From e0f0a5dd90cdc7c22850e9d78e76f00171af3802 Mon Sep 17 00:00:00 2001 From: james Date: Tue, 21 Dec 2010 23:16:20 +0000 Subject: [PATCH] Re-do user_invite to allow users to be invited by admin/config's - its not complete, but its working, it still needs to send emails though to tell the user of their new role, but i need to think on how to do that because if its a new account then it could be just a username/password without an email, but if its invited then the email __IS__ the username, but we shouldnt rely on the email being valid until its been confirmed via the email confirmation.. ugh?!?! --- account.inc.php | 29 ++++++-- api.php | 1 - common.inc.php | 22 ++++-- user.inc.php | 34 ++++++--- user_invite.php | 187 ++++++++++++++++++------------------------------ 5 files changed, 135 insertions(+), 138 deletions(-) diff --git a/account.inc.php b/account.inc.php index d51643d..92344c2 100644 --- a/account.inc.php +++ b/account.inc.php @@ -186,10 +186,10 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password = global $config; // avoid injections - $accounts_id *= 1; - $roles_id *= 1; - $conferences_id *= 1; - $password = mysql_real_escape_string($password); + $accounts_id=intval($accounts_id); + $roles_id=intval($roles_id); + $conferences_id=intval($conferences_id); + $password=mysql_real_escape_string($password); // make sure the specified id's actually exist if(mysql_result(mysql_query("SELECT COUNT(*) FROM accounts WHERE id = $accounts_id"), 0) != 1){ @@ -241,6 +241,16 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password = } + if( in_array("admin",$_SESSION['roles']) || + in_array("config",$_SESSION['roles']) || + $_SESSION['superuser']=="yes") + { + //do nothing, we're logged in a a superuser, admin or config, so we + //dont want/need to check the types, just go ahead and invite them + //its easie than reversing the logic of the if above. + } + else { + // and let's see if we meet the conditions for the registration type $error = ""; switch($config[$role . '_registration_type']){ @@ -267,6 +277,7 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password = $error = 'invalidrole'; break; } + } if($error != ""){ return $error; @@ -277,6 +288,16 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password = return "mysqlerror:" . mysql_error(); } + +//FIXME: this is where we should send the email +/* + email_send("{$type}_new_invite",$_POST['email'], + array("FAIRNAME"=>$config['fairname']), + array("FAIRNAME"=>$config['fairname'], + "EMAIL"=>$_POST['email'], + "ROLE"=>type)); + +*/ // if we made it this far, the role was successfully added return 'ok'; } diff --git a/api.php b/api.php index 5565d0b..61e0599 100644 --- a/api.php +++ b/api.php @@ -297,7 +297,6 @@ switch($request[0]) { break; /* APIDOC: account/edit - notimplemented description(edits an account) post(account array) return(account array) diff --git a/common.inc.php b/common.inc.php index 9464ae7..ba369bd 100644 --- a/common.inc.php +++ b/common.inc.php @@ -217,6 +217,11 @@ if(!is_array($_SESSION['roles'])) { echo "
  • ".i18n("Important Dates").'
    • '; echo $registrationconfirmationlink; + + if($config['show_winners'] == "yes") { + echo "
  • ".i18n("Winners").'
    • '; + } + echo "
  • ".i18n("Committee").'
    • '; } /* @@ -225,10 +230,6 @@ if(!is_array($_SESSION['roles'])) { if($config['volunteer_enable'] == 'yes') { echo "
  • ".i18n("Volunteer Registration").'
    • '; } - echo "
  • ".i18n("Committee").'
    • '; - if($config['show_winners'] == "yes") { - echo "
  • ".i18n("Winners").'
