forked from science-ation/science-ation
moving code for modifying user roles into accounts.inc.php. Incomplete. Broken.
This commit is contained in:
parent
fce116316e
commit
177f49f805
176
account.inc.php
176
account.inc.php
@ -180,17 +180,179 @@ function account_set_email($accounts_id,$email) {
|
||||
}
|
||||
}
|
||||
|
||||
// add the necessary role to the account's user record for the specified conference
|
||||
// add the specified role to the account's user record for the specified conference
|
||||
// return true on success, false on failure
|
||||
function account_add_role($accounts_id, $roles_id, $conferences_id, $password = null){
|
||||
// create the user if they don't exist
|
||||
// active = yes
|
||||
// complete = no
|
||||
global $config;
|
||||
|
||||
// avoid injections
|
||||
$accounts_id *= 1;
|
||||
$roles_id *= 1;
|
||||
$conferences_id *= 1;
|
||||
$password = mysql_real_escape_string($password);
|
||||
|
||||
// make sure the specified id's actually exist
|
||||
if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){
|
||||
return "invalidaccount";
|
||||
}
|
||||
if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){
|
||||
return "invalidrole";
|
||||
}
|
||||
if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){
|
||||
return "invalidconference";
|
||||
}
|
||||
|
||||
// find out if this account has a user record for this conference
|
||||
$data = mysql_fetch_array(mysql_query("
|
||||
SELECT * FROM users
|
||||
WHERE conferences_id = $conferences_id
|
||||
AND accounts_id = $accounts_id
|
||||
"));
|
||||
if(is_array($data)){
|
||||
// they do indeed have a user record for this conference. Let's load it
|
||||
$u = user_load($data['id']);
|
||||
$users_id = $data['id'];
|
||||
}else{
|
||||
// They're not actually connected to this conference, let's hook 'em up
|
||||
$u = user_create($accounts_id, $conferences_id);
|
||||
$users_id = $u['id'];
|
||||
}
|
||||
|
||||
// we now have the user id that we need, let's check to see whether or not they
|
||||
// already have the specified role.
|
||||
$roleRecord = mysql_fetch_array(mysql_query("
|
||||
SELECT COUNT(*) FROM user_roles
|
||||
WHERE conferences_id = $conferences_id
|
||||
AND users_id = $users_id
|
||||
AND roles_id = $roles_id
|
||||
"));
|
||||
if(is_array($roleRecord)){
|
||||
// they already have this role. shell_exec("man true");
|
||||
return 'ok';
|
||||
}
|
||||
|
||||
// see if this role conflicts with existing ones
|
||||
if(!account_add_role_allowed($accounts_id, $conferences_id, $roles_id)){
|
||||
return 'invalidrole';
|
||||
}
|
||||
|
||||
// see if this role is a valid one for this conference
|
||||
if(!array_key_exists($role . '_registration_type', $config)){
|
||||
return 'invalidrole';
|
||||
}
|
||||
|
||||
// get the type of the role (eg. "judge", "student", etc.)
|
||||
$role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
|
||||
|
||||
// and let's see if we meet the conditions for the registration type
|
||||
$error = "";
|
||||
switch($config[$role . '_registration_type']){
|
||||
case 'open':
|
||||
case 'openorinvite':
|
||||
// this is allowed.
