arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

- New user and volunteer signup system

Browse Source
This commit is contained in:
dave 2007-11-16 06:30:42 +00:00
parent dfd0371d92
commit 93c05cbe2f
10 changed files with 1565 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

343
user.inc.php Normal file
View File

@ -0,0 +1,343 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once('common.inc.php');
$user_types = array('student','judge','committee','volunteer','region');
$user_what = array('student'=>'Participant', 'judge' => 'Judge',
'committee'=>'Committee Member','volunteer' => 'Volunteer',
'region'=>'Region');
function user_load_region($u)
{
/* Double check, make sure the user is of this type */
if(!in_array('region', $u['types'])) return false;
$q = mysql_query("SELECT * FROM users_region
WHERE id='{$u['id']}'
");
if(mysql_num_rows($q)!=1) return false;
$r = mysql_fetch_object($q);
$ret = array();
$ret['regions_id'] = intval($r->regions_id);
return $ret;
}
function user_load_student($u)
{
/* Double check, make sure the user is of this type */
if(!in_array('student', $u['types'])) return false;
$ret = array();
return $ret;
}
function user_load_judge($u)
{
/* Double check, make sure the user is of this type */
if(!in_array('judge', $u['types'])) return false;
$ret = array();
return $ret;
}
function user_load_committee($u)
{
/* Double check, make sure the user is of this type */
if(!in_array('committee', $u['types'])) return false;
$q = mysql_query("SELECT * FROM users_committee
WHERE users_id='{$u['id']}'");
if(mysql_num_rows($q)!=1) return false;
$r = mysel_fetch_object($q);
$ret = array();
$ret['emailprivate'] = $r->emailprivate;
$ret['ord'] = intval($r->ord);
$ret['displayemail'] = ($r->displayemail == 'Y') ? 'Y' : 'N';
$ret['access_admin'] = ($r->access_admin == 'Y') ? 'Y' : 'N';
$ret['access_config'] = ($r->access_config == 'Y') ? 'Y' : 'N';
$ret['access_super'] = ($r->access_super == 'Y') ? 'Y' : 'N';
return $ret;
}
function user_load_volunteer($u)
{
/* Double check, make sure the user is of this type */
if(!in_array('volunteer', $u['types'])) return false;
$ret = array();
return $ret;
}
function user_load($user, $load_full=false, $force_type=false)
{
$id = 0;
/* Sort out the type first */
if(is_array($user)){
/* User already loaded, this is just an extended load */
$id = $user['id'];
$where = "id='$id'";
$load_base = false;
} else {
$id = intval($user);
if($id > 0) {
/* Load by ID FIXME: if we enable load-by-email below,
* then a user could use a number at the beginning of
* their email address to exploit here, must fix that.
* */
$where = "id='$id'";
} else {
return false;
/* Load by email */
// $e = stripslashes($user);
// $where = "email='$e'";
}
$load_base = true;
}
if($load_base) {
$q=mysql_query("SELECT * FROM users
WHERE
$where
AND deleted='no'
");
if(mysql_num_rows($q)!=1) return false;
$ret = mysql_fetch_assoc($q);
/* Do we need to do number conversions? */
$ret['id'] = intval($ret['id']);
/* Turn the type into an array, because there could be more than one */
$ts = explode(',', $ret['types']);
$ret['types'] = $ts; /* Now we can use in_array($ret['type'], 'judge') ; */
/* Set the current type if there's only one */
if(count($ret['types']) == 1) {
$ret['type'] = $ret['types'][0];
} else {
$ret['type'] = false;
}
} else {
$ret = $user;
}
if($load_full) {
$r = true;
foreach($ret['types'] as $t) {
/* These all pass $ret by reference, and can modify
* $ret */
$r = call_user_func("user_load_$type", $ret);
if($r == false) return false;
/* It is important that each type database doesn't
have conflicting column names */
foreach($r as $k->$v) {
if(array_key_exists($k, $ret)) {
echo "DATABSE DESIGN ERROR, duplicate user key $k";
exit;
}
}
$ret = array_merge($ret, $r);
}
}
/* Do this assignment without recursion :) */
$orig = $ret;
$ret['orig'] = $orig;
return $ret;
}
function user_save($u)
{
$fields = array('firstname','lastname','username','password',
'email','emailprivate',
'phonehome','phonework','phonecell','fax',
'address','address2','city','province','postalcode');
$set = "";
foreach($fields as $f) {
if($u[$f] == $u['orig'][$f]) continue;
if($set != "") $set .=',';
// if($f == 'types')
// $set .= "$f='".implode(',', $u[$f])."'";
$set .= "$f='{$u[$f]}'";
}
//echo "<pre>";
//print_r($u);
//echo "</pre>";
if($set != "") {
$query = "UPDATE users SET $set WHERE id='{$u['id']}'";
mysql_query($query);
// echo "query=[$query]";
echo mysql_error();
}
}
function user_valid_user($user)
{
/* Find any character that doesn't match the valid username characters
* (^ inverts the matching remember */
$x = preg_match('[^a-zA-Z0-9@.-_]',$user);
/* If x==1, a match was found, and the input is bad */
return ($x == 1) ? false : true;
}
function user_valid_password($pass)
{
/* Same as user, but allow more characters */
$x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+|;:,<.>/?]',$pass);
/* If x==1, a match was found, and the input is bad */
if($x == 1) return false;
if(strlen($pass) < 6) return false;
return true;
}
/* Perform some checks. Make sure the person is logged in, and that their
* password hasn't expired (the password_expired var is set in the login page)
*/
function user_auth_required($type, $check_expiry=true)
{
if(!isset($_SESSION['users_type'])) {
header("location: user_login.php?type=$type&notice=auth_required");
exit;
}
if($_SESSION['users_type'] != $type) {
header("location: user_login.php?type=$type&notice=auth_required");
exit;
}
if($_SESSION['password_expired'] == true && $check_expiry==true) {
header("location: user_password.php");
exit;
}
return true;
}
function user_volunteer_registration_status()
{
global $config;
// $now = date('Y-m-d H:i:s');
// if($now < $config['dates']['judgeregopen']) return "notopenyet";
// if($now > $config['dates']['judgeregclose']) return "closed";
return "open";
}
function user_judge_registration_status()
{
global $config;
$now = date('Y-m-d H:i:s');
if($now < $config['dates']['judgeregopen']) return "notopenyet";
if($now > $config['dates']['judgeregclose']) return "closed";
return "open";
}
function user_personal_fields($type)
{
/* Figure out what fields we should show. */
$all_fields = array('firstname','lastname','email','phonehome','phonecell','organization');
switch($type) {
case 'volunteer':
$f = array();
case 'committee':
$f = array('workphone','fax');
case 'judge':
$f = array();
case 'student':
$f = array();
case 'region':
$f = array();
}
return array_merge($all_fields, $f);
return null;
}
function user_personal_required_fields($type)
{
$all_fields = array('firstname','lastname','email');
switch($type) {
case 'volunteer':
$f = array();
case 'committee':
$f = array();
case 'judge':
$f = array();
case 'student':
$f = array();
case 'region':
$f = array();
}
return array_merge($all_fields, $f);
return null;
}
function user_personal_info_status($u = false)
{
if($u == false) {
$u = user_load($_SESSION['users_id']);
}
$required = array();
foreach($u['types'] as $t) {
$required = array_merge($required, user_personal_required_fields($t));
}
foreach($required as $r) {
$val = trim($u[$r]);
if(strlen($val) > 0) {
/* Ok */
} else {
return 'incomplete';
}
}
return 'complete';
}
function user_update_complete(&$u, $status)
{
if($status == 'complete' && $u['complete'] != 'yes') {
mysql_query("UPDATE users SET complete='yes' WHERE id='{$_SESSION['users_id']}'");
$u['complete'] = 'yes';
return;
}
if($status != 'complete' && $u['complete'] == 'yes') {
mysql_query("UPDATE users SET complete='no' WHERE id='{$_SESSION['users_id']}'");
$u['complete'] = 'no';
return;
}
}

