xmlrpc.php | searchcode

/flotsam/Servers/XmlRpcGroupsServer/xmlrpc.php

Large files files are truncated, but you can click here to view the full file

<?php
//	ini_set("display_errors",0);
    /*
      Actual failures that result in mysql or php errors should be returned as:
      
      return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
      
      Methods that run without errors, but do not have the intended result should return as:
      
      return array('succeed' => 'false', 'message' => 'No Groups Found', 'params' => var_export($params, TRUE));
      
      or if applicable:
      
      return array('succeed' => 'false', 'message' => 'What went wrong', 'params' => var_export($params, TRUE), 'sql' => $sql);
    */

    include("phpxmlrpclib/xmlrpc.inc");
    include("phpxmlrpclib/xmlrpcs.inc");

    include("config.php");
	

    $groupPowers = array(
        'None' => '0',
        /// <summary>Can send invitations to groups default role</summary>
        'Invite' => '2',
        /// <summary>Can eject members from group</summary>
        'Eject' => '4',
        /// <summary>Can toggle 'Open Enrollment' and change 'Signup fee'</summary>
        'ChangeOptions' => '8',
        /// <summary>Can create new roles</summary>
        'CreateRole' => '16',
        /// <summary>Can delete existing roles</summary>
        'DeleteRole' => '32',
        /// <summary>Can change Role names, titles and descriptions</summary>
        'RoleProperties' => '64',
        /// <summary>Can assign other members to assigners role</summary>
        'AssignMemberLimited' => '128',
        /// <summary>Can assign other members to any role</summary>
        'AssignMember' => '256',
        /// <summary>Can remove members from roles</summary>
        'RemoveMember' => '512',
        /// <summary>Can assign and remove abilities in roles</summary>
        'ChangeActions' => '1024',
        /// <summary>Can change group Charter, Insignia, 'Publish on the web' and which
        /// members are publicly visible in group member listings</summary>
        'ChangeIdentity' => '2048',
        /// <summary>Can buy land or deed land to group</summary>
        'LandDeed' => '4096',
        /// <summary>Can abandon group owned land to Governor Linden on mainland, or Estate owner for
        /// private estates</summary>
        'LandRelease' => '8192',
        /// <summary>Can set land for-sale information on group owned parcels</summary>
        'LandSetSale' => '16384',
        /// <summary>Can subdivide and join parcels</summary>
        'LandDivideJoin' => '32768',
        /// <summary>Can join group chat sessions</summary>
        'JoinChat' => '65536',
        /// <summary>Can toggle "Show in Find Places" and set search category</summary>
        'FindPlaces' => '131072',
        /// <summary>Can change parcel name, description, and 'Publish on web' settings</summary>
        'LandChangeIdentity' => '262144',
        /// <summary>Can set the landing point and teleport routing on group land</summary>
        'SetLandingPoint' => '524288',
        /// <summary>Can change music and media settings</summary>
        'ChangeMedia' => '1048576',
        /// <summary>Can toggle 'Edit Terrain' option in Land settings</summary>
        'LandEdit' => '2097152',
        /// <summary>Can toggle various About Land > Options settings</summary>
        'LandOptions' => '4194304',
        /// <summary>Can always terraform land, even if parcel settings have it turned off</summary>
        'AllowEditLand' => '8388608',
        /// <summary>Can always fly while over group owned land</summary>
        'AllowFly' => '16777216',
        /// <summary>Can always rez objects on group owned land</summary>
        'AllowRez' => '33554432',
        /// <summary>Can always create landmarks for group owned parcels</summary>
        'AllowLandmark' => '67108864',
        /// <summary>Can use voice chat in Group Chat sessions</summary>
        'AllowVoiceChat' => '134217728',
        /// <summary>Can set home location on any group owned parcel</summary>
        'AllowSetHome' => '268435456',
        /// <summary>Can modify public access settings for group owned parcels</summary>
        'LandManageAllowed' => '536870912',
        /// <summary>Can manager parcel ban lists on group owned land</summary>
        'LandManageBanned' => '1073741824',
        /// <summary>Can manage pass list sales information</summary>
        'LandManagePasses' => '2147483648',
        /// <summary>Can eject and freeze other avatars on group owned land</summary>
        'LandEjectAndFreeze' => '4294967296',
        /// <summary>Can return objects set to group</summary>
        'ReturnGroupSet' => '8589934592',
        /// <summary>Can return non-group owned/set objects</summary>
        'ReturnNonGroup' => '17179869184',
        /// <summary>Can landscape using Linden plants</summary>
        'LandGardening' => '34359738368',
        /// <summary>Can deed objects to group</summary>
        'DeedObject' => '68719476736',
        /// <summary>Can moderate group chat sessions</summary>
        'ModerateChat' => '137438953472',
        /// <summary>Can move group owned objects</summary>
        'ObjectManipulate' => '274877906944',
        /// <summary>Can set group owned objects for-sale</summary>
        'ObjectSetForSale' => '549755813888',
        /// <summary>Pay group liabilities and receive group dividends</summary>
        'Accountable' => '1099511627776',
        /// <summary>Can send group notices</summary>
        'SendNotices'    => '4398046511104',
        /// <summary>Can receive group notices</summary>
        'ReceiveNotices' => '8796093022208',
        /// <summary>Can create group proposals</summary>
        'StartProposal' => '17592186044416',
        /// <summary>Can vote on group proposals</summary>
        'VoteOnProposal' => '35184372088832',
        /// <summary>Can return group owned objects</summary>
        'ReturnGroupOwned' => '281474976710656',
        /// <summary>Members are visible to non-owners</summary>
		    'RoleMembersVisible' => '140737488355328'
		);
	
