/src/Handler/Person.php

Large files files are truncated, but you can click here to view the full file

<?php
/*
 * Code for dealing with user accounts
 */

function person_dispatch() 
{
	$op = arg(1);
	$id = arg(2);
	switch($op) {
		case 'create':
			$obj = new PersonCreate;
			break;
		case 'edit':
			$obj = new PersonEdit;
			$obj->person = person_load( array('user_id' => $id) );
			break;
		case 'view':
			$obj = new PersonView;
			$obj->person = person_load( array('user_id' => $id) );
			break;
		case 'delete':
			$obj = new PersonDelete;
			$obj->person = person_load( array('user_id' => $id) );
			break;
		case 'search':
			$obj = new PersonSearch;
			break;
		case 'approve':
			$obj = new PersonApproveNewAccount;
			$obj->person = person_load( array('user_id' => $id) );
			break;
		case 'activate':
			$obj = new PersonActivate;
			$obj->person = person_load( array('user_id' => $id) );
			break;
		case 'signwaiver': 
			$obj = new PersonSignWaiver;
			break;
		case 'signdogwaiver':
			$obj = new PersonSignDogWaiver;
			break;
		case 'listnew':
			$obj = new PersonListNewAccounts;
			break;
		case 'changepassword':
			$obj = new PersonChangePassword;  
			$obj->person = person_load( array('user_id' => $id) );
			break;
		case 'forgotpassword':
			$obj = new PersonForgotPassword;
			break;
		case 'historical':
			$obj = new PersonHistorical;
			$obj->person = person_load( array('user_id' => $id) );
			break;
		default:
			$obj = null;
	}
	if( $obj->person ) {
		person_add_to_menu( $obj->person );
	}
	return $obj;
}

/**
 * The permissions check for all Person actions.
 */
function person_permissions ( &$user, $action, $arg1 = NULL, $arg2 = NULL )
{
	$self_edit_fields = array();  # TODO
	$create_fields = array( 'name', 'username', 'password');
	$create_fields = array_merge($self_edit_fields, $create_fields);

	$all_view_fields = array( 'name', 'gender', 'skill', 'willing_to_volunteer' );
	if (variable_get('dog_questions', 1)) {
		$all_view_fields[] = 'dog';
	}
	$restricted_contact_fields = array( 'email', 'home_phone', 'work_phone', 'mobile_phone' );
	$captain_view_fields = array( 'height', 'shirtsize' );
	
	$self_view_fields = array('username','birthdate','address','last_login', 'member_id','height','shirtsize');
	$self_view_fields = array_merge($all_view_fields, $restricted_contact_fields, $self_view_fields);

	switch( $action ) {
		case 'create':
			return true;
			break;
		case 'edit':
			if( 'new' == $arg1) {
				// Almost all fields can be edited for new players
				if( $arg2 ) {
					return( in_array( $arg2, $create_fields ) );
				} else {
					return true;
				}
			}
			if( ! $user->is_active() ) {
				return false;
			}
			if( $user->user_id == $arg1 ) {
				if( $arg2 ) {
					return( in_array( $arg2, $self_edit_fields ) );
				} else {
					return true;
				}
			}
			break;
		case 'password_change':
			// User can change own password
			if( is_numeric( $arg1 ))  {
				if( $user->user_id == $arg1 ) {
					return true;
				}
			}
			break;
		case 'view':
			if( ! ($user && $user->is_active()) ) {
				return false;
			}
			if( is_numeric( $arg1 )) {
				if( $user->user_id == $arg1 ) {
					// Viewing yourself allowed, most fields
					if( $arg2 ) {
						return( in_array( $arg2, $self_view_fields ) );
					} else {
						return true;
					}
				} else {
					// Other user.  Now comes the hard part
					$player = person_load( array('user_id' => $arg1) );

					// New or locked players cannot be viewed.
					if( $player->status == 'new' || $player->status == 'locked' ) {
						return false;
					}

					$sess_user_teams = implode(",",array_keys($user->teams));
					$viewable_fields = $all_view_fields;

					/* If player is a captain, their email is viewable */
					if( $player->is_a_captain ) {
						// Plus, can view email
						$viewable_fields[] = 'email';
					}

					if($user->is_a_captain) {
						/* If the current user is a team captain, and the requested user is on
						 * their team, they are allowed to view email/phone
						 */
						foreach( $player->teams as $team ) {
							if( $user->is_captain_of( $team->team_id ) &&
								$team->position != 'captain_request' ) {
								/* They are, so publish email and phone */
								$viewable_fields = array_merge($all_view_fields, $restricted_contact_fields, $captain_view_fields);
								break;
							}
						}

						/* If the current user is a team captain, and the requested user is
						 * captain for a "nearby" team, they are allowed to view email/phone
						 */
						if($player->is_a_captain) {
							foreach( $player->teams as $player_team ) {
								if( $player->is_captain_of( $player_team->team_id ) ) {
									foreach( $user->teams as $user_team ) {
										if( $user->is_captain_of( $user_team->team_id ) &&
											$player_team->league_id == $user_team->league_id )
										{
											$viewable_fields = array_merge($all_view_fields, $restricted_contact_fields);
										}
									}
								}
							}
						}
					}

					/* Coordinator info is viewable */
					if($player->is_a_coordinator) {
						$viewable_fields = array_merge($all_view_fields, $restricted_contact_fields);
					}

					/* Coordinators get to see phone numbers of the captains they handle */
					if($user->is_a_coordinator && $player->is_a_captain) {
						foreach( $player->teams as $team ) {
							if( $player->is_captain_of( $team->team_id ) &&
								$user->coordinates_league_containing( $team->team_id ) )
							{
								$viewable_fields = array_merge($all_view_fields, $restricted_contact_fields);
							}
						}
					}

					// Finally, perform the check and return
					if( $arg2 ) {
						return( in_array( $arg2, $viewable_fields ) );
					} else {
						return true;
					}
				}
			}
			break;
		case 'list':
		case 'search':
			if( ! ($user && $user->is_active()) ) {
				return false;
			}
			return($user->class != 'visitor');
		case 'approve':
			// administrator-only
		case 'delete':
			// administrator-only
		case 'listnew':
			// administrator-only
		default:
			return false;
	}

	return false;
}


/**
 * Generate the menu items for the "Players" and "My Account" sections.
 */
function person_menu() 
{
	global $lr_session;

