moving code for modifying user roles into accounts.inc.php. Incomplete. Broken.

This commit is contained in:
jacob 2010-10-07 22:02:45 +00:00
parent fce116316e
commit 177f49f805
4 changed files with 326 additions and 73 deletions

View File

@ -180,17 +180,179 @@ function account_set_email($accounts_id,$email) {
}
}
// add the necessary role to the account's user record for the specified conference
// add the specified role to the account's user record for the specified conference
// return true on success, false on failure
function account_add_role($accounts_id, $roles_id, $conferences_id, $password = null){
// create the user if they don't exist
// active = yes
// complete = no
global $config;
// avoid injections
$accounts_id *= 1;
$roles_id *= 1;
$conferences_id *= 1;
$password = mysql_real_escape_string($password);
// make sure the specified id's actually exist
if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){
return "invalidaccount";
}
if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){
return "invalidrole";
}
if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){
return "invalidconference";
}
// find out if this account has a user record for this conference
$data = mysql_fetch_array(mysql_query("
SELECT * FROM users
WHERE conferences_id = $conferences_id
AND accounts_id = $accounts_id
"));
if(is_array($data)){
// they do indeed have a user record for this conference. Let's load it
$u = user_load($data['id']);
$users_id = $data['id'];
}else{
// They're not actually connected to this conference, let's hook 'em up
$u = user_create($accounts_id, $conferences_id);
$users_id = $u['id'];
}
// we now have the user id that we need, let's check to see whether or not they
// already have the specified role.
$roleRecord = mysql_fetch_array(mysql_query("
SELECT COUNT(*) FROM user_roles
WHERE conferences_id = $conferences_id
AND users_id = $users_id
AND roles_id = $roles_id
"));
if(is_array($roleRecord)){
// they already have this role. shell_exec("man true");
return 'ok';
}
// see if this role conflicts with existing ones
if(!account_add_role_allowed($accounts_id, $conferences_id, $roles_id)){
return 'invalidrole';
}
// see if this role is a valid one for this conference
if(!array_key_exists($role . '_registration_type', $config)){
return 'invalidrole';
}
// get the type of the role (eg. "judge", "student", etc.)
$role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
// and let's see if we meet the conditions for the registration type
$error = "";
switch($config[$role . '_registration_type']){
case 'open':
case 'openorinvite':
// this is allowed.
break;
case 'singlepassword':
if($password != $config[$role . '_registration_singlepassword']){
$error = "invalidpassword";
}
break;
case 'schoolpassword':
if($password != null){
$schoolId = $u['schools_id'];
$schoolDat = mysql_fetch_assoc(mysql_query("SELECT registration_password FROM schools WHERE id=$schoolId"));
if(is_array($schoolDat)){
if($password == $schoolDat['registration_password']) $valid = true;
$error = "invalidpassword";
}
}
break;
case 'invite':
$error = 'invalidrole';
break;
}
if($error != ""){
return $error;
}
// *whew* all conditions have been met. Let's go ahead and create the record
if(!mysql_query("INSERT INTO user_roles (accounts_id, users_id, roles_id, active, complete) VALUES($accounts_id, $users_id, $roles_id, 'yes', 'no')")){
return "mysqlerror:" . mysql_error();
}
// if we made it this far, the role was successfully added
return 'ok';
}
// find out if the specifed role can be added to this account at the specified conference
function account_add_role_allowed($accounts_id, $roles_id, $conferences_id){
$returnval = true;
// avoid injections
$accounts_id *= 1;
$roles_id *= 1;
$conferences_id *= 1;
// get the roles for the specified account at the specified conference
$query = mysql_query("
SELECT * FROM user_roles
WHERE accounts_id = $accounts_id
AND conferences_id = $conferences_id
");
while($row = mysql_fetch_assoc($record) && $returnval){
switch($row['type']){
case 'student':
// Student cant' add any other role
$returnval = false;
default:
if($role == 'student') {
// No role can add the student role
$returnval = false;
}
// All other roles can coexist (even the fair role)
break;
}
}
return $returnval;
}
// remove the specified role from the account's user record for the specified conference
// return true on success, false on failure
function account_remove_role($accounts_id, $roles_id, $conferences_id){
// avoid injections
$accounts_id *= 1;
$roles_id *= 1;
$conferences_id *= 1;
// make sure the specified id's actually exist
if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){
return "invalidaccount";
}
if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){
return "invalidrole";
}
if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){
return "invalidconference";
}
// very little error catching needed here. If the role's there, we hopfully succeed in
// removing it. If it's not, then we succeed in doing nothing
$data = mysql_fetch_array(mysql_query("
SELECT * FROM users
WHERE conferences_id = $conferences_id
AND accounts_id = $accounts_id
"));
if(is_array($data)){
// they do indeed have a user record for this conference. Let's load it
$u = user_load($data['id']);
$roletype = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
$user_remove_role($u, $roletype);
}
return 'ok';
}
/*
*/
?>

