function checkAndCorrectUsers($doRequests = false) { global $db; $query = "\n SELECT \n `user`.ID, \n `user`.lastName, \n `user`.firstName \n FROM `user`\n WHERE\n `user`.`orig_lastName` IS NULL\n LIMIT 0, 10000\n "; $stmt = $db->prepare($query); $stmt->execute(); $all = array(); while ($row = $stmt->fetchObject()) { $all[] = $row; } $updateQuery = "UPDATE user SET orig_firstName = firstName, orig_lastName = lastName, firstName = :firstName, lastName = :lastName, saniValid = :saniValid WHERE ID = :ID"; $updateStmt = $db->prepare($updateQuery); foreach ($all as $row) { list($first, $last, $saniValid, $msg) = DataSanitizer::formatUserNames($row->firstName, $row->lastName); if ($doRequests) { $updateStmt->execute(array(':ID' => $row->ID, ':firstName' => $first, ':lastName' => $last, ':saniValid' => $saniValid)); } else { if ($saniValid == 1) { if ($first != $row->firstName || $last != $row->lastName) { echo "DIFF : {$row->firstName} {$row->lastName} => {$first} {$last}\n"; $row->firstName = $first; $row->lastName = $last; } else { echo "GOOD : {$row->firstName} {$row->lastName}\n"; } } else { echo "ERROR : (id={$row->ID}) {$row->firstName} {$row->lastName} => {$msg}\n"; } } } echo "Updated users : " . count($all) . "<br/>"; }
function createTeam($db, $contestants) { global $tinyOrm, $config; if ($_SESSION["groupClosed"]) { error_log("Hack attempt ? trying to create team on closed group " . $_SESSION["groupID"]); echo json_encode(array("success" => false, "message" => "Groupe fermé")); return; } if (isset($_SESSION["userCode"])) { $password = $_SESSION["userCode"]; } else { $password = genAccessCode($db); } $stmt = $db->prepare("INSERT INTO `team` (`groupID`, `password`) VALUES (?, ?)"); $stmt->execute(array($_SESSION["groupID"], $password)); $teamID = $db->lastInsertId(); if ($config->db->use == 'dynamoDB') { try { $tinyOrm->insert('team', array('ID' => $teamID, 'groupID' => $_SESSION["groupID"], 'password' => $password)); } catch (\Aws\DynamoDb\Exception $e) { error_log($e->getMessage . " - " . $e->getCode()); error_log('DynamoDB error creating team, teamID: ' . $teamID); } } $stmt = $db->prepare("UPDATE `group` SET `startTime` = NOW() WHERE `group`.`ID` = ? AND `startTime` IS NULL"); $stmt->execute(array($_SESSION["groupID"])); $stmt = $db->prepare("UPDATE `group` SET `nbTeamsEffective` = `nbTeamsEffective` + 1, `nbStudentsEffective` = `nbStudentsEffective` + ? WHERE `ID` = ?"); $stmt->execute(array(count($contestants), $_SESSION["groupID"])); $_SESSION["teamID"] = $teamID; $_SESSION["teamPassword"] = $password; foreach ($contestants as $contestant) { if (!isset($contestant["grade"])) { $contestant["grade"] = -2; } list($contestant["firstName"], $contestant["lastName"], $saniValid, $trash) = DataSanitizer::formatUserNames($contestant["firstName"], $contestant["lastName"]); $stmt = $db->prepare("\n INSERT INTO `contestant` (`lastName`, `firstName`, `genre`, `grade`, `teamID`, `cached_schoolID`, `saniValid`) \n VALUES (?, ?, ?, ?, ?, ?, ?)"); $stmt->execute(array($contestant["lastName"], $contestant["firstName"], $contestant["genre"], $contestant["grade"], $teamID, $_SESSION["schoolID"], $saniValid)); } echo json_encode((object) array("success" => true, "teamID" => $teamID, "password" => $password)); }
function checkRequestUser($db, &$request, &$record, $operation, &$roles) { // Generated fields list($record["firstName"], $record["lastName"], $record["saniValid"], $trash) = DataSanitizer::formatUserNames($record["firstName"], $record["lastName"]); if ($operation === "insert") { $record["salt"] = generateSalt(); $record["passwordMd5"] = computePasswordMD5($record["password"], $record["salt"]); } $roles[] = "generator"; if ($operation === "insert") { if (existingEmail($db, $record["officialEmail"], 0)) { $message = "Un compte existe déjà pour l'email " . $record["officialEmail"] . "."; echo json_encode(array("success" => false, "message" => $message)); error_log($message); return false; } if (existingEmail($db, $record["alternativeEmail"], 0)) { $message = "Un compte existe déjà pour l'email " . $record["alternativeEmail"] . "."; echo json_encode(array("success" => false, "message" => $message)); error_log($message); return false; } $record["registrationDate"] = date('Y-m-d H:i:s'); } if (!checkUser($record)) { error_log("checkUser false"); return false; } if (!$_SESSION["isAdmin"] && $operation === "update") { $record["ID"] = $_SESSION["userID"]; $user = getUser($db); if ($record["password"] != "") { $oldPasswordMd5 = computePasswordMD5($record["old_password"], $user->salt); if ($oldPasswordMd5 !== $user->passwordMd5) { echo json_encode(array("success" => false, "message" => "mot de passe invalide")); error_log("Invalid password"); return false; } $record["passwordMd5"] = computePasswordMD5($record["password"], $user->salt); } if ($record["alternativeEmail"] !== $user->alternativeEmail) { $record["alternativeEmailValidated"] = "0"; } } // Filters if (!$_SESSION["isAdmin"] && $operation === "update") { // Could/should we use a filter for this ? if ($record["officialEmail"] !== $user->officialEmail && $user->officialEmailValidated) { error_log("impossible de modifier un email officiel validé"); return false; } } return true; }