From 57f349b1b115d0648b81bf4a529ae2053a3ff0d8 Mon Sep 17 00:00:00 2001 From: dave Date: Thu, 13 Dec 2007 18:09:22 +0000 Subject: [PATCH] - Add a year field to the users db, we'll need it eventually - Add a designate field to the schools, to indicate an independent, standard, private, etc. school. It's not editable yet, but.. eventually. - Fix generatePassword to use proper string indexing, and remove the possibility of indexing beyond the end of the string. - Add "Invite" and "SinglePassword" modes for volunteer registration. - Update the admin section, add a new volunteers page to contain links to all volunteer options --- admin/index.php | 2 +- admin/user_invite.php | 136 +++++++++++++++++++++++ admin/volunteer_positions_manager.php | 4 +- admin/volunteers.php | 42 +++++++ common.inc.php | 6 +- db/db.code.version.txt | 2 +- db/db.update.79.sql | 19 ++++ register_participants_tours.php | 4 +- user_multirole.php | 4 +- user_new.php | 153 ++++++++++++++------------ 10 files changed, 293 insertions(+), 79 deletions(-) create mode 100644 admin/user_invite.php create mode 100644 admin/volunteers.php create mode 100644 db/db.update.79.sql diff --git a/admin/index.php b/admin/index.php index 8ae9da9..8e0ebc8 100644 --- a/admin/index.php +++ b/admin/index.php @@ -43,7 +43,7 @@ echo "".i18n("Translations Management")."
"; echo "".i18n("Report Management")."
"; if($config['volunteer_enable'] == 'yes') { - echo "".i18n("Volunteer Position Management")."
"; + echo "".i18n("Volunteer Management")."
"; } if($config['tours_enable'] == 'yes') { echo "".i18n("Tour Management")."
"; diff --git a/admin/user_invite.php b/admin/user_invite.php new file mode 100644 index 0000000..4c27d8c --- /dev/null +++ b/admin/user_invite.php @@ -0,0 +1,136 @@ + + Copyright (C) 2005 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +?> + 'admin/volunteer.php'); + break; + case 'judge': + $header_data = array('Judges Management' => 'admin/judges.php'); + break; + } + + if($_POST['action']=='confirm' && $email != '') { + $header_data = array_merge($header_data, + array("{$user_what[$type]} Invitations" => "admin/user_invite.php?type=$type")); + send_header("{$user_what[$type]} Confirm", + array_merge(array('Committee Main' => 'committee_main.php', + 'Administration' => 'admin/index.php'), + $header_data) ); + } else { + send_header("{$user_what[$type]} Invitations", + array_merge(array('Committee Main' => 'committee_main.php', + 'Administration' => 'admin/index.php'), + $header_data) ); + } + + $id = intval($_POST['id']); + if($_POST['action']=='confirm' && $id > 0) { + /* Add $type to their types */ + $id = intval($_POST['id']); + $u = user_load($id); + $u = user_create($type, $u); + echo happy(i18n("%1 has been added as a {$user_what[$type]}", + array($email))); + email_send("{$type}_add_invite", $email, + array("FAIRNAME"=>$config['fairname']), + array("FAIRNAME"=>$config['fairname'], + "EMAIL"=>$email)); + } + + + if($_POST['action']=="invite" && $email != '') { + $e = mysql_escape_string($email); + $q = mysql_query("SELECT id,types FROM users WHERE email='$e' OR username='$e'"); + if(mysql_num_rows($q) > 0) { + /* Check the roles */ + $r = mysql_fetch_object($q); + $types = split(',', $r->types); + if(in_array($type, $types)) { + echo notice(i18n("%1 already exists and is already a {$user_what[$type]}", + array($email))); + } else { + echo i18n("%1 already exists with the following roles:", array($email)); + echo '
'; + echo i18n("Instead of generating a new password and + creating a new account, the role of {$user_what[$type]} + will be added to this account."); + echo "
"; + echo "\n"; + echo "id}\" />\n"; + echo "\n"; + echo "\n"; + echo "
\n"; + send_footer(); + exit; + } + } else { + /* They don't exist, create a new account */ + $u = user_create($type); + $u['username'] = $email; + $u['password'] = generatePassword(12); + $u['email'] = $email; + user_save($u); + + email_send("{$type}_new_invite",$email, + array("FAIRNAME"=>$config['fairname']), + array("FAIRNAME"=>$config['fairname'], + "EMAIL"=>$email, + "PASSWORD"=>$u['password'])); + + echo happy(i18n("%1 has been invited to be a {$user_what[$type]}",array($email))); + } + } + + + echo i18n("Enter the {$user_what[$type]} email address to invite them to be a {$user_what[$type]}"); + echo "
\n"; + echo "
\n"; + echo "
\n"; + echo "\n"; + echo i18n("Email").": "; + echo "\n"; + echo "\n"; + echo "
\n"; + + send_footer(); +?> diff --git a/admin/volunteer_positions_manager.php b/admin/volunteer_positions_manager.php index db1df07..838b240 100644 --- a/admin/volunteer_positions_manager.php +++ b/admin/volunteer_positions_manager.php @@ -28,7 +28,9 @@ user_auth_required('committee', 'admin'); send_header("Volunteer Positions Manager", - array("Administration" => "admin/") + array("Committee Main" => 'committee_main.php', + "Administration" => "admin/", + "Volunteer Management" => "admin/volunteers.php") ); diff --git a/admin/volunteers.php b/admin/volunteers.php new file mode 100644 index 0000000..2deff98 --- /dev/null +++ b/admin/volunteers.php @@ -0,0 +1,42 @@ + + Copyright (C) 2005 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +?> + 'committee_main.php', + 'Administration' => 'admin/index.php') + ); + echo "
"; + if($config['volunteer_registration_type']=="invite") + { + echo "".i18n("Invite Volunteers")."
