arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Re-do user_invite to allow users to be invited by admin/config's - its not complete, but its working, it still needs to send emails though to tell the user of their new role, but i need to think on how to do that because if its a new account then it could be just a username/password without an email, but if its invited then the email __IS__ the username, but we shouldnt rely on the email being valid until its been confirmed via the email confirmation.. ugh?!?!

Browse Source
This commit is contained in:
james 2010-12-21 23:16:20 +00:00
parent 8f2e8f985b
commit e0f0a5dd90
5 changed files with 135 additions and 138 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
account.inc.php
View File

@ -186,9 +186,9 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
global $config;
// avoid injections
$accounts_id *= 1;
$roles_id *= 1;
$conferences_id *= 1;
$accounts_id=intval($accounts_id);
$roles_id=intval($roles_id);
$conferences_id=intval($conferences_id);
$password=mysql_real_escape_string($password);
// make sure the specified id's actually exist
@ -241,6 +241,16 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
}
if( in_array("admin",$_SESSION['roles']) ||
in_array("config",$_SESSION['roles']) ||
$_SESSION['superuser']=="yes")
{
//do nothing, we're logged in a a superuser, admin or config, so we
//dont want/need to check the types, just go ahead and invite them
//its easie than reversing the logic of the if above.
}
else {
// and let's see if we meet the conditions for the registration type
$error = "";
switch($config[$role . '_registration_type']){
@ -267,6 +277,7 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
$error = 'invalidrole';
break;
}
}
if($error != ""){
return $error;
@ -277,6 +288,16 @@ function account_add_role($accounts_id, $roles_id, $conferences_id, $password =
return "mysqlerror:" . mysql_error();
}
//FIXME: this is where we should send the email
/*
email_send("{$type}_new_invite",$_POST['email'],
array("FAIRNAME"=>$config['fairname']),
array("FAIRNAME"=>$config['fairname'],
"EMAIL"=>$_POST['email'],
"ROLE"=>type));
*/
// if we made it this far, the role was successfully added
return 'ok';
}

1
api.php
View File

@ -297,7 +297,6 @@ switch($request[0]) {
break;
/* APIDOC: account/edit
notimplemented
description(edits an account)
post(account array)
return(account array)

22
common.inc.php
View File

@ -217,6 +217,11 @@ if(!is_array($_SESSION['roles'])) {
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/important_dates.php\">".i18n("Important Dates").'</a></li>';
echo $registrationconfirmationlink;
if($config['show_winners'] == "yes") {
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/winners.php\">".i18n("Winners").'</a></li>';
}
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/committees.php\">".i18n("Committee").'</a></li>';
}
/*
@ -225,10 +230,6 @@ if(!is_array($_SESSION['roles'])) {
if($config['volunteer_enable'] == 'yes') {
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/user_login.php?type=volunteer\">".i18n("Volunteer Registration").'</a></li>';
}
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/committees.php\">".i18n("Committee").'</a></li>';
if($config['show_winners'] == "yes") {
echo "<li><a href=\"{$config['SFIABDIRECTORY']}/winners.php\">".i18n("Winners").'</a></li>';
}
*/
if(is_array($_SESSION['roles'])) {
@ -281,6 +282,8 @@ if(array_key_exists('users_id', $_SESSION)) {
</div>
<div id="division-menu" class="clear">
<?
//comment out the secondary menu so we can get the old navigation type still live without having to completely undo everything
/*
$q=mysql_query("SELECT * FROM rolestasks WHERE pid='{$_SESSION['nav']['primary']}' AND conferencetype='{$conference['type']}' ORDER By ord,task");
echo "<ul class=\"secondarynav\">";
$cl="";
@ -299,20 +302,24 @@ if(array_key_exists('users_id', $_SESSION)) {
}
echo "</ul>\n";
*/
?>
</div>
</div>
<div id="main" class="clear">
<?
/*
if($_SESSION['nav']['tertiary']) {
$workAreaStyle = 'style="margin-left:230px;"';
}else{
$topicMenuStyle = 'style="display:none;"';
}
?>
<div id="topic-menu" class="clear" <?=$topicMenuStyle?>>
<?
*/
$topicMenuStyle = 'style="display:none;"';
echo "<div id=\"topic-menu\" class=\"clear\" $topicMenuStyle>\n";
/*
$q=mysql_query("SELECT * FROM rolestasks WHERE pid='{$_SESSION['nav']['secondary']}' AND conferencetype='{$conference['type']}' ORDER By ord,task");
echo "<ul class=\"tertiarynav\">";
while($r=mysql_fetch_object($q)) {
@ -338,6 +345,7 @@ if(array_key_exists('users_id', $_SESSION)) {
echo "</li>\n";
}
echo "</ul>\n";
*/
?>
</div>

