From 32b3d1d368c7021e64df1b7c402f33d4d7cd3532 Mon Sep 17 00:00:00 2001
From: james <james>
Date: Wed, 2 Mar 2011 06:22:27 +0000
Subject: [PATCH] Add a quick and dirty participant_invite page to allow
 teachers to invite participants, since the teacher interface hasnt been
 created yet on the drupal side

---
 account.inc.php        |   8 +-
 participant_invite.php | 243 +++++++++++++++++++++++++++++++++++++++++
 user.inc.php           |   5 +
 3 files changed, 255 insertions(+), 1 deletion(-)
 create mode 100644 participant_invite.php

diff --git a/account.inc.php b/account.inc.php
index 0b787e8..94c831d 100644
--- a/account.inc.php
+++ b/account.inc.php
@@ -298,7 +298,13 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
 			}
 			break;
 		case 'invite':
-			$error = 'invalidrole';
+			if( in_array("teacher",$_SESSION['roles']) && $role=='participant') {
+				//if they are a teacher, they can add a participant role a-ok
+				$error = '';
+			}
+			else {
+				$error = 'invalidrole(invite only)';
+			}
 			break;
 	}
 	}
diff --git a/participant_invite.php b/participant_invite.php
new file mode 100644
index 0000000..1fe1c57
--- /dev/null
+++ b/participant_invite.php
@@ -0,0 +1,243 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2005 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+ require_once('common.inc.php');
+ require_once('user.inc.php');
+
+ user_auth_required('teacher');
+ $schoolid=user_field_required("schools_id","user_edit.php?tab=school");
+ //include "judges.inc.php";
+ $type="participant";
+
+ /* AJAX query */
+ if(intval($_POST['ajax']) == 1) {
+ 	/* Do ajax processing for this file */
+	$email = mysql_real_escape_string($_POST['email']);
+
+	/* Sanity check type */
+	if(!array_key_exists($type, $roles)) {
+		echo "err\n";
+		exit;
+	}
+
+	//we use username='email' because if we are INVITING someone, then
+	//they pretty much have to user their email address as their username
+	//otherwise the system has no way to send them the details
+	$q = mysql_query("SELECT id,deleted FROM accounts WHERE username='$email' OR email='$email'");
+	if(mysql_num_rows($q) == 0) {
+		/* Account doesn't exist */
+		echo "notexist\n";
+		exit;
+	}
+	$account = mysql_fetch_assoc($q);
+
+	if($account['deleted'] == 'yes') {
+		echo "notexist\n";
+		exit;
+	}
+
+	$u = user_load_by_accounts_id($account['id']);
+	if(!$u) {
+		//user_load_by_accounts_id returns false if there is no user record for this account for this conference
+		echo "norole\n";
+		exit;
+	}
+
+	if(!array_key_exists($type, $u['roles'])) {
+		echo "norole\n";
+		exit;
+	}
+
+	if($u['conferences_id'] != $conference['id']) {
+		echo "noconference\n";
+		exit;
+	}
+
+	echo "exist\n"; 
+ 	exit;
+ }
+
+ send_header("Invite Participants",
+ 		array('Committee Main' => 'committee_main.php',
+			'Administration' => 'admin/index.php'
+			) );
+
+?>
+	<script type="text/javascript">
+	var checkTimeout;
+
+	function checkEmailLater() {
+		clearTimeout(checkTimeout);
+		checkTimeout=setTimeout('checkEmail()',500);
+	}
+	function checkEmail() {
+		var url, email, role;
+
+		role = $("#role").val();
+		email = $("#email").val();
+
+		if(email.length < 3 || role == "") {
+			update_status("<?=i18n('Enter an email address')?>");
+			$("#button").attr('disabled',true);
+			$("#button").val('<?=i18n("Invite")?>');
+			return true;
+		}
+		update_status("Checking...");
+		$.post("participant_invite.php",{ajax: 1, email: email, role: role},function(d) {
+				var lines=d.split("\n");
+				var response=lines[0];
+//					alert(response);
+				switch(response) {
+				case "err":
+					update_status("<?=i18n('Enter an email address')?>");
+					$("#button").attr('disabled',true);
+					$("#button").val('<?=i18n("Invite")?>');
+					$("#action").val("err");
+					break;
+				case "notexist":
+					update_status("<?=i18n('User not found.  Choose the \"Invite new participant\" button below to create an account for this user and send them an email invite.')?>");
+					$("#button").attr('disabled',false);
+					$("#button").val('<?=i18n("Invite new participant")?>');
+					$("#action").val("invitenew");
+					break;
+				case "norole":
+					update_status("<?=i18n('Account found without the selected role.<br />Choose the \"Invite existing account\" button below to add the participant role to this user\'s account and send them email notice of the change.')?>");
+					$("#button").attr('disabled',false);
+					$("#button").val('<?=i18n("Invite existing account to be a participant")?>');
+					$("#action").val("inviteexisting");
+					break;
+				case "exist":
+					update_status("<?=i18n('This user already exists as a participant.  They cannot be invited.')?>");
+					$("#button").attr('disabled',true);
+					$("#button").val('<?=i18n("Cannot Invite")?>');
+					$("#action").val("err");
+					break;
+				}
+
+		});
+		return true;
+	}
+
+	function update_status(text) {
+		$("#status").html(text);
+	}
+
+	</script>
+<?
