diff --git a/components/options.php b/components/options.php index f6068a350287864f5aff41d7d973e379f86d2faf..913e519c8a57cb9c1bd53032ad771fbeafc3db74 100644 --- a/components/options.php +++ b/components/options.php @@ -204,7 +204,8 @@ function updateRenew() { return FALSE; } - $sucsDB->Execute("update members set paid=?, lastupdate=DEFAULT, lastedit=uid where uid=?", array($paydate, $member['uid'])); + include_once("../lib/member_functions.php"); + renew_membership($member['username']); $sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id'])); return TRUE; } diff --git a/components/susignup-admin.php b/components/susignup-admin.php index ed8574d9405ca489808ebc9dfd89904a255dcefb..aeb59f2de95c87096830b587eca9e6dc6b8c0aba 100644 --- a/components/susignup-admin.php +++ b/components/susignup-admin.php @@ -1,232 +1,92 @@ -<?PHP -/*** - * SU Signup admin - * Allows us to search the SU api for a given student number and checks if they're a SUCS member. - * If they are - allows account renewal - * If not - allows signup to be bootstrapped as per susignup component - ***/ +<?php +// gib errars plox +//error_reporting(E_ALL); +//ini_set('display_errors', 1); + +// include functions and shit we need include("../lib/member_functions.php"); include("../lib/date.php"); -include("../suapi.inc.php"); +include("../lib/suapiv2.php"); //Restrict access to staff. $permission="sucsstaff"; -$apibaseurl="https://$suapi_user:$suapi_pass@su-api.sucs.org/memberships/Membership.asmx"; +// if they have the right privs then lets do shit if (isset($session->groups[$permission])) { //Setup smarty magic, step 1 $smarty->assign("staff", TRUE); + // if no mode has been requested then show options if(!isset($_REQUEST['mode'])) { $mode = 'menu'; } else { $mode = urldecode($_REQUEST['mode']); } + // We have a mode, lets try and work out wtf they want to do + + // they have typed in a sid and want to bootstrap the signup processs if ($mode == 'search') { if (empty($_REQUEST['sid']) || empty($_REQUEST['snsubmit'])) { $mode = 'error'; - $smarty->assign("error_text", "Invalid search request"); + $smarty->assign("error_text", "Invalid search request"); }else{ $pres=preg_match("/^[0-9]{6}$/",$_REQUEST['sid'],$sid); if ($pres!=1) { $mode = 'error'; $smarty->assign("error_text", "Search term doesn't look like a valid student ID"); } else { - $url = "$apibaseurl/IsPersonMember?strCriteria=".$sid[0]."&GroupingId=6613"; - $apiReq = curl_init(); - curl_setopt($apiReq, CURLOPT_URL, $url); - curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE); - curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false); - - $apiResult = curl_exec($apiReq); - if ($apiResult === FALSE) { - $mode = 'error'; - $smarty->assign("error_text", "An error occurred communicating with the SUSU API."); - }else { - // Ostensibly we now have a valid search result from the SU - go to work - libxml_use_internal_errors(true); - $xml=simplexml_load_string($apiResult); - if (!$xml||isset($xml->head->title)) { - $mode='error'; - $smarty->assign("error_text", "An error occurred communicating with the SUSU API"); - } else { - $ismember = $xml[0]; - if ($ismember=="true") { - //Yay, we have a student who has paid and needs to be signed up. - //Check they don't have a signup slip already - $query = "SELECT transactionid, signupid FROM transactions WHERE cardNumber = ?;"; - $qres = $sucsDB->Execute($query, $sid); - - if ($qres->RecordCount()==0) { - // No transaction, but might have unused signup slip. If so, retrieve values. - $query = "SELECT id, username, password FROM signup WHERE sid=?;"; - $qres = $sucsDB->Execute($query, array($sid[0])); - if ($qres && $qres->RecordCount() > 0) { - if ($qres->RecordCount() > 1) { - $mode='error'; - $smarty->assign("error_text", "Student has multiple signup slips in the DB. Bork! Bork! Bork!"); - } else if (!empty($qres->fields['username'])) { - $mode='error'; - $smarty->assign("error_text", "Student hasn't tried to use the SU signup component (No transaction in DB), but has a previously used Signup Slip with username ".$qres->fields['username'].".