2007-11-16 06:30:42 +00:00
|
|
|
<?
|
|
|
|
/*
|
|
|
|
This file is part of the 'Science Fair In A Box' project
|
|
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
|
|
|
|
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
|
|
|
|
Copyright (C) 2005 James Grant <james@lightbox.org>
|
|
|
|
Copyright (C) 2007 David Grant <dave@lightbox.org>
|
|
|
|
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
|
|
modify it under the terms of the GNU General Public
|
|
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
General Public License for more details.
|
|
|
|
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
|
|
along with this program; see the file COPYING. If not, write to
|
|
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
|
|
Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
?>
|
|
|
|
<?
|
|
|
|
|
2007-12-12 04:15:17 +00:00
|
|
|
$user_types = array('student','judge','committee','volunteer','fair');
|
2007-11-16 06:30:42 +00:00
|
|
|
$user_what = array('student'=>'Participant', 'judge' => 'Judge',
|
|
|
|
'committee'=>'Committee Member','volunteer' => 'Volunteer',
|
2007-12-12 04:15:17 +00:00
|
|
|
'fair'=>'Science Fair');
|
2007-11-16 06:30:42 +00:00
|
|
|
|
2008-07-09 18:24:49 +00:00
|
|
|
|
|
|
|
/* Duplicate of common.inc.php:generatePassword, which will be deleted
|
|
|
|
* eventually when ALL users are handled through this file */
|
|
|
|
function user_generate_password($pwlen=8)
|
|
|
|
{
|
|
|
|
//these are good characters that are not easily confused with other characters :)
|
|
|
|
$available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789";
|
|
|
|
$len=strlen($available) - 1;
|
|
|
|
|
|
|
|
$key="";
|
|
|
|
for($x=0;$x<$pwlen;$x++)
|
|
|
|
$key.=$available{rand(0,$len)};
|
|
|
|
return $key;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
2007-12-12 04:15:17 +00:00
|
|
|
function user_load_fair($u)
|
2007-11-16 06:30:42 +00:00
|
|
|
{
|
|
|
|
/* Double check, make sure the user is of this type */
|
2007-12-12 04:15:17 +00:00
|
|
|
if(!in_array('fair', $u['types'])) return false;
|
2007-11-16 06:30:42 +00:00
|
|
|
|
2007-12-12 04:15:17 +00:00
|
|
|
$q = mysql_query("SELECT * FROM users_fair
|
|
|
|
WHERE users_id='{$u['id']}'
|
2007-11-16 06:30:42 +00:00
|
|
|
");
|
|
|
|
if(mysql_num_rows($q)!=1) return false;
|
|
|
|
|
|
|
|
$r = mysql_fetch_object($q);
|
|
|
|
$ret = array();
|
2008-10-17 19:34:11 +00:00
|
|
|
$ret['fair_active'] = $r->fair_active;
|
2007-12-12 04:15:17 +00:00
|
|
|
$ret['fairs_id'] = intval($r->fairs_id);
|
2007-11-16 06:30:42 +00:00
|
|
|
return $ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_load_student($u)
|
|
|
|
{
|
|
|
|
/* Double check, make sure the user is of this type */
|
|
|
|
if(!in_array('student', $u['types'])) return false;
|
|
|
|
$ret = array();
|
|
|
|
return $ret;
|
|
|
|
}
|
|
|
|
function user_load_judge($u)
|
|
|
|
{
|
|
|
|
/* Double check, make sure the user is of this type */
|
2008-10-17 19:34:11 +00:00
|
|
|
if(!in_array('judge', $u['types'])) {
|
|
|
|
echo 'ERROR: User is not a judge in user_load_judge';
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$q = mysql_query("SELECT * FROM users_judge
|
|
|
|
WHERE users_id='{$u['id']}'");
|
|
|
|
if(mysql_num_rows($q)!=1) {
|
|
|
|
echo "DATABASE ERROR: User judge record not found";
|
|
|
|
print_r($u);
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$r = mysql_fetch_object($q);
|
2007-11-16 06:30:42 +00:00
|
|
|
$ret = array();
|
2008-10-17 19:34:11 +00:00
|
|
|
$ret['judge_active'] = $r->judge_active;
|
2008-10-18 03:30:58 +00:00
|
|
|
