diff --git a/account.inc.php b/account.inc.php index 0d1579f..c31e7cf 100644 --- a/account.inc.php +++ b/account.inc.php @@ -1,521 +1,526 @@ - - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public - License as published by the Free Software Foundation, version 2. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to - the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ -?> -/?]',$pass); - - /* If x==1, a match was found, and the input is bad */ - if($x == 1) return false; - - if(strlen($pass) < 6) return false; - - return true; -} - -/* Duplicate of common.inc.php:generatePassword, which will be deleted - * eventually when ALL users are handled through this file */ -function account_generate_password($pwlen=8) -{ - //these are good characters that are not easily confused with other characters :) - $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; - $len=strlen($available) - 1; - - $key=""; - for($x=0;$x<$pwlen;$x++) - $key.=$available{rand(0,$len)}; - return $key; -} - -function account_set_password($accounts_id, $password = NULL) -{ - $save_old = false; - if($password == NULL) { - $q = mysql_query("SELECT passwordset FROM accounts WHERE id='$accounts_id'"); - $a = mysql_fetch_assoc($q); - /* Generate a new password */ - $password = account_generate_password(12); - /* save the old password only if it's not an auto-generated one */ - if($a['passwordset'] != '0000-00-00') $save_old = true; - /* Expire the password */ - $save_set = "'0000-00-00'"; - } else { - /* Set the password, no expiry, save the old */ - $save_old = true; - $save_set = 'NOW()'; - } - - $p = mysql_escape_string($password); - $set = ($save_old == true) ? 'oldpassword=password, ' : ''; - $set .= "password='$p', passwordset=$save_set "; - - $query = "UPDATE accounts SET $set WHERE id='$accounts_id'"; - mysql_query($query); - echo mysql_error(); - - return $password; -} - -function account_load($id) -{ - $id = intval($id); - //we dont want password or the pending email code in here - $q = mysql_query("SELECT id, - username, - link_username_to_email, - passwordset, - email, - pendingemail, - superuser, - deleted, - deleted_datetime, - created - FROM accounts WHERE id='$id'"); - if(mysql_num_rows($q) == 0) { - return false; - } - if(mysql_num_rows($q) > 1) { - return false; - } - - $a = mysql_fetch_assoc($q); - return $a; -} - -function account_get_password($id) { - $id=intval($id); - $q=mysql_query("SELECT password FROM accounts WHERE id='$id'"); - $r=mysql_fetch_object($q); - return $r->password; -} - - - -function account_load_by_username($username) -{ - $un = mysql_real_escape_string($username); - $q = mysql_query("SELECT * FROM accounts WHERE username='$un'"); - if(mysql_num_rows($q) == 0) { - return false; - } - if(mysql_num_rows($q) > 1) { - return false; - } - - $a = mysql_fetch_assoc($q); - return $a; -} - - -function account_create($username,$password=NULL) -{ - global $config; - $errMsg = ''; - - /* Sanity check username */ - if(!account_valid_user($username)) { - $errMsg .= i18n('Invalid user name "%1"', array($username)) . " "; - }else{ - /* Make sure the user doesn't exist */ - $us = mysql_real_escape_string($username); - $q = mysql_query("SELECT * FROM accounts WHERE username='$us'"); - if(mysql_num_rows($q)) { - $errMsg .= i18n("The username %1 is already in use", array($username)) . " "; - } - } - - //if the password is set, make sure its valid, if its null, thats OK, it'll get generated and set by account_set_password - if($password && !account_valid_password($password)) { - $errMsg .= i18n("Invalid password") . " "; - } - - if($errMsg != '') return $errMsg; - - /* Create the account */ - mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`) - VALUES ('$us', NOW(),'no','no')"); - echo mysql_error(); - - $accounts_id = mysql_insert_id(); - - account_set_password($accounts_id, $password); - $a = account_load($accounts_id); - - return $a; -} - -function account_set_email($accounts_id,$email) { - global $config; - //we dont actually set the email until its confirmed, we only set the pending email :p - if(isEmailAddress($email)) { - $code=generatePassword(24); - mysql_query("UPDATE accounts SET pendingemail='".mysql_real_escape_string($email)."', pendingemailcode='$code' WHERE id='$accounts_id'"); - - $urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://"; - $urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}"; - $urlemailconfirm = "emailconfirmation.php?i=$accounts_id&e=".rawurlencode($email)."&c=".$code; - $link=$urlmain."/".$urlemailconfirm; - - email_send('account_email_confirmation',$email,array(),array("EMAIL"=>$email,"EMAILCONFIRMATIONLINK"=>$link)); - } -} - -// add the specified role to the account's user record for the specified conference -// return true on success, false on failure -function account_add_role($accounts_id, $roles_id, $conferences_id, $password = null){ - global $config; - global $conference; - - // avoid injections - $accounts_id=intval($accounts_id); - $roles_id=intval($roles_id); - $conferences_id=intval($conferences_id); - $password=mysql_real_escape_string($password); - - // make sure the specified id's actually exist - if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){ - return "invalidaccount"; - } - if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){ - return "invalidrole($roles_id)"; - } - if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){ - return "invalidconference"; - } - - // find out if this account has a user record for this conference - $data = mysql_fetch_array(mysql_query(" - SELECT * FROM users - WHERE conferences_id = $conferences_id - AND accounts_id = $accounts_id - ")); - if(is_array($data)){ - // they do indeed have a user record for this conference. Let's load it - $u = user_load($data['id']); - $users_id = $data['id']; - }else{ - // They're not actually connected to this conference, let's hook 'em up - $u = user_create($accounts_id, $conferences_id); - $users_id = $u['id']; - - // if this applies to their current session, update their session user id - if($_SESSION['accounts_id'] == $accounts_id && $_SESSION['conferences_id'] == $conferences_id){ - $_SESSION['users_id'] = $users_id; - } - } - - // we now have the user id that we need, let's check to see whether or not they - // already have the specified role. - if(mysql_result(mysql_query("SELECT COUNT(*) FROM user_roles WHERE users_id = $users_id AND roles_id = $roles_id"), 0) != 0){ - // they already have this role. shell_exec("man true"); - return 'ok'; - } - - // see if this role conflicts with existing ones - if(!account_add_role_allowed($accounts_id, $conferences_id, $roles_id)){ - return 'invalidrole(account_add_role_allowed)'; - } - - // get the type of the role (eg. "judge", "participant", etc.) - $role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0); - - if($_SESSION['superuser']!='yes') { - // and see if it's a valid one for this conference - if(!array_key_exists($role . '_registration_type', $config)){ - return 'invalidrole(_registration_type)'; - } - } - - - if( in_array("admin",$_SESSION['roles']) || - in_array("config",$_SESSION['roles']) || - $_SESSION['superuser']=="yes") - { - //do nothing, we're logged in a a superuser, admin or config, so we - //dont want/need to check the types, just go ahead and invite them - //its easie than reversing the logic of the if above. - } - else { - - // and let's see if we meet the conditions for the registration type - $error = ""; - switch($config[$role . '_registration_type']){ - case 'open': - case 'openorinvite': - // this is allowed. - break; - case 'singlepassword': - if($password != $config[$role . '_registration_singlepassword']){ - $error = "invalidpassword"; - } - break; - case 'schoolpassword': - if($password != null){ - $schoolId = $u['schools_id']; - $schoolDat = mysql_fetch_assoc(mysql_query("SELECT registration_password FROM schools WHERE id=$schoolId")); - if(is_array($schoolDat)){ - if($password == $schoolDat['registration_password']) $valid = true; - $error = "invalidpassword"; - } - } - break; - case 'invite': - $error = 'invalidrole'; - break; - } - } - - if($error != ""){ - return $error; - } - - // *whew* all conditions have been met. Let's go ahead and create the record - if(!mysql_query("INSERT INTO user_roles (accounts_id, users_id, roles_id, active, complete) VALUES($accounts_id, $users_id, $roles_id, 'yes', 'no')")){ - return "mysqlerror:" . mysql_error(); - } - - $a=account_load($accounts_id); - $password=account_get_password($accounts_id); - - //in this case, we want to send to pendingemail if thats all we have, because - //its possible that this is a new user that was just added and we just sent - //the email confirmation email as well, so on new user invitation, they will get - //the invite email as well as the email confirmation email. - if($a['email']) $e=$a['email']; - else if($a['pendingemail']) $e=$a['pendingemail']; - - email_send("{$role}_new_invite", - $e, - array("FAIRNAME"=>$conference['name']), - array("FAIRNAME"=>$conference['name'], - "EMAIL"=>$e, - "USERNAME"=>$a['username'], - "PASSWORD"=>$password, - "ROLE"=>$role) - ); - - // if we made it this far, the role was successfully added - return 'ok'; -} - -// find out if the specifed role can be added to this account at the specified conference -function account_add_role_allowed($accounts_id, $roles_id, $conferences_id){ - $returnval = true; - - // avoid injections - $accounts_id *= 1; - $roles_id *= 1; - $conferences_id *= 1; - - // get the user id for this account/conference - $userdat = mysql_fetch_assoc(mysql_query("SELECT id FROM users WHERE accounts_id = $accounts_id AND conferences_id = $conferences_id")); - - // If this condition isn't met, then the account is not connected to the conference. - // In that case, the role can be allowed as there is no conflict. - if(is_array($userdat)){ - $users_id = $userdat['id']; - - // get the roles for the specified account at the specified conference - $query = mysql_query(" - SELECT * FROM user_roles - WHERE users_id = $users_id - "); - - while($returnval && $row = mysql_fetch_assoc($query)){ - switch($row['type']){ - case 'participant': - // Student cant' add any other role - $returnval = false; - break; - default: - if($role == 'participant') { - // No role can add the participant role - $returnval = false; - } - - // All other roles can coexist (even the fair role) - break; - } - } - - } - - return $returnval; -} - -// remove the specified