306
user_login.php Normal file
View File

@ -0,0 +1,306 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
function try_login($user, $pass)
{
/* Ensure sanity of inputs, user should be an email address, but it's stored
* in the username field */
$x = isEmailAddress($user);
if($x == false) {
/* It's possible that it's a username */
if(user_valid_user($user) == false) return false;
}
$x = user_valid_password($pass);
if($x == false) return false;
$q = mysql_query("SELECT id,username,password
FROM users
WHERE username='$user'
AND deleted='no'");
echo mysql_error();
if(mysql_num_rows($q) != 1) return false;
/* Ok.. see if the passwd matches */
$r = mysql_fetch_object($q);
if($r->password != $pass) return false;
/* Login successful */
return $r->id;
}
/* If there is no session, accept a type from the URL, else,
* if there is a session, always take the session's type. The idea is
* eventually, you'll never be able to see a login page if you're already
* logged in. */
$type = false;
if(isset($_SESSION['users_type'])) {
$type = $_SESSION['users_type'];
} else {
$type = $_GET['type'];
/* user_types is in user.inc.php */
if(!in_array($type, $user_types)) $type = false;
}
$notice=$_GET['notice'];
switch($type) {
case 'volunteer':
// returns "notopenyet", "closed", or "open"
$reg_open = user_volunteer_registration_status();
break;
case 'committee':
$reg_open = 'notpermitted';
break;
case 'judge':
$reg_open = user_judge_registration_status();
break;
case 'student':
default:
$reg_open = 'closed';
break;
}
if($_POST['action']=="login" )
{
if($_POST['pass'] && $_POST['user'])
{
$id = try_login($_POST['user'], $_POST['pass']);
if($id == false) {
header("location: user_login.php?type=$type&notice=login_failed");
exit;
} else {
$u = user_load($id);
$_SESSION['name']="{$u['firstname']} {$u['lastname']}";
$_SESSION['username']=$u['username'];
$_SESSION['email']=$u['email'];
$_SESSION['users_id']=$u['id'];
$_SESSION['users_type']=$u['type'];
/* Check for an expired password */
$now = date('Y-m-d H:i:s');
if($now > $u['passwordexpiry']) {
$_SESSION['password_expired'] = true;
/* The main page (or any other user page) will catch this now and
* require them to set a password */
}
/* FIXME: call a type sepcific function
to set type specific session variables */
mysql_query("UPDATE users SET lastlogin=NOW()
WHERE id={$u['id']}");
if(count($u['types']) > 1) {
$_SESSION['multirole'] = true;
header("location: user_multirole.php");
} else {
$_SESSION['multirole'] = false;
header("location: {$type}_main.php");
}
exit;
}
}
header("location: user_login.php?type=$type&notice=login_failed");
exit;
}
else if($_GET['action']=="logout")
{
/* Do these explicitly because i'm paranoid */
unset($_SESSION['name']);
unset($_SESSION['username']);
unset($_SESSION['email']);
unset($_SESSION['users_id']);
unset($_SESSION['users_type']);
/* Take care of anything else */
$keys = array_keys($_SESSION);
foreach($keys as $k) unset($_SESSION[$k]);
header("location: user_login.php?type=$type&notice=logged_out");
exit;
}
else if($_GET['action']=="recover")
{
send_header("{$user_what[$type]} - Password Recovery",
array("{$user_what[$type]} Login" => "user_login.php?type=$type"));
$recover_link = "user_login.php?type=$type&action=recover";
?>
<br />
<?=i18n('Password recovery will reset your password to a new random password, and then email you that password. Enter your name and email address below, then click on the \'Reset\' button. The name and email must exactly match the ones you used to register. Sometimes the email takes a few minutes to send so be patient.')?><br />
<br />
<form method="post" action="user_login.php?type=<?=$type?>">
<input type="hidden" name="action" value="recoverconfirm" />
<table>
<tr><td>
<?=i18n("First Name")?>:</td><td><input type="text" size="20" name="fn" />
</td></tr>
<tr><td>
