| Line 7... |
Line 7... |
| 7 |
#warn "Redirecting errors to ${error_log_path}vorc_error.log";
|
7 |
#warn "Redirecting errors to ${error_log_path}vorc_error.log";
|
| Line 8... |
Line 8... |
| 8 |
|
8 |
|
| 9 |
use strict;
|
9 |
use strict;
|
| 10 |
use PEEPS;
|
10 |
use PEEPS;
|
| 11 |
use tableViewer qw/inArray notInArray/;
|
11 |
use tableViewer qw/inArray notInArray/;
|
| 12 |
use CGI qw/param cookie header start_html url url_param/;
|
12 |
use CGI qw/param cookie header start_html url url_param redirect/;
|
| 13 |
use Email::Valid;
|
13 |
use Email::Valid;
|
| 14 |
use WebDB;
|
14 |
use WebDB;
|
| 15 |
use HTML::Tiny;
|
15 |
use HTML::Tiny;
|
| 16 |
use Data::Dumper;
|
16 |
use Data::Dumper;
|
| Line 19... |
Line 19... |
| 19 |
|
19 |
|
| 20 |
my ($FORM, $cookie_string, $ERRMSG);
|
20 |
my ($FORM, $cookie_string, $ERRMSG);
|
| 21 |
my @ERRORS;
|
21 |
my @ERRORS;
|
| 22 |
my $dbh = getDBConnection ();
|
22 |
my $dbh = getDBConnection ();
|
| 23 |
my @FIELDS = qw/ username derby_name derby_short_name default_jersey_number email name_first name_middle name_last password active pronouns birthdate /;
|
23 |
my @FIELDS = qw/ username derby_name derby_short_name default_jersey_number email name_first name_middle name_last password active pronouns birthdate /;
|
| Line 24... |
Line 24... |
| 24 |
my @PRIVFIELDS = qw/ email active /;
|
24 |
my @PRIVFIELDS = qw/ active /;
|
| 25 |
|
25 |
|
| 26 |
|
26 |
|
| Line 99... |
Line 99... |
| 99 |
if (!$F->{name_last}) { push @ERRORS, "Blank Last Name!"; }
|
99 |
if (!$F->{name_last}) { push @ERRORS, "Blank Last Name!"; }
|
| 100 |
# if (!$F->{derby_name}) { $F->{derby_name} = $F->{real_name}; } # If they leave derby_name blank, use their real_name
|
100 |
# if (!$F->{derby_name}) { $F->{derby_name} = $F->{real_name}; } # If they leave derby_name blank, use their real_name
|
| 101 |
# if (checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
|
101 |
# if (checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
|
| 102 |
if (!$F->{email}) { push @ERRORS, "Blank Email!"; } else {
|
102 |
if (!$F->{email}) { push @ERRORS, "Blank Email!"; } else {
|
| 103 |
$F->{email} =~ s/\s+//g; # make sure people aren't accidentally including spaces
|
103 |
$F->{email} =~ s/\s+//g; # make sure people aren't accidentally including spaces
|
| 104 |
$F->{email} = lc $F->{email}; # sometimes people capitalize their email addresses and that's annoying...
|
- |
|
| 105 |
if (! Email::Valid->address (-address => $F->{email}, -mxcheck => 1, -tldcheck => 1)) { push @ERRORS, "Mal-formatted (or fake) Email Address!"; $F->{email} = ""; }
|
104 |
if (! Email::Valid->address (-address => $F->{email}, -mxcheck => 1, -tldcheck => 1)) { push @ERRORS, "Mal-formatted (or fake) Email Address!"; $F->{email} = ""; }
|
| 106 |
}
|
105 |
}
|
| 107 |
if ($F->{default_jersey_number} and $F->{default_jersey_number} !~ /^\d{1,4}$/) { push @ERRORS, "Illegal Jersey Number! (Must be 1 to 4 digits, only.)"; }
|
106 |