	$id = $lr_session->attr_get('user_id');

	menu_add_child('_root', 'myaccount','My Account', array('weight' => -10, 'link' => "person/view/$id"));
	menu_add_child('myaccount', 'myaccount/edit','edit account', array('weight' => -10, 'link' => "person/edit/$id"));
	menu_add_child('myaccount', 'myaccount/pass', 'change password', array( 'link' => "person/changepassword/$id"));
	menu_add_child('myaccount', 'myaccount/signwaiver', 'view/sign player waiver', array( 'link' => "person/signwaiver", 'weight' => 3));

	if (variable_get('dog_questions', 1) && $lr_session->attr_get('has_dog') == 'Y') {
		menu_add_child('myaccount', 'myaccount/signdogwaiver', 'view/sign dog waiver', array( 'link' => "person/signdogwaiver", 'weight' => 4));
	}

    # Don't show "Players" menu for non-players.
	if( ! $lr_session->is_player() ) {
	    return;
	}

	menu_add_child('_root','person',"Players", array('weight' => -9));
	if($lr_session->has_permission('person','list') ) {
		menu_add_child('person','person/search',"search players", array('link' => 'person/search'));
	}

	if($lr_session->is_admin()) {
	
		$newUsers = person_count(array( 'status' => 'new' ));
		if($newUsers) {
			menu_add_child('person','person/listnew',"approve new accounts ($newUsers pending)", array('link' => "person/listnew"));
		}

		menu_add_child('person', 'person/create', "create account", array('link' => "person/create", 'weight' => 1));

		# Admin menu
		menu_add_child('settings', 'settings/person', 'user settings', array('link' => 'settings/person'));
		menu_add_child('statistics', 'statistics/person', 'player statistics', array('link' => 'statistics/person'));
	}
}

/**
 * Periodic tasks to perform.  This should handle any internal checkpointing
 * necessary, as the cron task may be called more or less frequently than we
 * expect.
 */
function person_cron()
{
	global $dbh;

	$output = '';

	if( variable_get('registration', 0) ) {
		$output .= h2('Membership welcome letters');

		// Defaulting the value here to 0 matches no real events while preventing SQL errors.
		$registration_ids = variable_get('membership_ids', '0');
		// TODO: Make the rollover date configurable; this starts the new year's letters in April
		$year = date('Y');
		if (date('n') < 4)
			-- $year;

		$sth = $dbh->prepare("SELECT user_id FROM person
								WHERE user_id IN 
									(SELECT DISTINCT user_id FROM registrations
									WHERE registration_id IN ($registration_ids)
									AND payment = 'Paid')
								AND user_id NOT IN
									(SELECT secondary_id FROM activity_log
									WHERE type = ? AND primary_id = ?)");
		$sth->execute( array("email_membership_letter", $year) );

		$emailed = 0;
		while( $id = $sth->fetchColumn() ) {
			$person = person_load( array('user_id' => $id) );
			if ($person->send_membership_letter())
				++ $emailed;
		}
		$output .= para("Emailed $emailed membership letters.");
	}

	return "$output<pre>Completed person_cron run</pre>";
}

/**
 * Player viewing handler
 */
class PersonView extends Handler
{
	var $person;

	function has_permission ()
	{
		global $lr_session;

		if(!$this->person) {
			error_exit("That user does not exist");
		}

		return $lr_session->has_permission('person','view', $this->person->user_id);
	}

	function process ()
	{
		$this->title = 'View';
		$this->setLocation(array(
			$this->person->fullname => 'person/view/' . $this->person->user_id,
			$this->title => 0));

		return $this->generateView($this->person);
	}

	function generateView (&$person)
	{
		global $lr_session;

		$rows[] = array("Name:", $person->fullname);

		if( ! ($lr_session->is_player() || ($lr_session->attr_get('user_id') == $person->user_id)) ) {
			return "<div class='pairtable'>" . table(null, $rows) . "</div>";
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'username') ) {
			$rows[] = array("System Username:", $person->username);
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'member_id') ) {
			if($person->member_id) {
				$rows[] = array(variable_get('app_org_short_name', 'League') . ' Member ID:', $person->member_id);
			} else {
				$rows[] = array(variable_get('app_org_short_name', 'League') . ' Member ID:', 'Not a member of ' . variable_get('app_org_short_name', 'the league'));
			}
		}

		if($person->allow_publish_email == 'Y') {
			$rows[] = array("Email Address:", l($person->email, "mailto:$person->email") . " (published)");
		} else {
			if($lr_session->has_permission('person','view',$person->user_id, 'email') ) {
				$rows[] = array("Email Address:", l($person->email, "mailto:$person->email") . " (private)");
			}
		}

		foreach(array('home','work','mobile') as $type) {
			$item = "${type}_phone";
			$publish = "publish_$item";
			if($person->$publish == 'Y') {
				$rows[] = array("Phone ($type):", $person->$item . " (published)");
			} else {
				if($lr_session->has_permission('person','view',$person->user_id, $item)  && isset($person->$item) ) {
					$rows[] = array("Phone ($type):", $person->$item . " (private)");
				}
			}
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'address')) {
			$rows[] = array("Address:", 
				format_street_address(
					$person->addr_street,
					$person->addr_city,
					$person->addr_prov,
					$person->addr_country,
					$person->addr_postalcode
				)
			);
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'birthdate')) {
			$rows[] = array('Birthdate:', $person->birthdate);
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'height')) {
			$rows[] = array('Height:', $person->height ? "$person->height inches" : "Please edit your account to enter your height");
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'gender')) {
			$rows[] = array("Gender:", $person->gender);
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'shirtsize')) {
			$rows[] = array('Shirt Size:', $person->shirtsize);
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'skill')) {
			$skillAry = getOptionsForSkill();
			$rows[] = array("Skill Level:", $skillAry[$person->skill_level]);
			$rows[] = array("Year Started:", $person->year_started);
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'class')) {
			$rows[] = array("Account Class:", $person->class);
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'status')) {
			$rows[] = array("Account Status:", $person->status);
		}

		if(variable_get('dog_questions', 1)) {
			if($lr_session->has_permission('person','view',$person->user_id, 'dog')) {
				$rows[] = array("Has Dog:",($person->has_dog == 'Y') ? "yes" : "no");

