science-ation/register_judges.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
   Copyright (C) 2005 James Grant <james@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/
?>
<?
 require("common.inc.php");

 if($_POST['action']=="new")
 {
	//first make sure their password is good
	if(!$_POST['pass1'])
	{
		send_header("Judges Registration");
		echo error(i18n("Password is required"));
		$_POST['action']="login";
	}
	else if($_POST['pass1'] != $_POST['pass2'])
	{
		send_header("Judges Registration");
		echo error(i18n("Passwords do not match"));
		$_POST['action']="login";
	}
	else
	{
		if($config['judges_password_expiry_days']>0)
			$ex="DATE_ADD(CURDATE(),INTERVAL ".$config['judges_password_expiry_days']." DAY)";
		else
			$ex="NULL";

		mysql_query("INSERT INTO judges (email,password,created,lastlogin,passwordexpiry) VALUES ('".$_SESSION['email']."','".$_POST['pass1']."',NOW(),NOW(),$ex)");
		$id=mysql_insert_id();
		$_SESSION['judges_id']=$id;

		//obviously if they are signing up right now they would like to particapte in the current years fair, so setup the year for them
		mysql_query("INSERT INTO judges_years (judges_id,year) VALUES ('$id','".$config['FAIRYEAR']."')");

		//now redirect to jduges main
		header("Location: register_judges_main.php");
	}


 }

 else if($_POST['action']=="continue")
 {
 	if($_POST['pass'])
	{
		$q=mysql_query("SELECT * FROM judges WHERE email='".$_SESSION['email']."' AND password='".$_POST['pass']."' AND deleted='no'");
		if(mysql_num_rows($q)==1)
		{
			$r=mysql_fetch_object($q);
			$_SESSION['judges_id']=$r->id;
			$_SESSION['judges_lastlogin']=$r->lastlogin;
			mysql_query("UPDATE judges SET lastlogin=NOW() WHERE id='$r->id'");
			header("Location: register_judges_main.php");
		}
		else
		{
			send_header("Judges Registration");
			echo error(i18n("Invalid Password"));
			$_POST['action']="login";

		}

	}
	else
	{
		send_header("Judges Registration");
		echo error(i18n("Password missing"));
		$_POST['action']="login";
	}
 }
 else if($_GET['action']=="logout")
 {
 	unset($_SESSION['email']);
	unset($_SESSION['judges_id']);
	unset($_SESSION['judges_lastlogin']);
	unset($_SESSION['judges_password_expired']);
	send_header("Judges Registration");
	echo notice(i18n("You have been successfully logged out"));
 }

 if($_SESSION['email'] && $_SESSION['judges_id'])
 	header("Location: register_judges_main.php");


 send_header("Judges Registration");

 $_POST['email']=trim($_POST['email']);

 if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) )
 {
 	if($_POST['email'])
	 	$_SESSION['email']=$_POST['email'];

 	echo "<form method=\"post\" action=\"register_judges.php\">";

 	$allownew=true;
 	//first, check if they have any registrations waiting to be opened
	$q=mysql_query("SELECT * FROM judges WHERE email='".$_SESSION['email']."' AND deleted='no'");
	if(mysql_num_rows($q)>0)
	{
		echo i18n("Please enter your password to login");
		echo "<br />";
		echo "<br />";
		echo i18n("Password:")." ";
		echo "<input type=\"password\" size=\"10\" name=\"pass\">";
		echo "<input type=\"hidden\" name=\"action\" value=\"continue\">";
		echo "<input type=\"submit\" value=\"".i18n("Login")."\">";
		echo "<br />";
		echo "<br />";
		echo i18n("If you have lost or forgotten your <b>password</b>, please <a href=\"register_judges.php?action=resend\">click here to resend</a> it to your email address");
	}
	else
	{
		echo i18n("Please choose a password in order to create your judges account");
		echo "<br />";
		echo "<br />";
		echo "<input type=\"hidden\" name=\"action\" value=\"new\">";
		echo "<table>";
		echo "<tr><td>";
		echo i18n("Enter Password:");
		echo "</td><td>";
		echo "<input type=\"password\" size=\"10\" name=\"pass1\">";
		echo "</td></tr>";
		echo "<tr><td>";
		echo i18n("Confirm Password:");
		echo "</td><td>";
		echo "<input type=\"password\" size=\"10\" name=\"pass2\">";
		echo "</td></tr>";
		echo "</table>";
		echo "<br />";
		echo "<input type=\"submit\" value=\"".i18n("Create Account")."\">";
	}

	echo "</form>";
 }
 else
 {
 	//Lets check the date - if we are AFTER 'judgeregopen' and BEFORE 'judgeregclose' then we can login
	//otherwise, registration is closed - no logins!

	$q=mysql_query("SELECT (NOW()>'".$config['dates']['judgeregopen']."' AND NOW()<'".$config['dates']['judgeregclose']."') AS datecheck");
	$r=mysql_fetch_object($q);
	//this will return 1 if its between the dates, 0 otherwise.
	if($r->datecheck==1)
	{
 	
		echo i18n("Please enter your email address to :");
		echo "<ul>";
		echo "<li>".i18n("Begin a new registration")."</li>";
		echo "<li>".i18n("Login to your account")."</li>";
		echo "</ul>";

		?>
		<form method="post" action="register_judges.php">
		<input type="hidden" name="action" value="login" />
		<?=i18n("Email")?>: <input type="text" name="email" size="30" />
		<input type="submit" value="Begin" />
		</form>
		<?

	}
	else
	{
		echo i18n("Judges registration for the %1 %2 is now closed",array($config['FAIRYEAR'],$config['fairname']));
	}
 }
 send_footer();
?>