<?php
// rosterEdit.php
//
// Form to edit/input roster information
//
// +----------------------------------------------------------------------+
// | PHP EMS Tools http://www.php-ems-tools.com |
// +----------------------------------------------------------------------+
// | Copyright (c) 2006, 2007 Jason Antman. |
// | |
// | This program is free software; you can redistribute it and/or modify |
// | it under the terms of the GNU General Public License as published by |
// | the Free Software Foundation; either version 3 of the License, or |
// | (at your option) any later version. |
// | |
// | This program is distributed in the hope that it will be useful, |
// | but WITHOUT ANY WARRANTY; without even the implied warranty of |
// | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
// | GNU General Public License for more details. |
// | |
// | You should have received a copy of the GNU General Public License |
// | along with this program; if not, write to: |
// | |
// | Free Software Foundation, Inc. |
// | 59 Temple Place - Suite 330 |
// | Boston, MA 02111-1307, USA. |
// +----------------------------------------------------------------------+
// |Please use the above URL for bug reports and feature/support requests.|
// +----------------------------------------------------------------------+
// | Authors: Jason Antman <hide@address.com> |
// +----------------------------------------------------------------------+
// $Id: rosterEdit.php,v 1.6 2007/09/20 00:00:40 jantman Exp $
//required for HTML_QuickForm PEAR Extension
require_once 'HTML/QuickForm.php';
require_once 'HTML/QuickForm/element.php';
require_once('./config/config.php'); // main configuration
require_once('./config/rosterConfig.php'); // roster configuration
// tell PHP to ignore any errors less than E_ERROR
error_reporting(1);
//if the variables are specified in the URL, get them.
if(! empty($_GET['action']))
{
$action = $_GET['action'];
// possible values are 'new', 'edit', 'remove'
}
if(! empty($_GET['EMTid']))
{
$id = $_GET['EMTid'];
}
//instantiate the form
$form = new HTML_QuickForm('firstForm');
// mysql connection
$connection = mysql_connect() or die ('ERROR: Unable to connect to MySQL!');
mysql_select_db($dbName) or die ('ERROR: Unable to select database!');
//BEGIN CREATING ELEMENTS
//
//
$form->addElement('text', 'adminID', 'Administrator ID#', array('size' => 10, 'maxlength' => 5));
$form->addElement('password', 'adminPW', 'Password', array('size' => 10, 'maxlength' => 10));
$form->addElement('header', null, 'Member Information');
$form->addElement('text', 'EMTid', 'EMT ID#', array('size' => 10, 'maxlength' => 5));
$form->addElement('text', 'unitID', 'Unit ID# (optional)', array('size' => 10, 'maxlength' => 5));
// member types
$types = array();
global $typeDefault;
for($i=0; $i < count($memberTypes); $i++)
{
$types[$memberTypes[$i]['name']] = $memberTypes[$i]['name'];
}
$typeE =& $form->createElement('select', 'type', 'Member Type:');
$typeE -> loadArray($types, $typeDefault);
$form->addElement($typeE);
//rights level
$levels = array(0 => 'None (0)', 1 => 'User (1)', 2 => 'Admin/Officer (2)');
$rightsE =& $form->createElement('select', 'rightsLevel', 'Rights Level:');
$rightsE -> loadArray($levels, '0');
$form->addElement($rightsE);
$form->addElement('header', null, 'Personal Information:');
$form->addElement('text', 'FirstName', 'First Name', array('size' => 30, 'maxlength' => 30, 'id' => 'FirstName'));
$form->addElement('text', 'LastName', 'Last Name', array('size' => 30, 'maxlength' => 30, 'id' => 'LastName'));
$form->addElement('text', 'shownAs', 'Shown As', array('size' => 30, 'maxlength' => 30, 'id' => 'shownAs'));