26
user.inc.php
View File

@ -38,11 +38,17 @@ function user_valid_role($role)
function user_load($users_id, $accounts_id = false)
{
global $conference;
/* Load user, join accounts so we also load the email, superuser flag */
//hand-code the list here because we dont want all the old stuff that hasnt been removed yet like username/password access_*, etc.
if($accounts_id != false) {
$accounts_id = intval($accounts_id);
$users_id = mysql_result(mysql_query("SELECT users.id FROM users WHERE accounts_id = $accounts_id LIMIT 1"), 0);
//get the user record for the current conference, if they have one
$users_id = mysql_result(mysql_query("SELECT users.id FROM users WHERE accounts_id = $accounts_id AND conferences_id='{$conference['id']}' LIMIT 1"), 0);
//if we don't find a users id, then return false, means they dont have a record for this conference yet
if(!$users_id)
return false;
} else {
$users_id = intval($users_id);
}
@ -87,9 +93,11 @@ function user_load($users_id, $accounts_id = false)
$specialFields = array_diff($fields, $userFields);
// we can start by populating the array with data out of the users table
$query = "SELECT users." . implode(", users.", $userFields) . ", accounts.email";
$query .= " FROM users JOIN accounts ON accounts.id=users.accounts_id";
$query .= " WHERE `users`.`id`='$users_id'";
$query = "SELECT users." . implode(", users.", $userFields) . ",
accounts.email
FROM users JOIN accounts ON accounts.id=users.accounts_id
WHERE `users`.`id`='$users_id'";
// echo $query=$query;
$q = mysql_query($query);
echo mysql_error();
@ -1494,12 +1502,18 @@ function user_invite($username, $password, $email, $roles_id){
$returnval = null;
$roletype = null;
//if its numeric, then we got an id, so get the associated roletype
if(is_numeric($roles_id)) {
foreach($roles as $t => $r){
if($r['id'] == $roles_id){
$roletype = $t;
break;
}
}
} else { //if its not numeric, then its a roletype, so set the type and get the id
$roletype=$roles_id;
$roles_id=$roles[$roletype]['id'];
}
if($roletype === null){
$returnval = 'Invalid roles_id parameter';
@ -1552,6 +1566,9 @@ function user_invite($username, $password, $email, $roles_id){
// ok, this is a new user name, so we'll need to create everything
$newAccount = account_create($username, $password);
if(is_array($newAccount)){
// if we're inviting someone, then their email address __MUST__ be their username, otherwise, how the *(@&#*(@#& can we send them the invite?!
account_set_email($newAccount['id'],$username);
// created the account successfully, now do the user
$newUser = user_create($newAccount['id'], $conference['id']);
if(!is_array($newUser)){
@ -1571,6 +1588,7 @@ function user_invite($username, $password, $email, $roles_id){
if($returnval == null){
// if we've gotten this far, then either the user was created successfully, or they've
// been loaded and our permission to modify them has been confirmed; we can add the role.
//james1234
$result = user_add_role($newUser, $roletype);
if($result == 'ok'){
$returnval = user_load($newUser['id']);

