-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathreport.php
162 lines (147 loc) · 4.09 KB
/
report.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
<?php
require 'dbConnect.php';
require 'validation.php';
// TODO add ability to move partnership to your account email
if(isset($_GET['fake']))
{
sleep(3);
header("Status: 202 Accepted");
die("");
}
$emailAddress;
$userID;
if (!isset($_GET['userID']))
{
header("Status: 412 Precondition Failed");
die("Error: No user id");
}
$userID = $_GET['userID'];
$con = makeSQLI();
if($con === false)
{
header("Status: 412 Precondition Failed");
die("Error connecting to db");
}
$count = 0;
if(isset($_POST['responses']))
{
$responses = $_POST['responses'];
$rawResponsesArray = explode("\n", $responses);
//$rawResponsesArray = array(1,2);
$partnersArray = array();
$responsesArray = array();
$questionsArray = array();
if(count($rawResponsesArray) >= 1)
{
$cleanID = $con->escape_string($userID);
$sql = "SELECT * FROM tb_users WHERE id = $cleanID";
if(!$result = $con->query($sql))
{
header("Status: 412 Precondition Failed");
die("Error getting users.");
}
if(!$userRow = $result->fetch_array())
{
header("Status: 412 Precondition Failed");
die("Error: user id invalid.");
}
$sql = "SELECT * FROM tb_partner_relation WHERE fk_user_id = $cleanID";
if(!$result = $con->query($sql))
{
header("Status: 412 Precondition Failed");
die("Error getting partners.");
}
echo "emails: ". $result->num_rows ."\n";
while ($row = $result->fetch_array())
{
$email = "" . $row['partner_email_address'];
$partnersArray[$row['id']] = $email;
echo "email: " . $email . "\n";
}
foreach ($rawResponsesArray as $rawResponse)
{
if($rawResponse != "")
{
list($qID, $response) = explode("|", $rawResponse);
$responsesArray[$qID] = $response;
}
}
$sql = "SELECT * FROM tb_user_questions WHERE fk_user_id = $cleanID";
if(!$result = $con->query($sql))
{
header("Status: 412 Precondition Failed");
die("Error getting partners.");
}
while ($row = $result->fetch_array())
{
array_push($questionsArray, $row);
}
$to = '[email protected]';
$subject = "Project Transparency - " . $userRow['first_name'] . "'s Daily Report";
$message = "Daily Accountability Report\r\n" .
"for " . $userRow['first_name'] . "\r\n\r\nHere are their responses:\r\n";
for ($i = 0; $i < count($questionsArray); $i++) {
$message .= ($i+1).". " . $questionsArray[$i]['question'] . " Response: "
. $responsesArray[$questionsArray[$i]['id']] . "\r\n";
}
$someSent = false;
foreach ($partnersArray as $key => $partner) {
$to = $partner;
$sendMessage = $message;
if(isset($_GET['followUp']))
{
$sendMessage .= "\r\n". $userRow['first_name'] . " requested that" .
" you follow up on this report with them. Try sending them " .
"an email at " . $userRow['email_address'] . " \r\n";
}
$sendMessage .= "\r\nIf you would like to stop receiving these email, got to http://" .
$_SERVER['SERVER_NAME'] .
"/projectTransparency/project/endPartnership.php?id=02".$key.
"7".rand(10, 99)." (NOTICE: They will be notified).";
if(
mail(
$to,
$subject,
$sendMessage,
'From: [email protected]' . "\r\n" .
'Reply-To: ' . $userRow['email_address'] . "\r\n" .
'X-Mailer: PHP/' . phpversion()
)
&& !$someSent)
{
$someSent = true;
}
}
if(isset($_GET['includeSelf']))
{
$to= $userRow['email_address'];
$subject = "Project Transparency - Your Daily Report";
if(isset($_GET['followUp']))
$message .= "\r\nA follow up was requested for this report.";
mail(
$to,
$subject,
$message,
'From: [email protected]' . "\r\n" .
'Reply-To: ' . $userRow['email_address'] . "\r\n" .
'X-Mailer: PHP/' . phpversion()
);
}
if($someSent)
{
$sql = "UPDATE tb_users " .
"SET last_report = NOW() " .
"WHERE email_address = '" .
$userRow['email_address'] . "'";
$con->query($sql);
header("Status: 202 Accepted");
}
else
header("Status: 409 Conflict");
}
}
else
{
header("Status: 412 Precondition Failed");
die("Error: no responses sent");
}