<?php

// gib errars plox
//error_reporting(E_ALL);
//ini_set('display_errors', 1);

// this is the php for sucs.org/susignup

// Include shit we need. like the renew_membership fucntion
include "../lib/member_functions.php";
include "../lib/date.php";

// include the suapiv2 stuff like check_su_sid_and_trans()
include "../lib/suapiv2.php";

// since the rewrite by ~imranh this no longer sends out emails
// feel free to add it
// Where do errors go?
$error_email = "admin@sucs.org";

// By default display a page asking for sid and transid
// this is called "login"
$mode = 'login';

// if somone has post'd data to the page then do shit
if(!empty($_REQUEST['sid'])&&!empty($_REQUEST['transactionID'])){

	// stick the post'd data in a variable we can call easily
	$sid = $_REQUEST['sid'];
        $transactionID = $_REQUEST['transactionID'];

	// check if the data posted is valid
	if(check_su_sid_and_trans($sid,$transactionID)){

		// probe the db for some info thatwe want to use in the if statements below
		$tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($sid));
		$signuptmpresult = $sucsDB->Execute("SELECT * FROM signup WHERE sid=?", array($sid));

		// check to see if they are already a valid and paid member
		if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){
			// let them know they are already signed up and renewed
			message_flash("You are a numpty and have already signed up and paid for this year.");
		// else if check to see if they have signedup and paid for the new year but haven't renewed
		}else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){
			// renew them!
			renew_membership($tmpresult->fields["username"]);
			// let them know that their account has been renewed
			message_flash("Your SUCS account has been renewed.");
		// else if they aren't in the SUCS DB but have a signup slip, take them back to that part of signup
		// I don't know how you would end up in a state like this but the old code dealt with it so I will as well
		} else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid) {
			$mode = "form";
			$smarty->assign("id",$signuptmpresult->fields["id"]);
			$smarty->assign("pass",$signuptmpresult->fields["password"]);
		// else if they aren't in the SUCS DB, then bootstrap signup process
		} else if ($tmpresult->fields == false && $signuptmpresult->fields == false) {
			$mode = "form";
			$pass = make_password();
			$iddata = $sucsDB->Execute("insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id",array($pass,$sid,"99999"));
			$id = $iddata->fields['id'];
			$smarty->assign("id", $id);
			$smarty->assign("pass", $pass);
		} else {
			// they should never get here
			die("You'll see this if there has been a database error. Someone probably knows and is trying to fix it. Sorry.");
		}
	} else {
		trigger_error("That Student Number and Transaction ID combo are invalid.", E_USER_ERROR);
	}
}


$smarty->assign("mode", $mode);
$output = $smarty->fetch("susignup.tpl");

$smarty->assign("title", "Join");
$smarty->assign("body", $output);


?>