WebSVN – VORC – Diff – /trunk/site/schedule/view_user.pl

 #warn "Redirecting errors to ${error_log_path}vorc_error.log";
 use strict;
 use cPanelUserConfig;
+use RollerCon;
-use RollerCon;
+use tableViewer qw/inArray/;
 use CGI qw/param cookie header start_html url/;
 use Email::Valid;
 use WebDB;
 use HTML::Tiny;
 our $h = HTML::Tiny->new( mode => 'html' );
 my ($FORM, $cookie_string, $ERRMSG);
-my @ERRORS;
-my $dbh = getRCDBH;
+my @ERRORS;
-#my $dbh = WebDB->connect ();
+my $dbh = getRCDBH;
 my $depts = getDepartments (); # HashRef of the department TLAs -> Display Names...
 my $deptDesc = getDepartmentDescriptions ();
 my $deptLink = getDepartmentLinks ();
 my $AccessLevel = getAccessLevels;
+my @tshirtOptions = ("", "MS", "MM", "ML", "MXL", "M2X", "M3X");
+my @AUTODEPTS = map { $_->[0] } @{$dbh->selectall_arrayref ("select TLA from department where autoapprove = true")};
+my @FIELDS = qw/ derby_name email real_name phone password access department tshirt pronouns timeformat /;
+my @PRIVFIELDS = qw/ email access /;
-my @tshirtOptions = ("", "MS", "MM", "ML", "MXL", "M2X", "M3X");
+$ORCUSER->{department} = ref $ORCUSER->{department} eq "HASH" ? $ORCUSER->{department} : convertDepartments($ORCUSER->{department});
 my @AUTODEPTS = map { $_->[0] } @{$dbh->selectall_arrayref ("select TLA from department where autoapprove = true")};
 # The page's form might be submitted as a POST or a GET (or both?)
   $F->{real_name}   = WebDB::trim param ('real_name')  // '';
   $F->{pronouns}    = WebDB::trim param ('pronouns')   // '';
   $F->{tshirt}      = WebDB::trim param ('tshirt')     // '';
   $F->{phone}       = WebDB::trim param ('phone')      // '';
   $F->{timeformat}  = WebDB::trim param ('timeformat') // '24hr';
-# $F->{level}       = param ('level')      // '';
-# $F->{type}        = param ('type')       // '';
   $F->{RCid}        = param ('RCid')       // '';
   $F->{access}      = param ('access')     // 0;
-# $F->{mvp_pass}    = defined param ('mvp_pass') ? 1 : 0;
   $F->{department}  = join ":", map { "$_-".param ("DEPT-".$_) } map { s/^DEPT-//; $_ } grep { param ($_) ne "" } grep { /^DEPT-/ } param ;
   if ($F->{RCid} eq "New") {
   # Saving a new User...
     # But first let's do some error checking...0
     if (!$F->{password})   { push @ERRORS, "Blank Password!"; }
     if (!$F->{real_name})  { push @ERRORS, "Blank Full Name!"; }
     if (!$F->{derby_name}) { $F->{derby_name} = $F->{real_name}; } # If they leave derby_name blank, use their real_name
-    if (checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
-#   if (!$F->{level})      { $F->{level} = "B"; } # People keep leaving level blank.  Default 'em if they do.
-#   if (!$F->{type})       { $F->{type} = "official"; } # and now they left the other drop-down blank!!!
+    if (checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
     if (!$F->{email})      { push @ERRORS, "Blank Email (User-ID)!"; } else {
       $F->{email} =~ s/\s+//g; # make sure people aren't accidentally including spaces
       $F->{email} = lc $F->{email}; # sometimes people capitalize their email addresses and that's annoying...
