mirror of
https://github.com/xevidos/codiad.git
synced 2025-01-03 19:52:13 +01:00
Continued implementation of new table structures, New SQL procedures, and New function principles, Updated saving methods to support PHP 7.4 and deprecation of magic_quotes
This commit is contained in:
parent
ecd0f63d63
commit
fa0889268a
19 changed files with 372 additions and 947 deletions
31
common.php
31
common.php
|
@ -167,8 +167,8 @@ class Common {
|
|||
public static function is_admin() {
|
||||
|
||||
global $sql;
|
||||
$query = "SELECT COUNT( * ) FROM users WHERE username=? AND access=?;";
|
||||
$bind_variables = array( $_SESSION["user"], "admin" );
|
||||
$query = "SELECT COUNT( * ) FROM users WHERE id=? AND access=?;";
|
||||
$bind_variables = array( $_SESSION["user_id"], Permissions::SYSTEM_LEVELS["admin"] );
|
||||
$return = $sql->query( $query, $bind_variables, -1, 'fetchColumn' );
|
||||
$admin = ( $return > 0 );
|
||||
return $admin;
|
||||
|
@ -316,32 +316,7 @@ class Common {
|
|||
|
||||
public static function startSession() {
|
||||
|
||||
Common::construct();
|
||||
|
||||
//Set a Session Name
|
||||
session_name( md5( BASE_PATH ) );
|
||||
session_save_path( SESSIONS_PATH );
|
||||
session_start();
|
||||
|
||||
if( ! defined( 'SESSION_ID' ) ) {
|
||||
|
||||
define( "SESSION_ID", session_id() );
|
||||
}
|
||||
|
||||
//Check for external authentification
|
||||
if( defined( 'AUTH_PATH' ) ) {
|
||||
|
||||
require_once( AUTH_PATH );
|
||||
}
|
||||
|
||||
global $lang;
|
||||
if ( isset( $_SESSION['lang'] ) ) {
|
||||
|
||||
include BASE_PATH . "/languages/{$_SESSION['lang']}.php";
|
||||
} else {
|
||||
|
||||
include BASE_PATH . "/languages/" . LANGUAGE . ".php";
|
||||
}
|
||||
Common::start_session();
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
|
|
@ -14,7 +14,6 @@ class Active extends Common {
|
|||
// PROPERTIES
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public $username = "";
|
||||
public $path = "";
|
||||
public $new_path = "";
|
||||
|
||||
|
@ -34,7 +33,7 @@ class Active extends Common {
|
|||
public static function remove( $path ) {
|
||||
|
||||
global $sql;
|
||||
$query = "DELETE FROM active WHERE path=? AND username=?;";
|
||||
$query = "DELETE FROM active WHERE path=? AND user=?;";
|
||||
$bind_variables = array( $path, $_SESSION["user"] );
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
}
|
||||
|
@ -46,8 +45,8 @@ class Active extends Common {
|
|||
public function ListActive() {
|
||||
|
||||
global $sql;
|
||||
$query = "SELECT path, position, focused FROM active WHERE username=?";
|
||||
$bind_variables = array( $this->username );
|
||||
$query = "SELECT path, position, focused FROM active WHERE user=?";
|
||||
$bind_variables = array( $_SESSION["user_id"] );
|
||||
$result = $sql->query( $query, $bind_variables, array() );
|
||||
$tainted = false;
|
||||
$root = WORKSPACE;
|
||||
|
@ -82,7 +81,7 @@ class Active extends Common {
|
|||
public function Check() {
|
||||
|
||||
global $sql;
|
||||
$query = "SELECT username FROM active WHERE path=?";
|
||||
$query = "SELECT user FROM active WHERE path=?";
|
||||
$bind_variables = array( $this->path );
|
||||
$result = $sql->query( $query, $bind_variables, array() );
|
||||
$tainted = false;
|
||||
|
@ -92,10 +91,11 @@ class Active extends Common {
|
|||
|
||||
foreach( $result as $id => $data ) {
|
||||
|
||||
array_push( $users, $data["username"] );
|
||||
if( $data["username"] == $this->username ) {
|
||||
array_push( $users, $data["user"] );
|
||||
if( $data["user"] == $_SESSION ) {
|
||||
|
||||
$user = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -115,8 +115,8 @@ class Active extends Common {
|
|||
public function Add() {
|
||||
|
||||
global $sql;
|
||||
$query = "INSERT INTO active( username, path, focused ) VALUES ( ?, ?, ? );";
|
||||
$bind_variables = array( $this->username, $this->path, false );
|
||||
$query = "INSERT INTO active( user, path, focused ) VALUES ( ?, ?, ? );";
|
||||
$bind_variables = array( $_SESSION["user_id"], $this->path, false );
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
|
||||
if( $return > 0 ) {
|
||||
|
@ -149,8 +149,8 @@ class Active extends Common {
|
|||
public function RemoveAll() {
|
||||
|
||||
global $sql;
|
||||
$query = "DELETE FROM active WHERE username=?;";
|
||||
$bind_variables = array( $this->username );
|
||||
$query = "DELETE FROM active WHERE user=?;";
|
||||
$bind_variables = array( $_SESSION["user_id"] );
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
|
||||
if( $return > 0 ) {
|
||||
|
@ -167,8 +167,8 @@ class Active extends Common {
|
|||
public function MarkFileAsFocused() {
|
||||
|
||||
global $sql;
|
||||
$query = "UPDATE active SET focused=? WHERE username=?;UPDATE active SET focused=? WHERE path=? AND username=?;";
|
||||
$bind_variables = array( false, $this->username, true, $this->path, $this->username );
|
||||
$query = "UPDATE active SET focused=? WHERE user=?;UPDATE active SET focused=? WHERE path=? AND user=?;";
|
||||
$bind_variables = array( false, $_SESSION["user_id"], true, $this->path, $_SESSION["user_id"] );
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
|
||||
if( $return > 0 ) {
|
||||
|
@ -188,8 +188,8 @@ class Active extends Common {
|
|||
|
||||
foreach( $positions as $path => $cursor ) {
|
||||
|
||||
$query .= "UPDATE active SET position=? WHERE path=? AND username=?;";
|
||||
array_push( $bind_variables, json_encode( $cursor ), $path, $this->username );
|
||||
$query .= "UPDATE active SET position=? WHERE path=? AND user=?;";
|
||||
array_push( $bind_variables, json_encode( $cursor ), $path, $_SESSION["user_id"] );
|
||||
}
|
||||
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
|
|
|
@ -406,7 +406,8 @@ class Filemanager extends Common {
|
|||
if( $patch && ! $mtime ) {
|
||||
|
||||
$response["status"] = "error";
|
||||
$response["message"] = "mtime parameter not found";
|
||||
$response["message"] = "invalid mtime parameter not found";
|
||||
$response["mtime"] = $mtime;
|
||||
return $response;
|
||||
}
|
||||
|
||||
|
|
|
@ -169,24 +169,36 @@ switch( $action ) {
|
|||
|
||||
case 'modify':
|
||||
|
||||
if( isset( $_POST["content"] ) || isset( $_POST["patch"] ) ) {
|
||||
if( isset( $_POST["data"] ) ) {
|
||||
|
||||
$content = isset( $_POST["content"] ) ? $_POST["content"] : "";
|
||||
$patch = isset( $_POST["patch"] ) ? $_POST["patch"] : false;
|
||||
$mtime = isset( $_POST["mtime"] ) ? $_POST["mtime"] : 0;
|
||||
$data = json_decode( $_POST["data"], true );
|
||||
|
||||
if( get_magic_quotes_gpc() ){
|
||||
if( json_last_error() !== JSON_ERROR_NONE ) {
|
||||
|
||||
$content = stripslashes( $content );
|
||||
$patch = stripslashes( $patch );
|
||||
$mtime = stripslashes( $mtime );
|
||||
$data = json_decode( stripslashes( $_POST["data"] ), true );
|
||||
}
|
||||
|
||||
$response = $Filemanager->modify( $path, $content, $mtime );
|
||||
if( json_last_error() !== JSON_ERROR_NONE ) {
|
||||
|
||||
$data = array();
|
||||
}
|
||||
|
||||
if( isset( $data["content"] ) || isset( $data["patch"] ) ) {
|
||||
|
||||
$content = isset( $data["content"] ) ? $data["content"] : "";
|
||||
$patch = isset( $data["patch"] ) ? $data["patch"] : false;
|
||||
$mtime = isset( $data["mtime"] ) ? $data["mtime"] : 0;
|
||||
|
||||
$response = $Filemanager->modify( $path, $content, $patch, $mtime );
|
||||
} else {
|
||||
|
||||
$response["status"] = "error";
|
||||
$response["message"] = "Missing modification content";
|
||||
}
|
||||
} else {
|
||||
|
||||
$response["status"] = "error";
|
||||
$response["message"] = "Missing modification content";
|
||||
$response["message"] = "Missing save data";
|
||||
}
|
||||
break;
|
||||
|
||||
|
|
|
@ -54,10 +54,10 @@
|
|||
|
||||
|
||||
this.noOpen = this.noAudio.concat( this.noFiles, this.noImages ),
|