    $uuidZero = "00000000-0000-0000-0000-000000000000";
    
    $groupDBCon = mysql_connect($dbHost,$dbUser,$dbPassword);
    if (!$groupDBCon)
    {
        die('Could not connect: ' . mysql_error());
    }
    mysql_select_db($dbName, $groupDBCon);

    // This is filled in by secure()
    $requestingAgent = $uuidZero;
    
    function test() 
    {
        return array('name' => 'Joe','age' => 27);
    }

    // Use a common signature for all the group functions  ->  struct foo($struct)
    $common_sig = array(array($xmlrpcStruct, $xmlrpcStruct));

    function createGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
	
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;

        $groupID        = $params["GroupID"];
        $name           = $params["Name"];
        $charter        = $params["Charter"];
        $insigniaID     = $params["InsigniaID"];
        $founderID      = $params["FounderID"];
        $membershipFee  = $params["MembershipFee"];
        $openEnrollment = $params["OpenEnrollment"];
        $showInList     = $params["ShowInList"];
        $allowPublish   = $params["AllowPublish"];
        $maturePublish  = $params["MaturePublish"];
        $ownerRoleID    = $params["OwnerRoleID"];
        $everyonePowers = $params["EveryonePowers"];
        $ownersPowers   = $params["OwnersPowers"];
        
        $escapedParams         = array_map("mysql_real_escape_string", $params);
        $escapedGroupID        = $escapedParams["GroupID"];
        $escapedName           = $escapedParams["Name"];
        $escapedCharter        = $escapedParams["Charter"];
        $escapedInsigniaID     = $escapedParams["InsigniaID"];
        $escapedFounderID      = $escapedParams["FounderID"];
        $escapedMembershipFee  = $escapedParams["MembershipFee"];
        $escapedOpenEnrollment = $escapedParams["OpenEnrollment"];
        $escapedShowInList     = $escapedParams["ShowInList"];
        $escapedAllowPublish   = $escapedParams["AllowPublish"];
        $escapedMaturePublish  = $escapedParams["MaturePublish"];
        $escapedOwnerRoleID    = $escapedParams["OwnerRoleID"];

        // Create group
        $sql = "INSERT INTO osgroup
                (GroupID, Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID)
                VALUES
                ('$escapedGroupID', '$escapedName', '$escapedCharter', '$escapedInsigniaID', '$escapedFounderID', $escapedMembershipFee, $escapedOpenEnrollment, $escapedShowInList, $escapedAllowPublish, $escapedMaturePublish, '$escapedOwnerRoleID')";
        
