diff --git a/user.inc.php b/user.inc.php index 270bf28..e0632d8 100644 --- a/user.inc.php +++ b/user.inc.php @@ -40,82 +40,61 @@ function user_load($users_id, $accounts_id = false) { /* Load user, join accounts so we also load the email, superuser flag */ //hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc. - $query = "SELECT users.id, - users.accounts_id, - users.conferences_id, - users.salutation, - users.firstname, - users.lastname, - users.sex, - users.phonehome, - users.phonework, - users.phonecell, - users.fax, - users.organization, - users.birthdate, - users.lang, - users.created, - users.lastlogin, - users.address, - users.address2, - users.city, - users.province, - users.postalcode, - users.firstaid, - users.cpr, - users.fairs_id, - users.years_school, - users.years_regional, - users.years_national, - users.willing_chair, - users.special_award_only, - users.cat_prefs, - users.div_prefs, - users.divsub_prefs, - users.languages, - users.highest_psd, - users.expertise_other, - users.sponsors_id, - users.primary, - users.position, - users.primary, - users.schools_id, - users.grade, - accounts.email - FROM users JOIN accounts ON accounts.id=users.accounts_id WHERE "; if($accounts_id != false) { $accounts_id = intval($accounts_id); - $query .= "`users`.`accounts_id`='$accounts_id' LIMIT 1"; + $users_id = mysql_result(mysql_query("SELECT users.id FROM users WHERE accounts_id = $accounts_id LIMIT 1", 0)); } else { - $id = intval($users_id); - $query .= " `users`.`id`='$id'"; + $users_id = intval($users_id); } - $q=mysql_query($query); - echo mysql_error(); - if(mysql_num_rows($q) == 0) - return false; - if(mysql_num_rows($q) > 1) { + $count = mysql_result(mysql_query("SELECT COUNT(*) FROM users WHERE id = $users_id"), 0); + if($count == 0){ + return false; + } + if($count > 1){ echo "ERROR: More than one user.\n"; return false; } - /* Load the user */ - $u = mysql_fetch_assoc($q); + // Load the user, we'll start with a blank slate + $u = array(); - /* Sanitize before using these in mysql queries */ - $u['id'] = intval($u['id']); - $u['accounts_id'] = intval($u['accounts_id']); - $u['year'] = intval($u['year']); - - /* Get roles, and active/complete status for each role */ - $query = "SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$u['id']}"; - $q = mysql_query($query); + // Get roles, and active/complete status for each role $u['roles'] = array(); + $fields = array( + 'id', + 'accounts_id', + 'conferences_id', + 'salutation', + 'firstname', + 'lastname', + 'sex', + 'phonehome', + 'phonework', + 'phonecell', + 'fax', + 'organization', + 'birthdate', + 'lang', + 'created', + 'lastlogin', + 'address', + 'address2', + 'city', + 'province', + 'postalcode', + 'fairs_id' + ); + $query = "SELECT user_roles.roles_id, user_roles.active, user_roles.complete, roles.type,roles.name FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id=$users_id"; + $q = mysql_query($query); while(($roledata = mysql_fetch_assoc($q))) { $u['roles'][$roledata['type']] = $roledata; - } + $fields = array_merge($fields, + user_fields_enabled($roledata['type'])); + $fields = array_merge($fields, + user_fields_required($roledata['type'])); + } if(count($u['roles']) == 0) { /* No roles, that's ok actually, the previous logic here was that * a user without roles is deleted.. but.. this could happen for @@ -123,6 +102,20 @@ function user_load($users_id, $accounts_id = false) * a new role */ } + // now let's grab the data from the users table + $query = "SELECT users." . implode(", users.", $fields) . ", accounts.email"; + $query .= " FROM users JOIN accounts ON accounts.id=users.accounts_id"; + $query .= " WHERE `users`.`id`='$users_id'"; + $q = mysql_query($query); + echo mysql_error(); + + // Sanitize the user data + $userDat = mysql_fetch_assoc($q); + $u = array_merge($u, $userDat); + $u['id'] = intval($u['id']); + $u['accounts_id'] = intval($u['accounts_id']); + $u['year'] = intval($u['year']); + /* Convenience */ $u['name'] = ($u['firstname'] ? "{$u['firstname']} " : '').$u['lastname']; @@ -919,6 +912,7 @@ function updateSessionRoles($u=null) { if(!$u) $u=user_load($_SESSION['users_id']); $_SESSION['roles']=array(); +// echo "updateSessionRole for {$_SESSION['users_id']}:";print_r($u); if($u && is_array($u['roles'])) { foreach($u['roles'] AS $r=>$rd) { if($rd['active']=="yes" || $r=='admin' || $r=='config' || $r=='committee')