role from the account's user record for the specified conference -// return true on success, false on failure -function account_remove_role($accounts_id, $roles_id, $conferences_id){ - // avoid injections - $accounts_id *= 1; - $roles_id *= 1; - $conferences_id *= 1; - - // make sure the specified id's actually exist - if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){ - return "invalidaccount"; - } - if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){ - return "invalidrole"; - } - if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){ - return "invalidconference"; - } - - // very little error catching needed here. If the role's there, we hopfully succeed in - // removing it. If it's not, then we succeed in doing nothing - $data = mysql_fetch_array(mysql_query(" - SELECT * FROM users - WHERE conferences_id = $conferences_id - AND accounts_id = $accounts_id - ")); - if(is_array($data)){ - // they do indeed have a user record for this conference. - $users_id = $data['id']; - - // Do role-specific remove actions - $role = mysql_result(mysql_query("SELECT `type` FROM roles WHERE id = $roles_id"), 0); - switch($role) { - case 'committee': - mysql_query("DELETE FROM committees_link WHERE accounts_id='{$accounts_id}'"); - break; - - case 'judge': - mysql_query("DELETE FROM judges_teams_link WHERE users_id='$users_id'"); - mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$users_id'"); - break; - - default: - break; - } - - // and now we can remove the role link itself - mysql_query("DELETE FROM user_roles WHERE roles_id={$roles_id} AND users_id='$users_id'"); - } - return 'ok'; -} - -// A function for handling updates of any fields that can be modified through an API call. -// returns 'ok' on success, error message otherwise. -function account_update_info($fields){ - if(array_key_exists('accounts_id', $_SESSION)){ - $accounts_id = $_SESSION['accounts_id']; - }else{ - return 'you must be logged in to change your account settings'; - } - - if(!is_array($fields)) return 'account_update_info expects an array'; - $message = 'ok'; - $updates = array(); - foreach($fields as $index => $value){ - switch($index){ - case 'username': - if(account_valid_user($value)){ - $u = mysql_real_escape_string($value); - $q = mysql_query("SELECT id FROM accounts WHERE username = '$u' AND deleted = 'no' AND id != $accounts_id"); - if(mysql_num_rows($q) != 0){ - $message = "username already in use"; - }else{ - $updates[$index] = $value; - } - }else{ - $message = "invalid username"; - } - break; - - case 'password': - $q = mysql_query("SELECT password FROM accounts WHERE id='$accounts_id' AND password='" . mysql_real_escape_string($value) . "'"); - if(mysql_num_rows($q)){ - // ignore this parameter. The password has not changed - }else if(!account_valid_password($value)){ - $message = "invalid password"; - }else{ - $updates[$index] = $value; - } - break; - - case 'link_username_to_email': - if(in_array($value, array('yes', 'no'))){ - $updates[$index] = $value; - }else{ - $message = '"link_username_to_email" must be either a "yes" or "no" value'; - } - break; - - case 'email': - if(isEmailAddress($value)){ - $updates[$index] = $value; - }else{ - $message = 'invalid e-mail address'; - } - break; - - default: - $message = 'invalid field name'; - } - } - - if($message != 'ok'){ - return $message; - } - - // the data's all been validated, so we can continue with the actual update. - // doing it separately from the above loop to ensure that it's an all-or nothing update; - // none of it will happen if any one part is erroneous. - foreach($updates as $index => $value){ - switch($index){ - case 'username': - $username = mysql_real_escape_string($value); - mysql_query("UPDATE accounts SET username = '$username' WHERE id = $accounts_id"); - break; - - case 'password': - account_set_password($accounts_id, mysql_real_escape_string($value)); - break; - - case 'link_username_to_email': - mysql_query("UPDATE accounts SET link_username_to_email = '$value' WHERE id = $accounts_id"); - break; - - case 'email': - account_set_email($accounts_id, $value); - break; - } - } - - return $message; -} - -?> + + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +?> +/?]',$pass); + + /* If x==1, a match was found, and the input is bad */ + if($x == 1) return false; + + if(strlen($pass) < 6) return false; + + return true; +} + +/* Duplicate of common.inc.php:generatePassword, which will be deleted + * eventually when ALL users are handled through this file */ +function account_generate_password($pwlen=8) +{ + //these are good characters that are not easily confused with other characters :) + $available="ABCDEFGHJKLMNPQRSTUVWXYZabcdefghjkmnpqrstuvwxyz23456789"; + $len=strlen($available) - 1; + + $key=""; + for($x=0;$x<$pwlen;$x++) + $key.=$available{rand(0,$len)}; + return $key; +} + +function account_set_password($accounts_id, $password = NULL) +{ + $save_old = false; + if($password == NULL) { + $q = mysql_query("SELECT passwordset FROM accounts WHERE id='$accounts_id'"); + $a = mysql_fetch_assoc($q); + /* Generate a new password */ + $password = account_generate_password(12); + /* save the old password only if it's not an auto-generated one */ + if($a['passwordset'] != '0000-00-00') $save_old = true; + /* Expire the password */ + $save_set = "'0000-00-00'"; + } else { + /* Set the password, no expiry, save the old */ + $save_old = true; + $save_set = 'NOW()'; + } + + $p = mysql_escape_string($password); + $set = ($save_old == true) ? 'oldpassword=password, ' : ''; + $set .= "password='$p', passwordset=$save_set "; + + $query = "UPDATE accounts SET $set WHERE id='$accounts_id'"; + mysql_query($query); + echo mysql_error(); + + return $password; +} + +function account_load($id) +{ + $id = intval($id); + //we dont want password or the pending email code in here + $q = mysql_query("SELECT id, + username, + link_username_to_email, + passwordset, + email, + superuser, + deleted, + deleted_datetime, + created + FROM accounts WHERE id='$id'"); + // DES dspanogle 2011-02-05 the above failed on installing on windows server. + // because pendingemail is in SELECT but not in the table. ?? + // I deleted pendingemail from the SELECT paramenters and added the next two lines. + if (!$q) { + return false; + } + if(mysql_num_rows($q) == 0) { + return false; + } + if(mysql_num_rows($q) > 1) { + return false; + } + + $a = mysql_fetch_assoc($q); + return $a; +} + +function account_get_password($id) { + $id=intval($id); + $q=mysql_query("SELECT password FROM accounts WHERE id='$id'"); + $r=mysql_fetch_object($q); + return $r->password; +} + + + +function account_load_by_username($username) +{ + $un = mysql_real_escape_string($username); + $q = mysql_query("SELECT * FROM accounts WHERE username='$un'"); + if(mysql_num_rows($q) == 0) { + return false; + } + if(mysql_num_rows($q) > 1) { + return false; + } + + $a = mysql_fetch_assoc($q); + return $a; +} + + +function account_create($username,$password=NULL) +{ + global $config; + $errMsg = ''; + + /* Sanity check username */ + if(!account_valid_user($username)) { + $errMsg .= i18n('Invalid user name "%1"', array($username)) . " "; + }else{ + /* Make sure the user doesn't exist */ + $us = mysql_real_escape_string($username); + $q = mysql_query("SELECT * FROM accounts WHERE username='$us'"); + if(mysql_num_rows($q)) { + $errMsg .= i18n("The username %1 is already in use", array($username)) . " "; + } + } + + //if the password is set, make sure its valid, if its null, thats OK, it'll get generated and set by account_set_password + if($password && !account_valid_password($password)) { + $errMsg .= i18n("Invalid password") . " "; + } + + if($errMsg != '') return $errMsg; + + /* Create the account */ + mysql_query("INSERT INTO accounts (`username`,`created`,`deleted`,`superuser`) + VALUES ('$us', NOW(),'no','no')"); + echo mysql_error(); + + $accounts_id = mysql_insert_id(); + + account_set_password($accounts_id, $password); + $a = account_load($accounts_id); + + return $a; +} + +function account_set_email($accounts_id,$email) { + global $config; + //we dont actually set the email until its confirmed, we only set the pending email :p + if(isEmailAddress($email)) { + $code=generatePassword(24); + mysql_query("UPDATE accounts SET pendingemail='".mysql_real_escape_string($email)."', pendingemailcode='$code' WHERE id='$accounts_id'"); + + $urlproto = $_SERVER['SERVER_PORT'] == 443 ? "https://" : "http://"; + $urlmain = "$urlproto{$_SERVER['HTTP_HOST']}{$config['SFIABDIRECTORY']}"; + $urlemailconfirm = "emailconfirmation.php?i=$accounts_id&e=".rawurlencode($email)."&c=".$code; + $link=$urlmain."/".$urlemailconfirm; + + email_send('account_email_confirmation',$email,array(),array("EMAIL"=>$email,"EMAILCONFIRMATIONLINK"=>$link)); + } +} + +// add the specified role to the account's user record for the specified conference +// return true on success, false on failure +function account_add_role($accounts_id, $roles_id, $conferences_id, $password = null){ + global $config; + global $conference; + + // avoid injections + $accounts_id=intval($accounts_id); + $roles_id=intval($roles_id); + $conferences_id=intval($conferences_id); + $password=mysql_real_escape_string($password); + + // make sure the specified id's actually exist + if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){ + return "invalidaccount"; + } + if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){ + return "invalidrole($roles_id)"; + } + if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){ + return "invalidconference"; + } + + // find out if this account has a user record for this conference + $data = mysql_fetch_array(mysql_query(" + SELECT * FROM users + WHERE conferences_id = $conferences_id + AND accounts_id = $accounts_id + ")); + if(is_array($data)){ + // they do indeed have a user record for this conference. Let's load it + $u = user_load($data['id']); + $users_id = $data['id']; + }else{ + // They're not actually connected to this conference, let's hook 'em up + $u = user_create($accounts_id, $conferences_id); + $users_id = $u['id']; + + // if this applies to their current session, update their session user id + if($_SESSION['accounts_id'] == $accounts_id && $_SESSION['conferences_id'] == $conferences_id){ + $_SESSION['users_id'] = $users_id; + } + } + + // we now have the user id that we need, let's check to see whether or not they + // already have the specified role. + if(mysql_result(mysql_query("SELECT COUNT(*) FROM user_roles WHERE users_id = $users_id AND roles_id = $roles_id"), 0) != 0){ + // they already have this role. shell_exec("man true"); + return 'ok'; + } + + // see if this role conflicts with existing ones + if(!account_add_role_allowed($accounts_id, $conferences_id, $roles_id)){ + return 'invalidrole(account_add_role_allowed)'; + } + + // get the type of the role (eg. "judge", "participant", etc.) + $role = mysql_result(mysql_query("SELECT type FROM roles WHERE id = $roles_id"), 0); + + if($_SESSION['superuser']!