$ret['judge_complete'] = $r->judge_complete;
|
2008-10-17 19:34:11 +00:00
|
|
|
$ret['years_school'] = intval($r->years_school);
|
|
|
|
$ret['years_regional'] = intval($r->years_regional);
|
|
|
|
$ret['years_national'] = intval($r->years_national);
|
|
|
|
$ret['willing_chair'] = ($r->willing_chair == 'yes') ? 'yes' : 'no';
|
|
|
|
$ret['special_award_only'] = ($r->special_award_only == 'yes') ? 'yes' : 'no';
|
|
|
|
$ret['cat_prefs'] = unserialize($r->cat_prefs);
|
|
|
|
$ret['div_prefs'] = unserialize($r->div_prefs);
|
|
|
|
$ret['divsub_prefs'] = unserialize($r->divsub_prefs);
|
|
|
|
$ret['expertise_other'] = $r->expertise_other;
|
2008-10-17 22:44:33 +00:00
|
|
|
$ret['languages'] = unserialize($r->languages);
|
|
|
|
$ret['highest_psd'] = $r->highest_psd;
|
|
|
|
|
|
|
|
/* Sanity check the arrays, make sure they are arrays */
|
|
|
|
$should_be_arrays = array('cat_prefs','div_prefs',
|
|
|
|
'divsub_prefs','languages');
|
|
|
|
foreach($should_be_arrays as $k) {
|
|
|
|
if(!is_array($ret[$k])) $ret[$k] = array();
|
|
|
|
}
|
|
|
|
|
2007-11-16 06:30:42 +00:00
|
|
|
return $ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_load_committee($u)
|
|
|
|
{
|
|
|
|
/* Double check, make sure the user is of this type */
|
|
|
|
if(!in_array('committee', $u['types'])) return false;
|
|
|
|
|
|
|
|
$q = mysql_query("SELECT * FROM users_committee
|
|
|
|
WHERE users_id='{$u['id']}'");
|
|
|
|
if(mysql_num_rows($q)!=1) return false;
|
|
|
|
|
2007-11-17 21:59:59 +00:00
|
|
|
$r = mysql_fetch_object($q);
|
2007-11-16 06:30:42 +00:00
|
|
|
$ret = array();
|
2008-10-17 19:34:11 +00:00
|
|
|
$ret['committee_active'] = $r->committee_active;
|
2007-11-16 06:30:42 +00:00
|
|
|
$ret['emailprivate'] = $r->emailprivate;
|
|
|
|
$ret['ord'] = intval($r->ord);
|
2007-11-17 21:59:59 +00:00
|
|
|
$ret['displayemail'] = ($r->displayemail == 'yes') ? 'yes' : 'no';
|
|
|
|
$ret['access_admin'] = ($r->access_admin == 'yes') ? 'yes' : 'no';
|
|
|
|
$ret['access_config'] = ($r->access_config == 'yes') ? 'yes' : 'no';
|
|
|
|
$ret['access_super'] = ($r->access_super == 'yes') ? 'yes' : 'no';
|
|
|
|
|
2007-11-16 06:30:42 +00:00
|
|
|
return $ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_load_volunteer($u)
|
|
|
|
{
|
|
|
|
/* Double check, make sure the user is of this type */
|
|
|
|
if(!in_array('volunteer', $u['types'])) return false;
|
2008-10-17 19:34:11 +00:00
|
|
|
|
|
|
|
$q = mysql_query("SELECT * FROM users_volunteer
|
|
|
|
WHERE users_id='{$u['id']}'");
|
|
|
|
if(mysql_num_rows($q)!=1) {
|
|
|
|
echo "DATABASE ERROR, loading volunteer for user {$u['id']} returned ".mysql_num_rows($q)." rows.";
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
$r = mysql_fetch_object($q);
|
2007-11-16 06:30:42 +00:00
|
|
|
$ret = array();
|
2008-10-17 19:34:11 +00:00
|
|
|
$ret['volunteer_active'] = $r->volunteer_active;
|
|
|
|
$ret['volunteer_complete'] = $r->volunteer_complete;
|
2007-11-16 06:30:42 +00:00
|
|
|
return $ret;
|
|
|
|
}
|
|
|
|
|
2007-11-17 21:59:59 +00:00
|
|
|
function user_load($user, $load_full=false)
|
2007-11-16 06:30:42 +00:00
|
|
|
{
|
|
|
|
$id = 0;
|
|
|
|
|
|
|
|
/* Sort out the type first */
|
|
|
|
if(is_array($user)){
|
|
|
|
/* User already loaded, this is just an extended load */
|
|
|
|
$id = $user['id'];
|
|
|
|
$where = "id='$id'";
|
|
|
|
$load_base = false;
|
|
|
|
} else {
|
|
|
|
|
|
|
|
$id = intval($user);
|
|
|
|
if($id > 0) {
|
|
|
|
/* Load by ID FIXME: if we enable load-by-email below,
|
|
|
|
* then a user could use a number at the beginning of
|
|
|
|
* their email address to exploit here, must fix that.
