science-ation/user_main.php

<?
/* 
   This file is part of the 'Science Fair In A Box' project
   SFIAB Website: http://www.sfiab.ca

   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
   Copyright (C) 2005 James Grant <james@lightbox.org>
   Copyright (C) 2007 David Grant <dave@lightbox.org>

   This program is free software; you can redistribute it and/or
   modify it under the terms of the GNU General Public
   License as published by the Free Software Foundation, version 2.

   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
    General Public License for more details.

   You should have received a copy of the GNU General Public License
   along with this program; see the file COPYING.  If not, write to
   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
   Boston, MA 02111-1307, USA.
*/

require_once("common.inc.php");
require_once("user.inc.php");
user_auth_required();

// grab data for the available role types
$roleDat = array();
$q = mysql_query("SELECT * FROM roles");
while($row = mysql_fetch_assoc($q)){
	$roleDat[$row['type']] = array(
		'id' => $row['id'],
		'name' => $row['name']
	);
}

$u = user_load($_SESSION['users_id']);
if(array_key_exists('action', $_GET)){
	switch($_GET['action']){
		case 'register':
			register_new_role();
			break;
		case 'draw_roles':
			draw_roles();
			break;

		case 'remove':
			$role = $_GET['role'];
			/* Like delete, only we're only deleting a role, not the whole account */
			happy_("{$roles[$role]['name']} role successfully removed.");
			echo i18n("Removed");
			user_remove_role($u, $role);
			exit;

		case 'activate':
			$role = $_GET['role'];
			if(!array_key_exists($role, $u['roles'])) {
				/* Hand crafting URLs? */
				echo "HALT: can't activate a role the user doesn't have";
				exit;
			}
			$u['roles'][$role]['active'] = 'yes';
			user_save($u);
			happy_("{$roles[$role]['name']} role for %1 successfully activated",array($config['FAIRYEAR']));
			echo i18n("Active");
			exit;

		case 'deactivate':
			$role = $_GET['role'];
			if(!array_key_exists($role, $u['roles'])) {
				/* Hand crafting URLs? */
				echo "HALT: can't deactivate a role the user doesn't have";
				exit;
			}
			$u['roles'][$role]['active'] = 'no';
			user_save($u);
			happy_("{$roles[$role]['name']} role for %1 successfully deactivated",array($config['FAIRYEAR']));
			echo i18n("Deactivated");
			exit;


		default:
			break;
	}
	exit;
}


send_header("Main Page", array());

// throw in our javascript functions
?>
<script type="text/javascript">
	function register(role){
		//alert($('#' + role + '_password').val());
		$.post('user_main.php?action=register',
			{
				'role' : role,
				'password' : $('#' + role + '_password').val()
			},
			function(result){
				$('#roles').load('user_main.php?action=draw_roles');
			}
		);
	}

	function activate(role){
		$("#rolestatus_"+role).load("<?=$config['SFIABDIRECTORY']?>/user_main.php?action=activate&users_id=<?=$u['id']?>&role="+role,$('#rolesform').serializeArray());
		$("#activate_"+role).attr('disabled', 'disabled');
		$("#deactivate_"+role).removeAttr('disabled');
		$("#remove_"+role).removeAttr('disabled');
		$("#rolestatus_"+role).removeClass('notice');
		$("#rolestatus_"+role).addClass('happy');
		return false;
	}

	function deactivate(role){
		$("#rolestatus_"+role).load("<?=$config['SFIABDIRECTORY']?>/user_main.php?action=deactivate&users_id=<?=$u['id']?>&role="+role,$('#rolesform').serializeArray());
		$("#activate_"+role).removeAttr('disabled');
		$("#deactivate_"+role).attr('disabled', 'disabled');
		$("#remove_"+role).attr('disabled', 'disabled');
		$("#rolestatus_"+role).removeClass('happy');
		$("#rolestatus_"+role).addClass('notice');
		return false;

