forked from science-ation/science-ation
Role functions debugged in account.inc.php, using them in user_main.php and user.inc.php
This commit is contained in:
parent
177f49f805
commit
835047f3a8
@ -220,13 +220,9 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
|
|||||||
|
|
||||||
// we now have the user id that we need, let's check to see whether or not they
|
// we now have the user id that we need, let's check to see whether or not they
|
||||||
// already have the specified role.
|
// already have the specified role.
|
||||||
$roleRecord = mysql_fetch_array(mysql_query("
|
if(is_array(mysql_fetch_array(mysql_query(
|
||||||
SELECT COUNT(*) FROM user_roles
|
"SELECT * FROM user_roles WHERE users_id = $users_id AND roles_id = $roles_id"
|
||||||
WHERE conferences_id = $conferences_id
|
)))){
|
||||||
AND users_id = $users_id
|
|
||||||
AND roles_id = $roles_id
|
|
||||||
"));
|
|
||||||
if(is_array($roleRecord)){
|
|
||||||
// they already have this role. shell_exec("man true");
|
// they already have this role. shell_exec("man true");
|
||||||
return 'ok';
|
return 'ok';
|
||||||
}
|
}
|
||||||
@ -236,14 +232,14 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
|
|||||||
return 'invalidrole';
|
return 'invalidrole';
|
||||||
}
|
}
|
||||||
|
|
||||||
// see if this role is a valid one for this conference
|
// get the type of the role (eg. "judge", "student", etc.)
|
||||||
|
$role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
|
||||||
|
|
||||||
|
// and see if it's a valid one for this conference
|
||||||
if(!array_key_exists($role . '_registration_type', $config)){
|
if(!array_key_exists($role . '_registration_type', $config)){
|
||||||
return 'invalidrole';
|
return 'invalidrole';
|
||||||
}
|
}
|
||||||
|
|
||||||
// get the type of the role (eg. "judge", "student", etc.)
|
|
||||||
$role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
|
|
||||||
|
|
||||||
// and let's see if we meet the conditions for the registration type
|
// and let's see if we meet the conditions for the registration type
|
||||||
$error = "";
|
$error = "";
|
||||||
switch($config[$role . '_registration_type']){
|
switch($config[$role . '_registration_type']){
|
||||||
@ -293,19 +289,26 @@ function account_add_role_allowed($accounts_id, $roles_id, $conferences_id){
|
|||||||
$roles_id *= 1;
|
$roles_id *= 1;
|
||||||
$conferences_id *= 1;
|
$conferences_id *= 1;
|
||||||
|
|
||||||
|
// get the user id for this account/conference
|
||||||
|
$userdat = mysql_fetch_assoc(mysql_query("SELECT id FROM users WHERE accounts_id = $accounts_id AND conferences_id = $conferences_id"));
|
||||||
|
|
||||||
|
// If this condition isn't met, then the account is not connected to the conference.
|
||||||
|
// In that case, the role can be allowed as there is no conflict.
|
||||||
|
if(is_array($userdat)){
|
||||||
|
$users_id = $userdat['id'];
|
||||||
|
|
||||||
// get the roles for the specified account at the specified conference
|
// get the roles for the specified account at the specified conference
|
||||||
$query = mysql_query("
|
$query = mysql_query("
|
||||||
SELECT * FROM user_roles
|
SELECT * FROM user_roles
|
||||||
WHERE accounts_id = $accounts_id
|
WHERE users_id = $users_id
|
||||||
AND conferences_id = $conferences_id
|
|
||||||
");
|
");
|
||||||
|
|
||||||
while($row = mysql_fetch_assoc($record) && $returnval){
|
while($returnval && $row = mysql_fetch_assoc($query)){
|
||||||
switch($row['type']){
|
switch($row['type']){
|
||||||
case 'student':
|
case 'student':
|
||||||
// Student cant' add any other role
|
// Student cant' add any other role
|
||||||
$returnval = false;
|
$returnval = false;
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
if($role == 'student') {
|
if($role == 'student') {
|
||||||
// No role can add the student role
|
// No role can add the student role
|
||||||
@ -317,6 +320,8 @@ function account_add_role_allowed($accounts_id, $roles_id, $conferences_id){
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
return $returnval;
|
return $returnval;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -347,10 +352,27 @@ function account_remove_role($accounts_id, $roles_id, $conferences_id){
|
|||||||
AND accounts_id = $accounts_id
|
AND accounts_id = $accounts_id
|
||||||
"));
|
"));
|
||||||
if(is_array($data)){
|
if(is_array($data)){
|
||||||
// they do indeed have a user record for this conference. Let's load it
|
// they do indeed have a user record for this conference.