='yes') { + // and see if it's a valid one for this conference + if(!array_key_exists($role . '_registration_type', $config)){ + return 'invalidrole(_registration_type)'; + } + } + + + if( in_array("admin",$_SESSION['roles']) || + in_array("config",$_SESSION['roles']) || + $_SESSION['superuser']=="yes") + { + //do nothing, we're logged in a a superuser, admin or config, so we + //dont want/need to check the types, just go ahead and invite them + //its easie than reversing the logic of the if above. + } + else { + + // and let's see if we meet the conditions for the registration type + $error = ""; + switch($config[$role . '_registration_type']){ + case 'open': + case 'openorinvite': + // this is allowed. + break; + case 'singlepassword': + if($password != $config[$role . '_registration_singlepassword']){ + $error = "invalidpassword"; + } + break; + case 'schoolpassword': + if($password != null){ + $schoolId = $u['schools_id']; + $schoolDat = mysql_fetch_assoc(mysql_query("SELECT registration_password FROM schools WHERE id=$schoolId")); + if(is_array($schoolDat)){ + if($password == $schoolDat['registration_password']) $valid = true; + $error = "invalidpassword"; + } + } + break; + case 'invite': + $error = 'invalidrole'; + break; + } + } + + if($error != ""){ + return $error; + } + + // *whew* all conditions have been met. Let's go ahead and create the record + if(!mysql_query("INSERT INTO user_roles (accounts_id, users_id, roles_id, active, complete) VALUES($accounts_id, $users_id, $roles_id, 'yes', 'no')")){ + return "mysqlerror:" . mysql_error(); + } + + $a=account_load($accounts_id); + $password=account_get_password($accounts_id); + + //in this case, we want to send to pendingemail if thats all we have, because + //its possible that this is a new user that was just added and we just sent + //the email confirmation email as well, so on new user invitation, they will get + //the invite email as well as the email confirmation email. + if($a['email']) $e=$a['email']; + else if($a['pendingemail']) $e=$a['pendingemail']; + + email_send("{$role}_new_invite", + $e, + array("FAIRNAME"=>$conference['name']), + array("FAIRNAME"=>$conference['name'], + "EMAIL"=>$e, + "USERNAME"=>$a['username'], + "PASSWORD"=>$password, + "ROLE"=>$role) + ); + + // if we made it this far, the role was successfully added + return 'ok'; +} + +// find out if the specifed role can be added to this account at the specified conference +function account_add_role_allowed($accounts_id, $roles_id, $conferences_id){ + $returnval = true; + + // avoid injections + $accounts_id *= 1; + $roles_id *= 1; + $conferences_id *= 1; + + // get the user id for this account/conference + $userdat = mysql_fetch_assoc(mysql_query("SELECT id FROM users WHERE accounts_id = $accounts_id AND conferences_id = $conferences_id")); + + // If this condition isn't met, then the account is not connected to the conference. + // In that case, the role can be allowed as there is no conflict. + if(is_array($userdat)){ + $users_id = $userdat['id']; + + // get the roles for the specified account at the specified conference + $query = mysql_query(" + SELECT * FROM user_roles + WHERE users_id = $users_id + "); + + while($returnval && $row = mysql_fetch_assoc($query)){ + switch($row['type']){ + case 'participant': + // Student cant' add any other role + $returnval = false; + break; + default: + if($role == 'participant') { + // No role can add the participant role + $returnval = false; + } + + // All other roles can coexist (even the fair role) + break; + } + } + + } + + return $returnval; +} + +// remove the specified role from the account's user record for the specified conference +// return true on success, false on failure +function account_remove_role($accounts_id, $roles_id, $conferences_id){ + // avoid injections + $accounts_id *= 1; + $roles_id *= 1; + $conferences_id *= 1; + + // make sure the specified id's actually exist + if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){ + return "invalidaccount"; + } + if(mysql_result(mysql_query("SELECT COUNT(*) FROM roles WHERE id = $roles_id"), 0) != 1){ + return "invalidrole"; + } + if(mysql_result(mysql_query("SELECT COUNT(*) FROM conferences WHERE id = $conferences_id"), 0) != 1){ + return "invalidconference"; + } + + // very little error catching needed here. If the role's there, we hopfully succeed in + // removing it. If it's not, then we succeed in doing nothing + $data = mysql_fetch_array(mysql_query(" + SELECT * FROM users + WHERE conferences_id = $conferences_id + AND accounts_id = $accounts_id + ")); + if(is_array($data)){ + // they do indeed have a user record for this conference. + $users_id = $data['id']; + + // Do role-specific remove actions + $role = mysql_result(mysql_query("SELECT `type` FROM roles WHERE id = $roles_id"), 0); + switch($role) { + case 'committee': + mysql_query("DELETE FROM committees_link WHERE accounts_id='{$accounts_id}'"); + break; + + case 'judge': + mysql_query("DELETE FROM judges_teams_link WHERE users_id='$users_id'"); + mysql_query("DELETE FROM judges_specialawards_sel WHERE users_id='$users_id'"); + break; + + default: + break; + } + + // and now we can remove the role link itself + mysql_query("DELETE FROM user_roles WHERE roles_id={$roles_id} AND users_id='$users_id'"); + } + return 'ok'; +} + +// A function for handling updates of any fields that can be modified through an API call. +// returns 'ok' on success, error message otherwise. +function account_update_info($fields){ + if(array_key_exists('accounts_id', $_SESSION)){ + $accounts_id = $_SESSION['accounts_id']; + }else{ + return 'you must be logged in to change your account settings'; + } + + if(!is_array($fields)) return 'account_update_info expects an array'; + $message = 'ok'; + $updates = array(); + foreach($fields as $index => $value){ + switch($index){ + case 'username': + if(account_valid_user($value)){ + $u = mysql_real_escape_string($value); + $q = mysql_query("SELECT id FROM accounts WHERE username = '$u' AND deleted = 'no' AND id != $accounts_id"); + if(mysql_num_rows($q) != 0){ + $message = "username already in use"; + }else{ + $updates[$index] = $value; + } + }else{ + $message = "invalid username"; + } + break; + + case 'password': + $q = mysql_query("SELECT password FROM accounts WHERE id='$accounts_id' AND password='" . mysql_real_escape_string($value) . "'"); + if(mysql_num_rows($q)){ + // ignore this parameter. The password has not changed + }else if(!account_valid_password($value)){ + $message = "invalid password"; + }else{ + $updates[$index] = $value; + } + break; + + case 'link_username_to_email': + if(in_array($value, array('yes', 'no'))){ + $updates[$index] = $value; + }else{ + $message = '"link_username_to_email" must be either a "yes" or "no" value'; + } + break; + + case 'email': + if(isEmailAddress($value)){ + $updates[$index] = $value; + }else{ + $message = 'invalid e-mail address'; + } + break; + + default: + $message = 'invalid field name'; + } + } + + if($message != 'ok'){ + return $message; + } + + // the data's all been validated, so we can continue with the actual update. + // doing it separately from the above loop to ensure that it's an all-or nothing update; + // none of it will happen if any one part is erroneous. + foreach($updates as $index => $value){ + switch($index){ + case 'username': + $username = mysql_real_escape_string($value); + mysql_query("UPDATE accounts SET username = '$username' WHERE id = $accounts_id"); + break; + + case 'password': + account_set_password($accounts_id, mysql_real_escape_string($value)); + break; + + case 'link_username_to_email': + mysql_query("UPDATE accounts SET link_username_to_email = '$value' WHERE id = $accounts_id"); + break; + + case 'email': + account_set_email($accounts_id, $value); + break; + } + } + + return $message; +} + +?> diff --git a/common.inc.bootstrap.php b/common.inc.bootstrap.php index 5c034da..182bdcf 100644 --- a/common.inc.bootstrap.php +++ b/common.inc.bootstrap.php @@ -1,380 +1,397 @@ - - Copyright (C) 2005-2010 James Grant - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public - License as published by the Free Software Foundation, version 2. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to - the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ - -//if we dont set the charset any page that doesnt call send_header() (where it used to be set) would defualt to the server's encoding, -//which in many cases (like ysf-fsj.ca/sfiab) is UTF-8. This was causing a lot of the newly AJAX'd editors to fail on french characters, -//becuase they were being encoded improperly. Ideally, all the databases will be switched to UTF-8, but thats not a near-term possibility, -//so this is kind of a band-aid solution until we can make everything UTF8. Hope it doesnt break anything anywhere else! -header("Content-Type: text/html; charset=UTF-8"); - -//set error reporting to not show notices, for some reason some people's installation dont set this by default -//so we will set it in the code instead just to make sure -//error_reporting(E_ALL & ~E_DEPRECATED ); - -define('REQUIREDFIELD','*'); - -//figure out the directory to prepend to directoroy names, depending on if we are in a subdirectory or not -if(substr(getcwd(),-6)=="/admin") - $prependdir="../"; -else if(substr(getcwd(),-6)=="/super") - $prependdir="../"; -else if(substr(getcwd(),-7)=="/config") - $prependdir="../"; -else if(substr(getcwd(),-3)=="/db") - $prependdir="../"; -else if(substr(getcwd(),-8)=="/scripts") - $prependdir="../"; -else - $prependdir=""; - -$sfiabversion=@file($prependdir."version.txt"); -$config['version']=trim($sfiabversion[0]); - -//make sure the data subdirectory is writable, if its not, then we're screwed, so make sure it is! -if(!is_writable($prependdir."data")) { - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "data/ subdirectory is not writable by the web server"; - echo "
"; - echo "

