/** * Adds user to the databse. * Creates a temporary randomly generated password string * for user, emails the user a confirmation message about account creation * along with * temporary password string. * * @param $DB_con - * PDO Database connection object */ public function add_user($DB_con) { // generate random password string $temp_password = random_str(10); // not currently needed // hash password // if (isset($password)) { // $password = crypt($password); // } // prepare and executer query to add user to database $add_user_query = 'INSERT INTO `tat_user` (`employee_number`, `First_Name`, `Last_Name`, `Email`, `Phone_Number`, `GPA`, `Gender`, `Password`, `Access_Level`) VALUES (:sid, :first_name, :last_name, :email, :phone_number, :gpa, :gender, :password, :access_level)'; $statement = $DB_con->prepare($add_user_query); // bind query parameters $statement->bindParam(':sid', $this->id, PDO::PARAM_STR); $statement->bindParam(':first_name', $this->first_name, PDO::PARAM_STR); $statement->bindParam(':last_name', $this->last_name, PDO::PARAM_STR); $statement->bindParam(':email', $this->email, PDO::PARAM_STR); $statement->bindParam(':phone_number', $this->phone_number, PDO::PARAM_STR); $statement->bindParam(':gpa', $this->gpa, PDO::PARAM_STR); $statement->bindParam(':gender', $this->gender, PDO::PARAM_STR); $statement->bindParam(':password', $temp_password, PDO::PARAM_STR); $statement->bindParam(':access_level', $this->access_level, PDO::PARAM_STR); // execute query if (!$statement->execute()) { // set error message and redirect user $_SESSION['add_user_error'] = 'An unknown error has occurred. Please contact system support and provide a detailed description of what you were trying to accomplish when this error occurred. (Error: -1)'; header('Location: ../add_user_gui.php'); die; } else { // redirect to dash board $_SESSION['user_added'] = 1; $fullName = $this->first_name . " " . $this->last_name; // finally send them an email if ($this->access_level == 'lecturer') { $email = new Emailer(); $email->sendLecturerTempEmail($_POST['user_email'], $fullName, $temp_password); header('Location: ../add_user_gui.php'); die; } else { if ($this->access_level == 'student') { $email = new Emailer(); $email->sendStudentTempEmail($_POST['user_email'], $fullName, $temp_password); header('Location: ../add_user_gui.php'); die; } } } }
public function importCsvData($id) { $file = fopen("uploads/" . $_FILES['file']['name'], "r"); $i = 0; while (!fof($file)) { $value = fgetcsv($file, 0, ';'); if ($i > 0) { if ($value[0] != '') { $empId = $value[0]; $fname = $value[1]; $surname = $value[2]; $email = $value[3]; $phone = $value[4]; $gender = $value[5]; $length = 10; $temp_password = random_str($length); // generates temp password $stmt = $this->db->prepare("SELECT employee_number FROM tat_user WHERE employee_number = '{$empId}'"); $stmt->execute(); // insert student data if ($stmt->rowCount() == 0) { $stmt = $this->db->prepare("INSERT INTO tat_user (employee_number, First_Name, Last_Name, Email, Phone_Number, Gender, Password, Access_Level, Token)\n VALUES('{$empId}','{$fname}', '{$surname}', '{$email}',\n '{$phone}', '{$gender}','{$temp_password}', 'student', '{$temp_password}')"); $stmt->execute(); // insert user id and course id $stmt = $this->db->prepare("SELECT Id FROM tat_user WHERE employee_number = '{$empId}'"); $stmt->execute(); $result = $stmt->fetch(); $sid = $result['Id']; $stmt = $this->db->prepare("INSERT INTO tat_course_student (User_Id, Course_Instance_Id, Skills_Updated)\n VALUES('{$sid}','{$id}', 'No')"); $stmt->execute(); // sebd the emails to inform the students $fullName = $fname . " " . $surname; $email = new Emailer(); $email->sendStudentTempEmail($email, $fullName, $temp_password); } else { $_SESSION['none_adds'][] = $empId . " " . $fname . " " . $surname . " " . $email; } } } } fclose($file); }