From 887610f5e3adae5f6b1a082e1354d5110f8962ee Mon Sep 17 00:00:00 2001
From: jacob <jacob>
Date: Tue, 6 Jul 2010 15:32:26 +0000
Subject: [PATCH] Added script for copying/converting user data into the new
 format, populating the accounts and user_roles table Modified user.inc and
 user_login to handle authentication on the new accounts table

---
 db/db.code.version.txt |   2 +-
 db/db.update.195.php   | 165 +++++++++++++++++++++++++++++++++++++++++
 db/db.update.195.sql   |  24 ++++++
 user.inc.php           |  63 ++++++++--------
 user_login.php         |   5 +-
 5 files changed, 223 insertions(+), 36 deletions(-)
 create mode 100644 db/db.update.195.php
 create mode 100644 db/db.update.195.sql

diff --git a/db/db.code.version.txt b/db/db.code.version.txt
index 205a12b..6bb2f98 100644
--- a/db/db.code.version.txt
+++ b/db/db.code.version.txt
@@ -1 +1 @@
-194
+195
diff --git a/db/db.update.195.php b/db/db.update.195.php
new file mode 100644
index 0000000..c9e8908
--- /dev/null
+++ b/db/db.update.195.php
@@ -0,0 +1,165 @@
+<?php
+function db_update_195_pre(){
+}
+
+function db_update_195_post(){
+	// build a list of fields that we'll be migrating for the various user_<role> tables
+	$fields['committee'] = array('emailprivate','ord','displayemail','access_admin',
+			'access_config','access_super');
+	$fields['judge'] = array('years_school','years_regional','years_national',
+			'willing_chair','special_award_only',
+			'cat_prefs','div_prefs','divsub_prefs',
+			'expertise_other','languages', 'highest_psd');
+	$fields['student'] = array('schools_id');
+	$fields['fair'] = array('fairs_id');
+	$fields['sponsor'] = array('sponsors_id','primary','position','notes');
+
+	// let's do some data massaging
+	mysql_query("BEGIN");
+	try{
+		mysql_query("ALTER TABLE accounts ADD COLUMN `year` INT COMMENT 'Temporary field, delete when finished migration'");
+		$uidQuery = mysql_query("SELECT DISTINCT(uid) FROM users");
+		while($uidDat = mysql_fetch_assoc($uidQuery)){
+			$uid = $uidDat['uid'];
+			$userQuery = "SELECT users.*, users_committee.access_super AS super FROM users" .
+				     " LEFT JOIN users_committee ON users_committee.users_id = users.id" .
+				     " WHERE uid=$uid  AND deleted = 'no' ORDER BY year DESC";
+			$userResults = mysql_query($userQuery); 
+			$userRecord = mysql_fetch_assoc($userResults);
+
+			// get the data that we need from this record
+			// start with determining what username we'll be using
+			$username = $userRecord['username'];
+			if(trim($username) == '') $username = $userRecord['email'];
+			if(trim($username) == '') $username = $userRecord['firstname'] . ' ' . $userRecord['lastname'];
+			if(trim($username) == ''){
+				echo "Can't find a username for user id $uid\n";
+				continue;
+			}
+			$username = mysql_real_escape_string($username);
+			$password = mysql_real_escape_string($userRecord['password']);
+			$email = mysql_real_escape_string($userRecord['email']);
+			$pendingemail = "";
+
+			// find out if they're a superuser
+			if($userRecord['super'] == 'yes'){
+				$superuser = 'yes';
+			}else{
+				$superuser = 'no';
+			}
+
+			// get the year
+			$year = $userRecord['year'];
+
+
+			// check to see if we already have a record with this username in place
+			$checkCount = mysql_fetch_assoc(mysql_query("SELECT count(*) as tally FROM accounts WHERE username='$username'"));
+			if($checkCount['tally'] > 0){
+				// there is already an account with this username let's find out if it's a newer
+				// or older copy
+				$data = mysql_fetch_assoc(mysql_query("SELECT * FROM accounts WHERE username='$username'"));
+				$accounts_id = $data['id'];
+				if($data['year'] < $year){
+					echo "switching to newer data for username \"$username\".\n";
+					// this is a later record, so let's replace the old one
+					$updateQuery = "UPDATE accounts SET " .
+							"`password` = '$password', " .
+							"`email` = '$email', " .
+							"`superuser` = '$superuser', " .
+							"`year` = $year " .
+							"WHERE username = '$username'";
+					if(!mysql_query($updateQuery)){
+						throw new Exception("Error on query \"$updateQuery\":\n\n" . mysql_error());
+					}
+				}
+
+			}else{
+				echo "Creating a new record for uid $uid ($username)\n";
+				$accounts_id = $uid;
+				$newAccountQuery = "INSERT INTO accounts VALUES ";
+				$newAccountQuery .= "($uid, '$username', '$password', '$email', '$pendingemail', '$superuser', $year)";
+				if(mysql_query($newAccountQuery)){
+				//	echo $newAccountQuery . "\n";
+				}else{
+					throw new Exception("Error on query \"$newAccountQuery\":\n\n" . mysql_error());
+				}
+			}
+
+
+			/**************************************************
+				Now that we have an account created,
