PageRenderTime 54ms CodeModel.GetById 27ms RepoModel.GetById 0ms app.codeStats 0ms

/php/projusers.php

https://gitlab.com/JoshJ/AGORA
PHP | 231 lines | 175 code | 15 blank | 41 comment | 20 complexity | 176d49326ba903f7cfd8f819e91b860a MD5 | raw file
    

  1. <?php

    2. 

  2. 	/**

    3. 

  3. 	AGORA - an interactive and web-based argument mapping tool that stimulates reasoning, 

    4. 

  4. 			reflection, critique, deliberation, and creativity in individual argument construction 

    5. 

  5. 			and in collaborative or adversarial settings. 

    6. 

  6.     Copyright (C) 2011 Georgia Institute of Technology

    7. 

  7. 

    8. 

  8.     This program is free software: you can redistribute it and/or modify

    9. 

  9.     it under the terms of the GNU Affero General Public License as

    10. 

  10.     published by the Free Software Foundation, either version 3 of the

    11. 

  11.     License, or (at your option) any later version.

    12. 

  12. 

    13. 

  13.     This program is distributed in the hope that it will be useful,

    14. 

  14.     but WITHOUT ANY WARRANTY; without even the implied warranty of

    15. 

  15.     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the

    16. 

  16.     GNU Affero General Public License for more details.

    17. 

  17. 

    18. 

  18.     You should have received a copy of the GNU Affero General Public License

    19. 

  19.     along with this program.  If not, see <http://www.gnu.org/licenses/>.

    20. 

  20. 	

    21. 

  21. 	*/

    22. 

  22. 	

    23. 

  23. 	/**

    24. 

  24. 		List of variables for project creation:

    25. 

  25. 		uid: ID number for the user

    26. 

  26. 		pass_hash: The hash of the user's password

    27. 

  27. 		projID: The ID of the project.

    28. 

  28. 		userID: The ID of the user to be added or removed.

    29. 

  29. 		action: "add" or "remove". Pretty self-explanatory, really.

    30. 

  30. 		

    31. 

  31. 		THIS IS NOT THE CODE FOR A USER JOINING THE PROJECT WITH THE PASSWORD!

    32. 

  32. 	**/

    33. 

  33. 	require 'configure.php';

    34. 

  34. 	require 'errorcodes.php';

    35. 

  35. 	require 'establish_link.php';

    36. 

  36. 	require 'utilfuncs.php';

    37. 

  37. 	

    38. 

  38. 	/**

    39. 

  39. 	* Convenience function.

    40. 

  40. 	* Selects the last auto-generated ID (AUTO_INCREMENT) from the Database.

    41. 

  41. 	* See the following for the function that this uses:

    42. 

  42. 	* http://php.net/manual/en/function.mysql-insert-id.php

    43. 

  43. 	*/

    44. 

  44. 	function getLastInsert($linkID)

    45. 

  45. 	{

    46. 

  46. 		$query = "SELECT LAST_INSERT_ID()";

    47. 

  47. 		$resultID = mysql_query($query, $linkID);

    48. 

  48. 		$row = mysql_fetch_assoc($resultID);

    49. 

  49. 		return $row['LAST_INSERT_ID()'];

    50. 

  50. 	}

    51. 

  51. 	

    52. 

  52. 	function addUser($otheruserID, $projID, $userID, $level, $pass_hash, $output){

    53. 

  53. 		$output->addAttribute("ID", $projID);

    54. 

  54. 		global $dbName, $version;

    55. 

  55. 		header("Content-type: text/xml");

    56. 

  56. 		$xmlstr = "<?xml version='1.0'?>\n<project version='$version'></project>";

    57. 

  57. 		$output = new SimpleXMLElement($xmlstr);

    58. 

  58. 		$linkID= establishLink();

    59. 

  59. 		if(!$linkID){

    60. 

  60. 			badDBLink($output);

    61. 

  61. 			return $output;

    62. 

  62. 		}

    63. 

  63. 		$status=mysql_select_db($dbName, $linkID);

    64. 

  64. 		if(!$status){

    65. 

  65. 			 databaseNotFound($output);

    66. 

  66. 			 return $output;

    67. 

  67. 		}

    68. 

  68. 		if(!checkLogin($userID, $pass_hash, $linkID)){

    69. 

  69. 			print $userID;

    70. 

  70. 			print $pass_hash;

    71. 

  71. 			print $dbName;

    72. 

  72. 			incorrectLogin($output);

    73. 

  73. 			return $output;

    74. 

  74. 		}

    75. 

  75. 		//Basic boilerplate is done.

    76. 

