function testdbPersonsModule()
{
// add two people to the database
$myPerson = new Person("Susan", "L", "portland", "928 SU", "Portland", "ME", 04011, 2074415902, "home", 2072654046, "cell", "*****@*****.**", "volunteer", "", "", "active", "USM", "student", 3, "semester", "I like helping out", "cooking", "", "Mon:9-12:portland,Sun:evening:portland", "", "", "89-02-19", "08-03-14", "internet", "this is a note", "");
$m = new Person("Gabrielle", "Booth", "bangor", "14 Way St", "Harpswell", "ME", 0407, 1112345679, "cell", 7778889999.0, "work", "*****@*****.**", "volunteer", "", "", "active", "National Semiconductor", "VP", "", "year", "a motivation", "a specialty", "", "Mon:9-12:bangor,Sun:morning:bangor", "", "15-01-05:0930-1300:bangor:3.5", "89-02-19", "08-03-14", "friend", "Some notes", "");
$this->assertTrue(add_person($m));
$m2 = new Person("Fred", "Wilson", "portland", "14 Boyer Ave", "Portland", "ME", 04503, 5093456789.0, "home", 5098889999.0, "cell", "*****@*****.**", "volunteer", "", "", "active", "McDonalds", "manager", "", "year", "a motivation2", "First Aid", "", "Wed:9-12:portland,Sun:afternoon:portland", "", "15-02-27:1730-2100:portland:3.5", "91-09-25", "07-04-14", "other", "Some notes", "");
$this->assertTrue(add_person($m2));
// retrieve the person and test the fields
$p = retrieve_person("Gabrielle1112345679");
$this->assertTrue($p !== false);
$this->assertTrue($p->get_status() == "active");
$this->assertTrue($p->get_email() == "*****@*****.**");
$this->assertEqual($p->get_type(), array("volunteer"));
$this->assertEqual($p->get_hours(), array("15-01-05:0930-1300:bangor:3.5"));
$this->assertTrue($p->get_birthday() == "89-02-19");
$p2 = retrieve_person("Fred5093456789");
$this->assertTrue($p2 !== false);
$this->assertTrue($p2->get_status() == "active");
$this->assertTrue($p2->get_email() == "*****@*****.**");
$this->assertEqual($p2->get_type(), array("volunteer"));
$this->assertEqual($p2->get_hours(), array("15-02-27:1730-2100:portland:3.5"));
$this->assertTrue($p2->get_birthday() == "91-09-25");
// remove the person
$this->assertTrue(remove_person("Gabrielle1112345679"));
$this->assertTrue(remove_person("Fred5093456789"));
echo "testdbPersons complete";
}
function testdbPersonsModule()
{
//add a manager
//setup_dbPersons();
$m = new Person("Taylor", "Talmage", "928 SU", "Brunswick", "ME", 04011, 2074415902, 2072654046, "*****@*****.**", "volunteer", "soupkitchen", "C", "active", "Mon:1,Tue:3,Wed:1", "09-19-13,09-16-13", "02-19-89", "03-14-08", "this is a note", "Taylor2074415902");
$this->assertTrue(add_person($m));
//get a person
$p = retrieve_person("Taylor2074415902");
$this->assertTrue($p !== false);
$this->assertEqual($p->get_status(), "active");
$this->assertTrue(remove_person("Taylor2074415902"));
echo "testdbPersons complete";
}
function process_form()
{
if ($_POST['_form_submit'] == 1) {
error_log("exporting data step 1");
$select_all_regexp = ".";
if (!isset($_POST['first_name']) || $_POST['first_name'] == "") {
$_SESSION['first_name'] = $select_all_regexp;
} else {
$_SESSION['first_name'] = $_POST['first_name'];
}
if (!isset($_POST['last_name']) || $_POST['last_name'] == "") {
$_SESSION['last_name'] = $select_all_regexp;
} else {
$_SESSION['last_name'] = $_POST['last_name'];
}
if (!isset($_POST['gender']) || $_POST['gender'] == "") {
$_SESSION['gender'] = $select_all_regexp;
} else {
$_SESSION['gender'] = $_POST['gender'];
}
if (!isset($_POST['type'])) {
$_SESSION['type'] = [];
} else {
$_SESSION['type'] = $_POST['type'];
}
if (!isset($_POST['status']) || $_POST['status'] == "") {
$_SESSION['status'] = $select_all_regexp;
} else {
$_SESSION['status'] = $_POST['status'];
}
