i merged

Merge branch 'suapiv2' of projects.sucs.org:imranh/sucs-site into suapiv2

i merged
665cce71 · Laurence Sebastian Bowes · 3544d1a3 · d6cd4954 · 665cce71 · 665cce71
Commit 665cce71 authored 9 years ago by Laurence Sebastian Bowes
--- a/components/susignup-admin.php
+++ b/components/susignup-admin.php
-<?PHP
-/***
- * SU Signup admin
- * Allows us to search the SU api for a given student number and checks if they're a SUCS member.
- * If they are - allows account renewal
- * If not - allows signup to be bootstrapped as per susignup component
- ***/
+<?php

+// gib errars plox
+//error_reporting(E_ALL);
+//ini_set('display_errors', 1);
+
+// include functions and shit we need
 include("../lib/member_functions.php");
 include("../lib/date.php");
-include("../suapi.inc.php");
+include("../lib/suapiv2.php");

 //Restrict access to staff.
 $permission="sucsstaff";
-$apibaseurl="https://$suapi_user:$suapi_pass@su-api.sucs.org/memberships/Membership.asmx";

+// if they have the right privs then lets do shit
 if (isset($session->groups[$permission])) {
 	//Setup smarty magic, step 1
 	$smarty->assign("staff", TRUE);

+	// if no mode has been requested then show options
 	if(!isset($_REQUEST['mode'])) {
 		$mode = 'menu';
 	} else {
 		$mode = urldecode($_REQUEST['mode']);
 	}

+	// We have a mode, lets try and work out wtf they want to do
+
+	// they have typed in a sid and want to bootstrap the signup processs
 	if ($mode == 'search') {
 		if (empty($_REQUEST['sid']) || empty($_REQUEST['snsubmit'])) {
 			$mode = 'error';
-			$smarty->assign("error_text", "Invalid search request");	
+			$smarty->assign("error_text", "Invalid search request");
 		}else{
 			$pres=preg_match("/^[0-9]{6}$/",$_REQUEST['sid'],$sid);
 			if ($pres!=1) {
 				$mode = 'error';
 				$smarty->assign("error_text", "Search term doesn't look like a valid student ID");
 			} else {
-				$url = "$apibaseurl/IsPersonMember?strCriteria=".$sid[0]."&GroupingId=6613";
-				$apiReq = curl_init();
-				curl_setopt($apiReq, CURLOPT_URL, $url);
-				curl_setopt($apiReq, CURLOPT_RETURNTRANSFER, TRUE);
-				curl_setopt($apiReq, CURLOPT_SSL_VERIFYPEER, false);
-				curl_setopt($apiReq, CURLOPT_SSL_VERIFYHOST, false);
-
-				$apiResult = curl_exec($apiReq);
-				if ($apiResult === FALSE) {
-					$mode = 'error';
-					$smarty->assign("error_text", "An error occurred communicating with the SUSU API.");
-				}else {
-					// Ostensibly we now have a valid search result from the SU - go to work
-					libxml_use_internal_errors(true);
-					$xml=simplexml_load_string($apiResult);
-					if (!$xml||isset($xml->head->title)) {
-						$mode='error';
-						$smarty->assign("error_text", "An error occurred communicating with the SUSU API");
-					} else {
-						$ismember = $xml[0];
-						if ($ismember=="true") {
-							//Yay, we have a student who has paid and needs to be signed up.
-							//Check they don't have a signup slip already
-							$query = "SELECT transactionid, signupid FROM transactions WHERE cardNumber = ?;";
-							$qres = $sucsDB->Execute($query, $sid);
-							
-							if ($qres->RecordCount()==0) {
-								// No transaction, but might have unused signup slip. If so, retrieve values.
-								$query = "SELECT id, username, password FROM signup WHERE sid=?;";
-								$qres = $sucsDB->Execute($query, array($sid[0]));
-								if ($qres && $qres->RecordCount() > 0) {
-									if ($qres->RecordCount() > 1) {
-										$mode='error';
-										$smarty->assign("error_text", "Student has multiple signup slips in the DB. Bork! Bork! Bork!");
-									} else if (!empty($qres->fields['username'])) {
-										$mode='error';
-										$smarty->assign("error_text", "Student hasn't tried to use the SU signup component (No transaction in DB), but has a previously used Signup Slip with username ".$qres->fields['username'].".<br />Is this a renewal? If not, ask an admin to generate a new signup slip for this student");
-										//TODO: Add option to generate new signup slip?
-									} else {
-										$id = $qres->fields['id'];
-										$pass = $qres->fields['password'];
-									}
-								} else {
-									$pass = make_password();
-									$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
-									$attribs[]=$pass;
-									$attribs[]=$sid[0];
-									$attribs[]='99999'; //SUCS Magic internal use UID
-
-									$id = $sucsDB->Execute($query,$attribs);
-									$id = $id->fields['id'];
-									if (!$id) {
-										$mode="error";
-										$smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
-									} else {
-										$smarty->assign('slipid', $id);
-										$smarty->assign('slippass', $pass);
-										$smarty->assign('sid', $sid[0]);
-									}
-								}
-							} else {
-								//Retrieve existing slip
-								$id = $qres->fields['signupid'];
-								$tid = $qres->fields['transactionid'];
-								if (empty($id)) {
-									$pass = make_password();
-									$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
-									$attribs[]=$pass;
-									$attribs[]=$sid[0];
-									$attribs[]='99999'; //SUCS Magic internal use UID
-
-									$qres = $sucsDB->Execute($query,$attribs);
-									if (!$qres) {
-										$mode="error";
-										$smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
-									} else {
-										$id = $qres->fields['id'];
-										$query = "UPDATE transactions SET signupid=? WHERE transactionid=?;";
-										$qres = $sucsDB->Execute($query, array($id, $tid));
-										$smarty->assign('slipid', $id);
-										$smarty->assign('slippass', $pass);
-										$smarty->assign('sid', $sid[0]);
-									}
-
-								}else {
-									$query = "SELECT username, password FROM signup WHERE id=?;";
-									$qres = $sucsDB->Execute($query, array($id));
-									if (!$qres) {
-										$mode="error";
-										$smarty->assign("error_text", "The user appears to have generated a signup ID using the SU Signup system (Slip ID: ".$id."), but the password for that slip can't be retrieved.<br />Request assistance.");
-									} else if ($qres->fields['username'] !== NULL) {
-										$mode="error";
-										$smarty->assign("error_text", "This user appears to have completed signup, with username <strong>".$qres->fields['username']."</strong><br />Check that this user exists, and offer to reset their password if necessary.");
-									}
-									$pass = $qres->fields['password'];
-									$smarty->assign('slipid', $id);
-									$smarty->assign('slippass', $pass);
-									$smarty->assign('sid', $sid[0]);
-								}
-							}
+				// they have given us a valid sid lets check to see if they have paid