|
||||
break;
|
||||
case 'singlepassword':
|
||||
if($password != $config[$role . '_registration_singlepassword']){
|
||||
$error = "invalidpassword";
|
||||
}
|
||||
break;
|
||||
case 'schoolpassword':
|
||||
if($password != null){
|
||||
$schoolId = $u['schools_id'];
|
||||
$schoolDat = mysql_fetch_assoc(mysql_query("SELECT registration_password FROM schools WHERE id=$schoolId"));
|
||||
if(is_array($schoolDat)){
|
||||
if($password == $schoolDat['registration_password']) $valid = true;
|
||||
$error = "invalidpassword";
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'invite':
|
||||
$error = 'invalidrole';
|
||||
break;
|
||||
}
|
||||
|
||||
if($error != ""){
|
||||
return $error;
|
||||
}
|
||||
|
||||
// *whew* all conditions have been met. Let's go ahead and create the record
|
||||
if(!mysql_query("INSERT INTO user_roles (accounts_id, users_id, roles_id, active, complete) VALUES($accounts_id, $users_id, $roles_id, 'yes', 'no')")){
|
||||
return "mysqlerror:" . mysql_error();
|
||||
}
|
||||
|
||||
// if we made it this far, the role was successfully added
|
||||
return 'ok';
|
||||
}
|
||||
|
||||
// find out if the specifed role can be added to this account at the specified conference
|
||||
function account_add_role_allowed($accounts_id, $roles_id, $conferences_id){
|
||||
$returnval = true;
|
||||
|
||||
// avoid injections
|
||||
$accounts_id *= 1;
|
||||
$roles_id *= 1;
|
||||
$conferences_id *= 1;
|
||||
|
||||
// get the roles for the specified account at the specified conference
|
||||
$query = mysql_query("
|
||||
SELECT * FROM user_roles
|
||||
WHERE accounts_id = $accounts_id
|
||||
AND conferences_id = $conferences_id
|
||||
");
|
||||
|
||||
while($row = mysql_fetch_assoc($record) && $returnval){
|
||||
switch($row['type']){
|
||||
case 'student':
|
||||
// Student cant' add any other role
|
||||
$returnval = false;
|
||||
|
||||
default:
|
||||
if($role == 'student') {
|
||||
// No role can add the student role
|
||||
$returnval = false;
|
||||
}
|
||||
|
||||
// All other roles can coexist (even the fair role)
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
return $returnval;
|
||||
}
|
||||
|
||||
// remove the specified role from the account's user record for the specified conference
|
||||
// return true on success, false on failure
|
||||
function account_remove_role($accounts_id, $roles_id, $conferences_id){
|
||||
// avoid injections
|
||||
$accounts_id *= 1;
|
||||
$roles_id *= 1;
|
||||
$conferences_id *= 1;
|
||||
|
||||
// make sure the specified id's actually exist
|
||||
if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){
|
||||
return "invalidaccount";
|
||||
}
|
||||
if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){
|
||||
return "invalidrole";
|
||||
}
|
||||
if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){
|
||||
return "invalidconference";
|
||||
}
|
||||
|
||||
// very little error catching needed here. If the role's there, we hopfully succeed in
|
||||
// removing it. If it's not, then we succeed in doing nothing
|
||||
$data = mysql_fetch_array(mysql_query("
|
||||
SELECT * FROM users
|
||||
WHERE conferences_id = $conferences_id
|
||||
AND accounts_id = $accounts_id
|
||||
"));
|
||||
if(is_array($data)){
|
||||
// they do indeed have a user record for this conference. Let's load it
|
||||
$u = user_load($data['id']);
|
||||
$roletype = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
|
||||
$user_remove_role($u, $roletype);
|
||||
}
|
||||
return 'ok';
|
||||
}
|
||||
|
||||
|
||||
/*
|
||||
*/
|
||||
?>
|
||||
|
@ -79,12 +79,14 @@ case 'save':
|
||||
$u['highest_psd'] = stripslashes($_POST['highest_psd']);
|
||||
user_save($u);
|
||||
|
||||
questions_save_answers("judgereg",$u['id'],$_POST['questions']);
|
||||
if(is_array($_POST['questions'])){
|
||||
questions_save_answers("judgereg",$u['id'],$_POST['questions']);
|
||||
}
|
||||
|
||||
mysql_query("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
|
||||
|
||||
if(is_array($_POST['time']) ) {
|
||||
foreach($_POST['time'] as $x) {
|
||||
foreach($_POST['time'] as $x => $blah) {
|
||||
if(trim($times[$x]['starttime']) == '') continue;
|
||||
|
||||
mysql_query("INSERT INTO judges_availability (users_id, `date`,`start`,`end`)
|
||||
|
159
user.inc.php
159
user.inc.php
@ -23,7 +23,7 @@
|
||||
*/
|
||||
?>
|
||||
<?