				if($person->has_dog == 'Y') {
					$rows[] = array("Dog Waiver Signed:",($person->dog_waiver_signed) ? $person->dog_waiver_signed : "Not signed");
				}
			}
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'willing_to_volunteer')) {
			$rows[] = array('Can ' . variable_get('app_org_short_name', 'the league') . ' contact you with a survey about volunteering?',($person->willing_to_volunteer == 'Y') ? 'yes' : 'no');
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'contact_for_feedback')) {
			$rows[] = array('From time to time, ' . variable_get('app_org_short_name', 'the league') .
					' would like to contact members with information on our programs and to solicit feedback. ' .
					'Can ' . variable_get('app_org_short_name', 'the league') . ' contact you in this regard? ',
					($person->contact_for_feedback == 'Y') ? 'yes' : 'no');
		}

		if($lr_session->has_permission('person','view',$person->user_id, 'last_login')) {
			if($person->last_login) {
				$rows[] = array('Last Login:', 
					$person->last_login . ' from ' . $person->client_ip);
			} else {
				$rows[] = array('Last Login:', 'Never logged in');
			}
		}

		$rosterPositions = getRosterPositions();
		$teams = array();
		while(list(,$team) = each($person->teams)) {
			$teams[] = array(
				$rosterPositions[$team->position],
				'on',
				l($team->name, "team/view/$team->id"),
				"(" . l($team->league_name, "league/view/$team->league_id") . ")"
			);
		}
		reset($person->teams);
		$rows[] = array("Teams:", table( null, $teams) );
		if( count ($person->historical_teams) ) {
			$rows[] = array( '', 'There is also ' . l('historical team data', "person/historical/$person->user_id") . ' saved');
		}

		if( $person->is_a_coordinator ) {
			$leagues = array();
			foreach( $person->leagues as $league ) {
				$leagues[] = array(
					"Coordinator of",
					l($league->fullname, "league/view/$league->league_id")
				);
			}
			reset($person->leagues);

			$rows[] = array("Leagues:", table( null, $leagues) );
		}

		if( variable_get('registration', 0) ) {
			if($lr_session->has_permission('registration','history',$person->user_id)) {
				$rows[] = array("Registration:", l('View registration history', "registration/history/$person->user_id"));
			}
		}

		return "<div class='pairtable'>" . table(null, $rows) . "</div>";
	}
}

/**
 * Delete an account
 */
class PersonDelete extends PersonView
{
	var $person;

	function has_permission()
	{
		global $lr_session;

		if(!$this->person) {
			error_exit("That user does not exist");
		}

		return $lr_session->has_permission('person','delete', $this->person->user_id);
	}


	function process ()
	{
		global $lr_session;
		$this->title = 'Delete';
		$edit = $_POST['edit'];

		/* Safety check: Don't allow us to delete ourselves */
		if($lr_session->attr_get('user_id') == $this->person->user_id) {
			error_exit("You cannot delete your own account!");
		}

		if($edit['step'] == 'perform') {
			$this->person->delete();
			local_redirect(url("person/search"));
			return $rc;
		}

		$this->setLocation(array(
			$this->person->fullname => "person/view/" . $this->person->user_id,
			$this->title => 0));

		return 
			para("Confirm that you wish to delete this user from the system.")
			. $this->generateView($this->person)
			. form( 
				form_hidden('edit[step]', 'perform')
				. form_submit("Delete")
			);
	}
}

/**
 * Approve new account creation
 */
class PersonApproveNewAccount extends PersonView
{
	var $person;

	function has_permission()
	{
		global $lr_session;
		if(!$this->person) {
			error_exit("That user does not exist");
		}

		return $lr_session->has_permission('person','approve', $this->person->user_id);
	}

	function process ()
	{
		$edit = $_POST['edit'];
		$this->title = 'Approve Account';

		if($edit['step'] == 'perform') {
			/* Actually do the approval on the 'perform' step */
			$this->perform( $edit );
			local_redirect("person/listnew");
		} 

		if($this->person->status != 'new') {
			error_exit("That account has already been approved");
		}

		$dispositions = array(
			'---'	          => '- Select One -',
			'approve_player'  => 'Approved as Player',
			'approve_visitor' => 'Approved as visitor account',
			'delete' 		  => 'Deleted silently',
		);

		$sth = $this->person->find_duplicates();

		$duplicates = '';
		while( $user = $sth->fetchObject('Person', array(LOAD_OBJECT_ONLY)) ) {
			$duplicates .= "<li>$user->firstname $user->lastname";
			$duplicates .= "[&nbsp;" . l("view", "person/view/$user->user_id") . "&nbsp;]";

			$dispositions["delete_duplicate:$user->user_id"] = "Deleted as duplicate of $user->firstname $user->lastname ($user->user_id)";
			$dispositions["merge_duplicate:$user->user_id"] = "Merged backwards into $user->firstname $user->lastname ($user->user_id)";
		}

		$approval_form = 
			form_hidden('edit[step]', 'perform')
			. form_select('This user should be', 'edit[disposition]', '---', $dispositions)
			. form_submit("Submit");


		$this->setLocation(array(
			$this->person->fullname => "person/view/" . $this->person->user_id,
			$this->title => 0));

		if( strlen($duplicates) > 0 ) {
			$duplicates = para("<div class='warning'><br>The following users may be duplicates of this account:<ul>\n"
				. $duplicates
				. "</ul></div>");
		}

		return 
			$duplicates
			. form( para($approval_form) )
			. $this->generateView($this->person);
	}

	function perform ( $edit )
	{
		global $lr_session; 

		$disposition = $edit['disposition'];

		if($disposition == '---') {
			error_exit("You must select a disposition for this account");
		}

		list($disposition,$dup_id) = split(':',$disposition);

		switch($disposition) {
			case 'approve_player':
				$this->person->set('class','player');
				$this->person->set('status','inactive');
				if(! $this->person->generate_member_id() ) {
					error_exit("Couldn't get member ID allocation");
				}

				if( ! $this->person->save() ) {
					error_exit("Couldn't save new member activation");
				}

