science-ation/register_participants.php

<?

/*
 * This file is part of the 'Science Fair In A Box' project
 * SFIAB Website: http://www.sfiab.ca
 *
 * Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
 * Copyright (C) 2005 James Grant <james@lightbox.org>
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public
 * License as published by the Free Software Foundation, version 2.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 *  General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; see the file COPYING.  If not, write to
 * the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
 * Boston, MA 02111-1307, USA.
 */
?>
<?
require ('common.inc.php');
global $pdo;

$q = $pdo->query("SELECT (NOW()>'" . $config['dates']['regopen'] . "' AND NOW()<'" . $config['dates']['regclose'] . "') AS datecheck,
			NOW()<'" . $config['dates']['regopen'] . "' AS datecheckbefore,
			NOW()>'" . $config['dates']['regclose'] . "' AS datecheckafter");

$datecheck = $q->fetch(PDO::FETCH_OBJ);

if (get_value_from_array($_POST, 'action') == 'new') {
	$q = $pdo->prepare('SELECT email,num,id,schools_id FROM registrations WHERE email=? AND num=? AND year=?');
	$q->execute([$_SESSION['email'], $_POST['regnum'], $config['FAIRYEAR']]);
	if ($q->rowCount()) {
		$r = $q->fetch(PDO::FETCH_OBJ);
		$_SESSION['registration_number'] = $r->num;
		$_SESSION['registration_id'] = $r->id;

		$r->schools_id = $r->schools_id ?? 0;
		$stmt = $pdo->prepare('INSERT INTO students (registrations_id,email,schools_id,year) VALUES (?,?,?,?)');
		$stmt->execute([$r->id, $_SESSION['email'], $r->schools_id, $config['FAIRYEAR']]);

		$stmt = $pdo->prepare("UPDATE registrations SET status='open' WHERE id=?");
		$stmt->execute([$r->id]);

		header('Location: register_participants_main.php');
		exit;
	} else {
		send_header('Participant Registration');
		echo error(i18n('Invalid registration number (%1) for email address %2', array($_POST['regnum'], $_SESSION['email']), array('registration number', 'email address')));
		$_POST['action'] = 'login';
	}
} else if (get_value_from_array($_POST, 'action') == 'continue') {
	if (get_value_from_array($_POST, 'email'))
		$_SESSION['email'] = stripslashes($_POST['email']);

	$q = $pdo->prepare('SELECT 
        registrations.id AS regid, 
        registrations.num AS regnum, 
        students.id AS studentid, 
        students.firstname 
    FROM registrations 
    JOIN students ON students.registrations_id = registrations.id 
    WHERE students.email = ? 
    AND registrations.num = ? 
    AND registrations.year = ? 
    AND students.year = ?');

	$q->execute([
		$_SESSION['email'],
		intval($_POST['regnum']),
		$config['FAIRYEAR'],
		$config['FAIRYEAR']
	]);

	if ($q->rowCount()) {
		$r = $q->fetch(PDO::FETCH_OBJ);
		$_SESSION['registration_number'] = $r->regnum;
		$_SESSION['registration_id'] = $r->regid;
		$_SESSION['students_id'] = $r->studentid;
		header('Location: register_participants_main.php');
		exit;
	} else {
		send_header('Participant Registration');
		echo error(i18n('Invalid registration number (%1) for email address %2', array($_POST['regnum'], $_SESSION['email']), array('registration number', 'email address')));
		$_POST['action'] = 'login';
	}
} else if (get_value_from_array($_GET, 'action') == 'resend' && get_value_from_array($_SESSION, 'email')) {
	// first see if the email matches directly from the registrations table
	$q = $pdo->prepare('SELECT registrations.num FROM 
				registrations
			WHERE 
				registrations.email=? 
				AND registrations.year=?');
	$q->execute([$_SESSION['email'], $config['FAIRYEAR']]);
	if ($q->rowCount())
		$r = $q->fetch(PDO::FETCH_OBJ);
	else {
		// no match from registrations, so lets see if it matches from the students table
		$q = $pdo->prepare('SELECT registrations.num FROM 
					registrations, 
					students 
				WHERE 
					students.email=? 
					AND students.registrations_id=registrations.id 
					AND registrations.year=?');
		$q->execute([$_SESSION['email'], $config['FAIRYEAR']]);
		$r = $q->fetch(PDO::FETCH_OBJ);
	}

