/HistorySite/editor/util.php
PHP | 516 lines | 357 code | 119 blank | 40 comment | 63 complexity | 62568e2956c12c442e1b4b63aa90cbaa MD5 | raw file
Possible License(s): GPL-2.0, LGPL-2.1, AGPL-3.0
- <?php
- include 'editor_conf.php';
- function connect_db(){
- //echo 'connecting to db<br>';
- $host="localhost";
- $db_user="phpmyadmin";
- $db_password="password";
- $database="history";
- $mysql_link = mysql_connect($host, $db_user, $db_password) or die(mysql_error());
- mysql_select_db($database) or die(mysql_error());
- //echo 'connected db<br>';
- return $mysql_link;
- }
- function userLogin($username, $password){
- //echo 'logging in<br>';
- $mysql_link = connect_db();
- //echo 'pass = ' . $password . '<br>';
- $password = md5($password);
- //echo $password;
- $result=mysql_query("SELECT * FROM user_info WHERE username='$username'
- AND password='$password'");
- if(mysql_num_rows($result)!='0'){
- //echo 'passed logging in test<br>';
- $uniqueID = rand(0,1000000);
- $IP = $_SERVER['REMOTE_ADDR'];
- mysql_query("UPDATE user_info SET unique_ID = '$uniqueID', IP = '$IP'
- WHERE username = '$username'");
- setcookie("engl_username", $username, time()+3600);
- setcookie("engl_uniqueID", $uniqueID, time()+3600);
- if(mysql_num_rows($result)!='0'){
- $user_info = mysql_fetch_array(mysql_query("select permission from user_info where username='$username'"));
- mysql_close($mysql_link);
- return $user_info['permission'];
- }
- else
- return false;
- }
-
- /*
- while($row = mysql_fetch_array($result)){
- echo $row['username'];
- echo '<br>';
- echo $row['password'];
- echo '<br>';
- }
- */
- mysql_close($mysql_link);
- return false;
-
- }
- function checkUser(){
- //echo 'start check user <br>';
- // if(isset($_COOKIE['engl_username']) && isset($_COOKIE['engl_uniqueID'])){
- $link = connect_db();
- $username = $_COOKIE['engl_username'];
- $uniqueID = $_COOKIE['engl_uniqueID'];
- $IP = $_SERVER['REMOTE_ADDR'];
- $result=mysql_query("select * from user_info where username='$username'
- and unique_ID='$uniqueID' and IP = '$IP'");
- /*
- while($row = mysql_fetch_array($result)){
- echo $username . ' = ' . $row['username'];
- echo '<br>';
- echo $uniqueID . ' = ' . $row['unique_ID'];
- echo '<br>';
- echo $IP . ' = ' . $row['IP'];
- echo '<br>';
- }
- */
- if(mysql_num_rows($result)!='0'){
- $user_info = mysql_fetch_array(mysql_query("select permission from user_info where username='$username'"));
- return $user_info['permission'];
- }
- else
- return false;
-
- /*}
- else{
- echo 'here';
- return false;
- }*/
- }
- function checkStanding(){
- // if(isset($_COOKIE['engl_username']) && isset($_COOKIE['engl_uniqueID'])){
- $link = connect_db();
- $username = $_COOKIE['engl_username'];
- $uniqueID = $_COOKIE['engl_uniqueID'];
- $IP = $_SERVER['REMOTE_ADDR'];
- $result=mysql_query("select * from user_info where username='$username'
- and unique_ID='$uniqueID' and IP = '$IP'");
- if(mysql_num_rows($result)!='0'){
- $user_info = mysql_fetch_array(mysql_query("select standing from user_info where username='$username'"));
- return $user_info['standing'];
- }
- else
- return false;
- /*}
- else
- return false;*/
- }
- function checkIntranetPermit(){
- if(checkStanding() != false){
- return in_array(checkStanding(),$intranetList);
- }
- }
- function deleteCookie(){
- setcookie("engl_username",'',time() - 3600);
- setcookie("engl_uniqueID",'',time() - 3600);
- }
- function savedata($basepath, $facultypath, $data, $permission, $val){
-
- $fac_addr_list=array($facultypath . $_COOKIE['engl_username'] . '/',
- $facultypath . $_COOKIE['engl_username'] . '/sub_nav/');
-
- if($permission != 'Admin'){
- $tok = strtok($val, '/');
- if($permission == 'Graduate Advisor'){
- if($tok != 'graduate'){
- $error = 1; header('location:login.html'); exit;
- }
- }
- if($permission == 'Undergraduate Advisor'){
- if($tok != 'undergraduate'){
- $error = 1; header('location:login.html'); exit;
- }
- }
- if($permission == 'Instructor'){