       if (! Email::Valid->address (-address => $F->{email}, -mxcheck => 1, -tldcheck => 1)) { push @ERRORS, "Mal-formatted (or fake) Email Address!"; $F->{email} = ""; }
+    }
-    if (checkDupes ('email', $F->{email})) { push @ERRORS, "Email Address already in use. Pick a different one."; $F->{email} = ""; }
-    # if (!$F->{department}) { push @ERRORS, "You need to request at least one Department!"; }
+    if (checkDupes ('email', $F->{email})) { push @ERRORS, "Email Address already in use. Pick a different one."; $F->{email} = ""; }
     if (scalar @ERRORS) {
-      $ERRMSG = join $h->br, @ERRORS;
-      display_form ("New", "New User", $ERRMSG, $F);
+      $ERRMSG = join $h->br, @ERRORS;
-      return;
+      display_form ("New", "New User", $ERRMSG, $F);
     } else {
       # We have a correctly formatted email address with a mail host record, go ahead and add the user
       # Check to see if any of the departments they've requested are set to autoapprove.
-      $F->{department} = convertDepartments $F->{department};
+      # Check to see if any of the departments they've requested are set to autoapprove.
-      use tableViewer;
+      $F->{department} = convertDepartments $F->{department};
       map { $F->{department}->{$_} = inArray ($_, \@AUTODEPTS) } keys %{$F->{department}};
-      $F->{department} = convertDepartments $F->{department};
+      $F->{department} = convertDepartments $F->{department};
-#     my $sth = $dbh->prepare ("insert into official (email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
-      my $sth = $dbh->prepare ("insert into official (email, password, derby_name, real_name, pronouns, tshirt, phone, timeformat, access, department, added, activation) values (?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, CONVERT_TZ(now(), 'America/Chicago', 'America/Los_Angeles'), md5(rand()))");
-#     $sth->execute ($F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, 0, $F->{department}, 0);
+      $dbh->do ("insert into official (email,  password,       derby_name,       real_name,       pronouns,       tshirt,       phone,       timeformat,       access, department, added, activation) values (?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, CONVERT_TZ(now(), 'America/Chicago', 'America/Los_Angeles'), md5(rand()))", undef,
-      $sth->execute ($F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{timeformat}, 0, $F->{department});
+                                  $F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{timeformat}, 0,      $F->{department})
         or display_form ("New", "New User", "ERROR: DB: ".$dbh->errstr, $F);
       $sth = $dbh->prepare ("select RCid, activation from official where email = ?");
-      $sth->execute ($F->{email});
+      ($F->{RCid}, $F->{activation}) = @{$dbh->selectall_arrayref ("select RCid, activation from official where email = ?", undef, $F->{email})};
       ($F->{RCid}, $F->{activation}) = $sth->fetchrow_array;
       $dbh->do ("replace into RCid_ticket_link select official.RCid, v_ticket.id from official join v_ticket on official.email = v_ticket.email and official.real_name = v_ticket.full_name where official.RCid = ?", undef, $F->{RCid});
+      logit ($F->{RCid}, "New User Registration");
-      logit ($F->{RCid}, "New User Registration");
+      sendNewUserEMail ("New User", $F);
-      sendNewUserEMail ("New User", $F);
+      $cookie_string = authenticate (RollerCon::USER);
       $cookie_string = authenticate (1);
+  } else {
   # Save changes to an existing user.
-  } else {
+    $cookie_string = authenticate (RollerCon::USER);
-    $cookie_string = authenticate (1);
+    my ($EM, $PWD, $AL) = split /&/, $cookie_string;
-    my ($EM, $PWD, $AL) = split /&/, $cookie_string;
+    my $OG = getUser ($F->{RCid});
-    my $OG = getUser ($F->{RCid});
+    if ($F->{derby_name} ne $OG->{derby_name} and checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
-    if ($F->{derby_name} ne $OG->{derby_name} and checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
     if ($F->{email} ne $OG->{email} and checkDupes ('email', $F->{email})) { push @ERRORS, "Email Address already in use. Pick a different one."; $F->{email} = ""; }
+    if (!$F->{real_name})  { push @ERRORS, "Blank Full Name!"; }
+    if (scalar @ERRORS) {
-    if (!$F->{real_name})  { push @ERRORS, "Blank Full Name!"; }
+      $ERRMSG = join $h->br, @ERRORS;
-    if (scalar @ERRORS) {
-      $ERRMSG = join $h->br, @ERRORS;
       display_form ($F->{RCid}, "Edit", $ERRMSG, $F);
-      return;
+    }
     if (lc $EM eq lc $F->{email} and $AL < 5) { # They're editing their own record (and not a sysadmin).
     if ($ORCUSER->{RCid} == $F->{RCid} or $AL >= RollerCon::SYSADMIN) {
-      # Don't let users change their own mvp_pass setting...