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        // Create Everyone Role
        // NOTE: FIXME: This is a temp fix until the libomv enum for group powers is fixed in OpenSim
		
        $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $uuidZero, 'Name' => 'Everyone', 'Description' => 'Everyone in the group is in the everyone role.', 'Title' => "Member of $name", 'Powers' => $everyonePowers));
        if( isset($result['error']) )
        {
            return $result;
        }

        // Create Owner Role
        $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $ownerRoleID, 'Name' => 'Owners', 'Description' => "Owners of $name", 'Title' => "Owner of $name", 'Powers' => $ownersPowers));
        if( isset($result['error']) )
        {
            return $result;
        }

        // Add founder to group, will automatically place them in the Everyone Role, also places them in specified Owner Role
        $result = _addAgentToGroup(array('AgentID' => $founderID, 'GroupID' => $groupID, 'RoleID' => $ownerRoleID));
        if( isset($result['error']) )
        {
            return $result;
        }
        
        // Select the owner's role for the founder
        $result = _setAgentGroupSelectedRole(array('AgentID' => $founderID, 'RoleID' => $ownerRoleID, 'GroupID' => $groupID));
        if( isset($result['error']) )
        {
            return $result;
        }
        
        // Set the new group as the founder's active group
        $result = _setAgentActiveGroup(array('AgentID' => $founderID, 'GroupID' => $groupID));
        if( isset($result['error']) )
        {
            return $result;
        }
        
        return getGroup(array("GroupID"=>$groupID));
    }
    
	  // Private method, does not include security, to only be called from places that have already verified security
    function _addRoleToGroup($params)
    {
        $everyonePowers = 8796495740928; // This should now be fixed, when libomv was updated...		
	
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = mysql_real_escape_string( $params['GroupID'] );
        $roleID  = mysql_real_escape_string( $params['RoleID'] );
        $name    = mysql_real_escape_string( $params['Name'] );
        $desc    = mysql_real_escape_string( $params['Description'] );
        $title   = mysql_real_escape_string( $params['Title'] );
        $powers  = mysql_real_escape_string( $params['Powers'] );

        if( !isset($powers) || ($powers == 0) || ($powers == '') )
        {
            $powers = $everyonePowers;
        }
        
        $sql = " INSERT INTO osrole (GroupID, RoleID, Name, Description, Title, Powers) VALUES "
              ." ('$groupID', '$roleID', '$name', '$desc', '$title', $powers)";

        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()
                       , 'method' => 'addRoleToGroup'
                       , 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
	
    function addRoleToGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
      
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = $params['GroupID'];
          
        // Verify the requesting agent has permission
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['CreateRole'])) )
        {
            return $error;
        }

        return _addRoleToGroup($params);
    }
    
    function updateGroupRole($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = mysql_real_escape_string( $params['GroupID'] );
        $roleID  = mysql_real_escape_string( $params['RoleID'] );
        $name    = mysql_real_escape_string( $params['Name'] );
        $desc    = mysql_real_escape_string( $params['Description'] );
        $title   = mysql_real_escape_string( $params['Title'] );
        $powers  = mysql_real_escape_string( $params['Powers'] );
        
        // Verify the requesting agent has permission
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
        {
            return $error;
        }
		
        $sql = " UPDATE osrole SET RoleID = '$roleID' ";
        if( isset($params['Name']) )
        {
            $sql .= ", Name = '$name'";
        }
        if( isset($params['Description']) )
        {
            $sql .= ", Description = '$desc'";
        }
        if( isset($params['Title']) )
        {
            $sql .= ", Title = '$title'";
        }
        if( isset($params['Powers']) )
        {
            $sql .= ", Powers = $powers";
        }
        
        $sql .= " WHERE GroupID = '$groupID' AND RoleID = '$roleID'";

        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
    
    function removeRoleFromGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = mysql_real_escape_string( $params['GroupID'] );
        $roleID  = mysql_real_escape_string( $params['RoleID'] );
        