- if($val != 'people/faculty/'.$_COOKIE['engl_username'].'/'){
- $error = 1; header('location:login.html'); exit;
- }
- }
- if($permission == false){
- $error = 1; header('location:login.html'); exit;
- }
- }
-
- $html=stripslashes($data);
- // save the content
- $val = $_GET['addr'];
- chdir($basepath);
- $addr = $val . "content.html";
- $fh = fopen($addr, 'w');
- fwrite($fh, $html);
- fclose($fh);
- }
- function change_pass($user_name, $new_pass, $confirm_pass){
- if($new_pass == $confirm_pass){
- $link = connect_db();
- $new_pass = md5($new_pass);
- $user_list[$user_name] = $new_pass;
- mysql_query("UPDATE user_info SET password = '$new_pass'
- WHERE username = '$username'");
- mysql_close($link);
- echo '<body bgcolor="#D8E2E2">';
- echo "password has been changed<br>";
- }
- else{ echo 'An error occured during the process'; }
- }
- function create_user($new_username, $new_password, $lastname, $firstname, $email, $permission, $standing, $phonenb, $office, $officehr, $title, $field){
- $index_page = '<?php
- include "../../../editor_conf.php";
- include $basepath."page_top2.php";
- ?>
- <div id="global_nav">
- <?php include $basepath."global_nav.php";?>
- </div>
- <div id="main_content">
- <?php echo file_get_contents("content.html");?>
- </div>
- <div id="sub_nav">
- <?php echo file_get_contents("sub_nav/content.html");?>
- </div>
- <div id="closing">
- <span></span>
- </div>
- </div>
- </body>
- </html>';
- $link = connect_db();
- $result=mysql_query("SELECT * FROM user_info WHERE username='$new_username'");
- if(mysql_num_rows($result)=='0' && $new_username != ''){
- $password = md5($new_password);
-
- mysql_query("INSERT INTO user_info (username, password, last_name, first_name, email, permission, standing, phonenb, office, officehr, title, field)
- VALUES ('$new_username', '$password', '$lastname', '$firstname', '$email', '$permission', '$standing', '$phonenb', '$office', '$officehr', '$title', '$field')");
- mysql_close($link);
-
- $user_dir = '../faculty/profiles/' . $new_username;
- $user_sub = $user_dir . '/sub_nav';
- $user_file = '../files/' . $new_username;
-
- if(!is_dir($user_dir)){
- mkdir($user_dir,0755);
- //mkdir($user_sub,0755);
-
- $fh = fopen($user_dir . '/index.php', 'w');
- fwrite($fh, $index_page);
- fclose($fh);
-
- echo "<br>created " . $new_username . '<br>';
- }
- }else{echo '<br> existing username ' . $new_username . '<br>';}
-
- }
- function deleteUser($username){
- $link = connect_db();
- $result=mysql_query("SELECT * FROM user_info WHERE username='$username'");
- if(mysql_num_rows($result)=='1' && $username != ''){
- mysql_query("DELETE FROM user_info WHERE username='$username'");
-
- mysql_close($link);
-
- $user_dir = '../faculty/profiles/' . $username;
- $user_sub = $user_dir . '/sub_nav';
- $userInfo = getUserInfo($username);
- $userEmail = $userInfo['email'];
- $tok = strtok($userEmail,'@');
- $user_file = '../files/' . $tok .'/';
- if(is_dir($user_dir)){
- $index_path = $user_dir . '/index.php';
- $content_path = $user_dir . '/content.html';
- unlink($index_path);
- unlink($content_path);
-
- rmdir($user_dir);
- //rmdir($user_sub);
- }
- if(is_dir($user_file)){
- rm_recursive($user_file);
- }
-
- }
- }
- function listusers(){
- $link = connect_db();
- $result = mysql_query("SELECT * FROM user_info");
- mysql_close($link);
- $list = null;
- while($row = mysql_fetch_array($result)){
- if($row['permission'] != 'Admin'){
- $list[$row['username']] = $row['username']; // this is not the right way, but for now this hack works.
- }
- }
- if($list != null){
- asort($list);
- return $list;
- }
- else
- return '0';
- }
- function listAdmin(){
- $link = connect_db();
- $result = mysql_query("SELECT * FROM user_info");
- mysql_close($link);
- $list = null;
- while($row = mysql_fetch_array($result)){
- if($row['permission'] == 'Admin'){
- $list[$row['username']] = $row['username']; // this is not the right way, but for now this hack works.
