susignup.php

<?php

//unique society identifier
$GroupingID = "6613";

include "../lib/member_functions.php";
include "../suapi.inc.php";


$mode = 'login';
//login
if(!empty($_REQUEST['sid'])&&!empty($_REQUEST['transactionID'])){
//set signup details
	
	$sid = $_REQUEST['sid'];
        $transactionID = $_REQUEST['transactionID'];
                                            
	//set POST variables
	$url = "https://$suapi_user:$suapi_pass@hap.swansea-union.co.uk/memberships/Membership.asmx/GetMemberByTransactionID";
	$fields = array(
	       'transactionID'=>urlencode($transactionID),
	       'GroupingID'=>urlencode($GroupingID),
	       );
	//url-ify the data for the POST
	$field_string = "";
	foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
	rtrim($fields_string,'&');
	//open connection
	$ch = curl_init();

	//set the url, number of POST vars, POST data
	curl_setopt($ch,CURLOPT_URL,$url);
	curl_setopt($ch,CURLOPT_POST,count($fields));
	curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
	curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
	//execute post
	$result = curl_exec($ch);

	//close connection
	curl_close($ch);
	if(!$result){
	//HTTP Error
	}else{	
  		$re1='.*?';	
		$re2='(\\{.*?\\})';	
		if ($c=preg_match_all ("/".$re1.$re2."/is", $result, $matches))
		{
		  	$json_string=$matches[1][0];
		}else{
			  //ERROR
		}

		$array = json_decode($json_string,TRUE);
		  
		if($array['cardNumber'] == $sid && $sid != ""){
		  	$mode = 'form';

			// connect to sucs database
                        $sucsDB = NewADOConnection('postgres8');
				
			// SET THIS FOR DEBUG MODE
			$sucsDB->debug = true;
			// SET THIS TO YOUR DB FOR TESTING
                        $sucsDB->Connect('dbname=sucs');

                        $sucsDB->SetFetchMode(ADODB_FETCH_ASSOC);
			$query = "INSERT INTO transactions (transactionID,fullName,emailAddress,cardNumber,personID) values(?, ? ?, ?, ?, ?)";
			$attribs[]=$transactionID;
			$attribs[]=$array['firstName'];
			$attribs[]=$array['lastName'];
			$attribs[]=$array['emailAddress'];
			$attribs[]=$array['cardNumber'];
			$attribs[]=$array['personID'];

			$valid = true;
			if(!$sucsDB->Execute($query,$attribs)) {
				$query = "SELECT * FROM transactions WHERE transactionID = ? AND signupid IS NULL";
				$attribs= array();
				$attribs[]=$transactionID;
				$data = $sucsDB->GetAll($query,$attribs); 
				if(is_array($data)&&sizeof($data)==1){
					
					
					//ERROR SOMEONE TRIED TO USE SAME TRANSACTIONID TWICE SIGNUP SLIP ALREADY GENERATED
					// MAIL ERROR MESSAGE THEN DIE
					$valid = false;
				}
			}

			if($valid)
			{
				$pass = make_password();		
				unset($query);
				$query = "insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id";
				unset($attribs);
				$attribs[]=addslashes($pass);
				$attribs[]=$array['cardNumber'];
				$attribs[]='SUSU API';
			
				$id = $sucsDB->Execute($query,$attribs);
	                    	if (!$id) {
        	                      	echo "Entering id $id failed.<br>\n".$sucsDB->ErrorMsg();
                	        } else {
                                 	
					unset($query);					
					$query = "update transactions set signupid = ? WHERE transactionID = ?";
					unset($attribs);
					$attribs[]=$id;
					$attribs[]=$transactionID;
					if(!$sucsDB->Execute($query,$attibs)) {
						//ERROR
					} else {
		        	              	$smarty->assign("id", $id);
              				        $smarty->assign("pass", $pass);
					}
				}
			}

		  }


	}


}

$smarty->assign("mode", $mode);
$output = $smarty->fetch("susignup.tpl");

$smarty->assign("title", "Join");
$smarty->assign("body", $output);


?>