if (!isset($_POST['start_date']) || $_POST['start_date'] == "") {
$_SESSION['start_date'] = $select_all_regexp;
} else {
$_SESSION['start_date'] = $_POST['start_date'];
}
if (!isset($_POST['city']) || $_POST['city'] == "") {
$_SESSION['city'] = $select_all_regexp;
} else {
$_SESSION['city'] = $_POST['city'];
}
if (!isset($_POST['zip']) || $_POST['zip'] == "") {
$_SESSION['zip'] = $select_all_regexp;
} else {
$_SESSION['zip'] = $_POST['zip'];
}
if (!isset($_POST['phone']) || $_POST['phone'] == "") {
$_SESSION['phone'] = $select_all_regexp;
} else {
$_SESSION['phone'] = $_POST['phone'];
}
if (!isset($_POST['email']) || $_POST['email'] == "") {
$_SESSION['email'] = $select_all_regexp;
} else {
$_SESSION['email'] = $_POST['email'];
}
error_log("first name = " . $_SESSION['first_name']);
error_log("last name = " . $_SESSION['last_name']);
error_log("gender = " . $_SESSION['gender']);
foreach ($_SESSION['type'] as $t) {
error_log("type selected " . $t);
}
error_log("status = " . $_SESSION['status']);
error_log("start date = " . $_SESSION['start_date']);
error_log("city = " . $_SESSION['city']);
error_log("zip = " . $_SESSION['zip']);
error_log("phone = " . $_SESSION['phone']);
error_log("email = " . $_SESSION['email']);
$result = get_people_for_export("*", $_SESSION['first_name'], $_SESSION['last_name'], $_SESSION['gender'], $_SESSION['type'], $_SESSION['status'], $_SESSION['start_date'], $_SESSION['city'], $_SESSION['zip'], $_SESSION['phone'], $_SESSION['email']);
$returned_people = [];
while ($result_row = mysql_fetch_assoc($result)) {
$person = make_a_person($result_row);
$returned_people[] = $person;
}
$_SESSION['returned_people'] = serialize($returned_people);
error_log("returns " . count($_SESSION['returned_people']) . "people");
include 'dataResults.inc.php';
} else {
if ($_POST['_form_submit'] == 2) {
error_log("Exporting data step 2");
$_SESSION['results'] = $_POST['results_list'];
if ($_POST['all_export']) {
$export_people = [];
error_log("returns " . count(unserialize($_SESSION['returned_people'])) . "people");
foreach (unserialize($_SESSION['returned_people']) as $p) {
$export_people[] = $p->get_id();
error_log("Exporting data for " . $p->get_id());
}
error_log("Exporting all data.");
$_SESSION['selected_people'] = $export_people;
include 'dataExport.inc.php';
} else {
if ($_POST['b_export']) {
error_log("Exporting selected data");
if ($_POST['results_list']) {
$_SESSION['selected_people'] = $_POST['results_list'];
foreach ($_POST['results_list'] as $export_person) {
$temp_dude = retrieve_person($export_person);
error_log("Exporting data for " . $temp_dude->get_first_name() . " " . $temp_dude->get_last_name());
}
}
include 'dataExport.inc.php';
}
}
} else {
if ($_POST['_form_submit'] == 3) {
error_log("Exporting data step 3");
$_POST['export_attr'][] = 'id';
$all_attrs_concat = implode(", ", $_POST['export_attr']);
echo $all_attrs_concat;
error_log("All attributes = " . $all_attrs_concat);
foreach ($_POST['export_attr'] as $attr) {
error_log("attr to be exported " . $attr);
}
$result = get_people_for_export($all_attrs_concat, $_SESSION['first_name'], $_SESSION['last_name'], $_SESSION['gender'], $_SESSION['type'], $_SESSION['status'], $_SESSION['start_date'], $_SESSION['city'], $_SESSION['zip'], $_SESSION['phone'], $_SESSION['email']);
$export_data = [];
while ($result_row = mysql_fetch_assoc($result)) {
if (in_array($result_row['id'], $_SESSION['selected_people'])) {
$temp_person = [$result_row['id']];
foreach ($result_row as $row) {
if (!isset($row) || $row == "") {
$row = "";
}
$temp_person[] = $row;
}
$export_data[] = array_slice($temp_person, 0, count($temp_person) - 1);
}
}
date_default_timezone_set('America/New_York');