|
||||||
$u = user_load($data['id']);
|
$users_id = $data['id'];
|
||||||
$roletype = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0);
|
|
||||||
$user_remove_role($u, $roletype);
|
// Do role-specific remove actions
|
||||||
|
$role = mysql_result(mysql_query("SELECT `type` FROM roles WHERE id = $roles_id"), 0);
|
||||||
|
switch($role) {
|
||||||
|
case 'committee':
|
||||||
|
mysql_query("DELETE FROM committees_link WHERE accounts_id='{$accounts_id}'");
|
||||||
|
break;
|
||||||
|
|
||||||
|
case 'judge':
|
||||||
|
mysql_query("DELETE FROM judges_teams_link WHERE users_id='$users_id'");
|
||||||
|
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$users_id'");
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
// and now we can remove the role link itself
|
||||||
|
mysql_query("DELETE FROM user_roles WHERE roles_id={$roles_id} AND users_id='$users_id'");
|
||||||
}
|
}
|
||||||
return 'ok';
|
return 'ok';
|
||||||
}
|
}
|
||||||
|
39
user.inc.php
39
user.inc.php
@ -403,41 +403,28 @@ function user_deactivate_role($users_id, $roles_id){
|
|||||||
return mysql_query("UPDATE user_roles SET active='no' WHERE users_id = $users_id AND roles_id = $roles_id");
|
return mysql_query("UPDATE user_roles SET active='no' WHERE users_id = $users_id AND roles_id = $roles_id");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Remove a role for a user.
|
||||||
|
// now just a skin on top of account_remove_role
|
||||||
function user_remove_role(&$u, $role)
|
function user_remove_role(&$u, $role)
|
||||||
{
|
{
|
||||||
if(!array_key_exists($role, $u['roles'])) {
|
global $roles;
|
||||||
/* Hum, type specified, but the user is not this type,
|
$row = mysql_fetch_assoc(mysql_query("SELECT conferences_id FROM users WHERE id = " . $u['id']));
|
||||||
* so, i guess we're done. */
|
if(!is_array($q)){
|
||||||
return;
|
return 'no conference';
|
||||||
}
|
}
|
||||||
|
$conference_id = $q['conferences_id'];
|
||||||
|
$result = account_remove_role($u['accounts_id'], $roles[$role]['id'], $conference_id);
|
||||||
|
|
||||||
$id = $u['id'];
|
// Delete the role
|
||||||
|
if(array_key_exists($role, $u['roles'])) {
|
||||||
/* Do role-specific remove actions */
|
|
||||||
switch($role) {
|
|
||||||
case 'committee':
|
|
||||||
mysql_query("DELETE FROM committees_link WHERE accounts_id='{$u['accounts_id']}'");
|
|
||||||
break;
|
|
||||||
|
|
||||||
case 'judge':
|
|
||||||
mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'");
|
|
||||||
mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'");
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Delete the role */
|
|
||||||
$roleId = $u['roles'][$role]['roles_id'];
|
|
||||||
unset($u['roles'][$role]);
|
unset($u['roles'][$role]);
|
||||||
mysql_query("DELETE FROM user_roles WHERE roles_id={$roleId} AND users_id='$id'");
|
}
|
||||||
|
|
||||||
/* Save this user */
|
// Save this user
|
||||||
user_save($u);
|
user_save($u);
|
||||||
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/* If role is specified, just delete the role from the user.
|
/* If role is specified, just delete the role from the user.