"; + } + echo "".i18n("Volunteer Position Management")."
"; + + send_footer(); + +?> diff --git a/common.inc.php b/common.inc.php index 1e8995a..0978f56 100644 --- a/common.inc.php +++ b/common.inc.php @@ -991,13 +991,11 @@ function generatePassword($pwlen=8) { //these are good characters that are not easily confused with other characters :) $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; - $len=strlen($available); + $len=strlen($available) - 1; $key=""; for($x=0;$x<$pwlen;$x++) - { - $key.=$available[rand(0,$len)]; - } + $key.=$available{rand(0,$len)}; return $key; } diff --git a/db/db.code.version.txt b/db/db.code.version.txt index 8e14edc..85322d0 100644 --- a/db/db.code.version.txt +++ b/db/db.code.version.txt @@ -1 +1 @@ -78 +79 diff --git a/db/db.update.79.sql b/db/db.update.79.sql new file mode 100644 index 0000000..1826384 --- /dev/null +++ b/db/db.update.79.sql @@ -0,0 +1,19 @@ +ALTER TABLE `users` ADD `year` INT NOT NULL AFTER `email` ; +ALTER TABLE `schools` ADD `designate` VARCHAR( 32 ) NOT NULL AFTER `postalcode` ; + +INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( +'volunteer_registration_type', 'open', 'Volunteer Registration', 'enum', 'open=Open|singlepassword=Single Password|invite=Invite', '150', 'The type of Volunteer Registration to use', '-1'); + +INSERT INTO `config` ( `var` , `val` , `category` , `type` , `type_values` , `ord` , `description` , `year`) VALUES ( + 'volunteer_registration_singlepassword', '', 'Volunteer Registration', 'text', '', '160', 'The single password to use if using Single Password Volunteer Registration (the option above this one). Ignored if not using Single Password volunteer registration.', '-1'); + +INSERT INTO `emails` ( `id` , `val` , `name` , `description` , `from` , `subject` , `body` , `type` ) +VALUES ( +'', 'volunteer_new_invite', 'Volunteers - New Volunteeer Invitation', 'This is sent to a new volunteer when they are invited using the invite volunteers administration section, only available when the Volunteer Registration Type is set to Invite', '', 'Volunteer Registration for [FAIRNAME]', 'You have been invited to be a volunteer for the [FAIRNAME]. An account has been created for you to login with and complete your information. You can login to the volunteer registration site with:\n\nEmail Address: [EMAIL]\nPassword: [PASSWORD]\n +You can change your password once you login.', 'system' +); + +INSERT INTO `emails` ( `id` , `val` , `name` , `description` , `from` , `subject` , `body` , `type` ) +VALUES ( +'', 'volunteer_add_invite', 'Volunteers - New Volunteeer Invitation', 'This is sent to existing users when they are invited using the invite volunteers administration section, only available when the Volunteer Registration Type is set to Invite', '', 'Volunteer Registration for [FAIRNAME]', 'The role of volunteer for the [FAIRNAME] has been added to your account by a committee member. When you login again, there will be a [Switch Roles] link in the upper right hand area of the page. Clicking on [Switch Roles] will let you switch between being a Volunteer and your other roles without needing to logout.\n', 'system'); + diff --git a/register_participants_tours.php b/register_participants_tours.php index dbe9967..d315f46 100644 --- a/register_participants_tours.php +++ b/register_participants_tours.php @@ -85,6 +85,8 @@ echo mysql_error(); foreach($ts AS $rank=>$tid) { if($tid == -1) continue; + $rank = intval($rank); + $x = intval($tid); /* If this choice has already been selected, don't record it */ @@ -98,7 +100,7 @@ echo mysql_error(); "'".intval($students_id)."', ". "'".intval($tid)."', ". "'".$config['FAIRYEAR']."', ". - "'".intval($rank)."')"); + "'$rank')"); echo mysql_error(); } diff --git a/user_multirole.php b/user_multirole.php index 85df73f..67f65f6 100644 --- a/user_multirole.php +++ b/user_multirole.php @@ -40,8 +40,8 @@ { global $user_what; if(user_add_role_allowed($type, $u) && !in_array($type, $u['types'])) { - echo "
  • {$user_what['volunteer']}"; + echo "
  • {$user_what['volunteer']}"; +//onClick=\"return confirm('Are you sure you want to also be a {$user_what[$type]}?')\" echo '
