From 9c080c76f54a678a27891dfee7343c547352a0dc Mon Sep 17 00:00:00 2001 From: james Date: Mon, 14 Mar 2011 20:59:16 +0000 Subject: [PATCH] Add some trimming to username/passwords/emails (to prevent people from putting spaces before and/or after their email address causing it to be invalid) Updated report system to read students from users table instead of students table Fix tcpdf tables spanning multiple pages spilling into the header area Fix calling an invalid add_table function (its addTable yo!) --- admin/reports.inc.php | 2 +- admin/reports_gen.php | 4 +- admin/reports_students.inc.php | 106 +++++++++++++++++---------------- participant_invite.php | 6 +- tcpdf.inc.php | 2 +- user.inc.php | 4 ++ 6 files changed, 66 insertions(+), 58 deletions(-) diff --git a/admin/reports.inc.php b/admin/reports.inc.php index d07881e..5ad67ba 100644 --- a/admin/reports.inc.php +++ b/admin/reports.inc.php @@ -758,7 +758,7 @@ foreach($report_stock as $n=>$v) { /* Dump the last table */ if(count($table['data'])) { // print_r($table); - $rep->add_table($table); + $rep->addTable($table); $table['data'] = array(); $table['total'] = 0; /* Start a new page AFTER a table is diff --git a/admin/reports_gen.php b/admin/reports_gen.php index a0eece1..43f536f 100644 --- a/admin/reports_gen.php +++ b/admin/reports_gen.php @@ -29,8 +29,8 @@ require_once('reports.inc.php'); $id = intval($_GET['id']); -$type = stripslashes($_GET['type']); -$stock = stripslashes($_GET['stock']); +$type = $_GET['type']; +$stock = $_GET['stock']; if(array_key_exists('conferences_id', $_GET)){ $conferences_id = intval($_GET['conferences_id']); $result = mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0); diff --git a/admin/reports_students.inc.php b/admin/reports_students.inc.php index 81de89e..c62c383 100644 --- a/admin/reports_students.inc.php +++ b/admin/reports_students.inc.php @@ -29,9 +29,9 @@ function report_students_i18n_fr(&$report, $field, $text) function reports_students_numstudents(&$report, $field, $text) { $conferences_id = $report['conferences_id']; - $q = mysql_query("SELECT students.id FROM students - WHERE students.registrations_id='$text' - AND students.conferences_id='$conferences_id'"); + $q = mysql_query("SELECT users.id FROM users + WHERE users.registrations_id='$text' + AND users.conferences_id='$conferences_id'"); return mysql_num_rows($q); } @@ -93,29 +93,29 @@ $report_students_fields = array( 'name' => 'Student -- Last Name', 'header' => 'Last Name', 'width' => 25.4 /*mm*/, - 'table' => 'students.lastname' ), + 'table' => 'users.lastname' ), 'first_name' => array( 'name' => 'Student -- First Name', 'header' => 'First Name', 'width' => 25.4 /*mm*/, - 'table' => 'students.firstname' ), + 'table' => 'users.firstname' ), 'name' => array( 'name' => 'Student -- Full Name (last, first)', 'header' => 'Name', - 'width' => 44.45 /*mm*/, + 'width' => 40.45 /*mm*/, 'scalable' => true, - 'table' => "CONCAT(students.lastname, ', ', students.firstname)", - 'table_sort'=> 'students.lastname' ), + 'table' => "CONCAT(users.lastname, ', ', users.firstname)", + 'table_sort'=> 'users.lastname' ), 'namefl' => array( 'name' => 'Student -- Full Name (first last)', 'header' => 'Name', 'width' => 44.45 /*mm*/, 'scalable' => true, - 'table' => "CONCAT(students.firstname, ' ', students.lastname)", - 'table_sort'=> 'students.lastname' ), + 'table' => "CONCAT(users.firstname, ' ', users.lastname)", + 'table_sort'=> 'users.lastname' ), 'partner' => array( 'name' => 'Student -- Partner Name (last, first)', @@ -138,8 +138,8 @@ $report_students_fields = array( 'header' => 'Student(s)', 'width' => 76.2 /*mm*/, 'scalable' => true, - 'table' => "CONCAT(students.firstname, ' ', students.lastname, IF(students2.lastname