2007-11-16 06:30:42 +00:00
< ?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website : http :// www . sfiab . ca
Copyright ( C ) 2005 Sci - Tech Ontario Inc < info @ scitechontario . org >
Copyright ( C ) 2005 James Grant < james @ lightbox . org >
Copyright ( C ) 2007 David Grant < dave @ lightbox . org >
This program is free software ; you can redistribute it and / or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation , version 2.
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; see the file COPYING . If not , write to
the Free Software Foundation , Inc . , 59 Temple Place - Suite 330 ,
Boston , MA 02111 - 1307 , USA .
*/
?>
< ?
2010-07-13 03:30:11 +00:00
function user_valid_role ( $role )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
global $roles ;
if ( ! is_array ( $role )) $role = array ( $role );
2008-07-09 18:24:49 +00:00
2010-07-13 03:30:11 +00:00
foreach ( $role as $r ) {
if ( ! array_key_exists ( $r , $roles )) return false ;
2009-10-11 18:19:04 +00:00
}
2009-09-09 00:26:12 +00:00
return true ;
}
2007-11-16 06:30:42 +00:00
2009-10-11 03:32:14 +00:00
2010-07-13 03:30:11 +00:00
function user_load ( $users_id , $accounts_id = false )
2009-10-11 03:32:14 +00:00
{
2010-07-13 03:30:26 +00:00
/* Load user, join accounts so we also load the email, superuser flag */
2010-10-01 19:28:26 +00:00
//hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc.
$query = " SELECT users.id,
users . accounts_id ,
users . conferences_id ,
users . salutation ,
users . firstname ,
users . lastname ,
users . sex ,
users . phonehome ,
users . phonework ,
users . phonecell ,
users . fax ,
users . organization ,
users . birthdate ,
users . lang ,
users . created ,
users . lastlogin ,
users . address ,
users . address2 ,
users . city ,
users . province ,
users . postalcode ,
users . firstaid ,
users . cpr ,
users . fairs_id ,
users . years_school ,
users . years_regional ,
users . years_national ,
users . willing_chair ,
users . special_award_only ,
users . cat_prefs ,
users . div_prefs ,
users . divsub_prefs ,
users . languages ,
users . highest_psd ,
users . expertise_other ,
users . sponsors_id ,
users . primary ,
users . position ,
users . primary ,
users . schools_id ,
users . grade ,
accounts . email
FROM users JOIN accounts ON accounts . id = users . accounts_id WHERE " ;
2010-07-13 03:30:11 +00:00
if ( $accounts_id != false ) {
$accounts_id = intval ( $accounts_id );
2010-07-27 19:06:36 +00:00
$query .= " `users`.`accounts_id`=' $accounts_id ' LIMIT 1 " ;
2007-11-16 06:30:42 +00:00
} else {
2010-07-13 03:30:11 +00:00
$id = intval ( $users_id );
$query .= " `users`.`id`=' $id ' " ;
2007-11-16 06:30:42 +00:00
}
2009-09-09 00:26:12 +00:00
$q = mysql_query ( $query );
2010-10-01 19:28:26 +00:00
echo mysql_error ();
2010-07-13 03:30:11 +00:00
if ( mysql_num_rows ( $q ) == 0 )
2009-09-09 00:26:12 +00:00
return false ;
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
if ( mysql_num_rows ( $q ) > 1 ) {
echo " ERROR: More than one user. \n " ;
2010-07-27 19:06:36 +00:00
return false ;
2009-09-09 00:26:12 +00:00
}
2010-07-06 15:32:26 +00:00
2010-07-13 03:30:11 +00:00
/* Load the user */
2010-08-19 22:56:33 +00:00
$u = mysql_fetch_assoc ( $q );
2010-07-13 03:30:11 +00:00
/* Sanitize before using these in mysql queries */
2010-08-19 22:56:33 +00:00
$u [ 'id' ] = intval ( $u [ 'id' ]);
$u [ 'accounts_id' ] = intval ( $u [ 'accounts_id' ]);
$u [ 'year' ] = intval ( $u [ 'year' ]);
2009-09-09 00:26:12 +00:00
2010-07-13 03:30:11 +00:00
/* Get roles, and active/complete status for each role */
2010-10-01 19:28:26 +00:00
$query = " SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id= { $u [ 'id' ] } " ;
2010-07-13 03:30:11 +00:00
$q = mysql_query ( $query );
2010-08-19 22:56:33 +00:00
$u [ 'roles' ] = array ();
2010-07-13 03:30:11 +00:00
while (( $roledata = mysql_fetch_assoc ( $q ))) {
2010-08-19 22:56:33 +00:00
$u [ 'roles' ][ $roledata [ 'type' ]] = $roledata ;
2010-07-13 03:30:11 +00:00
}
2010-08-19 22:56:33 +00:00
if ( count ( $u [ 'roles' ]) == 0 ) {
2010-07-13 03:30:11 +00:00
/* No roles , that ' s ok actually , the previous logic here was that
* a user without roles is deleted .. but .. this could happen for
* new users , or if someone deletes all their roles before adding
* a new role */
}
2009-09-09 00:26:12 +00:00
/* Convenience */
2010-08-19 22:56:33 +00:00
$u [ 'name' ] = ( $u [ 'firstname' ] ? " { $u [ 'firstname' ] } " : '' ) . $u [ 'lastname' ];
2009-09-09 00:26:12 +00:00
2009-12-02 22:17:20 +00:00
/* Email recipient for "to" field on emails */
2010-08-19 22:56:33 +00:00
if ( ( $u [ 'firstname' ] || $u [ 'lastname' ]) && $u [ 'email' ]) {
2009-12-02 22:17:20 +00:00
//use their full name if we have it
//if the name contains anything non-standard, we need to quote it.
