Push SU-APIv2 stuff to live
The code seems to work pretty well on beta.
Do other people want to test it?
Merge request reports
Activity
47 $singuptmpresult = $sucsDB->Execute("SELECT * FROM signup WHERE sid=?", array($sid)); 48 } else if ($tmpresult->fields == false && $signuptmpresult->fields["sid"] == $sid) { 49 $mode = "form"; 50 $smarty->assign("id",$signuptmpresult->fields["id"]); 51 $smarty->assign("pass",$signuptmpresult->fields["password"]); 52 // else if they aren't in the SUCS DB, then bootstrap signup process 53 } else if ($tmpresult->fields == false && $signuptmpresult->fields == false) { 54 $mode = "form"; 55 $pass = make_password(); 56 $iddata = $sucsDB->Execute("insert into signup (password,sid,issuedby) values( ?, ?, ?) returning id",array($pass,$sid,"99999")); 57 $id = $iddata->fields['id']; 58 $smarty->assign("id", $id); 59 $smarty->assign("pass", $pass); 60 } else { 61 // they should never get here 62 echo("fuck you"); -
Can I suggest we don't use errors like this in user facing code? Even if it's a case that shouldn't happen, use the proper error handling methods and provide a useful message. Something like "This shouldn't happen, please contact an admin" would do - particularly as the email error reporting code has been removed.
There's no possible way to get to that. It requires both the sucssite db and the SUCS db to be unreachable but the site still in a useable enough state to register this component and the new suapi to be working.
If I had honestly thought anyone would ever be able to see this it would say something so much more useful.
I'll make a commit go replace it with die("You'll never see this but if you do, something has gone very wrong and the admin team are probably already trying to fix if");
240 $array['emailAddress'].','.$sid.'@swansea.ac.uk', 241 "SUCS Signup Information", 242 "Thankyou for joining Swansea University Computer Society, your signup details are below;\nSignupID: $id\nSignup Password: $pass\nIf you have successfully completed signup immediately then you can disregard this message.\n\nSUCS Admin Team.", 243 "From: \"SUCS Admin\" <admin@sucs.org>" 244 ); 245 } 246 } 247 } 248 } 249 } 32 // check if the data posted is valid 33 if(check_su_sid_and_trans($sid,$transactionID)){ 34 35 // check to see if they are already a valid and paid member 36 $tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($sid)); 37 if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){ -
Whether or not the errors get shown is going to vary based on the particular PHP settings in use. We might suppress E_NOTICE by default on silver anyway, so you'd only see the errors if you request E_ALL or E_NOTICE specifically. There are definitely other parts of this file that should have been throwing errors during development though (see other comments)
32 // check if the data posted is valid 33 if(check_su_sid_and_trans($sid,$transactionID)){ 34 35 // check to see if they are already a valid and paid member 36 $tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($sid)); 37 if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){ 38 // let them know they are already signed up and renewed 39 message_flash("You are a numpty and have already signed up and paid for this year."); 40 // else if check to see if they have signedup and paid for the new year but haven't renewed 41 }else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){ 42 // renew them! 43 renew_membership($tmpresult->fields["username"]); 44 // let them know that their account has been renewed 45 message_flash("Your SUCS account has been renewed."); 46 // else if they aren't in the SUCS DB but have a signup slip, take them back to that part of signup 47 $singuptmpresult = $sucsDB->Execute("SELECT * FROM signup WHERE sid=?", array($sid)); 107 107 return $ldif; 108 108 } 109 109 110 // function to renew a persons sucs membership 111 function renew_membership($username) { 112 113 // get their details from the sucs db 114 $userdata = $sucsDB->Execute("SELECT * FROM members WHERE username=?", array($username)); 115 116 // include the date file so we can call the paidUntil function 117 include_once("date.php"); 118 119 // Update their record in the DB 120 $sucsDB->Execute("UPDATE members SET paid=?, lastupdate=DEFAULT, lastedit=? WHERE username=?", array(paidUntil(time()), "99999", $username)); 
I think a lot of this code could be laid out a bit better (Although that goes for the whole site as well), while a rather small thing compared to actual bugs in the site the highly inconsistent use of spaces throughout the code makes some parts hard to understand. It should also be split up more into blocks by a blank line in-between blocks to help with readability.
mentioned in commit 2645f0b3