arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

- Fix multirole creation. If a user tries to create an account, and they

Browse Source 
already exist, they will be guided through the process of adding a role to
  their existing account.
- Do a database update, and merge anyone who has managed to create 2 accounts
  into a single account.
- Still testing this, but it seems to be working
This commit is contained in:
dave 2007-12-12 03:01:44 +00:00
parent 5e4a31c50c
commit 1dc1b47d05
7 changed files with 312 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
db/db.code.version.txt
View File

@ -1 +1 @@
75 76

74
db/db.update.76.php Normal file
View File

@ -0,0 +1,74 @@
<?
function db_update_76_pre()
{
/* Find all users that exist multiple times and merge them, fixing the
* types link. Right now this can only happen with committee members
* and volunteers */
$q = mysql_query("SELECT DISTINCT username FROM users WHERE 1");
while($r = mysql_fetch_assoc($q)) {
$user = $r['username'];
if($user == '') continue;
$qq = mysql_query("SELECT * FROM users WHERE username='$user'");
if(mysql_num_rows($qq) <= 1) continue;
/* Fix $user */
/* Load all their data */
while($rr = mysql_fetch_assoc($qq)) {
$types = explode(',', $rr['types']);
foreach($types as $t) {
$u[$t] = $rr;
}
}
/* Make sure we have what we think we have */
$cid = intval($u['committee']['id']);
$vid = intval($u['volunteer']['id']);
if($cid == 0 || $vid == 0) {
echo "\n\n\nDATABASE ERROR: User $user exists multiple
times, but I was unable to fix it. Please visit
www.sfiab.ca and send us an email so we can help sort
out your database. It is likely that user $user will
experience problems logging in\n\n\n";
continue;
}
/* Copy everything into the committee entry */
$fields = array('firstname','lastname','username','password',
'email',
'phonehome','phonework','phonecell','fax','organization',
'address','address2','city','province','postalcode');
$query = "`types`='committee,volunteer'";
foreach($fields as $f) {
if($u['committee'][$f] == '' && $u['volunteer'][$f] != '') {
$v = mysql_escape_string($u['volunteer'][$f]);
$query .= ",`$f`='$v'";
}
}
$query = "UPDATE users SET $query WHERE id='$cid'";
echo "$query\n";
mysql_query($query);
/* Now fix the volunteers links */
$query = "UPDATE volunteer_positions_signup SET users_id='$cid' WHERE users_id='$vid'";
echo "$query\n";
mysql_query($query);
/* The user_volunteer table is empty, we should just delete it,
* no need to update it */
/* Delete the old user */
$query = "DELETE FROM users WHERE id='$vid'";
echo "$query\n";
mysql_query($query);
}
}
?>

