Add working school editor -- some things in it will need to be refactored out, but for now, just leave it as is so alison can get to editing her schools

This commit is contained in:
james 2011-02-23 21:57:33 +00:00
parent 19676aa403
commit ac334f2534
2 changed files with 62 additions and 108 deletions

View File

@ -198,6 +198,12 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
global $config; global $config;
global $conference; global $conference;
//if we get role as a type string instead of an id (eg, 'teacher'), lets just look it up
if(!is_numeric($roles_id)) {
$tq=mysql_query("SELECT id FROM roles WHERE type='".mysql_real_escape_string($roles_id)."'");
$tr=mysql_fetch_object($tq);
$roles_id=$tr->id;
}
// avoid injections // avoid injections
$accounts_id=intval($accounts_id); $accounts_id=intval($accounts_id);
$roles_id=intval($roles_id); $roles_id=intval($roles_id);

View File

@ -66,6 +66,48 @@ if($_POST['action']=="removeuser") {
echo "ok"; echo "ok";
exit; exit;
} }
else if($_POST['action']=="adduser") {
/* we have the following to work with:
accounts_id, conferenceid, field, role, username, users_id
*/
//if accounts_id is 0, it means its a new user
$accounts_id=intval($_POST['accounts_id']);
$conferenceid=intval($_POST['conferenceid']);
$schoolid=intval($_POST['schoolid']);
if($accounts_id==0) {
$a=account_create($_POST['username']);
if(isEmailAddress($_POST['username']))
account_set_email($a['id'],$_POST['username']);
//and load it again, just so we have the most up-to-date
$a=account_load($a['id']);
}
else
$a=account_load($accounts_id);
//now lets add the role -- this fails gracefully if they already have the role, or if its added, in both cases it returns 'ok'
$ret=account_add_role($a['id'],$_POST['role'],$conferenceid);
//we still need the user id
$u=user_load_by_accounts_id($a['id']);
if($ret=='ok' && $u['id']) {
mysql_query("UPDATE schools SET `".mysql_real_escape_string($_POST['field'])."`='{$u['id']}' WHERE id='$schoolid'");
echo mysql_error();
//and update the users schools_id, yes, maybe we should use the user object and user_save() but the single query here is easier and probably waaaaaay faster
mysql_query("UPDATE users SET schools_id='$schoolid' WHERE id='{$u['id']}'");
echo mysql_error();
echo "ok";
}
else {
echo "error\n";
echo "ret=$ret\n";
echo "u="; print_r($u);
//error ?
}
exit;
}
if($_GET['action']=='loaduser') { if($_GET['action']=='loaduser') {
$schoolid=intval($_GET['schoolid']); $schoolid=intval($_GET['schoolid']);
@ -82,7 +124,7 @@ if($_GET['action']=='loaduser') {
if($r->userid > 0) { if($r->userid > 0) {
//we already have one, so just display teh details, with the option to remove or edit //we already have one, so just display teh details, with the option to remove or edit
echo "<td align=\"right\">"; echo "<td align=\"right\">";
echo "<a onclick=\"alert('not implemented yet'); return false;\" href=\"?edit=$r->id\"><img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\"></a>"; echo "<a onclick=\"return openeditor($r->userid); return false;\" href=\"#\"><img border=\"0\" src=\"".$config['SFIABDIRECTORY']."/images/16/edit.".$config['icon_extension']."\"></a>";
echo "&nbsp;"; echo "&nbsp;";
echo "<a onclick=\"return removeUserFromSchool('$role',$schoolid)\" echo "<a onclick=\"return removeUserFromSchool('$role',$schoolid)\"
href=\"#\"><img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\"></a>"; href=\"#\"><img border=0 src=\"".$config['SFIABDIRECTORY']."/images/16/button_cancel.".$config['icon_extension']."\"></a>";
@ -102,11 +144,13 @@ if($_GET['action']=='loaduser') {
} }
function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) { function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
echo "<!--begin emit_user_selector ($name,$conferenceid,$role,$allowcreate)-->\n"; echo "<!--begin emit_user_selector ($name,$conferenceid,$role,$allowcreate)-->\n";
