2007-11-16 06:30:42 +00:00
< ?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website : http :// www . sfiab . ca
Copyright ( C ) 2005 Sci - Tech Ontario Inc < info @ scitechontario . org >
Copyright ( C ) 2005 James Grant < james @ lightbox . org >
Copyright ( C ) 2007 David Grant < dave @ lightbox . org >
This program is free software ; you can redistribute it and / or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation , version 2.
This program is distributed in the hope that it will be useful ,
but WITHOUT ANY WARRANTY ; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE . See the GNU
General Public License for more details .
You should have received a copy of the GNU General Public License
along with this program ; see the file COPYING . If not , write to
the Free Software Foundation , Inc . , 59 Temple Place - Suite 330 ,
Boston , MA 02111 - 1307 , USA .
*/
?>
< ?
2010-10-07 22:02:45 +00:00
include_once ( 'account.inc.php' );
2010-07-13 03:30:11 +00:00
function user_valid_role ( $role )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
global $roles ;
if ( ! is_array ( $role )) $role = array ( $role );
2008-07-09 18:24:49 +00:00
2010-07-13 03:30:11 +00:00
foreach ( $role as $r ) {
if ( ! array_key_exists ( $r , $roles )) return false ;
2009-10-11 18:19:04 +00:00
}
2009-09-09 00:26:12 +00:00
return true ;
}
2007-11-16 06:30:42 +00:00
2009-10-11 03:32:14 +00:00
2010-07-13 03:30:11 +00:00
function user_load ( $users_id , $accounts_id = false )
2009-10-11 03:32:14 +00:00
{
2010-07-13 03:30:26 +00:00
/* Load user, join accounts so we also load the email, superuser flag */
2010-10-01 19:28:26 +00:00
//hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc.
2010-07-13 03:30:11 +00:00
if ( $accounts_id != false ) {
$accounts_id = intval ( $accounts_id );
2010-10-20 19:44:18 +00:00
$users_id = mysql_result ( mysql_query ( " SELECT users.id FROM users WHERE accounts_id = $accounts_id LIMIT 1 " , 0 ));
2007-11-16 06:30:42 +00:00
} else {
2010-10-20 19:44:18 +00:00
$users_id = intval ( $users_id );
2007-11-16 06:30:42 +00:00
}
2010-10-20 19:44:18 +00:00
$count = mysql_result ( mysql_query ( " SELECT COUNT(*) FROM users WHERE id = $users_id " ), 0 );
if ( $count == 0 ){
return false ;
}
if ( $count > 1 ){
2010-07-13 03:30:11 +00:00
echo " ERROR: More than one user. \n " ;
2010-07-27 19:06:36 +00:00
return false ;
2009-09-09 00:26:12 +00:00
}
2010-07-06 15:32:26 +00:00
2010-10-20 19:44:18 +00:00
// Load the user, we'll start with a blank slate
$u = array ();
2010-07-13 03:30:11 +00:00
2010-10-20 19:44:18 +00:00
// Get roles, and active/complete status for each role
2010-08-19 22:56:33 +00:00
$u [ 'roles' ] = array ();
2010-10-20 19:44:18 +00:00
$query = " SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id= $users_id " ;
$q = mysql_query ( $query );
2010-07-13 03:30:11 +00:00
while (( $roledata = mysql_fetch_assoc ( $q ))) {
2010-08-19 22:56:33 +00:00
$u [ 'roles' ][ $roledata [ 'type' ]] = $roledata ;
2010-10-20 19:44:18 +00:00
}
2010-10-22 18:43:17 +00:00
2010-08-19 22:56:33 +00:00
if ( count ( $u [ 'roles' ]) == 0 ) {
2010-07-13 03:30:11 +00:00
/* No roles , that ' s ok actually , the previous logic here was that
* a user without roles is deleted .. but .. this could happen for
* new users , or if someone deletes all their roles before adding
* a new role */
}
2009-09-09 00:26:12 +00:00
2010-10-22 18:43:17 +00:00
// get a list of all fields relevant to this user
$fieldDat = user_get_fields ( array_keys ( $u [ 'roles' ]));
2010-10-25 18:07:55 +00:00
// we need to separate the fields that are in the users table from those in separate tables
2010-10-22 18:43:17 +00:00
$fields = array_unique ( array_merge ( array_keys ( $fieldDat ), array ( 'id' , 'accounts_id' , 'conferences_id' )));
2010-10-25 18:07:55 +00:00
$userFields = array ();
$q = mysql_query ( " DESCRIBE users " );
while ( $row = mysql_fetch_assoc ( $q )){
$userFields [] = $row [ 'Field' ];
}
$userFields = array_intersect ( $fields , $userFields );
$specialFields = array_diff ( $fields , $userFields );
2010-10-22 18:43:17 +00:00
2010-10-25 18:07:55 +00:00
// we can start by populating the array with data out of the users table
$query = " SELECT users. " . implode ( " , users. " , $userFields ) . " , accounts.email " ;
2010-10-20 19:44:18 +00:00
$query .= " FROM users JOIN accounts ON accounts.id=users.accounts_id " ;
$query .= " WHERE `users`.`id`=' $users_id ' " ;
$q = mysql_query ( $query );
echo mysql_error ();
// Sanitize the user data
$userDat = mysql_fetch_assoc ( $q );
$u = array_merge ( $u , $userDat );
$u [ 'id' ] = intval ( $u [ 'id' ]);
$u [ 'accounts_id' ] = intval ( $u [ 'accounts_id' ]);
$u [ 'year' ] = intval ( $u [ 'year' ]);
2010-10-25 18:07:55 +00:00
// Convenience
2010-08-19 22:56:33 +00:00
$u [ 'name' ] = ( $u [ 'firstname' ] ? " { $u [ 'firstname' ] } " : '' ) . $u [ 'lastname' ];
2009-09-09 00:26:12 +00:00
2010-10-25 18:07:55 +00:00
// Email recipient for "to" field on emails
2010-08-19 22:56:33 +00:00
if ( ( $u [ 'firstname' ] || $u [ 'lastname' ]) && $u [ 'email' ]) {
2009-12-02 22:17:20 +00:00
//use their full name if we have it
//if the name contains anything non-standard, we need to quote it.
2010-08-19 22:56:33 +00:00
if ( eregi ( " [^a-z0-9 ] " , $u [ 'name' ]))
$u [ 'emailrecipient' ] = " \" { $u [ 'name' ] } \" < { $u [ 'email' ] } > " ;
2009-12-02 22:17:20 +00:00
else
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = " { $u [ 'name' ] } < { $u [ 'email' ] } > " ;
2009-12-02 22:17:20 +00:00
}
2010-08-19 22:56:33 +00:00
else if ( $u [ 'email' ]) {
2009-12-02 22:17:20 +00:00
//otherwise, just their email address
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = $u [ 'email' ];
2009-12-02 22:17:20 +00:00
}
2010-07-13 03:30:11 +00:00
else {
2010-08-19 22:56:33 +00:00
$u [ 'emailrecipient' ] = " " ;
2010-07-13 03:30:11 +00:00
}
2009-12-02 22:17:20 +00:00
2010-10-01 19:28:26 +00:00
/* we dont want them thinking they can change the email , so dont include it here ,
its part of the account , not the user , this way they still get the 'emailrecipient'
convenience variable , not not the email itself , for that , they need to access
the account . */
unset ( $u [ 'email' ]);
2010-10-14 19:42:20 +00:00
$should_be_arrays = array ();
2010-10-01 19:28:26 +00:00
2010-08-19 22:56:33 +00:00
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
2010-07-13 03:30:11 +00:00
/* Do the load routines inline , the explosion of user roles
* means it ' s just silly to have a different function for each
* one . If we get one that has a crazy amount of stuff to do ,
* we could move it all to a function and call it in the
* switch below */
switch ( $r ) {
