diff --git a/register_participants.inc.php b/register_participants.inc.php
index 57528782..258e61c2 100644
--- a/register_participants.inc.php
+++ b/register_participants.inc.php
@@ -244,9 +244,15 @@ New functionality split off for API purposes
/** Hmm - perhaps these sholud be split into separate files ...
This section is for project/registration related functions **/
-function saveProjectData($data){
+function saveProjectData($data,$registrations_id=null){
global $conference, $config;
+ //if we have it passed in, then use it, otherwise, use the session
+ if($registrations_id)
+ $rid=$registrations_id;
+ else
+ $rid=$_SESSION['registration_id'];
+
//inconsistency here, we give the objecet to them with an "id" but we expect a "project_id" back
if($data['id'] && !$data['project_id']) $data['project_id']=$data['id'];
@@ -279,9 +285,10 @@ function saveProjectData($data){
*/
}else{
//first, lets make sure this project really does belong to them
- $q = mysql_query("SELECT * FROM projects WHERE id='" . $data['project_id'] . "' AND registrations_id='" . $_SESSION['registration_id'] . "' AND conferences_id='" . $conference['id'] . "'");
- if(mysql_num_rows($q) == 1)
- {
+
+ $qstr="SELECT * FROM projects WHERE id='" . $data['project_id'] . "' AND registrations_id='" . $rid . "' AND conferences_id='" . $conference['id'] . "'";
+ $q = mysql_query("SELECT * FROM projects WHERE id='" . $data['project_id'] . "' AND registrations_id='" . $rid . "' AND conferences_id='" . $conference['id'] . "'");
+ if(mysql_num_rows($q) == 1) {
$summarywords = preg_split("/[\s,]+/", $data['summary']);
$summarywordcount = count($summarywords);
if($summarywordcount > $config['participant_project_summary_wordmax'] || $summarywordcount<$config['participant_project_summary_wordmin'])
@@ -323,12 +330,12 @@ function saveProjectData($data){
//update the safetyquestion answers (safety table)
if(is_array($data['safetyquestions'])) {
//wipe them all out first
- mysql_query("DELETE FROM safety WHERE registrations_id='{$_SESSION['registration_id']}' AND conferences_id='{$conference['id']}'");
+ mysql_query("DELETE FROM safety WHERE registrations_id='{$rid}' AND conferences_id='{$conference['id']}'");
//and add them back
foreach($data['safetyquestions'] AS $q) {
if($q['id']) {
mysql_query("INSERT INTO safety (registrations_id,safetyquestions_id,answer,conferences_id) VALUES (
- '{$_SESSION['registration_id']}',
+ '{$rid}',
'{$q['id']}',
'".mysql_real_escape_string($q['answer'])."',
'{$conference['id']}')");
@@ -361,10 +368,10 @@ function saveProjectData($data){
//and update nummentors in registrations, yea, i know its not in the projects table
if(isset($data['nummentors'])) {
if($data['nummentors']==null) {
- mysql_query("UPDATE registrations SET nummentors=NULL WHERE id='{$_SESSION['registration_id']}'");
+ mysql_query("UPDATE registrations SET nummentors=NULL WHERE id='{$rid}'");
}
else {
- mysql_query("UPDATE registrations SET nummentors='".intval($data['nummentors'])."' WHERE id='{$_SESSION['registration_id']}'");
+ mysql_query("UPDATE registrations SET nummentors='".intval($data['nummentors'])."' WHERE id='{$rid}'");
}
}
diff --git a/register_participants_project.php b/register_participants_project.php
index a85c29ff..d44c7603 100644
--- a/register_participants_project.php
+++ b/register_participants_project.php
@@ -23,55 +23,27 @@
?>
<?
require("common.inc.php");
- include "register_participants.inc.php";
+ require_once("register_participants.inc.php");
+ require_once("user.inc.php");
+ user_auth_required('participant');
+ $u=user_load($_SESSION['users_id']);
- //authenticate based on email address and registration number from the SESSION
- if(!$_SESSION['email'])
- {
- header("Location: register_participants.php");
- exit;
- }
- if(!$_SESSION['registration_number'])
- {
- header("Location: register_participants.php");
- exit;
- }
-
- $q=mysql_query("SELECT registrations.id AS regid, students.id AS studentid, students.firstname FROM registrations,students ".