+				let's deal with the other tables.
+			**************************************************/
+			do{
+				if($userRecord['year'] != 0){
+					$confQuery = mysql_query("SELECT * FROM conferences WHERE year = " . $userRecord['year']);
+					if($confQuery != false){
+						$confDat = mysql_fetch_assoc($confQuery);
+						$confId = $confDat['id'];
+
+						// update the user_roles table
+						$roles = explode(',', $userRecord['types']);
+						$q = "SELECT * FROM roles WHERE roletype IN ('" . implode("','", $roles) . "')";
+						$roleQuery = mysql_query($q);
+						while($roleData = mysql_fetch_assoc($roleQuery)){
+							$roleId = $roleData['id'];
+							$tally = 0;
+							$roletype = $roleData['roletype'];
+
+							$roleInfoQuery = mysql_query("SELECT * FROM users_" . $roletype . " WHERE users_id = " . $userRecord['id']);
+							$roleInfo = mysql_fetch_assoc($roleInfoQuery);
+							// we now have their role info
+
+							$active = $roleInfo[$roletype . '_active'];
+							$complete = $roleInfo[$roletype . '_complete'];
+							// build our insert on the user_roles table
+							$params = array(
+								'conferences_id' => $confId,
+								'active' => $active,
+								'complete' => $complete,
+								'roles_id' => $roleId,
+								'users_id' => $userRecord['id'],
+								'accounts_id' => $accounts_id
+							);
+							$query = "INSERT INTO user_roles";
+							$query .= ' (' . implode(', ', array_keys($params)) . ')';
+							$query .= ' VALUES ("' . implode('", "', array_values($params)) . '")';
+							mysql_query($query);
+
+							// now we need to take all of their role data and insert it into users:
+							if(array_key_exists($roletype, $fields)){
+								$query = "UPDATE users SET";
+								$doneOne = false;
+								foreach($fields[$roletype] as $fieldName){
+									if($doneOne) $query .= ", ";
+									else $doneOne = true;
+									$query .= " `$fieldName` = '";
+									$query .= mysql_real_escape_string($roleInfo[$fieldName]);
+									$query .= "'";
+								}
+								$query .= " WHERE id = " . $userRecord['id'];
+								if(!mysql_query($query)){
+									throw new exception("ERROR with query:\n$query\n");
+								}
+							}
+						}
+
+					}else{
+						echo "No conference found with the year \"" . $userRecord['year'] . "\"\n";
+					}
+
+				}else{
+					echo "No conference year specified for user '$userName'\n";
+				}
+
+				
+			}while($userRecord = mysql_fetch_assoc($userResults));
+			
+		}
+
+		mysql_query("COMMIT");
+	}catch(Exception $e){
+		mysql_query("ROLLBACK");
+		echo $e->getMessage();
+	}
+}
diff --git a/db/db.update.195.sql b/db/db.update.195.sql
new file mode 100644
index 0000000..8146630
--- /dev/null
+++ b/db/db.update.195.sql
@@ -0,0 +1,24 @@
+ALTER TABLE users ADD COLUMN `emailprivate` varchar(128);
+ALTER TABLE users ADD COLUMN `ord` INT NOT NULL;
+ALTER TABLE users ADD COLUMN `displayemail` enum('no','yes');
+ALTER TABLE users ADD COLUMN `access_admin` enum('no','yes');
+ALTER TABLE users ADD COLUMN `access_config` enum('no','yes');
+ALTER TABLE users ADD COLUMN `access_super` enum('no','yes');
+ALTER TABLE users ADD COLUMN `fairs_id` INT NOT NULL;
+ALTER TABLE users ADD COLUMN `years_school` tinyint(4) NOT NULL;
+ALTER TABLE users ADD COLUMN `years_regional` tinyint(4) NOT NULL;
+ALTER TABLE users ADD COLUMN `years_national` tinyint(4) NOT NULL;
+ALTER TABLE users ADD COLUMN `willing_chair` enum('yes','no');
+ALTER TABLE users ADD COLUMN `special_award_only` enum('yes','no');
+ALTER TABLE users ADD COLUMN `cat_prefs` tinytext;
+ALTER TABLE users ADD COLUMN `div_prefs` tinytext;
+ALTER TABLE users ADD COLUMN `divsub_prefs` tinytext;
+ALTER TABLE users ADD COLUMN `languages` tinytext;
+ALTER TABLE users ADD COLUMN `highest_psd` tinytext;
+ALTER TABLE users ADD COLUMN `expertise_other` tinytext;
+ALTER TABLE users ADD COLUMN `sponsors_id` INT NOT NULL DEFAULT '0';
+ALTER TABLE users ADD COLUMN `primary` enum('no','yes');
+ALTER TABLE users ADD COLUMN `position` varchar(64);
+ALTER TABLE users ADD COLUMN `notes` text;
+ALTER TABLE users ADD COLUMN `schools_id` INT NOT NULL;
+ALTER TABLE users ADD COLUMN `grade` INT;
diff --git a/user.inc.php b/user.inc.php
index 5aa296d..38d67d9 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -78,11 +78,9 @@ function user_load_student(&$u)
 {
 	$u['student_active'] = ($u['student_active'] == 'yes') ? 'yes' : 'no';
 	$u['student_complete'] = ($u['student_complete'] == 'yes') ? 'yes' : 'no';
-/*	echo "<pre>";
-	print_r($u);
-	echo "</pre>";
-*/	return true;
+	return true;
 }
+
 function user_load_judge(&$u)
 {
 	$u['judge_active'] = ($u['judge_active'] == 'yes') ? 'yes' : 'no';
@@ -167,55 +165,55 @@ function user_load_alumni(&$u)
 