				$message = _person_mail_text('approved_body_player', array( 
					'%fullname' => $this->person->fullname,
					'%username' => $this->person->username,
					'%memberid' => $this->person->member_id,
					'%url' => url(""),
					'%adminname' => variable_get('app_admin_name', 'Leaguerunner Admin'),
					'%site' => variable_get('app_name','Leaguerunner')));

				$rc = send_mail($this->person->email, $this->person->fullname,
					false, false, // from the administrator
					false, false, // no Cc
					_person_mail_text('approved_subject', array( '%username' => $this->person->username, '%site' => variable_get('app_name','Leaguerunner') )), 
					$message);
				if($rc == false) {
					error_exit("Error sending email to " . $this->person->email);
				}
				return true;

			case 'approve_visitor':
				$this->person->set('class','visitor');
				$this->person->set('status','inactive');
				if( ! $this->person->save() ) {
					error_exit("Couldn't save new member activation");
				}

				$message = _person_mail_text('approved_body_visitor', array( 
					'%fullname' => $this->person->fullname,
					'%username' => $this->person->username,
					'%url' => url(""),
					'%adminname' => variable_get('app_admin_name','Leaguerunner Admin'),
					'%site' => variable_get('app_name','Leaguerunner')));
				$rc = send_mail($this->person->email, $this->person->fullname,
					false, false, // from the administrator
					false, false, // no Cc
					_person_mail_text('approved_subject', array( '%username' => $this->person->username, '%site' => variable_get('app_name','Leaguerunner' ))), 
					$message);
				if($rc == false) {
					error_exit("Error sending email to " . $this->person->email);
				}
				return true;

			case 'delete':
				if( ! $this->person->delete() ) {
					error_exit("Delete of user " . $this->person->fullname . " failed.");
				}
				return true;

			case 'delete_duplicate':
				$existing = person_load( array('user_id' => $dup_id) );
				$message = _person_mail_text('dup_delete_body', array( 
					'%fullname' => $this->person->fullname,
					'%username' => $this->person->username,
					'%existingusername' => $existing->username,
					'%existingemail' => $existing->email,
					'%passwordurl' => variable_get('password_reset', url('person/forgotpassword')),
					'%adminname' => $lr_session->user->fullname,
					'%site' => variable_get('app_name','Leaguerunner')));

				$addresses = $names = array();
				$addresses[] = $this->person->email;
				$names[] = $this->person->fullname;
				if($this->person->email != $existing->email) {
					$addresses[] = $existing->email;
					$names[] = $this->person->fullname;
				}

				if( ! $this->person->delete() ) {
					error_exit("Delete of user " . $this->person->fullname . " failed.");
				}

				$rc = send_mail($addresses, $names,
					false, false, // from the administrator
					false, false, // no Cc
					_person_mail_text('dup_delete_subject', array( '%site' => variable_get('app_name', 'Leaguerunner') )), 
					$message);

				if($rc == false) {
					error_exit("Error sending email to " . $this->person->email);
				}
				return true;

			// This is basically the same as the delete duplicate, except
			// that some old information (e.g. user ID) is preserved
			case 'merge_duplicate':
				$existing = person_load( array('user_id' => $dup_id) );
				$message = _person_mail_text('dup_merge_body', array( 
					'%fullname' => $this->person->fullname,
					'%username' => $this->person->username,
					'%existingusername' => $existing->username,
					'%existingemail' => $existing->email,
					'%passwordurl' => variable_get('password_reset', url('person/forgotpassword')),
					'%adminname' => variable_get('app_admin_name','Leaguerunner Admin'),
					'%site' => variable_get('app_name','Leaguerunner')));

				$addresses = $names = array();
				$addresses[] = $this->person->email;
				$names[] = $this->person->fullname;
				if($this->person->email != $existing->email) {
					$addresses[] = $existing->email;
					$names[] = $this->person->fullname;
				}

				// Copy over almost all of the new data; there must be a better way
				$existing->set('status', 'active');
				$existing->set('username', $this->person->username);
				$existing->set('password', $this->person->password);
				$existing->set('firstname', $this->person->firstname);
				$existing->set('lastname', $this->person->lastname);
				$existing->set('email', $this->person->email);
				$existing->set('allow_publish_email', $this->person->allow_publish_email);
				$existing->set('home_phone', $this->person->home_phone);
				$existing->set('publish_home_phone', $this->person->publish_home_phone);
				$existing->set('work_phone', $this->person->work_phone);
				$existing->set('publish_work_phone', $this->person->publish_work_phone);
				$existing->set('mobile_phone', $this->person->mobile_phone);
				$existing->set('publish_mobile_phone', $this->person->publish_mobile_phone);
				$existing->set('addr_street', $this->person->addr_street);
				$existing->set('addr_city', $this->person->addr_city);
				$existing->set('addr_prov', $this->person->addr_prov);
				$existing->set('addr_country', $this->person->addr_country);
				$existing->set('addr_postalcode', $this->person->addr_postalcode);
				$existing->set('gender', $this->person->gender);
				$existing->set('birthdate', $this->person->birthdate);
				$existing->set('height', $this->person->height);
				$existing->set('skill_level', $this->person->skill_level);
				$existing->set('year_started', $this->person->year_started);
				$existing->set('shirtsize', $this->person->shirtsize);
				$existing->set('session_cookie', $this->person->session_cookie);
				$existing->set('has_dog', $this->person->has_dog);
				$existing->set('survey_completed', $this->person->survey_completed);
				$existing->set('willing_to_volunteer', $this->person->willing_to_volunteer);
				$existing->set('contact_for_feedback', $this->person->contact_for_feedback);
				$existing->set('last_login', $this->person->last_login);
				$existing->set('client_ip', $this->person->client_ip);

				if( !$existing->member_id) {
					$existing->generate_member_id();
				}

				if( ! $this->person->delete() ) {
					error_exit("Delete of user " . $this->person->fullname . " failed.");
				}

				if( ! $existing->save() ) {
					error_exit("Couldn't save new member information");
				}

				$rc = send_mail($addresses, $names,
					false, false, // from the administrator
					false, false, // no Cc
					_person_mail_text('dup_merge_subject', array( '%site' => variable_get('app_name', 'Leaguerunner') )), 
					$message);

				if($rc == false) {
					error_exit("Error sending email to " . $this->person->email);
				}
				return true;

			default:
				error_exit("You must select a disposition for this account");