||||
this.noBrowser = this.noAudio.concat( this.noImages ),
|
||||
|
||||
// Initialize node listener
|
||||
this.nodeListener();
|
||||
this.noBrowser = this.noAudio.concat( this.noImages ),
|
||||
|
||||
// Initialize node listener
|
||||
this.nodeListener();
|
||||
this.auto_reload = ( await codiad.settings.get_option( "codiad.filemanager.autoReloadPreview" ) == "true" );
|
||||
|
||||
amplify.subscribe( 'settings.save', async function() {
|
||||
|
@ -1066,8 +1066,10 @@
|
|||
callbacks.error.apply( context, [data] );
|
||||
}
|
||||
}
|
||||
|
||||
$.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), data, function( resp ) {
|
||||
let post = {
|
||||
"data": JSON.stringify( data )
|
||||
};
|
||||
$.post( this.controller + '?action=modify&path=' + encodeURIComponent( path ), post, function( resp ) {
|
||||
|
||||
console.log( resp );
|
||||
resp = $.parseJSON( resp );
|
||||
|
|
|
@ -148,8 +148,7 @@ define("WSURL", BASE_URL . "/workspace");
|
|||
// Marketplace
|
||||
//define("MARKETURL", "http://market.codiad.com/json");
|
||||
';
|
||||
$this->save_file( $this->config, $config_data );
|
||||
echo( "success" );
|
||||
return file_put_contents( $this->config, $config_data );
|
||||
}
|
||||
|
||||
function create_project() {
|
||||
|
@ -158,10 +157,12 @@ define("WSURL", BASE_URL . "/workspace");
|
|||
|
||||
if ( ! $this->is_abs_path( $project_path ) ) {
|
||||
|
||||
$project_path = preg_replace( '/[^\w-._@]/', '-', $project_path );
|
||||
$project_path = preg_replace( '/[^\w\-._@]/', '-', $project_path );
|
||||
$project_path = $this->username . "/" . $project_path;
|
||||
|
||||
if( ! is_dir( $this->workspace . "/" . $project_path ) ) {
|
||||
|
||||
mkdir( $this->workspace . "/" . $project_path );
|
||||
mkdir( $this->workspace . "/" . $project_path, 0755, true );
|
||||
}
|
||||
} else {
|
||||
|
||||
|
@ -185,11 +186,12 @@ define("WSURL", BASE_URL . "/workspace");
|
|||
}
|
||||
|
||||
$bind_variables = array(
|
||||
$project_path,
|
||||
$this->project_name,
|
||||
$project_path,
|
||||
$this->username
|
||||
);
|
||||
$query = "INSERT INTO projects(name, path, owner) VALUES (?,?,?);";
|
||||
$query = "DELETE FROM projects WHERE path = ?;INSERT INTO projects(name, path, owner) VALUES (?,?,( SELECT id FROM users WHERE username = ? LIMIT 1 ));";
|
||||
$connection = $this->sql->connect();
|
||||
$statement = $connection->prepare( $query );
|
||||
$statement->execute( $bind_variables );
|
||||
|
@ -205,36 +207,31 @@ define("WSURL", BASE_URL . "/workspace");
|
|||
|
||||
$result = $this->sql->create_default_tables();
|
||||
|
||||
if ( ! $result === true ) {
|
||||
if ( ! $result["create_tables"] === true ) {
|
||||
|
||||
die( '{"message":"Could not tables in database.","error":"' . json_encode( $result ) .'"}' );
|
||||
exit( json_encode( $result ) );
|
||||
}
|
||||
}
|
||||
|
||||
function create_user() {
|
||||
|
||||
$bind_variables = array(
|
||||
"",
|
||||
"",
|
||||
$this->username,
|
||||
$this->password,
|
||||
"",
|
||||
$this->project_path,
|
||||
"admin",
|
||||
"",
|
||||
""
|
||||
Permissions::LEVELS["admin"]
|
||||
);
|
||||
$query = "INSERT INTO users(first_name, last_name, username, password, email, project, access, groups, token) VALUES (?,?,?,?,?,?,?,?,?)";
|
||||
$connection = $this->sql->connect();
|
||||
$statement = $connection->prepare( $query );
|
||||
$statement->execute( $bind_variables );
|
||||
$error = $statement->errorInfo();
|
||||
$query = "INSERT INTO users( username, password, project, access ) VALUES ( ?,?,( SELECT id FROM projects WHERE path = ? LIMIT 1 ),? )";
|
||||
|
||||
if( ! $error[0] == "00000" ) {
|
||||
try {
|
||||
|
||||
die( '{"message":"Could not create user in database.","error":"' . addslashes(json_encode( $error )) .'"}' );
|
||||
$connection = $this->sql->connect();
|
||||
$statement = $connection->prepare( $query );
|
||||
$statement->execute( $bind_variables );
|
||||
} catch( exception $e ) {
|
||||
|
||||
exit( "Error could not create user: " . $e->getMessage() );
|
||||
}
|
||||
|
||||
$this->set_default_options();
|
||||
}
|
||||
|
||||
|
@ -269,10 +266,11 @@ define("WSURL", BASE_URL . "/workspace");
|
|||
$connection = $this->sql->connect();
|
||||
|
||||
$this->create_tables();
|
||||
$this->create_project();
|
||||
$this->create_user();
|
||||
$this->create_project();
|
||||
//exit( "stop" );
|
||||
$this->create_config();
|
||||
return "success";
|
||||
}
|
||||
|
||||
function JSEND( $message, $error=null ) {
|
||||
|
@ -288,18 +286,11 @@ define("WSURL", BASE_URL . "/workspace");
|
|||
exit( json_encode( $message ) );
|
||||
}
|
||||
|
||||
function save_file( $file, $data ) {
|
||||
|
||||
$write = fopen( $file, 'w' ) or die( '{"message": "can\'t open file"}' );
|
||||
fwrite( $write, $data );
|
||||
fclose( $write );
|
||||
}
|
||||
|
||||
public function set_default_options() {
|
||||
|
||||
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
|
||||
|
||||
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
|
||||
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username = ? ), ? );";
|
||||
$bind_variables = array(
|
||||
$option["name"],
|
||||
$this->username,
|
||||
|
@ -309,7 +300,7 @@ define("WSURL", BASE_URL . "/workspace");
|
|||
|
||||
if( $result == 0 ) {
|
||||
|
||||
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
|
||||
$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username = ? );";
|
||||
$bind_variables = array(
|
||||
$option["value"],
|
||||
$option["name"],
|
||||
|
|
|
@ -442,12 +442,12 @@ if(!password_match){ alert('The passwords entered do not match'); }
|
|||
if(!empty_fields && password_match && check_path){
|
||||
$.post('components/install/install.php',$('#install').serialize(),function( data ) {
|
||||
|
||||
if( data == 'success' ){
|
||||
console.log( data );
|
||||
|
||||
if( data === "success" ){
|
||||
window.location.reload();
|
||||
} else {
|
||||
data = JSON.parse( data );
|
||||
console.log( data.error );
|
||||
alert( "An Error Occurred\n" + data.message );
|
||||
alert( "An Error Occurred. Please check the console for more information.\n" );
|
||||
}
|
||||
});
|
||||
}
|
||||
|
|
|
@ -23,6 +23,12 @@ class Permissions {
|
|||
"admin" => 64,
|
||||
);
|
||||
|
||||
const SYSTEM_LEVELS = array(
|
||||
|
||||
"user" => 32,
|
||||
"admin" => 64,
|
||||
);
|
||||
|
||||
function __construct() {
|
||||
|
||||
|
||||
|
@ -82,7 +88,7 @@ class Permissions {
|
|||
if( $data["owner"] == 'nobody' ) {
|
||||
|
||||
$access = self::LEVELS["owner"];
|
||||
} elseif( $data["owner"] == $_SESSION["user"] ) {
|
||||
} elseif( $data["owner"] == $_SESSION["user_id"] ) {
|
||||
|
||||
$access = self::LEVELS["owner"];
|
||||
} else {
|
||||
|
|
|
@ -155,13 +155,13 @@ class Project extends Common {
|
|||
$owner = $result["owner"];
|
||||
if( $exclude_public ) {
|
||||
|
||||
if( $owner == $_SESSION["user"] ) {
|
||||
if( $owner == $_SESSION["user_id"] ) {
|
||||
|
||||
$return = true;
|
||||
}
|
||||
} else {
|
||||
|
||||
if( $owner == $_SESSION["user"] || $owner == 'nobody' ) {
|
||||
if( $owner == $_SESSION["user_id"] || $owner == 'nobody' ) {
|
||||
|
||||
$return = true;
|
||||
}
|
||||
|
@ -217,7 +217,7 @@ class Project extends Common {
|
|||
OR owner='nobody'
|
||||
OR id IN ( SELECT project FROM access WHERE user = ? )
|
||||
) ORDER BY name;";
|
||||
$bind_variables = array( $project, $_SESSION["user"], $_SESSION["user_id"] );
|
||||
$bind_variables = array( $project, $_SESSION["user_id"], $_SESSION["user_id"] );
|
||||
//$query = "SELECT * FROM projects WHERE path=? AND ( owner=? OR owner='nobody' ) ORDER BY name;";
|
||||
//$bind_variables = array( $project, $_SESSION["user"] );
|
||||
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
|
||||
|
@ -260,7 +260,7 @@ class Project extends Common {
|
|||
WHERE owner=?