case 'committee' :
$u [ 'ord' ] = intval ( $u [ 'ord' ]);
$u [ 'displayemail' ] = ( $u [ 'displayemail' ] == 'yes' ) ? 'yes' : 'no' ;
break ;
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
case 'judge' :
$u [ 'years_school' ] = intval ( $u [ 'years_school' ]);
$u [ 'years_regional' ] = intval ( $u [ 'years_regional' ]);
$u [ 'years_national' ] = intval ( $u [ 'years_national' ]);
$u [ 'willing_chair' ] = ( $u [ 'willing_chair' ] == 'yes' ) ? 'yes' : 'no' ;
$u [ 'special_award_only' ] = ( $u [ 'special_award_only' ] == 'yes' ) ? 'yes' : 'no' ;
2010-08-19 22:56:33 +00:00
$u [ 'cat_prefs' ] = ( strlen ( $u [ 'cat_prefs' ]) > 0 ) ? unserialize ( $u [ 'cat_prefs' ]) : array ();
$u [ 'div_prefs' ] = ( strlen ( $u [ 'div_prefs' ]) > 0 ) ? unserialize ( $u [ 'div_prefs' ]) : array ();
$u [ 'divsub_prefs' ] = ( strlen ( $u [ 'divsub_prefs' ]) > 0 ) ? unserialize ( $u [ 'divsub_prefs' ]) : array ();
2010-07-13 03:30:11 +00:00
// $u['expertise_other'] = $u['expertise_other'];
2010-10-14 20:31:10 +00:00
//if it hasnt been parsed/converted yet
if ( ! is_array ( $u [ 'languages' ]))
$u [ 'languages' ] = ( strlen ( $u [ 'languages' ]) > 0 ) ? unserialize ( $u [ 'languages' ]) : array ();
2010-07-13 03:30:11 +00:00
// $u['highest_psd'] = $u['highest_psd'];
/* Sanity check the arrays, make sure they are arrays */
2010-10-14 19:42:20 +00:00
$should_be_arrays = array ( 'cat_prefs' , 'div_prefs' , 'divsub_prefs' , 'languages' );
2010-07-13 03:30:11 +00:00
break ;
case 'sponsor' :
$u [ 'sponsors_id' ] = intval ( $u [ 'sponsors_id' ]);
if ( $u [ 'sponsors_id' ]) {
$q = mysql_query ( " SELECT * FROM sponsors WHERE id=' { $u [ 'sponsors_id' ] } ' " );
$u [ 'sponsor' ] = mysql_fetch_assoc ( $q );
}
break ;
2010-10-14 19:42:20 +00:00
case 'volunteer' :
2010-10-14 20:31:10 +00:00
//if it hasnt been parsed/converted yet
if ( ! is_array ( $u [ 'languages' ]))
$u [ 'languages' ] = ( strlen ( $u [ 'languages' ]) > 0 ) ? unserialize ( $u [ 'languages' ]) : array ();
2010-10-14 19:42:20 +00:00
$should_be_arrays = array ( 'languages' );
break ;
2010-07-13 03:30:11 +00:00
default :
/* Nothing to do for all other roles */
break ;
2007-11-16 06:30:42 +00:00
}
}
2010-10-25 18:07:55 +00:00
2010-10-14 19:42:20 +00:00
foreach ( $should_be_arrays as $k ) {
if ( ! is_array ( $u [ $k ])) $u [ $k ] = array ();
}
2007-11-16 22:19:58 +00:00
2010-10-25 18:07:55 +00:00
// now let's populate the fields that are not stored in the users table
foreach ( $specialFields as $field ){
switch ( $field ){
case 'special_awards' :
2010-11-01 15:28:51 +00:00
$selected = array ();
2010-10-25 18:07:55 +00:00
$q = mysql_query ( " SELECT award_awards_id aaid FROM judges_specialaward_sel WHERE users_id = { $u [ 'id' ] } " );
while ( $r = mysql_fetch_assoc ( $q )){
$selected [] = $r [ 'aaid' ];
}
$u [ 'special_awards' ] = get_special_awards ( $u [ 'conferences_id' ]);
foreach ( $u [ 'special_awards' ] as $id => $text ){
if ( in_array ( $id , $selected )){
$u [ 'special_awards' ][ $id ] = 'yes' ;
} else {
$u [ 'special_awards' ][ $id ] = 'no' ;
}
}
break ;
2010-10-26 18:15:04 +00:00
case 'available_times' :
// a rather complicated match-up, as they're linked by time values, not by record id's
$times = get_timeslots ( $u [ 'conferences_id' ]);
$q = mysql_query ( " SELECT * FROM judges_availability WHERE users_id= \" { $u [ 'id' ] } \" " );
$sel = array ();
while ( $r = mysql_fetch_object ( $q )) {
foreach ( $times as $t ) {
if ( $r -> start == $t [ 'starttime' ] && $r -> end == $t [ 'endtime' ] && $r -> date == $t [ 'date' ])
$sel [] = $t [ 'id' ];
}
}
$items = array ();
foreach ( $times as $t ) {
$st = substr ( $t [ 'starttime' ], 0 , 5 );
$end = substr ( $t [ 'endtime' ], 0 , 5 );
$items [ $t [ 'id' ]] = trim ( " { $t [ 'name' ] } ( { $t [ 'date' ] } $st - $end ) " );
if ( in_array ( $t [ 'id' ], $sel )){
$items [ $t [ 'id' ]] = 'yes' ;
} else {
$items [ $t [ 'id' ]] = 'no' ;
}
}
$u [ 'available_times' ] = $items ;
break ;
2010-10-25 18:07:55 +00:00
}
}
2007-11-16 06:30:42 +00:00
/* Do this assignment without recursion :) */
2010-08-19 22:56:33 +00:00
unset ( $u [ 'orig' ]);
2010-10-26 18:15:04 +00:00
/*
echo " <pre> " ;
print_r ( $u );
echo " </pre> " ;
*/
2010-08-19 22:56:33 +00:00
$orig = $u ;
$u [ 'orig' ] = $orig ;
2010-10-20 17:25:43 +00:00
$u [ 'required_fields' ] = user_all_fields_required ( array_keys ( $u [ 'roles' ]));
2010-08-19 22:56:33 +00:00
return $u ;
2007-11-16 06:30:42 +00:00
}
2010-10-22 18:43:17 +00:00
2010-07-13 03:30:11 +00:00
function user_load_by_accounts_id ( $accounts_id )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
return user_load ( 0 , $accounts_id );
2009-09-09 00:26:12 +00:00
}
2009-10-11 03:32:14 +00:00
function user_load_by_email ( $email )
{
2010-07-13 03:30:11 +00:00
/* Find the accounts_id for the email, regardless of deleted status */
2009-10-11 03:32:14 +00:00
$e = mysql_real_escape_string ( $email );
2010-07-13 03:30:11 +00:00
$q = mysql_query ( " SELECT accounts_id FROM users WHERE email=' $e ' OR username=' $e ' " );
2009-10-11 03:32:14 +00:00
if ( mysql_num_rows ( $q ) == 1 ) {
2010-07-13 03:30:11 +00:00
$i = mysql_fetch_assoc ( $q );
return user_load_by_accounts_id ( $i [ 'accounts_id' ]);
2009-10-11 03:32:14 +00:00
}
return false ;
}
2010-10-21 21:56:09 +00:00
function user_get_role_fields ( $role ){
switch ( $role ){
case 'committee' :
$fields = array ( 'emailprivate' , 'ord' , 'displayemail' );
break ;
case 'judge' :
$fields = array ( 'years_school' , 'years_regional' , 'years_national' ,
'willing_chair' , 'special_award_only' ,
'cat_prefs' , 'div_prefs' , 'divsub_prefs' ,
'expertise_other' , 'languages' , 'highest_psd' );
break ;
case 'student' :
$fields = array ( 'grade' , 'schools_id' );
break ;
case 'fair' :
$fields = array ( 'fairs_id' );
break ;
case 'sponsor' :
$fields = array ( 'sponsors_id' , 'primary' , 'position' , 'notes' );
break ;
case 'teacher' :
2010-10-27 16:40:17 +00:00
$fields = array ( 'schools_id' );
break ;
case 'principal' :
$fields = array ( 'schools_id' );
2010-10-21 21:56:09 +00:00
break ;
case 'volunteer' :
$fields = array ( 'languages' );
break ;
default :
$fields = array ();
}
return $fields ;
}
function user_get_field_labels (){
return array (
'salutation' => 'Salutation' ,
'firstname' => 'First Name' ,
'lastname' => 'Last Name' ,
'sex' => 'Sex' ,
'phonehome' => 'Home Phone' ,
'phonework' => 'Work Phone' ,
'phonecell' => 'Cell Phone' ,
'fax' => 'Fax Number' ,
'organization' => 'Organization' ,
'birthdate' => 'Date of Birth' ,
'lang' => 'Language' ,
'address' => 'Address' ,
'address2' => '' ,
'city' => 'City' ,
'province' => 'Province' ,
'postalcode' => 'Postal Code' ,
'firstaid' => 'First Aid' ,
