From 835047f3a82bd8fb64147e787cb2892b19124a88 Mon Sep 17 00:00:00 2001
From: jacob <jacob>
Date: Fri, 8 Oct 2010 16:07:07 +0000
Subject: [PATCH] Role functions debugged in account.inc.php, using them in
 user_main.php and user.inc.php

---
 account.inc.php | 88 ++++++++++++++++++++++++++++++-------------------
 user.inc.php    | 43 +++++++++---------------
 user_main.php   | 75 +++++------------------------------------
 3 files changed, 79 insertions(+), 127 deletions(-)

diff --git a/account.inc.php b/account.inc.php
index e23eb52..94180e4 100644
--- a/account.inc.php
+++ b/account.inc.php
@@ -208,7 +208,7 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
 		WHERE conferences_id = $conferences_id
 		AND accounts_id = $accounts_id
 	"));
-	if(is_array($data)){ 
+	if(is_array($data)){
 		// they do indeed have a user record for this conference.  Let's load it
 		$u = user_load($data['id']);
 		$users_id = $data['id'];
@@ -220,13 +220,9 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
 
 	// we now have the user id that we need, let's check to see whether or not they
 	// already have the specified role.
-	$roleRecord = mysql_fetch_array(mysql_query("
-		SELECT COUNT(*) FROM user_roles
-		WHERE conferences_id = $conferences_id
-		AND users_id = $users_id
-		AND roles_id = $roles_id
-	"));
-	if(is_array($roleRecord)){
+	if(is_array(mysql_fetch_array(mysql_query(
+		"SELECT * FROM user_roles WHERE users_id = $users_id AND roles_id = $roles_id"
+	)))){
 		// they already have this role.  shell_exec("man true");
 		return 'ok';
 	}
@@ -236,14 +232,14 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
 		return 'invalidrole';
 	}
 
-	// see if this role is a valid one for this conference
+	// get the type of the role (eg. "judge", "student", etc.)
+	$role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
+
+	// and see if it's a valid one for this conference
 	if(!array_key_exists($role . '_registration_type', $config)){
 		return 'invalidrole';
 	}
 
-	// get the type of the role (eg. "judge", "student", etc.)
-	$role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
-
 	// and let's see if we meet the conditions for the registration type
 	$error = "";
 	switch($config[$role . '_registration_type']){
@@ -293,28 +289,37 @@ function account_add_role_allowed($accounts_id, $roles_id, $conferences_id){
 	$roles_id *= 1;
 	$conferences_id *= 1;
 
-	// get the roles for the specified account at the specified conference
-	$query = mysql_query("
-		SELECT * FROM user_roles
-		WHERE accounts_id = $accounts_id
-		AND conferences_id = $conferences_id
-	");
+	// get the user id for this account/conference
+	$userdat = mysql_fetch_assoc(mysql_query("SELECT id FROM users WHERE accounts_id = $accounts_id AND conferences_id = $conferences_id"));
 
-	while($row = mysql_fetch_assoc($record) && $returnval){
-		switch($row['type']){
-			case 'student':
-				// Student cant' add any other role
-				$returnval = false;
+	// If this condition isn't met, then the account is not connected to the conference.
+	// In that case, the role can be allowed as there is no conflict.
+	if(is_array($userdat)){
+		$users_id = $userdat['id'];
 
-			default:
-				if($role == 'student') {
-					// No role can add the student role
+		// get the roles for the specified account at the specified conference
+		$query = mysql_query("
+			SELECT * FROM user_roles
+			WHERE users_id = $users_id
+		");
+
+		while($returnval && $row = mysql_fetch_assoc($query)){
+			switch($row['type']){
+				case 'student':
+					// Student cant' add any other role
 					$returnval = false;
-				}
+					break;
+				default:
+					if($role == 'student') {
+						// No role can add the student role
+						$returnval = false;
+					}
 
-				// All other roles can coexist (even the fair role)
-				break;
+					// All other roles can coexist (even the fair role)
+					break;
+			}
 		}
+
 	}
 
 	return $returnval;
@@ -347,10 +352,27 @@ function account_remove_role($accounts_id, $roles_id, $conferences_id){
 		AND accounts_id = $accounts_id
 	"));
 	if(is_array($data)){ 
-		// they do indeed have a user record for this conference.  Let's load it
-		$u = user_load($data['id']);
-		$roletype = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
-		$user_remove_role($u, $roletype);
+		// they do indeed have a user record for this conference.
+		$users_id = $data['id'];
+
+		// Do role-specific remove actions
+		$role = mysql_result(mysql_query("SELECT `type` FROM roles WHERE id = $roles_id"), 0);
+		switch($role) {
+			case 'committee':
+				mysql_query("DELETE FROM committees_link WHERE accounts_id='{$accounts_id}'");
+				break;
+
+			case 'judge':
+				mysql_query("DELETE FROM judges_teams_link WHERE users_id='$users_id'");
+				mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$users_id'");
+				break;
+
+			default:
+				break;
+		}
+
+		// and now we can remove the role link itself
+		mysql_query("DELETE FROM user_roles WHERE roles_id={$roles_id} AND users_id='$users_id'");
 	}
 	return 'ok';
 }
diff --git a/user.inc.php b/user.inc.php
index d92c526..8ba0985 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -403,41 +403,28 @@ function user_deactivate_role($users_id, $roles_id){
 	return mysql_query("UPDATE user_roles SET active='no' WHERE users_id = $users_id AND roles_id = $roles_id");
 }
 