- }
- }
- if($list != null){
- return $list;
- }
- else
- return '0';
- }
- function returnData(){
- $link = connect_db();
- $result = mysql_query("SELECT * FROM historydata");
- mysql_close($link);
- return $result;
-
- }
- function getUserData($username){
- $link = connect_db();
- $result = mysql_query("SELECT * FROM user_info WHERE username='$username'");
- $row = mysql_fetch_array($result);
- mysql_close($link);
- return $row;
- }
- function changeUserData($username, $new_password, $lastname, $firstname, $email, $permission, $standing, $phonenb, $office, $officehr,$field,$title,$interest){
- $link = connect_db();
- if($new_password == 'donotchange'){
- mysql_query("UPDATE user_info SET
- last_name='$lastname', first_name='$firstname', email='$email',
- permission='$permission', standing='$standing', phonenb='$phonenb',
- office='$office', officehr='$officehr', field='$field', title='$title', interest='$interest' WHERE username='$username'");
- }
- else{
- //echo $new_password .'<br>';
- //echo md5($new_password);
- $new_password = md5($new_password);
- mysql_query("UPDATE user_info SET password = '$new_password',
- last_name='$lastname', first_name='$firstname', email='$email',
- permission='$permission', standing='$standing', phonenb='$phonenb',
- office='$office', officehr='$officehr', field='$field', title='$title', interest='$interest' WHERE username='$username'");
- }
- mysql_close($link);
- }
- function pullDownMenu($items, $data){
- $tag = '';
- foreach($items as $item){
- if($data==$item)
- $tag .= '<option value="'.$item.'" selected="yes">'.$item.'</option>';
- else
- $tag .= '<option value="'.$item.'">'.$item.'</option>';
- }
- return $tag;
- }
- function checkBox($items, $str){
- $datas = stringToArray($str, ',');
- $tag = '';
- if(empty($datas)){
- $datas = array('empty');
- }
- $list;
-
- foreach($items as $item){
- foreach($datas as $data){
- if($item==$data){
- $list[$item]=1;
- }
- elseif(!isset($list[$item])){
- $list[$item]=0;
- }
- }
- }
-
- foreach($list as $item => $value){
- if($value == 1){
- $tag .= '<input type="checkbox" name="'.$item.'" CHECKED >'.$item.'</input><br>';
- }
- else{
- $tag .= '<input type="checkbox" name="'.$item.'">'.$item.'</input><br>';
- }
- }
- return $tag;
- }
- function stringToArray($str,$sp){
-
- $tok = strtok($str, $sp);
- $arr = Array();
-
- while ($tok !== false) {
- array_push($arr,$tok);
- $tok = strtok($sp);
- }
- return $arr;
- }
- function CBItemsToString($CBItems, $post){
- $str = '';
- foreach($CBItems as $item){
- if(isset($post[$item])){
- $str .= $item . ',';
- }
- }
- if($str != ''){
- $str = substr($str,0,-1);
- }
- return $str;
- }
- function updateFacultyPath($filepath,$user){
- if(isset($_COOKIE['engl_username'])){
- $userInfo = getUserInfo($_COOKIE['engl_username']);
- $userEmail = $userInfo['email'];
- $tok = strtok($userEmail,'@');
- switch($user){
-
- case 'Admin':
- break;
- case 'Graduate Advisor':
- break;
- case 'Undergraduate Advisor':
- break;
- case 'Homepage':
- break;
- case 'News':
- break;
- case 'Instructor':
- $filepath .= $tok .'/';
- break;
- default:
- return false;
-
- }
- return $filepath;
- }
- else
- return false;
- }
- function getUserInfo($username){
- $link = connect_db();
- $result=mysql_query("select * from user_info where username='$username'");
- $user_info = mysql_fetch_array(mysql_query("select * from user_info where username='$username'"));
- mysql_close($link);
- return $user_info;
- }
- function rm_recursive($filepath)
- {
- if (is_dir($filepath) && !is_link($filepath))
- {
- if ($dh = opendir($filepath))
- {
- while (($sf = readdir($dh)) !== false)
- {
- if ($sf == '.' || $sf == '..')
- {
- continue;
- }
- if (!rm_recursive($filepath.'/'.$sf))
- {
- throw new Exception($filepath.'/'.$sf.' could not be deleted.');
- }
- }
- closedir($dh);
- }
- return rmdir($filepath);
- }
- return unlink($filepath);
- }