<?=i18n("Last Name")?>:</td><td><input type="text" size="20" name="ln" />
</td></tr>
<tr><td>
<?=i18n("Email")?>:</td><td><input type="text" size="20" name="email" />
</td></tr>
<tr><td colspan="2">
<input type="submit" value="<?=i18n("Reset my password")?>" />
</td></tr></table>
<br />
</form>
<br />
<div style="font-size: 0.75em;">
<?=i18n('If you didn\'t register using an email address and you have lost your password, please contact the committee to have your password reset.')?></div><br />
<?
}
else if($_POST['action'] == "recoverconfirm")
{
/* Process a recover */
$email = $_POST['email'];
if(isEmailAddress($email)) {
/* valid email address */
$q=mysql_query("SELECT * FROM users WHERE email='$email'");
$r=mysql_fetch_object($q);
if($r) {
$fn = trim($_POST['fn']);
$ln = trim($_POST['ln']);
/* Check name match */
if(strcasecmp($r->firstname, $fn)!=0 || strcasecmp($r->lastname, $ln)!=0) {
header("Location: user_login.php?type=$type&notice=recover_name_error");
exit;
}
$password = '';
$pchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for($x=0;$x<12;$x++) $password .= $pchars{rand(0,61)};
mysql_query("UPDATE users SET password='$password',passwordexpiry='0000-00-00' WHERE id={$r->id}");
/* volunteer_recover_password, judge_recover_password, student_recover_password,
committee_recover_password */
email_send("{$type}_recover_password",
$email,
array("FAIRNAME"=>i18n($config['fairname'])),
array( "PASSWORD"=>$password,
"EMAIL"=>$email)
);
header("Location: user_login.php?type=$type&notice=recover_sent");
exit;
} else {
header("Location: user_login.php?type=$type&notice=recover_email_error");
exit;
}
}
header("Location: user_login.php?type=$type&notice=email_error");
exit;
}
else
{
send_header("{$user_what[$type]} - Login", array());
switch($notice) {
case 'created_sent':
echo happy(i18n("Your new password has been sent to your email address. Please check your email and use the password to login"));
break;
case 'recover_sent':
echo notice(i18n("Your password has been sent to your email address"));
break;
case 'recover_email_error':
echo error(i18n("Could not find your email address for recovery"));
break;
case 'recover_name_error':
echo error(i18n("The name you entered does not match the one in your account"));
break;
case 'email_error':
echo error(i18n("Email address error"));
break;
case 'login_failed':
echo error(i18n("Invalid Email/Password"));
break;
case 'auth_required':
echo error(i18n("You must login to view that page"));
break;
case 'logged_out':
echo notice(i18n("You have been successfully logged out"));
break;
}
$recover_link = "user_login.php?type=$type&action=recover";
$new_link = "user_new.php?type=$type";
?>
<form method="post" action="user_login.php?type=<?=$type?>">
<input type="hidden" name="action" value="login" />
<table><tr><td>
<?=i18n("Email")?>:</td><td><input type="text" size="20" name="user" />
</td></tr><tr><td>
<?=i18n("Password")?>:</td><td><input type="password" size="20" name="pass" />
</td></tr>
<tr><td colspan=2>
<input type="submit" value=<?=i18n("Login")?> />
</td></tr>
</table>
</form>
<br />
<div style="font-size: 0.75em;">
<?=i18n("If you have lost or forgotten your password, or have misplaced the email with your initial password, please <a href=\"$recover_link\">click here to recover it</a>")?>.</div><br />
<br />
<?
switch($reg_open) {
case 'notopenyet':
echo i18n("Registration for the %1 %2 has not yet opened",
array( $config['FAIRYEAR'],
$config['fairname']),
array("Fair year","Fair name")
);
break;
case 'open':
echo i18n("If you would like to register as a new {$user_what[$type]}, <a href=\"$new_link\">click here</a>.<br />");
break;
case 'closed':
echo i18n("Registration for the %1 %2 is now closed",
array( $config['FAIRYEAR'],
$config['fairname']),
array("Fair year","Fair name")
);
break;
case 'notpermitted':
default:
break;
}
}
send_footer();
?>