View File

@ -79,12 +79,14 @@ case 'save':
$u['highest_psd'] = stripslashes($_POST['highest_psd']);
user_save($u);
questions_save_answers("judgereg",$u['id'],$_POST['questions']);
if(is_array($_POST['questions'])){
questions_save_answers("judgereg",$u['id'],$_POST['questions']);
}
mysql_query("DELETE FROM judges_availability WHERE users_id='{$u['id']}'");
if(is_array($_POST['time']) ) {
foreach($_POST['time'] as $x) {
foreach($_POST['time'] as $x => $blah) {
if(trim($times[$x]['starttime']) == '') continue;
mysql_query("INSERT INTO judges_availability (users_id, `date`,`start`,`end`)

View File

@ -23,7 +23,7 @@
*/
?>
<?
include_once('account.inc.php');
function user_valid_role($role)
{
global $roles;
@ -234,15 +234,20 @@ function user_load_by_accounts_id_year($uid, $year)
return user_load($i['id']);
}
// activate the specified role for the specified user if they have that role
function user_activate_role($users_id, $roles_id){
// this depends on the naming convention that any given role that needs a completion check
// will have a function called <role>_status_update, which updates their status with the
// current session data and returns 'complete' or 'incomplete' accordingly.
// I love the fact that this remark took more characters than the function.
function user_check_role_complete($u, $role){
$func = $role . '_status_update';
if(function_exists($func)){
$result = $func($u); // that's right, func(u)!
}else{
$result = 'complete';
}
return $result;
}
// deactivate the specified role for the specified user if they have that role
function user_deactivate_role($users_id, $roles_id){
}
function user_save(&$u)
{
global $conference;
@ -256,6 +261,7 @@ function user_save(&$u)
// Update all roles
$new_roles = array_keys($u['roles']);
/*
foreach($new_roles as $r) {
if($u['roles'][$r] != $u['orig']['roles'][$r]) {
// $u['roles'][$r] has changed from original, update it
@ -265,6 +271,7 @@ function user_save(&$u)
echo mysql_error();
}
}
*/
$fields = array('salutation','firstname','lastname',
'phonehome','phonework','phonecell','fax','organization',
@ -321,6 +328,81 @@ function user_save(&$u)
}
// mark the role as complete if it's qualifications are met
function user_complete_role($users_id, $role){
// avoid SQL injections
$role = mysql_real_escape_string($role);
$users_id *= 1;
// get the id of the role
$row = mysql_fetch_assoc(mysql_query("SELECT id FROM roles WHERE type = '$role'"));
if(!is_array($row)){
return false;
}
$roles_id = $row['id'];
// does this user have the given role?
$row = mysql_fetch_array(mysql_query("SELECT * FROM user_roles WHERE users_id = $users_id AND roles_id = $roles_id"));
if(!is_array($row)){
return false;
}
// ok, it's a valid role and the specified user has it. Now let's see if we can mark it as complete
$user = user_load($users_id);
$result = user_check_role_complete($user, $role);
if($result == 'ok'){
return true;
}else{
return false;
}
}
// mark the role as being incomplete - not a verb sadly
function user_uncomplete_role($users_id, $role){
// avoid SQL injections
$role = mysql_real_escape_string($role);
$users_id *= 1;
// get the id of the role
$row = mysql_fetch_assoc(mysql_query("SELECT id FROM roles WHERE type = '$role'"));
if(!is_array($row)){
return false;
}
$roles_id = $row['id'];
// and update said role for the given user id
return mysql_query("UPDATE user_roles SET complete = 'no' WHERE users_id = $users_id AND roles_id = $roles_id");
}
// activate the specified role for the specified user if they have that role
function user_activate_role($users_id, $roles_id){
// Make sure the role is indeed there
$query = "SELECT * FROM user_roles WHERE roles_id = $roles_id AND users_id = $users_id";
$data = mysql_fetch_array(mysql_query($query));