'cpr' => 'CPR' ,
'displayemail' => 'Display Email' ,
'years_school' => 'Years experience judging at school level' ,
'years_regional' => 'Years experience judging at regional level' ,
'years_national' => 'Years experience judging at national level' ,
'willing_chair' => 'Willing to lead a judging team' ,
'special_award_only' => 'Judging only for a special award' ,
2010-10-26 19:38:08 +00:00
'cat_prefs' => 'Category Preferences' ,
2010-10-22 18:43:17 +00:00
'div_prefs' => 'Division Preferences' ,
'divsub_prefs' => 'Subdivision Preferences' ,
2010-10-26 19:38:08 +00:00
'languages' => 'Languages' ,
2010-10-22 18:43:17 +00:00
'highest_psd' => 'Highest post-secondary degree' ,
2010-10-26 19:38:08 +00:00
'expertise_other' => 'Other areas of expertise' ,
'sponsors_id' => 'Sponsor' ,
2010-10-22 18:43:17 +00:00
'primary' => 'Primary Contact' ,
'position' => 'Position' ,
'notes' => 'Notes' ,
2010-10-26 19:38:08 +00:00
'schools_id' => 'School' ,
2010-10-25 18:07:55 +00:00
'grade' => 'Grade' ,
2010-10-26 18:15:04 +00:00
'special_awards' => 'Special Awards' ,
'available_times' => 'Times Available'
2010-10-21 21:56:09 +00:00
);
}
2010-10-25 18:07:55 +00:00
function user_role_field_required ( $role , $fieldname ){
2010-10-21 21:56:09 +00:00
$returnval = 0 ;
$requiredFields = array (
'judge' => array ( 'years_school' , 'years_regional' , 'years_national' , 'languages' ),
'student' => array ( 'schools_id' ),
'fair' => array ( 'fairs_id' ),
'sponsor' => array ( 'sponsors_id' , 'primary' , 'position' ),
'volunteer' => array ( 'languages' )
);
if ( array_key_exists ( $role , $requiredFields )){
if ( in_array ( $fieldname , $requiredFields [ $role ])){
$returnval = 1 ;
}
}
return $returnval ;
}
// accepts either an array of roles (eg. {'judge', 'teacher', 'foo'}), a single one as a string (eg. 'judge'), or a null value (no roles at all)
function user_get_fields ( $userRoles = null ){
2010-10-22 18:43:17 +00:00
global $roles , $conference ;
2010-10-21 21:56:09 +00:00
if ( $userRoles == null ){
$userRoles = array ();
} else if ( ! is_array ( $userRoles )){
// assume that they passed a string identifying a single role (eg. "judge")
$userRoles = array ( $userRoles );
}
// scrub for only valid roles, and fetch their special fields
$enabledFields = array ();
$requiredFields = array ();
$roleFields = array ();
foreach ( $userRoles as $role ){
if ( array_key_exists ( $role , $roles )){
$requiredFields = array_merge ( $requiredFields , user_fields_required ( $role ));
$enabledFields = array_merge ( $enabledFields , user_fields_enabled ( $role ));
$roleFields [ $role ] = user_get_role_fields ( $role );
}
}
// build a list of all fields that are applicable to this user, and assemble them into an array
$fields = array ();
foreach ( $requiredFields as $field ){
if ( ! array_key_exists ( $field , $fields )){
$fields [ $field ] = array (
'field' => $field ,
'required' => 1
);
}
}
foreach ( $roleFields as $role => $fieldList ){
foreach ( $fieldList as $field ){
if ( ! array_key_exists ( $field , $fields )){
$fields [ $field ] = array (
'field' => $field ,
2010-10-25 18:07:55 +00:00
'required' => user_role_field_required ( $role , $field )
2010-10-21 21:56:09 +00:00
);
}
}
}
foreach ( $enabledFields as $field ){
if ( ! array_key_exists ( $field , $fields )){
$fields [ $field ] = array (
'field' => $field ,
'required' => 0
);
}
}
// get the field types
$query = mysql_query ( " DESCRIBE users " );
$fieldType = array ();
while ( $row = mysql_fetch_assoc ( $query )){
$fieldType [ $row [ 'Field' ]] = $row [ 'Type' ];
}
$fieldLabels = user_get_field_labels ();
foreach ( $fields as $fieldName => $field ){
$ftype = $fieldType [ $fieldName ];
if ( array_key_exists ( $fieldName , $fieldLabels )){
$fields [ $fieldName ][ 'display' ] = $fieldLabels [ $fieldName ];
}
switch ( $fieldName ){
case 'languages' :
2010-10-22 18:43:17 +00:00
$fields [ $fieldName ][ 'type' ] = 'multiselect' ;
$fields [ $fieldName ][ 'options' ] = array ();
$query = mysql_query ( " SELECT lang, langname FROM languages WHERE active = 'Y' " );
while ( $row = mysql_fetch_assoc ( $query )){
$fields [ $fieldName ][ 'options' ][ $row [ 'lang' ]] = $row [ 'langname' ];
}
break ;
2010-10-21 21:56:09 +00:00
case 'cat_prefs' :
2010-10-22 18:43:17 +00:00
$fields [ $fieldName ][ 'description' ] = 'Preference levels for judging individual project categories' ;
$fields [ $fieldName ][ 'type' ] = 'singleselectlist' ;
$fields [ $fieldName ][ 'options' ] = array ( - 2 => 'Very Low' , - 1 => 'Low' , 0 => 'Indifferent' , 1 => 'Medium' , 2 => 'High' );
$fields [ $fieldName ][ 'entries' ] = array ();
$query = mysql_query ( " SELECT id, category FROM projectcategories WHERE conferences_id = { $conference [ 'id' ] } " );
while ( $row = mysql_fetch_assoc ( $query )){
$fields [ $fieldName ][ 'entries' ][ $row [ 'id' ]] = $row [ 'category' ];
}
break ;
2010-10-21 21:56:09 +00:00
case 'div_prefs' :
2010-10-22 18:43:17 +00:00
$divquery = mysql_query ( " SELECT * FROM projectdivisions WHERE conferences_id = { $conference [ 'id' ] } " );
$fields [ $fieldName ][ 'entries' ] = array ();
$fields [ $fieldName ][ 'type' ] = 'singleselectlist' ;
$fields [ $fieldName ][ 'options' ] = array ( 1 => 'Very Little' , 2 => 'Little' , 3 => 'Average' , 4 => 'Knowledgable' , 5 => 'Very Knowledgable' );
while ( $divdata = mysql_fetch_assoc ( $divquery )){
$divid = $divdata [ 'id' ];
$fields [ $fieldName ][ 'entries' ][ $divdata [ 'id' ]] = $divdata [ 'division' ]; /*
$subdivquery = mysql_query ( " SELECT * FROM projectsubdivisions WHERE conferences_id = { $conference [ 'id' ] } AND projectdivisions_id = $divid " );
while ( $subdivdata = mysql_fetch_assoc ( $subdivquery )){
$divisions [ $divdata [ 'division' ]][ $subdivdata [ 'id' ]] = $subdivdata [ 'subdivision' ];
} */
}
break ;
2010-10-21 21:56:09 +00:00
case 'divsub_prefs' :
2010-10-22 18:43:17 +00:00
$fields [ $fieldName ][ 'entries' ] = array ();
$fields [ $fieldName ][ 'description' ] = " Preference levels for subdivisions of existing divisions. If a division has subdivisions, they " ;
$fields [ $fieldName ][ 'description' ] .= " are listed in an array which is stored within the 'entries' array at the index of the division's id. " ;
$fields [ $fieldName ][ 'description' ] .= " eg. If a division 'foo' has an id of '3' and the subdivisions 'bar1' and 'bar2', then entries[3] " ;
$fields [ $fieldName ][ 'description' ] .= " will be an array: { 0 => 'bar1', 1 => 'bar2'}. " ;
$fields [ $fieldName ][ 'type' ] = 'singleselectlist' ;
$fields [ $fieldName ][ 'options' ] = array ( 1 => 'Very Little' , 2 => 'Little' , 3 => 'Average' , 4 => 'Knowledgable' , 5 => 'Very Knowledgable' );