-#     $F->{mvp_pass} = getUser($EM)->{mvp_pass};
+    # They're editing their own record (or a sysadmin).
       my $DBDepts = getUser($EM)->{department};
-      if ($F->{department} ne $DBDepts) {
+      my $DBDepts = $OG->{department};
-        # They're trying to change one of their own departments.
+      if ($F->{department} ne $DBDepts and $AL < RollerCon::SYSADMIN) {
-        my $FORMDepts = convertDepartments $F->{department};
+        # They're trying to change one of their own departments.
-        $DBDepts =   convertDepartments $DBDepts;
+        my $FORMDepts = convertDepartments $F->{department};
-        # the only change to a dept should be a request to be added, some depts are auto-approved.
+        $DBDepts =   convertDepartments $DBDepts;
-        use tableViewer;
+        # the only change to a dept should be a request to be added, some depts are auto-approved.
-        map { $FORMDepts->{$_} = inArray ($_, \@AUTODEPTS) } keys %{$FORMDepts};
-        # or they can retract their request
+        map { $FORMDepts->{$_} = inArray ($_, \@AUTODEPTS) } keys %{$FORMDepts};
-        map { do { delete $DBDepts->{$_} } if $DBDepts->{$_} == 0 and !defined $FORMDepts->{$_} } keys %{$DBDepts};
+        # or they can retract their request
+        map { do { delete $DBDepts->{$_} } if $DBDepts->{$_} == 0 and !defined $FORMDepts->{$_} } keys %{$DBDepts};
         # otherwise, keep the same depts as are in the DB (or have been auto-approved...)
+        map { $FORMDepts->{$_} = max ($DBDepts->{$_}, $FORMDepts->{$_}) } keys %{$DBDepts};
-        map { $FORMDepts->{$_} = max ($DBDepts->{$_}, $FORMDepts->{$_}) } keys %{$DBDepts};
+        $F->{department} = convertDepartments $FORMDepts;
-        $F->{department} = convertDepartments $FORMDepts;
+      }
-      }
+      foreach my $field (@FIELDS) {
+        if ($F->{$field} eq $OG->{$field} or ($field eq "password" and !$F->{$field})) {
+          # No changes to this field, move on...
+          next;
-      if ($F->{password}) { # They've possibly included an updated password.
-#       my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
+        }
-#       $sth->execute ($F->{RCid}, $EM, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
+        if ($AL < RollerCon::SYSADMIN and inArray ($field, \@PRIVFIELDS)) {
+          push @ERRORS, "ERROR: Only SysAdmins are allowed to change the $field field";
-        my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, activation, timeformat, access, department, added, last_login) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
+          logit ($F->{RCid}, "SECURITY: Only SysAdmins are allowed to change the $field field");
-        $sth->execute ($F->{RCid}, lc $EM, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, getUser($EM)->{activation}, $F->{timeformat}, $F->{access}, $F->{department}, getUser($EM)->{added}, getUser($EM)->{last_login})
-          or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
-      } else { # No password was included, just keep the existing one.
-#       my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
-#       $sth->execute($F->{RCid}, $EM, $PWD, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
-        my $sth = $dbh->prepare("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, activation, timeformat, access, department, added, last_login) values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
-        $sth->execute($F->{RCid}, lc $EM, $PWD, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, getUser($EM)->{activation}, $F->{timeformat}, $F->{access}, $F->{department}, getUser($EM)->{added}, getUser($EM)->{last_login})
+          next;
-          or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
-      }
-      if ($ERRMSG) {
-        logit ($F->{RCid}, "DB ERROR: Updating Self Details: $ERRMSG");
-      } else {
-        logit ($F->{RCid}, "Updated User Details");
-      }
-    } elsif ($AL > 1) { # A lead or higher is updating someone else's record
-#     use List::Util qw/sum/;
-#     if (sum (values %{ convertDepartments ($F->{department}) }) > 0 and $F->{access} == 0) {
-#     if ($F->{department} and sum (values %{ convertDepartments ($F->{department}) }) > 0 and $F->{access} == 1) {
-        # activating a user for the first time...
