Location: PHPKode > projects > ConPortal > conportal/redirects/edit_my_info.php
<?php
/*
 *  ConPortal - Pomona College ITS scheduling appplication
 *  Copyright (C) 2005-2006  Pomona College
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of version 2 of the GNU General Public License
 *  as published by the Free Software Foundation.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 */

// This file makes changes to a user's data in the DB...

require_once("../standard.php");

$skeelo_subject = "I wish I was a little bit taller";

$skeelo_body = "Hello

1-I wish I was little bit taller,
I wish I was a baller
I wish I had a girl who looked good
I would call her
I wish I had a rabbit in a hat with a bat
and a '64 Impala

I wish I was like six-foot-nine
So I could get with Leoshi
Cause she don't know me but yo she's really fine
You know I see her all the time
Everywhere I go, and even in my dreams
I can scheme of ways to make her mine
Cause I know she's livin phat
Her boyfriend's tall and he plays ball
So how am I gonna compete with that
'Cause when it comes to playing basketball
I'm always last to be picked
And in some cases never picked at all
So I just lean upon the wall
Or sit up in the bleachers with the rest of the girls
Who came to watch their men ball
Dag y'all! I never understood
Why the jocks get the fly girls
And me I get the hood rats
I tell 'em scat, skittle, skibobble
Got hit with a bottle
And put in the hospital, for talkin' that mess
I confess it's a shame when you livin' in a city
That's the size of a box and nobody knows yo' name
Glad I came to my senses
Like quick-quick got sick-sick to my stomach
Overcome with my thoughts of me and her together
Right?
So when I asked her out she said I wasn't her type
(rpt 1, 1)

I wish I had a brand-new car
So far, I got this hatchback
And everywhere I go, yo I gets laughed at
And when I'm in my car I'm laid back
I got an 8-track and a spare tire in the backseat
But that's flat
And do you really wanna know what's really wack, What
See I can't even get a date
So, what do you think of that?
I heard that prom night is the bomb night
With a hood rat you can hold tight
But really tho' on figuero
When I'm in my car I can't even get a hello
Well so many people wanna cruise Crenshaw on Sunday
Well then I'm gonna have to get in my car and go
You know I take the 110 to the 105
Get off on Crenshaw tell my homies look alive
Cause it's hard to survive
Livin' in a concrete jungle and
These girls just keep passin' me by
She looks fly, she looks fly
Makes me say my, my, my
(rpt 1, 1)

I wish I was a little bit taller...
I wish I was a baller...
I wish I was a little bit taller y'all
I wish I was a baller (3)

Hey, I wish I had my way
'Cause everyday would be a Friday
You could even speed on the highway
I would play ghetto games
Name my kids ghetto names
Little Mookie, big Al, Lorraine
Yo you know that's on the real
So if you're down on your luck
Then you should know just how I feel
Cause if you don't want me around
See I go simple, I go easy, I go greyhound
Hey, you, what's that sound?
Everybody look what's going down
Ahhhh, yes, ain't that fresh?
Everybody wants to get down like that
(rpt 1, 1)

I wish, I wish, I wish... 

-- Skee Lo";

/* going with SESSION['pid'] and not POST because
   I'm not entirely convinced I can trust POST.  Paranoia, paranoia! */

if(isset($_POST['phone']))
{
		if(validateNumber($_POST['phone']) == TRUE)
		{
			updateFromUser("phone", $_POST['phone'], $_SESSION['pid']);
		}
		else
		{
			notifyAdmin("phone", $_POST['phone'], $_SESSION['pid']);
			$_SESSION['invalidPhone'] = TRUE;
		}
}

if(isset($_POST['cell']))
{
		if(validateNumber($_POST['cell']) == TRUE)
		{
			updateFromUser("cell", $_POST['cell'], $_SESSION['pid']);
		}
		else
		{
			notifyAdmin("cell", $_POST['cell'], $_SESSION['pid']);
			$_SESSION['invalidCell'] = TRUE;
		}	
}

if(isset($_POST['sn']))
{
	if(validateSN($_POST['sn']) == TRUE)
		{
			updateFromUser("screen_name", $_POST['sn'], $_SESSION['pid']);
		}
		else
		{
			notifyAdmin("screen_name", $_POST['sn'], $_SESSION['pid']);
			$_SESSION['invalidSN'] = TRUE;
		}

