<?php # edit_work_info.php
// This script will be the base page to set up the user's profile
require ('includes/config.inc.php');
$page_title = 'Your Work Information';
include ('includes/header.html');
require (MYSQL); // Need the database connection:
// refresh_session(0);
// If no first_name session variable exists, redirect the user:
if (!isset($_SESSION['person_id'])) {
$url = BASE_URL . 'index.php'; // Define the URL.
ob_end_clean(); // Delete the buffer.
header("Location: $url");
exit(); // Quit the script.
}
refresh_session(0); // Refresh session settinings incase of previous changes
// header
echo "<h1>$page_title</h1><br />";
if ($_SERVER['REQUEST_METHOD'] == 'POST') { // Handle the form.
$trimmed = array_map('trim', $_POST); // Trim all the incoming data:
// Assume invalid values:
$w_address1 = $w_address2 = $w_city = $w_state = $w_zip = $w_birth = $w_start = FALSE;
// Check for address 1 OR blank:
if (preg_match ('/^()$|^([0-9]+ [A-Z 0-9]+)$/i', $trimmed['w_address1'])) {
$w_address1 = mysqli_real_escape_string ($dbc, $trimmed['w_address1']);
$w_address1 = !empty($w_address1) ? "'$w_address1'" : "NULL";
} else {
echo '<p class="error">Address 1 is invalid!<br>
Use only numbers and letters.</p>';
}
// Check for address 2 OR blank:
if (preg_match ('/^()$|^([A-Z 0-9]{2,40})$/i', $trimmed['w_address2'])) {
$w_address2 = mysqli_real_escape_string ($dbc, $trimmed['w_address2']);
$w_address2 = !empty($w_address2) ? "'$w_address2'" : "NULL";
} else {
echo '<p class="error">Address 2 is invalid!<br>
Use only numbers and letters.<br>
Must be between 2 and 40 characters long.</p>';
}
// Check for a city:
if (preg_match ('/^([A-Z]{2,30})$/i', $trimmed['w_city'])) {
$w_city = mysqli_real_escape_string ($dbc, $trimmed['w_city']);
} else {
echo '<p class="error">Please enter a valid city!<br>
Use only letters.<br>
Must be between 2 and 30 characters long./p>';
}
// Check for a state:
if (preg_match ('/^([A-Z]{2})$/i', $trimmed['w_state'])) {
$w_state = mysqli_real_escape_string ($dbc, $trimmed['w_state']);
} else {
echo '<p class="error">Please enter a valid state abbreviation!<br>
Use only 2 letters.</p>';
}
// Check for zip OR blank:
if (preg_match ('/^()$|^([0-9]{5})$/', $trimmed['w_zip'])) {
$w_zip = mysqli_real_escape_string ($dbc, $trimmed['w_zip']);
$w_zip = !empty($w_zip) ? "'$w_zip'" : "NULL";
} else {
echo '<p class="error">Zip is invalid!<br>
Use only 5 numbers.</p>';
}
// Check for a birth date:
if (preg_match ('/[0-9]{4}-[0-1][0-9]-[0-3][0-9]$/', $trimmed['w_birth'])) {
$w_birth = mysqli_real_escape_string ($dbc, $trimmed['w_birth']);
} else {
echo '<p class="error">Please enter a valid birth date!<br>
Must be in this exact format.<br>
YYYY-MM-DD</p>';
}
// Check for a start date:
if (preg_match ('/[0-9]{4}-[0-1][0-9]-[0-3][0-9]$/', $trimmed['w_start'])) {
$w_start = mysqli_real_escape_string ($dbc, $trimmed['w_start']);
} else {
echo '<p class="error">Please enter a valid start date!<br>
Must be in this exact format.<br>
YYYY-MM-DD</p>';
}
if ($w_address1 && $w_address2 && $w_city && $w_state && $w_zip && $w_birth && $w_start) { // If everything's OK...