|
||||
OR owner='nobody'
|
||||
OR id IN ( SELECT project FROM access WHERE user = ? );";
|
||||
$bind_variables = array( $_SESSION["user"], $_SESSION["user_id"] );
|
||||
$bind_variables = array( $_SESSION["user_id"], $_SESSION["user_id"] );
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
return( $return );
|
||||
}
|
||||
|
@ -293,14 +293,14 @@ class Project extends Common {
|
|||
|
||||
global $sql;
|
||||
$query = "SELECT * FROM projects WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
|
||||
$bind_variables = array( $old_name, $path, $_SESSION["user"] );
|
||||
$bind_variables = array( $old_name, $path, $_SESSION["user_id"] );
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
$pass = false;
|
||||
|
||||
if( ! empty( $return ) ) {
|
||||
|
||||
$query = "UPDATE projects SET name=? WHERE name=? AND path=? AND ( owner=? OR owner='nobody' );";
|
||||
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user"] );
|
||||
$bind_variables = array( $new_name, $old_name, $path, $_SESSION["user_id"] );
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount");
|
||||
|
||||
if( $return > 0 ) {
|
||||
|
@ -375,13 +375,13 @@ class Project extends Common {
|
|||
OR owner='nobody'
|
||||
OR id IN ( SELECT project FROM access WHERE user = ? )
|
||||
) ORDER BY name LIMIT 1;";
|
||||
$bind_variables = array( $this->path, $_SESSION["user"], $_SESSION["user_id"] );
|
||||
$bind_variables = array( $this->path, $_SESSION["user_id"], $_SESSION["user_id"] );
|
||||
$return = $sql->query( $query, $bind_variables, array(), "fetch" );
|
||||
|
||||
if( ! empty( $return ) ) {
|
||||
|
||||
$query = "UPDATE users SET project=? WHERE username=?;";
|
||||
$bind_variables = array( $this->path, $_SESSION["user"] );
|
||||
$bind_variables = array( $return["id"], $_SESSION["user"] );
|
||||
$sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
$this->name = $return['name'];
|
||||
$_SESSION['project'] = $return['path'];
|
||||
|
|
|
@ -96,7 +96,7 @@ switch( $_GET['action'] ) {
|
|||
?>
|
||||
<td width="70"><a onclick="codiad.message.error(i18n('Public projects can not be managed'));" class="icon-block bigger-icon"></a></td>
|
||||
<?php
|
||||
} elseif( $owner !== $_SESSION["user"] ) {
|
||||
} elseif( $owner !== $_SESSION["user_id"] ) {
|
||||
|
||||
?>
|
||||
<td width="70"><a onclick="codiad.message.error(i18n('Projects owned by others can not be managed'));" class="icon-block bigger-icon"></a></td>
|
||||
|
|
|
@ -113,7 +113,7 @@ class Settings {
|
|||
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
} else {
|
||||
|
||||
$query = "DELETE FROM options WHERE name=? AND username=?";
|
||||
$query = "DELETE FROM options WHERE name=? AND user=?";
|
||||
$bind_variables = array(
|
||||
$option,
|
||||
$this->username,
|
||||
|
@ -138,17 +138,17 @@ class Settings {
|
|||
|
||||
$query = "SELECT value FROM options WHERE name=?;";
|
||||
$bind_variables = array( $option );
|
||||
$return = $sql->query( $query, $bind_variables, array() )[0];
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
} else {
|
||||
|
||||
$query = "SELECT value FROM user_options WHERE name=? AND username=?;";
|
||||
$bind_variables = array( $option, $this->username );
|
||||
$return = $sql->query( $query, $bind_variables, array() )[0];
|
||||
$query = "SELECT value FROM user_options WHERE name=? AND user=?;";
|
||||
$bind_variables = array( $option, $_SESSION["user_id"] );
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
}
|
||||
|
||||
if( ! empty( $return ) ) {
|
||||
|
||||
$return = $return["value"];
|
||||
$return = $return[0]["value"];
|
||||
} else {
|
||||
|
||||
$return = null;
|
||||
|
@ -259,21 +259,21 @@ class Settings {
|
|||
}
|
||||
} else {
|
||||
|
||||
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
|
||||
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ?, ? );";
|
||||
$bind_variables = array(
|
||||
$option,
|
||||
$this->username,
|
||||
$_SESSION["user_id"],
|
||||
$value,
|
||||
);
|
||||
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
|
||||
if( $result == 0 ) {
|
||||
|
||||
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
|
||||
$query = "UPDATE user_options SET value=? WHERE name=? AND user=?;";
|
||||
$bind_variables = array(
|
||||
$value,
|
||||
$option,
|
||||
$this->username,
|
||||
$_SESSION["user_id"],
|
||||
);
|
||||
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
}
|
||||
|
|
|
@ -166,7 +166,7 @@
|
|||
let _self = codiad.settings;
|
||||
|
||||
jQuery.ajax({
|
||||
|
||||
|
||||
url: this.controller + '?action=update_option',
|
||||
type: "POST",
|
||||
dataType: 'html',
|
||||
|
|
|
@ -1,458 +0,0 @@
|
|||
<?php
|
||||
|
||||
class sql_conversions {
|
||||
|
||||
public $actions = array(
|
||||
|
||||
"create" => array(
|
||||
|
||||
"mysql" => "CREATE TABLE IF NOT EXISTS",
|
||||
"pgsql" => "CREATE TABLE IF NOT EXISTS",
|
||||
"sqlite" => "CREATE TABLE IF NOT EXISTS",
|
||||
),
|
||||
|
||||
"delete" => array(
|
||||
|
||||
"mysql" => "DELETE",
|
||||
"pgsql" => "DELETE",
|
||||
"sqlite" => "DELETE",
|
||||
),
|
||||
|
||||
"find" => array(
|
||||
|
||||
"mysql" => "LOCATE( %substring%, %string% )",
|
||||
"pgsql" => "POSITION( %substring% in %string% )",
|
||||
"sqlite" => "INSTR( %string%, %substring% )",
|
||||
),
|
||||
|
||||
"select" => array(
|
||||
|
||||
"mysql" => "SELECT",
|
||||
"pgsql" => "SELECT",
|
||||
"sqlite" => "SELECT",
|
||||
),
|
||||
|
||||
"update" => array(
|
||||
|
||||
"mysql" => "UPDATE",
|
||||
"pgsql" => "UPDATE",
|
||||
"sqlite" => "UPDATE",
|
||||
),
|
||||
);
|
||||
|
||||
public $comparisons = array(
|
||||
|
||||
"equal" => array(
|
||||
|
||||
"mysql" => "=",
|
||||
"pgsql" => "=",
|
||||
"sqlite" => "=",
|
||||
),
|
||||
|
||||
"less than" => array(
|
||||
|
||||
"mysql" => "<",
|
||||
"pgsql" => "<",
|
||||
"sqlite" => "<",
|
||||
),
|
||||
|
||||
"more than" => array(
|
||||
|
||||
"mysql" => ">",
|
||||
"pgsql" => ">",
|
||||
"sqlite" => ">",
|
||||
),
|
||||
|
||||
"not" => array(
|
||||
|
||||
"mysql" => "!",
|
||||
"pgsql" => "!",
|
||||
"sqlite" => "!",
|
||||
),
|
||||
|
||||
"not equal" => array(
|
||||
|
||||
"mysql" => "!=",
|
||||
"pgsql" => "!=",
|
||||
"sqlite" => "!=",
|
||||
),
|
||||
|
||||
"where" => array(
|
||||
|
||||
"mysql" => "WHERE",
|
||||
"pgsql" => "WHERE",
|
||||
"sqlite" => "WHERE",
|
||||
),
|
||||
);
|
||||
|
||||
public $data_types = array(
|
||||
|
||||
"bool" => array(
|
||||
|
||||
"mysql" => "BOOL",
|
||||
"pgsql" => "BOOL",
|
||||
"sqlite" => "BOOL",
|
||||
),
|
||||
|
||||
"int" => array(
|
||||
|
||||
"mysql" => "INT",
|
||||
"pgsql" => "INT",
|
||||
"sqlite" => "INT",
|
||||
),
|
||||
|
||||
"string" => array(
|
||||
|
||||
"mysql" => "VARCHAR(255)",
|
||||
"pgsql" => "VARCHAR",
|
||||
"sqlite" => "VARCHAR",
|
||||
),
|
||||
|
||||
"text" => array(
|
||||
|
||||
"mysql" => "TEXT",
|
||||
"pgsql" => "TEXT",
|
||||
"sqlite" => "TEXT",
|
||||
),
|
||||
);
|
||||
|
||||
public $general = array(
|
||||
|
||||
"from" => array(
|
||||
|
||||
"mysql" => "FROM",
|
||||
"pgsql" => "FROM",
|
||||
"sqlite" => "FROM",
|
||||
),
|
||||
);
|
||||
|
||||
public $specials = array(
|
||||
|
||||
"id" => array(
|
||||
|
||||