$form->addElement('text', 'SpouseName', 'Spouse Name', array('size' => 30, 'maxlength' => 30, 'id' => 'SpouseName'));
$form->addElement('text', 'Address', 'Address', array('size' => 30, 'maxlength' => 30, 'id' => 'Address'));
// rule for validating phone
//$form->registerRule('phone','regex','/^\(\d{3}\)\d{3}-\d{4}|\d{3}-\d{3}-\d{4}$/');
$form->registerRule('phone','regex','/^\d{3}-\d{3}-\d{4}$/');
$form->addElement('text', 'HomePhone', 'Home Phone', array('size' => 15, 'maxlength' => 14, 'id' => 'HomePhone'));
$form->addRule('HomePhone','Please enter a valid Phone number.','phone');
$form->addElement('text', 'CellPhone', 'Cell Phone', array('size' => 15, 'maxlength' => 14, 'id' => 'CellPhone'));
$form->addRule('CellPhone','Please enter a valid Phone number.','phone');
$form->addElement('static',null,' ','Format: 555-555-5555');
$form->addElement('text', 'Email', 'Email', array('size' => 30, 'maxlength' => 255, 'id' => 'Email'));
$form->addRule('emailorblank', 'This must be a valid EMail Address or it must be blank.', 'Email');
$form->addElement('text', 'TextEmail', 'Text Email', array('size' => 30, 'maxlength' => 255, 'id' => 'TextEmail'));
$form->addRule('emailorblank', 'This must be a valid EMail Address or it must be blank.', 'TextEmail');
$form->addElement('password', 'password', 'Password', array('size' => 15, 'maxlength' => 14, 'id' => 'password'));
$form->addElement('header', null, ' ');
//HIDDEN FIELDS to keep values between refreshing the form
if(! empty($_GET['action']))
{
$form->addElement('hidden','action',$_GET['action']);
}
if(! empty($_GET['EMTid']))
{
$form->addElement('hidden','EMTid',$_GET['EMTid']);
}
if($_GET['action']=='edit' || $_GET['action']=='remove' || $_GET['action']=='new')
{
$buttonGroup[] =& HTML_QuickForm::createElement('reset', 'btnReset', 'Reset');
$buttonGroup[] =& HTML_QuickForm::createElement('submit', 'btnSubmit', 'Submit');
$form->addGroup($buttonGroup, 'buttonGroup', null, " ");
}
//FINISHED CREATING ELEMENTS
if ($_GET['action']=='remove')
{
$EMTid = $id;
$def = populateMe($EMTid);
$form->setDefaults($def);
$form->freeze('EMTid');
$form->freeze('FirstName');
$form->freeze('LastName');
$form->freeze('shownAs');
$form->freeze('rightsLevel');
$form->freeze('SpouseName');
$form->freeze('Address');
$form->freeze('HomePhone');
$form->freeze('CellPhone');
$form->freeze('Email');
$form->freeze('type');
$form->freeze('password');
$form->freeze('unitID');
$form->freeze('TextEmail');
$tempE = HTML_QuickForm::createElement('header', null, 'Remove EMT '.$EMTid);
$form->insertElementBefore($tempE, 'adminID');
}
elseif ($_GET[action]=='edit')
{
$EMTid = $id;
$tempE = HTML_QuickForm::createElement('header', null, 'Edit EMT '.$EMTid);
$form->insertElementBefore($tempE, 'adminID');
$def = populateMe($EMTid);
$form->setDefaults($def);
$form->freeze('EMTid');
}
else
{
// NEW member
$EMTid = '';
$tempE = HTML_QuickForm::createElement('header', null, 'New Member');
$form->insertElementBefore($tempE, 'adminID');
$defaults = array();
// TODO: here, we must find the next EMT ID# not assigned.
// this will be organization-dependent. we should assume the next integer.
$form->setDefaults($defaults);
}
$freeze = true;
// Try to validate the form
if ($form->validate())
{
# If the form validates, freeze and process the data
//post-validation filters here
$form->applyFilter('__ALL__', 'trim');
$form->applyFilter('__ALL__','doQuotes');
$form->process('processForm', false);
// exit the script, on successful insertion
?>
<SCRIPT LANGUAGE="JavaScript">
<!--hide
opener.location.reload(true);
self.close();
//-->
</SCRIPT>
<?php
}
function processForm($formItems)
{
//this processes the forum when it is submitted.
