diff --git a/action.php b/action.php index 1d814ec..da11934 100644 --- a/action.php +++ b/action.php @@ -34,216 +34,237 @@ switch ($VARS['action']) { session_destroy(); header('Location: index.php?logout=1'); die("Logged out."); - case "editfamily": - if (!(new User($_SESSION['uid']))->hasPermission("HACHEPORTAL_EDIT")) { - returnToSender("no_permission"); - } + case "editperson": - $family = new Family(); $editing = false; - - if (!empty($VARS['familyid']) && $database->has("families", ['familyid' => $VARS['familyid']])) { - $family = (new Family())->load($VARS['familyid']); + $person = [ + "id" => null, + "familyid" => null, + "camperid" => null, + "adultid" => null, + "youthid" => null, + "firstname" => "", + "lastname" => "", + "address" => "", + "zip" => "", + "phone1" => "", + "phone2" => "", + "email" => "", + "unit" => "", + "shirt" => "", + "sex" => "", + "parentname" => "", + "rank" => "" + ]; + if (!empty($VARS['personid']) && $database->has("people", ['personid' => $VARS['personid']])) { + $person = $database->get('people', ['personid (id)', + 'familyid', + 'camperid', + 'adultid', + 'youthid', + 'firstname', + 'lastname', + 'address', + 'zip', + 'phone1', + 'phone2', + 'email', + 'unit', + 'shirt', + 'sex'], ['personid' => $VARS['personid']]); $editing = true; } function errorBack(string $errormsg) { - global $family, $editing; - if ($editing) { - returnToSender($errormsg, "&id=" . $family->getID()); - } returnToSender($errormsg); } $database->action(function($database) { - global $family, $VARS, $editing; + global $person, $VARS, $editing; try { - $lastname = $VARS['familyname']; - $father = $VARS['fathername']; - $mother = $VARS['mothername']; - - if (empty($lastname)) { - errorBack("Enter a last name."); - } - if (empty($father)) { - errorBack("Enter a father name."); - } - if (empty($mother)) { - errorBack("Enter a mother name."); - } - - $family->setName($lastname); - $family->setFather($father); - $family->setMother($mother); - - $family->setPhone($VARS['phone']); - $family->setEmail($VARS['email']); if ($editing) { - if ($database->has("families", ["AND" => ["email" => $family->getEmail(), "familyid[!]" => $family->getID()]])) { - errorBack("That email address is already in use with another family."); - } + $familyid = $person['familyid']; } else { - if ($database->has("families", ["email" => $family->getEmail()])) { - errorBack("That email address is already in use with another family."); - } - } - - $address = $VARS['streetaddress']; - $city = $VARS['city']; - $state = strtoupper($VARS['state']); - $zip = $VARS['zip']; - if (empty($address)) { - errorBack("Enter a street address."); - } - if (empty($city)) { - errorBack("Enter a city."); - } - $family->setAddress($address); - $family->setCity($city); - $family->setState($state); - $family->setZip($zip); - - if (empty($VARS['date']) || strtotime($VARS['date']) === false) { - returnToSender("invalid_parameters"); + $database->insert("families", []); + $familyid = $database->id(); } - $family->setExpires(null, $VARS['date']); - $newsletter = $VARS['newsletter_method']; - $membership_cost = 2500; - if (empty($newsletter)) { - errorBack("Select a newsletter preference."); - } - $family->setNewsletter($newsletter); - switch ($newsletter) { - case 1: // Email only - $membership_cost = 2500; + $people = array_merge($person, $VARS); + + $requiredfields = [ + "firstname" => ".+", + "lastname" => ".+", + "address" => ".+", + "zip" => "[0-9]{5}(-?[0-9]{4})?", + "phone1" => "[0-9]{10}", + "email" => "_EMAIL_", + "shirt" => ["YS", "YM", "YL", "AS", "AM", "AL", "AX", "A2"], + "sex" => ["M", "F"] + ]; + + switch ($people["type"]) { + case "camper": + $checkfields = array_merge($requiredfields, [ + "parentname" => ".