"mysql" => "NOT NULL AUTO_INCREMENT PRIMARY KEY",
|
||||
"pgsql" => "SERIAL PRIMARY KEY",
|
||||
"sqlite" => "SERIAL PRIMARY KEY",
|
||||
),
|
||||
|
||||
"key" => array(
|
||||
|
||||
"mysql" => "KEY",
|
||||
"pgsql" => "KEY",
|
||||
"sqlite" => "KEY",
|
||||
),
|
||||
|
||||
"auto increment" => array(
|
||||
|
||||
"mysql" => "AUTO_INCREMENT",
|
||||
"pgsql" => "AUTO_INCREMENT",
|
||||
"sqlite" => "AUTO_INCREMENT",
|
||||
),
|
||||
|
||||
"not null" => array(
|
||||
|
||||
"mysql" => "NOT NULL",
|
||||
"pgsql" => "NOT NULL",
|
||||
"sqlite" => "NOT NULL",
|
||||
),
|
||||
|
||||
"null" => array(
|
||||
|
||||
"mysql" => "NULL",
|
||||
"pgsql" => "NULL",
|
||||
"sqlite" => "NULL",
|
||||
),
|
||||
|
||||
"unique" => array(
|
||||
|
||||
"mysql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
|
||||
"pgsql" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
|
||||
"sqlite" => "CONSTRAINT %constraint_name% UNIQUE ( %field_names% )",
|
||||
),
|
||||
);
|
||||
|
||||
public $wraps = array(
|
||||
|
||||
"close" => array(
|
||||
|
||||
"mysql" => "`",
|
||||
"mssql" => "]",
|
||||
"pgsql" => "\"",
|
||||
"sqlite" => "\"",
|
||||
),
|
||||
|
||||
"open" => array(
|
||||
|
||||
"mysql" => "`",
|
||||
"mssql" => "[",
|
||||
"pgsql" => "\"",
|
||||
"sqlite" => "\"",
|
||||
),
|
||||
);
|
||||
|
||||
public function check_field( $needle, $haystack ) {
|
||||
|
||||
$field = preg_replace_callback(
|
||||
// Matches parts to be replaced: '[field]'
|
||||
'/(\[.*?\])/',
|
||||
// Callback function. Use 'use()' or define arrays as 'global'
|
||||
function( $matches ) use ( $haystack ) {
|
||||
|
||||
// Remove square brackets from the match
|
||||
// then use it as variable name
|
||||
$match = trim( $matches[1], "[]" );
|
||||
return $match;
|
||||
},
|
||||
// Input string to search in.
|
||||
$needle
|
||||
);
|
||||
|
||||
if( $field === $needle ) {
|
||||
|
||||
$field = false;
|
||||
}
|
||||
return $field;
|
||||
}
|
||||
|
||||
public function find( $substring, $string ) {
|
||||
|
||||
$dbtype = DBTYPE;
|
||||
$find_string = $this->actions["find"][$dbtype];
|
||||
$find_string = str_replace( "%string%", $string, $find_string );
|
||||
$find_string = str_replace( "%substring%", $substring, $find_string );
|
||||
|
||||
return $find_string;
|
||||
}
|
||||
|
||||
public function select( $table, $fields, $where ) {
|
||||
|
||||
$dbtype = DBTYPE;
|
||||
$id_close = $this->wraps["close"][$dbtype];
|
||||
$id_open = $this->wraps["open"][$dbtype];
|
||||
$query = $this->actions["select"][$dbtype] . " ";
|
||||
$bind_vars = array();
|
||||
|
||||
if( empty( $fields ) ) {
|
||||
|
||||
$query .= " * ";
|
||||
}
|
||||
|
||||
foreach( $fields as $field ) {
|
||||
|
||||
$query .= $field . ",";
|
||||
}
|
||||
|
||||
$query = substr( $query, 0, -1 );
|
||||
$query .= " {$this->general["from"][$dbtype]} {$table} ";
|
||||
|
||||
if( ! empty( $where ) ) {
|
||||
|
||||
$query .= " {$this->comparisons["where"][$dbtype]} ";
|
||||
}
|
||||
|
||||
foreach( $where as $comparison ) {
|
||||
|
||||
$comparison_string = "";
|
||||
|
||||
//Put a replace of %% symbols with fields and open / close
|
||||
if( $comparison[0] == "find" ) {
|
||||
|
||||
$c1 = $this->check_field( $comparison[1], $fields );
|
||||
$c2 = $this->check_field( $comparison[2], $fields );
|
||||
$c3 = $this->check_field( $comparison[3][1], $fields );
|
||||
|
||||
if( ! $c1 === FALSE ) {
|
||||
|
||||
$c1 = $id_open . $c1 . $id_close;
|
||||
} else {
|
||||
|
||||
$c1 = "?";
|
||||
array_push( $bind_vars, $comparison[1] );
|
||||
}
|
||||
|
||||
if( ! $c2 === FALSE ) {
|
||||
|
||||
$c2 = $id_open . $c2 . $id_close;
|
||||
} else {
|
||||
|
||||
$c2 = "?";
|
||||
array_push( $bind_vars, $comparison[2] );
|
||||
}
|
||||
|
||||
if( ! $c3 === FALSE ) {
|
||||
|
||||
$c3 = $id_open . $c3 . $id_close;
|
||||
} else {
|
||||
|
||||
$c3 = "?";
|
||||
array_push( $bind_vars, $comparison[3][1] );
|
||||
}
|
||||
|
||||
$c0 = $this->find( $c1, $c2 );
|
||||
$comparison_string .= "{$c0} {$this->comparisons[$comparison[3][0]][$dbtype]} {$c3}";
|
||||
} elseif( $comparison[0] == "in" ) {
|
||||
|
||||
|
||||
} elseif( $comparison[0] == "limit" ) {
|
||||
|
||||
|
||||
} else {
|
||||
|
||||
if( in_array( $fields, $comparison[1] ) ) {
|
||||
|
||||
$comparison[1] = $id_open . $comparison[1] . $id_close;
|
||||
}
|
||||
|
||||
if( in_array( $fields, $comparison[3] ) ) {
|
||||
|
||||
$comparison[3] = $id_open . $comparison[3] . $id_close;
|
||||
}
|
||||
|
||||
$comparison_string .= "{$comparison[1]} {$this->$comparisons[$comparison[0]][$dbtype]} {$comparison[2]}";
|
||||
}
|
||||
|
||||
$index = array_search( $comparison, $where );
|
||||
|
||||
if( $index ) {
|
||||
|
||||
} else {
|
||||
|
||||
$query .= "{$comparison_string} ";
|
||||
}
|
||||
}
|
||||
|
||||
//$query = substr( $query, 0, -1 );
|
||||
$query .= ";";
|
||||
return array( $query, $bind_vars );
|
||||
}
|
||||
|
||||
public function table( $table_name, $fields, $attributes ) {
|
||||
|
||||
$dbtype = DBTYPE;
|
||||
$id_close = $this->wraps["close"][$dbtype];
|
||||
$id_open = $this->wraps["open"][$dbtype];
|
||||
|
||||
$query = "{$this->actions["create"][$dbtype]} {$table_name} (";
|
||||
|
||||
foreach( $fields as $id => $type ) {
|
||||
|
||||
$query .= "{$id} {$this->data_types[$type][$dbtype]}";
|
||||
|
||||
if( isset( $attributes[$id] ) ) {
|
||||
|
||||
foreach( $attributes[$id] as $attribute ) {
|
||||
|
||||
$attribute_string = $this->specials["$attribute"][$dbtype];
|
||||
|
||||
if( $attribute == "unique" ) {
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
if( $dbtype == "pgsql" ) {
|
||||
|
||||
if( $id == "id" ) {
|
||||
|
||||
$query = substr( $query, 0, -( strlen( " {$this->data_types[$type][$dbtype]}" ) ) );
|
||||
}
|
||||
}
|
||||
|
||||
if( ! strpos( $attribute_string, "%table_name%" ) === FALSE ) {
|
||||
|
||||
$attribute_string = str_replace( "%table_name%", $table_name, $attribute_string );
|
||||
}
|
||||
|
||||
if( ! strpos( $attribute_string, "%fields%" ) === FALSE ) {
|
||||
|
||||
$fields_string = "";
|
||||
|
||||
foreach( $fields as $field ) {
|
||||
|
||||
$fields_string .= "{$id_open}field{$id_close},";
|
||||
}
|
||||
|
||||
$fields_string = substr( $fields_string, 0, -1 );
|
||||
$attribute_string = str_replace( "%fields%", $fields_string, $attribute_string );
|
||||
}
|
||||
$query .= " {$attribute_string}";
|
||||
}
|
||||
}
|
||||
$query .= ",";
|
||||
}
|
||||
|
||||
$id_close = $this->wraps["close"][$dbtype];
|
||||
$id_open = $this->wraps["open"][$dbtype];
|
||||
$fields_string = "";
|
||||
$unique_string = "";
|
||||
$unique_length = 0;
|
||||
|
||||
foreach( $attributes as $id => $attribute ) {
|
||||
|
||||
if( in_array( "unique", $attribute ) ) {
|
||||
|
||||
$unique_length++;
|
||||
}
|
||||
}
|
||||
|
||||
foreach( $attributes as $id => $attribute ) {
|
||||
|
||||
if( is_array( $attribute ) && in_array( "unique", $attribute ) ) {
|
||||
|
||||
if( $unique_string == "" ) {
|
||||
|
||||
$unique_string = $this->specials["unique"][$dbtype] . ",";
|
||||
}
|
||||
if( $dbtype == "mysql" && $fields ) {
|
||||
|
||||
if( $fields[$id] == "text" ) {
|
||||
|
||||
