function do_search()
{
$userdata = autocomplete_users_php($_REQUEST['query']);
if (count($userdata) == 0) {
alert('No results!', -1);
show_search_page();
return;
} elseif (count($userdata) == 1) {
redirect($userdata[0]['id']);
} else {
show_search_page();
list_results($userdata);
}
}
function do_combine()
{
// Check XSRF token
if ($_SESSION['xsrf_token'] != $_POST['xsrf_token']) {
trigger_error('Combine: Invalid XSRF token', E_USER_ERROR);
}
// Must enter a user to combine with
if ($_POST['actual_user'] == '') {
show_combine_page('You must enter an account to combine this one into');
return;
}
$id = $_GET['ID'];
// Locate entered user
$completed = autocomplete_users_php($_POST['actual_user'], 'permissions!="T" AND id!=%i', $id);
if (count($completed) == 0) {
show_combine_page('"' . htmlentities($_POST['actual_user']) . '" could not be found');
return;
} else {
if (count($completed) > 1) {
show_combine_page('"' . htmlentities($_POST['actual_user']) . '" matches multiple people');
return;
}
}
$combine_with = $completed[0]['id'];
if ($combine_with == $id) {
show_combine_page('You cannot combine an account with itself');
return;
}
// Check for duplicate values
$duplicates = DB::queryFirstField('SELECT COUNT(*) AS num_tests FROM test_scores WHERE user_id=%i OR user_id=%i GROUP BY test_id', $id, $combine_with);
if ($duplicates > 0) {
global $duplicate_with_id;
$duplicate_with_id = $combine_with;
show_combine_page('Some tests overlap. The scores from the account being merged into will be used.');
return;
}
// INFORMATION VALIDATED
DB::update('test_scores', 'user_id=%i', 'user_id=%i', $combine_with, $id);
DB::delete('users', 'id=%i LIMIT 1', $id);
header('Location: Temporary_Users');
}
function process_form()
{
// Check XSRF token
if ($_SESSION['xsrf_token'] != $_REQUEST['xsrf_token']) {
trigger_error('Invalid XSRF token', E_USER_ERROR);
}
//Check Test ID
$row = DB::queryFirstRow('SELECT test_id, name, total_points FROM tests WHERE test_id=%s LIMIT 1', $_REQUEST['ID']);
if (!$row) {
trigger_error('Process_Form: Invalid Test ID', E_USER_ERROR);
}
//Get some data
$test_name = $row['name'];
$test_id = intval($row['test_id']);
$total_points = intval($row['total_points']);
$score = $_REQUEST['score'];
//No intval() because intval('') is 0.
$user = sanitize_username($_REQUEST['user']);
if ($user === false) {
//Validate username
alert('Name must have only letters, hyphens, apostrophes, and spaces, and be between 3 and 30 characters long', -1);
} elseif (!val('i0+', $score) || ($score = intval($score)) > $total_points) {
//Validate Score
alert('Score must be a nonnegative integer not more than the total points', -1);
} elseif (count($userdata = autocomplete_users_php($user)) == 0) {
// Check for username - No such users found.
if (@isset($_GET['Temporary'])) {
if (DB::queryFirstField('SELECT COUNT(*) FROM users WHERE name=%s', $user) > 0) {
alert('User already exists!', -1);
}
DB::insert('users', array('name' => $user, 'permissions' => 'T', 'approved' => 1));
DB::insert('test_scores', array('test_id' => $test_id, 'user_id' => DB::insertId(), 'score' => $score));
alert('Created new temporary user <b>' . $user . '</b>, and entered a score of ' . $score . '.', 1);
} else {
alert('Could not find <b>' . $user . '</b>. <a href="Enter_Scores?Temporary&ID=' . $test_id . '&user='******'&score=' . $score . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">Create Temporary User</a>?', -1);
}
} elseif (count($userdata) > 1) {
alert('<b>' . $user . '</b> matches multiple people.' . ' <a href="Enter_Scores?Temporary&ID=' . $test_id . '&user='******'&score=' . $score . '&xsrf_token=' . $_SESSION['xsrf_token'] . '">Create Temporary User?</a>', -1);
} else {
//We've got exactly one match for the user name.
$user = $userdata[0]['name'];
$user_id = (int) $userdata[0]['id'];
// Check for previously-entered scores
$row = DB::queryFirstRow('SELECT score_id, score FROM test_scores WHERE test_id=%i AND user_id=%i LIMIT 1', $test_id, $user_id);
$prev_score = $row['score'];
$score_id = $row['score_id'];
if (!is_null($prev_score)) {
//Already entered.
$prev_score = intval($prev_score);
if ($prev_score == $score) {
alert('<b>' . $user . '</b>\'s score has already been entered as ' . $prev_score, -1);
} else {
if (@isset($_REQUEST['Override'])) {
DB::update('test_scores', array('score' => $score), 'score_id=%i LIMIT 1', $score_id);
alert('Changed score from ' . $prev_score . ' to ' . $score . ' for <b>' . $user . '</b>', 1);
} else {
alert("<b>{$user}</b>'s score has already been entered as {$prev_score}. <a href='?Override&ID={$test_id}&user={$user}&score={$score}&xsrf_token={$_SESSION['xsrf_token']}'>Change to {$score}?</a>", -1);
}
}
} else {
//Non-duplicate, valid. Let's enter it.
DB::insert('test_scores', array('test_id' => $test_id, 'user_id' => $user_id, 'score' => $score));
alert('Entered a score of ' . $score . ' for ' . $user, 1);
}
}
show_page();
}
