$title = "Subjects Wanted for Research";
include("../common/init.php");
include("../common/top.php");
include("../common/dbfunctions.php");
include("eventfunctions.php");
?>
/**
* Determine if user can edit an entry.
*
* @param int Entry ID
* @return bool
*/
function canEdit($id) {
if (HasPriviledges("subjects"))
return TRUE;
$q = sprintf("SELECT username FROM UIUCPsychSubjects WHERE id = %d", $id);
$qr = mysqli_query($db,$q);
if (!$qr || !mysql_num_rows($qr)) {
$errorString = "Invalid research subject entry ID.";
require_once("../common/error.php");
exit;
}
if (mysql_result($qr, 0) == Username())
return TRUE;
return FALSE;
}
# Deal with a submitted request (see form below)
# Only someone with at least basic priviledges (meaning that they've logged in)
# can post something.
$postError = 0;
# Delete a listing
if (!empty($_POST["DeleteListing"]) && $_POST["DeleteListing"] != -1) {
$delId = $_POST["DeleteListing"];
if (canEdit($delId)) {
$q = sprintf("DELETE FROM UIUCPsychSubjects WHERE id = %d", $delId);
$result = mysqli_query($db,$q);
if ($result) {
print("Listing successfully deleted.
");
} else {
print("Deletion was not successful: delete from UIUCPsychSubjects where id=$delId");
}
}
} else if (array_key_exists("longdesc", $_POST) && HasPriviledges("basic")) {
# Check form validity
if (strlen($_POST["longdesc"]) == 0)
{
# One of the fields is invalid
print "Sorry, your description is blank. Please correct this and re-submit your request.";
$postError = 1;
}
else if (strlen($_POST["longdesc"]) > 500)
{
# One of the fields is invalid
print "Sorry, your description is too long (maximum of 500 chars.) Please correct this and re-submit your request.";
$postError = 1;
}
else if (strlen($_POST["contactname"]) == 0)
{
# One of the fields is invalid
print "Sorry, your contact name is blank. Please correct this and re-submit your request.";
$postError = 1;
}
else if (strlen($_POST["contactemail"]) == 0 && strlen($_POST["contactphone"]) == 0)
{
# One of the fields is invalid
print "Sorry, you must give an email address or a phone number. Please correct this and re-submit your request.";
$postError = 1;
}
else if (strlen($_POST["irb_protocol_number"]) == 0 || strlen($_POST["irb_expiration_date"]) == 0 || strlen($_POST["faculty_sponsor"]) == 0)
{
# One of the fields is invalid
print "Sorry, you must provide the IRB Protocol Number, IRB Expiration Date, and faculty sponsor. Please correct this and re-submit your request.";
$postError = 1;
}
else if (mysqli_num_rows(mysqli_query($db,"SELECT * FROM UIUCPsychSubjects WHERE longdesc = '".AlterSQLText($_POST["longdesc"])."'")) > 0)
{
print "That subject request already exists!";
$postError = 1;
}
else
{
# If valid, submit proposed subject announcement with flag set
# so it doesn't show up until approved
# Strip "http://" from link if there
$_POST["link"] = FixLink($_POST["link"]);
mysql_query("INSERT INTO UIUCPsychSubjects (submitted, username, longdesc, contactname, contactphone, contactemail, weblink, weblinkdesc, irb_protocol_number, irb_expiration_date, faculty_sponsor) VALUES ('".date("YmdHis")."', '".Username()."', '".AlterSQLText($_POST["longdesc"])."', '".AlterSQLText($_POST["contactname"])."', '".$_POST["contactphone"]."', '".$_POST["contactemail"]."', '".AlterSQLText($_POST["link"])."', '".AlterSQLText($_POST["linkdesc"])."', '".AlterSQLText($_POST["irb_protocol_number"])."', '".AlterSQLText(FixDate($_POST["irb_expiration_date"]))."', '".AlterSQLText($_POST["faculty_sponsor"])."')");
# Email administrators to say that a new announcement is pending
$emailSubject = "Website subject listing submission";
$emailUsername = Username();
$emailLongDesc = $_POST["longdesc"];
$emailContactname = $_POST["contactname"];
$emailContactphone = $_POST["contactphone"];
$emailContactemail = $_POST["contactemail"];
$emailLink = $_POST["link"];
$emailLinkDesc = $_POST["linkdesc"];
$emailIRBInfo = $_POST["irb_protocol_number"] . " / " . FixDate($_POST["irb_expiration_date"]) . " / " . $_POST["faculty_sponsor"];
$emailLinkDesc = $_POST["linkdesc"];
$emailLinkDesc = $_POST["linkdesc"];
$emailBody = <<$emailLinkDesc
IRB protocol number / expiration date / faculty sponsor:
$emailIRBInfo
This submission must be approved before it is displayed on the website.
http://internal.psychology.illinois.edu/events/editsubjects.php
EOF;
AlertAdministrators("subjects", $emailSubject, $emailBody);
# Print a message noting that the announcement was submitted
print "Your subject request has been successfully submitted. Your submission will be reviewed by an administrator shortly.";
}
}
if (array_key_exists("MassApprove", $_POST) && HasPriviledges("subjects"))
{
#change all approvals
$query = mysqli_query($db,"SELECT * FROM UIUCPsychSubjects");
while ($row = @mysqli_fetch_array($query))
{
$newapp = 0;
if (array_key_exists("app_".$row["id"], $_POST))
$newapp = 1;
mysqli_query($db,sprintf("UPDATE UIUCPsychSubjects SET approved = %d WHERE id = %d", $newapp, $row['id']));
}
}
?>