$field_length = ( 3000 / $unique_length );
|
||||
$fields_string .= "{$id_open}{$id}{$id_close}($field_length),";
|
||||
} elseif( $fields[$id] == "string" ) {
|
||||
|
||||
$field_length = ( 3000 / $unique_length );
|
||||
$fields_string .= "{$id_open}{$id}{$id_close}(255),";
|
||||
}
|
||||
} else {
|
||||
|
||||
$fields_string .= "{$id_open}{$id}{$id_close},";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$unique_string = str_replace( "%constraint_name%", strtolower( preg_replace( '#[^A-Za-z0-9' . preg_quote( '-_@. ').']#', '', $fields_string ) ), $unique_string );
|
||||
$unique_string = str_replace( "%field_names%", substr( $fields_string, 0, -1 ), $unique_string );
|
||||
$query .= $unique_string;
|
||||
|
||||
$query = substr( $query, 0, -1 );
|
||||
$query .= ")";
|
||||
|
||||
if( $dbtype == "mysql" ) {
|
||||
|
||||
$query .= " ENGINE=InnoDB;";
|
||||
} else {
|
||||
|
||||
$query .= ";";
|
||||
}
|
||||
|
||||
return( $query );
|
||||
}
|
||||
|
||||
public function tables( $tables ) {
|
||||
|
||||
$query = "";
|
||||
|
||||
foreach( $tables as $table_name => $table_data ) {
|
||||
|
||||
$query .= $this->table( $table_name, $table_data["fields"], $table_data["attributes"] ) . PHP_EOL;
|
||||
}
|
||||
return( $query );
|
||||
}
|
||||
|
||||
public function update( $table, $fields, $where ) {
|
||||
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
|
@ -54,141 +54,27 @@ class sql {
|
|||
|
||||
public function create_default_tables() {
|
||||
|
||||
$create_tables = $this->create_tables(
|
||||
array(
|
||||
"active" => array(
|
||||
"fields" => array(
|
||||
"username" => "string",
|
||||
"path" => "text",
|
||||
"position" => "string",
|
||||
"focused" => "string"
|
||||
),
|
||||
"attributes" => array(
|
||||
"username" => array( "not null" ),
|
||||
"path" => array( "not null" ),
|
||||
"focused" => array( "not null" ),
|
||||
)
|
||||
),
|
||||
"access" => array(
|
||||
"fields" => array(
|
||||
"project" => "int",
|
||||
"user" => "int",
|
||||
"level" => "int",
|
||||
),
|
||||
"attributes" => array(
|
||||
"id" => array( "not null" ),
|
||||
"user" => array( "not null" ),
|
||||
"level" => array( "not null" ),
|
||||
)
|
||||
),
|
||||
"options" => array(
|
||||
"fields" => array(
|
||||
"id" => "int",
|
||||
"name" => "string",
|
||||
"value" => "text",
|
||||
),
|
||||
"attributes" => array(
|
||||
"id" => array( "id" ),
|
||||
"name" => array( "not null", "unique" ),
|
||||
"value" => array( "not null" ),
|
||||
)
|
||||
),
|
||||
"projects" => array(
|
||||
"fields" => array(
|
||||
"id" => "int",
|
||||
"name" => "string",
|
||||
"path" => "text",
|
||||
"owner" => "string",
|
||||
),
|
||||
"attributes" => array(
|
||||
|
||||
"id" => array( "id" ),
|
||||
"name" => array( "not null" ),
|
||||
"path" => array( "not null", "unique" ),
|
||||
"owner" => array( "not null", "unique" ),
|
||||
)
|
||||
),
|
||||
"users" => array(
|
||||
"fields" => array(
|
||||
"id" => "int",
|
||||
"first_name" => "string",
|
||||
"last_name" => "string",
|
||||
"username" => "string",
|
||||
"password" => "text",
|
||||
"email" => "string",
|
||||
"project" => "int",
|
||||
"access" => "string",
|
||||
"token" => "string",
|
||||
),
|
||||
"attributes" => array(
|
||||
"id" => array( "id" ),
|
||||
"username" => array( "not null", "unique" ),
|
||||
"password" => array( "not null" ),
|
||||
"access" => array( "not null" ),
|
||||
)
|
||||
),
|
||||
"user_options" => array(
|
||||
"fields" => array(
|
||||
"id" => "int",
|
||||
"name" => "string",
|
||||
"username" => "string",
|
||||
"value" => "text",
|
||||
),
|
||||
"attributes" => array(
|
||||
"id" => array( "id" ),
|
||||
"name" => array( "not null", "unique" ),
|
||||
"username" => array( "not null", "unique" ),
|
||||
"value" => array( "not null" ),
|
||||
)
|
||||
),
|
||||
)
|
||||
);
|
||||
$create_tables = $this->create_tables();
|
||||
$structure_updates = $this->update_table_structure();
|
||||
$result = array(
|
||||
"create_tables" => $create_tables,
|
||||
"structure_updates" => $structure_updates
|
||||
);
|
||||
exit( json_encode( $result, JSON_PRETTY_PRINT ) );
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function create_tables( $table ) {
|
||||
public function create_tables() {
|
||||
|
||||
/**
|
||||
Tables layout
|
||||
array(
|
||||
|
||||
"table_name" => array(
|
||||
|
||||
"fields" => array(
|
||||
|
||||
"id" => "int",
|
||||
"test_field" => "string"
|
||||
),
|
||||
"attributes" => array(
|
||||
|
||||
"id" => array( "id" ),
|
||||
"test_field" => array( "not null" ),
|
||||
)
|
||||
),
|
||||
"table2_name" => array(
|
||||
|
||||
"fields" => array(
|
||||
|
||||
"id" => "int",
|
||||
"test_field" => "string"
|
||||
),
|
||||
"attributes" => array(
|
||||
|
||||
"id" => array( "id" ),
|
||||
"test_field" => array( "not null" ),
|
||||
)
|
||||
)
|
||||
);
|
||||
*/
|
||||
$script = __DIR__ . "/scripts/" . DBTYPE . ".sql";
|
||||
|
||||
try {
|
||||
if( ! is_file( $script ) ) {
|
||||
|
||||
$query = $this->conversions->tables( $table );
|
||||
return "Error, no database scripts specified for currently selected dbtype.";
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
$query = file_get_contents( $script );
|
||||
$connection = $this->connect();
|
||||
$result = $connection->exec( $query );
|
||||
return true;
|
||||
|
@ -227,130 +113,148 @@ class sql {
|
|||
return self::$instance;
|
||||
}
|
||||
|
||||
public function select( $table, $fields=array(), $where=array() ) {
|
||||
|
||||
$array = $this->conversions->select( $table, $fields, $where );
|
||||
$query = $array[0];
|
||||
$bind_vars = $array[1];
|
||||
$result = $this->query( $query, $bind_vars, array() );
|
||||
//echo var_dump( $query, $bind_vars ) . "<br>";
|
||||
return $result;
|
||||
}
|
||||
|
||||
public function update( $table, $fields=array(), $where=array() ) {
|
||||
|
||||
$query = $this->conversions->update( $table, $fields, $where );
|
||||
//echo var_dump( $query ) . "<br>";
|
||||
//return $query;
|
||||
}
|
||||
|
||||
public function update_table_structure() {
|
||||
|
||||
$status_updates = array();
|
||||
$sql_conversions = new sql_conversions();
|
||||
|
||||
try {
|
||||
|
||||
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
|
||||
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
|
||||
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
|
||||
$delete = Permissions::LEVELS["delete"];
|
||||
|
||||
foreach( $users as $row => $user ) {
|
||||
|
||||
foreach( $projects as $row => $project ) {
|
||||
|
||||
$access = json_decode( $project["access"], true );
|
||||
if( ! is_array( $access ) || empty( $access ) ) {
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
foreach( $access as $granted_user ) {
|
||||
|
||||
if( $granted_user == $user["username"] ) {
|
||||
|
||||
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
|
||||
|
||||
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
|
||||
}
|
||||
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
|
||||
$status_updates["access_column"] = "Cached data and removed access column.";
|
||||
} catch( Exception $error ) {
|
||||
|
||||
//The access field is not there.