|
|
|
|
* */
|
|
|
|
$where = "id='$id'";
|
|
|
|
} else {
|
2008-10-17 19:34:11 +00:00
|
|
|
echo "Can't load user by non-number id";
|
2007-11-16 06:30:42 +00:00
|
|
|
return false;
|
|
|
|
/* Load by email */
|
|
|
|
// $e = stripslashes($user);
|
|
|
|
// $where = "email='$e'";
|
|
|
|
}
|
|
|
|
$load_base = true;
|
|
|
|
}
|
|
|
|
|
|
|
|
if($load_base) {
|
2008-10-17 19:34:11 +00:00
|
|
|
$query = "SELECT * FROM users
|
2007-11-16 06:30:42 +00:00
|
|
|
WHERE
|
|
|
|
$where
|
|
|
|
AND deleted='no'
|
2008-10-17 19:34:11 +00:00
|
|
|
";
|
|
|
|
$q=mysql_query($query);
|
2007-11-16 06:30:42 +00:00
|
|
|
|
2008-10-17 19:34:11 +00:00
|
|
|
if(mysql_num_rows($q)!=1) {
|
|
|
|
echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
|
|
|
|
return false;
|
|
|
|
}
|
2007-11-16 06:30:42 +00:00
|
|
|
|
|
|
|
$ret = mysql_fetch_assoc($q);
|
|
|
|
|
|
|
|
/* Do we need to do number conversions? */
|
|
|
|
$ret['id'] = intval($ret['id']);
|
|
|
|
|
|
|
|
/* Turn the type into an array, because there could be more than one */
|
|
|
|
$ts = explode(',', $ret['types']);
|
2007-12-12 03:01:44 +00:00
|
|
|
$ret['types'] = $ts; /* Now we can use in_array('judge', $ret['types']) ; */
|
2007-11-16 06:30:42 +00:00
|
|
|
} else {
|
|
|
|
$ret = $user;
|
|
|
|
}
|
|
|
|
|
|
|
|
if($load_full) {
|
|
|
|
$r = true;
|
|
|
|
foreach($ret['types'] as $t) {
|
2007-11-17 21:59:59 +00:00
|
|
|
if($ret['load_full'] == true) continue;
|
2007-11-16 06:30:42 +00:00
|
|
|
/* These all pass $ret by reference, and can modify
|
|
|
|
* $ret */
|
2007-11-17 21:59:59 +00:00
|
|
|
$r = call_user_func("user_load_$t", $ret);
|
2008-10-17 19:34:11 +00:00
|
|
|
if(!is_array($r)) {
|
|
|
|
echo "user_load_$t didn't return an array!\n";
|
|
|
|
return false;
|
|
|
|
}
|
2007-11-16 06:30:42 +00:00
|
|
|
|
|
|
|
/* It is important that each type database doesn't
|
|
|
|
have conflicting column names */
|
2007-11-17 21:59:59 +00:00
|
|
|
foreach($r as $k=>$v) {
|
2007-11-16 06:30:42 +00:00
|
|
|
if(array_key_exists($k, $ret)) {
|
2007-11-17 21:59:59 +00:00
|
|
|
echo "DATABASE DESIGN ERROR, duplicate user key $k";
|
2007-11-16 06:30:42 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
$ret = array_merge($ret, $r);
|
|
|
|
}
|
2007-11-16 22:19:58 +00:00
|
|
|
$ret['load_full'] = true;
|
|
|
|
} else {
|
|
|
|
$ret['load_full'] = false;
|
2007-11-16 06:30:42 +00:00
|
|
|
}
|
2007-11-16 22:19:58 +00:00
|
|
|
|
2007-11-16 06:30:42 +00:00
|
|
|
/* Do this assignment without recursion :) */
|
2007-11-17 21:59:59 +00:00
|
|
|
unset($ret['orig']);
|
2007-11-16 06:30:42 +00:00
|
|
|
$orig = $ret;
|
|
|
|
$ret['orig'] = $orig;
|
|
|
|
|
2008-10-17 19:34:11 +00:00
|
|
|
// echo "<pre>User load returning: \n";
|
2007-11-17 21:59:59 +00:00
|
|
|
// print_r($ret);
|
|
|
|
// echo "</pre>";
|
|
|
|
|
2008-10-17 19:34:11 +00:00
|
|
|
|
2007-11-16 06:30:42 +00:00
|
|
|
return $ret;
|
|
|
|
}
|
|
|
|
|
2008-07-09 17:02:11 +00:00
|
|
|
function user_set_password($id, $password = NULL)
|
|
|
|
{
|
|
|
|
/* pass $u by reference so we can update it */
|
|
|
|
$save_old = false;
|
|
|
|
if($password == NULL) {
|
|
|
|
$q = mysql_query("SELECT passwordset FROM users WHERE id='$id'");
|
|
|
|
$u = mysql_fetch_assoc($q);
|
|
|
|
/* Generate a new password */
|
2008-07-09 18:24:49 +00:00
|
|
|
$password = user_generate_password(12);
|
2008-07-09 17:02:11 +00:00
|
|
|
/* save the old password only if it's not an auto-generated one */
|
|
|
|
if($u['passwordset'] != '0000-00-00') $save_old = true;
|
|
|
|
/* Expire the password */
|
|
|
|
$save_set = "'0000-00-00'";
|
|
|
|
} else {
|
|
|
|
/* Set the password, no expiry, save the old */
|
|
|
|
$save_old = true;
|
|
|
|
$save_set = 'NOW()';
|
|
|
|
}
|
|
|
|
|
|
|
|
$p = mysql_escape_string($password);
|
|
|
|
$set = ($save_old == true) ? 'oldpassword=password, ' : '';
|
|
|
|
$set .= "password='$p', passwordset=$save_set ";
|
|
|
|
|
|
|
|
$query = "UPDATE users SET $set WHERE id='$id'";
|
|
|
|
mysql_query($query);
|
|
|
|
echo mysql_error();
|
|
|
|
|
|
|
|
return $password;
|
|
|
|
}
|
|
|
|
|
2008-10-17 19:34:11 +00:00
|
|
|
function user_save_type_list($u, $db, $fields)
|
