diff --git a/components/options.php b/components/options.php
index f6068a350287864f5aff41d7d973e379f86d2faf..913e519c8a57cb9c1bd53032ad771fbeafc3db74 100644
--- a/components/options.php
+++ b/components/options.php
@@ -204,7 +204,8 @@ function updateRenew() {
return FALSE;
}
- $sucsDB->Execute("update members set paid=?, lastupdate=DEFAULT, lastedit=uid where uid=?", array($paydate, $member['uid']));
+ include_once("../lib/member_functions.php");
+ renew_membership($member['username']);
$sucsDB->Execute("update signup set activated=NOW(), username=? where id=?", array($member['username'], $signup['id']));
return TRUE;
}
diff --git a/components/susignup-admin.php b/components/susignup-admin.php
index ed8574d9405ca489808ebc9dfd89904a255dcefb..aeb59f2de95c87096830b587eca9e6dc6b8c0aba 100644
--- a/components/susignup-admin.php
+++ b/components/susignup-admin.php
@@ -1,232 +1,92 @@
-<?PHP
-/***
- * SU Signup admin
- * Allows us to search the SU api for a given student number and checks if they're a SUCS member.
- * If they are - allows account renewal
- * If not - allows signup to be bootstrapped as per susignup component
- ***/
+<?php
+// gib errars plox
+//error_reporting(E_ALL);
+//ini_set('display_errors', 1);
+
+// include functions and shit we need
include("../lib/member_functions.php");
include("../lib/date.php");
-include("../suapi.inc.php");
+include("../lib/suapiv2.php");
//Restrict access to staff.
$permission="sucsstaff";
-$apibaseurl="https://$suapi_user:$suapi_pass@su-api.sucs.org/memberships/Membership.asmx";
+// if they have the right privs then lets do shit
if (isset($session->groups[$permission])) {
//Setup smarty magic, step 1
$smarty->assign("staff", TRUE);
+ // if no mode has been requested then show options
if(!isset($_REQUEST['mode'])) {
$mode = 'menu';
} else {
$mode = urldecode($_REQUEST['mode']);
}
+ // We have a mode, lets try and work out wtf they want to do
+
+ // they have typed in a sid and want to bootstrap the signup processs
if ($mode == 'search') {
if (empty($_REQUEST['sid']) || empty($_REQUEST['snsubmit'])) {
$mode = 'error';
- $smarty->assign("error_text", "Invalid search request");
+ $smarty->assign("error_text", "Invalid search request");
}else{
$pres=preg_match("/^[0-9]{6}$/",$_REQUEST['sid'],$sid);
if ($pres!=1) {
$mode = 'error';
$smarty->assign("error_text", "Search term doesn't look like a valid student ID");
} else {
- $url = "$apibaseurl/IsPersonMember?strCriteria=".$sid[0]."&GroupingId=6613";
- $apiReq = curl_init();
- curl_setopt($apiReq, CURLOPT_URL, $url);
- curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
- curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
-
- $apiResult = curl_exec($apiReq);
- if ($apiResult === FALSE) {
- $mode = 'error';
- $smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
- }else {
- // Ostensibly we now have a valid search result from the SU - go to work
- libxml_use_internal_errors(true);
- $xml=simplexml_load_string($apiResult);
- if (!$xml||isset($xml->head->title)) {
- $mode='error';
- $smarty->assign("error_text", "An error occurred communicating with the SUSU API");
- } else {
- $ismember = $xml[0];
- if ($ismember=="true") {
- //Yay, we have a student who has paid and needs to be signed up.
- //Check they don't have a signup slip already
- $query = "SELECT transactionid, signupid FROM transactions WHERE cardNumber = ?;";
- $qres = $sucsDB->Execute($query, $sid);
-
- if ($qres->RecordCount()==0) {
- // No transaction, but might have unused signup slip. If so, retrieve values.
- $query = "SELECT id, username, password FROM signup WHERE sid=?;";
- $qres = $sucsDB->Execute($query, array($sid[0]));
- if ($qres && $qres->RecordCount() > 0) {
- if ($qres->RecordCount() > 1) {
- $mode='error';
- $smarty->assign("error_text", "Student has multiple signup slips in the DB. Bork! Bork! Bork!");
- } else if (!empty($qres->fields['username'])) {
- $mode='error';
- $smarty->assign("error_text", "Student hasn't tried to use the SU signup component (No transaction in DB), but has a previously used Signup Slip with username ".$qres->fields['username'].".<br />Is this a renewal? If not, ask an admin to generate a new signup slip for this student");
- //TODO: Add option to generate new signup slip?