<br />Is this a renewal? If not, ask an admin to generate a new signup slip for this student"); - //TODO: Add option to generate new signup slip? - } else { - $id = $qres->fields['id']; - $pass = $qres->fields['password']; - } - } else { - $pass = make_password(); - $query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id"; - $attribs[]=$pass; - $attribs[]=$sid[0]; - $attribs[]='99999'; //SUCS Magic internal use UID - - $id = $sucsDB->Execute($query,$attribs); - $id = $id->fields['id']; - if (!$id) { - $mode="error"; - $smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>"); - } else { - $smarty->assign('slipid', $id); - $smarty->assign('slippass', $pass); - $smarty->assign('sid', $sid[0]); - } - } - } else { - //Retrieve existing slip - $id = $qres->fields['signupid']; - $tid = $qres->fields['transactionid']; - if (empty($id)) { - $pass = make_password(); - $query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id"; - $attribs[]=$pass; - $attribs[]=$sid[0]; - $attribs[]='99999'; //SUCS Magic internal use UID - - $qres = $sucsDB->Execute($query,$attribs); - if (!$qres) { - $mode="error"; - $smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>"); - } else { - $id = $qres->fields['id']; - $query = "UPDATE transactions SET signupid=? WHERE transactionid=?;"; - $qres = $sucsDB->Execute($query, array($id, $tid)); - $smarty->assign('slipid', $id); - $smarty->assign('slippass', $pass); - $smarty->assign('sid', $sid[0]); - } - - }else { - $query = "SELECT username, password FROM signup WHERE id=?;"; - $qres = $sucsDB->Execute($query, array($id)); - if (!$qres) { - $mode="error"; - $smarty->assign("error_text", "The user appears to have generated a signup ID using the SU Signup system (Slip ID: ".$id."), but the password for that slip can't be retrieved.<br />Request assistance."); - } else if ($qres->fields['username'] !== NULL) { - $mode="error"; - $smarty->assign("error_text", "This user appears to have completed signup, with username <strong>".$qres->fields['username']."</strong><br />Check that this user exists, and offer to reset their password if necessary."); - } - $pass = $qres->fields['password']; - $smarty->assign('slipid', $id); - $smarty->assign('slippass', $pass); - $smarty->assign('sid', $sid[0]); - } - } - - if(!$mode=='error') { - //Right, this should be the point where we hand off to signup - $smarty->assign('slipid', $id); - $smarty->assign('slippass', $pass); - $smarty->assign('sid', $sid[0]); - } - - }else{ - $mode='error'; - $smarty->assign("error_text", "Student does not appear to have paid. Extract fees"); - } - } - } - } - } - } else if ($mode=="renew") { - if (empty($_REQUEST['member'])){ - $mode='error'; - $smarty->assign('error_text',"Can't renew a member without knowing their username!"); - } else if (!isset($_REQUEST['renewconf'])) { - //Should be trying to renew $_REQUEST['member'] - $username=urldecode($_REQUEST['member']); - $q = "SELECT username, typename, sid, paid, email FROM members, member_type WHERE username=?"; - $res = $sucsDB->Execute($q,array($username)); - if (!$res) { - $mode='error'; - $smarty->assign('error_text', "A database error occurred while trying to retrieve member details"); - } else if ($res->fields['paid'] == paidUntil(time())) { - $mode='error'; - $smarty->assign('error_text', 'User appears to have been renewed already?'); - } else { - $smarty->assign('renew_user', $username); - $smarty->assign('renew_paid', $res->fields['paid']); - $smarty->assign('renew_type', $res->fields['typename']); - $url = "$apibaseurl/IsPersonMember?strCriteria=".$res->fields['sid']."&GroupingId=6613"; - $apiReq = curl_init(); - curl_setopt($apiReq, CURLOPT_URL, $url); - curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE); - curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false); - - $apiResult = curl_exec($apiReq); - libxml_use_internal_errors(true); - $xml=simplexml_load_string($apiResult); - if (!$xml || isset($xml->head->title)) { - $mode='error'; - $smarty->assign("error_text", "An error occurred communicating with the SUSU API."); - } else { - $ismember = $xml[0]; - - $user = posix_getpwnam($session->username); - - if ($ismember!