$current_time = ["Export date: " . date("F j, Y, g:i a")];
export_data($current_time, array_merge(["id"], $_POST['export_attr']), $export_data);
}
}
}
}
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
// $first_name = str_replace(' ', '_', $first_name);
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
if ($_POST['DateOfBirth_Year'] == "") {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
} else {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
}
$gender = trim(htmlentities($_POST['gender']));
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
$county = trim(htmlentities($_POST['county']));
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
$clean_phone1 = ereg_replace("[^0-9]", "", $phone1);
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = ereg_replace("[^0-9]", "", $phone2);
$email = $_POST['email'];
$contact_preference = $_POST['contact_preference'];
$dateAdded = $_POST['dateadded'];
//Edited out by James Loeffler because these are not included in the new person.php
/* $contact_preference = $_POST['contact_preference'];
$emergency_contact = $_POST['emergency_contact'];
$emergency_phone = trim(str_replace(' ', '', htmlentities($_POST['emergency_phone'])));
$clean_emergency_phone = ereg_replace("[^0-9]", "", $emergency_phone);
$screening_type = $_POST['screening_type'];
if ($screening_type!="") {
$screening = retrieve_dbApplicantScreenings($screening_type);
$step_array = $screening->get_steps();
$step_count = count($step_array);
$date_array = array();
for ($i = 0; $i < $step_count; $i++) {
$date_array[$i] = $_POST['ss_month'][$i] . '-' . $_POST['ss_day'][$i] . '-' . $_POST['ss_year'][$i];
if ($date_array[$i]!="--" && strlen($date_array[$i]) != 8) {
if (strlen($date_array[$i] != 2))
echo('<p>Date of completion for step: "' . $step_array[$i] . '" is in error, please select month, day <i>and</i> year.<br>');
$date_array[$i] = null;
}
}
}
$status = $_POST['status'];
$occupation = $_POST['occupation'];
$refs = $_POST['refs'];
$motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation'])));
$specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties']))); */
$type = $_POST['type'];
// added by James Loeffler
$status = $_POST['status'];
$schedule = $_POST['schedule'];
//concatenate birthday and start_date strings
/* if ($_POST['DateOfBirth_Year'] == "")
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
else
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
if (strlen($birthday) < 8)
$birthday = '';
$start_date = $_POST['DateOfStart_Month'] . '-' . $_POST['DateOfStart_Day'] . '-' . $_POST['DateOfStart_Year'];
if (strlen($start_date) < 8)
$start_date = ''; */
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
$skills = trim(str_replace('\\\'', '\'', htmlentities($_POST['skills'])));
$reason_interested = trim(str_replace('\\\'', '\'', htmlentities($_POST['reason_interested'])));
//password here?
if ($_POST['availability'] != null) {
$availability = implode(',', $_POST['availability']);
} else {
$availability = "";
}
// these two are not visible for editing, so they go in and out unchanged
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if ($_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if ($_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
//edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if ($_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
//edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
/*
$to = '*****@*****.**';
$subject = 'Your Login!';
$message = 'Your Login ID id: XXXXXXXXXXXXX' . "\r\n"
'Your Login Password is: XXXXXXXXXXXXX';
$headers = 'From: webmaster@example.com' . "\r\n" .
'Reply-To: webmaster@example.com' . "\r\n" .
