2007-11-16 06:30:42 +00:00
< ?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website : http :// www . sfiab . ca
Copyright ( C ) 2005 Sci - Tech Ontario Inc < info @ scitechontario . org >
Copyright ( C ) 2005 James Grant < james @ lightbox . org >
Copyright ( C ) 2007 David Grant < dave @ lightbox . org >
This program is free software ; you can redistribute it and / or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation , version 2.
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; see the file COPYING . If not , write to
the Free Software Foundation , Inc . , 59 Temple Place - Suite 330 ,
Boston , MA 02111 - 1307 , USA .
*/
?>
< ?
2010-10-07 22:02:45 +00:00
include_once ( 'account.inc.php' );
2011-02-01 20:10:11 +00:00
2011-02-25 22:30:50 +00:00
//we need these for the <type>_status_update() functions, to determine who's complete and who isn't
2011-02-01 20:10:11 +00:00
//these are called on user_save for each role, if the function exists. The functions themselves
2011-02-25 22:30:50 +00:00
//shoudln't change anything, just return the results, the user_save does the updating
2011-02-01 20:10:11 +00:00
require_once ( 'judge.inc.php' );
require_once ( 'volunteer.inc.php' );
2011-02-25 22:30:50 +00:00
require_once ( 'participant.inc.php' );
2011-02-01 20:10:11 +00:00
2010-07-13 03:30:11 +00:00
function user_valid_role ( $role )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
global $roles ;
if ( ! is_array ( $role )) $role = array ( $role );
2008-07-09 18:24:49 +00:00
2010-07-13 03:30:11 +00:00
foreach ( $role as $r ) {
if ( ! array_key_exists ( $r , $roles )) return false ;
2009-10-11 18:19:04 +00:00
}
2009-09-09 00:26:12 +00:00
return true ;
}
2007-11-16 06:30:42 +00:00
2009-10-11 03:32:14 +00:00
2010-07-13 03:30:11 +00:00
function user_load ( $users_id , $accounts_id = false )
2009-10-11 03:32:14 +00:00
{
2010-12-21 23:16:20 +00:00
global $conference ;
2010-07-13 03:30:26 +00:00
/* Load user, join accounts so we also load the email, superuser flag */
2010-10-01 19:28:26 +00:00
//hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc.
2010-07-13 03:30:11 +00:00
if ( $accounts_id != false ) {
$accounts_id = intval ( $accounts_id );
2010-12-21 23:16:20 +00:00
//get the user record for the current conference, if they have one
2011-01-26 23:15:58 +00:00
//hmm this should be conference specific, but what if we cant find them?
2011-02-23 16:45:00 +00:00
$q = mysql_query ( " SELECT users.id FROM users WHERE accounts_id = $accounts_id AND conferences_id=' { $conference [ 'id' ] } ' LIMIT 1 " );
//$q = mysql_query("SELECT users.id FROM users WHERE accounts_id = $accounts_id ORDER BY conferences_id DESC LIMIT 1");
2011-01-26 23:15:58 +00:00
$r = mysql_fetch_object ( $q );
$users_id = $r -> id ;
2010-12-21 23:16:20 +00:00
//if we don't find a users id, then return false, means they dont have a record for this conference yet
if ( ! $users_id )
return false ;
2007-11-16 06:30:42 +00:00
} else {
2010-10-20 19:44:18 +00:00
$users_id = intval ( $users_id );
2007-11-16 06:30:42 +00:00
}
2010-10-20 19:44:18 +00:00
$count = mysql_result ( mysql_query ( " SELECT COUNT(*) FROM users WHERE id = $users_id " ), 0 );
if ( $count == 0 ){
return false ;
}
if ( $count > 1 ){
2010-07-13 03:30:11 +00:00
echo " ERROR: More than one user. \n " ;
2010-07-27 19:06:36 +00:00
return false ;
2009-09-09 00:26:12 +00:00
}
2010-07-06 15:32:26 +00:00
2010-10-20 19:44:18 +00:00
// Load the user, we'll start with a blank slate
$u = array ();
2010-07-13 03:30:11 +00:00
2010-10-20 19:44:18 +00:00
// Get roles, and active/complete status for each role
2010-08-19 22:56:33 +00:00
$u [ 'roles' ] = array ();
2010-10-20 19:44:18 +00:00
$query = " SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id= $users_id " ;
$q = mysql_query ( $query );
2010-07-13 03:30:11 +00:00
while (( $roledata = mysql_fetch_assoc ( $q ))) {
2010-08-19 22:56:33 +00:00
$u [ 'roles' ][ $roledata [ 'type' ]] = $roledata ;
2010-10-20 19:44:18 +00:00
}
2010-10-22 18:43:17 +00:00
2010-08-19 22:56:33 +00:00
if ( count ( $u [ 'roles' ]) == 0 ) {
2010-07-13 03:30:11 +00:00
/* No roles , that ' s ok actually , the previous logic here was that
* a user without roles is deleted .. but .. this could happen for
* new users , or if someone deletes all their roles before adding
* a new role */
}
2009-09-09 00:26:12 +00:00
2011-02-22 20:52:54 +00:00
// not sure if this is the best place to add it, but if the user is a student, add their emergency contacts
if ( array_key_exists ( 'participant' , $u [ 'roles' ])){
$u [ 'emergencycontacts' ] = array ();
2011-02-23 17:35:50 +00:00
$fields = array ( 'firstname' , 'lastname' , 'relation' , 'phone1' , 'phone2' , 'phone3' , 'phone4' , 'email' );
2011-03-01 17:59:08 +00:00
$q = mysql_query ( " SELECT " . implode ( ',' , $fields ) . " FROM emergencycontact WHERE users_id = $users_id ORDER BY id " );
2011-02-22 20:52:54 +00:00
while ( $row = mysql_fetch_assoc ( $q )){
$u [ 'emergencycontacts' ][] = $row ;
}
}
2010-10-22 18:43:17 +00:00
// get a list of all fields relevant to this user
$fieldDat = user_get_fields ( array_keys ( $u [ 'roles' ]));
2010-10-25 18:07:55 +00:00
// we need to separate the fields that are in the users table from those in separate tables
2010-10-22 18:43:17 +00:00
$fields = array_unique ( array_merge ( array_keys ( $fieldDat ), array ( 'id' , 'accounts_id' , 'conferences_id' )));
2010-10-25 18:07:55 +00:00
$userFields = array ();
$q = mysql_query ( " DESCRIBE users " );
while ( $row = mysql_fetch_assoc ( $q )){
$userFields [] = $row [ 'Field' ];
}
$userFields = array_intersect ( $fields , $userFields );
$specialFields = array_diff ( $fields , $userFields );
2010-10-22 18:43:17 +00:00
2010-10-25 18:07:55 +00:00
// we can start by populating the array with data out of the users table
2010-12-21 23:16:20 +00:00
$query = " SELECT users. " . implode ( " , users. " , $userFields ) . " ,
accounts . email
FROM users JOIN accounts ON accounts . id = users . accounts_id
WHERE `users` . `id` = '$users_id' " ;
// echo $query=$query;
2010-10-20 19:44:18 +00:00
$q = mysql_query ( $query );
echo mysql_error ();
// Sanitize the user data
$userDat = mysql_fetch_assoc ( $q );
2011-02-22 17:50:14 +00:00
if ( ! $userDat ) {
echo " DEBUG: Couldnt find user/account match for users_id= $users_id " ;
return false ;
}
2010-10-20 19:44:18 +00:00
$u = array_merge ( $u , $userDat );
$u [ 'id' ] = intval ( $u [ 'id' ]);
$u [ 'accounts_id' ] = intval ( $u [ 'accounts_id' ]);
2010-10-25 18:07:55 +00:00
// Convenience
2010-08-19 22:56:33 +00:00
$u [ 'name' ] = ( $u [ 'firstname' ] ? " { $u [ 'firstname' ] } " : '' ) . $u [ 'lastname' ];
2009-09-09 00:26:12 +00:00
2010-10-25 18:07:55 +00:00
// Email recipient for "to" field on emails
2010-08-19 22:56:33 +00:00
if ( ( $u [ 'firstname' ] || $u [ 'lastname' ]) && $u [ 'email' ]) {
2009-12-02 22:17:20 +00:00
//use their full name if we have it
//if the name contains anything non-standard, we need to quote it.
2010-08-19 22:56:33 +00:00
if ( eregi ( " [^a-z0-9 ] " , $u [ 'name' ]))
$u [ 'emailrecipient' ] = " \" { $u [ 'name' ] } \" < { $u [ 'email' ] } > " ;
2009-12-02 22:17:20 +00:00
else
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = " { $u [ 'name' ] } < { $u [ 'email' ] } > " ;
2009-12-02 22:17:20 +00:00
}
2010-08-19 22:56:33 +00:00
else if ( $u [ 'email' ]) {
2009-12-02 22:17:20 +00:00
//otherwise, just their email address
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = $u [ 'email' ];
2009-12-02 22:17:20 +00:00
}
2010-07-13 03:30:11 +00:00
else {
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = " " ;
2010-07-13 03:30:11 +00:00
}
2009-12-02 22:17:20 +00:00
2010-10-01 19:28:26 +00:00
/* we dont want them thinking they can change the email , so dont include it here ,
its part of the account , not the user , this way they still get the 'emailrecipient'
convenience variable , not not the email itself , for that , they need to access
the account . */
unset ( $u [ 'email' ]);
2010-10-14 19:42:20 +00:00
$should_be_arrays = array ();
2010-10-01 19:28:26 +00:00
2010-08-19 22:56:33 +00:00
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
2010-07-13 03:30:11 +00:00
/* Do the load routines inline , the explosion of user roles
* means it ' s just silly to have a different function for each
* one . If we get one that has a crazy amount of stuff to do ,
* we could move it all to a function and call it in the
* switch below */
switch ( $r ) {
case 'committee' :
$u [ 'ord' ] = intval ( $u [ 'ord' ]);
$u [ 'displayemail' ] = ( $u [ 'displayemail' ] == 'yes' ) ? 'yes' : 'no' ;
break ;
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
case 'judge' :
2010-12-02 20:28:19 +00:00
if ( in_array ( 'years_school' , $fields )) $u [ 'years_school' ] = intval ( $u [ 'years_school' ]);
if ( in_array ( 'years_regional' , $fields )) $u [ 'years_regional' ] = intval ( $u [ 'years_regional' ]);
if ( in_array ( 'years_national' , $fields )) $u [ 'years_national' ] = intval ( $u [ 'years_national' ]);
if ( in_array ( 'willing_chair' , $fields )) $u [ 'willing_chair' ] = ( $u [ 'willing_chair' ] == 'yes' ) ? 'yes' : 'no' ;
if ( in_array ( 'special_award_only' , $fields )) $u [ 'special_award_only' ] = ( $u [ 'special_award_only' ] == 'yes' ) ? 'yes' : 'no' ;
if ( in_array ( 'cat_prefs' , $fields )) $u [ 'cat_prefs' ] = ( strlen ( $u [ 'cat_prefs' ]) > 0 ) ? unserialize ( $u [ 'cat_prefs' ]) : array ();
if ( in_array ( 'div_prefs' , $fields )) $u [ 'div_prefs' ] = ( strlen ( $u [ 'div_prefs' ]) > 0 ) ? unserialize ( $u [ 'div_prefs' ]) : array ();
if ( in_array ( 'divsub_prefs' , $fields )) $u [ 'divsub_prefs' ] = ( strlen ( $u [ 'divsub_prefs' ]) > 0 ) ? unserialize ( $u [ 'divsub_prefs' ]) : array ();
2010-07-13 03:30:11 +00:00
