Implement Bug #0000004 - Do not allow multiple committee members with the same email address

2006-10-15 19:36:33 +00:00 · 2006-10-15 19:36:33 +00:00 · 9eef488a5d
commit 9eef488a5d
parent 335330dd35
1 changed files with 29 additions and 9 deletions
--- a/admin/committees.php
+++ b/admin/committees.php
@ -178,16 +178,36 @@ if($_POST['save'])

 		$access="access_admin='$a_admin', access_config='$a_config', access_super='$a_super', "; 
 	}
+
+	//check for unique email address
+	$q=mysql_query("SELECT id FROM committees_members WHERE (email='".$_POST['email']."' OR emailprivate='".$_POST['email']."') AND id!='".$_POST['save']."'");
+	if(mysql_num_rows($q))
+	{
+		$emailupdate="";
+		echo notice(i18n("Cannot update email address.  That address already exists for a different committee member"));
+	}
+	else
+		$emailupdate="email='".mysql_escape_string(stripslashes($_POST['email']))."', ";
+
+	$q=mysql_query("SELECT id FROM committees_members WHERE (email='".$_POST['emailprivate']."' OR emailprivate='".$_POST['emailprivate']."') AND id!='".$_POST['save']."'");
+	if(mysql_num_rows($q))
+	{
+		$emailprivateupdate="";
+		echo notice(i18n("Cannot update private email address.  That address already exists for a different committee member"));
+	}
+	else
+		$emailprivateupdate="emailprivate='".mysql_escape_string(stripslashes($_POST['emailprivate']))."', ";
+
 	mysql_query("UPDATE committees_members SET ".
-		"name='".$_POST['name']."', ".
-		"password='".$_POST['password']."', ".
-		"organization='".$_POST['organization']."', ".
-		"email='".$_POST['email']."', ".
-		"emailprivate='".$_POST['emailprivate']."', ".
-		"phonehome='".$_POST['phonehome']."', ".
-		"phonework='".$_POST['phonework']."', ".
-		"phonecell='".$_POST['phonecell']."', ".
-		"fax='".$_POST['fax']."', ".
+		"name='".mysql_escape_string(stripslashes($_POST['name']))."', ".
+		"password='".mysql_escape_string(stripslashes($_POST['password']))."', ".
+		"organization='".mysql_escape_string(stripslashes($_POST['organization']))."', ".
+		$emailupdate.
+		$emailprivateupdate.
+		"phonehome='".mysql_escape_string(stripslashes($_POST['phonehome']))."', ".
+		"phonework='".mysql_escape_string(stripslashes($_POST['phonework']))."', ".
+		"phonecell='".mysql_escape_string(stripslashes($_POST['phonecell']))."', ".
+		"fax='".mysql_escape_string(stripslashes($_POST['fax']))."', ".
 		$access.
 		" displayemail='".$_POST['displayemail']."' ".
 		" WHERE id='".$_POST['save']."'");