2010-08-19 22:56:33 +00:00
if ( eregi ( " [^a-z0-9 ] " , $u [ 'name' ]))
$u [ 'emailrecipient' ] = " \" { $u [ 'name' ] } \" < { $u [ 'email' ] } > " ;
2009-12-02 22:17:20 +00:00
else
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = " { $u [ 'name' ] } < { $u [ 'email' ] } > " ;
2009-12-02 22:17:20 +00:00
}
2010-08-19 22:56:33 +00:00
else if ( $u [ 'email' ]) {
2009-12-02 22:17:20 +00:00
//otherwise, just their email address
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = $u [ 'email' ];
2009-12-02 22:17:20 +00:00
}
2010-07-13 03:30:11 +00:00
else {
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = " " ;
2010-07-13 03:30:11 +00:00
}
2009-12-02 22:17:20 +00:00
2010-10-01 19:28:26 +00:00
/* we dont want them thinking they can change the email , so dont include it here ,
its part of the account , not the user , this way they still get the 'emailrecipient'
convenience variable , not not the email itself , for that , they need to access
the account . */
unset ( $u [ 'email' ]);
2010-08-19 22:56:33 +00:00
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
2010-07-13 03:30:11 +00:00
/* Do the load routines inline , the explosion of user roles
* means it ' s just silly to have a different function for each
* one . If we get one that has a crazy amount of stuff to do ,
* we could move it all to a function and call it in the
* switch below */
switch ( $r ) {
case 'committee' :
$u [ 'ord' ] = intval ( $u [ 'ord' ]);
$u [ 'displayemail' ] = ( $u [ 'displayemail' ] == 'yes' ) ? 'yes' : 'no' ;
break ;
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
case 'judge' :
$u [ 'years_school' ] = intval ( $u [ 'years_school' ]);
$u [ 'years_regional' ] = intval ( $u [ 'years_regional' ]);
$u [ 'years_national' ] = intval ( $u [ 'years_national' ]);
$u [ 'willing_chair' ] = ( $u [ 'willing_chair' ] == 'yes' ) ? 'yes' : 'no' ;
$u [ 'special_award_only' ] = ( $u [ 'special_award_only' ] == 'yes' ) ? 'yes' : 'no' ;
2010-08-19 22:56:33 +00:00
$u [ 'cat_prefs' ] = ( strlen ( $u [ 'cat_prefs' ]) > 0 ) ? unserialize ( $u [ 'cat_prefs' ]) : array ();
$u [ 'div_prefs' ] = ( strlen ( $u [ 'div_prefs' ]) > 0 ) ? unserialize ( $u [ 'div_prefs' ]) : array ();
$u [ 'divsub_prefs' ] = ( strlen ( $u [ 'divsub_prefs' ]) > 0 ) ? unserialize ( $u [ 'divsub_prefs' ]) : array ();
2010-07-13 03:30:11 +00:00
// $u['expertise_other'] = $u['expertise_other'];
2010-08-19 22:56:33 +00:00
$u [ 'languages' ] = ( strlen ( $u [ 'languages' ]) > 0 ) ? unserialize ( $u [ 'languages' ]) : array ();
2010-07-13 03:30:11 +00:00
// $u['highest_psd'] = $u['highest_psd'];
/* Sanity check the arrays, make sure they are arrays */
$should_be_arrays = array ( 'cat_prefs' , 'div_prefs' ,
'divsub_prefs' , 'languages' );
foreach ( $should_be_arrays as $k ) {
if ( ! is_array ( $u [ $k ])) $u [ $k ] = array ();
2007-11-16 06:30:42 +00:00
}
2010-07-13 03:30:11 +00:00
break ;
case 'sponsor' :
$u [ 'sponsors_id' ] = intval ( $u [ 'sponsors_id' ]);
if ( $u [ 'sponsors_id' ]) {
$q = mysql_query ( " SELECT * FROM sponsors WHERE id=' { $u [ 'sponsors_id' ] } ' " );
$u [ 'sponsor' ] = mysql_fetch_assoc ( $q );
}
break ;
default :
/* Nothing to do for all other roles */
break ;
2007-11-16 06:30:42 +00:00
}
}
2007-11-16 22:19:58 +00:00
2007-11-16 06:30:42 +00:00
/* Do this assignment without recursion :) */
2010-08-19 22:56:33 +00:00
unset ( $u [ 'orig' ]);
$orig = $u ;
$u [ 'orig' ] = $orig ;
2007-11-16 06:30:42 +00:00
2010-08-19 22:56:33 +00:00
return $u ;
2007-11-16 06:30:42 +00:00
}
2010-07-13 03:30:11 +00:00
function user_load_by_accounts_id ( $accounts_id )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
return user_load ( 0 , $accounts_id );
2009-09-09 00:26:12 +00:00
}
2009-10-11 03:32:14 +00:00
function user_load_by_email ( $email )
{
2010-07-13 03:30:11 +00:00
/* Find the accounts_id for the email, regardless of deleted status */
2009-10-11 03:32:14 +00:00
$e = mysql_real_escape_string ( $email );
2010-07-13 03:30:11 +00:00
$q = mysql_query ( " SELECT accounts_id FROM users WHERE email=' $e ' OR username=' $e ' " );
2009-10-11 03:32:14 +00:00
if ( mysql_num_rows ( $q ) == 1 ) {
2010-07-13 03:30:11 +00:00
$i = mysql_fetch_assoc ( $q );
return user_load_by_accounts_id ( $i [ 'accounts_id' ]);
2009-10-11 03:32:14 +00:00
}
return false ;
}
2010-07-13 03:30:11 +00:00
/* FIXME: these are going to need conference IDs too */
function user_load_by_accounts_id_year ( $uid , $year )
2009-10-11 03:32:14 +00:00
{
2010-07-13 03:30:11 +00:00
echo " FIXME " ;
exit ;
2009-10-11 03:32:14 +00:00
$q = mysql_query ( " SELECT id FROM users WHERE uid=' $uid ' AND year <= ' $year ' " );
if ( ! mysql_num_rows ( $q )) return false ;
$i = mysql_fetch_assoc ( $q );
