science-ation/user.inc.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
   Copyright (C) 2005 James Grant <james@lightbox.org>
   Copyright (C) 2007 David Grant <dave@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?
require_once('common.inc.php');


$user_types = array('student','judge','committee','volunteer','region');
$user_what =  array('student'=>'Participant', 'judge' => 'Judge',
			'committee'=>'Committee Member','volunteer' => 'Volunteer',
			'region'=>'Region');


function user_load_region($u)
{
	/* Double check, make sure the user is of this type */
	if(!in_array('region', $u['types'])) return false;

	$q = mysql_query("SELECT * FROM users_region
				WHERE id='{$u['id']}'
			");
	if(mysql_num_rows($q)!=1) return false;

	$r = mysql_fetch_object($q);
	$ret = array();
	$ret['regions_id'] = intval($r->regions_id);
	return $ret;
}

function user_load_student($u)
{
	/* Double check, make sure the user is of this type */
	if(!in_array('student', $u['types'])) return false;
	$ret = array();
	return $ret;
}
function user_load_judge($u)
{
	/* Double check, make sure the user is of this type */
	if(!in_array('judge', $u['types'])) return false;
	$ret = array();
	return $ret;
}

function user_load_committee($u)
{
	/* Double check, make sure the user is of this type */
	if(!in_array('committee', $u['types'])) return false;

	$q = mysql_query("SELECT * FROM users_committee
				WHERE users_id='{$u['id']}'");
	if(mysql_num_rows($q)!=1) return false;

	$r = mysel_fetch_object($q);
	$ret = array();
	$ret['emailprivate'] = $r->emailprivate;
	$ret['ord'] = intval($r->ord);
	$ret['displayemail'] = ($r->displayemail == 'Y') ? 'Y' : 'N';
	$ret['access_admin'] = ($r->access_admin == 'Y') ? 'Y' : 'N';
	$ret['access_config'] = ($r->access_config == 'Y') ? 'Y' : 'N';
	$ret['access_super'] = ($r->access_super == 'Y') ? 'Y' : 'N';
	return $ret;
}

function user_load_volunteer($u)
{
	/* Double check, make sure the user is of this type */
	if(!in_array('volunteer', $u['types'])) return false;
	$ret = array();
	return $ret;
}

function user_load($user, $load_full=false, $force_type=false)
{
	$id = 0;

	/* Sort out the type first */
	if(is_array($user)){
		/* User already loaded, this is just an extended load */
		$id = $user['id'];
		$where = "id='$id'";
		$load_base = false;
	} else {
		
		$id = intval($user);
		if($id > 0) {
			/* Load by ID FIXME: if we enable load-by-email below,
			 * then a user could use a number at the beginning of
			 * their email address to exploit here, must fix that.
			 * */
			$where = "id='$id'";
		} else {
			return false;
			/* Load by email */
//			$e = stripslashes($user);
//			$where = "email='$e'";
		}
		$load_base = true;
	}

	if($load_base) {
		$q=mysql_query("SELECT * FROM users
					WHERE
						$where
						AND deleted='no'
				");

                if(mysql_num_rows($q)!=1) return false;

		$ret = mysql_fetch_assoc($q);
		
		/* Do we need to do number conversions? */
		$ret['id'] = intval($ret['id']);

		/* Turn the type into an array, because there could be more than one */
		$ts = explode(',', $ret['types']);
		$ret['types'] = $ts; /* Now we can use in_array($ret['type'], 'judge') ; */

		/* Set the current type if there's only one */
		if(count($ret['types']) == 1) {
			$ret['type'] = $ret['types'][0];
		} else {
			$ret['type'] = false;
		}
	} else {
		$ret = $user;
	}

	if($load_full) {
		$r = true;
		foreach($ret['types'] as $t) {
			/* These all pass $ret by reference, and can modify
			 * $ret */
			$r = call_user_func("user_load_$type", $ret);
			if($r == false) return false;

