forked from science-ation/science-ation
437 lines
15 KiB
PHP
437 lines
15 KiB
PHP
<?
|
|
/*
|
|
This file is part of the 'Science Fair In A Box' project
|
|
SFIAB Website: http://www.sfiab.ca
|
|
|
|
Copyright (C) 2005 Sci-Tech Ontario Inc <info@scitechontario.org>
|
|
Copyright (C) 2005 James Grant <james@lightbox.org>
|
|
|
|
This program is free software; you can redistribute it and/or
|
|
modify it under the terms of the GNU General Public
|
|
License as published by the Free Software Foundation, version 2.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; see the file COPYING. If not, write to
|
|
the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
|
|
Boston, MA 02111-1307, USA.
|
|
*/
|
|
?>
|
|
<?
|
|
require("common.inc.php");
|
|
|
|
$q=mysql_query("SELECT (NOW()>'".$config['dates']['regopen']."' AND NOW()<'".$config['dates']['regclose']."') AS datecheck,
|
|
NOW()<'".$config['dates']['regopen']."' AS datecheckbefore,
|
|
NOW()>'".$config['dates']['regclose']."' AS datecheckafter");
|
|
$datecheck=mysql_fetch_object($q);
|
|
|
|
if($_POST['action']=="new")
|
|
{
|
|
$q=mysql_query("SELECT email,num,id,schools_id FROM registrations WHERE email='".$_SESSION['email']."' AND num='".$_POST['regnum']."' AND year=".$config['FAIRYEAR']);
|
|
if(mysql_num_rows($q))
|
|
{
|
|
$r=mysql_fetch_object($q);
|
|
$_SESSION['registration_number']=$r->num;
|
|
$_SESSION['registration_id']=$r->id;
|
|
mysql_query("INSERT INTO students (registrations_id,email,schools_id,year) VALUES ('$r->id','".mysql_escape_string($_SESSION['email'])."','".$r->schools_id."','".$config['FAIRYEAR']."')");
|
|
mysql_query("UPDATE registrations SET status='open' WHERE id='$r->id'");
|
|
|
|
header("Location: register_participants_main.php");
|
|
exit;
|
|
|
|
}
|
|
else
|
|
{
|
|
send_header("Participant Registration");
|
|
echo error(i18n("Invalid registration number (%1) for email address %2",array($_POST['regnum'],$_SESSION['email']),array("registration number","email address")));
|
|
$_POST['action']="login";
|
|
}
|
|
|
|
}
|
|
else if($_POST['action']=="continue")
|
|
{
|
|
if($_POST['email'])
|
|
$_SESSION['email']=stripslashes(mysql_escape_string($_POST['email']));
|
|
|
|
$q=mysql_query("SELECT registrations.id AS regid, registrations.num AS regnum, students.id AS studentid, students.firstname FROM registrations,students ".
|
|
"WHERE students.email='".$_SESSION['email']."' ".
|
|
"AND registrations.num='".$_POST['regnum']."' ".
|
|
"AND students.registrations_id=registrations.id ".
|
|
"AND registrations.year=".$config['FAIRYEAR']." ".
|
|
"AND students.year=".$config['FAIRYEAR']);
|
|
|
|
if(mysql_num_rows($q))
|
|
{
|
|
$r=mysql_fetch_object($q);
|
|
$_SESSION['registration_number']=$r->regnum;
|
|
$_SESSION['registration_id']=$r->regid;
|
|
$_SESSION['students_id']=$r->studentid;
|
|
header("Location: register_participants_main.php");
|
|
exit;
|
|
}
|
|
else
|
|
{
|
|
send_header("Participant Registration");
|
|
echo error(i18n("Invalid registration number (%1) for email address %2",array($_POST['regnum'],$_SESSION['email']),array("registration number","email address")));
|
|
$_POST['action']="login";
|
|
}
|
|
|
|
}
|
|
else if($_GET['action']=="resend" && $_SESSION['email'])
|
|
{
|
|
//first see if the email matches directly from the registrations table
|
|
$q=mysql_query("SELECT registrations.num FROM
|
|
registrations
|
|
WHERE
|
|
registrations.email='".$_SESSION['email']."'
|
|
AND registrations.year='".$config['FAIRYEAR']."'");
|
|
if(mysql_num_rows($q))
|
|
$r=mysql_fetch_object($q);
|
|
else
|
|
{
|
|
|
|
//no match from registrations, so lets see if it matches from the students table
|
|
$q=mysql_query("SELECT registrations.num FROM
|
|
registrations,
|
|
students
|
|
WHERE
|
|
students.email='".$_SESSION['email']."'