    • '; return 1; } diff --git a/user_new.php b/user_new.php index e902b78..601c16d 100644 --- a/user_new.php +++ b/user_new.php @@ -52,8 +52,8 @@ case 'volunteer': // returns "notopenyet", "closed", or "open" $reg_open = user_volunteer_registration_status(); - $reg_mode = 'open'; - $reg_single_password = ''; + $reg_mode = $config['volunteer_registration_type']; + $reg_single_password = $config['volunteer_registration_singlepassword']; $password_expiry_days = $config['volunteer_password_expiry_days']; $welcome_email = "volunteer_welcome"; break; @@ -87,7 +87,7 @@ $data_email = ''; if($reg_open != "open") { - send_header("{$user_what[$type]} - Registration", + send_header("{$user_what[$type]} Registration", array("{$user_what[$type]} Login" => "user_login.php?type=$type") ); echo i18n("{$user_what[$type]} registration is not open"); echo "
    "; @@ -96,33 +96,38 @@ } if($reg_mode == 'invite') { - send_header("{$user_what[$type]} - Registration", + send_header("{$user_what[$type]} Registration", array("{$user_what[$type]} Login" => "user_login.php?type=$type") ); - echo i18n("{$user_what[$type]} is by invitation only. You can not create a new account. In order to register you must have your account created for you by the science fair committee.")."
    "; - echo i18n("Once your account is created you'll be invited via email to login and complete your {$user_what[$type]} registration information. If you have been invited already, you need to use login using the email address that you were invited with. If you need an invitation, please contact the science fair committee by sending us an email: %1.", + echo i18n("{$user_what[$type]} Registration is by invitation only. You can not create a new account.")."

    "; + echo i18n("In order to register you must have your account created for you by the science fair committee.")."

    "; + echo i18n("Once your account is created you'll be invited via email to login and complete your {$user_what[$type]} registration information. If you have been invited already, you need to use login using the email address that you were invited with. If you need an invitation, please contact the science fair committee by sending us an email: %1.", array($config['fairname'],$config['fairmanageremail'])); echo "
    "; - echo "
    "; - echo "Back to Login"; send_footer(); exit; } - if($action == 'new') { - $create = true; + /* We're going to use a case statement here, so we can break out of + * it at any moment.. there are a lot of reasons why we don't want + * to create a new account.. too many to nest inside IF statements.. + * this is the one time I wish php had a goto statement. */ + switch($action) { + case 'new': $data_fn = mysql_escape_string(stripslashes($_POST['fn'])); $data_ln = mysql_escape_string(stripslashes($_POST['ln'])); $data_email = stripslashes($_POST['email']); $sql_email = mysql_escape_string($data_email); $registrationpassword = $_POST['registrationpassword']; - /* Strict validate the email */ - if(!user_valid_email($data_email)) { - $notice = 'email_invalid'; - $data_email = ''; - $create = false; + /* Check the registration singlepassword */ + if($reg_mode == 'singlepassword') { + if($reg_single_password != $_POST['registrationpassword']) { + $notice = 'singlepassword_wrong'; + break; /* Don't want to create an account */ + } } + /* See if this email already exists */ $q = mysql_query("SELECT id,types FROM users WHERE email='$sql_email' OR username='$sql_email'"); @@ -132,7 +137,7 @@ $types = split(',', $r->types); if(in_array($type, $types)) { $notice = 'role_exists'; - $create = false; + break; /* Don't want to create an account */ } else { /* If they're already logged in, we can go ahead and * add this role. We've passed all the required checks @@ -140,7 +145,7 @@ * The user has already been warned about being logged * out. */ if(isset($_SESSION['users_id'])) { - /* User create does last minute checks, like + /* user_create does last minute checks, like * ensuring a student doesn't try to also * register as a judge */ $u = user_load($_SESSION['users_id']); @@ -157,43 +162,47 @@ } } + /* Strict validate the email */ + if(!user_valid_email($data_email)) { + $notice = 'email_invalid'; + $data_email = ''; + break; /* Don't want to create an account */ + } + + /* Check the names */ if($data_fn == '' or $data_ln == '') { $notice = 'name_invalid'; - $create = false; + break; /* Don't want to create an account */ } + /* If we havne't encountered a break; or an exit; yet, then go ahead + * and create the account */ - if($create == true) { - /* Generate a password */ - $password = ''; - $pchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"; - for($x=0;$x<12;$x++) $password .