87
user_multirole.php Normal file
View File

@ -0,0 +1,87 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
if(!isset($_SESSION['users_id'])) {
echo "AUTH required, this shoudln't happen.";
exit;
}
$u = user_load($_SESSION['users_id']);
if(count($u['types']) <= 1) {
/* This user doesn't have multiple roles, send them to their
* proper page */
header("location: {$u['type']}_main.php");
exit;
}
if($_GET['type']) {
/* Validate the input */
$type = $_GET['type'];
if(!in_array($type, $user_types)) {
header('location: index.php');
exit;
}
/* Make sure the user is actually allowed to be in the
* requested role */
if(!in_array($type, $u['types'])) {
header('location: user_multirole.php');
exit;
}
/* Switch roles, and forward the user to the
* appropriate mainpage */
$_SESSION['users_type'] = $type;
header("location: {$type}_main.php");
exit;
}
$_SESSION['users_type'] = false;
send_header("Choose a Role");
//only display the named greeting if we have their name
echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
echo "<br />";
echo "<br />";
echo i18n('Your account has more than one role associated with it, please select a role from the links below.');
echo "<br />";
echo "<br />";
foreach($user_types as $t) {
if(in_array($t, $u['types'])) {
echo "<a href=\"user_multirole.php?type=$t\">{$user_what[$t]}</a><br />";
echo "<br />";
}
}
send_footer();
?>