		}
	}
}


/**
 * Player edit handler
 */
class PersonEdit extends Handler
{
	var $person;

	function has_permission ()
	{
		global $lr_session;
		if(!$this->person) {
			error_exit("That user does not exist");
		}
		return $lr_session->has_permission('person','edit', $this->person->user_id);
	}

	function process ()
	{
		global $lr_session;
		$edit = $_POST['edit'];
		$this->title = 'Edit';

		switch($edit['step']) {
			case 'confirm':
				$rc = $this->generateConfirm( $this->person->user_id, $edit );
				break;
			case 'perform':
				$this->perform( $this->person, $edit );
				if($this->person->is_active()) {
					local_redirect('person/view/' . $this->person->user_id);
				}
				else {
					local_redirect('');
				}
				break;
			default:
				$edit = object2array($this->person);
				$rc = $this->generateForm($this->person->user_id, $edit, "Edit any of the following fields and click 'Submit' when done.");
		}

		return $rc;
	}

	function generateForm ( $id, &$formData, $instructions = "")
	{
		global $lr_session, $CONFIG;
		$output = <<<END_TEXT
<script language="JavaScript" type="text/javascript">
<!--
function popup(url)
{
	newwindow=window.open(url,'Leaguerunner Skill Rating Form','height=350,width=400,resizable=yes,scrollbars=yes')
	if (window.focus) {newwindow.focus()}
	return false;
}

function doNothing() {}

// -->
// </script>
END_TEXT;
		$output .= form_hidden('edit[step]', 'confirm');

		$output .= para($instructions);
		$output .= para(
			"Note that email and phone publish settings below only apply to regular players.  "
			. "Captains will always have access to view the phone numbers and email addresses of their confirmed players.  "
			. "All Team Captains will also have their email address viewable by other players"
		);
		$privacy = variable_get('privacy_policy', 'http://www.ocua.ca/node/17');
		if($privacy) {
			$output .= para(
					'If you have concerns about the data ' . variable_get('app_org_short_name', 'the league') . ' collects, please see our '
					. "<b><a href=\"$privacy\" target=\"_new\">Privacy Policy</a>.</b>"
			);
		}

		if($lr_session->has_permission('person', 'edit', $id, 'name') ) {
			$group .= form_textfield('First Name', 'edit[firstname]', $formData['firstname'], 25,100, 'First (and, if desired, middle) name.');

			$group .= form_textfield('Last Name', 'edit[lastname]', $formData['lastname'], 25,100);
		} else {
			$group .= form_item('Full Name', $formData['firstname'] . ' ' . $formData['lastname']);
		}

		if($lr_session->has_permission('person', 'edit', $id, 'username') ) {
			$group .= form_textfield('System Username', 'edit[username]', $formData['username'], 25,100, 'Desired login name.');
		} else {
			$group .= form_item('System Username', $formData['username'], 'Desired login name.');
		}
		
		if($lr_session->has_permission('person', 'edit', $id, 'password') ) {
			$group .= form_password('Password', 'edit[password_once]', '', 25,100, 'Enter your desired password.');
			$group .= form_password('Re-enter Password', 'edit[password_twice]', '', 25,100, 'Enter your desired password a second time to confirm it.');
		}

		$group .= form_select('Gender', 'edit[gender]', $formData['gender'], getOptionsFromEnum( 'person', 'gender'), 'Select your gender');

		$output .= form_group('Identity', $group);

		$group = form_textfield('Email Address', 'edit[email]', $formData['email'], 25, 100, 'Enter your preferred email address.  This will be used by ' . variable_get('app_org_short_name', 'the league') . ' to correspond with you on league matters.');
		$group .= form_checkbox('Allow other players to view my email address','edit[allow_publish_email]','Y',($formData['allow_publish_email'] == 'Y'));

		$output .= form_group('Online Contact', $group);

		$group = form_textfield('Street and Number','edit[addr_street]',$formData['addr_street'], 25, 100, 'Number, street name, and apartment number if necessary');
		$group .= form_textfield('City','edit[addr_city]',$formData['addr_city'], 25, 100, 'Name of city');

		/* TODO: evil.  Need to allow Americans to use this at some point in
		 * time... */
		$group .= form_select('Province', 'edit[addr_prov]', $formData['addr_prov'], getProvinceNames(), 'Select a province/state from the list');

		$group .= form_select('Country', 'edit[addr_country]', $formData['addr_country'], getCountryNames(), 'Select a country from the list');

		$group .= form_textfield('Postal Code', 'edit[addr_postalcode]', $formData['addr_postalcode'], 8, 7, 'Please enter a correct postal code matching the address above. ' . variable_get('app_org_short_name', 'the league') . ' uses this information to help locate new fields near its members.');

		$output .= form_group('Street Address', $group);


		$group = form_textfield('Home', 'edit[home_phone]', $formData['home_phone'], 25, 100, 'Enter your home telephone number');
		$group .= form_checkbox('Allow other players to view home number','edit[publish_home_phone]','Y',($formData['publish_home_phone'] == 'Y'));
		$group .= form_textfield('Work', 'edit[work_phone]', $formData['work_phone'], 25, 100, 'Enter your work telephone number (optional)');
		$group .= form_checkbox('Allow other players to view work number','edit[publish_work_phone]','Y',($formData['publish_work_phone'] == 'Y'));
		$group .= form_textfield('Mobile', 'edit[mobile_phone]', $formData['mobile_phone'], 25, 100, 'Enter your cell or pager number (optional)');
		$group .= form_checkbox('Allow other players to view mobile number','edit[publish_mobile_phone]','Y',($formData['publish_mobile_phone'] == 'Y'));
		$output .= form_group('Telephone Numbers', $group);

		$player_classes = array(
			'player' => 'Player',
			'visitor' => 'Non-player account');

		if(! $formData['class'] ) {
			$formData['class'] = 'visitor';
		}

		if($lr_session->has_permission('person', 'edit', $id, 'class') ) {
			$player_classes['administrator'] = 'Leaguerunner administrator';
			$player_classes['volunteer'] = 'Volunteer';
		}

		# Volunteers can unset themselves as volunteer if they wish.
		if( $formData['class'] == 'volunteer' ) {
			$player_classes['volunteer'] = 'Volunteer';
		}

