diff --git a/common.php b/common.php
index 0df0af7..baa058e 100755
--- a/common.php
+++ b/common.php
@@ -167,7 +167,7 @@ class Common {
public static function is_admin() {
global $sql;
- $query = "SELECT COUNT( * ) FROM users WHERE id=? AND access=?;";
+ $query = "SELECT COUNT( * ) FROM users WHERE id=? AND ( access=? OR access='admin' );";
$bind_variables = array( $_SESSION["user_id"], Permissions::SYSTEM_LEVELS["admin"] );
$return = $sql->query( $query, $bind_variables, -1, 'fetchColumn' );
$admin = ( $return > 0 );
@@ -390,11 +390,11 @@ class Common {
$pass = false;
- if( isset( $_SESSION["token"] ) && isset( $_SESSION["user"] ) ) {
+ if( isset( $_SESSION["token"] ) && isset( $_SESSION["user_id"] ) ) {
global $sql;
- $query = "SELECT COUNT( * ) FROM users WHERE username=? AND token=?;";
- $bind_variables = array( $_SESSION["user"], sha1( $_SESSION["token"] ) );
+ $query = "SELECT COUNT( * ) FROM users WHERE id=? AND token=?;";
+ $bind_variables = array( $_SESSION["user_id"], sha1( $_SESSION["token"] ) );
$return = $sql->query( $query, $bind_variables, formatJSEND( "error", "Error checking access." ), "fetchColumn" );
if( $return > 0 ) {
@@ -458,33 +458,43 @@ class Common {
// Format JSEND Response
//////////////////////////////////////////////////////////////////
- public static function formatJSEND( $status, $data = false ) {
+ public static function formatJSEND( $status, $data = false, $debug = false ) {
/// Debug /////////////////////////////////////////////////
- $debug = "";
+ $jsend = array(
+ "status" => null,
+ "data" => null,
+ "debug" => null,
+ "message" => null,
+ );
+
if( count( Common::$debugMessageStack ) > 0 ) {
- $debug .= ',"debug":';
- $debug .= json_encode( Common::$debugMessageStack );
+ $jsend["debug"] = json_encode( Common::$debugMessageStack );
+ }
+
+ if( $debug ) {
+
+ $jsend["debug"] = $debug;
}
if( $status == "success" ) {
// Success ///////////////////////////////////////////////
+ $jsend["status"] = "success";
+
if( $data ) {
- $jsend = '{"status":"success","data":' . json_encode( $data ) . $debug . '}';
- } else {
-
- $jsend = '{"status":"success","data":null' . $debug . '}';
+ $jsend["data"] = $data;
}
} else {
// Error /////////////////////////////////////////////////
- $jsend = '{"status":"' . $status . '","message":"' . $data . '"' . $debug . '}';
+ $jsend["status"] = "error";
+ $jsend["message"] = $data;
}
// Return ////////////////////////////////////////////////
- return $jsend;
+ return json_encode( $jsend );
}
//////////////////////////////////////////////////////////////////
diff --git a/components/active/class.active.php b/components/active/class.active.php
index bee6d72..1dc9316 100755
--- a/components/active/class.active.php
+++ b/components/active/class.active.php
@@ -34,7 +34,7 @@ class Active extends Common {
global $sql;
$query = "DELETE FROM active WHERE path=? AND user=?;";
- $bind_variables = array( $path, $_SESSION["user"] );
+ $bind_variables = array( $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
@@ -115,13 +115,21 @@ class Active extends Common {
public function Add() {
global $sql;
- $query = "INSERT INTO active( user, path, focused ) VALUES ( ?, ?, ? );";
- $bind_variables = array( $_SESSION["user_id"], $this->path, false );
- $return = $sql->query( $query, $bind_variables, 0, "rowCount" );
+ $query = "UPDATE active SET focused=false WHERE user=? AND path=?;";
+ $bind_variables = array( $_SESSION["user_id"], $this->path );
+ $result = $sql->query( $query, $bind_variables, 0, "rowCount" );
- if( $return > 0 ) {
+ if( $result == 0 ) {
- echo formatJSEND( "success" );
+ global $sql;
+ $query = "INSERT INTO active( user, path, focused ) VALUES ( ?, ?, ? );";
+ $bind_variables = array( $_SESSION["user_id"], $this->path, false );
+ $result = $sql->query( $query, $bind_variables, 0, "rowCount" );
+
+ if( $result > 0 ) {
+
+ echo formatJSEND( "success" );
+ }
}
}
diff --git a/components/editor/dialog.php b/components/editor/dialog.php
index 3544bda..01673d7 100755
--- a/components/editor/dialog.php
+++ b/components/editor/dialog.php
@@ -19,6 +19,17 @@ checkSession();
+
+
+
+
+ query( $query, $bind_variables, array() );
@@ -292,14 +292,14 @@ class Project extends Common {
public function rename_project( $old_name, $new_name, $path ) {
global $sql;
- $query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
+ $query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner=-1 );";
$bind_variables = array( $old_name, $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
$pass = false;
if( ! empty( $return ) ) {
- $query = "UPDATE projects SET name=? WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
+ $query = "UPDATE projects SET name=? WHERE name=? AND path=? AND ( owner=? OR owner=-1 );";
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, 0, "rowCount");
@@ -372,7 +372,7 @@ class Project extends Common {
WHERE path = ?