196
user_new.php Normal file
View File

@ -0,0 +1,196 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
$type = false;
if(isset($_SESSION['users_type'])) {
send_header("Registration", array());
echo i18n("Please logout before creating a new user\n");
send_footer();
exit;
}
$types = array('volunteer', 'committee', 'student','judge');
$type = $_GET['type'];
if(!in_array($type, $types)) {
send_header("Registration");
echo i18n("Invalid new registration\n");
send_footer();
exit;
}
$notice=$_GET['notice'];
switch($type) {
case 'volunteer':
// returns "notopenyet", "closed", or "open"
$reg_open = user_volunteer_registration_status();
$reg_mode = 'open';
$reg_single_password = '';
$password_expiry_days = $config['volunteer_password_expiry_days'];
$welcome_email = "volunteer_welcome";
break;
case 'committee':
$reg_open = 'notpermitted';
$reg_mode = 'closed';
$reg_single_password = '';
$password_expiry_days = 0;
$welcome_email = false;
break;
case 'judge':
$reg_open = user_judge_registration_status();
$reg_mode = $config['judge_registration_type'];
$reg_single_password = $config['judge_registration_singlepassword'];
$password_expiry_days = $config['judges_password_expiry_days'];
$welcome_email = "register_judges_welcome";
break;
case 'student':
$reg_open = 'closed';
// $reg_mode = $config['judge_registration_type'];
// $reg_single_password = $config['judge_registration_singlepassword'];
$password_expiry_days = 0;
$welcome_email = "register_students_welcome";
break;
default:
exit;
}
$data_fn = '';
$data_ln = '';
$data_email = '';
if($reg_open != "open") {
send_header("{$user_what[$type]} - Registration",
array("{$user_what[$type]} Login" => "user_login.php?type=$type") );
echo i18n("{$user_what[$type]} registration is not open");
echo "<br />";
send_footer();
exit;
}
if($reg_mode == 'invite') {
send_header("{$user_what[$type]} - Registration",
array("{$user_what[$type]} Login" => "user_login.php?type=$type") );
echo i18n("{$user_what[$type]} is by invitation only. You can not create a new account. In order to register you must have your account created for you by the science fair committee.")."<br />";
echo i18n("Once your account is created you'll be invited via email to login and complete your {$user_what[$type]} registration information. If you have been invited already, you need to use login using the email address that you were invited with. If you need an invitation, please contact the science fair committee by sending us an email: <a href=\"mailto:%1\">%1</a>.",
array($config['fairname'],$config['fairmanageremail']));
echo "<br />";
echo "<br />";
echo "<a href=\"user_login.php?type=$type\">Back to Login</a>";
send_footer();
exit;
}
if($_POST['action']=="new")
{
$create = true;
$data_fn = mysql_escape_string(stripslashes($_POST['fn']));
$data_ln = mysql_escape_string(stripslashes($_POST['ln']));
$data_email = $_POST['email'];
if(!isEmailAddress($data_email)) {
$notice = 'email_invalid';
$data_email = '';
$create = false;
}
if($create == true) {
/* Generate a password */
$password = '';
$pchars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
for($x=0;$x<12;$x++) $password .= $pchars{rand(0,61)};
/* Add the user */
$q = "INSERT INTO users (types,firstname,lastname,username,password,passwordexpiry,email,created) VALUES (
'$type', '$data_fn','$data_ln','$data_email','$password','0000-00-00','$data_email',NOW());";
mysql_query($q);
echo mysql_error();
/* Send the email */
email_send($welcome_email, $data_email,
array("FAIRNAME"=>i18n($config['fairname'])),
array("PASSWORD"=>$password,
"EMAIL"=>$data_email)
);
/* now redirect to the login page */
header("Location: user_login.php?type=$type&notice=created_sent");
exit;
}
}
send_header("{$user_what[$type]} - Registration",
array("{$user_what[$type]} Login" => "user_login.php?type=$type") );
switch($notice) {
case 'email_invalid':
echo '<br />';
echo error(i18n("The email address is invalid"));
echo '<br />';
}
?>
<form method="post" action="user_new.php?type=<?=$type?>">
<input type="hidden" name="action" value="new" />
<table><tr><td>
<?=i18n("First Name")?>:</td><td><input type="text" size="20" name="fn" value="<?=$data_fn?>" />
</td></tr><tr><td>
<?=i18n("Last Name")?>:</td><td><input type="text" size="20" name="ln" value="<?=$data_ln?>" />
</td></tr><tr><td>
<?=i18n("Email")?>:</td><td><input type="text" size="20" name="email" value="<?=$data_email?>" />
</td></tr>
<?
if($reg_mode == 'singlepassword') {
echo "<tr><td>";
echo i18n("{$user_what[$type]} Password").":</td><td><input type=\"password\" size=\"20\" name=\"registrationpassword\" />";
echo "</td></tr>";
}
?>
<tr><td colspan=2>
<input type="submit" value=<?=i18n("Register")?> />
</td></tr>
</table>
</form>
<?
echo "<br />";
echo i18n("When you click the 'Register' button, your password will be randomly created and emailed to you. When you login for the first time you will be prompted to change your password. It can sometimes take several minutes for the email to send, so be patient.");
echo "<br />";
if($reg_mode == 'singlepassword') {
echo "<br />";
echo i18n("{$user_what[$type]} registration is protected by a password. You must know the <b>$what Password</b> in order to create an account. Please contact the committee to obtain the password if you wish to register.");
echo "<br />";
}
send_footer();
?>

