science-ation/user_roles.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
   Copyright (C) 2005 James Grant <james@lightbox.org>
   Copyright (C) 2007 David Grant <dave@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?
require_once('common.inc.php');
require_once('user.inc.php');
require_once('user_edit.inc.php');

/* Ensure they're logged in as something, anything */
user_auth_required();

$edit_id = isset($_GET['users_id']) ? intval($_GET['users_id']) : $_SESSION['users_id'];
if($edit_id != $_SESSION['users_id']) 
	user_auth_required('admin');
else
	user_auth_required();

$u = user_load($edit_id);

/* Validate the incoming role, make sure it is actually a role */
$role = '';
if($_GET['action'] != '') {
	 $role = $_GET['role'];
	 if(!array_key_exists($role, $roles)) {
 		echo "ERROR: not an allowed role.";
		exit;
	 }
	 /* We're not adding a role, but this checks to see if
	  * the user is allowed to be associated with this role, we don't
	  * want a student to deactivate a committee role, which would
	  * set the 'active' to 'no', but would create the 'committee' entry
	  * in the roles array, making them part of that role suddenly. We
	  * also check for this case below to prevent it */
	if(!user_add_role_allowed($u, $role)) {
		/* If we get in here, someone is hand crafting URLs */
		echo "HALT: invalid role to manipulate for this user.";
		exit;
	}
}

switch($_GET['action']) {
case 'delete':
 	//okay here we go, lets get rid of them completely, since this is what theyve asked for
	message_push(happy(i18n("Account successfully deleted. Goodbye")));
	user_delete($u);
	header('location: user_login.php?action=logout');
	exit;

case 'remove':
 	/* Like delete, only we're only deleting a role, not the whole account */
	happy_("{$roles[$role]['name']} role successfully removed.");
	echo i18n("Removed");
	user_delete($u, $role);
	exit;

 case 'activate':
 	if(!array_key_exists($role, $u['roles'])) {
		/* Hand crafting URLs? */
		echo "HALT: can't activate a role the user doesn't have";
		exit;
	}
	$u['roles'][$role]['active'] = 'yes';
	user_save($u);
	happy_("{$roles[$role]['name']} role for %1 successfully activated",array($config['FAIRYEAR']));
	echo i18n("Active");
	exit;

 case 'deactivate':
 	if(!array_key_exists($role, $u['roles'])) {
		/* Hand crafting URLs? */
		echo "HALT: can't deactivate a role the user doesn't have";
		exit;
	}
	$u['roles'][$role]['active'] = 'no';
	user_save($u);
	happy_("{$roles[$role]['name']} role for %1 successfully deactivated",array($config['FAIRYEAR']));
	echo i18n("Deactivated");
	exit;
 case 'add':
 	// add the role
//	echo 'add role: ' . $role;
	user_add_role($u, $role, $_GET['password']);
 	exit;
 }

?>

<h4><?=i18n("Roles")?></h4>

<?
 echo '<ul>';
 echo '<li>'.i18n("An <b>Active Role</b> indicates you would like to participate in the %1 %2 as that role (Judge, Volunteer, etc.)",array($config['FAIRYEAR'],$config['fairname']));
 echo '</li><li>'.i18n("A <b>Deactivated Role</b> indicates you cannot participate in the deactivated roles this year, but would like remain on the mailing lists for future years.  You can activate your deactivated role at any time.");
 echo '</li><li>'.i18n("The <b>Remove Role</b> button completely deletes the role from your account.  You will not receive future emails for the removed role.  This action cannot be undone.");
 echo '</ul>';
?>