- } else {
- $id = $qres->fields['id'];
- $pass = $qres->fields['password'];
- }
- } else {
- $pass = make_password();
- $query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
- $attribs[]=$pass;
- $attribs[]=$sid[0];
- $attribs[]='99999'; //SUCS Magic internal use UID
-
- $id = $sucsDB->Execute($query,$attribs);
- $id = $id->fields['id'];
- if (!$id) {
- $mode="error";
- $smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
- } else {
- $smarty->assign('slipid', $id);
- $smarty->assign('slippass', $pass);
- $smarty->assign('sid', $sid[0]);
- }
- }
- } else {
- //Retrieve existing slip
- $id = $qres->fields['signupid'];
- $tid = $qres->fields['transactionid'];
- if (empty($id)) {
- $pass = make_password();
- $query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
- $attribs[]=$pass;
- $attribs[]=$sid[0];
- $attribs[]='99999'; //SUCS Magic internal use UID
-
- $qres = $sucsDB->Execute($query,$attribs);
- if (!$qres) {
- $mode="error";
- $smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
- } else {
- $id = $qres->fields['id'];
- $query = "UPDATE transactions SET signupid=? WHERE transactionid=?;";
- $qres = $sucsDB->Execute($query, array($id, $tid));
- $smarty->assign('slipid', $id);
- $smarty->assign('slippass', $pass);
- $smarty->assign('sid', $sid[0]);
- }
-
- }else {
- $query = "SELECT username, password FROM signup WHERE id=?;";
- $qres = $sucsDB->Execute($query, array($id));
- if (!$qres) {
- $mode="error";
- $smarty->assign("error_text", "The user appears to have generated a signup ID using the SU Signup system (Slip ID: ".$id."), but the password for that slip can't be retrieved.<br />Request assistance.");
- } else if ($qres->fields['username'] !== NULL) {
- $mode="error";
- $smarty->assign("error_text", "This user appears to have completed signup, with username <strong>".$qres->fields['username']."</strong><br />Check that this user exists, and offer to reset their password if necessary.");
- }
- $pass = $qres->fields['password'];
- $smarty->assign('slipid', $id);
- $smarty->assign('slippass', $pass);
- $smarty->assign('sid', $sid[0]);
- }
- }
-
- if(!$mode=='error') {
- //Right, this should be the point where we hand off to signup
- $smarty->assign('slipid', $id);
- $smarty->assign('slippass', $pass);
- $smarty->assign('sid', $sid[0]);
- }
-
- }else{
- $mode='error';
- $smarty->assign("error_text", "Student does not appear to have paid. Extract fees");
- }
- }
- }
- }
- }
- } else if ($mode=="renew") {
- if (empty($_REQUEST['member'])){
- $mode='error';
- $smarty->assign('error_text',"Can't renew a member without knowing their username!");
- } else if (!isset($_REQUEST['renewconf'])) {
- //Should be trying to renew $_REQUEST['member']
- $username=urldecode($_REQUEST['member']);
- $q = "SELECT username, typename, sid, paid, email FROM members, member_type WHERE username=?";
- $res = $sucsDB->Execute($q,array($username));
- if (!$res) {
- $mode='error';
- $smarty->assign('error_text', "A database error occurred while trying to retrieve member details");
- } else if ($res->fields['paid'] == paidUntil(time())) {
- $mode='error';
- $smarty->assign('error_text', 'User appears to have been renewed already?');
- } else {
- $smarty->assign('renew_user', $username);
- $smarty->assign('renew_paid', $res->fields['paid']);
- $smarty->assign('renew_type', $res->fields['typename']);
- $url = "$apibaseurl/IsPersonMember?strCriteria=".$res->fields['sid']."&GroupingId=6613";
- $apiReq = curl_init();
- curl_setopt($apiReq, CURLOPT_URL, $url);
- curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
- curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
-
- $apiResult = curl_exec($apiReq);
- libxml_use_internal_errors(true);
- $xml=simplexml_load_string($apiResult);
- if (!$xml || isset($xml->head->title)) {
- $mode='error';
- $smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
- } else {
- $ismember = $xml[0];
-
- $user = posix_getpwnam($session->username);
-
- if ($ismember!="true") {
- $mode='error';
- $smarty->assign('error_text', 'Member does not appear to have paid via the SU system. Use the old renewals system if they have paid using some other method');;
- } else {
- if (renew_member($username, $user['uid'], $user['name'])) {
- message_flash("Successfully renewed");
- $mode='menu';
+ // they have given us a valid sid lets check to see if they have paid
+
+ // make sure the user/admin/exec isn't an idiot
+ // check if they are already signed up and tell them so
+ $tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($_REQUEST['sid']));
+ if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){
+ // let them know they are already signed up and renewed
+ message_flash("You are a numpty and have already signed up and paid for this year.");
+ // else if check to see if they have signedup and paid for the new year but haven't renewed
+ } else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){
+ // renew them!
