Location: PHPKode > projects > Convener > manage/addmembers.php
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html>
<head>
	<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=ISO-8859-1">
	<title>Add members to the participant group</title>
	<style type="text/css" media="screen">@import "convener.css";</style>
</head>
<body>
<div id="wrapper">
	<div id="menu"><?php include('menu.php');?>
	</div>
	<div id="content"> 

<?php 
require('../config.php');
require('../dbfunc.php');
$conveners_id = 1; // now for testing, set by authentication when it's ready

if ($_POST['ok']) { // form was submitted -> add members to database
	// --- validate and escape post-data into new variables and arrays
	$id = escape_smart($_POST['g']);
	$email = $firstname = $lastname = NULL;
	foreach($_POST['firstname'] as $key => $value) {
		if ($value) {
			$firstname[$key] = escape_smart($_POST['firstname'][$key]);
		}
	}
	foreach($_POST['lastname'] as $key => $value) {
		if ($value) {
			$lastname[$key] = escape_smart($_POST['lastname'][$key]);
		}
	}
	foreach($_POST['email'] as $key => $value) {
		if ($value) { // NB: scandinavian letters are possible in domain names since August 2005
			if (eregi('^[a-öA-Ö0-9._-]+@[a-öA-Ö0-9._-]+\.([a-öA-Ö]{2,4})$', $value)) { 
				if ($key != 0 AND in_array($value, $email)) {
					die("<h2>Duplicate e-mail address</h2><p>Same email not allowed to many participants: <b>$value</b></p>");
				} else {
					$email[$key] = escape_smart($_POST['email'][$key]);   
				}
			} else {
				die("<h2>Invalid e-mail address</h2><p>Invalid email address new participants, please go back and check e-mail addresses!</p>");
      			}
		}
	}
	// --- basic check for forgotten values, make it better in the new form validator 
	if (sizeof($firstname) != sizeof($lastname)) die ("<h2>Missing values</h2><p>Number of first names and last names doesn't match,
	check that every firstname has lastname attached and vice versa!</p>");
	if (sizeof($lastname) != sizeof($email)) die ("<h2>Missing values</h2><p>Number of participant names and emails doesn't match,
	check that every participant name has email attached and vice versa!</p>"); 
	
	if ($_POST['addpart']) foreach($_POST['addpart'] as $key => $value) {
		if ($value) {
			$addpart[$key] = escape_smart($_POST['addpart'][$key]);
		}
	}
			
	// --- insert new participants into table participants
	if ($lastname) foreach($lastname as $key => $value) {
		if ($value) {
			// --- query if participant with that email exists in contacts, if not -> add to participants
			$result = mysql_query("SELECT participants_id FROM participants WHERE email = '$email[$key]' 
			AND conveners_id='$conveners_id'", $link);
			if (mysql_num_rows($result) == 0) mysql_query("INSERT INTO participants (email, firstname, lastname, conveners_id) 
			VALUES ('$email[$key]', '$firstname[$key]', '$lastname[$key]', '$conveners_id')", $link) OR 
			die("Could not add participant: " . mysql_error());
		}
		// --- query id of the participant
		$result = mysql_query("SELECT participants_id FROM participants WHERE email = '$email[$key]'", $link);
		$row = mysql_fetch_row($result);
		$new[] = $row[0]; // and store it in array
	}

	
	// --- insert new participants into table groups_have_participants
	if ($new) foreach($new as $value) {
		$result = mysql_query("SELECT participants_id FROM groups_have_participants WHERE groups_id = '$id' 
		AND participants_id = '$value'", $link);		
		if (mysql_num_rows($result) != 0) { // selected participant is already in this group
			$row = mysql_fetch_row($result);
			$result = mysql_query("SELECT lastname, firstname, email FROM participants WHERE participants_id = $row[0]", $link);
			$row = mysql_fetch_row($result);			
			echo "<p>$row[0], $row[1] ($row[2]) was already a member of this group.</p>";
		} else {
			mysql_query("INSERT INTO groups_have_participants (groups_id, participants_id, conveners_id) 
			VALUES ('$id', '$value', '$conveners_id')", $link) OR die("<p>Could not add new participant (id: $value) 
			to group (id: $id):" . mysql_error() . '</p>');
		}
	}
	
	// --- insert selected existing participants into table groups_have_participants
	if ($addpart) foreach($addpart as $value) {
		$result = mysql_query("SELECT participants_id FROM groups_have_participants WHERE groups_id = '$id' 
		AND participants_id = '$value'", $link);		
		if (mysql_num_rows($result) != 0) { // selected participant is already in this group
			$row = mysql_fetch_row($result);
			$result = mysql_query("SELECT lastname, firstname, email FROM participants WHERE participants_id = $row[0]", $link);
			$row = mysql_fetch_row($result);			
			echo "<p>$row[0], $row[1] ($row[2]) was already a member of this group.</p>";
		} else { // selected participant was not in the group
			mysql_query("INSERT INTO groups_have_participants (groups_id, participants_id, conveners_id) 
			VALUES ('$id', '$value', '$conveners_id')", $link) OR die("Could not add existing participant 
			(id: $value) to group (id: $id):" . mysql_error());
		}
	}
	
	// --- everything ok
	echo '<h2>Adding new members completed</h2><p><a href="viewgroup.php?g=' . $id . '">View group</a><p>';	
	
} else { // display form to add members
	$id = escape_smart($_POST['g']);
	$result = mysql_query("SELECT name FROM groups WHERE groups_id = $id", $link);
	$row = mysql_fetch_row($result);
	echo '<h1>Add members to "' . $row[0] . '"</h1><h2>Enter new participants:</h2><form action="addmembers.php" method="post">
	<table><tr><td class="noborder">First name</td><td class="noborder">Last name</td><td class="noborder">E-mail</td></tr>';
	
	for($i = 1; $i <= 10; $i++) { // limitation: only 10 participants, editable in settings?
		echo '<tr><td class="noborder"><input type="text" name="firstname[]" size="12" maxlength="20" /></td> 
		<td class="noborder"><input type="text" name="lastname[]" size="17" maxlength="45" /></td>
		<td class="noborder"><input type="text" name="email[]" size="22" maxlength="45" /></td></tr>';
	}	
	echo '</table>';

	$result = mysql_query("SELECT * FROM participants WHERE conveners_id = $conveners_id ORDER BY lastname", $link); 
	if (mysql_num_rows($result) != 0) {
		echo '<h2>Add from existing participants:</h2><select name="addpart[]" size="15" multiple>';
		while ($row = mysql_fetch_assoc($result)) {
			echo '<option value="' . $row['participants_id'] .'">' . $row['lastname'] . ', ' . $row['firstname']
			. ' (' . $row['email'] . ')</option>';
		}
		echo '</select>';
	}
	echo '</table><p><input type="hidden" name="g" value="' . $id . '" /><input type="submit" name="ok" value="Add members"></p></form>';
}
?>

</div>
</div>
</body>
</html>

Return current item: Convener