$divquery = mysql_query ( " SELECT * FROM projectdivisions WHERE conferences_id = { $conference [ 'id' ] } " );
while ( $divdata = mysql_fetch_assoc ( $divquery )){
$divid = $divdata [ 'id' ];
// $fields[$fieldName]['entries'][$divdata['id']] = array('division' => $divdata['division']);
$subset = array ();
$subdivquery = mysql_query ( " SELECT * FROM projectsubdivisions WHERE conferences_id = { $conference [ 'id' ] } AND projectdivisions_id = $divid " );
while ( $subdivdata = mysql_fetch_assoc ( $subdivquery )){
$subset [] = $subdivdata [ 'subdivision' ];
}
if ( count ( $subset )){
$fields [ $fieldName ][ 'entries' ][ $divdata [ 'id' ]] = $subset ;
}
}
2010-10-21 21:56:09 +00:00
break ;
default :
if ( ! strncasecmp ( $ftype , " varchar " , 7 )){
$parts = explode ( ')' , $ftype );
$parts = explode ( '(' , $parts [ 0 ]);
$fields [ $fieldName ][ 'type' ] = $parts [ 0 ] . ':' . $parts [ 1 ];
2010-10-25 23:55:38 +00:00
} elseif ( ! strncasecmp ( $ftype , " char " , 4 )){
$parts = explode ( ')' , $ftype );
$parts = explode ( '(' , $parts [ 0 ]);
$fields [ $fieldName ][ 'type' ] = $parts [ 0 ] . ':' . $parts [ 1 ];
2010-10-21 21:56:09 +00:00
} else if ( ! strncasecmp ( $ftype , " enum " , 4 )){
2010-10-22 18:43:17 +00:00
$fields [ $fieldName ][ 'type' ] = 'singleselect' ;
2010-10-21 21:56:09 +00:00
$fields [ $fieldName ][ 'options' ] = array ();
$parts = explode ( " ' " , $ftype );
for ( $n = 1 ; $n < count ( $parts ); $n += 2 ){
$fields [ $fieldName ][ 'options' ][ $parts [ $n ]] = ucfirst ( $parts [ $n ]);
}
} else if ( ! strcmp ( $ftype , " date " )){
$fields [ $fieldName ][ 'type' ] = $fieldType [ $fieldName ];
} else if ( ! strncmp ( $ftype , " tinyint " , 7 )){
$fields [ $fieldName ][ 'type' ] = 'integer' ;
} else if ( ! strncmp ( $ftype , " tinytext " , 8 )){
$fields [ $fieldName ][ 'type' ] = 'text' ;
} else {
$fields [ $fieldName ][ 'type' ] = " ERROR: " . $fieldType [ $fieldName ];
}
}
}
2010-10-25 18:07:55 +00:00
/******* Now we add fields that are not stored directly in the users table ********/
$specialFieldRoles = array (
2010-10-26 18:15:04 +00:00
'special_awards' => array ( 'judge' , 'student' ),
'available_times' => array ( 'judge' , 'volunteer' )
2010-10-25 18:07:55 +00:00
);
2010-10-26 18:15:04 +00:00
// get the special_awards info if necessary
2010-10-25 18:07:55 +00:00
if ( count ( array_intersect ( $specialFieldRoles [ 'special_awards' ], $userRoles )) > 0 ){
$fields [ 'special_awards' ] = array ();
$fields [ 'special_awards' ][ 'field' ] = 'special_awards' ;
$fields [ 'special_awards' ][ 'display' ] = $fieldLabels [ 'special_awards' ];
$fields [ 'special_awards' ][ 'type' ] = 'multiselectlist' ;
$fields [ 'special_awards' ][ 'options' ] = array ( 'yes' => 'Yes' , 'no' => 'No' );
$fields [ 'special_awards' ][ 'entries' ] = get_special_awards ( $conference [ 'id' ]);
}
2010-10-21 21:56:09 +00:00
2010-10-26 18:15:04 +00:00
// get the available_times info if available
if ( count ( array_intersect ( $specialFieldRoles [ 'available_times' ], $userRoles )) > 0 ){
$fields [ 'available_times' ] = array ();
$fields [ 'available_times' ][ 'field' ] = 'available_times' ;
$fields [ 'available_times' ][ 'display' ] = $fieldLabels [ 'available_times' ];
$fields [ 'available_times' ][ 'type' ] = 'multiselectlist' ;
$fields [ 'available_times' ][ 'options' ] = array ( 'yes' => 'Yes' , 'no' => 'No' );
$fields [ 'available_times' ][ 'entries' ] = array ();
$timeslots = get_timeslots ( $conference [ 'id' ]);
foreach ( $timeslots as $slot ){
$fields [ 'available_times' ][ 'entries' ][ $slot [ 'id' ]] = trim ( $slot [ 'name' ] . ' (' . $slot [ 'date' ] . ' ' . $slot [ 'starttime' ] . ' - ' . $slot [ 'endtime' ] . ')' );
}
2010-10-25 18:07:55 +00:00
}
2010-10-26 18:15:04 +00:00
// echo "<pre>";
// print_r($fields);
// echo "</pre>";
return $fields ;
2010-10-25 18:07:55 +00:00
}
2010-07-13 03:30:11 +00:00
/* FIXME: these are going to need conference IDs too */
function user_load_by_accounts_id_year ( $uid , $year )
2009-10-11 03:32:14 +00:00
{
2010-07-13 03:30:11 +00:00
echo " FIXME " ;
exit ;
2009-10-11 03:32:14 +00:00
$q = mysql_query ( " SELECT id FROM users WHERE uid=' $uid ' AND year <= ' $year ' " );
if ( ! mysql_num_rows ( $q )) return false ;
$i = mysql_fetch_assoc ( $q );
return user_load ( $i [ 'id' ]);
}
2010-10-07 22:02:45 +00:00
// this depends on the naming convention that any given role that needs a completion check
// will have a function called <role>_status_update, which updates their status with the
// current session data and returns 'complete' or 'incomplete' accordingly.
// I love the fact that this remark took more characters than the function.
function user_check_role_complete ( $u , $role ){
$func = $role . '_status_update' ;
if ( function_exists ( $func )){
$result = $func ( $u ); // that's right, func(u)!
} else {
$result = 'complete' ;
}
return $result ;
2010-10-06 20:01:15 +00:00
}
2009-10-11 03:32:14 +00:00
function user_save ( & $u )
2007-11-16 06:30:42 +00:00
{
2010-06-16 21:33:43 +00:00
global $conference ;
2010-07-13 03:30:11 +00:00
global $roles ;
/* Sanity check */
if ( $u [ 'conferences_id' ] != $u [ 'orig' ][ 'conferences_id' ]) {
2010-10-01 19:42:52 +00:00
//echo "The user's conference changed. Can't save a user to a difference conference, use user_dupe to copy the user to a new conference.\n";
return - 1 ;
2010-07-13 03:30:11 +00:00
}
2010-06-16 21:33:43 +00:00
2010-10-14 20:31:10 +00:00
// Update 'active' status for all roles
2010-07-13 03:30:11 +00:00
$new_roles = array_keys ( $u [ 'roles' ]);
2010-07-13 03:30:25 +00:00
foreach ( $new_roles as $r ) {
2010-10-14 20:31:10 +00:00
mysql_query ( " UPDATE user_roles SET active=' { $u [ 'roles' ][ $r ][ 'active' ] } ' WHERE roles_id=' { $u [ 'roles' ][ $r ][ 'roles_id' ] } ' AND users_id=' { $u [ 'id' ] } ' " );
echo mysql_error ();
2010-07-13 03:30:25 +00:00
}
2010-10-01 19:42:52 +00:00
$fields = array ( 'salutation' , 'firstname' , 'lastname' ,
2007-11-19 21:12:09 +00:00
'phonehome' , 'phonework' , 'phonecell' , 'fax' , 'organization' ,
2008-02-23 03:28:43 +00:00
'address' , 'address2' , 'city' , 'province' , 'postalcode' , 'sex' ,
2010-07-13 03:30:11 +00:00
'firstaid' , 'cpr' , 'lang' , 'notes' );
2010-10-01 19:42:52 +00:00
$fields_for_role [ 'committee' ] = array ( 'emailprivate' , 'ord' , 'displayemail' );
2010-07-13 03:30:11 +00:00
$fields_for_role [ 'judge' ] = array ( 'years_school' , 'years_regional' , 'years_national' ,
'willing_chair' , 'special_award_only' ,
'cat_prefs' , 'div_prefs' , 'divsub_prefs' ,
'expertise_other' , 'languages' , 'highest_psd' );
2010-10-27 16:40:17 +00:00
// $fields_for_role['student'] = array('schools_id');
2010-07-13 03:30:11 +00:00