// $u['expertise_other'] = $u['expertise_other'];
2010-10-14 20:31:10 +00:00
//if it hasnt been parsed/converted yet
if ( ! is_array ( $u [ 'languages' ]))
$u [ 'languages' ] = ( strlen ( $u [ 'languages' ]) > 0 ) ? unserialize ( $u [ 'languages' ]) : array ();
2010-07-13 03:30:11 +00:00
// $u['highest_psd'] = $u['highest_psd'];
/* Sanity check the arrays, make sure they are arrays */
2010-11-16 21:19:16 +00:00
$should_be_arrays = array ( 'cat_prefs' , 'div_prefs' , 'divsub_prefs' , 'languages' , 'special_awards' , 'time_availability' );
2010-07-13 03:30:11 +00:00
break ;
case 'sponsor' :
$u [ 'sponsors_id' ] = intval ( $u [ 'sponsors_id' ]);
if ( $u [ 'sponsors_id' ]) {
$q = mysql_query ( " SELECT * FROM sponsors WHERE id=' { $u [ 'sponsors_id' ] } ' " );
$u [ 'sponsor' ] = mysql_fetch_assoc ( $q );
}
break ;
2010-10-14 19:42:20 +00:00
case 'volunteer' :
2010-10-14 20:31:10 +00:00
//if it hasnt been parsed/converted yet
if ( ! is_array ( $u [ 'languages' ]))
$u [ 'languages' ] = ( strlen ( $u [ 'languages' ]) > 0 ) ? unserialize ( $u [ 'languages' ]) : array ();
2010-10-14 19:42:20 +00:00
$should_be_arrays = array ( 'languages' );
break ;
2010-07-13 03:30:11 +00:00
default :
/* Nothing to do for all other roles */
break ;
2007-11-16 06:30:42 +00:00
}
}
2010-10-25 18:07:55 +00:00
2010-10-14 19:42:20 +00:00
foreach ( $should_be_arrays as $k ) {
2010-12-02 20:28:19 +00:00
if ( in_array ( $val , $fields )){
if ( ! is_array ( $u [ $k ])) $u [ $k ] = array ();
}
2010-10-14 19:42:20 +00:00
}
2007-11-16 22:19:58 +00:00
2010-10-25 18:07:55 +00:00
// now let's populate the fields that are not stored in the users table
foreach ( $specialFields as $field ){
switch ( $field ){
case 'special_awards' :
2010-11-01 15:28:51 +00:00
$selected = array ();
2010-10-25 18:07:55 +00:00
$q = mysql_query ( " SELECT award_awards_id aaid FROM judges_specialaward_sel WHERE users_id = { $u [ 'id' ] } " );
while ( $r = mysql_fetch_assoc ( $q )){
$selected [] = $r [ 'aaid' ];
}
2010-11-16 20:42:40 +00:00
$u [ 'special_awards' ] = $selected ;
2010-10-25 18:07:55 +00:00
break ;
2010-10-26 18:15:04 +00:00
case 'available_times' :
// a rather complicated match-up, as they're linked by time values, not by record id's
2010-11-16 19:53:26 +00:00
$times = get_judging_timeslots ( $u [ 'conferences_id' ]);
2010-10-26 18:15:04 +00:00
$q = mysql_query ( " SELECT * FROM judges_availability WHERE users_id= \" { $u [ 'id' ] } \" " );
$sel = array ();
while ( $r = mysql_fetch_object ( $q )) {
foreach ( $times as $t ) {
if ( $r -> start == $t [ 'starttime' ] && $r -> end == $t [ 'endtime' ] && $r -> date == $t [ 'date' ])
$sel [] = $t [ 'id' ];
}
}
$items = array ();
foreach ( $times as $t ) {
$st = substr ( $t [ 'starttime' ], 0 , 5 );
$end = substr ( $t [ 'endtime' ], 0 , 5 );
if ( in_array ( $t [ 'id' ], $sel )){
2010-11-16 20:42:40 +00:00
$items [] = $t [ 'id' ];
2010-10-26 18:15:04 +00:00
}
}
$u [ 'available_times' ] = $items ;
break ;
2010-11-16 19:53:26 +00:00
case 'available_events' :
$q1 = mysql_query ( " SELECT schedule_id FROM `schedule_users_availability_link` sual JOIN schedule ON schedule.id = sual.schedule_id WHERE users_id = { $u [ 'id' ] } AND schedule.conferences_id = ' { $u [ 'conferences_id' ] } ' " );
$ids = array ();
while ( $row = mysql_fetch_assoc ( $q1 )){
$ids [] = $row [ 'schedule_id' ];
}
2010-11-16 20:42:40 +00:00
$u [ 'available_events' ] = $ids ;
2010-11-16 19:53:26 +00:00
break ;
case 'volunteer_positions' :
$q1 = mysql_query ( " SELECT volunteer_positions_id AS vpid FROM volunteer_positions_signup WHERE users_id = { $u [ 'id' ] } AND conferences_id = { $u [ 'conferences_id' ] } " );
$ids = array ();
while ( $row = mysql_fetch_assoc ( $q1 )){
$ids [] = $row [ 'vpid' ];
}
2010-11-16 20:42:40 +00:00
$u [ 'volunteer_positions' ] = $ids ;
2010-11-16 19:53:26 +00:00
break ;
2010-10-25 18:07:55 +00:00
}
}
2007-11-16 06:30:42 +00:00
/* Do this assignment without recursion :) */
2010-08-19 22:56:33 +00:00
unset ( $u [ 'orig' ]);
$orig = $u ;
$u [ 'orig' ] = $orig ;
2010-10-20 17:25:43 +00:00
$u [ 'required_fields' ] = user_all_fields_required ( array_keys ( $u [ 'roles' ]));
2010-08-19 22:56:33 +00:00
return $u ;
2007-11-16 06:30:42 +00:00
}
2010-10-22 18:43:17 +00:00
2010-07-13 03:30:11 +00:00
function user_load_by_accounts_id ( $accounts_id )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
return user_load ( 0 , $accounts_id );
2009-09-09 00:26:12 +00:00
}
2009-10-11 03:32:14 +00:00
function user_load_by_email ( $email )
{
2010-07-13 03:30:11 +00:00
/* Find the accounts_id for the email, regardless of deleted status */
2009-10-11 03:32:14 +00:00
$e = mysql_real_escape_string ( $email );
2010-07-13 03:30:11 +00:00
$q = mysql_query ( " SELECT accounts_id FROM users WHERE email=' $e ' OR username=' $e ' " );
2009-10-11 03:32:14 +00:00
if ( mysql_num_rows ( $q ) == 1 ) {
2010-07-13 03:30:11 +00:00
$i = mysql_fetch_assoc ( $q );
return user_load_by_accounts_id ( $i [ 'accounts_id' ]);
2009-10-11 03:32:14 +00:00
}
return false ;
}
2010-10-21 21:56:09 +00:00
function user_get_role_fields ( $role ){
2011-02-17 22:04:47 +00:00
global $conference , $config ;
2010-10-21 21:56:09 +00:00
switch ( $role ){
case 'committee' :
$fields = array ( 'emailprivate' , 'ord' , 'displayemail' );
break ;
case 'judge' :
2010-12-02 20:28:19 +00:00
if ( $conference [ 'type' ] == 'scienceolympics' ){
$fields = array ( 'languages' );
} else {
$fields = array ( 'years_school' , 'years_regional' , 'years_national' ,
'willing_chair' , 'special_award_only' ,
'cat_prefs' , 'div_prefs' , 'divsub_prefs' ,
'expertise_other' , 'languages' , 'highest_psd' );
}
2010-10-21 21:56:09 +00:00
break ;
2010-11-26 16:50:17 +00:00
case 'participant' :
2011-02-17 22:04:47 +00:00
$fields = array ( 'grade' , 'schools_id' , 'foodreq' , 'medicalalert' , 'registrations_id' );
if ( $config [ 'participant_student_personal' ] == " yes " ){
$fields [] = 'dateofbirth' ;
}
if ( $config [ 'participant_student_tshirt' ] == " yes " ){
$fields [] = 'tshirt' ;
}
2010-10-21 21:56:09 +00:00
break ;
case 'fair' :
$fields = array ( 'fairs_id' );
break ;
case 'sponsor' :
$fields = array ( 'sponsors_id' , 'primary' , 'position' , 'notes' );
break ;
case 'teacher' :
2010-10-27 16:40:17 +00:00
$fields = array ( 'schools_id' );
break ;
case 'principal' :
$fields = array ( 'schools_id' );
2010-10-21 21:56:09 +00:00
break ;
case 'volunteer' :
$fields = array ( 'languages' );
break ;
default :
$fields = array ();
}
return $fields ;
}
2010-11-18 17:00:26 +00:00
function user_get_field_info ( $noConference = false ){
2010-11-16 19:53:26 +00:00
global $conference ;
$returnval = array (
2010-11-10 18:47:01 +00:00
'salutation' => array ( 'label' => 'Salutation' , 'group' => 'Personal Information' ),
'firstname' => array ( 'label' => 'First Name' , 'group' => 'Personal Information' ),
'lastname' => array ( 'label' => 'Last Name' , 'group' => 'Personal Information' ),
'sex' => array ( 'label' => 'Sex' , 'group' => 'Personal Information' ),
'phonehome' => array ( 'label' => 'Home Phone' , 'group' => 'Contact Information' ),
'phonework' => array ( 'label' => 'Work Phone' , 'group' => 'Contact Information' ),
'phonecell' => array ( 'label' => 'Cell Phone' , 'group' => 'Contact Information' ),
'fax' => array ( 'label' => 'Fax Number' , 'group' => 'Contact Information' ),
'organization' => array ( 'label' => 'Organization' , 'group' => 'Contact Information' ),
'birthdate' => array ( 'label' => 'Date of Birth' , 'group' => 'Personal Information' ),
2010-11-16 21:19:16 +00:00
'lang' => array ( 'label' => 'Primary Language' , 'group' => 'Contact Information' ),
2010-11-10 18:47:01 +00:00
'address' => array ( 'label' => 'Address' , 'group' => 'Contact Information' ),
'address2' => array ( 'label' => '' , 'group' => 'Contact Information' ),
'city' => array ( 'label' => 'City' , 'group' => 'Contact Information' ),
'province' => array ( 'label' => 'Province' , 'group' => 'Contact Information' ),
'postalcode' => array ( 'label' => 'Postal Code' , 'group' => 'Contact Information' ),
'firstaid' => array ( 'label' => 'First Aid' , 'group' => 'Personal Information' ),
'cpr' => array ( 'label' => 'CPR' , 'group' => 'Personal Information' ),
'displayemail' => array ( 'label' => 'Display Email' , 'group' => 'Personal Information' ),
'sponsors_id' => array ( 'label' => 'Sponsor' , 'group' => 'Sponsors' ),
'primary' => array ( 'label' => 'Primary Contact' , 'group' => 'Sponsors' ),
'position' => array ( 'label' => 'Position' , 'group' => 'Sponsors' ),
'notes' => array ( 'label' => 'Notes' , 'group' => 'Sponsors' ),
2010-11-16 19:53:26 +00:00
'schools_id' => array ( 'label' => 'School' , 'group' => 'Personal Information' ),
2010-11-10 18:47:01 +00:00
'grade' => array ( 'label' => 'Grade' , 'group' => 'Personal Information' ),
'special_awards' => array ( 'label' => 'Special Awards' , 'group' => 'Judges' ),
2011-02-16 19:08:58 +00:00
'volunteer_positions' => array ( 'label' => 'Volunteer Positions' , 'group' => 'Volunteers' ),
'foodreq' => array ( 'label' => 'Special Food Requirements' , 'group' => 'Personal Information' ),
'tshirt' => array ( 'label' => 'T-shirt Size' , 'group' => 'Personal Information' ),
'medicalalert' => array ( 'label' => 'Medical Alert Info' , 'group' => 'Personal Information' ),
2011-02-24 18:42:46 +00:00
'dateofbirth' => array ( 'label' => 'Date of Birth' , 'group' => 'Personal Information' ),
'emergencycontacts' => array ( 'label' => 'Emergency Contacts' , 'group' => 'Personal Information' )
2010-10-21 21:56:09 +00:00
);
2010-11-18 17:00:26 +00:00
if ( $noConference ){
2010-12-02 20:28:19 +00:00
$returnval [ 'cat_prefs' ] = array ( 'label' => 'Category Preferences' , 'group' => 'Judges' );
$returnval [ 'div_prefs' ] = array ( 'label' => 'Division Preferences' , 'group' => 'Judges' );