55
user.inc.php
View File

@ -133,7 +133,7 @@ function user_load($user, $load_full=false)
/* Turn the type into an array, because there could be more than one */ /* Turn the type into an array, because there could be more than one */
$ts = explode(',', $ret['types']); $ts = explode(',', $ret['types']);
$ret['types'] = $ts; /* Now we can use in_array($ret['type'], 'judge') ; */ $ret['types'] = $ts; /* Now we can use in_array('judge', $ret['types']) ; */
} else { } else {
$ret = $user; $ret = $user;
} }
@ -312,16 +312,52 @@ function user_delete($u, $type=false)
} }
} }
function user_create($type) /* Returns true if loaded user ($u) is allowed to add role type $type to their
* profile. THis is intended as a last-stop mechanism, preventing, for example
* a student from co-existing with any other account type. */
function user_add_role_allowed($type, $u)
{ {
mysql_query("INSERT INTO users (`types`,`created`) VALUES ('$type', NOW())"); /* For example, a committee member can add a volunteer or judge role to
$uid = mysql_insert_id(); * their account. */
$allowed = array(
'committee' => array('volunteer', 'judge'),
'volunteer' => array('judge', 'committee'),
'judge' => array('volunteer', 'committee'),
'student' => array(),
'fair' => array() );
foreach($u['types'] as $ut) {
$allowed_array = $allowed[$ut];
if(in_array($type, $allowed[$ut])) return true;
}
return false;
}
function user_create($type, $u = NULL)
{
if(!is_array($u)) {
mysql_query("INSERT INTO users (`types`,`passwordexpiry`,`created`)
VALUES ('$type', '0000-00-00', NOW())");
$uid = mysql_insert_id();
} else {
/* The user has been specified and already exists,
* just add a role */
$uid = $u['id'];
if(!user_add_role_allowed($type, $u)) {
/* If we get in here, someone is hand crafting URLs */
echo "HALT: invalid role add specified for operation.";
exit;
}
$new_types = implode(',', $u['types']).','.$type;
mysql_query("UPDATE users SET types='$new_types' WHERE id='$uid'");
}
switch($type) { switch($type) {
case 'volunteer': case 'volunteer':
case 'student': case 'student':
case 'judge': case 'judge':
case 'region': case 'fair':
mysql_query("INSERT INTO users_fair(`users_id`) VALUES ('$uid')");
break; break;
case 'committee': case 'committee':
mysql_query("INSERT INTO users_committee(`users_id`) VALUES ('$uid')"); mysql_query("INSERT INTO users_committee(`users_id`) VALUES ('$uid')");
@ -354,6 +390,15 @@ function user_valid_password($pass)
return true; return true;
} }
/* A more strict version of isEmailAddress() */
function user_valid_email($str)
{
if(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str))
return true;
return false;
}
/* Perform some checks. Make sure the person is logged in, and that their /* Perform some checks. Make sure the person is logged in, and that their
* password hasn't expired (the password_expired var is set in the login page) * password hasn't expired (the password_expired var is set in the login page)
*/ */

