From 9eef488a5d1c60ee52c3772da21f0ad5e8048a3e Mon Sep 17 00:00:00 2001 From: james Date: Sun, 15 Oct 2006 19:36:33 +0000 Subject: [PATCH] Implement Bug #0000004 - Do not allow multiple committee members with the same email address --- admin/committees.php | 38 +++++++++++++++++++++++++++++--------- 1 file changed, 29 insertions(+), 9 deletions(-) diff --git a/admin/committees.php b/admin/committees.php index 008c6d0..15c3640 100644 --- a/admin/committees.php +++ b/admin/committees.php @@ -178,16 +178,36 @@ if($_POST['save']) $access="access_admin='$a_admin', access_config='$a_config', access_super='$a_super', "; } + + //check for unique email address + $q=mysql_query("SELECT id FROM committees_members WHERE (email='".$_POST['email']."' OR emailprivate='".$_POST['email']."') AND id!='".$_POST['save']."'"); + if(mysql_num_rows($q)) + { + $emailupdate=""; + echo notice(i18n("Cannot update email address. That address already exists for a different committee member")); + } + else + $emailupdate="email='".mysql_escape_string(stripslashes($_POST['email']))."', "; + + $q=mysql_query("SELECT id FROM committees_members WHERE (email='".$_POST['emailprivate']."' OR emailprivate='".$_POST['emailprivate']."') AND id!='".$_POST['save']."'"); + if(mysql_num_rows($q)) + { + $emailprivateupdate=""; + echo notice(i18n("Cannot update private email address. That address already exists for a different committee member")); + } + else + $emailprivateupdate="emailprivate='".mysql_escape_string(stripslashes($_POST['emailprivate']))."', "; + mysql_query("UPDATE committees_members SET ". - "name='".$_POST['name']."', ". - "password='".$_POST['password']."', ". - "organization='".$_POST['organization']."', ". - "email='".$_POST['email']."', ". - "emailprivate='".$_POST['emailprivate']."', ". - "phonehome='".$_POST['phonehome']."', ". - "phonework='".$_POST['phonework']."', ". - "phonecell='".$_POST['phonecell']."', ". - "fax='".$_POST['fax']."', ". + "name='".mysql_escape_string(stripslashes($_POST['name']))."', ". + "password='".mysql_escape_string(stripslashes($_POST['password']))."', ". + "organization='".mysql_escape_string(stripslashes($_POST['organization']))."', ". + $emailupdate. + $emailprivateupdate. + "phonehome='".mysql_escape_string(stripslashes($_POST['phonehome']))."', ". + "phonework='".mysql_escape_string(stripslashes($_POST['phonework']))."', ". + "phonecell='".mysql_escape_string(stripslashes($_POST['phonecell']))."', ". + "fax='".mysql_escape_string(stripslashes($_POST['fax']))."', ". $access. " displayemail='".$_POST['displayemail']."' ". " WHERE id='".$_POST['save']."'");