| 2 |
- |
1 |
## RollerCon support functions...
|
|
|
2 |
|
|
|
3 |
use strict;
|
|
|
4 |
use Exporter;
|
|
|
5 |
use CGI qw/:standard :netscape/;
|
|
|
6 |
use CGI::Cookie;
|
|
|
7 |
use DBI;
|
|
|
8 |
|
|
|
9 |
my $dsn = "DBI:mysql:database=rollerco_data;host=localhost;port=3306";
|
|
|
10 |
my $dbh = DBI->connect($dsn, 'rollerco_www', 'www-data');
|
|
|
11 |
our $ORCUSER;
|
|
|
12 |
|
|
|
13 |
sub authDB {
|
|
|
14 |
my $src = shift;
|
|
|
15 |
my $id = shift;
|
|
|
16 |
my $pass = shift;
|
|
|
17 |
my $level = shift;
|
|
|
18 |
my ($result, $encpass);
|
|
|
19 |
|
|
|
20 |
my $sth = $dbh->prepare("select * from official where email = ?");
|
|
|
21 |
$sth->execute($id);
|
|
|
22 |
my $RCDBIDHASH = $sth->fetchrow_hashref();
|
|
|
23 |
|
|
|
24 |
if ($src eq "form") {
|
|
|
25 |
my $pwdhan = $dbh->prepare("select password(?)");
|
|
|
26 |
$pwdhan->execute($pass);
|
|
|
27 |
($encpass) = $pwdhan->fetchrow();
|
|
|
28 |
} else {
|
|
|
29 |
$encpass = $pass;
|
|
|
30 |
}
|
|
|
31 |
|
|
|
32 |
if (!$RCDBIDHASH) {
|
|
|
33 |
$result->{ERRMSG} = "User-ID/Email Address not found!";
|
|
|
34 |
$result->{cookie_string} = '';
|
|
|
35 |
$result->{RCid} = '';
|
|
|
36 |
logit(0, "Account not found: $id");
|
|
|
37 |
$result->{authenticated} = 'false';
|
|
|
38 |
} elsif ($RCDBIDHASH->{'password'} ne $encpass) {
|
|
|
39 |
$result->{ERRMSG} = "Incorrect Password!";
|
|
|
40 |
$result->{cookie_string} = '';
|
|
|
41 |
$result->{RCid} = $RCDBIDHASH->{'RCid'};
|
|
|
42 |
logit($RCDBIDHASH->{'RCid'}, "Incorrect Password");
|
|
|
43 |
$result->{authenticated} = 'false';
|
|
|
44 |
} elsif ($RCDBIDHASH->{'access'} < $level) {
|
|
|
45 |
$result->{ERRMSG} = "Your account either needs to be activated, or doesn't have access to this page!";
|
|
|
46 |
$result->{cookie_string} = "${id}&${encpass}&$RCDBIDHASH->{'access'}";
|
|
|
47 |
$result->{RCid} = $RCDBIDHASH->{'RCid'};
|
|
|
48 |
logit($RCDBIDHASH->{'RCid'}, "Insufficient Privileges");
|
|
|
49 |
$result->{authenticated} = 'false';
|
|
|
50 |
} else {
|
|
|
51 |
$result->{ERRMSG} = '';
|
|
|
52 |
$result->{cookie_string} = "${id}&${encpass}&$RCDBIDHASH->{'access'}";
|
|
|
53 |
$result->{RCid} = $RCDBIDHASH->{'RCid'};
|
|
|
54 |
logit($RCDBIDHASH->{'RCid'}, "Logged In") if $src eq "form";
|
|
|
55 |
$result->{authenticated} = 'true';
|
|
|
56 |
$ORCUSER=$RCDBIDHASH;
|
|
|
57 |
}
|
|
|
58 |
return $result;