- "WHERE students.email='".$_SESSION['email']."' ".
- "AND registrations.num='".$_SESSION['registration_number']."' ".
- "AND registrations.id='".$_SESSION['registration_id']."' ".
- "AND students.registrations_id=registrations.id ".
- "AND registrations.conferences_id=".$conference['id']." ".
- "AND students.conferences_id=".$conference['id']);
-echo mysql_error();
-
- if(mysql_num_rows($q)==0)
- {
- header("Location: register_participants.php");
- exit;
-
- }
- $authinfo=mysql_fetch_object($q);
-
//send the header
send_header("Participant Registration - Project Information");
echo "<a href=\"register_participants_main.php\"><< ".i18n("Back to Participant Registration Summary")."</a><br />";
echo "<br />";
- $studentstatus=studentStatus();
- if($studentstatus!="complete")
- {
+ $studentstatus=studentsStatus($u['registrations_id']);
+ if($studentstatus!="complete") {
echo error(i18n("Please complete the <a href=\"register_participants_students.php\">Student Information Page</a> first"));
send_footer();
exit;
}
- if($_POST['action']=="save")
- {
- $message = saveProjectData($_POST);
+ if($_POST['action']=="save") {
+ $message = saveProjectData($_POST,$u['registrations_id']);
if($message == 'success'){
echo notice(i18n("Project information successfully updated"));
}else{
@@ -79,33 +51,29 @@ echo mysql_error();
}
}
-
//now lets find out their MAX grade, so we can pre-set the Age Category
- $q=mysql_query("SELECT MAX(grade) AS maxgrade FROM students WHERE registrations_id='".$_SESSION['registration_id']."'");
+ $q=mysql_query("SELECT MAX(grade) AS maxgrade FROM users WHERE registrations_id='".$u['registrations_id']."'");
$gradeinfo=mysql_fetch_object($q);
//now lets grab all the age categories, so we can choose one based on the max grade
$q=mysql_query("SELECT * FROM projectcategories WHERE conferences_id='".$conference['id']."' ORDER BY id");
- while($r=mysql_fetch_object($q))
- {
+ while($r=mysql_fetch_object($q)) {
//save these in an array, just incase we need them later (FIXME: remove this array if we dont need it)
$agecategories[$r->id]['category']=$r->category;
$agecategories[$r->id]['mingrade']=$r->mingrade;
$agecategories[$r->id]['maxgrade']=$r->maxgrade;
- if($gradeinfo->maxgrade >= $r->mingrade && $gradeinfo->maxgrade <= $r->maxgrade)
- {
+ if($gradeinfo->maxgrade >= $r->mingrade && $gradeinfo->maxgrade <= $r->maxgrade) {
$projectcategories_id=$r->id;
}
}
//now select their project info
- $q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND conferences_id='".$conference['id']."'");
+ $q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$u['registrations_id']."' AND conferences_id='".$conference['id']."'");
//check if it exists, if we didnt find any record, lets insert one
- if(mysql_num_rows($q)==0)
- {
- mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,conferences_id) VALUES ('".$_SESSION['registration_id']."','$projectcategories_id','".$conference['id']."')");
+ if(mysql_num_rows($q)==0) {
+ mysql_query("INSERT INTO projects (registrations_id,projectcategories_id,conferences_id) VALUES ('".$u['registrations_id']."','$projectcategories_id','".$conference['id']."')");
//now query the one we just inserted
- $q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$_SESSION['registration_id']."' AND conferences_id='".$conference['id']."'");
+ $q=mysql_query("SELECT * FROM projects WHERE registrations_id='".$u['registrations_id']."' AND conferences_id='".$conference['id']."'");
}
$projectinfo=mysql_fetch_object($q);