$returnval [ 'divsub_prefs' ] = array ( 'label' => 'Subdivision Preferences' , 'group' => 'Judges' );
$returnval [ 'years_school' ] = array ( 'label' => 'Years experience judging at school level' , 'group' => 'Judges' );
$returnval [ 'years_regional' ] = array ( 'label' => 'Years experience judging at regional level' , 'group' => 'Judges' );
$returnval [ 'years_national' ] = array ( 'label' => 'Years experience judging at national level' , 'group' => 'Judges' );
$returnval [ 'willing_chair' ] = array ( 'label' => 'Willing to lead a judging team' , 'group' => 'Judges' );
$returnval [ 'special_award_only' ] = array ( 'label' => 'Judging only for a special award' , 'group' => 'Judges' );
$returnval [ 'highest_psd' ] = array ( 'label' => 'Highest post-secondary degree' , 'group' => 'Judges' );
$returnval [ 'expertise_other' ] = array ( 'label' => 'Other areas of expertise' , 'group' => 'Judges' );
2010-11-18 17:00:26 +00:00
$returnval [ 'available_times' ] = array ( 'label' => 'Times Available' , 'group' => 'Judges' );
$returnval [ 'available_events' ] = array ( 'label' => 'Event Availability' , 'group' => 'Judges,Volunteers' );
} else {
switch ( $conference [ 'type' ]){
case 'sciencefair' :
2010-12-02 20:28:19 +00:00
$returnval [ 'cat_prefs' ] = array ( 'label' => 'Category Preferences' , 'group' => 'Judges' );
$returnval [ 'div_prefs' ] = array ( 'label' => 'Division Preferences' , 'group' => 'Judges' );
$returnval [ 'divsub_prefs' ] = array ( 'label' => 'Subdivision Preferences' , 'group' => 'Judges' );
$returnval [ 'years_school' ] = array ( 'label' => 'Years experience judging at school level' , 'group' => 'Judges' );
$returnval [ 'years_regional' ] = array ( 'label' => 'Years experience judging at regional level' , 'group' => 'Judges' );
$returnval [ 'years_national' ] = array ( 'label' => 'Years experience judging at national level' , 'group' => 'Judges' );
$returnval [ 'willing_chair' ] = array ( 'label' => 'Willing to lead a judging team' , 'group' => 'Judges' );
$returnval [ 'special_award_only' ] = array ( 'label' => 'Judging only for a special award' , 'group' => 'Judges' );
$returnval [ 'highest_psd' ] = array ( 'label' => 'Highest post-secondary degree' , 'group' => 'Judges' );
$returnval [ 'expertise_other' ] = array ( 'label' => 'Other areas of expertise' , 'group' => 'Judges' );
2010-11-18 17:00:26 +00:00
$returnval [ 'available_times' ] = array ( 'label' => 'Times Available' , 'group' => 'Judges' );
$returnval [ 'available_events' ] = array ( 'label' => 'Event Availability' , 'group' => 'Volunteers' );
2011-01-28 18:12:30 +00:00
$returnval [ 'languages' ] = array ( 'label' => 'Spoken Languages' , 'group' => 'Judges,Volunteers' );
2010-11-18 17:00:26 +00:00
break ;
case 'scienceolympics' :
$returnval [ 'available_events' ] = array ( 'label' => 'Event Availability' , 'group' => 'Judges,Volunteers' );
2011-01-27 22:55:42 +00:00
$returnval [ 'languages' ] = array ( 'label' => 'Spoken Languages' , 'group' => 'Judges,Volunteers' );
2010-11-18 17:00:26 +00:00
break ;
}
2010-11-16 19:53:26 +00:00
}
return $returnval ;
2010-10-21 21:56:09 +00:00
}
2010-10-25 18:07:55 +00:00
function user_role_field_required ( $role , $fieldname ){
2010-10-21 21:56:09 +00:00
$returnval = 0 ;
$requiredFields = array (
'judge' => array ( 'years_school' , 'years_regional' , 'years_national' , 'languages' ),
2011-02-02 23:19:15 +00:00
'participant' => array ( 'grade' , 'schools_id' ),
2010-10-21 21:56:09 +00:00
'fair' => array ( 'fairs_id' ),
'sponsor' => array ( 'sponsors_id' , 'primary' , 'position' ),
'volunteer' => array ( 'languages' )
);
if ( array_key_exists ( $role , $requiredFields )){
if ( in_array ( $fieldname , $requiredFields [ $role ])){
$returnval = 1 ;
}
}
return $returnval ;
}
// accepts either an array of roles (eg. {'judge', 'teacher', 'foo'}), a single one as a string (eg. 'judge'), or a null value (no roles at all)
function user_get_fields ( $userRoles = null ){
2010-11-17 15:52:02 +00:00
global $roles , $conference , $config ;
2010-10-21 21:56:09 +00:00
if ( $userRoles == null ){
$userRoles = array ();
} else if ( ! is_array ( $userRoles )){
// assume that they passed a string identifying a single role (eg. "judge")
$userRoles = array ( $userRoles );
}
// scrub for only valid roles, and fetch their special fields
$enabledFields = array ();
$requiredFields = array ();
$roleFields = array ();
foreach ( $userRoles as $role ){
if ( array_key_exists ( $role , $roles )){
$requiredFields = array_merge ( $requiredFields , user_fields_required ( $role ));
$enabledFields = array_merge ( $enabledFields , user_fields_enabled ( $role ));
$roleFields [ $role ] = user_get_role_fields ( $role );
}
}
// build a list of all fields that are applicable to this user, and assemble them into an array
$fields = array ();
foreach ( $requiredFields as $field ){
if ( ! array_key_exists ( $field , $fields )){
$fields [ $field ] = array (
'field' => $field ,
'required' => 1
);
}
}
foreach ( $roleFields as $role => $fieldList ){
foreach ( $fieldList as $field ){
if ( ! array_key_exists ( $field , $fields )){
$fields [ $field ] = array (
'field' => $field ,
2010-10-25 18:07:55 +00:00
'required' => user_role_field_required ( $role , $field )
2010-10-21 21:56:09 +00:00
);
}
}
}
foreach ( $enabledFields as $field ){
if ( ! array_key_exists ( $field , $fields )){
$fields [ $field ] = array (
'field' => $field ,
'required' => 0
);
}
}
// get the field types
$query = mysql_query ( " DESCRIBE users " );
$fieldType = array ();
while ( $row = mysql_fetch_assoc ( $query )){
$fieldType [ $row [ 'Field' ]] = $row [ 'Type' ];
}
2010-11-10 18:47:01 +00:00
$fieldInfo = user_get_field_info ();
2010-10-21 21:56:09 +00:00
foreach ( $fields as $fieldName => $field ){
$ftype = $fieldType [ $fieldName ];
2010-11-10 18:47:01 +00:00
if ( array_key_exists ( $fieldName , $fieldInfo )){
$fields [ $fieldName ][ 'display' ] = i18n ( $fieldInfo [ $fieldName ][ 'label' ]);
$fields [ $fieldName ][ 'group' ] = i18n ( $fieldInfo [ $fieldName ][ 'group' ]);
2010-10-21 21:56:09 +00:00
}
switch ( $fieldName ){
case 'languages' :
2010-10-22 18:43:17 +00:00
$fields [ $fieldName ][ 'type' ] = 'multiselect' ;
2010-11-17 15:52:02 +00:00
$fields [ $fieldName ][ 'options' ] = $config [ 'languages' ];
break ;
case 'lang' :
$fields [ $fieldName ][ 'type' ] = 'singleselect' ;
$fields [ $fieldName ][ 'options' ] = $config [ 'languages' ];
2010-10-22 18:43:17 +00:00
break ;
2010-10-21 21:56:09 +00:00
case 'cat_prefs' :
2010-10-22 18:43:17 +00:00
$fields [ $fieldName ][ 'description' ] = 'Preference levels for judging individual project categories' ;
$fields [ $fieldName ][ 'type' ] = 'singleselectlist' ;
$fields [ $fieldName ][ 'options' ] = array ( - 2 => 'Very Low' , - 1 => 'Low' , 0 => 'Indifferent' , 1 => 'Medium' , 2 => 'High' );
$fields [ $fieldName ][ 'entries' ] = array ();
$query = mysql_query ( " SELECT id, category FROM projectcategories WHERE conferences_id = { $conference [ 'id' ] } " );
while ( $row = mysql_fetch_assoc ( $query )){
$fields [ $fieldName ][ 'entries' ][ $row [ 'id' ]] = $row [ 'category' ];
}
break ;
2010-10-21 21:56:09 +00:00
case 'div_prefs' :
2010-10-22 18:43:17 +00:00
$divquery = mysql_query ( " SELECT * FROM projectdivisions WHERE conferences_id = { $conference [ 'id' ] } " );
$fields [ $fieldName ][ 'entries' ] = array ();
$fields [ $fieldName ][ 'type' ] = 'singleselectlist' ;
$fields [ $fieldName ][ 'options' ] = array ( 1 => 'Very Little' , 2 => 'Little' , 3 => 'Average' , 4 => 'Knowledgable' , 5 => 'Very Knowledgable' );
while ( $divdata = mysql_fetch_assoc ( $divquery )){
$divid = $divdata [ 'id' ];
2010-11-03 17:18:02 +00:00
$fields [ $fieldName ][ 'entries' ][ $divdata [ 'id' ]] = $divdata [ 'division' ];
2010-10-22 18:43:17 +00:00
}
break ;
2010-10-21 21:56:09 +00:00
case 'divsub_prefs' :
2010-10-22 18:43:17 +00:00
$fields [ $fieldName ][ 'entries' ] = array ();
$fields [ $fieldName ][ 'description' ] = " Preference levels for subdivisions of existing divisions. If a division has subdivisions, they " ;
$fields [ $fieldName ][ 'description' ] .= " are listed in an array which is stored within the 'entries' array at the index of the division's id. " ;
$fields [ $fieldName ][ 'description' ] .= " eg. If a division 'foo' has an id of '3' and the subdivisions 'bar1' and 'bar2', then entries[3] " ;
$fields [ $fieldName ][ 'description' ] .= " will be an array: { 0 => 'bar1', 1 => 'bar2'}. " ;
$fields [ $fieldName ][ 'type' ] = 'singleselectlist' ;
$fields [ $fieldName ][ 'options' ] = array ( 1 => 'Very Little' , 2 => 'Little' , 3 => 'Average' , 4 => 'Knowledgable' , 5 => 'Very Knowledgable' );
$divquery = mysql_query ( " SELECT * FROM projectdivisions WHERE conferences_id = { $conference [ 'id' ] } " );
while ( $divdata = mysql_fetch_assoc ( $divquery )){
$divid = $divdata [ 'id' ];
$subset = array ();
$subdivquery = mysql_query ( " SELECT * FROM projectsubdivisions WHERE conferences_id = { $conference [ 'id' ] } AND projectdivisions_id = $divid " );
while ( $subdivdata = mysql_fetch_assoc ( $subdivquery )){
$subset [] = $subdivdata [ 'subdivision' ];
}
if ( count ( $subset )){
$fields [ $fieldName ][ 'entries' ][ $divdata [ 'id' ]] = $subset ;
}
}
2010-10-21 21:56:09 +00:00
break ;
default :
if ( ! strncasecmp ( $ftype , " varchar " , 7 )){
$parts = explode ( ')' , $ftype );
$parts = explode ( '(' , $parts [ 0 ]);
$fields [ $fieldName ][ 'type' ] = $parts [ 0 ] . ':' . $parts [ 1 ];
2010-10-25 23:55:38 +00:00
} elseif ( ! strncasecmp ( $ftype , " char " , 4 )){
$parts = explode ( ')' , $ftype );
$parts = explode ( '(' , $parts [ 0 ]);
$fields [ $fieldName ][ 'type' ] = $parts [ 0 ] . ':' . $parts [ 1 ];
2010-10-21 21:56:09 +00:00
} else if ( ! strncasecmp ( $ftype , " enum " , 4 )){