		$group = form_radiogroup('Account Type', 'edit[class]', $formData['class'], $player_classes );
		if($lr_session->has_permission('person', 'edit', $id, 'status') ) {
			$group .= form_select('Account Status','edit[status]', $formData['status'], getOptionsFromEnum('person','status'));
		}

		$output .= form_group('Account Information', $group);

		$group = form_select('Skill Level', 'edit[skill_level]', $formData['skill_level'], 
				getOptionsFromRange(1, 10), 
				"Please use the questionnaire to <a href=\"" . $CONFIG['paths']['base_url'] . "/data/rating.html\" target='_new'>calculate your rating</a>"
		);

		$thisYear = strftime('%Y', time());
		$group .= form_select('Year Started', 'edit[year_started]', $formData['year_started'], 
				getOptionsFromRange(1986, $thisYear, 'reverse'), 'The year you started playing Ultimate in this league.');

		$group .= form_select_date('Birthdate', 'edit[birth]', $formData['birthdate'], ($thisYear - 75), ($thisYear - 5), 'Please enter a correct birthdate; having accurate information is important for insurance purposes');

		$group .= form_textfield('Height','edit[height]',$formData['height'], 4, 4, 'Please enter your height in inches (5 feet is 60 inches; 6 feet is 72 inches).  This is used to help generate even teams for hat leagues.');

		$group .= form_select('Shirt Size','edit[shirtsize]', $formData['shirtsize'], getShirtSizes());

		if (variable_get('dog_questions', 1)) {
			$group .= form_radiogroup('Has Dog', 'edit[has_dog]', $formData['has_dog'], array(
				'Y' => 'Yes, I have a dog I will be bringing to games',
				'N' => 'No, I will not be bringing a dog to games'));
		}

		$group .= form_radiogroup('Can ' . variable_get('app_org_short_name', 'the league') . ' contact you with a survey about volunteering?', 'edit[willing_to_volunteer]', $formData['willing_to_volunteer'], array(
			'Y' => 'Yes',
			'N' => 'No'));

		$group .= form_radiogroup('From time to time, ' . variable_get('app_org_short_name', 'the league') .
					' would like to contact members with information on our programs and to solicit feedback. ' .
					'Can ' . variable_get('app_org_short_name', 'the league') . ' contact you in this regard? ',
					'edit[contact_for_feedback]', $formData['contact_for_feedback'],
					array('Y' => 'Yes',
							'N' => 'No'));

		$output .= form_group('Player and Skill Information', $group);

		$this->setLocation(array(
			$formData['fullname'] => "person/view/$id",
			$this->title => 0));

		$output .= para(form_submit('submit') . form_reset('reset'));

		return form($output, 'post', null, 'id="player_form"');
	}

	function generateConfirm ( $id, $edit = array() )
	{
		global $lr_session;
		$dataInvalid = $this->isDataInvalid( $id, $edit );
		if($dataInvalid) {
			error_exit($dataInvalid . "<br>Please use your back button to return to the form, fix these errors, and try again");
		}

		$output = para("Confirm that the data below is correct and click 'Submit' to make your changes.");
		$output .= form_hidden('edit[step]', 'perform');

		$group = '';
		if($lr_session->has_permission('person', 'edit', $id, 'name') ) {
			$group .= form_item('First Name',
				form_hidden('edit[firstname]',$edit['firstname']) . $edit['firstname']);
			$group .= form_item('Last Name',
				form_hidden('edit[lastname]',$edit['lastname']) . $edit['lastname']);
		}

		if($lr_session->has_permission('person', 'edit', $id, 'username') ) {
			$group .= form_item('System Username',
				form_hidden('edit[username]',$edit['username']) . $edit['username']);
		}

		if($lr_session->has_permission('person', 'edit', $id, 'password') ) {
			$group .= form_item('Password',
				form_hidden('edit[password_once]', $edit['password_once'])
				. form_hidden('edit[password_twice]', $edit['password_twice'])
				. '<i>(entered)</i>');
		}
		$group .=  form_item('Gender', form_hidden('edit[gender]',$edit['gender']) . $edit['gender']);

		$output .= form_group('Identity', $group);

		$group = form_item('Email Address',
			form_hidden('edit[email]',$edit['email']) . $edit['email']);

		$group .= form_item('Show email to other players',
			form_hidden('edit[allow_publish_email]',$edit['allow_publish_email']) . $edit['allow_publish_email']);

		$output .= form_group('Online Contact', $group);

		$group = form_item('',
			form_hidden('edit[addr_street]',$edit['addr_street'])
			. form_hidden('edit[addr_city]',$edit['addr_city'])
			. form_hidden('edit[addr_prov]',$edit['addr_prov'])
			. form_hidden('edit[addr_country]',$edit['addr_country'])
			. form_hidden('edit[addr_postalcode]',$edit['addr_postalcode'])
			. "{$edit['addr_street']}<br>{$edit['addr_city']}, {$edit['addr_prov']}, {$edit['addr_country']}<br>{$edit['addr_postalcode']}");

		$output .= form_group('Street Address', $group);

		$group = '';
		foreach( array('home','work','mobile') as $location) {
			if($edit["${location}_phone"]) {
				$group .= form_item(ucfirst($location),
					form_hidden("edit[${location}_phone]", $edit["${location}_phone"])
					. $edit["${location}_phone"]);

				if($edit["publish_${location}_phone"] == 'Y') {
					$publish_info = "yes";
					$publish_info .= form_hidden("edit[publish_${location}_phone]", 'Y');
				} else {
					$publish_info = "no";
				}
				$group .= form_item("Allow other players to view $location number", $publish_info);
			}
		}
		$output .= form_group('Telephone Numbers', $group);


		$group = form_item("Account Class", form_hidden('edit[class]',$edit['class']) . $edit['class']);

		if($lr_session->has_permission('person', 'edit', $id, 'status') ) {
			$group .= form_item("Account Status", form_hidden('edit[status]',$edit['status']) . $edit['status']);
		}

		$output .= form_group('Account Information', $group);

		$levels = getOptionsForSkill();
		$group = form_item("Skill Level", form_hidden('edit[skill_level]',$edit['skill_level']) . $levels[$edit['skill_level']]);

