From e8231f6ac2ae9ba73c33407f70e65aea1ace6882 Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Sat, 8 Dec 2018 11:06:54 -0700
Subject: [PATCH] Fix #13 where multiple families could have same email address

---
 action.php                          | 22 ++++++++++++++++++----
 public/actions/submitmembership.php | 14 +++++++++++++-
 2 files changed, 31 insertions(+), 5 deletions(-)

diff --git a/action.php b/action.php
index 345224b..a5c638d 100644
--- a/action.php
+++ b/action.php
@@ -39,10 +39,6 @@ switch ($VARS['action']) {
             returnToSender("no_permission");
         }
 
-        function errorBack(string $errormsg) {
-            returnToSender($errormsg);
-        }
-
         $family = new Family();
         $editing = false;
 
@@ -51,6 +47,14 @@ switch ($VARS['action']) {
             $editing = true;
         }
 
+        function errorBack(string $errormsg) {
+            global $family, $editing;
+            if ($editing) {
+                returnToSender($errormsg, "&id=" . $family->getID());
+            }
+            returnToSender($errormsg);
+        }
+
         $database->action(function($database) {
             global $family, $VARS, $editing;
 
@@ -76,6 +80,16 @@ switch ($VARS['action']) {
                 $family->setPhone($VARS['phone']);
                 $family->setEmail($VARS['email']);
 
+                if ($editing) {
+                    if ($database->has("families", ["AND" => ["email" => $family->getEmail(), "familyid[!]" => $family->getID()]])) {
+                        errorBack("That email address is already in use with another family.");
+                    }
+                } else {
+                    if ($database->has("families", ["email" => $family->getEmail()])) {
+                        errorBack("That email address is already in use with another family.");
+                    }
+                }
+
                 $address = $VARS['streetaddress'];
                 $city = $VARS['city'];
                 $state = strtoupper($VARS['state']);
diff --git a/public/actions/submitmembership.php b/public/actions/submitmembership.php
index b3d00ed..73769aa 100644
--- a/public/actions/submitmembership.php
+++ b/public/actions/submitmembership.php
@@ -21,9 +21,11 @@ if (empty($_POST['agree_terms'])) {
 }
 
 $family = new Family();
+$renewal = false;
 
 if (!empty($_SESSION['familyid']) && $database->has("families", ['familyid' => $_SESSION['familyid']])) {
     $family = (new Family())->load($_SESSION['familyid']);
+    $renewal = true;
 } else if (!empty($_POST['renewing'])) {
     // Session expired, but we're renewing, so kick them back to verification
     header("Location: ../?page=renew&msg=sessionexpired");
@@ -31,7 +33,7 @@ if (!empty($_SESSION['familyid']) && $database->has("families", ['familyid' => $
 }
 
 $database->action(function($database) {
-    global $family;
+    global $family, $renewal;
 
     try {
         $lastname = $_POST['familyname'];
@@ -55,6 +57,16 @@ $database->action(function($database) {
         $family->setPhone($_POST['phone']);
         $family->setEmail($_POST['email']);
 
+        if ($renewal) {
+            if ($database->has("families", ["AND" => ["email" => $family->getEmail(), "familyid[!]" => $family->getID()]])) {
+                errorBack("That email address is already in use with another family.");
+            }
+        } else {
+            if ($database->has("families", ["email" => $family->getEmail()])) {
+                errorBack("That email address is already in use with another family.");
+            }
+        }
+
         $address = $_POST['streetaddress'];
         $city = $_POST['city'];
         $state = strtoupper($_POST['state']);