IS NULL,'', CONCAT(', ', students2.firstname, ' ', students2.lastname)))", - 'table_sort' => 'students.lastname', + 'table' => "CONCAT(users.firstname, ' ', users.lastname, IF(students2.lastname IS NULL,'', CONCAT(', ', students2.firstname, ' ', students2.lastname)))", + 'table_sort' => 'users.lastname', 'components' => array('partner') ), 'allnames' => array( @@ -147,14 +147,14 @@ $report_students_fields = array( 'header' => 'Student(s)', 'width' => 76.2 /*mm*/, 'scalable' => true, - 'table' => "GROUP_CONCAT(students.firstname, ' ', students.lastname ORDER BY students.lastname SEPARATOR ', ')", - 'group_by' => array('students.registrations_id')), + 'table' => "GROUP_CONCAT(users.firstname, ' ', users.lastname ORDER BY users.lastname SEPARATOR ', ')", + 'group_by' => array('users.registrations_id')), 'pronunciation' => array( 'name' => 'Student -- Name Pronunciation', 'header' => 'Pronunciation', 'width' => 50.8 /*mm*/, - 'table' => 'students.pronunciation'), + 'table' => 'users.pronunciation'), 'email' => array( 'start_option_group' => 'Student Contact Information', @@ -162,45 +162,45 @@ $report_students_fields = array( 'header' => 'Email', 'width' => 57.15 /*mm*/, 'scalable' => true, - 'table' => 'students.email'), + 'table' => 'accounts.email'), 'phone' => array( 'name' => 'Student -- Phone', 'header' => 'Phone', 'width' => 25.4 /*mm*/, - 'table' => 'students.phone'), + 'table' => 'users.phone'), 'address' => array( 'name' => 'Student -- Street Address', 'header' => 'Address', 'width' => 50.8 /*mm*/, 'scalable' => true, - 'table' => 'students.address'), + 'table' => 'users.address'), 'city' => array( 'name' => 'Student -- City', 'header' => 'City', 'width' => 38.1 /*mm*/, - 'table' => 'students.city' ), + 'table' => 'users.city' ), 'province' => array( 'name' => 'Student -- '.$config['provincestate'], 'header' => $config['provincestate'], 'width' => 19.05 /*mm*/, - 'table' => 'students.province' ), + 'table' => 'users.province' ), 'postal' => array( 'name' => 'Student -- '.$config['postalzip'], 'header' => $config['postalzip'], 'width' => 19.05 /*mm*/, - 'table' => 'students.postalcode' ), + 'table' => 'users.postalcode' ), 'address_full' => array( 'name' => 'Student -- Full Address', 'header' => 'Address', 'width' => 76.2 /*mm*/, 'scalable' => true, - 'table' => "CONCAT(students.address, ', ', students.city, ', ', students.province, ', ', students.postalcode)" ), + 'table' => "CONCAT(users.address, ', ', users.city, ', ', users.province, ', ', users.postalcode)" ), 'grade' => array( @@ -208,40 +208,40 @@ $report_students_fields = array( 'name' => 'Student -- Grade', 'header' => 'Gr.', 'width' => 7.62 /*mm*/, - 'table' => 'students.grade'), + 'table' => 'users.grade'), 'grade_str' => array( 'name' => 'Student -- Grade ("Grade x", not just the number)', 'header' => 'Gr.', 'width' => 7.62 /*mm*/, - 'table_sort' => 'students.grade', - 'table' => "CONCAT('Grade ', students.grade)"), + 'table_sort' => 'users.grade', + 'table' => "CONCAT('Grade ', users.grade)"), 'gender' => array( 'name' => 'Student -- Gender', 'header' => 'Gender', 'width' => 12.7 /*mm*/, - 'table' => 'students.sex', + 'table' => 'users.sex', 'value_map' =>array ('male' => 'Male', 'female' => 'Female')), 'birthdate' => array( 'name' => 'Student -- Birthdate', 'header' => 'Birthdate', 'width' => 22.86 /*mm*/, - 'table' => 'students.dateofbirth'), + 'table' => 'users.dateofbirth'), 'age' => array( 'name' => 'Student -- Age (when this report is created)', 'header' => 'Age', 'width' => 10.16 /*mm*/, - 'table' => "DATE_FORMAT(FROM_DAYS(TO_DAYS(NOW())-TO_DAYS(students.dateofbirth)), '%Y')+0", - 'table_sort' => 