From d2afb6a94e147d8da370fae28906e2dcfcb257d8 Mon Sep 17 00:00:00 2001
From: jacob <jacob>
Date: Tue, 5 Oct 2010 15:04:15 +0000
Subject: [PATCH] Modifications on how roles get handled

---
 user.inc.php   | 83 ++++++++++++++++++++++++++++++++------------------
 user_edit.php  | 17 ++++++++---
 user_main.php  | 39 +++++++++++++++++++-----
 user_roles.php | 25 ++++++++++++++-
 4 files changed, 122 insertions(+), 42 deletions(-)

diff --git a/user.inc.php b/user.inc.php
index 10c5920..f8aa686 100644
--- a/user.inc.php
+++ b/user.inc.php
@@ -245,30 +245,11 @@ function user_save(&$u)
 		return -1;
 	}
 
-	/* Add any new roles */
-	$orig_roles = array_keys($u['orig']['roles']);
+	// Update all roles 
 	$new_roles = array_keys($u['roles']);
-
-	/* Delete any removed roles */
-	$removed = array_diff($orig_roles, $new_roles);
-	foreach($removed as $r) {
-		mysql_query("DELETE FROM user_roles WHERE users_id='{$u['id']}' AND roles_id='{$roles[$r]['id']}'");
-	}
-
-	/* Update all roles */
 	foreach($new_roles as $r) {
-		if(!in_array($r, $orig_roles)) {
-			/* Role is new */
-			if(!user_add_role_allowed($u, $r)) {
-				echo "HALT: user can't add this role";
-				exit;
-			}
-			mysql_query("INSERT INTO user_roles(accounts_id,users_id,roles_id,active,complete)
-					VALUES('{$u['accounts_id']}','{$u['id']}','{$roles[$r]['id']}','no','no')");
-			echo mysql_error();
-
-		} else if($u['roles'][$r] != $u['orig']['roles'][$r]) {
-			/* $u['roles'][$r] has changed from original, update it  */
+		if($u['roles'][$r] != $u['orig']['roles'][$r]) {
+			// $u['roles'][$r] has changed from original, update it 
 			mysql_query("UPDATE user_roles SET active='{$u['roles'][$r]['active']}',
 							complete='{$u['roles'][$r]['complete']}'
 					WHERE id='{$u['roles'][$r]['id']}'");
@@ -276,7 +257,6 @@ function user_save(&$u)
 		}
 	}
 
-
 	$fields = array('salutation','firstname','lastname',
 			'phonehome','phonework','phonecell','fax','organization',
 			'address','address2','city','province','postalcode','sex',
@@ -359,8 +339,9 @@ function user_remove_role(&$u, $role)
 
 	/* Delete the role */
 	unset($u['roles'][$role]);
+	mysql_query("DELETE FROM user_roles WHERE roles_id={$role['id']} AND users_id='$id'");
 
-	/* Save this user (takes care of removing entries from the user_roles db) */
+	/* Save this user */
 	user_save($u);
 }
 
@@ -510,19 +491,61 @@ function user_add_role_allowed(&$u, $role)
 	return true;
 }
 
-function user_add_role(&$u, $role)
+function user_add_role(&$u, $role, $password = null)
 {
+	global $config, $roles;
 	if(!user_add_role_allowed($u, $role)) {
 		/* If we get in here, someone is hand crafting URLs */
 		echo "HALT: invalid role add specified for operation.";
 		exit;
 	}
 
-	/* Add the role */
-	$u['roles'][$role] = array('active' =>'yes',
-				'complete' => 'no');
-	/* Save it now so the DB gets updated */
-	user_save($u);
+	// ensure that this role can indeed be added
+	$valid = false;
+	if(array_key_exists($role . '_registration_type', $config)){
+		switch($config[$role . '_registration_type']){
+			case 'open':
+				$valid = true;
+				break;
+			case 'singlepassword':
+				if($password == $config[$role . '_registration_singlepassword']){
+					$valid = true;
+				}
+				break;
+			case 'schoolpassword':
+				if($pasword != null){
+					$schoolId = $u['schools_id'];
+					$schoolDat = mysql_fetch_assoc(mysql_query("SELECT registration_password FROM schools WHERE id=$schoolId"));
+					if($password == $schoolDat['registration_password']) $valid = true;
+				}
+				break;
+			case 'invite':
+				//$valid = false;
+				break;
+			case 'openorinvite':
+				$valid = true;
+				break;
+		}
+	}
+
+	if($valid){
+		// ok, the conditions are met, make sure they don't already have this role
+		$check = mysql_fetch_assoc(mysql_query("SELECT COUNT(*) AS tally FROM user_roles WHERE users_id = {$u['id']} AND roles_id={$roles[$role]['id']}"));
+		if($check['tally'] == 0){
+
+			$q = "INSERT INTO user_roles (accounts_id, users_id, roles_id, active, complete) VALUES(";
+			$q .= $u['accounts_id'];
+			$q .= ", " . $u['id'];
+			$q .= ", " . $roles[$role]['id'];
+			$q .= ", 'yes', 'no');";
+			if(mysql_query($q)){
+				$u['roles'][$role] = array('active' =>'yes', 'complete' => 'no');
+			}else{
+				$error = mysql_error();
+			}
+
+		}
+	}
 }
 
