From b1f2718a3c1d67749acc1c04eb4c9be97d6b39fc Mon Sep 17 00:00:00 2001 From: dave Date: Tue, 13 Jul 2010 03:30:11 +0000 Subject: [PATCH] Users can login and logout and look at their home pages. --- account.inc.php | 151 +++++++++ common.inc.php | 84 +++-- user.inc.php | 877 +++++++++++++++--------------------------------- user_login.php | 307 ++++++++--------- user_main.php | 66 ++++ 5 files changed, 691 insertions(+), 794 deletions(-) create mode 100644 account.inc.php create mode 100644 user_main.php diff --git a/account.inc.php b/account.inc.php new file mode 100644 index 0000000..3d078b5 --- /dev/null +++ b/account.inc.php @@ -0,0 +1,151 @@ + + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +?> +/?]',$pass); + + /* If x==1, a match was found, and the input is bad */ + if($x == 1) return false; + + if(strlen($pass) < 6) return false; + + return true; +} + +/* A more strict version of isEmailAddress() */ +function account_valid_email($str) +{ + $x = preg_match('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str); + return ($x == 1) ? true : false; +} + +/* Duplicate of common.inc.php:generatePassword, which will be deleted + * eventually when ALL users are handled through this file */ +function account_generate_password($pwlen=8) +{ + //these are good characters that are not easily confused with other characters :) + $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; + $len=strlen($available) - 1; + + $key=""; + for($x=0;$x<$pwlen;$x++) + $key.=$available{rand(0,$len)}; + return $key; +} + +function account_set_password($accounts_id, $password = NULL) +{ + $save_old = false; + if($password == NULL) { + $q = mysql_query("SELECT passwordset FROM accounts WHERE id='$accounts_id'"); + $a = mysql_fetch_assoc($q); + /* Generate a new password */ + $password = account_generate_password(12); + /* save the old password only if it's not an auto-generated one */ + if($a['passwordset'] != '0000-00-00') $save_old = true; + /* Expire the password */ + $save_set = "'0000-00-00'"; + } else { + /* Set the password, no expiry, save the old */ + $save_old = true; + $save_set = 'NOW()'; + } + + $p = mysql_escape_string($password); + $set = ($save_old == true) ? 'oldpassword=password, ' : ''; + $set .= "password='$p', passwordset=$save_set "; + + $query = "UPDATE accounts SET $set WHERE id='$accounts_id'"; + mysql_query($query); + echo mysql_error(); + + return $password; +} + +function account_load($id) +{ + $id = intval($id); + $q = mysql_query("SELECT * FROM accounts WHERE id='$id'"); + if(mysql_num_rows($q) == 0) { + echo "No such account $id"; + exit; + } + if(mysql_num_rows($q) > 1) { + echo "More than one account returned for $id"; + exit; + } + + $a = mysql_fetch_assoc($q); + return $a; +} + + +function account_create($username) +{ + global $config; + + /* Sanity check username */ + if(!user_valid_user($username)) { + return -1; + } + + /* Make sure the user doesn't exist */ + $us = mysql_real_escape_string($username); + $q = mysql_query("SELECT * FROM accounts WHERE username='$us'"); + if(mysql_num_rows($q)) { + return -2; + } + + /* Create the account */ + mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`) + VALUES ('$us', NOW(),'no','no')"); + echo mysql_error(); + + $accounts_id = mysql_insert_id(); + + account_set_password($accounts_id, NULL); + + $a = account_load($accounts_id); + return $a; +} + + +/* + if(user_valid_email($username)) { + mysql_query("UPDATE users SET email='$username' WHERE id='$uid'"); + } +*/ +?> diff --git a/common.inc.php b/common.inc.php index 2895f94..850381d 100644 --- a/common.inc.php +++ b/common.inc.php @@ -257,12 +257,17 @@ while($r=mysql_fetch_object($q)) { $config['dates'][$r->name]=$r->date; } +//load roles +$roles=array(); +$q = mysql_query("SELECT * FROM roles"); +while(($r = mysql_fetch_assoc($q))) { + $roles[$r['type']] = $r; +} + //and now pull the theme require_once("theme/{$config['theme']}/theme.php"); require_once("theme/{$config['theme_icons']}/icons.php"); -require_once("committee.inc.php"); - //detect the browser first, so we know what icons to use - we store this in the config array as well //even though its not configurable by the fair if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE")) @@ -549,10 +554,10 @@ if(isset($_SESSION['users_type'])) { } else { ?> -
+ @@ -629,40 +634,41 @@ if(is_array($nav)) { ?> ".i18n("Main Page").''; echo "
  • ".i18n("My Profile").'
    • '; - echo "
  • ".i18n("Committee Home").'
    • '; - if(committee_auth_has_access("admin")){ + if(in_array('committee', $_SESSION['roles'])) { +// echo "
  • ".i18n("Committee Home").'
    • '; + } + if(in_array('admin', $_SESSION['roles'])) { echo "
  • ".i18n("Administration").'
    • '; } - if(committee_auth_has_access("config")){ + if(in_array('config', $_SESSION['roles'])) { echo "
  • ".i18n("Configuration").'
    • '; } - if(committee_auth_has_access("super")){ + if($_SESSION['superuser'] == 'yes') { echo "
  • ".i18n("System Setup").'
    • '; - } -} else if($_SESSION['users_type']=="judge") { - echo "
  • ".i18n("My Profile").'
    • '; + } + if(in_array('volunteer', $_SESSION['roles'])) { +// echo "
  • ".i18n("Volunteer Home").'
    • '; + } + if(in_array('sponsor', $_SESSION['roles'])) { +// echo "
  • ".i18n("Sponsor Home").'
    • '; + } + /* FIXME: setting the schoolid should move to the user_login routine, so we can just test for + * the presence of the school/teacher/principal role here */ + if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) { + echo "
  • ".i18n("School Home").'
    • '; + echo "
  • ".i18n("Logout").'
    • '; + } + if(in_array('student', $_SESSION['roles'])) { + echo "
  • ".i18n("Participant Home").'
    • '; + } echo "
  • ".i18n("Logout").'
    • '; -} else if($_SESSION['users_type']=="volunteer") { - echo "
  • ".i18n("My Profile").'
    • '; - echo "
  • ".i18n("Volunteer Home").'
    • '; - echo "
  • ".i18n("Logout").'
    • '; -} else if($_SESSION['users_type']=="sponsor") { - echo "
  • ".i18n("My Profile").'
    • '; - echo "
  • ".i18n("Sponsor Home").'
    • '; - echo "
  • ".i18n("Logout").'
    • '; -} else if($_SESSION['schoolid'] && $_SESSION['schoolaccesscode']) { - echo "
  • ".i18n("School Home").'
    • '; - echo "
  • ".i18n("Logout").'
    • '; } -else if($_SESSION['registration_number'] && $_SESSION['registration_id']) { - echo "
  • ".i18n("Participant Home").'