// Add the user info to the database:
try {
$dbc->autocommit(FALSE); // i.e., start transaction
//
// Add users info to worker table
//
// chech to see if and address id has been made with person id
BUG(1);
$q ="
SELECT worker_id
FROM worker
WHERE person_id=".$_SESSION['person_id']
;
BUG(2);
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />
MySQL Error: " . mysqli_error($dbc));
BUG(3);
if (mysqli_num_rows($r) == 0) { //worker has not been set yet. Need to add new
BUG(4);
$q = "
INSERT INTO worker (person_id, birth_date, start_date)
VALUES (".$_SESSION['person_id'].", '$w_birth', '$w_start')
";
BUG(5);
$result = $dbc->query($q);
BUG(6);
if ( !$result ) {
BUG(7);
//$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
} else { //worker Has already been set, just update info
BUG(8);
$q = "
UPDATE worker
SET birth_date='$w_birth',
start_date='$w_start'
WHERE person_id = ".$_SESSION['person_id'];
BUG(9);
$result = $dbc->query($q);
if ( !$result ) {
BUG(10);
//$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
}
//
// Add users as owner to an office --- MUST UPDATE, user should not be office owner unless actualy is.
//
// chech to see if and office_id has been made with person_id
BUG(11);
$q ="
SELECT office_id
FROM office
WHERE person_id=".$_SESSION['person_id']
;
BUG(12);
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />
MySQL Error: " . mysqli_error($dbc));
BUG(13);
if (mysqli_num_rows($r) == 0) { //office has not been set yet. Need to add new
BUG(14);
$q = "
INSERT INTO office (person_id)
VALUES (".$_SESSION['person_id'].")
";
BUG(15);
$result = $dbc->query($q);
BUG(16);
$office_id = $dbc->insert_id; // last auto_inc id from *this* connection
if ( !$result ) {
BUG(17);
//$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
} else { // office is set...
if (isset($_SESSION['office_id'])) {
$office_id = $_SESSION['office_id'];
BUG(18);
} else { // session's office_id is not yet set
$q ="
SELECT office_id
FROM office
WHERE person_id=".$_SESSION['person_id']
;
$r = @mysqli_query ($dbc, $q); // Run the query.
BUG(19);
$row = mysqli_fetch_array($r, MYSQLI_ASSOC);
BUG(20);
$office_id = $row['office_id'];
}
}
//
// Add users office info to address table
//
// chech to see if and address id has been made with person id
BUG(21);
$q ="
SELECT address_id
FROM address
WHERE office_id=$office_id
";
BUG(22);
$r = mysqli_query ($dbc, $q) or trigger_error("Query: $q\n<br />
MySQL Error: " . mysqli_error($dbc));
BUG(23);
if (mysqli_num_rows($r) == 0) { // Has not been set yet. Need to add new
BUG(24);
$q = "
INSERT INTO address (office_id, address1, address2, city, st, zip)
VALUES ($office_id, $w_address1, $w_address2, '$w_city', '$w_state', $w_zip)
";
BUG(25);
$result = $dbc->query($q);
BUG(26);
if ( !$result ) {
BUG(27);
//$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
} else { // Has already been set, just update info
BUG(28);
$q = "
UPDATE address
SET address1=$w_address1,
address2=$w_address2,
city='$w_city',
st='$w_state',
zip=$w_zip
WHERE office_id =$office_id
";
BUG(29);
$result = $dbc->query($q);
if ( !$result ) {
BUG(30);
//$result->free();
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
}
//
// update office_id in worker table
//
$q = "
UPDATE worker SET office_id=$office_id
WHERE person_id = ".$_SESSION['person_id'];
BUG(31);
$result = $dbc->query($q);
BUG(32);
if ( !$result ) {
BUG(33);
$result->free();
BUG(34);
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
BUG(50);
//
// Update user_level to 3 on registered_user table
//
//check user level and update to level 3
(( $_SESSION['user_level'] < 3) ? ($user_level = 3) : ($user_level = $_SESSION['user_level']));
BUG(51);
// update registered_user table
$q = "
UPDATE registered_user SET user_level=$user_level
WHERE user_id = ".$_SESSION['user_id'];
BUG(52);
$result = $dbc->query($q);
BUG(53);
if ( !$result ) {
BUG(54);
$result->free();
BUG(55);
throw new Exception($dbc->error);
trigger_error("Query: $q\n<br />MySQL Error: " . mysqli_error($dbc));
}
BUG(97);
// our SQL queries have been successful. commit them
// and go back to non-transaction mode.
