| 56 |
bgadell |
1 |
#!/usr/bin/perl
|
|
|
2 |
|
|
|
3 |
# Redirect error messages to a log of my choosing. (it's annoying to filter for errors in the shared env)
|
|
|
4 |
my $error_log_path = $ENV{SERVER_NAME} eq "volunteers.rollercon.com" ? "/home3/rollerco/logs/" : "/tmp/";
|
|
|
5 |
close STDERR;
|
|
|
6 |
open STDERR, '>>', $error_log_path.'vorc_error.log' or warn "Failed to open redirected logfile ($0): $!";
|
|
|
7 |
#warn "Redirecting errors to ${error_log_path}vorc_error.log";
|
|
|
8 |
|
|
|
9 |
use strict;
|
|
|
10 |
use cPanelUserConfig;
|
|
|
11 |
use RollerCon;
|
|
|
12 |
use CGI qw/param cookie header start_html url/;
|
|
|
13 |
use Email::Valid;
|
|
|
14 |
use WebDB;
|
|
|
15 |
use HTML::Tiny;
|
|
|
16 |
our $h = HTML::Tiny->new( mode => 'html' );
|
|
|
17 |
|
|
|
18 |
my ($FORM, $cookie_string, $ERRMSG);
|
|
|
19 |
my @ERRORS;
|
|
|
20 |
my $dbh = getRCDBH;
|
|
|
21 |
#my $dbh = WebDB->connect ();
|
|
|
22 |
my $depts = getDepartments (); # HashRef of the department TLAs -> Display Names...
|
|
|
23 |
my $deptDesc = getDepartmentDescriptions ();
|
|
|
24 |
my $deptLink = getDepartmentLinks ();
|
|
|
25 |
my $AccessLevel = getAccessLevels;
|
|
|
26 |
my @tshirtOptions = ("", "MS", "MM", "ML", "MXL", "M2X", "M3X");
|
|
|
27 |
|
|
|
28 |
# The page's form might be submitted as a POST or a GET (or both?)
|
|
|
29 |
# The initial _view_ likely comes as a GET request (making it easier to embed in an HREF as a URL)
|
|
|
30 |
# Unpack any values sent in the GET and add them to the FORM hash
|
|
|
31 |
$FORM->{'SUB'} = param ('submit') // '';
|
|
|
32 |
$FORM->{'RCid'} = param ('RCid') // '';
|
|
|
33 |
$FORM->{referer} = param ("referer") // "";
|
|
|
34 |
if ($FORM->{'SUB'} eq '') {
|
|
|
35 |
if ($ENV{'REQUEST_URI'}) {
|
|
|
36 |
my ($g, $keep) = split /\?/, $ENV{'REQUEST_URI'};
|
|
|
37 |
if ($keep) {
|
|
|
38 |
foreach (split /&/, $keep) {
|
|
|
39 |
my ($k, $v) = split /=/;
|
|
|
40 |
$k =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
|
|
|
41 |
$v =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
|
|
|
42 |
$k eq "submit" ? $FORM->{'SUB'} = $v : $FORM->{$k} = $v;
|
|
|
43 |
}
|
|
|
44 |
}
|
|
|
45 |
}
|
|
|
46 |
}
|
|
|
47 |
|
|
|
48 |
# Keep track of the original referrer for the 'back' link/button
|
|
|
49 |
my $goback;
|
|
|
50 |
if ($FORM->{referer}) {
|
|
|
51 |
$goback = $FORM->{referer};
|
|
|
52 |
} else {
|
|
|
53 |
$goback = $ENV{HTTP_REFERER};
|
|
|
54 |
}
|
|
|
55 |
|
|
|
56 |
|
|
|
57 |
if ($FORM->{'SUB'} eq "Save") {
|
|
|
58 |
process_form ($FORM);
|
|
|
59 |
} elsif ($FORM->{'SUB'} eq "New User") {
|
|
|
60 |
display_form ("New", "New User"); # blank form
|
|
|
61 |
} elsif ($FORM->{'RCid'}) {
|
|
|
62 |
display_form ($FORM->{'RCid'}, $FORM->{'SUB'});
|
|
|
63 |
} else {
|
|
|
64 |
$cookie_string = authenticate (1);
|
|
|
65 |
my ($EM, $PWD, $AL) = split /&/, $cookie_string;
|
|
|
66 |
display_form (getUser ($EM)->{'RCid'}, "View");
|
|
|
67 |
}
|
|
|
68 |
|
|
|
69 |
|
|
|
70 |
sub process_form {
|
|
|
71 |
my $F = shift // "";
|
|
|
72 |
push @ERRORS, "Tried to save an empty form." and return unless $F;
|
|
|
73 |
|
|
|
74 |
$F->{email} = lc WebDB::trim param ('email') // '';
|
|
|
75 |
$F->{password} = WebDB::trim param ('password') // '';
|
|
|
76 |
$F->{derby_name} = WebDB::trim param ('derby_name') // '';
|
|
|
77 |
$F->{real_name} = WebDB::trim param ('real_name') // '';
|
|
|
78 |
$F->{pronouns} = WebDB::trim param ('pronouns') // '';
|
|
|
79 |
$F->{tshirt} = WebDB::trim param ('tshirt') // '';
|
|
|
80 |
$F->{phone} = WebDB::trim param ('phone') // '';
|
|
|
81 |
$F->{timeformat} = WebDB::trim param ('timeformat') // '24hr';
|
|
|
82 |
# $F->{level} = param ('level') // '';
|
|
|
83 |
# $F->{type} = param ('type') // '';
|
|
|
84 |
$F->{RCid} = param ('RCid') // '';
|
|
|
85 |
$F->{access} = param ('access') // 0;
|
| 58 |
bgadell |
86 |
# $F->{mvp_pass} = defined param ('mvp_pass') ? 1 : 0;
|
| 56 |
bgadell |
87 |
$F->{department} = join ":", map { "$_-".param ("DEPT-".$_) } map { s/^DEPT-//; $_ } grep { param ($_) ne "" } grep { /^DEPT-/ } param ;
|
| 62 |
bgadell |
88 |
my @AUTODEPTS = map { $_->[0] } @{$dbh->selectall_arrayref ("select TLA from department where autoapprove = true")};