2010-10-22 18:43:17 +00:00
$fields [ $fieldName ][ 'type' ] = 'singleselect' ;
2010-10-21 21:56:09 +00:00
$fields [ $fieldName ][ 'options' ] = array ();
$parts = explode ( " ' " , $ftype );
for ( $n = 1 ; $n < count ( $parts ); $n += 2 ){
$fields [ $fieldName ][ 'options' ][ $parts [ $n ]] = ucfirst ( $parts [ $n ]);
}
} else if ( ! strcmp ( $ftype , " date " )){
$fields [ $fieldName ][ 'type' ] = $fieldType [ $fieldName ];
} else if ( ! strncmp ( $ftype , " tinyint " , 7 )){
$fields [ $fieldName ][ 'type' ] = 'integer' ;
} else if ( ! strncmp ( $ftype , " tinytext " , 8 )){
$fields [ $fieldName ][ 'type' ] = 'text' ;
2010-12-02 18:43:35 +00:00
} else if ( ! strncmp ( $ftype , " int " , 3 )){
$fields [ $fieldName ][ 'type' ] = $fieldType [ $fieldName ];
2010-10-21 21:56:09 +00:00
} else {
$fields [ $fieldName ][ 'type' ] = " ERROR: " . $fieldType [ $fieldName ];
}
}
}
2010-10-25 18:07:55 +00:00
/******* Now we add fields that are not stored directly in the users table ********/
2010-11-16 19:53:26 +00:00
switch ( $conference [ 'type' ]){
case 'sciencefair' :
$specialFieldRoles = array (
2010-11-26 16:50:17 +00:00
'special_awards' => array ( 'judge' , 'participant' ),
2010-11-16 19:53:26 +00:00
'available_times' => array ( 'judge' ),
'available_events' => array ( 'volunteer' ),
2011-02-24 18:42:46 +00:00
'volunteer_positions' => array ( 'volunteer' ),
'emergencycontacts' => array ( 'participant' )
2010-11-16 19:53:26 +00:00
);
break ;
case 'scienceolympics' :
$specialFieldRoles = array (
'special_awards' => array (),
'available_times' => array (),
'available_events' => array ( 'judge' , 'volunteer' ),
2011-02-24 18:42:46 +00:00
'volunteer_positions' => array ( 'volunteer' ),
'emergencycontacts' => array ( 'participant' )
2010-11-16 19:53:26 +00:00
);
break ;
default :
$specialFieldRoles = array ();
}
2010-10-25 18:07:55 +00:00
2010-10-26 18:15:04 +00:00
// get the special_awards info if necessary
2010-10-25 18:07:55 +00:00
if ( count ( array_intersect ( $specialFieldRoles [ 'special_awards' ], $userRoles )) > 0 ){
$fields [ 'special_awards' ] = array ();
$fields [ 'special_awards' ][ 'field' ] = 'special_awards' ;
2010-11-16 19:53:26 +00:00
$fields [ 'special_awards' ][ 'display' ] = i18n ( $fieldInfo [ 'special_awards' ][ 'label' ]);
$fields [ 'special_awards' ][ 'group' ] = i18n ( $fieldInfo [ 'special_awards' ][ 'group' ]);
2010-11-16 22:51:42 +00:00
$fields [ 'special_awards' ][ 'type' ] = 'multiselect' ;
2010-11-17 16:12:10 +00:00
$fields [ 'special_awards' ][ 'options' ] = get_special_awards ( $conference [ 'id' ]);
2010-10-25 18:07:55 +00:00
}
2010-10-21 21:56:09 +00:00
2010-10-26 18:15:04 +00:00
// get the available_times info if available
if ( count ( array_intersect ( $specialFieldRoles [ 'available_times' ], $userRoles )) > 0 ){
$fields [ 'available_times' ] = array ();
$fields [ 'available_times' ][ 'field' ] = 'available_times' ;
2010-11-16 19:53:26 +00:00
$fields [ 'available_times' ][ 'display' ] = i18n ( $fieldInfo [ 'available_times' ][ 'label' ]);
$fields [ 'available_times' ][ 'group' ] = i18n ( $fieldInfo [ 'available_times' ][ 'group' ]);
2010-11-16 22:51:42 +00:00
$fields [ 'available_times' ][ 'type' ] = 'multiselect' ;
2010-11-17 16:12:10 +00:00
$fields [ 'available_times' ][ 'options' ] = array ();
2010-11-16 19:53:26 +00:00
$timeslots = get_judging_timeslots ( $conference [ 'id' ]);
2010-10-26 18:15:04 +00:00
foreach ( $timeslots as $slot ){
2010-11-17 16:12:10 +00:00
$fields [ 'available_times' ][ 'options' ][ $slot [ 'id' ]] = $slot ;
2010-10-26 18:15:04 +00:00
}
2010-10-25 18:07:55 +00:00
}
2010-11-16 19:53:26 +00:00
// get the available_events if available
if ( count ( array_intersect ( $specialFieldRoles [ 'available_events' ], $userRoles )) > 0 ){
$fields [ 'available_events' ] = array ();
$fields [ 'available_events' ][ 'field' ] = 'available_events' ;
$fields [ 'available_events' ][ 'display' ] = i18n ( $fieldInfo [ 'available_events' ][ 'label' ]);
$fields [ 'available_events' ][ 'group' ] = i18n ( $fieldInfo [ 'available_events' ][ 'group' ]);
2010-11-16 22:51:42 +00:00
$fields [ 'available_events' ][ 'type' ] = 'multiselect' ;
2010-11-17 16:12:10 +00:00
$fields [ 'available_events' ][ 'options' ] = array ();
2010-11-16 19:53:26 +00:00
$q = mysql_query ( " SELECT schedule.id, schedule.date, schedule.hour, schedule.minute, schedule.duration, events.name FROM schedule JOIN events ON schedule.events_id=events.id WHERE schedule.conferences_id=' { $conference [ 'id' ] } ' " );
while ( $row = mysql_fetch_assoc ( $q )){
2010-11-17 16:12:10 +00:00
$fields [ 'available_events' ][ 'options' ][ $row [ 'id' ]] = $row ; //$row['name'] . ' ' . $row['date'] . ', ' . $row['hour'] . ':' . $row['minute'] . ':00 (' . $row['duration'] . ' ' . i18n('minutes') . ')';
2010-11-16 19:53:26 +00:00
}
}
// get the available volunteer positions as well
if ( count ( array_intersect ( $specialFieldRoles [ 'volunteer_positions' ], $userRoles )) > 0 ){
$fields [ 'volunteer_positions' ] = array ();
$fields [ 'volunteer_positions' ][ 'field' ] = 'volunteer_positions' ;
$fields [ 'volunteer_positions' ][ 'display' ] = i18n ( $fieldInfo [ 'volunteer_positions' ][ 'label' ]);
$fields [ 'volunteer_positions' ][ 'group' ] = i18n ( $fieldInfo [ 'volunteer_positions' ][ 'group' ]);
2010-11-16 22:51:42 +00:00
$fields [ 'volunteer_positions' ][ 'type' ] = 'multiselect' ;
2010-11-17 16:12:10 +00:00
$fields [ 'volunteer_positions' ][ 'options' ] = array ();
2010-11-16 21:19:16 +00:00
$q = mysql_query ( " SELECT * FROM volunteer_positions WHERE conferences_id = { $conference [ 'id' ] } " );
2010-11-16 19:53:26 +00:00
while ( $row = mysql_fetch_assoc ( $q )){
2010-11-17 16:12:10 +00:00
$fields [ 'volunteer_positions' ][ 'options' ][ $row [ 'id' ]] = $row ; //$row['name'];
2010-11-16 19:53:26 +00:00
}
}
2011-02-24 18:42:46 +00:00
// and also the emergency contacts info
if ( count ( array_intersect ( $specialFieldRoles [ 'emergencycontacts' ], $userRoles )) > 0 ){
$fields [ 'emergencycontacts' ] = array ();
$fields [ 'emergencycontacts' ][ 'field' ] = 'emergencycontacts' ;
$fields [ 'emergencycontacts' ][ 'display' ] = i18n ( $fieldInfo [ 'emergencycontacts' ][ 'label' ]);
$fields [ 'emergencycontacts' ][ 'group' ] = i18n ( $fieldInfo [ 'emergencycontacts' ][ 'group' ]);
$fields [ 'emergencycontacts' ][ 'type' ] = 'table' ;
$fields [ 'emergencycontacts' ][ 'tablefields' ] = array ( 'firstname' , 'lastname' , 'relation' , 'phone1' , 'phone2' , 'phone3' , 'phone4' , 'email' );
$fields [ 'emergencycontacts' ][ 'description' ] = " A list of records for the emergency contact information for a student. Each record has a list of values for the fields listed in the \" tablefields \" record listed here. e.g. [['firstname':'Bob', 'lastname':'Smith', ...],['firstname':'John', 'lastname':'doe' ...], ...] " ;
}
2010-10-26 18:15:04 +00:00
return $fields ;
2010-10-25 18:07:55 +00:00
}
2010-10-07 22:02:45 +00:00
// this depends on the naming convention that any given role that needs a completion check
// will have a function called <role>_status_update, which updates their status with the
// current session data and returns 'complete' or 'incomplete' accordingly.
// I love the fact that this remark took more characters than the function.
2011-02-28 21:45:51 +00:00
function user_check_role_complete ( & $u , $role ){
2010-10-07 22:02:45 +00:00
$func = $role . '_status_update' ;
if ( function_exists ( $func )){
$result = $func ( $u ); // that's right, func(u)!
} else {
$result = 'complete' ;
}
return $result ;
2010-10-06 20:01:15 +00:00
}
2010-11-26 16:50:17 +00:00
// save the user in their current state. returns 'ok' on success, error message otherwise
2009-10-11 03:32:14 +00:00
function user_save ( & $u )
2007-11-16 06:30:42 +00:00
{
2010-06-16 21:33:43 +00:00
global $conference ;
2010-07-13 03:30:11 +00:00
global $roles ;
2010-11-17 21:02:32 +00:00
$errMessage = '' ;
2010-07-13 03:30:11 +00:00
/* Sanity check */
if ( $u [ 'conferences_id' ] != $u [ 'orig' ][ 'conferences_id' ]) {
2010-11-17 21:02:32 +00:00
return " The user's conference changed. Can't save a user to a difference conference, use user_dupe to copy the user to a new conference. " ;
2010-07-13 03:30:11 +00:00
}
2010-06-16 21:33:43 +00:00
2010-10-14 20:31:10 +00:00
// Update 'active' status for all roles
2010-07-13 03:30:11 +00:00
$new_roles = array_keys ( $u [ 'roles' ]);
2010-07-13 03:30:25 +00:00
foreach ( $new_roles as $r ) {
2010-10-14 20:31:10 +00:00
mysql_query ( " UPDATE user_roles SET active=' { $u [ 'roles' ][ $r ][ 'active' ] } ' WHERE roles_id=' { $u [ 'roles' ][ $r ][ 'roles_id' ] } ' AND users_id=' { $u [ 'id' ] } ' " );
2010-11-17 21:02:32 +00:00
if ( mysql_error () != '' ) break ;
2010-07-13 03:30:25 +00:00
}
2010-12-02 16:33:04 +00:00
if ( mysql_error () != '' ) return " SQLERR1: " . mysql_error ();
2010-07-13 03:30:25 +00:00
2010-10-01 19:42:52 +00:00
$fields = array ( 'salutation' , 'firstname' , 'lastname' ,
2007-11-19 21:12:09 +00:00
'phonehome' , 'phonework' , 'phonecell' , 'fax' , 'organization' ,
2008-02-23 03:28:43 +00:00
'address' , 'address2' , 'city' , 'province' , 'postalcode' , 'sex' ,
2010-07-13 03:30:11 +00:00
'firstaid' , 'cpr' , 'lang' , 'notes' );
/* Merge fields as necessary, build a big list of fields to save */
foreach ( $new_roles as $r ) {
2010-12-02 20:28:19 +00:00
$fields = array_merge ( $fields , user_get_role_fields ( $r ));
2010-07-13 03:30:11 +00:00
}
2010-12-02 20:28:19 +00:00
$fields = array_unique ( $fields );
2007-11-16 06:30:42 +00:00
$set = " " ;
2011-02-24 17:44:12 +00:00
$resetNamecheck = false ;
2007-11-16 06:30:42 +00:00
foreach ( $fields as $f ) {
2010-12-02 18:43:35 +00:00
// re-indexing fields that might be mis-entered. Add additional field names to the array as needed.