$fields_for_role [ 'fair' ] = array ( 'fairs_id' );
$fields_for_role [ 'sponsor' ] = array ( 'sponsors_id' , 'primary' , 'position' );
2010-10-14 19:42:20 +00:00
$fields_for_role [ 'teacher' ] = array ();
$fields_for_role [ 'volunteer' ] = array ( 'languages' );
2010-07-13 03:30:11 +00:00
/* Merge fields as necessary, build a big list of fields to save */
foreach ( $new_roles as $r ) {
2010-07-13 03:30:25 +00:00
if ( ! array_key_exists ( $r , $fields_for_role )) continue ;
2010-07-13 03:30:11 +00:00
$fields = array_merge ( $fields , $fields_for_role [ $r ]);
}
2007-11-16 06:30:42 +00:00
$set = " " ;
foreach ( $fields as $f ) {
if ( $u [ $f ] == $u [ 'orig' ][ $f ]) continue ;
if ( $set != " " ) $set .= ',' ;
2010-07-13 03:30:11 +00:00
if ( $u [ $f ] == NULL ) {
$set .= " $f =NULL " ;
continue ;
2009-10-11 03:32:14 +00:00
}
2010-07-13 03:30:11 +00:00
if ( is_array ( $u [ $f ]))
$data = mysql_escape_string ( serialize ( $u [ $f ]));
else
$data = mysql_escape_string ( stripslashes ( $u [ $f ]));
$set .= " $f =' $data ' " ;
2007-11-16 06:30:42 +00:00
}
2010-06-16 21:33:43 +00:00
2007-11-16 06:30:42 +00:00
if ( $set != " " ) {
$query = " UPDATE users SET $set WHERE id=' { $u [ 'id' ] } ' " ;
mysql_query ( $query );
echo mysql_error ();
}
2007-11-17 21:59:59 +00:00
2010-10-25 18:07:55 +00:00
// Save the other user data that is not stored in the users table
2010-10-26 18:15:04 +00:00
if ( // if this user has an altered special awards selection, it needs to be saved
2010-10-25 18:07:55 +00:00
array_key_exists ( 'special_awards' , $u ) &&
count ( array_diff_assoc ( $u [ 'special_awards' ], $u [ 'orig' ][ 'special_awards' ])) > 0
){
$aaids = array ();
foreach ( $u [ 'special_awards' ] as $id => $yesno ){
if ( strtolower ( trim ( $yesno )) == 'yes' ){
$aaids [] = $id ;
}
}
mysql_query ( " DELETE FROM judges_specialaward_sel WHERE users_id = { $u [ 'id' ] } " );
if ( is_array ( $aaids )){
$query = " INSERT INTO judges_specialaward_sel (users_id, award_awards_id) VALUES ( " . $u [ 'id' ] . " , " ;
$query .= implode ( '), (' . $u [ 'id' ] . ', ' , $aaids );
$query .= " ) " ;
mysql_query ( $query );
}
}
2010-10-26 18:15:04 +00:00
if ( // if this user has an altered available judging times selection, we need to save it
array_key_exists ( 'available_times' , $u ) &&
count ( array_diff_assoc ( $u [ 'available_times' ], $u [ 'orig' ][ 'available_times' ])) > 0
){
mysql_query ( " DELETE FROM judges_availability WHERE users_id=' { $u [ 'id' ] } ' " );
$query = 'SELECT date, starttime, endtime FROM judges_timeslots WHERE id IN (' ;
$ids = array ();
foreach ( $u [ 'available_times' ] as $id => $yesno ){
if ( strtolower ( trim ( $yesno )) == 'yes' ){
$ids [] = $id ;
}
}
$query .= implode ( ',' , $ids ) . ')' ;
if ( count ( $ids ) > 0 ){
$insertVals = array ();
$results = mysql_query ( $query );
while ( $row = mysql_fetch_assoc ( $results )){
$insertVals [] = " ( { $u [ 'id' ] } ,' { $row [ 'date' ] } ',' { $row [ 'starttime' ] } ',' { $row [ 'endtime' ] } ') " ;
}
if ( count ( $insertVals ) > 0 ){
$query = " INSERT INTO judges_availability (users_id, `date`,`start`,`end`) VALUES " ;
$query .= implode ( ',' , $insertVals );
}
mysql_query ( $query );
}
}
2010-07-13 03:30:11 +00:00
/* Record all the data in orig that we saved so subsequent
* calls to user_save don ' t try to overwrite data already
* saved to the database */
2009-10-11 03:32:14 +00:00
unset ( $u [ 'orig' ]);
$orig = $u ;
$u [ 'orig' ] = $orig ;
2007-11-17 21:59:59 +00:00
}
2010-10-07 22:02:45 +00:00
// mark the role as complete if it's qualifications are met
function user_complete_role ( $users_id , $role ){
// avoid SQL injections
$role = mysql_real_escape_string ( $role );
$users_id *= 1 ;
// get the id of the role
$row = mysql_fetch_assoc ( mysql_query ( " SELECT id FROM roles WHERE type = ' $role ' " ));
if ( ! is_array ( $row )){
return false ;
}
$roles_id = $row [ 'id' ];
// does this user have the given role?
$row = mysql_fetch_array ( mysql_query ( " SELECT * FROM user_roles WHERE users_id = $users_id AND roles_id = $roles_id " ));
if ( ! is_array ( $row )){
return false ;
}
// ok, it's a valid role and the specified user has it. Now let's see if we can mark it as complete
$user = user_load ( $users_id );
$result = user_check_role_complete ( $user , $role );
if ( $result == 'ok' ){
return true ;
} else {
return false ;
}
}
// mark the role as being incomplete - not a verb sadly
function user_uncomplete_role ( $users_id , $role ){
// avoid SQL injections
$role = mysql_real_escape_string ( $role );
$users_id *= 1 ;
// get the id of the role
$row = mysql_fetch_assoc ( mysql_query ( " SELECT id FROM roles WHERE type = ' $role ' " ));
if ( ! is_array ( $row )){
return false ;
}
$roles_id = $row [ 'id' ];
// and update said role for the given user id
return mysql_query ( " UPDATE user_roles SET complete = 'no' WHERE users_id = $users_id AND roles_id = $roles_id " );
}
// activate the specified role for the specified user if they have that role
function user_activate_role ( $users_id , $roles_id ){
// Make sure the role is indeed there
$query = " SELECT * FROM user_roles WHERE roles_id = $roles_id AND users_id = $users_id " ;
$data = mysql_fetch_array ( mysql_query ( $query ));
if ( ! is_array ( $data )){
// can't be activated if you don't have it!
return false ;
}
return mysql_query ( " UPDATE user_roles SET active='yes' WHERE users_id = $users_id AND roles_id = $roles_id " );
}
// deactivate the specified role for the specified user if they have that role
function user_deactivate_role ( $users_id , $roles_id ){
// Make sure the role is indeed there
$query = " SELECT * FROM user_roles WHERE roles_id = $roles_id AND users_id = $users_id " ;
$data = mysql_fetch_array ( mysql_query ( $query ));
if ( ! is_array ( $data )){
// can't be deactivated if you don't have it!
return false ;
}
return mysql_query ( " UPDATE user_roles SET active='no' WHERE users_id = $users_id AND roles_id = $roles_id " );
}
2010-10-08 16:07:07 +00:00
// Remove a role for a user.
// now just a skin on top of account_remove_role
2010-07-13 03:30:11 +00:00
function user_remove_role ( & $u , $role )
2007-11-17 21:59:59 +00:00
{
2010-10-08 16:07:07 +00:00
global $roles ;
2010-10-08 18:43:20 +00:00
$result = account_remove_role ( $u [ 'accounts_id' ], $roles [ $role ][ 'id' ], $u [ 'conferences_id' ]);
2007-11-17 21:59:59 +00:00
2010-10-08 16:07:07 +00:00
// Delete the role
if ( array_key_exists ( $role , $u [ 'roles' ])) {
unset ( $u [ 'roles' ][ $role ]);
2010-07-13 03:30:11 +00:00
}
2010-10-08 16:07:07 +00:00
return $result ;
2009-10-11 03:32:14 +00:00
}
2010-07-13 03:30:11 +00:00
/* If role is specified , just delete the role from the user .