="true") { - $mode='error'; - $smarty->assign('error_text', 'Member does not appear to have paid via the SU system. Use the old renewals system if they have paid using some other method');; - } else { - if (renew_member($username, $user['uid'], $user['name'])) { - message_flash("Successfully renewed"); - $mode='menu'; + // they have given us a valid sid lets check to see if they have paid + + // make sure the user/admin/exec isn't an idiot + // check if they are already signed up and tell them so + $tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($_REQUEST['sid'])); + if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){ + // let them know they are already signed up and renewed + message_flash("You are a numpty and have already signed up and paid for this year."); + // else if check to see if they have signedup and paid for the new year but haven't renewed + } else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){ + // renew them! + renew_membership($tmpresult->fields["username"]); + // let them know that their account has been renewed + message_flash("Your SUCS account has been renewed."); + }else{ + if (check_su_sid($_REQUEST['sid'])) { + // lets make them a signup slip + $pass = make_password(); + $query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id"; + $attribs[]=$pass; + $attribs[]=$_REQUEST['sid']; + $attribs[]='99999'; //SUCS Magic internal use UID + + $id = $sucsDB->Execute($query,$attribs); + $id = $id->fields['id']; + if (!$id) { + $mode="error"; + $smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>"); } else { - $mode='error'; - $smarty->assign('error_text', 'An error occurred renewing account '.$username); + $smarty->assign('slipid', $id); + $smarty->assign('slippass', $pass); + $smarty->assign('sid', $_REQUEST['sid']); } - + }else{ + $mode='error'; + $smarty->assign("error_text", "Student does not appear to have paid. Extract fees"); } - } } } - + // mass renewals page } else if ($mode == 'renewals') { - //Get list of members according to the SU - $url = "$apibaseurl/GetMemberListData?GroupingId=6613"; - $apiReq = curl_init(); - curl_setopt($apiReq, CURLOPT_URL, $url); - curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE); - curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false); - $apiResult = curl_exec($apiReq); - $sumembers = su_response_decode($apiResult); - if (!$sumembers) { - $mode ='error'; - $smarty->assign("error_text", "An error occurred communicating with the SUSU API."); - } else { $matches = array(); $others=0; $paidup=0; - foreach ($sumembers as $sumem) { - $sucsmem = get_sucs_record($sumem['uni_card_number']); + foreach ($just_members as $sumem) { + $sucsmem = get_sucs_record($sumem['card_number']); if ($sucsmem && $sucsmem['paid'] != paidUntil(time()) && $sucsmem['type']==1) { - $matches[]=array($sumem['firstName']." ".$sumem['lastName'], $sucsmem['realname'], $sumem['uni_card_number'], $sucsmem['username'], $sucsmem['paid']); + $matches[]=array($sumem['purchaser'], $sucsmem['realname'], $sumem['card_number'], $sucsmem['username'], $sucsmem['paid']); } else if ($sucsmem && $sucsmem['paid'] == paidUntil(time())) { $others++; $paidup++; @@ -238,7 +98,6 @@ if (isset($session->groups[$permission])) { $smarty->assign("others", $others); $smarty->assign("paidup", $paidup); $smarty->assign("pending", $others - $paidup); - } } else if ($mode == 'renewals2') { $failures = array(); $successes = array(); @@ -248,8 +107,7 @@ if (isset($session->groups[$permission])) { $smarty->assign("error_text", "Can't renew an empty list!"); } else { foreach($_REQUEST['renew'] as $user) { - $admin_user=posix_getpwnam($session->username); - if (renew_member($user, $admin_user['uid'], $admin_user['name'])) { + if (admin_renew_member($user, $session->username)) { $successes[]=$user; } else { $failures[]=$user; @@ -261,27 +119,13 @@ if (isset($session->groups[$permission])) { $smarty->assign("successes", count($successes)); } } else if ($mode == 'list') { - //Get list of members according to the SU - $url="$apibaseurl/GetMemberListData?GroupingId=6613"; - $apiReq = curl_init(); - curl_setopt($apiReq, CURLOPT_URL, $url); - curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE); - curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false); - - $apiResult = curl_exec($apiReq); - $sumembers = su_response_decode($apiResult); - if (!