+ renew_membership($tmpresult->fields["username"]);
+ // let them know that their account has been renewed
+ message_flash("Your SUCS account has been renewed.");
+ }else{
+ if (check_su_sid($_REQUEST['sid'])) {
+ // lets make them a signup slip
+ $pass = make_password();
+ $query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
+ $attribs[]=$pass;
+ $attribs[]=$_REQUEST['sid'];
+ $attribs[]='99999'; //SUCS Magic internal use UID
+
+ $id = $sucsDB->Execute($query,$attribs);
+ $id = $id->fields['id'];
+ if (!$id) {
+ $mode="error";
+ $smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
} else {
- $mode='error';
- $smarty->assign('error_text', 'An error occurred renewing account '.$username);
+ $smarty->assign('slipid', $id);
+ $smarty->assign('slippass', $pass);
+ $smarty->assign('sid', $_REQUEST['sid']);
}
-
+ }else{
+ $mode='error';
+ $smarty->assign("error_text", "Student does not appear to have paid. Extract fees");
}
-
}
}
}
-
+ // mass renewals page
} else if ($mode == 'renewals') {
- //Get list of members according to the SU
- $url = "$apibaseurl/GetMemberListData?GroupingId=6613";
- $apiReq = curl_init();
- curl_setopt($apiReq, CURLOPT_URL, $url);
- curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
- curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
- $apiResult = curl_exec($apiReq);
- $sumembers = su_response_decode($apiResult);
- if (!$sumembers) {
- $mode ='error';
- $smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
- } else {
$matches = array();
$others=0;
$paidup=0;
- foreach ($sumembers as $sumem) {
- $sucsmem = get_sucs_record($sumem['uni_card_number']);
+ foreach ($just_members as $sumem) {
+ $sucsmem = get_sucs_record($sumem['card_number']);
if ($sucsmem && $sucsmem['paid'] != paidUntil(time()) && $sucsmem['type']==1) {
- $matches[]=array($sumem['firstName']." ".$sumem['lastName'], $sucsmem['realname'], $sumem['uni_card_number'], $sucsmem['username'], $sucsmem['paid']);
+ $matches[]=array($sumem['purchaser'], $sucsmem['realname'], $sumem['card_number'], $sucsmem['username'], $sucsmem['paid']);
} else if ($sucsmem && $sucsmem['paid'] == paidUntil(time())) {
$others++;
$paidup++;
@@ -238,7 +98,6 @@ if (isset($session->groups[$permission])) {
$smarty->assign("others", $others);
$smarty->assign("paidup", $paidup);
$smarty->assign("pending", $others - $paidup);
- }
} else if ($mode == 'renewals2') {
$failures = array();
$successes = array();
@@ -248,8 +107,7 @@ if (isset($session->groups[$permission])) {
$smarty->assign("error_text", "Can't renew an empty list!");
} else {
foreach($_REQUEST['renew'] as $user) {
- $admin_user=posix_getpwnam($session->username);
- if (renew_member($user, $admin_user['uid'], $admin_user['name'])) {
+ if (admin_renew_member($user, $session->username)) {
$successes[]=$user;
} else {
$failures[]=$user;
@@ -261,27 +119,13 @@ if (isset($session->groups[$permission])) {
$smarty->assign("successes", count($successes));
}
} else if ($mode == 'list') {
- //Get list of members according to the SU
- $url="$apibaseurl/GetMemberListData?GroupingId=6613";
- $apiReq = curl_init();
- curl_setopt($apiReq, CURLOPT_URL, $url);
- curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
- curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
-
- $apiResult = curl_exec($apiReq);
- $sumembers = su_response_decode($apiResult);
- if (!$sumembers) {
- $mode='error';
- $smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
- } else {
$matches = array();
- foreach ($sumembers as $sumem) {
- $sucsmem = get_sucs_record($sumem['uni_card_number']);
+ foreach ($just_members as $sumem) {
