Netsyms
/
HACHEMembershipPortal
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '48917e6bce'
${ noResults }
HACHEMembershipPortal/action.php

290 lines
11 KiB
PHP
Raw Blame History

<?php
/* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
/**
* Make things happen when buttons are pressed and forms submitted.
*/
require_once __DIR__ . "/required.php";
if ($VARS['action'] !== "signout") {
dieifnotloggedin();
}
/**
* Redirects back to the page ID in $_POST/$_GET['source'] with the given message ID.
* The message will be displayed by the app.
* @param string $msg message ID (see lang/messages.php)
* @param string $arg If set, replaces "{arg}" in the message string when displayed to the user.
*/
function returnToSender($msg, $arg = "") {
global $VARS;
if ($arg == "") {
header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=" . $msg);
} else {
header("Location: app.php?page=" . urlencode($VARS['source']) . "&msg=$msg&arg=$arg");
}
die();
}
switch ($VARS['action']) {
case "signout":
session_destroy();
header('Location: index.php');
die("Logged out.");
case "editfamily":
if (!(new User($_SESSION['uid']))->hasPermission("HACHEPORTAL_EDIT")) {
returnToSender("no_permission");
}
$family = new Family();
$editing = false;
if (!empty($VARS['familyid']) && $database->has("families", ['familyid' => $VARS['familyid']])) {
$family = (new Family())->load($VARS['familyid']);
$editing = true;
}
function errorBack(string $errormsg) {
global $family, $editing;
if ($editing) {
returnToSender($errormsg, "&id=" . $family->getID());
}
returnToSender($errormsg);
}
$database->action(function($database) {
global $family, $VARS, $editing;
try {
$lastname = $VARS['familyname'];
$father = $VARS['fathername'];
$mother = $VARS['mothername'];
if (empty($lastname)) {
errorBack("Enter a last name.");
}
if (empty($father)) {
errorBack("Enter a father name.");
}
if (empty($mother)) {
errorBack("Enter a mother name.");
}
$family->setName($lastname);
$family->setFather($father);
$family->setMother($mother);
$family->setPhone($VARS['phone']);
$family->setEmail($VARS['email']);
if ($editing) {
if ($database->has("families", ["AND" => ["email" => $family->getEmail(), "familyid[!]" => $family->getID()]])) {
errorBack("That email address is already in use with another family.");
}
} else {
if ($database->has("families", ["email" => $family->getEmail()])) {
errorBack("That email address is already in use with another family.");
}
}
$address = $VARS['streetaddress'];
$city = $VARS['city'];
$state = strtoupper($VARS['state']);
$zip = $VARS['zip'];
if (empty($address)) {
errorBack("Enter a street address.");
}
if (empty($city)) {
errorBack("Enter a city.");
}
$family->setAddress($address);
$family->setCity($city);
$family->setState($state);
$family->setZip($zip);
if (empty($VARS['date']) || strtotime($VARS['date']) === false) {
returnToSender("invalid_parameters");
}
$family->setExpires(null, $VARS['date']);
$newsletter = $VARS['newsletter_method'];
$membership_cost = 2500;
if (empty($newsletter)) {
errorBack("Select a newsletter preference.");
}
$family->setNewsletter($newsletter);
switch ($newsletter) {
case 1: // Email only
$membership_cost = 2500;
break;
case 2: // Print only
$membership_cost = 3500;
break;
case 3: // Email and print
$membership_cost = 3500;
break;
default:
errorBack("Select a valid newsletter preference.");
}
$photopermission = $VARS['photo_permission'];
if (!empty($photopermission) && $photopermission == "1") {
$photopermission = true;
} else {
$photopermission = false;
}
$family->setPhotoPermission($photopermission);
$private = $VARS['private'];
if (!empty($private) && $private == "1") {
$private = true;
} else {
$private = false;
}
$family->setPrivate($private);
$family->save();
//
// Children
//
$children = $VARS['child'];
$childObjects = $family->getChildren();
$childrenToDelete = [];
foreach ($children['ids'] as $cid) {
if (empty($children['name'][$cid])) {
$childrenToDelete[] = $cid;
continue;
}
if (!preg_match("/^([1-9]|1[012])$/", $children['month'][$cid])) {
