$body = filter_input(INPUT_POST, $postVar) ? mysqli_real_escape_string($dbObj->connection, filter_input(INPUT_POST, $postVar)) : ''; if ($body === "") { array_push($errorArr, "Please enter {$postVar} "); } break; default: ${$postVar} = filter_input(INPUT_POST, $postVar) ? mysqli_real_escape_string($dbObj->connection, filter_input(INPUT_POST, $postVar)) : ''; if (${$postVar} === "") { array_push($errorArr, "Please enter {$postVar} "); } break; } } if (count($errorArr) < 1) { $emailAddress = COMPANY_EMAIL; $addBody = "<p>If you want to stop receiving this mail, <a href='" . SITE_URL . "REST/unsubscribe.php?email=" . $email . "&id=" . User::getSingle($dbObj, 'id', $email) . "'>unsubcribe here!!</a></p>"; if (empty($subject)) { $subject = "Message From: " . WEBSITE_AUTHOR; } $transport = Swift_MailTransport::newInstance(); $message = Swift_Message::newInstance(); $message->setTo(array($email => $name)); $message->setSubject($subject); $message->setBody($body . $addBody); $message->setFrom($emailAddress, WEBSITE_AUTHOR); $message->setContentType("text/html"); $mailer = Swift_Mailer::newInstance($transport); $mailer->send($message); $json = array("status" => 1, "msg" => "You message to {$name} has been sent."); $dbObj->close(); //Close Database Connection
*/ /** * @author Rizart Dokollari * @author George Skarlatos * @since 8/16/14. */ require __DIR__ . '/../app/init.php'; $general->loggedOutProtect(); $pageTitle = "Personnel"; $section = "staff"; try { // protect again any sql injections on url if (isset($_GET['id']) && preg_match("/^[0-9]+\$/", $_GET['id'])) { $userId = $_GET['id']; $pageTitle = "Profile"; if (($data = User::getSingle($userId)) === false) { header('Location: ' . BASE_URL . 'error-404'); exit; } if (strcmp($data['type'], 'tutor') === 0) { $tutor = TutorFetcher::retrieveSingle($userId); $curUser = new Tutor($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active'], $tutor[MajorFetcher::DB_COLUMN_NAME]); $schedules = ScheduleFetcher::retrieveCurrWorkingHours($curUser->getId()); $teachingCourses = TutorFetcher::retrieveCurrTermTeachingCourses($curUser->getId()); } else { if (strcmp($data['type'], 'secretary') === 0) { $curUser = new Secretary($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active']); } else { if (strcmp($data['type'], 'admin') === 0) { $curUser = new Admin($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active']); } else {
} function is_create_bttn_Pressed() { return isset($_POST['hidden_submit_pressed']) && empty($_POST['hidden_submit_pressed']); } if (isSaveBttnPressed()) { $first_name = trim($_POST['first_name']); $last_name = trim($_POST['last_name']); $email = trim($_POST['email']); $user_type = trim($_POST['user_type']); $userMajorId = isset($_POST['userMajor']) ? trim($_POST['userMajor']) : ""; $teachingCoursesIds = isset($_POST['teachingCoursesMulti']) ? $_POST['teachingCoursesMulti'] : null; $termIds = isset($_POST['termIds']) ? $_POST['termIds'] : null; try { $newUserId = Admin::createUser($first_name, $last_name, $email, $user_type, $userMajorId, $teachingCoursesIds, $termIds); $newUser = User::getSingle($newUserId); Mailer::sendNewAccount($newUserId, $newUser[UserFetcher::DB_COLUMN_EMAIL], $newUser[UserFetcher::DB_COLUMN_FIRST_NAME] . " " . $newUser[UserFetcher::DB_COLUMN_LAST_NAME]); } catch (Exception $e) { $errors[] = $e->getMessage(); } } function isSaveBttnPressed() { return isset($_POST['hidden_submit_pressed']) && empty($_POST['hidden_submit_pressed']); } $pageTitle = "Add staff Member"; $section = "staff"; ?> <!DOCTYPE html> <!--[if lt IE 7]> <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