+// Remove a role for a user.
+// now just a skin on top of account_remove_role
 function user_remove_role(&$u, $role)
 {
-	if(!array_key_exists($role, $u['roles'])) {
-		/* Hum, type specified, but the user is not this type,
-		 * so, i guess we're done. */
-		return;
+	global $roles;
+	$row = mysql_fetch_assoc(mysql_query("SELECT conferences_id FROM users WHERE id = " . $u['id']));
+	if(!is_array($q)){
+		return 'no conference';
+	}
+	$conference_id = $q['conferences_id'];
+	$result = account_remove_role($u['accounts_id'], $roles[$role]['id'], $conference_id);
+
+	// Delete the role
+	if(array_key_exists($role, $u['roles'])) {
+		unset($u['roles'][$role]);
 	}
 
-	$id = $u['id'];
-
-	/* Do role-specific remove actions */
-	switch($role) {
-	case 'committee':
-		mysql_query("DELETE FROM committees_link WHERE accounts_id='{$u['accounts_id']}'");
-		break;
-
-	case 'judge':
-		mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
-		mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
-		break;
-
-	default:
-		break;
-	}
-
-	/* Delete the role */
-	$roleId = $u['roles'][$role]['roles_id'];
-	unset($u['roles'][$role]);
-	mysql_query("DELETE FROM user_roles WHERE roles_id={$roleId} AND users_id='$id'");
-
-	/* Save this user */
+	// Save this user
 	user_save($u);
+	return $result;
 }
 
-
 /* If role is specified, just delete the role from the user.
  * If not, delete the whole user, all roles */
 function user_delete($u, $role=false)
diff --git a/user_main.php b/user_main.php
index d0d0758..8c50d67 100644
--- a/user_main.php
+++ b/user_main.php
@@ -42,8 +42,9 @@ if(array_key_exists('action', $_GET)){
 		case 'register':
 			$role = $_POST['role'];
 			$result = account_add_role($u['accounts_id'], $roles[$role]['id'], $_SESSION['conferences_id'], $_POST['password']);
-			echo $result;
-//			register_new_role();
+			if($result != 'ok'){
+				error_($result);
+			}
 			break;
 		case 'draw_roles':
 			draw_roles();
@@ -51,10 +52,12 @@ if(array_key_exists('action', $_GET)){
 
 		case 'remove':
 			$role = $_GET['role'];
-			/* Like delete, only we're only deleting a role, not the whole account */
-			happy_("{$roles[$role]['name']} role successfully removed.");
-			echo i18n("Removed");
-			user_remove_role($u, $role);
+			$result = account_remove_role($u['accounts_id'], $roles[$role]['id'], $_SESSION['conferences_id']);
+			if($result == 'ok'){
+				happy_(i18n("Role successfully removed."));
+			}else{
+				error_(i18n("Unable to remove role."));
+			}
 			exit;
 
 		case 'activate':
@@ -308,63 +311,3 @@ function draw_signup_form($type){
 		echo i18n("{$roles[$type]['name']} registration is not open");
 	}
 }
-
-function register_new_role(){
-	global $config, $roles, $u;
-	$password = $_POST['password'];
-	$uid = $_SESSION['users_id'];
-	$roleId = $_POST['role'];
-	$typekey = $roleId . '_registration_type';
-	$accounts_id = $u['accounts_id'];
-	if(array_key_exists($typekey, $config)){
-		$regtype = $config[$typekey];
-	}else{
-		return false;
-	}
-
-	// see if the registration is allowed for this role with the information provided
-	$canRegister = true;
-	$role = $_POST['role'];
-	switch($regtype){
-		case 'open':
-		case 'openorinvite':
-			// ok, we can allow these
-			break;
-		case 'singlepassword':
-			if($password != $config[$role . '_registration_singlepassword']){
-				$canRegister = false;
-			}
-			break;
-		case 'schoolpassword':
-			// FIXME: not yet implemented.
-			// this is only used for students, who are not yet registered through the "user" system
-			$canRegister = false;
-			break;
-		case 'invite':
-			$canRegister = false;
-			break;
-		default:
-//			echo "[\$regtype = \"$regtype\"]";
-			$canRegister = false;
-	}
-	if(!$canRegister) return false;
-
-
-	// ok, they meet the conditions to register for this role
-	// see if they're already registered for it
-	$role_index = $roles[$role]['id'];
-	$query = "SELECT COUNT(*) FROM user_roles WHERE users_id = $uid AND roles_id=$role_index";
-	echo $query;
-	$results = mysql_fetch_array(mysql_query($query));
-	if($results[0] != 0){
-		return false;
-	}
-
-	if(user_add_role($u, $role, $password)){
-		$_SESSION['roles'][] = $role;
-		user_save($u);
-		return true;
-	}else{
-		return false;
-	}
-}