    • '; - echo "
  • ".i18n("Logout")."
    • \n"; -} else { -} -?> - +?> + @@ -730,6 +741,7 @@ else if($title) echo "

    ".$title."

    "; display_messages(); + } /* END OF send_header */ diff --git a/user.inc.php b/user.inc.php index 38d67d9..d63970d 100644 --- a/user.inc.php +++ b/user.inc.php @@ -24,196 +24,62 @@ ?> 'Participant', 'judge' => 'Judge', - 'committee'=>'Committee Member','volunteer' => 'Volunteer', - 'fair'=>'Science Fair','sponsor' => 'Sponsor Contact', - 'principal' => 'Principal', - 'teacher' => 'Teacher', - 'parent' => 'Parent', - 'alumni' => 'Alumni', - 'mentor' => 'Mentor'); -$user_types = array_keys($user_what); - -function user_valid_type($type) +function user_valid_role($role) { - global $user_types; - if(is_array($type)) { - foreach($type as $t) { - if(!in_array($t, $user_types)) return false; - } - } else { - if(!in_array($type, $user_types)) return false; + global $roles; + if(!is_array($role)) $role = array($role); + + foreach($role as $r) { + if(!array_key_exists($r, $roles)) return false; } return true; } -/* Duplicate of common.inc.php:generatePassword, which will be deleted - * eventually when ALL users are handled through this file */ -function user_generate_password($pwlen=8) + +function user_load($users_id, $accounts_id = false) { - //these are good characters that are not easily confused with other characters :) - $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; - $len=strlen($available) - 1; - - $key=""; - for($x=0;$x<$pwlen;$x++) - $key.=$available{rand(0,$len)}; - return $key; -} - - - -/* Separate user_load_type functions, these could make additional database - * calls if required */ -function user_load_fair(&$u) -{ - $u['fair_active'] = ($u['fair_active'] == 'yes') ? 'yes' : 'no'; - $u['fair_complete'] = ($u['fair_complete'] == 'yes') ? 'yes' : 'no'; -// $u['fair_name'] = $u['fair_name']; -// $u['fair_abbrv'] = $u['fair_abbrv']; - return true; -} - -function user_load_student(&$u) -{ - $u['student_active'] = ($u['student_active'] == 'yes') ? 'yes' : 'no'; - $u['student_complete'] = ($u['student_complete'] == 'yes') ? 'yes' : 'no'; - return true; -} - -function user_load_judge(&$u) -{ - $u['judge_active'] = ($u['judge_active'] == 'yes') ? 'yes' : 'no'; - $u['judge_complete'] = ($u['judge_complete'] == 'yes') ? 'yes' : 'no'; - $u['years_school'] = intval($u['years_school']); - $u['years_regional'] = intval($u['years_regional']); - $u['years_national'] = intval($u['years_national']); - $u['willing_chair'] = ($u['willing_chair'] == 'yes') ? 'yes' : 'no'; - $u['special_award_only'] = ($u['special_award_only'] == 'yes') ? 'yes' : 'no'; - $u['cat_prefs'] = unserialize($u['cat_prefs']); - $u['div_prefs'] = unserialize($u['div_prefs']); - $u['divsub_prefs'] = unserialize($u['divsub_prefs']); -// $u['expertise_other'] = $u['expertise_other']; - $u['languages'] = unserialize($u['languages']); -// $u['highest_psd'] = $u['highest_psd']; - - /* Sanity check the arrays, make sure they are arrays */ - $should_be_arrays = array('cat_prefs','div_prefs', - 'divsub_prefs','languages'); - foreach($should_be_arrays as $k) { - if(!is_array($u[$k])) $u[$k] = array(); - } - - return true; -} - -function user_load_committee(&$u) -{ - $u['committee_active'] = $u['committee_active']; - $u['emailprivate'] = $u['emailprivate']; - $u['ord'] = intval($u['ord']); - $u['displayemail'] = ($u['displayemail'] == 'yes') ? 'yes' : 'no'; - $u['access_admin'] = ($u['access_admin'] == 'yes') ? 'yes' : 'no'; - $u['access_config'] = ($u['access_config'] == 'yes') ? 'yes' : 'no'; - $u['access_super'] = ($u['access_super'] == 'yes') ? 'yes' : 'no'; - $u['committee_complete'] = ($u['committee_complete'] == 'yes') ? 'yes' : 'no'; - return true; -} - -function user_load_volunteer(&$u) -{ - $u['volunteer_active'] = ($u['volunteer_active'] == 'yes') ? 'yes' : 'no'; - $u['volunteer_complete'] = ($u['volunteer_complete'] == 'yes') ? 'yes' : 'no'; - return true; -} - -function user_load_sponsor(&$u) -{ - $u['sponsors_id'] = intval($u['sponsors_id']); - $u['sponsor_complete'] = ($u['sponsor_complete'] == 'yes') ? 'yes' : 'no'; - $u['sponsor_active'] = ($u['sponsor_active'] == 'yes') ? 'yes' : 'no'; - if($u['sponsors_id']) { - $q=mysql_query("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'"); - $u['sponsor']=mysql_fetch_assoc($q); - } - return true; -} - -function user_load_principal(&$u) -{ - return true; -} - -function user_load_teacher(&$u) -{ - return true; -} - -function user_load_mentor(&$u) -{ - return true; -} -function user_load_parent(&$u) -{ - return true; -} - -function user_load_alumni(&$u) -{ - return true; -} - -function user_load($user, $uid = false) -{ - $query = "SELECT * FROM users WHERE "; - if($uid != false) { - $uid = intval($uid); - $query .= "`users`.`uid`='$uid' ORDER BY `users`.`year` DESC LIMIT 1"; - $killScript = true; + if($accounts_id != false) { + $accounts_id = intval($accounts_id); + $query .= "`users`.`accounts_id`='$accounts_id' ORDER BY `users`.`year` DESC LIMIT 1"; } else { - $killScript = false; - $id = intval($user); - $query .= " `users`.`id`='$id'"; + $id = intval($users_id); + $query .= " `users`.`id`='$id'"; } $q=mysql_query($query); - if(mysql_num_rows($q) == 0) { + if(mysql_num_rows($q) == 0) return false; + + if(mysql_num_rows($q) > 1) { + echo "ERROR: More than one user.\n"; + exit; } - if($killScript){ - echo $query; - exit(); - } + + /* Load the user */ $ret = mysql_fetch_assoc($q); - $query = "SELECT * FROM user_roles JOIN roles ON user_roles.roles_id = roles.id WHERE user_roles.accounts_id = " . $ret['uid'] . " AND user_roles.active = 'yes'"; - $q = mysql_query($query); - $deleted = true; - $ret['types'] = array(); - while($roleData = mysql_fetch_assoc($q)){ - $deleted = false; - $ret['types'][] = $roleData['roletype']; - } - - if($deleted) return false; -// $ret = mysql_fetch_assoc($q); - /* Make sure they're not deleted, we don't want to do this in the query, because loading by $uid would - * simply return the previous year (where deleted=no) */ - /* - if($ret['deleted'] != 'no') { - // User is deleted - return false; - } - */ - - /* Do we need to do number conversions? */ + /* Sanitize before using these in mysql queries */ $ret['id'] = intval($ret['id']); - $ret['uid'] = intval($ret['uid']); + $ret['accounts_id'] = intval($ret['accounts_id']); $ret['year'] = intval($ret['year']); + - /* Turn the type into an array, because there could be more than one */ -// $ts = explode(',', $ret['types']); -// $ret['types'] = $ts; /* Now we can use in_array('judge', $ret['types']) ; */ + /* Get roles, and active/complete status for each role */ + $query = "SELECT * FROM user_roles LEFT JOIN roles ON roles.id=user_roles.roles_id WHERE user_roles.users_id={$ret['id']}"; + $q = mysql_query($query); + + $ret['roles'] = array(); + while(($roledata = mysql_fetch_assoc($q))) { + $t = $roledata['type']; + $ret['roles'][$t] = $roledata; + } + + if(count($ret['roles']) == 0) { + /* No roles, that's ok actually, the previous logic here was that + * a user without roles is deleted.. but.. this could happen for + * new users, or if someone deletes all their roles before adding + * a new role */ + } /* Convenience */ $ret['name'] = ($ret['firstname'] ? "{$ret['firstname']} " : '').