if ($F->{default_jersey_number} and $F->{default_jersey_number} !~ /^\d{1,4}$/) { push @ERRORS, "Illegal Jersey Number! (Must be 1 to 4 digits, only.)"; }
|
| 108 |
if (checkDupes ('email', 'person', $F->{email})) { push @ERRORS, "Email Address already in use. ".$warn_recovery; $F->{email} = ""; }
|
107 |
if (checkDupes ('email', 'person', $F->{email})) { push @ERRORS, "Email Address already in use. ".$warn_recovery; $F->{email} = ""; }
|
| Line 135... |
Line 134... |
| 135 |
my $OG = getUser ($F->{person_id});
|
134 |
my $OG = getUser ($F->{person_id});
|
| Line 136... |
Line 135... |
| 136 |
|
135 |
|
| 137 |
# if ($F->{derby_name} ne $OG->{derby_name} and checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
|
136 |
# if ($F->{derby_name} ne $OG->{derby_name} and checkDupes ('derby_name', $F->{derby_name})) { push @ERRORS, "Derby Name already in use. Pick a different one."; $F->{derby_name} = ""; }
|
| Line -... |
Line 137... |
| - |
|
137 |
# if (!$F->{derby_name}) { push @ERRORS, "Blank Derby Name!"; }
|
| - |
|
138 |
|
| - |
|
139 |
if (!$F->{username}) { push @ERRORS, "Blank Username!"; }
|
| - |
|
140 |
if ($F->{username} ne $OG->{username} and checkDupes ('username', 'authentication', $F->{username})) { push @ERRORS, "Username already in use."; $F->{username} = ""; }
|
| 138 |
# if (!$F->{derby_name}) { push @ERRORS, "Blank Derby Name!"; }
|
141 |
if (!$F->{name_first}) { push @ERRORS, "Blank First Name!"; }
|
| - |
|
142 |
if (!$F->{name_last}) { push @ERRORS, "Blank Last Name!"; }
|
| - |
|
143 |
if ($F->{default_jersey_number} and $F->{default_jersey_number} !~ /^\d{1,4}$/) { push @ERRORS, "Illegal Jersey Number! (Must be 1 to 4 digits, only.)"; }
|
| - |
|
144 |
if (!$F->{email}) { push @ERRORS, "Blank Email!"; } else {
|
| - |
|
145 |
$F->{email} =~ s/\s+//g; # make sure people aren't accidentally including spaces
|
| - |
|
146 |
if (! Email::Valid->address (-address => $F->{email}, -mxcheck => 1, -tldcheck => 1)) { push @ERRORS, "Mal-formatted (or fake) Email Address!"; $F->{email} = ""; }
|
| Line 139... |
Line 147... |
| 139 |
|
147 |
}
|
| 140 |
if ($F->{default_jersey_number} and $F->{default_jersey_number} !~ /^\d{1,4}$/) { push @ERRORS, "Illegal Jersey Number! (Must be 1 to 4 digits, only.)"; }
|
148 |
if ($F->{email} ne $OG->{email} and checkDupes ('email', 'person', $F->{email})) { push @ERRORS, "Email Address already in use."; $F->{email} = ""; }
|
| 141 |
|
149 |
|
| 142 |
if (exists $F->{newaffiliation}) {
|
150 |
if (exists $F->{newaffiliation}) {
|
| Line 156... |
Line 164... |
| 156 |
if (scalar @ERRORS) {
|
164 |
if (scalar @ERRORS) {
|
| 157 |
$ERRMSG = $h->br.join $h->br, @ERRORS;
|
165 |
$ERRMSG = $h->br.join $h->br, @ERRORS;
|
| 158 |
display_form ($F->{person_id}, (exists $F->{newaffiliation} or exists $F->{deleteaffiliation}) ? "View" : "Edit", $ERRMSG, $F);
|
166 |
display_form ($F->{person_id}, (exists $F->{newaffiliation} or exists $F->{deleteaffiliation}) ? "View" : "Edit", $ERRMSG, $F);