Details

"; - echo "The data/ subdirectory is used to store files uploaded through the SFIAB software. The web server must have write access to this directory in order to function properly. Please contact your system administrator (if you are the system administrator, chown/chmod the data directory appropriately)."; - echo "
"; - echo ""; - exit; -} - -if(file_exists($prependdir."data/config.inc.php")) { - require_once($prependdir."data/config.inc.php"); -} -else { - echo "SFIAB"; - echo "

Science Fair In A Box - Installation

"; - echo "It looks like this is a new installation of SFIAB, and the database has not yet been configured. Please choose from the following options:
"; - echo "
"; - echo "Proceed with Fresh SFIAB Installation"; - echo "
"; - echo ""; - exit; -} -/* -difference between MySQL <5.1 and 5.1: -in <5.1 in must have internall truncated it at 16 before comparing with the hard-coded 16 character database limit -in 5.1 it doesnt truncate and compares the full string with the hardcoded 16 character limit, so all our very long usernames -are now failing -James - Dec 30 2010 -*/ -$DBUSER=substr($DBUSER,0,16); - -if(!mysql_connect($DBHOST,$DBUSER,$DBPASS)) { - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "Cannot connect to database!"; - echo ""; - exit; -} - -if(!mysql_select_db($DBNAME)) { - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "Cannot select database!"; - echo ""; - exit; -} - -//this will silently fail on mysql 4.x, but is needed on mysql5.x to ensure we're only using utf8 encodings -@mysql_query("SET NAMES utf8"); - -//find out the fair year and any other 'year=0' configuration parameters (things that dont change as the years go on) -$q=@mysql_query("SELECT * FROM config WHERE conferences_id=0 OR year=0"); - -//we might get an error if installation step 2 is not done (ie, the config table doesnt even exist) -if(mysql_error()) { - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "SFIAB installation is not complete. Please go to Installer Step 2 to complete the installation process"; - echo "
"; - echo ""; - exit; -} -//if we have 0 (<1) then install2 is not done, which would get caught above, -//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY) -if(mysql_num_rows($q)<2) { - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "SFIAB installation is not complete. Please go to Installer Step 3 to complete the installation process"; - echo "
"; - echo ""; - exit; - -} -else { - while($r=mysql_fetch_object($q)) { - $config[$r->var]=$r->val; - } -} -//doh! we cant do it all, becuase it continains things like registration passwords! lets just add things as we need them i guess -//this gets turned into a 'config' object that is accessible in javascript (and output directly to the browser, so dont put -//anything in it that shouldnt be available to the public! -$configjs['SFIABDIRECTORY']=$config['SFIABDIRECTORY']; - -$dbdbversion=$config['DBVERSION']; -$dbcodeversion=@file($prependdir."db/db.code.version.txt"); -$dbcodeversion=trim($dbcodeversion[0]); - -if(!$dbdbversion) { - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "SFIAB installation is not complete. Please go to Installer Step 2 to complete the installation process"; - echo "
"; - echo ""; - exit; -} - -if($dbcodeversion!=$dbdbversion) { - echo "SFIAB ERROR"; - echo "

Science Fair In A Box - ERROR

"; - echo "SFIAB database and code are mismatched"; - echo "
"; - echo "Please run the db_update.php script in order to update"; - echo "
"; - echo "your database to the same version as the code"; - echo "
"; - echo "
"; - echo "
"; - echo "

Details

"; - echo "Current SFIAB codebase requires DB version: ".$dbcodeversion; - echo "
"; - echo "Current SFIAB database is detected as version: ".$dbdbversion; - echo "
"; - echo ""; - exit; -} - -/* Check that magic_quotes is OFF */ -if(get_magic_quotes_gpc()) { -?> - SFIAB ERROR -

Science Fair In A Box - ERROR

-

Your PHP configuration has magic_quotes ENABLED. They should be - disabled, and are disabled in the .htaccess file, so your server is - ignoring the .htaccess file or overriding it. -

Magic quotes is DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, but ON - by default for any PHP < 5.3.0. -

Add 

php_flag magic_quotes_gpc off
to the .htacces, or add - 
php_flag magic_quotes_gpc=off
to php.ini -
-id; - } - /* - else { - echo "No conferences defined!"; - }*/ -} - -function switchConference($cid) { - $cid=intval($cid); -// echo "cid=$cid"; - $q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'"); - if($r=mysql_fetch_object($q)) { - $_SESSION['conferences_id']=$cid; - } -} -//move the conference stuff before the configuration loading, so we can load the right configuration for the conference :) -if(isset($_GET['switchconference'])) { - //make sure its good - switchConference($_GET['switchconference']); - unset($_SESSION['nav']); -} - -if(intval($_SESSION['conferences_id'])>0) { - $q=mysql_query("SELECT * FROM conferences WHERE id='{$_SESSION['conferences_id']}'"); - $conference=mysql_fetch_assoc($q); - - /* - ******* THIS IS TEMPORARY.. probably remove it in a year or so ******** - if the conference year is set, this is temporary for migratory purposes, so set the FAIRYEAR = confierence year - this will - gracefully handle the science fair parts that still rely on FAIRYEAR - - if conference year is NOT set, then make sure config['FAIRYEAR'] is NOT set, so we can weed out any code that relies on - FAIRYEAR from the conference system - */ - if($conference['year']) - $config['FAIRYEAR']=$conference['year']; - else - $config['FAIRYEAR']=NULL; -} - -//now pull the rest of the configuration -$q=mysql_query("SELECT * FROM config WHERE conferences_id='".$conference['id']."'"); -while($r=mysql_fetch_object($q)) { - $config[$r->var]=$r->val; -} - -//now pull the dates -if($conference['id']) - $q=mysql_query("SELECT * FROM dates WHERE conferences_id='".$conference['id']."'"); -else - $config['dates']=array(); - -while($r=mysql_fetch_object($q)) { - $config['dates'][$r->name]=$r->date; -} - -//load roles -$roles=array(); -$q = mysql_query("SELECT * FROM roles"); -while(($r = mysql_fetch_assoc($q))) { - $roles[$r['type']] = $r; - $roles_by_id[$r['id']]=$r; -} - -//and now pull the theme -require_once("theme/{$config['theme']}/theme.php"); -require_once("theme/{$config['theme_icons']}/icons.php"); - -//detect the browser first, so we know what icons to use - we store this in the config array as well -//even though its not configurable by the fair -if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE")) - $config['icon_extension']="gif"; -else - $config['icon_extension']="png"; - -//now get the languages, and make sure we have at least one active language -$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname"); -if(mysql_num_rows($q)==0) { - echo "No active languages defined, defaulting to English"; - $config['languages']['en']="English"; -} -else { - while($r=mysql_fetch_object($q)) { - $config['languages'][$r->lang]=$r->langname; - } -} -//now if no language has been set yet, lets set it to the default language -if(!$_SESSION['lang']) { - //first try the default language, if that doesnt work, use "en" - if($config['default_language']) - $_SESSION['lang']=$config['default_language']; - else - $_SESSION['lang']="en"; -} - -//only allow debug to get set if we're using a development version (odd numbered ending) -if(substr($config['version'], -1) % 2 != 0) - if($_GET['debug']) $_SESSION['debug']=$_GET['debug']; - -//if the user has switched languages, go ahead and switch the session variable -if($_GET['switchlanguage']) { - //first, make sure its a valid language: - if($config['languages'][$_GET['switchlanguage']]) { - $_SESSION['lang']=$_GET['switchlanguage']; - } - else { - //invalid language, dont do anything - } -} - -$CWSFDivisions=array( - 1=>"Automotive", - 2=>"Biotechnology & Pharmaceutical Sciences", - 3=>"Computing & Information Technology", - 4=>"Earth & Environmental Sciences", - 5=>"Engineering", - 6=>"Environmental Innovation", - 7=>"Health Sciences", - 8=>"Life Sciences", - 9=>"Physical & Mathematical Sciences" -); - -$conference_types = array( - 'sciencefair' => 'Science Fair', - 'scienceolympics' => 'Science Olympics' -); - -//take SFIABDIRECTORY off of the current URL -$pageurl=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])); - -//this code figures out if the page we're on is in the navigation structure, and if so, where, and properly sets the primary, secondary and tertiary navigation variables -$q=mysql_query("SELECT * FROM rolestasks WHERE - ( link='".mysql_real_escape_string($pageurl)."' - OR link LIKE '".mysql_real_escape_string($pageurl)."?%') - AND conferencetype='{$conference['type']}'"); - -if(mysql_num_rows($q)) { - if(mysql_num_rows($q)==1) { - $r=mysql_fetch_object($q); - } - else { - //take the first one for now - while($r=mysql_fetch_object($q)) { - if($NAV_IDENT==$r->navident) - break; - } - //we have more than one, we need to rely on the $navident now - } - //okay we found it, now get its full tree above it - - //set things to 0 to start - $_SESSION['nav']['primary']=0; - $_SESSION['nav']['secondary']=0; - $_SESSION['nav']['tertiary']=0; - - $navTree=array(); - upTree($r->id,&$navTree); - - //go through each one, and set the SESSION vars - foreach($navTree AS $t) { - switch($t['level']) { - case 0: //primary nav - $_SESSION['nav']['primary']=$t['id']; - break; - case 1: //secondary nav - $_SESSION['nav']['secondary']=$t['id']; - break; - case 2: //tertiary nav - $_SESSION['nav']['tertiary']=$t['id']; - break; - } - } -} -else { - //if we didnt find it, we only set the tertiary to 0, because we probably want to keep our primary and secondary navs if they exist - $_SESSION['nav']['tertiary']=0; -} - + + Copyright (C) 2005-2010 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ + +//if we dont set the charset any page that doesnt call send_header() (where it used to be set) would defualt to the server's encoding, +//which in many cases (like ysf-fsj.ca/sfiab) is UTF-8. This was causing a lot of the newly AJAX'd editors to fail on french characters, +//becuase they were being encoded improperly. Ideally, all the databases will be switched to UTF-8, but thats not a near-term possibility, +//so this is kind of a band-aid solution until we can make everything UTF8. Hope it doesnt break anything anywhere else! +header("Content-Type: text/html; charset=UTF-8"); + +//set error reporting to not show notices, for some reason some people's installation dont set this by default +//so we will set it in the code instead just to make sure +//error_reporting(E_ALL & ~E_DEPRECATED ); + +define('REQUIREDFIELD','*'); + +//figure out the directory to prepend to directoroy names, depending on if we are in a subdirectory or not +// DES dspanogle 2011-02-04 Windows based servers use '\' in directories. This code works for WIN servers and or *nix servers. +if (stristr(getcwd(), '\\')) { // must look at whole directory because we do no know the SFIABDIRECTORY length + // Win + if(substr(getcwd(),-6)=="\\admin") + $prependdir="..\\"; +else if(substr(getcwd(),-6)=="\\super") + $prependdir="..\\"; +else if(substr(getcwd(),-7)=="\\config") + $prependdir="..\\"; +else if(substr(getcwd(),-3)=="\\db") + $prependdir="..\\"; +else if(substr(getcwd(),-8)=="\\scripts") + $prependdir="..\\"; +else + $prependdir=""; +} else { + // Other +if(substr(getcwd(),-6)=="/admin") + $prependdir="../"; +else if(substr(getcwd(),-6)=="/super") + $prependdir="../"; +else if(substr(getcwd(),-7)=="/config") + $prependdir="../"; +else if(substr(getcwd(),-3)=="/db") + $prependdir="../"; +else if(substr(getcwd(),-8)=="/scripts") + $prependdir="../"; +else + $prependdir=""; +} +$sfiabversion=@file($prependdir."version.txt"); +$config['version']=trim($sfiabversion[0]); + +//make sure the data subdirectory is writable, if its not, then we're screwed, so make sure it is! +if(!is_writable($prependdir."data")) { + echo "SFIAB ERROR"; + echo "