'X-Mailer: PHP/' . phpversion();
mail($to, $subject, $message, $headers);
*/
//this is a possible email function template that we can use
echo "<p>Your application has been successfully submitted.<br> You will be recieving an email shortly with your ID and Password soon!";
error_log('The Email has been sent!');
} else {
echo "<p>You have successfully added " . $first_name . " " . $last_name . " to the database.</p>";
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
//Edited by James Loeffler
$newperson = new Person($first_name, $last_name, $birthday, $gender, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $status, $schedule, $notes, $skills, $reason_interested, $dateAdded, md5($pass), $availability, $contact_preference);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
function newMonth($id)
{
$days = array(1 => "Mon", 2 => "Tue", 3 => "Wed", 4 => "Thu", 5 => "Fri", 6 => "Sat");
$fpdays = array(1 => "Mon", 2 => "Wed930", 3 => "Wed1100", 4 => "Thu", 5 => "Fri", 6 => "Sat");
if (substr($id, 6) == "foodpantry") {
$thisdays = $fpdays;
} else {
$thisdays = $days;
}
// We switched new months to default to published, because otherwise they won't be available for viewing.
// We're unsure if this was the right move to make.
$new_month = new Month($id, "unpublished");
$new_crews = $new_month->get_crews();
$dom = 1;
// day of the month, 1, 2, ..., 31
$week_no = 1;
// master schedule week number
$firstdow = $dow = date("N", mktime(0, 0, 0, substr($id, 3, 2), "01", substr($id, 0, 2)));
// day of week, 1 = Monday
if (substr($id, 6) == "foodpantry" && $firstdow == 3) {
$firstdow = $dow = 2;
}
$newbies = array();
foreach ($new_crews as $new_crew) {
if ($dom == sizeof($new_crews) && substr($id, 6) == "foodpantry" && $dow == 2) {
break;
}
$id1 = substr($id, 6) . $thisdays[$dow] . $week_no;
$schedule_entry = retrieve_dbMasterSchedule($id1);
if ($schedule_entry && $schedule_entry->get_slots() > 0) {
if ($dom < 10) {
$dd = "-0" . $dom;
} else {
$dd = "-" . $dom;
}
$person_ids = $schedule_entry->get_persons();
$crew_names = array();
foreach ($person_ids as $person_id) {
if ($person_id == "") {
continue;
}
$p = retrieve_person($person_id);
if ($p) {
$crew_names[] = $person_id . "+" . $p->get_first_name() . "+" . $p->get_last_name() . "+(" . implode(' ', $p->get_role()) . ")";
} else {
$crew_names[] = $person_id . "+++";
}
}
$newbie = new Crew(substr($id, 0, 5) . $dd, substr($id, 6), $schedule_entry->get_slots(), $crew_names, "", "");
$new_month->set_crew($dom, $newbie->get_id());
$newbies[] = $newbie;
}
if ($dow == 7) {
$dow = 1;
} else {
$dow++;
}
if ($dow == $firstdow) {
$week_no++;
}
$dom++;
}
update_dbMonths($new_month);
foreach ($newbies as $newbie) {
update_dbCrews($newbie);
}
return $new_month;
}
<link rel="stylesheet" href="styles.css" type="text/css" />
</head>
<body>
<div id="container">
<?php
include 'header.php';
?>
<div id="content">
<?php
include_once 'database/dbPersons.php';
include_once 'domain/Person.php';
include_once 'database/dbLog.php';
include_once 'domain/Crew.php';
include_once 'database/dbCrews.php';
if ($_SESSION['_id'] != "guest") {
$person = retrieve_person($_SESSION['_id']);
echo "<p>Welcome, " . $person->get_first_name() . ", to Homebase!";
} else {
echo "<p>Welcome to Homebase!";
}
$today = time();
echo " Today is " . date('l F j, Y', $today) . ".<p>";
?>
<!-- your main page data goes here. This is the place to enter content -->
<p>
<?php
if ($_SESSION['access_level'] == 1) {
echo '<p>
This is your personal homepage:
your upcoming scheduled crews will always be posted here.