return user_load ( $i [ 'id' ]);
}
function user_save ( & $u )
2007-11-16 06:30:42 +00:00
{
2010-06-16 21:33:43 +00:00
global $conference ;
2010-07-13 03:30:11 +00:00
global $roles ;
/* Sanity check */
if ( $u [ 'conferences_id' ] != $u [ 'orig' ][ 'conferences_id' ]) {
2010-10-01 19:42:52 +00:00
//echo "The user's conference changed. Can't save a user to a difference conference, use user_dupe to copy the user to a new conference.\n";
return - 1 ;
2010-07-13 03:30:11 +00:00
}
2010-06-16 21:33:43 +00:00
2010-10-05 15:04:15 +00:00
// Update all roles
2010-07-13 03:30:11 +00:00
$new_roles = array_keys ( $u [ 'roles' ]);
2010-07-13 03:30:25 +00:00
foreach ( $new_roles as $r ) {
2010-10-05 15:04:15 +00:00
if ( $u [ 'roles' ][ $r ] != $u [ 'orig' ][ 'roles' ][ $r ]) {
// $u['roles'][$r] has changed from original, update it
2010-07-13 03:30:25 +00:00
mysql_query ( " UPDATE user_roles SET active=' { $u [ 'roles' ][ $r ][ 'active' ] } ',
complete = '{$u[' roles '][$r][' complete ']}'
WHERE id = '{$u[' roles '][$r][' id ']}' " );
echo mysql_error ();
}
}
2010-10-01 19:42:52 +00:00
$fields = array ( 'salutation' , 'firstname' , 'lastname' ,
2007-11-19 21:12:09 +00:00
'phonehome' , 'phonework' , 'phonecell' , 'fax' , 'organization' ,
2008-02-23 03:28:43 +00:00
'address' , 'address2' , 'city' , 'province' , 'postalcode' , 'sex' ,
2010-07-13 03:30:11 +00:00
'firstaid' , 'cpr' , 'lang' , 'notes' );
2010-10-01 19:42:52 +00:00
$fields_for_role [ 'committee' ] = array ( 'emailprivate' , 'ord' , 'displayemail' );
2010-07-13 03:30:11 +00:00
$fields_for_role [ 'judge' ] = array ( 'years_school' , 'years_regional' , 'years_national' ,
'willing_chair' , 'special_award_only' ,
'cat_prefs' , 'div_prefs' , 'divsub_prefs' ,
'expertise_other' , 'languages' , 'highest_psd' );
$fields_for_role [ 'student' ] = array ( 'schools_id' );
$fields_for_role [ 'fair' ] = array ( 'fairs_id' );
$fields_for_role [ 'sponsor' ] = array ( 'sponsors_id' , 'primary' , 'position' );
/* Merge fields as necessary, build a big list of fields to save */
foreach ( $new_roles as $r ) {
2010-07-13 03:30:25 +00:00
if ( ! array_key_exists ( $r , $fields_for_role )) continue ;
2010-07-13 03:30:11 +00:00
$fields = array_merge ( $fields , $fields_for_role [ $r ]);
}
2007-11-16 06:30:42 +00:00
$set = " " ;
foreach ( $fields as $f ) {
if ( $u [ $f ] == $u [ 'orig' ][ $f ]) continue ;
if ( $set != " " ) $set .= ',' ;
2010-07-13 03:30:11 +00:00
if ( $u [ $f ] == NULL ) {
$set .= " $f =NULL " ;
continue ;
2009-10-11 03:32:14 +00:00
}
2010-07-13 03:30:11 +00:00
if ( is_array ( $u [ $f ]))
$data = mysql_escape_string ( serialize ( $u [ $f ]));
else
$data = mysql_escape_string ( stripslashes ( $u [ $f ]));
$set .= " $f =' $data ' " ;
2007-11-16 06:30:42 +00:00
}
2010-06-16 21:33:43 +00:00
2007-11-16 06:30:42 +00:00
if ( $set != " " ) {
$query = " UPDATE users SET $set WHERE id=' { $u [ 'id' ] } ' " ;
mysql_query ( $query );
echo mysql_error ();
}
2007-11-17 21:59:59 +00:00
2010-07-13 03:30:11 +00:00
/* Record all the data in orig that we saved so subsequent
* calls to user_save don ' t try to overwrite data already
* saved to the database */
2009-10-11 03:32:14 +00:00
unset ( $u [ 'orig' ]);
$orig = $u ;
$u [ 'orig' ] = $orig ;
// print_r($u);
2007-11-17 21:59:59 +00:00
}
2010-07-13 03:30:11 +00:00
function user_remove_role ( & $u , $role )
2007-11-17 21:59:59 +00:00
{
2010-07-13 03:30:11 +00:00
if ( ! array_key_exists ( $role , $u [ 'roles' ])) {
/* Hum , type specified , but the user is not this type ,
* so , i guess we ' re done . */
return ;
}
2007-11-17 21:59:59 +00:00
2009-09-09 00:26:12 +00:00
$id = $u [ 'id' ];
2007-11-17 21:59:59 +00:00
2010-07-13 03:30:11 +00:00
/* Do role-specific remove actions */
switch ( $role ) {
case 'committee' :
2010-07-14 21:04:50 +00:00
mysql_query ( " DELETE FROM committees_link WHERE accounts_id=' { $u [ 'accounts_id' ] } ' " );
2010-07-13 03:30:11 +00:00
break ;
2007-11-17 21:59:59 +00:00
2010-07-13 03:30:11 +00:00
case 'judge' :
mysql_query ( " DELETE FROM judges_teams_link WHERE users_id=' $id ' " );
mysql_query ( " DELETE FROM judges_specialawards_sel WHERE users_id=' $id ' " );
break ;
2009-09-09 00:26:12 +00:00
2010-07-13 03:30:11 +00:00
default :
break ;
}
2009-10-11 03:32:14 +00:00
2010-07-13 03:30:11 +00:00
/* Delete the role */
unset ( $u [ 'roles' ][ $role ]);
2010-10-05 15:04:15 +00:00
mysql_query ( " DELETE FROM user_roles WHERE roles_id= { $role [ 'id' ] } AND users_id=' $id ' " );
2009-10-11 03:32:14 +00:00
2010-10-05 15:04:15 +00:00
/* Save this user */
2010-07-13 03:30:11 +00:00
user_save ( $u );
2009-10-11 03:32:14 +00:00
}
2010-07-13 03:30:11 +00:00
/* If role is specified , just delete the role from the user .