AND (
owner=?
- OR owner='nobody'
+ OR owner=-1
OR id IN ( SELECT project FROM access WHERE user = ? )
) ORDER BY name LIMIT 1;";
$bind_variables = array( $this->path, $_SESSION["user_id"], $_SESSION["user_id"] );
diff --git a/components/project/dialog.php b/components/project/dialog.php
index b70dbe4..38b2a13 100755
--- a/components/project/dialog.php
+++ b/components/project/dialog.php
@@ -114,7 +114,7 @@ switch( $_GET['action'] ) {
?>
|
|
diff --git a/components/settings/class.settings.php b/components/settings/class.settings.php
index fc2afc3..bf92868 100755
--- a/components/settings/class.settings.php
+++ b/components/settings/class.settings.php
@@ -172,8 +172,8 @@ class Settings {
global $sql;
- $query = "SELECT name, value FROM user_options WHERE username=?;";
- $bind_variables = array( $this->username );
+ $query = "SELECT name, value FROM user_options WHERE user=?;";
+ $bind_variables = array( $_SESSION["user_id"] );
$return = $sql->query( $query, $bind_variables, array() );
$options = array();
@@ -259,21 +259,21 @@ class Settings {
}
} else {
- $query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ?, ? );";
+ $query = "UPDATE user_options SET value=? WHERE name=? AND user=?;";
$bind_variables = array(
+ $value,
$option,
$_SESSION["user_id"],
- $value,
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
if( $result == 0 ) {
- $query = "UPDATE user_options SET value=? WHERE name=? AND user=?;";
+ $query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ?, ? );";
$bind_variables = array(
- $value,
$option,
$_SESSION["user_id"],
+ $value,
);
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
}
diff --git a/components/sql/class.sql.php b/components/sql/class.sql.php
index 4f46465..7874b9f 100755
--- a/components/sql/class.sql.php
+++ b/components/sql/class.sql.php
@@ -205,6 +205,22 @@ class sql {
);
}
+ try {
+
+ $this->query( array(
+ "mysql" => "ALTER TABLE user_options DROP INDEX name255username255;",
+ "pgsql" => "ALTER TABLE user_options DROP CONSTRAINT name255username255;",
+ ), array(), 0, "rowCount", "exception" );
+ } catch( Exception $error ) {
+
+ //The access field is not there.
+ //echo var_export( $error->getMessage(), $access_query );
+ $status_updates["nameusername_user_option_constraint"] = array(
+ "error_message" => $error->getMessage(),
+ "dev_message" => "No constriant to remove."
+ );
+ }
+
try {
$update_query = "";
@@ -271,6 +287,56 @@ class sql {
);
}
+ try {
+
+ $convert = false;
+ $update_query = "";
+ $projects = $this->query( "SELECT id, name, path, owner FROM projects", array(), array(), "fetchAll", "exception" );
+ $users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
+ $delete = Permissions::LEVELS["delete"];
+
+ foreach( $projects as $row => $project ) {
+
+ if( ! is_numeric( $project["owner"] ) ) {
+
+ $convert = true;
+ }
+
+ foreach( $users as $row => $user ) {
+
+ if( $project["owner"] == $user["username"] ) {
+
+ $update_query .= "UPDATE projects SET owner={$user["id"]} WHERE id={$project["id"]};";
+ break;
+ }
+ }
+
+ if( $project["owner"] != $user["username"] ) {
+
+ $update_query .= "UPDATE projects SET owner=-1 WHERE id={$project["id"]};";
+ }
+ }
+
+ if( strlen( $update_query ) > 0 && $convert ) {
+
+ //change project to users table
+ $result = $this->query( "ALTER TABLE projects DROP COLUMN owner", array(), array(), "rowCount", "exception" );
+ $result = $this->query( "ALTER TABLE projects ADD COLUMN owner INT", array(), array(), "rowCount", "exception" );
+ $result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
+ } else {
+
+ $status_updates["owner_projects_column"] = array( "dev_message" => "User projects owner column needed no conversion." );
+ }
+ } catch( Exception $error ) {
+
+ //The access field is not there.