 function user_load($user, $uid = false)
 {
-	/* So, it turns out that doing one big load is faster than loading just
-	 * from the users table then loading only the specific types the user
-	 * has.. go figure. */
-	$query = "SELECT * FROM `users`
-			LEFT JOIN `users_committee` ON `users_committee`.`users_id`=`users`.`id`
-			LEFT JOIN `users_judge` ON `users_judge`.`users_id`=`users`.`id`
-			LEFT JOIN `users_volunteer` ON `users_volunteer`.`users_id`=`users`.`id`
-			LEFT JOIN `users_fair` ON `users_fair`.`users_id`=`users`.`id`
-			LEFT JOIN `users_sponsor` ON `users_sponsor`.`users_id`=`users`.`id` 
-			LEFT JOIN `users_principal` ON `users_principal`.`users_id`=`users`.`id` 
-			LEFT JOIN `users_teacher` ON `users_teacher`.`users_id`=`users`.`id` 
-			LEFT JOIN `users_parent` ON `users_parent`.`users_id`=`users`.`id` 
-			LEFT JOIN `users_mentor` ON `users_mentor`.`users_id`=`users`.`id` 
-			LEFT JOIN `users_alumni` ON `users_alumni`.`users_id`=`users`.`id`
-			LEFT JOIN `users_student` ON `users_student`.`users_id`=`users`.`id`
-			WHERE ";
+
+	$query = "SELECT * FROM users WHERE ";
 	if($uid != false) {
 		$uid = intval($uid);
 		$query .= "`users`.`uid`='$uid' ORDER BY `users`.`year` DESC LIMIT 1";
+		$killScript = true;
 	} else {
+		$killScript = false;
 		$id = intval($user);
 		$query .= "	`users`.`id`='$id'";
 	}
 	$q=mysql_query($query);
-
-	if(mysql_num_rows($q)!=1) {
-//		echo "Query [$query] returned ".mysql_num_rows($q)." rows\n";
-//		echo "<pre>";
-//		print_r(debug_backtrace());
+	if(mysql_num_rows($q) == 0) {
 		return false;
 	}
-
+	if($killScript){
+		echo $query;
+		exit();
+	}
 	$ret = mysql_fetch_assoc($q);
+	$query = "SELECT * FROM user_roles JOIN roles ON user_roles.roles_id = roles.id WHERE user_roles.accounts_id = " . $ret['uid'] . " AND user_roles.active = 'yes'";
+	$q = mysql_query($query);
+	$deleted = true;
+	$ret['types'] = array();
+	while($roleData = mysql_fetch_assoc($q)){
+		$deleted = false;
+		$ret['types'][] = $roleData['roletype'];
+	}
 