-							if(!$mode=='error') {
-								//Right, this should be the point where we hand off to signup
-								$smarty->assign('slipid', $id);
-								$smarty->assign('slippass', $pass);
-								$smarty->assign('sid', $sid[0]);
-							}
+				// make sure the user/admin/exec isn't an idiot
+				// check if they are already signed up and tell them so
+				$tmpresult = $sucsDB->Execute("SELECT * FROM members WHERE sid=?", array($_REQUEST['sid']));
+				if($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] == paidUntil(time())){
+					// let them know they are already signed up and renewed
+					message_flash("You are a numpty and have already signed up and paid for this year.");
+				// else if check to see if they have signedup and paid for the new year but haven't renewed
+				} else if ($tmpresult->fields["sid"] == $sid && $tmpresult->fields["paid"] != paidUntil(time())){
+					// renew them!
+					renew_membership($tmpresult->fields["username"]);
+					// let them know that their account has been renewed
+					message_flash("Your SUCS account has been renewed.");
+				}else{
+					if (check_su_sid($_REQUEST['sid'])) {
+						// lets make them a signup slip
+						$pass = make_password();
+						$query = "INSERT INTO signup (password,sid,issuedby) VALUES ( ?, ?, ?) RETURNING id";
+						$attribs[]=$pass;
+						$attribs[]=$_REQUEST['sid'];
+						$attribs[]='99999'; //SUCS Magic internal use UID

-						}else{
-							$mode='error';
-							$smarty->assign("error_text", "Student does not appear to have paid. Extract fees");
+						$id = $sucsDB->Execute($query,$attribs);
+						$id = $id->fields['id'];
+						if (!$id) {
+							$mode="error";
+							$smarty->assign("error_text", "An error occurred generating a signup ID. Report the following message to the admins:<br /><pre>".$sucsDB->ErrorMsg()."</pre>");
+						} else {
+							$smarty->assign('slipid', $id);
+							$smarty->assign('slippass', $pass);
+							$smarty->assign('sid', $_REQUEST['sid']);
 						}
+					}else{
+						$mode='error';
+						$smarty->assign("error_text", "Student does not appear to have paid. Extract fees");
 					}
 				}
 			}

--- a/templates/susignup-admin.tpl
+++ b/templates/susignup-admin.tpl
@@ -67,7 +67,7 @@ The following accounts failed to renew:
 	The details are:<br />
 	<strong>Slip ID: </strong> {$slipid}<br />
 	<strong>Slip Password: </strong> {$slippass} <br />
-	<form action="https://sucs.org/signup/" method="post">
+	<form action="{$baseurl}/signup/" method="post">
 		<input type=hidden name="signupid" id="id" value="{$slipid}" />
 		<input type=hidden name="signuppw" id="pass" value="{$slippass}" />
 		<input type=submit name="submit" value="Proceed" />