| 7 |
- |
1 |
#!/usr/bin/perl
|
|
|
2 |
|
|
|
3 |
use strict;
|
|
|
4 |
use RollerCon;
|
|
|
5 |
use CGI qw/param cookie header start_html url/;
|
|
|
6 |
use Email::Valid;
|
|
|
7 |
use WebDB;
|
|
|
8 |
use HTML::Tiny;
|
|
|
9 |
our $h = HTML::Tiny->new( mode => 'html' );
|
|
|
10 |
|
|
|
11 |
my ($FORM, $cookie_string, $ERRMSG);
|
|
|
12 |
my @ERRORS;
|
|
|
13 |
my $dbh = WebDB->connect ();
|
|
|
14 |
my $depts = getDepartments (); # HashRef of the department TLAs -> Display Names...
|
|
|
15 |
my $AccessLevel = getAccessLevels;
|
|
|
16 |
my @tshirtOptions = ("", "MS", "MM", "ML", "MXL", "M2X", "M3X");
|
|
|
17 |
|
|
|
18 |
# The page's form might be submitted as a POST or a GET (or both?)
|
|
|
19 |
# The initial _view_ likely comes as a GET request (making it easier to embed in an HREF as a URL)
|
|
|
20 |
# Unpack any values sent in the GET and add them to the FORM hash
|
|
|
21 |
$FORM->{'SUB'} = param ('submit') // '';
|
|
|
22 |
$FORM->{'RCid'} = param ('RCid') // '';
|
|
|
23 |
$FORM->{referer} = param ("referer") // "";
|
|
|
24 |
if ($FORM->{'SUB'} eq '') {
|
|
|
25 |
if ($ENV{'REQUEST_URI'}) {
|
|
|
26 |
my ($g, $keep) = split /\?/, $ENV{'REQUEST_URI'};
|
|
|
27 |
if ($keep) {
|
|
|
28 |
foreach (split /&/, $keep) {
|
|
|
29 |
my ($k, $v) = split /=/;
|
|
|
30 |
$k =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
|
|
|
31 |
$v =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
|
|
|
32 |
$k eq "submit" ? $FORM->{'SUB'} = $v : $FORM->{$k} = $v;
|
|
|
33 |
}
|
|
|
34 |
}
|
|
|
35 |
}
|
|
|
36 |
}
|
|
|
37 |
|
|
|
38 |
# Keep track of the original referrer for the 'back' link/button
|
|
|
39 |
my $goback;
|
|
|
40 |
if ($FORM->{referer}) {
|
|
|
41 |
$goback = $FORM->{referer};
|
|
|
42 |
} else {
|
|
|
43 |
$goback = $ENV{HTTP_REFERER};
|
|
|
44 |
}
|
|
|
45 |
|
|
|
46 |
|
|
|
47 |
if ($FORM->{'SUB'} eq "Save") {
|
|
|
48 |
process_form ($FORM);
|
|
|
49 |
} elsif ($FORM->{'SUB'} eq "New User") {
|
|
|
50 |
display_form ("New", "New User"); # blank form
|
|
|
51 |
} elsif ($FORM->{'RCid'}) {
|
|
|
52 |
display_form ($FORM->{'RCid'}, $FORM->{'SUB'});
|
|
|
53 |
} else {
|
|
|
54 |
$cookie_string = authenticate (1);
|
|
|
55 |
my ($EM, $PWD, $AL) = split /&/, $cookie_string;
|
|
|
56 |
display_form (getUser ($EM)->{'RCid'}, "View");
|
|
|
57 |
}
|
|
|
58 |
|
|
|
59 |
|
|
|
60 |
sub process_form {
|
|
|
61 |
my $F = shift // "";
|
|
|
62 |
push @ERRORS, "Tried to save an empty form." and return unless $F;
|
|
|
63 |
|
|
|
64 |
$F->{email} = WebDB::trim param ('email') // '';
|
|
|
65 |
$F->{password} = WebDB::trim param ('password') // '';
|
|
|
66 |
$F->{derby_name} = WebDB::trim param ('derby_name') // '';
|
|
|
67 |
$F->{real_name} = WebDB::trim param ('real_name') // '';
|
|
|
68 |
$F->{pronouns} = WebDB::trim param ('pronouns') // '';
|
|
|
69 |
$F->{tshirt} = WebDB::trim param ('tshirt') // '';
|
|
|
70 |
$F->{phone} = WebDB::trim param ('phone') // '';
|
|
|
71 |
# $F->{level} = param ('level') // '';
|
|
|
72 |
# $F->{type} = param ('type') // '';
|
|
|
73 |
$F->{RCid} = param ('RCid') // '';
|
|
|
74 |
$F->{access} = param ('access') // 0;
|
|
|
75 |
# $F->{clinic_pass} = defined param ('clinic_pass') ? 1 : 0;
|
|
|
76 |
$F->{department} = join ":", map { "$_-".param ("DEPT-".$_) } map { s/^DEPT-//r } grep { param ($_) ne "" } grep { /^DEPT-/ } param ;