2007-11-17 21:59:59 +00:00
|
|
|
{
|
|
|
|
//echo "<pre>";
|
|
|
|
// print_r($u);
|
|
|
|
// echo "</pre>";
|
|
|
|
$set = '';
|
|
|
|
|
|
|
|
foreach($fields as $f) {
|
2008-10-17 19:34:11 +00:00
|
|
|
/* == even works on arrays in PHP */
|
2007-11-17 21:59:59 +00:00
|
|
|
if($u[$f] == $u['orig'][$f]) continue;
|
|
|
|
|
|
|
|
if($set != '') $set .=',';
|
|
|
|
|
2008-10-17 19:34:11 +00:00
|
|
|
if($u[$f] == NULL) {
|
|
|
|
$set .= "$f=NULL";
|
|
|
|
continue;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(is_array($u[$f]))
|
|
|
|
$data = mysql_escape_string(serialize($u[$f]));
|
|
|
|
else
|
|
|
|
$data = mysql_escape_string(stripslashes($u[$f]));
|
|
|
|
|
2007-11-17 21:59:59 +00:00
|
|
|
$set .= "$f='$data'";
|
|
|
|
}
|
|
|
|
if($set != "") {
|
2008-10-17 19:34:11 +00:00
|
|
|
$query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'";
|
2007-11-17 21:59:59 +00:00
|
|
|
mysql_query($query);
|
2008-10-18 03:30:58 +00:00
|
|
|
echo mysql_error();
|
2007-11-17 21:59:59 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-10-17 19:34:11 +00:00
|
|
|
function user_save_volunteer($u)
|
|
|
|
{
|
2008-10-18 03:30:58 +00:00
|
|
|
$fields = array('volunteer_active','volunteer_complete');
|
2008-10-17 19:34:11 +00:00
|
|
|
user_save_type_list($u, 'users_volunteer', $fields);
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_save_committee($u)
|
|
|
|
{
|
|
|
|
$fields = array('committee_active','emailprivate','ord','displayemail','access_admin',
|
|
|
|
'access_config','access_super');
|
|
|
|
user_save_type_list($u, 'users_committee', $fields);
|
|
|
|
}
|
|
|
|
|
2007-11-17 21:59:59 +00:00
|
|
|
function user_save_judge($u)
|
|
|
|
{
|
2008-10-18 03:30:58 +00:00
|
|
|
$fields = array('judge_active','judge_complete','years_school','years_regional','years_national',
|
2008-10-17 19:34:11 +00:00
|
|
|
'willing_chair','special_award_only',
|
2008-10-17 22:44:33 +00:00
|
|
|
'cat_prefs','div_prefs','divsub_prefs',
|
|
|
|
'expertise_other','languages', 'highest_psd');
|
2008-10-17 19:34:11 +00:00
|
|
|
user_save_type_list($u, 'users_judge', $fields);
|
2007-11-17 21:59:59 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function user_save_student($u)
|
|
|
|
{
|
2008-10-18 03:30:58 +00:00
|
|
|
// $fields = array('student_active','student_complete');
|
2008-10-17 19:34:11 +00:00
|
|
|
// user_save_type_list($u, 'users_student', $fields);
|
2007-11-17 21:59:59 +00:00
|
|
|
}
|
|
|
|
|
2007-12-12 04:15:17 +00:00
|
|
|
function user_save_fair($u)
|
2007-11-17 21:59:59 +00:00
|
|
|
{
|
2008-10-17 19:34:11 +00:00
|
|
|
$fields = array('fair_active');
|
|
|
|
user_save_type_list($u, 'users_fair', $fields);
|
2007-11-17 21:59:59 +00:00
|
|
|
}
|
|
|
|
|
2007-11-16 06:30:42 +00:00
|
|
|
function user_save($u)
|
|
|
|
{
|
2008-07-09 17:02:11 +00:00
|
|
|
$fields = array('firstname','lastname','username',
|
2007-11-19 21:12:09 +00:00
|
|
|
'email',
|
|
|
|
'phonehome','phonework','phonecell','fax','organization',
|
2008-02-23 03:28:43 +00:00
|
|
|
'address','address2','city','province','postalcode','sex',
|
|
|
|
'firstaid', 'cpr');
|
2007-11-16 06:30:42 +00:00
|
|
|
|
|
|
|
$set = "";
|
|
|
|
foreach($fields as $f) {
|
|
|
|
if($u[$f] == $u['orig'][$f]) continue;
|
|
|
|
|
|
|
|
if($set != "") $set .=',';
|
|
|
|
|
|
|
|
// if($f == 'types')
|
|
|
|
// $set .= "$f='".implode(',', $u[$f])."'";
|
|
|
|
|
2007-11-16 22:19:58 +00:00
|
|
|
$data = mysql_escape_string(stripslashes($u[$f]));
|
|
|
|
$set .= "$f='$data'";
|
2007-11-16 06:30:42 +00:00
|
|
|
}
|
|
|
|
//echo "<pre>";
|
|
|
|
//print_r($u);
|
|
|
|
//echo "</pre>";
|
|
|
|
if($set != "") {
|
|
|
|
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
|
|
|
|
mysql_query($query);
|
2008-10-17 19:34:11 +00:00
|
|
|
// echo "query=[$query]";
|
2007-11-16 06:30:42 +00:00
|
|
|
echo mysql_error();
|
|
|
|
}
|
2007-11-17 21:59:59 +00:00
|
|
|
|
2008-07-09 17:02:11 +00:00
|
|
|
/* Save the password if it changed */
|
|
|
|
if($u['password'] != $u['orig']['password'])
|
|
|
|
user_set_password($u['id'], $u['password']);
|
|
|
|
|
2007-11-17 21:59:59 +00:00
|
|
|
/* If this was a full load, do a full save */
|
|
|
|