|
| 159 |
}
|
167 |
}
|
| Line 160... |
Line -... |
| 160 |
|
- |
|
| 161 |
|
168 |
|
| 162 |
if ($ORCUSER->{person_id} == $F->{person_id} or $AL >= PEEPS::SYSADMIN) {
|
169 |
if ($ORCUSER->{person_id} == $F->{person_id} or $AL >= PEEPS::SYSADMIN) {
|
| Line 163... |
Line 170... |
| 163 |
# They're editing their own record (or a sysadmin).
|
170 |
# They're editing their own record (or a sysadmin).
|
| Line 195... |
Line 202... |
| 195 |
|
202 |
|
| Line 196... |
Line 203... |
| 196 |
$dbh->do ("delete from full_person where id = ? and league_id = ?", undef, $F->{person_id}, $F->{deleteaffiliation});
|
203 |
$dbh->do ("delete from full_person where id = ? and league_id = ?", undef, $F->{person_id}, $F->{deleteaffiliation});
|
| - |
|
204 |
|
| 197 |
|
205 |
|
| 198 |
|
206 |
} else {
|
| 199 |
} else {
|
207 |
my $emailchange;
|
| 200 |
foreach my $field (@FIELDS) {
|
208 |
foreach my $field (@FIELDS) {
|
| 201 |
if ($F->{$field} eq $OG->{$field} or (($field eq "access" or $field eq "showme") and $F->{$field} == $OG->{$field}) or ($field eq "password" and !$F->{$field})) {
|
209 |
if ($F->{$field} eq $OG->{$field} or (($field eq "access" or $field eq "showme") and $F->{$field} == $OG->{$field}) or ($field eq "password" and !$F->{$field})) {
|
| Line 211... |
Line 219... |
| 211 |
|
219 |
|
| 212 |
# warn "Changing $field: $F->{$field}";
|
220 |
# warn "Changing $field: $F->{$field}";
|
| 213 |
if (my $err = changeUser ($F->{person_id}, $field, $F->{$field})) {
|
221 |
if (my $err = changeUser ($F->{person_id}, $field, $F->{$field})) {
|
| 214 |
push @ERRORS, $err;
|
222 |
push @ERRORS, $err;
|
| - |
|
223 |
logit ($F->{person_id}, "DB ERROR: Updating User Details: $err");
|
| - |
|
224 |
} elsif ($field eq "email") {
|
| 215 |
logit ($F->{person_id}, "DB ERROR: Updating User Details: $err");
|
225 |
$emailchange = 1;
|
| 216 |
}
|
226 |
}
|
| - |
|
227 |
}
|
| - |
|
228 |
|
| - |
|
229 |
if ($emailchange) {
|
| - |
|
230 |
($F->{activation}) = $dbh->selectrow_array ("select activation from authentication where person_id = ?", undef, $F->{person_id});
|
| - |
|
231 |
sendNewUserEMail ("Email Change", $F);
|
| - |
|
232 |
print redirect (url ( -base => 1 )) if $ORCUSER->{person_id} == $F->{person_id};
|
| 217 |
}
|
233 |
}
|
| 218 |
}
|
234 |
}
|
| 219 |
} else {
|
235 |
} else {
|
| 220 |
push @ERRORS, "Attempting to update someone else's record, and you don't have permission to do that.";
|
236 |
push @ERRORS, "Attempting to update someone else's record, and you don't have permission to do that.";
|
| 221 |
logit ($ORCUSER->{person_id}, "FAIL: You don't have access to update other people's user record");
|
237 |
logit ($ORCUSER->{person_id}, "FAIL: You don't have access to update other people's user record");
|
| Line 248... |
Line 264... |
| 248 |
# If you're editing your own record, or someone who has higher access than you, make access level read-only
|
264 |
# If you're editing your own record, or someone who has higher access than you, make access level read-only
|
| 249 |
#$F->{access} = $h->input ({ type=>"hidden", name=>"access", value=>$F->{access} }).$AccessLevel->{$F->{access}};
|
265 |
#$F->{access} = $h->input ({ type=>"hidden", name=>"access", value=>$F->{access} }).$AccessLevel->{$F->{access}};
|
| 250 |
} else {
|
266 |
} else {
|
| 251 |
#$F->{access} = $h->select ({ name=>"access" }, [map { $F->{access} == $_ ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (-1..$ORCUSER->{access})]);
|
267 |
#$F->{access} = $h->select ({ name=>"access" }, [map { $F->{access} == $_ ? $h->option ({ value=>$_, selected=>[] }, $AccessLevel->{$_}) : $h->option ({ value=>$_ }, $AccessLevel->{$_}) } (-1..$ORCUSER->{access})]);