* If not , delete the whole user , all roles */
function user_delete ( $u , $role = false )
2007-11-17 21:59:59 +00:00
{
$finish_delete = false ;
if ( ! is_array ( $u )) {
$u = user_load ( $u );
}
2010-07-13 03:30:11 +00:00
if ( $role != false ) {
user_remove_role ( $u , $role );
if ( count ( $u [ 'roles' ]) == 0 ) {
/* No roles left, finish the delete */
2007-11-17 21:59:59 +00:00
$finish_delete = true ;
}
} else {
2010-07-13 03:30:11 +00:00
/* Delete the whole user, every role */
foreach ( array_keys ( $u [ 'roles' ]) as $r )
user_remove_role ( $u , $r );
2007-11-17 21:59:59 +00:00
$finish_delete = true ;
}
2010-07-13 03:30:11 +00:00
if ( $finish_delete ) {
2009-09-09 00:26:12 +00:00
mysql_query ( " UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id=' { $u [ 'id' ] } ' " );
2010-07-13 03:30:11 +00:00
return true ;
2009-09-09 00:26:12 +00:00
}
2010-07-13 03:30:11 +00:00
/* User had some other role, so delete was not completed. */
return false ;
}
2009-09-09 00:26:12 +00:00
/* Purge functions . These completely eliminate all traces of a user from the
* database . This action cannot be undone . We prefer the committee to use the
* " delete " functions , which simply mark the account as " deleted " . */
2010-07-13 03:30:11 +00:00
function user_purge ( $u , $role = false )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
/* Delete the user , then completely delete them from
* the DB if delete returns true , that is , if there ' s
* no other role blocking the delete / purge */
$finish_purge = user_delete ( $u , $role );
2009-09-09 00:26:12 +00:00
if ( $finish_purge == true ) {
2007-11-17 21:59:59 +00:00
mysql_query ( " DELETE FROM users WHERE id=' { $u [ 'id' ] } ' " );
2010-07-13 03:30:11 +00:00
return true ;
2007-11-17 21:59:59 +00:00
}
2010-07-13 03:30:11 +00:00
/* Not purged, some other role existed */
return false ;
2007-11-17 21:59:59 +00:00
}
2009-09-09 00:26:12 +00:00
/* Duplicate a row in the users table, or any one of the users_* tables. */
function user_dupe_row ( $db , $key , $val , $newval )
{
global $config ;
$nullfields = array ( 'deleteddatetime' ); /* Fields that can be null */
$q = mysql_query ( " SELECT * FROM $db WHERE $key =' $val ' " );
if ( mysql_num_rows ( $q ) != 1 ) {
echo " ERROR duplicating row in $db : $key = $val NOT FOUND. \n " ;
exit ;
}
$i = mysql_fetch_assoc ( $q );
$i [ $key ] = $newval ;
foreach ( $i as $k => $v ) {
if ( $v == NULL && in_array ( $k , $nullfields ))
$i [ $k ] = 'NULL' ;
else if ( $k == 'year' )
$i [ $k ] = $config [ 'FAIRYEAR' ];
else
$i [ $k ] = '\'' . mysql_escape_string ( $v ) . '\'' ;
}
$keys = '`' . join ( '`,`' , array_keys ( $i )) . '`' ;
$vals = join ( ',' , array_values ( $i ));
$q = " INSERT INTO $db ( $keys ) VALUES ( $vals ) " ;
// echo "Dupe Query: [$q]";
$r = mysql_query ( $q );
echo mysql_error ();
$id = mysql_insert_id ();
return $id ;
}
/* Used by the login scripts to copy one user from one year to another */
function user_dupe ( $u , $new_year )
{
/* Dupe a user if :
* - They don ' t exist in the current year
* ( users -> year != the target year ( passed in so we can use it in the rollover script ) )
* - They have a previous year entry
* ( users -> year DESC LIMIT 1 == 1 row )
* - That previous entry has deleted = no */
/* Find the last entry */
$q = mysql_query ( " SELECT id,uid,year,deleted FROM users WHERE uid=' { $u [ 'uid' ] } '
ORDER BY year DESC LIMIT 1 " );
$r = mysql_fetch_object ( $q );
if ( $r -> deleted == 'yes' ) {
echo " Cannot duplicate user ID { $u [ 'id' ] } , they are deleted. Undelete them first. \n " ;
exit ;
}
if ( $r -> year == $new_year ) {
echo " Cannot duplicate user ID { $u [ 'id' ] } , they already exist in year $new_year\n " ;
exit ;
}
$id = user_dupe_row ( 'users' , 'id' , $u [ 'id' ], NULL );
$q = mysql_query ( " UPDATE users SET year=' $new_year ' WHERE id=' $id ' " );
/* Load the new user */
$u2 = user_load ( $id );
foreach ( $u2 [ 'types' ] as $t ) {
user_dupe_row ( " users_ $t " , 'users_id' , $u [ 'id' ], $id );
}
/* Return the ID of the new user */
return $id ;
}
2010-07-13 03:30:11 +00:00
/* Returns true if loaded user ( $u ) is allowed to add role $role to their
2007-12-12 03:01:44 +00:00
* profile . THis is intended as a last - stop mechanism , preventing , for example