|
||||
//echo var_export( $error->getMessage(), $access_query );
|
||||
$status_updates["access_column"] = array(
|
||||
"error_message" => $error->getMessage(),
|
||||
"dev_message" => "No access column to convert."
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
$update_query = "";
|
||||
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
|
||||
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
|
||||
$convert = false;
|
||||
$delete = Permissions::LEVELS["delete"];
|
||||
|
||||
foreach( $result as $row => $user ) {
|
||||
|
||||
if( ! is_numeric( $user["project"] ) ) {
|
||||
|
||||
$convert = true;
|
||||
}
|
||||
|
||||
foreach( $projects as $row => $project ) {
|
||||
|
||||
if( $project["path"] == $user["project"] ) {
|
||||
|
||||
$update_query .= "UPDATE users SET project={$project["id"]};";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( $convert && strlen( $update_query ) > 0 ) {
|
||||
|
||||
//change project to users table
|
||||
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
|
||||
$result = $this->query( "ALTER TABLE users ADD COLUMN project " . $sql_conversions->data_types["int"][DBTYPE], array(), array(), "rowCount", "exception" );
|
||||
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
|
||||
} else {
|
||||
|
||||
$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
|
||||
}
|
||||
} catch( Exception $error ) {
|
||||
|
||||
//echo var_dump( $error->getMessage() );
|
||||
$status_updates["users_current_project"] = array(
|
||||
"error_message" => $error->getMessage(),
|
||||
"dev_message" => "Users current project column to project_id conversion failed."
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
|
||||
$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
|
||||
} catch( Exception $error ) {
|
||||
|
||||
//echo var_dump( $error->getMessage() );
|
||||
$status_updates["users_groups_column"] = array(
|
||||
"error_message" => $error->getMessage(),
|
||||
"dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
|
||||
);
|
||||
}
|
||||
|
||||
if( DBTYPE === "mysql" || DBTYPE === "pgsql" ) {
|
||||
|
||||
//$constraint = ( DBTYPE === "mysql" ) ? "INDEX" : "CONSTRAINT";
|
||||
try {
|
||||
|
||||
$access_query = "INSERT INTO access( project, user, level ) VALUES ";
|
||||
$projects = $this->query( "SELECT id, access FROM projects", array(), array(), "fetchAll", "exception" );
|
||||
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
|
||||
$delete = Permissions::LEVELS["delete"];
|
||||
|
||||
foreach( $users as $row => $user ) {
|
||||
|
||||
foreach( $projects as $row => $project ) {
|
||||
|
||||
$access = json_decode( $project["access"], true );
|
||||
if( ! is_array( $access ) || empty( $access ) ) {
|
||||
|
||||
continue;
|
||||
}
|
||||
|
||||
foreach( $access as $granted_user ) {
|
||||
|
||||
if( $granted_user == $user["username"] ) {
|
||||
|
||||
$access_query .= "( {$project["id"]}, {$user["id"]}, $delete ),";
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( $access_query !== "INSERT INTO access( project, user, level ) VALUES " ) {
|
||||
|
||||
$result = $this->query( substr( $access_query, 0, -1 ), array(), 0, "rowCount", "exception" );
|
||||
}
|
||||
$result = $this->query( "ALTER TABLE projects DROP COLUMN access", array(), 0, "rowCount" );
|
||||
$status_updates["access_column"] = "Cached data and removed access column.";
|
||||
} catch( Exception $error ) {
|
||||
|
||||
//The access field is not there.
|
||||
//echo var_export( $error->getMessage(), $access_query );
|
||||
$status_updates["access_column"] = array(
|
||||
"error_message" => $error->getMessage(),
|
||||
"dev_message" => "No access column to convert."
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
$update_query = "";
|
||||
$projects = $this->query( "SELECT id, path FROM projects", array(), array(), "fetchAll", "exception" );
|
||||
$result = $this->query( "SELECT project FROM users", array(), array(), "fetchAll", "exception" );
|
||||
$convert = false;
|
||||
$delete = Permissions::LEVELS["delete"];
|
||||
|
||||
foreach( $result as $row => $user ) {
|
||||
|
||||
if( ! is_numeric( $user["project"] ) ) {
|
||||
|
||||
$convert = true;
|
||||
}
|
||||
|
||||
foreach( $projects as $row => $project ) {
|
||||
|
||||
if( $project["path"] == $user["project"] ) {
|
||||
|
||||
$update_query .= "UPDATE users SET project={$project["id"]} WHERE username = '{$user["username"]}';";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( $convert && strlen( $update_query ) > 0 ) {
|
||||
|
||||
//change project to users table
|
||||
$result = $this->query( "ALTER TABLE users DROP COLUMN project", array(), array(), "rowCount", "exception" );
|
||||
$result = $this->query( "ALTER TABLE users ADD COLUMN project INT", array(), array(), "rowCount", "exception" );
|
||||
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
|
||||
} else {
|
||||
|
||||
$status_updates["users_current_project"] = array( "dev_message" => "Users current project column to project_id conversion not needed." );
|
||||
}
|
||||
} catch( Exception $error ) {
|
||||
|
||||
//echo var_dump( $error->getMessage() );
|
||||
$status_updates["users_current_project"] = array(
|
||||
"error_message" => $error->getMessage(),
|
||||
"dev_message" => "Users current project column to project_id conversion failed."
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
$update_query = "";
|
||||
$options = $this->query( "SELECT id, name, username, value FROM user_options", array(), array(), "fetchAll", "exception" );
|
||||
$users = $this->query( "SELECT id, username FROM users", array(), array(), "fetchAll", "exception" );
|
||||
$delete = Permissions::LEVELS["delete"];
|
||||
|
||||
foreach( $users as $row => $user ) {
|
||||
|
||||
foreach( $options as $row => $option ) {
|
||||
|
||||
if( $option["username"] == $user["username"] ) {
|
||||
|
||||
$update_query .= "UPDATE user_options SET user={$user["id"]} WHERE id={$option["id"]};";
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if( strlen( $update_query ) > 0 ) {
|
||||
|
||||
//change project to users table
|
||||
$result = $this->query( "ALTER TABLE user_options DROP COLUMN username", array(), array(), "rowCount", "exception" );
|
||||
$result = $this->query( "ALTER TABLE user_options ADD COLUMN user INT", array(), array(), "rowCount", "exception" );
|
||||
$result = $this->query( $update_query, array(), array(), "rowCount", "exception" );
|
||||
} else {
|
||||
|
||||
$status_updates["username_user_option_column"] = array( "dev_message" => "User options username column needed no conversion." );
|
||||
}
|
||||
} catch( Exception $error ) {
|
||||
|
||||
//The access field is not there.
|
||||
//echo var_export( $error->getMessage(), $access_query );
|
||||
$status_updates["username_user_option_column"] = array(
|
||||
"error_message" => $error->getMessage(),
|
||||
"dev_message" => "No username column to convert."