-#       $F->{access} = 1;
-#       sendNewUserEMail ("Activate", $F);
-#     }
-      if ($FORM->{password}) {
-#       my $sth = $dbh->prepare ("replace into official (RCid, email, password, derby_name, real_name, phone, level, type, access, department, clinic_pass) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?)");
-#       $sth->execute ($F->{RCid}, $F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass})
-        my $sth = $dbh->prepare ("replace into official (RCid, email, password, derby_name, real_name, pronouns, tshirt, phone, activation, timeformat, access, department, added, last_login) values (?, ?, password(?), ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");
-        $sth->execute ($F->{RCid}, $F->{email}, $F->{password}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, getUser($F->{email})->{activation}, $F->{timeformat}, $F->{access}, $F->{department}, getUser($F->{email})->{added}, getUser($F->{email})->{last_login})
-          or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
-      } else {
-#       my $sth = $dbh->prepare ("update official set email = ?, derby_name = ?, real_name = ?, phone = ?, level = ?, type = ?, access = ?, department = ?, clinic_pass = ? where RCid = ?");
-#       $sth->execute ($F->{email}, $F->{derby_name}, $F->{real_name}, $F->{phone}, $F->{level}, $F->{type}, $F->{access}, $F->{department}, $F->{clinic_pass}, $F->{RCid})
         my $sth = $dbh->prepare ("update official set email = ?, derby_name = ?, real_name = ?, pronouns = ?, tshirt = ?, phone = ?, timeformat = ?, access = ?, department = ? where RCid = ?");
-        $sth->execute ($F->{email}, $F->{derby_name}, $F->{real_name}, $F->{pronouns}, $F->{tshirt}, $F->{phone}, $F->{timeformat}, $F->{access}, $F->{department}, $F->{RCid})
-          or $ERRMSG = "ERROR: Can't execute SQL statement: ".$sth->errstr()."\n";
+        # warn "Changing $field: $F->{$field}";
         if (my $err = changeUser ($F->{RCid}, $field, $F->{$field})) {
-      if ($ERRMSG) {
+          push @ERRORS, $err;
-        logit ($F->{RCid}, "DB ERROR: Updating Someone Else: $ERRMSG");
+          logit ($F->{RCid}, "DB ERROR: Updating User Details: $err");
       } else {
-        logit ($F->{RCid}, "Updated User Details (by ".getUser($EM)->{derby_name}.")");
-        logit (getUser($EM)->{RCid}, "Updated User Details: ".$F->{derby_name}." (".$F->{RCid}.")");
-      }
-    } else {
-      $ERRMSG = "Attempting to update someone else's record, and you don't have permission to do that.";
       logit ($F->{RCid}, "FAIL: ($EM) doesn't have access to update ($F->{email})'s record");
+    } else {
+      push @ERRORS, "Attempting to update someone else's record, and you don't have permission to do that.";
+      logit ($ORCUSER->{RCid}, "FAIL: You don't have access to update other people's user record");
-  }
+    }
   $F->{password} = "*******";
-  $F->{buttons}   = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{RCid} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
+  $F->{password} = "*******";
-# if ($F->{mvp_pass}) {
+  $F->{buttons}   = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{RCid} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
-#     $F->{mvp_pass}  = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>1, readonly=>[], disabled=>[], checked=>[] }), $h->span ({ class=>"slider round" })]);
+  $F->{department} = convertDepartments ($F->{department});
-#   } else {
+  $dbh->do ("replace into RCid_ticket_link select official.RCid, v_ticket.id from official join v_ticket on official.email = v_ticket.email and official.real_name = v_ticket.full_name where official.RCid = ?", undef, $F->{RCid});
 #     $F->{mvp_pass}  = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0, readonly=>[], disabled=>[] }), $h->span ({ class=>"slider round" })]);
-# }