2010-07-13 03:30:11 +00:00
* a student from co - existing with any other role . */
function user_add_role_allowed ( & $u , $role )
2007-11-17 21:59:59 +00:00
{
2010-07-27 19:06:36 +00:00
foreach ( array_keys ( $u [ 'orig' ][ 'roles' ]) as $ur ) {
2010-07-13 03:30:11 +00:00
switch ( $ur ) {
case 'student' :
/* Student cant' add any other role */
return false ;
2007-12-12 03:01:44 +00:00
2010-07-13 03:30:11 +00:00
default :
if ( $role == 'student' ) {
/* No role can add the student role */
return false ;
}
/* All other roles can coexist (even the fair role) */
break ;
2007-12-12 03:01:44 +00:00
}
2007-11-17 21:59:59 +00:00
}
2010-07-13 03:30:11 +00:00
return true ;
2007-11-16 06:30:42 +00:00
}
2010-10-05 15:04:15 +00:00
function user_add_role ( & $u , $role , $password = null )
2007-11-16 06:30:42 +00:00
{
2010-10-05 15:04:15 +00:00
global $config , $roles ;
2010-07-13 03:30:11 +00:00
if ( ! user_add_role_allowed ( $u , $role )) {
/* If we get in here, someone is hand crafting URLs */
echo " HALT: invalid role add specified for operation. " ;
exit ;
}
2007-11-16 06:30:42 +00:00
2010-10-05 15:04:15 +00:00
// ensure that this role can indeed be added
$valid = false ;
if ( array_key_exists ( $role . '_registration_type' , $config )){
switch ( $config [ $role . '_registration_type' ]){
case 'open' :
$valid = true ;
break ;
case 'singlepassword' :
if ( $password == $config [ $role . '_registration_singlepassword' ]){
$valid = true ;
}
break ;
case 'schoolpassword' :
if ( $pasword != null ){
$schoolId = $u [ 'schools_id' ];
$schoolDat = mysql_fetch_assoc ( mysql_query ( " SELECT registration_password FROM schools WHERE id= $schoolId " ));
if ( $password == $schoolDat [ 'registration_password' ]) $valid = true ;
}
break ;
case 'invite' :
//$valid = false;
break ;
case 'openorinvite' :
$valid = true ;
break ;
}
}
if ( $valid ){
// ok, the conditions are met, make sure they don't already have this role
$check = mysql_fetch_assoc ( mysql_query ( " SELECT COUNT(*) AS tally FROM user_roles WHERE users_id = { $u [ 'id' ] } AND roles_id= { $roles [ $role ][ 'id' ] } " ));
if ( $check [ 'tally' ] == 0 ){
$q = " INSERT INTO user_roles (accounts_id, users_id, roles_id, active, complete) VALUES( " ;
$q .= $u [ 'accounts_id' ];
$q .= " , " . $u [ 'id' ];
$q .= " , " . $roles [ $role ][ 'id' ];
$q .= " , 'yes', 'no'); " ;
if ( mysql_query ( $q )){
$u [ 'roles' ][ $role ] = array ( 'active' => 'yes' , 'complete' => 'no' );
} else {
$error = mysql_error ();
}
}
}
2007-11-16 06:30:42 +00:00
}
2010-07-13 03:30:11 +00:00
function user_create ( $accounts_id , $conferences_id = 0 )
2007-11-16 06:30:42 +00:00
{
2010-07-13 03:30:11 +00:00
global $config , $conference ;
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
if ( $conferences_id == 0 ) $conferences_id = $conference [ 'id' ];
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* Make sure the user doesn't already exist */
$q = mysql_query ( " SELECT id FROM users WHERE accounts_id=' $accounts_id ' AND conferences_id=' $conferences_id ' " );
2010-07-27 19:06:36 +00:00
echo mysql_error ();
2010-07-13 03:30:11 +00:00
if ( mysql_num_rows ( $q )) {
echo " ERROR: user_create called for a user that already exists. \n " ;
exit ;
}
2007-11-16 06:30:42 +00:00
2010-10-01 18:47:28 +00:00
$fields = array (
'accounts_id' => $accounts_id ,
'conferences_id' => $conferences_id ,
);
/* Get old user data if available */
$results = mysql_fetch_assoc ( mysql_query ( " SELECT * FROM users WHERE accounts_id = ' $accounts_id ' ORDER BY id DESC LIMIT 1 " ));
if ( is_array ( $results )){
$skipfields = array ( 'id' , 'created' , 'lastlogin' , 'year' , 'accounts_id' , 'conferences_id' , 'deleted' , 'deleteddatetime' );
foreach ( $results as $fname => $value ){
if ( ! in_array ( $fname , $skipfields ) && $value != null ){
$fields [ $fname ] = $value ;
}
}
}
2010-10-05 21:46:29 +00:00
/* No data available on the old user records, let's try getting it from the account then */
$results = mysql_fetch_assoc ( mysql_query ( " SELECT * FROM accounts WHERE id =' $accounts_id ' " ));
if ( is_array ( $results )){
$fields [ 'username' ] = $results [ 'username' ];
}
2010-07-13 03:30:11 +00:00
/* Create the user */
2010-10-01 18:47:28 +00:00