echo '</ul>';
echo '<p><table><form method="post"><input type="hidden" name="_submit_check" value="true"><tr><td>Username:</td><td><input type="text" name="user" tabindex="1"></td></tr><tr><td>Password:</td><td><input type="password" name="pass" tabindex="2"></td></tr><tr><td colspan="2" align="center"><input type="submit" name="Login" value="Login"></td></tr></table>';
} else {
//check if they logged in as a guest:
//if ($_POST['user'] == "guest" && $_POST['pass'] == "") {
// $_SESSION['logged_in'] = 1;
// $_SESSION['access_level'] = 0;
// $_SESSION['type'] = "";
// $_SESSION['_id'] = "guest";
// echo "<script type=\"text/javascript\">window.location = \"index.php\";</script>";
//}
//otherwise authenticate their password
//Rocco Sacramone - 10/29/14 guest functionallity removed
$db_pass = md5($_POST['pass']);
$db_id = $_POST['user'];
$person = retrieve_person($db_id);
error_log("what is the ID" . $db_id . $db_pass);
error_log("in line 54 of login_form.php");
if ($person) {
//avoids null results
if ($person->get_password() == $db_pass) {
//if the passwords match, login
$_SESSION['logged_in'] = 1;
if ($person->get_status() == "applicant") {
$_SESSION['access_level'] = 0;
//will be removed in a later version
} else {
if ('manager' == $person->get_type()) {
$_SESSION['access_level'] = 2;
} else {
if (strcmp($_POST['user'], "volunteer2077806282") == 0) {
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id, $person)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
if ($person->get_first_name() == "new") {
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
} else {
$first_name = $person->get_first_name();
}
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
$location = $_POST['location'];
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
if ($person->get_first_name() == "new") {
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
$clean_phone1 = preg_replace("/[^0-9]/", "", $phone1);
$phone1type = $_POST['phone1type'];
} else {
$clean_phone1 = $person->get_phone1();
$phone1type = $person->get_phone1type();
}
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = preg_replace("/[^0-9]/", "", $phone2);
$phone2type = $_POST['phone2type'];
$email = $_POST['email'];
$type = implode(',', $_POST['type']);
$screening_type = $_POST['screening_type'];
if ($screening_type != "") {
$screening = retrieve_dbApplicantScreenings($screening_type);
$step_array = $screening->get_steps();
$step_count = count($step_array);
$date_array = array();
for ($i = 0; $i < $step_count; $i++) {
$date_array[$i] = $_POST['screening_status'][$i];
if ($date_array[$i] != "" && $date_array[$i] != "--" && strlen($date_array[$i]) != 8) {
echo '<p>Completion Date for step: "' . $step_array[$i] . '" is in error, please enter mm-dd-yy.<br>';
}
}
$screening_status = implode(',', $date_array);
}
$status = $_POST['status'];
if ($_POST['isstudent'] == "yes") {
$position = "student";
$employer = $_POST['nameofschool'];
} else {
$position = $_POST['position'];
$employer = $_POST['employer'];
}
$credithours = $_POST['credithours'];
$motivation = trim(str_replace('\\\'', '\'', htmlentities($_POST['motivation'])));
$specialties = trim(str_replace('\\\'', '\'', htmlentities($_POST['specialties'])));
$convictions = $_POST['convictions'];
if (!$_POST['availability']) {
$availability = null;
} else {
$availability = implode(',', $_POST['availability']);
}
// these two are not visible for editing, so they go in and out unchanged
$schedule = $_POST['schedule'];
$hours = $_POST['hours'];
$birthday = $_POST['birthday'];
$start_date = $_POST['start_date'];
$howdidyouhear = $_POST['howdidyouhear'];
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if ($_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the House Manager.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if ($_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, "");