181
user_invite.php
View File

@ -29,32 +29,36 @@
//include "judges.inc.php";
/* AJAX query */
if(intval($_GET['ajax']) == 1) {
if(intval($_POST['ajax']) == 1) {
/* Do ajax processing for this file */
$email = mysql_real_escape_string(stripslashes($_GET['email']));
$type = $_GET['type'];
$email = mysql_real_escape_string($_POST['email']);
$type = $_POST['role'];
/* Sanity check type */
if(!in_array($type, $user_types)) {
if(!array_key_exists($type, $roles)) {
echo "err\n";
exit;
}
$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY conferences_id DESC");
//we use username='email' because if we are INVITING someone, then
//they pretty much have to user their email address as their username
//otherwise the system has no way to send them the details
$q = mysql_query("SELECT id,deleted FROM accounts WHERE username='$email'");
if(mysql_num_rows($q) == 0) {
/* User doesn't exist */
/* Account doesn't exist */
echo "notexist\n";
exit;
}
$u = mysql_fetch_assoc($q);
$u = user_load($u['id']);
$account = mysql_fetch_assoc($q);
if($u['deleted'] == 'yes') {
if($account['deleted'] == 'yes') {
echo "notexist\n";
exit;
}
if(!in_array($type, $u['types'])) {
$u = user_load_by_accounts_id($account['id']);
if(!array_key_exists($type, $u['roles'])) {
echo "norole\n";
exit;
}
@ -73,91 +77,76 @@
'Administration' => 'admin/index.php'
) );
require_once('ajax.inc.php');
?>
<script type="text/javascript">
function check_email()
{
var url, email, type;
var checkTimeout;
type = document.invite.type.value;
email = document.invite.email.value;
function checkEmailLater() {
clearTimeout(checkTimeout);
checkTimeout=setTimeout('checkEmail()',500);
}
function checkEmail() {
var url, email, role;
if(email.length < 3 || type == "") {
role = $("#role").val();
email = $("#email").val();
if(email.length < 3 || role == "") {
update_status("<?=i18n('Select a role and enter an email address')?>");
document.invite.button.disabled = true;
document.invite.button.value = "<?=i18n('Invite')?>";
$("#button").attr('disabled',true);
$("#button").val('<?=i18n("Invite")?>');
return true;
}
url="user_invite.php?ajax=1&email="+email+"&type="+type;
// alert(url);
http.open("GET",url,true);
http.onreadystatechange=ajax_response;
http.send(null);
return true;
}
function update_status(text)
{
div = document.getElementById('status');
div.innerHTML = text;
}
function ajax_response()
{
try {
if(http.readyState == 4) {
var lines=http.responseText.split('\n');
update_status("Checking...");
$.post("user_invite.php",{ajax: 1, email: email, role: role},function(d) {
var lines=d.split("\n");
var response=lines[0];
// alert(response);
switch(response) {
case "err":
update_status("<?=i18n('Select a role and enter an email address')?>");
document.invite.button.disabled = true;
document.invite.button.value = "<?=i18n('Invite')?>";
document.invite.action.value = "err";
$("#button").attr('disabled',true);
$("#button").val('<?=i18n("Invite")?>');
$("#action").val("err");
break;
case "notexist":
update_status("<?=i18n('User not found. Choose the \"Invite New User\" button below to create an account for this user and send them an email invite.')?>");
document.invite.button.disabled = false;
document.invite.button.value = "<?=i18n('Invite New User')?>";
document.invite.action.value = "notexist";
$("#button").attr('disabled',false);
$("#button").val('<?=i18n("Invite new user")?>');
$("#action").val("invite");
break;
case "norole":
update_status("<?=i18n('User found without the selected role. Choose the \"Invite User to Role\" button below add the selected role on this user\'s account and send them email notice of the change.')?>");
document.invite.button.disabled = false;
document.invite.button.value = "<?=i18n('Invite User to Role')?>";
document.invite.action.value = "norole";
break;
case "noconference":
update_status("<?=i18n('This user and role already exist, but the user has not yet activated their account for this conference. Choose the \"Send Activation Reminder\" button below to send this user an email reminder to login (which activates their account for this conference).')?>");
document.invite.button.disabled = false;
document.invite.button.value = "<?=i18n('Send Activation Reminder')?>";
document.invite.action.value = "noconference";
$("#button").attr('disabled',false);