$ret['lastname']; @@ -231,28 +97,55 @@ function user_load($user, $uid = false) //otherwise, just their email address $ret['emailrecipient']=$ret['email']; } - else + else { $ret['emailrecipient']=""; + } - foreach($ret['types'] as $t) { - /* These all pass $ret by reference, and can modify - * $ret */ - $r = call_user_func("user_load_$t", &$ret); - if($r != true) { - echo "user_load_$t returned false!\n"; - return false; - } + foreach(array_keys($ret['roles']) as $r) { + /* Do the load routines inline, the explosion of user roles + * means it's just silly to have a different function for each + * one. If we get one that has a crazy amount of stuff to do, + * we could move it all to a function and call it in the + * switch below */ + switch($r) { + case 'committee': + $u['ord'] = intval($u['ord']); + $u['displayemail'] = ($u['displayemail'] == 'yes') ? 'yes' : 'no'; + break; - /* It is important that each type database doesn't - have conflicting column names */ -/* foreach($r as $k=>$v) { - if(array_key_exists($k, $ret)) { - echo "DATABASE DESIGN ERROR, duplicate user key $k"; - exit; + case 'judge': + $u['years_school'] = intval($u['years_school']); + $u['years_regional'] = intval($u['years_regional']); + $u['years_national'] = intval($u['years_national']); + $u['willing_chair'] = ($u['willing_chair'] == 'yes') ? 'yes' : 'no'; + $u['special_award_only'] = ($u['special_award_only'] == 'yes') ? 'yes' : 'no'; + $u['cat_prefs'] = strlen($u['cat_prefs'] > 0) ? unserialize($u['cat_prefs']) : array(); + $u['div_prefs'] = strlen($u['div_prefs'] > 0) ? unserialize($u['div_prefs']) : array(); + $u['divsub_prefs'] = strlen($u['divsub_prefs'] > 0) ? unserialize($u['divsub_prefs']) : array(); + // $u['expertise_other'] = $u['expertise_other']; + $u['languages'] = strlen($u['languages'] > 0) ? unserialize($u['languages']) : array(); + // $u['highest_psd'] = $u['highest_psd']; + + /* Sanity check the arrays, make sure they are arrays */ + $should_be_arrays = array('cat_prefs','div_prefs', + 'divsub_prefs','languages'); + foreach($should_be_arrays as $k) { + if(!is_array($u[$k])) $u[$k] = array(); } + break; + + case 'sponsor': + $u['sponsors_id'] = intval($u['sponsors_id']); + if($u['sponsors_id']) { + $q=mysql_query("SELECT * FROM sponsors WHERE id='{$u['sponsors_id']}'"); + $u['sponsor']=mysql_fetch_assoc($q); + } + break; + + default: + /* Nothing to do for all other roles */ + break; } - $ret = array_merge($ret, $r); -*/ } /* Do this assignment without recursion :) */ @@ -263,74 +156,90 @@ function user_load($user, $uid = false) return $ret; } -function user_load_by_uid($uid) +function user_load_by_accounts_id($accounts_id) { - return user_load(0, $uid); + return user_load(0, $accounts_id); } function user_load_by_email($email) { - /* Find the most recent uid for the email, regardless of deleted status */ + /* Find the accounts_id for the email, regardless of deleted status */ $e = mysql_real_escape_string($email); - $q = mysql_query("SELECT uid FROM users WHERE email='$e' OR username='$e' ORDER BY year DESC LIMIT 1"); + $q = mysql_query("SELECT accounts_id FROM users WHERE email='$e' OR username='$e'"); if(mysql_num_rows($q) == 1) { - $i = mysql_fetch_assoc($q); - return user_load_by_uid($i['uid']); + $i = mysql_fetch_assoc($q); + return user_load_by_accounts_id($i['accounts_id']); } return false; } -function user_load_by_uid_year($uid, $year) +/* FIXME: these are going to need conference IDs too */ +function user_load_by_accounts_id_year($uid, $year) { + echo "FIXME"; + exit; $q = mysql_query("SELECT id FROM users WHERE uid='$uid' AND year <= '$year'"); if(!mysql_num_rows($q)) return false; $i = mysql_fetch_assoc($q); return user_load($i['id']); } -function user_set_password($id, $password = NULL) +function user_save(&$u) { - /* pass $u by reference so we can update it */ - $save_old = false; - if($password == NULL) { - $q = mysql_query("SELECT passwordset FROM users WHERE id='$id'"); - $u = mysql_fetch_assoc($q); - /* Generate a new password */ - $password = user_generate_password(12); - /* save the old password only if it's not an auto-generated one */ - if($u['passwordset'] != '0000-00-00') $save_old = true; - /* Expire the password */ - $save_set = "'0000-00-00'"; - } else { - /* Set the password, no expiry, save the old */ - $save_old = true; - $save_set = 'NOW()'; + global $conference; + global $roles; + + /* Sanity check */ + if($u['conferences_id'] != $u['orig']['conferences_id']) { + echo "The user's conference changed. Can't save a user to a difference conference, use user_dupe to copy the user to a new conference.\n"; + exit; } - $p = mysql_escape_string($password); - $set = ($save_old == true) ? 'oldpassword=password, ' : ''; - $set .= "password='$p', passwordset=$save_set "; + /* Add any new roles */ + $orig_roles = array_keys($u['orig']['roles']); + $new_roles = array_keys($u['roles']); + $added = array_diff($new_roles, $orig_roles); + foreach($added as $r) { + if(!user_add_role_allowed($r, $u)) { + echo "HALT: user can't add this roles"; + exit; + } + mysql_query("INSERT INTO user_roles(accounts_id,users_id,roles_id,active,complete) + VALUES('{$u['accounts_id']}','{$u['id']}','{$roles[$r]['id']}','no','no')"); + } - $query = "UPDATE users SET $set WHERE id='$id'"; - mysql_query($query); - echo mysql_error(); + /* Delete any removed roles */ + $removed = array_diff($orig_roles, $new_roles); + foreach($removed as $r) { + mysql_query("DELETE FROM user_roles WHERE users_id='{$u['id']}' AND roles_id='{$roles[$r]['id']}'"); + } - return $password; -} + $fields = array('salutation','firstname','lastname','username', + 'phonehome','phonework','phonecell','fax','organization', + 'address','address2','city','province','postalcode','sex', + 'firstaid', 'cpr', 'lang', 'notes'); -function user_save_type_list($u, $db, $fields) -{ -/* echo "
     save type list $db";
-	print_r($u);
-	echo "