+ $sucsmem = get_sucs_record($sumem['card_number']);
if ($sucsmem) {
- $matches[]=array($sumem['firstName']." ".$sumem['lastName'], $sucsmem['realname'], $sumem['uni_card_number'], $sucsmem['username'], $sucsmem['paid']);
+ $matches[]=array($sumem['purchaser'], $sucsmem['realname'], $sumem['card_number'], $sucsmem['username'], $sucsmem['paid']);
} else {
- $matches[]=array($sumem['firstName']." ".$sumem['lastName'], "N/A", $sumem['uni_card_number'], "N/A", "Not signed up");
+ $matches[]=array($sumem['purchaser'], "N/A", $sumem['card_number'], "N/A", "Not signed up");
}
}
function sortbypaid($a, $b) {
@@ -290,7 +134,6 @@ if (isset($session->groups[$permission])) {
}
usort($matches, 'sortbypaid');
$smarty->assign("matches", $matches);
- }
}
$smarty->assign('renewables', get_renewable_members());
}
@@ -302,17 +145,6 @@ $body = $smarty->fetch("susignup-admin.tpl");
$smarty->assign('body', $body);
$smarty->assign("extra_styles", array("$baseurl/css/susignup-admin.css"));
-function su_response_decode($text) {
- global $smarty;
- libxml_use_internal_errors(true);
- $xml=simplexml_load_string($text);
- if (!$xml || isset($xml->head->title)) {
- return false;
- } else {
- return json_decode($xml[0],TRUE);
- }
-}
-
function get_sucs_record($sid) {
global $sucsDB;
@@ -338,37 +170,18 @@ function get_renewable_members() {
return $retvals;
}
-function renew_member($renew_name, $admin_uid, $admin_name) {
- global $sucsDB;
-
- $q="UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?;";
- $r=$sucsDB->Execute($q, array(paidUntil(time()), $admin_uid, $renew_name));
- if (!$r) {
- print $sucsDB->ErrorMsg();
- return FALSE;
- } else {
+function admin_renew_member($renew_name, $admin_name) {
+ global $sucsDB;
+ renew_member($renew_name);
$q="SELECT email, typename FROM members, member_type WHERE username=? AND type=member_type.id;";
$r=$sucsDB->Execute($q, array($renew_name));
-
$message = "Account Renewal notification\n\n";
$message .= "Account : ".$renew_name."\n";
$message .= "User Type : ".$r->fields['typename']."\n";
$message .= "Renewed by: ".$admin_name."\n\n";
$message .= "**** Payment was made via the SU payments system ****\n";
$message .= "Regards\n The SU Renewals script";
- mail("treasurer@sucs.org","Account Renewal",$message);
-
- $message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n";
- $message .= "Username: ".$renew_name."\n";
- $message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n";
- $message .= "Regards\n The SUCS admin";
- $header = "From: admin@sucs.org\r\n";
- $header .= "Reply-To: admin@sucs.org";
- // Personal account
- mail($r->fields['email'],"SUCS account renewal",$message,$header);
- // sucs account
- mail($renew_name."@sucs.org","SUCS account renewal",$message,$header);
+ mail("exec@sucs.org","Account Renewal",$message);
return TRUE;
- }
-
}
+
diff --git a/components/susignup.php b/components/susignup.php
index b5c153f7a4e7e46d6ae3133758a7af8287605dd3..c257c4486cd0b9a09a88da8a56944e418147226d 100755
--- a/components/susignup.php
+++ b/components/susignup.php
@@ -1,256 +1,72 @@
<?php
-//unique society identifier
-$GroupingID = "6613";
+// gib errars plox
+//error_reporting(E_ALL);
+//ini_set('display_errors', 1);
+// this is the php for sucs.org/susignup
+
+// Include shit we need. like the renew_membership fucntion
include "../lib/member_functions.php";
include "../lib/date.php";
-include "../suapi.inc.php";
+// include the suapiv2 stuff like check_su_sid_and_trans()
+include "../lib/suapiv2.php";
+
+// since the rewrite by ~imranh this no longer sends out emails
+// feel free to add it
+// Where do errors go?