$dbc->commit();
$dbc->autocommit(TRUE); // i.e., end transaction
$passed = TRUE;
BUG(98);
}
catch ( Exception $email ) {
$dbc->rollback();
$dbc->autocommit(TRUE); // i.e., end transaction
$passed = FALSE;
BUG('99 - rollback - 99');
}
BUG(100);
if ($passed) { // If it ran OK.
// Finish the page:
echo '<h3>The changes were excepted.</h3>';
//refresh_session();
BUG('ALL HAS PASSED');
// forward to profile.php in 2 seconds
$url = BASE_URL . 'profile.php';
header('Refresh: 2;url=' . $url . '');
include ('includes/footer.html'); // Include the HTML footer.
exit(); // Stop the page.
} else { // If it did not run OK.
echo '<p class="error">The changes did not take place due to a system error.
We apologize for any inconvenience.</p>';
}
} else { // If one of the data tests failed.
echo '<p class="error">Please try again.</p>';
}
mysqli_close($dbc);
//refresh_session();
}// End of the main Submit conditional.
?>
<h2>Edit Mode</h2>
<form action="edit_work_info.php" method="post">
<fieldset>
<p>Work Address 1: <input type="text" name="w_address1" size="20" maxlength="20"
value="<?php echo (isset($trimmed['w_address1']) ? $trimmed['w_address1'] : (isset($_SESSION['o_address1']) ? $_SESSION['o_address1'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p>Work Address 2: <input type="text" name="w_address2" size="30" maxlength="80"
value="<?php echo (isset($trimmed['w_address2']) ? $trimmed['w_address2'] : (isset($_SESSION['o_address2']) ? $_SESSION['o_address2'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p style="color:red">Work City: <input type="text" name="w_city" size="20" maxlength="20"
value="<?php echo (isset($trimmed['w_city']) ? $trimmed['w_city'] : (isset($_SESSION['o_city']) ? $_SESSION['o_city'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p style="color:red">Work State: <input type="text" name="w_state" size="20" maxlength="20"
value="<?php echo (isset($trimmed['w_state']) ? $trimmed['w_state'] : (isset($_SESSION['o_state']) ? $_SESSION['o_state'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p>Work Zip: <input type="text" name="w_zip" size="20" maxlength="40"
value="<?php echo (isset($trimmed['w_zip']) ? $trimmed['w_zip'] : (isset($_SESSION['o_zip']) ? $_SESSION['o_zip'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p style="color:red">Your Birth Date: <input type="date" name="w_birth" size="20" maxlength="40"
value="<?php echo (isset($trimmed['w_birth']) ? $trimmed['w_birth'] : (isset($_SESSION['birth_date']) ? $_SESSION['birth_date'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
<p style="color:red">Date You Started In This Business: <input type="date" name="w_start" size="20" maxlength="40"
value="<?php echo (isset($trimmed['w_start']) ? $trimmed['w_start'] : (isset($_SESSION['start_date']) ? $_SESSION['start_date'] : '' )); ?>" /></span></pre>
<pre><span style="font-size: 10pt;">
</fieldset>
<div align="center">
<input type="submit" name="submit" value="Submit" />
</div>
</form>
<?php
include ('includes/footer.html');
?>