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
        {
            return $error;
        }
		
        /// 1. Remove all members from Role
        /// 2. Set selected Role to uuidZero for anyone that had the role selected
        /// 3. Delete roll
        
        $sql = "DELETE FROM osgrouprolemembership WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        $sql = "UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        $sql = "DELETE FROM osrole WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
    
    function getGroup($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
          return $error;
        }
		
        return _getGroup($params);
    }
		
    function _getGroup($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $sql = " SELECT osgroup.GroupID, osgroup.Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID"
              ." , count(osrole.RoleID) as GroupRolesCount, count(osgroupmembership.AgentID) as GroupMembershipCount "
              ." FROM osgroup "
              ." LEFT JOIN osrole ON (osgroup.GroupID = osrole.GroupID)"
              ." LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
              ." WHERE ";

        if( isset($params['GroupID']) )
        {
            $sql .= "osgroup.GroupID = '" . mysql_real_escape_string($params['GroupID']). "'";
        } 
        else if( isset($params['Name']) ) 
        {
            $sql .= "osgroup.Name = '" . mysql_real_escape_string($params['Name']) . "'";
        } 
        else 
        {
            return array("error" => "Must specify GroupID or Name");
        }
        
        $sql .= " GROUP BY osgroup.GroupID, osgroup.name, charter, insigniaID, founderID, membershipFee, openEnrollment, showInList, allowPublish, maturePublish, ownerRoleID";
        
        $result = mysql_query($sql, $groupDBCon);
        
        if (!$result) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        if (mysql_num_rows($result) == 0) 
        {
            return array('succeed' => 'false', 'error' => 'Group Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        return mysql_fetch_assoc($result);
    }        
    
    function updateGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
          return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = mysql_real_escape_string( $params["GroupID"] );
        $charter = mysql_real_escape_string( $params["Charter"] );
        $insigniaID = mysql_real_escape_string( $params["InsigniaID"] );
        $membershipFee = mysql_real_escape_string( $params["MembershipFee"] );
        $openEnrollment = mysql_real_escape_string( $params["OpenEnrollment"] );
        $showInList = mysql_real_escape_string( $params["ShowInList"] );
        $allowPublish = mysql_real_escape_string( $params["AllowPublish"] );
        $maturePublish = mysql_real_escape_string( $params["MaturePublish"] );
        
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['ChangeOptions'])) )
        {
            return $error;
        }
		
        // Create group
        $sql = "UPDATE osgroup
                SET
                    Charter = '$charter'
                    , InsigniaID = '$insigniaID'
                    , MembershipFee = $membershipFee
                    , OpenEnrollment= $openEnrollment
                    , ShowInList    = $showInList
                    , AllowPublish  = $allowPublish
                    , MaturePublish = $maturePublish
                WHERE
                    GroupID = '$groupID'";
        
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        return array('success' => 'true');
    }

    function findGroups($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $search = mysql_real_escape_string( $params['Search'] );
        
        $sql = " SELECT osgroup.GroupID, osgroup.Name, count(osgroupmembership.AgentID) as Members "
              ." FROM osgroup LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID) "
              ." WHERE "
			  ." (    MATCH (osgroup.name) AGAINST ('$search' IN BOOLEAN MODE)"
              ."   OR osgroup.name LIKE '%$search%'"
              ."   OR osgroup.name REGEXP '$search'"
			  ." ) AND ShowInList = 1" 
              ." GROUP BY osgroup.GroupID, osgroup.Name";
        
        $result = mysql_query($sql, $groupDBCon);
        
        if (!$result) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        if( mysql_num_rows($result) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'No groups found.', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $results = array();

        while ($row = mysql_fetch_assoc($result)) 
        {
            $groupID = $row['GroupID'];
            $results[$groupID] = $row;
        }
        
        return array('results' => $results, 'success' => TRUE);
    }
    
    function _setAgentActiveGroup($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string( $params['AgentID'] );
        $groupID = mysql_real_escape_string( $params['GroupID'] );
		