67
user_page.inc.php Normal file
View File

@ -0,0 +1,67 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
$user_page_overall_status = 'incomplete';
function user_page_summary_begin()
{
global $user_page_overall_status;
echo "<table class=\"summarytable\">";
echo "<tr><th>".i18n("Item")."</th><th>".i18n("Status")."</th></tr>";
$user_page_overall_status = 'complete';
}
function user_page_summary_item($name, $link, $status_function, $args=array())
{
global $user_page_overall_status;
echo "<tr><td>";
echo "<a href=\"$link\">";
echo i18n("$name");
echo "</a>";
echo "</td><td>";
//check to see if its complete
$status=call_user_func_array($status_function, $args);
echo outputStatus($status);
echo "</td></tr>";
if($status != 'complete') {
$user_page_overall_status = 'incomplete';
}
}
function user_page_summary_end($print_overall)
{
global $user_page_overall_status;
if($print_overall) {
echo "<tr><td colspan=\"2\"><hr></td></tr>";
echo "<tr><td>".i18n("Overall Status")."</td><td>";
echo outputStatus($user_page_overall_status);
echo "</td></tr>";
}
echo "</table>";
return $user_page_overall_status;
}
?>

138
user_password.php Normal file
View File

@ -0,0 +1,138 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
$type = false;
if(isset($_SESSION['users_type'])) {
$type = $_SESSION['users_type'];
} else {
header("location: index.php");
exit;
}
/* Make sure the user is logged in, but don't check passwd expiry */
user_auth_required($type, false);
$notice=$_GET['notice'];
switch($type) {
case 'volunteer':
$what = "Volunteer";
break;
case 'committee':
$what = "Committee Member";
break;
case 'judge':
$what = "Judge";
break;
case 'student':
$what = "Participant";
break;
default:
exit;
}
$back_link = "{$type}_main.php";
$password_expiry_days = $config["{$type}_password_expiry_days"];
if($_POST['action']=="save")
{
//first, lets see if they choosed the same password again (bad bad bad)
$q=mysql_query("SELECT password FROM users WHERE id='".$_SESSION['users_id']."' AND password='".$_POST['pass1']."'");
if(mysql_num_rows($q)) $notice = 'same';
else if(!$_POST['pass1']) $notice = 'passwordrequired';
else if($_POST['pass1'] != $_POST['pass2']) $notice = 'nomatch';
else if(user_valid_password($_POST['pass1']) == false) $notice = 'invalidchars';
else
{
if($password_expiry_days > 0)
$ex="passwordexpiry=DATE_ADD(CURDATE(),INTERVAL $password_expiry_days DAY)";
else
$ex="passwordexpiry=NULL";
mysql_query("UPDATE users SET password='".$_POST['pass1']."', $ex WHERE id='".$_SESSION['users_id']."' AND email='".$_SESSION['email']."'");
if($_SESSION['password_expired'])
{
unset($_SESSION['password_expired']);
header("location: $back_link?notice=password_changed");
exit;
}
}
}
send_header("$what - Change Password");
if($_SESSION['password_expired'] == true)
{
echo i18n('Your password has expired. You must choose a new password now.');
}
switch($notice) {
case 'same':
echo error(i18n("You cannot choose the same password again. Please choose a different password"));
break;
case 'passwordrequired':
echo error(i18n("New Password is required"));
break;
case 'nomatch':
echo error(i18n("Passwords do not match"));
break;
case 'invalidchars':
echo error(i18n("The password contains invalid characters or is not long enough"));
default:
}
echo "<form name=\"changepassform\" method=\"post\" action=\"user_password.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
echo "<table>\n";
echo "<br />";
echo "<table>";
echo "<tr><td>";
echo i18n("Enter New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass1\">";
echo "</td></tr>";
echo "<tr><td>";
echo i18n("Confirm New Password:");
echo "</td><td>";
echo "<input type=\"password\" size=\"10\" name=\"pass2\">";
echo "</td></tr>";
echo "</table>";
echo "<input type=\"submit\" value=\"".i18n("Change Password")."\" />\n";
echo "</form>";
echo "<br />";
echo "<div style=\"font-size: 0.75em;\">".i18n('Passwords must be be between 6 and 32 characters, and may NOT contain any quote or a backslash.')."</div>";
send_footer();
?>

