active-member/active.php at master · gnu-user/active-member · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
<?php
/*
 *  Active Member Page
 *
 *  Copyright (C) 2013 Jonathan Gillett, Computer Science Club
 *  All rights reserved.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

require_once "inc/auth.php";
require_once "inc/db_interface.php";
require_once "inc/validate.php";

session_start();

$mysqli_conn = new mysqli("localhost", $db_user, $db_pass, $db_name);

/* check connection */
if (!valid_mysqli_connect($mysqli_conn))
{
    printf("Connection failed: %s\n", mysqli_connect_error());
    exit();
}

/* Validate the first and last name input, if the input is valid then verify
 * if it belongs to a member. Any other information can be used to verify the
 * member in-case their name was misspelled, although this could be exploited...
 */
if (isset($_POST['first_name']) && isset($_POST['last_name'])
    && isset($_POST['student_number']))
{
    $first_name = $_POST['first_name'];
    $last_name = $_POST['last_name'];
    $student_number = $_POST['student_number'];
    $access_account;

    /* If the name and student # is valid verify that they exist in the database */
    if (valid_first_name($first_name) && valid_last_name($last_name)
        && valid_student_num($student_number))
    {
        /* If the access account is != -1 then the info provided belongs to a member */
        $access_account = verify_member($mysqli_conn, $first_name, $last_name, $student_number, $AES_KEY);
        if ($access_account !== -1)
        {
            echo "Access Account: " . $access_account;
            /* Add the member to the active members list if they are not already added */
            if (! is_active($mysqli_conn, $access_account))
            {
                /* Record the member as active! */
                add_member($mysqli_conn, $first_name, $last_name, $access_account);

                /* Member has been recorded as active, redirect to main page */
                $_SESSION['isactive'] = "isactive";
                header('Location: index.php');
            }
            else
            {
                /* Member has already been marked as active... */
                $_SESSION['alreadyactive'] = "alreadyactive";
                header('Location: index.php');
            }
        }
        else
        {
            /* Information provided does not match any club members, redirect to main page */
            $_SESSION['notmember'] = "notmember";
            header('Location: index.php');
        }
    }
    else
    {
        /* Invalid data, redirect to main page */
        $_SESSION['invalid'] = "invalid";
        header('Location: index.php');
    }
}
else
{
    /* Invalid data, redirect to main page */
    $_SESSION['invalid'] = "invalid";
    header('Location: index.php');
}
?>