    • '; - } */ if(is_array($_SESSION['roles'])) { @@ -281,6 +282,8 @@ if(array_key_exists('users_id', $_SESSION)) {
    "; $cl=""; @@ -299,20 +302,24 @@ if(array_key_exists('users_id', $_SESSION)) { } echo "\n"; +*/ ?>
    -
    > - \n"; + +/* $q=mysql_query("SELECT * FROM rolestasks WHERE pid='{$_SESSION['nav']['secondary']}' AND conferencetype='{$conference['type']}' ORDER By ord,task"); echo "
      "; while($r=mysql_fetch_object($q)) { @@ -338,6 +345,7 @@ if(array_key_exists('users_id', $_SESSION)) { echo "\n"; } echo "
    \n"; + */ ?>
    diff --git a/user.inc.php b/user.inc.php index 66cad93..d4e3433 100644 --- a/user.inc.php +++ b/user.inc.php @@ -38,11 +38,17 @@ function user_valid_role($role) function user_load($users_id, $accounts_id = false) { + global $conference; /* Load user, join accounts so we also load the email, superuser flag */ //hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc. if($accounts_id != false) { $accounts_id = intval($accounts_id); - $users_id = mysql_result(mysql_query("SELECT users.id FROM users WHERE accounts_id = $accounts_id LIMIT 1"), 0); + //get the user record for the current conference, if they have one + $users_id = mysql_result(mysql_query("SELECT users.id FROM users WHERE accounts_id = $accounts_id AND conferences_id='{$conference['id']}' LIMIT 1"), 0); + //if we don't find a users id, then return false, means they dont have a record for this conference yet + if(!$users_id) + return false; + } else { $users_id = intval($users_id); } @@ -87,9 +93,11 @@ function user_load($users_id, $accounts_id = false) $specialFields = array_diff($fields, $userFields); // we can start by populating the array with data out of the users table - $query = "SELECT users." . implode(", users.", $userFields) . ", accounts.email"; - $query .= " FROM users JOIN accounts ON accounts.id=users.accounts_id"; - $query .= " WHERE `users`.`id`='$users_id'"; + $query = "SELECT users." . implode(", users.", $userFields) . ", + accounts.email + FROM users JOIN accounts ON accounts.id=users.accounts_id + WHERE `users`.`id`='$users_id'"; + // echo $query=$query; $q = mysql_query($query); echo mysql_error(); @@ -1494,11 +1502,17 @@ function user_invite($username, $password, $email, $roles_id){ $returnval = null; $roletype = null; - foreach($roles as $t => $r){ - if($r['id'] == $roles_id){ - $roletype = $t; - break; + //if its numeric, then we got an id, so get the associated roletype + if(is_numeric($roles_id)) { + foreach($roles as $t => $r){ + if($r['id'] == $roles_id){ + $roletype = $t; + break; + } } + } else { //if its not numeric, then its a roletype, so set the type and get the id + $roletype=$roles_id; + $roles_id=$roles[$roletype]['id']; } if($roletype === null){ @@ -1552,6 +1566,9 @@ function user_invite($username, $password, $email, $roles_id){ // ok, this is a new user name, so we'll need to create everything $newAccount = account_create($username, $password); if(is_array($newAccount)){ + // if we're inviting someone, then their email address __MUST__ be their username, otherwise, how the *(@&#*(@#& can we send them the invite?! + account_set_email($newAccount['id'],$username); + // created the account successfully, now do the user $newUser = user_create($newAccount['id'], $conference['id']); if(!is_array($newUser)){ @@ -1571,6 +1588,7 @@ function user_invite($username, $password, $email, $roles_id){ if($returnval == null){ // if we've gotten this far, then either the user was created successfully, or they've // been loaded and our permission to modify them has been confirmed; we can add the role. + //james1234 $result = user_add_role($newUser, $roletype); if($result == 'ok'){ $returnval = user_load($newUser['id']); diff --git a/user_invite.php b/user_invite.php index 60304b7..fcbfcdb 100644 --- a/user_invite.php +++ b/user_invite.php @@ -29,32 +29,36 @@ //include "judges.inc.php"; /* AJAX query */ - if(intval($_GET['ajax']) == 1) { + if(intval($_POST['ajax']) == 