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the House Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if ($_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, "");
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the House Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
echo "<p>Your application has been successfully submitted.<br> The House Manager will contact you soon. Thank you!";
} else {
echo '<p>You have successfully added <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> to the database.</p>';
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
$newperson = new Person($first_name, $last_name, $location, $address, $city, $state, $zip, $clean_phone1, $phone1type, $clean_phone2, $phone2type, $email, $type, $screening_type, $screening_status, $status, $employer, $position, $credithours, $commitment, $motivation, $specialties, $convictions, $availability, $schedule, $hours, $birthday, $start_date, $howdidyouhear, $notes, $pass);
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the House Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
/**
* process_form sanitizes data, concatenates needed data, and enters it all into a database
*/
function process_form($id, $person)
{
//echo($_POST['first_name']);
//step one: sanitize data by replacing HTML entities and escaping the ' character
if ($id == "new") {
$first_name = trim(str_replace('\\\'', '', htmlentities(str_replace('&', 'and', $_POST['first_name']))));
} else {
$first_name = $person->get_first_name();
}
// $first_name = str_replace(' ', '_', $first_name);
$last_name = trim(str_replace('\\\'', '\'', htmlentities($_POST['last_name'])));
$address = trim(str_replace('\\\'', '\'', htmlentities($_POST['address'])));
$city = trim(str_replace('\\\'', '\'', htmlentities($_POST['city'])));
$state = trim(htmlentities($_POST['state']));
$zip = trim(htmlentities($_POST['zip']));
if ($id == "new") {
$phone1 = trim(str_replace(' ', '', htmlentities($_POST['phone1'])));
} else {
$phone1 = $person->get_phone1();
}
$clean_phone1 = mb_ereg_replace("[^0-9]", "", $phone1);
$phone2 = trim(str_replace(' ', '', htmlentities($_POST['phone2'])));
$clean_phone2 = mb_ereg_replace("[^0-9]", "", $phone2);
$email = $_POST['email'];
$type = implode(',', $_POST['type']);
if ($_POST['group']) {
$group = implode(',', $_POST['group']);
} else {
$group = "";
}
if ($_POST['role']) {
$role = implode(' ', $_POST['role']);
} else {
$role = "";
}
$status = $_POST['status'];
if ($_POST['availability'] != null) {
$availability = implode(',', $_POST['availability']);
} else {
$availability = "";
}
// these two are not visible for editing, so they go in and out unchanged
$schedule = $_POST['schedule'];
//concatenate birthday and start_date strings
if ($_POST['DateOfBirth_Year'] == "") {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-XX';
} else {
$birthday = $_POST['DateOfBirth_Month'] . '-' . $_POST['DateOfBirth_Day'] . '-' . $_POST['DateOfBirth_Year'];
}
if (strlen($birthday) < 8) {
$birthday = '';
}
$start_date = $_POST['DateOfStart_Month'] . '-' . $_POST['DateOfStart_Day'] . '-' . $_POST['DateOfStart_Year'];
if (strlen($start_date) < 8) {
$start_date = '';
}
$notes = trim(str_replace('\\\'', '\'', htmlentities($_POST['notes'])));
//used for url path in linking user back to edit form
$path = strrev(substr(strrev($_SERVER['SCRIPT_NAME']), strpos(strrev($_SERVER['SCRIPT_NAME']), '/')));
//step two: try to make the deletion, password change, addition, or change
if (@$_POST['deleteMe'] == "DELETE") {
$result = retrieve_person($id);
if (!$result) {
echo '<p>Unable to delete. ' . $first_name . ' ' . $last_name . ' is not in the database. <br>Please report this error to the admin.';
} else {
//What if they're the last remaining manager account?