$sumembers) { - $mode='error'; - $smarty->assign("error_text", "An error occurred communicating with the SUSU API."); - } else { $matches = array(); - foreach ($sumembers as $sumem) { - $sucsmem = get_sucs_record($sumem['uni_card_number']); + foreach ($just_members as $sumem) { + $sucsmem = get_sucs_record($sumem['card_number']); if ($sucsmem) { - $matches[]=array($sumem['firstName']." ".$sumem['lastName'], $sucsmem['realname'], $sumem['uni_card_number'], $sucsmem['username'], $sucsmem['paid']); + $matches[]=array($sumem['purchaser'], $sucsmem['realname'], $sumem['card_number'], $sucsmem['username'], $sucsmem['paid']); } else { - $matches[]=array($sumem['firstName']." ".$sumem['lastName'], "N/A", $sumem['uni_card_number'], "N/A", "Not signed up"); + $matches[]=array($sumem['purchaser'], "N/A", $sumem['card_number'], "N/A", "Not signed up"); } } function sortbypaid($a, $b) { @@ -290,7 +134,6 @@ if (isset($session->groups[$permission])) { } usort($matches, 'sortbypaid'); $smarty->assign("matches", $matches); - } } $smarty->assign('renewables', get_renewable_members()); } @@ -302,17 +145,6 @@ $body = $smarty->fetch("susignup-admin.tpl"); $smarty->assign('body', $body); $smarty->assign("extra_styles", array("$baseurl/css/susignup-admin.css")); -function su_response_decode($text) { - global $smarty; - libxml_use_internal_errors(true); - $xml=simplexml_load_string($text); - if (!$xml || isset($xml->head->title)) { - return false; - } else { - return json_decode($xml[0],TRUE); - } -} - function get_sucs_record($sid) { global $sucsDB; @@ -338,37 +170,18 @@ function get_renewable_members() { return $retvals; } -function renew_member($renew_name, $admin_uid, $admin_name) { - global $sucsDB; - - $q="UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?;"; - $r=$sucsDB->Execute($q, array(paidUntil(time()), $admin_uid, $renew_name)); - if (!$r) { - print $sucsDB->ErrorMsg(); - return FALSE; - } else { +function admin_renew_member($renew_name, $admin_name) { + global $sucsDB; + renew_member($renew_name); $q="SELECT email, typename FROM members, member_type WHERE username=? AND type=member_type.id;"; $r=$sucsDB->Execute($q, array($renew_name)); - $message = "Account Renewal notification\n\n"; $message .= "Account : ".$renew_name."\n"; $message .= "User Type : ".$r->fields['typename']."\n"; $message .= "Renewed by: ".$admin_name."\n\n"; $message .= "**** Payment was made via the SU payments system ****\n"; $message .= "Regards\n The SU Renewals script"; - mail("treasurer@sucs.org","Account Renewal",$message); - - $message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n"; - $message .= "Username: ".$renew_name."\n"; - $message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n"; - $message .= "Regards\n The SUCS admin"; - $header = "From: admin@sucs.org\r\n"; - $header .= "Reply-To: admin@sucs.org"; - // Personal account - mail($r->fields['email'],"SUCS account renewal",$message,$header); - // sucs account - mail($renew_name."@sucs.org","SUCS account renewal",$message,$header); + mail("exec@sucs.org","Account Renewal",$message); return TRUE; - } - } + diff --git a/components/susignup.php b/components/susignup.php index b5c153f7a4e7e46d6ae3133758a7af8287605dd3..c257c4486cd0b9a09a88da8a56944e418147226d 100755 --- a/components/susignup.php +++ b/components/susignup.php @@ -1,256 +1,72 @@ <?php -//unique society identifier -$GroupingID = "6613"; +// gib errars plox +//error_reporting(E_ALL); +//ini_set('display_errors', 1); +// this is the php for sucs.org/susignup + +// Include shit we need. like the renew_membership fucntion include "../lib/member_functions.php"; include "../lib/date.php"; -include "../suapi.inc.php"; +// include the suapiv2 stuff like check_su_sid_and_trans() +include "../lib/suapiv2.php"; + +// since the rewrite by ~imranh this no longer sends out emails +// feel free to add it +// Where do errors go? $error_email = "admin@sucs.org"; + +// By default display a page asking for sid and transid +// this is called "login" $mode = 'login'; -//login + +// if somone has post'd data to the page then do shit