susignup.php

<?php

//unique society identifier
$GroupingID = "6613";

include "../lib/member_functions.php";
include "../lib/date.php";
include "../suapi.inc.php";

$error_email = "admin@sucs.org";
$mode = 'login';
//login
if(!empty($_REQUEST['sid'])&&!empty($_REQUEST['transactionID'])){
//set signup details

	$sid = $_REQUEST['sid'];
        $transactionID = $_REQUEST['transactionID'];

	//set POST variables
	$url = "https://$suapi_user:$suapi_pass@su-api.sucs.org/memberships/Membership.asmx/GetMemberByTransactionID";
	$fields = array(
	       'transactionID'=>urlencode($transactionID),
	       'GroupingID'=>urlencode($GroupingID),
	       );
	//url-ify the data for the POST
	$field_string = "";
	foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
	rtrim($fields_string,'&');
	//open connection
	$ch = curl_init();

	//set the url, number of POST vars, POST data
	curl_setopt($ch,CURLOPT_URL,$url);
	curl_setopt($ch,CURLOPT_POST,count($fields));
	curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
	curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
	curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
	curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
	//execute post
	$result = curl_exec($ch);

	//close connection
	curl_close($ch);
	if(!$result){
		$mode = "error";
		$smarty->assign("error_text", "Invalid query returned");
	} else {
		libxml_use_internal_errors(true);
		$xml=simplexml_load_string($result);
		if (!$xml||isset($xml->head->title)) {
			$mode='error';
			$smarty->assign("error_text", "An error occurred communicating with the SUSU API");		
		} else{
			$re1='.*?';
			$re2='(\\{.*?\\})';
			if ($c=preg_match_all ("/".$re1.$re2."/is", $result, $matches))
			{
			  	$json_string=$matches[1][0];
			} else{
			  $mode = "error";
			}
			$array = json_decode($json_string,TRUE);
			if($array['cardNumber'] == $sid && $sid != ""){
				$mode = 'form';

				// SET THIS FOR DEBUG MODE
				// $sucsDB->debug = true;

				$fullName = $array['firstName']." ".$array['lastName'];
				$query = "INSERT INTO transactions (transactionID,fullName,emailAddress,cardNumber,personID) values(?, ?, ?, ?, ?)";
				$attribs[] = $transactionID;
				$attribs[] = $fullName;
				$attribs[] = $array['emailAddress'];
				$attribs[] = $array['cardNumber'];
				$attribs[] = $array['personID'];

				$valid = true;
				if(!$sucsDB->Execute($query,$attribs)) {
					// We did this because Adodb ErrorNo command is broken
					$query = "SELECT * FROM transactions WHERE transactionID = ?";
					unset($attribs);
					$attribs[]=$transactionID;
					if($sucsDB->Execute($query,$attribs)) {

						$query = "SELECT * FROM transactions WHERE transactionID = ?";
						$attribs= array();
						$attribs[]=$transactionID;
						$data = $sucsDB->GetAll($query,$attribs);
						if(is_array($data)&&sizeof($data)==1&&$data[0]['signupid']==NULL){
							// As it stands this shouldn't happen but if it does, no reason not to let them carry on
							$valid = true;
						} elseif(is_array($data)&&sizeof($data)==1&&$data[0]['signupid']!=NULL) {
							$query = "SELECT * FROM signup WHERE sid = ?";
							unset($attribs);
							$attribs[]=$sid;
							$data = $sucsDB->Execute($query, $attribs);
							if(!$data) {
								mail(
									$error_email,
									"SUSignup Error",
									"An error occured in the susignup system at stage 0\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
									"From: \"SUCS Admin\" <admin@sucs.org>"
							);
								$valid=false;
							} else if($data->fields['username']!=NULL){
								$smarty->assign("username", $data->fields['username']);
								$mode='numpty2';		
								// This happens if they already ahve a SUCS account and are trying to create a new signupid
								$valid = false;
							} else {
								$smarty->assign("id", $data->fields['id']);
								$smarty->assign("pass", $data->fields['password']);
								$mode='numpty';
								// If this happens they tried to get a new signupid/pass after already getting one, and should get weekly reminders about it  
								$valid = false;
							}
						} else {
							$mode="error";
							mail(
								$error_email,
								"SUSignup Error",
								"An error occured in the susignup system at stage 1\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
								"From: \"SUCS Admin\" <admin@sucs.org>"
							);