if(!is_array($data)){
// can't be activated if you don't have it!
return false;
}
return mysql_query("UPDATE user_roles SET active='yes' WHERE users_id = $users_id AND roles_id = $roles_id");
}
// deactivate the specified role for the specified user if they have that role
function user_deactivate_role($users_id, $roles_id){
// Make sure the role is indeed there
$query = "SELECT * FROM user_roles WHERE roles_id = $roles_id AND users_id = $users_id";
$data = mysql_fetch_array(mysql_query($query));
if(!is_array($data)){
// can't be deactivated if you don't have it!
return false;
}
return mysql_query("UPDATE user_roles SET active='no' WHERE users_id = $users_id AND roles_id = $roles_id");
}
function user_remove_role(&$u, $role)
{
if(!array_key_exists($role, $u['roles'])) {
@ -502,46 +584,60 @@ function user_add_role_allowed(&$u, $role)
}
// Add a role for a user. Return true on success, false on error
function user_add_role(&$u, $role, $password = null)
{
// Add a role for a user.
// now just a skin on top of account_add_role
function user_add_role(&$u, $role, $password = null){
$row = mysql_fetch_assoc(mysql_query("SELECT conferences_id FROM users WHERE id = " . $u['id']));
if(!is_array($q)){
return 'no conference';
}
$conference_id = $q['conferences_id'];
$result = account_add_role($u['accounts_id'], $roles[$role]['id'], $password);
if($result == 'ok'){
$u['roles'][$role] = array('active' =>'yes', 'complete' => 'no');
}
return $result;
/*
global $config, $roles;
if(!user_add_role_allowed($u, $role)) {
/* If we get in here, someone is hand crafting URLs */
echo "HALT: invalid role add specified for operation.";
return false;
// If we get in here, someone is hand crafting URLs
return "invalid role for specified user";
}
// ensure that this role can indeed be added
$valid = false;
$error = null;
if(array_key_exists($role . '_registration_type', $config)){
switch($config[$role . '_registration_type']){
case 'open':
$valid = true;
case 'openorinvite':
// nothing to do for these
break;
case 'singlepassword':
if($password == $config[$role . '_registration_singlepassword']){
$valid = true;
if($password != $config[$role . '_registration_singlepassword']){
$error = "invalid password";
}
break;
case 'schoolpassword':
if($pasword != null){
if($password != null){
$schoolId = $u['schools_id'];
$schoolDat = mysql_fetch_assoc(mysql_query("SELECT registration_password FROM schools WHERE id=$schoolId"));
if($password == $schoolDat['registration_password']) $valid = true;
if(is_array($schoolDat)){
if($password == $schoolDat['registration_password']) $valid = true;
$error = "invalid password";
}
}
break;
case 'invite':
//$valid = false;
break;
case 'openorinvite':
$valid = true;
$error = 'invite only';
break;
}
}else{
$error = 'invalid role';
}
if(!$valid){
return false;
if($error != null){
return $error;
}
// ok, the conditions are met, make sure they don't already have this role
@ -556,11 +652,12 @@ function user_add_role(&$u, $role, $password = null)
if(mysql_query($q)){
$u['roles'][$role] = array('active' =>'yes', 'complete' => 'no');
}else{
return false;
return "error creating record";
}
}
return true;
return 'ok';
*/
}
function user_create($accounts_id, $conferences_id=0)
@ -593,12 +690,6 @@ function user_create($accounts_id, $conferences_id=0)
}
}
/* No data available on the old user records, let's try getting it from the account then */
$results = mysql_fetch_assoc(mysql_query("SELECT * FROM accounts WHERE id ='$accounts_id'"));
if(is_array($results)){
$fields['username'] = $results['username'];
}
/* Create the user */
$fieldList = array_keys($fields);
$query = "INSERT INTO users(`created`, `" . implode('`,`', $fieldList) . "`) VALUES(NOW(), '" . implode("','", $fields) . "')";

