function checkAndCorrectUsers($doRequests = false)
{
global $db;
$query = "\n SELECT \n `user`.ID, \n `user`.lastName, \n `user`.firstName \n FROM `user`\n WHERE\n `user`.`orig_lastName` IS NULL\n LIMIT 0, 10000\n ";
$stmt = $db->prepare($query);
$stmt->execute();
$all = array();
while ($row = $stmt->fetchObject()) {
$all[] = $row;
}
$updateQuery = "UPDATE user SET orig_firstName = firstName, orig_lastName = lastName, firstName = :firstName, lastName = :lastName, saniValid = :saniValid WHERE ID = :ID";
$updateStmt = $db->prepare($updateQuery);
foreach ($all as $row) {
list($first, $last, $saniValid, $msg) = DataSanitizer::formatUserNames($row->firstName, $row->lastName);
if ($doRequests) {
$updateStmt->execute(array(':ID' => $row->ID, ':firstName' => $first, ':lastName' => $last, ':saniValid' => $saniValid));
} else {
if ($saniValid == 1) {
if ($first != $row->firstName || $last != $row->lastName) {
echo "DIFF : {$row->firstName} {$row->lastName} => {$first} {$last}\n";
$row->firstName = $first;
$row->lastName = $last;
} else {
echo "GOOD : {$row->firstName} {$row->lastName}\n";
}
} else {
echo "ERROR : (id={$row->ID}) {$row->firstName} {$row->lastName} => {$msg}\n";
}
}
}
echo "Updated users : " . count($all) . "<br/>";
}
function createTeam($db, $contestants)
{
global $tinyOrm, $config;
if ($_SESSION["groupClosed"]) {
error_log("Hack attempt ? trying to create team on closed group " . $_SESSION["groupID"]);
echo json_encode(array("success" => false, "message" => "Groupe fermé"));
return;
}
if (isset($_SESSION["userCode"])) {
$password = $_SESSION["userCode"];
} else {
$password = genAccessCode($db);
}
$stmt = $db->prepare("INSERT INTO `team` (`groupID`, `password`) VALUES (?, ?)");
$stmt->execute(array($_SESSION["groupID"], $password));
$teamID = $db->lastInsertId();
if ($config->db->use == 'dynamoDB') {
try {
$tinyOrm->insert('team', array('ID' => $teamID, 'groupID' => $_SESSION["groupID"], 'password' => $password));
} catch (\Aws\DynamoDb\Exception $e) {
error_log($e->getMessage . " - " . $e->getCode());
error_log('DynamoDB error creating team, teamID: ' . $teamID);
}
}
$stmt = $db->prepare("UPDATE `group` SET `startTime` = NOW() WHERE `group`.`ID` = ? AND `startTime` IS NULL");
$stmt->execute(array($_SESSION["groupID"]));
$stmt = $db->prepare("UPDATE `group` SET `nbTeamsEffective` = `nbTeamsEffective` + 1, `nbStudentsEffective` = `nbStudentsEffective` + ? WHERE `ID` = ?");
$stmt->execute(array(count($contestants), $_SESSION["groupID"]));
$_SESSION["teamID"] = $teamID;
$_SESSION["teamPassword"] = $password;
foreach ($contestants as $contestant) {
if (!isset($contestant["grade"])) {
$contestant["grade"] = -2;
}
list($contestant["firstName"], $contestant["lastName"], $saniValid, $trash) = DataSanitizer::formatUserNames($contestant["firstName"], $contestant["lastName"]);
$stmt = $db->prepare("\n INSERT INTO `contestant` (`lastName`, `firstName`, `genre`, `grade`, `teamID`, `cached_schoolID`, `saniValid`) \n VALUES (?, ?, ?, ?, ?, ?, ?)");
$stmt->execute(array($contestant["lastName"], $contestant["firstName"], $contestant["genre"], $contestant["grade"], $teamID, $_SESSION["schoolID"], $saniValid));
}
echo json_encode((object) array("success" => true, "teamID" => $teamID, "password" => $password));
}
function checkRequestUser($db, &$request, &$record, $operation, &$roles)
{
// Generated fields
list($record["firstName"], $record["lastName"], $record["saniValid"], $trash) = DataSanitizer::formatUserNames($record["firstName"], $record["lastName"]);
if ($operation === "insert") {
$record["salt"] = generateSalt();
$record["passwordMd5"] = computePasswordMD5($record["password"], $record["salt"]);
}
$roles[] = "generator";
if ($operation === "insert") {
if (existingEmail($db, $record["officialEmail"], 0)) {
$message = "Un compte existe déjà pour l'email " . $record["officialEmail"] . ".";
echo json_encode(array("success" => false, "message" => $message));
error_log($message);
return false;
}
if (existingEmail($db, $record["alternativeEmail"], 0)) {
$message = "Un compte existe déjà pour l'email " . $record["alternativeEmail"] . ".";
echo json_encode(array("success" => false, "message" => $message));
error_log($message);
return false;
}
$record["registrationDate"] = date('Y-m-d H:i:s');
}
if (!checkUser($record)) {
error_log("checkUser false");
return false;
}
if (!$_SESSION["isAdmin"] && $operation === "update") {
$record["ID"] = $_SESSION["userID"];
$user = getUser($db);
if ($record["password"] != "") {
$oldPasswordMd5 = computePasswordMD5($record["old_password"], $user->salt);
if ($oldPasswordMd5 !== $user->passwordMd5) {
echo json_encode(array("success" => false, "message" => "mot de passe invalide"));
error_log("Invalid password");
return false;
}
$record["passwordMd5"] = computePasswordMD5($record["password"], $user->salt);
}
if ($record["alternativeEmail"] !== $user->alternativeEmail) {
$record["alternativeEmailValidated"] = "0";
}
}
// Filters
if (!$_SESSION["isAdmin"] && $operation === "update") {
// Could/should we use a filter for this ?
if ($record["officialEmail"] !== $user->officialEmail && $user->officialEmailValidated) {
error_log("impossible de modifier un email officiel validé");
return false;
}
}
return true;
}