			/* It is important that each type database doesn't
			have conflicting column names */
			foreach($r as $k->$v) {
				if(array_key_exists($k, $ret)) {
					echo "DATABSE DESIGN ERROR, duplicate user key $k";
					exit;
				}
			}
			$ret = array_merge($ret, $r);
		}
	}
	/* Do this assignment without recursion :) */
	$orig = $ret;
	$ret['orig'] = $orig;

	return $ret;
}


function user_save($u)
{
	$fields = array('firstname','lastname','username','password',
			'email','emailprivate',
			'phonehome','phonework','phonecell','fax',
			'address','address2','city','province','postalcode');

	$set = "";
	foreach($fields as $f) {
		if($u[$f] == $u['orig'][$f]) continue;

		if($set != "") $set .=',';

//		if($f == 'types') 
//			$set .= "$f='".implode(',', $u[$f])."'";

		$set .= "$f='{$u[$f]}'";
	}
	//echo "<pre>";
	//print_r($u);
	//echo "</pre>";
	if($set != "") {
		$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
		mysql_query($query);
	//	echo "query=[$query]";
		echo mysql_error();
	}
}


function user_valid_user($user)
{
	/* Find any character that doesn't match the valid username characters
	 * (^ inverts the matching remember */
	$x = preg_match('[^a-zA-Z0-9@.-_]',$user);

	/* If x==1, a match was found, and the input is bad */
	return ($x == 1) ? false : true;
}

function user_valid_password($pass)
{
	/* Same as user, but allow more characters */
	$x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+|;:,<.>/?]',$pass);

	/* If x==1, a match was found, and the input is bad */
	if($x == 1) return false;

	if(strlen($pass) < 6) return false;

	return true;
}

/* Perform some checks.  Make sure the person is logged in, and that their
 * password hasn't expired (the password_expired var is set in the login page) 
 */
function user_auth_required($type, $check_expiry=true)
{
	if(!isset($_SESSION['users_type'])) {
		header("location: user_login.php?type=$type&notice=auth_required");
		exit;
	}

	if($_SESSION['users_type'] != $type) {
		header("location: user_login.php?type=$type&notice=auth_required");
		exit;
	}

	if($_SESSION['password_expired'] == true && $check_expiry==true) {
		header("location: user_password.php");
		exit;
	}
	return true;	
}


function user_volunteer_registration_status()
{
	global $config;
//	$now = date('Y-m-d H:i:s');
  //      if($now < $config['dates']['judgeregopen']) return "notopenyet";
//	if($now > $config['dates']['judgeregclose']) return "closed";
	return "open";
}

function user_judge_registration_status()
{
	global $config;
	$now = date('Y-m-d H:i:s');
        if($now < $config['dates']['judgeregopen']) return "notopenyet";
	if($now > $config['dates']['judgeregclose']) return "closed";
	return "open";
}

function user_personal_fields($type)
{
	/* Figure out what fields we should show. */
	$all_fields = array('firstname','lastname','email','phonehome','phonecell','organization');
	switch($type) {
	case 'volunteer':
		$f = array();
	case 'committee':
		$f = array('workphone','fax');
	case 'judge':
		$f = array();
	case 'student':
		$f = array();
	case 'region':
		$f = array();
	}
	return array_merge($all_fields, $f);
	return null;
}

function user_personal_required_fields($type)
{
	$all_fields = array('firstname','lastname','email');
	switch($type) {
	case 'volunteer':
		$f = array();
	case 'committee':
		$f = array();
	case 'judge':
		$f = array();
	case 'student':
		$f = array();
	case 'region':
		$f = array();
	}
	return array_merge($all_fields, $f);
	return null;
}

function user_personal_info_status($u = false)
{
	if($u == false) {
		 $u = user_load($_SESSION['users_id']);
	}
	$required = array();
	foreach($u['types'] as $t) {
		$required = array_merge($required, user_personal_required_fields($t));
	}
	foreach($required as $r) {
		$val = trim($u[$r]);