$error_email = "admin@sucs.org";
+
+// By default display a page asking for sid and transid
+// this is called "login"
$mode = 'login';
-//login
+
+// if somone has post'd data to the page then do shit
if(!empty($_REQUEST['sid'])&&!empty($_REQUEST['transactionID'])){
-//set signup details
+ // stick the post'd data in a variable we can call easily
$sid = $_REQUEST['sid'];
$transactionID = $_REQUEST['transactionID'];
- //set POST variables
- $url = "https://$suapi_user:$suapi_pass@su-api.sucs.org/memberships/Membership.asmx/GetMemberByTransactionID";
- $fields = array(
- 'transactionID'=>urlencode($transactionID),
- 'GroupingID'=>urlencode($GroupingID),
- );
- //url-ify the data for the POST
- $field_string = "";
- foreach($fields as $key=>$value) { $fields_string .= $key.'='.$value.'&'; }
- rtrim($fields_string,'&');
- //open connection
- $ch = curl_init();
-
- //set the url, number of POST vars, POST data
- curl_setopt($ch,CURLOPT_URL,$url);
- curl_setopt($ch,CURLOPT_POST,count($fields));
- curl_setopt($ch,CURLOPT_POSTFIELDS,$fields_string);
- curl_setopt($ch,CURLOPT_RETURNTRANSFER,TRUE);
- curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
- curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, false);
- //execute post
- $result = curl_exec($ch);
-
- //close connection
- curl_close($ch);
- if(!$result){
- $mode = "error";
- $smarty->assign("error_text", "Invalid query returned");
- } else {
- libxml_use_internal_errors(true);
- $xml=simplexml_load_string($result);
- if (!$xml||isset($xml->head->title)) {
- $mode='error';
- $smarty->assign("error_text", "An error occurred communicating with the SUSU API");
- } else{
- $re1='.*?';
- $re2='(\\{.*?\\})';
- if ($c=preg_match_all ("/".$re1.$re2."/is", $result, $matches))
- {
- $json_string=$matches[1][0];
- } else{
- $mode = "error";
- }
- $array = json_decode($json_string,TRUE);
- if($array['cardNumber'] == $sid && $sid != ""){
- $mode = 'form';
-
- // SET THIS FOR DEBUG MODE
- // $sucsDB->debug = true;
-
- $fullName = $array['firstName']." ".$array['lastName'];
- $query = "INSERT INTO transactions (transactionID,fullName,emailAddress,cardNumber,personID) values(?, ?, ?, ?, ?)";
- $attribs[] = $transactionID;
- $attribs[] = $fullName;
- $attribs[] = $array['emailAddress'];
- $attribs[] = $array['cardNumber'];
- $attribs[] = $array['personID'];
-
- $valid = true;
- if(!$sucsDB->Execute($query,$attribs)) {
- // We did this because Adodb ErrorNo command is broken
- $query = "SELECT * FROM transactions WHERE transactionID = ?";
- unset($attribs);
- $attribs[]=$transactionID;
- if($sucsDB->Execute($query,$attribs)) {
-
- $query = "SELECT * FROM transactions WHERE transactionID = ?";
- $attribs= array();
- $attribs[]=$transactionID;
- $data = $sucsDB->GetAll($query,$attribs);
- if(is_array($data)&&sizeof($data)==1&&$data[0]['signupid']==NULL){
- // As it stands this shouldn't happen but if it does, no reason not to let them carry on
- $valid = true;
- } elseif(is_array($data)&&sizeof($data)==1&&$data[0]['signupid']!=NULL) {
- $query = "SELECT * FROM signup WHERE sid = ?";
- unset($attribs);
- $attribs[]=$sid;
- $data = $sucsDB->Execute($query, $attribs);
- if(!$data) {
- mail(
- $error_email,
- "SUSignup Error",
- "An error occured in the susignup system at stage 0\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
- "From: \"SUCS Admin\" <admin@sucs.org>"
- );
- $valid=false;
- } else if($data->fields['username']!=NULL){
- $smarty->assign("username", $data->fields['username']);
- $mode='numpty2';
- // This happens if they already ahve a SUCS account and are trying to create a new signupid
- $valid = false;
- } else {
- $smarty->assign("id", $data->fields['id']);
- $smarty->assign("pass", $data->fields['password']);
- $mode='numpty';
- // If this happens they tried to get a new signupid/pass after already getting one, and should get weekly reminders about it
- $valid = false;
- }
- } else {
- $mode="error";
- mail(
- $error_email,
- "SUSignup Error",
- "An error occured in the susignup system at stage 1\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
- "From: \"SUCS Admin\" <admin@sucs.org>"
- );
-
- $valid = false;
- }
-
- } else {
- $mode="error";
- mail(
- $error_email,
- "SUSignup Error",
- "An error occured in the susignup system at stage 2\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
- "From: \"SUCS Admin\" <admin@sucs.org>"