|
|
|
59 |
}
|
|
|
60 |
|
|
|
61 |
sub authenticate { # Verifies the user has logged in or puts up a log in screen
|
|
|
62 |
# Check to see if the user has already logged in (there should be cookies with their authentication)?
|
|
|
63 |
my $MINLEVEL = shift || 1;
|
|
|
64 |
# my $MINLEVEL = 1;
|
|
|
65 |
my ($ERRMSG, $authenticated, %FORM);
|
|
|
66 |
my $sth = $dbh->prepare("select * from official where email = '?'");
|
|
|
67 |
|
|
|
68 |
my $query = new CGI;
|
|
|
69 |
$FORM{'ID'} = $query->param('id') || '';
|
|
|
70 |
$FORM{'PASS'} = $query->param('pass') || '';
|
|
|
71 |
$FORM{'SUB'} = $query->param('login') || '';
|
|
|
72 |
my $RCAUTH = $query->cookie('RCAUTH');
|
|
|
73 |
|
|
|
74 |
if ($FORM{'SUB'}) {
|
|
|
75 |
#a log in form was submited
|
|
|
76 |
if ($FORM{'SUB'} eq "Submit") {
|
|
|
77 |
$authenticated = authDB('form', $FORM{'ID'}, $FORM{'PASS'}, $MINLEVEL);
|
|
|
78 |
} elsif ($FORM{'SUB'} eq "New User") {
|
|
|
79 |
# Print the new user form and exit
|
|
|
80 |
}
|
|
|
81 |
} elsif ($RCAUTH) {
|
|
|
82 |
#We have an authenication cookie. Double-check it
|
|
|
83 |
my ($RCID, $RCPASS, $RCLVL) = split /&/, $RCAUTH;
|
|
|
84 |
$authenticated = authDB('cookie', $RCID, $RCPASS, $MINLEVEL);
|
|
|
85 |
} else {
|
|
|
86 |
$authenticated->{authenticated} = 'false';
|
|
|
87 |
}
|
|
|
88 |
|
|
|
89 |
|
|
|
90 |
if ($authenticated->{authenticated} eq 'true') {
|
|
|
91 |
return $authenticated->{cookie_string};
|
|
|
92 |
}
|
|
|
93 |
|
|
|
94 |
|
|
|
95 |
|
|
|
96 |
# If we get here, the user has failed authentication; throw up the log-in screen and die.
|
|
|
97 |
|
|
|
98 |
my $RCAUTH_cookie = CGI::Cookie->new(-name=>'RCAUTH',-value=>"",-expires=>"now");
|
|
|
99 |
|
|
|
100 |
if ($authenticated->{ERRMSG}) {
|
|
|
101 |
$authenticated->{ERRMSG} = "<TR><TD colspan=2 align=center><font color=red><b>".$authenticated->{ERRMSG}."</b></font> </TD></TR>";
|
|
|
102 |
# Log the failed access attempt
|
|
|
103 |
} else {
|
|
|
104 |
$authenticated->{ERRMSG} = "";
|
|
|
105 |
# Since there was no ERRMSG, no need to log anything.
|
|
|
106 |
}
|
|
|
107 |
|
|
|
108 |
print header(-cookie=>$RCAUTH_cookie);
|
|
|
109 |
printRCHeader("Please Sign In");
|
|
|
110 |
print<<authpage;
|
|
|
111 |
<form action="$ENV{REQUEST_URI}" method=POST name=Req id=Req>
|
|
|
112 |
<TR><TD colspan=2 align=center><b><font size=+2>Please Sign In</font>
|
|
|
113 |
|
|
|
114 |
</TD></TR>
|
|
|
115 |
<TR><TD colspan=2> </TD></TR>
|
|
|
116 |
$authenticated->{ERRMSG}
|
|
|
117 |
<TR>
|
|
|
118 |
<TD align=right><B>User ID:</TD><TD><INPUT type=text name=id></TD>
|
|
|
119 |
</TR>
|
|
|
120 |
<TR>
|
|
|
121 |
<TD align=right><B>Password:</TD><TD><INPUT type=password name=pass></TD>
|
|
|
122 |
</TR>
|
|
|
123 |
<TR><TD></TD><TD><INPUT type=submit name=login value=Submit></TD></TR>
|
|
|
124 |
<TR><TD colspan=2 align=center> </TD></TR>