$("#button").val('<?=i18n("Invite existing user to role")?>');
$("#action").val("invite");
break;
case "exist":
update_status("<?=i18n('This user and role already exist. They cannot be invited.')?>");
document.invite.button.disabled = true;
document.invite.button.value = "<?=i18n('Invite')?>";
document.invite.action.value = "err";
$("#button").attr('disabled',true);
$("#button").val('<?=i18n("Cannot Invite")?>');
$("#action").val("err");
break;
}
} else {
// update_status("<?=i18n('Searching...')?>");
}
} catch(e) {
alert('caught error: '+e);
});
return true;
}
function update_status(text) {
$("#status").html(text);
}
</script>
<?
echo "<br />";
$allowed_types = array('judge', 'volunteer');
$type = $_POST['type'];
if(!$type) $type=$_GET['type'];
/*
//FIXME: commente dby james 2010-12-21 - we need ta better way to know which types we can invite
$allowed_types = array('judge', 'volunteer');
if($type == '') $type = $_GET['type'];
if($type != '') {
if(!in_array($type, $allowed_types)) {
@ -165,63 +154,25 @@
exit;
}
}
*/
if($_POST['action']!="" && $_POST['email'] && $type != '') {
$allowed_actions = array('notexist','norole','noconference');
$email = stripslashes($_POST['email']);
$action = $_POST['action'];
if(!in_array($action, $allowed_actions))
exit;
$q = mysql_query("SELECT id FROM users WHERE email='$email' ORDER BY conferences_id DESC");
if(mysql_num_rows($q) > 0) {
$u = mysql_fetch_assoc($q);
$u = user_load($u['id']);
} else {
$u = NULL;
if($_POST['action']=="invite" && $_POST['email'] && $type != '') {
$newUser=user_invite($_POST['email'], null, $_POST['email'], $type);
if(is_array($newUser)) {
echo happy(i18n("%1 successfully invited to be a %2",array($_POST['email'],$type)));
}
switch($action) {
case 'notexist': /* Create the user */
$u = user_create($type, $email);
$u['email'] = $email;
user_save($u);
email_send("{$type}_new_invite",$u['email'],
array("FAIRNAME"=>$conference['name']),
array("FAIRNAME"=>$conference['name'],
"EMAIL"=>$u['email'],
"PASSWORD"=>$u['password']));
echo happy(i18n('%1 has been invited to be a %2', array($u['email'], $user_what[$type])));
echo happy(i18n('An email has been sent to %1', array($u['email'])));
break;
case 'norole': /* Add role to the existing user */
user_create($type, $u['username'], $u);
email_send("{$type}_add_invite",$u['email'],
array("FAIRNAME"=>$conference['name']),
array("FAIRNAME"=>$conference['name']));
echo happy(i18n('%1 is now also a %2', array($u['email'], $user_what[$type])));
echo happy(i18n('An email has been sent to %1', array($u['email'])));
break;
case 'noconference': /* Send a reminder email */
email_send("{$type}_activate_reminder",$u['email'],
array("FAIRNAME"=>$conference['name']),
array("FAIRNAME"=>$conference['name'],
"EMAIL"=>$u['email']));
echo happy(i18n('An email has been sent to %1', array($u['email'])));
break;
else {
echo error($newUser);
}
}
echo "<br />\n";
echo "<form method=\"post\" name=\"invite\" action=\"user_invite.php\">\n";
echo "<input type=\"hidden\" name=\"action\" value=\"invite\" />\n";
echo "<input type=\"hidden\" name=\"action\" id=\"action\" value=\"invite\" />\n";
echo "<table><tr><td>";
echo i18n("Select a Role: ");
echo "</td><td><select name=\"type\" onChange=\"check_email();\">\n";
echo "</td><td><select id=\"role\" name=\"type\" onChange=\"checkEmail();\">\n";
echo "<option value=\"\" >".i18n('Choose')."</option>\n";
$sel = ($type == 'judge') ? 'selected="selected"' : '';
echo "<option value=\"judge\" $sel >".i18n('Judge')."</option>\n";
@ -229,13 +180,13 @@
echo "<option value=\"volunteer\" $sel >".i18n('Volunteer')."</option>\n";
echo "</select></td></tr><tr><td>";
echo i18n("Enter an Email: ");
echo "</td><td><input type=\"text\" name=\"email\" size=\"40\" onKeyUp=\"check_email();\" />";
echo "</td><td><input type=\"text\" id=\"email\" name=\"email\" size=\"40\" onKeyUp=\"checkEmailLater();\" />";
echo "</td></tr></table>";
echo "<br />\n";
echo "<div class=\"notice\" id=\"status\">".i18n('Select a role and enter an email address')."</div>";
echo "<br />\n";
echo "<input name=\"button\" type=\"submit\" disabled=\"disabled\" value=\"".i18n("Invite")."\" />\n";
echo "<input id=\"button\" type=\"submit\" disabled=\"disabled\" value=\"".i18n("Invite")."\" />\n";
echo "</form>\n";