* If not , delete the whole user , all roles */
function user_delete ( $u , $role = false )
2007-11-17 21:59:59 +00:00
{
$finish_delete = false ;
if ( ! is_array ( $u )) {
$u = user_load ( $u );
}
2010-07-13 03:30:11 +00:00
if ( $role != false ) {
2010-10-08 18:43:20 +00:00
account_remove_role ( $u [ 'accounts_id' ], $roles [ $role ][ 'id' ], $u [ 'conferences_id' ]);
if ( array_key_exists ( $role , $u [ 'roles' ])) {
unset ( $u [ 'roles' ][ $role ]);
}
2010-07-13 03:30:11 +00:00
if ( count ( $u [ 'roles' ]) == 0 ) {
/* No roles left, finish the delete */
2007-11-17 21:59:59 +00:00
$finish_delete = true ;
}
} else {
2010-07-13 03:30:11 +00:00
/* Delete the whole user, every role */
2010-10-08 18:43:20 +00:00
foreach ( array_keys ( $u [ 'roles' ]) as $r ){
account_remove_role ( $u [ 'accounts_id' ], $roles [ $r ][ 'id' ], $u [ 'conferences_id' ]);
if ( array_key_exists ( $role , $u [ 'roles' ])) {
unset ( $u [ 'roles' ][ $role ]);
}
}
2010-07-13 03:30:11 +00:00
2007-11-17 21:59:59 +00:00
$finish_delete = true ;
}
2010-07-13 03:30:11 +00:00
if ( $finish_delete ) {
2009-09-09 00:26:12 +00:00
mysql_query ( " UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id=' { $u [ 'id' ] } ' " );
2010-07-13 03:30:11 +00:00
return true ;
2009-09-09 00:26:12 +00:00
}
2010-07-13 03:30:11 +00:00
/* User had some other role, so delete was not completed. */
return false ;
}
2009-09-09 00:26:12 +00:00
/* Purge functions . These completely eliminate all traces of a user from the
* database . This action cannot be undone . We prefer the committee to use the
* " delete " functions , which simply mark the account as " deleted " . */
2010-07-13 03:30:11 +00:00
function user_purge ( $u , $role = false )
2009-09-09 00:26:12 +00:00
{
2010-07-13 03:30:11 +00:00
/* Delete the user , then completely delete them from
* the DB if delete returns true , that is , if there ' s
* no other role blocking the delete / purge */
$finish_purge = user_delete ( $u , $role );
2009-09-09 00:26:12 +00:00
if ( $finish_purge == true ) {
2007-11-17 21:59:59 +00:00
mysql_query ( " DELETE FROM users WHERE id=' { $u [ 'id' ] } ' " );
2010-07-13 03:30:11 +00:00
return true ;
2007-11-17 21:59:59 +00:00
}
2010-07-13 03:30:11 +00:00
/* Not purged, some other role existed */
return false ;
2007-11-17 21:59:59 +00:00
}
2009-09-09 00:26:12 +00:00
/* Duplicate a row in the users table, or any one of the users_* tables. */
function user_dupe_row ( $db , $key , $val , $newval )
{
global $config ;
$nullfields = array ( 'deleteddatetime' ); /* Fields that can be null */
$q = mysql_query ( " SELECT * FROM $db WHERE $key =' $val ' " );
if ( mysql_num_rows ( $q ) != 1 ) {
echo " ERROR duplicating row in $db : $key = $val NOT FOUND. \n " ;
exit ;
}
$i = mysql_fetch_assoc ( $q );
$i [ $key ] = $newval ;
foreach ( $i as $k => $v ) {
if ( $v == NULL && in_array ( $k , $nullfields ))
$i [ $k ] = 'NULL' ;
else if ( $k == 'year' )
$i [ $k ] = $config [ 'FAIRYEAR' ];
else
$i [ $k ] = '\'' . mysql_escape_string ( $v ) . '\'' ;
}
$keys = '`' . join ( '`,`' , array_keys ( $i )) . '`' ;
$vals = join ( ',' , array_values ( $i ));
$q = " INSERT INTO $db ( $keys ) VALUES ( $vals ) " ;
// echo "Dupe Query: [$q]";
$r = mysql_query ( $q );
echo mysql_error ();
$id = mysql_insert_id ();
return $id ;
}
/* Used by the login scripts to copy one user from one year to another */
function user_dupe ( $u , $new_year )
{
/* Dupe a user if :
* - They don ' t exist in the current year
* ( users -> year != the target year ( passed in so we can use it in the rollover script ) )
* - They have a previous year entry
* ( users -> year DESC LIMIT 1 == 1 row )
* - That previous entry has deleted = no */
/* Find the last entry */
$q = mysql_query ( " SELECT id,uid,year,deleted FROM users WHERE uid=' { $u [ 'uid' ] } '
ORDER BY year DESC LIMIT 1 " );
$r = mysql_fetch_object ( $q );
if ( $r -> deleted == 'yes' ) {
echo " Cannot duplicate user ID { $u [ 'id' ] } , they are deleted. Undelete them first. \n " ;
exit ;
}
if ( $r -> year == $new_year ) {
echo " Cannot duplicate user ID { $u [ 'id' ] } , they already exist in year $new_year\n " ;
exit ;
}
$id = user_dupe_row ( 'users' , 'id' , $u [ 'id' ], NULL );
$q = mysql_query ( " UPDATE users SET year=' $new_year ' WHERE id=' $id ' " );
/* Load the new user */
$u2 = user_load ( $id );
foreach ( $u2 [ 'types' ] as $t ) {
user_dupe_row ( " users_ $t " , 'users_id' , $u [ 'id' ], $id );
}
/* Return the ID of the new user */
return $id ;
}
2010-07-13 03:30:11 +00:00
/* Returns true if loaded user ( $u ) is allowed to add role $role to their
2007-12-12 03:01:44 +00:00
* profile . THis is intended as a last - stop mechanism , preventing , for example
2010-07-13 03:30:11 +00:00
* a student from co - existing with any other role . */
function user_add_role_allowed ( & $u , $role )
2007-11-17 21:59:59 +00:00
{
2010-07-27 19:06:36 +00:00
foreach ( array_keys ( $u [ 'orig' ][ 'roles' ]) as $ur ) {
2010-07-13 03:30:11 +00:00
switch ( $ur ) {
case 'student' :
/* Student cant' add any other role */
return false ;
2007-12-12 03:01:44 +00:00
2010-07-13 03:30:11 +00:00
default :
if ( $role == 'student' ) {
/* No role can add the student role */
return false ;
}
/* All other roles can coexist (even the fair role) */
break ;
2007-12-12 03:01:44 +00:00
}
2007-11-17 21:59:59 +00:00
}
2010-07-13 03:30:11 +00:00
return true ;
2007-11-16 06:30:42 +00:00
}
2010-10-27 16:40:17 +00:00
// Set the user's school to the one specifed. Verifying the school code is needed
// here, as it will be called from both the web interface and the API.
// returns true on success, false otherwise
function user_set_school ( $u , $schoolId , $schoolCode ){
$returnval = false ;
// make sure the id and code match
2010-10-28 21:22:12 +00:00
$tally = mysql_result ( mysql_query ( " SELECT COUNT(*) FROM schools WHERE id = ' $schoolId ' AND accesscode = ' $schoolCode ' " ), 0 );
2010-10-27 16:40:17 +00:00
if ( $tally == 1 ){
if ( mysql_query ( " UPDATE users SET schools_id = $schoolId WHERE id = " . $u [ 'id' ])){
$u [ 'schools_id' ] = $schoolId ;
$returnval = true ;
}
}
return $returnval ;
}
2010-10-06 20:01:15 +00:00
2010-10-07 22:02:45 +00:00
// Add a role for a user.
// now just a skin on top of account_add_role
function user_add_role ( & $u , $role , $password = null ){
$row = mysql_fetch_assoc ( mysql_query ( " SELECT conferences_id FROM users WHERE id = " . $u [ 'id' ]));
if ( ! is_array ( $q )){
return 'no conference' ;
}
$conference_id = $q [ 'conferences_id' ];
$result = account_add_role ( $u [ 'accounts_id' ], $roles [ $role ][ 'id' ], $password );
if ( $result == 'ok' ){
2010-10-08 20:28:56 +00:00
// we need this "if" because account_add_role will return "ok" if they already have this role
if ( ! in_array ( $role , $_SESSION [ 'roles' ])){
$_SESSION [ 'roles' ][] = $role ;
2010-10-05 15:04:15 +00:00
}
2010-10-06 20:01:15 +00:00
2010-10-05 15:04:15 +00:00
}
2010-10-08 20:28:56 +00:00
return $result ;
2007-11-16 06:30:42 +00:00
}
2010-07-13 03:30:11 +00:00
function user_create ( $accounts_id , $conferences_id = 0 )
2007-11-16 06:30:42 +00:00
{
2010-07-13 03:30:11 +00:00
global $config , $conference ;
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
if ( $conferences_id == 0 ) $conferences_id = $conference [ 'id' ];
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* Make sure the user doesn't already exist */
$q = mysql_query ( " SELECT id FROM users WHERE accounts_id=' $accounts_id ' AND conferences_id=' $conferences_id ' " );
2010-07-27 19:06:36 +00:00
echo mysql_error ();
2010-07-13 03:30:11 +00:00
if ( mysql_num_rows ( $q )) {
echo " ERROR: user_create called for a user that already exists. \n " ;
exit ;
}
2007-11-16 06:30:42 +00:00
2010-10-01 18:47:28 +00:00
$fields = array (
'accounts_id' => $accounts_id ,
'conferences_id' => $conferences_id ,
);
/* Get old user data if available */
$results = mysql_fetch_assoc ( mysql_query ( " SELECT * FROM users WHERE accounts_id = ' $accounts_id ' ORDER BY id DESC LIMIT 1 " ));
if ( is_array ( $results )){
$skipfields = array ( 'id' , 'created' , 'lastlogin' , 'year' , 'accounts_id' , 'conferences_id' , 'deleted' , 'deleteddatetime' );
foreach ( $results as $fname => $value ){
if ( ! in_array ( $fname , $skipfields ) && $value != null ){
$fields [ $fname ] = $value ;
}
}
}
2010-07-13 03:30:11 +00:00
/* Create the user */
2010-10-01 18:47:28 +00:00
$fieldList = array_keys ( $fields );