  76. 

    77. 

  77. 		if(!checkForAdmin($projID, $userID, $linkID)){

    78. 

  78. 			notProjectAdmin($output);

    79. 

  79. 			return $output;

    80. 

  80. 		}

    81. 

  81. 		$query = "INSERT INTO projusers (proj_id, user_id, user_level) VALUES ($projID, $otheruserID, $level)";

    82. 

  82. 		$success = mysql_query($query, $linkID);

    83. 

  83. 		if($success){

    84. 

  84. 			$otheruser=$output->addChild("user");

    85. 

  85. 			$otheruser->addAttribute("ID", $otheruserID);

    86. 

  86. 			$otheruser->addAttribute("added", true);

    87. 

  87. 			return $output;

    88. 

  88. 		}else{

    89. 

  89. 			$otheruser=$output->addChild("user");

    90. 

  90. 			$otheruser->addAttribute("ID", $otheruserID);

    91. 

  91. 			$otheruser->addAttribute("added", false);

    92. 

  92. 			updateFailed($output, $query);

    93. 

  93. 			//Note that the UNIQUE pu_combo field ensures that a user can't be added to a project twice.

    94. 

  94. 			return $output;

    95. 

  95. 		}

    96. 

  96. 		

    97. 

  97. 		return $output;

    98. 

  98. 	}

    99. 

  99. 	

    100. 

  100. 	function removeUser($otheruserID, $projID, $userID, $pass_hash, $output){

    101. 

  101. 		$output->addAttribute("ID", $projID);

    102. 

  102. 		global $dbName, $version;

    103. 

  103. 		header("Content-type: text/xml");

    104. 

  104. 		$xmlstr = "<?xml version='1.0'?>\n<project version='$version'></project>";

    105. 

  105. 		$output = new SimpleXMLElement($xmlstr);

    106. 

  106. 		$linkID= establishLink();

    107. 

  107. 		if(!$linkID){

    108. 

  108. 			badDBLink($output);

    109. 

  109. 			return $output;

    110. 

  110. 		}

    111. 

  111. 		$status=mysql_select_db($dbName, $linkID);

    112. 

  112. 		if(!$status){

    113. 

  113. 			 databaseNotFound($output);

    114. 

  114. 			 return $output;

    115. 

  115. 		}

    116. 

  116. 		if(!checkLogin($userID, $pass_hash, $linkID)){

    117. 

  117. 			incorrectLogin($output);

    118. 

  118. 			return $output;

    119. 

  119. 		}

    120. 

  120. 		//Basic boilerplate is done.

    121. 

  121. 		if(!checkForAdmin($projID, $userID, $linkID)){

    122. 

  122. 			notProjectAdmin($output);

    123. 

  123. 			return $output;

    124. 

  124. 		}

    125. 

  125. 		mysql_query("START TRANSACTION");

    126. 

  126. 		$query = "DELETE FROM projusers WHERE proj_id=$projID AND user_id=$otheruserID";

    127. 

  127. 		

    128. 

  128. 		$success = mysql_query($query, $linkID);

    129. 

  129. 		if($success){

    130. 

  130. 			//Remove all of this user's maps from the project and make a new project for them.

    131. 

  131. 			

    132. 

  132. 			$query = "INSERT INTO projects (user_id, title, password, is_hostile) VALUES

    133. 

  133. 										($otheruserID, 'Automatically created project', NULL, 1)";

    134. 

  134. 			$status = mysql_query($query, $linkID);

    135. 

  135. 			$newID = getLastInsert($linkID);

    136. 

  136. 			if(!$status){

    137. 

  137. 				mysql_query("ROLLBACK");

    138. 

  138. 				rolledBack($output);

    139. 

  139. 				return $output;

    140. 

  140. 			}

    141. 

  141. 			

    142. 

  142. 			$uquery = "UPDATE maps SET proj_id=$newID WHERE user_id=$otheruserID AND proj_id=$projID";

    143. 

  143. 			$status = mysql_query($uquery, $linkID);

    144. 

  144. 			if(!$status){

    145. 

  145. 				mysql_query("ROLLBACK");

    146. 

  146. 				rolledBack($output);

    147. 

  147. 				return $output;

    148. 

  148. 			}

    149. 

  149. 			$otheruser=$output->addChild("user");

    150. 

  150. 			$otheruser->addAttribute("ID", $otheruserID);

    151. 

  151. 			$otheruser->addAttribute("removed", true);

    152. 

  152. 			mysql_query("COMMIT");

    153. 

  153. 			return $output;

    154. 

  154. 		}else{

    155. 