|
| 56 |
bgadell |
89 |
|
|
|
90 |
if ($F->{RCid} eq "New") {
|
|
|
91 |
# Saving a new User...
|
|
|
92 |
# But first let's do some error checking...0
|
|
|
93 |
if (!$F->{password}) { push @ERRORS, "Blank Password!"; }
|
| 58 |
bgadell |
94 |
if (!$F->{real_name}) { push @ERRORS, "Blank Full Name!"; }
|
| 56 |
bgadell |
95 |
if (!$F->{derby_name}) { $F->{derby_name} = $F->{real_name}; } # If they leave derby_name blank, use their real_name
|
|
|
96 |
if (checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
|
|
|
97 |
# if (!$F->{level}) { $F->{level} = "B"; } # People keep leaving level blank. Default 'em if they do.
|
|
|
98 |
# if (!$F->{type}) { $F->{type} = "official"; } # and now they left the other drop-down blank!!!
|
|
|
99 |
if (!$F->{email}) { push @ERRORS, "Blank Email (User-ID)!"; } else {
|
|
|
100 |
$F->{email} =~ s/\s+//g; # make sure people aren't accidentally including spaces
|
|
|
101 |
$F->{email} = lc $F->{email}; # sometimes people capitalize their email addresses and that's annoying...
|
|
|
102 |
if (! Email::Valid->address (-address => $F->{email}, -mxcheck => 1, -tldcheck => 1)) { push @ERRORS, "Mal-formatted (or fake) Email Address!"; $F->{email} = ""; }
|
|
|
103 |
}
|
|
|
104 |
if (checkDupes ('email', $F->{email})) { push @ERRORS, "Email Address already in use. Pick a different one."; $F->{email} = ""; }
|
|
|
105 |
# if (!$F->{department}) { push @ERRORS, "You need to request at least one Department!"; }
|
|
|
106 |
|
|
|
107 |
if (scalar @ERRORS) {
|
|
|
108 |
$ERRMSG = join $h->br, @ERRORS;
|
|
|
109 |
display_form ("New", "New User", $ERRMSG, $F);
|
|
|
110 |
return;
|
|
|
111 |
} else {
|
|
|
112 |
# We have a correctly formatted email address with a mail host record, go ahead and add the user
|
|
|
113 |
|
|
|
114 |
# Check to see if any of the departments they've requested are set to autoapprove.
|
|
|
115 |
$F->{department} = convertDepartments $F->{department};
|
|
|
116 |
use tableViewer;
|
|
|
117 |
map { $F->{department}->{$_} = inArray ($_, \@AUTODEPTS) } keys %{$F->{department}};
|
|
|
118 |
$F->{department} = convertDepartments $F->{department};
|
|
|
119 |
|
|
|
120 |
# my $sth = $dbh->prepare ("insert into official (email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
121 |
my $sth = $dbh->prepare ("insert into official (email, password, derby_name, real_name, pronouns, tshirt, phone, timeformat, access, department, added, activation) values (?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, CONVERT_TZ(now(), 'America/Chicago', 'America/Los_Angeles'), md5(rand()))");
|
|
|
122 |
|
|
|
123 |
# $sth->execute ($F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, 0, $F->{department}, 0);
|
|
|
124 |
$sth->execute ($F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{timeformat}, 0, $F->{department});
|
|
|
125 |
|
|
|
126 |
$sth = $dbh->prepare ("select RCid, activation from official where email = ?");
|
|
|
127 |
$sth->execute ($F->{email});
|
|
|
128 |
($F->{RCid}, $F->{activation}) = $sth->fetchrow_array;
|
|
|
129 |
logit ($F->{RCid}, "New User Registration");
|
|
|
130 |
sendNewUserEMail ("New User", $F);
|
|
|
131 |
$cookie_string = authenticate (1);
|
|
|
132 |
}
|
|
|
133 |
} else {
|
|
|
134 |
$cookie_string = authenticate (1);
|
|
|
135 |
my ($EM, $PWD, $AL) = split /&/, $cookie_string;
|
|
|
136 |
if (lc $EM eq lc $F->{email} and $AL < 5) { # They're editing their own record (and not a sysadmin).
