = $_POST['start_date']; $howdidyouhear = $_POST['howdidyouhear']; $notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes']))); //used for url path in linking user back to edit form $path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/'))); //step two: try to make the deletion, password change, addition, or change if ($_POST['deleteMe'] == "DELETE") { $result = retrieve_person($id); if (!$result) { echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.'; } else { //What if they're the last remaining manager account? if (strpos($type, 'manager') !== false) { //They're a manager, we need to check that they can be deleted $managers = getall_type('manager'); if (!$managers || mysql_num_rows($managers) <= 1) { echo '<p class="error">You cannot remove the last remaining manager from the database.</p>'; } else { $result = remove_person($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } else { $result = remove_person($id); echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>"; if ($id == $_SESSION['_id']) { session_unset(); session_destroy(); } } } } else { if ($_POST['reset_pass'] == "RESET") { $id = $_POST['old_id']; $result = remove_person($id); $pass = $first_name . $clean_phone1; $newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, ""); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager."; } else { echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>"; } } else { if ($_POST['old_id'] == 'new') { $id = $first_name . $clean_phone1; //check if there's already an entry $dup = retrieve_person($id); if ($dup) { echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.'; } else { $newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, ""); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.'; } else { if ($_SESSION['access_level'] == 0) { echo "<p>Your application has been successfully submitted.<br> The House Manager will contact you soon. Thank you!"; } else { echo '<p>You have successfully added <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> to the database.</p>'; } } } } else { $id = $_POST['old_id']; $pass = $_POST['old_pass']; $result = remove_person($id); if (!$result) { echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.'; } else { $newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, $pass); $result = add_person($newperson); if (!$result) { echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.'; } else { echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>'; } add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.'); } } } } }
} if (!in_array("new", $screeningtypes)) { echo '<option value="new">new</option>'; } echo '</select>'; echo '<p>Hit <input type="submit" value="Submit" name="Submit Edits"> to select this screening.<br><br>'; } else { echo '<input type="hidden" name = "_form_submit" value="2">'; echo '<input type="hidden" name = "_old_type" value="' . $action . '">'; echo '<input type="hidden" name = "_form_type" '; if ($new) { echo 'value="new">'; } else { echo 'value="change">'; } $screening = retrieve_dbApplicantScreenings($action); echo "Creator: " . $screening->get_creator() . "<br><br>"; if (!$new) { echo 'Rename '; } echo 'Type:  <input type="text" name="new_type" '; if ($new) { echo '/><p>'; } else { echo 'value="' . $screening->get_type() . '" /><p>'; } echo '<fieldset><legend>Steps: </legend>'; $st = $screening->get_steps(); if ($st != null) { $i == 0; foreach ($st as $step) {
/** * process_form gathers data and enters it into a database */ function process_form($oldScreening) { //step one: gather data. $oldType = $_POST['_old_type']; if ($_POST['_form_type'] == "new") { $creator = $_SESSION['_id']; } else { $creator = $oldScreening->get_creator(); } $steps = []; // reset steps array if (isset($_POST['steps'])) { foreach ($_POST['steps'] as $step) { $steps[] = $step; } } else { $steps = $oldScreening->get_steps(); } $type = $_POST['new_type']; foreach ($steps as $key => $value) { if (empty($value)) { unset($steps[$key]); } } $steps = implode(',', $steps); // set published variable if ($_POST['Status'] == "published") { $newstatus = "published"; } else { $newstatus = "unpublished"; } $status = $newstatus; if (empty($type)) { $type = $oldType; // keeps "new" screening free from predefined steps and status if ($type == "new") { $steps = null; $status = "unpublished"; } } //used to put together url for return to screenings link $path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/'))); //step two: try to delete, add new, or replace if ($_POST['deleteMe'] == "DELETE") { $result = retrieve_dbApplicantScreenings($type); if (!$result) { echo '<p>Unable to delete. ' . $type . ' is not in the screenings database. To delete ' . $oldType . ', try to delete again but do not rename screening type.'; } else { $result = delete_dbApplicantScreenings($type); echo "<p>You have successfully removed " . $type . " from the screnings database.</p>"; echo '<p><a href="' . $path . 'viewScreenings.php?type=' . $type . '"><b>click here</b> to return to applicant screenings.</a><br><br></p>'; add_log_entry('ApplicantScreening type <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\' has been deleted.'); } } else { if ($_POST['_form_type'] == "new") { if ($_POST['$type_s']) { $dup = retrieve_dbApplicantScreenings($type); } if ($dup) { echo '<p class="error">Unable to add new screening type: ' . $type . ' to the screenings database. <br> Another screening with the same type is already there.'; } else { $screening = new ApplicantScreening($type, $creator, $steps, $status); $result = insert_dbApplicantScreenings($screening); if (!$result) { echo '<p class="error">Unable to add ' . $type . ' in the screenings database. <br> Please report this error to the House Manager.'; } else { echo "<p>You have successfully added '{$type}' to the screenings database.</p>"; } echo '<p>click <a href="' . $path . 'viewScreenings.php?type=' . $type . '">here</a> to return to applicant screenings.<br><br></p>'; add_log_entry('ApplicantScreening process <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\' has been added.'); } } else { $result = delete_dbApplicantScreenings($oldType); if (!$result) { echo '<p class="error">Unable to update ' . $oldType . ' as ' . $type; } else { $newscreening = new ApplicantScreening($type, $creator, $steps, $status); $result = insert_dbApplicantScreenings($newscreening); if (!$result) { echo '<p class="error">Unable to update ' . $type . ' in the screenings database. <br> Please report this error to the House Manager.'; } else { echo '<p>You have successfully edited "' . $type . '" in the screenings database.</p>'; } echo '<p><a href="' . $path . 'viewScreenings.php?type=' . $type . '"><b>click here</b> to return to applicant screenings.</a><br><br></p>'; add_log_entry('ApplicantScreening process <a href=\\"viewScreenings.php?type=' . $type . '\\">' . $type . '</a>\' has been changed.'); } } } //if (retrieve_dbApplicantScreenings("new")!= null) // delete_dbApplicantScreenings("new"); }