- );
-
- $valid = false;
- }
- }
-
- if($valid)
- {
- unset($attribs);
- unset($query);
- $query = "SELECT * FROM members WHERE sid = ?";
- $attribs[] = $sid;
- unset($data);
- $data = $sucsDB->Execute($query, $attribs);
- if (!$data) {
- $mode = "error";
- $smarty->assign("error_text", "Error in internal database check");
- } elseif ($data->RecordCount()==1) {
- $mode = "renew";
- $q="UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?;";
- $r=$sucsDB->Execute($q, array(paidUntil(time()), '99999', $data->fields['username']));
- if (!$r) {
- mail(
- $error_email,
- "SUSignup Error",
- "An error occured in the susignup system at stage 2.5\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
- "From: \"SUCS Admin\" <admin@sucs.org>"
- );
-
- } else {
- $q="SELECT email, typename FROM members, member_type WHERE username=? AND type=member_type.id;";
- $r=$sucsDB->Execute($q, array($data->fields['username']));
-
- $message = "Account Renewal notification\n\n";
- $message .= "Account : ".$data->fields['username']."\n";
- $message .= "User Type : ".$r->fields['typename']."\n";
- $message .= "Renewed by: ".$data->fields['username'].".\n\n";
- $message .= "**** Payment was made via the SU payments system ****\n";
- $message .= "Regards\n The SU Renewals script";
- mail("treasurer@sucs.org","Account Renewal",$message);
-
- $message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n";
- $message .= "Username: ".$renew_name."\n";
- $message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n";
- $message .= "Regards\n The SUCS admin";
- $header = "From: admin@sucs.org\r\n";
- $header .= "Reply-To: admin@sucs.org";
- // Personal account
- mail($r->fields['email'],"SUCS account renewal",$message,$header);
- // sucs account
- mail($data->fields['username']."@sucs.org","SUCS account renewal",$message,$header);
- unset($query);
- unset($attribs);
- $query = "UPDATE transactions set signupid=? WHERE transactionID=?";
- $attribs[]="000";
- $attribs[]=$transactionID;
- $data = $sucsDB->Execute($query,$attribs);
- if (!$data) {
- $mode="error";
- mail(
- $error_email,
- "SUSignup Error",
- "An error occured in the susignup system at stage 2.6\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
- "From: \"SUCS Admin\" <admin@sucs.org>"
- );
- }
- }
- } else {
- $pass = make_password();
- unset($query);
- $query = "insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id";
- unset($attribs);
- $attribs[]=$pass;
- $attribs[]=$array['cardNumber'];
- $attribs[]='99999';
-
- $iddata = $sucsDB->Execute($query,$attribs);
- $id = $iddata->fields['id'];
- if (!$iddata) {
- $mode="error";
- mail(
- $error_email,
- "SUSignup Error",
- "An error occured in the susignup system at stage 3\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
- "From: \"SUCS Admin\" <admin@sucs.org>"
- );
- } else {
- $query = "update transactions set signupid=? WHERE transactionID=?";
- unset($attribs);
- $attribs[]=$id;
- $attribs[]=$transactionID;
- if(!$sucsDB->Execute($query,$attribs)) {
- $mode="error";
- mail(
- $error_email,
- "SUSignup Error",
- "An error occured in the susignup system at stage 4\n Love the signup system.\n\nP.S. The Error is:\n ".$sucsDB->ErrorMsg(),
- "From: \"SUCS Admin\" <admin@sucs.org>"
- );
- print($sucsDB->ErrorMsg());
- } else {
- $smarty->assign("id", $id);
- $smarty->assign("pass", $pass);
- mail(
- $array['emailAddress'].','.$sid.'@swansea.ac.uk',
- "SUCS Signup Information",
- "Thankyou for joining Swansea University Computer Society, your signup details are below;\nSignupID: $id\nSignup Password: $pass\nIf you have successfully completed signup immediately then you can disregard this message.\n\nSUCS Admin Team.",
- "From: \"SUCS Admin\" <admin@sucs.org>"
- );
- }
- }
- }
- }
- }
+ // check if the data posted is valid
+ if(check_su_sid_and_trans($sid,$transactionID)){
+
+ // check to see if they are already a valid and paid member
+ $tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($sid));
+ if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){
+ // let them know they are already signed up and renewed
+ message_flash("You are a numpty and have already signed up and paid for this year.");
+ // else if check to see if they have signedup and paid for the new year but haven't renewed
+ }else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){
+ // renew them!