        $sql = " UPDATE osagent "
              ." SET ActiveGroupID = '$groupID'"
              ." WHERE AgentID = '$agentID'";
    
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_affected_rows() == 0 )
        {
            $sql = " INSERT INTO osagent (ActiveGroupID, AgentID) VALUES "
                  ." ('$groupID', '$agentID')";
        
            if (!mysql_query($sql, $groupDBCon))
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }
        }
    
        return array("success" => "true");
    }

    function setAgentActiveGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = $params['AgentID'];
        $groupID = $params['GroupID'];
        
        if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
        {
            return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
        }
        
        return _setAgentActiveGroup($params);
    }
    
    function addAgentToGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = $params["GroupID"];
        $agentID = $params["AgentID"];        
		
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
        {
            // If they don't have direct permission, check to see if the group is marked for open enrollment
            $groupInfo = _getGroup( array ('GroupID' => $groupID) );
          
            if( isset($groupInfo['error']))
            {
                return $groupInfo;
            }

            if($groupInfo['OpenEnrollment'] != 1)
            {
                $escapedAgentID = mysql_real_escape_string($agentID);
                $escapedGroupID = mysql_real_escape_string($groupID);

                // Group is not open enrollment, check if the specified agentid has an invite
                $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite"
                      ." WHERE osgroupinvite.AgentID = '$escapedAgentID' AND osgroupinvite.GroupID = '$escapedGroupID'";
                        
                $results = mysql_query($sql, $groupDBCon);
                if (!$results) 
                {
                    return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
                }
                  
                if( mysql_num_rows($results) == 1 )
                {
                    // if there is an invite, make sure we're adding the user to the role specified in the invite
                    $inviteInfo = mysql_fetch_assoc($results);
                    $params['RoleID'] = $inviteInfo['RoleID'];
                } 
                else 
                {
                    // Not openenrollment, not invited, return permission denied error
                    return $error;
                }
            } 
        }

        return _addAgentToGroup($params);
    }
    
	  // Private method, does not include security, to only be called from places that have already verified security
    function _addAgentToGroup($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = $params["AgentID"];
        $groupID = $params["GroupID"];
        
        $roleID  = $uuidZero;
        if( isset($params["RoleID"]) )
        {
            $roleID = $params["RoleID"];
        }

        $escapedAgentID = mysql_real_escape_string($agentID);
        $escapedGroupID = mysql_real_escape_string($groupID);
        $escapedRoleID = mysql_real_escape_string($roleID);
    
        // Check if agent already a member
        $sql = " SELECT count(AgentID) as isMember FROM osgroupmembership WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'";
        $result = mysql_query($sql, $groupDBCon);
        if (!$result)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        // If not a member, add membership, select role (defaults to uuidZero, or everyone role)
        if( mysql_result($result, 0) == 0 )
        {
            $sql = " INSERT INTO osgroupmembership (GroupID, AgentID, Contribution, ListInProfile, AcceptNotices, SelectedRoleID) VALUES "
                  ."('$escapedGroupID','$escapedAgentID', 0, 1, 1,'$escapedRoleID')";
        
            if (!mysql_query($sql, $groupDBCon))
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }
        }
        
        // Make sure they're in the Everyone role
        $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $uuidZero, "AgentID" => $agentID));
        if( isset($result['error']) )
        {
            return $result;
        }
        
        // Make sure they're in specified role, if they were invited
        if( $roleID != $uuidZero )
        {
            $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $roleID, "AgentID" => $agentID));
            if( isset($result['error']) )
            {
                return $result;
            }
        }

		    //Set the role they were invited to as their selected role
        _setAgentGroupSelectedRole(array('AgentID' => $agentID, 'RoleID' => $roleID, 'GroupID' => $groupID));
		
        // Set the group as their active group.
        // _setAgentActiveGroup(array("GroupID" => $groupID, "AgentID" => $agentID));
		
        return array("success" => "true");
    }
    
    function removeAgentFromGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $agentID = $params["AgentID"];
        $groupID = $params["GroupID"];