if ( in_array ( $f , array ( 'languages' ))){
$u [ $f ] = array_values ( $u [ $f ]);
}
2007-11-16 06:30:42 +00:00
if ( $u [ $f ] == $u [ 'orig' ][ $f ]) continue ;
2011-02-24 17:44:12 +00:00
if ( $f == 'firstname' || $f == 'lastname' ) $resetNamecheck = true ;
2007-11-16 06:30:42 +00:00
if ( $set != " " ) $set .= ',' ;
2010-07-13 03:30:11 +00:00
if ( $u [ $f ] == NULL ) {
$set .= " $f =NULL " ;
continue ;
2009-10-11 03:32:14 +00:00
}
2010-07-13 03:30:11 +00:00
if ( is_array ( $u [ $f ]))
2011-02-24 17:44:12 +00:00
$data = mysql_real_escape_string ( serialize ( $u [ $f ]));
2010-07-13 03:30:11 +00:00
else
2011-02-24 17:44:12 +00:00
$data = mysql_real_escape_string ( $u [ $f ]);
2010-07-13 03:30:11 +00:00
$set .= " $f =' $data ' " ;
2007-11-16 06:30:42 +00:00
}
2011-02-24 17:44:12 +00:00
// if they've changed their first or last name, update the "namecheck_complete" flag no "no"
if ( $resetNamecheck ){
$set .= " ,namecheck_complete = 'no' " ;
}
2010-06-16 21:33:43 +00:00
2011-02-24 17:44:12 +00:00
// now update all of those fields
2007-11-16 06:30:42 +00:00
if ( $set != " " ) {
$query = " UPDATE users SET $set WHERE id=' { $u [ 'id' ] } ' " ;
mysql_query ( $query );
}
2010-12-02 16:33:04 +00:00
if ( mysql_error () != '' ) return " SQLERR2: " . mysql_error ();
2007-11-17 21:59:59 +00:00
2010-10-25 18:07:55 +00:00
// Save the other user data that is not stored in the users table
2010-10-26 18:15:04 +00:00
if ( // if this user has an altered special awards selection, it needs to be saved
2011-02-01 20:10:11 +00:00
array_key_exists ( 'special_awards' , $u )
2010-10-25 18:07:55 +00:00
){
mysql_query ( " DELETE FROM judges_specialaward_sel WHERE users_id = { $u [ 'id' ] } " );
2010-11-16 20:54:46 +00:00
if ( count ( $u [ 'special_awards' ]) > 0 ){
2010-10-25 18:07:55 +00:00
$query = " INSERT INTO judges_specialaward_sel (users_id, award_awards_id) VALUES ( " . $u [ 'id' ] . " , " ;
2010-11-17 23:47:37 +00:00
$query .= implode ( '), (' . $u [ 'id' ] . ', ' , $u [ 'special_awards' ]);
2010-10-25 18:07:55 +00:00
$query .= " ) " ;
2011-02-01 20:10:11 +00:00
echo $query ;
2010-10-25 18:07:55 +00:00
mysql_query ( $query );
}
}
2010-12-02 16:33:04 +00:00
if ( mysql_error () != '' ) return " SQLERR3: " . mysql_error ();
2010-10-25 18:07:55 +00:00
2010-10-26 18:15:04 +00:00
if ( // if this user has an altered available judging times selection, we need to save it
2011-02-01 21:59:06 +00:00
array_key_exists ( 'available_times' , $u )
2010-10-26 18:15:04 +00:00
){
mysql_query ( " DELETE FROM judges_availability WHERE users_id=' { $u [ 'id' ] } ' " );
$query = 'SELECT date, starttime, endtime FROM judges_timeslots WHERE id IN (' ;
2010-11-16 20:54:46 +00:00
$ids = $u [ 'available_times' ];
2010-10-26 18:15:04 +00:00
$query .= implode ( ',' , $ids ) . ')' ;
if ( count ( $ids ) > 0 ){
$insertVals = array ();
$results = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $results )){
$insertVals [] = " ( { $u [ 'id' ] } ,' { $row [ 'date' ] } ',' { $row [ 'starttime' ] } ',' { $row [ 'endtime' ] } ') " ;
}
if ( count ( $insertVals ) > 0 ){
$query = " INSERT INTO judges_availability (users_id, `date`,`start`,`end`) VALUES " ;
$query .= implode ( ',' , $insertVals );
}
mysql_query ( $query );
}
}
2010-12-02 16:33:04 +00:00
if ( mysql_error () != '' ) return " SQLERR3: " . mysql_error ();
2010-10-26 18:15:04 +00:00
2010-11-16 22:51:42 +00:00
if ( // if this user has an altered event availability selection, we need to save it
2011-02-01 21:59:06 +00:00
array_key_exists ( 'available_events' , $u )
2010-11-16 22:51:42 +00:00
){
mysql_query ( " DELETE FROM schedule_users_availability_link WHERE users_id = { $u [ 'id' ] } " );
if ( count ( $u [ 'available_events' ]) > 0 ){
2010-12-02 16:33:04 +00:00
$eventList = array_unique ( $u [ 'available_events' ]);
foreach ( $eventList as $eventId ){
$query = " INSERT INTO schedule_users_availability_link (users_id, schedule_id) VALUES ( " . $u [ 'id' ] . " , " . $eventId . " ) " ;
mysql_query ( $query );
}
2010-11-16 22:51:42 +00:00
}
}
2010-12-02 16:33:04 +00:00
if ( mysql_error () != '' ) return " SQLERR4: " . mysql_error ();
2011-02-01 20:10:11 +00:00
if ( // if this user has volunteer positions, or at least, an empty array for volunteer positions...
array_key_exists ( 'volunteer_positions' , $u )
2010-11-16 22:51:42 +00:00
){
mysql_query ( " DELETE FROM volunteer_positions_signup WHERE users_id = { $u [ 'id' ] } " );
if ( count ( $u [ 'volunteer_positions' ]) > 0 ){
$query = " INSERT INTO volunteer_positions_signup (users_id, conferences_id, volunteer_positions_id) VALUES( { $u [ 'id' ] } , { $conference [ 'id' ] } , " ;
$query .= implode ( '), (' . $u [ 'id' ] . ', ' . $conference [ 'id' ] . ', ' , $u [ 'volunteer_positions' ]);
$query .= " ) " ;
mysql_query ( $query );
}
}
2010-12-02 16:33:04 +00:00
if ( mysql_error () != '' ) return " SQLERR5: " . mysql_error ();
2010-11-16 22:51:42 +00:00
2011-02-01 20:10:11 +00:00
foreach ( $new_roles as $r ) {
$result = user_check_role_complete ( $u , $r );
if ( $result == 'complete' ){
mysql_query ( " UPDATE user_roles SET complete='yes' WHERE roles_id=' { $u [ 'roles' ][ $r ][ 'roles_id' ] } ' AND users_id=' { $u [ 'id' ] } ' " );
echo mysql_error ();
} else {
mysql_query ( " UPDATE user_roles SET complete='no' WHERE roles_id=' { $u [ 'roles' ][ $r ][ 'roles_id' ] } ' AND users_id=' { $u [ 'id' ] } ' " );
echo mysql_error ();
}
}
2011-02-22 20:52:54 +00:00
if ( // if this user has emergency contacts ...
// not sure if this is the best place to add it, but if the user is a student, add their emergency contacts
array_key_exists ( 'emergencycontacts' , $u )
){
mysql_query ( " DELETE FROM emergencycontact WHERE users_id = { $u [ 'id' ] } " );
if ( mysql_error () != '' ) return " SQLERR6: " . mysql_error ();
if ( count ( $u [ 'emergencycontacts' ]) > 0 ){
$query = " INSERT INTO emergencycontact (users_id, firstname, lastname, relation, phone1, phone2, phone3, phone4, email, conferences_id) VALUES " ;
$queryParts = array ();
foreach ( $u [ 'emergencycontacts' ] as $contact ){
$queryParts [] = " ( " . $u [ 'id' ] . " ,' " .
$contact [ 'firstname' ] . " ',' " .
$contact [ 'lastname' ] . " ',' " .
$contact [ 'relation' ] . " ',' " .
$contact [ 'phone1' ] . " ',' " .
$contact [ 'phone2' ] . " ',' " .
$contact [ 'phone3' ] . " ',' " .
$contact [ 'phone4' ] . " ',' " .
$contact [ 'email' ] . " ', " .
$conference [ 'id' ] . " ) " ;
}
$query .= implode ( ',' , $queryParts );
mysql_query ( $query );
}
if ( mysql_error () != '' ) return " SQLERR7: " . mysql_error ();
}
2010-07-13 03:30:11 +00:00
/* Record all the data in orig that we saved so subsequent
* calls to user_save don ' t try to overwrite data already
* saved to the database */
2009-10-11 03:32:14 +00:00
unset ( $u [ 'orig' ]);
$orig = $u ;
$u [ 'orig' ] = $orig ;
2010-11-17 21:02:32 +00:00
// and return a notification of success
return 'ok' ;
2007-11-17 21:59:59 +00:00
}
2010-10-07 22:02:45 +00:00
// mark the role as complete if it's qualifications are met
function user_complete_role ( $users_id , $role ){
// avoid SQL injections
$role = mysql_real_escape_string ( $role );
$users_id *= 1 ;
// get the id of the role
$row = mysql_fetch_assoc ( mysql_query ( " SELECT id FROM roles WHERE type = ' $role ' " ));
if ( ! is_array ( $row )){
return false ;
}
$roles_id = $row [ 'id' ];
// does this user have the given role?
$row = mysql_fetch_array ( mysql_query ( " SELECT * FROM user_roles WHERE users_id = $users_id AND roles_id = $roles_id " ));
if ( ! is_array ( $row )){
return false ;
}
// ok, it's a valid role and the specified user has it. Now let's see if we can mark it as complete
$user = user_load ( $users_id );
$result = user_check_role_complete ( $user , $role );
if ( $result == 'ok' ){
return true ;
} else {
return false ;
}
}
2011-02-24 17:44:12 +00:00
// get the display name that would show up on trophies and the like if this is a student
function user_get_displayname ( $users_id ){
$returnval = null ;
$u = user_load ( $users_id );
if ( is_array ( $u )){
$returnval = $u [ 'firstname' ] . ' ' . $u [ 'lastname' ];
}
return $returnval ;
}
// mark the user's display name as being correct
// TODO - in the future, this should probably be reset to unconfirmed if the user
function user_confirm_displayname ( $users_id ){
mysql_query ( " UPDATE users SET namecheck_complete = 'yes' WHERE id = $users_id " );
}
// return a yes/no answer as to whether or not the user's display name has been confirmed
function user_displayname_confirmed ( $users_id ){
$returnval = null ;
$q = mysql_query ( " SELECT namecheck_complete FROM users WHERE id = $users_id " );
if ( $row = mysql_fetch_assoc ( $q )){
$returnval = $row [ 'namecheck_complete' ];
}
return $returnval ;
}
2010-10-07 22:02:45 +00:00
// mark the role as being incomplete - not a verb sadly
function user_uncomplete_role ( $users_id , $role ){
// avoid SQL injections
$role = mysql_real_escape_string ( $role );
$users_id *= 1 ;
// get the id of the role
$row = mysql_fetch_assoc ( mysql_query ( " SELECT id FROM roles WHERE type = ' $role ' " ));
if ( ! is_array ( $row )){
return false ;
}
$roles_id = $row [ 'id' ];
// and update said role for the given user id
return mysql_query ( " UPDATE user_roles SET complete = 'no' WHERE users_id = $users_id AND roles_id = $roles_id " );
}
// activate the specified role for the specified user if they have that role
function user_activate_role ( $users_id , $roles_id ){
// Make sure the role is indeed there
$query = " SELECT * FROM user_roles WHERE roles_id = $roles_id AND users_id = $users_id " ;
$data = mysql_fetch_array ( mysql_query ( $query ));
if ( ! is_array ( $data )){
// can't be activated if you don't have it!
return false ;
}
return mysql_query ( " UPDATE user_roles SET active='yes' WHERE users_id = $users_id AND roles_id = $roles_id " );
}
// deactivate the specified role for the specified user if they have that role
function user_deactivate_role ( $users_id , $roles_id ){
// Make sure the role is indeed there
$query = " SELECT * FROM user_roles WHERE roles_id = $roles_id AND users_id = $users_id " ;
$data = mysql_fetch_array ( mysql_query ( $query ));
if ( ! is_array ( $data )){
// can't be deactivated if you don't have it!
return false ;
}
return mysql_query ( " UPDATE user_roles SET active='no' WHERE users_id = $users_id AND roles_id = $roles_id " );
}
2010-10-08 16:07:07 +00:00
// Remove a role for a user.
// now just a skin on top of account_remove_role
2010-07-13 03:30:11 +00:00
function user_remove_role ( & $u , $role )
2007-11-17 21:59:59 +00:00
{
2010-10-08 16:07:07 +00:00
global $roles ;
2010-10-08 18:43:20 +00:00
$result = account_remove_role ( $u [ 'accounts_id' ], $roles [ $role ][ 'id' ], $u [ 'conferences_id' ]);
2007-11-17 21:59:59 +00:00
2010-10-08 16:07:07 +00:00
// Delete the role
if ( array_key_exists ( $role , $u [ 'roles' ])) {
unset ( $u [ 'roles' ][ $role ]);
2010-07-13 03:30:11 +00:00
}
2010-10-08 16:07:07 +00:00
return $result ;
2009-10-11 03:32:14 +00:00
}
2010-07-13 03:30:11 +00:00
/* If role is specified , just delete the role from the user .