Science Fair In A Box - ERROR

"; + echo "data/ subdirectory is not writable by the web server"; + echo "
"; + echo "

Details

"; + echo "The data/ subdirectory is used to store files uploaded through the SFIAB software. The web server must have write access to this directory in order to function properly. Please contact your system administrator (if you are the system administrator, chown/chmod the data directory appropriately)."; + echo "
"; + echo ""; + exit; +} + +if(file_exists($prependdir."data/config.inc.php")) { + require_once($prependdir."data/config.inc.php"); +} +else { + echo "SFIAB"; + echo "

Science Fair In A Box - Installation

"; + echo "It looks like this is a new installation of SFIAB, and the database has not yet been configured. Please choose from the following options:
"; + echo "
"; + echo "Proceed with Fresh SFIAB Installation"; + echo "
"; + echo ""; + exit; +} +/* +difference between MySQL <5.1 and 5.1: +in <5.1 in must have internall truncated it at 16 before comparing with the hard-coded 16 character database limit +in 5.1 it doesnt truncate and compares the full string with the hardcoded 16 character limit, so all our very long usernames +are now failing +James - Dec 30 2010 +*/ +$DBUSER=substr($DBUSER,0,16); + +if(!mysql_connect($DBHOST,$DBUSER,$DBPASS)) { + echo "SFIAB ERROR"; + echo "

Science Fair In A Box - ERROR

"; + echo "Cannot connect to database!"; + echo ""; + exit; +} + +if(!mysql_select_db($DBNAME)) { + echo "SFIAB ERROR"; + echo "

Science Fair In A Box - ERROR

"; + echo "Cannot select database!"; + echo ""; + exit; +} + +//this will silently fail on mysql 4.x, but is needed on mysql5.x to ensure we're only using utf8 encodings +@mysql_query("SET NAMES utf8"); + +//find out the fair year and any other 'year=0' configuration parameters (things that dont change as the years go on) +$q=@mysql_query("SELECT * FROM config WHERE conferences_id=0 OR year=0"); + +//we might get an error if installation step 2 is not done (ie, the config table doesnt even exist) +if(mysql_error()) { + echo "SFIAB ERROR"; + echo "

Science Fair In A Box - ERROR

"; + echo "SFIAB installation is not complete. Please go to Installer Step 2 to complete the installation process"; + echo "
"; + echo ""; + exit; +} +//if we have 0 (<1) then install2 is not done, which would get caught above, +//if we have 1 (<2) then insatll3 is not done (no entries for FAIRYEAR and SFIABDIRECTORY) +if(mysql_num_rows($q)<2) { + echo "SFIAB ERROR"; + echo "

Science Fair In A Box - ERROR

"; + echo "SFIAB installation is not complete. Please go to Installer Step 3 to complete the installation process"; + echo "
"; + echo ""; + exit; + +} +else { + while($r=mysql_fetch_object($q)) { + $config[$r->var]=$r->val; + } +} +//doh! we cant do it all, becuase it continains things like registration passwords! lets just add things as we need them i guess +//this gets turned into a 'config' object that is accessible in javascript (and output directly to the browser, so dont put +//anything in it that shouldnt be available to the public! +$configjs['SFIABDIRECTORY']=$config['SFIABDIRECTORY']; + +$dbdbversion=$config['DBVERSION']; +$dbcodeversion=@file($prependdir."db/db.code.version.txt"); +$dbcodeversion=trim($dbcodeversion[0]); + +if(!$dbdbversion) { + echo "SFIAB ERROR"; + echo "

Science Fair In A Box - ERROR

"; + echo "SFIAB installation is not complete. Please go to Installer Step 2 to complete the installation process"; + echo "
"; + echo ""; + exit; +} + +if($dbcodeversion!=$dbdbversion) { + echo "SFIAB ERROR"; + echo "

Science Fair In A Box - ERROR

"; + echo "SFIAB database and code are mismatched"; + echo "
"; + echo "Please run the db_update.php script in order to update"; + echo "
"; + echo "your database to the same version as the code"; + echo "
"; + echo "
"; + echo "
"; + echo "

Details

"; + echo "Current SFIAB codebase requires DB version: ".$dbcodeversion; + echo "
"; + echo "Current SFIAB database is detected as version: ".$dbdbversion; + echo "
"; + echo ""; + exit; +} + +/* Check that magic_quotes is OFF */ +if(get_magic_quotes_gpc()) { +?> + SFIAB ERROR +

Science Fair In A Box - ERROR

+

Your PHP configuration has magic_quotes ENABLED. They should be + disabled, and are disabled in the .htaccess file, so your server is + ignoring the .htaccess file or overriding it. +

Magic quotes is DEPRECATED as of PHP 5.3.0, REMOVE as of 6.0, but ON + by default for any PHP < 5.3.0. +

Add 

php_flag magic_quotes_gpc off
to the .htacces, or add + 
php_flag magic_quotes_gpc=off
to php.ini +
+id; + } + /* + else { + echo "No conferences defined!"; + }*/ +} + +function switchConference($cid) { + $cid=intval($cid); +// echo "cid=$cid"; + $q=mysql_query("SELECT * FROM conferences WHERE id='$cid' AND status='running'"); + if($r=mysql_fetch_object($q)) { + $_SESSION['conferences_id']=$cid; + } +} +//move the conference stuff before the configuration loading, so we can load the right configuration for the conference :) +if(isset($_GET['switchconference'])) { + //make sure its good + switchConference($_GET['switchconference']); + unset($_SESSION['nav']); +} + +if(intval($_SESSION['conferences_id'])>0) { + $q=mysql_query("SELECT * FROM conferences WHERE id='{$_SESSION['conferences_id']}'"); + $conference=mysql_fetch_assoc($q); + + /* + ******* THIS IS TEMPORARY.. probably remove it in a year or so ******** + if the conference year is set, this is temporary for migratory purposes, so set the FAIRYEAR = confierence year - this will + gracefully handle the science fair parts that still rely on FAIRYEAR + + if conference year is NOT set, then make sure config['FAIRYEAR'] is NOT set, so we can weed out any code that relies on + FAIRYEAR from the conference system + */ + if($conference['year']) + $config['FAIRYEAR']=$conference['year']; + else + $config['FAIRYEAR']=NULL; +} + +//now pull the rest of the configuration +$q=mysql_query("SELECT * FROM config WHERE conferences_id='".$conference['id']."'"); +while($r=mysql_fetch_object($q)) { + $config[$r->var]=$r->val; +} + +//now pull the dates +if($conference['id']) + $q=mysql_query("SELECT * FROM dates WHERE conferences_id='".$conference['id']."'"); +else + $config['dates']=array(); + +while($r=mysql_fetch_object($q)) { + $config['dates'][$r->name]=$r->date; +} + +//load roles +$roles=array(); +$q = mysql_query("SELECT * FROM roles"); +while(($r = mysql_fetch_assoc($q))) { + $roles[$r['type']] = $r; + $roles_by_id[$r['id']]=$r; +} + +//and now pull the theme +require_once("theme/{$config['theme']}/theme.php"); +require_once("theme/{$config['theme_icons']}/icons.php"); + +//detect the browser first, so we know what icons to use - we store this in the config array as well +//even though its not configurable by the fair +if(stristr($_SERVER['HTTP_USER_AGENT'],"MSIE")) + $config['icon_extension']="gif"; +else + $config['icon_extension']="png"; + +//now get the languages, and make sure we have at least one active language +$q=mysql_query("SELECT * FROM languages WHERE active='Y' ORDER BY langname"); +if(mysql_num_rows($q)==0) { + echo "No active languages defined, defaulting to English"; + $config['languages']['en']="English"; +} +else { + while($r=mysql_fetch_object($q)) { + $config['languages'][$r->lang]=$r->langname; + } +} +//now if no language has been set yet, lets set it to the default language +if(!$_SESSION['lang']) { + //first try the default language, if that doesnt work, use "en" + if($config['default_language']) + $_SESSION['lang']=$config['default_language']; + else + $_SESSION['lang']="en"; +} + +//only allow debug to get set if we're using a development version (odd numbered ending) +if(substr($config['version'], -1) % 2 != 0) + if($_GET['debug']) $_SESSION['debug']=$_GET['debug']; + +//if the user has switched languages, go ahead and switch the session variable +if($_GET['switchlanguage']) { + //first, make sure its a valid language: + if($config['languages'][$_GET['switchlanguage']]) { + $_SESSION['lang']=$_GET['switchlanguage']; + } + else { + //invalid language, dont do anything + } +} + +$CWSFDivisions=array( + 1=>"Automotive", + 2=>"Biotechnology & Pharmaceutical Sciences", + 3=>"Computing & Information Technology", + 4=>"Earth & Environmental Sciences", + 5=>"Engineering", + 6=>"Environmental Innovation", + 7=>"Health Sciences", + 8=>"Life Sciences", + 9=>"Physical & Mathematical Sciences" +); + +$conference_types = array( + 'sciencefair' => 'Science Fair', + 'scienceolympics' => 'Science Olympics' +); + +//take SFIABDIRECTORY off of the current URL +$pageurl=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])); + +//this code figures out if the page we're on is in the navigation structure, and if so, where, and properly sets the primary, secondary and tertiary navigation variables +$q=mysql_query("SELECT * FROM rolestasks WHERE + ( link='".mysql_real_escape_string($pageurl)."' + OR link LIKE '".mysql_real_escape_string($pageurl)."?%') + AND conferencetype='{$conference['type']}'"); + +if(mysql_num_rows($q)) { + if(mysql_num_rows($q)==1) { + $r=mysql_fetch_object($q); + } + else { + //take the first one for now + while($r=mysql_fetch_object($q)) { + if($NAV_IDENT==$r->navident) + break; + } + //we have more than one, we need to rely on the $navident now + } + //okay we found it, now get its full tree above it + + //set things to 0 to start + $_SESSION['nav']['primary']=0; + $_SESSION['nav']['secondary']=0; + $_SESSION['nav']['tertiary']=0; + + $navTree=array(); + upTree($r->id,&$navTree); + + //go through each one, and set the SESSION vars + foreach($navTree AS $t) { + switch($t['level']) { + case 0: //primary nav + $_SESSION['nav']['primary']=$t['id']; + break; + case 1: //secondary nav + $_SESSION['nav']['secondary']=$t['id']; + break; + case 2: //tertiary nav + $_SESSION['nav']['tertiary']=$t['id']; + break; + } + } +} +else { + //if we didnt find it, we only set the tertiary to 0, because we probably want to keep our primary and secondary navs if they exist + $_SESSION['nav']['tertiary']=0; +} + diff --git a/common.inc.php b/common.inc.php index ba369bd..5b789e6 100644 --- a/common.inc.php +++ b/common.inc.php @@ -1,524 +1,539 @@ - - Copyright (C) 2005-2010 James Grant - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public - License as published by the Free Software Foundation, version 2. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to - the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ -?> - - - - - <? if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?> -\n"; - } -?> - - - - - - - - - - - -
-
-
-
-
-
-"; -echo "".i18n("Contact Us")."   |   \n"; -if(count($config['languages'])>1) { - echo i18n("Language").": "; - echo ""; -} -echo ""; -?> -
- -
- - -
-\n"; - -/* - $q=mysql_query("SELECT * FROM rolestasks WHERE pid='{$_SESSION['nav']['secondary']}' AND conferencetype='{$conference['type']}' ORDER By ord,task"); - echo "
    "; - while($r=mysql_fetch_object($q)) { - $cl="class=\""; - if($r->link) - $cl.="link "; - else - $cl.="heading "; - - if($_SESSION['nav']['tertiary'] == $r->id) { - $cl.=" selected"; - } - $cl.="\""; - - echo "
  • "; - if($r->link) - echo "link\">"; - - echo i18n($r->task); - - if($r->link) - echo ""; - echo "
    • \n"; - } - echo "
\n"; - */ -?> -
- - -".i18n('You are here:').' '; - foreach($nav as $t=>$l) { - echo "".i18n($t).' » '; - } - if(!$titletranslated) - echo i18n($title); - else - echo $title; - echo '
'; -} -*/ - -if(is_array($_SESSION['roles'])) { - $has_config = array_key_exists('config', $_SESSION['roles']); - $has_admin = array_key_exists('admin', $_SESSION['roles']); - - if($has_config || $has_admin) - committee_warnings(); - if($has_config) - config_warnings(); - if($has_admin) - admin_warnings(); -} - -/* -if(substr(getcwd(),-6)!="/admin" && substr(getcwd(),-7)!="/config" && substr(getcwd(),-6)!="/super") { -?> -
-
- -
> -
-"; - echo theme_icon($icon); - echo "
\n"; -} - -//if we're under /admin or /config then we want to show the ? help icon -if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="/super") { - if($_SERVER['REDIRECT_SCRIPT_URL']) - $fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1); - else - $fname=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])+1); - - echo " \n"; -} - -if($title && !$titletranslated) - echo "