		$group .= form_item("Year Started", form_hidden('edit[year_started]',$edit['year_started']) . $edit['year_started']);

		$group .= form_item("Birthdate", 
			form_hidden('edit[birth][year]',$edit['birth']['year']) 
			. form_hidden('edit[birth][month]',$edit['birth']['month']) 
			. form_hidden('edit[birth][day]',$edit['birth']['day']) 
			. $edit['birth']['year'] . " / " . $edit['birth']['month'] . " / " . $edit['birth']['day']);

		if($edit['height']) {
			$group .= form_item("Height", form_hidden('edit[height]',$edit['height']) . $edit['height'] . " inches");
		}
		$group .= form_item("Shirt Size", form_hidden('edit[shirtsize]',$edit['shirtsize']) . $edit['shirtsize']);

		if (variable_get('dog_questions', 1)) {
			$group .= form_item("Has dog", form_hidden('edit[has_dog]',$edit['has_dog']) . $edit['has_dog']);
		}

		$group .= form_item('Can ' . variable_get('app_org_short_name', 'the league') . ' contact you with a survey about volunteering?', form_hidden('edit[willing_to_volunteer]',$edit['willing_to_volunteer']) . $edit['willing_to_volunteer']);

		$group .= form_item('From time to time, ' . variable_get('app_org_short_name', 'the league') .
					' would like to contact members with information on our programs and to solicit feedback. ' .
					'Can ' . variable_get('app_org_short_name', 'the league') . ' contact you in this regard? ',
					form_hidden('edit[contact_for_feedback]',$edit['contact_for_feedback']) . $edit['contact_for_feedback']);

		$output .= form_group('Player and Skill Information', $group);

		$output .= para(form_submit('submit') . form_reset('reset'));

		$this->setLocation(array(
			$edit['firstname'] . " " . $edit['lastname'] => "person/view/$id",
			$this->title => 0));

		return form($output);
	}

	function perform ( $person, $edit = array() )
	{
		global $lr_session;

		$dataInvalid = $this->isDataInvalid( $person->user_id, $edit );
		if($dataInvalid) {
			error_exit($dataInvalid . "<br>Please use your back button to return to the form, fix these errors, and try again");
		}

		if($edit['username'] && $lr_session->has_permission('person', 'edit', $this->person->user_id, 'username') ) {
			$person->set('username', $edit['username']);
		}

		/* EVIL HACK
		 * If this person is currently a 'visitor', it does not have a
		 * member number, so if we move it to another class, it needs
		 * to be given one.  We do this by forcing its status to 'new' and
		 * requiring it be reapproved.  Ugly hack, but since
		 * we're likely to scrutinize non-player accounts less than player
		 * accounts, it's necessary.
		 */
		if( ($person->class == 'visitor') && ($edit['class'] == 'player') ) {
			$person->set('status','new');
			$person->set('class','player');
			$status_changed = true;
		}

		if($edit['class'] && $lr_session->has_permission('person', 'edit', $this->person->user_id, 'class') ) {
			$person->set('class', $edit['class']);
		}

		if($edit['status'] && $lr_session->has_permission('person', 'edit', $this->person->user_id, 'status') ) {
			$person->set('status',$edit['status']);
		}

		$person->set('email', $edit['email']);
		$person->set('allow_publish_email', $edit['allow_publish_email']);

		foreach(array('home_phone','work_phone','mobile_phone') as $type) {
			$num = $edit[$type];
			if(strlen($num)) {
				$person->set($type, clean_telephone_number($num));
			} else {
				$person->set($type, null);
			}

			$person->set('publish_' . $type, $edit['publish_' . $type] ? 'Y' : 'N');
		}

		if($lr_session->has_permission('person', 'edit', $this->person->user_id, 'name') ) {
			$person->set('firstname', $edit['firstname']);
			$person->set('lastname', $edit['lastname']);
		}

		$person->set('addr_street', $edit['addr_street']);
		$person->set('addr_city', $edit['addr_city']);
		$person->set('addr_prov', $edit['addr_prov']);
		$person->set('addr_country', $edit['addr_country']);

		$postcode = $edit['addr_postalcode'];
		if(strlen($postcode) == 6) {
			$foo = substr($postcode,0,3) . " " . substr($postcode,3);
			$postcode = $foo;
		}
		$person->set('addr_postalcode', $edit['addr_postalcode']);

		$person->set('birthdate', join("-",array(
			$edit['birth']['year'],
			$edit['birth']['month'],
			$edit['birth']['day'])));

		if($edit['height']) {
			$person->set('height', $edit['height']);
		}
		$person->set('shirtsize', $edit['shirtsize']);

		$person->set('gender', $edit['gender']);

		$person->set('skill_level', $edit['skill_level']);
		$person->set('year_started', $edit['year_started']);

		if (variable_get('dog_questions', 1)) {
			$person->set('has_dog', $edit['has_dog']);
		}

		$person->set('willing_to_volunteer', $edit['willing_to_volunteer']);
		$person->set('contact_for_feedback', $edit['contact_for_feedback']);

		if( ! $person->save() ) {
			error_exit("Internal error: couldn't save changes");
		} else {
			/* EVIL HACK
			 * If a user changes their own status from visitor to player, they
			 * will get logged out, so we need to warn them of this fact.
			 */
			if($status_changed) {
			   print theme_header("Edit Account");
			   print theme_body($this->breadcrumbs);
		       print "<h1>Edit Account</h1>";
			   print para(
				"You have requested to change your account status to 'Player'.  As such, your account is now being held for one of the administrators to approve.  "
				. 'Once your account is approved, you will receive an email informing you of your new ' . variable_get('app_org_short_name', 'League') . ' member number. '
				. 'You will then be able to log in once again with your username and password.');
		       print theme_footer();
			   exit;
			}
		}
		return true;
	}

	function isDataInvalid ( $id, $edit = array() )
	{
		global $lr_session;
		$errors = "";

		if($lr_session->has_permission('person','edit',$id, 'name')) {
			if( ! validate_name_input($edit['firstname']) || ! validate_name_input($edit['lastname'])) {
				$errors .= "\n<li>You can only use letters, numbers, spaces, and the characters - ' and . in first and last names";
			}
		}