66
user_login.php
View File

@ -26,10 +26,13 @@
require_once("common.inc.php"); require_once("common.inc.php");
require_once("user.inc.php"); require_once("user.inc.php");
function try_login($user, $pass, $type=null) function try_login($user, $pass)
{ {
/* Ensure sanity of inputs, user should be an email address, but it's stored /* Ensure sanity of inputs, user should be an email address, but it's stored
* in the username field */ * in the username field */
/* FIXME: this shoudl be user_valid_email, but can't be yet, because
* we copy the usernames from the email field, and that field may
* contain a name too */
if(!isEmailAddress($user)) { if(!isEmailAddress($user)) {
/* It's possible that it's a username */ /* It's possible that it's a username */
if(!user_valid_user($user)) return false; if(!user_valid_user($user)) return false;
@ -40,12 +43,11 @@
//$x = user_valid_password($pass); //$x = user_valid_password($pass);
if(!strlen($pass)) if(!strlen($pass))
return false; return false;
if($type) $typequery=" AND types LIKE '%$type%'"; else $typequery="";
$user = mysql_escape_string($user);
$q = mysql_query("SELECT id,username,password $q = mysql_query("SELECT id,username,password
FROM users FROM users
WHERE username='$user' WHERE username='$user'
$typequery
AND deleted='no'"); AND deleted='no'");
echo mysql_error(); echo mysql_error();
if(mysql_num_rows($q) != 1) return false; if(mysql_num_rows($q) != 1) return false;
@ -80,6 +82,21 @@
$notice=$_GET['notice']; $notice=$_GET['notice'];
$redirect = $_GET['redirect'];
$redirect_data = $_GET['redirectdata'];
switch($redirect) {
case 'roleadd':
$redirect_url = "&redirect=$redirect&redirectdata=$redirectdata";
break;
case 'roleattached':
$redirect_url = "&redirect=$redirect";
break;
default:
$redirect_url = '';
break;
}
switch($type) { switch($type) {
case 'volunteer': case 'volunteer':
// returns "notopenyet", "closed", or "open" // returns "notopenyet", "closed", or "open"
@ -103,13 +120,12 @@
{ {
if($_POST['pass'] && $_POST['user']) if($_POST['pass'] && $_POST['user'])
{ {
$id = try_login($_POST['user'], $_POST['pass'],$type); $id = try_login($_POST['user'], $_POST['pass']);
if($id == false) { if($id == false) {
header("location: user_login.php?type=$type&notice=login_failed"); header("location: user_login.php?type=$type&notice=login_failed$redirect_url");
exit; exit;
} else { } else {
$u = user_load($id); $u = user_load($id);
/* Make sure $type is in their types */ /* Make sure $type is in their types */
if(!in_array($type, $u['types'])) { if(!in_array($type, $u['types'])) {
/* Huh, someone is fudging with the HTML, get /* Huh, someone is fudging with the HTML, get
@ -154,9 +170,26 @@
} else { } else {
$_SESSION['multirole'] = false; $_SESSION['multirole'] = false;
} }
/* See if there is a redirect, and do that instead of
* taking them to their main page */
if($redirect != '') {
switch($redirect) {
case 'roleadd':
if(!in_array($multirole_data, $user_types))
$multirole_data = '';
header("location: user_multirole.php?action=add&type=$multirole_data");
exit;
case 'roleattached':
header("location: {$type}_main.php?notice=attached");
exit;
}
}
/* Now finally, take them to whatever main page they logged in for */ /* Now finally, take them to whatever main page they logged in for */
header("location: {$type}_main.php"); header("location: {$type}_main.php");
exit; exit;
} }
@ -176,10 +209,9 @@
$keys = array_keys($_SESSION); $keys = array_keys($_SESSION);
foreach($keys as $k) unset($_SESSION[$k]); foreach($keys as $k) unset($_SESSION[$k]);
if($notice != 'login_multirole') $notice = 'logged_out';
if($type != '') if($type != '')
header("location: user_login.php?type=$type&notice=logged_out"); header("location: user_login.php?type=$type&notice=$notice$redirect_url");
if($type != '')
header("location: user_login.php?type=$type&notice=logged_out");
exit; exit;
} }
else if($_GET['action']=="recover") else if($_GET['action']=="recover")
@ -219,9 +251,10 @@
{ {
/* Process a recover */ /* Process a recover */
$email = $_POST['email']; $email = $_POST['email'];
if(isEmailAddress($email)) { if(user_valid_email($email)) {
/* valid email address */ /* valid email address */
$q=mysql_query("SELECT * FROM users WHERE email='$email'"); $e = mysql_escape_string($email);
$q=mysql_query("SELECT * FROM users WHERE email='$e'");
$r=mysql_fetch_object($q); $r=mysql_fetch_object($q);
if($r) { if($r) {
$fn = trim($_POST['fn']); $fn = trim($_POST['fn']);
@ -293,13 +326,20 @@
case 'logged_out': case 'logged_out':
echo notice(i18n("You have been successfully logged out")); echo notice(i18n("You have been successfully logged out"));
break; break;
case 'login_multirole':
echo notice(i18n("You have been successfully logged out"));
echo notice(i18n("Now login to finish adding the new role to your account"));
break;
case 'multirole':
echo notice(i18n("Your email address already exists. Please login to your existing account below and you will be redirected to the multi-role creation page to complete your registration request."));
break;
} }
$recover_link = "user_login.php?type=$type&action=recover"; $recover_link = "user_login.php?type=$type&action=recover";
$new_link = "user_new.php?type=$type"; $new_link = "user_new.php?type=$type";
?> ?>
<form method="post" action="user_login.php?type=<?=$type?>"> <form method="post" action="user_login.php?type=<?="$type$redirect_url"?>">
<input type="hidden" name="action" value="login" /> <input type="hidden" name="action" value="login" />
<table><tr><td> <table><tr><td>
<?=i18n("Email")?>:</td><td><input type="text" size="20" name="user" /> <?=i18n("Email")?>:</td><td><input type="text" size="20" name="user" />