* If not , delete the whole user , all roles */
function user_delete ( $u , $role = false )
2007-11-17 21:59:59 +00:00
{
$finish_delete = false ;
if ( ! is_array ( $u )) {
$u = user_load ( $u );
}
2010-07-13 03:30:11 +00:00
if ( $role != false ) {
2010-10-08 18:43:20 +00:00
account_remove_role ( $u [ 'accounts_id' ], $roles [ $role ][ 'id' ], $u [ 'conferences_id' ]);
if ( array_key_exists ( $role , $u [ 'roles' ])) {
unset ( $u [ 'roles' ][ $role ]);
}
2010-07-13 03:30:11 +00:00
if ( count ( $u [ 'roles' ]) == 0 ) {
/* No roles left, finish the delete */
2007-11-17 21:59:59 +00:00
$finish_delete = true ;
}
} else {
2010-07-13 03:30:11 +00:00
/* Delete the whole user, every role */
2010-10-08 18:43:20 +00:00
foreach ( array_keys ( $u [ 'roles' ]) as $r ){
account_remove_role ( $u [ 'accounts_id' ], $roles [ $r ][ 'id' ], $u [ 'conferences_id' ]);
if ( array_key_exists ( $role , $u [ 'roles' ])) {
unset ( $u [ 'roles' ][ $role ]);
}
}
2010-07-13 03:30:11 +00:00
2007-11-17 21:59:59 +00:00
$finish_delete = true ;
}
2010-07-13 03:30:11 +00:00
if ( $finish_delete ) {
2009-09-09 00:26:12 +00:00
mysql_query ( " UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id=' { $u [ 'id' ] } ' " );
2010-07-13 03:30:11 +00:00
return true ;
2009-09-09 00:26:12 +00:00
}
2010-07-13 03:30:11 +00:00
/* User had some other role, so delete was not completed. */
return false ;
}
2009-09-09 00:26:12 +00:00
/* Purge functions . These completely eliminate all traces of a user from the
* database . This action cannot be undone . We prefer the committee to use the
* " delete " functions , which simply mark the account as " deleted " . */
2010-07-13 03:30:11 +00:00
function user_purge ( $u , $role = false )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
/* Delete the user , then completely delete them from
* the DB if delete returns true , that is , if there ' s
* no other role blocking the delete / purge */
$finish_purge = user_delete ( $u , $role );
2009-09-09 00:26:12 +00:00
if ( $finish_purge == true ) {
2007-11-17 21:59:59 +00:00
mysql_query ( " DELETE FROM users WHERE id=' { $u [ 'id' ] } ' " );
2010-07-13 03:30:11 +00:00
return true ;
2007-11-17 21:59:59 +00:00
}
2010-07-13 03:30:11 +00:00
/* Not purged, some other role existed */
return false ;
2007-11-17 21:59:59 +00:00
}
2009-09-09 00:26:12 +00:00
/* Duplicate a row in the users table, or any one of the users_* tables. */
function user_dupe_row ( $db , $key , $val , $newval )
{
2010-11-03 17:18:02 +00:00
global $conference ;
2009-09-09 00:26:12 +00:00
$nullfields = array ( 'deleteddatetime' ); /* Fields that can be null */
$q = mysql_query ( " SELECT * FROM $db WHERE $key =' $val ' " );
if ( mysql_num_rows ( $q ) != 1 ) {
echo " ERROR duplicating row in $db : $key = $val NOT FOUND. \n " ;
exit ;
}
$i = mysql_fetch_assoc ( $q );
$i [ $key ] = $newval ;
foreach ( $i as $k => $v ) {
if ( $v == NULL && in_array ( $k , $nullfields ))
$i [ $k ] = 'NULL' ;
2010-11-03 17:18:02 +00:00
else if ( $k == 'conferences_id' )
$i [ $k ] = $conference [ 'id' ];
2009-09-09 00:26:12 +00:00
else
$i [ $k ] = '\'' . mysql_escape_string ( $v ) . '\'' ;
}
$keys = '`' . join ( '`,`' , array_keys ( $i )) . '`' ;
$vals = join ( ',' , array_values ( $i ));
$q = " INSERT INTO $db ( $keys ) VALUES ( $vals ) " ;
// echo "Dupe Query: [$q]";
$r = mysql_query ( $q );
echo mysql_error ();
$id = mysql_insert_id ();
return $id ;
}
2010-07-13 03:30:11 +00:00
/* Returns true if loaded user ( $u ) is allowed to add role $role to their
2007-12-12 03:01:44 +00:00
* profile . THis is intended as a last - stop mechanism , preventing , for example
2010-07-13 03:30:11 +00:00
* a student from co - existing with any other role . */
function user_add_role_allowed ( & $u , $role )
2007-11-17 21:59:59 +00:00
{
2010-07-27 19:06:36 +00:00
foreach ( array_keys ( $u [ 'orig' ][ 'roles' ]) as $ur ) {
2010-07-13 03:30:11 +00:00
switch ( $ur ) {
2010-11-26 16:50:17 +00:00
case 'participant' :
2010-07-13 03:30:11 +00:00
/* Student cant' add any other role */
return false ;
2007-12-12 03:01:44 +00:00
2010-07-13 03:30:11 +00:00
default :
2010-11-26 16:50:17 +00:00
if ( $role == 'particpant' ) {
/* No role can add the participant role */
2010-07-13 03:30:11 +00:00
return false ;
}
/* All other roles can coexist (even the fair role) */
break ;
2007-12-12 03:01:44 +00:00
}
2007-11-17 21:59:59 +00:00
}
2010-07-13 03:30:11 +00:00
return true ;
2007-11-16 06:30:42 +00:00
}
2010-10-27 16:40:17 +00:00
// Set the user's school to the one specifed. Verifying the school code is needed
// here, as it will be called from both the web interface and the API.
// returns true on success, false otherwise
function user_set_school ( $u , $schoolId , $schoolCode ){
$returnval = false ;
// make sure the id and code match
2010-10-28 21:22:12 +00:00
$tally = mysql_result ( mysql_query ( " SELECT COUNT(*) FROM schools WHERE id = ' $schoolId ' AND accesscode = ' $schoolCode ' " ), 0 );
2010-10-27 16:40:17 +00:00
if ( $tally == 1 ){
if ( mysql_query ( " UPDATE users SET schools_id = $schoolId WHERE id = " . $u [ 'id' ])){
$u [ 'schools_id' ] = $schoolId ;
$returnval = true ;
}
}
return $returnval ;
}
2010-10-06 20:01:15 +00:00
2010-10-07 22:02:45 +00:00
// Add a role for a user.
// now just a skin on top of account_add_role
function user_add_role ( & $u , $role , $password = null ){
$row = mysql_fetch_assoc ( mysql_query ( " SELECT conferences_id FROM users WHERE id = " . $u [ 'id' ]));
2010-11-10 18:47:01 +00:00
$conferences_id = $row [ 'conferences_id' ];
$row = mysql_fetch_assoc ( mysql_query ( " SELECT id FROM roles WHERE `type` = ' $role ' " ));
$roleId = $row [ 'id' ];
$result = account_add_role ( $u [ 'accounts_id' ], $roleId , $conferences_id , $password );
2010-10-07 22:02:45 +00:00
if ( $result == 'ok' ){
2010-10-08 20:28:56 +00:00
// we need this "if" because account_add_role will return "ok" if they already have this role
2010-12-06 19:33:38 +00:00
//only update the session if the logged in user is the same as the one we're editing
if ( $u [ 'id' ] == $_SESSION [ 'users_id' ]) {
if ( ! in_array ( $role , $_SESSION [ 'roles' ])){
$_SESSION [ 'roles' ][] = $role ;
}
2010-10-05 15:04:15 +00:00
}
2010-10-06 20:01:15 +00:00
2010-11-29 22:54:12 +00:00
// also, update the user:
$u = user_load ( $u [ 'id' ]);
2010-10-05 15:04:15 +00:00
}
2010-10-08 20:28:56 +00:00
return $result ;
2007-11-16 06:30:42 +00:00
}
2010-07-13 03:30:11 +00:00
function user_create ( $accounts_id , $conferences_id = 0 )
2007-11-16 06:30:42 +00:00
{
2010-07-13 03:30:11 +00:00
global $config , $conference ;
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
if ( $conferences_id == 0 ) $conferences_id = $conference [ 'id' ];
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* Make sure the user doesn't already exist */
$q = mysql_query ( " SELECT id FROM users WHERE accounts_id=' $accounts_id ' AND conferences_id=' $conferences_id ' " );
2010-07-27 19:06:36 +00:00
echo mysql_error ();
2010-07-13 03:30:11 +00:00
if ( mysql_num_rows ( $q )) {
echo " ERROR: user_create called for a user that already exists. \n " ;
exit ;
}
2007-11-16 06:30:42 +00:00
2010-10-01 18:47:28 +00:00
$fields = array (
'accounts_id' => $accounts_id ,
'conferences_id' => $conferences_id ,
);
/* Get old user data if available */
$results = mysql_fetch_assoc ( mysql_query ( " SELECT * FROM users WHERE accounts_id = ' $accounts_id ' ORDER BY id DESC LIMIT 1 " ));
if ( is_array ( $results )){
$skipfields = array ( 'id' , 'created' , 'lastlogin' , 'year' , 'accounts_id' , 'conferences_id' , 'deleted' , 'deleteddatetime' );
foreach ( $results as $fname => $value ){
if ( ! in_array ( $fname , $skipfields ) && $value != null ){
$fields [ $fname ] = $value ;
}
}
}
2010-07-13 03:30:11 +00:00
/* Create the user */
2010-10-01 18:47:28 +00:00
$fieldList = array_keys ( $fields );
$query = " INSERT INTO users(`created`, ` " . implode ( '`,`' , $fieldList ) . " `) VALUES(NOW(), ' " . implode ( " ',' " , $fields ) . " ') " ;
mysql_query ( $query );
2010-07-13 03:30:11 +00:00
$id = mysql_insert_id ();
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* Return a loaded user with no roles */
return user_load ( $id );
2007-12-12 03:01:44 +00:00
}
2010-07-13 03:30:11 +00:00
2007-11-16 06:30:42 +00:00
/* Perform some checks . Make sure the person is logged in , and that their
* password hasn ' t expired ( the password_expired var is set in the login page )
*/
2010-07-15 09:18:02 +00:00
function user_auth_required ( $all_required = array (), $one_required = array ())
2007-11-16 06:30:42 +00:00
{
2007-11-19 07:01:51 +00:00
global $config ;
2010-07-13 03:30:11 +00:00
$ok = true ;
2010-01-24 06:47:09 +00:00
unset ( $_SESSION [ 'request_uri' ]);
2010-08-31 19:41:32 +00:00
if ( ! isset ( $_SESSION [ 'roles' ]) || ! isset ( $_SESSION [ 'accounts_id' ])) {
2009-09-09 00:26:12 +00:00
message_push ( error ( i18n ( " You must login to view that page " )));
2010-01-24 06:47:06 +00:00
$_SESSION [ 'request_uri' ] = $_SERVER [ 'REQUEST_URI' ];
2010-08-31 19:41:32 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_login.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2010-07-13 03:30:11 +00:00
/* Make sure the user has each role in $all_required , this returns
* an array in the same order as $all_required , with all members
* in $all_required that are also in the session roles */
if ( ! is_array ( $all_required )) $all_required = array ( $all_required );
2010-01-24 06:47:06 +00:00
2010-12-06 18:33:02 +00:00
//superuser always can access admin and config, even if its not in their SESSION roles
if ( $_SESSION [ 'superuser' ] == " yes " ) {
$roles = array_merge ( array ( " admin " , " config " ), $_SESSION [ 'roles' ]);
}
else {
$roles = $_SESSION [ 'roles' ];
}
$match = array_intersect ( $all_required , $roles );
2010-07-13 03:30:11 +00:00
if ( $all_required != $match ) {
/* Something is missing */
$ok = false ;
}
/* Make sure the user has one role in $one_required */
if ( ! is_array ( $one_required )) $one_required = array ( $one_required );
if ( count ( $one_required )) {
2010-12-06 18:33:02 +00:00
$match = array_intersect ( $one_required , $roles );
2010-07-13 03:30:11 +00:00
if ( count ( $match ) == 0 ) {
/* Missing any role in $one_required */
$ok = false ;
2010-01-24 06:47:06 +00:00
}
}
2010-07-13 03:30:11 +00:00
if ( ! $ok ) {
2010-01-24 06:47:09 +00:00
message_push ( error ( i18n ( " You do not have permission to view that page " )));
2010-07-13 03:30:11 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_login.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2010-01-24 06:47:09 +00:00
/* Forward to password expired, remember the target URI */
2007-11-17 21:59:59 +00:00
if ( $_SESSION [ 'password_expired' ] == true ) {
2010-01-24 06:47:09 +00:00
$_SESSION [ 'request_uri' ] = $_SERVER [ 'REQUEST_URI' ];