	if ($r) {
		email_send('register_participants_resend_regnum', $_SESSION['email'], array(), array('REGNUM' => $r->num));
		send_header('Participant Registration');
		echo notice(i18n('Your registration number has been resent to your email address <b>%1</b>', array($_SESSION['email']), array('email address')));
	} else {
		send_header('Participant Registration');
		echo error(i18n('Could not find a registration for your email address'));
	}
} else if (get_value_from_array($_GET, 'action') == 'logout') {
	unset($_SESSION['email']);
	unset($_SESSION['registration_number']);
	unset($_SESSION['registration_id']);
	send_header('Participant Registration');
	echo notice(i18n('You have been successfully logged out'));
}

// if they've alreayd logged in, and somehow wound back up here, take them back to where they should be
if (get_value_from_array($_SESSION, 'registration_number') && get_value_from_array($_SESSION, 'registration_id') && get_value_from_array($_SESSION, 'email')) {
	header('Location: register_participants_main.php');
	exit;
}

send_header('Participant Registration');

if (get_value_from_array($_POST, 'action') == 'login' && (get_value_from_array($_POST, 'email') || get_value_from_array($_SESSION, 'email'))) {
	if (get_value_from_array($_POST, 'email'))
		$_SESSION['email'] = stripslashes($_POST['email']);

	echo '<form method="post" action="register_participants.php">';

	$allownew = true;
	$showform = true;

	// first, check if they have any registrations waiting to be opened
	$q = $pdo->prepare("SELECT * FROM `registrations` WHERE `email` = :email AND `status` = 'new' AND `year` = :year");
	$q->bindParam(':email', $_SESSION['email'], PDO::PARAM_STR);
	$q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT);

	$q->execute();

	if ($q->rowCount() > 0) {
		echo i18n('Please enter your <b>registration number</b> that you received in your email, in order to begin your new registration');
		echo '<input type="hidden" name="action" value="new">';
		$allownew = false;
	} else {
		// check if they have an already open registration

		$q = $pdo->prepare("SELECT 
					students.email,
					registrations.status,
					registrations.id
				FROM 
					students, registrations
				WHERE 
					students.email = :email
					AND students.year = :year
					AND registrations.year = :year
					AND registrations.status IN ('open', 'paymentpending', 'complete')
					AND students.registrations_id = registrations.id");

		$q->bindParam(':email', $_SESSION['email'], PDO::PARAM_STR);
		$q->bindParam(':year', $config['FAIRYEAR'], PDO::PARAM_INT);

		$q->execute();

		if ($q->rowCount() > 0) {
			$r = $q->fetch(PDO::FETCH_OBJ);
			//			print_r($r);
			echo i18n('Please enter your <b>registration number</b> in order to login');
			echo '<input type="hidden" name="action" value="continue">';
			$allownew = false;
			echo '<br />';
		} else {
			// they dont have a 'new' and they dont have an 'open/paymentpending/complete' so that means that they want to create a new one... BUT...
			if ($config['participant_registration_type'] == 'invite') {
				$allownew = false;
				$showform = false;

				echo i18n('Participant registration is by invite only.  You can not create a new account.  If you have been invited by your school/region, you need to use the same email address that you were invited with.');
				echo '<br />';
				echo '<br />';
				echo '<a href="register_participants.php">Back to Participant Registration</a>';
			} else if ($config['participant_registration_type'] == 'singlepassword') {
				$showsinglepasswordform = true;

				if (get_value_from_array($_POST, 'singlepassword')) {
					if ($_POST['singlepassword'] == $config['participant_registration_singlepassword']) {
						$allownew = true;
						$showform = true;
						$showsinglepasswordform = false;
					} else {
						echo error(i18n('Invalid registration password, please try again'));
						$allownew = false;
						$showform = false;
					}
				}