|
|
AND students.registrations_id=registrations.id
|
|
AND registrations.year='".$config['FAIRYEAR']."'");
|
|
$r=mysql_fetch_object($q);
|
|
|
|
}
|
|
|
|
if($r)
|
|
{
|
|
email_send("register_participants_resend_regnum",$_SESSION['email'],array(),array("REGNUM"=>$r->num));
|
|
send_header("Participant Registration");
|
|
echo notice(i18n("Your registration number has been resent to your email address <b>%1</b>",array($_SESSION['email']),array("email address")));
|
|
}
|
|
else
|
|
{
|
|
send_header("Participant Registration");
|
|
echo error(i18n("Could not find a registration for your email address"));
|
|
}
|
|
}
|
|
else if($_GET['action']=="logout")
|
|
{
|
|
unset($_SESSION['email']);
|
|
unset($_SESSION['registration_number']);
|
|
unset($_SESSION['registration_id']);
|
|
send_header("Participant Registration");
|
|
echo notice(i18n("You have been successfully logged out"));
|
|
}
|
|
|
|
|
|
//if they've alreayd logged in, and somehow wound back up here, take them back to where they should be
|
|
if($_SESSION['registration_number'] && $_SESSION['registration_id'] && $_SESSION['email'])
|
|
{
|
|
header("Location: register_participants_main.php");
|
|
exit;
|
|
|
|
}
|
|
|
|
send_header("Participant Registration");
|
|
|
|
if($_POST['action']=="login" && ( $_POST['email'] || $_SESSION['email']) )
|
|
{
|
|
if($_POST['email'])
|
|
$_SESSION['email']=stripslashes(mysql_escape_string($_POST['email']));
|
|
|
|
echo "<form method=\"post\" action=\"register_participants.php\">";
|
|
|
|
$allownew=true;
|
|
$showform=true;
|
|
|
|
|
|
//first, check if they have any registrations waiting to be opened
|
|
$q=mysql_query("SELECT * FROM registrations WHERE email='".$_SESSION['email']."' AND status='new' AND year='".$config['FAIRYEAR']."'");
|
|
if(mysql_num_rows($q)>0)
|
|
{
|
|
echo i18n("Please enter your <b>registration number</b> that you received in your email, in order to begin your new registration");
|
|
echo "<input type=\"hidden\" name=\"action\" value=\"new\">";
|
|
$allownew=false;
|
|
}
|
|
else
|
|
{
|
|
|
|
//check if they have an already open registration
|
|
$q=mysql_query("SELECT
|
|
students.email,
|
|
registrations.status,
|
|
registrations.id
|
|
FROM
|
|
students,
|
|
registrations
|
|
WHERE
|
|
students.email='".$_SESSION['email']."'
|
|
AND students.year=".$config['FAIRYEAR']."
|
|
AND registrations.year=".$config['FAIRYEAR']."
|
|
AND
|
|
( registrations.status='open'
|
|
OR registrations.status='paymentpending'
|
|
OR registrations.status='complete'
|
|
)
|
|
AND students.registrations_id=registrations.id");
|
|
if(mysql_num_rows($q)>0)
|
|
{
|
|
$r=mysql_fetch_object($q);
|
|
// print_r($r);
|
|
echo i18n("Please enter your <b>registration number</b> in order to login");
|
|
echo "<input type=\"hidden\" name=\"action\" value=\"continue\">";
|
|
$allownew=false;
|
|
echo "<br />";
|
|
}
|
|
else
|
|
{
|
|
//they dont have a 'new' and they dont have an 'open/paymentpending/complete' so that means that they want to create a new one... BUT...