|
|
|
137 |
|
|
|
138 |
# Don't let users change their own mvp_pass setting...
|
| 58 |
bgadell |
139 |
# $F->{mvp_pass} = getUser($EM)->{mvp_pass};
|
| 56 |
bgadell |
140 |
my $DBDepts = getUser($EM)->{department};
|
|
|
141 |
if ($F->{department} ne $DBDepts) {
|
|
|
142 |
# They're trying to change one of their own departments.
|
|
|
143 |
my $FORMDepts = convertDepartments $F->{department};
|
|
|
144 |
$DBDepts = convertDepartments $DBDepts;
|
|
|
145 |
# the only change to a dept should be a request to be added, some depts are auto-approved.
|
|
|
146 |
use tableViewer;
|
|
|
147 |
map { $FORMDepts->{$_} = inArray ($_, \@AUTODEPTS) } keys %{$FORMDepts};
|
|
|
148 |
# or they can retract their request
|
|
|
149 |
map { do { delete $DBDepts->{$_} } if $DBDepts->{$_} == 0 and !defined $FORMDepts->{$_} } keys %{$DBDepts};
|
|
|
150 |
# otherwise, keep the same depts as are in the DB (or have been auto-approved...)
|
|
|
151 |
map { $FORMDepts->{$_} = max ($DBDepts->{$_}, $FORMDepts->{$_}) } keys %{$DBDepts};
|
|
|
152 |
$F->{department} = convertDepartments $FORMDepts;
|
|
|
153 |
}
|
|
|
154 |
|
|
|
155 |
if ($F->{password}) { # They've possibly included an updated password.
|
|
|
156 |
# my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
157 |
# $sth->execute ($F->{RCid}, $EM, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
|
| 62 |
bgadell |
158 |
my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, activation, timeformat, access, department, added, last_login) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
| 58 |
bgadell |
159 |
$sth->execute ($F->{RCid}, lc $EM, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, getUser($EM)->{activation}, $F->{timeformat}, $F->{access}, $F->{department}, getUser($EM)->{added}, getUser($EM)->{last_login})
|
| 56 |
bgadell |
160 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
161 |
} else { # No password was included, just keep the existing one.
|
|
|
162 |
# my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
163 |
# $sth->execute($F->{RCid}, $EM, $PWD, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
|
| 62 |
bgadell |
164 |
my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, activation, timeformat, access, department, added, last_login) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
| 58 |
bgadell |
165 |
$sth->execute($F->{RCid}, lc $EM, $PWD, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, getUser($EM)->{activation}, $F->{timeformat}, $F->{access}, $F->{department}, getUser($EM)->{added}, getUser($EM)->{last_login})
|
| 56 |
bgadell |
166 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
167 |
}
|
|
|
168 |
|
|
|
169 |
if ($ERRMSG) {
|
|
|
170 |
logit ($F->{RCid}, "DB ERROR: Updating Self Details: $ERRMSG");
|
|
|
171 |
} else {
|
|
|
172 |
logit ($F->{RCid}, "Updated User Details");
|
|
|
173 |
}
|
|
|
174 |
} elsif ($AL > 1) { # A lead or higher is updating someone else's record
|
|
|
175 |
|
|
|
176 |
use List::Util qw/sum/;
|
|
|
177 |
# if (sum (values %{ convertDepartments ($F->{department}) }) > 0 and $F->{access} == 0) {
|
|
|
178 |
if (sum (values %{ convertDepartments ($F->{department}) }) > 0 and $F->{access} == 1) {