if(!empty($_REQUEST['sid'])&&!empty($_REQUEST['transactionID'])){ -//set signup details + // stick the post'd data in a variable we can call easily $sid = $_REQUEST['sid']; $transactionID = $_REQUEST['transactionID']; - //set POST variables - $url = "https://$suapi_user:$suapi_pass@su-api.sucs.org/memberships/Membership.asmx/GetMemberByTransactionID"; - $fields = array( - 'transactionID'=>urlencode($transactionID), - 'GroupingID'=>urlencode($GroupingID), - ); - //url-ify the data for the POST - $field_string = ""; - foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; } - rtrim($fields_string,'&'); - //open connection - $ch = curl_init(); - - //set the url, number of POST vars, POST data - curl_setopt($ch,CURLOPT_URL,$url); - curl_setopt($ch,CURLOPT_POST,count($fields)); - curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string); - curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE); - curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false); - curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false); - //execute post - $result = curl_exec($ch); - - //close connection - curl_close($ch); - if(!$result){ - $mode = "error"; - $smarty->assign("error_text", "Invalid query returned"); - } else { - libxml_use_internal_errors(true); - $xml=simplexml_load_string($result); - if (!$xml||isset($xml->head->title)) { - $mode='error'; - $smarty->assign("error_text", "An error occurred communicating with the SUSU API"); - } else{ - $re1='.*?'; - $re2='(\\{.*?\\})'; - if ($c=preg_match_all ("/".$re1.$re2."/is", $result, $matches)) - { - $json_string=$matches[1][0]; - } else{ - $mode = "error"; - } - $array = json_decode($json_string,TRUE); - if($array['cardNumber'] == $sid && $sid != ""){ - $mode = 'form'; - - // SET THIS FOR DEBUG MODE - // $sucsDB->debug = true; - - $fullName = $array['firstName']." ".$array['lastName']; - $query = "INSERT INTO transactions (transactionID,fullName,emailAddress,cardNumber,personID) values(?, ?, ?, ?, ?)"; - $attribs[] = $transactionID; - $attribs[] = $fullName; - $attribs[] = $array['emailAddress']; - $attribs[] = $array['cardNumber']; - $attribs[] = $array['personID']; - - $valid = true; - if(!$sucsDB->Execute($query,$attribs)) { - // We did this because Adodb ErrorNo command is broken - $query = "SELECT * FROM transactions WHERE transactionID = ?"; - unset($attribs); - $attribs[]=$transactionID; - if($sucsDB->Execute($query,$attribs)) { - - $query = "SELECT * FROM transactions WHERE transactionID = ?"; - $attribs= array(); - $attribs[]=$transactionID; - $data = $sucsDB->GetAll($query,$attribs); - if(is_array($data)&&sizeof($data)==1&&$data[0]['signupid']==NULL){ - // As it stands this shouldn't happen but if it does, no reason not to let them carry on - $valid = true; - } elseif(is_array($data)&&sizeof($data)==1&&$data[0]['signupid']!=NULL) { - $query = "SELECT * FROM signup WHERE sid = ?"; - unset($attribs); - $attribs[]=$sid; - $data = $sucsDB->Execute($query, $attribs); - if(!$data) { - mail( - $error_email, - "SUSignup Error", - "An error occured in the susignup system at stage 0\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(), - "From: \"SUCS Admin\" <admin@sucs.org>" - ); - $valid=false; - } else if($data->fields['username']!=NULL){ - $smarty->assign("username", $data->fields['username']); - $mode='numpty2'; - // This happens if they already ahve a SUCS account and are trying to create a new signupid - $valid = false; - } else { - $smarty->assign("id", $data->fields['id']); - $smarty->assign("pass", $data->fields['password']); - $mode='numpty'; - // If this happens they tried to get a new signupid/pass after already getting one, and should get weekly reminders about it - $valid = false; - } - } else { - $mode="error"; - mail( - $error_email, - "SUSignup Error", - "An error occured in the susignup system at stage 1\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(), - "From: \"SUCS Admin\" <admin@sucs.org>" - ); - - $valid = false; - } - - } else { - $mode="error"; - mail( - $error_email, - "SUSignup Error", - "An error occured in the susignup system at stage 2\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(), - "From: \"SUCS Admin\" <admin@sucs.org>" - ); - - $valid = false; - } - } - - if($valid) - { - unset($attribs); - unset($query); - $query = "SELECT * FROM members WHERE sid = ?"; - $attribs[] = $sid; - unset($data); - $data = $sucsDB->Execute($query, $attribs); - if (!