|
|
|
125 |
<TR><TD colspan=2 align=center><A HREF="/schedule/manage_user.pl?submit=New%20User">[register as a new user]</A></TD></TR>
|
|
|
126 |
<TR><TD colspan=2 align=center><A HREF="/schedule/password_reset.pl">[reset your password]</A></TD></TR>
|
|
|
127 |
</TABLE>
|
|
|
128 |
</FORM>
|
|
|
129 |
|
|
|
130 |
<SCRIPT language="JavaScript">
|
|
|
131 |
<!--
|
|
|
132 |
|
|
|
133 |
function Login () {
|
|
|
134 |
document.getElementById('Req').action = "$ENV{SCRIPT_NAME}";
|
|
|
135 |
document.getElementById('Req').submit.click();
|
|
|
136 |
return true;
|
|
|
137 |
}
|
|
|
138 |
|
|
|
139 |
|
|
|
140 |
//-->
|
|
|
141 |
</SCRIPT>
|
|
|
142 |
|
|
|
143 |
authpage
|
|
|
144 |
|
|
|
145 |
#foreach (keys %ENV) {
|
|
|
146 |
# print "$_: $ENV{$_}<br>";
|
|
|
147 |
#}
|
|
|
148 |
# &JScript;
|
|
|
149 |
exit;
|
|
|
150 |
}
|
|
|
151 |
|
|
|
152 |
sub getSetting {
|
|
|
153 |
my $k = shift;
|
|
|
154 |
my $sth = $dbh->prepare("select setting.value from setting where setting.key = ?");
|
|
|
155 |
$sth->execute($k);
|
|
|
156 |
return $sth->fetchrow_hashref()->{value};
|
|
|
157 |
}
|
|
|
158 |
|
|
|
159 |
sub getUser {
|
|
|
160 |
my $EML = shift;
|
|
|
161 |
my $sth = $dbh->prepare("select * from official where email = ?");
|
|
|
162 |
$sth->execute($EML);
|
|
|
163 |
return $sth->fetchrow_hashref();
|
|
|
164 |
}
|
|
|
165 |
|
|
|
166 |
sub getUserEmail {
|
|
|
167 |
my $RCid = shift;
|
|
|
168 |
my $sth = $dbh->prepare("select email from official where RCid = ?");
|
|
|
169 |
$sth->execute($RCid);
|
|
|
170 |
my ($email) = $sth->fetchrow_array();
|
|
|
171 |
return $email;
|
|
|
172 |
}
|
|
|
173 |
|
|
|
174 |
sub getUserDerbyName {
|
|
|
175 |
my $RCid = shift;
|
|
|
176 |
my $sth = $dbh->prepare("select derby_name from official where RCid = ?");
|
|
|
177 |
$sth->execute($RCid);
|
|
|
178 |
my ($dname) = $sth->fetchrow_array();
|
|
|
179 |
return $dname;
|
|
|
180 |
}
|
|
|
181 |
|
|
|
182 |
sub getYears {
|
|
|
183 |
my $sth = $dbh->prepare("select distinct year(date) from v_shift_admin_view union select year(now())");
|
|
|
184 |
$sth->execute();
|
|
|
185 |
my @years;
|
|
|
186 |
while (my ($y) =$sth->fetchrow_array()) { push @years, $y; }
|
|
|
187 |
return \@years;
|
|
|
188 |
}
|
|
|
189 |
|
|
|
190 |
sub printRCHeader {
|
|
|
191 |
my $PAGE_TITLE = shift;
|
|
|
192 |
my $loggedinas = $ORCUSER ? "Currently logged in as: $ORCUSER->{derby_name}" : "";
|
|
|
193 |
|
|
|
194 |
print<<rcheader;
|
|
|
195 |
<html><head><title>Officials' RollerCon Schedule Manager - $PAGE_TITLE</title>
|
|
|
196 |
<link rel="stylesheet" type="text/css" href="/rollercon.css">
|
|
|
197 |
</head>
|
|
|
198 |
<body text="#000000" bgcolor="#FFFFFF" link="#0000EE" vlink="#551A8B" alink="#FF0000">
|
|
|
199 |
<TABLE>
|
|
|
200 |
<TR class="nostripe">
|
|
|
201 |
<TD align=right><img SRC="/logo.jpg"></TD>
|
|
|
202 |