+ //echo var_export( $error->getMessage(), $access_query );
+ $status_updates["username_user_option_column"] = array(
+ "error_message" => $error->getMessage(),
+ "dev_message" => "No username column to convert."
+ );
+ }
+
try {
$projects = $this->query( array(
@@ -285,6 +351,20 @@ class sql {
"dev_message" => "Removal of username255path1500 constraint in the active table failed. This usually means there was never one to begin with"
);
}
+
+ try {
+
+ $result = $this->query( "DELETE FROM active;", array(), 0, "rowCount", "exception" );
+ $result = $this->query( "ALTER TABLE active DROP COLUMN username;", array(), 0, "rowCount", "exception" );
+ $result = $this->query( "ALTER TABLE active ADD COLUMN user INT", array(), array(), "rowCount", "exception" );
+ } catch( Exception $error ) {
+
+ //echo var_dump( $error->getMessage() );
+ $status_updates["username_active_coluin"] = array(
+ "error_message" => $error->getMessage(),
+ "dev_message" => "Removal of username255path1500 constraint in the active table failed. This usually means there was never one to begin with"
+ );
+ }
}
return $status_updates;
}
diff --git a/components/system/controller.php b/components/system/controller.php
index 9a524ac..85f1a98 100644
--- a/components/system/controller.php
+++ b/components/system/controller.php
@@ -26,7 +26,7 @@ if ( $_POST['action'] == 'create_default_tables' ) {
exit( formatJSEND( "success", "Created tables." ) );
} else {
- exit( formatJSEND( "error", "Could not create tables." ) );
+ exit( formatJSEND( "error", array( "message" => "Could not create tables.", "result" => $result ) ) );
}
} else {
diff --git a/components/update/update.php b/components/update/update.php
index 644d6c5..0ad1d59 100755
--- a/components/update/update.php
+++ b/components/update/update.php
@@ -177,7 +177,7 @@ class updater {
$sql = new sql();
$connection = $sql->connect();
- $result = $sql->recreate_default_tables();
+ $result = $sql->create_default_tables();
$upgrade_function = str_replace( ".", "_", $this->update::VERSION );
if( is_callable( array( $this, $upgrade_function ) ) ) {
diff --git a/components/user/class.user.php b/components/user/class.user.php
index 6da1ac3..2d3f312 100755
--- a/components/user/class.user.php
+++ b/components/user/class.user.php
@@ -159,7 +159,7 @@ class User {
global $sql;
$pass = false;
- $this->EncryptPassword();
+ $password = $this->encrypt_password( $password );
$query = "SELECT * FROM users WHERE username=? AND password=?;";
$bind_variables = array( $username, $password );
$return = $sql->query( $query, $bind_variables, array() );
@@ -198,7 +198,7 @@ class User {
$_SESSION["login_session"] = true;
$query = "UPDATE users SET token=? WHERE username=?;";
- $bind_variables = array( sha1( $token ), $this->username );
+ $bind_variables = array( sha1( $token ), $username );
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array() );
@@ -294,6 +294,8 @@ class User {
public function Create( $username, $password ) {
+ $username = self::CleanUsername( $username );
+ $password = $this->encrypt_password( $password );
$this->add_user( $username, $password );
}
diff --git a/components/user/controller.php b/components/user/controller.php
index 78618bd..f60306b 100755
--- a/components/user/controller.php
+++ b/components/user/controller.php
@@ -37,7 +37,7 @@ if($_GET['action']=='authenticate') {
}
$username = User::CleanUsername( $_POST['username'] );
- $password = $User->encrypt_password( $_POST['password'] );
+ $password = $_POST['password'];
// check if the asked languages exist and is registered in languages/code.php
require_once '../../languages/code.php';
@@ -98,7 +98,7 @@ if($_GET['action']=='authenticate') {
$_SESSION['lang'] = $lang;
$_SESSION['theme'] = $theme;
- exit( formatJSEND( "success", array( "username" => $this->username ) ) );
+ exit( formatJSEND( "success", array( "username" => $username ) ) );
} else {
exit( formatJSEND( "error", "Incorrect Username or Password" ) );
@@ -137,9 +137,7 @@ if( $_GET['action'] == 'create' ) {
exit( formatJSEND( "error", "Invalid characters in username" ) );
}
- $username = User::CleanUsername( $_POST['username'] );
- $password = $User->encrypt_password( $_POST['password'] );
- $User->Create( $username, $password );
+ $User->Create( $_POST['username'], $_POST['password'] );
}
}