global $EMTid;
global $action;
if(empty($action))
{
$action = $formItems['action'];
}
if($action=='new')
{
putToDB($formItems, $action);
}
if($action=='edit')
{
putToDB($formItems, $action);
}
if($action=='remove')
{
putToDB($formItems, $action);
}
}
function putToDB($formItems, $action)
{
global $EMTid;
$EMTid = $formItems['EMTid'];
if(! validateAdmin($formItems['adminID'], $formItems['adminPW']))
{
die("ERROR AUTH1: I'm sorry, the Administrator ID and Password that you provided is invalid, or you do not have the proper rights level to perform the requested action.");
}
if(($action=='edit')||($action=='remove'))
{
$EMTid = $formItems['EMTid'];
idInDB($EMTid) or die("I'm sorry, but EMT number ".$EMTid." is not in the database.");
}
else //trying to create a new one
{
(! idInDB($EMTid)) or die("I'm sorry, but EMT number ".$EMTid." is already created. Please try and edit the entry.");
}
$conn = mysql_connect() or die ('ERROR: Unable to connect to MySQL!');
global $dbName;
mysql_select_db($dbName) or die ('ERROR: Unable to select database!');
global $EMTid;
if($formItems['type'] == 'Resigned')
{
$pwdMD5 = "RESIGNED";
}
else
{
$pwdMD5 = md5($formItems['password']);
}
$statementBody = 'EMTid="'.$formItems['EMTid'].'",FirstName="'.$formItems['FirstName'].'",LastName="'.$formItems['LastName'].'",SpouseName="'.$formItems['SpouseName'].'",Address="'.$formItems['Address'].'",HomePhone="'.$formItems['HomePhone'].'",CellPhone="'.$formItems['CellPhone'].'",Email="'.$formItems['Email'].'",password="'.$formItems['password'].'",pwdMD5="'.$pwdMD5.'",status="'.$formItems['type'].'",rightsLevel="'.$formItems['rightsLevel'].'",textEmail="'.$formItems['TextEmail'].'"';
if($formItems['shownAs']<>"")
{
$statementBody.= ',shownAs="'.$formItems['shownAs'].'"';
}
else
{
$statementBody.= ',shownAs="'.$formItems['LastName'].'"';
}
if($formItems['unitID']<>"")
{
$statementBody.= ',unitID="'.$formItems['unitID'].'"';
}
if($action=='edit')
{
$query = "UPDATE roster SET ";
$query .= $statementBody;
$query .= ' WHERE EMTid="'.$EMTid.'";';
}
elseif($action=='remove')
{
$query = 'DELETE FROM roster WHERE EMTid="'.$EMTid.'";';
}
else//if($action=='new')
{
$query = "INSERT INTO roster SET ";
$query .= $statementBody;
$query .= ';';
}
if(mysql_query($query))
{
// success
}
else
{
echo "MYSQL error: ".mysql_error();
}
mysql_close($conn);
}
function populateMe($EMTid)
{
global $action;
//populate from the DB
$defaults = array();
$query = "SELECT * FROM roster WHERE EMTid='".$EMTid."';";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
if(mysql_num_rows($result)==0)
{
die("I'm sorry, but the ID# that you entered (".$EMTid.") is not in the database. Please try again.");
}
while ($row = mysql_fetch_array($result))
{
$defaults = $row;
$defaults['EMTid'] = $EMTid;
$defaults['type'] = $row['status'];
}
//$defaults['unitID'] = $row['unitID'];
$defaults['TextEmail'] = $row['textEmail'];
mysql_free_result($result);
return $defaults;
}
function validateAdmin($adminID, $adminPW)
{
// this function checks with mySQL to see if the admin is valid
global $minRightsRoster;
$query = "SELECT EMTid,rightsLevel,pwdMD5 FROM roster WHERE EMTid=".$adminID.";";
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
if(mysql_num_rows($result)==0)
{
// the admin ID given is not a valid EMT id in database
return false;
}
while ($row = mysql_fetch_array($result))
{
if($row['rightsLevel'] < $minRightsRoster)
{
// the rights level in the database is less than 1 (officer)
return false;
}
if($row['pwdMD5']<>md5($adminPW))
{
//provided password does not match database
return false;
}
}
mysql_free_result($result);
return true;
}
function idInDB($EMTid)
{
// this function checks with mySQL to see if the admin is valid
$query = 'SELECT EMTid FROM roster WHERE EMTid="'.$EMTid.'";';
$result = mysql_query($query) or die ("Error in query: $query. " . mysql_error());
if(mysql_num_rows($result)==0)
{
// the ID given is not in the database
return false;
}
while ($row = mysql_fetch_array($result))
{
if($row['EMTid']==$EMTid)
{
// the specified ID actually is in the table
return true;
}
}
mysql_free_result($result);
// just to make sure we didn't miss anything
return false;
}
function doQuotes($s)
{
return addslashes($s);
}
mysql_close($connection);
?>
<HTML>
<HEAD>
<?php
echo '<TITLE>'.$shortName.' Roster - Administrative Tool</TITLE>';
?>
<link rel="stylesheet" href="php_ems.css" type="text/css">
</HEAD>
<BODY>
<?php
echo '<h2 align=center>'.$shortName.' Roster Administrative Tool</h2>';
?>
<?php
// display the form
$form->display();
?>
</BODY>
</HTML>