+  if (scalar @ERRORS) {
-  $F->{department} = convertDepartments ($F->{department});
+    $ERRMSG = join $h->br, @ERRORS;
   $dbh->do ("replace into RCid_ticket_link select official.RCid, v_ticket.id from official join v_ticket on official.email = v_ticket.email and official.real_name = v_ticket.full_name where official.RCid = ?", undef, $F->{RCid});
-  display_form ($F->{RCid}, "View");
-}
-sub display_form {
+  display_form ($F->{RCid}, "View", $ERRMSG);
   my $RCID = shift // "";
-  my $view = shift; # // "New User";
-  my $errors = shift // "";
+sub display_form {
-  my $F = shift; # // "";
+  my $RCID = shift // "";
   my $view = shift; # // "New User";
-  if ($view eq 'Edit') {
+  my $errors = shift // "";
-    $cookie_string = authenticate (1);
+  my $F = shift; # // "";
-    my ($EM, $PWD, $AL) = split /&/, $cookie_string;
-    $F = getUser ($RCID);
-    my $currentuser = getUser ($EM);
-#   $currentuser->{department} = convertDepartments ($currentuser->{department});
+  if ($view eq 'Edit') {
-#   if (lc $EM eq lc $F->{email} or $AL > 1) {
-    if (canView ($currentuser, $F)) {
+    $cookie_string = authenticate (RollerCon::USER);
-      # Editing your own record OR you're a lead/higher
+    my ($EM, $PWD, $AL) = split /&/, $cookie_string;
-      if (lc $EM eq lc $F->{email} or $currentuser->{access} < $F->{access}) {
+    $F = getUser ($RCID);
         # If you're editing your own record, or someone who has higher access than you, make access level read-only
-        $F->{access}      = $h->input ({ type=>"hidden", name=>"access", value=>$F->{access} }).$AccessLevel->{$F->{access}};
-      } else {
-        $F->{access}      = $h->select ({ name=>"access" }, [map { $F->{access} == $_ ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (-1..$currentuser->{access})]);
-      }
-      if ($currentuser->{access} > 2) {  #this would be the place to test for other types of managers that can update the MVP Pass setting
-#       if ($F->{mvp_pass}) {
+    if (canView ($ORCUSER, $F)) {
-#           $F->{mvp_pass}  = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>1, checked=>[] }), $h->span ({ class=>"slider round" })]);
+      # Editing your own record OR you're a lead/higher
-#         } else {
+      if (lc $EM eq lc $F->{email} or $ORCUSER->{access} < $F->{access}) {
-#           $F->{mvp_pass}  = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0 }), $h->span ({ class=>"slider round" })]);
+        # If you're editing your own record, or someone who has higher access than you, make access level read-only
-#       }
+        $F->{access}      = $h->input ({ type=>"hidden", name=>"access", value=>$F->{access} }).$AccessLevel->{$F->{access}};
-        if ($F->{MVPid}) {
+      } else {
-          $F->{MVPid} .= "->link to change...<-";
+        $F->{access}      = $h->select ({ name=>"access" }, [map { $F->{access} == $_ ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (-1..$ORCUSER->{access})]);
+      }
-      } else {
+      if ($ORCUSER->{access} >= RollerCon::MANAGER) {
-#       if ($F->{mvp_pass}) {
+        #this would be the place to test for other types of managers that can update the MVP Pass setting
-#           $F->{mvp_pass}  = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>1, readonly=>[], disabled=>[], checked=>[] }), $h->span ({ class=>"slider round" })]);
+        if ($F->{MVPid}) {
-#         } else {
+          $F->{MVPid} .= "->link to change...<-";
 #           $F->{mvp_pass}  = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0, readonly=>[], disabled=>[] }), $h->span ({ class=>"slider round" })]);
-#       }
+      } else {
+      }
-      if ($AL == 5) {
+      if ($AL == RollerCon::SYSADMIN) {