66
user_multirole.php
View File

@ -34,6 +34,59 @@
$u = user_load($_SESSION['users_id']); $u = user_load($_SESSION['users_id']);
$action = $_GET['action'];
function show_role($type, $u)
{
global $user_what;
if(user_add_role_allowed($type, $u) && !in_array($type, $u['types'])) {
echo "<li><a href=\"user_new.php?action=new&type=$type\"
onClick=\"return confirm('Are you sure you want to also be a {$user_what[$type]}?')\">{$user_what['volunteer']}</a>";
echo '</li>';
return 1;
}
return 0;
}
if($action == 'add') {
send_header("Select Additional Roles");
$u = user_load($_SESSION['users_id']);
//only display the named greeting if we have their name
echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
echo "<br />";
echo "<br />";
echo i18n('Your account is currently in the following roles').':';
echo '<ul>';
foreach($u['types'] as $t) echo "<li>{$user_what[$t]}</li>";
echo '</ul>';
echo i18n('Adding a role to your account WILL NOT delete anything in
your account or any existing roles you have. It will only add a new
role to your account.');
echo '<br /><br />';
echo i18n('When you add a new role to your account you will be
automatically logged out. To complete the process please log back in
using your existing email and password.');
echo '<br /><br />';
echo i18n('Select a Role to add to your account');
echo ':';
echo '<ul>';
$x += show_role('volunteer', $u);
if($x == 0) {
echo '<li>';
echo i18n('There are no more roles that can be added to your account');
echo '</li>';
}
echo '</ul>';
send_footer();
exit;
}
if(count($u['types']) <= 1) { if(count($u['types']) <= 1) {
/* This user doesn't have multiple roles, send them to their /* This user doesn't have multiple roles, send them to their
* proper page */ * proper page */
@ -41,14 +94,13 @@
exit; exit;
} }
if($_GET['type']) { if($action == 'switch') {
/* Validate the input */ /* Validate the input */
$type = $_GET['type']; $type = $_GET['type'];
if(!in_array($type, $user_types)) { if(!in_array($type, $user_types)) {
header('location: index.php'); header("location: {$_SESSION['users_type']}_main.php");
exit; exit;
} }
/* Make sure the user is actually allowed to be in the /* Make sure the user is actually allowed to be in the
* requested role */ * requested role */
if(!in_array($type, $u['types'])) { if(!in_array($type, $u['types'])) {
@ -68,7 +120,7 @@
switch($_GET['notice']) { switch($_GET['notice']) {
case 'already_logged_in': case 'already_logged_in':
echo error(i18n('You are already logged in, please use the [Logout] link in the upper right to logout before loggin in as a different user')); echo error(i18n('You are already logged in, please use the [Logout] link in the upper right to logout before logging in as a different user'));
break; break;
} }
//only display the named greeting if we have their name //only display the named greeting if we have their name
@ -82,7 +134,7 @@
foreach($user_types as $t) { foreach($user_types as $t) {
if(in_array($t, $u['types'])) { if(in_array($t, $u['types'])) {
echo "<a href=\"user_multirole.php?type=$t\">{$user_what[$t]}</a><br />"; echo "<a href=\"user_multirole.php?action=switch&type=$t\">{$user_what[$t]}</a><br />";
echo "<br />"; echo "<br />";
} }
} }