|
|
|
179 |
# activating a user for the first time...
|
|
|
180 |
$F->{access} = 1;
|
|
|
181 |
# sendNewUserEMail ("Activate", $F);
|
|
|
182 |
}
|
|
|
183 |
|
|
|
184 |
if ($FORM->{password}) {
|
|
|
185 |
# my $sth = $dbh->prepare ("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
186 |
# $sth->execute ($F->{RCid}, $F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
|
| 58 |
bgadell |
187 |
my $sth = $dbh->prepare ("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, activation, timeformat, access, department, added, last_login) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
|
|
|
188 |
$sth->execute ($F->{RCid}, $F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, getUser($F->{email})->{activation}, $F->{timeformat}, $F->{access}, $F->{department}, getUser($F->{email})->{added}, getUser($F->{email})->{last_login})
|
| 56 |
bgadell |
189 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
190 |
} else {
|
|
|
191 |
# my $sth = $dbh->prepare ("update official set email = ?, derby_name = ?, real_name = ?, phone = ?, level = ?, type = ?, access = ?, department = ?, clinic_pass = ? where RCid = ?");
|
|
|
192 |
# $sth->execute ($F->{email}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass}, $F->{RCid})
|
| 58 |
bgadell |
193 |
my $sth = $dbh->prepare ("update official set email = ?, derby_name = ?, real_name = ?, pronouns = ?, tshirt = ?, phone = ?, timeformat = ?, access = ?, department = ? where RCid = ?");
|
|
|
194 |
$sth->execute ($F->{email}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{timeformat}, $F->{access}, $F->{department}, $F->{RCid})
|
| 56 |
bgadell |
195 |
or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
|
|
|
196 |
}
|
|
|
197 |
if ($ERRMSG) {
|
|
|
198 |
logit ($F->{RCid}, "DB ERROR: Updating Someone Else: $ERRMSG");
|
|
|
199 |
} else {
|
|
|
200 |
logit ($F->{RCid}, "Updated User Details (by ".getUser($EM)->{derby_name}.")");
|
|
|
201 |
logit (getUser($EM)->{RCid}, "Updated User Details: ".$F->{derby_name}." (".$F->{RCid}.")");
|
|
|
202 |
}
|
|
|
203 |
} else {
|
|
|
204 |
$ERRMSG = "Attempting to update someone else's record, and you don't have permission to do that.";
|
|
|
205 |
logit ($F->{RCid}, "FAIL: ($EM) doesn't have access to update ($F->{email})'s record");
|
|
|
206 |
}
|
|
|
207 |
}
|
|
|
208 |
$F->{password} = "*******";
|
|
|
209 |
$F->{buttons} = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{RCid} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
|
| 58 |
bgadell |
210 |
# if ($F->{mvp_pass}) {
|
|
|
211 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>1, readonly=>[], disabled=>[], checked=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
212 |
# } else {
|
|
|
213 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0, readonly=>[], disabled=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
214 |
# }
|
| 56 |
bgadell |
215 |
$F->{department} = convertDepartments ($F->{department});
|
| 58 |
bgadell |
216 |
$dbh->do ("replace into RCid_ticket_link select official.RCid, v_ticket.id from official join v_ticket on official.email = v_ticket.email and official.real_name = v_ticket.full_name where official.RCid = ?", undef, $F->{RCid});
|
| 56 |
bgadell |
217 |
|
|
|
218 |
display_form ($F->{RCid}, "View");
|
|
|
219 |
}
|
|
|
220 |
|
|
|
221 |
sub display_form {
|
|
|
222 |
my $RCID = shift // "";
|
|
|
223 |
my $view = shift; # // "New User";
|
|
|
224 |
my $errors = shift // "";
|
|
|
225 |
my $F = shift; # // "";
|
|
|
226 |
|
|
|
227 |
if ($view eq 'Edit') {
|
|
|
228 |
$cookie_string = authenticate (1);
|
|
|
229 |
my ($EM, $PWD, $AL) = split /&/, $cookie_string;
|
|
|
230 |
$F = getUser ($RCID);
|
|
|
231 |
my $currentuser = getUser ($EM);
|
|
|
232 |
# $currentuser->{department} = convertDepartments ($currentuser->{department});
|
|
|
233 |
|
|
|
234 |
# if (lc $EM eq lc $F->{email} or $AL > 1) {
|
|
|
235 |
if (canView ($currentuser, $F)) {
|
|
|
236 |
# Editing your own record OR you're a lead/higher
|
|
|
237 |
if (lc $EM eq lc $F->{email} or $currentuser->{access} < $F->{access}) {
|
|
|
238 |
# If you're editing your own record, or someone who has higher access than you, make access level read-only
|
|
|
239 |
$F->{access} = $h->input ({ type=>"hidden", name=>"access", value=>$F->{access} }).$AccessLevel->{$F->{access}};
|
|
|
240 |
} else {
|
|
|
241 |
$F->{access} = $h->select ({ name=>"access" }, [map { $F->{access} == $_ ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (-1..$currentuser->{access})]);