|
|
|
77 |
|
|
|
78 |
if ($F->{RCid} eq "New") {
|
|
|
79 |
# Saving a new User...
|
|
|
80 |
# But first let's do some error checking...0
|
|
|
81 |
if (!$F->{password}) { push @ERRORS, "Blank Password!"; }
|
|
|
82 |
if (!$F->{real_name}) { push @ERRORS, "Blank Real Name!"; }
|
|
|
83 |
if (!$F->{derby_name}) { $F->{derby_name} = $F->{real_name}; } # If they leave derby_name blank, use their real_name
|
|
|
84 |
if (checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
|
|
|
85 |
# if (!$F->{level}) { $F->{level} = "B"; } # People keep leaving level blank. Default 'em if they do.
|
|
|
86 |
# if (!$F->{type}) { $F->{type} = "official"; } # and now they left the other drop-down blank!!!
|
|
|
87 |
if (!$F->{email}) { push @ERRORS, "Blank Email (User-ID)!"; } else {
|
|
|
88 |
$F->{email} =~ s/\s+//g; # make sure people aren't accidentally including spaces
|
|
|
89 |
$F->{email} = lc $F->{email}; # sometimes people capitalize their email addresses and that's annoying...
|
|
|
90 |
if (! Email::Valid->address (-address => $F->{email}, -mxcheck => 1, -tldcheck => 1)) { push @ERRORS, "Mal-formatted (or fake) Email Address!"; $F->{email} = ""; }
|
|
|
91 |
}
|
|
|
92 |
if (checkDupes ('email', $F->{email})) { push @ERRORS, "Email Address already in use. Pick a different one."; $F->{email} = ""; }
|
|
|
93 |
|
|
|
94 |
if (scalar @ERRORS) {
|
|
|
95 |
$ERRMSG = join $h->br, @ERRORS;
|
|
|
96 |
display_form ("New", "New User", $ERRMSG);
|
|
|
97 |
return;
|
|
|
98 |
} else {
|
|
|
99 |
# We have a correctly formatted email address with a mail host record, go ahead and add the user
|
|
|
100 |
# my $sth = $dbh->prepare ("insert into official (email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
101 |
my $sth = $dbh->prepare ("insert into official (email, password, derby_name, real_name, pronouns, tshirt, phone, access, department, added) values (?, password(?), ?, ?, ?, ?, ?, ?, ?, now())");
|
|
|
102 |
|
|
|
103 |
# $sth->execute ($F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, 0, $F->{department}, 0);
|
|
|
104 |
$sth->execute ($F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, 0, $F->{department});
|
|
|
105 |
|
|
|
106 |
$sth = $dbh->prepare ("select RCid from official where email = ?");
|
|
|
107 |
$sth->execute ($F->{email});
|
|
|
108 |
($F->{RCid}) = $sth->fetchrow_array;
|
|
|
109 |
logit ($F->{RCid}, "New User Registration");
|
|
|
110 |
sendEMail ("New User", $F);
|
|
|
111 |
$cookie_string = authenticate (1);
|
|
|
112 |
}
|
|
|
113 |
} else {
|
|
|
114 |
$cookie_string = authenticate (1);
|
|
|
115 |
my ($EM, $PWD, $AL) = split /&/, $cookie_string;
|
|
|
116 |
if (lc $EM eq lc $F->{email} and $AL < 5) { # They're editing their own record (and not a sysadmin).
