phowell
/
dir
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
dir/old/dir_api.20211021php

823 lines
30 KiB
Plaintext
Raw Blame History

<?php
$DEBUG = 0;
function p($s) { echo "<p>{$s}</p>\n"; }
function p2($val){ echo '<pre>'; print_r($val); echo "</pre>\n"; }
function d_err($s) { global $DEBUG; if ($DEBUG) { p($s); } }
include('underscore.php');
////////////////////
////////////////////
//
// PHP SESSIONS .... needed?
//
/*
header("Access-Control-Allow-Credentials: true");
header("Access-Control-Allow-Methods: get,post");
header("Access-Control-Allow-Headers: Content-Type, Accept");
session_start();
function logout() { session_destroy(); }
*/
////////////////////
////////////////////
//
// DATABASE
//
// Yes, there's two different databases.
//
// $c = gavi_db
// $c2 = PeterDB
//
// Why? Just to keep you on your toes.
//
// The $j argument is true for a json result, or false for a raw db object result.
//
$DBServer = 'localhost'; $DBUser = 'www';
$DBPass = '@$df'; $DBName = 'gavi_db';
$c = new mysqli($DBServer, $DBUser, $DBPass, $DBName);
if ($c->connect_error) { die('Database connection failed: ' . $c->connect_error ); }
if (!mysqli_select_db($c, $DBName)) { die("Uh oh, couldn't select database $DBName"); }
$c2 = new mysqli($DBServer, "phowell", 'p^howell', 'PeterDB');
if ($c2->connect_error) { die('Database connection failed: ' . $c2->connect_error ); }
if (!mysqli_select_db($c2, 'PeterDB')) { die("Uh oh, couldn't select database 'PeterDB'"); }
// Generic string cleaner
function ok($str) { global $c; return mysqli_real_escape_string($c, strip_tags($str, '<p><br><ul><ol><li><b><i><strong><em>')); }
// 1. lookups, like a username
function single_row_select($qry, $j=1, $c) {
$r = mysqli_query($c, $qry); d_err($qry);
$e = mysqli_error($c); if($e) { d_err("sql error: " . $e ); }
$a = mysqli_fetch_assoc($r);
$e = mysqli_error($c); if($e) { d_err("sql error: " . $e ); }
if (! $j) { return $a; } return json_encode($a); }
// 1a. inserts
function single_row_insert($qry, $j=1, $c) {
$r = mysqli_query($c, $qry); d_err($qry);
$e = mysqli_error($c); if($e) { d_err("sql error: " . $e ); }
$a = mysqli_fetch_assoc($c);
$e = mysqli_error($c); if($e) { d_err("sql error: " . $e ); }
if (! $j) { return $a; } return json_encode($a); }
// 2. grid or fancier joins, like get all sessions, rosters, todos, etc
function multi_row_select($qry, $j=1, $db) {
$rows = array();
$result = mysqli_query($db, $qry);
while($r = mysqli_fetch_assoc($result)) { $rows[] = $r; }
if (! $j) { return $rows; } return json_encode( $rows); }
// 3. Check if an entry exists
function does_exist($qry, $full_record=0, $db) { global $c, $c2;
$r = mysqli_query($db, $qry);
$a = mysqli_num_rows($r);
$row = mysqli_fetch_array($r, MYSQLI_NUM);
$id = $row[0]; // getting the id of that which exists... assuming first column has it.
d_err("does exist: {$a}");
$e = mysqli_error($db); if($e) { d_err("sql error: " . $e); }
if ($a && $full_record) { return $row; } if ($a) { return $id; } return 0; }
////////////////////
////////////////////
//
// SSO
//
// Set GLOBAL VARS corresponding to current logged in user.
// They may only edit their own dir info.