if (strpos($type, 'manager') !== false) {
//They're a manager, we need to check that they can be deleted
$managers = getall_type('manager');
if (!$managers || mysql_num_rows($managers) <= 1) {
echo '<p class="error">You cannot remove the last remaining manager from the database.</p>';
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
} else {
$result = remove_person($id);
echo "<p>You have successfully removed " . $first_name . " " . $last_name . " from the database.</p>";
if ($id == $_SESSION['_id']) {
session_unset();
session_destroy();
}
}
}
} else {
if (@$_POST['reset_pass'] == "RESET") {
$id = $_POST['old_id'];
$result = remove_person($id);
$pass = $first_name . $clean_phone1;
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to reset ' . $first_name . ' ' . $last_name . "'s password.. <br>Please report this error to the Operations Manager.";
} else {
echo "<p>You have successfully reset " . $first_name . " " . $last_name . "'s password.</p>";
}
} else {
if (@$_POST['old_id'] == 'new') {
$id = $first_name . $clean_phone1;
//check if there's already an entry
$dup = retrieve_person($id);
if ($dup) {
echo '<p class="error">Unable to add ' . $first_name . ' ' . $last_name . ' to the database. <br>Another person with the same name and phone is already there.';
} else {
$pass = $_POST['old_pass'];
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to add " .$first_name." ".$last_name. " in the database. <br>Please report this error to the Operations Manager.';
} else {
if ($_SESSION['access_level'] == 0) {
echo "<p>Your application has been successfully submitted.<br> An MCHPP staff member will contact you soon. Thank you!";
} else {
echo "<p>You have successfully added " . $first_name . " " . $last_name . " to the database.</p>";
}
}
}
} else {
$id = $_POST['old_id'];
$pass = $_POST['old_pass'];
$result = remove_person($id);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the Operations Manager.';
} else {
$newperson = new Person($first_name, $last_name, $address, $city, $state, $zip, $clean_phone1, $clean_phone2, $email, $type, $group, $role, $status, $availability, $schedule, $birthday, $start_date, $notes, md5($pass));
$result = add_person($newperson);
if (!$result) {
echo '<p class="error">Unable to update ' . $first_name . ' ' . $last_name . '. <br>Please report this error to the Operations Manager.';
} else {
echo '<p>You have successfully edited <a href="' . $path . 'personEdit.php?id=' . $id . '"><b>' . $first_name . ' ' . $last_name . ' </b></a> in the database.</p>';
}
add_log_entry('<a href=\\"personEdit.php?id=' . $id . '\\">' . $first_name . ' ' . $last_name . '</a>\'s Personnel Edit Form has been changed.');
}
}
}
}
}
$completePerson = retrieve_person($personToBeAdded);
add_A_Person($selectedProj->get_id(), $completePerson->get_id(), $completePerson->get_first_name(), $completePerson->get_last_name());
*/
if ($self == null) {
error_log('Error with User information');
die;
} else {
$ageReq = $selectedProj->get_age();
$personAge = $self->get_birthday();
error_log($personAge);
$tempAge = check_Age($personAge);
//, $ageReq);
$ageZero = 0;
if ($tempAge >= $ageReq) {
error_log('user id is ' . $_SESSION['_id']);
$completePerson = retrieve_person($personToBeAdded);
add_A_Person($selectedProj->get_id(), $completePerson->get_id(), $completePerson->get_first_name(), $completePerson->get_last_name());
echo '<p>';
echo '<fieldset>
<legend>Project Details: </legend>
';
echo "<p><table><tr><td>Date</td><td>" . $selectedProj->get_date() . "</td></tr>" . "<tr><td>Project Name</td><td>" . $selectedProj->get_name() . " </td></tr>" . "<tr><td>Address</td><td>" . $selectedProj->get_address() . " </td></tr>" . "<tr><td>Start Time</td><td>" . $selectedProj->get_start_time() . " </td></tr>" . "<tr><td>End Time</td><td>" . $selectedProj->get_end_time() . " </td></tr>" . "<tr><td>Vacancies</td><td>" . $selectedProj->get_vacancies() . " </td></tr>" . "<tr><td>Day</td><td>" . $selectedProj->get_dayOfWeek() . " </td></tr>" . "<tr><td>Notes</td><td>" . $selectedProj->get_project_description() . " </td></tr>" . "</table>";