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
$result = $this->query( "ALTER TABLE users DROP COLUMN groups", array(), array(), "rowCount", "exception" );
|
||||
$status_updates["users_groups_column"] = array( "dev_message" => "Removal of the groups column from the users table succeeded." );
|
||||
} catch( Exception $error ) {
|
||||
|
||||
//echo var_dump( $error->getMessage() );
|
||||
$status_updates["users_groups_column"] = array(
|
||||
"error_message" => $error->getMessage(),
|
||||
"dev_message" => "Removal of the groups column from the users table failed. This usually means there was never one to begin with"
|
||||
);
|
||||
}
|
||||
|
||||
try {
|
||||
|
||||
|
|
|
@ -1,3 +1,13 @@
|
|||
--
|
||||
-- Table structure for table `access`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `access` (
|
||||
`user` int NOT NULL,
|
||||
`project` int NOT NULL,
|
||||
`level` int NOT NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
--
|
||||
-- Table structure for table `active`
|
||||
--
|
||||
|
@ -9,16 +19,6 @@ CREATE TABLE IF NOT EXISTS `active` (
|
|||
`focused` varchar(255) NOT NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
--
|
||||
-- Table structure for table `access`
|
||||
--
|
||||
|
||||
CREATE TABLE IF NOT EXISTS `access` (
|
||||
`user` int NOT NULL,
|
||||
`project` int NOT NULL,
|
||||
`level` int NOT NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
-- --------------------------------------------------------
|
||||
|
||||
--
|
||||
|
@ -41,7 +41,7 @@ CREATE TABLE IF NOT EXISTS `projects` (
|
|||
`id` int PRIMARY KEY AUTO_INCREMENT NOT NULL,
|
||||
`name` varchar(255) NOT NULL,
|
||||
`path` text NOT NULL,
|
||||
`owner` int NOT NULL,
|
||||
`owner` int NOT NULL
|
||||
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
|
||||
|
||||
|
||||
|
|
|
@ -10,25 +10,10 @@ require_once( "../settings/class.settings.php" );
|
|||
|
||||
class User {
|
||||
|
||||
const ACCESS = array(
|
||||
"admin",
|
||||
"user"
|
||||
);
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// PROPERTIES
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public $access = 'user';
|
||||
public $username = '';
|
||||
public $password = '';
|
||||
public $project = '';
|
||||
public $projects = '';
|
||||
public $users = '';
|
||||
public $actives = '';
|
||||
public $lang = '';
|
||||
public $theme = '';
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
// METHODS
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
@ -43,46 +28,47 @@ class User {
|
|||
|
||||
}
|
||||
|
||||
public function add_user() {
|
||||
public function add_user( $username, $password, $access ) {
|
||||
|
||||
global $sql;
|
||||
$query = "INSERT INTO users( username, password, access, project ) VALUES ( ?, ?, ?, ? );";
|
||||
$bind_variables = array( $this->username, $this->password, $this->access, null );
|
||||
$bind_variables = array( $username, $password, $access, null );
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
$pass = false;
|
||||
|
||||
if( $return > 0 ) {
|
||||
|
||||
$this->set_default_options();
|
||||
exit( formatJSEND( "success", array( "username" => $this->username ) ) );
|
||||
} else {
|
||||
|
||||
exit( formatJSEND( "error", "The Username is Already Taken" ) );
|
||||
$this->set_default_options( $username );
|
||||
$pass = true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function delete_user() {
|
||||
public function delete_user( $username ) {
|
||||
|
||||
global $sql;
|
||||
$query = "DELETE FROM user_options WHERE username=?;";
|
||||
$bind_variables = array( $this->username );
|
||||
$query = "DELETE FROM user_options WHERE user=( SELECT id FROM users WHERE username=? );";
|
||||
$bind_variables = array( $username );
|
||||
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
|
||||
if( $return > -1 ) {
|
||||
|
||||
//TODO: add new permissions system to delete cleanup
|
||||
|
||||
$query = "DELETE FROM projects WHERE owner=? AND access IN ( ?,?,?,?,? );";
|
||||
$bind_variables = array(
|
||||
$this->username,
|
||||
$username,
|
||||
"null",
|
||||
null,
|
||||
"[]",
|
||||
"",
|
||||
json_encode( array( $this->username ) )
|
||||
json_encode( array( $username ) )
|
||||
);
|
||||
$return = $sql->query( $query, $bind_variables, -1, "rowCount" );
|
||||
|
||||
if( $return > -1 ) {
|
||||
|
||||
$query = "DELETE FROM users WHERE username=?;";
|
||||
$bind_variables = array( $this->username );
|
||||
$bind_variables = array( $username );
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
|
||||
if( $return > 0 ) {
|
||||
|
@ -134,26 +120,26 @@ class User {
|
|||
}
|
||||
}
|
||||
|
||||
public function set_default_options() {
|
||||
public function set_default_options( $username ) {
|
||||
|
||||
foreach( Settings::DEFAULT_OPTIONS as $id => $option ) {
|
||||
|
||||
global $sql;
|
||||
$query = "INSERT INTO user_options ( name, username, value ) VALUES ( ?, ?, ? );";
|
||||
$query = "INSERT INTO user_options ( name, user, value ) VALUES ( ?, ( SELECT id FROM users WHERE username=? ), ? );";
|
||||
$bind_variables = array(
|
||||
$option["name"],
|
||||
$this->username,
|
||||
$username,
|
||||
$option["value"],
|
||||
);
|
||||
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
|
||||
if( $result == 0 ) {
|
||||
|
||||
$query = "UPDATE user_options SET value=? WHERE name=? AND username=?;";
|
||||
$query = "UPDATE user_options SET value=? WHERE name=? AND user=( SELECT id FROM users WHERE username=? );";
|
||||
$bind_variables = array(
|
||||
$option["value"],
|
||||
$option["name"],
|
||||
$this->username,
|
||||
$username,
|
||||
);
|
||||
$result = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
}
|
||||
|
@ -164,59 +150,18 @@ class User {
|
|||
// Authenticate
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Authenticate() {
|
||||
public function Authenticate( $username, $password ) {
|
||||
|
||||
if( $this->username == "" || $this->password == "" ) {
|
||||
if( $username == "" || $password == "" ) {
|
||||
|
||||
exit( formatJSEND( "error", "Username or password can not be blank." ) );
|
||||
}
|
||||
|
||||
if( ! is_dir( SESSIONS_PATH ) ) {
|
||||
|
||||
mkdir( SESSIONS_PATH, 00755 );
|
||||
}
|
||||
|
||||
$permissions = array(
|
||||
"755",
|
||||
"0755"
|
||||
);
|
||||
|
||||
$server_user = posix_getpwuid( posix_geteuid() );
|
||||
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
|
||||
$sessions_owner = posix_getpwuid( fileowner( SESSIONS_PATH ) );
|
||||
|
||||
if( is_array( $server_user ) ) {
|
||||
|
||||
$server_user = $server_user["uid"];
|
||||
}
|
||||
|
||||
if( ! ( $sessions_owner === $server_user ) ) {
|
||||
|
||||
try {
|
||||
|
||||
chown( SESSIONS_PATH, $server_user );
|
||||
} catch( Exception $e ) {
|
||||
|
||||
exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
|
||||
}
|
||||
}
|
||||
|
||||
if( ! in_array( $sessions_permissions, $permissions ) ) {
|
||||
|
||||
try {
|
||||
|
||||
chmod( SESSIONS_PATH, 00755 );
|
||||
} catch( Exception $e ) {
|
||||
|
||||
exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
global $sql;
|
||||
$pass = false;
|
||||
$this->EncryptPassword();
|
||||
$query = "SELECT * FROM users WHERE username=? AND password=?;";
|
||||
$bind_variables = array( $this->username, $this->password );
|
||||
$bind_variables = array( $username, $password );
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
|
||||
/**
|
||||
|
@ -226,17 +171,17 @@ class User {
|
|||
if( ( strtolower( DBTYPE ) == "mysql" ) && empty( $return ) ) {
|
||||
|
||||
$query = "SELECT * FROM users WHERE username=? AND password=PASSWORD( ? );";
|
||||
$bind_variables = array( $this->username, $this->password );
|
||||
$bind_variables = array( $username, $password );
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
|
||||
if( ! empty( $return ) ) {
|
||||
|
||||
$query = "UPDATE users SET password=? WHERE username=?;";
|
||||
$bind_variables = array( $this->password, $this->username );
|
||||
$bind_variables = array( $password, $username );
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
|
||||
$query = "SELECT * FROM users WHERE username=? AND password=?;";
|
||||
$bind_variables = array( $this->username, $this->password );
|
||||
$bind_variables = array( $username, $password );
|
||||