				if ($showsinglepasswordform) {
					echo i18n('Participant registration is protected by a password.  You must know the <b>registration password</b> in order to create an account.');
					echo '<br />';
					echo '<br />';
					echo '<input type="hidden" name="action" value="login">';
					echo i18n('Email Address:') . ' ' . $_SESSION['email'] . '<br />';
					echo i18n('Registration Password:');
					echo '<input type="text" size="10" name="singlepassword">';
					echo '<br />';
					echo '<br />';
					echo '<input type="submit" value="' . i18n('Submit') . '">';
					echo '</form>';
					$allownew = false;
					$showform = false;
				}
			} else if ($config['participant_registration_type'] == 'schoolpassword') {
				$showschoolpasswordform = true;
				if ($_POST['schoolpassword'] && $_POST['schoolid']) {
					$q = $pdo->prepare('SELECT registration_password FROM schools WHERE id=? AND year=?');
					$q->execute([$_POST['schoolid'], $config['FAIRYEAR']]);
					$r = $q->fetch(PDO::FETCH_OBJ);

					if ($_POST['schoolpassword'] == $r->registration_password) {
						$allownew = true;
						$showform = true;
						$showschoolpasswordform = false;
						$schoolidquery = "'" . $_POST['schoolid'] . "'";
					} else {
						echo error(i18n('Invalid school registration password, please try again'));
						$allownew = false;
						$showform = false;
					}
				}

				if ($showschoolpasswordform) {
					echo i18n('Participant registration is protected by a password for each school.  You must know your <b>school registration password</b> in order to create an account.');
					echo '<br />';
					echo '<br />';
					echo '<input type="hidden" name="action" value="login">';
					echo i18n('Email Address:') . ' ' . $_SESSION['email'] . '<br />';
					echo i18n('School: ');
					$q = $pdo->prepare('SELECT id,school FROM schools WHERE year=? ORDER BY school');
					$q->execute([$config['FAIRYEAR']]);
					echo '<select name="schoolid">';
					echo '<option value="">' . i18n('Choose your school') . "</option>\n";
					while ($r = $q->fetch(PDO::FETCH_OBJ))
						echo "<option value=\"$r->id\">$r->school</option>\n";
					echo '</select>';
					echo '<br />';
					echo i18n('School Registration Password: ');
					echo '<input type="text" size="10" name="schoolpassword">';
					echo '<br />';
					echo '<br />';
					echo '<input type="submit" value="' . i18n('Submit') . '">';
					echo '</form>';
					$allownew = false;
					$showform = false;
				}
			} else if ($config['participant_registration_type'] == 'open') {
				// thats fine, continue on and create them the account.
			} else if ($config['participant_registration_type'] == 'openorinvite') {
				// thats fine too, continue on and create them the account.
			} else {
				echo error(i18n('There is an error with the SFIAB configuration.  participant_registration_type is not defined.  Contact the fair organizers to get this fixed.'));
				$allownew = false;
				$showform = false;
			}
		}
	}

	if ($allownew) {
		if ($datecheck->datecheck == 0) {
			if ($datecheck->datecheckbefore)
				echo error(i18n('Registration is not open yet.  You can not create a new account'));
			else if ($datecheck->datecheckafter)
				echo error(i18n('Registration is now closed.  You can not create a new account'));
			$showform = false;
			echo '<A href="register_participants.php">Back to Participant Registration Login Page</a>';
		} else {
			// they can only create a new registraiton if they have a valid email address, so lets do a quick ereg check on their email
			if (isEmailAddress($_SESSION['email'])) {
				$regnum = 0;
				// now create the new registration record, and assign a random/unique registration number to then.
				do {
					// random number between
					// 100000 and 999999  (six digit integer)
					$regnum = rand(100000, 999999);
					$q = $pdo->prepare('SELECT * FROM registrations WHERE num=? AND year=?');
					$q->execute([$regnum, $config['FAIRYEAR']]);
				} while ($q->rowCount() > 0);

				if (!$schoolidquery)
					$schoolidquery = 'null';