echo "<input type=\"hidden\" id=\"{$name}_role\" name=\"{$name}_role\" value=\"$role\">"; echo "<input type=\"hidden\" id=\"{$name}_role\" name=\"{$name}_role\" value=\"$role\">";
echo "<input type=\"hidden\" id=\"{$name}_conferenceid\" name=\"{$name}_conferenceid\" value=\"$conferenceid\">"; echo "<input type=\"hidden\" id=\"{$name}_conferenceid\" name=\"{$name}_conferenceid\" value=\"$conferenceid\">";
echo "<input type=\"text\" class=\"user_select_autocomplete\" size=\"40\" id=\"{$name}\" name=\"{$name}\">"; echo "<input type=\"text\" class=\"user_select_autocomplete\" size=\"45\" id=\"{$name}\" name=\"{$name}\">";
echo "<!--end emit_user_selector-->\n"; echo "<!--end emit_user_selector-->\n";
} }
@ -121,84 +165,6 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
$atrisk = $_POST['atrisk'] == 'yes' ? 'yes' : 'no'; $atrisk = $_POST['atrisk'] == 'yes' ? 'yes' : 'no';
/*
"sciencehead='".mysql_escape_string(stripslashes($_POST['sciencehead']))."', ".
"scienceheadphone='".mysql_escape_string(stripslashes($_POST['scienceheadphone']))."', ".
"scienceheademail='".mysql_escape_string(stripslashes($_POST['scienceheademail']))."', ".
"principal='".mysql_escape_string(stripslashes($_POST['principal']))."', ".
*/
/* Get the uids for principal/science head */
$q = mysql_query("SELECT principal_uid,sciencehead_uid FROM schools WHERE id='$id'");
$i = mysql_fetch_assoc($q);
$principal_update = '';
$sciencehead_update = '';
list($first, $last) = explode(' ', $_POST['principal'], 2);
/* Load existing entry if it exists, else make an entry if
* there is data, else, do nothing */
if($i['principal_uid'] > 0)
$pl = user_load($i['principal_uid']);
else if($first != '' && $last != '') {
$pl = user_create('principal', "*$first$last".user_generate_password());
$principal_update = "principal_uid='{$pl['uid']}',";
} else
$pl = false;
/* If we loaded or created an entry, either
* update and save, or purge it */
if(is_array($pl)) {
if($first == '' && $last == '') {
user_purge($pl, 'principal');
$principal_update = 'principal_uid=NULL,';
} else {
$pl['firstname'] = $first;
$pl['lastname'] = $last;
user_save($pl);
}
}
/* Get info about science head */
list($first, $last) = explode(' ', $_POST['sciencehead'], 2);
$em = $_POST['scienceheademail'];
if($em == '' && ($first != '' || $last != '')) $em = "*$first$last".user_generate_password();
/* Load existing record, or create new if there's something
* to insert */
$sh = false;
if($i['sciencehead_uid'] > 0) {
$sh = user_load($i['sciencehead_uid']);
/* It's possile for sh to be false now, happens when the user is
* deleted outside the school editor, this condition needs to be
* fixed. If we let it go, the saving the teacher info will
* silently fail. So let's just create a new teacher */
if(is_array($sh) && ($em != $sh['email'] || $em=='')) {
/* If the emails don't match we have no way of knowing if we're creating a different
* user, or doing a correction, assume it's a different user */
user_purge($sh, 'teacher');
$sh = false;
}
}
/* If there was no teacher loaded, or if we just purged it, create a new one
* if there's an email address */
if($sh == false && $em != '') {
$sh = user_create('teacher', $em);
$sciencehead_update = "sciencehead_uid='{$sh['uid']}',";
}
/* If we have a record update it */
if(is_array($sh)) {
$sh['firstname'] = $first;
$sh['lastname'] = $last;
$sh['phonework'] = $_POST['scienceheadphone'];
$sh['email'] = $em;
$sh['username'] = $em;
user_save($sh);
}
$exec="UPDATE schools SET ". $exec="UPDATE schools SET ".
"school='".mysql_escape_string(stripslashes($_POST['school']))."', ". "school='".mysql_escape_string(stripslashes($_POST['school']))."', ".
"schoollang='".mysql_escape_string(stripslashes($_POST['schoollang']))."', ". "schoollang='".mysql_escape_string(stripslashes($_POST['schoollang']))."', ".
@ -218,7 +184,6 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