    ";*/ - $set = ''; + $fields_for_role['committee'] = array('emailprivate','ord','displayemail', + 'access_admin','access_config','access_super'); + $fields_for_role['judge'] = array('years_school','years_regional','years_national', + 'willing_chair','special_award_only', + 'cat_prefs','div_prefs','divsub_prefs', + 'expertise_other','languages', 'highest_psd'); + $fields_for_role['student'] = array('schools_id'); + $fields_for_role['fair'] = array('fairs_id'); + $fields_for_role['sponsor'] = array('sponsors_id','primary','position'); + /* Merge fields as necessary, build a big list of fields to save */ + foreach($new_roles as $r) { + $fields = array_merge($fields, $fields_for_role[$r]); + } + + $set = ""; foreach($fields as $f) { - /* == even works on arrays in PHP */ if($u[$f] == $u['orig'][$f]) continue; - if($set != '') $set .=','; + if($set != "") $set .=','; if($u[$f] == NULL) { $set .= "$f=NULL"; @@ -341,116 +250,7 @@ function user_save_type_list($u, $db, $fields) $data = mysql_escape_string(serialize($u[$f])); else $data = mysql_escape_string(stripslashes($u[$f])); - - $set .= "`$f`='$data'"; - } - if($set != "") { - $query = "UPDATE $db SET $set WHERE users_id='{$u['id']}'"; - mysql_query($query); - if(mysql_error()) { - echo mysql_error(); - echo error("Full query: $query"); - } - } -} - -function user_save_volunteer($u) -{ - $fields = array('volunteer_active','volunteer_complete'); - user_save_type_list($u, 'users_volunteer', $fields); -} - -function user_save_committee($u) -{ - $fields = array('committee_complete','committee_active','emailprivate','ord','displayemail','access_admin', - 'access_config','access_super'); - user_save_type_list($u, 'users_committee', $fields); - committee_status_update($u); -} - -function user_save_judge($u) -{ - $fields = array('judge_active','judge_complete','years_school','years_regional','years_national', - 'willing_chair','special_award_only', - 'cat_prefs','div_prefs','divsub_prefs', - 'expertise_other','languages', 'highest_psd'); - user_save_type_list($u, 'users_judge', $fields); -} - -function user_save_student($u) -{ - $fields = array('schools_id', 'student_active','student_complete'); - user_save_type_list($u, 'users_student', $fields); -} - -function user_save_fair($u) -{ - $fields = array('fair_active','fairs_id'); - user_save_type_list($u, 'users_fair', $fields); -} - -function user_save_sponsor($u) -{ - $fields = array('sponsors_id','sponsor_active','sponsor_complete','primary','position','notes'); - user_save_type_list($u, 'users_sponsor', $fields); -} - -function user_save_teacher($u) -{ -} - -function user_save_principal($u) -{ -} - -function user_save_mentor($u) -{ -} - -function user_save_alumni($u) -{ -} - -function user_save_parent($u) -{ -} - -function user_save(&$u) -{ - global $conference; - - /* Add any new types */ - $added = array_diff($u['types'], $u['orig']['types']); - foreach($added as $t) { - if(!user_add_role_allowed($t, $u)) { - echo "HALT: user can't add this type"; - exit; - } - //give em a record, the primary key on the table takes care of uniqueness - echo "foo\n"; - $q=mysql_query("INSERT INTO users_$t (users_id) VALUES ('{$u['id']}')"); - } - - - - $fields = array('salutation','firstname','lastname','username', - 'email', - 'phonehome','phonework','phonecell','fax','organization', - 'address','address2','city','province','postalcode','sex', - 'firstaid', 'cpr', 'types','lang'); - - $set = ""; - foreach($fields as $f) { - if($u[$f] == $u['orig'][$f]) continue; - - if($set != "") $set .=','; - - if($f == 'types') - $set .= "$f='".implode(',', $u[$f])."'"; - else { - $data = mysql_escape_string(stripslashes($u[$f])); - $set .= "$f='$data'"; - } + $set .= "$f='$data'"; } if($set != "") { @@ -459,28 +259,9 @@ function user_save(&$u) echo mysql_error(); } - /* Save the password if it changed */ - if($u['password'] != $u['orig']['password']) - user_set_password($u['id'], $u['password']); - - /* Save types */ - foreach($u['types'] as $t) { - call_user_func("user_save_$t", $u); - } - - if(is_array($conference) && array_key_exists('id', $conference)){ - // first make sure they're not already linked. - $check = mysql_fetch_array(mysql_query("SELECT COUNT(*) as tally FROM users_conferences_link WHERE conferences_id = " . $conference['id'] . " AND users_uid = " . $u['id'])); - if($check['tally'] == 0){ - $query = "INSERT INTO users_conferences_link(conferences_id, users_uid) VALUES("; - $query .= $conference['id'] . ', ' . $u['id'] . ')'; - mysql_query($query); - } - - } - - /* Should we do this? */ - /* Record all the data in orig that we saved */ + /* Record all the data in orig that we saved so subsequent + * calls to user_save don't try to overwrite data already + * saved to the database */ unset($u['orig']); $orig = $u; $u['orig'] = $orig; @@ -488,144 +269,89 @@ function user_save(&$u) // print_r($u); } -/* Delete functions. These mark a user as deleted, and delete references to other - * tables */ -function user_delete_committee($u) +function user_remove_role(&$u, $role) { - mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['uid']}'"); -} + if(!array_key_exists($role, $u['roles'])) { + /* Hum, type specified, but the user is not this type, + * so, i guess we're done. */ + return; + } -function user_delete_volunteer($u) -{ -} - -function user_delete_judge($u) -{ - global $config; $id = $u['id']; - mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'"); - mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'"); -} -function user_delete_fair($u) -{ -} + /* Do role-specific remove actions */ + switch($role) { + case 'committee': + mysql_query("DELETE FROM committees_link WHERE users_uid='{$u['accounts_id']}'"); + break; -function user_delete_student($u) -{ -} + case 'judge': + mysql_query("DELETE FROM judges_teams_link WHERE users_id='$id'"); + mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$id'"); + break; -function user_delete_sponsor($u) -{ -} + default: + break; + } -function user_delete_principal($u) -{ -} + /* Delete the role */ + unset($u['roles'][$role]); -function user_delete_teacher($u) -{ -} - -function user_delete_parent($u) -{ -} - -function user_delete_mentor($u) -{ -} - -function user_delete_alumni($u) -{ + /* Save this user (takes care of removing entries from the user_roles db) */ + user_save($u); } -function user_delete($u, $type=false) +/* If role is specified, just delete the role from the user. + * If not, delete the whole user, all roles */ +function user_delete($u, $role=false) { $finish_delete = false; if(!is_array($u)) { $u = user_load($u); } - if($type != false) { - if(!in_array($type, $u['types'])) { - /* Hum, type specified, but the user is not this type, - * so, i guess we're done. */ - return; - } - if(count($u['types']) > 1) { - /* Don't delete the whole user */ - $types=''; - foreach($u['types'] as $t) { - if($t == $type) continue; - if($types != '') $types .