//
$server = $_SERVER['SERVER_NAME'];
if ( preg_match('/intranet1/', $server )) {
require 'mAuth.php';
$USER_TYPE = $attributes['http://wso2.org/claims/Roles'][0];
$USER_GOO = $attributes['http://wso2.org/claims/uid'][0];
$USER_EMAIL = strtolower($attributes['http://wso2.org/claims/emailaddress'][0]);
/*$USER_TYPE = "FACULTY"; //$attributes['http://wso2.org/claims/Roles'][0];
$USER_GOO = "G00102586"; //$attributes['http://wso2.org/claims/uid'][0];
$USER_EMAIL = "phowell@gavilan.edu"; //$attributes['http://wso2.org/claims/emailaddress'][0];
$status = "<b>ID:</b>{$USER_GOO}<br />";
$status .= "<b>Email:</b>{$USER_EMAIL}<br />";
$status .= "<b>Employee type:</b>{$USER_TYPE}<br />";
d_err($status); */
} else {
echo json_encode( array("result"=>"not on intranet1") );
//exit();
$USER = 0;
$USER_NAME = 0;
$USER_PERS_ID = 0;
$USER_CONF_U_ID = 0;
$USER_PERS_EXT_ID = 0;
}
// Current academic year
$AY = single_row_select("SELECT * FROM conf_academicyears WHERE label='2021-2022';",0, $c2);
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
// Fetching a person's records
//
// 1. use their email to lookup PERSONNEL
// - basic directory info
//
// 2. use their email to lookup CONF_USERS
// - flex app, workshop signups
//
// 3. use conf_users.id to lookup in gavi_personnel_ext.c_users
// - goo, depts, job title, image active
//
// 4. use personnel.id to lookup [webpages, welcomepages, etc]
function user_record() { global $USER, $USER_EMAIL, $USER_NAME, $USER_PERS_ID, $USER_CONF_U_ID, $USER_PERS_EXT_ID, $c, $c2;
$q1 = "SELECT last_name, first_name, department, extension, phone_number, LOWER(email) AS email, room, user_id, time_updated, id, web_on FROM personnel WHERE email='" . $USER_EMAIL . "'";
//p2($q1);
$usr_dir = single_row_select($q1, 0, $c);
//p2($usr_dir);
$q2 = "SELECT id AS id_c_users, goo, LOWER(email) AS email_c_users, name, active FROM conf_users WHERE LOWER(email)='" . $USER_EMAIL . "'";
//p2($q2);
$usr_conf = single_row_select($q2, 0, $c2);
//p2($usr_conf);
$mega = __::extend( (object) $usr_dir, (object) $usr_conf );
$q3 = 'SELECT id AS ext_id, personnel AS personnel_id, role, goo_short, c_users AS c_users_id_ext, ilearn_id, sched_alias, dept1, dept2, gtitle, active, use_dir_photo, general_photo_release, etc FROM gavi_personnel_ext WHERE c_users=' . $mega->id_c_users;
//p2($q3);
$usr_ext = single_row_select($q3,0,$c2);
//p2($usr_ext);
$mega = __::extend( (object) $mega, (object) $usr_ext );
$q4 = 'SELECT person, officehours, title, picture, education, bio, courses, personal_page, changed FROM webpages WHERE person=' . $mega->id; // personnel=1');
//p2($q3);
$usr_web = single_row_select($q4,0,$c);
//p2($usr_ext);
$mega = __::extend( (object) $mega, (object) $usr_web );
$USER = $mega;
}
if ($USER_EMAIL) { user_record(); }
// //
// //
// // LOG ENTRIES
// //
// //
// Enter or get browser log entry
function insert_or_get_browser($b) {
global $c2;
$BROWSER = ok($b);
$existing = does_exist( "SELECT id FROM www_browsers WHERE string='$BROWSER'", 0, $c2);
if ($existing) {
return $existing;
} else {
$q = "INSERT INTO www_browsers (string) VALUES ('$BROWSER')";
single_row_select($q,0,$c2);
return does_exist( "SELECT id FROM www_browsers WHERE string='$BROWSER'",0,$c2);
}
return 0; }
// Log everything!