+ renew_membership($tmpresult->fields["username"]);
+ // let them know that their account has been renewed
+ message_flash("Your SUCS account has been renewed.");
+ // else if they aren't in the SUCS DB but have a signup slip, take them back to that part of signup
+ $singuptmpresult = $sucsDB->Execute("SELECT * FROM signup WHERE sid=?", array($sid));
+ } else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid) {
+ $mode = "form";
+ $smarty->assign("id",$signuptmpresult->fields["id"]);
+ $smarty->assign("pass",$signuptmpresult->fields["password"]);
+ // else if they aren't in the SUCS DB, then bootstrap signup process
+ } else if ($tmpresult->fields == false && $signuptmpresult->fields == false) {
+ $mode = "form";
+ $pass = make_password();
+ $iddata = $sucsDB->Execute("insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id",array($pass,$sid,"99999"));
+ $id = $iddata->fields['id'];
+ $smarty->assign("id", $id);
+ $smarty->assign("pass", $pass);
+ } else {
+ // they should never get here
+ echo("fuck you");
}
+ } else {
+ trigger_error("That Student Number and Transaction ID combo are invalid.", E_USER_ERROR);
}
}
+
$smarty->assign("mode", $mode);
$output = $smarty->fetch("susignup.tpl");
diff --git a/lib/member_functions.php b/lib/member_functions.php
index a1ee5186c344772d738fd43083359652d9b7d9ad..3c756290410298f6e267795073eff3ecdcb4adab 100644
--- a/lib/member_functions.php
+++ b/lib/member_functions.php
@@ -107,4 +107,31 @@ function generateLdif($uid, $password, $type, $realname, $username){
return $ldif;
}
+// function to renew a persons sucs membership
+function renew_membership($username) {
+
+ // get their details from the sucs db
+ $userdata = $sucsDB->Execute("SELECT * FROM members WHERE username=?", array($username));
+
+ // include the date file so we can call the paidUntil function
+ include_once("date.php");
+
+ // Update their record in the DB
+ $sucsDB->Execute("UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?", array(paidUntil(time()), "99999", $username));
+
+ // Give them their 200 print credits
+ exec("/usr/local/sbin/printerrenew.apache ${username} 200");
+
+ // apprently sending them an email confirming so is nice
+ $message = "Your Swansea University Computer Society (SUCS) membership has been renewed\n\n";
+ $message .= "Username: ${username}\n";
+ $message .= "If you do not know or have forgotten your password, please email admin@sucs.org to arrange for it to be changed.\n\n";
+ $message .= "Regards\n The SUCS admin";
+ $header = "From: admin@sucs.org\r\n";
+ $header .= "Reply-To: admin@sucs.org";
+ // send it to their personal account
+ mail($userdata->fields['email'],"SUCS account renewal",$message,$header);
+
+}
+
?>
diff --git a/lib/suapiv2.php b/lib/suapiv2.php
new file mode 100644
index 0000000000000000000000000000000000000000..00c494c5239878eba2fa0e2a55bc210d2ddb3bdd
--- /dev/null
+++ b/lib/suapiv2.php
@@ -0,0 +1,78 @@
+<?php
+
+// sorry
+
+
+// gib errars plox
+//error_reporting(E_ALL);
+//ini_set('display_errors', 1);
+
+// without this the entire thing doesn't work
+include_once("../suapiv2-key.php");
+
+//SUCS Org ID According to the SU
+$orgid = "6613";
+
+$apibaseurl = "http://su-apiv2.sucs.org/?apikey=${apikey}&orgid=${orgid}";
+
+// Get the shit json the suapiv2 spits out
+$ch = curl_init($apibaseurl);
+curl_setopt($ch,CURLOPT_RETURNTRANSFER, TRUE);
+$raw_data = curl_exec($ch);
+curl_close($ch);
+$formated_raw_data = json_decode($raw_data, true); //convert it into php arrays
+/*
+* $membership_data is an array where each type of memebrship is it;s own array
+* Insdie each of those arrays the actual arrary of members is under ["Detail_Collection"]["Detail"]
+* So $membership_data[0]["Detail_Collection"]["Detail"][0] will get you the array containing the
+* first member in the data
+*/
+$membership_data = $formated_raw_data["table1"]["table1_Product_Collection"]["table1_Product"];
+
+// make a new array that just contains *every* member no matter what they bought
+$just_members = array();
+foreach ($membership_data as $typeOfMember) {
+ foreach ($typeOfMember["Detail_Collection"]["Detail"] as $member) {
+ array_push($just_members, $member["@attributes"]);
+ }
+}
+
+/* You can now use $just_members to probe member detials. It's an array of arrays which each contain:
+* transaction_id (recepit id)
+* purchaser (full name)
+* textbox6 (under 18 or not) NOT SURE OF THE FORMAT
+* card_number (student number)
+* shop_name (where they bought sucs memebrship)
+* qty (how many sucs memebrships they bought)
+* purchase_date (timestamp of when they bought memebrship)4
+*/
+
+/*
+* Used by /susignup to verify that the stduent number and transaction id combo are valid
+* returns true or false
+*/
+function check_su_sid_and_trans($sid, $transid) {
+ global $just_members;
+ foreach ($just_members as $member) {
+ if ($sid == $member["card_number"] && $transid == $member["transaction_id"]) {
+ return true;
+ }
+ }
+ return false;
+}
+
+/*
+* Used to verify taht a given stduent number has paid for membership via the su system.
