forked from science-ation/science-ation
Modified user_load to load only fields relevant to the roles that the user has
This commit is contained in:
jacob
parent
a792b763a1
commit
78bf0c8751
118
user.inc.php
118
user.inc.php
@ -40,82 +40,61 @@ function user_load($users_id, $accounts_id = false)
|
||||
{
|
||||
/* Load user, join accounts so we also load the email, superuser flag */
|
||||
//hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc.
|
||||
$query = "SELECT users.id,
|
||||
users.accounts_id,
|
||||
users.conferences_id,
|
||||
users.salutation,
|
||||
users.firstname,
|
||||
users.lastname,
|
||||
users.sex,
|
||||
users.phonehome,
|
||||
users.phonework,
|
||||
users.phonecell,
|
||||
users.fax,
|
||||
users.organization,
|
||||
users.birthdate,
|
||||
users.lang,
|
||||
users.created,
|
||||
users.lastlogin,
|
||||
users.address,
|
||||
users.address2,
|
||||
users.city,
|
||||
users.province,
|
||||
users.postalcode,
|
||||
users.firstaid,
|
||||
users.cpr,
|
||||
users.fairs_id,
|
||||
users.years_school,
|
||||
users.years_regional,
|
||||
users.years_national,
|
||||
users.willing_chair,
|
||||
users.special_award_only,
|
||||
users.cat_prefs,
|
||||
users.div_prefs,
|
||||
users.divsub_prefs,
|
||||
users.languages,
|
||||
users.highest_psd,
|
||||
users.expertise_other,
|
||||
users.sponsors_id,
|
||||
users.primary,
|
||||
users.position,
|
||||
users.primary,
|
||||
users.schools_id,
|
||||
users.grade,
|
||||
accounts.email
|
||||
FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE ";
|
||||
if($accounts_id != false) {
|
||||
$accounts_id = intval($accounts_id);
|
||||
$query .= "`users`.`accounts_id`='$accounts_id' LIMIT 1";
|
||||
$users_id = mysql_result(mysql_query("SELECT users.id FROM users WHERE accounts_id = $accounts_id LIMIT 1", 0));
|
||||
} else {
|
||||
$id = intval($users_id);
|
||||
$query .= " `users`.`id`='$id'";
|
||||
$users_id = intval($users_id);
|
||||
}
|
||||
$q=mysql_query($query);
|
||||
echo mysql_error();
|
||||
if(mysql_num_rows($q) == 0)
|
||||
return false;
|
||||
|
||||
if(mysql_num_rows($q) > 1) {
|
||||
$count = mysql_result(mysql_query("SELECT COUNT(*) FROM users WHERE id = $users_id"), 0);
|
||||
if($count == 0){
|
||||
return false;
|
||||
}
|
||||
if($count > 1){
|
||||
echo "ERROR: More than one user.\n";
|
||||
return false;
|
||||
}
|
||||
|
||||
/* Load the user */
|
||||
$u = mysql_fetch_assoc($q);
|
||||
// Load the user, we'll start with a blank slate
|
||||
$u = array();
|
||||
|
||||
/* Sanitize before using these in mysql queries */
|
||||
$u['id'] = intval($u['id']);
|
||||
$u['accounts_id'] = intval($u['accounts_id']);
|
||||
$u['year'] = intval($u['year']);
|
||||
|
||||
/* Get roles, and active/complete status for each role */
|
||||
$query = "SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$u['id']}";
|
||||
$q = mysql_query($query);
|
||||
// Get roles, and active/complete status for each role
|
||||
$u['roles'] = array();
|
||||
$fields = array(
|
||||
'id',
|
||||
'accounts_id',
|
||||
'conferences_id',
|
||||
'salutation',
|
||||
'firstname',
|
||||
'lastname',
|
||||
'sex',
|
||||
'phonehome',
|
||||
'phonework',
|
||||
'phonecell',
|
||||
'fax',
|
||||
'organization',
|
||||
'birthdate',
|
||||
'lang',
|
||||
'created',
|
||||
'lastlogin',
|
||||
'address',
|
||||
'address2',
|
||||
'city',
|
||||
'province',
|
||||
'postalcode',
|
||||
'fairs_id'
|
||||
);
|
||||
$query = "SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id=$users_id";
|
||||
$q = mysql_query($query);
|
||||
while(($roledata = mysql_fetch_assoc($q))) {
|
||||
$u['roles'][$roledata['type']] = $roledata;
|
||||
}
|
||||
|
||||
$fields = array_merge($fields,
|
||||
user_fields_enabled($roledata['type']));
|
||||
$fields = array_merge($fields,
|
||||
user_fields_required($roledata['type']));
|
||||
}
|
||||
if(count($u['roles']) == 0) {
|
||||
/* No roles, that's ok actually, the previous logic here was that
|
||||
* a user without roles is deleted.. but.. this could happen for
|
||||
@ -123,6 +102,20 @@ function user_load($users_id, $accounts_id = false)
|
||||
* a new role */
|
||||
}
|
||||
|
||||
// now let's grab the data from the users table
|
||||
$query = "SELECT users." . implode(", users.", $fields) . ", accounts.email";
|
||||
$query .= " FROM users JOIN accounts ON accounts.id=users.accounts_id";
|
||||
$query .= " WHERE `users`.`id`='$users_id'";
|
||||
$q = mysql_query($query);
|
||||
echo mysql_error();
|
||||
|
||||
// Sanitize the user data
|
||||
$userDat = mysql_fetch_assoc($q);
|
||||
$u = array_merge($u, $userDat);
|
||||
$u['id'] = intval($u['id']);
|
||||
$u['accounts_id'] = intval($u['accounts_id']);
|
||||
$u['year'] = intval($u['year']);
|
||||
|
||||
/* Convenience */
|
||||
$u['name'] = ($u['firstname'] ? "{$u['firstname']} " : '').$u['lastname'];
|
||||
|
||||
@ -919,6 +912,7 @@ function updateSessionRoles($u=null) {
|
||||
if(!$u)
|
||||
$u=user_load($_SESSION['users_id']);
|
||||
$_SESSION['roles']=array();
|
||||
// echo "updateSessionRole for {$_SESSION['users_id']}:";print_r($u);
|
||||
if($u && is_array($u['roles'])) {
|
||||
foreach($u['roles'] AS $r=>$rd) {
|
||||
if($rd['active']=="yes" || $r=='admin' || $r=='config' || $r=='committee')
|
||||
|
||||
Loading…
Reference in New Issue
Block a user