|
|
|
117 |
|
|
|
118 |
# Don't let users change their own clinic_pass setting...
|
|
|
119 |
# $F->{clinic_pass} = getUser($EM)->{clinic_pass};
|
|
|
120 |
my $DBDepts = getUser($EM)->{department};
|
|
|
121 |
if ($F->{department} ne $DBDepts) {
|
|
|
122 |
# They're trying to change one of their own departments.
|
|
|
123 |
my $FORMDepts = convertDepartments $F->{department};
|
|
|
124 |
$DBDepts = convertDepartments $DBDepts;
|
|
|
125 |
map { $FORMDepts->{$_} = 0 } keys %{$FORMDepts}; # the only change to a dept should be a request to be added
|
|
|
126 |
map { do { delete $DBDepts->{$_} } if $DBDepts->{$_} == 0 and !defined $FORMDepts->{$_} } keys %{$DBDepts}; # or they can retract their request
|
|
|
127 |
map { $FORMDepts->{$_} = $DBDepts->{$_} } keys %{$DBDepts}; # otherwise, keep the same depts as are in the DB
|
|
|
128 |
$F->{department} = convertDepartments $FORMDepts;
|
|
|
129 |
}
|
|
|
130 |
|
|
|
131 |
if ($F->{password}) { # They've possibly included an updated password.
|
|
|
132 |
# my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
133 |
# $sth->execute ($F->{RCid}, $EM, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
|
|
|
134 |
my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, access, department, added, last_login) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
135 |
$sth->execute ($F->{RCid}, $EM, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{access}, $F->{department}, getUser($EM)->{added}, getUser($EM)->{last_login})
|
|
|
136 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
137 |
} else { # No password was included, just keep the existing one.
|
|
|
138 |
# my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
139 |
# $sth->execute($F->{RCid}, $EM, $PWD, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
|
|
|
140 |
my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, access, department, added, last_login) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
141 |
$sth->execute($F->{RCid}, $EM, $PWD, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{access}, $F->{department}, getUser($EM)->{added}, getUser($EM)->{last_login})
|
|
|
142 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
143 |
}
|
|
|
144 |
|
|
|
145 |
if ($ERRMSG) {
|
|
|
146 |
logit ($F->{RCid}, "DB ERROR: Updating Self Details: $ERRMSG");
|
|
|
147 |
} else {
|
|
|
148 |
logit ($F->{RCid}, "Updated User Details");
|
|
|
149 |
}
|
|
|
150 |
} elsif ($AL > 1) { # A lead or higher is updating someone else's record
|
|
|
151 |
if ($FORM->{password}) {
|
|
|
152 |
# my $sth = $dbh->prepare ("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
153 |
# $sth->execute ($F->{RCid}, $F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
|
|
|
154 |
my $sth = $dbh->prepare ("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, access, department, added, last_login) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
155 |
$sth->execute ($F->{RCid}, $F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{access}, $F->{department}, getUser($F->{email})->{added}, getUser($F->{email})->{last_login})
|
|
|
156 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
157 |
} else {
|
|
|
158 |
# my $sth = $dbh->prepare ("update official set email = ?, derby_name = ?, real_name = ?, phone = ?, level = ?, type = ?, access = ?, department = ?, clinic_pass = ? where RCid = ?");
|
|
|
159 |
# $sth->execute ($F->{email}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass}, $F->{RCid})
|