$fieldList = array_keys ( $fields );
$query = " INSERT INTO users(`created`, ` " . implode ( '`,`' , $fieldList ) . " `) VALUES(NOW(), ' " . implode ( " ',' " , $fields ) . " ') " ;
mysql_query ( $query );
2010-07-13 03:30:11 +00:00
$id = mysql_insert_id ();
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* Return a loaded user with no roles */
return user_load ( $id );
2007-12-12 03:01:44 +00:00
}
2010-07-13 03:30:11 +00:00
2007-11-16 06:30:42 +00:00
/* Perform some checks . Make sure the person is logged in , and that their
* password hasn ' t expired ( the password_expired var is set in the login page )
*/
2010-07-15 09:18:02 +00:00
function user_auth_required ( $all_required = array (), $one_required = array ())
2007-11-16 06:30:42 +00:00
{
2007-11-19 07:01:51 +00:00
global $config ;
2010-07-13 03:30:11 +00:00
$ok = true ;
2010-01-24 06:47:09 +00:00
unset ( $_SESSION [ 'request_uri' ]);
2010-08-31 19:41:32 +00:00
if ( ! isset ( $_SESSION [ 'roles' ]) || ! isset ( $_SESSION [ 'accounts_id' ])) {
2009-09-09 00:26:12 +00:00
message_push ( error ( i18n ( " You must login to view that page " )));
2010-01-24 06:47:06 +00:00
$_SESSION [ 'request_uri' ] = $_SERVER [ 'REQUEST_URI' ];
2010-08-31 19:41:32 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_login.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2010-07-13 03:30:11 +00:00
/* Make sure the user has each role in $all_required , this returns
* an array in the same order as $all_required , with all members
* in $all_required that are also in the session roles */
if ( ! is_array ( $all_required )) $all_required = array ( $all_required );
2010-01-24 06:47:06 +00:00
2010-07-13 03:30:11 +00:00
$match = array_intersect ( $all_required , $_SESSION [ 'roles' ]);
if ( $all_required != $match ) {
/* Something is missing */
$ok = false ;
}
/* Make sure the user has one role in $one_required */
if ( ! is_array ( $one_required )) $one_required = array ( $one_required );
if ( count ( $one_required )) {
$match = array_intersect ( $one_required , $_SESSION [ 'roles' ]);
if ( count ( $match ) == 0 ) {
/* Missing any role in $one_required */
$ok = false ;
2010-01-24 06:47:06 +00:00
}
}
2010-07-13 03:30:11 +00:00
if ( ! $ok ) {
2010-01-24 06:47:09 +00:00
message_push ( error ( i18n ( " You do not have permission to view that page " )));
2010-07-13 03:30:11 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_login.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2010-01-24 06:47:09 +00:00
/* Forward to password expired, remember the target URI */
2007-11-17 21:59:59 +00:00
if ( $_SESSION [ 'password_expired' ] == true ) {
2010-01-24 06:47:09 +00:00
$_SESSION [ 'request_uri' ] = $_SERVER [ 'REQUEST_URI' ];
2010-08-19 20:07:08 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_edit.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2007-11-17 21:59:59 +00:00
2010-07-13 03:30:11 +00:00
/* Return the first role that matched , this retains the previous
* behaviour */
return $match [ 0 ];
2007-11-16 06:30:42 +00:00
}
2010-08-24 16:04:12 +00:00
/* Perform some checks . Make sure the person is logged in , and that their
* password hasn ' t expired ( the password_expired var is set in the login page )
*/
function api_user_auth_required ( $all_required = array (), $one_required = array ())
{
global $config ;
$ok = true ;
$ret = array ();
2010-08-31 19:41:32 +00:00
if ( ! isset ( $_SESSION [ 'roles' ]) || ! isset ( $_SESSION [ 'accounts_id' ])) {
2010-08-24 16:04:12 +00:00
$ret [ 'status' ] = " error " ;
$ret [ 'error' ] = " Not logged in " ;
return $ret ;
}
/* Make sure the user has each role in $all_required , this returns
* an array in the same order as $all_required , with all members
* in $all_required that are also in the session roles */
if ( ! is_array ( $all_required )) $all_required = array ( $all_required );
$match = array_intersect ( $all_required , $_SESSION [ 'roles' ]);
if ( $all_required != $match ) {
/* Something is missing */
$ok = false ;
}
/* Make sure the user has one role in $one_required */
if ( ! is_array ( $one_required )) $one_required = array ( $one_required );
if ( count ( $one_required )) {
$match = array_intersect ( $one_required , $_SESSION [ 'roles' ]);
if ( count ( $match ) == 0 ) {