|
|
|
242 |
}
|
|
|
243 |
if ($currentuser->{access} > 2) { #this would be the place to test for other types of managers that can update the MVP Pass setting
|
| 58 |
bgadell |
244 |
# if ($F->{mvp_pass}) {
|
|
|
245 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>1, checked=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
246 |
# } else {
|
|
|
247 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0 }), $h->span ({ class=>"slider round" })]);
|
|
|
248 |
# }
|
|
|
249 |
if ($F->{MVPid}) {
|
|
|
250 |
$F->{MVPid} .= "->link to change...<-";
|
|
|
251 |
}
|
| 56 |
bgadell |
252 |
} else {
|
| 58 |
bgadell |
253 |
# if ($F->{mvp_pass}) {
|
|
|
254 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>1, readonly=>[], disabled=>[], checked=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
255 |
# } else {
|
|
|
256 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0, readonly=>[], disabled=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
257 |
# }
|
| 56 |
bgadell |
258 |
}
|
|
|
259 |
if ($AL == 5) {
|
|
|
260 |
$F->{email} = $h->input ({ type=>"text", name=>"email", value=>$F->{email} });
|
|
|
261 |
} else {
|
|
|
262 |
$F->{email} = $F->{email}.$h->input ({ type=>"hidden", name=>"email", value=>$F->{email} });
|
|
|
263 |
}
|
|
|
264 |
if ($currentuser->{RCid} eq $F->{RCid} or $currentuser->{access} > 4) {
|
|
|
265 |
$F->{password} = $h->input ({ type=>"password", name=>"password" });
|
|
|
266 |
$F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
|
|
|
267 |
$F->{real_name} = $h->input ({ type=>"text", name=>"real_name", value=>$F->{real_name} });
|
|
|
268 |
$F->{pronouns} = $h->input ({ type=>"text", name=>"pronouns", value=>$F->{pronouns} });
|
|
|
269 |
$F->{tshirt} = $h->select ({ name=>"tshirt" }, [map { $F->{tshirt} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } @tshirtOptions] );
|
|
|
270 |
$F->{phone} = $h->input ({ type=>"text", name=>"phone", value=>$F->{phone} });
|
|
|
271 |
$F->{timeformat} = $h->select ({ name=>"timeformat" }, [map { $F->{timeformat} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } qw(24hr ampm)] );
|
|
|
272 |
} else {
|
|
|
273 |
$F->{password} = '*******';
|
|
|
274 |
}
|
|
|
275 |
# $F->{level} = "<SELECT NAME=level>".selectOptions ($F->{level}, [qw(AA A B C)])."</SELECT>";
|
|
|
276 |
# $F->{type} = "<SELECT NAME=type>".selectOptions ($F->{type}, [qw(official nso referee)])."</SELECT>";
|
|
|
277 |
$F->{RCid} = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{RCid} })."$F->{RCid} ";
|
|
|
278 |
$F->{buttons} = join " ", $h->input ({ type=>"submit", name=>"submit", value=>"Save" }), $h->input ({ type=>"reset", value=>"Reset" }), $h->input ({ type=>"submit", name=>"submit", value=>"Cancel" });
|
|
|
279 |
|
|
|
280 |
$F->{department} = convertDepartments ($F->{department});
|
|
|
281 |
$currentuser->{department} = convertDepartments ($currentuser->{department});
|
|
|
282 |
foreach my $k (keys %{$depts}) {
|
|
|
283 |
next if $k eq "CMP";
|
|
|
284 |
if ($currentuser->{access} > 4) {
|
|
|
285 |
# SysAdmin can change anyone's department level
|
|
|
286 |
$F->{department}->{$k} = $h->select ({ name=>"DEPT-".$k }, [ $h->option ({ value=>"" }, ""), map { $_ eq $F->{department}->{$k} ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (0..4) ]);
|
|
|
287 |
} elsif ($currentuser->{department}->{$k} > 1 and $currentuser->{department}->{$k} > $F->{department}->{$k}) {
|
|
|
288 |
# Department Leads and above can change someone's level within the dept (up to their own level -1)
|
|
|
289 |
$F->{department}->{$k} = $h->select ({ name=>"DEPT-".$k }, [ $h->option ({ value=>"" }, ""), map { $_ eq $F->{department}->{$k} ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (0..$currentuser->{department}->{$k}-1) ]);
|
|
|
290 |
} else {
|
|
|
291 |
# Or it's your own record, you can still submit a request to be added to the dept.
|
|
|
292 |
if (!defined $F->{department}->{$k}) {
|
|
|
293 |
$F->{department}->{$k} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"DEPT-$k", value=>0 }), $h->span ({ class=>"slider round" })]);
|
|
|
294 |
} elsif ($F->{department}->{$k} == 0) {
|
|
|
295 |
$F->{department}->{$k} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"DEPT-$k", value=>0, checked=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
296 |
}
|
|
|
297 |
}
|
|
|
298 |
}
|
|
|
299 |
} else {
|
|
|
300 |
$ERRMSG = "Attempting to update someone else's record, and you don't have permission to do that.";