+
+	if($deleted) return false;
+//	$ret = mysql_fetch_assoc($q);
 	/* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would
 	 * simply return the previous year (where deleted=no) */
+	 /*
 	if($ret['deleted'] != 'no') {
-		/* User is deleted */
+		// User is deleted 
 		return false;
 	}
-		
+	*/
+
 	/* Do we need to do number conversions? */
 	$ret['id'] = intval($ret['id']);
 	$ret['uid'] = intval($ret['uid']);
 	$ret['year'] = intval($ret['year']);
 
 	/* Turn the type into an array, because there could be more than one */
-	$ts = explode(',', $ret['types']);
-	$ret['types'] = $ts; /* Now we can use in_array('judge', $ret['types']) ; */
+//	$ts = explode(',', $ret['types']);
+//	$ret['types'] = $ts; /* Now we can use in_array('judge', $ret['types']) ; */
 
 	/* Convenience */
 	$ret['name'] = ($ret['firstname'] ? "{$ret['firstname']} " : '').$ret['lastname'];
@@ -262,10 +260,6 @@ function user_load($user, $uid = false)
 	$orig = $ret;
 	$ret['orig'] = $orig;
 
-/*	echo "<pre>User load returning: \n";
-	print_r($ret);
-	echo "</pre>";
-*/
 	return $ret;
 }
 
@@ -433,6 +427,7 @@ function user_save(&$u)
 			exit;
 		}
         //give em a record, the primary key on the table takes care of uniqueness
+		echo "foo\n";
    	    $q=mysql_query("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')");
 	}
 
diff --git a/user_login.php b/user_login.php
index 0474f6d..3040c4d 100644
--- a/user_login.php
+++ b/user_login.php
@@ -45,17 +45,20 @@
 		return false;
 
 	$user = mysql_escape_string($user);
+	$q = mysql_query("SELECT id,  password FROM users WHERE username='$user'");
+	/*
 	$q = mysql_query("SELECT id,username,password,year,deleted
 				FROM users 
 				WHERE username='$user'
 				AND deleted='no'
 				ORDER BY year DESC LIMIT 1");
+	*/
 	if(mysql_num_rows($q) < 1) return false;
 
 	$r = mysql_fetch_object($q);
 
 	/* See if the user account has been deleted */
-	if($r->deleted == 'yes') return false;
+//	if($r->deleted == 'yes') return false; // FIXME - do we need a deleted field in the accounts table as well?
 
 	/* See if the password matches */
 	if($r->password != $pass) return false;