$query = " INSERT INTO users(`created`, ` " . implode ( '`,`' , $fieldList ) . " `) VALUES(NOW(), ' " . implode ( " ',' " , $fields ) . " ') " ;
mysql_query ( $query );
2010-07-13 03:30:11 +00:00
$id = mysql_insert_id ();
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* Return a loaded user with no roles */
return user_load ( $id );
2007-12-12 03:01:44 +00:00
}
2010-07-13 03:30:11 +00:00
2007-11-16 06:30:42 +00:00
/* Perform some checks . Make sure the person is logged in , and that their
* password hasn ' t expired ( the password_expired var is set in the login page )
*/
2010-07-15 09:18:02 +00:00
function user_auth_required ( $all_required = array (), $one_required = array ())
2007-11-16 06:30:42 +00:00
{
2007-11-19 07:01:51 +00:00
global $config ;
2010-07-13 03:30:11 +00:00
$ok = true ;
2010-01-24 06:47:09 +00:00
unset ( $_SESSION [ 'request_uri' ]);
2010-08-31 19:41:32 +00:00
if ( ! isset ( $_SESSION [ 'roles' ]) || ! isset ( $_SESSION [ 'accounts_id' ])) {
2009-09-09 00:26:12 +00:00
message_push ( error ( i18n ( " You must login to view that page " )));
2010-01-24 06:47:06 +00:00
$_SESSION [ 'request_uri' ] = $_SERVER [ 'REQUEST_URI' ];
2010-08-31 19:41:32 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_login.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2010-07-13 03:30:11 +00:00
/* Make sure the user has each role in $all_required , this returns
* an array in the same order as $all_required , with all members
* in $all_required that are also in the session roles */
if ( ! is_array ( $all_required )) $all_required = array ( $all_required );
2010-01-24 06:47:06 +00:00
2010-07-13 03:30:11 +00:00
$match = array_intersect ( $all_required , $_SESSION [ 'roles' ]);
if ( $all_required != $match ) {
/* Something is missing */
$ok = false ;
}
/* Make sure the user has one role in $one_required */
if ( ! is_array ( $one_required )) $one_required = array ( $one_required );
if ( count ( $one_required )) {
$match = array_intersect ( $one_required , $_SESSION [ 'roles' ]);
if ( count ( $match ) == 0 ) {
/* Missing any role in $one_required */
$ok = false ;
2010-01-24 06:47:06 +00:00
}
}
2010-07-13 03:30:11 +00:00
if ( ! $ok ) {
2010-01-24 06:47:09 +00:00
message_push ( error ( i18n ( " You do not have permission to view that page " )));
2010-07-13 03:30:11 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_login.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2010-01-24 06:47:09 +00:00
/* Forward to password expired, remember the target URI */
2007-11-17 21:59:59 +00:00
if ( $_SESSION [ 'password_expired' ] == true ) {
2010-01-24 06:47:09 +00:00
$_SESSION [ 'request_uri' ] = $_SERVER [ 'REQUEST_URI' ];
2010-08-19 20:07:08 +00:00
header ( " location: { $config [ 'SFIABDIRECTORY' ] } /user_edit.php " );
2007-11-16 06:30:42 +00:00
exit ;
}
2007-11-17 21:59:59 +00:00
2010-07-13 03:30:11 +00:00
/* Return the first role that matched , this retains the previous
* behaviour */
return $match [ 0 ];
2007-11-16 06:30:42 +00:00
}
2010-08-24 16:04:12 +00:00
/* Perform some checks . Make sure the person is logged in , and that their
* password hasn ' t expired ( the password_expired var is set in the login page )
*/
function api_user_auth_required ( $all_required = array (), $one_required = array ())
{
global $config ;
$ok = true ;
$ret = array ();
2010-08-31 19:41:32 +00:00
if ( ! isset ( $_SESSION [ 'roles' ]) || ! isset ( $_SESSION [ 'accounts_id' ])) {
2010-08-24 16:04:12 +00:00
$ret [ 'status' ] = " error " ;
$ret [ 'error' ] = " Not logged in " ;
return $ret ;
}
/* Make sure the user has each role in $all_required , this returns
* an array in the same order as $all_required , with all members
* in $all_required that are also in the session roles */
if ( ! is_array ( $all_required )) $all_required = array ( $all_required );
$match = array_intersect ( $all_required , $_SESSION [ 'roles' ]);
if ( $all_required != $match ) {
/* Something is missing */
$ok = false ;
}
/* Make sure the user has one role in $one_required */
if ( ! is_array ( $one_required )) $one_required = array ( $one_required );
if ( count ( $one_required )) {
$match = array_intersect ( $one_required , $_SESSION [ 'roles' ]);
if ( count ( $match ) == 0 ) {
/* Missing any role in $one_required */
$ok = false ;
}
}
if ( ! $ok ) {
$ret [ 'status' ] = " error " ;
$ret [ 'error' ] = " You do not have permission to access that information " ;
2010-08-31 20:12:41 +00:00
return $ret ;
2010-08-24 16:04:12 +00:00
}
/* Forward to password expired, remember the target URI */
if ( $_SESSION [ 'password_expired' ] == true ) {
$ret [ 'status' ] = " error " ;
$ret [ 'error' ] = " Your password has expired " ;
2010-08-31 20:12:41 +00:00
return $ret ;
2010-08-24 16:04:12 +00:00
}
$ret [ 'status' ] = " ok " ;
$ret [ 'match' ] = $match [ 0 ];
return $ret ;
}
2007-11-16 06:30:42 +00:00
function user_volunteer_registration_status ()
{
global $config ;
// $now = date('Y-m-d H:i:s');
// if($now < $config['dates']['judgeregopen']) return "notopenyet";
// if($now > $config['dates']['judgeregclose']) return "closed";
return " open " ;
}
2010-10-14 17:51:56 +00:00
function user_teacher_registration_status (){
return " open " ;
}
2007-11-16 06:30:42 +00:00
function user_judge_registration_status ()
{
global $config ;
$now = date ( 'Y-m-d H:i:s' );
2010-10-13 21:01:01 +00:00
if ( array_key_exists ( 'judgeregopen' , $config [ 'dates' ])){
if ( $now < $config [ 'dates' ][ 'judgeregopen' ]) return " notopenyet " ;
if ( $now > $config [ 'dates' ][ 'judgeregclose' ]) return " closed " ;
}
2007-11-16 06:30:42 +00:00
return " open " ;
}
2010-08-08 09:09:49 +00:00
$user_fields_map = array (
/* Account -- Email requirement is set based on username , which
* is always required . Password is not required unless they type
* in the field , in which case the form validator kicks
* ( checks pass1 == pass2 and all that ) */
// 'email' => array('email'),
/* Personal */
2009-09-09 00:26:12 +00:00
'salutation' => array ( 'salutation' ),
2007-11-26 02:28:45 +00:00
'name' => array ( 'firstname' , 'lastname' ),
'sex' => array ( 'sex' ),
'phonehome' => array ( 'phonehome' ),
'phonecell' => array ( 'phonecell' ),
'birthdate' => array ( 'birthdate' ),
'lang' => array ( 'lang' ),
'address' => array ( 'address' , 'address2' , 'postalcode' ),
'city' => array ( 'city' ),
2008-02-23 03:28:43 +00:00
'province' => array ( 'province' ),
2010-08-08 09:09:49 +00:00
'firstaid' => array ( 'firstaid' , 'cpr' ),
/* Organization */
'org' => array ( 'organization' ),
'phonework' => array ( 'phonework' ),
'fax' => array ( 'fax' ),
);
2007-11-26 02:28:45 +00:00
2010-08-08 09:09:49 +00:00
/* Return fields to show based on role . In the user editor , many
* fields are always shown and some have hard - coded requirements , but
* any in this list can be made optionally - required or not shown
* at all */
function user_fields_enabled ( $role )
2007-11-16 06:30:42 +00:00
{
2010-08-08 09:09:49 +00:00
global $config , $user_fields_map ;
$ret = array ( 'firstname' , 'lastname' );
2010-07-13 03:30:11 +00:00
$fields = $config [ " { $role } _personal_fields " ];
2007-11-26 02:28:45 +00:00
if ( $fields != '' ) {
2010-09-10 19:38:56 +00:00
$fields = explode ( ',' , $fields );
2007-11-26 02:28:45 +00:00
foreach ( $fields as $f ) {
2010-08-08 09:09:49 +00:00
$ret = array_merge ( $ret , $user_fields_map [ $f ]);
2007-11-26 02:28:45 +00:00
}
2007-11-16 06:30:42 +00:00
}
2007-11-26 02:28:45 +00:00
return $ret ;
2007-11-16 06:30:42 +00:00
}
2010-08-08 09:09:49 +00:00
/* Return required fields . Some fields are always shown and can be
* set to required . Some have hard - coded requirement status . This is only
* for the fields where the requirement can be configured . Not for ALL fields
* the user sees */
function user_fields_required ( $role )
2007-11-16 06:30:42 +00:00
{
2010-08-08 09:09:49 +00:00
global $config , $user_fields_map ;
2010-10-20 17:25:43 +00:00
$ret = array ( 'firstname' , 'lastname' );
2010-07-13 03:30:11 +00:00
$required = $config [ " { $role } _personal_required " ];
2007-11-26 02:28:45 +00:00
if ( $required != '' ) {
2010-09-10 19:38:56 +00:00
$fields = explode ( ',' , $required );
2007-11-26 02:28:45 +00:00
foreach ( $fields as $f ) {
2010-08-08 09:09:49 +00:00
$ret = array_merge ( $ret , $user_fields_map [ $f ]);
2007-11-26 02:28:45 +00:00
}
2007-11-16 06:30:42 +00:00
}
2007-12-12 22:50:54 +00:00
/* Filter some elements that are never required .
