Fix #13 where multiple families could have same email address

2018-12-08 11:06:54 -07:00 · 2018-12-08 11:06:54 -07:00 · e8231f6ac2
commit e8231f6ac2
parent b838fcace4
2 changed files with 31 additions and 5 deletions
--- a/action.php
+++ b/action.php
@ -39,10 +39,6 @@ switch ($VARS['action']) {
            returnToSender("no_permission");
        }

-        function errorBack(string $errormsg) {
-            returnToSender($errormsg);
-        }
-
        $family = new Family();
        $editing = false;

@ -51,6 +47,14 @@ switch ($VARS['action']) {
            $editing = true;
        }

+        function errorBack(string $errormsg) {
+            global $family, $editing;
+            if ($editing) {
+                returnToSender($errormsg, "&id=" . $family->getID());
+            }
+            returnToSender($errormsg);
+        }
+
        $database->action(function($database) {
            global $family, $VARS, $editing;

@ -76,6 +80,16 @@ switch ($VARS['action']) {
                $family->setPhone($VARS['phone']);
                $family->setEmail($VARS['email']);

+                if ($editing) {
+                    if ($database->has("families", ["AND" => ["email" => $family->getEmail(), "familyid[!]" => $family->getID()]])) {
+                        errorBack("That email address is already in use with another family.");
+                    }
+                } else {
+                    if ($database->has("families", ["email" => $family->getEmail()])) {
+                        errorBack("That email address is already in use with another family.");
+                    }
+                }
+
                $address = $VARS['streetaddress'];
                $city = $VARS['city'];
                $state = strtoupper($VARS['state']);
--- a/public/actions/submitmembership.php
+++ b/public/actions/submitmembership.php
@ -21,9 +21,11 @@ if (empty($_POST['agree_terms'])) {
 }

 $family = new Family();
+$renewal = false;

 if (!empty($_SESSION['familyid']) && $database->has("families", ['familyid' => $_SESSION['familyid']])) {
    $family = (new Family())->load($_SESSION['familyid']);
+    $renewal = true;
 } else if (!empty($_POST['renewing'])) {
    // Session expired, but we're renewing, so kick them back to verification
    header("Location: ../?page=renew&msg=sessionexpired");
@ -31,7 +33,7 @@ if (!empty($_SESSION['familyid']) && $database->has("families", ['familyid' => $
 }

 $database->action(function($database) {
-    global $family;
+    global $family, $renewal;

    try {
        $lastname = $_POST['familyname'];
@ -55,6 +57,16 @@ $database->action(function($database) {
        $family->setPhone($_POST['phone']);
        $family->setEmail($_POST['email']);

+        if ($renewal) {
+            if ($database->has("families", ["AND" => ["email" => $family->getEmail(), "familyid[!]" => $family->getID()]])) {
+                errorBack("That email address is already in use with another family.");
+            }
+        } else {
+            if ($database->has("families", ["email" => $family->getEmail()])) {
+                errorBack("That email address is already in use with another family.");
+            }
+        }
+
        $address = $_POST['streetaddress'];
        $city = $_POST['city'];
        $state = strtoupper($_POST['state']);