	}

	function remove(role){
		var con = confirmClick("<?=i18n("Are you sure you want to remove this role from your account?\\nThis action cannot be undone.")?>");
		if(con == true) {
			$.get("<?=$config['SFIABDIRECTORY']?>/user_main.php?action=remove&users_id=<?=$u['id']?>&role="+role,function(){
				$('#roles').load('user_main.php?action=draw_roles');
			});
		}
	}

</script>
<?php
// draw the main body of the page
echo "<div><p>";

//only display the named greeting if we have their name
echo i18n("Hello <strong>%1</strong>",array($_SESSION['name']));

echo "<p>This is a placeholder for the main user page until all the specific user-role pages are removed.  For now, here's what you can do: </p></div>";
draw_roles();
echo "<br />";
echo i18n('Other Options and Things To Do').':<br />';
echo '<ul>';
echo '<li><a href="user_edit.php">'.i18n('Change Password').'</a> - '.i18n('Change your email, username, and password').'</li>';
echo '<li><a href="user_edit.php">'.i18n('Activate/Deactivate Roles').'</a> - '.
	i18n('Activate/Deactiate/Remove/Delete roles or your entire account').
	'</li>';
echo '<li>'.i18n('To logout, use the "Logout" link in the upper-right of the page').'</li>';
echo '</ul>';

send_footer();


function draw_roles(){
	// get a list of all roles that this user can potentially sign up for
	global $u, $config;
	$rlist = array();
	$q = mysql_query("SELECT * FROM roles");
	$available = array();
	$registered = array();
	while($row = mysql_fetch_assoc($q)){
		$roleid = $row['type'];
		$idx = $roleid . "_registration_type";
		if(array_key_exists($idx, $config)){
			// this is a role that can potentially be registered for
			if(is_array($u['roles']) && array_key_exists($row['type'], $u['roles'])){
				$registered[$row['type']] = $row['name'];
			}else{
				$available[$row['type']] = $row['name'];
			}
		}
	}

	echo '<div id="roles">';
	if(count($registered) > 0){
		$rowNumber = 0;
		echo "<h4>" . i18n("You are currently registered for the following roles") . ":</h4>";
		echo '<form class="editor" id="rolesform">';
		echo "<table class=\"summarytable\" style=\"width:95%;margin-bottom:1em\">";
		foreach($registered as $role => $title){
			echo '<tr class="';
			if(($rowNumber++) % 2) echo 'odd';
			else echo 'even';
			echo '">';
			echo "<td style=\"width:10em\"><strong>" . i18n($title) . "</strong></td>";

			if($u['roles'][$role]['active'] == 'yes') {
				$cs = i18n('Active');
				$cl = 'happy';
				$a = 'disabled="disabled"';
				$d = ''; 
			} else {
				$cs = i18n('Deactivated');
				$cl = 'notice';
				$a = ''; 
				$d = 'disabled="disabled"';
			}   
?>
			<td><div class="<?=$cl?>" id="rolestatus_<?=$role?>"><?=$cs?></div></td>
			<td>

			<button style="width: 100px;" id="activate_<?=$role?>" <?=$a?> onclick="activate('<?=$role?>');return false;" ><?=i18n("Activate")?></button>
			<button style="width: 100px;" id="deactivate_<?=$role?>" <?=$d?> onclick="deactivate('<?=$role?>');return false;" ><?=i18n("Deactivate")?></button>
			<button style="width: 100px;" id="remove_<?=$role?>" <?=$d?> onclick="remove('<?=$role?>');return false;" ><?=i18n("Remove")?></button>

			</td>
<?php


			echo "</tr>";
		}
		echo "</table></form>";
	}

	if(count($available) > 0){
		echo "<h4>" . i18n("The following roles are available") . ":</h4>";
		$rowNumber = 0;
		echo "<table class=\"summarytable\" style=\"width:95%\">";
		foreach($available as $type => $title){
			echo '<tr class="';
			if(($rowNumber++) % 2) echo 'odd';
			else echo 'even';
			echo '">';
			echo "<td style=\"width:10em\"><strong>$title</strong></td><td>";
			draw_signup_form($type);
			echo "</td></tr>";
		}
		echo "</table>";
	}
	echo "</div>";
}

function draw_signup_form($type){
	global $config;
	global $roleDat;
	switch($type) {
		case 'volunteer':
			$reg_open = user_volunteer_registration_status(); 
			$reg_mode = $config['volunteer_registration_type'];
//			$reg_single_password = $config['volunteer_registration_singlepassword'];
//			$password_expiry_days = $config['volunteer_password_expiry_days'];
//			$welcome_email = "volunteer_welcome";
			break;
		/*case 'committee':
		