<TD align=center valign=middle><b><font size=+3>Officials' RollerCon<br>Schedule Manager<br>$PAGE_TITLE</FONT></b>
|
|
|
203 |
<p align=right><font size=-2>$loggedinas <a href='index.pl' onClick="document.cookie = 'RCAUTH=; expires=Thu, 01 Jan 1970 00:00:01 GMT; path=/';return true;">[Log Out]</a></font></TD>
|
|
|
204 |
</TR>
|
|
|
205 |
|
|
|
206 |
rcheader
|
|
|
207 |
}
|
|
|
208 |
|
|
|
209 |
sub changeShift {
|
|
|
210 |
my ($change, $game_id, $role, $user_id) = @_;
|
|
|
211 |
my $countbypass = 0;
|
|
|
212 |
|
|
|
213 |
my $sth = $dbh->prepare("select type from game where id = ?");
|
|
|
214 |
$sth->execute($game_id);
|
|
|
215 |
my ($game_type) = $sth->fetchrow_array;
|
|
|
216 |
|
|
|
217 |
if (lc($user_id) ne lc($ORCUSER->{RCid})) {
|
|
|
218 |
if ($ORCUSER->{access} < 2) {
|
|
|
219 |
print "<br>Denied! You are not authorized to change someone else's schedule.<br>\n";
|
|
|
220 |
logit($ORCUSER->{RCid}, "Unauthorized attempt to change someone else's schedule. ($change, $game_id, $role, $user_id)");
|
|
|
221 |
return;
|
|
|
222 |
} else {
|
|
|
223 |
logit($ORCUSER->{RCid}, "$ORCUSER->{derby_name} changed someone else's schedule. ($change, $game_id, $role, $user_id)");
|
|
|
224 |
$countbypass = 1;
|
|
|
225 |
}
|
|
|
226 |
}
|
|
|
227 |
|
|
|
228 |
my $MAXSHIFTS = $game_type eq "clinic" ? getSetting("MAX_CLINIC_SIGNUPS") : $game_type eq "observation" ? getSetting("MAX_OBS_SIGNUPS") : getSetting("MAX_SHIFT_SIGNUP_PER_DAY");
|
|
|
229 |
# my $MAXSHIFTS = getSetting("MAX_SHIFT_SIGNUP_PER_DAY");
|
|
|
230 |
|
|
|
231 |
my $daily_count = signUpCount('get', $user_id, $game_type);
|
|
|
232 |
if ($change eq "add" and $daily_count >= $MAXSHIFTS and !$countbypass) {
|
|
|
233 |
print "<br>Denied! You may only sign up for $MAXSHIFTS $game_type shifts in one day!<br>\n";
|
|
|
234 |
return;
|
|
|
235 |
}
|
|
|
236 |
|
|
|
237 |
if ($change eq "add" and ($daily_count < $MAXSHIFTS or $countbypass)) {
|
|
|
238 |
$sth = $dbh->prepare("insert into assignment (Gid, role, RCid) values (?, ?, ?)");
|
|
|
239 |
} elsif ($change eq "del") {
|
|
|
240 |
$sth = $dbh->prepare("delete from assignment where Gid = ? and role = ? and RCid= ?");
|
|
|
241 |
}
|
|
|
242 |
print "<br>attempting to make DB changes...<br>";
|
|
|
243 |
if ($sth->execute($game_id, $role, $user_id)) {
|
|
|
244 |
$daily_count = signUpCount($change, $user_id, $game_type) unless $countbypass;
|
|
|
245 |
logit($user_id, "Shift ".ucfirst($change).": $game_id -> $role");
|
|
|
246 |
if ($game_type eq "clinic") {
|
|
|
247 |
print "Success!...<br>You've signed up for $daily_count clinic shifts (you're currently allowed to sign up for $MAXSHIFTS total).<br>\n";
|
|
|
248 |
} elsif ($game_type eq "observation") {
|
|
|
249 |
print "Success!...<br>You've signed up for $daily_count clinic observation game (you're currently allowed to sign up for $MAXSHIFTS total).<br>\n";