2010-08-19 20:07:08 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_edit.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2007-11-17 21:59:59 +00:00
2010-07-13 03:30:11 +00:00
/* Return the first role that matched , this retains the previous
* behaviour */
return $match [ 0 ];
2007-11-16 06:30:42 +00:00
}
2010-08-24 16:04:12 +00:00
/* Perform some checks . Make sure the person is logged in , and that their
* password hasn ' t expired ( the password_expired var is set in the login page )
*/
function api_user_auth_required ( $all_required = array (), $one_required = array ())
{
global $config ;
$ok = true ;
$ret = array ();
2010-08-31 19:41:32 +00:00
if ( ! isset ( $_SESSION [ 'roles' ]) || ! isset ( $_SESSION [ 'accounts_id' ])) {
2010-08-24 16:04:12 +00:00
$ret [ 'status' ] = " error " ;
2011-02-24 17:44:12 +00:00
$ret [ 'error' ] = " Not logged in " ;
2010-08-24 16:04:12 +00:00
return $ret ;
}
/* Make sure the user has each role in $all_required , this returns
* an array in the same order as $all_required , with all members
* in $all_required that are also in the session roles */
if ( ! is_array ( $all_required )) $all_required = array ( $all_required );
$match = array_intersect ( $all_required , $_SESSION [ 'roles' ]);
if ( $all_required != $match ) {
/* Something is missing */
$ok = false ;
}
/* Make sure the user has one role in $one_required */
if ( ! is_array ( $one_required )) $one_required = array ( $one_required );
if ( count ( $one_required )) {
$match = array_intersect ( $one_required , $_SESSION [ 'roles' ]);
if ( count ( $match ) == 0 ) {
/* Missing any role in $one_required */
$ok = false ;
}
}
if ( ! $ok ) {
$ret [ 'status' ] = " error " ;
2011-02-24 17:44:12 +00:00
$ret [ 'error' ] = " You do not have permission to access that information " ;
2010-08-31 20:12:41 +00:00
return $ret ;
2010-08-24 16:04:12 +00:00
}
/* Forward to password expired, remember the target URI */
if ( $_SESSION [ 'password_expired' ] == true ) {
$ret [ 'status' ] = " error " ;
2011-02-24 17:44:12 +00:00
$ret [ 'error' ] = " Your password has expired " ;
2010-08-31 20:12:41 +00:00
return $ret ;
2010-08-24 16:04:12 +00:00
}
$ret [ 'status' ] = " ok " ;
$ret [ 'match' ] = $match [ 0 ];
return $ret ;
}
2007-11-16 06:30:42 +00:00
function user_volunteer_registration_status ()
{
global $config ;
// $now = date('Y-m-d H:i:s');
// if($now < $config['dates']['judgeregopen']) return "notopenyet";
// if($now > $config['dates']['judgeregclose']) return "closed";
return " open " ;
}
2010-10-14 17:51:56 +00:00
function user_teacher_registration_status (){
return " open " ;
}
2007-11-16 06:30:42 +00:00
function user_judge_registration_status ()
{
global $config ;
$now = date ( 'Y-m-d H:i:s' );
2010-11-18 22:46:46 +00:00
if ( is_array ( $config [ 'dates' ]) && array_key_exists ( 'judgeregopen' , $config [ 'dates' ])){
2010-10-13 21:01:01 +00:00
if ( $now < $config [ 'dates' ][ 'judgeregopen' ]) return " notopenyet " ;
if ( $now > $config [ 'dates' ][ 'judgeregclose' ]) return " closed " ;
}
2007-11-16 06:30:42 +00:00
return " open " ;
}
2010-11-26 16:50:17 +00:00
function user_participant_registration_status (){
global $config ;
$now = date ( 'Y-m-d H:i:s' );
if ( is_array ( $config [ 'dates' ]) && array_key_exists ( 'regopen' , $config [ 'dates' ])){
if ( $now < $config [ 'dates' ][ 'regopen' ]) return " notopenyet " ;
if ( $now > $config [ 'dates' ][ 'regclose' ]) return " closed " ;
}
return 'open' ;
}
2010-08-08 09:09:49 +00:00
$user_fields_map = array (
/* Account -- Email requirement is set based on username , which
* is always required . Password is not required unless they type
* in the field , in which case the form validator kicks
* ( checks pass1 == pass2 and all that ) */
// 'email' => array('email'),
/* Personal */
2009-09-09 00:26:12 +00:00
'salutation' => array ( 'salutation' ),
2007-11-26 02:28:45 +00:00
'name' => array ( 'firstname' , 'lastname' ),
'sex' => array ( 'sex' ),
'phonehome' => array ( 'phonehome' ),
'phonecell' => array ( 'phonecell' ),
'birthdate' => array ( 'birthdate' ),
'lang' => array ( 'lang' ),
'address' => array ( 'address' , 'address2' , 'postalcode' ),
'city' => array ( 'city' ),
2008-02-23 03:28:43 +00:00
'province' => array ( 'province' ),
2010-08-08 09:09:49 +00:00
'firstaid' => array ( 'firstaid' , 'cpr' ),
/* Organization */
'org' => array ( 'organization' ),
'phonework' => array ( 'phonework' ),
'fax' => array ( 'fax' ),
);
2007-11-26 02:28:45 +00:00
2010-08-08 09:09:49 +00:00
/* Return fields to show based on role . In the user editor , many
* fields are always shown and some have hard - coded requirements , but
* any in this list can be made optionally - required or not shown
* at all */
function user_fields_enabled ( $role )
2007-11-16 06:30:42 +00:00
{
2010-08-08 09:09:49 +00:00
global $config , $user_fields_map ;
$ret = array ( 'firstname' , 'lastname' );
2010-07-13 03:30:11 +00:00
$fields = $config [ " { $role } _personal_fields " ];
2007-11-26 02:28:45 +00:00
if ( $fields != '' ) {
2010-09-10 19:38:56 +00:00
$fields = explode ( ',' , $fields );
2007-11-26 02:28:45 +00:00
foreach ( $fields as $f ) {
2010-08-08 09:09:49 +00:00
$ret = array_merge ( $ret , $user_fields_map [ $f ]);
2007-11-26 02:28:45 +00:00
}
2007-11-16 06:30:42 +00:00
}
2007-11-26 02:28:45 +00:00
return $ret ;
2007-11-16 06:30:42 +00:00
}
2010-08-08 09:09:49 +00:00
/* Return required fields . Some fields are always shown and can be
* set to required . Some have hard - coded requirement status . This is only
* for the fields where the requirement can be configured . Not for ALL fields
* the user sees */
function user_fields_required ( $role )
2007-11-16 06:30:42 +00:00
{
2010-08-08 09:09:49 +00:00
global $config , $user_fields_map ;
2010-10-20 17:25:43 +00:00
$ret = array ( 'firstname' , 'lastname' );
2010-07-13 03:30:11 +00:00
$required = $config [ " { $role } _personal_required " ];
2007-11-26 02:28:45 +00:00
if ( $required != '' ) {
2010-09-10 19:38:56 +00:00
$fields = explode ( ',' , $required );
2007-11-26 02:28:45 +00:00
foreach ( $fields as $f ) {
2010-08-08 09:09:49 +00:00
$ret = array_merge ( $ret , $user_fields_map [ $f ]);
2007-11-26 02:28:45 +00:00
}
2007-11-16 06:30:42 +00:00
}
2007-12-12 22:50:54 +00:00
/* Filter some elements that are never required .
* - address2
*/
$ret = array_diff ( $ret , array ( 'address2' ));
2007-11-26 02:28:45 +00:00
return $ret ;
2007-11-16 06:30:42 +00:00
}
2010-10-20 17:25:43 +00:00
function user_all_fields_required ( $roles ) {
$ret = array ();
foreach ( $roles AS $role ) {
$ret = array_merge ( $ret , user_fields_required ( $role ));
}
return $ret ;
}
2010-09-01 17:53:35 +00:00
//this function checks if $field is set in the user record, if it is, it returns it, otherwise, it returns false __AND__ redirects to the redirect page.
function user_field_required ( $field , $redirect ) {
$u = user_load ( $_SESSION [ 'users_id' ]);
if ( $u [ $field ])
return $u [ $field ];
else {
header ( " Location: $redirect " );
}
}
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* user_{$role}_login() is called with a full $u loaded */
2007-11-16 22:19:58 +00:00
2007-12-12 04:15:17 +00:00
function user_fair_login ( $u )
{
2010-07-13 03:30:11 +00:00
/* Double check, make sure the user is of this role */
if ( ! array_key_exists ( 'fair' , $u [ 'roles' ])) {
2007-12-12 04:15:17 +00:00
echo " ERROR: attempted to login fair on a non-fair user \n " ;
exit ;
}
2007-11-16 22:19:58 +00:00
2007-12-12 04:15:17 +00:00
$_SESSION [ 'fairs_id' ] = $u [ 'fairs_id' ]; // == 'yes') ? true : false;
}
2007-12-20 22:47:21 +00:00
2010-07-15 19:52:44 +00:00
function superuser_required () {
//first, they have to be logged in
user_auth_required ();
//next, they need superuser
if ( $_SESSION [ 'superuser' ] != " yes " ) {
send_header ( " Superuser access required " );
send_footer ();
exit ;
}
}
2010-08-24 16:04:12 +00:00
function try_login ( $user , $pass )
{
/* Ensure sanity of inputs */
/* User could be a username, or could be an email, check */
2011-02-23 16:45:00 +00:00
if ( ! account_valid_user ( $user ) && ! isEmailAddress ( $user )) {
2010-08-24 16:04:12 +00:00
return false ;
}
/* Don 't check for a valid password, administrators can set any password they' d like , but
* there has to be a password */
if ( ! strlen ( $pass )) {
return false ;
}
$user = mysql_real_escape_string ( $user );
$q = mysql_query ( " SELECT id,password,deleted FROM accounts WHERE username=' $user ' " );
echo mysql_error ();
2010-11-03 17:18:02 +00:00
2010-08-24 16:04:12 +00:00
if ( mysql_num_rows ( $q ) < 1 ) return false ;
$r = mysql_fetch_assoc ( $q );
/* See if the user account has been deleted */
if ( $r [ 'deleted' ] == 'yes' ) return false ;
/* See if the password matches */
if ( $r [ 'password' ] != $pass ) return false ;
/* Login successful */
return $r [ 'id' ];
}
2010-10-15 01:31:07 +00:00
2010-10-14 20:38:48 +00:00
function updateSessionRoles ( $u = null ) {
if ( ! $u )
2010-10-15 01:31:07 +00:00
$u = user_load ( $_SESSION [ 'users_id' ]);
2010-10-14 20:31:10 +00:00
$_SESSION [ 'roles' ] = array ();
2010-10-15 01:31:07 +00:00
if ( $u && is_array ( $u [ 'roles' ])) {
foreach ( $u [ 'roles' ] AS $r => $rd ) {
2010-10-15 01:46:53 +00:00
if ( $rd [ 'active' ] == " yes " || $r == 'admin' || $r == 'config' || $r == 'committee' )
2010-10-15 01:31:07 +00:00
$_SESSION [ 'roles' ][] = $r ;
}
2010-10-14 20:31:10 +00:00
}
}
2010-08-24 16:04:12 +00:00
function user_conference_load ( $accounts_id , $conferences_id ) {
global $config ;
2010-08-31 17:35:58 +00:00
if ( ! ( $accounts_id && $conferences_id ))
return $config [ 'SFIABDIRECTORY' ] . " /index.php " ;
2010-08-24 16:04:12 +00:00
/* Use the active conference to find the user id to load */
/* FIXME : Need to be able to handle the case where there is no
* active conference , but one step at a time */
$q = mysql_query ( " SELECT id FROM users WHERE accounts_id= $accounts_id AND conferences_id= $conferences_id " );
if ( mysql_num_rows ( $q ) == 0 ) {
/* FIXME: this should probably just return false, but for now, see if there's an error */
2010-10-06 20:01:15 +00:00
// return false;
2010-08-24 16:04:12 +00:00
// header("location: user_edit.php");
// echo "No user {$accounts_id} for conference {$_SESSION['conferences_id']}";
2010-10-06 20:01:15 +00:00
return $config [ 'SFIABDIRECTORY' ] . " /user_main.php " ;
2010-08-24 16:04:12 +00:00
}
if ( mysql_num_rows ( $q ) > 1 ) {
echo " DATABASE ERROR: More than one user for account $accounts_id conference { $conferences_id } " ;
exit ;
}
$uid = mysql_fetch_assoc ( $q );
$id = $uid [ 'id' ];
$u = user_load ( $id );
$_SESSION [ 'name' ] = " { $u [ 'firstname' ] } { $u [ 'lastname' ] } " ;
$_SESSION [ 'users_id' ] = $u [ 'id' ];
2010-10-14 20:31:10 +00:00
updateSessionRoles ();
2010-08-24 16:04:12 +00:00
/* Load the password expiry for each user role , and
* find the longest expiry , which is the one we ' ll use
* for this user to determine if the passwd has