= $pchars{rand(0,61)}; + /* Generate a password */ + $password = generatePassword(12); - /* Add the user */ - $u = user_create($type); - $u['firstname'] = $data_fn; - $u['lastname'] = $data_ln; - $u['username'] = $data_email; - $u['password'] = $password; - $u['email'] = $data_email; - user_save($u); - - /* Send the email */ - email_send($welcome_email, $data_email, - array("FAIRNAME"=>i18n($config['fairname'])), - array("PASSWORD"=>$password, - "EMAIL"=>$data_email) - ); - - /* now redirect to the login page */ - header("Location: user_login.php?type=$type¬ice=created_sent"); - exit; - } + /* Add the user */ + $u = user_create($type); + $u['firstname'] = $data_fn; + $u['lastname'] = $data_ln; + $u['username'] = $data_email; + $u['password'] = $password; + $u['email'] = $data_email; + user_save($u); + /* Send the email */ + email_send($welcome_email, $data_email, + array("FAIRNAME"=>i18n($config['fairname'])), + array("PASSWORD"=>$password, + "EMAIL"=>$data_email) + ); + /* now redirect to the login page */ + header("Location: user_login.php?type=$type¬ice=created_sent"); + exit; } - send_header("{$user_what[$type]} - Registration", + send_header("{$user_what[$type]} Registration", array("{$user_what[$type]} Login" => "user_login.php?type=$type") ); switch($notice) { @@ -207,10 +216,16 @@ echo error(i18n("You must enter your first and last name")); echo '
    '; break; + case 'singlepassword_wrong': + echo '
    '; + echo error(i18n("The {$user_what[$type]} Registration Password you have entered is incorrect.")); + echo '
    '; + break; case 'role_exists': echo '
    '; echo error(i18n("That email address has an existing {$user_what[$type]} registration")); - echo notice(i18n("Use the 'recover password' option on the {$user_what[$type]} login page if you have forgotten your password")); + echo notice(i18n("Use the 'recover password' option on the %1 {$user_what[$type]} login page %2 if you have forgotten your password", + array("", ""))); echo '
    '; break; } @@ -218,37 +233,37 @@ ?>
    - - +
    - : -
    - : -
    - : -
    +
    + : +
    + : +
    + : +
    + "; + echo i18n("Remember, once you click the Register button below, you will be logged out. You can immediately log back in."); + echo "
    "; + } if($reg_mode == 'singlepassword') { - echo ""; - echo i18n("{$user_what[$type]} Password").":"; - echo ""; + echo '
    '; + echo i18n("{$user_what[$type]} Registration is protected by a password. You must know the {$user_what[$type]} Registration Password in order to create an account. Please contact the committee to obtain the password if you wish to register."); + echo "
    "; + echo i18n("{$user_what[$type]} Password").":"; + echo "
    "; } ?> - - - /> - - +
    />
    "; - echo i18n("When you click the 'Register' button, your password will be randomly created and emailed to you. When you login for the first time you will be prompted to change your password. It can sometimes take several minutes for the email to send, so be patient."); - echo "
    "; - - if($reg_mode == 'singlepassword') { + if(!isset($_SESSION['users_id'])) { echo "
    "; - echo i18n("{$user_what[$type]} registration is protected by a password. You must know the $what Password in order to create an account. Please contact the committee to obtain the password if you wish to register."); + echo i18n("When you click the 'Register' button, your password will be randomly created and emailed to you. When you login for the first time you will be prompted to change your password. It can sometimes take several minutes for the email to send, so be patient."); echo "
    "; - } - + } send_footer(); ?>