|
|
|
250 |
} else {
|
|
|
251 |
print "Success!...<br>You've signed up for $daily_count challenge / scrimmage shifts today (you're currently allowed to sign up for $MAXSHIFTS per day).<br>\n";
|
|
|
252 |
}
|
|
|
253 |
} else {
|
|
|
254 |
print "<br><b>You did not get the shift</b>, most likely because someone else took it while you were looking.<br>\nERROR: ", $sth->errstr();
|
|
|
255 |
}
|
|
|
256 |
}
|
|
|
257 |
|
|
|
258 |
sub signUpCount {
|
|
|
259 |
my $action = shift;
|
|
|
260 |
my $id = shift;
|
|
|
261 |
my $gtype = shift // "";
|
|
|
262 |
|
|
|
263 |
if ($gtype ne "clinic" and $gtype ne "observation" and $id eq $ORCUSER->{RCid}) {
|
|
|
264 |
if ($action eq 'add') {
|
|
|
265 |
if (signUpCount('get', $id)) {
|
|
|
266 |
$dbh->do("update sign_up_count set sign_ups = sign_ups + 1 where date = curdate() and RCid = $id");
|
|
|
267 |
} else {
|
|
|
268 |
$dbh->do("replace into sign_up_count values (curdate(), $id, 1)");
|
|
|
269 |
}
|
|
|
270 |
} elsif ($action eq 'del') {
|
|
|
271 |
if (signUpCount('get', $id)) {
|
|
|
272 |
$dbh->do("update sign_up_count set sign_ups = sign_ups - 1 where date = curdate() and RCid = $id");
|
|
|
273 |
}
|
|
|
274 |
}
|
|
|
275 |
}
|
|
|
276 |
|
|
|
277 |
my $get;
|
|
|
278 |
if ($gtype eq "clinic") {
|
|
|
279 |
$get = $dbh->prepare("select count(*) from v_shift where RCid = ? and gtype = 'clinic' and date >= '2019'");
|
|
|
280 |
} elsif ($gtype eq "observation") {
|
|
|
281 |
$get = $dbh->prepare("select count(*) from v_shift where RCid = ? and gtype = 'observation' and date >= '2019'");
|
|
|
282 |
} else {
|
|
|
283 |
$get = $dbh->prepare("select sign_ups from sign_up_count where RCid = ? and date = curdate()");
|
|
|
284 |
}
|
|
|
285 |
$get->execute($id);
|
|
|
286 |
my ($R) = $get->fetchrow_array();
|
|
|
287 |
|
|
|
288 |
return $R ? $R : '0';
|
|
|
289 |
}
|
|
|
290 |
|
|
|
291 |
sub signUpEligible {
|
|
|
292 |
my $user = shift;
|
|
|
293 |
my $t = shift;
|
|
|
294 |
|
|
|
295 |
if (findConflict($user->{RCid}, $t->{id})) { return 0; }
|
|
|
296 |
|
|
|
297 |
if (!exists $user->{sign_ups_today}) {
|
|
|
298 |
$user->{sign_ups_today} = signUpCount('get', $user->{RCid});
|
|
|
299 |
}
|
|
|
300 |
if (!exists $user->{clinic_sign_ups}) {
|
|
|
301 |
$user->{clinic_sign_ups} = signUpCount('get', $user->{RCid}, "clinic");
|
|
|
302 |
}
|
|
|
303 |
if (!exists $user->{obs_sign_ups}) {
|
|
|
304 |
$user->{obs_sign_ups} = signUpCount('get', $user->{RCid}, "observation");
|
|
|
305 |
}
|
|
|
306 |
|
|
|
307 |
if ($t->{gtype} eq "clinic") {
|
|
|
308 |
# Uncomment to open clinic games to everyone...
|
|
|
309 |
return 1;
|
|
|
310 |
#---------------------------------
|
|
|
311 |
if ($user->{clinic_pass} and $user->{clinic_sign_ups} < getSetting("MAX_CLINIC_SIGNUPS")) {
|
|
|
312 |
return 1;
|
|
|
313 |
} else {
|
|
|
314 |
return 0;