         $F->{email}      = $h->input ({ type=>"text", name=>"email", value=>$F->{email} });
-      } else {
-        $F->{email}      = $F->{email}.$h->input ({ type=>"hidden", name=>"email", value=>$F->{email} });
       } else {
-      if ($currentuser->{RCid} eq $F->{RCid} or $currentuser->{access} > 4) {
+        $F->{email}      = $F->{email}.$h->input ({ type=>"hidden", name=>"email", value=>$F->{email} });
         $F->{password}   = $h->input ({ type=>"password", name=>"password" });
-        $F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
-        $F->{real_name}  = $h->input ({ type=>"text", name=>"real_name", value=>$F->{real_name} });
+      if ($ORCUSER->{RCid} eq $F->{RCid} or $ORCUSER->{access} >= RollerCon::SYSADMIN) {
-        $F->{pronouns}   = $h->input ({ type=>"text", name=>"pronouns", value=>$F->{pronouns} });
+        $F->{password}   = $h->input ({ type=>"password", name=>"password" });
-        $F->{tshirt}     = $h->select ({ name=>"tshirt" }, [map { $F->{tshirt} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } @tshirtOptions] );
+        $F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
-        $F->{phone}      = $h->input ({ type=>"text", name=>"phone", value=>$F->{phone} });
+        $F->{real_name}  = $h->input ({ type=>"text", name=>"real_name", value=>$F->{real_name} });
-        $F->{timeformat} = $h->select ({ name=>"timeformat" }, [map { $F->{timeformat} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } qw(24hr ampm)] );
+        $F->{pronouns}   = $h->input ({ type=>"text", name=>"pronouns", value=>$F->{pronouns} });
-      } else {
+        $F->{tshirt}     = $h->select ({ name=>"tshirt" }, [map { $F->{tshirt} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } @tshirtOptions] );
-        $F->{password}   = '*******';
+        $F->{phone}      = $h->input ({ type=>"text", name=>"phone", value=>$F->{phone} });
-      }
+        $F->{timeformat} = $h->select ({ name=>"timeformat" }, [map { $F->{timeformat} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } qw(24hr ampm)] );
-#     $F->{level}      = "<SELECT NAME=level>".selectOptions ($F->{level}, [qw(AA A B C)])."</SELECT>";
+      } else {
-#     $F->{type}       = "<SELECT NAME=type>".selectOptions ($F->{type}, [qw(official nso referee)])."</SELECT>";
+        $F->{password}   = '*******';
       $F->{RCid}       = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{RCid} })."$F->{RCid}&nbsp;";
-      $F->{buttons}    = join " ", $h->input ({ type=>"submit", name=>"submit", value=>"Save" }), $h->input ({ type=>"reset", value=>"Reset" }), $h->input ({ type=>"submit", name=>"submit", value=>"Cancel" });
+      $F->{RCid}       = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{RCid} })."$F->{RCid}&nbsp;";
       $F->{buttons}    = join " ", $h->input ({ type=>"submit", name=>"submit", value=>"Save" }), $h->input ({ type=>"reset", value=>"Reset" }), $h->input ({ type=>"submit", name=>"submit", value=>"Cancel" });
     } else {
       $ERRMSG = "Attempting to update someone else's record, and you don't have permission to do that.";
+    }
   } elsif ($view eq 'New User') {
-    $errors .= $h->br."NOTE: You will not be able to sign-up for things until your account has been reviewed and approved. Watch your email for notification.";
+    $errors .= $h->br."NOTE: You will not be able to login until your account has been activated. Watch your email for further instructions.";
     # Skip authentication
     $F->{email}      = $h->input ({ type=>"text", name=>"email", value=>$F->{email} });
     $F->{password}   = $h->input ({ type=>"password", name=>"password" });
     $F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
     $F->{real_name}  = $h->input ({ type=>"text", name=>"real_name", value=>$F->{real_name} });