function log_it($action,$extra='') {
global $USER, $c2;
if (! $USER) {
$USER = array( 'name'=>'unknown', 'id'=>-1 ); }
$user_browser = $_SERVER['HTTP_USER_AGENT'];
$user_ip = $_SERVER['REMOTE_ADDR'];
$BROWSER = insert_or_get_browser($user_browser);
$ACTION = ok($action);
$EXTRA = ok($extra);
//$id = ok($_POST['id']);
$qupdate = "INSERT INTO gavi_logs SET action='{$action}', personnel_id='{$USER->id}', name='{$USER->name}', extra='{$EXTRA}', browser=$BROWSER, ip='$user_ip'";
single_row_select($qupdate,0,$c2);
return array("result"=>"success","action"=>"logged","query"=>$qupdate,"err"=>mysqli_error($c2));
}
function unescape_commas($s) { return preg_replace('/\[CMA\]/', ',', $s); }
function name_to_lc($fn,$ln) {
$fn = str_replace( array( '-', ' '), '', strtolower($fn) );
$ln = str_replace( array( '-', ' '), '', strtolower($ln) );
return $fn . "_" . $ln;
}
function name_to_file($fn,$ln) {
$fn = str_replace( array( '-', ' '), '', strtolower($fn) );
$ln = str_replace( array( '-', ' '), '', strtolower($ln) );
return $fn . "_" . $ln . ".jpg";
}
function check_dir_photo($fn,$ln) { global $USER;
$filename = name_to_file( $fn,$ln );
$path = '/gavilan.edu/staff/images_sm/' . $filename;
$dir_pic_exists = 0;
$dir_pic_path = 'images_sm/nobody.jpg';
if (file_exists($path)) {
$dir_pic_exists = 1;
$dir_pic_path = 'images_sm/' . $filename; }
$USER->dir_pic_exists = $dir_pic_exists;
$USER->dir_pic_path = $dir_pic_path;
return $dir_pic_exists;
}
check_dir_photo($USER->first_name, $USER->last_name);
//
//
//
////////////////////
////////////////////
//require __DIR__ . '/vendor/autoload.php';
// Sample URL
//
// https://www.gavilan.edu/staff/dir_api.php?a=update&cols=name,msg&vals=peter,hello
//
// https://intranet1.gavilan.edu/dir/dir_api.php?a=update&cols=name,msg&vals=peter,hello
/*
NEXT STEPS:
- figure out permissions system
- which means knowing dept / hierarchy
- which means cross referencing PERSONNEL and EXT and CONF_USERS.....
## Permissions summary
0. There is a list of table+column combos that users are allowed to edit.
0.5 An activity "belongs" to the user who owns it (or created it).
1. Simple cases:
- current user is updating their own (allowable) record. Allow.
2. Superuser:
- current user is executive, hr, it, or root. (7,2,8,3) Allow.
3. User is "Dept Editor" (4) and
-is updating a record belonging to someone in their dept. Allow.
4. Harder: Updating events
5. Updating attendance, approvals, or other restricted tables. Only FPLC (1) or superusers.
*/
function check_permission( $acting_user, $target_user, $table ) {
// TODO
return true;
}
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// Everyone. Basic dir. Include status==0 which is unpublished.
function staff_dir() { global $c;
return multi_row_select('SELECT first_name,last_name,department,status, room,phone_number,email,web_on,id FROM personnel',1, $c);
// WHERE status IS null OR status=1
}
// Everyone. Basic dir
function staff_dir_ext() { global $c;
//return multi_row_select('SELECT p.first_name,p.last_name,p.department,p.status, p.room,phone_number,p.email,p.web_on, p.id, e.id AS ext_id, e.role, e.goo_short, e.c_users AS c_users_id_ext, e.ilearn_id, e.sched_alias, e.dept1, e.dept2, e.gtitle, e.active, e.use_dir_photo, e.general_photo_release, e.dir_photo_path, e.etc FROM gavi_db.personnel p LEFT JOIN PeterDB.gavi_personnel_ext e ON p.id=e.personnel ORDER BY p.last_name LIMIT 5000',1, $c);
return multi_row_select('SELECT p.first_name,p.last_name,p.department,p.status, p.room,phone_number,p.email,p.web_on, p.id, e.id AS ext_id, e.role, e.goo_short, e.c_users AS c_users_id_ext, e.ilearn_id, e.sched_alias, e.dept1, e.dept2, e.gtitle, e.active, e.use_dir_photo, e.general_photo_release, e.dir_photo_path, e.etc, c.id AS conf_id, c.goo AS conf_goo, c.name AS conf_name FROM gavi_db.personnel p LEFT JOIN PeterDB.gavi_personnel_ext e ON p.id=e.personnel LEFT JOIN PeterDB.conf_users c ON LOWER(p.email)=LOWER(c.email) ORDER BY p.last_name LIMIT 5000',1, $c);
// WHERE p.status IS null OR p.status=1
}
if (isset($_REQUEST['a']) && $_REQUEST['a']=='list') {
echo staff_dir_ext(); exit(); }
// TODO what about people who don't have all three rows?