        // An agent is always allowed to remove themselves from a group -- so only check if the requesting agent is different then the agent being removed.
        if( $agentID != $requestingAgent )
        {
            if( is_array($error = checkGroupPermission($groupID, $groupPowers['RemoveMember'])) )
            {
                return $error;
            }
        }

        $escapedAgentID = mysql_real_escape_string($agentID);
        $escapedGroupID = mysql_real_escape_string($groupID);
		
        // 1. If group is agent's active group, change active group to uuidZero
        // 2. Remove Agent from group (osgroupmembership)
        // 3. Remove Agent from all of the groups roles (osgrouprolemembership)
        
        $sql = " UPDATE osagent "
              ." SET ActiveGroupID = '$uuidZero'"
              ." WHERE AgentID = '$escapedAgentID' AND ActiveGroupID = '$escapedGroupID'";

        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        $sql = " DELETE FROM osgroupmembership "
              ." WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        $sql = " DELETE FROM osgrouprolemembership "
              ." WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
    
    function _addAgentToGroupRole($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params["AgentID"]);
        $groupID = mysql_real_escape_string($params["GroupID"]);
        $roleID = mysql_real_escape_string($params["RoleID"]);
    
        // Check if agent already a member
        $sql = " SELECT count(AgentID) as isMember FROM osgrouprolemembership WHERE AgentID = '$agentID' AND RoleID = '$roleID' AND GroupID = '$groupID'";
        $result = mysql_query($sql, $groupDBCon);
        if (!$result)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
    
        if( mysql_result($result, 0) == 0 )
        {
            $sql = " INSERT INTO osgrouprolemembership (GroupID, RoleID, AgentID) VALUES "
                  ."('$groupID', '$roleID', '$agentID')";
        
            if (!mysql_query($sql, $groupDBCon))
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }
        }
    
        return array("success" => "true");
    }
    
    function addAgentToGroupRole($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $agentID = $params["AgentID"];
        $groupID = $params["GroupID"];
        $roleID = $params["RoleID"];

        $escapedAgentID = mysql_real_escape_string($agentID);
        $escapedGroupID = mysql_real_escape_string($groupID);
        $escapedRoleID = mysql_real_escape_string($roleID);
    
        // Check if being assigned to Owners role, assignments to an owners role can only be requested by owners.
        $sql = " SELECT OwnerRoleID, osgrouprolemembership.AgentID "
              ." FROM osgroup LEFT JOIN osgrouprolemembership ON (osgroup.GroupID = osgrouprolemembership.GroupID AND osgroup.OwnerRoleID = osgrouprolemembership.RoleID) "
            ." WHERE osgrouprolemembership.AgentID = '" . mysql_real_escape_string($requestingAgent) . "' AND osgroup.GroupID = '$escapedGroupID'";
			  
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
		
        if( mysql_num_rows($results) == 0 )
        {
			return array('error' => "Group ($groupID) not found or Agent ($agentID) is not in the owner's role", 'params' => var_export($params, TRUE));
		}

        $ownerRoleInfo = mysql_fetch_assoc($results);
        if( ($ownerRoleInfo['OwnerRoleID'] == $roleID) && ($ownerRoleInfo['AgentID'] != $requestingAgent) )
        {
            return array('error' => "Requesting agent $requestingAgent is not a member of the Owners Role and cannot add members to the owners role.", 'params' => var_export($params, TRUE));
        }
	
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
        {
            return $error;
        }
	
		return _addAgentToGroupRole($params);
    }
    
    function removeAgentFromGroupRole($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $agentID = mysql_real_escape_string($params["AgentID"]);
        $groupID = mysql_real_escape_string($params["GroupID"]);
        $roleID  = mysql_real_escape_string($params["RoleID"]);

        if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
        {
            return $error;
        }
		
        // If agent has this role selected, change their selection to everyone (uuidZero) role
        $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
        $result = mysql_query($sql, $groupDBCon);
        if (!$result)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        $sql = " DELETE FROM osgrouprolemembership WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND RoleID = '$roleID'";
    