|
|
|
301 |
}
|
|
|
302 |
|
|
|
303 |
} elsif ($view eq 'New User') {
|
|
|
304 |
$errors .= $h->br."NOTE: You will not be able to sign-up for things until your account has been reviewed and approved. Watch your email for notification.";
|
|
|
305 |
# Skip authentication
|
|
|
306 |
$F->{email} = $h->input ({ type=>"text", name=>"email", value=>$F->{email} });
|
|
|
307 |
$F->{password} = $h->input ({ type=>"password", name=>"password" });
|
|
|
308 |
$F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
|
|
|
309 |
$F->{real_name} = $h->input ({ type=>"text", name=>"real_name", value=>$F->{real_name} });
|
|
|
310 |
$F->{pronouns} = $h->input ({ type=>"text", name=>"pronouns", value=>$F->{pronouns} });
|
|
|
311 |
$F->{tshirt} = $h->select ({ name=>"tshirt" }, [map { $F->{tshirt} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } @tshirtOptions] );
|
|
|
312 |
$F->{phone} = $h->input ({ type=>"text", name=>"phone", value=>$F->{phone} });
|
|
|
313 |
$F->{timeformat} = $h->select ({ name=>"timeformat" }, [map { $F->{timeformat} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } qw(24hr ampm)] );
|
|
|
314 |
# $F->{level} = "<SELECT NAME=level>".selectOptions ($F->{level}, ["", qw(AA A B C)])."</SELECT>";
|
|
|
315 |
# $F->{type} = "<SELECT NAME=type>".selectOptions ($F->{type}, ["", qw(official nso referee)])."</SELECT>";
|
|
|
316 |
$F->{RCid} = $h->input ({ type=>"hidden", name=>"RCid", value=>"New" })."TBD ";
|
|
|
317 |
$F->{access} = $h->input ({ type=>"hidden", name=>"access", value=>0 })."0";
|
| 58 |
bgadell |
318 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0, readonly=>[], disabled=>[] }), $h->span ({ class=>"slider round" })]);
|
| 56 |
bgadell |
319 |
|
|
|
320 |
$F->{department} = convertDepartments ($F->{department});
|
|
|
321 |
foreach (sort keys %{$depts}) {
|
|
|
322 |
next if $_ eq "CMP";
|
|
|
323 |
if (defined param ("DEPT-$_")) {
|
|
|
324 |
$F->{department}->{$_} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"DEPT-$_", value=>0, checked=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
325 |
} else {
|
|
|
326 |
$F->{department}->{$_} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"DEPT-$_", value=>0 }), $h->span ({ class=>"slider round" })]);
|
|
|
327 |
}
|
|
|
328 |
}
|
|
|
329 |
$F->{buttons} = $h->input ({ type=>"submit", name=>"submit", value=>"Save" })." ".$h->input ({ type=>"reset", value=>"Reset" })." ".$h->input ({ type=>"submit", name=>"submit", value=>"Cancel" });
|
|
|
330 |
$cookie_string = '';
|
|
|
331 |
} elsif ($view eq 'View' or $view eq 'Cancel' or !$view) {
|
|
|
332 |
$cookie_string = authenticate (1);
|
|
|
333 |
my ($EM, $PWD, $AL) = split /&/, $cookie_string;
|
|
|
334 |
|
|
|
335 |
if (!$view) {
|
|
|
336 |
$F->{'RCid'} = getUser ($EM)->{'RCid'};
|
|
|
337 |
}
|
|
|
338 |
|
|
|
339 |
# Check to make sure they're only looking up their own ID unless they're a lead or higher
|
|
|
340 |
my $currentuser = getUser ($EM);
|
|
|
341 |
my $targetuser = getUser ($RCID);
|
|
|
342 |
|
|
|
343 |
if (canView ($currentuser, $targetuser)) {
|
|
|
344 |
$F = $targetuser;
|
|
|
345 |
$F->{department} = convertDepartments ($F->{department});
|
|
|
346 |
$F->{access} = $AccessLevel->{$F->{access}};
|
|
|
347 |
$F->{'password'} = "*******";
|
|
|
348 |
$F->{buttons} = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{'RCid'} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
|
| 58 |
bgadell |
349 |
# if ($F->{mvp_pass}) {
|
|
|
350 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>1, readonly=>[], disabled=>[], checked=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
351 |
# } else {
|
|
|
352 |
# $F->{mvp_pass} = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0, readonly=>[], disabled=>[] }), $h->span ({ class=>"slider round" })]);
|
|
|
353 |
# }
|
|
|
354 |
if ($currentuser->{access} > 2 or convertDepartments($currentuser->{department})->{MVP} >= 2) {
|
|
|
355 |
if($F->{MVPid}) {
|
|
|
356 |
$F->{MVPid} .= ' ' . $h->button ({ onClick=>"window.open('update_mvp_ticket.pl?change=Delete&RCid=$F->{RCid}&MVPid=$F->{MVPid}','Change MVP Ticket','resizable,height=260,width=370'); return false;" }, "Delete Match");
|
|
|
357 |
} else {
|
|
|
358 |
$F->{MVPid} .= $h->button ({ onClick=>"window.open('update_mvp_ticket.pl?change=lookup&RCid=$F->{RCid}','Change MVP Ticket','resizable,height=260,width=370'); return false;" }, "Manual Match");
|
|
|
359 |
