science-ation/register_participants.php

<?
 require("common.inc.php");

 if($_POST['action']=="new")
 {
 	$q=mysql_query("SELECT email,num,id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
	if(mysql_num_rows($q))
	{
		$r=mysql_fetch_object($q);
		$_SESSION['registration_number']=$r->num;
		$_SESSION['registration_id']=$r->id;
		mysql_query("INSERT INTO students (registrations_id,email,year) VALUES ('$r->id','".mysql_escape_string($_SESSION['email'])."','".$config['FAIRYEAR']."')");
		echo mysql_error();
		mysql_query("UPDATE registrations SET status='open' WHERE id='$r->id'");
		echo mysql_error();

		header("Location: register_participants_main.php");
		exit;

	}
	else
	{
 		send_header("Participant Registration");
		echo error(i18n("Invalid registration number (%1) for email address %2",array($_POST['regnum'],$_SESSION['email'])));
		$_POST['action']="login";
	}

 }
 else if($_POST['action']=="continue")
 {

	 $q=mysql_query("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.name FROM registrations,students ".
 	"WHERE students.email='".$_SESSION['email']."' ".
	"AND registrations.num='".$_POST['regnum']."' ". 
	"AND students.registrations_id=registrations.id ".
	"AND registrations.year=".$config['FAIRYEAR']." ".
	"AND students.year=".$config['FAIRYEAR']);

	if(mysql_num_rows($q))
	{
		$r=mysql_fetch_object($q);
		$_SESSION['registration_number']=$r->regnum;
		$_SESSION['registration_id']=$r->regid;
		header("Location: register_participants_main.php");
		exit;
	}

 }

 
 //if they've alreayd logged in, and somehow wound back up here, take them back to where they should be
 if($_SESSION['registration_number'] && $_SESSION['registration_id'] && $_SESSION['email'])
 {
	header("Location: register_participants_main.php");

 }

 send_header("Participant Registration");
 
 if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) )
 {
 	if($_POST['email'])
	 	$_SESSION['email']=$_POST['email'];

 	echo "<form method=\"post\" action=\"register_participants.php\">";

 	$allownew=true;
 	//first, check if they have any registrations waiting to be opened
	$q=mysql_query("SELECT * FROM registrations WHERE email='".$_SESSION['email']."' AND status='new' AND year=".$config['FAIRYEAR']);
	if(mysql_num_rows($q)>0)
	{
		echo i18n("Please enter the <b>registration number</b> you received in your email, in order to begin your new registration");
		echo "<input type=\"hidden\" name=\"action\" value=\"new\">";
		$allownew=false;
	}
	else
	{
		$q=mysql_query("SELECT students.email,
					registrations.status
				FROM students,
					registrations
				WHERE 
					students.email='".$_SESSION['email']."' 
					AND students.year=".$config['FAIRYEAR']."
					AND registrations.year=".$config['FAIRYEAR']."
					AND registrations.status='open'");
		echo mysql_error();
		if(mysql_num_rows($q)>0)
		{
			echo i18n("Please enter the <b>registration number</b> in order to continue your registration");
			echo "<input type=\"hidden\" name=\"action\" value=\"continue\">";
			$allownew=false;
		}
	}

	if($allownew)
	{
		$regnum=0;
		//now create the new registration record, and assign a random/unique registration number to then.
		do
		{
			//random number between
			//100000 and 999999  (six digit integer)
			$regnum=rand(100000,999999);
			$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
		}while(mysql_num_rows($q)>0);

		//actually insert it
		mysql_query("INSERT INTO registrations (num,email,start,status,year) VALUES (".
				"'$regnum',".
				"'".$_SESSION['email']."',".
				"NOW(),".
				"'new',".
				$config['FAIRYEAR'].
				")");


		$mailbody=	"A new registration account has been created for you.\n".
			  	"To access your registration account, please enter\n".
			  	"enter the following registration number into the\n".
				"registration website:\n".
				"\n".
				"Registration Number: $regnum\n".
				"\n";
		mail($_SESSION['email'],i18n("Registration for %1",array(i18n($config['fairname']))),$mailbody);

		echo i18n("You have been identified as a new registrant.  An email has been sent to <b>%1</b> which contains your new <b>registration number</b>.  Please check your email to obtain your <b>registration number</b> and then enter it below:",array($_SESSION['email'])); 
		echo "<input type=\"hidden\" name=\"action\" value=\"new\">";

	}
	echo "<br />";
	echo "<br />";
	echo i18n("Registration Number:");
	echo "<input type=\"text\" size=\"10\" name=\"regnum\">";
	echo "<input type=\"submit\" value=\"Submit\">";
	echo "</form>";
 }
 else
 {

	 echo i18n("Please enter your email address to :");
	 echo "<ul>";
	 echo "<li>".i18n("Begin a new registration")."</li>";
	 echo "<li>".i18n("Continue a previously started registration")."</li>";
	 echo "<li>".i18n("Modify an existing registration")."</li>";
	 echo "</ul>";

	?>
	 <form method="post" action="register_participants.php">
	 <input type="hidden" name="action" value="login" />
	 <?=i18n("Email")?>: <input type="text" name="email" size="30" />
	 <input type="submit" value="Begin" />
	 </form>
	<?
 }
 send_footer();
?>