|
||||
|
||||
include_once('account.inc.php');
|
||||
function user_valid_role($role)
|
||||
{
|
||||
global $roles;
|
||||
@ -234,15 +234,20 @@ function user_load_by_accounts_id_year($uid, $year)
|
||||
return user_load($i['id']);
|
||||
}
|
||||
|
||||
// activate the specified role for the specified user if they have that role
|
||||
function user_activate_role($users_id, $roles_id){
|
||||
// this depends on the naming convention that any given role that needs a completion check
|
||||
// will have a function called <role>_status_update, which updates their status with the
|
||||
// current session data and returns 'complete' or 'incomplete' accordingly.
|
||||
// I love the fact that this remark took more characters than the function.
|
||||
function user_check_role_complete($u, $role){
|
||||
$func = $role . '_status_update';
|
||||
if(function_exists($func)){
|
||||
$result = $func($u); // that's right, func(u)!
|
||||
}else{
|
||||
$result = 'complete';
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
// deactivate the specified role for the specified user if they have that role
|
||||
function user_deactivate_role($users_id, $roles_id){
|
||||
}
|
||||
|
||||
|
||||
function user_save(&$u)
|
||||
{
|
||||
global $conference;
|
||||
@ -256,6 +261,7 @@ function user_save(&$u)
|
||||
|
||||
// Update all roles
|
||||
$new_roles = array_keys($u['roles']);
|
||||
/*
|
||||
foreach($new_roles as $r) {
|
||||
if($u['roles'][$r] != $u['orig']['roles'][$r]) {
|
||||
// $u['roles'][$r] has changed from original, update it
|
||||
@ -265,6 +271,7 @@ function user_save(&$u)
|
||||
echo mysql_error();
|
||||
}
|
||||
}
|
||||
*/
|
||||
|
||||
$fields = array('salutation','firstname','lastname',
|
||||
'phonehome','phonework','phonecell','fax','organization',
|
||||
@ -321,6 +328,81 @@ function user_save(&$u)
|
||||
}
|
||||
|
||||
|
||||
// mark the role as complete if it's qualifications are met
|
||||
function user_complete_role($users_id, $role){
|
||||
// avoid SQL injections
|
||||
$role = mysql_real_escape_string($role);
|
||||
$users_id *= 1;
|
||||
|
||||
// get the id of the role
|
||||
$row = mysql_fetch_assoc(mysql_query("SELECT id FROM roles WHERE type = '$role'"));
|
||||
if(!is_array($row)){
|
||||
return false;
|
||||
}
|
||||
$roles_id = $row['id'];
|
||||
|
||||
// does this user have the given role?
|
||||
$row = mysql_fetch_array(mysql_query("SELECT * FROM user_roles WHERE users_id = $users_id AND roles_id = $roles_id"));
|
||||
if(!is_array($row)){
|
||||
return false;
|
||||
}
|
||||
|
||||
// ok, it's a valid role and the specified user has it. Now let's see if we can mark it as complete
|
||||
$user = user_load($users_id);
|
||||
$result = user_check_role_complete($user, $role);
|
||||
|
||||
if($result == 'ok'){
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// mark the role as being incomplete - not a verb sadly
|
||||
function user_uncomplete_role($users_id, $role){
|
||||
// avoid SQL injections
|
||||
$role = mysql_real_escape_string($role);
|
||||
$users_id *= 1;
|
||||
|
||||
// get the id of the role
|
||||
$row = mysql_fetch_assoc(mysql_query("SELECT id FROM roles WHERE type = '$role'"));
|
||||
if(!is_array($row)){
|
||||
return false;
|
||||
}
|
||||
$roles_id = $row['id'];
|
||||
|
||||
// and update said role for the given user id
|
||||
return mysql_query("UPDATE user_roles SET complete = 'no' WHERE users_id = $users_id AND roles_id = $roles_id");
|
||||
|
||||
}
|
||||
|
||||
// activate the specified role for the specified user if they have that role
|
||||
function user_activate_role($users_id, $roles_id){
|
||||
// Make sure the role is indeed there
|
||||
$query = "SELECT * FROM user_roles WHERE roles_id = $roles_id AND users_id = $users_id";
|
||||
$data = mysql_fetch_array(mysql_query($query));
|
||||
if(!is_array($data)){
|
||||
// can't be activated if you don't have it!