|
||||||
* If not, delete the whole user, all roles */
|
* If not, delete the whole user, all roles */
|
||||||
function user_delete($u, $role=false)
|
function user_delete($u, $role=false)
|
||||||
|
@ -42,8 +42,9 @@ if(array_key_exists('action', $_GET)){
|
|||||||
case 'register':
|
case 'register':
|
||||||
$role = $_POST['role'];
|
$role = $_POST['role'];
|
||||||
$result = account_add_role($u['accounts_id'], $roles[$role]['id'], $_SESSION['conferences_id'], $_POST['password']);
|
$result = account_add_role($u['accounts_id'], $roles[$role]['id'], $_SESSION['conferences_id'], $_POST['password']);
|
||||||
echo $result;
|
if($result != 'ok'){
|
||||||
// register_new_role();
|
error_($result);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
case 'draw_roles':
|
case 'draw_roles':
|
||||||
draw_roles();
|
draw_roles();
|
||||||
@ -51,10 +52,12 @@ if(array_key_exists('action', $_GET)){
|
|||||||
|
|
||||||
case 'remove':
|
case 'remove':
|
||||||
$role = $_GET['role'];
|
$role = $_GET['role'];
|
||||||
/* Like delete, only we're only deleting a role, not the whole account */
|
$result = account_remove_role($u['accounts_id'], $roles[$role]['id'], $_SESSION['conferences_id']);
|
||||||
happy_("{$roles[$role]['name']} role successfully removed.");
|
if($result == 'ok'){
|
||||||
echo i18n("Removed");
|
happy_(i18n("Role successfully removed."));
|
||||||
user_remove_role($u, $role);
|
}else{
|
||||||
|
error_(i18n("Unable to remove role."));
|
||||||
|
}
|
||||||
exit;
|
exit;
|
||||||
|
|
||||||
case 'activate':
|
case 'activate':
|
||||||
@ -308,63 +311,3 @@ function draw_signup_form($type){
|
|||||||
echo i18n("{$roles[$type]['name']} registration is not open");
|
echo i18n("{$roles[$type]['name']} registration is not open");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function register_new_role(){
|
|
||||||
global $config, $roles, $u;
|
|
||||||
$password = $_POST['password'];
|
|
||||||
$uid = $_SESSION['users_id'];
|
|
||||||
$roleId = $_POST['role'];
|
|
||||||
$typekey = $roleId . '_registration_type';
|
|
||||||
$accounts_id = $u['accounts_id'];
|
|
||||||
if(array_key_exists($typekey, $config)){
|
|
||||||
$regtype = $config[$typekey];
|
|
||||||
}else{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
// see if the registration is allowed for this role with the information provided
|
|
||||||
$canRegister = true;
|
|
||||||
$role = $_POST['role'];
|
|
||||||
switch($regtype){
|
|
||||||
case 'open':
|
|
||||||
case 'openorinvite':
|
|
||||||
// ok, we can allow these
|
|
||||||
break;
|
|
||||||
case 'singlepassword':
|
|
||||||
if($password != $config[$role . '_registration_singlepassword']){
|
|
||||||
$canRegister = false;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
case 'schoolpassword':
|
|
||||||
// FIXME: not yet implemented.
|
|
||||||
// this is only used for students, who are not yet registered through the "user" system
|
|
||||||
$canRegister = false;
|
|
||||||
break;
|
|
||||||
case 'invite':
|
|
||||||
$canRegister = false;
|
|
||||||
break;
|
|
||||||
default:
|
|
||||||
// echo "[\$regtype = \"$regtype\"]";
|
|
||||||
$canRegister = false;
|
|
||||||
}
|
|
||||||
if(!$canRegister) return false;
|
|
||||||
|
|
||||||
|
|
||||||
// ok, they meet the conditions to register for this role
|
|
||||||
// see if they're already registered for it
|
|
||||||
$role_index = $roles[$role]['id'];
|
|
||||||
$query = "SELECT COUNT(*) FROM user_roles WHERE users_id = $uid AND roles_id=$role_index";
|
|
||||||
echo $query;
|
|
||||||
$results = mysql_fetch_array(mysql_query($query));
|
|
||||||
if($results[0] != 0){
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if(user_add_role($u, $role, $password)){
|
|
||||||
$_SESSION['roles'][] = $role;
|
|
||||||
user_save($u);
|
|
||||||
return true;
|
|
||||||
}else{
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
Loading…
Reference in New Issue
Block a user