= ','; - $types .= $t; - } - mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'"); - } else { + if($role != false) { + user_remove_role($u, $role); + if(count($u['roles']) == 0) { + /* No roles left, finish the delete */ $finish_delete = true; } - call_user_func("user_delete_$type", $u); } else { - /* Delete the whole user */ - if(is_array($u['types'])) { - foreach($u['types'] as $t) call_user_func("user_delete_$t", $u); - } + /* Delete the whole user, every role */ + foreach(array_keys($u['roles']) as $r) + user_remove_role($u, $r); + $finish_delete = true; } - if($finish_delete == true) { - mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'"); - } -} + if($finish_delete) { + mysql_query("UPDATE users SET deleted='yes', deleteddatetime=NOW() WHERE id='{$u['id']}'"); + return true; + } + + /* User had some other role, so delete was not completed. */ + return false; +} /* Purge functions. These completely eliminate all traces of a user from the * database. This action cannot be undone. We prefer the committee to use the * "delete" functions, which simply mark the account as "deleted". */ - -function user_purge($u, $type=false) +function user_purge($u, $role=false) { - $finish_purge = false; + /* Delete the user, then completely delete them from + * the DB if delete returns true, that is, if there's + * no other role blocking the delete/purge */ + $finish_purge = user_delete($u, $role); - if(!is_array($u)) { - $u = user_load($u); - } - if($type != false) { - if(!in_array($type, $u['types'])) { - /* Hum, type specified, but the user is not this type, - * so, i guess we're done. */ - return; - } - if(count($u['types']) > 1) { - /* Don't delete the whole user */ - $types=''; - foreach($u['types'] as $t) { - if($t == $type) continue; - if($types != '') $types .= ','; - $types .= $t; - } - mysql_query("UPDATE users SET types='$types' WHERE id='{$u['id']}'"); - } else { - $finish_purge = true; - } - /* Call the delete func to deal with table linking, then completely wipe - * out the entry */ - call_user_func("user_delete_$type", $u); -// call_user_func("user_purge_$type", $u); - mysql_query("DELETE FROM users_$type WHERE users_id='{$u['id']}'"); - } else { - /* Delete the whole user */ - foreach($u['types'] as $t) { - call_user_func("user_delete_$t", $u); -// call_user_func("user_purge_$t", $u); - mysql_query("DELETE FROM users_$t WHERE users_id='{$u['id']}'"); - } - $finish_purge = true; - } if($finish_purge == true) { mysql_query("DELETE FROM users WHERE id='{$u['id']}'"); + return true; } + + /* Not purged, some other role existed */ + return false; } @@ -698,137 +424,109 @@ function user_dupe($u, $new_year) return $id; } -/* Returns true if loaded user ($u) is allowed to add role type $type to their +/* Returns true if loaded user ($u) is allowed to add role $role to their * profile. THis is intended as a last-stop mechanism, preventing, for example - * a student from co-existing with any other account type. */ -function user_add_role_allowed($type, $u) + * a student from co-existing with any other role . */ +function user_add_role_allowed(&$u, $role) { - /* For example, a committee member can add a volunteer or judge role to - * their account. */ - $allowed = array( - 'committee' => array('volunteer', 'judge', 'sponsor','principal','teacher','parent','mentor','alumni'), - 'volunteer' => array('judge', 'committee', 'sponsor','principal','teacher','parent','mentor','alumni'), - 'judge' => array('volunteer', 'committee', 'sponsor','principal','teacher','parent','mentor','alumni'), - 'student' => array(), - 'fair' => array(), - 'sponsor' => array('volunteer','judge', 'sponsor','principal','teacher','parent','mentor','alumni'), - 'principal' => array('volunteer','judge', 'sponsor','committee','teacher','parent','mentor','alumni'), - 'teacher' => array('volunteer','judge', 'sponsor','principal','committee','parent','mentor','alumni'), - 'parent' => array('volunteer','judge', 'sponsor','principal','teacher','committee','mentor','alumni'), - 'mentor' => array('volunteer','judge', 'sponsor','principal','teacher','parent','committee','alumni'), - 'alumni' => array('volunteer','judge', 'sponsor','principal','teacher','parent','mentor','committee'), - ); + foreach(array_keys($u['roles']) as $ur) { + switch($ur) { + case 'student': + /* Student cant' add any other role */ + return false; - foreach($u['types'] as $ut) { - $allowed_array = $allowed[$ut]; - if(in_array($type, $allowed[$ut])) return true; - } - return false; -} + default: + if($role == 'student') { + /* No role can add the student role */ + return false; + } -function user_create($type, $username, $u = NULL) -{ - global $config; - if(!is_array($u)) { - mysql_query("INSERT INTO users (`types`,`username`,`passwordset`,`created`,`year`, `deleted`) - VALUES ('$type','$username','0000-00-00', NOW(), '{$config['FAIRYEAR']}', 'no')"); - echo mysql_error(); - $uid = mysql_insert_id(); - if(user_valid_email($username)) { - mysql_query("UPDATE users SET email='$username' WHERE id='$uid'"); + /* All other roles can coexist (even the fair role) */ + break; } - mysql_query("UPDATE users SET uid='$uid' WHERE id='$uid'"); - echo mysql_error(); - user_set_password($uid, NULL); - /* Since the user already has a type, user_save won't create this - * entry for us, so do it here */ - mysql_query("INSERT INTO users_$type (users_id) VALUES('$uid')"); - echo mysql_error(); - /* Load the complete user */ - $u = user_load($uid); - } else { - /* The user has been specified and already exists, - * just add a role */ - $uid = $u['uid']; - if(!user_add_role_allowed($type, $u)) { - /* If we get in here, someone is hand crafting URLs */ - echo "HALT: invalid role add specified for operation."; - exit; - } - /* Ensure we have a full user, and add the type to the existing user */ - $u = user_load_by_uid($uid); - $u['types'][] = $type; } - /* Activate the new type, and save, then return the user */ - $u["{$type}_active"] = 'yes'; - user_save($u); - return $u; -} - - -function user_valid_user($user) -{ - /* Find any character that doesn't match the valid username characters - * (^ inverts the matching remember */ - $x = preg_match('[^a-zA-Z0-9@.