* expired . */
$longest_expiry = 0 ;
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
$e = $config [ " { $r } _password_expiry_days " ];
if ( $e == 0 ) {
/* Catch a never expire case. */
$longest_expiry = 0 ;
break ;
} else if ( $e > $longest_expiry ) {
$longest_expiry = $e ;
}
}
if ( $u [ 'passwordset' ] == '0000-00-00' ) {
/* Force the password to expire */
$_SESSION [ 'password_expired' ] = true ;
} else if ( $longest_expiry == 0 ) {
/* Never expires */
unset ( $_SESSION [ 'password_expired' ]);
} else {
/* Check expiry */
$expires = date ( 'Y-m-d' , strtotime ( " { $u [ 'passwordset' ] } + $longest_expiry days " ));
$now = date ( 'Y-m-d' );
if ( $now > $expires ) {
$_SESSION [ 'password_expired' ] = true ;
} else {
unset ( $_SESSION [ 'password_expired' ]);
}
}
/* If password_expired == true , the main page ( or any
* other user page ) will catch this and require
* them to set a password */
/* Call login functions for each role */
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
if ( is_callable ( " user_ { $r } _login " )) {
call_user_func_array ( " user_ { $r } _login " , array ( $u ));
}
}
// mysql_query("UPDATE accounts SET lastlogin=NOW()
// WHERE id={$u['id']}");
/* Setup multirole so a multirole user can switch if they want to
* without logging in / out */
/* if ( count ( $u [ 'roes' ]) > 1 ) {
$_SESSION [ 'multirole' ] = true ;
} else {
$_SESSION [ 'multirole' ] = false ;
}
*/
/* See if there is a redirect , and do that instead of
* taking them to their main page */
/* if ( $redirect != '' ) {
switch ( $redirect ) {
case 'roleadd' :
if ( ! user_valid_role ( $multirole_data ))
$multirole_data = '' ;
header ( " location: user_multirole.php?action=add&role= $multirole_data " );
exit ;
case 'roleattached' :
message_push ( happy ( i18n ( 'The %1 role has been attached to your account' , array ( $roles [ $role ][ 'name' ]))));
message_push ( notice ( i18n ( 'Use the [Switch Roles] link in the upper right to change roles while you are logged in' )));
header ( " location: { $role } _main.php " );
exit ;
}
}
*/
/* Is there a saved requesT_uri from a failed login attempt ? , if so
* take them there */
if ( array_key_exists ( 'request_uri' , $_SESSION )) {
// header("location: {$_SESSION['request_uri']}");
unset ( $_SESSION [ 'request_uri' ]);
return $_SESSION [ 'request_uri' ];
}
return " user_main.php " ;
// header("location: user_main.php");
//exit;
}
2010-11-23 20:58:38 +00:00
// sends an invitation from the user currently logged in, to the new user info passed in the parameters
// returns the created user object on success, error message otherwise
function user_invite ( $username , $password , $email , $roles_id ){
global $roles , $conference ;
$u = user_load ( $_SESSION [ 'users_id' ]);
$returnval = null ;
$roletype = null ;
2010-12-21 23:16:20 +00:00
//if its numeric, then we got an id, so get the associated roletype
if ( is_numeric ( $roles_id )) {
foreach ( $roles as $t => $r ){
if ( $r [ 'id' ] == $roles_id ){
$roletype = $t ;
break ;
}
2010-11-23 20:58:38 +00:00
}
2010-12-21 23:16:20 +00:00
} else { //if its not numeric, then its a roletype, so set the type and get the id
$roletype = $roles_id ;
$roles_id = $roles [ $roletype ][ 'id' ];
2010-11-23 20:58:38 +00:00
}
if ( $roletype === null ){
$returnval = 'Invalid roles_id parameter' ;
}
// find out if this user has the necessary permission to invite another one
if ( ! is_array ( $u [ 'roles' ])){
$returnval = 'You do not have a valid role for inviting users' ;
}
if ( array_key_exists ( 'admin' , $u [ 'roles' ])){
// This is an administrative user; they can invite people to any role they want.
2010-12-01 19:40:45 +00:00
$myRole = 'admin' ;
2010-11-23 20:58:38 +00:00
} else if ( array_key_exists ( 'teacher' , $u [ 'roles' ])){
// This is a teacher; they can add students.
2010-12-01 19:40:45 +00:00
$myRole = 'teacher' ;
if ( ! ( array_key_exists ( 'schools_id' , $u ) && $u [ 'schools_id' ] > 0 )){
2010-11-23 20:58:38 +00:00
$returnval = 'You must be associated with a school to add participants' ;
2010-12-01 19:40:45 +00:00
} else if ( $roletype != 'participant' ){
$returnval = 'You do not have permission to invite this role' ;
2010-11-23 20:58:38 +00:00
}
} else {
$returnval = 'You do not have a role with permission to invite users' ;
}
if ( $returnval == null ){
2010-12-01 19:40:45 +00:00
// good so far, let's see if the account already exists
2011-02-23 17:50:06 +00:00
$q = mysql_query ( " SELECT id FROM accounts WHERE username=' " . mysql_real_escape_string ( $username ) . " ' OR email=' " . mysql_real_escape_string ( $username ) . " ' " );
2010-12-01 19:40:45 +00:00
$row = mysql_fetch_assoc ( $q );
if ( is_array ( $row )){
// This username is already in use. Let's see if this is a user that
// the current one can modify
$newUser = user_load ( null , $row [ 'id' ]);
if ( ! is_array ( $newUser )){
2011-02-23 17:50:06 +00:00
//this just means the user has no roles yet, that could be fine, if its a new user...
$newUser = user_create ( $row [ 'id' ], $conference [ 'id' ]);
// $returnval = 'Unable to load user';
2010-12-01 19:40:45 +00:00
} else {
// check for role-specific limitations on who can edit who
// we need to query the data manually, as the user_load function only
// returns user data relative to their current roles, not the one we want to add
if ( $myRole == 'teacher' ){
// we already know that this is a teacher inviting a student
$testquery = mysql_fetch_assoc ( mysql_query ( " SELECT schools_id FROM users WHERE id = { $newUser [ 'id' ] } " ));
if ( ! ( is_array ( $testquery ) && $testquery [ 'schools_id' ] == $u [ 'schools_id' ])){
$returnval = 'This user is not a member of your school' ;
}
}
}
2011-02-23 17:50:06 +00:00
}
else {
2010-12-01 19:40:45 +00:00
// ok, this is a new user name, so we'll need to create everything
$newAccount = account_create ( $username , $password );
if ( is_array ( $newAccount )){
2011-02-23 17:50:06 +00:00
// if we're inviting someone that doesnt already exist, then their email address __MUST__
//be their username, otherwise, how the *(@&#*(@#& can we send them the invite?!
2010-12-21 23:16:20 +00:00
account_set_email ( $newAccount [ 'id' ], $username );
2010-12-01 19:40:45 +00:00
// created the account successfully, now do the user
$newUser = user_create ( $newAccount [ 'id' ], $conference [ 'id' ]);
if ( ! is_array ( $newUser )){
$returnval = 'Error creating user' ;
} else {
if ( $roletype == 'participant' ){
$newUser [ 'schools_id' ] = $u [ 'schools_id' ];
user_save ( $newUser );
}
}
} else {
$returnval = $newAccount ; // it's an error message
}
2010-11-23 20:58:38 +00:00
}
}
if ( $returnval == null ){
2010-12-01 19:40:45 +00:00
// if we've gotten this far, then either the user was created successfully, or they've
// been loaded and our permission to modify them has been confirmed; we can add the role.
2011-02-23 17:50:06 +00:00
// print_r($newUser);
$result = account_add_role ( $newUser [ 'accounts_id' ], $roles_id , $conference [ 'id' ]); //, $password);
2010-11-23 20:58:38 +00:00
if ( $result == 'ok' ){
$returnval = user_load ( $newUser [ 'id' ]);
} else {
$returnval = " Error adding ' $roletype ' role: $result " ;
}
}
return $returnval ;
}
2010-08-24 16:04:12 +00:00
2010-12-01 19:40:45 +00:00
// uninvite the user with the specified user id.
// Returns the user object on success, error message otherwise
function user_uninvite ( $uid , $roles_id ){
global $roles , $conference ;
// idiot proofing
if ( ! is_numeric ( $uid )) return " Invalid user id " ;
if ( ! is_numeric ( $roles_id )) return " Invalid role id " ;
$u = user_load ( $_SESSION [ 'users_id' ]);
$returnval = null ;
$roletype = null ;
foreach ( $roles as $t => $r ){
if ( $r [ 'id' ] == $roles_id ){
$roletype = $t ;
break ;
}
}
if ( $roletype === null ){
$returnval = 'Invalid roles_id parameter' ;
} else if ( ! user_has_authority ( $u , $roletype )){
$returnval = 'You can not modify users of ' . $roletype . ' role' ;
}
if ( $returnval == null ){
$user = user_load ( $uid );
if ( $user == false ){
$returnval = 'Could not load specified user' ;
}
}
if ( $returnval == null ){
if ( $user [ 'schools_id' ] != $u [ 'schools_id' ]){
$returnval = 'You can not uninvite students form other schools' ;
}
}
if ( $returnval == null ){
// ok, looks like all of the data checks out. Let's remove this user's role
mysql_query ( " DELETE FROM user_roles WHERE users_id = $uid AND roles_id = $roles_id " );
$returnval = mysql_error ();
}
if ( $returnval == null ) $returnval = user_load ( $uid );
return $returnval ;
}
// returns an array of users of the specified role that the currently logged in user has permission to modify
function user_list_modifiable ( $roles_id ){
global $roles ;
$returnval = null ;
$u = user_load ( $_SESSION [ 'users_id' ]);
// idiot proofing
if ( ! is_numeric ( $roles_id )) return " Invalid role id " ;
$roletype = null ;
foreach ( $roles as $t => $r ){
if ( $r [ 'id' ] == $roles_id ){
$roletype = $t ;
break ;
}
}
if ( $roletype === null ){
$returnval = 'Invalid roles_id parameter' ;
} else if ( ! user_has_authority ( $u , $roletype )){
$returnval = array ();
}
if ( $returnval == null ){
$returnval = array ();
// ok, if we've gotten here, then they have the necessary permissions and such. Let's
// go ahead and generate some data
// first we'll assemble our WHERE conditions
$conditions = array ();
$conditions [] = " users.conferences_id = " . $u [ 'conferences_id' ];
$conditions [] = " user_roles.roles_id = " . $roles_id ;
if ( array_key_exists ( 'admin' , $u [ 'roles' ])){
// all is allowed
} else if ( array_key_exists ( 'teacher' , $u [ 'roles' ])){
$conditions [] = 'schools_id = ' . $u [ 'schools_id' ];
}
$role_fields = 'users.' . implode ( ', users.' , user_get_role_fields ( $roletype ));
$query = " SELECT users.firstname, users.lastname, accounts.username, $role_fields FROM users " ;
$query .= " JOIN accounts ON users.accounts_id = accounts.id " ;
$query .= " JOIN user_roles ON user_roles.users_id = users.id " ;
$query .= " WHERE ( " . implode ( ') AND (' , $conditions ) . " ) " ;
$query .= " ORDER BY users.id " ;
$q = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $q )){
$returnval [] = $row ;
}
}
return $returnval ;
}
// determine whethor or not the user $u has the authority to modify users with the specified role
function user_has_authority ( $u , $role ){
// find out if this user has the necessary permission to modify another one
$returnval = false ;
if ( is_array ( $u [ 'roles' ])){
if ( array_key_exists ( 'admin' , $u [ 'roles' ])){
// This is an administrative user; they can modify people of any role they want.
$returnval = true ;
} else if ( array_key_exists ( 'teacher' , $u [ 'roles' ])){
if ( array_key_exists ( 'schools_id' , $u ) && $u [ 'schools_id' ] > 0 ){
if ( $role == 'participant' ){
$returnval = true ;
}
}
}
}
return $returnval ;
}
2007-12-20 22:47:21 +00:00
?>