my $possible_matches = $dbh->selectall_arrayref ("select id, full_name from v_ticket where isnull(RCid) = true and email = (select email from official where RCid = ?) union
|
|
|
360 |
select id, full_name from v_ticket where isnull(RCid) = true and full_name = (select real_name from official where RCid = ?) union
|
|
|
361 |
select id, full_name from v_ticket where isnull(RCid) = true and derby_name = (select derby_name from official where RCid = ?)", undef, $F->{RCid}, $F->{RCid}, $F->{RCid});
|
|
|
362 |
|
|
|
363 |
foreach my $match (@$possible_matches) {
|
|
|
364 |
my ($MVPid, $fullname) = @$match;
|
|
|
365 |
# $t->{derby_name} = "<A HREF='#' onClick=\"event.stopPropagation(); window.open('make_shift_change.pl?change=add&RCid=$RCid&id=$t->{id}','Confirm Shift Change','resizable,height=260,width=370'); return false;\">[SIGN UP]</a>";
|
|
|
366 |
|
|
|
367 |
$F->{MVPid} .= $h->div ({ class => "hint" }, ["Possible Match: @$match", ' ', $h->button ({ onClick=>"window.open('update_mvp_ticket.pl?change=add&RCid=$F->{RCid}&MVPid=$MVPid','Change MVP Ticket','resizable,height=260,width=370'); return false;" }, "Accept Match")]);
|
|
|
368 |
}
|
|
|
369 |
}
|
|
|
370 |
}
|
| 56 |
bgadell |
371 |
} else {
|
|
|
372 |
logit ($currentuser->{RCid}, "SECURITY: $currentuser->{derby_name} attempted to view another user's ($RCID) info");
|
|
|
373 |
$errors = "Unauthorized attempt to view another user. This has been logged.";
|
|
|
374 |
$F->{email} = " ";
|
|
|
375 |
$F->{password} = " ";
|
|
|
376 |
$F->{derby_name} = " ";
|
|
|
377 |
$F->{real_name} = " ";
|
|
|
378 |
$F->{pronouns} = " ";
|
|
|
379 |
$F->{tshirt} = " ";
|
|
|
380 |
$F->{phone} = " ";
|
|
|
381 |
$F->{timeformat} = " ";
|
|
|
382 |
# $F->{level} = " ";
|
|
|
383 |
# $F->{type} = " ";
|
|
|
384 |
$F->{RCid} = " ";
|
|
|
385 |
$F->{access} = " ";
|
| 58 |
bgadell |
386 |
$F->{MVPid} = " ";
|
| 56 |
bgadell |
387 |
$F->{buttons} = " ";
|
|
|
388 |
}
|
|
|
389 |
|
|
|
390 |
# if (lc $EM eq lc $F->{email} or $AL > 1) {
|
|
|
391 |
# $F->{buttons} = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{'RCid'} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
|
|
|
392 |
# } else {
|
|
|
393 |
# $F->{buttons} = "";
|
|
|
394 |
# }
|
|
|
395 |
} #else {
|
|
|
396 |
# $cookie_string = authenticate(1);
|
|
|
397 |
# $FORM->{email} = " ";
|
|
|
398 |
# $FORM->{password} = " ";
|
|
|
399 |
# $FORM->{derby_name} = " ";
|
|
|
400 |
# $FORM->{real_name} = " ";
|
|
|
401 |
# $FORM->{phone} = " ";
|
|
|
402 |
# $FORM->{level} = " ";
|
|
|
403 |
# $FORM->{type} = " ";
|
|
|
404 |
# $FORM->{RCid} = " ";
|
|
|
405 |
# $FORM->{access} = " ";
|
|
|
406 |
# $FORM->{mvp_pass} = " ";
|
|
|
407 |
# $FORM->{buttons} = " ";
|
|
|
408 |
#}
|
|
|
409 |
|
|
|
410 |
#---------------START THE HTML--------------------
|
|
|
411 |
|
|
|
412 |
my $RCAUTH_cookie = cookie (-name=>'RCAUTH',-value=>"$cookie_string",-expires=>"+30m");
|
|
|
413 |
|
|
|
414 |
print header (-cookie=>$RCAUTH_cookie);
|
|
|
415 |
|
|
|
416 |
#foreach (keys %ENV) {
|
|
|
417 |
# print "$_: $ENV{$_}\n<br>";
|
|
|
418 |
#}
|
|
|
419 |
|
|
|
420 |
if ($errors) {
|
|
|
421 |
$errors = $h->div ({ class=>"error" }, $errors);
|
|
|
422 |
} else {
|
|
|
423 |
$errors = "";
|
|
|
424 |
}
|
|
|
425 |
|
| 58 |
bgadell |
426 |
my @printDepartments = ( $h->div ({ class=>"index", style=>"display: unset;" }, $h->p ({ class=>"heading" }, "Volunteer Department Access:")) );
|
| 56 |
bgadell |
427 |
# push @printDepartments, $h->div ({ class=>"rTableRow" }, $h->div ({ class=>"rTableCellr hint", style=>"display:block;" }, "Here is where you're signed up to volunteer at RollerCon:"));
|
|
|
428 |
push @printDepartments, $h->div ({ class=>"rTableRowSpan" },[ $h->div ({ style=>"rTableCellr" }, $h->div ({ class=>"hint" }, "Here is where you're signed up to volunteer at RollerCon:")) ]);
|
|
|
429 |
# push @printDepartments, $h->div ({ class=>"hint", style=>"display: unset;" }, "Here is where you're signed up to volunteer at RollerCon:");
|
|
|
430 |
foreach (sort grep { !/^PER$/ } keys %{$F->{department}}) {
|
|
|
431 |
push @printDepartments, $h->div ({ class=>"rTableRow" }, [
|
|
|
432 |
$h->div ({ class=>"rTableCellr", style=>"font-size: unset;" },
|
|
|
433 |
[ $h->span ({ class=>"tooltip-wrap" }, [$h->img ({src=>"/images/qm.png", width=>"18", height=>"18"}), $h->div ({ class=>"tooltip-content" }, $h->div ({class=>"bold"}, $depts->{$_}).$deptDesc->{$_} . (exists $deptLink->{$_} ? $h->a ({ href=>$deptLink->{$_}, target=>"_new"}, " [More Info]") : "") )]), $depts->{$_}.":" ],