     $F->{pronouns}   = $h->input ({ type=>"text", name=>"pronouns", value=>$F->{pronouns} });
     $F->{tshirt}     = $h->select ({ name=>"tshirt" }, [map { $F->{tshirt} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } @tshirtOptions] );
     $F->{phone}      = $h->input ({ type=>"text", name=>"phone", value=>$F->{phone} });
-    $F->{timeformat} = $h->select ({ name=>"timeformat" }, [map { $F->{timeformat} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } qw(24hr ampm)] );
-#   $F->{level}      = "<SELECT NAME=level>".selectOptions ($F->{level}, ["", qw(AA A B C)])."</SELECT>";
-#   $F->{type}       = "<SELECT NAME=type>".selectOptions ($F->{type}, ["", qw(official nso referee)])."</SELECT>";
+    $F->{timeformat} = $h->select ({ name=>"timeformat" }, [map { $F->{timeformat} eq $_ ? $h->option ({ selected=>[] }, $_) : $h->option ($_) } qw(24hr ampm)] );
     $F->{RCid}         = $h->input ({ type=>"hidden", name=>"RCid", value=>"New" })."TBD&nbsp;";
-    $F->{access}      = $h->input ({ type=>"hidden", name=>"access", value=>0 })."0";
-#   $F->{mvp_pass}   = $h->label ({ class=>"switch" }, [$h->input ({ type=>"checkbox", name=>"mvp_pass", value=>0, readonly=>[], disabled=>[] }), $h->span ({ class=>"slider round" })]);
+    $F->{access}      = $h->input ({ type=>"hidden", name=>"access", value=>0 })."0";
     $F->{department} = convertDepartments ($F->{department});
     foreach (sort keys %{$depts}) {
     if (!$view) {
       $F->{'RCid'} = getUser ($EM)->{'RCid'};
+    }
-    # Check to make sure they're only looking up their own ID unless they're a lead or higher
-    my $currentuser = getUser ($EM);
+    # Check to make sure they're only looking up their own ID unless they're a lead or higher
     my  $targetuser = getUser ($RCID);
-    if (canView ($currentuser, $targetuser)) {
+    if (canView ($ORCUSER, $targetuser)) {
       $F = $targetuser;
       $F->{department} = convertDepartments ($F->{department});
       $F->{access} = $AccessLevel->{$F->{access}};
       $F->{'password'} = "*******";
       $F->{buttons}   = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{'RCid'} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
-      if ($currentuser->{access} > 2 or ($currentuser->{department} and convertDepartments($currentuser->{department})->{MVP} >= 2)) {
+      if ($ORCUSER->{access} > 2 or ($ORCUSER->{department} and $ORCUSER->{department}->{MVP} >= 2)) {
         if($F->{MVPid}) {
           $F->{MVPid} .= '&nbsp;&nbsp;' . $h->button ({ onClick=>"window.open('update_mvp_ticket.pl?change=Delete&RCid=$F->{RCid}&MVPid=$F->{MVPid}','Change MVP Ticket','resizable,height=260,width=370'); return false;" }, "Delete Match");
             $F->{MVPid} .= $h->div ({ class => "hint" }, ["Possible Match: @$match", '&nbsp;&nbsp;', $h->button ({ onClick=>"window.open('update_mvp_ticket.pl?change=add&RCid=$F->{RCid}&MVPid=$MVPid','Change MVP Ticket','resizable,height=260,width=370'); return false;" }, "Accept Match")]);
+          }
+        }
+      }
     } else {
-      logit ($currentuser->{RCid}, "SECURITY: $currentuser->{derby_name} attempted to view another user's ($RCID) info");
+      logit ($ORCUSER->{RCid}, "SECURITY: $ORCUSER->{derby_name} attempted to view another user's ($RCID) info");
       $errors = "Unauthorized attempt to view another user.  This has been logged.";
+      $RCID = "";
       $F->{email}      = "&nbsp;";
       $F->{password}   = "&nbsp;";
       $F->{derby_name} = "&nbsp;";
       $F->{real_name}  = "&nbsp;";
       $F->{pronouns}   = "&nbsp;";
       $F->{tshirt}     = "&nbsp;";
       $F->{phone}      = "&nbsp;";
       $F->{timeformat} = "&nbsp;";
-#     $F->{level}      = "&nbsp;";
-#     $F->{type}       = "&nbsp;";
       $F->{RCid}       = "&nbsp;";
       $F->{access}     = "&nbsp;";