".i18n($title)."

\n"; -else if($title) - echo "

".$title."

\n"; - -display_messages(); - -?> -
-
- -
-
-
-
- -
Debug...
- -
- - - - - - -\n"; -?> - - -<?=i18n($title)?> - - - - - - - - - -
- -".i18n($title).""; - -} - -function send_popup_footer() { -?> -
-
- -
Debug...
- - - - - + + Copyright (C) 2005-2010 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +?> + + + + + <? if($title && !$titletranslated) echo i18n($title); else if($title) echo $title; else echo i18n($config['fairname']); ?> +\n"; + } +?> + + + + + + + + + + + +
+
+
+
+
+
+"; +echo "".i18n("Contact Us")."   |   \n"; +if(count($config['languages'])>1) { + echo i18n("Language").": "; + echo ""; +} +echo ""; +?> +
+ +
+ + +
+\n"; + +/* + $q=mysql_query("SELECT * FROM rolestasks WHERE pid='{$_SESSION['nav']['secondary']}' AND conferencetype='{$conference['type']}' ORDER By ord,task"); + echo "
    "; + while($r=mysql_fetch_object($q)) { + $cl="class=\""; + if($r->link) + $cl.="link "; + else + $cl.="heading "; + + if($_SESSION['nav']['tertiary'] == $r->id) { + $cl.=" selected"; + } + $cl.="\""; + + echo "
  • "; + if($r->link) + echo "link\">"; + + echo i18n($r->task); + + if($r->link) + echo ""; + echo "
    • \n"; + } + echo "
\n"; + */ +?> +
+ + +".i18n('You are here:').' '; + foreach($nav as $t=>$l) { + echo "".i18n($t).' » '; + } + if(!$titletranslated) + echo i18n($title); + else + echo $title; + echo '
'; +} +*/ + +if(is_array($_SESSION['roles'])) { + $has_config = array_key_exists('config', $_SESSION['roles']); + $has_admin = array_key_exists('admin', $_SESSION['roles']); + + if($has_config || $has_admin) + committee_warnings(); + if($has_config) + config_warnings(); + if($has_admin) + admin_warnings(); +} + +/* +if(substr(getcwd(),-6)!="/admin" && substr(getcwd(),-7)!="/config" && substr(getcwd(),-6)!="/super") { +?> +
+
+ +
> +
+"; + echo theme_icon($icon); + echo "
\n"; +} + +//if we're under /admin or /config then we want to show the ? help icon +if(substr(getcwd(),-6)=="/admin" || substr(getcwd(),-7)=="/config" || substr(getcwd(),-6)=="/super") { + if($_SERVER['REDIRECT_SCRIPT_URL']) + $fname=substr($_SERVER['REDIRECT_SCRIPT_URL'],strlen($config['SFIABDIRECTORY'])+1); + else + $fname=substr($_SERVER['PHP_SELF'],strlen($config['SFIABDIRECTORY'])+1); + + echo " \n"; +} + +if($title && !$titletranslated) + echo "

".i18n($title)."

\n"; +else if($title) + echo "

".$title."

\n"; + +display_messages(); + +?> +
+
+ +
+
+
+
+ +
Debug...
+ +
+ + + + + + +\n"; +?> + + +<?=i18n($title)?> + + + + + + + + + +
+ +".i18n($title).""; + +} + +function send_popup_footer() { +?> +
+
+ +
Debug...
+ + + + + diff --git a/db/db_update.php b/db/db_update.php index 36eb198..d49bb0b 100644 --- a/db/db_update.php +++ b/db/db_update.php @@ -1,122 +1,163 @@ -\n"; -if(file_exists("db.code.version.txt")) { - $dbcodeversion_file=file("db.code.version.txt"); - $dbcodeversion=trim($dbcodeversion_file[0]); -} -else { - echo "Couldnt load current db.code.version.txt\n"; - exit; -} - -$skip_dbversion_update = array_key_exists('skip_dbversion_update', $_GET); - -mysql_connect($DBHOST,$DBUSER,$DBPASS); -mysql_select_db($DBNAME); -@mysql_query("SET NAMES utf8"); -$q=mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'"); -$r=mysql_fetch_object($q); -$dbdbversion=$r->val; -if(!$dbdbversion) { - echo "Couldnt get current db version. Is SFIAB properly installed?\n"; - exit; -} - -if($dbdbversion>=190) { - //we can only load in the 'system', because when running from here we have no clue what - //conference the script is interested in - //also, FAIRYEAR doesnt exist anymore - - /* Load config just in case there's a PHP script that wants it */ - $q=mysql_query("SELECT * FROM config WHERE section='system' AND conferences_id=0"); - while($r=mysql_fetch_object($q)) $config[$r->var]=$r->val; -} -else { - /* Get the fair year */ - $q=mysql_query("SELECT val FROM config WHERE var='FAIRYEAR' AND year='0'"); - $r=mysql_fetch_object($q); - $config = array('FAIRYEAR' => $r->val); - - /* Load config just in case there's a PHP script that wants it */ - $q=mysql_query("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'"); - while($r=mysql_fetch_object($q)) $config[$r->var]=$r->val; -} - - -require_once("../config_editor.inc.php"); // For config_update_variables() - -if($dbcodeversion && $dbdbversion) { - //lets see if they match - if($dbcodeversion == $dbdbversion) { - echo "DB and CODE are all up-to-date. Version: $dbdbversion\n"; - exit; - } - else if($dbcodeversion<$dbdbversion) { - echo "ERROR: dbcodeversion$dbdbversion) { - echo "DB update requirements detected\n"; - echo "Current DB Version: $dbdbversion\n"; - echo "Current CODE Version: $dbcodeversion\n"; - - echo "Updating database from $dbdbversion to $dbcodeversion\n"; - - for($ver=$dbdbversion+1;$ver<=$dbcodeversion;$ver++) { - if(file_exists("db.update.$ver.php")) { - include("db.update.$ver.php"); - } - if(is_callable("db_update_{$ver}_pre")) { - echo "db.update.$ver.php::db_update_{$ver}_pre() exists - running...\n"; - call_user_func("db_update_{$ver}_pre"); - echo "db.update.$ver.php::db_update_{$ver}_pre() done.\n"; - } - if(file_exists("db.update.$ver.sql")) { - echo "db.update.$ver.sql detected - running...\n"; - readfile("db.update.$ver.sql"); - echo "\n"; - system("mysql --default-character-set=utf8 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME \n"; - -?> +\n"; +if(file_exists("db.code.version.txt")) { + $dbcodeversion_file=file("db.code.version.txt"); + $dbcodeversion=trim($dbcodeversion_file[0]); +} +else { + echo "Couldnt load current db.code.version.txt\n"; + exit; +} + +$skip_dbversion_update = array_key_exists('skip_dbversion_update', $_GET); + +mysql_connect($DBHOST,$DBUSER,$DBPASS); +mysql_select_db($DBNAME); +@mysql_query("SET NAMES utf8"); +$q=mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND year='0'"); +$r=mysql_fetch_object($q); +$dbdbversion=$r->val; +if(!$dbdbversion) { + echo "Couldnt get current db version. Is SFIAB properly installed?\n"; + exit; +} + +if($dbdbversion>=190) { + //we can only load in the 'system', because when running from here we have no clue what + //conference the script is interested in + //also, FAIRYEAR doesnt exist anymore + + /* Load config just in case there's a PHP script that wants it */ + $q=mysql_query("SELECT * FROM config WHERE section='system' AND conferences_id=0"); + while($r=mysql_fetch_object($q)) $config[$r->var]=$r->val; +} +else { + /* Get the fair year */ + $q=mysql_query("SELECT val FROM config WHERE var='FAIRYEAR' AND year='0'"); + $r=mysql_fetch_object($q); + $config = array('FAIRYEAR' => $r->val); + + /* Load config just in case there's a PHP script that wants it */ + $q=mysql_query("SELECT * FROM config WHERE year='{$config['FAIRYEAR']}'"); + while($r=mysql_fetch_object($q)) $config[$r->var]=$r->val; +} + + +require_once("../config_editor.inc.php"); // For config_update_variables() + +if($dbcodeversion && $dbdbversion) { + //lets see if they match + if($dbcodeversion == $dbdbversion) { + echo "DB and CODE are all up-to-date. Version: $dbdbversion\n"; + exit; + } + else if($dbcodeversion<$dbdbversion) { + echo "ERROR: dbcodeversion$dbdbversion) { + echo "DB update requirements detected\n"; + echo "Current DB Version: $dbdbversion\n"; + echo "Current CODE Version: $dbcodeversion\n"; + + echo "Updating database from $dbdbversion to $dbcodeversion\n"; + + for($ver=$dbdbversion+1;$ver<=$dbcodeversion;$ver++) { + if(file_exists("db.update.$ver.php")) { + include("db.update.$ver.php"); + } + if(is_callable("db_update_{$ver}_pre")) { + echo "db.update.$ver.php::db_update_{$ver}_pre() exists - running...\n"; + call_user_func("db_update_{$ver}_pre"); + echo "db.update.$ver.php::db_update_{$ver}_pre() done.\n"; + } + if(file_exists("db.update.$ver.sql")) { + echo "db.update.$ver.sql detected - running...\n"; + readfile("db.update.$ver.sql"); + echo "\n"; + // DES dspanogle 2011-02-05 Test to see if can use system call + // if *nix then '/' in working directory. If not then windows - do not even try system + if(function_exists("system") and (stristr(substr(getcwd(),-9), '/') ) ) { + // Use System call this assumes mysql.exe exists on the server. it may not. + system("mysql --default-character-set=utf8 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME Error performing query!
'.$templine.'
mysqlerror: '.mysql_error().'