|
|
|
|
if($config['participant_registration_type']=="invite")
|
|
{
|
|
$allownew=false;
|
|
$showform=false;
|
|
|
|
echo i18n("Participant registration is by invite only. You can not create a new account. If you have been invited by your school/region, you need to use the same email address that you were invited with.");
|
|
echo "<br />";
|
|
echo "<br />";
|
|
echo "<a href=\"register_participants.php\">Back to Participant Registration</a>";
|
|
|
|
}
|
|
else if($config['participant_registration_type']=="singlepassword")
|
|
{
|
|
$showsinglepasswordform=true;
|
|
if($_POST['singlepassword'])
|
|
{
|
|
if($_POST['singlepassword']==$config['participant_registration_singlepassword'])
|
|
{
|
|
$allownew=true;
|
|
$showform=true;
|
|
$showsinglepasswordform=false;
|
|
}
|
|
else
|
|
{
|
|
echo error(i18n("Invalid registration password, please try again"));
|
|
$allownew=false;
|
|
$showform=false;
|
|
}
|
|
}
|
|
|
|
if($showsinglepasswordform)
|
|
{
|
|
echo i18n("Participant registration is protected by a password. You must know the <b>registration password</b> in order to create an account.");
|
|
echo "<br />";
|
|
echo "<br />";
|
|
echo "<input type=\"hidden\" name=\"action\" value=\"login\">";
|
|
echo i18n("Email Address:")." ".$_SESSION['email']."<br />";
|
|
echo i18n("Registration Password:");
|
|
echo "<input type=\"text\" size=\"10\" name=\"singlepassword\">";
|
|
echo "<br />";
|
|
echo "<br />";
|
|
echo "<input type=\"submit\" value=\"Submit\">";
|
|
echo "</form>";
|
|
$allownew=false;
|
|
$showform=false;
|
|
}
|
|
}
|
|
else if($config['participant_registration_type']=="schoolpassword")
|
|
{
|
|
$showschoolpasswordform=true;
|
|
if($_POST['schoolpassword'] && $_POST['schoolid'])
|
|
{
|
|
$q=mysql_query("SELECT registration_password FROM schools WHERE id='".$_POST['schoolid']."' AND year='".$config['FAIRYEAR']."'");
|
|
$r=mysql_fetch_object($q);
|
|
|
|
if($_POST['schoolpassword']==$r->registration_password)
|
|
{
|
|
$allownew=true;
|
|
$showform=true;
|
|
$showschoolpasswordform=false;
|
|
$schoolidquery="'".$_POST['schoolid']."'";
|
|
}
|
|
else
|
|
{
|
|
echo error(i18n("Invalid school registration password, please try again"));
|
|
$allownew=false;
|
|
$showform=false;
|
|
}
|
|
}
|
|
|
|
if($showschoolpasswordform)
|
|
{
|
|
echo i18n("Participant registration is protected by a password for each school. You must know your <b>school registration password</b> in order to create an account.");
|
|
echo "<br />";
|
|
echo "<br />";
|
|
echo "<input type=\"hidden\" name=\"action\" value=\"login\">";
|
|
echo i18n("Email Address:")." ".$_SESSION['email']."<br />";
|
|
echo i18n("School: ");
|
|
$q=mysql_query("SELECT id,school FROM schools WHERE year='".$config['FAIRYEAR']."' ORDER BY school");
|
|
echo "<select name=\"schoolid\">";
|
|
echo "<option value=\"\">".i18n("Choose your school")."</option>\n";
|
|
while($r=mysql_fetch_object($q))
|
|
echo "<option value=\"$r->id\">$r->school</option>\n";
|
|
echo "</select>";
|
|
echo "<br />";
|
|
echo i18n("School Registration Password: ");
|
|
echo "<input type=\"text\" size=\"10\" name=\"schoolpassword\">";
|
|
echo "<br />";
|
|
echo "<br />";
|
|
echo "<input type=\"submit\" value=\"Submit\">";
|
|
echo "</form>";
|
|
$allownew=false;
|
|
$showform=false;
|
|
}
|
|
}
|
|
else if($config['participant_registration_type']=="open")
|
|
{
|
|
//thats fine, continue on and create them the account.
|
|
}
|
|
else if($config['participant_registration_type']=="openorinvite")
|
|
{
|
|
//thats fine too, continue on and create them the account.
|
|
}
|
|
else
|
|
{
|
|
echo error(i18n("There is an error with the SFIAB configuration. participant_registration_type is not defined. Contact the fair organizers to get this fixed."));
|
|
$allownew=false;
|
|
$showform=false;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
|
|
if($allownew)
|
|
{
|
|
if($datecheck->datecheck==0)
|
|
{
|
|
if($datecheck->datecheckbefore)
|
|
echo error(i18n("Registration is not open yet. You can not create a new account"));
|
|
else if($datecheck->datecheckafter)
|
|
echo error(i18n("Registration is now closed. You can not create a new account"));
|
|
$showform=false;
|
|
echo "<A href=\"register_participants.php\">Back to Participant Registration Login Page</a>";
|
|
|
|
}
|
|
else
|
|
{
|
|
//they can only create a new registraiton if they have a valid email address, so lets do a quick ereg check on their email
|
|
if(isEmailAddress($_SESSION['email']))
|
|
{
|
|
|
|
$regnum=0;
|
|
//now create the new registration record, and assign a random/unique registration number to then.
|
|
do
|
|
{
|
|
//random number between
|
|
//100000 and 999999 (six digit integer)
|
|
$regnum=rand(100000,999999);
|
|
$q=mysql_query("SELECT * FROM registrations WHERE num='$regnum' AND year=".$config['FAIRYEAR']);
|
|
}while(mysql_num_rows($q)>0);
|
|
|
|
if(!$schoolidquery) $schoolidquery="null";
|
|
|
|
//actually insert it
|
|
mysql_query("INSERT INTO registrations (num,email,start,status,schools_id,year) VALUES (".