|
||||
return false;
|
||||
}
|
||||
|
||||
return mysql_query("UPDATE user_roles SET active='yes' WHERE users_id = $users_id AND roles_id = $roles_id");
|
||||
}
|
||||
|
||||
// deactivate the specified role for the specified user if they have that role
|
||||
function user_deactivate_role($users_id, $roles_id){
|
||||
// Make sure the role is indeed there
|
||||
$query = "SELECT * FROM user_roles WHERE roles_id = $roles_id AND users_id = $users_id";
|
||||
$data = mysql_fetch_array(mysql_query($query));
|
||||
if(!is_array($data)){
|
||||
// can't be deactivated if you don't have it!
|
||||
return false;
|
||||
}
|
||||
|
||||
return mysql_query("UPDATE user_roles SET active='no' WHERE users_id = $users_id AND roles_id = $roles_id");
|
||||
}
|
||||
|
||||
function user_remove_role(&$u, $role)
|
||||
{
|
||||
if(!array_key_exists($role, $u['roles'])) {
|
||||
@ -502,46 +584,60 @@ function user_add_role_allowed(&$u, $role)
|
||||
}
|
||||
|
||||
|
||||
// Add a role for a user. Return true on success, false on error
|
||||
function user_add_role(&$u, $role, $password = null)
|
||||
{
|
||||
// Add a role for a user.
|
||||
// now just a skin on top of account_add_role
|
||||
function user_add_role(&$u, $role, $password = null){
|
||||
$row = mysql_fetch_assoc(mysql_query("SELECT conferences_id FROM users WHERE id = " . $u['id']));
|
||||
if(!is_array($q)){
|
||||
return 'no conference';
|
||||
}
|
||||
$conference_id = $q['conferences_id'];
|
||||
$result = account_add_role($u['accounts_id'], $roles[$role]['id'], $password);
|
||||
if($result == 'ok'){
|
||||
$u['roles'][$role] = array('active' =>'yes', 'complete' => 'no');
|
||||
}
|
||||
return $result;
|
||||
|
||||
/*
|
||||
global $config, $roles;
|
||||
if(!user_add_role_allowed($u, $role)) {
|
||||
/* If we get in here, someone is hand crafting URLs */
|
||||
echo "HALT: invalid role add specified for operation.";
|
||||
return false;
|
||||
// If we get in here, someone is hand crafting URLs
|
||||
return "invalid role for specified user";
|
||||
}
|
||||
|
||||
// ensure that this role can indeed be added
|
||||
$valid = false;
|
||||
$error = null;
|
||||
if(array_key_exists($role . '_registration_type', $config)){
|
||||
switch($config[$role . '_registration_type']){
|
||||
case 'open':
|
||||
$valid = true;
|
||||
case 'openorinvite':
|
||||
// nothing to do for these
|
||||
break;
|
||||
case 'singlepassword':
|
||||
if($password == $config[$role . '_registration_singlepassword']){
|
||||
$valid = true;
|
||||
if($password != $config[$role . '_registration_singlepassword']){
|
||||
$error = "invalid password";
|
||||
}
|
||||
break;
|
||||
case 'schoolpassword':
|
||||
if($pasword != null){
|
||||
if($password != null){
|
||||
$schoolId = $u['schools_id'];
|
||||
$schoolDat = mysql_fetch_assoc(mysql_query("SELECT registration_password FROM schools WHERE id=$schoolId"));
|
||||
if($password == $schoolDat['registration_password']) $valid = true;
|
||||
if(is_array($schoolDat)){
|
||||
if($password == $schoolDat['registration_password']) $valid = true;
|
||||
$error = "invalid password";
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'invite':
|
||||
//$valid = false;
|
||||
break;
|
||||
case 'openorinvite':
|
||||
$valid = true;
|
||||
$error = 'invite only';
|
||||
break;
|
||||
}
|
||||
}else{
|
||||
$error = 'invalid role';