		if(strlen($val) > 0) {
			/* Ok */
		} else {
			return 'incomplete';
		}
	}
	return 'complete';
}

function user_update_complete(&$u, $status)
{
	if($status == 'complete' && $u['complete'] != 'yes') {
		mysql_query("UPDATE users SET complete='yes' WHERE id='{$_SESSION['users_id']}'");
		$u['complete'] = 'yes';
		return;
	}
	if($status != 'complete' && $u['complete'] == 'yes') {
		mysql_query("UPDATE users SET complete='no' WHERE id='{$_SESSION['users_id']}'");
		$u['complete'] = 'no';
		return;
	}
}
- New user and volunteer signup system 2007-11-16 06:30:42 +00:00			`<?`
			`/*`
			`This file is part of the 'Science Fair In A Box' project`
			`SFIAB Website: http://www.sfiab.ca`

			`Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>`
			`Copyright (C) 2005 James Grant <james@lightbox.org>`
			`Copyright (C) 2007 David Grant <dave@lightbox.org>`

			`This program is free software; you can redistribute it and/or`
			`modify it under the terms of the GNU General Public`
			`License as published by the Free Software Foundation, version 2.`

			`This program is distributed in the hope that it will be useful,`
			`but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU`
			`General Public License for more details.`

			`You should have received a copy of the GNU General Public License`
			`along with this program; see the file COPYING. If not, write to`
			`the Free Software Foundation, Inc., 59 Temple Place - Suite 330,`
			`Boston, MA 02111-1307, USA.`
			`*/`
			`?>`
			`<?`
			`require_once('common.inc.php');`


			`$user_types = array('student','judge','committee','volunteer','region');`
			`$user_what = array('student'=>'Participant', 'judge' => 'Judge',`
			`'committee'=>'Committee Member','volunteer' => 'Volunteer',`
			`'region'=>'Region');`


			`function user_load_region($u)`
			`{`
			`/* Double check, make sure the user is of this type */`
			`if(!in_array('region', $u['types'])) return false;`

			`$q = mysql_query("SELECT * FROM users_region`
			`WHERE id='{$u['id']}'`
			`");`
			`if(mysql_num_rows($q)!=1) return false;`

			`$r = mysql_fetch_object($q);`
			`$ret = array();`
			`$ret['regions_id'] = intval($r->regions_id);`
			`return $ret;`
			`}`

			`function user_load_student($u)`
			`{`
			`/* Double check, make sure the user is of this type */`
			`if(!in_array('student', $u['types'])) return false;`
			`$ret = array();`
			`return $ret;`
			`}`
			`function user_load_judge($u)`
			`{`
			`/* Double check, make sure the user is of this type */`
			`if(!in_array('judge', $u['types'])) return false;`
			`$ret = array();`
			`return $ret;`
			`}`

			`function user_load_committee($u)`
			`{`
			`/* Double check, make sure the user is of this type */`
			`if(!in_array('committee', $u['types'])) return false;`

			`$q = mysql_query("SELECT * FROM users_committee`
			`WHERE users_id='{$u['id']}'");`
			`if(mysql_num_rows($q)!=1) return false;`

			`$r = mysel_fetch_object($q);`
			`$ret = array();`
			`$ret['emailprivate'] = $r->emailprivate;`
			`$ret['ord'] = intval($r->ord);`
			`$ret['displayemail'] = ($r->displayemail == 'Y') ? 'Y' : 'N';`
			`$ret['access_admin'] = ($r->access_admin == 'Y') ? 'Y' : 'N';`
			`$ret['access_config'] = ($r->access_config == 'Y') ? 'Y' : 'N';`
			`$ret['access_super'] = ($r->access_super == 'Y') ? 'Y' : 'N';`
			`return $ret;`
			`}`