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
    
    function _setAgentGroupSelectedRole($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params["AgentID"]);
        $groupID = mysql_real_escape_string($params["GroupID"]);
        $roleID = mysql_real_escape_string($params["RoleID"]);
    
        $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$roleID' WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
        $result = mysql_query($sql, $groupDBCon);
        if (!$result)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
    
        return array('success' => 'true');
    }

    function setAgentGroupSelectedRole($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = $params["AgentID"];
        $groupID = $params["GroupID"];
        $roleID = $params["RoleID"];
    
        if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
        {
            return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
        }
	
        return _setAgentGroupSelectedRole($params);
    }
	
    function getAgentGroupMembership($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $groupID = mysql_real_escape_string($params['GroupID']);
        $agentID = mysql_real_escape_string($params['AgentID']);
        
        $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
              ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
              ." , osgroupmembership.SelectedRoleID, osrole.Title"
              ." , osagent.ActiveGroupID "
              ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
              ."              JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
              ."              JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
              ." WHERE osgroup.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'";
        
        $groupmembershipResult = mysql_query($sql, $groupDBCon);
        if (!$groupmembershipResult) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_num_rows($groupmembershipResult) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'None Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult);
        
        $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
              ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
              ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
        $groupPowersResult = mysql_query($sql, $groupDBCon);
        if (!$groupPowersResult) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
        
        return array_merge($groupMembershipInfo, $groupPowersInfo);
    }

    function getAgentGroupMemberships($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params['AgentID']);
        
        $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
              ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
              ." , osgroupmembership.SelectedRoleID, osrole.Title"
              ." , IFNULL(osagent.ActiveGroupID, '$uuidZero') AS ActiveGroupID"
              ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
              ."              JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
              ."         LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
              ." WHERE osgroupmembership.AgentID = '$agentID'";
        
        $groupmembershipResults = mysql_query($sql, $groupDBCon);
        if (!$groupmembershipResults) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        if( mysql_num_rows($groupmembershipResults) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'No Memberships', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $groupResults = array();
        while($groupMembershipInfo = mysql_fetch_assoc($groupmembershipResults))
        {
            $groupID = $groupMembershipInfo['GroupID'];
            $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
                  ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
                  ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
            $groupPowersResult = mysql_query($sql, $groupDBCon);
            if (!$groupPowersResult) 
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }
            $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
            $groupResults[$groupID] = array_merge($groupMembershipInfo, $groupPowersInfo);
        }
        
        return $groupResults;
    }
    
    // Parameters should not already be mysql_real_escape_string() escaped
    function canAgentViewRoleMembers( $agentID, $groupID, $roleID )
    {
        global $membersVisibleTo, $groupDBCon;
		
        if( $membersVisibleTo == 'All' ) 
          return true;

        $agentID = mysql_real_escape_string($agentID);
        $groupID = mysql_real_escape_string($groupID);
        $roleID  = mysql_real_escape_string($roleID); 
		
        $sql  = " SELECT CASE WHEN min(OwnerRoleMembership.AgentID) IS NOT NULL THEN 1 ELSE 0 END AS IsOwner ";
        $sql .= " FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osgroupmembership.AgentID = '$agentID')";
        $sql .= "         LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (OwnerRoleMembership.GroupID = osgroup.GroupID ";
        $sql .= "                   AND OwnerRoleMembership.RoleID  = osgroup.OwnerRoleID ";
        $sql .= "                   AND OwnerRoleMembership.AgentID = '$agentID')";
        $sql .= " WHERE osgroup.GroupID = '$groupID' GROUP BY osgroup.GroupID";	
		
        $viewMemberResults = mysql_query($sql, $groupDBCon);
        if (!$viewMemberResults)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error());
        }
        
        if (mysql_num_rows($viewMemberResults) == 0) 
        {
            return false;
        }
		
        $viewMemberInfo = mysql_fetch_assoc($viewMemberResults);
		
        switch( $membersVisibleTo )
        {
            case 'Group':
                // if we get to here, there is at least one row, so they are a member of the group
                return true;
            case 'Owners':
            default:
                return $viewMemberInfo['IsOwner'];			
        }
    }
	
    function getGroupMembers($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = $params['GroupID'];
        $escapedGroupID = mysql_real_escape_string($groupID);
        