"projectlimit='".mysql_escape_string(stripslashes($_POST['projectlimit']))."', ". "projectlimit='".mysql_escape_string(stripslashes($_POST['projectlimit']))."', ".
"projectlimitper='".mysql_escape_string(stripslashes($_POST['projectlimitper']))."', ". "projectlimitper='".mysql_escape_string(stripslashes($_POST['projectlimitper']))."', ".
"accesscode='".mysql_escape_string(stripslashes($_POST['accesscode']))."', ". "accesscode='".mysql_escape_string(stripslashes($_POST['accesscode']))."', ".
$sciencehead_update.$principal_update.
"atrisk='$atrisk' ". "atrisk='$atrisk' ".
"WHERE id='$id'"; "WHERE id='$id'";
mysql_query($exec); mysql_query($exec);
@ -229,8 +194,7 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
else else
$notice = 'saved'; $notice = 'saved';
} }
else if($_POST['action'] == "save_participation") else if($_POST['action'] == "save_participation") {
{
// update the schools' participation in fairs an olympics to reflect the settings submitted // update the schools' participation in fairs an olympics to reflect the settings submitted
$olympicSet = array(); $olympicSet = array();
$fairSet = array(); $fairSet = array();
@ -258,6 +222,9 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
$q=mysql_query("SELECT * FROM schools WHERE conferences_id=$oldConfId"); $q=mysql_query("SELECT * FROM schools WHERE conferences_id=$oldConfId");
while($r=mysql_fetch_object($q)) { while($r=mysql_fetch_object($q)) {
//FIXME: we need to roll the userid's to new ones for the new conference, if we use the same ones its not gonna work
//nobody should be copying for now, so we should be safe for a few months
//2011-02-22
$puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'"); $puid = ($r->principal_uid == null) ? 'NULL' : ("'".intval($r->principal_uid)."'");
$shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'"); $shuid = ($r->sciencehead_uid == null) ? 'NULL' : ("'".intval($r->sciencehead_uid)."'");
@ -300,8 +267,7 @@ function emit_user_selector($name,$conferenceid,$role,$allowcreate=true) {
if($_GET['action']=="makeaccesscodes") { if($_GET['action']=="makeaccesscodes") {
$q=mysql_query("SELECT id FROM schools WHERE conferences_id='{$conference['id']}' AND (accesscode IS NULL OR accesscode='')"); $q=mysql_query("SELECT id FROM schools WHERE conferences_id='{$conference['id']}' AND (accesscode IS NULL OR accesscode='')");
while($r=mysql_fetch_object($q)) while($r=mysql_fetch_object($q)) {
{
$ac=generatePassword(5); $ac=generatePassword(5);
mysql_query("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND conferences_id='{$conference['id']}'"); mysql_query("UPDATE schools SET accesscode='$ac' WHERE id='$r->id' AND conferences_id='{$conference['id']}'");
@ -345,30 +311,12 @@ function updateUser(role,schoolid) {
var field=$(this).attr("name"); var field=$(this).attr("name");
var conferenceid=$("#"+field+'_conferenceid').val(); var conferenceid=$("#"+field+'_conferenceid').val();
var role=$("#"+field+'_role').val(); var role=$("#"+field+'_role').val();
if(accounts_id==0) {
//awesome, we can just post to the API!!
alert("Creating new account with username: "+username+" role: "+role+" schoolid: "+schoolid+" conferenceid: "+conferenceid);
/*
$.post("../api/account/create",{username: username},function(d) {
if(d.status=="ok") {
alert('successfully created account');
}
else {
alert('error creating account');
}
},"json");
*/ var options={action: 'adduser', accounts_id: accounts_id, users_id: users_id, username: username, field: field, conferenceid: conferenceid, schoolid: global_schoolid, role: role };
}
else { $.post("schools.php",options,function() {
alert('selecting account id: '+accounts_id); updateUser(role,global_schoolid);
if(users_id==0) { });
alert('Creating new user record for this account/conference');
} else {
alert('selecing users id: '+users_id);
}
}
$(this).prev().val(users_id);
} }
}); });
}); });