if($u['load_full'] == true) {
|
|
|
|
foreach($u['types'] as $t) {
|
|
|
|
call_user_func("user_save_$t", $u);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-10-17 19:34:11 +00:00
|
|
|
/* Delete functions. These mark a user as deleted, and delete references to other
|
|
|
|
* tables */
|
2007-11-17 21:59:59 +00:00
|
|
|
|
|
|
|
function user_delete_committee($u)
|
|
|
|
{
|
|
|
|
mysql_query("DELETE FROM committees_link WHERE users_id='{$u['id']}'");
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_delete_volunteer($u)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_delete_judge($u)
|
|
|
|
{
|
2008-10-17 19:34:11 +00:00
|
|
|
global $config;
|
|
|
|
$id = $u['id'];
|
2008-10-18 03:30:58 +00:00
|
|
|
mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
|
|
|
|
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
|
2007-11-17 21:59:59 +00:00
|
|
|
}
|
|
|
|
|
2007-12-12 04:15:17 +00:00
|
|
|
function user_delete_fair($u)
|
2007-11-17 21:59:59 +00:00
|
|
|
{
|
|
|
|
}
|
|
|
|
function user_delete_student($u)
|
|
|
|
{
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_delete($u, $type=false)
|
|
|
|
{
|
|
|
|
$finish_delete = false;
|
|
|
|
|
|
|
|
if(!is_array($u)) {
|
|
|
|
$u = user_load($u);
|
|
|
|
}
|
|
|
|
if($type != false) {
|
|
|
|
if(!in_array($type, $u['types'])) {
|
|
|
|
/* Hum, type specified, but the user is not this type,
|
|
|
|
* so, i guess we're done. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if(count($u['types']) > 1) {
|
|
|
|
/* Don't delete the whole user */
|
|
|
|
$types='';
|
|
|
|
foreach($u['types'] as $t) {
|
|
|
|
if($t == $type) continue;
|
|
|
|
if($types != '') $types .= ',';
|
|
|
|
$types .= $t;
|
|
|
|
}
|
|
|
|
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
|
|
|
|
} else {
|
|
|
|
$finish_delete = true;
|
|
|
|
}
|
|
|
|
call_user_func("user_delete_$type", $u);
|
|
|
|
} else {
|
|
|
|
/* Delete the whole user */
|
|
|
|
foreach($u['types'] as $t) call_user_func("user_delete_$t", $u);
|
|
|
|
$finish_delete = true;
|
|
|
|
}
|
|
|
|
if($finish_delete == true) {
|
2008-10-17 19:34:11 +00:00
|
|
|
mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/* Purge functions. These completely eliminate all traces of a user from the
|
|
|
|
* database. This action cannot be undone. We prefer the committee to use the
|
|
|
|
* "delete" functions, which simply mark the account as "deleted". */
|
|
|
|
|
|
|
|
function user_purge($u, $type=false)
|
|
|
|
{
|
|
|
|
$finish_purge = false;
|
|
|
|
|
|
|
|
if(!is_array($u)) {
|
|
|
|
$u = user_load($u);
|
|
|
|
}
|
|
|
|
if($type != false) {
|
|
|
|
if(!in_array($type, $u['types'])) {
|
|
|
|
/* Hum, type specified, but the user is not this type,
|
|
|
|
* so, i guess we're done. */
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
if(count($u['types']) > 1) {
|
|
|
|
/* Don't delete the whole user */
|
|
|
|
$types='';
|
|
|
|
foreach($u['types'] as $t) {
|
|
|
|
if($t == $type) continue;
|
|
|
|
if($types != '') $types .= ',';
|
|
|
|
$types .= $t;
|
|
|
|
}
|
|
|
|
mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'");
|
|
|
|
} else {
|
|
|
|
$finish_purge = true;
|
|
|
|
}
|
|
|
|
/* Call the delete func to deal with table linking, then completely wipe
|
|
|
|
* out the entry */
|
|
|
|
call_user_func("user_delete_$type", $u);
|
|
|
|
// call_user_func("user_purge_$type", $u);
|
|
|
|
mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'");
|
|
|
|
} else {
|
|
|
|
/* Delete the whole user */
|
|
|
|
foreach($u['types'] as $t) {
|
|
|
|
call_user_func("user_delete_$t", $u);
|
|
|
|
// call_user_func("user_purge_$t", $u);
|
|
|
|
mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'");
|
|
|
|
}
|
|
|
|
$finish_purge = true;
|
|
|
|
}
|
|
|
|
if($finish_purge == true) {
|
2007-11-17 21:59:59 +00:00
|
|
|
mysql_query("DELETE FROM users WHERE id='{$u['id']}'");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2008-10-17 19:34:11 +00:00
|
|
|
|
|
|
|
function user_dupe_row($db, $key, $val, $newval)
|
|
|
|
{
|
|
|
|
$q = mysql_query("SELECT * FROM $db WHERE $key='$val'");
|
|
|
|
if(mysql_num_rows($q) != 1) {
|
|
|
|
echo "ERROR duplicating row in $db: $key=$val NOT FOUND.\n";