151
user_personal.php Normal file
View File

@ -0,0 +1,151 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
if(!isset($_SESSION['users_type'])) {
/* No type set, invalid session */
echo "ERROR: session is invalid";
exit;
}
$u = user_load($_SESSION['users_id']);
/* Load the fields the user can edit, and theones that are required */
$fields = array();
$required = array();
foreach($u['types'] as $t) {
$fields = array_merge($fields,
user_personal_fields($t));
$required = array_merge($required,
user_personal_required_fields($t));
}
//send the header
$type = $_SESSION['users_type'];
send_header("{$user_what[$type]} - Personal Information",
array("{$user_what[$type]} Registration" => "{$type}_main.php")
);
if($_POST['action']=="save")
{
/* Set values */
foreach($fields as $f) {
$u[$f] = mysql_escape_string(stripslashes($_POST[$f]));
}
user_save($u);
echo notice(i18n("%1 %2 successfully updated",array($_POST['firstname'],$_POST['lastname'])));
}
// updateJudgeCompleteStatus($judgeinfo);
//output the current status
$newstatus=user_personal_info_status($u);
if($newstatus!='complete')
{
echo error(i18n("Personal Information Incomplete"));
}
else
{
echo happy(i18n("Personal Information Complete"));
}
function item($user, $text, $fname)
{
global $fields, $required;
if(in_array($fname, $fields)) {
echo '<td>'.i18n($text).'</td>';
echo "<td><input onchange=\"fieldChanged()\" type=\"text\" name=\"$fname\" value=\"{$user[$fname]}\" />";
if(in_array($fname, $required)) echo REQUIREDFIELD;
echo '</td>';
} else {
echo '<td></td><td></td>';
}
}
echo "<form name=\"personalform\" method=\"post\" action=\"user_personal.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
echo "<table>\n";
echo "<tr>\n";
item($u, "First Name", 'firstname');
item($u, "Last Name", 'lastname');
echo "</tr>\n";
echo "<tr>\n";
item($u, "Email Address", 'email');
echo "<td></td><td></td>";
echo "</tr>\n";
echo "<tr>\n";
item($u, "Address 1", 'address');
item($u, "Address 2", 'address2');
echo "</tr>\n";
echo "<tr>\n";
item($u, "City", 'city');
if(in_array('province', $fields)) {
echo '<td>'.i18n('Province').'</td>';
echo '<td>';
emit_province_selector("province",$judgeinfo->province,"onchange=\"fieldChanged()\"");
if(in_array('province', $required)) echo REQUIREDFIELD;
echo '</td>';
} else {
echo '<td></td><td></td>';
}
echo "</tr>\n";
echo "<tr>\n";
item($u, "Postal Code", 'postalcode');
echo "<td></td><td></td>";
echo "</tr>\n";
echo "<tr>";
item($u, "Phone (Home)", 'phonehome');
item($u, "Phone (Cell)", 'phonecell');
echo "</tr>\n";
echo "<tr>\n";
item($u, "Organization", 'organization');
item($u, "Phone (Work)", 'phonework');
echo "</tr>";
echo "<tr>\n";
item($u, "Fax", 'fax');
echo '<td></td><td></td>';
echo "</tr>";
echo "<tr><td colspan=\"4\"><hr /></td></tr>";
echo "</table>";
echo "<input type=\"submit\" value=\"".i18n("Save Personal Information")."\" />\n";
echo "</form>";
echo "<br />";
send_footer();
?>

40
volunteer.inc.php Normal file
View File

@ -0,0 +1,40 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
function volunteer_status_position($u = false)
{
global $config;
/* See if they have selected something */
$q = "SELECT * FROM volunteer_positions_signup WHERE users_id='{$_SESSION['users_id']}'
AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
if(mysql_num_rows($r) >= 1) {
return "complete";
}
return "incomplete";
}
?>

79
volunteer_main.php Normal file
View File

@ -0,0 +1,79 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
require_once("user_page.inc.php");
require_once("volunteer.inc.php");
user_auth_required('volunteer');
send_header("Volunteer Registration", array());
switch($_GET['notice']) {
case 'password_changed':
echo happy(i18n('Your password has been successfully updated'));
break;
}
//only display the named greeting if we have their name
echo i18n("Hello <b>%1</b>",array($_SESSION['name']));
echo "<br />";
echo "<br />";
echo i18n("Please use the checklist below to complete your data. Click on an item in the table to edit that information. When you have entered all information, the <b>Status</b> field will change to <b>Complete</b>");
echo "<br />";
echo "<br />";
$u = user_load($_SESSION['users_id']);
user_page_summary_begin();
user_page_summary_item("Contact Information",
"user_personal.php", "user_personal_info_status", array($u));
user_page_summary_item("Volunteer Positions",
"volunteer_position.php", "volunteer_status_position", array($u));
$overallstatus = user_page_summary_end(true);
/* A bit of a FIXME here, if a user completes everythign but doesn't refresh
this page, they will never be marked as complete. Not sure how to handle
this, it's kinda hackey to call EVERY status() fucntion within EACH page to
get teh overall status. */
user_update_complete($u, $overallstatus);
echo "<br />";
echo "<br />";
if($overallstatus!='complete')
{
echo error(i18n("You will not be marked as an active volunteer until your \"Overall Status\" is \"Complete\""));
}
else
{
echo happy(i18n("Thank you for completing the volunteer registration process. We look forward to seeing you at the fair"));
}
echo "<br />";
send_footer();
?>