}

if(isset($_POST['drop_emails']))
{
	updateFromUser("drop_emails", 1, $_SESSION['pid']);
}
else
{
	updateFromUser("drop_emails", 0, $_SESSION['pid']);
}

if(isset($_POST['take_emails']))
{
	updateFromUser("take_emails", 1, $_SESSION['pid']);	
}
else
{
	updateFromUser("take_emails", 0, $_SESSION['pid']);	
}

if(isset($_POST['scaling_factor']))
{
	if(validateScale($_POST['scaling_factor']) == TRUE)
		{
			updateFromUser("scaling_factor", $_POST['scaling_factor'], $_SESSION['pid']);
			$_SESSION['scaling_factor'] = $_POST['scaling_factor'];
		}
		else
		{
			notifyAdmin("scaling factor", $_POST['scaling_factor'], $_SESSION['pid']);
			$_SESSION['invalidScalingFactor'] = TRUE;
		}

}

if(isset($_POST['show_date_range']))
{
	updateFromUser("show_date_range", 1, $_SESSION['pid']);	
	$_SESSION['show_date_range'] = 1;
}
else
{
	updateFromUser("show_date_range", 0, $_SESSION['pid']);	
	$_SESSION['show_date_range'] = 0;
}

if(isset($_POST['show_names']))
{
	updateFromUser("show_names", 1, $_SESSION['pid']);
	$_SESSION['show_names'] = 1;	
}
else
{
	updateFromUser("show_names", 0, $_SESSION['pid']);
	$_SESSION['show_names'] = 0;	
}

if(isset($_POST['show_times']))
{
	updateFromUser("show_times", 1, $_SESSION['pid']);	
	$_SESSION['show_times'] = 1;
}
else
{
	updateFromUser("show_times", 0, $_SESSION['pid']);
	$_SESSION['show_times'] = 0;	
}

if(isset($_POST['show_dropdowns']))
{
	updateFromUser("show_dropdowns", 1, $_SESSION['pid']);
	$_SESSION['show_dropdowns'] = 1;	
}
else
{
	updateFromUser("show_dropdowns", 0, $_SESSION['pid']);
	$_SESSION['show_dropdowns'] = 0;	
}

if(isset($_POST['show_shift_open']))
{
	updateFromUser("show_shift_open", 1, $_SESSION['pid']);
	$_SESSION['show_shift_open'] = 1;	
}
else
{
	updateFromUser("show_shift_open", 0, $_SESSION['pid']);
	$_SESSION['show_shift_open'] = 0;	
}

if(isset($_POST['show_shiftpid']))
{
	updateFromUser("show_shiftpid", 1, $_SESSION['pid']);
	$_SESSION['show_shiftpid'] = 1;	
}
else
{
	updateFromUser("show_shiftpid", 0, $_SESSION['pid']);
	$_SESSION['show_shiftpid'] = 0;	
}

if(isset($_POST['show_create_appointments']))
{
	updateFromUser("show_create_appointments", 1, $_SESSION['pid']);
	$_SESSION['show_create_appointments'] = 1;	
}
else
{
	updateFromUser("show_create_appointments", 0, $_SESSION['pid']);
	$_SESSION['show_create_appointments'] = 0;	
}

if(isset($_POST['taller']))
{
	
	$userinfo = getUserDetails($_SESSION['pid']);
	$to = $userinfo['username'] . EMAIL_DOMAIN;
	send_email($skeelo_body,$skeelo_subject,$to);

}

if($_SESSION['invalidPhone'] || $_SESSION['invalidCell'] || $_SESSION['invalidSN'] || $_SESSION['invalidScalingFactor'])
{
	header("Location: " . BASE_URL . "edit_my_info.php");
}
else
{
	header("Location: " . BASE_URL . "index.php");
}

//used to validate Phone & Cell Phone number
function validateNumber($number)
{
	if(strlen($number) > 15)
	{
		return FALSE;
	}
	for($i =0; $i < strlen($number); $i++)
	{
		if( !(ctype_digit($number[$i]))	&& ($number[$i] != "(") && 
			($number[$i] != ")") && ($number[$i] != "-"))
			{
				return FALSE;
			}
	}
	return TRUE;
}

//used to validate SN
function validateSN($sn)
{
		if(strlen($sn) > 20)
	{
		return FALSE;
	}
	for($i =0; $i < strlen($sn); $i++)
	{
		if( !(ctype_alnum($sn[$i])) && !(ctype_space($sn[$i])) )
			{
				return FALSE;
			}
	}
	return TRUE;
}

function validateScale($scale)
{
	if(is_numeric($scale) && $scale > 0)
	{
		return TRUE;
	}
	return FALSE;
}

// alert admin via email of anomalies, i.e. possible hacking attempts
// FIXME: right now, hardcoded to George - may change to SUPERS someday
function notifyAdmin($whatField, $whatData, $whatUser)
{
	$subject = "OMG!  HAXXING ATTEMPT DETECTED!";
	$to = "hide@address.com";
	$body = "OMG!  " . getNameForUser($whatUser) . " entered " . $whatData . " into " . $whatField . ".  Plz don't let them haxor me!";
	send_email($body, $subject, $to);
}

?>
Return current item: ConPortal