|
||||
}
|
||||
|
||||
if(!$valid){
|
||||
return false;
|
||||
if($error != null){
|
||||
return $error;
|
||||
}
|
||||
|
||||
// ok, the conditions are met, make sure they don't already have this role
|
||||
@ -556,11 +652,12 @@ function user_add_role(&$u, $role, $password = null)
|
||||
if(mysql_query($q)){
|
||||
$u['roles'][$role] = array('active' =>'yes', 'complete' => 'no');
|
||||
}else{
|
||||
return false;
|
||||
return "error creating record";
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
return 'ok';
|
||||
*/
|
||||
}
|
||||
|
||||
function user_create($accounts_id, $conferences_id=0)
|
||||
@ -593,12 +690,6 @@ function user_create($accounts_id, $conferences_id=0)
|
||||
}
|
||||
}
|
||||
|
||||
/* No data available on the old user records, let's try getting it from the account then */
|
||||
$results = mysql_fetch_assoc(mysql_query("SELECT * FROM accounts WHERE id ='$accounts_id'"));
|
||||
if(is_array($results)){
|
||||
$fields['username'] = $results['username'];
|
||||
}
|
||||
|
||||
/* Create the user */
|
||||
$fieldList = array_keys($fields);
|
||||
$query = "INSERT INTO users(`created`, `" . implode('`,`', $fieldList) . "`) VALUES(NOW(), '" . implode("','", $fields) . "')";
|
||||
|
@ -1,4 +1,4 @@
|
||||
<?
|
||||
<?php
|
||||
/*
|
||||
This file is part of the 'Science Fair In A Box' project
|
||||
SFIAB Website: http://www.sfiab.ca
|
||||
@ -26,21 +26,24 @@ require_once("common.inc.php");
|
||||
require_once("user.inc.php");
|
||||
user_auth_required();
|
||||
|
||||
// grab data for the available role types
|
||||
$roleDat = array();
|
||||
$q = mysql_query("SELECT * FROM roles");
|
||||
while($row = mysql_fetch_assoc($q)){
|
||||
$roleDat[$row['type']] = array(
|
||||
'id' => $row['id'],
|
||||
'name' => $row['name']
|
||||
);
|
||||
// find out if this user actually is in this conference
|
||||
$query = "SELECT COUNT(*) FROM users WHERE conferences_id = {$_SESSION['conferences_id']}"
|
||||
. " AND accounts_id = " . $_SESSION['accounts_id'];
|
||||
$data = mysql_fetch_array(mysql_query($query));
|
||||
if($data[0] == 0){
|
||||
// They're not actually connected to this conference, let's hook 'em up
|
||||
$u = user_create($_SESSION['accounts_id'], $_SESSION['conferences_id']);
|
||||
$_SESSION['users_id'] = $u['id'];
|
||||
}
|
||||
|
||||
$u = user_load($_SESSION['users_id']);
|
||||
if(array_key_exists('action', $_GET)){
|
||||
switch($_GET['action']){
|
||||
case 'register':
|
||||
register_new_role();
|
||||
$role = $_POST['role'];
|
||||
$result = account_add_role($u['accounts_id'], $roles[$role]['id'], $_SESSION['conferences_id'], $_POST['password']);
|
||||
echo $result;
|
||||
// register_new_role();
|
||||
break;
|
||||
case 'draw_roles':
|
||||
draw_roles();
|
||||
@ -101,6 +104,7 @@ send_header("Main Page", array());
|
||||
'password' : $('#' + role + '_password').val()
|
||||
},
|
||||
function(result){
|
||||
alert(result);
|
||||
$('#roles').load('user_main.php?action=draw_roles');
|
||||
}
|
||||
);
|
||||
@ -150,9 +154,6 @@ echo "<br />";
|
||||
echo i18n('Other Options and Things To Do').':<br />';
|
||||
echo '<ul>';
|
||||
echo '<li><a href="user_edit.php">'.i18n('Change Password').'</a> - '.i18n('Change your email, username, and password').'</li>';
|
||||
echo '<li><a href="user_edit.php">'.i18n('Activate/Deactivate Roles').'</a> - '.