|
|
160 |
my $sth = $dbh->prepare ("update official set email = ?, derby_name = ?, real_name = ?, pronouns = ?, tshirt = ?, phone = ?, access = ?, department = ? where RCid = ?");
|
|
|
161 |
$sth->execute ($F->{email}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{access}, $F->{department}, $F->{RCid})
|
|
|
162 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
163 |
}
|
|
|
164 |
if ($ERRMSG) {
|
|
|
165 |
logit ($F->{RCid}, "DB ERROR: Updating Someone Else: $ERRMSG");
|
|
|
166 |
} else {
|
|
|
167 |
logit ($F->{RCid}, "Updated User Details (by ".getUser($EM)->{derby_name}.")");
|
|
|
168 |
logit (getUser($EM)->{RCid}, "Updated User Details: ".$F->{derby_name}." (".$F->{RCid}.")");
|
|
|
169 |
}
|
|
|
170 |
} else {
|
|
|
171 |
$ERRMSG = "Attempting to update someone else's record, and you don't have permission to do that.";
|
|
|
172 |
logit ($F->{RCid}, "FAIL: $EM doesn't have access to update $FORM->{email}'s record");
|
|
|
173 |
}
|
|
|
174 |
}
|
|
|
175 |
$F->{password} = "*******";
|
|
|
176 |
$F->{buttons} = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{RCid} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
|
|
|
177 |
# my $checked = $F->{clinic_pass} ? "checked" : "";
|
|
|
178 |
# $F->{clinic_pass} = "<INPUT type='checkbox' name='clinic_pass' $checked disabled readonly>";
|
|
|
179 |
$F->{department} = convertDepartments ($F->{department});
|
|
|
180 |
|
|
|
181 |
display_form ($F->{RCid}, "View");
|
|
|
182 |
}
|
|
|
183 |
|
|
|
184 |
sub display_form {
|
|
|
185 |
my $RCID = shift // "";
|
|
|
186 |
my $view = shift; # // "New User";
|
|
|
187 |
my $errors = shift // "";
|
|
|
188 |
my $F;
|
|
|
189 |
|
|
|
190 |
if ($view eq 'Edit') {
|
|
|
191 |
$cookie_string = authenticate (1);
|
|
|
192 |
my ($EM, $PWD, $AL) = split /&/, $cookie_string;
|
|
|
193 |
$F = getUser ($RCID);
|
|
|
194 |
my $currentuser = getUser ($EM);
|
|
|
195 |
# $currentuser->{department} = convertDepartments ($currentuser->{department});
|
|
|
196 |
|
|
|
197 |
# if (lc $EM eq lc $F->{email} or $AL > 1) {
|
|
|
198 |
if (canView ($currentuser, $F)) {
|
|
|
199 |
# Editing your own record OR you're a lead/higher
|
|
|
200 |
if (lc $EM eq lc $F->{email} or $currentuser->{access} < $F->{access}) {
|
|
|
201 |
# If you're editing your own record, or someone who has higher access than you, make access level read-only
|
|
|
202 |
$F->{access} = $h->input ({ type=>"hidden", name=>"access", value=>$F->{access} }).$AccessLevel->{$F->{access}};
|
|
|
203 |
} else {
|
|
|
204 |
$F->{access} = $h->select ({ name=>"access" }, [map { $F->{access} == $_ ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (-1..$currentuser->{access})]);
|
|
|
205 |
}
|
|
|
206 |
# my $checked = $F->{clinic_pass} ? "checked" : "";
|
|
|
207 |
# if ($currentuser->{access} > 2) {
|
|
|
208 |
# $F->{clinic_pass} = "<INPUT type='checkbox' name='clinic_pass' value=$F->{clinic_pass} $checked>";
|
|
|
209 |
# } else {
|
|
|
210 |
# $F->{clinic_pass} = "<INPUT type='checkbox' name='clinic_pass' $checked disabled readonly>";
|
|
|
211 |
# }
|
|
|
212 |
# $F->{email} = $h->input ({ type=>"text", name=>"email", value=>$F->{email}, readonly=>[] });
|
|
|
213 |
$F->{email} = $F->{email}.$h->input ({ type=>"hidden", name=>"email", value=>$F->{email} });
|
|
|
214 |
if ($currentuser->{RCid} eq $F->{RCid} or $currentuser->{access} > 4) {
|
|
|
215 |
$F->{password} = $h->input ({ type=>"password", name=>"password" });
|
|
|
216 |