+", + "unit" => "[0-9]{3,4}", + "rank" => ["Tiger", "Wolf", "Bear", "Webelos", "Arrow of Light"] + ]); break; - case 2: // Print only - $membership_cost = 3500; + case "adult": + $checkfields = array_merge($requiredfields, [ + "position" => [ + "None", + "Den Walker", + "Station Leader", + "Tot Lot", + "First Aid", + "Floater" + ] + ]); break; - case 3: // Email and print - $membership_cost = 3500; + case "youth": + $checkfields = array_merge($requiredfields, [ + "position" => [ + "None", + "Den Chief", + "Station", + "Tot Lot", + "Floater" + ] + ]); break; default: - errorBack("Select a valid newsletter preference."); - } - - $photopermission = $VARS['photo_permission']; - if (!empty($photopermission) && $photopermission == "1") { - $photopermission = true; - } else { - $photopermission = false; + errorBack("Invalid person type."); } - $family->setPhotoPermission($photopermission); - - $private = $VARS['private']; - if (!empty($private) && $private == "1") { - $private = true; - } else { - $private = false; - } - $family->setPrivate($private); - - $family->save(); - - // - // Children - // - $children = $VARS['child']; - - $childObjects = $family->getChildren(); - - $childrenToDelete = []; - - foreach ($children['ids'] as $cid) { - if (empty($children['name'][$cid])) { - $childrenToDelete[] = $cid; - continue; + foreach ($checkfields as $name => $regex) { + $validatefunction = function ($str) use ($regex) { + return preg_match("/$regex/", $str); + }; + + if (is_array($regex)) { + // Array of options + $validatefunction = function ($str) use ($regex) { + return in_array($str, $regex); + }; + } else if (strpos($regex, "_") === 0) { + // Special cases + switch ($regex) { + case "_EMAIL_": + $validatefunction = function ($str) { + return filter_var($str, FILTER_VALIDATE_EMAIL); + }; + break; + } } - if (!preg_match("/^([1-9]|1[012])$/", $children['month'][$cid])) { - errorBack("Invalid birth month chosen for " . htmlentities($children['name'][$cid]) . "."); + // Validate + if (!$validatefunction($people[$name])) { + errorBack("Please check your input and try again ($name)."); } + } - if (!is_numeric($children['year'][$cid])) { - errorBack("Invalid birth year chosen for " . htmlentities($children['name'][$cid]) . "."); - } - $children['year'][$cid] = $children['year'][$cid] * 1; - if ($children['year'][$cid] < 1980 || $children['year'][$cid] > date("Y")) { - errorBack("Invalid birth year chosen for " . htmlentities($children['name'][$cid]) . "."); - } - if (Child::exists($cid, $family->getID())) { - // iterate over existing children to find the correct one - for ($i = 0; $i < count($childObjects); $i++) { - if ($childObjects[$i]->getID() == $cid) { - $childObjects[$i]->setName($children['name'][$cid]); - $childObjects[$i]->setBirthday(null, $children['year'][$cid] . "-" . $children['month'][$cid] . "-00"); - $childObjects[$i]->setGraduated(empty($children['graduate'][$cid]) ? false : true); - } + $days = ""; + if (is_string($people["days"])) { + $people["days"] = str_split($people["days"], 2); + } + if (is_array($people["days"])) { + $validdays = ["Tu", "We", "Th", "Fr"]; + $days = ""; + foreach ($people["days"] as $day) { + if (in_array($day, $validdays)) { + $days .