reSIProcate/repro  9694
savemodifiedresource.php
Go to the documentation of this file.
00001 <?php
00002 require('reprofunctions.php');
00003 dbgSquirt("============= Save Modified Resource ===============");
00004 dbgSquirt(dbgShowFile($_POST));
00005 
00006 $result = checkCookies($forceLogin,$error,FALSE);
00007 if (!($result) || $forceLogin) {
00008   // we got an error back that occurred while checkCookies was being run, 
00009   // or authentication failed.  Either way, bounce them back to the login screen
00010   header("Location: http://" . $_SERVER['HTTP_HOST'] . 
00011          dirname($_SERVER['PHP_SELF']) . 
00012          "/index.php?error=$error");
00013   exit;
00014  }
00015 $username = $_COOKIE['user'];
00016 $bounceURL = "Location: http://" . $_SERVER['HTTP_HOST'] . 
00017   dirname($_SERVER['PHP_SELF']) . 
00018   "/editresource.php?aor=" . $_POST['aor'] . 
00019   "&forwardType=" . $_POST['forwardType'] . 
00020   "&forward=" . $_POST['forward'] . 
00021   "&voicemail=" . $_POST['voicemail'] . 
00022   "&error=";
00023 
00024 // make sure post variables have arrived
00025 // note -- can't check for forward because if it was diabled on the previous
00026 // screen by clicking No, it will not be sent as a POST variable
00027 if (!isset($_POST['resourceId']) || !isset($_POST['aor']) || 
00028     !isset($_POST['forwardType']) || !isset($_POST['voicemail'])) {
00029   header($bounceURL . "The information to modify a resource was not provided.  Please enter the information and click Save.  If this error reoccurs, contact an administrator.");
00030   exit;
00031  }
00032 
00033 // check if the user pressed cancel ... if so, back to user home
00034 if ("Cancel" == $_POST['submit']) {
00035   header("Location: http://" . $_SERVER['HTTP_HOST'] . 
00036          dirname($_SERVER['PHP_SELF']) . "/userhome.php");
00037   exit;
00038  }
00039 
00040 // check that resourceId only contains digits
00041 // the valid number check is for security to make sure that no one hacks the 
00042 // URL and replaces the resourceId param with something designed to screw up
00043 // the database.  In this case, there is nothing the user can fix, so send them
00044 // back to userhome.
00045 $resourceId = $_POST['resourceId'];
00046 if (!ereg("^[0-9]+$",$resourceId)) {
00047   header("Location: http://" . $_SERVER['HTTP_HOST'] . 
00048          dirname($_SERVER['PHP_SELF']) . "/userhome.php?error=The information to modify a resource was not provided.  Please enter the information and click Save.  If this error reoccurs, contact an administrator.");
00049   exit;
00050  }
00051 
00052 // check that resource name is non-blank
00053 if (empty($_POST['aor'])) {
00054   header($bounceURL . "The address must be filled in.");
00055   exit;
00056  }
00057 $aor = $_POST['aor'];
00058 
00059 // check that if forwarding is Yes, then a forward address must be provided
00060 // in this case we need to check forwardType against "Yes" rather than "Y since
00061 // the value comes from the previous form rather than that database (which only
00062 // stores 1 char)
00063 if (($_POST['forwardType'] == "Yes") && empty($_POST['forward'])) {
00064   header($bounceURL . "If forwarding is turned on, a forwarding address must be provided.");
00065   exit;
00066  }
00067 $forwardType = $_POST['forwardType'];
00068 $forward = $_POST['forward'];
00069 $voicemail = $_POST['voicemail'];
00070 
00071 // TODO: add code to validate that the forwarding address and voicemail
00072 // address are valid SIP URI's
00073 
00074 // update the resource to the database
00075 // note: as an additional security measure, we pass in username and only update
00076 // the resourceId if that resourceId matches the authenticated user.  As a
00077 // consequence, even if the user hacks the URL and replaces the resourceId
00078 // with a new value, they will be unable to modify any resources not associated
00079 // with the user they are logged in as ... so they can't do any damage since
00080 // all the resourceId's associated with their user are available to them 
00081 // anyway
00082 if (updateResource($resourceId,$username,$aor,$forwardType,$forward,$voicemail)) {
00083   // resource modified successfully
00084   $title = "Resource Modified";
00085   $heading = "Resource Modified";
00086   $msg = "Successfully updated the resource <em>$aor.</em>";
00087  } else {
00088   $title = "Error While Updating Resource";
00089   $heading = "Error While Updating Resource";
00090   $msg = "An error occurred while attempting to update this resource.  Please contact an administrator.";
00091  }
00092 ?>
00093 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
00094 
00095 <!--
00096 System:  Repro
00097 File:    savenewresource.php
00098 Purpose: Validate the user provided information about a new resource and then
00099          add that resource to their profile
00100 Author:  S. Chanin
00101 -->
00102 <html>
00103 <head>
00104 <link rel="stylesheet" type="text/css" href="repro_style.css" />
00105   <title><?php echo $title; ?></title>
00106 </head>
00107 
00108 <body>
00109 <h1 class="title">Repro</h1>
00110 <h1><?php echo $heading; ?></h1>
00111 <hr />
00112 <p><?php echo $msg; ?></p>
00113 <br /><hr />
00114 <a href="userhome.php">Return to User Home</a><br />
00115 <a href="logout.php">Logout</a><br />
00116 
00117 </body>
00118 </html>
Generated on Sun May 20 2012 02:14:56 for reSIProcate/repro by   doxygen 1.7.5.1