			$reg_open = 'notpermitted';
			$reg_mode = 'closed';
			$reg_single_password = '';
			$password_expiry_days = 0;
			$welcome_email = false;
			break;
		*/
		case 'judge':
			$reg_open = user_judge_registration_status();
			$reg_mode = $config['judge_registration_type'];
//			$reg_single_password = $config['judge_registration_singlepassword'];
//			$password_expiry_days = $config['judges_password_expiry_days'];
//			$welcome_email = "judge_welcome";
			break;
		/*
		case 'student':
			$reg_open = 'closed';
			//	$reg_mode = $config['judge_registration_type'];
			//	$reg_single_password = $config['judge_registration_singlepassword'];
			$password_expiry_days = 0;
			$welcome_email = "register_students_welcome";
			break;
		*/
		default:
			echo "Not handled";
			return;
	}
	if($reg_open == 'open'){
		switch($reg_mode){
			case 'open':
				echo "\"$reg_mode\" registration is not yet handled";
				break;
			case 'singlepassword':
				echo '<p>';
				echo i18n("{$roleDat[$type]['name']} Registration is protected by a password.  You must know the <b>{$roleDat[$type]['name']} Registration Password</b> in order to create an account.  Please contact the committee to obtain the password if you wish to register.");
				echo "</p><p>";
				echo i18n("{$roleDat[$type]['name']} Password").":<input type=\"password\" size=\"20\" id=\"{$type}_password\" />";
				echo "<button onclick=\"register('" . $type . "');\">Register</button>";
				echo "</p>";
				break;
			case 'schoolpassword':
				echo "\"$reg_mode\" registration is not yet handled";
				break;
			case 'invite':
				output_page_text("register_{$type}_invite");
				break;
			case 'openorinvite':
				echo "\"$reg_mode\" registration is not yet handled";
				break;
			default:
				echo "Unhandled registration mode: $reg_mode";
		}
	}else{
		echo i18n("{$roleDat[$type]['name']} registration is not open");
	}
/*
	echo "<hr/>\$reg_mode = $reg_mode<br/>";
	echo "\$reg_open = $reg_open<br/>";
	echo "<pre>";
//	print_r($config);
	echo "</pre>";
*/

}

function register_new_role(){
	global $config, $roleDat, $u;
	$password = $_POST['password'];
	$uid = $_SESSION['users_id'];
	$roleId = $_POST['role'];
	$typekey = $roleId . '_registration_type';
	$accounts_id = $u['accounts_id'];
	if(array_key_exists($typekey, $config)){
		$regtype = $config[$typekey];
	}else{
		return false;
	}

	// see if the registration is allowed for this role with the information provided
	$canRegister = true;
	$role = $_POST['role'];
	switch($regtype){
		case 'open':
		case 'openorinvite':
			// ok, we can allow these
			break;
		case 'singlepassword':
			if($password != $config[$role . '_registration_singlepassword']){
				$canRegister = false;
			}
			break;
		case 'schoolpassword':
			// FIXME: not yet implemented.
			// this is only used for students, who are not yet registered through the "user" system
			$canRegister = false;
			break;
		case 'invite':
			$canRegister = false;
			break;
		default:
//			echo "[\$regtype = \"$regtype\"]";
			$canRegister = false;
	}
	if(!$canRegister) return false;


	// ok, they meet the conditions to register for this role
	// see if they're already registered for it
	$role_index = $roleDat[$role]['id'];
	$query = "SELECT COUNT(*) FROM user_roles WHERE users_id = $uid AND roles_id=$role_index";
	echo $query;
	$results = mysql_fetch_array(mysql_query($query));
	if($results[0] != 0){
		return false;
	}

	user_add_role($u, $role, $password);
	user_save($u);
}