$data) { - $mode = "error"; - $smarty->assign("error_text", "Error in internal database check"); - } elseif ($data->RecordCount()==1) { - $mode = "renew"; - $q="UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?;"; - $r=$sucsDB->Execute($q, array(paidUntil(time()), '99999', $data->fields['username'])); - if (!$r) { - mail( - $error_email, - "SUSignup Error", - "An error occured in the susignup system at stage 2.5\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(), - "From: \"SUCS Admin\" <admin@sucs.org>" - ); - - } else { - $q="SELECT email, typename FROM members, member_type WHERE username=? AND type=member_type.id;"; - $r=$sucsDB->Execute($q, array($data->fields['username'])); - - $message = "Account Renewal notification\n\n"; - $message .= "Account : ".$data->fields['username']."\n"; - $message .= "User Type : ".$r->fields['typename']."\n"; - $message .= "Renewed by: ".$data->fields['username'].".\n\n"; - $message .= "**** Payment was made via the SU payments system ****\n"; - $message .= "Regards\n The SU Renewals script"; - mail("treasurer@sucs.org","Account Renewal",$message); - - $message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n"; - $message .= "Username: ".$renew_name."\n"; - $message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n"; - $message .= "Regards\n The SUCS admin"; - $header = "From: admin@sucs.org\r\n"; - $header .= "Reply-To: admin@sucs.org"; - // Personal account - mail($r->fields['email'],"SUCS account renewal",$message,$header); - // sucs account - mail($data->fields['username']."@sucs.org","SUCS account renewal",$message,$header); - unset($query); - unset($attribs); - $query = "UPDATE transactions set signupid=? WHERE transactionID=?"; - $attribs[]="000"; - $attribs[]=$transactionID; - $data = $sucsDB->Execute($query,$attribs); - if (!$data) { - $mode="error"; - mail( - $error_email, - "SUSignup Error", - "An error occured in the susignup system at stage 2.6\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(), - "From: \"SUCS Admin\" <admin@sucs.org>" - ); - } - } - } else { - $pass = make_password(); - unset($query); - $query = "insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id"; - unset($attribs); - $attribs[]=$pass; - $attribs[]=$array['cardNumber']; - $attribs[]='99999'; - - $iddata = $sucsDB->Execute($query,$attribs); - $id = $iddata->fields['id']; - if (!$iddata) { - $mode="error"; - mail( - $error_email, - "SUSignup Error", - "An error occured in the susignup system at stage 3\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(), - "From: \"SUCS Admin\" <admin@sucs.org>" - ); - } else { - $query = "update transactions set signupid=? WHERE transactionID=?"; - unset($attribs); - $attribs[]=$id; - $attribs[]=$transactionID; - if(!$sucsDB->Execute($query,$attribs)) { - $mode="error"; - mail( - $error_email, - "SUSignup Error", - "An error occured in the susignup system at stage 4\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(), - "From: \"SUCS Admin\" <admin@sucs.org>" - ); - print($sucsDB->ErrorMsg()); - } else { - $smarty->assign("id", $id); - $smarty->assign("pass", $pass); - mail( - $array['emailAddress'].','.$sid.'@swansea.ac.uk', - "SUCS Signup Information", - "Thankyou for joining Swansea University Computer Society, your signup details are below;\nSignupID: $id\nSignup Password: $pass\nIf you have successfully completed signup immediately then you can disregard this message.