'); + $exit_code = -1; // do we bail out here or keep going? keep going for now, get all errors + } + // Reset temp variable to empty + $templine = ''; + } + } + echo "
"; + } + if($exit_code != 0) { + /* mysql failed!, what now? */ + echo "
mysql failed to execute query(s) without error!
"; + echo "Update scripts bad or *nix server system('mysql' .. ) call failed!
"; + echo "This installation is not complete!
"; + } + } + else { + echo "Version $ver SQL update file not found - skipping over\n"; + } + if(is_callable("db_update_{$ver}_post")) { + echo "db.update.$ver.php::db_update_{$ver}_post() exists - running...\n"; + call_user_func("db_update_{$ver}_post"); + echo "db.update.$ver.php::db_update_{$ver}_post() done.\n"; + } + } + if($db_update_skip_variables != true) { + echo "\nUpdating Configuration Variables...\n"; + config_update_variables(); + } + + + if($skip_dbversion_update) { + echo "\nAll done - skip_dbversion_update specified, NOT updating to DB version to $dbcodeversion\n"; + } else { + echo "\nAll done - updating new DB version to $dbcodeversion\n"; + mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND conferences_id='0'"); + } + } +} +else { + echo "ERROR: dbcodeversion and dbdbversion are not defined\n"; +} + +echo "\n"; + +?> diff --git a/install2.php b/install2.php index 6fe6ca3..e93dbb3 100644 --- a/install2.php +++ b/install2.php @@ -1,138 +1,216 @@ - - Copyright (C) 2005 James Grant - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public - License as published by the Free Software Foundation, version 2. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to - the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ -echo "\n"; -?> - - -SFIAB Installation - - - -

SFIAB Installation - Step 2

-Installation requires php's system() function to be available\n"; - echo ""; - exit; -} - -if(!file_exists("data/config.inc.php")) { - echo "
SFIAB Installation Step 1 is not yet complete.
"; - echo "Go back to installation step 1
"; - echo ""; - exit; -} - -require_once("data/config.inc.php"); -mysql_connect($DBHOST,$DBUSER,$DBPASS); -mysql_select_db($DBNAME); - - echo "Getting database version requirements for code... "; - - if(file_exists("db/db.code.version.txt")) { - $dbcodeversion_file=file("db/db.code.version.txt"); - $dbcodeversion=trim($dbcodeversion_file[0]); - } - else { - echo "ERROR: Couldnt load current db/db.code.version.txt
"; - exit; - } - echo "version $dbcodeversion
"; - - echo "Checking for existing SFIAB database... "; - - $q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND conferences_id='0'"); - $r=@mysql_fetch_object($q); - $dbdbversion=$r->val; - - if($dbdbversion) { - echo "ERROR: found version $dbdbversion
"; - - //lets see if they match - if($dbcodeversion == $dbdbversion) - echo "Your SFIAB database is already setup with the required version\n"; - else if($dbcodeversion<$dbdbversion) - echo "ERROR: dbcodeversion$dbdbversion) - echo "Your SFIAB database needs to be updated. You should run the update script instead of this installer!\n"; - exit; - } - else { - echo "Not found (good!)
"; - } - - echo "Checking for database installer for version $dbcodeversion... "; - if(file_exists("db/db.full.$dbcodeversion.sql")) { - echo "db/db.full.$dbcodeversion.sql found
"; - - echo "Setting up database tables... "; - - system("mysql --default-character-set=utf8 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME Done! installed database version $dbcodeversion
\n"; - - //now update the db version in the database - mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND conferences_id='0'"); - - echo "
"; - echo "Done!
"; - echo "Proceed to installation step 3
"; - } - else { - echo "Couldnt find db/db.full.$dbcodeversion.sql
"; - echo "Trying to find an older version...
"; - - for($x=$dbcodeversion;$x>0;$x--) { - if(file_exists("db/db.full.$x.sql")) { - echo "db/db.full.$x.sql found
"; - echo "Setting up database tables... "; - - system("mysql --default-character-set=utf8 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME Done! installed database version $x
\n"; - - //now update the db version in the database - mysql_query("UPDATE config SET val='$x' WHERE var='DBVERSION' AND conferences_id='0'"); - - echo "Attempting to update database using standard update script to update from $x to $dbcodeversion
"; - echo "
Please scroll to the bottom of this page for the link to the next step of the installation process.
"; - chdir ("db"); - /* Update the database, but don't update the config variables yet, because - * We haven't set the conference id */ - $db_update_skip_variables = true; - include "db_update.php"; - chdir ("../"); - - echo "
"; - echo "Done!
"; - echo "Proceed to installation step 3
"; - break; - } - } - } - //only if this file was created will we go ahead with the rest - //creating all the tables and such.. -?> - - + + Copyright (C) 2005 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +echo "\n"; +?> + + +SFIAB Installation + + + +

SFIAB Installation - Step 2

+Installation requires php's system() function to be available\n"; + echo ""; + exit; +} +*/ +if(!file_exists("data/config.inc.php")) { + echo "
SFIAB Installation Step 1 is not yet complete.
"; + echo "Go back to installation step 1
"; + echo ""; + exit; +} + +require_once("data/config.inc.php"); +mysql_connect($DBHOST,$DBUSER,$DBPASS); +mysql_select_db($DBNAME); + echo "Getting database version requirements for code... "; + + if(file_exists("db/db.code.version.txt")) { + $dbcodeversion_file=file("db/db.code.version.txt"); + $dbcodeversion=trim($dbcodeversion_file[0]); + } + else { + echo "ERROR: Couldnt load current db/db.code.version.txt
"; + exit; + } + echo "version $dbcodeversion
"; + + echo "Checking for existing SFIAB database... "; + + $q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND conferences_id='0'"); + $r=@mysql_fetch_object($q); + $dbdbversion=$r->val; + + if($dbdbversion) { + echo "ERROR: found version $dbdbversion
"; + + //lets see if they match + if($dbcodeversion == $dbdbversion) + echo "Your SFIAB database is already setup with the required version\n"; + else if($dbcodeversion<$dbdbversion) + echo "ERROR: dbcodeversion$dbdbversion) + echo "Your SFIAB database needs to be updated. You should run the update script instead of this installer!\n"; + exit; + } + else { + echo "Not found (good!)
"; + } + + echo "Checking for database installer for version $dbcodeversion... "; + if(file_exists("db/db.full.$dbcodeversion.sql")) { + echo "db/db.full.$dbcodeversion.sql found
"; + + echo "Setting up database tables... "; + + // dspanogle 2011-02-05 if system does not exist use each section of the sql file instead of using system("sql" ... + // For windows ISP servers that do not provide system or sql.exe executable - replace system call. + // If '/' in working directory then is *nix if not do not even try to call system. + if(function_exists("system") and (stristr(substr(getcwd(),-9), '/')) ) { + // assume mysql.exe exists + system("mysql --default-character-set=utf8 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME Error performing query!
'.$templine.'
mysqlerror: '.mysql_error().'

'); + $exit_code = -1; // do we bail out here or keep going? keep going for now, get all errors + } + // Reset temp variable to empty + $templine = ''; + } + } + echo "

"; + } + if($exit_code != 0) { + /* mysql failed!, what now? */ + echo "
mysql failed to execute query(s) without error!
"; + } + + echo "Done! installed database version $dbcodeversion
\n"; + + //now update the db version in the database + mysql_query("UPDATE config SET val='$dbcodeversion' WHERE var='DBVERSION' AND conferences_id='0'"); + + echo "
"; + echo "Done!
"; + echo "Proceed to installation step 3
"; + } + else { + echo "Couldnt find db/db.full.$dbcodeversion.sql
"; + echo "Trying to find an older version...
"; + + for($x=$dbcodeversion;$x>0;$x--) { + if(file_exists("db/db.full.$x.sql")) { + echo "db/db.full.$x.sql found
"; + echo "Setting up database tables... "; + // dspanogle 2011-02-05 if system does not exist use each section of the sql file instead of using system("sql" ... + // For windows ISP servers that do not provide system or sql.exe executable - replace system call. + // If '/' in working directory then is *nix if not do not even try to call system. + if(function_exists("system") and (stristr(substr(getcwd(),-9), '/'))) { + // assume mysql.exe exists + system("mysql --default-character-set=utf8 -h$DBHOST -u$DBUSER -p$DBPASS $DBNAME Error performing query!
'.$templine.'
mysqlerror: '.mysql_error().'

