From 93f4703b7168a12617748812f30a5033b2f9110c Mon Sep 17 00:00:00 2001
From: james <james>
Date: Wed, 16 Feb 2011 18:39:59 +0000
Subject: [PATCH] Add account_list (temporary hack) user_invite can find users
 by username OR by email address if the account is found, but user_load fails,
 thats okay, it just means that they dont have any roles yet

---
 account.inc.php        |   6 +-
 admin/account_list.php | 266 +++++++++++++++++++++++++++++++++++++++++
 admin/judges.php       |   1 +
 user.inc.php           |   1 +
 user_invite.php        |   7 +-
 5 files changed, 277 insertions(+), 4 deletions(-)
 create mode 100644 admin/account_list.php
diff --git a/account.inc.php b/account.inc.php
index 0d1579f..b9cde9e 100644
--- a/account.inc.php
+++ b/account.inc.php
@@ -146,19 +146,19 @@ function account_create($username,$password=NULL)
 
 	/* Sanity check username */
 	if(!account_valid_user($username)) {
-		$errMsg .= i18n('Invalid user name "%1"', array($username)) . " ";
+		$errMsg .= i18n('Invalid user name "%1"', array($username)) . "\n";
 	}else{
 		/* Make sure the user doesn't exist */
 		$us = mysql_real_escape_string($username);
 		$q = mysql_query("SELECT * FROM accounts WHERE username='$us'");
 		if(mysql_num_rows($q)) {
-			$errMsg .= i18n("The username %1 is already in use", array($username)) . " ";
+			$errMsg .= i18n("The username %1 is already in use", array($username)) . "\n";
 		}
 	}
 
 	//if the password is set, make sure its valid, if its null, thats OK, it'll get generated and set by account_set_password
 	if($password && !account_valid_password($password)) {
-		$errMsg .= i18n("Invalid password") . " ";
+		$errMsg .= i18n("Invalid password") . "\n";
 	}
 
