From 2c7e23b2768354885ce1daa9733df486387449d4 Mon Sep 17 00:00:00 2001
From: james <james>
Date: Tue, 27 Jul 2010 19:06:36 +0000
Subject: [PATCH] Fix some user/account bugs Start fixing the schoolstudents
 page (it now adds users, but it doesnt re-load them or edit htem or delete
 them)

---
 account.inc.php        | 23 ++++++++++++----
 db/db.code.version.txt |  2 +-
 db/db.update.205.sql   |  2 ++
 schoolstudents.php     | 59 ++++++++++++++++++++----------------------
 user.inc.php           |  7 ++---
 5 files changed, 53 insertions(+), 40 deletions(-)
 create mode 100644 db/db.update.205.sql

diff --git a/account.inc.php b/account.inc.php
index 7ddb1dd..0401786 100644
--- a/account.inc.php
+++ b/account.inc.php
@@ -100,12 +100,25 @@ function account_load($id)
 	$id = intval($id);
 	$q = mysql_query("SELECT * FROM accounts WHERE id='$id'");
 	if(mysql_num_rows($q) == 0) {
-		echo "No such account $id";
-		exit;
+		return false;
 	}
 	if(mysql_num_rows($q) > 1) {
-		echo "More than one account returned for $id";
-		exit;
+		return false;
+	}
+
+	$a = mysql_fetch_assoc($q);
+	return $a;
+}
+
+function account_load_by_username($username)
+{
+	$un = mysql_real_escape_string($username);
+	$q = mysql_query("SELECT * FROM accounts WHERE username='$un'");
+	if(mysql_num_rows($q) == 0) {
+		return false;
+	}
+	if(mysql_num_rows($q) > 1) {
+		return false;
 	}
 
 	$a = mysql_fetch_assoc($q);
@@ -118,7 +131,7 @@ function account_create($username)
 	global $config;
 
 	/* Sanity check username */
-	if(!user_valid_user($username)) {
+	if(!account_valid_user($username)) {
 		return -1;
 	}
 
diff --git a/db/db.code.version.txt b/db/db.code.version.txt
index ad03f7c..485369e 100644
--- a/db/db.code.version.txt
+++ b/db/db.code.version.txt
@@ -1 +1 @@
-204
+205
diff --git a/db/db.update.205.sql b/db/db.update.205.sql
new file mode 100644
index 0000000..ff0adb5
--- /dev/null
+++ b/db/db.update.205.sql
@@ -0,0 +1,2 @@
+ALTER TABLE `accounts` CHANGE `id` `id` INT( 11 ) NOT NULL AUTO_INCREMENT;
+ALTER TABLE `accounts` ADD `created` DATETIME NOT NULL;
diff --git a/schoolstudents.php b/schoolstudents.php
index 1d7056e..b221a79 100644
--- a/schoolstudents.php
+++ b/schoolstudents.php
@@ -1,6 +1,7 @@
 <?php
 require_once('common.inc.php');
 require_once('user.inc.php');
+require_once('account.inc.php');
 
 if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode'] && $conference['type'] == 'scienceolympics'){
 
@@ -80,48 +81,46 @@ function process_newRecord($firstName, $lastName, $email){
 	}
 