/* Missing any role in $one_required */
$ok = false ;
}
}
if ( ! $ok ) {
$ret [ 'status' ] = " error " ;
$ret [ 'error' ] = " You do not have permission to access that information " ;
2010-08-31 20:12:41 +00:00
return $ret ;
2010-08-24 16:04:12 +00:00
}
/* Forward to password expired, remember the target URI */
if ( $_SESSION [ 'password_expired' ] == true ) {
$ret [ 'status' ] = " error " ;
$ret [ 'error' ] = " Your password has expired " ;
2010-08-31 20:12:41 +00:00
return $ret ;
2010-08-24 16:04:12 +00:00
}
$ret [ 'status' ] = " ok " ;
$ret [ 'match' ] = $match [ 0 ];
return $ret ;
}
2007-11-16 06:30:42 +00:00
function user_volunteer_registration_status ()
{
global $config ;
// $now = date('Y-m-d H:i:s');
// if($now < $config['dates']['judgeregopen']) return "notopenyet";
// if($now > $config['dates']['judgeregclose']) return "closed";
return " open " ;
}
function user_judge_registration_status ()
{
global $config ;
$now = date ( 'Y-m-d H:i:s' );
if ( $now < $config [ 'dates' ][ 'judgeregopen' ]) return " notopenyet " ;
if ( $now > $config [ 'dates' ][ 'judgeregclose' ]) return " closed " ;
return " open " ;
}
2010-08-08 09:09:49 +00:00
$user_fields_map = array (
/* Account -- Email requirement is set based on username , which
* is always required . Password is not required unless they type
* in the field , in which case the form validator kicks
* ( checks pass1 == pass2 and all that ) */
// 'email' => array('email'),
/* Personal */
2009-09-09 00:26:12 +00:00
'salutation' => array ( 'salutation' ),
2007-11-26 02:28:45 +00:00
'name' => array ( 'firstname' , 'lastname' ),
'sex' => array ( 'sex' ),
'phonehome' => array ( 'phonehome' ),
'phonecell' => array ( 'phonecell' ),
'birthdate' => array ( 'birthdate' ),
'lang' => array ( 'lang' ),
'address' => array ( 'address' , 'address2' , 'postalcode' ),
'city' => array ( 'city' ),
2008-02-23 03:28:43 +00:00
'province' => array ( 'province' ),
2010-08-08 09:09:49 +00:00
'firstaid' => array ( 'firstaid' , 'cpr' ),
/* Organization */
'org' => array ( 'organization' ),
'phonework' => array ( 'phonework' ),
'fax' => array ( 'fax' ),
);
2007-11-26 02:28:45 +00:00
2010-08-08 09:09:49 +00:00
/* Return fields to show based on role . In the user editor , many
* fields are always shown and some have hard - coded requirements , but
* any in this list can be made optionally - required or not shown
* at all */
function user_fields_enabled ( $role )
2007-11-16 06:30:42 +00:00
{
2010-08-08 09:09:49 +00:00
global $config , $user_fields_map ;
$ret = array ( 'firstname' , 'lastname' );
2010-07-13 03:30:11 +00:00
$fields = $config [ " { $role } _personal_fields " ];
2007-11-26 02:28:45 +00:00
if ( $fields != '' ) {
2010-09-10 19:38:56 +00:00
$fields = explode ( ',' , $fields );
2007-11-26 02:28:45 +00:00
foreach ( $fields as $f ) {
2010-08-08 09:09:49 +00:00
$ret = array_merge ( $ret , $user_fields_map [ $f ]);
2007-11-26 02:28:45 +00:00
}
2007-11-16 06:30:42 +00:00
}
2007-11-26 02:28:45 +00:00
return $ret ;
2007-11-16 06:30:42 +00:00
}
2010-08-08 09:09:49 +00:00
/* Return required fields . Some fields are always shown and can be
* set to required . Some have hard - coded requirement status . This is only
* for the fields where the requirement can be configured . Not for ALL fields
* the user sees */
function user_fields_required ( $role )
2007-11-16 06:30:42 +00:00
{
2010-08-08 09:09:49 +00:00
global $config , $user_fields_map ;
$ret = array ( 'firstname' , 'lastname' , 'username' );
2010-07-13 03:30:11 +00:00
$required = $config [ " { $role } _personal_required " ];
2007-11-26 02:28:45 +00:00
if ( $required != '' ) {
2010-09-10 19:38:56 +00:00
$fields = explode ( ',' , $required );
2007-11-26 02:28:45 +00:00
foreach ( $fields as $f ) {
2010-08-08 09:09:49 +00:00
$ret = array_merge ( $ret , $user_fields_map [ $f ]);
2007-11-26 02:28:45 +00:00
}
2007-11-16 06:30:42 +00:00
}
2007-12-12 22:50:54 +00:00
/* Filter some elements that are never required .
* - address2
*/
$ret = array_diff ( $ret , array ( 'address2' ));
2007-11-26 02:28:45 +00:00
return $ret ;
2007-11-16 06:30:42 +00:00
}
2010-09-01 17:53:35 +00:00
//this function checks if $field is set in the user record, if it is, it returns it, otherwise, it returns false __AND__ redirects to the redirect page.