 	if($errMsg != '') return $errMsg;
diff --git a/admin/account_list.php b/admin/account_list.php
new file mode 100644
index 0000000..fb330c3
--- /dev/null
+++ b/admin/account_list.php
@@ -0,0 +1,266 @@
+<?
+/* 
+   This file is part of the 'Science Fair In A Box' project
+   SFIAB Website: http://www.sfiab.ca
+
+   Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
+   Copyright (C) 2005 James Grant <james@lightbox.org>
+
+   This program is free software; you can redistribute it and/or
+   modify it under the terms of the GNU General Public
+   License as published by the Free Software Foundation, version 2.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+    General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program; see the file COPYING.  If not, write to
+   the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
+   Boston, MA 02111-1307, USA.
+*/
+?>
+<?
+if($_GET['show_types'])
+	$NAV_IDENT=$_GET['show_types'][0];
+if($_POST['show_types'])
+	$NAV_IDENT=$_POST['show_types'][0];
+
+ require_once('../common.inc.php');
+ require_once('../user.inc.php');
+ require_once('../judge.inc.php');
+ user_auth_required('admin');
+
+ require_once('judges.inc.php');
+
+$user_what = array();
+ $query = mysql_query("SELECT `type`, `name` FROM roles");
+ while($row = mysql_fetch_assoc($query)){
+ 	$user_what[$row['type']] = $row['name'];
+ }
+
+ $show_types = $_GET['show_types'];
+ if(user_valid_role($show_types) == false) $show_types = array('judge');
+
+ $show_complete = ($_GET['show_complete'] == 'yes') ? 'yes' : 'no';
+ $show_all = ($_GET['show_all'] == 'yes') ? 'yes' : 'no';
+ $uid = intval($_GET['uid']);
+
+ if($_GET['action']=='remove') {
+	if(!$uid) {
+		echo "Invalid uid for delete";
+		exit;
+	}
+	user_delete($uid);
+	message_push(happy(i18n('User deleted.')));
+ }
+
+ send_header("Account Editor",
+ 		array('Committee Main' => 'committee_main.php',
+			'Administration' => 'admin/index.php')
+				);
+?>
+<script language="javascript" type="text/javascript">
+
+function openeditor(id)
+{
+	if(id) currentid=id;
+
+	window.open("user_editor_window.php?users_id="+currentid,"UserEditor","location=no,menubar=no,directories=no,toolbar=no,width=1000,height=640,scrollbars=yes"); 
+	return false;
+
+}
+
+function toggleoptions()
+{
+	if(document.getElementById('options').style.display == 'none') {
+		document.getElementById('options').style.display = 'block';
+		document.getElementById('optionstext').innerHTML = '- <?=i18n('Hide Display Options')?>';
+
+	} else {
+		document.getElementById('options').style.display = 'none';
+		document.getElementById('optionstext').innerHTML = '+ <?=i18n('Show Display Options')?>';
+	}
+}
+
+function togglenew()
+{
+	if(document.getElementById('new').style.display == 'none') {
+		document.getElementById('new').style.display = 'block';
+		document.getElementById('newtext').innerHTML = '<?=i18n('Cancel New User')?>';
+
+	} else {
+		document.getElementById('new').style.display = 'none';
+		document.getElementById('newtext').innerHTML = '<?=i18n('Add New User')?>';
+	}
+}
+
+function neweditor()
+{
+	var username = document.forms.newuser.new_email.value;
+	var usertype = document.forms.newuser.new_type.value;
+	window.open("user_editor_window.php?type="+usertype+"&username="+username,"UserEditor","location=no,menubar=no,directories=no,toolbar=no,width=770,height=500,scrollbars=yes"); 
+	document.forms.newuser.new_email.value = "";
+	return false;
+}
+
+</script>
+
+<?
+/*
+	echo "<div class=\"notice\">";
+	echo "<a id=\"optionstext\" onclick=\"toggleoptions();return false;\">- ".i18n('Show Display Options')."</a>";
+
+	echo "<form method=\"GET\" action=\"$PHP_SELF\">";
+
+	echo "<div id=\"options\" style=\"display: none;\" >";
+	echo "<table><tr><td>".i18n('Type').":</td>";
+	$x = 0;
+	foreach($user_what as $k=>$v ) {
+		$sel = (in_array($k, $show_types)) ? 'checked="checked"' : '';
+		echo "<td><input type=\"radio\" name=\"show_types[]\" value=\"$k\" $sel >".i18n($v)."</input></td>";
+		if($x) echo "</tr><tr><td></td>";
+		$x = ~$x;
+	}
+	echo "</tr>";
+
+	echo "<tr><td>".i18n('Complete').":</td><td>";
+	echo "<select name=\"show_complete\">";
+	$s = ($show_complete == 'yes') ? 'selected="selected"' : '';
+	echo "<option value=\"yes\" $s>".i18n('Show only complete registrations')."</option>";
+	$s = ($show_complete == 'no') ? 'selected="selected"' : '';
+	echo "<option value=\"no\" $s>".i18n('Show ALL registrations')."</option>";
+	echo "</select>";
+	
+	echo "</tr>";
+	echo "<tr><td>".i18n('Conference').":</td><td>";
+	echo "<select name=\"show_all\">";
+	$s = ($show_all == 'no') ? 'selected="selected"' : '';
+	echo "<option value=\"no\" $s>".i18n('Show only registrations from this conference')."</option>";
+	$s = ($show_all == 'yes') ? 'selected="selected"' : '';
+	echo "<option value=\"yes\" $s>".i18n('Show ALL conferences')."</option>";
+	echo "</select>";
+	echo "</td></tr></table>";
+	echo "<br />";	
+	echo "<input type=submit value=\"".i18n('Apply Filter')."\">";
+	echo "</div>";
+	echo "</form>";
+	
+	echo "</div>";
+
+	
+	echo "<br/><a id=\"newtext\" href=\"javascript:togglenew()\">".i18n('Add New User')."</a>";
+	echo '<div id="new" style="display: none;" class="notice">';
+	echo "<form name=\"newuser\" method=\"GET\" action=\"$PHP_SELF\">";
+	echo "<table><tr><td>".i18n('Type').":</td><td>";
+	echo "<select name=\"new_type\">";
+	$x = 0;
+	foreach($user_what as $k=>$v ) {
+		$sel = (in_array($k, $show_types)) ? 'selected="selected"' : '';
+		echo "<option value=\"$k\" $sel>".i18n($v)."</option>";
+	}
+	echo "</select>";
+	echo "</tr>";
+	echo "<tr><td>".i18n('Email').":</td><td>";
+	echo '<input type="text" name="new_email" value="" />';
+	echo '</td></tr>';
+	echo '</table>';
+	echo "<input type=submit onclick=\"neweditor();\" value=\"".i18n('Create New User')."\">";
+	
+	echo '</form>';
+	
+	echo '</div>';
+	echo "<br />";	
+	echo "<br />";	
+	*/
+
+	/* Grab a list of users */
+	$clauses = array();
+	$showroles = array();
+	foreach($show_types as $t){
+		$showroles[] = "type = '$t'";
+	}
+	if(count($showroles) > 0) $clauses[] = 'user_roles.roles_id IN(SELECT id FROM roles WHERE ' . implode(' OR ', $showroles) . ')';
+	if($show_complete == 'yes') $clauses[] = 'user_roles.complete = "yes"';
+	if($show_all == 'no') $clauses[] = "users.conferences_id={$conference['id']}";
+
+	$querystr =
+	 "SELECT * FROM accounts ORDER BY username";
+	 /*
+		"SELECT users.*, 
+				accounts.username,
+				accounts.email AS emailaddress,
+				user_roles.accounts_id, user_roles.roles_id, user_roles.active, user_roles.complete,
+				roles.type,
+				conferences.name AS conference_name
+		FROM users
+		JOIN user_roles ON user_roles.users_id = users.id
+		JOIN roles ON user_roles.roles_id=roles.id
+		JOIN conferences ON users.conferences_id = conferences.id
+		JOIN accounts ON user_roles.accounts_id=accounts.id";
+
+	if(count($clauses) > 0){
+		$querystr .= " WHERE " . implode(' AND ', $clauses) . " ";
+	}
+
+	$querystr .= " 
+		 ORDER BY lastname ASC, firstname ASC, conferences_id DESC ";
+
+*/
+
+/*
+	echo $querystr;
+	echo "<br />\n";
+	echo "<br />\n";
+	*/
+	$q = mysql_query($querystr);
+	echo mysql_error();
+	echo "<br />\n";
+	$num = mysql_num_rows($q);
+	echo i18n("Listing %1 account total.",array($num));
+
+	echo mysql_error();
+	echo "<table class=\"tableview\">";
+	echo "<thead>";
+	echo "<tr>";
+	echo " <th>".i18n("Username")."</th>";
+	echo " <th>".i18n("Email Address")."</th>";
+	echo " <th>".i18n("Pending Email")."</th>";
+	echo " <th>".i18n("Actions")."</th>";
+	echo "</tr>";
+	echo "</thead>";
+	echo "<tbody>";
+
+	$tally = array();
+	$tally['active'] = array();
+	$tally['inactive'] = array();
+	$tally['active']['complete'] = 0;
+	$tally['active']['incomplete'] = 0;
+	$tally['active']['na'] = 0;
+	$tally['inactive']['complete'] = 0;
+	$tally['inactive']['incomplete'] = 0;
+	$tally['inactive']['na'] = 0;
+	while($r=mysql_fetch_assoc($q)) {
+		// get the role data for this user
+		echo "<tr>";
+		echo "<td>";
+		echo $r['id'];
+		echo "</td>";
+
+		echo "<td>";
+		echo $r['username'];
+		echo "</td>";
+
+		echo "<td>";
+		echo $r['email'];
+		echo "</td><td>";
+		echo $r['pendingemail'];
+		echo "</td>";
+		echo "<td></td></tr>";
+	}
+	echo "</tbody>";
+	echo "</table>";
+
+	send_footer();
+?>
diff --git a/admin/judges.php b/admin/judges.php
index 0563b5e..605bb96 100644
--- a/admin/judges.php
+++ b/admin/judges.php
@@ -33,6 +33,7 @@
 			);
  echo "<br />";
  echo '<b>'.i18n('Judges').'</b><ul>';
+ echo "<li><a href=\"account_list.php\">".i18n("Account List")."</a></li></li>";
  echo "<li><a href=\"../user_invite.php?type=judge\">".i18n("Invite Judges")."</a></li></li>";
  echo "<li><a href=\"user_list.php?show_types[]=judge\">".i18n("Manage Judges")."</a> - ".i18n("Add, Delete, Edit, and List judges").'</li>';
  echo '</ul>';
diff --git a/user.inc.php b/user.inc.php
index 8fbf893..5f18d65 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -43,6 +43,7 @@ function user_valid_role($role)
 }
 