\n\nSUCS Admin Team.", - "From: \"SUCS Admin\" <admin@sucs.org>" - ); - } - } - } - } - } + // check if the data posted is valid + if(check_su_sid_and_trans($sid,$transactionID)){ + + // check to see if they are already a valid and paid member + $tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($sid)); + if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){ + // let them know they are already signed up and renewed + message_flash("You are a numpty and have already signed up and paid for this year."); + // else if check to see if they have signedup and paid for the new year but haven't renewed + }else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){ + // renew them! + renew_membership($tmpresult->fields["username"]); + // let them know that their account has been renewed + message_flash("Your SUCS account has been renewed."); + // else if they aren't in the SUCS DB but have a signup slip, take them back to that part of signup + $singuptmpresult = $sucsDB->Execute("SELECT * FROM signup WHERE sid=?", array($sid)); + } else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid) { + $mode = "form"; + $smarty->assign("id",$signuptmpresult->fields["id"]); + $smarty->assign("pass",$signuptmpresult->fields["password"]); + // else if they aren't in the SUCS DB, then bootstrap signup process + } else if ($tmpresult->fields == false && $signuptmpresult->fields == false) { + $mode = "form"; + $pass = make_password(); + $iddata = $sucsDB->Execute("insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id",array($pass,$sid,"99999")); + $id = $iddata->fields['id']; + $smarty->assign("id", $id); + $smarty->assign("pass", $pass); + } else { + // they should never get here + echo("fuck you"); } + } else { + trigger_error("That Student Number and Transaction ID combo are invalid.", E_USER_ERROR); } } + $smarty->assign("mode", $mode); $output = $smarty->fetch("susignup.tpl"); diff --git a/lib/member_functions.php b/lib/member_functions.php index a1ee5186c344772d738fd43083359652d9b7d9ad..3c756290410298f6e267795073eff3ecdcb4adab 100644 --- a/lib/member_functions.php +++ b/lib/member_functions.php @@ -107,4 +107,31 @@ function generateLdif($uid, $password, $type, $realname, $username){ return $ldif; } +// function to renew a persons sucs membership +function renew_membership($username) { + + // get their details from the sucs db + $userdata = $sucsDB->Execute("SELECT * FROM members WHERE username=?", array($username)); + + // include the date file so we can call the paidUntil function + include_once("date.php"); + + // Update their record in the DB + $sucsDB->Execute("UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?", array(paidUntil(time()), "99999", $username)); + + // Give them their 200 print credits + exec("/usr/local/sbin/printerrenew.apache ${username} 200"); + + // apprently sending them an email confirming so is nice + $message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n"; + $message .= "Username: ${username}\n"; + $message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n"; + $message .= "Regards\n The SUCS admin"; + $header = "From: admin@sucs.org\r\n"; + $header .= "Reply-To: admin@sucs.org"; + // send it to their personal account + mail($userdata->fields['email'],"SUCS account renewal",$message,$header); + +} + ?> diff --git a/lib/suapiv2.php b/lib/suapiv2.php new file mode 100644 index 0000000000000000000000000000000000000000..00c494c5239878eba2fa0e2a55bc210d2ddb3bdd --- /dev/null +++ b/lib/suapiv2.php @@ -0,0 +1,78 @@ +<?php + +// sorry + + +// gib errars plox +//error_reporting(E_ALL); +//ini_set('display_errors', 1); + +// without this the entire thing doesn't work +include_once("../suapiv2-key.php"); + +//SUCS Org ID According to the SU +$orgid = "6613"; + +$apibaseurl = "http://su-apiv2.sucs.org/?apikey=${apikey}&orgid=${orgid}"; + +// Get the shit json the suapiv2 spits out +$ch = curl_init($apibaseurl); +curl_setopt($ch,CURLOPT_RETURNTRANSFER, TRUE); +$raw_data = curl_exec($ch); +curl_close($ch); +$formated_raw_data = json_decode($raw_data, true); //convert it into php arrays +/* +* $membership_data is an array where each type of memebrship is it;s own array +* Insdie each of those arrays the actual arrary of members is under ["Detail_Collection"]["Detail"] +* So $membership_data[0]["Detail_Collection"]["Detail"][0] will get you the array containing the +* first member in the data +*/ +$membership_data = $formated_raw_data["table1"]["table1_Product_Collection"]["table1_Product"]; + +// make a new array that just contains *every* member no matter what they bought +$just_members = array(); +foreach ($membership_data as $typeOfMember) { + foreach ($typeOfMember["Detail_Collection"]["Detail"] as $member) { + array_push($just_members, $member["@attributes"]); + } +} + +/* You can now use $just_members to probe member detials. It's an array of arrays which each contain: +* transaction_id (recepit id) +* purchaser (full name) +* textbox6 (under 18 or not) NOT SURE OF THE FORMAT +* card_number (student number) +* shop_name (where they bought sucs memebrship) +* qty (how many sucs memebrships they bought) +* purchase_date (timestamp of when they bought memebrship)4 +*/ + +/* +* Used by /susignup to verify that the stduent number and transaction id combo are valid +* returns true or false +*/ +function check_su_sid_and_trans($sid, $transid) { + global $just_members; + foreach ($just_members as $member) { + if ($sid == $member["card_number"] && $transid == $member["transaction_id"]) { + return true; + } + } + return false; +} + +/* +* Used to verify taht a given stduent number has paid for membership via the su system. +* returns false or true +*/ +function check_su_sid($sid) { + global $just_members; + foreach ($just_members as $member) { + if ($sid == $member["card_number"]) { + return true; + } + } + return false; +} + +?> diff --git a/templates/susignup-admin.tpl b/templates/susignup-admin.tpl index 0c9dc1a30223f2023906c5b27b4f9a2ba2087ed7..429f3fa7527f6457c8044471b3fae07f9324e63e 100644 --- a/templates/susignup-admin.tpl +++ b/templates/susignup-admin.tpl @@ -67,7 +67,7 @@ The following accounts failed to renew: The details are:<br /> <strong>Slip ID: </strong> {$slipid}<br /> <strong>Slip Password: </strong> {$slippass} <br /> - <form action="https://sucs.org/signup/" method="post"> + <form action="{$baseurl}/signup/" method="post"> <input type=hidden name="signupid" id="id" value="{$slipid}" /> <input type=hidden name="signuppw" id="pass" value="{$slippass}" /> <input type=submit name="submit" value="Proceed" /> diff --git a/templates/susignup.tpl b/templates/susignup.tpl index 2ebf1a0fb3bcf7e209dc50293363fad17ef7063d..eaa0bad2b62df77fe08b06b9959c578341e59e78 100644 --- a/templates/susignup.tpl +++ b/templates/susignup.tpl @@ -23,38 +23,18 @@ <div class="hollowfoot"><div><div></div></div></div> </div> </form> -{elseif $mode=='form' || $mode=="re-form"} +{elseif $mode=='form'} <h1>Signup</h1> - <p>To continue signup later please use the link below to dispay and print off your signup slip</p> - <form action="https://sucs.org/~kais58/sucstest/sucs/generate.php" method="post" target="_blank"> - <input type=hidden name="id" id="id" value="{$id}" /> - <input type=hidden name="pass" id="pass" value="{$pass}" /> - <input type=submit name="submit" value="Proceed" /> - </form> - <p>To finish signup now click below to continue</p> - <form action="https://sucs.org/signup/" method="post"> + <p>To contiune signup now click below</p> + <form action="{$baseurl}/signup/" method="post"> <input type=hidden name="signupid" id="id" value="{$id}" /> <input type=hidden name="signuppw" id="pass" value="{$pass}" /> <input type=submit name="submit" value="Proceed" /> </form> -{elseif $mode=='numpty'} - <p>You appear to have completed this part of signup before, please check your emails for your signup ID and password. Alternatively click below to continue.</p> - <form action="https://sucs.org/signup/" method="post"> - <input type=hidden name="signupid" id="id" value="{$id}" /> - <input type=hidden name="signuppw" id="pass" value="{$pass}" /> - <input type=submit name="submit" value="Proceed" /> - </form> -{elseif $mode=='numpty2'} - <p>You appear to have already completed this step and registered with SUCS with the username <strong>{$username}</strong>.<br/>If you have forgotten your login password please email <a href='mailto:admin@sucs.org'>admin@sucs.org</a> or drop by the SUCS room and find an admin.</p> - -{elseif $mode=='renew'} - <h1>Renewed</h1> - <p>Thankyou for renewing your membership, it has completed succesfully</p> {else} <h1>Error</h1> <div class='errorbar'> <strong>Error: </strong> {$error_text} </div> An error occured during signup, please email, with as much information as you can provide, <a href='mailto:admin@sucs.org'>admin@sucs.org</a> for assistance. -{/if} - +{/if} \ No newline at end of file