 function user_create($accounts_id, $conferences_id=0)
diff --git a/user_edit.php b/user_edit.php
index eef18b7..edb25ab 100644
--- a/user_edit.php
+++ b/user_edit.php
@@ -36,12 +36,21 @@ else
 if(array_key_exists('join', $_GET)){
 	// this is a request to join this conference
 	// get the corresponding account id to go with this user id
-	$result = mysql_fetch_assoc(mysql_query("SELECT accounts_id FROM users WHERE id=$edit_id"));
-	$edit_accounts_id = $result['accounts_id'];
-
+	if($edit_id == null){
+		// this will happen if they have no user record
+		$edit_accounts_id = $_SESSION['accounts_id'];
+	}else{
+		$q = mysql_query("SELECT accounts_id FROM users WHERE id=$edit_id");
+		if(!$q){
+			echo mysql_error();
+			exit();
+		}
+		$result = mysql_fetch_assoc($q);
+		$edit_accounts_id = $result['accounts_id'];
+	}
 	// find out if they're already a member of this conference
 	$query = "SELECT COUNT(*) FROM users WHERE conferences_id = {$_SESSION['conferences_id']}"
-		. " AND accounts_id = " . $_SESSION['accounts_id'];
+		. " AND accounts_id = " . $edit_accounts_id;
 	$data = mysql_fetch_array(mysql_query($query));
 
 	if($data[0] == 0){
diff --git a/user_main.php b/user_main.php
index f6dee54..62f7c2a 100644
--- a/user_main.php
+++ b/user_main.php
@@ -25,7 +25,6 @@
 <?
  require_once("common.inc.php");
  require_once("user.inc.php");
-
  user_auth_required();
 
 
@@ -42,12 +41,39 @@
  echo "<br />";
  echo "<br />";
 
-echo "<ul>";
- foreach(array_keys($u['roles']) as $r) {
-	 echo "<li>".$roles[$r]['name']."</li>";
-// 	echo "<a href=\"{$r}_main.php\">".$roles[$r]['name']." Main Page</a><br />";
+ // get a list of all roles that this user can potentially sign up for
+ $rlist = array();
+ $q = mysql_query("SELECT * FROM roles");
+ $available = array();
+ $registered = array();
+ while($row = mysql_fetch_assoc($q)){
+ 	$roleid = $row['type'];
+ 	$idx = $roleid . "_registration_type";
+ 	if(array_key_exists($idx, $config)){
+ 		// this is a role that can potentially be registered for
+ 		if(is_array($user['roles']) && array_key_exists($row['type'], $user['roles'])){
+ 			$registered[$row['type']] = $row['name'];
+ 		}else{
+ 			$available[$row['type']] = $row['name'];
+ 		}
+ 	}
+ }
+
+ if(count($registered) > 0){
+ 	echo "<h4>You are currently registered for the following roles:</h4>";
+ 	foreach($registered as $type => $title){
+ 		echo "$title<br/>";
+ 	}
+ 	echo "<br/>";
+ }
+
+ if(count($available) > 0){
+ 	echo "<h4>The following roles are available:</h4>";
+ 	foreach($available as $type => $title){
+ 		echo "$title<br/>";
+ 	}
+ 	echo "<br/>";
  }
- echo "</ul>";
 
  echo "<br />";
  echo i18n('Other Options and Things To Do').':<br />';
@@ -60,4 +86,3 @@ echo "<ul>";
  echo '</ul>';
 
  send_footer();
-?>
diff --git a/user_roles.php b/user_roles.php
index 89ac3af..7d67a3b 100644
--- a/user_roles.php
+++ b/user_roles.php
@@ -97,6 +97,11 @@ case 'remove':
 	happy_("{$roles[$role]['name']} role for %1 successfully deactivated",array($config['FAIRYEAR']));
 	echo i18n("Deactivated");
 	exit;
+ case 'add':
+ 	// add the role
+//	echo 'add role: ' . $role;
+	user_add_role($u, $role, $_GET['password']);
+ 	exit;
  }
 
 ?>
@@ -146,6 +151,14 @@ function remove(role)
 	}
 }
 
+// add the specified role to this user at this fair
+function addRole(role){
+	$.get('user_roles.php', {'action':'add', 'role':role, 'password':$('#password').val()}, function(result){
+		$('#testoutput').html(result);
+	});
+}
+
+
 </script>
 
 
@@ -182,6 +195,16 @@ function remove(role)
 </table>
 </form>
 
+<?php
+/*
+// testing link
+if(!in_array('judge', $u['roles'])){
+	echo "<div><span style=\"font-weight:bold\" onmouseover=\"this.style.cursor='pointer';\" onmouseout=\"this.style.cursor='auto';\" onclick=\"addRole('judge');\">Make me a judge</span></div>";
+	echo "<div>Password<input type=\"text\" id=\"password\"></input></div>";
+}
+*/
+?>
+
 <br/><hr/><br/>
 <?=i18n("The <b>Delete Entire Account</b> button completely deletes your entire account.  You will not receive any future email for any roles.  It completely removes you from the system.  This action cannot be undone.")?>
 <br/>
@@ -190,4 +213,4 @@ function remove(role)
 <input style="width: 300px;" onclick="return confirmClick('<?=i18n("Are you sure you want to completely delete your account?\\nDoing so will remove you from our mailing list for future years and you will never hear from us again.\\nThis action cannot be undone.")?>');"
 	type="submit" value="<?=i18n("Delete Entire Account")?>">
 </form>
-
+<div id="testoutput"></div>