							$valid = false;
						}

					} else {
						$mode="error";
						mail(
							$error_email,
							"SUSignup Error",
							"An error occured in the susignup system at stage 2\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
							"From: \"SUCS Admin\" <admin@sucs.org>"
						);

						$valid = false;
					}
				}

				if($valid)
				{
					unset($attribs);
					unset($query);
					$query = "SELECT * FROM members WHERE sid = ?";
					$attribs[] = $sid;
					unset($data);
					$data = $sucsDB->Execute($query, $attribs);
					if (!$data) {
						$mode = "error";
						$smarty->assign("error_text", "Error in internal database check");
					} elseif ($data->RecordCount()==1) {
						$mode = "renew";
						$q="UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?;";
        					$r=$sucsDB->Execute($q, array(paidUntil(time()), '99999', $data->fields['username']));
						if (!$r) {
							mail(
								$error_email,
								"SUSignup Error",
								"An error occured in the susignup system at stage 2.5\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
								"From: \"SUCS Admin\" <admin@sucs.org>"
							);

					        } else {
							$q="SELECT email, typename FROM members, member_type WHERE username=?  AND type=member_type.id;";
							$r=$sucsDB->Execute($q, array($data->fields['username']));

							$message  = "Account Renewal notification\n\n";
							$message .= "Account   : ".$data->fields['username']."\n";
							$message .= "User Type : ".$r->fields['typename']."\n";
							$message .= "Renewed by: ".$data->fields['username'].".\n\n";
							$message .= "**** Payment was made via the SU payments system ****\n";
							$message .= "Regards\n  The SU Renewals script";
							mail("treasurer@sucs.org","Account Renewal",$message);

							$message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n";
							$message .= "Username: ".$renew_name."\n";
							$message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n";
							$message .= "Regards\n  The SUCS admin";
							$header = "From: admin@sucs.org\r\n";
							$header .= "Reply-To: admin@sucs.org";
							// Personal account
							mail($r->fields['email'],"SUCS account renewal",$message,$header);
							// sucs account
							mail($data->fields['username']."@sucs.org","SUCS account renewal",$message,$header);
							unset($query);
							unset($attribs);
							$query = "UPDATE transactions set signupid=? WHERE transactionID=?";
							$attribs[]="000";
							$attribs[]=$transactionID;
							$data = $sucsDB->Execute($query,$attribs);
							if (!$data) { 
								$mode="error";
								mail(
									$error_email,
									"SUSignup Error",
									"An error occured in the susignup system at stage 2.6\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
									"From: \"SUCS Admin\" <admin@sucs.org>"
								);
							}
				        	}
					} else {
						$pass = make_password();
						unset($query);
						$query = "insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id";
						unset($attribs);
						$attribs[]=$pass;
						$attribs[]=$array['cardNumber'];
						$attribs[]='99999';

						$iddata = $sucsDB->Execute($query,$attribs);
						$id = $iddata->fields['id'];
						if (!$iddata) {
							$mode="error";
							mail(
								$error_email,
								"SUSignup Error",
								"An error occured in the susignup system at stage 3\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
								"From: \"SUCS Admin\" <admin@sucs.org>"
							);
						} else {
							$query = "update transactions set signupid=? WHERE transactionID=?";
							unset($attribs);
							$attribs[]=$id;
							$attribs[]=$transactionID;
							if(!$sucsDB->Execute($query,$attribs)) {
								$mode="error";
								mail(
									$error_email,
									"SUSignup Error",
									"An error occured in the susignup system at stage 4\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
									"From: \"SUCS Admin\" <admin@sucs.org>"
								);
								print($sucsDB->ErrorMsg());
							} else {
								$smarty->assign("id", $id);
								$smarty->assign("pass", $pass);
								mail(
									$array['emailAddress'].','.$sid.'@swansea.ac.uk',
									"SUCS Signup Information",
									"Thankyou for joining Swansea University Computer Society, your signup details are below;\nSignupID: $id\nSignup Password: $pass\nIf you have successfully completed signup immediately then you can disregard this message.\n\nSUCS Admin Team.",
									"From: \"SUCS Admin\" <admin@sucs.org>"
								);
							}
						}
					}
				}
			}
		}
	}
}

$smarty->assign("mode", $mode);
$output = $smarty->fetch("susignup.tpl");

$smarty->assign("title", "Join");
$smarty->assign("body", $output);


?>