|
|
|
434 |
$F->{department}->{$_} =~ /^\d$/ ? $AccessLevel->{$F->{department}->{$_}} : $F->{department}->{$_}),
|
|
|
435 |
]);
|
|
|
436 |
}
|
|
|
437 |
|
|
|
438 |
printRCHeader ("User Manager");
|
|
|
439 |
|
|
|
440 |
print $errors;
|
|
|
441 |
print $h->form ({ action=>url, method=>'POST', name=>'Req' },[
|
|
|
442 |
$h->input ({ type=>"hidden", name=>"referer", value=>$goback }),
|
|
|
443 |
$h->div ({ class=>"index" }, [$h->p ({ class=>"heading" }, "User Details:"),
|
|
|
444 |
$h->div ({ class=>"rTable", style=>"min-width: 0%;" },[
|
|
|
445 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "User-ID / Email Address: ", $F->{email}) ]),
|
|
|
446 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "Password: ", $F->{password}) ]),
|
|
|
447 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "Derby Name: ", $F->{derby_name}) ]),
|
| 58 |
bgadell |
448 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "Full Name: ", $F->{real_name}) ]),
|
| 56 |
bgadell |
449 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "Pronouns: ", $F->{pronouns}) ]),
|
|
|
450 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "TShirt Size: ", $F->{tshirt}) ]),
|
|
|
451 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "Phone: ", $F->{phone}) ]),
|
|
|
452 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "Time Format: ", $F->{timeformat}) ]),
|
|
|
453 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "Database ID: ", $F->{RCid}) ]),
|
|
|
454 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "User Added: ", $F->{added}) ]),
|
|
|
455 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "Last Login: ", $F->{last_login}) ]),
|
|
|
456 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "vORC Access Level: ", $F->{access}) ]),
|
| 58 |
bgadell |
457 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr", style=>"font-size: unset;" }, "MVP Pass: ", $F->{MVPid}) ]),
|
| 56 |
bgadell |
458 |
@printDepartments,
|
|
|
459 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCell" }, " ") ]),
|
|
|
460 |
$h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, $h->a ({ href=>$goback }, "[go back]"), $F->{buttons}) ])
|
|
|
461 |
])
|
|
|
462 |
])
|
|
|
463 |
]); # print $h->close('form');
|
|
|
464 |
print $h->div ({ class=>"index" }, [$h->p ({ class=>"heading" }, "Schedule:"), getSchedule ($RCID, "all")]) unless $RCID !~ /^\d+$/;
|
|
|
465 |
print $h->div ({ class=>"index" }, [$h->p ({ class=>"heading" }, "Recent Activity:"), getLog ($RCID)]) unless $RCID !~ /^\d+$/;
|
|
|
466 |
print $h->close ('html');
|
|
|
467 |
}
|
|
|
468 |
|
|
|
469 |
#sub selectOptions {
|
|
|
470 |
# my $selectedOption = shift;
|
|
|
471 |
# my $options = shift;
|
|
|
472 |
# return join " ", map { $selectedOption eq $_ ?
|
|
|
473 |
# $h->option ({ value=>$_, selected=>[] }, $_) :
|
|
|
474 |
# $h->option ({ value=>$_ }, $_)
|
|
|
475 |
# } @$options;
|
|
|
476 |
#}
|
|
|
477 |
|
|
|
478 |
|
|
|
479 |
sub checkDupes {
|
|
|
480 |
my $field = shift;
|
|
|
481 |
my $nametocheck = shift;
|
|
|
482 |
my $han = $dbh->prepare("select RCid from official where $field = ?");
|
|
|
483 |
$han->execute($nametocheck);
|
|
|
484 |
my ($rcid) = $han->fetchrow();
|
|
|
485 |
return $rcid;
|
|
|
486 |
}
|
|
|
487 |
|
|
|
488 |
sub getLog {
|
|
|
489 |
my $RCID = shift;
|
|
|
490 |
|
|
|
491 |
my @activity_log;
|
|
|
492 |
my $alog = $dbh->prepare("select timestamp, event from v_log where RCid = ? limit 10");
|
|
|
493 |
$alog->execute($RCID);
|
|
|
494 |
while (my @logs = $alog->fetchrow_array) {
|
|
|
495 |
push @activity_log, $h->li ({ class=>"shaded" }, join " ", @logs);
|
|
|
496 |
}
|
|
|
497 |
|
|
|
498 |
return $h->ul ([@activity_log]).$h->h5 ($h->a ({ href=>"log.pl?filter-RCid=".$RCID }, "[Entire log history]"));
|
|
|
499 |
}
|
|
|
500 |
|
|
|
501 |
sub getDepartmentDescriptions {
|
|
|
502 |
my %HASH;
|
|
|
503 |
my $sth = $dbh->prepare("select TLA, description from department");
|
|
|
504 |
$sth->execute();
|
|
|
505 |
while (my ($tla, $name) = $sth->fetchrow) {
|
|
|
506 |
$HASH{$tla} = $name;
|
|
|
507 |
}
|
|
|
508 |
return \%HASH;
|
|
|
509 |
}
|
|
|
510 |
|
|
|
511 |
sub getDepartmentLinks {
|
|
|
512 |
my %HASH;
|
|
|
513 |
my $sth = $dbh->prepare("select TLA, link from department where link <> ''");
|
|
|
514 |
$sth->execute();
|
|
|
515 |
while (my ($tla, $name) = $sth->fetchrow) {
|
|
|
516 |
$HASH{$tla} = $name;
|
|
|
517 |
}
|
|
|
518 |
return \%HASH;
|
|
|
519 |
}
|