= $day; } - } else { - $child = new Child(); - $child->setName($children['name'][$cid]); - $child->setBirthday(null, $children['year'][$cid] . "-" . $children['month'][$cid] . "-00"); - $child->setGraduated(empty($children['graduate'][$cid]) ? false : true); - $child->setFamilyID($family->getID()); - $childObjects[] = $child; } } - foreach ($childObjects as $child) { - $child->save(); + switch ($people["type"]) { + case "camper": + $data = [ + "parentname" => $people["parentname"], + "rank" => $people["rank"] + ]; + if ($editing) { + $database->update("campers", $data, ['camperid' => $person['camperid']]); + } else { + $database->insert("campers", $data); + } + $camperid = $database->id(); + break; + case "adult": + $data = [ + "position" => $people["position"], + "days" => $days + ]; + if ($editing) { + $database->update("adults", $data, ['adultid' => $person['adultid']]); + } else { + $database->insert("adults", $data); + } + $adultid = $database->id(); + break; + case "youth": + $data = [ + "position" => $people["position"], + "days" => $days + ]; + if ($editing) { + $database->update("youth", $data, ['youthid' => $person['youthid']]); + } else { + $database->insert("youth", $data); + } + $youthid = $database->id(); + break; } - foreach ($childrenToDelete as $rip) { - $database->delete("people", ['personid' => $rip]); + + $data = [ + "familyid" => $familyid, + "camperid" => $camperid, + "adultid" => $adultid, + "youthid" => $youthid, + "firstname" => $people["firstname"], + "lastname" => $people["lastname"], + "address" => $people["address"], + "zip" => $people["zip"], + "phone1" => empty($people["phone1"]) ? "" : $people["phone1"], + "phone2" => empty($people["phone2"]) ? "" : $people["phone2"], + "email" => empty($people["email"]) ? "" : $people["email"], + "unit" => $people["unit"], + "shirt" => $people["shirt"], + "sex" => $people["sex"] + ]; + + if ($editing) { + $database->update("people", $data, ['personid' => $VARS['personid']]); + } else { + $database->insert("people", $data); } } catch (Exception $ex) { errorBack($ex->getMessage()); } }); - returnToSender("family_saved", "&id=" . $family->getID()); + returnToSender("person_saved"); break; - case "deletefamily": - if (!(new User($_SESSION['uid']))->hasPermission("HACHEPORTAL_EDIT")) { - returnToSender("no_permission"); - } - - if (!empty($VARS['familyid']) && $database->count("families", ['familyid' => $VARS['familyid']]) === 1) { - $database->delete("people", ["familyid" => $VARS['familyid']]); - $database->delete("interests", ["familyid" => $VARS['familyid']]); - $database->delete("payments", ["familyid" => $VARS['familyid']]); - $database->delete("families", ["familyid" => $VARS['familyid']]); - returnToSender("family_deleted"); + case "deleteperson": + if (!empty($VARS['id']) && $database->count("people", ['personid' => $VARS['id']]) === 1) { + $ids = $database->get("people", ['camperid', 'adultid', 'youthid'], ['personid' => $VARS['id']]); + if (!is_null($ids['camperid'])) { + $database->delete("campers", ['camperid' => $ids['camperid']]); + } else if (!is_null($ids['adultid'])) { + $database->delete("adults", ['adultid' => $ids['adultid']]); + } else if (!is_null($ids['youthid'])) { + $database->delete("youth", ['youthid' => $ids['youthid']]); + } + $database->delete("people", ["personid" => $VARS['id']]); + returnToSender("person_deleted"); } else { - returnToSender("family_doesnt_exist"); + returnToSender("person_doesnt_exist"); } break; - case "editevents": - if (!(new User($_SESSION['uid']))->hasPermission("HACHEPORTAL_EDIT")) { - returnToSender("no_permission"); - } - - foreach ($_POST['events'] as $k => $v) { - if ($database->has("events", ["eventid" => $k])) { - if (empty($v)) { - $database->delete("interests", ["eventid" => $k]); - $database->delete("events", ["eventid" => $k]); - continue; - } - $database->update("events", ["event" => $v], ["eventid" => $k]); - } else { - if (empty($v)) { - continue; - } - $database->insert("events", ["event" => $v]); - } - } - returnToSender("events_updated"); case "editpayment": if (!(new User($_SESSION['uid']))->hasPermission("HACHEPORTAL_EDIT")) { returnToSender("no_permission"); diff --git a/app.php b/app.php index 6df50dd..2f17d7a 100644 --- a/app.php +++ b/app.php @@ -120,7 +120,7 @@ END; // For mobile app echo "" ?> -