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
$i = mysql_fetch_assoc($q);
|
|
|
|
$i[$key] = $newval;
|
|
|
|
|
|
|
|
foreach($i as $k=>$v) {
|
|
|
|
if($v == NULL)
|
|
|
|
$i[$k] = 'NULL';
|
|
|
|
else
|
|
|
|
$i[$k] = '\''.mysql_escape_string($v).'\'';
|
|
|
|
}
|
|
|
|
|
|
|
|
$keys = '`'.join('`,`', array_keys($i)).'`';
|
|
|
|
$vals = join(',', array_values($i));
|
|
|
|
|
|
|
|
$q = "INSERT INTO $db ($keys) VALUES ($vals)";
|
|
|
|
echo "Dupe Query: [$q]";
|
|
|
|
$r = mysql_query($q);
|
|
|
|
echo mysql_error();
|
|
|
|
|
|
|
|
$id = mysql_insert_id();
|
|
|
|
return $id;
|
|
|
|
}
|
|
|
|
/* Used by the login scripts to copy one user from one year to another */
|
|
|
|
function user_dupe($u, $new_year)
|
|
|
|
{
|
|
|
|
/* Dupe a user if:
|
|
|
|
* - They don't exist in the current year
|
|
|
|
* (users->year != the target year (passed in so we can use it in the rollover script) )
|
|
|
|
* - They have a previous year entry
|
|
|
|
* (users->year DESC LIMIT 1 == 1 row)
|
|
|
|
* - That previous entry has deleted=no */
|
|
|
|
|
|
|
|
/* Find the last entry */
|
|
|
|
$q = mysql_query("SELECT id,uid,year,deleted FROM users WHERE uid='{$u['uid']}'
|
|
|
|
ORDER BY year DESC LIMIT 1");
|
|
|
|
$r = mysql_fetch_object($q);
|
|
|
|
if($r->deleted == 'yes') {
|
|
|
|
echo "Cannot duplicate user ID {$u['id']}, they are deleted. Undelete them first.\n";
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
if($r->year == $new_year) {
|
|
|
|
echo "Cannot duplicate user ID {$u['id']}, they already exist in year $new_year\n";
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
$id = user_dupe_row('users', 'id', $u['id'], NULL);
|
|
|
|
$q = mysql_query("UPDATE users SET year='$new_year' WHERE id='$id'");
|
|
|
|
|
|
|
|
/* Load the new user */
|
|
|
|
$u2 = user_load($id, false);
|
|
|
|
|
|
|
|
foreach($u2['types'] as $t) {
|
|
|
|
user_dupe_row("users_$t", 'users_id', $u['id'], $id);
|
|
|
|
}
|
|
|
|
/* Return the ID of the new user */
|
|
|
|
return $id;
|
|
|
|
}
|
|
|
|
|
2007-12-12 03:01:44 +00:00
|
|
|
/* Returns true if loaded user ($u) is allowed to add role type $type to their
|
|
|
|
* profile. THis is intended as a last-stop mechanism, preventing, for example
|
|
|
|
* a student from co-existing with any other account type. */
|
|
|
|
function user_add_role_allowed($type, $u)
|
2007-11-17 21:59:59 +00:00
|
|
|
{
|
2007-12-12 03:01:44 +00:00
|
|
|
/* For example, a committee member can add a volunteer or judge role to
|
|
|
|
* their account. */
|
|
|
|
$allowed = array(
|
|
|
|
'committee' => array('volunteer', 'judge'),
|
|
|
|
'volunteer' => array('judge', 'committee'),
|
|
|
|
'judge' => array('volunteer', 'committee'),
|
|
|
|
'student' => array(),
|
|
|
|
'fair' => array() );
|
|
|
|
|
|
|
|
foreach($u['types'] as $ut) {
|
|
|
|
$allowed_array = $allowed[$ut];
|
|
|
|
if(in_array($type, $allowed[$ut])) return true;
|
|
|
|
}
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_create($type, $u = NULL)
|
|
|
|
{
|
|
|
|
if(!is_array($u)) {
|
2007-12-21 08:38:13 +00:00
|
|
|
mysql_query("INSERT INTO users (`types`,`passwordset`,`created`)
|
2008-07-09 14:51:48 +00:00
|
|
|
VALUES ('$type', '0000-00-00', NOW())");
|
2007-12-12 03:01:44 +00:00
|
|
|
$uid = mysql_insert_id();
|
2008-07-09 17:02:11 +00:00
|
|
|
user_set_password($uid, NULL);
|
2007-12-12 03:01:44 +00:00
|
|
|
} else {
|
|
|
|
/* The user has been specified and already exists,
|
|
|
|
* just add a role */
|
|
|
|
$uid = $u['id'];
|
|
|
|
if(!user_add_role_allowed($type, $u)) {
|
|
|
|
/* If we get in here, someone is hand crafting URLs */
|
|
|
|
echo "HALT: invalid role add specified for operation.";
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
$new_types = implode(',', $u['types']).','.$type;
|
|
|
|
mysql_query("UPDATE users SET types='$new_types' WHERE id='$uid'");
|
|
|
|
}
|
2007-11-17 21:59:59 +00:00
|
|
|
|
|
|
|
switch($type) {
|
|
|
|
case 'volunteer':
|
2008-10-17 19:34:11 +00:00
|
|
|
mysql_query("INSERT INTO users_volunteer(`users_id`, `volunteer_active`) VALUES ('$uid', 'yes')");
|
|
|
|
break;
|
2007-11-17 21:59:59 +00:00
|
|
|