-_]',$user); - - /* If x==1, a match was found, and the input is bad */ - return ($x == 1) ? false : true; -} - -function user_valid_password($pass) -{ - /* Same as user, but allow more characters */ - $x = preg_match('[^a-zA-Z0-9 ~!@#$%^&*()-_=+|;:,<.>/?]',$pass); - - /* If x==1, a match was found, and the input is bad */ - if($x == 1) return false; - - if(strlen($pass) < 6) return false; - return true; } -/* A more strict version of isEmailAddress() */ -function user_valid_email($str) +function user_add_role(&$u, $role) { - if(eregi('^[a-zA-Z0-9._-]+@[a-zA-Z0-9._-]+\.([a-zA-Z]{2,4})$', $str)) - return true; - return false; + if(!user_add_role_allowed($u, $role)) { + /* If we get in here, someone is hand crafting URLs */ + echo "HALT: invalid role add specified for operation."; + exit; + } + + /* Add the role */ + $u['roles'][$role] = array('active' =>'yes', + 'complete' => 'no'); + /* Save it now so the DB gets updated */ + user_save($u); } +function user_create($accounts_id, $conferences_id=0) +{ + global $config, $conference; + + if($conferences_id == 0) $conferences_id = $conference['id']; + + /* Make sure the user doesn't already exist */ + $q = mysql_query("SELECT id FROM users WHERE accounts_id='$accounts_id' AND conferences_id='$conferences_id'"); + if(mysql_num_rows($q)) { + echo "ERROR: user_create called for a user that already exists.\n"; + exit; + } + + /* Create the user */ + mysql_query("INSERT INTO users(`accounts_id`,`conferences_id`) VALUES('$accounts_id','$conferences_id')"); + $id = mysql_insert_id(); + + /* Return a loaded user with no roles */ + return user_load($id); +} + + + /* Perform some checks. Make sure the person is logged in, and that their * password hasn't expired (the password_expired var is set in the login page) */ -function user_auth_required($type, $access='') +function user_auth_required($all_required, $one_required = array()) { global $config; + $ok = true; unset($_SESSION['request_uri']); - if(!isset($_SESSION['users_type'])) { + if(!isset($_SESSION['roles'])) { message_push(error(i18n("You must login to view that page"))); $_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type"); exit; } - /* Turn $type into an array */ - if(!is_array($type)) $type = array($type); + /* Make sure the user has each role in $all_required, this returns + * an array in the same order as $all_required, with all members + * in $all_required that are also in the session roles */ + if(!is_array($all_required)) $all_required = array($all_required); - /* Iterate over all the allowed types and see if this user matches */ - $auth_type = false; - foreach($type as $t) { - if($_SESSION['users_type'] == $t) { - $auth_type = $t; - break; + $match = array_intersect($all_required, $_SESSION['roles']); + if($all_required != $match) { + /* Something is missing */ + $ok = false; + } + + /* Make sure the user has one role in $one_required */ + if(!is_array($one_required)) $one_required = array($one_required); + if(count($one_required)) { + $match = array_intersect($one_required, $_SESSION['roles']); + if(count($match) == 0) { + /* Missing any role in $one_required */ + $ok = false; } } - /* No match, no access */ - if($auth_type == false) { + if(!$ok) { message_push(error(i18n("You do not have permission to view that page"))); - header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type"); + header("location: {$config['SFIABDIRECTORY']}/user_login.php"); exit; } @@ -839,16 +537,9 @@ function user_auth_required($type, $access='') exit; } - - /* Check committee sub-access */ - if($auth_type == 'committee' && $access != '') { - if(committee_auth_has_access($access) == false) { - message_push(error(i18n('You do not have permission to view that page'))); - header("Location: {$config['SFIABDIRECTORY']}/committee_main.php"); - exit; - } - } - return $auth_type; + /* Return the first role that matched, this retains the previous + * behaviour */ + return $match[0]; } @@ -887,11 +578,11 @@ $user_personal_fields_map = array( 'province' => array('province'), 'firstaid' => array('firstaid','cpr')); -function user_personal_fields($type) +function user_personal_fields($role) { global $config, $user_personal_fields_map; $ret = array('firstname','lastname','email'); - $fields = $config["{$type}_personal_fields"]; + $fields = $config["{$role}_personal_fields"]; if($fields != '') { $fields = split(',', $fields); foreach($fields as $f) { @@ -901,11 +592,11 @@ function user_personal_fields($type) return $ret; } -function user_personal_required_fields($type) +function user_personal_required_fields($role) { global $config, $user_personal_fields_map; $ret = array('firstname','lastname','email'); - $required = $config["{$type}_personal_required"]; + $required = $config["{$role}_personal_required"]; if($required != '') { $fields = split(',', $required); foreach($fields as $f) { @@ -922,9 +613,9 @@ function user_personal_required_fields($type) function user_personal_info_status(&$u) { $required = array(); - foreach($u['types'] as $t) { + foreach(array_keys($u['roles']) as $r) { $required = array_merge($required, - user_personal_required_fields($t)); + user_personal_required_fields($r)); } foreach($required as $r) { $val = trim($u[$r]); @@ -935,29 +626,17 @@ function user_personal_info_status(&$u) return 'incomplete'; } } - /* FIXME: somehow call the $type _status_update() function to update - * the individual $type _complete entry? */ + /* FIXME: somehow call the $role _status_update() function to update + * the individual [$role]['complete'] entry? */ return 'complete'; } -/* user_{$type}_login() is called with a full $u loaded */ -function user_committee_login($u) -{ - /* Double check, make sure the user is of this type */ - if(!in_array('committee', $u['types'])) { - echo "ERROR: attempted to login committee on a non-committee user\n"; - exit; - } - - $_SESSION['access_admin'] = $u['access_admin'];// == 'yes') ? true : false; - $_SESSION['access_config'] = $u['access_config'];// == 'yes') ? true : false; - $_SESSION['access_super'] = $u['access_super'];// == 'yes') ? true : false; -} +/* user_{$role}_login() is called with a full $u loaded */ function user_fair_login($u) { - /* Double check, make sure the user is of this type */ - if(!in_array('fair', $u['types'])) { + /* Double check, make sure the user is of this role */ + if(!array_key_exists('fair', $u['roles'])) { echo "ERROR: attempted to login fair on a non-fair user\n"; exit; } diff --git a/user_login.php b/user_login.php index dfb01b0..2692780 100644 --- a/user_login.php +++ b/user_login.php @@ -23,28 +23,27 @@ */ ?