$F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
|
|
|
217 |
$F->{real_name} = $h->input ({ type=>"text", name=>"real_name", value=>$F->{real_name} });
|
|
|
218 |
$F->{pronouns} = $h->input ({ type=>"text", name=>"pronouns", value=>$F->{pronouns} });
|
|
|
219 |
$F->{tshirt} = $h->select ({ name=>"tshirt" }, [map { $F->{tshirt} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } @tshirtOptions] );
|
|
|
220 |
$F->{phone} = $h->input ({ type=>"text", name=>"phone", value=>$F->{phone} });
|
|
|
221 |
} else {
|
|
|
222 |
$F->{password} = '*******';
|
|
|
223 |
}
|
|
|
224 |
# $F->{level} = "<SELECT NAME=level>".selectOptions ($F->{level}, [qw(AA A B C)])."</SELECT>";
|
|
|
225 |
# $F->{type} = "<SELECT NAME=type>".selectOptions ($F->{type}, [qw(official nso referee)])."</SELECT>";
|
|
|
226 |
$F->{RCid} = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{RCid} })."$F->{RCid} ";
|
|
|
227 |
$F->{buttons} = join " ", $h->input ({ type=>"submit", name=>"submit", value=>"Save" }), $h->input ({ type=>"reset", value=>"Reset" }), $h->input ({ type=>"submit", name=>"submit", value=>"Cancel" });
|
|
|
228 |
|
|
|
229 |
$F->{department} = convertDepartments ($F->{department});
|
|
|
230 |
$currentuser->{department} = convertDepartments ($currentuser->{department});
|
|
|
231 |
foreach my $k (keys %{$depts}) {
|
|
|
232 |
if ($currentuser->{access} > 4) {
|
|
|
233 |
# SysAdmin can change anyone's department level
|
|
|
234 |
$F->{department}->{$k} = $h->select ({ name=>"DEPT-".$k }, [ $h->option ({ value=>"" }, ""), map { $_ eq $F->{department}->{$k} ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (0..4) ]);
|
|
|
235 |
} elsif ($currentuser->{department}->{$k} > 1 and $currentuser->{department}->{$k} > $F->{department}->{$k}) {
|
|
|
236 |
# Department Leads and above can change someone's level within the dept (up to their own level -1)
|
|
|
237 |
$F->{department}->{$k} = $h->select ({ name=>"DEPT-".$k }, [ $h->option ({ value=>"" }, ""), map { $_ eq $F->{department}->{$k} ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (0..$currentuser->{department}->{$k}-1) ]);
|
|
|
238 |
} else {
|
|
|
239 |
# Or it's your own record, you can still submit a request to be added to the dept.
|
|
|
240 |
if (!defined $F->{department}->{$k}) {
|
|
|
241 |
$F->{department}->{$k} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"DEPT-$k", value=>0 }), $h->span ({ class=>"slider round" })]);
|
|
|
242 |
} elsif ($F->{department}->{$k} == 0) {
|
|
|
243 |
$F->{department}->{$k} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"DEPT-$k", value=>0, checked=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
244 |
}
|
|
|
245 |
}
|
|
|
246 |
}
|
|
|
247 |
} else {
|
|
|
248 |
$ERRMSG = "Attempting to update someone else's record, and you don't have permission to do that.";
|
|
|
249 |
}
|
|
|
250 |
|
|
|
251 |
} elsif ($view eq 'New User') {
|
|
|
252 |
# Skip authentication
|
|
|
253 |
$F->{email} = $h->input ({ type=>"text", name=>"email", value=>$F->{email} });
|
|
|
254 |
$F->{password} = $h->input ({ type=>"password", name=>"password" });
|
|
|
255 |
$F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
|
|
|
256 |
$F->{real_name} = $h->input ({ type=>"text", name=>"real_name", value=>$F->{real_name} });
|
|
|
257 |
$F->{pronouns} = $h->input ({ type=>"text", name=>"pronouns", value=>$F->{pronouns} });
|
|
|
258 |
$F->{tshirt} = $h->select ({ name=>"tshirt" }, [map { $F->{tshirt} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } @tshirtOptions] );