* - address2
*/
$ret = array_diff ( $ret , array ( 'address2' ));
2007-11-26 02:28:45 +00:00
return $ret ;
2007-11-16 06:30:42 +00:00
}
2010-10-20 17:25:43 +00:00
function user_all_fields_required ( $roles ) {
$ret = array ();
foreach ( $roles AS $role ) {
$ret = array_merge ( $ret , user_fields_required ( $role ));
}
return $ret ;
}
2010-09-01 17:53:35 +00:00
//this function checks if $field is set in the user record, if it is, it returns it, otherwise, it returns false __AND__ redirects to the redirect page.
function user_field_required ( $field , $redirect ) {
$u = user_load ( $_SESSION [ 'users_id' ]);
if ( $u [ $field ])
return $u [ $field ];
else {
header ( " Location: $redirect " );
}
}
2007-11-16 06:30:42 +00:00
2010-07-13 03:30:11 +00:00
/* user_{$role}_login() is called with a full $u loaded */
2007-11-16 22:19:58 +00:00
2007-12-12 04:15:17 +00:00
function user_fair_login ( $u )
{
2010-07-13 03:30:11 +00:00
/* Double check, make sure the user is of this role */
if ( ! array_key_exists ( 'fair' , $u [ 'roles' ])) {
2007-12-12 04:15:17 +00:00
echo " ERROR: attempted to login fair on a non-fair user \n " ;
exit ;
}
2007-11-16 22:19:58 +00:00
2007-12-12 04:15:17 +00:00
$_SESSION [ 'fairs_id' ] = $u [ 'fairs_id' ]; // == 'yes') ? true : false;
}
2007-12-20 22:47:21 +00:00
2010-07-15 19:52:44 +00:00
function superuser_required () {
//first, they have to be logged in
user_auth_required ();
//next, they need superuser
if ( $_SESSION [ 'superuser' ] != " yes " ) {
send_header ( " Superuser access required " );
send_footer ();
exit ;
}
}
2010-08-24 16:04:12 +00:00
function try_login ( $user , $pass )
{
/* Ensure sanity of inputs */
/* User could be a username, or could be an email, check */
if ( ! account_valid_user ( $user ) && ! account_valid_email ( $user )) {
return false ;
}
/* Don 't check for a valid password, administrators can set any password they' d like , but
* there has to be a password */
if ( ! strlen ( $pass )) {
return false ;
}
$user = mysql_real_escape_string ( $user );
$q = mysql_query ( " SELECT id,password,deleted FROM accounts WHERE username=' $user ' " );
echo mysql_error ();
/*
$q = mysql_query ( " SELECT id,username,password,year,deleted
FROM users
WHERE username = '$user'
AND deleted = 'no'
ORDER BY year DESC LIMIT 1 " );
*/
if ( mysql_num_rows ( $q ) < 1 ) return false ;
$r = mysql_fetch_assoc ( $q );
/* See if the user account has been deleted */
if ( $r [ 'deleted' ] == 'yes' ) return false ;
/* See if the password matches */
if ( $r [ 'password' ] != $pass ) return false ;
/* Login successful */
return $r [ 'id' ];
}
2010-10-15 01:31:07 +00:00
2010-10-14 20:38:48 +00:00
function updateSessionRoles ( $u = null ) {
if ( ! $u )
2010-10-15 01:31:07 +00:00
$u = user_load ( $_SESSION [ 'users_id' ]);
2010-10-14 20:31:10 +00:00
$_SESSION [ 'roles' ] = array ();
2010-10-20 19:44:18 +00:00
// echo "updateSessionRole for {$_SESSION['users_id']}:";print_r($u);
2010-10-15 01:31:07 +00:00
if ( $u && is_array ( $u [ 'roles' ])) {
foreach ( $u [ 'roles' ] AS $r => $rd ) {
2010-10-15 01:46:53 +00:00
if ( $rd [ 'active' ] == " yes " || $r == 'admin' || $r == 'config' || $r == 'committee' )
2010-10-15 01:31:07 +00:00
$_SESSION [ 'roles' ][] = $r ;
}
2010-10-14 20:31:10 +00:00
}
}
2010-08-24 16:04:12 +00:00
function user_conference_load ( $accounts_id , $conferences_id ) {
global $config ;
2010-08-31 17:35:58 +00:00
if ( ! ( $accounts_id && $conferences_id ))
return $config [ 'SFIABDIRECTORY' ] . " /index.php " ;
2010-08-24 16:04:12 +00:00
/* Use the active conference to find the user id to load */
/* FIXME : Need to be able to handle the case where there is no
* active conference , but one step at a time */
$q = mysql_query ( " SELECT id FROM users WHERE accounts_id= $accounts_id AND conferences_id= $conferences_id " );
if ( mysql_num_rows ( $q ) == 0 ) {
/* FIXME: this should probably just return false, but for now, see if there's an error */
2010-10-06 20:01:15 +00:00
// return false;
2010-08-24 16:04:12 +00:00
// header("location: user_edit.php");
// echo "No user {$accounts_id} for conference {$_SESSION['conferences_id']}";
2010-10-06 20:01:15 +00:00
return $config [ 'SFIABDIRECTORY' ] . " /user_main.php " ;
2010-08-24 16:04:12 +00:00
}
if ( mysql_num_rows ( $q ) > 1 ) {
echo " DATABASE ERROR: More than one user for account $accounts_id conference { $conferences_id } " ;
exit ;
}
$uid = mysql_fetch_assoc ( $q );
$id = $uid [ 'id' ];
$u = user_load ( $id );
$_SESSION [ 'name' ] = " { $u [ 'firstname' ] } { $u [ 'lastname' ] } " ;
$_SESSION [ 'users_id' ] = $u [ 'id' ];
2010-10-14 20:31:10 +00:00
updateSessionRoles ();
2010-08-24 16:04:12 +00:00
/* Load the password expiry for each user role , and
* find the longest expiry , which is the one we ' ll use
* for this user to determine if the passwd has
* expired . */
$longest_expiry = 0 ;
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
$e = $config [ " { $r } _password_expiry_days " ];
if ( $e == 0 ) {
/* Catch a never expire case. */
$longest_expiry = 0 ;
break ;
} else if ( $e > $longest_expiry ) {
$longest_expiry = $e ;
}
}
if ( $u [ 'passwordset' ] == '0000-00-00' ) {
/* Force the password to expire */
$_SESSION [ 'password_expired' ] = true ;
} else if ( $longest_expiry == 0 ) {
/* Never expires */
unset ( $_SESSION [ 'password_expired' ]);
} else {
/* Check expiry */
$expires = date ( 'Y-m-d' , strtotime ( " { $u [ 'passwordset' ] } + $longest_expiry days " ));
$now = date ( 'Y-m-d' );
if ( $now > $expires ) {
$_SESSION [ 'password_expired' ] = true ;
} else {
unset ( $_SESSION [ 'password_expired' ]);
}
}
/* If password_expired == true , the main page ( or any
* other user page ) will catch this and require
* them to set a password */
/* Call login functions for each role */
foreach ( array_keys ( $u [ 'roles' ]) as $r ) {
if ( is_callable ( " user_ { $r } _login " )) {
call_user_func_array ( " user_ { $r } _login " , array ( $u ));
}
}
// mysql_query("UPDATE accounts SET lastlogin=NOW()
// WHERE id={$u['id']}");
/* Setup multirole so a multirole user can switch if they want to
* without logging in / out */
/* if ( count ( $u [ 'roes' ]) > 1 ) {
$_SESSION [ 'multirole' ] = true ;
} else {
$_SESSION [ 'multirole' ] = false ;
}
*/
/* See if there is a redirect , and do that instead of
* taking them to their main page */
/* if ( $redirect != '' ) {
switch ( $redirect ) {
case 'roleadd' :
if ( ! user_valid_role ( $multirole_data ))
$multirole_data = '' ;
header ( " location: user_multirole.php?action=add&role= $multirole_data " );
exit ;
case 'roleattached' :
message_push ( happy ( i18n ( 'The %1 role has been attached to your account' , array ( $roles [ $role ][ 'name' ]))));
message_push ( notice ( i18n ( 'Use the [Switch Roles] link in the upper right to change roles while you are logged in' )));
header ( " location: { $role } _main.php " );
exit ;
}
}
*/
/* Is there a saved requesT_uri from a failed login attempt ? , if so
* take them there */
if ( array_key_exists ( 'request_uri' , $_SESSION )) {
// header("location: {$_SESSION['request_uri']}");
unset ( $_SESSION [ 'request_uri' ]);
return $_SESSION [ 'request_uri' ];
}
return " user_main.php " ;
// header("location: user_main.php");
//exit;
}
2007-12-20 22:47:21 +00:00
?>