+
+ echo "<br />";
+
+/*
+//FIXME: commente dby james 2010-12-21 - we need ta better way to know which types we can invite
+ $allowed_types = array('judge', 'volunteer');
+ if($type == '') $type = $_GET['type'];
+ if($type != '') {
+	 if(!in_array($type, $allowed_types)) {
+ 		echo "Type $type not allowed for invite<br /><br/>";
+		exit;
+	}
+ }
+ */
+
+if($_POST['action']=="invitenew" && $_POST['email'] && $type != '') {
+	 $newUser=user_invite($_POST['email'], null, $_POST['email'], $type);
+	 if(is_array($newUser)) {
+		echo happy(i18n("%1 successfully invited to be a %2",array($_POST['email'],$type)));
+	 }
+	 else {
+		 echo error($newUser);
+	 }
+ }
+ else if($_POST['action']=="inviteexisting" && $_POST['email'] && $type != '') {
+
+	 $newUser=user_invite($_POST['email'], null, $_POST['email'], $type);
+	 if(is_array($newUser)) {
+		echo happy(i18n("%1 successfully invited to be a %2",array($_POST['email'],$type)));
+	 }
+	 else {
+		 echo error($newUser);
+	 }
+ }
+
+
+ echo "<form method=\"post\" name=\"invite\" action=\"participant_invite.php\">\n";
+ echo "<input type=\"hidden\" name=\"action\" id=\"action\" value=\"invite\" />\n";
+ echo "<table>";
+ /*
+ echo "<tr><td>";
+ echo i18n("Select a Role: ");
+ echo "</td><td><select id=\"role\" name=\"type\" onChange=\"checkEmail();\">\n";
+ echo "<option value=\"\" >".i18n('Choose')."</option>\n";
+ $sel = ($type == 'judge') ? 'selected="selected"' : '';
+ echo "<option value=\"judge\" $sel >".i18n('Judge')."</option>\n";
+ $sel = ($type == 'volunteer') ? 'selected="selected"' : '';
+ echo "<option value=\"volunteer\" $sel >".i18n('Volunteer')."</option>\n";
+ echo "</select></td></tr>";
+ */
+ echo "<tr><td>";
+ echo i18n("Enter an Email: ");
+ echo "</td><td><input type=\"text\" id=\"email\" name=\"email\" size=\"40\" onKeyUp=\"checkEmailLater();\" />";
+ echo "</td></tr></table>";
+ echo "<br />\n";
+ echo "<div class=\"notice\" id=\"status\">".i18n('Enter an email address')."</div>";
+
+ echo "<br />\n";
+ echo "<input id=\"button\" type=\"submit\" disabled=\"disabled\" value=\"".i18n("Invite")."\" />\n";
+
+ echo "</form>\n";
+
+ $q=mysql_query("SELECT users.firstname, users.lastname, accounts.username, accounts.email, accounts.pendingemail FROM users
+ JOIN accounts on users.accounts_id=accounts.id 
+ JOIN user_roles ON user_roles.users_id=users.id
+ JOIN roles ON user_roles.roles_id=roles.id
+ WHERE schools_id='$schoolid' 
+ AND conferences_id='{$conference['id']}'
+ AND roles.type='participant'");
+ echo mysql_error();
+ echo "<br />";
+ echo "<br />";
+ echo "<h2>".i18n("The following participants have been invited from your school")."</h2>\n";
+ echo "<table class=\"tableview\">\n";
+ echo "<tr><th>Username</th><th>Email Address</th><th>First Name</th><th>Last Name</th>";
+ echo "</tr>\n";
+ while($r=mysql_fetch_object($q)) {
+	 echo "<tr>";
+	 echo " <td>$r->username</td>";
+	 echo " <td>";
+	 if($r->email) {
+		 echo "$r->email";
+	 }
+	 else if($r->pendingemail) {
+		 echo "<i>$r->pendingemail</i>";
+	 }
+	 echo "</td>";
+	 echo " <td>$r->firstname</td>";
+	 echo " <td>$r->lastname</td>";
+	 echo "</tr>";
+
+ }
+ echo "</table>\n";
+
+ send_footer();
+?>
diff --git a/user.inc.php b/user.inc.php
index 0730e94..ff14f23 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -1701,8 +1701,13 @@ function user_invite($username, $password, $email, $roles_id){
 					$returnval = 'Error creating user';
 				}else{
 					if($roletype == 'participant'){
+						/*
 						$newUser['schools_id'] = $u['schools_id'];
 						user_save($newUser);
+						*/
+						//user_save doesnt save schools_id, and we cant use the user_set_school either because it relies on the access code being passed in, so, lets just set it manually.
+						mysql_query("UPDATE users SET schools_id = {$u['schools_id']} WHERE id = " . $newUser['id']);
+
 					}
 				}
 			}else{