'students.dateofbirth'), + 'table' => "DATE_FORMAT(FROM_DAYS(TO_DAYS(NOW())-TO_DAYS(users.birthdate)), '%Y')+0", + 'table_sort' => 'users.birthdate'), 'tshirt' => array( 'name' => 'Student -- T-Shirt Size', 'header' => 'T-Shirt', 'width' => 13.97 /*mm*/, - 'table' => 'students.tshirt', + 'table' => 'users.tshirt', 'value_map' => array ('none' => '', 'xsmall' => 'X-Small', 'small' => 'Small', 'medium' => 'Medium', 'large' => 'Large', 'xlarge' => 'X-Large')), @@ -249,13 +249,13 @@ $report_students_fields = array( 'name' => 'Student -- Medical Alert Info', 'header' => 'medical', 'width' => 50.8 /*mm*/, - 'table' => 'students.medicalalert'), + 'table' => 'users.medicalalert'), 'foodreq' => array( 'name' => 'Student -- Food Requirements', 'header' => 'Food.Req.', 'width' => 50.8 /*mm*/, - 'table' => 'students.foodreq'), + 'table' => 'users.foodreq'), 'registrations_num' => array( 'start_option_group' => 'Student Registration Information', @@ -276,7 +276,7 @@ $report_students_fields = array( 'start_option_group' => 'Project Information', 'name' => 'Project -- Title', 'header' => 'Project Title', - 'width' => 69.85 /*mm*/, + 'width' => 65 /*mm*/, 'scalable' => true, 'table' => 'projects.title' ), @@ -357,7 +357,7 @@ $report_students_fields = array( 'name' => 'Project -- Number of Students', 'header' => 'Stu.', 'width' => 12.7 /*mm*/, - 'table' => 'students.registrations_id', + 'table' => 'users.registrations_id', 'exec_function' => 'reports_students_numstudents'), 'rank' => array( @@ -402,18 +402,19 @@ $report_students_fields = array( 'scalable' => true, 'table' => "CONCAT(schools.address, ', ', schools.city, ', ', schools.province_code, ', ', schools.postalcode)" ), +/* 'teacher' => array( 'name' => 'School -- Teacher Name (as entered by the student)', 'header' => 'Teacher', - 'width' => 38.1 /*mm*/, + 'width' => 38.1 , 'table' => 'students.teachername' ), 'teacheremail' => array( 'name' => 'School -- Teacher Email (as entered by the student)', 'header' => 'Teacher Email', - 'width' => 50.8 /*mm*/, + 'width' => 50.8 , 'table' => 'students.teacheremail' ), - +*/ 'school_phone' => array( 'name' => 'School -- Phone', 'header' => 'School Phone', @@ -824,8 +825,8 @@ $report_students_fields = array( 'name' => "Easy Parse -- All Student Names (REQUIRES MYSQL 5.0) ", 'header' => 'Student(s)', 'width' => 76.2 /*mm*/, - 'table' => "GROUP_CONCAT(students.lastname, ',', students.firstname ORDER BY students.lastname SEPARATOR ':')", - 'group_by' => array('students.registrations_id')), + 'table' => "GROUP_CONCAT(users.lastname, ',', users.firstname ORDER BY users.lastname SEPARATOR ':')", + 'group_by' => array('users.registrations_id')), 'special_tshirt_count' => array( 'name' => 'Special -- T-Shirt Size Count', @@ -833,7 +834,7 @@ $report_students_fields = array( 'width' => 12.7 /*mm*/, 'table' => 'COUNT(*)', 'total' => true, - 'group_by' => array('students.tshirt')), + 'group_by' => array('users.tshirt')), ); @@ -873,15 +874,15 @@ $report_students_fields = array( $partner_join = ''; if(in_array('partner', $components)) { - $partner_join = "LEFT JOIN students AS students2 - ON(students2.registrations_id=students.registrations_id - AND students2.id != students.id)"; + $partner_join = "LEFT JOIN users AS students2 + ON(students2.registrations_id=users.registrations_id + AND students2.id != users.id)"; } $tour_join = ''; $tour_where = ''; if(in_array('tours', $components)) { - $tour_join = "LEFT JOIN tours_choice ON (students.id=tours_choice.students_id AND tours_choice.rank=0), tours"; + $tour_join = "LEFT JOIN tours_choice ON (users.id=tours_choice.students_id AND tours_choice.rank=0), tours"; $tour_where = "AND tours.conferences_id='$conferences_id' AND