//
//
//
//
//
//
//
// Helper tables
function sub_menus() { global $c2;
$ddd = multi_row_select('SELECT * FROM gavi_departments ORDER BY name',0, $c2);
$ttt = multi_row_select('SELECT * FROM gavi_titles ORDER BY name',0, $c2);
$rrr = multi_row_select("SELECT * FROM gavi_roles ORDER BY 'descr'",0, $c2);
$ccc = multi_row_select('SELECT * FROM gavi_committees ORDER BY name',0, $c2);
return json_encode( array( 'departments'=>$ddd, 'titles'=>$ttt, 'roles'=>$rrr, 'committees'=>$ccc ) );
exit();
}
if (isset($_REQUEST['a']) && $_REQUEST['a']=='menus') {
echo sub_menus(); exit(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// GET LIST OF ALL SESSIONS / WORKSHOPS / EVENTS
//
function get_sessions() {
global $c2, $AY;
echo json_encode( multi_row_select("SELECT c.id,c.title,c.desc,c.length,c.starttime,c.track,c.location,c.gets_survey,c.category,c.parent,c.recording,c.instructions,c.image_url,c.is_flex_approved,c.cal_uid,sst.type,sst.id AS typeId, GROUP_CONCAT(ctg.tag) AS tags FROM conf_sessions c JOIN conf_sessiontypes sst ON c.type=sst.id LEFT JOIN conf_tagmember ct ON c.id=ct.session LEFT JOIN conf_tags ctg ON ctg.id=ct.tag WHERE c.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) GROUP BY c.id ORDER BY c.track, c.starttime;",0, $c2)); exit(); }
if (isset($_GET['a']) && $_GET['a'] == 'get/sessions') { get_sessions(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// LIST THE CURRENT USER'S SIGNED UP, (OR HOSTING,) SESSIONS / WORKSHOPS / EVENTS
//
function get_user_sessions() {
global $c2, $AY, $USER;
$my_sessions = multi_row_select("SELECT c.id,c.title,c.desc,c.length,c.starttime,c.track,c.location,c.gets_survey,c.category,c.parent,c.recording,c.instructions,c.image_url,c.is_flex_approved,sst.type,sst.id AS typeId, GROUP_CONCAT(ctg.tag) AS tags FROM conf_sessions c JOIN conf_signups as sup on c.id=sup.session JOIN conf_hosts as h ON h.session=c.id JOIN conf_sessiontypes sst ON c.type=sst.id LEFT JOIN conf_tagmember ct ON c.id=ct.session LEFT JOIN conf_tags ctg ON ctg.id=ct.tag WHERE (h.host='{$USER->id_c_users}' OR sup.user='{$USER->id_c_users}') AND c.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) GROUP BY c.id ORDER BY c.track, c.starttime;",0,$c2);
echo json_encode($my_sessions);
exit(); }
if (isset($_GET['a']) && $_GET['a'] == 'get/mysessions') { get_user_sessions(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// SIGNUP for (possibly overlapping time) session ...
//
function signup() {
global $c2, $AY, $USER;
preg_match('/signup\/(\d+)$/', $_GET['a'], $matches);
$ses = $matches[1];
$ts = date("Y-m-d H:i:s");
$logaction = log_it("Signed up for session: {$ses}");
$existing = does_exist(
"SELECT i.id FROM conf_signups AS i JOIN conf_sessions AS s ON i.session=s.id WHERE s.id={$ses} AND i.user={$USER->id_c_users}",0,$c2);
if ($existing) {
$qupdate = "UPDATE conf_signups SET session={$ses}, timestamp='{$ts}' WHERE session={$ses} AND user={$USER->id_c_users}";
single_row_select($qupdate,1,$c2);
echo json_encode( array("result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$qupdate,"err"=>mysqli_error($c2)));
} else {
$q = "INSERT INTO conf_signups (session,user,timestamp) VALUES ({$ses},{$USER->id_c_users},'{$ts}')";
single_row_select($q,1,$c2);
echo json_encode( array("result"=>"success","action"=>"inserted","logaction"=>$logaction, "ses"=>$_SESSION,"query"=>$q,"err"=>mysqli_error($c2)));
} exit(); }
if (isset($_GET['a']) && preg_match('/signup\/(\d+)$/', $_GET['a'], $matches)) { signup(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// CANCEL a signup
//
function signdown() {
global $c2, $AY, $USER;
preg_match('/signdown\/(\d+)$/', $_GET['a'], $matches);
$ses = $matches[1];
$q = "DELETE FROM conf_signups WHERE session={$ses} AND user={$USER->id_c_users}";
single_row_select($q,1,$c2);
$logaction = log_it("Canceled signup for session: $ses");