case 'student':
|
2008-10-17 19:34:11 +00:00
|
|
|
// mysql_query("INSERT INTO users_student(`users_id`, `student_active`) VALUES ('$uid', 'yes')");
|
|
|
|
break;
|
2007-11-17 21:59:59 +00:00
|
|
|
case 'judge':
|
2008-10-17 19:34:11 +00:00
|
|
|
mysql_query("INSERT INTO users_judge(`users_id`, `judge_active`) VALUES ('$uid', 'yes')");
|
|
|
|
break;
|
2007-12-12 03:01:44 +00:00
|
|
|
case 'fair':
|
2008-10-17 19:34:11 +00:00
|
|
|
mysql_query("INSERT INTO users_fair(`users_id`, `fair_active`) VALUES ('$uid', 'yes')");
|
2007-11-17 21:59:59 +00:00
|
|
|
break;
|
|
|
|
case 'committee':
|
2008-10-17 19:34:11 +00:00
|
|
|
mysql_query("INSERT INTO users_committee(`users_id`, `committee_active`) VALUES ('$uid', 'yes')");
|
2007-11-17 21:59:59 +00:00
|
|
|
break;
|
|
|
|
}
|
|
|
|
return user_load($uid, true);
|
2007-11-16 06:30:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function user_valid_user($user)
|
|
|
|
{
|
|
|
|
/* Find any character that doesn't match the valid username characters
|
|
|
|
* (^ inverts the matching remember */
|
|
|
|
$x = preg_match('[^a-zA-Z0-9@.-_]',$user);
|
|
|
|
|
|
|
|
/* If x==1, a match was found, and the input is bad */
|
|
|
|
return ($x == 1) ? false : true;
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_valid_password($pass)
|
|
|
|
{
|
|
|
|
/* Same as user, but allow more characters */
|
|
|
|
$x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+|;:,<.>/?]',$pass);
|
|
|
|
|
|
|
|
/* If x==1, a match was found, and the input is bad */
|
|
|
|
if($x == 1) return false;
|
|
|
|
|
|
|
|
if(strlen($pass) < 6) return false;
|
|
|
|
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
2007-12-12 03:01:44 +00:00
|
|
|
/* A more strict version of isEmailAddress() */
|
|
|
|
function user_valid_email($str)
|
|
|
|
{
|
|
|
|
if(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str))
|
|
|
|
return true;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
2007-11-16 06:30:42 +00:00
|
|
|
/* Perform some checks. Make sure the person is logged in, and that their
|
|
|
|
* password hasn't expired (the password_expired var is set in the login page)
|
|
|
|
*/
|
2007-11-17 21:59:59 +00:00
|
|
|
function user_auth_required($type, $access='')
|
2007-11-16 06:30:42 +00:00
|
|
|
{
|
2007-11-19 07:01:51 +00:00
|
|
|
global $config;
|
2007-11-16 06:30:42 +00:00
|
|
|
if(!isset($_SESSION['users_type'])) {
|
2008-10-17 19:34:11 +00:00
|
|
|
message_push(error(i18n("You must login to view that page")));
|
|
|
|
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
|
2007-11-16 06:30:42 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
if($_SESSION['users_type'] != $type) {
|
2008-10-17 19:34:11 +00:00
|
|
|
message_push(error(i18n("You must login to view that page")));
|
|
|
|
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
|
2007-11-16 06:30:42 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
2007-11-17 21:59:59 +00:00
|
|
|
if($_SESSION['password_expired'] == true) {
|
2007-11-19 07:01:51 +00:00
|
|
|
header("location: {$config['SFIABDIRECTORY']}/user_password.php");
|
2007-11-16 06:30:42 +00:00
|
|
|
exit;
|
|
|
|
}
|
2007-11-17 21:59:59 +00:00
|
|
|
|
|
|
|
if($access != '') {
|
|
|
|
if($type != 'committee') {
|
|
|
|
echo "CRITICAL ERROR, cannot check access in user_auth_required without specifying type=committee";
|
|
|
|
exit;
|
|
|
|
}
|
|
|
|
|
|
|
|
if(committee_auth_has_access($access) == false) {
|
2008-10-17 19:34:11 +00:00
|
|
|
message_push(error(i18n('You do not have permission to view that page')));
|
|
|
|
header("Location: {$config['SFIABDIRECTORY']}/committee_main.php");
|
2007-11-17 21:59:59 +00:00
|
|
|
exit;
|
|
|
|
}
|
|
|
|
}
|
2007-11-16 06:30:42 +00:00
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
function user_volunteer_registration_status()
|
|
|
|
{
|
|
|
|
global $config;
|
|
|
|
// $now = date('Y-m-d H:i:s');
|
|
|
|
// if($now < $config['dates']['judgeregopen']) return "notopenyet";
|
|
|
|
// if($now > $config['dates']['judgeregclose']) return "closed";
|
|
|
|
return "open";
|
|
|
|
}
|
|
|
|
|
|
|
|
function user_judge_registration_status()
|
|
|
|
{
|
|
|
|
global $config;
|
|
|