<?php include "../inc/cookie.php"; include "../model/User.php"; include "../model/Skill.php"; include "../model/Identity.php"; $User = new User(); $Skill = new Skill(); $Identity = new Identity(); $resultUser = $User->getSingle(); $resultSkill = $Skill->getAllForUser(); $resultIdentity = $Identity->getAllForUser(); ?> <div class="row"> <div class="col-md-12"> <h2 class="caps">your profile</h2> </div> </div> <div class="row"> <div class="col-md-4 col-centered "> <div class="panel panel-default"> <div class="panel-body" > <h3 class="caps"> <?php while ($User = $resultUser->fetch_object()) { echo $User->FirstName . " " . $User->LastName; } ?> </h3><hr> <?php while ($Identity = $resultIdentity->fetch_object()) {
<?php include "../inc/cookie.php"; include "../model/User.php"; include "../model/Skill.php"; include "../model/Identity.php"; $User = new User(); $Skill = new Skill(); $Identity = new Identity(); $resultUser = $User->getSingle(); $getUserID = $User->getSingle(); $resultSkill = $Skill->getAllForUser(); $selectSkill = $Skill->getAll(); $resultIdentity = $Identity->getAllForUser(); ?> <div class="row"> <div class="col-md-12"> <h2 class="caps">edit your profile</h2> </div> </div> <div class="row"> <div class="col-md-6 col-centered "> <div class="panel panel-default"> <div class="panel-body" > <h4 class="caps"> <?php while ($User = $resultUser->fetch_object()) { ?> <input type="hidden" id="ID" value="<?php echo $User->ID; ?>
require __DIR__ . '/../app/init.php'; $general->loggedOutProtect(); // redirect if user elevation is not that of secretary or tutor if (!$user->isAdmin()) { header('Location: ' . BASE_URL . "error-403"); exit; } // protect again any sql injections on url if (!isset($_GET['id']) || !preg_match("/^[0-9]+\$/", $_GET['id'])) { // header('Location: ' . BASE_URL . 'error-404'); exit; } else { $staffId = $_GET['id']; } try { if (($data = User::getSingle($staffId)) === false) { // header('Location: ' . BASE_URL . 'error-404'); exit; } // TODO: fix this code -- is ugly. if (strcmp($data['type'], 'tutor') === 0) { $tutor = TutorFetcher::retrieveSingle($staffId); $curUser = new Tutor($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active'], $tutor[TutorFetcher::DB_COLUMN_MAJOR_ID]); } else { if (strcmp($data['type'], 'secretary') === 0) { $curUser = new Secretary($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active']); } else { if (strcmp($data['type'], 'admin') === 0) { $curUser = new Admin($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active']); } else { throw new Exception("Something terrible has happened with the database. <br/>The software developers will tremble with fear.");
<?php include "../inc/dbconnect.php"; include "../inc/cookie.php"; include "../model/User.php"; //echo $_COOKIE[$CookieUserID]; ?> <div class="row"> <div class="col-md-12"> <h2>Home</h2> <div> <?php $User = new User(); $User->getSingle(); $fetchUser = $User->getSingle(); while ($User = $fetchUser->fetch_object()) { ?> <h3 class="caps">Welcome, <?php echo $User->FirstName . " " . $User->LastName; ?> !</h3> <?php } ?> </div> </div> </div><hr>
* */ ob_start(); #starting the staff session session_start(); require "config/app.php"; $errors = array(); try { // $staff = new Users(->getDbConnection()); $general = new General(); // retrieves data if a user is logged in if ($general->loggedIn() === true) { // instantiate user class & connect to db. $id = $_SESSION['id']; // getting user's id from the session.4 $data = User::getSingle($id); if (strcmp($data['type'], 'tutor') === 0) { $tutor = Tutor::getSingle($id); $user = new Tutor($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active'], $tutor[MajorFetcher::DB_COLUMN_NAME]); } else { if (strcmp($data['type'], 'secretary') === 0) { $user = new Secretary($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active']); } else { if (strcmp($data['type'], 'admin') === 0) { $user = new Admin($data['id'], $data['f_name'], $data['l_name'], $data['email'], $data['mobile'], $data['img_loc'], $data['profile_description'], $data['date'], $data['type'], $data['active']); } else { throw new Exception("Something terrible has happened with the database. <br/>The software developers will tremble with fear."); } } } }