|
|
|
259 |
$F->{phone} = $h->input ({ type=>"text", name=>"phone", value=>$F->{phone} });
|
|
|
260 |
# $F->{level} = "<SELECT NAME=level>".selectOptions ($F->{level}, ["", qw(AA A B C)])."</SELECT>";
|
|
|
261 |
# $F->{type} = "<SELECT NAME=type>".selectOptions ($F->{type}, ["", qw(official nso referee)])."</SELECT>";
|
|
|
262 |
$F->{RCid} = $h->input ({ type=>"hidden", name=>"RCid", value=>"New" })."TBD ";
|
|
|
263 |
$F->{access} = $h->input ({ type=>"hidden", name=>"access", value=>0 })."0";
|
|
|
264 |
# $F->{clinic_pass} = "<INPUT type='checkbox' name='clinic_pass' disabled readonly>";
|
|
|
265 |
foreach (keys %{$depts}) {
|
|
|
266 |
if (defined param ("DEPT-$_")) {
|
|
|
267 |
$F->{department}->{$_} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"DEPT-$_", value=>0, checked=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
268 |
} else {
|
|
|
269 |
$F->{department}->{$_} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"DEPT-$_", value=>0 }), $h->span ({ class=>"slider round" })]);
|
|
|
270 |
}
|
|
|
271 |
}
|
|
|
272 |
$F->{buttons} = $h->input ({ type=>"submit", name=>"submit", value=>"Save" })." ".$h->input ({ type=>"reset", value=>"Reset" })." ".$h->input ({ type=>"submit", name=>"submit", value=>"Cancel" });
|
|
|
273 |
$cookie_string = '';
|
|
|
274 |
} elsif ($view eq 'View' or $view eq 'Cancel' or !$view) {
|
|
|
275 |
$cookie_string = authenticate (1);
|
|
|
276 |
my ($EM, $PWD, $AL) = split /&/, $cookie_string;
|
|
|
277 |
|
|
|
278 |
if (!$view) {
|
|
|
279 |
$F->{'RCid'} = getUser ($EM)->{'RCid'};
|
|
|
280 |
}
|
|
|
281 |
|
|
|
282 |
# Check to make sure they're only looking up their own ID unless they're a lead or higher
|
|
|
283 |
my $currentuser = getUser ($EM);
|
|
|
284 |
my $targetuser = getUser ($RCID);
|
|
|
285 |
|
|
|
286 |
if (canView ($currentuser, $targetuser)) {
|
|
|
287 |
$F = $targetuser;
|
|
|
288 |
$F->{department} = convertDepartments ($F->{department});
|
|
|
289 |
$F->{access} = $AccessLevel->{$F->{access}};
|
|
|
290 |
$F->{'password'} = "*******";
|
|
|
291 |
$F->{buttons} = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{'RCid'} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
|
|
|
292 |
# my $checked = $F->{clinic_pass} ? "checked" : "";
|
|
|
293 |
# $F->{clinic_pass} = "<INPUT type='checkbox' name='clinic_pass' value=$F->{clinic_pass} $checked disabled readonly>";
|
|
|
294 |
} else {
|
|
|
295 |
logit ($currentuser->{RCid}, "SECURITY: $currentuser->{derby_name} attempted to view another user's ($RCID) info");
|
|
|
296 |
$errors = "Unauthorized attempt to view another user. This has been logged.";
|
|
|
297 |
$F->{email} = " ";
|
|
|
298 |
$F->{password} = " ";
|
|
|
299 |
$F->{derby_name} = " ";
|
|
|
300 |
$F->{real_name} = " ";
|
|
|
301 |
$F->{pronouns} = " ";
|
|
|
302 |
$F->{tshirt} = " ";
|
|
|
303 |
$F->{phone} = " ";
|
|
|
304 |
# $F->{level} = " ";
|
|
|
305 |
# $F->{type} = " ";
|
|
|
306 |
$F->{RCid} = " ";
|
|
|
307 |
$F->{access} = " ";
|
|
|
308 |
# $F->{clinic_pass} = " ";
|
|
|
309 |
$F->{buttons} = " ";
|
|
|
310 |
}
|
|
|
311 |
|
|
|
312 |
# if (lc $EM eq lc $F->{email} or $AL > 1) {
|
|
|
313 |
# $F->{buttons} = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{'RCid'} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
|
|
|
314 |
# } else {
|
|
|
315 |
# $F->{buttons} = "";
|
|
|
316 |
# }
|
|
|
317 |
} #else {
|
|
|
318 |
# $cookie_string = authenticate(1);
|