			`function user_load_volunteer($u)`
			`{`
			`/* Double check, make sure the user is of this type */`
			`if(!in_array('volunteer', $u['types'])) return false;`
			`$ret = array();`
			`return $ret;`
			`}`

			`function user_load($user, $load_full=false, $force_type=false)`
			`{`
			`$id = 0;`

			`/* Sort out the type first */`
			`if(is_array($user)){`
			`/* User already loaded, this is just an extended load */`
			`$id = $user['id'];`
			`$where = "id='$id'";`
			`$load_base = false;`
			`} else {`

			`$id = intval($user);`
			`if($id > 0) {`
			`/* Load by ID FIXME: if we enable load-by-email below,`
			`* then a user could use a number at the beginning of`
			`* their email address to exploit here, must fix that.`
			`* */`
			`$where = "id='$id'";`
			`} else {`
			`return false;`
			`/* Load by email */`
			`// $e = stripslashes($user);`
			`// $where = "email='$e'";`
			`}`
			`$load_base = true;`
			`}`

			`if($load_base) {`
			`$q=mysql_query("SELECT * FROM users`
			`WHERE`
			`$where`
			`AND deleted='no'`
			`");`

			`if(mysql_num_rows($q)!=1) return false;`

			`$ret = mysql_fetch_assoc($q);`

			`/* Do we need to do number conversions? */`
			`$ret['id'] = intval($ret['id']);`

			`/* Turn the type into an array, because there could be more than one */`
			`$ts = explode(',', $ret['types']);`
			`$ret['types'] = $ts; /* Now we can use in_array($ret['type'], 'judge') ; */`

			`/* Set the current type if there's only one */`
			`if(count($ret['types']) == 1) {`
			`$ret['type'] = $ret['types'][0];`
			`} else {`
			`$ret['type'] = false;`
			`}`
			`} else {`
			`$ret = $user;`
			`}`

			`if($load_full) {`
			`$r = true;`
			`foreach($ret['types'] as $t) {`
			`/* These all pass $ret by reference, and can modify`
			`* $ret */`
			`$r = call_user_func("user_load_$type", $ret);`
			`if($r == false) return false;`

			`/* It is important that each type database doesn't`
			`have conflicting column names */`
			`foreach($r as $k->$v) {`
			`if(array_key_exists($k, $ret)) {`
			`echo "DATABSE DESIGN ERROR, duplicate user key $k";`
			`exit;`
			`}`
			`}`
			`$ret = array_merge($ret, $r);`
			`}`
			`}`
			`/* Do this assignment without recursion :) */`
			`$orig = $ret;`
			`$ret['orig'] = $orig;`

			`return $ret;`
			`}`


			`function user_save($u)`
			`{`
			`$fields = array('firstname','lastname','username','password',`
			`'email','emailprivate',`
			`'phonehome','phonework','phonecell','fax',`
			`'address','address2','city','province','postalcode');`

			`$set = "";`
			`foreach($fields as $f) {`
			`if($u[$f] == $u['orig'][$f]) continue;`

			`if($set != "") $set .=',';`

			`// if($f == 'types')`
			`// $set .= "$f='".implode(',', $u[$f])."'";`

			`$set .= "$f='{$u[$f]}'";`
			`}`
			`//echo "<pre>";`
			`//print_r($u);`
			`//echo "</pre>";`
			`if($set != "") {`
			`$query = "UPDATE users SET $set WHERE id='{$u['id']}'";`
			`mysql_query($query);`
			`// echo "query=[$query]";`
			`echo mysql_error();`
			`}`
			`}`


			`function user_valid_user($user)`
			`{`
			`/* Find any character that doesn't match the valid username characters`
			`* (^ inverts the matching remember */`
			`$x = preg_match('[^a-zA-Z0-9@.-_]',$user);`