		if($lr_session->has_permission('person','edit',$id, 'username')) {
			if( ! validate_name_input($edit['username']) ) {
				$errors .= "\n<li>You can only use letters, numbers, spaces, and the characters - ' and . in usernames";
			}
			$user = person_load( array('username' => $edit['username']) );
			# TODO: BUG: need to check that $user->user_id != current id
			if( $user && !$lr_session->is_admin()) {
				error_exit("A user with that username already exists; please go back and try again");
			}
		}

		if ( ! validate_email_input($edit['email']) ) {
			$errors .= "\n<li>You must supply a valid email address";
		}

		if( !validate_nonblank($edit['home_phone']) &&
			!validate_nonblank($edit['work_phone']) &&
			!validate_nonblank($edit['mobile_phone']) ) {
			$errors .= "\n<li>You must supply at least one valid telephone number.  Please supply area code, number and (if any) extension.";
		}
		if(validate_nonblank($edit['home_phone']) && !validate_telephone_input($edit['home_phone'])) {
			$errors .= "\n<li>Home telephone number is not valid.  Please supply area code, number and (if any) extension.";
		}
		if(validate_nonblank($edit['work_phone']) && !validate_telephone_input($edit['work_phone'])) {
			$errors .= "\n<li>Work telephone number is not valid.  Please supply area code, number and (if any) extension.";
		}
		if(validate_nonblank($edit['mobile_phone']) && !validate_telephone_input($edit['mobile_phone'])) {
			$errors .= "\n<li>Mobile telephone number is not valid.  Please supply area code, number and (if any) extension.";
		}

		$address_errors = validate_address( 
			$edit['addr_street'],
			$edit['addr_city'],
			$edit['addr_prov'],
			$edit['addr_postalcode'],
			$edit['addr_country']);

		if( count($address_errors) > 0) {
			$errors .= "\n<li>" . join("\n<li>", $address_errors);
		}

		if( !preg_match("/^[mf]/i",$edit['gender'] ) ) {
			$errors .= "\n<li>You must select either male or female for gender.";
		}

		if( !validate_date_input($edit['birth']['year'], $edit['birth']['month'], $edit['birth']['day']) ) {
			$errors .= "\n<li>You must provide a valid birthdate";
		}

		if( validate_nonblank($edit['height']) ) {
			if( !$lr_session->is_admin() && ( ($edit['height'] < 36) || ($edit['height'] > 84) )) {
				$errors .= "\n<li>Please enter a reasonable and valid value for your height.";
			}
		}

		if( $edit['skill_level'] < 1 || $edit['skill_level'] > 10 ) {
			$errors .= "\n<li>You must select a skill level between 1 and 10. You entered " .  $edit['skill_level'];
		}

		$current = localtime(time(),1);
		$this_year = $current['tm_year'] + 1900;
		if( $edit['year_started'] > $this_year ) {
			$errors .= "\n<li>Year started must be before current year.";
		}

		if( $edit['year_started'] < 1986 ) {
			$errors .= "\n<li>Year started must be after 1986.  For the number of people who started playing before then, I don't think it matters if you're listed as having played 17 years or 20, you're still old. :)";
		}
		$yearDiff = $edit['year_started'] - $edit['birth']['year'];
		if( $yearDiff < 8) {
			$errors .= "\n<li>You can't have started playing when you were $yearDiff years old!  Please correct your birthdate, or your starting year";
		}

		if(strlen($errors) > 0) {
			return $errors;
		} else {
			return false;
		}
	}
}

/**
 * Player create handler
 */
class PersonCreate extends PersonEdit
{
	var $person;

	function has_permission ()
	{
		global $lr_session;
		return $lr_session->has_permission('person','create');
	}

	function checkPrereqs( $next )
	{
		return false;
	}

	function process ()
	{
		$edit = $_POST['edit'];

		$this->title = 'Create Account';

		$id = 'new';
		switch($edit['step']) {
			case 'confirm':
				$rc = $this->generateConfirm( $id, $edit );
				break;
			case 'perform':
				$this->person = new Person;
				$this->person->user_id = $id;
				return $this->perform( $this->person, $edit );

			default:
				$edit = array();
				$rc = $this->generateForm( $id, $edit, "To create a new account, fill in all the fields below and click 'Submit' when done.  Your account will be placed on hold until approved by an administrator.  Once approved, you will be allocated a membership number, and have full access to the system.<p><b>NOTE</b> If you already have an account from a previous season, DO NOT CREATE ANOTHER ONE!  Instead, please <a href=\"" . variable_get('password_reset', url('person/forgotpassword')) . "\">follow these instructions</a> to gain access to your account.");
		}
		$this->setLocation(array( $this->title => 0));
		return $rc;
	}

	function perform ( $person, $edit = array())
	{
		global $lr_session;

		if( ! validate_name_input($edit['username']) ) {
			$errors .= "\n<li>You can only use letters, numbers, spaces, and the characters - ' and . in usernames";
		}
		$existing_user = person_load( array('username' => $edit['username']) );
		if( $existing_user ) {
			error_exit("A user with that username already exists; please go back and try again");
		}

		if($edit['password_once'] != $edit['password_twice']) {
			error_exit("First and second entries of password do not match");
		}
		$crypt_pass = md5($edit['password_once']);

		$person->set('username', $edit['username']);
		$person->set('firstname', $edit['firstname']);
		$person->set('lastname', $edit['lastname']);
		$person->set('password', $crypt_pass);

		$rc = parent::perform( $person, $edit );

		if( $rc === false ) {
			return false;
		} else {
			return para(
				"Thank you for creating an account.  It is now being held for one of the administrators to approve.  "
				. "Once your account is approved, you will receive an email informing you.  "
				. "You will then be able to log in with your username and password."
			);
		}
	}
}

/**
 * Account reactivation
 *
 * Accounts must be periodically reactivated to ensure that they are
 * reasonably up-to-date.
 */
class PersonActivate extends PersonEdit
{
	var $person;

	function checkPrereqs ( $ignored )
	{
		return false;
	}

	/**
	 * Check to see if this user can activate themselves.
	 * This is only possible if the user is in the 'inactive' status. This
	 * also means that the user can't have a valid session.
	 */
	function has_permission ()
	{
		global $lr_session;
		if($lr_session->is_valid()) {
			return false;
		}

		if ($lr_session->attr_get('status') != 'inactive') {
			error_exit("You do…