echo '</fieldset><p>';
} else {
echo 'You do not meet the age requirement, but feel free to email the manager at manager@email.com to see if you can still join.';
}
}
}
}
?>
<!-- below is the footer that we're using currently-->
function testChange_password()
{
$m = new Person("John", "Smith", "10-12-87", "Male", "555 Main Street", "Flushing", "NY", "11111", PHONE, "2072654046", "*****@*****.**", "volunteer", " ", "Schedule", "I like helping out", "55555", "03-14-14", "email");
echo 'will test change_password </br>';
$result = add_person($m);
echo 'result is ' . $result;
if ($result) {
echo "add_person person was inserted </br>";
} else {
echo "add_person - person was not inserted</br>";
}
$result = change_password('John2072445902', 'newpassword');
if ($result) {
echo "change_password succeeded </br>";
} else {
echo "change_password failed</br>";
}
$p = retrieve_person(ID);
if ($p == null) {
echo 'Retrieve failed</br>';
} else {
checkEquals($p->get_password(), "newpassword");
}
$res = remove_person(ID);
if ($res == null) {
echo 'Retrieve failed</br>';
}
}
function generate_and_populate_shift($day_id, $venue, $week_of_month, $week_of_year, $day, $time, $note)
{
// gets the people from the master schedule
$people1 = get_person_ids($venue, $week_of_month, $day, $time);
if (!$people1[0]) {
array_shift($people1);
}
// echo($week_of_month.":".$day.":".$time.":".$venue);
$vacancies1 = get_total_slots($week_of_month . ":" . $day . ":" . $time . ":" . $venue) - count($people1);
$people2 = get_person_ids($venue, $week_of_year, $day, $time);
if (!$people2[0]) {
array_shift($people2);
}
$vacancies2 = get_total_slots($week_of_year . ":" . $day . ":" . $time . ":" . $venue) - count($people2);
$people = array_unique(array_merge($people1, $people2));
if (!$people[0]) {
array_shift($people);
}
$vacancies = $vacancies1 + $vacancies2;
// changes the people array to the format used by Shift (id, fname lname)
for ($i = 0; $i < count($people); ++$i) {
$person = retrieve_person($people[$i]);
if ($person) {
$people[$i] = $person->get_id() . "+" . $person->get_first_name() . "+" . $person->get_last_name();
}
}
// calculates vacancies
// makes a new shift filled with people found above
$newShift = new Shift($day_id . ":" . $time, $venue, $vacancies, $people, array(), "", $note);
return $newShift;
}
<div id="container">
<?php
include 'header.php';
?>
<div id="content">
<form method="POST">
<?php
$person = retrieve_person($_GET['id']);
$venues = array('portland' => 'RMH Portland', 'bangor' => 'RMH Bangor');
if ($_POST['Submit']) {
$hours = gather_hours($_POST['from'], $_POST['start_time'], $_POST['end_time'], $_SESSION['venue'], $_POST['hours_worked']);
update_hours($person->get_id(), $hours);
echo "Volunteer Log Updated; please remember to log out when finished.<p>";
}
// else {
$person = retrieve_person($_GET['id']);
$hours = $person->get_hours();
echo '<p><b> ' . $venues[$_SESSION['venue']] . ' Volunteer Log Sheet </b> for ' . $person->get_first_name() . " " . $person->get_last_name();
echo "<br> Today is " . date('l F j, Y') . "</p>";
$total = 0;
echo '<p><table name="log_entries" id="spacedRowTable" style="width:40%">';
echo '<th align="left">Date</th><th align="left">Start time</th><th align="left">End time</th><th align="left">Hours worked</th><th align="left">Total</th><p></p>';
/*foreach ($hours as $log_entry) {
$log_details = explode(":",$log_entry);
echo '<tr><td>'.$log_details[0].'</td><td>'.substr($log_details[1],0,4).'</td><td>'.substr($log_details[1],5,4).'</td><td>'.$log_details[3].'</td><td>'.$log_details[2].'</td></tr>';
}
*/
foreach ($hours as $log_entry) {
$log_details = explode(":", $log_entry);
echo '<tr><td><input type="text" name="from[]" class="date" value=' . $log_details[0] . '></td>
<td><input type="text" name="start_time[]" class="start_time" size=10 value=' . substr($log_details[1], 0, 4) . '></td>