 
+//0,319
 function user_load($users_id, $accounts_id = false)
 {
 	global $conference;
diff --git a/user_invite.php b/user_invite.php
index fcbfcdb..8adb98b 100644
--- a/user_invite.php
+++ b/user_invite.php
@@ -43,7 +43,7 @@
 	//we use username='email' because if we are INVITING someone, then
 	//they pretty much have to user their email address as their username
 	//otherwise the system has no way to send them the details
-	$q = mysql_query("SELECT id,deleted FROM accounts WHERE username='$email'");
+	$q = mysql_query("SELECT id,deleted FROM accounts WHERE username='$email' OR email='$email'");
 	if(mysql_num_rows($q) == 0) {
 		/* Account doesn't exist */
 		echo "notexist\n";
@@ -57,6 +57,11 @@
 	}
 
 	$u = user_load_by_accounts_id($account['id']);
+	if(!$u) {
+		//user_load_by_accounts_id returns false if there is no user record for this account for this conference
+		echo "norole\n";
+		exit;
+	}
 
 	if(!array_key_exists($type, $u['roles'])) {
 		echo "norole\n";

".i18n('Type').":	".i18n($v)."

".i18n('Complete').":	"; + echo ""; + + echo "
".i18n('Conference').":	"; + echo ""; + echo "
".i18n('Type').":	"; + echo ""; + echo "
".i18n('Email').":	"; + echo ''; + echo '