			`/* If x==1, a match was found, and the input is bad */`
			`return ($x == 1) ? false : true;`
			`}`

			`function user_valid_password($pass)`
			`{`
			`/* Same as user, but allow more characters */`
			`$x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+\|;:,<.>/?]',$pass);`

			`/* If x==1, a match was found, and the input is bad */`
			`if($x == 1) return false;`

			`if(strlen($pass) < 6) return false;`

			`return true;`
			`}`

			`/* Perform some checks. Make sure the person is logged in, and that their`
			`* password hasn't expired (the password_expired var is set in the login page)`
			`*/`
			`function user_auth_required($type, $check_expiry=true)`
			`{`
			`if(!isset($_SESSION['users_type'])) {`
			`header("location: user_login.php?type=$type&notice=auth_required");`
			`exit;`
			`}`

			`if($_SESSION['users_type'] != $type) {`
			`header("location: user_login.php?type=$type&notice=auth_required");`
			`exit;`
			`}`

			`if($_SESSION['password_expired'] == true && $check_expiry==true) {`
			`header("location: user_password.php");`
			`exit;`
			`}`
			`return true;`
			`}`


			`function user_volunteer_registration_status()`
			`{`
			`global $config;`
			`// $now = date('Y-m-d H:i:s');`
			`// if($now < $config['dates']['judgeregopen']) return "notopenyet";`
			`// if($now > $config['dates']['judgeregclose']) return "closed";`
			`return "open";`
			`}`

			`function user_judge_registration_status()`
			`{`
			`global $config;`
			`$now = date('Y-m-d H:i:s');`
			`if($now < $config['dates']['judgeregopen']) return "notopenyet";`
			`if($now > $config['dates']['judgeregclose']) return "closed";`
			`return "open";`
			`}`

			`function user_personal_fields($type)`
			`{`
			`/* Figure out what fields we should show. */`
			`$all_fields = array('firstname','lastname','email','phonehome','phonecell','organization');`
			`switch($type) {`
			`case 'volunteer':`
			`$f = array();`
			`case 'committee':`
			`$f = array('workphone','fax');`
			`case 'judge':`
			`$f = array();`
			`case 'student':`
			`$f = array();`
			`case 'region':`
			`$f = array();`
			`}`
			`return array_merge($all_fields, $f);`
			`return null;`
			`}`

			`function user_personal_required_fields($type)`
			`{`
			`$all_fields = array('firstname','lastname','email');`
			`switch($type) {`
			`case 'volunteer':`
			`$f = array();`
			`case 'committee':`
			`$f = array();`
			`case 'judge':`
			`$f = array();`
			`case 'student':`
			`$f = array();`
			`case 'region':`
			`$f = array();`
			`}`
			`return array_merge($all_fields, $f);`
			`return null;`
			`}`

			`function user_personal_info_status($u = false)`
			`{`
			`if($u == false) {`
			`$u = user_load($_SESSION['users_id']);`
			`}`
			`$required = array();`
			`foreach($u['types'] as $t) {`
			`$required = array_merge($required, user_personal_required_fields($t));`
			`}`
			`foreach($required as $r) {`
			`$val = trim($u[$r]);`

			`if(strlen($val) > 0) {`
			`/* Ok */`
			`} else {`
			`return 'incomplete';`
			`}`
			`}`
			`return 'complete';`
			`}`

			`function user_update_complete(&$u, $status)`
			`{`
			`if($status == 'complete' && $u['complete'] != 'yes') {`
			`mysql_query("UPDATE users SET complete='yes' WHERE id='{$_SESSION['users_id']}'");`
			`$u['complete'] = 'yes';`
			`return;`
			`}`
			`if($status != 'complete' && $u['complete'] == 'yes') {`
			`mysql_query("UPDATE users SET complete='no' WHERE id='{$_SESSION['users_id']}'");`
			`$u['complete'] = 'no';`
			`return;`
			`}`
			`}`