  155. 			$otheruser=$output->addChild("user");

    156. 

  156. 			$otheruser->addAttribute("ID", $otheruserID);

    157. 

  157. 			$otheruser->addAttribute("removed", false);

    158. 

  158. 			updateFailed($output, $query);

    159. 

  159. 			mysql_query("ROLLBACK");

    160. 

  160. 			rolledBack($output);

    161. 

  161. 			return $output;

    162. 

  162. 		}		

    163. 

  163. 		return $output;

    164. 

  164. 	}

    165. 

  165. 

    166. 

  166. 	function modifyUser($otheruserID, $projID, $userID, $level, $pass_hash, $output){

    167. 

  167. 		$output->addAttribute("ID", $projID);

    168. 

  168. 		global $dbName, $version;

    169. 

  169. 		header("Content-type: text/xml");

    170. 

  170. 		$xmlstr = "<?xml version='1.0'?>\n<project version='$version'></project>";

    171. 

  171. 		$output = new SimpleXMLElement($xmlstr);

    172. 

  172. 		$linkID= establishLink();

    173. 

  173. 		if(!$linkID){

    174. 

  174. 			badDBLink($output);

    175. 

  175. 			return $output;

    176. 

  176. 		}

    177. 

  177. 		$status=mysql_select_db($dbName, $linkID);

    178. 

  178. 		if(!$status){

    179. 

  179. 			 databaseNotFound($output);

    180. 

  180. 			 return $output;

    181. 

  181. 		}

    182. 

  182. 		if(!checkLogin($userID, $pass_hash, $linkID)){

    183. 

  183. 			incorrectLogin($output);

    184. 

  184. 			return $output;

    185. 

  185. 		}

    186. 

  186. 		//Basic boilerplate is done.

    187. 

  187. 		if(!checkForAdmin($projID, $userID, $linkID)){

    188. 

  188. 			notProjectAdmin($output);

    189. 

  189. 			return $output;

    190. 

  190. 		}

    191. 

  191. 		$query = "UPDATE projusers SET user_level=$level WHERE proj_id=$projID AND user_id=$otheruserID";

    192. 

  192. 		

    193. 

  193. 		$success = mysql_query($query, $linkID);

    194. 

  194. 		if($success){

    195. 

  195. 			$otheruser=$output->addChild("user");

    196. 

  196. 			$otheruser->addAttribute("ID", $otheruserID);

    197. 

  197. 			$otheruser->addAttribute("modified", true);

    198. 

  198. 			return $output;

    199. 

  199. 		}else{

    200. 

  200. 			$otheruser=$output->addChild("user");

    201. 

  201. 			$otheruser->addAttribute("ID", $otheruserID);

    202. 

  202. 			$otheruser->addAttribute("modified", false);

    203. 

  203. 			updateFailed($output, $query);

    204. 

  204. 			return $output;

    205. 

  205. 		}		

    206. 

  206. 		return $output;

    207. 

  207. 	}

    208. 

  208. 	

    209. 

  209. 	$userID = mysql_real_escape_string($_REQUEST['uid']);

    210. 

  210. 	$pass_hash = mysql_real_escape_string($_REQUEST['pass_hash']);

    211. 

  211. 	$projID = mysql_real_escape_string($_REQUEST['projID']);

    212. 

  212. 	$otheruserID =  mysql_real_escape_string($_REQUEST['otheruserID']);

    213. 

  213. 	$level = mysql_real_escape_string($_REQUEST['level']);

    214. 

  214. 	$action = $_REQUEST['action'];

    215. 

  215. 	

    216. 

  216. 	header("Content-type: text/xml");

    217. 

  217. 	$xmlstr = "<?xml version='1.0'?>\n<project version='$version'></project>";

    218. 

  218. 	$output = new SimpleXMLElement($xmlstr);

    219. 

  219. 

    220. 

  220. 	if($action=="add"){

    221. 

  221. 		$output=addUser($otheruserID, $projID, $userID, $level, $pass_hash, $output);

    222. 

  222. 	}else if($action=="remove"){

    223. 

  223. 		$output=removeUser($otheruserID, $projID, $userID, $pass_hash, $output);

    224. 

  224. 	}else if($action=="modify"){

    225. 

  225. 		$output=modifyUser($otheruserID, $projID, $userID, $level, $pass_hash, $output);

    226. 

  226. 	}else{

    227. 

  227. 		meaninglessQueryVariables($output, "The 'action' variable must be set to either add or remove.");

    228. 

  228. 	}

    229. 

  229. 	print $output->asXML();

    230. 

  230. 	

    231. 

  231. ?>
    232.