|
|
319 |
# $FORM->{email} = " ";
|
|
|
320 |
# $FORM->{password} = " ";
|
|
|
321 |
# $FORM->{derby_name} = " ";
|
|
|
322 |
# $FORM->{real_name} = " ";
|
|
|
323 |
# $FORM->{phone} = " ";
|
|
|
324 |
# $FORM->{level} = " ";
|
|
|
325 |
# $FORM->{type} = " ";
|
|
|
326 |
# $FORM->{RCid} = " ";
|
|
|
327 |
# $FORM->{access} = " ";
|
|
|
328 |
# $FORM->{clinic_pass} = " ";
|
|
|
329 |
# $FORM->{buttons} = " ";
|
|
|
330 |
#}
|
|
|
331 |
|
|
|
332 |
#---------------START THE HTML--------------------
|
|
|
333 |
|
|
|
334 |
my $RCAUTH_cookie = cookie (-name=>'RCAUTH',-value=>"$cookie_string",-expires=>"+30m");
|
|
|
335 |
|
|
|
336 |
print header (-cookie=>$RCAUTH_cookie);
|
|
|
337 |
|
|
|
338 |
#foreach (keys %ENV) {
|
|
|
339 |
# print "$_: $ENV{$_}\n<br>";
|
|
|
340 |
#}
|
|
|
341 |
|
|
|
342 |
if ($errors) {
|
|
|
343 |
$errors = $h->div ({ class=>"error" }, $errors);
|
|
|
344 |
} else {
|
|
|
345 |
$errors = "";
|
|
|
346 |
}
|
|
|
347 |
|
|
|
348 |
my @printDepartments = ( $h->div ({ class=>"rTableRow shaded" }, $h->div ({ class=>"rTableCellr" }, "Department Access Levels")) );
|
|
|
349 |
foreach (sort grep { !/^PER$/ } keys %{$F->{department}}) {
|
|
|
350 |
push @printDepartments, $h->div ({ class=>"rTableRow" }, [
|
|
|
351 |
$h->div ({ class=>"rTableCellr" }, $depts->{$_}.":", $F->{department}->{$_} =~ /^\d$/ ? $AccessLevel->{$F->{department}->{$_}} : $F->{department}->{$_}),
|
|
|
352 |
]);
|
|
|
353 |
}
|
|
|
354 |
|
|
|
355 |
printRCHeader ("User Manager");
|
|
|
356 |
|
|
|
357 |
print $errors;
|
|
|
358 |
print $h->form ({ action=>url, method=>'POST', name=>'Req' },[
|
|
|
359 |
$h->input ({ type=>"hidden", name=>"referer", value=>$goback }),
|
|
|
360 |
|
|
|
361 |
$h->div ({ class=>"rTable" },[
|
|
|
362 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCell" }, " ") ]),
|
|
|
363 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "User-ID / Email Address: ", $F->{email}) ]),
|
|
|
364 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "Password: ", $F->{password}) ]),
|
|
|
365 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "Derby Name: ", $F->{derby_name}) ]),
|
|
|
366 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "Real Name: ", $F->{real_name}) ]),
|
|
|
367 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "Pronouns: ", $F->{pronouns}) ]),
|
|
|
368 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "TShirt Size: ", $F->{tshirt}) ]),
|
|
|
369 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "Phone: ", $F->{phone}) ]),
|
|
|
370 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "Database ID: ", $F->{RCid}) ]),
|
|
|
371 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "User Added: ", $F->{added}) ]),
|
|
|
372 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "Last Login: ", $F->{last_login}) ]),
|
|
|
373 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, "vORC Access Level: ", $F->{access}) ]),
|
|
|
374 |
@printDepartments,
|
|
|
375 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCell" }, " ") ]),
|
|
|
376 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, $h->a ({ href=>"/schedule/index.pl" }, "[go home]")." ".$h->a ({ href=>$goback }, "[go back]"), $F->{buttons}) ])
|
|
|
377 |
])
|
|
|
378 |
]); # print $h->close('form');
|
|
|
379 |
print $h->div (["Schedule:", getSchedule ($RCID)]) unless !$RCID;
|
|
|
380 |
print $h->div (["Recent Activity:", getLog ($RCID)]) unless !$RCID;
|
|
|
381 |
print $h->close ('html');