+* returns false or true
+*/
+function check_su_sid($sid) {
+ global $just_members;
+ foreach ($just_members as $member) {
+ if ($sid == $member["card_number"]) {
+ return true;
+ }
+ }
+ return false;
+}
+
+?>
diff --git a/templates/susignup-admin.tpl b/templates/susignup-admin.tpl
index 0c9dc1a30223f2023906c5b27b4f9a2ba2087ed7..429f3fa7527f6457c8044471b3fae07f9324e63e 100644
--- a/templates/susignup-admin.tpl
+++ b/templates/susignup-admin.tpl
@@ -67,7 +67,7 @@ The following accounts failed to renew:
The details are:<br />
<strong>Slip ID: </strong> {$slipid}<br />
<strong>Slip Password: </strong> {$slippass} <br />
- <form action="https://sucs.org/signup/" method="post">
+ <form action="{$baseurl}/signup/" method="post">
<input type=hidden name="signupid" id="id" value="{$slipid}" />
<input type=hidden name="signuppw" id="pass" value="{$slippass}" />
<input type=submit name="submit" value="Proceed" />
diff --git a/templates/susignup.tpl b/templates/susignup.tpl
index 2ebf1a0fb3bcf7e209dc50293363fad17ef7063d..eaa0bad2b62df77fe08b06b9959c578341e59e78 100644
--- a/templates/susignup.tpl
+++ b/templates/susignup.tpl
@@ -23,38 +23,18 @@
<div class="hollowfoot"><div><div></div></div></div>
</div>
</form>
-{elseif $mode=='form' || $mode=="re-form"}
+{elseif $mode=='form'}
<h1>Signup</h1>
- <p>To continue signup later please use the link below to dispay and print off your signup slip</p>
- <form action="https://sucs.org/~kais58/sucstest/sucs/generate.php" method="post" target="_blank">
- <input type=hidden name="id" id="id" value="{$id}" />
- <input type=hidden name="pass" id="pass" value="{$pass}" />
- <input type=submit name="submit" value="Proceed" />
- </form>
- <p>To finish signup now click below to continue</p>
- <form action="https://sucs.org/signup/" method="post">
+ <p>To contiune signup now click below</p>
+ <form action="{$baseurl}/signup/" method="post">
<input type=hidden name="signupid" id="id" value="{$id}" />
<input type=hidden name="signuppw" id="pass" value="{$pass}" />
<input type=submit name="submit" value="Proceed" />
</form>
-{elseif $mode=='numpty'}
- <p>You appear to have completed this part of signup before, please check your emails for your signup ID and password. Alternatively click below to continue.</p>
- <form action="https://sucs.org/signup/" method="post">
- <input type=hidden name="signupid" id="id" value="{$id}" />
- <input type=hidden name="signuppw" id="pass" value="{$pass}" />
- <input type=submit name="submit" value="Proceed" />
- </form>
-{elseif $mode=='numpty2'}
- <p>You appear to have already completed this step and registered with SUCS with the username <strong>{$username}</strong>.<br/>If you have forgotten your login password please email <a href='mailto:admin@sucs.org'>admin@sucs.org</a> or drop by the SUCS room and find an admin.</p>
-
-{elseif $mode=='renew'}
- <h1>Renewed</h1>
- <p>Thankyou for renewing your membership, it has completed succesfully</p>
{else}
<h1>Error</h1>
<div class='errorbar'>
<strong>Error: </strong> {$error_text}
</div>
An error occured during signup, please email, with as much information as you can provide, <a href='mailto:admin@sucs.org'>admin@sucs.org</a> for assistance.
-{/if}
-
+{/if}
\ No newline at end of file