<script type="text/javascript">
function activate(role)
{
	$("#rolestatus_"+role).load("<?=$config['SFIABDIRECTORY']?>/user_roles.php?action=activate&users_id=<?=$u['id']?>&role="+role,$('#rolesform').serializeArray());
	$("#activate_"+role).attr('disabled', 'disabled');
	$("#deactivate_"+role).removeAttr('disabled');
	$("#remove_"+role).removeAttr('disabled');
	$("#rolestatus_"+role).removeClass('notice');
	$("#rolestatus_"+role).addClass('happy');
	return false;
}
function deactivate(role)
{
	$("#rolestatus_"+role).load("<?=$config['SFIABDIRECTORY']?>/user_roles.php?action=deactivate&users_id=<?=$u['id']?>&role="+role,$('#rolesform').serializeArray());
	$("#activate_"+role).removeAttr('disabled');
	$("#deactivate_"+role).attr('disabled', 'disabled');
	$("#remove_"+role).attr('disabled', 'disabled');
	$("#rolestatus_"+role).removeClass('happy');
	$("#rolestatus_"+role).addClass('notice');
	return false;

}
function remove(role)
{
	var con = confirmClick("<?=i18n("Are you sure you want to remove this role from your account?\\nThis action cannot be undone.")?>");
	if(con == true) {
		$("#rolestatus_"+role).load("<?=$config['SFIABDIRECTORY']?>/user_roles.php?action=remove&users_id=<?=$u['id']?>&role="+role,$('#rolesform').serializeArray());
		$("#activate_"+role).attr('disabled', 'disabled');
		$("#deactivate_"+role).attr('disabled', 'disabled');
		$("#remove_"+role).attr('disabled', 'disabled');
		$("#rolestatus_"+role).removeClass('happy');
		$("#rolestatus_"+role).addClass('notice');
	}
}

// add the specified role to this user at this fair
function addRole(role){
	$.get('user_roles.php', {'action':'add', 'role':role, 'password':$('#password').val()}, function(result){
		$('#testoutput').html(result);
	});
}


</script>


<form class="editor" id="rolesform">
<table width="90%">
<?
 foreach(array_keys($u['roles']) as $r) {
 	
	if($u['roles'][$r]['active'] == 'yes') {
		$cs = i18n('Active');
		$cl = 'happy';
		$a = 'disabled="disabled"';
		$d = '';
	} else {
		$cs = i18n('Deactivated');
		$cl = 'notice';
		$a = '';
		$d = 'disabled="disabled"';
	}
?>
	<tr>
	<td><b><?=i18n($roles[$r]['name'])?></b></td>
	<td><div class="<?=$cl?>" id="rolestatus_<?=$r?>"><?=$cs?></div></td>
	<td>

	<button style="width: 100px;" id="activate_<?=$r?>" <?=$a?> onclick="activate('<?=$r?>');return false;" ><?=i18n("Activate")?></button>
	<button style="width: 100px;" id="deactivate_<?=$r?>" <?=$d?> onclick="deactivate('<?=$r?>');return false;" ><?=i18n("Deactivate")?></button>
	<button style="width: 100px;" id="remove_<?=$r?>" <?=$d?> onclick="remove('<?=$r?>');return false;" ><?=i18n("Remove")?></button>

	</td></tr>
<?
}
?>
</table>
</form>

<?php
/*
// testing link
if(!in_array('judge', $u['roles'])){
	echo "<div><span style=\"font-weight:bold\" onmouseover=\"this.style.cursor='pointer';\" onmouseout=\"this.style.cursor='auto';\" onclick=\"addRole('judge');\">Make me a judge</span></div>";
	echo "<div>Password<input type=\"text\" id=\"password\"></input></div>";
}
*/
?>

<br/><hr/><br/>
<?=i18n("The <b>Delete Entire Account</b> button completely deletes your entire account.  You will not receive any future email for any roles.  It completely removes you from the system.  This action cannot be undone.")?>
<br/>

<form method="post" action="<?=$config['SFIABDIRECTORY']?>/user_roles.php?action=delete&users_id=<?=$u['id']?>" >
<input style="width: 300px;" onclick="return confirmClick('<?=i18n("Are you sure you want to completely delete your account?\\nDoing so will remove you from our mailing list for future years and you will never hear from us again.\\nThis action cannot be undone.")?>');"
	type="submit" value="<?=i18n("Delete Entire Account")?>">
</form>
<div id="testoutput"></div>