From 1d2755601a91e0e9f605edd5fc38e64d9e8c32a0 Mon Sep 17 00:00:00 2001
From: james <james>
Date: Wed, 29 Feb 2012 19:13:14 +0000
Subject: [PATCH] Fix the contact form.. using MAX(year) to do joins is
 completely useless.

---
 contact.php | 31 ++++++++++++++++++++-----------
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/contact.php b/contact.php
index 3fbdfefe..f4a2c4ac 100644
--- a/contact.php
+++ b/contact.php
@@ -34,7 +34,7 @@
  	if($_POST['to'] && $_POST['subject'] && $_POST['message'] && $_POST['from'] && $_POST['fromemail']) {
 		if(isEmailAddress($_POST['fromemail'])) {
 			list($id,$md5email)=explode(":",$_POST['to']);
-			$q=mysql_query("SELECT * FROM users WHERE uid='$id' ORDER BY year DESC LIMIT 1");
+			$q=mysql_query("SELECT * FROM users WHERE uid='".mysql_real_escape_string($id)."' ORDER BY year DESC LIMIT 1");
 			$r=mysql_fetch_object($q);
 			//if a valid selection is made from the list, then this will always match.
 			if($md5email == md5($r->email)) {
@@ -85,10 +85,18 @@ function tochange() {
 
 		/* Select everyone in this committee, attach the user data using MAX(year) so we only get the most recent
 		 * user data */
-		$q2=mysql_query("SELECT committees_link.*,users.uid,MAX(users.year),users.firstname,users.lastname,users.email,users.deleted
-							FROM committees_link LEFT JOIN users ON users.uid = committees_link.users_uid 
-							 WHERE committees_id='{$r->id}' 
-							 GROUP BY users.uid ORDER BY ord,users.lastname ");
+		$q2=mysql_query("SELECT committees_link.*,
+								users.uid,
+								MAX(users.year) AS my,
+								users.firstname,
+								users.lastname,
+								users.email,
+								users.deleted
+							FROM committees_link 
+							LEFT JOIN users ON users.uid = committees_link.users_uid 
+							WHERE committees_id='{$r->id}' 
+							GROUP BY users.uid
+							ORDER BY ord,users.lastname ");
 
 		//if there's nobody in this committee, then just skip it and go on to the next one.
 		if(mysql_num_rows($q2)==0)
@@ -97,14 +105,15 @@ function tochange() {
 		echo "<option value=\"\">{$r->name}</option>\n";
 
 		echo mysql_error();
-		while($r2=mysql_fetch_object($q2))
-		{
-			if($r2->deleted != 'no') continue;
+		while($r2=mysql_fetch_object($q2)) {
+			$q3=mysql_query("SELECT firstname,lastname,email,deleted FROM users WHERE uid='$r2->uid' AND year='$r2->my'");
+			$r3=mysql_fetch_object($q3);
+			if($r3->deleted != 'no') continue;
 
-			if($r2->email) {
-				$name=$r2->firstname.' '.$r2->lastname;
+			if($r3->email) {
+				$name=$r3->firstname.' '.$r3->lastname;
 				if($r2->title) $titlestr=" ($r2->title)"; else $titlestr="";
-				echo "<option value=\"$r2->uid:".md5($r2->email)."\">&nbsp;&nbsp;-{$name}{$titlestr}</option>\n";
+				echo "<option value=\"$r2->uid:".md5($r3->email)."\">&nbsp;&nbsp;-{$name}{$titlestr}</option>\n";
 			}
 		}
 	}