|
|
|
382 |
}
|
|
|
383 |
|
|
|
384 |
#sub selectOptions {
|
|
|
385 |
# my $selectedOption = shift;
|
|
|
386 |
# my $options = shift;
|
|
|
387 |
# return join " ", map { $selectedOption eq $_ ?
|
|
|
388 |
# $h->option ({ value=>$_, selected=>[] }, $_) :
|
|
|
389 |
# $h->option ({ value=>$_ }, $_)
|
|
|
390 |
# } @$options;
|
|
|
391 |
#}
|
|
|
392 |
|
|
|
393 |
sub sendEMail {
|
|
|
394 |
my $context = shift;
|
|
|
395 |
my $data = shift;
|
|
|
396 |
use RCMailer;
|
|
|
397 |
|
|
|
398 |
my $email = $data->{email};
|
|
|
399 |
my $subject = 'Officiating RollerCon Schedule Manager - New User Request';
|
|
|
400 |
my $body = "Greetings,
|
|
|
401 |
|
|
|
402 |
It appears as though you've registered a new account to Officiate at RollerCon with the following information:
|
|
|
403 |
|
|
|
404 |
Derby Name: $data->{derby_name}
|
|
|
405 |
Real Name: $data->{real_name}
|
|
|
406 |
Pronouns: $data->{pronouns}
|
|
|
407 |
TShirt Size: $data->{tshirt}
|
|
|
408 |
Email Address: $data->{email}
|
|
|
409 |
Phone: $data->{phone}
|
|
|
410 |
|
|
|
411 |
Please be patient while our Admins are reviewing your account request. Each user is manually approved to help ensure robots, spiders, and shift hoggers don't get in.
|
|
|
412 |
|
|
|
413 |
YOU WILL NOT BE ABLE TO LOG IN UNTIL YOU RECEIVE ANOTHER EMAIL STATING YOUR ACCOUNT REQUEST HAS BEEN APPROVED!
|
|
|
414 |
|
|
|
415 |
Once approved, you'll be able to log in and view the schedule and sign up for shifts. Please be considerate of others and don't hogger all of the shifts. If you do, we will find you and randomly drop your shifts.
|
|
|
416 |
|
|
|
417 |
http://officials.rollercon.com/schedule/
|
|
|
418 |
|
|
|
419 |
If you didn't make this request, well, you're still the only one who received this email, and you now have an account request. You should probably let us know that someone is messing with you.
|
|
|
420 |
|
|
|
421 |
-RollerCon Officiating Management
|
|
|
422 |
";
|
|
|
423 |
# send the message
|
|
|
424 |
EmailUser ($email, $subject, $body);
|
|
|
425 |
|
|
|
426 |
}
|
|
|
427 |
|
|
|
428 |
sub checkDupes {
|
|
|
429 |
my $field = shift;
|
|
|
430 |
my $nametocheck = shift;
|
|
|
431 |
my $han = $dbh->prepare("select RCid from official where $field = ?");
|
|
|
432 |
$han->execute($nametocheck);
|
|
|
433 |
my ($rcid) = $han->fetchrow();
|
|
|
434 |
return $rcid;
|
|
|
435 |
}
|
|
|
436 |
|
|
|
437 |
sub canView {
|
|
|
438 |
my $A = shift // "";
|
|
|
439 |
my $B = shift // "";
|
|
|
440 |
# Is A a lead or higher of one of B's Depts? (or they're looking at themselves)
|
|
|
441 |
# parameters should be a Hashref to the users' details
|
|
|
442 |
|
|
|
443 |
return 1 if $A->{access} > 4 or $A->{RCid} == $B->{RCid}; # viewer and target are the same person or it's a SysAdmin.
|
|
|
444 |
|
|
|
445 |
my $ADept = convertDepartments $A->{department};
|
|
|
446 |
my $BDept = convertDepartments $B->{department};
|
|
|
447 |
|
|
|
448 |
foreach (keys %{$BDept}) {
|
|
|
449 |
if ($ADept->{$_} > 1) { # A is a Lead or higher of one of B's departments
|
|
|
450 |
return 1;
|
|
|
451 |
}
|
|
|
452 |
}
|
|
|
453 |
|
|
|
454 |
return 0;
|
|
|
455 |
}
|
|
|
456 |
|
|
|
457 |
sub getLog {
|
|
|
458 |
my $RCID = shift;
|
|
|
459 |
|
|
|
460 |
my @activity_log;
|
|
|
461 |
my $alog = $dbh->prepare("select timestamp, event from v_log where RCid = ? limit 10");
|
|
|
462 |
$alog->execute($RCID);
|
|
|
463 |
while (my @logs = $alog->fetchrow_array) {
|
|
|
464 |
push @activity_log, $h->li ({ class=>"shaded" }, join " ", @logs);
|
|
|
465 |
}
|
|
|
466 |
|
|
|
467 |
return $h->ul ([@activity_log]).$h->h5 ($h->a ({ href=>"log.pl?filter-RCid=".$RCID }, "[Entire log history]"));
|
|
|
468 |
}
|