|
|
|
315 |
}
|
|
|
316 |
} elsif ($t->{gtype} eq "observation") {
|
|
|
317 |
# Uncomment to open observation games to everyone...
|
|
|
318 |
# return 1;
|
|
|
319 |
#---------------------------------
|
|
|
320 |
if ($user->{clinic_pass} and $user->{obs_sign_ups} < getSetting("MAX_OBS_SIGNUPS")) {
|
|
|
321 |
return 1;
|
|
|
322 |
} else {
|
|
|
323 |
return 0;
|
|
|
324 |
}
|
|
|
325 |
} elsif ($t->{gtype} ne "selected staffing" and $t->{gtype} ne "short track" and $user->{sign_ups_today} < getSetting("MAX_SHIFT_SIGNUP_PER_DAY")) {
|
|
|
326 |
return 1;
|
|
|
327 |
} else {
|
|
|
328 |
return 0;
|
|
|
329 |
}
|
|
|
330 |
|
|
|
331 |
}
|
|
|
332 |
|
|
|
333 |
sub findConflict {
|
|
|
334 |
my $rcid = shift;
|
|
|
335 |
my $gid = shift;
|
|
|
336 |
my $conflicts;
|
|
|
337 |
|
|
|
338 |
# Are they already signed up for this game?
|
|
|
339 |
my $sth0 = $dbh->prepare("select count(*) from v_shift where id = ? and RCid = ?");
|
|
|
340 |
$sth0->execute($gid, $rcid);
|
|
|
341 |
($conflicts) = $sth0->fetchrow_array;
|
|
|
342 |
if ($conflicts) { return 1; }
|
|
|
343 |
|
|
|
344 |
# Are they signed up for any games that would conflict with this one?
|
|
|
345 |
# my $sth = $dbh->prepare("select count(*) from v_shift where id in (select id from game where date = (select date from game where id = ?) and ((end_time > (select time from game where id = ?) and end_time < (select end_time from game where id = ?)) or (time > (select time from game where id = ?) and time < (select end_time from game where id = ?)) or (time < (select time from game where id = ?) and end_time > (select end_time from game where id = ?)))) and RCid = ?");
|
|
|
346 |
my $sth = $dbh->prepare("select count(*) from v_shift where id in (select id from game where date = (select date from game where id = ?) and ((time <= (select time from game where id = ?) and end_time > (select time from game where id = ?)) or (time > (select time from game where id = ?) and time < (select end_time from game where id = ?)))) and RCid = ?");
|
|
|
347 |
# $sth->execute($gid, $gid, $gid, $gid, $gid, $gid, $gid, $rcid);
|
|
|
348 |
$sth->execute($gid, $gid, $gid, $gid, $gid, $rcid);
|
|
|
349 |
($conflicts) = $sth->fetchrow_array;
|
|
|
350 |
|
|
|
351 |
return $conflicts;
|
|
|
352 |
}
|
|
|
353 |
|
|
|
354 |
sub changeLeadShift {
|
|
|
355 |
my ($change, $lshift, $user_id) = @_;
|
|
|
356 |
my $ERRMSG;
|
|
|
357 |
|
|
|
358 |
my $sth = $dbh->prepare("update lead_shift set assignee_id = ? where id = ?");
|
|
|
359 |
|
|
|
360 |
print "<br>attempting to make DB changes...<br>";
|
|
|
361 |
if ($change eq "add") {
|
|
|
362 |
$sth->execute($user_id, $lshift)
|
|
|
363 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
364 |
} elsif ($change eq "del") {
|
|
|
365 |
$sth->execute('', $lshift)
|
|
|
366 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
367 |
}
|
|
|
368 |
if ($ERRMSG) {
|
|
|
369 |
print $ERRMSG;
|
|
|
370 |
} else {
|
|
|
371 |
logit($user_id, "Lead Shift ".ucfirst($change).": $lshift");
|
|
|
372 |
print "Success.<br>";
|
|
|
373 |
}
|
|
|
374 |
}
|
|
|
375 |
|
|
|
376 |
sub logit {
|
|
|
377 |
my $RCid = shift;
|
|
|
378 |
my $msg = shift;
|
|
|
379 |
my $sth = $dbh->prepare("insert into log (RCid, event) values (?, ?)");
|
|
|
380 |
$sth->execute($RCid, $msg);
|
|
|
381 |
}
|
|
|
382 |
|
|
|
383 |
1;
|