 	// if they have an e-mail address, make sure it's not already in use
-	if($email != null){
-		$user = user_load_by_email($email);
+	if($email){
+		$account = account_load_by_username($email);
 	}else{
-		$user = false;
+		$account = false;
 	}
-	if($user != false){
-		return "e-mail address is already in use";
-	}else{
-		// we're creating a new user
-		if(strlen($email) != 0){
-			if(!isEmailAddress($email)){
-				// not a valid e-mail address
-				return "Invalid e-mail address";
-			}else{
-				// new e-mail address specified.  That'll be the username
-				$username = $email;
-			}
-		}else{
+
+	if(!$account) {
+		if($email) {
+			$username=$email;
+		}
+		else { 
 			// generate a user name
 			$nameBase = substr(strtolower($firstName), 0, 1) . strtolower($lastName);
 			$suffix = '';
 			do{
-				$q = mysql_fetch_array(mysql_query('SELECT COUNT(*) AS tally FROM users WHERE username="' . ($nameBase . $suffix) . '";'));
+				$q = mysql_fetch_array(mysql_query('SELECT COUNT(*) AS tally FROM accounts WHERE username="' . ($nameBase . $suffix) . '";'));
 				if($q['tally'] > 0){
 					if($suffix == '') $suffix = 1;
 					else $suffix++;
 				}
 			}while($q['tally'] > 0);
 			$username = $nameBase . $suffix;
-			
 		}
 		// now that we have the username we want to use, let's create the user
-		$user = user_create('student', $username);
-		$user['firstname'] = $firstName;
-		$user['lastname'] = $lastName;
-		$user['active'] = 'yes';
-		$user['complete'] = 'yes';
-		if($username == $email)
-			$user['email'] = $email;
-		$user['schools_id'] = $_SESSION['schoolid'];
-		user_save($user);
+		$account=account_create($username);
 	}
+	//next, we try to load their user record
+	$user = user_load(0,$account['id']);
+	if(!$user) {
+		$user=user_create($account['id']);
+	}
+
+	user_add_role($user,'student');
+
+	//we're gonna set teh firstname/lastname too
+	$user['firstname'] = $firstName;
+	$user['lastname'] = $lastName;
+		//and dont forget the school id, because we know what at this point
+	$user['schools_id'] = $_SESSION['schoolid'];
+	user_save($user);
 
 	$uid = $user['uid'];
 	echo user_row($uid, $username, $firstName, $lastName, $email);
@@ -131,9 +130,7 @@ function process_newRecord($firstName, $lastName, $email){
 // generate the table row for thisa given record
 function user_row($uid, $username, $firstName, $lastName, $email){
 	$rval = "<tr id=\"$uid\">";
-	$rval .= "<td onclick=\"populate($uid);\"";
-	$rval .= " onmouseover=\"document.body.style.cursor='pointer';\"";
-	$rval .= " onmouseout=\"document.body.style.cursor='auto';\"";
+	$rval .= "<td style=\"cursor: pointer;\" onclick=\"populate($uid);\"";
 	$rval .= ">$username</td>";
 
 	$rval .= "<td>$firstName</td>";
@@ -263,7 +260,7 @@ function draw_list(){
 				<th><?=i18n("Username");?></th>
 				<th><?=i18n("First Name");?></th>
 				<th><?=i18n("Last Name");?></th>
-				<th><?=i18n("Email Address");?></th>
+				<th><?=i18n("Email Address / Username");?><br />(Leave blank to auto-generate)</th>
 				<th></th>
 			</tr>
 			<tr>
diff --git a/user.inc.php b/user.inc.php
index 91cee01..a1027de 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -42,7 +42,7 @@ function user_load($users_id, $accounts_id = false)
 	$query = "SELECT * FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE ";
 	if($accounts_id != false) {
 		$accounts_id = intval($accounts_id);
-		$query .= "`users`.`accounts_id`='$accounts_id' ORDER BY `users`.`year` DESC LIMIT 1";
+		$query .= "`users`.`accounts_id`='$accounts_id' LIMIT 1";
 	} else {
 		$id = intval($users_id);
 		$query .= " `users`.`id`='$id'";
@@ -53,7 +53,7 @@ function user_load($users_id, $accounts_id = false)
 
 	if(mysql_num_rows($q) > 1) {
 		echo "ERROR: More than one user.\n";
-		exit;
+		return false;
 	}
 
 	/* Load the user */
@@ -443,7 +443,7 @@ function user_dupe($u, $new_year)
  * a student from co-existing with any other role . */
 function user_add_role_allowed(&$u, $role)
 {
-	foreach(array_keys($u['roles']) as $ur) {
+	foreach(array_keys($u['orig']['roles']) as $ur) {
 		switch($ur) {
 		case 'student':
 			/* Student cant' add any other role */
@@ -485,6 +485,7 @@ function user_create($accounts_id, $conferences_id=0)
 
 	/* Make sure the user doesn't already exist */
 	$q = mysql_query("SELECT id FROM users WHERE accounts_id='$accounts_id' AND conferences_id='$conferences_id'");
+	echo mysql_error();
 	if(mysql_num_rows($q)) {
 		echo "ERROR: user_create called for a user that already exists.\n";
 		exit;