        $sql = " SELECT osgroupmembership.AgentID"
              ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
              ." , osgroupmembership.SelectedRoleID, osrole.Title"
              ." , CASE WHEN OwnerRoleMembership.AgentID IS NOT NULL THEN 1 ELSE 0 END AS IsOwner"
              ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
              ."              JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
              ."              JOIN osrole AS OwnerRole ON (osgroup.OwnerRoleID  = OwnerRole.RoleID AND osgroup.GroupID  = OwnerRole.GroupID)"
              ."         LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (osgroup.OwnerRoleID       = OwnerRoleMembership.RoleID 
                                                                               AND (osgroup.GroupID           = OwnerRoleMembership.GroupID)
                                                                               AND (osgroupmembership.AgentID = OwnerRoleMembership.AgentID))"
              ." WHERE osgroup.GroupID = '$escapedGroupID'";
        
        $groupmemberResults = mysql_query($sql, $groupDBCon);
        if (!$groupmemberResults) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if (mysql_num_rows($groupmemberResults) == 0) 
        {
            return array('succeed' => 'false', 'error' => 'No Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $roleMembersVisibleBit = $groupPowers['RoleMembersVisible'];
        $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, '');
		
        $memberResults = array();
        while ($memberInfo = mysql_fetch_assoc($groupmemberResults))
        {
            $agentID = $memberInfo['AgentID'];
            $sql = " SELECT BIT_OR(osrole.Powers) AS AgentPowers, ( BIT_OR(osrole.Powers) & $roleMembersVisibleBit) as MemberVisible"
                  ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
                  ." WHERE osgrouprolemembership.GroupID = '$escapedGroupID' AND osgrouprolemembership.AgentID = '$agentID'";
            $memberPowersResult = mysql_query($sql, $groupDBCon);
            if (!$memberPowersResult) 
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }

            $memberPowersCount = mysql_num_rows($memberPowersResult);
            error_log("Found $memberPowersCount rows for agent $agentID for requesting agent $requestingAgent");

            if ($memberPowersCount == 0) 
            {
                if ($canViewAllGroupRoleMembers || $agentID == $requestingAgent)
                {
                    $memberResults[$agentID] = array_merge($memberInfo, array('AgentPowers' => 0));
                } 
                else 
                {
                    // if can't view all group role members and there is no Member Visible bit, then don't return this member's info
                    unset($memberResults[$agentID]);
                }
            } 
            else 
            {
                $memberPowersInfo = mysql_fetch_assoc($memberPowersResult);
                if ($memberPowersInfo['MemberVisible'] || $canViewAllGroupRoleMembers || $agentID == $requestingAgent)
                {
                    $memberResults[$agentID] = array_merge($memberInfo, $memberPowersInfo);
                } 
                else 
                {
                    // if can't view all group role members and there is no Member Visible bit, then don't return this member's info
                    unset($memberResults[$agentID]);
                }
            }
        }

        error_log("Returning " . count($memberResults) . " visible members for group $groupID for agent $agentID");
        
        if (count($memberResults) == 0) 
        {
            return array('succeed' => 'false', 'error' => 'No Visible Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
		
        return $memberResults;
    }
    
    function getAgentActiveMembership($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params['AgentID']);
        
        $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
              ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
              ." , osgroupmembership.SelectedRoleID, osrole.Title"
              ." , osagent.ActiveGroupID "
              ." FROM osagent JOIN osgroup ON (osgroup.GroupID = osagent.ActiveGroupID)"
              ."              JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osagent.AgentID = osgroupmembership.AgentID)"
              ."              JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
              ." WHERE osagent.AgentID = '$agentID'";
        
        $groupmembershipResult = mysql_query($sql, $groupDBCon);
        if (!$groupmembershipResult) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        if (mysql_num_rows($groupmembershipResult) == 0) 
        {
            return arra…
Large files files are truncated, but you can click here to view the full file