1) { /* Do ajax processing for this file */ - $email = mysql_real_escape_string(stripslashes($_GET['email'])); - $type = $_GET['type']; + $email = mysql_real_escape_string($_POST['email']); + $type = $_POST['role']; /* Sanity check type */ - if(!in_array($type, $user_types)) { + if(!array_key_exists($type, $roles)) { echo "err\n"; exit; } - $q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY conferences_id DESC"); + //we use username='email' because if we are INVITING someone, then + //they pretty much have to user their email address as their username + //otherwise the system has no way to send them the details + $q = mysql_query("SELECT id,deleted FROM accounts WHERE username='$email'"); if(mysql_num_rows($q) == 0) { - /* User doesn't exist */ + /* Account doesn't exist */ echo "notexist\n"; exit; } - $u = mysql_fetch_assoc($q); - $u = user_load($u['id']); + $account = mysql_fetch_assoc($q); - if($u['deleted'] == 'yes') { + if($account['deleted'] == 'yes') { echo "notexist\n"; exit; } - if(!in_array($type, $u['types'])) { + $u = user_load_by_accounts_id($account['id']); + + if(!array_key_exists($type, $u['roles'])) { echo "norole\n"; exit; } @@ -73,91 +77,76 @@ 'Administration' => 'admin/index.php' ) ); - require_once('ajax.inc.php'); - ?> "; - - $allowed_types = array('judge', 'volunteer'); $type = $_POST['type']; + if(!$type) $type=$_GET['type']; + +/* +//FIXME: commente dby james 2010-12-21 - we need ta better way to know which types we can invite + $allowed_types = array('judge', 'volunteer'); if($type == '') $type = $_GET['type']; if($type != '') { if(!in_array($type, $allowed_types)) { @@ -165,63 +154,25 @@ exit; } } + */ - if($_POST['action']!="" && $_POST['email'] && $type != '') { - $allowed_actions = array('notexist','norole','noconference'); - $email = stripslashes($_POST['email']); - - $action = $_POST['action']; - if(!in_array($action, $allowed_actions)) - exit; - - $q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY conferences_id DESC"); - if(mysql_num_rows($q) > 0) { - $u = mysql_fetch_assoc($q); - $u = user_load($u['id']); - } else { - $u = NULL; - } - - switch($action) { - case 'notexist': /* Create the user */ - $u = user_create($type, $email); - $u['email'] = $email; - user_save($u); - email_send("{$type}_new_invite",$u['email'], - array("FAIRNAME"=>$conference['name']), - array("FAIRNAME"=>$conference['name'], - "EMAIL"=>$u['email'], - "PASSWORD"=>$u['password'])); - echo happy(i18n('%1 has been invited to be a %2', array($u['email'], $user_what[$type]))); - echo happy(i18n('An email has been sent to %1', array($u['email']))); - break; - - case 'norole': /* Add role to the existing user */ - user_create($type, $u['username'], $u); - email_send("{$type}_add_invite",$u['email'], - array("FAIRNAME"=>$conference['name']), - array("FAIRNAME"=>$conference['name'])); - echo happy(i18n('%1 is now also a %2', array($u['email'], $user_what[$type]))); - echo happy(i18n('An email has been sent to %1', array($u['email']))); - break; - - case 'noconference': /* Send a reminder email */ - email_send("{$type}_activate_reminder",$u['email'], - array("FAIRNAME"=>$conference['name']), - array("FAIRNAME"=>$conference['name'], - "EMAIL"=>$u['email'])); - echo happy(i18n('An email has been sent to %1', array($u['email']))); - break; - } +if($_POST['action']=="invite" && $_POST['email'] && $type != '') { + $newUser=user_invite($_POST['email'], null, $_POST['email'], $type); + if(is_array($newUser)) { + echo happy(i18n("%1 successfully invited to be a %2",array($_POST['email'],$type))); + } + else { + echo error($newUser); + } } echo "
    \n"; echo "
    \n"; - echo "\n"; + echo "\n"; echo "
    "; echo i18n("Select a Role: "); - echo "
    "; echo i18n("Enter an Email: "); - echo ""; + echo ""; echo "
    "; echo "
    \n"; echo "
    ".i18n('Select a role and enter an email address')."
    "; echo "
    \n"; - echo "\n"; + echo "\n"; echo "
    \n";