function user_field_required ( $field , $redirect ) {
$u = user_load ( $_SESSION [ 'users_id' ]);
if ( $u [ $field ])
return $u [ $field ];
else {
header ( " Location: $redirect " );
}
}
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* user_{$role}_login() is called with a full $u loaded */
2007-11-16 22:19:58 +00:00
2007-12-12 04:15:17 +00:00
function user_fair_login ( $u )
{
2010-07-13 03:30:11 +00:00
/* Double check, make sure the user is of this role */
if ( ! array_key_exists ( 'fair' , $u [ 'roles' ])) {
2007-12-12 04:15:17 +00:00
echo " ERROR: attempted to login fair on a non-fair user \n " ;
exit ;
}
2007-11-16 22:19:58 +00:00
2007-12-12 04:15:17 +00:00
$_SESSION [ 'fairs_id' ] = $u [ 'fairs_id' ]; // == 'yes') ? true : false;
}
2007-12-20 22:47:21 +00:00
2010-07-15 19:52:44 +00:00
function superuser_required () {
//first, they have to be logged in
user_auth_required ();
//next, they need superuser
if ( $_SESSION [ 'superuser' ] != " yes " ) {
send_header ( " Superuser access required " );
send_footer ();
exit ;
}
}
2010-08-24 16:04:12 +00:00
function try_login ( $user , $pass )
{
/* Ensure sanity of inputs */
/* User could be a username, or could be an email, check */
if ( ! account_valid_user ( $user ) && ! account_valid_email ( $user )) {
return false ;
}
/* Don 't check for a valid password, administrators can set any password they' d like , but
* there has to be a password */
if ( ! strlen ( $pass )) {
return false ;
}
$user = mysql_real_escape_string ( $user );
$q = mysql_query ( " SELECT id,password,deleted FROM accounts WHERE username=' $user ' " );
echo mysql_error ();
/*
$q = mysql_query ( " SELECT id,username,password,year,deleted
FROM users
WHERE username = '$user'
AND deleted = 'no'
ORDER BY year DESC LIMIT 1 " );
*/
if ( mysql_num_rows ( $q ) < 1 ) return false ;
$r = mysql_fetch_assoc ( $q );
/* See if the user account has been deleted */
if ( $r [ 'deleted' ] == 'yes' ) return false ;
/* See if the password matches */
if ( $r [ 'password' ] != $pass ) return false ;
/* Login successful */
return $r [ 'id' ];
}
function user_conference_load ( $accounts_id , $conferences_id ) {
global $config ;
2010-08-31 17:35:58 +00:00
if ( ! ( $accounts_id && $conferences_id ))
return $config [ 'SFIABDIRECTORY' ] . " /index.php " ;
2010-08-24 16:04:12 +00:00
/* Use the active conference to find the user id to load */
/* FIXME : Need to be able to handle the case where there is no
* active conference , but one step at a time */
$q = mysql_query ( " SELECT id FROM users WHERE accounts_id= $accounts_id AND conferences_id= $conferences_id " );
if ( mysql_num_rows ( $q ) == 0 ) {
/* FIXME: this should probably just return false, but for now, see if there's an error */
return false ;
// header("location: user_edit.php");
// echo "No user {$accounts_id} for conference {$_SESSION['conferences_id']}";
exit ;
}
if ( mysql_num_rows ( $q ) > 1 ) {
echo " DATABASE ERROR: More than one user for account $accounts_id conference { $conferences_id } " ;
exit ;
}
$uid = mysql_fetch_assoc ( $q );
$id = $uid [ 'id' ];
$u = user_load ( $id );
$_SESSION [ 'name' ] = " { $u [ 'firstname' ] } { $u [ 'lastname' ] } " ;
$_SESSION [ 'users_id' ] = $u [ 'id' ];
$_SESSION [ 'roles' ] = array_keys ( $u [ 'roles' ]);
/* Load the password expiry for each user role , and
* find the longest expiry , which is the one we ' ll use
* for this user to determine if the passwd has
* expired . */
$longest_expiry = 0 ;
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
$e = $config [ " { $r } _password_expiry_days " ];
if ( $e == 0 ) {
/* Catch a never expire case. */
$longest_expiry = 0 ;
break ;
} else if ( $e > $longest_expiry ) {
$longest_expiry = $e ;
}
}
if ( $u [ 'passwordset' ] == '0000-00-00' ) {
/* Force the password to expire */
$_SESSION [ 'password_expired' ] = true ;
} else if ( $longest_expiry == 0 ) {
/* Never expires */
unset ( $_SESSION [ 'password_expired' ]);
} else {
/* Check expiry */
$expires = date ( 'Y-m-d' , strtotime ( " { $u [ 'passwordset' ] } + $longest_expiry days " ));
$now = date ( 'Y-m-d' );
if ( $now > $expires ) {
$_SESSION [ 'password_expired' ] = true ;
} else {
unset ( $_SESSION [ 'password_expired' ]);
}
}
/* If password_expired == true , the main page ( or any
* other user page ) will catch this and require
* them to set a password */
/* Call login functions for each role */
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
if ( is_callable ( " user_ { $r } _login " )) {
call_user_func_array ( " user_ { $r } _login " , array ( $u ));
}
}
// mysql_query("UPDATE accounts SET lastlogin=NOW()
// WHERE id={$u['id']}");
/* Setup multirole so a multirole user can switch if they want to
* without logging in / out */
/* if ( count ( $u [ 'roes' ]) > 1 ) {
$_SESSION [ 'multirole' ] = true ;
} else {
$_SESSION [ 'multirole' ] = false ;
}
*/
/* See if there is a redirect , and do that instead of
* taking them to their main page */
/* if ( $redirect != '' ) {
switch ( $redirect ) {
case 'roleadd' :
if ( ! user_valid_role ( $multirole_data ))
$multirole_data = '' ;
header ( " location: user_multirole.php?action=add&role= $multirole_data " );
exit ;
case 'roleattached' :
message_push ( happy ( i18n ( 'The %1 role has been attached to your account' , array ( $roles [ $role ][ 'name' ]))));
message_push ( notice ( i18n ( 'Use the [Switch Roles] link in the upper right to change roles while you are logged in' )));
header ( " location: { $role } _main.php " );
exit ;
}
}
*/
/* Is there a saved requesT_uri from a failed login attempt ? , if so
* take them there */
if ( array_key_exists ( 'request_uri' , $_SESSION )) {
// header("location: {$_SESSION['request_uri']}");
unset ( $_SESSION [ 'request_uri' ]);
return $_SESSION [ 'request_uri' ];
}
return " user_main.php " ;
// header("location: user_main.php");
//exit;
}
2007-12-20 22:47:21 +00:00
?>