|
$now = date('Y-m-d H:i:s');
|
|
|
|
if($now < $config['dates']['judgeregopen']) return "notopenyet";
|
|
|
|
if($now > $config['dates']['judgeregclose']) return "closed";
|
|
|
|
return "open";
|
|
|
|
}
|
|
|
|
|
2007-11-26 02:28:45 +00:00
|
|
|
$user_personal_fields_map = array(
|
|
|
|
'name' => array('firstname','lastname'),
|
|
|
|
'email' => array('email'),
|
|
|
|
'sex' => array('sex'),
|
|
|
|
'phonehome' => array('phonehome'),
|
|
|
|
'phonework' => array('phonework'),
|
|
|
|
'phonecell' => array('phonecell'),
|
|
|
|
'fax' => array('fax'),
|
|
|
|
'org' => array('organization'),
|
|
|
|
'birthdate' => array('birthdate'),
|
|
|
|
'lang' => array('lang'),
|
|
|
|
'address' => array('address', 'address2', 'postalcode'),
|
|
|
|
'city' => array('city'),
|
2008-02-23 03:28:43 +00:00
|
|
|
'province' => array('province'),
|
|
|
|
'firstaid' => array('firstaid','cpr'));
|
2007-11-26 02:28:45 +00:00
|
|
|
|
2007-11-16 06:30:42 +00:00
|
|
|
function user_personal_fields($type)
|
|
|
|
{
|
2007-11-26 02:28:45 +00:00
|
|
|
global $config, $user_personal_fields_map;
|
|
|
|
$ret = array('firstname','lastname','email');
|
|
|
|
$fields = $config["{$type}_personal_fields"];
|
|
|
|
if($fields != '') {
|
|
|
|
$fields = split(',', $fields);
|
|
|
|
foreach($fields as $f) {
|
|
|
|
$ret = array_merge($ret, $user_personal_fields_map[$f]);
|
|
|
|
}
|
2007-11-16 06:30:42 +00:00
|
|
|
}
|
2007-11-26 02:28:45 +00:00
|
|
|
return $ret;
|
2007-11-16 06:30:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function user_personal_required_fields($type)
|
|
|
|
{
|
2007-11-26 02:28:45 +00:00
|
|
|
global $config, $user_personal_fields_map;
|
|
|
|
$ret = array('firstname','lastname','email');
|
|
|
|
$required = $config["{$type}_personal_required"];
|
|
|
|
if($required != '') {
|
|
|
|
$fields = split(',', $required);
|
|
|
|
foreach($fields as $f) {
|
|
|
|
$ret = array_merge($ret, $user_personal_fields_map[$f]);
|
|
|
|
}
|
2007-11-16 06:30:42 +00:00
|
|
|
}
|
2007-12-12 22:50:54 +00:00
|
|
|
/* Filter some elements that are never required.
|
|
|
|
* - address2
|
|
|
|
*/
|
|
|
|
$ret = array_diff($ret, array('address2'));
|
2007-11-26 02:28:45 +00:00
|
|
|
return $ret;
|
2007-11-16 06:30:42 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
function user_personal_info_status($u = false)
|
|
|
|
{
|
|
|
|
if($u == false) {
|
|
|
|
$u = user_load($_SESSION['users_id']);
|
|
|
|
}
|
|
|
|
$required = array();
|
|
|
|
foreach($u['types'] as $t) {
|
2007-11-26 02:28:45 +00:00
|
|
|
$required = array_merge($required,
|
|
|
|
user_personal_required_fields($t));
|
2007-11-16 06:30:42 +00:00
|
|
|
}
|
|
|
|
foreach($required as $r) {
|
|
|
|
$val = trim($u[$r]);
|
|
|
|
|
|
|
|
if(strlen($val) > 0) {
|
|
|
|
/* Ok */
|
|
|
|
} else {
|
|
|
|
return 'incomplete';
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return 'complete';
|
|
|
|
}
|
|
|
|
|
2007-11-16 22:19:58 +00:00
|
|
|
function user_committee_login($u)
|
|
|
|
{
|
|
|
|
/* Double check, make sure the user is of this type */
|
2007-11-17 21:59:59 +00:00
|
|
|
if(!in_array('committee', $u['types'])) {
|
|
|
|
echo "ERROR: attempted to login committee on a non-committee user\n";
|
|
|
|
exit;
|
|
|
|
}
|
2007-11-16 22:19:58 +00:00
|
|
|
|
|
|
|
$u = user_load($u, true);
|
2008-10-17 19:34:11 +00:00
|
|
|
|
2007-11-17 21:59:59 +00:00
|
|
|
$_SESSION['access_admin'] = $u['access_admin'];// == 'yes') ? true : false;
|
|
|
|
$_SESSION['access_config'] = $u['access_config'];// == 'yes') ? true : false;
|
|
|
|
$_SESSION['access_super'] = $u['access_super'];// == 'yes') ? true : false;
|
2007-11-16 22:19:58 +00:00
|
|
|
}
|
|
|
|
|
2007-12-12 04:15:17 +00:00
|
|
|
function user_fair_login($u)
|
|
|
|
{
|
|
|
|
/* Double check, make sure the user is of this type */
|
|
|
|
if(!in_array('fair', $u['types'])) {
|
|
|
|
echo "ERROR: attempted to login fair on a non-fair user\n";
|
|
|
|
exit;
|
|
|
|
}
|
2007-11-16 22:19:58 +00:00
|
|
|
|
2007-12-12 04:15:17 +00:00
|
|
|
$u = user_load($u, true);
|
|
|
|
$_SESSION['fairs_id'] = $u['fairs_id'];// == 'yes') ? true : false;
|
|
|
|
}
|
2007-12-20 22:47:21 +00:00
|
|
|
|
|
|
|
?>
|