> 0 - //$x = user_valid_password($pass); - if(!strlen($pass)) + /* Don't check for a valid password, administrators can set any password they'd like, but + * there has to be a password */ + if(!strlen($pass)) { return false; + } - $user = mysql_escape_string($user); - $q = mysql_query("SELECT id, password FROM accounts WHERE username='$user'"); + $user = mysql_real_escape_string($user); + $q = mysql_query("SELECT id,password,deleted FROM accounts WHERE username='$user'"); + echo mysql_error(); /* $q = mysql_query("SELECT id,username,password,year,deleted FROM users @@ -54,38 +53,29 @@ */ if(mysql_num_rows($q) < 1) return false; - $r = mysql_fetch_object($q); + $r = mysql_fetch_assoc($q); /* See if the user account has been deleted */ -// if($r->deleted == 'yes') return false; // FIXME - do we need a deleted field in the accounts table as well? + if($r['deleted'] == 'yes') return false; /* See if the password matches */ - if($r->password != $pass) return false; + if($r['password'] != $pass) return false; /* Login successful */ - return $r->id; - } + return $r['id']; +} - /* If there is no session, accept a type from the URL, else, - * if there is a session, always take the session's type. The idea is - * eventually, you'll never be able to see a login page if you're already - * logged in. */ - $type = false; - if(isset($_SESSION['users_type'])) { - /* They're already logged in */ - $type = $_SESSION['users_type']; - /* If they're not trying to logout, don't let them see the login page */ +/* Don't do any login stuff if they're already logged in */ +if(isset($_SESSION['accounts_id'])) { + /* They're already logged in, if they're not trying to logout, don't + * let them see the login page */ if($_GET['action'] != 'logout') { message_push(error(i18n('You are already logged in, please use the [Logout] link in the upper right to logout before logging in as different user'))); - header("location: {$type}_main.php"); + header("location: user_main.php"); exit; } - } else { - $type = $_GET['type']; - /* user_types is in user.inc.php */ - if(!in_array($type, $user_types)) $type = false; - } - +} + $notice=$_GET['notice']; $redirect = $_GET['redirect']; @@ -103,7 +93,8 @@ break; } - switch($type) { +/* + switch($role) { case 'volunteer': // returns "notopenyet", "closed", or "open" $reg_open = user_volunteer_registration_status(); @@ -121,7 +112,7 @@ $reg_open = 'notpermitted'; break; case 'parent': case 'alumni': case 'principal': case 'mentor': - /* Always open, because they could have been auto-created */ + /* Always open, because they could have been auto-created $reg_open = 'open'; break; case 'student': @@ -131,133 +122,132 @@ $reg_open = 'closed'; break; } - if($_POST['action']=="login" ) - { - if($_POST['pass'] && $_POST['user']) - { - $id = try_login($_POST['user'], $_POST['pass']); - if($id == false) { - message_push(error(i18n("Invalid Email/Password"))); - header("location: user_login.php?type=$type$redirect_url"); - exit; - } +*/ - $u = user_load($id); + if($_POST['action']== 'login' ) { - /* Make sure the user we loaded is actually for the current year, if not, - * we need to duplicate the user */ -/* - if($u['year'] != $config['FAIRYEAR']) { - $id = user_dupe($u, $config['FAIRYEAR']); - $u = user_load($id); + $user = $_POST['username']; + $pass = $_POST['password']; + + $accounts_id = try_login($user, $pass); + if($accounts_id == false) { + message_push(error(i18n("Invalid Email/Password"))); + header("location: user_login.php"); + exit; + } + + $a = account_load($accounts_id); + + /* Use the active conference to find the user id to load */ + /* FIXME: Need to be able to handle the case where there is no + * active conference, but one step at a time */ + $q = mysql_query("SELECT id FROM users WHERE accounts_id=$accounts_id AND conferences_id={$_SESSION['conferenceid']}"); + if(mysql_num_rows($q) == 0) { + /* FIXME: this should probably just return false, but for now, see if there's an error */ + echo "No user for that conference"; + exit; + } + if(mysql_num_rows($q) > 1) { + echo "DATABASE ERROR: More than one user for account $accounts_id conference {$_SESSION['conferenceid']}"; + exit; + } + $uid = mysql_fetch_assoc($q); + $id = $uid['id']; + + $u = user_load($id); + + $_SESSION['name']="{$u['firstname']} {$u['lastname']}"; + $_SESSION['username']=$u['username']; + $_SESSION['email']=$u['email']; + $_SESSION['users_id']=$u['id']; + $_SESSION['accounts_id']=$u['accounts_id']; + $_SESSION['roles']=array_keys($u['roles']); + $_SESSION['superuser'] = ($a['superuser'] == 'yes') ? 'yes' : 'no'; + + /* Load the password expiry for each user role, and + * find the longest expiry, which is the one we'll use + * for this user to determine if the passwd has + * expired. */ + $longest_expiry = 0; + foreach(array_keys($u['roles']) as $r) { + $e = $config["{$r}_password_expiry_days"]; + if($e == 0) { + /* Catch a never expire case. */ + $longest_expiry = 0; + break; + } else if($e > $longest_expiry) { + $longest_expiry = $e; } - */ + } - /* Make sure $type is in their types */ - if(!in_array($type, $u['types'])) { - /* Huh, someone is fudging with the HTML, get - * out before touching the session */ - header("location: index.php"); - exit; - } - - $_SESSION['name']="{$u['firstname']} {$u['lastname']}"; - $_SESSION['username']=$u['username']; - $_SESSION['email']=$u['email']; - $_SESSION['users_id']=$u['id']; - $_SESSION['users_uid']=$u['uid']; - $_SESSION['users_type']=$type; - - /* Load the password expiry for each user type, and - * find the longest expiry, which is the one we'll use - * for this user to determine if the passwd has - * expired. */ - $longest_expiry = 0; - foreach($u['types'] as $t) { - $e = $config["{$t}_password_expiry_days"]; - if($e == 0) { - /* Catch a never expire case. */ - $longest_expiry = 0; - break; - } else if($e > $longest_expiry) { - $longest_expiry = $e; - } - } - if($u['passwordset'] == '0000-00-00') { - /* Force the password to expire */ + if($u['passwordset'] == '0000-00-00') { + /* Force the password to expire */ + $_SESSION['password_expired'] = true; + } else if($longest_expiry == 0) { + /* Never expires */ + unset($_SESSION['password_expired']); + } else { + /* Check expiry */ + $expires = date('Y-m-d', strtotime("{$u['passwordset']} +$longest_expiry days")); + $now = date('Y-m-d'); + if($now > $expires) { $_SESSION['password_expired'] = true; - } else if($longest_expiry == 0) { - /* Never expires */ - unset($_SESSION['password_expired']); } else { - /* Check expiry */ - $expires = date('Y-m-d', strtotime("{$u['passwordset']} +$longest_expiry days")); - $now = date('Y-m-d'); - if($now > $expires) { - $_SESSION['password_expired'] = true; - } else { - unset($_SESSION['password_expired']); - } + unset($_SESSION['password_expired']); } - /* If password_expired == true, the main page (or any - * other user page) will catch this and require - * them to set a password */ + } + /* If password_expired == true, the main page (or any + * other user page) will catch this and require + * them to set a password */ - /* Call login functions for each type, so multirole - * users can easily switch */ - foreach($u['types'] as $t) { - if(is_callable("user_{$t}_login")) { - call_user_func_array("user_{$t}_login", array($u)); - } + /* Call login functions for each role */ + foreach(array_keys($u['roles']) as $r) { + if(is_callable("user_{$r}_login")) { + call_user_func_array("user_{$r}_login", array($u)); } + } - mysql_query("UPDATE users SET lastlogin=NOW() - WHERE id={$u['id']}"); +// mysql_query("UPDATE accounts SET lastlogin=NOW() +// WHERE id={$u['id']}"); /* Setup multirole so a multirole user can switch if they want to * without logging in/out */ - if(count($u['types']) > 1) { - $_SESSION['multirole'] = true; +/* if(count($u['roes']) > 1) { + $_SESSION['multirole'] = true; } else { $_SESSION['multirole'] = false; } - +*/ /* See if there is a redirect, and do that instead of * taking them to their main page */ - if($redirect != '') { +/* if($redirect != '') { switch($redirect) { case 'roleadd': - if(!in_array($multirole_data, $user_types)) + if(!user_valid_role($multirole_data)) $multirole_data = ''; - header("location: user_multirole.php?action=add&type=$multirole_data"); + header("location: user_multirole.php?action=add&role=$multirole_data"); exit; case 'roleattached': - message_push(happy(i18n('The %1 role has been attached to your account', array($user_what[$type])))); + message_push(happy(i18n('The %1 role has been attached to your account', array($roles[$role]['name'])))); message_push(notice(i18n('Use the [Switch Roles] link in the upper right to change roles while you are logged in'))); - header("location: {$type}_main.php"); + header("location: {$role}_main.php"); exit; } } - - /* Is there a saved requesT_uri from a failed login attempt?, if so - * take them there */ - if(array_key_exists('request_uri', $_SESSION)) { - header("location: {$_SESSION['request_uri']}"); - unset($_SESSION['request_uri']); - exit; - } - header("location: {$type}_main.php"); +*/ + /* Is there a saved requesT_uri from a failed login attempt?, if so + * take them there */ + if(array_key_exists('request_uri', $_SESSION)) { + header("location: {$_SESSION['request_uri']}"); + unset($_SESSION['request_uri']); exit; } - - message_push(error(i18n("Invalid Email/Password"))); - header("location: user_login.php?type=$type"); + header("location: user_main.php"); exit; - } - else if($_GET['action']=="logout") - { + + } else if($_GET['action']=='logout') { /* Session keys to skip on logout */ $skip = array('debug', 'lang', 'messages'); @@ -266,30 +256,29 @@ unset($_SESSION['username']); unset($_SESSION['email']); unset($_SESSION['users_id']); - unset($_SESSION['users_type']); + unset($_SESSION['accounts_id']); + unset($_SESSION['roles']); + unset($_SESSION['superuser']); + /* Take care of anything else */ $keys = array_diff(array_keys($_SESSION), $skip); foreach($keys as $k) unset($_SESSION[$k]); message_push(notice(i18n("You have been successfully logged out"))); - if($type != '') - header("Location: user_login.php?type={$type}{$redirect_url}"); - else - header("Location: user_login.php{$redirect_url}"); + header("Location: user_login.php{$redirect_url}"); exit; - } - else if($_GET['action']=="recover") - { - send_header("{$user_what[$type]} - Password Recovery", - array("{$user_what[$type]} Login" => "user_login.php?type=$type")); - $recover_link = "user_login.php?type=$type&action=recover"; + } else if($_GET['action']=='recover') { + send_header("Password Recovery", + array("Login" => "user_login.php?role=$role")); + + $recover_link = "user_login.php?role=$role&action=recover"; ?>


    - +
    - : + :
    :
    @@ -327,7 +316,7 @@ /* Check name match */ if(strcasecmp($r->firstname, $fn)!=0 || strcasecmp($r->lastname, $ln)!=0) { message_push(error(i18n("The name you entered does not match the one in your account"))); - header("Location: user_login.php?type=$type"); + header("Location: user_login.php?role=$role"); exit; } @@ -336,7 +325,7 @@ /* volunteer_recover_password, judge_recover_password, student_recover_password, committee_recover_password */ - email_send("{$type}_recover_password", + email_send("{$role}_recover_password", $email, array("FAIRNAME"=>i18n($config['fairname'])), array( "PASSWORD"=>$password, @@ -344,32 +333,32 @@ ); message_push(notice(i18n("Your password has been sent to your email address"))); - header("Location: user_login.php?type=$type"); + header("Location: user_login.php?role=$role"); exit; } else { message_push(error(i18n("Could not find your email address for recovery"))); - header("Location: user_login.php?type=$type"); + header("Location: user_login.php?role=$role"); exit; } } message_push(error(i18n("Email address error"))); - header("Location: user_login.php?type=$type"); + header("Location: user_login.php?role=$role"); exit; } else { - send_header("{$user_what[$type]} - Login", array()); + send_header("Login", array()); - $recover_link = "user_login.php?type=$type&action=recover"; - $new_link = "user_new.php?type=$type"; + $recover_link = "user_login.php?role=$role&action=recover"; + $new_link = "user_new.php?role=$role"; ?> - "> + ">
    - : + :
    - : + :
    /> @@ -391,7 +380,7 @@ ); break; case 'open': - echo i18n("If you would like to register as a new {$user_what[$type]}, click here.
    "); + echo i18n("If you would like to register as a new {$roles[$role]['name']}, click here.
    "); break; case 'closed': diff --git a/user_main.php b/user_main.php new file mode 100644 index 0000000..4e106f9 --- /dev/null +++ b/user_main.php @@ -0,0 +1,66 @@ + + Copyright (C) 2005 James Grant + Copyright (C) 2007 David Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +?> +%1",array($_SESSION['name'])); + echo "
    "; + echo "
    "; + + echo "This is a placeholder for hte main user page until all the specific user-role pages are removed. For now, here is the mainpage for each role you have: "; + echo "
    "; + echo "
    "; + + foreach(array_keys($u['roles']) as $r) { + echo "".$roles[$r]['name']." Main Page
    "; + } + + echo "
    "; + echo "
    "; + + echo "
    "; + echo i18n('Other Options and Things To Do').':
    '; + echo ''; + + send_footer(); +?>