				// actually insert it
				$stmt = $pdo->prepare('INSERT INTO registrations (num, email, start, status, schools_id, year) VALUES (?, ?, NOW(), ?, ?, ?)');

				$stmt->execute([
					$regnum,
					$_SESSION['email'],
					'new',
					$schoolidquery,
					$config['FAIRYEAR']
				]);

				email_send('new_participant', $_SESSION['email'], array(), array('REGNUM' => $regnum, 'EMAIL' => $_SESSION['email']));

				echo i18n('You have been identified as a new registrant.  An email has been sent to <b>%1</b> which contains your new <b>registration number</b>.  Please check your email to obtain your <b>registration number</b> and then enter it below:', array($_SESSION['email']), array('email address'));
				echo '<input type="hidden" name="action" value="new">';
			} else {
				echo error(i18n('The email address you entered (%1) appears to be invalid.  You must use a proper email address in order to create an account', array($_SESSION['email'])));
				echo '<a href="register_participants.php">' . i18n('Return to participant registration') . '</a>';
				$showform = false;
			}
		}
	}
	if ($showform) {
		echo '<br />';
		echo '<br />';
		echo i18n('Registration Number:');
		echo '<input type="text" size="10" name="regnum">';
		echo '<br />';
		echo '<br />';
		echo '<input type="submit" value="' . i18n('Submit') . '">';
		echo '</form>';
		echo '<br />';
		echo i18n('If you have lost or forgotten your <b>registration number</b>, please <a href="register_participants.php?action=resend">click here to resend</a> it to your email address');
	}
} else {
	// Lets check the date - if we are AFTER 'regopen' and BEFORE 'regclose' then we can login
	// otherwise, registration is closed - no logins!

	// this will return 1 if its between the dates, 0 otherwise.
	if ($datecheck->datecheck == 0) {
		if ($datecheck->datecheckbefore)
			echo notice(i18n('Registration for the %1 %2 is not open yet.  Registration will open on %3.', array($config['FAIRYEAR'], $config['fairname'], format_datetime($config['dates']['regopen'])), array('fair year', 'fair name', 'registration open date')));
		else if ($datecheck->datecheckafter) {
			echo notice(i18n('Registration for the %1 %2 is now closed.  Existing registrants can login and view (read only) their information, as well as apply for special awards (if applicable).', array($config['FAIRYEAR'], $config['fairname']), array('fair year', 'fair name')));
			echo i18n('Please enter your email address to login');
		}
		echo '<br />';
		echo '<br />';
		$buttontext = i18n('Login');
	} else {
		if ($config['participant_registration_type'] == 'invite') {
			echo i18n('Registration is by invitation only.  As soon as you are invited by your school or the science fair committee, you will receive a welcoming email with your Registration Number');
			echo '<br />';
			echo '<br />';

			echo i18n('Please enter your email address to:');
			echo '<ul>';
		} else {
			echo i18n('Please enter your email address to :');
			echo '<ul>';
			echo '<li>' . i18n('Begin a new registration') . '</li>';
		}

		echo '<li>' . i18n('Continue a previously started registration') . '</li>';
		echo '<li>' . i18n('Modify an existing registration') . '</li>';
		echo '</ul>';
		echo i18n('You must enter a valid email address.  We will be emailing you information which you will need to complete the registration process!');
		echo '<br />';
		echo '<br />';
		$buttontext = i18n('Begin');
	}

	// only show the email login box if registration is open, or we're past the registration deadline (so they can login and view / apply for special awards).  if we're before the registration deadline then they cant create an account or login anwyays so no point in showing the box
	if (!$datecheck->datecheckbefore) {
		?>
	<form method="post" action="register_participants.php">
	<input type="hidden" name="action" value="login" />
	<?= i18n('Email') ?>: <input type="text" name="email" size="30" />
	<input type="submit" value="<?= $buttontext ?>" />
	</form>
	<?
	}
}
send_footer();
?>