echo json_encode( array("result"=>"success","action"=>"deleted","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c2)));
exit(); }
if (isset($_GET['a']) && preg_match('/signdown\/(\d+)$/', $_GET['a'], $matches)) { signdown(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// NEW SESSION
//
function new_session() {
global $c2, $AY, $USER;
$title = ok($_POST['title']); $starttime = ok($_POST['starttime']);
$length = ok($_POST['length']); if ($length=='') { $length=1; }
$track = ok($_POST['track']); $gets_survey = ok($_POST['gets_survey']);
$is_flex_approved = ok($_POST['is_flex_approved']); $category = ok($_POST['title']);
if ($category=='') { $category=0; }
$author = ok($_POST['author']); if ($author=='') { $author=1; } // $USER->id_c_users; }
$is_custom = ok($_POST['is_custom']); $parent = ok($_POST['parent']);
$desc = ok($_POST['desc']); $location = ok($_POST['location']);
$recording = ok($_POST['recording']); $instructions = ok($_POST['instructions']);
$type = ok($_POST['type']); if ($type=='') { $type=19; }
$cal_uid = ok($_POST['cal_uid']);
$q = "INSERT INTO conf_sessions (`title`,`starttime`,`length`,`track`,`gets_survey`,`is_flex_approved`,`category`,`author`,`is_custom`,`parent`,`desc`,`location`,`recording`,`instructions`,`type`,`cal_uid`) VALUES ('{$title}', '{$starttime}', '{$length}', '{$track}', '{$gets_survey}', '{$is_flex_approved}', '{$category}', '{$author}', '{$is_custom}', '{$parent}', '{$desc}', '{$location}', '{$recording}', '{$instructions}', '{$type}', '{$cal_uid}');";
$ins = single_row_insert($q,0,$c2);
$logaction = log_it("created new session: {$title}");
echo json_encode( array("result"=>"success","action"=>"inserted new session","insert"=>$ins, "query"=>$q,"logaction"=>$logaction,"err"=>mysqli_error($c2)));
exit(); }
if (isset($_REQUEST['a']) && $_REQUEST['a']=='set/newsession') { new_session(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// Editing of session info
//
function set_sessioninfo() {
global $c, $c2, $AY, $USER;
$table = 'conf_sessions';
if (isset($_POST['id'])) {
$ID = ok($_REQUEST['id']);
if (! check_permission( $USER->id, $ID, $table)) {
echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") );
exit();
} else {
$logaction = log_it("edited session id: {$ID}");
$WHERECLAUSE = " WHERE id={$ID}";
$date = date('Y-m-d H:i:s');
$cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']);
$vals = __::map($vals, unescape_commas);
$cv = __::zip($cols,$vals);
$q = __::reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . ok($a[1]) . "', "; }, "UPDATE {$table} SET ");
$q = substr($q, 0, -2);
$q .= $WHERECLAUSE;
single_row_select($q,0,$c1);
echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c2)));
}
} else {
echo json_encode( array("result"=>"fail", "err"=>"no activity id specified") ); }
exit();
}
/*$title = ok($_POST['title']);
$desc = ok($_POST['desc']);
$location = ok($_POST['location']);
$recording = ok($_POST['recording']);
$instructions = ok($_POST['instructions']);
$id = ok($_POST['id']);
$qupdate = "UPDATE conf_sessions SET title='$title', `desc`='$desc', location='$location', recording='$recording', instructions='$instructions' WHERE id=$id";
single_row_select($qupdate,0,$c2);
$logaction = log_it("edited session id: {$id}");
echo json_encode( array("result"=>"success","action"=>"updated","logaction"=>$logaction,"query"=>$qupdate,"err"=>mysqli_error($c2)));
//print_r($_POST);
exit();}
*/
//if (isset($_POST['a']) && $_POST['a']=='update/activity') { set_sessioninfo(); }
if (isset($_REQUEST['a']) && $_REQUEST['a']=='update/activity') { set_sessioninfo(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// update a name, lname, dept, phone, extension, email, type, room, status, user_id, or web_on
function update_dir() {
global $USER, $c, $c2;
$WHERECLAUSE = " WHERE id={$USER->id}";
if (isset($_POST['id'])) { // editing another person's data
if (! check_permission( $USER->id, $_POST['id'], 'personnel')) {
echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") );
exit();
} else {
$logaction = log_it("updating personnel record of personnel id {$_POST['id']}");
$WHERECLAUSE = " WHERE id={$_POST['id']}";
}
} else {
$logaction = log_it("updating personnel record");
}
// date modified is now
$date = date('Y-m-d H:i:s');
$cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']);
$vals = __::map($vals, unescape_commas);
$cv = __::zip($cols,$vals);
$q = __::reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . ok($a[1]) . "', "; }, "UPDATE personnel SET ");
//$q = substr($q, 0, -2);
$q .= "time_updated='" . $date . "'";
$q .= $WHERECLAUSE;
if ($USER->id) {
single_row_select($q,0,$c);
echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c)));
}
else {
$logaction2 = log_it("failed to update personnel record");
echo json_encode( array("result"=>"fail", "err"=>"dont have an id for user") );
}
exit();
}
//if (isset($_POST['a']) && $_POST['a']=='update') { update_dir(); }
if (isset($_REQUEST['a']) && $_REQUEST['a']=='update') { update_dir(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// update goo, dept1/dept2, title, active, use_dir_photo
function update_dir_ext() {
global $USER, $c, $c2;
$WHERECLAUSE = " WHERE id={$USER->ext_id}";
if (isset($_POST['id'])) { // editing another person's data
if (! check_permission( $USER->id, $_POST['id'], 'personnel')) {
echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") );
exit();
} else {
$logaction = log_it("updating personnel_ext record of personnel id {$_POST['id']}");
$WHERECLAUSE = " WHERE id={$_POST['id']}";
}
} else {
$logaction = log_it("updating personnel_ext record");
}
// date modified is now
$date = date('Y-m-d H:i:s');
$cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']);
$vals = __::map($vals, unescape_commas);
$cv = __::zip($cols,$vals);
$q = __::reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . ok($a[1]) . "', "; }, "UPDATE gavi_personnel_ext SET ");
$q = substr($q, 0, -2);
$q .= $WHERECLAUSE;
if ($USER->ext_id) {
single_row_select($q,0,$c2);
echo json_encode( array("result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c2)));
}
else {
$logaction2 = log_it("failed to update gavi_personnel_ext record. dont have id for user.",var_dump($USER) );
echo json_encode( array("result"=>"fail", "err"=>"dont have an id for user") );
}
exit();
}
//if (isset($_POST['a']) && $_POST['a']=='update_xt') { update_dir_ext(); }
if (isset($_REQUEST['a']) && $_REQUEST['a']=='update_xt') { update_dir_ext(); }
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
// // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // //
//
// update person, officehours, title, picture, education, bio, courses, personal_page, changed
function update_webpage() {
global $USER_PERS_ID, $USER, $c, $c2;
$WHERECLAUSE = " WHERE person={$USER->id}";
if (isset($_POST['id'])) { // editing another person's data
if (! check_permission( $USER->id, $_POST['id'], 'personnel')) {
echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") );
exit();
} else {
$logaction = log_it("updating bio webpage record of personnel id {$_POST['id']}");
$WHERECLAUSE = " WHERE person={$_POST['id']}";
}
} else {
$logaction = log_it("updating bio webpage record");
}
$date = date('Y-m-d H:i:s');
$cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']);
$vals = __::map($vals, unescape_commas);
$cv = __::zip($cols,$vals);
$q = __::reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . ok($a[1]) . "', "; }, "UPDATE webpages SET ");
$q .= "changed='" . $date . "'";
$q .= $WHERECLAUSE;
if ($USER->id) {
single_row_select($q,0,$c);
echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c)));
}
else {
$logaction2 = log_it("failed to update bio webpage record");
echo json_encode( array("result"=>"fail", "err"=>"dont have an id for user") );
}
exit();
}
//if (isset($_POST['a']) && $_POST['a']=='update_web') { update_webpage(); }