errorBack("Invalid birth month chosen for " . htmlentities($children['name'][$cid]) . ".");
}
if (!is_numeric($children['year'][$cid])) {
errorBack("Invalid birth year chosen for " . htmlentities($children['name'][$cid]) . ".");
}
$children['year'][$cid] = $children['year'][$cid] * 1;
if ($children['year'][$cid] < 1980 || $children['year'][$cid] > date("Y")) {
errorBack("Invalid birth year chosen for " . htmlentities($children['name'][$cid]) . ".");
}
if (Child::exists($cid, $family->getID())) {
// iterate over existing children to find the correct one
for ($i = 0; $i < count($childObjects); $i++) {
if ($childObjects[$i]->getID() == $cid) {
$childObjects[$i]->setName($children['name'][$cid]);
$childObjects[$i]->setBirthday(null, $children['year'][$cid] . "-" . $children['month'][$cid] . "-00");
$childObjects[$i]->setGraduated(empty($children['graduate'][$cid]) ? false : true);
}
}
} else {
$child = new Child();
$child->setName($children['name'][$cid]);
$child->setBirthday(null, $children['year'][$cid] . "-" . $children['month'][$cid] . "-00");
$child->setGraduated(empty($children['graduate'][$cid]) ? false : true);
$child->setFamilyID($family->getID());
$childObjects[] = $child;
}
}
foreach ($childObjects as $child) {
$child->save();
}
foreach ($childrenToDelete as $rip) {
$database->delete("people", ['personid' => $rip]);
}
} catch (Exception $ex) {
errorBack($ex->getMessage());
}
});
returnToSender("family_saved", "&id=" . $family->getID());
break;
case "deletefamily":
if (!(new User($_SESSION['uid']))->hasPermission("HACHEPORTAL_EDIT")) {
returnToSender("no_permission");
}
if (!empty($VARS['familyid']) && $database->count("families", ['familyid' => $VARS['familyid']]) === 1) {
$database->delete("people", ["familyid" => $VARS['familyid']]);
$database->delete("interests", ["familyid" => $VARS['familyid']]);
$database->delete("payments", ["familyid" => $VARS['familyid']]);
$database->delete("families", ["familyid" => $VARS['familyid']]);
returnToSender("family_deleted");
} else {
returnToSender("family_doesnt_exist");
}
break;
case "editevents":
if (!(new User($_SESSION['uid']))->hasPermission("HACHEPORTAL_EDIT")) {
returnToSender("no_permission");
}
foreach ($_POST['events'] as $k => $v) {
if ($database->has("events", ["eventid" => $k])) {
if (empty($v)) {
$database->delete("interests", ["eventid" => $k]);
$database->delete("events", ["eventid" => $k]);
continue;
}
$database->update("events", ["event" => $v], ["eventid" => $k]);
} else {
if (empty($v)) {
continue;
}
$database->insert("events", ["event" => $v]);
}
}
returnToSender("events_updated");
case "editpayment":
if (!(new User($_SESSION['uid']))->hasPermission("HACHEPORTAL_EDIT")) {
returnToSender("no_permission");
}
if (!$database->has("families", ['familyid' => $VARS['familyid']])) {
returnToSender("invalid_parameters");
}
if (!is_numeric($VARS["amount"]) || $VARS["amount"] < 0) {
returnToSender("invalid_parameters");
}
if (empty($VARS['date']) || strtotime($VARS['date']) === false) {
returnToSender("invalid_parameters");
}
if (!empty($VARS['paymentid']) && $database->has("payments", ['paymentid' => $VARS['paymentid']])) {
$database->update("payments", [
"familyid" => $VARS["familyid"],
"amount" => $VARS["amount"],
"paid" => !empty($VARS["paid"]) && $VARS["paid"] == "1" ? true : false,
"date" => date("Y-m-d H:i:s", strtotime($VARS['date'])),
"type" => $VARS["type"]
], [
"paymentid" => $VARS["paymentid"]
]);
$paymentid = $VARS["paymentid"];
} else {
$database->insert("payments", [
"familyid" => $VARS["familyid"],
"amount" => $VARS["amount"],
"paid" => !empty($VARS["paid"]) && $VARS["paid"] == "1" ? true : false,
"date" => date("Y-m-d H:i:s", strtotime($VARS['date'])),
"type" => $VARS["type"]
]);
$paymentid = $database->id();
$family = (new Family())->load($VARS['familyid']);
if ($family->getExpires() < time()) {
$family->setExpires(strtotime("+1 year"));
} else {
$family->setExpires(strtotime("+1 year", $family->getExpires()));
}
$family->save();
}
returnToSender("payment_saved", "&id=$paymentid");
break;
}
Reference in New Issue View Git Blame Copy Permalink