function supprimer_candidat()
{
global $page;
global $administration;
global $message;
global $url;
$page['gabarit'] = "administration";
if (isset($_SESSION['role_user']) && droit_acces($administration['supprimer_candidat'], $_SESSION['role_user'])) {
$page['vue'] = "participants/candidat.vue.php";
$page['colonne'] = "participants/sidebar_candidat.vue.php";
$page['candidats'] = liste_candidat();
$page['diplome'] = liste_diplome();
if (isset($_GET['id'])) {
$id = $_GET['id'];
}
if (isset($_POST['id_candidat'])) {
$id = $_POST['id_candidat'];
}
if (isset($_POST['suppr_candidat']) && !isset($_GET['id'])) {
if (!has_result($_POST['id_candidat'])) {
suppression_candidat($_POST['id_candidat']);
header("Location: index.php?controleur=administration&tache=home_candidat");
} else {
$page['message'] = "Impossible de supprimer le participant, il a des résultats.";
}
} else {
$page['genre'] = liste_genre();
$page['candidat'] = detail_candidat($id);
$page['candidat'] = $page['candidat'][0];
$page['candidature'] = lister_candidature($id);
}
} else {
$page['vue'] = "erreur_droit.vue.php";
}
}
function canAcceptDrafts($pid)
{
$sql = sprintf("SELECT 1 FROM puzzle_idea LEFT JOIN pstatus ON puzzle_idea.pstatus = pstatus.id\n WHERE pstatus.acceptDrafts = '1' AND puzzle_idea.id='%s'", mysql_real_escape_string($pid));
return has_result($sql);
}
function register()
{
$errors = array();
$data = $_POST;
$picture = $_FILES['picture'];
$email = isset($data['email']) ? $data['email'] : "";
$username = isset($data['username']) ? $data['username'] : "";
$fullname = isset($data['fullname']) ? $data['fullname'] : "";
$pass1 = isset($data['pass1']) ? $data['pass1'] : "";
$pass2 = isset($data['pass2']) ? $data['pass2'] : "";
if ($email === "") {
$errors['email'] = "Email may not be empty";
}
if ($username === "") {
$errors['username'] = "******";
}
if ($fullname === "") {
$errors['fullname'] = "Full name may not be empty";
}
if (!TRUST_REMOTE_USER) {
if ($pass1 === "") {
$errors['pass1'] = "Passwords may not be empty";
}
if ($pass2 === "") {
$errors['pass2'] = "Passwords may not be empty";
} else {
if ($pass1 !== $pass2) {
$errors['pass2'] = "Passwords do not match";
} else {
if (strlen($pass1) < 6) {
$errors['pass1'] = "Password must be at least 6 characters";
}
}
}
}
$purifier = new HTMLPurifier();
$username = $purifier->purify($username);
$fullname = $purifier->purify($fullname);
$email = $purifier->purify($email);
$sql = sprintf("SELECT * FROM user_info WHERE username='******'", mysql_real_escape_string($username));
if (has_result($sql)) {
$errors['username'] = "******";
}
$sql = sprintf("SELECT * FROM user_info WHERE email='%s'", mysql_real_escape_string($email));
if (has_result($sql)) {
$errors['email'] = "There is already an account using that email";
}
if ($errors) {
return $errors;
}
if ($picture['name'] != '') {
$pic = pictureHandling($uid, $picture);
}
$pic = $purifier->purify($pic);
mysql_query('START TRANSACTION');
if (TRUST_REMOTE_USER) {
$sql = sprintf("INSERT INTO user_info (username, fullname, email) VALUES ('%s', '%s', '%s')", mysql_real_escape_string($username), mysql_real_escape_string($fullname), mysql_real_escape_string($email));
} else {
$sql = sprintf("INSERT INTO user_info (username, password, fullname, email) VALUES ('%s', AES_ENCRYPT('%s', '%s%s'), '%s', '%s')", mysql_real_escape_string($username), mysql_real_escape_string($pass1), mysql_real_escape_string($username), mysql_real_escape_string($pass1), mysql_real_escape_string($fullname), mysql_real_escape_string($email));
}
$result = mysql_query($sql);
if ($result === FALSE) {
mysql_query('ROLLBACK');
return array("unknown" => "Registration error in adding user");
}
$uid = mysql_insert_id();
$failed = FALSE;
$sql = sprintf("UPDATE user_info SET picture='%s' WHERE uid='%s'", mysql_real_escape_string($pic), mysql_real_escape_string($uid));
$result = mysql_query($sql);
if ($result === FALSE) {
$failed = TRUE;
}
$sql = sprintf("DELETE from user_info_values WHERE person_id = '%s'", mysql_real_escape_string($uid));
$result = mysql_query($sql);
if ($result === FALSE) {
$failed = TRUE;
}
$sql = sprintf("SELECT id, shortname, longname FROM user_info_key");
$result = get_rows($sql);
foreach ($result as $r) {
$shortname = $r['shortname'];
$longname = $r['longname'];
$user_key_id = $r['id'];
if (isset($data[$shortname]) && $data[$shortname] !== "") {
$value = $purifier->purify($data[$shortname]);
$sql = sprintf("INSERT INTO user_info_values VALUES ('%s', '%s', '%s')", mysql_real_escape_string($uid), mysql_real_escape_string($user_key_id), mysql_real_escape_string($value));
$res = mysql_query($sql);
if ($res === FALSE) {
$failed = TRUE;
}
}
}
if ($failed) {
mysql_query('ROLLBACK');
return array("unknown" => "Registration error in updating info");
} else {
mysql_query('COMMIT');
return array();
}
}