|
|
"'$regnum',".
|
|
"'".$_SESSION['email']."',".
|
|
"NOW(),".
|
|
"'new',".
|
|
$schoolidquery.",".
|
|
$config['FAIRYEAR'].
|
|
")");
|
|
|
|
email_send("new_participant",$_SESSION['email'],array(),array("REGNUM"=>$regnum,"EMAIL"=>$_SESSION['email']));
|
|
|
|
echo i18n("You have been identified as a new registrant. An email has been sent to <b>%1</b> which contains your new <b>registration number</b>. Please check your email to obtain your <b>registration number</b> and then enter it below:",array($_SESSION['email']),array("email address"));
|
|
echo "<input type=\"hidden\" name=\"action\" value=\"new\">";
|
|
}
|
|
else
|
|
{
|
|
echo error(i18n("The email address you entered (%1) appears to be invalid. You must use a proper email address in order to create an account",array($_SESSION['email'])));
|
|
echo "<a href=\"register_participants.php\">".i18n("Return to participant registration")."</a>";
|
|
$showform=false;
|
|
}
|
|
}
|
|
|
|
}
|
|
if($showform)
|
|
{
|
|
echo "<br />";
|
|
echo "<br />";
|
|
echo i18n("Registration Number:");
|
|
echo "<input type=\"text\" size=\"10\" name=\"regnum\">";
|
|
echo "<br />";
|
|
echo "<br />";
|
|
echo "<input type=\"submit\" value=\"Submit\">";
|
|
echo "</form>";
|
|
echo "<br />";
|
|
echo i18n("If you have lost or forgotten your <b>registration number</b>, please <a href=\"register_participants.php?action=resend\">click here to resend</a> it to your email address");
|
|
}
|
|
}
|
|
else
|
|
{
|
|
//Lets check the date - if we are AFTER 'regopen' and BEFORE 'regclose' then we can login
|
|
//otherwise, registration is closed - no logins!
|
|
|
|
//this will return 1 if its between the dates, 0 otherwise.
|
|
if($datecheck->datecheck==0)
|
|
{
|
|
if($datecheck->datecheckbefore)
|
|
echo notice(i18n("Registration for the %1 %2 is not open yet. Registration will open on %3.",array($config['FAIRYEAR'],$config['fairname'],format_datetime($config['dates']['regopen'])),array("fair year","fair name","registration open date")));
|
|
else if($datecheck->datecheckafter)
|
|
{
|
|
echo notice(i18n("Registration for the %1 %2 is now closed. Existing registrants can login and view (read only) their information, as well as apply for special awards (if applicable).",array($config['FAIRYEAR'],$config['fairname']),array("fair year","fair name")));
|
|
echo i18n("Please enter your email address to login");
|
|
}
|
|
echo "<br />";
|
|
echo "<br />";
|
|
$buttontext=i18n("Login");
|
|
}
|
|
else
|
|
{
|
|
|
|
if($config['participant_registration_type']=="invite")
|
|
{
|
|
echo i18n("Registration is by invitation only. As soon as you are invited by your school or the science fair committee, you will receive a welcoming email with your Registration Number");
|
|
echo "<br />";
|
|
echo "<br />";
|
|
|
|
echo i18n("Please enter your email address to:");
|
|
echo "<ul>";
|
|
}
|
|
else
|
|
{
|
|
echo i18n("Please enter your email address to :");
|
|
echo "<ul>";
|
|
echo "<li>".i18n("Begin a new registration")."</li>";
|
|
}
|
|
|
|
echo "<li>".i18n("Continue a previously started registration")."</li>";
|
|
echo "<li>".i18n("Modify an existing registration")."</li>";
|
|
echo "</ul>";
|
|
echo i18n("You must enter a valid email address. We will be emailing you information which you will need to complete the registration process!");
|
|
echo "<br />";
|
|
echo "<br />";
|
|
$buttontext=i18n("Begin");
|
|
}
|
|
|
|
//only show the email login box if registration is open, or we're past the registration deadline (so they can login and view / apply for special awards). if we're before the registration deadline then they cant create an account or login anwyays so no point in showing the box
|
|
if(!$datecheck->datecheckbefore)
|
|
{
|
|
?>
|
|
<form method="post" action="register_participants.php">
|
|
<input type="hidden" name="action" value="login" />
|
|
<?=i18n("Email")?>: <input type="text" name="email" size="30" />
|
|
<input type="submit" value="<?=$buttontext?>" />
|
|
</form>
|
|
<?
|
|
}
|
|
}
|
|
send_footer();
|
|
?>
|