       $F->{MVPid}      = "&nbsp;";
       $F->{buttons}    = "&nbsp;";
+    }
-#   if (lc $EM eq lc $F->{email} or $AL > 1) {
-#      $F->{buttons}    = $h->input ({ type=>"hidden", name=>"RCid", value=>$F->{'RCid'} }).$h->input ({ type=>"submit", name=>"submit", value=>"Edit" });
-#   } else {
-#     $F->{buttons} = "";
-#   }
-  } #else {
-  # $cookie_string = authenticate(1);
-  # $FORM->{email}      = "&nbsp;";
-  # $FORM->{password}   = "&nbsp;";
-  # $FORM->{derby_name} = "&nbsp;";
-  # $FORM->{real_name}  = "&nbsp;";
-  # $FORM->{phone}      = "&nbsp;";
-  # $FORM->{level}      = "&nbsp;";
-  # $FORM->{type}       = "&nbsp;";
-  # $FORM->{RCid}         = "&nbsp;";
-  # $FORM->{access}     = "&nbsp;";
-  # $FORM->{mvp_pass}   = "&nbsp;";
-  # $FORM->{buttons}    = "&nbsp;";
   #}
   #---------------START THE HTML--------------------
   my $RCAUTH_cookie = cookie (-name=>'RCAUTH',-value=>"$cookie_string",-expires=>"+30m");
   print header (-cookie=>$RCAUTH_cookie);
   #foreach (keys %ENV) {
-  # print "$_: $ENV{$_}\n<br>";
+  # warn "$_: $ENV{$_}\n<br>";
   #}
-  if ($errors) {
-    $errors = $h->div ({ class=>"error" }, $errors);
+  if ($errors) {
-  } else {
-    $errors = "";
+    $errors = $h->div ({ class=>"error" }, $errors);
   } else {
     $errors = "";
    my @printDepartments = ( $h->div ({ class=>"index", style=>"display: unset;" }, $h->p ({ class=>"heading" }, "Volunteer Department Access:")) );
 #  push @printDepartments, $h->div ({ class=>"rTableRow" }, $h->div ({ class=>"rTableCellr hint", style=>"display:block;" }, "Here is where you're signed up to volunteer at RollerCon:"));
         @printDepartments,
         $h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCell" }, "&nbsp;") ]),
         $h->div ({ class=>"rTableRow" },[ $h->div ({ class=>"rTableCellr" }, $h->a ({ href=>$goback }, "[go back]"), $F->{buttons}) ])
       ])
     ])
-  ]); #  print $h->close('form');
+  ]);
   print $h->div ({ class=>"index" }, [$h->p ({ class=>"heading" }, "Schedule:"), getSchedule ($RCID, "all")]) unless $RCID !~ /^\d+$/;
   print $h->div ({ class=>"index" }, [$h->p ({ class=>"heading" }, "Recent Activity:"), getLog ($RCID)]) unless $RCID !~ /^\d+$/;
   print $h->close ('html');
+  exit;
+}
-#sub selectOptions {
-# my $selectedOption = shift;
-# my $options = shift;
-# return join " ", map { $selectedOption eq $_ ?
-#                         $h->option ({ value=>$_, selected=>[] }, $_) :
-#                         $h->option ({ value=>$_ }, $_)
-#                     } @$options;
-#}
 sub checkDupes {
   my $field = shift;
   while (my ($tla, $name) = $sth->fetchrow) {
     $HASH{$tla} = $name;
+  }
   return \%HASH;
+}
+sub changeUser {
+  my ($uid, $field, $newvalue) = @_;
+  return "ERROR: Bad (or missing) RCid: [$uid]" unless $uid =~ /^\d+$/;
+  return "ERROR: Bad (or missing) field name: [$field]" unless $field;
+#  return "ERROR: Bad (or missing) new value: [$newvalue]" unless $newvalue;
+  return "ERROR: Can't change someone's RCid" if $field eq "RCid";
+  if ($field eq "password") {
+    return unless $newvalue;
+    $dbh->do ("update official set password = password(?) where RCid = ?", undef, $newvalue, $uid) or return "ERROR: ".$dbh->errstr;
+  } else {
+    $dbh->do ("update official set $field = ? where RCid = ?", undef, $newvalue, $uid) or return "ERROR: ".$dbh->errstr;
+  }
+  $newvalue = '********' if $field eq "password";
+  if ($ORCUSER->{RCid} eq $uid) {
+    logit ($uid, "Updated Profile: $field -> $newvalue");
+  } else {
+    logit ($ORCUSER->{RCid}, "Updated User [$uid]: $field -> $newvalue");
+    logit ($uid, "$ORCUSER->{derby_name} updated your profile: $field -> $newvalue");
+  }
+  return;
+}

Subversion Repositories VORC

(root)/trunk/site/schedule/view_user.pl – Rev 88 → 93