tours.id=tours_choice.tour_id"; } @@ -890,14 +891,14 @@ $report_students_fields = array( if(in_array('emergencycontacts', $components)) { /* No need to put the year in here, students.id is unique across years */ $emergencycontact_join = "LEFT JOIN emergencycontact ON - emergencycontact.students_id=students.id "; + emergencycontact.users_id=users.id "; } $mentor_join = ''; $mentor_where = ''; if(in_array('mentors', $components)) { $mentor_join = "LEFT JOIN mentors ON - mentors.registrations_id=students.registrations_id"; + mentors.registrations_id=users.registrations_id"; $mentor_where = "AND mentors.conferences_id='$conferences_id'"; } @@ -912,10 +913,12 @@ $report_students_fields = array( $reg_where = "AND (registrations.status='complete' OR registrations.status='paymentpending')"; - $q = " FROM students - LEFT JOIN registrations ON registrations.id=students.registrations_id - LEFT JOIN schools ON schools.id=students.schools_id - LEFT JOIN projects ON projects.registrations_id=students.registrations_id + $q = " FROM users + JOIN user_roles ON users.id=user_roles.users_id + JOIN roles ON user_roles.roles_id=roles.id + LEFT JOIN registrations ON registrations.id=users.registrations_id + LEFT JOIN schools ON schools.id=users.schools_id + LEFT JOIN projects ON projects.registrations_id=users.registrations_id LEFT JOIN projectdivisions ON projectdivisions.id=projects.projectdivisions_id LEFT JOIN projectcategories ON projectcategories.id=projects.projectcategories_id $emergencycontact_join @@ -925,11 +928,12 @@ $report_students_fields = array( $awards_join $fairs_join WHERE - students.conferences_id='$conferences_id' + users.conferences_id='$conferences_id' AND projects.conferences_id='$conferences_id' AND registrations.conferences_id='$conferences_id' AND projectcategories.conferences_id='$conferences_id' AND projectdivisions.conferences_id='$conferences_id' + AND roles.type='participant' $reg_where $mentor_where $awards_where diff --git a/participant_invite.php b/participant_invite.php index 903cf0f..5fbe8c1 100644 --- a/participant_invite.php +++ b/participant_invite.php @@ -173,10 +173,10 @@ echo "
"; -if( ($_POST['action']=="invitenew" || $_POST['action']=="inviteexisting") && $_POST['email'] && $type != '') { - $newUser=user_invite($_POST['email'], null, $_POST['email'], $type); +if( ($_POST['action']=="invitenew" || $_POST['action']=="inviteexisting") && trim($_POST['email']) && $type != '') { + $newUser=user_invite(trim($_POST['email']), null, trim($_POST['email']), $type); if(is_array($newUser)) { - echo happy(i18n("%1 successfully invited to be a %2",array($_POST['email'],$type))); + echo happy(i18n("%1 successfully invited to be a %2",array(trim($_POST['email']),$type))); } else { echo error($newUser); diff --git a/tcpdf.inc.php b/tcpdf.inc.php index be7f466..4680efc 100644 --- a/tcpdf.inc.php +++ b/tcpdf.inc.php @@ -69,7 +69,7 @@ class pdf extends TCPDF { $this->SetDefaultMonospacedFont(PDF_FONT_MONOSPACED); //set margins - $this->SetMargins(PDF_MARGIN_LEFT, PDF_MARGIN_TOP, PDF_MARGIN_RIGHT); + $this->SetMargins(PDF_MARGIN_LEFT, PDF_MARGIN_TOP+4, PDF_MARGIN_RIGHT); $this->SetHeaderMargin(PDF_MARGIN_HEADER); $this->SetFooterMargin(PDF_MARGIN_FOOTER); diff --git a/user.inc.php b/user.inc.php index 02d7630..047ff1d 100644 --- a/user.inc.php +++ b/user.inc.php @@ -1644,6 +1644,10 @@ function user_invite($username, $password, $email, $roles_id){ global $roles, $conference; $u = user_load($_SESSION['users_id']); $returnval = null; + //trim them all up first + $username=trim($username); + $password=trim($password); + $email=trim($email); $roletype = null; //if its numeric, then we got an id, so get the associated roletype