if (isset($_REQUEST['a']) && $_REQUEST['a']=='update_web') { update_webpage(); }
function handle_pic_upload() { global $USER;
$uploaddir = '/gavilan.edu/staff/uploads/';
$date = date('Ymd_Hi');
$uploadfile = $uploaddir . name_to_lc($USER->first_name,$USER->last_name) . "_" . $date . "_" . basename($_FILES['file']['name']);
echo '<pre>';
if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) {
echo "File is valid, and was successfully uploaded.\n";
} else {
echo "Possible file upload attack!\n";
}
echo 'Here is some more debugging info:';
print_r($_FILES);
print "</pre>";
}
//if (isset($_POST['a']) && $_POST['a']=='update_web') { update_webpage(); }
//if (isset($_REQUEST['file'])) { handle_pic_upload(); }
if (isset($_FILES['file'])) { handle_pic_upload(); }
function get_a_user($user_email) { global $c, $c2;
$q1 = "SELECT last_name, first_name, department, extension, phone_number, email, room, user_id, time_updated, id, web_on FROM personnel WHERE email='" . $user_email . "'";
//p2($q1);
$usr_dir = single_row_select($q1, 0, $c);
//p2($usr_dir);
$q2 = "SELECT id AS id_c_users, goo, email AS email_c_users, name, active FROM conf_users WHERE email='" . $user_email . "'";
//p2($q2);
$usr_conf = single_row_select($q2, 0, $c2);
//p2($usr_conf);
$mega = __::extend( (object) $usr_dir, (object) $usr_conf );
$q3 = 'SELECT id AS ext_id, personnel AS personnel_id, goo_short, c_users AS c_users_id_ext, ilearn_id, sched_alias, dept1, dept2, title, active, use_dir_photo, etc FROM gavi_personnel_ext WHERE personnel=' . $mega->id;
//p2($q3);
$usr_ext = single_row_select($q3,0,$c2);
//p2($usr_ext);
$mega = __::extend( (object) $mega, (object) $usr_ext );
$q4 = 'SELECT person, officehours, title, picture, education, bio, courses, personal_page, changed FROM webpages WHERE person=' . $mega->id; // personnel=1');
//p2($q3);
$usr_web = single_row_select($q4,0,$c);
//p2($usr_ext);
$mega = __::extend( (object) $mega, (object) $usr_web );
if (!isset($mega->use_dir_photo)) {
$mega->pic_exists = check_dir_photo($mega->first_name, $mega->last_name);
if ($mega->pic_exists) {
$filename = "images_sm/" . name_to_file( $mega->first_name, $mega->last_name );
$mega->bbqueryfix = "UPDATE gavi_personnel_ext SET use_dir_photo=1, dir_photo_path='{$filename}' WHERE id='{$mega->ext_id}'";
} else {
$mega->bbqueryfix = "UPDATE gavi_personnel_ext SET use_dir_photo=0 WHERE id='{$mega->ext_id}'";
}
}
if (! isset($mega->ext_id)) {
$mega->aaqueryfix = "INSERT INTO gavi_personnel_ext (personnel) VALUES('{$mega->id}')"; }
elseif ($mega->id && ! $mega->personnel_id) {
$mega->aaqueryfix = "UPDATE gavi_personnel_ext SET personnel='{$mega->id}' WHERE id='{$mega->ext_id}'"; }
return $mega;
}
function insert_c2($q) {
global $c2;
$result = single_row_insert($q,0,$c2);
return $result; }
function merge_tables() { global $c;
$all_personnel = multi_row_select('SELECT first_name,last_name,department,room,phone_number,email,web_on,id FROM personnel WHERE status IS null OR status=1',0, $c);
$emails = __::pluck($all_personnel, 'email');
//echo json_encode($emails);
//exit();
//$emails = array_slice($emails, 0, 10);
$full = __::map( $emails, get_a_user );
//echo json_encode($full);
//$results = __::map( __::pluck($full,'aaqueryfix'), insert_c2);
//$results = __::pluck($full,'bbqueryfix');
//$results = __::map( $results, insert_c2);
echo json_encode( $full );
exit();
}
if (isset($_REQUEST['merge'])) { merge_tables(); }
//echo json_encode($_FILES);
//echo json_encode($_REQUEST);
// If no arguments were given:
if ($USER_EMAIL) {
// log it as an access
$logaction = log_it("accessed personnel record editor");
$USER->logresult = $logaction;
// Default case is current user data to be embedded in editor page
echo json_encode($USER);
} else {
echo json_encode( array("result"=>"not logged in") );
exit();
}
?>
Reference in New Issue View Git Blame Copy Permalink