82
user_new.php
View File

@ -27,23 +27,26 @@
require_once("user.inc.php"); require_once("user.inc.php");
$type = false; $type = false;
/*
if(isset($_SESSION['users_type'])) { if(isset($_SESSION['users_type'])) {
send_header("Registration", array()); send_header("Registration", array());
echo i18n("Please logout before creating a new user\n"); echo i18n("Please logout before creating a new user\n");
send_footer(); send_footer();
exit; exit;
} }
*/
$types = array('volunteer', 'committee', 'student','judge');
$type = $_GET['type']; $type = $_GET['type'];
if(!in_array($type, $types)) { if(!in_array($type, $user_types)) {
send_header("Registration"); send_header("Registration");
echo i18n("Invalid new registration\n"); echo i18n("Invalid new registration\n");
send_footer(); send_footer();
exit; exit;
} }
$notice=$_GET['notice']; $notice = $_GET['notice'];
$action = $_GET['action'];
if($action == '') $action = $_POST['action'];
switch($type) { switch($type) {
case 'volunteer': case 'volunteer':
@ -106,19 +109,59 @@
exit; exit;
} }
if($action == 'new') {
if($_POST['action']=="new")
{
$create = true; $create = true;
$data_fn = mysql_escape_string(stripslashes($_POST['fn'])); $data_fn = mysql_escape_string(stripslashes($_POST['fn']));
$data_ln = mysql_escape_string(stripslashes($_POST['ln'])); $data_ln = mysql_escape_string(stripslashes($_POST['ln']));
$data_email = $_POST['email']; $data_email = stripslashes($_POST['email']);
$sql_email = mysql_escape_string($data_email);
$registrationpassword = $_POST['registrationpassword'];
if(!isEmailAddress($data_email)) { /* Strict validate the email */
if(!user_valid_email($data_email)) {
$notice = 'email_invalid'; $notice = 'email_invalid';
$data_email = ''; $data_email = '';
$create = false; $create = false;
} }
/* See if this email already exists */
$q = mysql_query("SELECT id,types FROM users WHERE email='$sql_email' OR username='$sql_email'");
if(mysql_num_rows($q) > 0) {
/* It already exists, make sure they're not already in this role */
$r = mysql_fetch_object($q);
$types = split(',', $r->types);
if(in_array($type, $types)) {
$notice = 'role_exists';
$create = false;
} else {
/* If they're already logged in, we can go ahead and
* add this role. We've passed all the required checks
* for creating a new user of this role.
* The user has already been warned about being logged
* out. */
if(isset($_SESSION['users_id'])) {
/* User create does last minute checks, like
* ensuring a student doesn't try to also
* register as a judge */
$u = user_load($_SESSION['users_id']);
$u = user_create($type, $u);
$_SESSION['users_type'] = $type;
header("location: user_login.php?action=logout&notice=login_multirole&redirect=roleattached");
exit;
}
/* forward the user to the login page for whatever role
* they already have (it doesn't matter), and
* setup a login role_add redirect */
header("location: user_login.php?type={$types[0]}&notice=multirole&redirect=roleadd&redirectdata=$type");
exit;
}
}
if($data_fn == '' or $data_ln == '') {
$notice = 'name_invalid';
$create = false;
}
if($create == true) { if($create == true) {
/* Generate a password */ /* Generate a password */
@ -127,10 +170,13 @@
for($x=0;$x<12;$x++) $password .= $pchars{rand(0,61)}; for($x=0;$x<12;$x++) $password .= $pchars{rand(0,61)};
/* Add the user */ /* Add the user */
$q = "INSERT INTO users (types,firstname,lastname,username,password,passwordexpiry,email,created) VALUES ( $u = user_create($type);
'$type', '$data_fn','$data_ln','$data_email','$password','0000-00-00','$data_email',NOW());"; $u['firstname'] = $data_fn;
mysql_query($q); $u['lastname'] = $data_ln;
echo mysql_error(); $u['username'] = $data_email;
$u['password'] = $password;
$u['email'] = $data_email;
user_save($u);
/* Send the email */ /* Send the email */
email_send($welcome_email, $data_email, email_send($welcome_email, $data_email,
@ -155,6 +201,18 @@
echo '<br />'; echo '<br />';
echo error(i18n("The email address is invalid")); echo error(i18n("The email address is invalid"));
echo '<br />'; echo '<br />';
break;
case 'name_invalid':
echo '<br />';
echo error(i18n("You must enter your first and last name"));
echo '<br />';
break;
case 'role_exists':
echo '<br />';
echo error(i18n("That email address has an existing {$user_what[$type]} registration"));
echo notice(i18n("Use the 'recover password' option on the {$user_what[$type]} login page if you have forgotten your password"));
echo '<br />';
break;
} }
?> ?>

3
volunteer_main.php
View File

@ -39,6 +39,9 @@
case 'already_logged_in': case 'already_logged_in':
echo error(i18n('You are already logged in, please use the [Logout] link in the upper right to logout before loggin in as different user')); echo error(i18n('You are already logged in, please use the [Logout] link in the upper right to logout before loggin in as different user'));
break; break;
case 'attached':
echo happy(i18n('The Volunteer role has been attached to your account. Use the [Switch Roles] link in the upper right to change roles while you are logged in'));
break;
} }
//only display the named greeting if we have their name //only display the named greeting if we have their name