'); + $exit_code = -1; // do we bail out here or keep going? keep going for now, get all errors + } + // Reset temp variable to empty + $templine = ''; + } + } + echo "

"; + } + if($exit_code != 0) { + /* mysql failed!, what now? */ + echo "
mysql failed to execute query(s) without error!
"; + } + + echo "Done! installed database version $x
\n"; + + //now update the db version in the database + mysql_query("UPDATE config SET val='$x' WHERE var='DBVERSION' AND conferences_id='0'"); + + echo "Attempting to update database using standard update script to update from $x to $dbcodeversion
"; + echo "
Please scroll to the bottom of this page for the link to the next step of the installation process.
"; + chdir ("db"); + /* Update the database, but don't update the config variables yet, because + * We haven't set the conference id */ + $db_update_skip_variables = true; + include "db_update.php"; + chdir ("../"); + + echo "
"; + echo "Done!
"; + echo "Proceed to installation step 3
"; + break; + } + } + } + //only if this file was created will we go ahead with the rest + //creating all the tables and such.. +?> + + diff --git a/install3.php b/install3.php index 8a2471b..209dc4e 100644 --- a/install3.php +++ b/install3.php @@ -1,152 +1,159 @@ - - Copyright (C) 2005 James Grant - - This program is free software; you can redistribute it and/or - modify it under the terms of the GNU General Public - License as published by the Free Software Foundation, version 2. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program; see the file COPYING. If not, write to - the Free Software Foundation, Inc., 59 Temple Place - Suite 330, - Boston, MA 02111-1307, USA. -*/ -echo "\n"; -?> - - -SFIAB Installation - - - -

SFIAB Installation - Step 3

-SFIAB Installation Step 1 is not yet complete."; - echo "Go back to installation step 1
"; - echo ""; - exit; -} - -require_once("data/config.inc.php"); -require_once("config_editor.inc.php"); -require_once("user.inc.php"); -require_once("committee.inc.php"); -mysql_connect($DBHOST,$DBUSER,$DBPASS); -mysql_select_db($DBNAME); - -echo "Checking for SFIAB database... "; - -$q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND conferences_id='0'"); -$r=@mysql_fetch_object($q); -$dbdbversion=$r->val; - -if(!$dbdbversion) { - echo "
SFIAB Installation Step 2 is not yet complete.
"; - echo "Go back to installation step 2
"; - echo ""; - exit; -} - -//a fresh install should ONLY have DBVERSION defined in the config table. If there are others (SFIABDIRECTORY) then this is NOT fresh -$q=mysql_query("SELECT * FROM config WHERE conferences_id='0' AND ( var='DBVERSION' OR var='SFIABDIRECTORY') "); -//we might get an error if the config table does not exist (ie, installer step 2 failed) -if(mysql_error()) { - //we say all tables, but really only we check for config where conferences_id=0; - echo "
ERROR: No SFIAB tables detected, It seems like step 2 failed. Please go Back to Installation Step 2 and try again.
"; - echo ""; - exit; - -} -//1 is okay (DBVERSION). More than 1 is bad (already isntalled) -if(mysql_num_rows($q)>1) { - //we say all tables, but really only we check for config where conferences_id=0; - echo "
ERROR: Detected existing table data, SFIAB Installation Step 3 requires a clean SFIAB database installation.
"; - echo ""; - exit; -} -echo "Found!
"; - -if($_POST['action']=="save") { - $err=false; - - if(!$_POST['email']) { - echo "Superuser email address is required"; - $err=true; - } - - if(!( $_POST['pass1'] && $_POST['pass2'])) { - echo "Superuser password and password confirmation are required"; - $err=true; - } - if($_POST['pass1'] != $_POST['pass2']) { - echo "Password and Password confirmation do not match"; - $err=true; - } - - if(!$err) { - - echo "Creating configuration settings... "; -// mysql_query("INSERT INTO config (var,val,category,ord,conferences_id) VALUES ('FAIRYEAR','".$_POST['fairyear']."','Special','0','0')"); - mysql_query("INSERT INTO config (var,val,category,ord,conferences_id) VALUES ('FISCALYEAR','".$_POST['fiscalyear']."','Special','0','0')"); - mysql_query("INSERT INTO config (var,val,category,ord,conferences_id) VALUES ('SFIABDIRECTORY','".$_POST['sfiabdirectory']."','Special','','0')"); -/* - $year = intval($_POST['fairyear']); - $config['FAIRYEAR']=$year; -*/ - - echo "Creating superuser account... "; - $account = account_create($_POST['email'], $_POST['pass1']); - mysql_query("UPDATE accounts SET superuser = 'yes' WHERE id = " . $account['id']); - - echo "Done!
"; - echo "Installation is now complete! You can now proceed to the following location:
"; - echo "    Your SFIAB main page
"; - echo ""; - exit; - } - -} - -echo "
"; -echo "Please enter the following options
"; -echo "
"; - -$month=date("m"); -if($month>6) $fiscalyearsuggest=date("Y")+1; -else $fiscalyearsuggest=date("Y"); - -$directorysuggest=substr($_SERVER['REQUEST_URI'],0,-13); -echo "

Options

"; -echo "
"; -echo ""; - -echo ""; -echo ""; -echo ""; - -echo "
Fiscal YearThe current fiscal year (for fundraising/accounting purposes)
DirectoryThe directory of this SFIAB installation as seen by the web browser
"; -echo "
"; -echo "

Superuser Account

"; -echo "Please choose your superuser account which is required to login to SFIAB and configure the system, as well as to add other users.
"; -echo ""; -echo ""; -echo ""; -echo ""; -echo "
Superuser Email Address
Superuser Password
Superuser Password (Confirm)
"; -echo "
"; -echo ""; -echo "
"; - -?> - - + + Copyright (C) 2005 James Grant + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU General Public + License as published by the Free Software Foundation, version 2. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; see the file COPYING. If not, write to + the Free Software Foundation, Inc., 59 Temple Place - Suite 330, + Boston, MA 02111-1307, USA. +*/ +echo "\n"; +?> + + +SFIAB Installation + + + +

SFIAB Installation - Step 3

+SFIAB Installation Step 1 is not yet complete."; + echo "Go back to installation step 1
"; + echo ""; + exit; +} + +require_once("data/config.inc.php"); +require_once("config_editor.inc.php"); +require_once("user.inc.php"); +require_once("committee.inc.php"); +mysql_connect($DBHOST,$DBUSER,$DBPASS); +mysql_select_db($DBNAME); + +echo "Checking for SFIAB database... "; + +$q=@mysql_query("SELECT val FROM config WHERE var='DBVERSION' AND conferences_id='0'"); +$r=@mysql_fetch_object($q); +$dbdbversion=$r->val; + +if(!$dbdbversion) { + echo "
SFIAB Installation Step 2 is not yet complete.
"; + echo "Go back to installation step 2
"; + echo ""; + exit; +} + +//a fresh install should ONLY have DBVERSION defined in the config table. If there are others (SFIABDIRECTORY) then this is NOT fresh +$q=mysql_query("SELECT * FROM config WHERE conferences_id='0' AND ( var='DBVERSION' OR var='SFIABDIRECTORY') "); +//we might get an error if the config table does not exist (ie, installer step 2 failed) +if(mysql_error()) { + //we say all tables, but really only we check for config where conferences_id=0; + echo "
ERROR: No SFIAB tables detected, It seems like step 2 failed. Please go Back to Installation Step 2 and try again.
"; + echo ""; + exit; + +} +//1 is okay (DBVERSION). More than 1 is bad (already isntalled) +if(mysql_num_rows($q)>1) { + //we say all tables, but really only we check for config where conferences_id=0; + echo "
ERROR: Detected existing table data, SFIAB Installation Step 3 requires a clean SFIAB database installation.
"; + echo ""; + exit; +} +echo "Found!
"; + +if($_POST['action']=="save") { + $err=false; + + if(!$_POST['email']) { + echo "Superuser email address is required"; + $err=true; + } + + if(!( $_POST['pass1'] && $_POST['pass2'])) { + echo "Superuser password and password confirmation are required"; + $err=true; + } + if($_POST['pass1'] != $_POST['pass2']) { + echo "Password and Password confirmation do not match"; + $err=true; + } + + if(!$err) { + + echo "Creating configuration settings... "; +// mysql_query("INSERT INTO config (var,val,category,ord,conferences_id) VALUES ('FAIRYEAR','".$_POST['fairyear']."','Special','0','0')"); + mysql_query("INSERT INTO config (var,val,category,ord,conferences_id) VALUES ('FISCALYEAR','".$_POST['fiscalyear']."','Special','0','0')"); + mysql_query("INSERT INTO config (var,val,category,ord,conferences_id) VALUES ('SFIABDIRECTORY','".$_POST['sfiabdirectory']."','Special','','0')"); +/* + $year = intval($_POST['fairyear']); + $config['FAIRYEAR']=$year; +*/ + + echo "Creating superuser account... "; + // The next line returned $account = false instead of a query result when installing on windows server. + // DES dspanogle 2011-02-05 so of course the UPDATE fails Failed on account load.. + // the problem was in account_load - had SELECT parameter not in the account table. + // I did a temporary fix by removing pendingemail parameter from the SELECT . + // ALSO... email was not set for the supper user not sure if it should be so I set = to username in the + // database accounts entry for superuser. + $account = account_create($_POST['email'], $_POST['pass1']); + mysql_query("UPDATE accounts SET superuser = 'yes' WHERE id = " . $account['id']); + + echo "Done!
"; + echo "Installation is now complete! You can now proceed to the following location:
"; + echo "    Your SFIAB main page
"; + echo ""; + exit; + } + +} + +echo "
"; +echo "Please enter the following options
"; +echo "
"; + +$month=date("m"); +if($month>6) $fiscalyearsuggest=date("Y")+1; +else $fiscalyearsuggest=date("Y"); +// DES dspanogle 2011-02-05 $_SERVER['REQUEST_URI'] is not available on many Windows servers +//$directorysuggest = substr($_SERVER['REQUEST_URI'],0,-13); +$directorysuggest = substr(getenv("SCRIPT_NAME"),0,-13); +echo "

Options

"; +echo "
"; +echo ""; + +echo ""; +echo ""; +echo ""; + +echo "
Fiscal YearThe current fiscal year (for fundraising/accounting purposes)
DirectoryThe directory of this SFIAB installation as seen by the web browser
"; +echo "
"; +echo "

Superuser Account

"; +echo "Please choose your superuser account which is required to login to SFIAB and configure the system, as well as to add other users.
"; +echo ""; +echo ""; +echo ""; +echo ""; +echo "
Superuser Email Address
Superuser Password
Superuser Password (Confirm)
"; +echo "
"; +echo ""; +echo "
"; + +?> + +