View File

@ -1,4 +1,4 @@
<?
<?php
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
@ -26,21 +26,24 @@ require_once("common.inc.php");
require_once("user.inc.php");
user_auth_required();
// grab data for the available role types
$roleDat = array();
$q = mysql_query("SELECT * FROM roles");
while($row = mysql_fetch_assoc($q)){
$roleDat[$row['type']] = array(
'id' => $row['id'],
'name' => $row['name']
);
// find out if this user actually is in this conference
$query = "SELECT COUNT(*) FROM users WHERE conferences_id = {$_SESSION['conferences_id']}"
. " AND accounts_id = " . $_SESSION['accounts_id'];
$data = mysql_fetch_array(mysql_query($query));
if($data[0] == 0){
// They're not actually connected to this conference, let's hook 'em up
$u = user_create($_SESSION['accounts_id'], $_SESSION['conferences_id']);
$_SESSION['users_id'] = $u['id'];
}
$u = user_load($_SESSION['users_id']);
if(array_key_exists('action', $_GET)){
switch($_GET['action']){
case 'register':
register_new_role();
$role = $_POST['role'];
$result = account_add_role($u['accounts_id'], $roles[$role]['id'], $_SESSION['conferences_id'], $_POST['password']);
echo $result;
// register_new_role();
break;
case 'draw_roles':
draw_roles();
@ -101,6 +104,7 @@ send_header("Main Page", array());
'password' : $('#' + role + '_password').val()
},
function(result){
alert(result);
$('#roles').load('user_main.php?action=draw_roles');
}
);
@ -150,9 +154,6 @@ echo "<br />";
echo i18n('Other Options and Things To Do').':<br />';
echo '<ul>';
echo '<li><a href="user_edit.php">'.i18n('Change Password').'</a> - '.i18n('Change your email, username, and password').'</li>';
echo '<li><a href="user_edit.php">'.i18n('Activate/Deactivate Roles').'</a> - '.
i18n('Activate/Deactiate/Remove/Delete roles or your entire account').
'</li>';
echo '<li>'.i18n('To logout, use the "Logout" link in the upper-right of the page').'</li>';
echo '</ul>';
@ -240,7 +241,7 @@ function draw_roles(){
function draw_signup_form($type){
global $config;
global $roleDat;
global $roles;
switch($type) {
case 'volunteer':
$reg_open = user_volunteer_registration_status();
@ -285,9 +286,9 @@ function draw_signup_form($type){
break;
case 'singlepassword':
echo '<p>';
echo i18n("{$roleDat[$type]['name']} Registration is protected by a password. You must know the <b>{$roleDat[$type]['name']} Registration Password</b> in order to create an account. Please contact the committee to obtain the password if you wish to register.");
echo i18n("{$roles[$type]['name']} Registration is protected by a password. You must know the <b>{$roles[$type]['name']} Registration Password</b> in order to create an account. Please contact the committee to obtain the password if you wish to register.");
echo "</p><p>";
echo i18n("{$roleDat[$type]['name']} Password").":<input type=\"password\" size=\"20\" id=\"{$type}_password\" />";
echo i18n("{$roles[$type]['name']} Password").":<input type=\"password\" size=\"20\" id=\"{$type}_password\" />";
echo "<button onclick=\"register('" . $type . "');\">Register</button>";
echo "</p>";
break;
@ -304,20 +305,12 @@ function draw_signup_form($type){
echo "Unhandled registration mode: $reg_mode";
}
}else{
echo i18n("{$roleDat[$type]['name']} registration is not open");
echo i18n("{$roles[$type]['name']} registration is not open");
}
/*
echo "<hr/>\$reg_mode = $reg_mode<br/>";
echo "\$reg_open = $reg_open<br/>";
echo "<pre>";
// print_r($config);
echo "</pre>";
*/
}
function register_new_role(){
global $config, $roleDat, $u;
global $config, $roles, $u;
$password = $_POST['password'];
$uid = $_SESSION['users_id'];
$roleId = $_POST['role'];
@ -359,7 +352,7 @@ function register_new_role(){
// ok, they meet the conditions to register for this role
// see if they're already registered for it
$role_index = $roleDat[$role]['id'];
$role_index = $roles[$role]['id'];
$query = "SELECT COUNT(*) FROM user_roles WHERE users_id = $uid AND roles_id=$role_index";
echo $query;
$results = mysql_fetch_array(mysql_query($query));
@ -367,6 +360,11 @@ function register_new_role(){
return false;
}
user_add_role($u, $role, $password);
user_save($u);
if(user_add_role($u, $role, $password)){
$_SESSION['roles'][] = $role;
user_save($u);
return true;
}else{
return false;
}
}