$return = $sql->query( $query, $bind_variables, array() );
|
||||
}
|
||||
}
|
||||
|
@ -247,17 +192,15 @@ class User {
|
|||
$pass = true;
|
||||
$token = mb_strtoupper( strval( bin2hex( openssl_random_pseudo_bytes( 16 ) ) ) );
|
||||
$_SESSION['id'] = SESSION_ID;
|
||||
$_SESSION['user'] = $this->username;
|
||||
$_SESSION['user'] = $username;
|
||||
$_SESSION['user_id'] = $user["id"];
|
||||
$_SESSION['token'] = $token;
|
||||
$_SESSION['lang'] = $this->lang;
|
||||
$_SESSION['theme'] = $this->theme;
|
||||
$_SESSION["login_session"] = true;
|
||||
|
||||
$query = "UPDATE users SET token=? WHERE username=?;";
|
||||
$bind_variables = array( sha1( $token ), $this->username );
|
||||
$return = $sql->query( $query, $bind_variables, 0, 'rowCount' );
|
||||
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array(), 'rowCount' );
|
||||
$projects = $sql->query( "SELECT path FROM projects WHERE id = ?", array( $user["project"] ), array() );
|
||||
|
||||
if( isset( $user['project'] ) && $user['project'] != '' && ! empty( $projects ) ) {
|
||||
|
||||
|
@ -265,16 +208,9 @@ class User {
|
|||
$_SESSION['project_id'] = $user['project'];
|
||||
}
|
||||
|
||||
$this->checkDuplicateSessions( $this->username );
|
||||
}
|
||||
|
||||
if( $pass ) {
|
||||
|
||||
echo formatJSEND( "success", array( "username" => $this->username ) );
|
||||
} else {
|
||||
|
||||
echo formatJSEND( "error", "Incorrect Username or Password" );
|
||||
$this->checkDuplicateSessions( $username );
|
||||
}
|
||||
return $pass;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -356,10 +292,9 @@ class User {
|
|||
// Create Account
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
public function Create() {
|
||||
public function Create( $username, $password ) {
|
||||
|
||||
$this->EncryptPassword();
|
||||
$this->add_user();
|
||||
$this->add_user( $username, $password );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
@ -375,9 +310,9 @@ class User {
|
|||
// Encrypt Password
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
||||
private function EncryptPassword() {
|
||||
private function encrypt_password( $password ) {
|
||||
|
||||
$this->password = sha1( md5( $this->password ) );
|
||||
return sha1( md5( $password ) );
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
@ -421,11 +356,11 @@ class User {
|
|||
}
|
||||
}
|
||||
|
||||
public function update_access() {
|
||||
public function update_access( $username, $access ) {
|
||||
|
||||
global $sql;
|
||||
$query = "UPDATE users SET access=? WHERE username=?;";
|
||||
$bind_variables = array( $this->access, $this->username );
|
||||
$bind_variables = array( $access, $username );
|
||||
$return = $sql->query( $query, $bind_variables, 0, "rowCount" );
|
||||
|
||||
if( $return > 0 ) {
|
||||
|
@ -433,7 +368,7 @@ class User {
|
|||
echo formatJSEND( "success", "Updated access for {$this->username}" );
|
||||
} else {
|
||||
|
||||
echo formatJSEND( "error", "Error updating project" );
|
||||
echo formatJSEND( "error", "Error updating access" );
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -36,22 +36,73 @@ if($_GET['action']=='authenticate') {
|
|||
die( formatJSEND( "error", "Missing username or password" ) );
|
||||
}
|
||||
|
||||
$User->username = User::CleanUsername( $_POST['username'] );
|
||||
$User->password = $_POST['password'];
|
||||
$username = User::CleanUsername( $_POST['username'] );
|
||||
$password = $User->encrypt_password( $_POST['password'] );
|
||||
|
||||
// check if the asked languages exist and is registered in languages/code.php
|
||||
require_once '../../languages/code.php';
|
||||
if( isset( $languages[$_POST['language']] ) ) {
|
||||
|
||||
$User->lang = $_POST['language'];
|
||||
$lang = $_POST['language'];
|
||||
} else {
|
||||
|
||||
$User->lang = 'en';
|
||||
$lang = 'en';
|
||||
}
|
||||
|
||||
// theme
|
||||
$User->theme = $_POST['theme'];
|
||||
$User->Authenticate();
|
||||
$theme = $_POST['theme'];
|
||||
$permissions = array(
|
||||
"755",
|
||||
"0755"
|
||||
);
|
||||
|
||||
if( ! is_dir( SESSIONS_PATH ) ) {
|
||||
|
||||
mkdir( SESSIONS_PATH, 00755 );
|
||||
}
|
||||
|
||||
$server_user = getmyuid();
|
||||
$sessions_permissions = substr( sprintf( '%o', fileperms( SESSIONS_PATH ) ), -4 );
|
||||
$sessions_owner = fileowner( SESSIONS_PATH );
|
||||
|
||||
if( is_array( $server_user ) ) {
|
||||
|
||||
$server_user = $server_user["uid"];
|
||||
}
|
||||
|
||||
if( ! ( $sessions_owner === $server_user ) ) {
|
||||
|
||||
try {
|
||||
|
||||
chown( SESSIONS_PATH, $server_user );
|
||||
} catch( Exception $e ) {
|
||||
|
||||
exit( formatJSEND("error", "Error, incorrect owner of sessions folder. Expecting: $server_user, Recieved: " . $sessions_owner ) );
|
||||
}
|
||||
}
|
||||
|
||||
if( ! in_array( $sessions_permissions, $permissions ) ) {
|
||||
|
||||
try {
|
||||
|
||||
chmod( SESSIONS_PATH, 00755 );
|
||||
} catch( Exception $e ) {
|
||||
|
||||
exit( formatJSEND("error", "Error, incorrect permissions on sessions folder. Expecting: 0755, Recieved: " . $sessions_permissions ) );
|
||||
}
|
||||
}
|
||||
|
||||
$pass = $User->Authenticate( $username, $password );
|
||||
|
||||
if( $pass ) {
|
||||
|
||||
$_SESSION['lang'] = $lang;
|
||||
$_SESSION['theme'] = $theme;
|
||||
exit( formatJSEND( "success", array( "username" => $this->username ) ) );
|
||||
} else {
|
||||
|
||||
exit( formatJSEND( "error", "Incorrect Username or Password" ) );
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////
|
||||
|
@ -86,9 +137,9 @@ if( $_GET['action'] == 'create' ) {
|
|||
exit( formatJSEND( "error", "Invalid characters in username" ) );
|
||||
}
|
||||
|
||||
$User->username = User::CleanUsername( $_POST['username'] );
|
||||
$User->password = $_POST['password'];
|
||||
$User->Create();
|
||||
$username = User::CleanUsername( $_POST['username'] );
|
||||
$password = $User->encrypt_password( $_POST['password'] );
|
||||
$User->Create( $username, $password );
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -174,7 +225,7 @@ if( $_GET['action'] == 'update_access' ) {
|
|||
|
||||
checkSession();
|
||||
|
||||
if( ! isset( $_GET['access'] ) || ! isset( $_GET['username'] ) ) {
|
||||
if( ! isset( $_POST['access'] ) || ! isset( $_POST['user'] ) ) {
|
||||
|
||||
die( formatJSEND( "error", "Could not update access." ) );
|
||||
}
|
||||
|
@ -184,7 +235,10 @@ if( $_GET['action'] == 'update_access' ) {
|
|||
die( formatJSEND( "error", "You do not have permission to update user's access." ) );
|
||||
}
|
||||
|
||||
$User->username = $_GET["username"];
|
||||
$User->access = $_GET["access"];
|
||||
$User->update_access();
|
||||
if( ! in_array( $_POST["access"], array_keys( Permissions::SYSTEM_LEVELS ) ) ) {
|
||||
|
||||
exit( formatJSEND( "error", "Invalid access level specified." ) );
|
||||
}
|
||||
|
||||
$User->update_access( $_POST["user"], $_POST["access"] );
|
||||
}
|
||||
|
|
|
@ -72,10 +72,10 @@ switch($_GET['action']){
|
|||
<td width="75">
|
||||
<select onchange="codiad.user.update_access( event, '<?php echo( $data['username'] ); ?>' )">
|
||||
<?php
|
||||
foreach( User::ACCESS as $role ) {
|
||||
foreach( Permissions::SYSTEM_LEVELS as $role => $id ) {
|
||||
|
||||
?>
|
||||
<option value="<?php echo $role;?>" <?php if( $data["access"] == $role ) { echo 'selected="selected"'; }?>><?php echo i18n( $role );?></option>
|
||||
<option value="<?php echo $id;?>" <?php if( $data["access"] == $id ) { echo 'selected="selected"'; }?>><?php echo i18n( $role );?></option>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -266,7 +266,7 @@
|
|||
$.get(this.controller + '?action=project&project=' + project);
|
||||
},
|
||||
|
||||
update_access: function( e, username=null ) {
|
||||
update_access: function( e, username ) {
|
||||
|
||||
let access = "";
|
||||
|
||||
|
@ -278,7 +278,10 @@
|
|||
access = e.target.value;
|
||||
}
|
||||
|
||||
$.get( this.controller + `?action=update_access&username=${username}&access=${access}`, function( data ) {
|
||||
$.post( this.controller + `?action=update_access`, {
|
||||
username: username,
|
||||
access: access,
|
||||
}, function( data ) {
|
||||
|
||||
let response = codiad.jsend.parse( data );
|
||||
if( response != 'error' ) {
|
||||
|
|
Loading…
Reference in a new issue