158
volunteer_position.php Normal file
View File

@ -0,0 +1,158 @@
<?
/*
This file is part of the 'Science Fair In A Box' project
SFIAB Website: http://www.sfiab.ca
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
Copyright (C) 2005 James Grant <james@lightbox.org>
Copyright (C) 2007 David Grant <dave@lightbox.org>
This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public
License as published by the Free Software Foundation, version 2.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program; see the file COPYING. If not, write to
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
Boston, MA 02111-1307, USA.
*/
?>
<?
require_once("common.inc.php");
require_once("user.inc.php");
require_once("volunteer.inc.php");
user_auth_required('volunteer');
$u = user_load($_SESSION['users_id']);
/* Load the user's volunteer position selections */
//send the header
$type = $_SESSION['users_type'];
send_header("{$user_what[$type]} - Volunteer Positions",
array("{$user_what[$type]} Registration" => "{$type}_main.php")
);
if($_POST['action']=="save")
{
$vals = '';
if(is_array($_POST['posn'])) {
/* Load available IDs */
$posns = array();
$q = "SELECT * FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
while($p = mysql_fetch_object($r)) {
$posns[] = $p->id;
}
/* Match selections with avaiulable positions */
foreach($_POST['posn'] as $id=>$val) {
if(!in_array($id, $posns)) continue;
if($vals != '') $vals .=',';
$vals .= "('{$_SESSION['users_id']}','$id','{$config['FAIRYEAR']}')";
}
}
/* Delete existing selections */
mysql_query("DELETE FROM volunteer_positions_signup
WHERE
users_id='{$_SESSION['users_id']}'
AND year='{$config['FAIRYEAR']}' ");
echo mysql_error();
/* Add new selections if there are any */
if($vals != '') {
$q = "INSERT INTO volunteer_positions_signup (users_id, volunteer_positions_id,year)
VALUES $vals";
$r=mysql_query($q);
echo mysql_error();
}
echo notice(i18n("Volunteer Positions successfully updated"));
}
//output the current status
$newstatus=volunteer_status_position($u);
if($newstatus!='complete')
{
echo error(i18n("Volunteer Position Selection Incomplete"));
}
else
{
echo happy(i18n("Volunteer Position Selection Complete"));
}
echo "<form name=\"personalform\" method=\"post\" action=\"volunteer_position.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"save\" />\n";
echo "<table>\n";
/* Read current selections */
$q = "SELECT * FROM volunteer_positions_signup WHERE
users_id = '{$_SESSION['users_id']}'
AND year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
$checked_positions = array();
while($p = mysql_fetch_object($r)) {
$checked_positions[] = $p->volunteer_positions_id;
}
/* Load available volunteer positions */
$q = "SELECT *,UNIX_TIMESTAMP(start) as ustart, UNIX_TIMESTAMP(end) as uend
FROM volunteer_positions WHERE year='{$config['FAIRYEAR']}'";
$r = mysql_query($q);
while($p = mysql_fetch_object($r)) {
echo '<tr><td>';
$checked = false;
if($_SESSION['lang'] == 'en') {
$sday = strftime("%a. %B %e, %Y", $p->ustart);
$stime = strftime("%H:%M", $p->ustart);
$eday = strftime("%a. %B %e, %Y", $p->uend);
$etime = strftime("%H:%M", $p->uend);
if($sday == $eday) {
$start = $stime;
$end = "$etime, $sday";
} else {
$start = "$sday, $stime";
$end = "$eday, $etime";
}
} else {
$start = $p->start;
$end = $p->end;
}
$ch = in_array($p->id, $checked_positions) ? 'checked="checked"' : '';
echo "<input $ch type=\"checkbox\" name=\"posn[$p->id]\" value=\"checked\" />";
echo '</td><td>';
echo '<b>'.i18n($p->name).'</b></td>' ;
echo "<td align=\"right\">($start - $end)</td></tr>";
echo '<tr><td></td><td colspan="2"><div style="font-size: 0.75em;">';
echo i18n($p->desc);
echo '<br /><br /></div></td></tr>';
}
echo "</table>";
echo "<input type=\"submit\" value=\"".i18n("Save Position Selection")."\" />\n";
echo "</form>";
echo "<br />";
send_footer();
?>