|
||||
i18n('Activate/Deactiate/Remove/Delete roles or your entire account').
|
||||
'</li>';
|
||||
echo '<li>'.i18n('To logout, use the "Logout" link in the upper-right of the page').'</li>';
|
||||
echo '</ul>';
|
||||
|
||||
@ -240,7 +241,7 @@ function draw_roles(){
|
||||
|
||||
function draw_signup_form($type){
|
||||
global $config;
|
||||
global $roleDat;
|
||||
global $roles;
|
||||
switch($type) {
|
||||
case 'volunteer':
|
||||
$reg_open = user_volunteer_registration_status();
|
||||
@ -285,9 +286,9 @@ function draw_signup_form($type){
|
||||
break;
|
||||
case 'singlepassword':
|
||||
echo '<p>';
|
||||
echo i18n("{$roleDat[$type]['name']} Registration is protected by a password. You must know the <b>{$roleDat[$type]['name']} Registration Password</b> in order to create an account. Please contact the committee to obtain the password if you wish to register.");
|
||||
echo i18n("{$roles[$type]['name']} Registration is protected by a password. You must know the <b>{$roles[$type]['name']} Registration Password</b> in order to create an account. Please contact the committee to obtain the password if you wish to register.");
|
||||
echo "</p><p>";
|
||||
echo i18n("{$roleDat[$type]['name']} Password").":<input type=\"password\" size=\"20\" id=\"{$type}_password\" />";
|
||||
echo i18n("{$roles[$type]['name']} Password").":<input type=\"password\" size=\"20\" id=\"{$type}_password\" />";
|
||||
echo "<button onclick=\"register('" . $type . "');\">Register</button>";
|
||||
echo "</p>";
|
||||
break;
|
||||
@ -304,20 +305,12 @@ function draw_signup_form($type){
|
||||
echo "Unhandled registration mode: $reg_mode";
|
||||
}
|
||||
}else{
|
||||
echo i18n("{$roleDat[$type]['name']} registration is not open");
|
||||
echo i18n("{$roles[$type]['name']} registration is not open");
|
||||
}
|
||||
/*
|
||||
echo "<hr/>\$reg_mode = $reg_mode<br/>";
|
||||
echo "\$reg_open = $reg_open<br/>";
|
||||
echo "<pre>";
|
||||
// print_r($config);
|
||||
echo "</pre>";
|
||||
*/
|
||||
|
||||
}
|
||||
|
||||
function register_new_role(){
|
||||
global $config, $roleDat, $u;
|
||||
global $config, $roles, $u;
|
||||
$password = $_POST['password'];
|
||||
$uid = $_SESSION['users_id'];
|
||||
$roleId = $_POST['role'];
|
||||
@ -359,7 +352,7 @@ function register_new_role(){
|
||||
|
||||
// ok, they meet the conditions to register for this role
|
||||
// see if they're already registered for it
|
||||
$role_index = $roleDat[$role]['id'];
|
||||
$role_index = $roles[$role]['id'];
|
||||
$query = "SELECT COUNT(*) FROM user_roles WHERE users_id = $uid AND roles_id=$role_index";
|
||||
echo $query;
|
||||
$results = mysql_fetch_array(mysql_query($query));
|
||||
@ -367,6 +360,11 @@ function register_new_role(){
|
||||
return false;
|
||||
}
|
||||
|
||||
user_add_role($u, $role, $password);
|
||||
user_save($u);
|
||||
if(user_add_role($u, $role, $password)){
|
||||
$_SESSION['roles'][] = $role;
|
||||
user_save($u);
|
||||
return true;
|
||||
}else{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user