|
| 252 |
}
|
268 |
}
|
| 253 |
if ($AL == PEEPS::SYSADMIN) {
|
269 |
# if ($AL == PEEPS::SYSADMIN) {
|
| 254 |
# TBD: allow users to change their email, but it'll re-initiate account activation...
|
270 |
# # TBD: allow users to change their email, but it'll re-initiate account activation...
|
| 255 |
$F->{email} = $h->input ({ type=>"text", name=>"email", value=>$F->{email} });
|
271 |
# $F->{email} = $h->input ({ type=>"text", name=>"email", value=>$F->{email} });
|
| 256 |
} else {
|
272 |
# } else {
|
| 257 |
$F->{email} = $F->{email}.$h->input ({ type=>"hidden", name=>"email", value=>$F->{email} });
|
273 |
# $F->{email} = $F->{email}.$h->input ({ type=>"hidden", name=>"email", value=>$F->{email} });
|
| 258 |
}
|
274 |
# }
|
| 259 |
if ($ORCUSER->{person_id} eq $F->{person_id} or $ORCUSER->{access} >= PEEPS::SYSADMIN) {
|
275 |
if ($ORCUSER->{person_id} eq $F->{person_id} or $ORCUSER->{access} >= PEEPS::SYSADMIN) {
|
| 260 |
$F->{username} = $h->input ({ type=>"text", name=>"username", value=>$F->{username} });
|
276 |
$F->{username} = $h->input ({ type=>"text", name=>"username", value=>$F->{username} });
|
| - |
|
277 |
$F->{email} = $h->input ({ type=>"text", name=>"email", value=>$F->{email}, onChange=>$ORCUSER->{access} >= PEEPS::SYSADMIN ? "alert('Changing an email address will require the user to reactivate their account');" : "alert('Changing your email address will log you out and require reactivation of your account');" });
|
| 261 |
$F->{password} = $h->input ({ type=>"password", name=>"password" });
|
278 |
$F->{password} = $h->input ({ type=>"password", name=>"password" });
|
| 262 |
$F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
|
279 |
$F->{derby_name} = $h->input ({ type=>"text", name=>"derby_name", value=>$F->{derby_name} });
|
| 263 |
$F->{derby_short_name} = $h->input ({ type=>"text", name=>"derby_short_name", value=>$F->{derby_short_name} });
|
280 |
$F->{derby_short_name} = $h->input ({ type=>"text", name=>"derby_short_name", value=>$F->{derby_short_name} });
|
| 264 |
$F->{default_jersey_number} = $h->input ({ type=>"text", name=>"default_jersey_number", value=>$F->{default_jersey_number} });
|
281 |
$F->{default_jersey_number} = $h->input ({ type=>"text", name=>"default_jersey_number", value=>$F->{default_jersey_number} });
|
| 265 |
$F->{name_first} = $h->input ({ type=>"text", name=>"name_first", value=>$F->{name_first} });
|
282 |
$F->{name_first} = $h->input ({ type=>"text", name=>"name_first", value=>$F->{name_first} });
|
| Line 493... |
Line 510... |
| 493 |
} else {
|
510 |
} else {
|
| 494 |
my $table = ($field eq "username") ? "authentication" : "person";
|
511 |
my $table = ($field eq "username") ? "authentication" : "person";
|
| 495 |
my $id = ($field eq "username") ? "person_id" : "id";
|
512 |
my $id = ($field eq "username") ? "person_id" : "id";
|
| 496 |
if ($field eq "birthdate" and $newvalue eq "") { $newvalue = undef; }
|
513 |
if ($field eq "birthdate" and $newvalue eq "") { $newvalue = undef; }
|
| 497 |
$dbh->do ("update $table set $field = ? where $id = ?", undef, $newvalue, $uid) or return "ERROR: ".$dbh->errstr;
|
514 |
$dbh->do ("update $table set $field = ? where $id = ?", undef, $newvalue, $uid) or return "ERROR: ".$dbh->errstr;
|
| 498 |
$dbh->do ("replace into full_person select * from v_person where id = ?", undef, $uid);
|
515 |
if ($field eq "email") { $dbh->do ("update authentication set activation = md5(rand()) where person_id = ?", undef, $uid) or return "ERROR: ".$dbh->errstr; }
|
| 499 |
}
|
516 |
}
|
| - |
|
517 |
$dbh->do ("replace into full_person select * from v_person where id = ?", undef, $uid);
|
| Line 500... |
Line 518... |
| 500 |
|
518 |
|
| 501 |
$newvalue = '********' if $field eq "password";
|
519 |
$newvalue = '********' if $field eq "password";
|
| 502 |
if ($ORCUSER->{person_id} eq $uid) {
|
520 |
if ($ORCUSER->{person_id} eq $uid) {
|
| 503 |
logit ($uid, "Updated Profile: $field -> $newvalue");
|
521 |
logit ($uid, "Updated Profile: $field -> $newvalue");
|
| Line 506... |
Line 524... |
| 506 |
logit ($uid, "$ORCUSER->{derby_name} updated your profile: $field -> $newvalue");
|
524 |
logit ($uid, "$ORCUSER->{derby_name} updated your profile: $field -> $newvalue");
|
| 507 |
}
|
525 |
}
|
| Line 508... |
Line 526... |
| 508 |
|
526 |
|
| 509 |
return;
|
527 |
return;
|
| 510 |
}
|
- |
|