getConnection(); $DEBUG = 0; // _ _ _____ _______ _ // | | | | | __ \ /\|__ __|/\ | | // | |_| |__ ___ | | | | / \ | | / \ | |__ __ _ ___ ___ // | __| '_ \ / _ \ | | | |/ /\ \ | | / /\ \ | '_ \ / _` / __|/ _ \ // | |_| | | | __/ | |__| / ____ \| |/ ____ \| |_) | (_| \__ \ __/ // \__|_| |_|\___| |_____/_/ \_\_/_/ \_\_.__/ \__,_|___/\___| // // // // The $j argument is true for a json result, or false for a raw db object result. // /** $TESTSITE = 0; if ($TESTSITE) { $DBUser2 = 'phowell'; $DBServer = '192.168.1.6'; $DBPass2 = 'rolley34'; $DBName2 = 'db'; } else { $DBUser2 = 'phowell'; $DBServer = 'localhost'; $DBPass2 = 'p^howell'; $DBName2 = 'PeterDB'; } /* # not using www account anymore $c = new mysqli($DBServer, $DBUser, $DBPass, $DBName); if ($c->connect_error) { die('Database connection failed: ' . $c->connect_error ); } if (!mysqli_select_db($c, $DBName)) { die("Uh oh, couldn't select database $DBName"); } */ //$c = new mysqli($DBServer, $DBUser2, $DBPass2, $DBName2); if ($c->connect_error) { die('Database connection failed: ' . $c->connect_error ); } //if (!mysqli_select_db($c, $DBName2)) { die("Uh oh, couldn't select database 'PeterDB'"); } mysqli_set_charset($c, 'utf8'); include('underscore.php'); $_ = new __(); // _ _ // | | | | // | |__ ___| |_ __ ___ _ __ ___ // | '_ \ / _ \ | '_ \ / _ \ '__/ __| // | | | | __/ | |_) | __/ | \__ \ // |_| |_|\___|_| .__/ \___|_| |___/ // | | // |_| // Generic string cleaner // keep HTML tags string cleaner function ok($str) { global $c; return mysqli_real_escape_string($c, strip_tags($str, '

')); } function okh($str) { global $c; return mysqli_real_escape_string($c, $str); } function unescape_commas($s) { return preg_replace('/\[CMA\]/', ',', $s); } function p($s) { echo "
{$s}
\n"; } function p2($val){ echo '
'; print_r($val); echo "
\n"; } function d_err($s) { global $DEBUG; if ($DEBUG) { p($s); } } function logout() { session_destroy(); } // Some helpful globals $server = $_SERVER['SERVER_NAME']; $options_query = "SELECT label,value FROM `conf_uinforecord` WHERE id>1"; $options_array = multi_row_select($options_query, 0); $OPTIONS = array_reduce($options_array, function ($result, $item) { $result[$item["label"]] = $item["value"]; return $result; }, array()); $default_ay_query = "SELECT begin,end FROM conf_academicyears ca JOIN conf_uinforecord cu ON cu.value=ca.id WHERE cu.label='default_ay';"; $AY = single_row_select($default_ay_query,0); $OPTIONS['year'] = $AY; $conf_query = "SELECT semester,date1,date2,title FROM conf_conferences cc JOIN conf_uinforecord cu ON cu.value=cc.id WHERE cu.label='default_conference';"; $CONF = single_row_select($conf_query,0); $OPTIONS['conf'] = $CONF; function name_to_lc($fn,$ln) { $fn = str_replace( array( '-', ' '), '', strtolower($fn) ); $ln = str_replace( array( '-', ' '), '', strtolower($ln) ); return $fn . "_" . $ln; } function name_to_file($fn,$ln) { $fn = str_replace( array( '-', ' '), '', strtolower($fn) ); $ln = str_replace( array( '-', ' '), '', strtolower($ln) ); return $fn . "_" . $ln . ".jpg"; } // 1. lookups, like a username function single_row_select($qry, $j) { global $c; $r = mysqli_query($c, $qry); d_err($qry); $e = mysqli_error($c); if($e) { d_err("sql error: " . $e ); } if (!$r) { return $r; } //echo("\n\n\n"); $a = mysqli_fetch_assoc($r); $e = mysqli_error($c); if($e) { d_err("sql error: " . $e ); } if (! $j) { return $a; } return json_encode($a); } // 1a. inserts function single_row_insert($qry, $j) { global $c; error_log($qry, 0); $r = mysqli_query($c, $qry); //d_err($qry); //$e = mysqli_error($c); if($e) { d_err("sql error: " . $e ); } $new_id = mysqli_insert_id($c); return $new_id; } /*$a = mysqli_fetch_assoc($c); $e = mysqli_error($c); if($e) { d_err("sql error: " . $e ); } if (! $j) { return $a; } return json_encode($a); } */ // 1b. updates function single_row_update($qry, $j) { global $c; $r = mysqli_query($c, $qry); return 1; } // 2. grid or fancier joins, like get all sessions, rosters, todos, etc function multi_row_select($qry, $j) { global $c; $rows = array(); $result = mysqli_query($c, $qry); while($r = mysqli_fetch_assoc($result)) { $rows[] = $r; } if (! $j) { return $rows; } return json_encode( $rows); } // 4. Plain query function query($qry) { global $c; return mysqli_query($c, $qry); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // Look in various folders for STAFF PICTURES function user_pic_look($first,$last,$g) { $images = array(); $images[] = 'images_sm/missing.jpg'; $sm_exists = file_exists("/gavilan.edu/staff/images_sm"); $goo_exists = file_exists("/gavilan.edu/staff/images_goo"); if ($sm_exists && $goo_exists) { $name_name = str_replace(' ','',str_replace('-','', strtolower($first) )) . "_" . str_replace(' ','',str_replace('-','', strtolower($last) )); $name_name1 = $name_name . ".jpg"; $name_name2 = $name_name . "2" . ".jpg"; $name_name3 = $name_name . "3" . ".jpg"; $name_name4 = $name_name . "4" . ".jpg"; $name_dir = scandir("/gavilan.edu/staff/images_sm"); if ($name_dir && in_array($name_name1,$name_dir)) { $images[] = 'images_sm/' . $name_name1; } if ($name_dir && in_array($name_name2,$name_dir)) { $images[] = 'images_sm/' . $name_name2; } if ($name_dir && in_array($name_name3,$name_dir)) { $images[] = 'images_sm/' . $name_name3; } if ($name_dir && in_array($name_name4,$name_dir)) { $images[] = 'images_sm/' . $name_name4; } $badge_dir = scandir("/gavilan.edu/staff/images_goo"); $badge_name = $g . ".jpg"; if ($badge_dir && in_array($badge_name,$badge_dir)) { $images[] = 'images_goo/' . $badge_name; } } return $images; } // // Photos stuff. This shouldn't be needed anymore since we store pic path in the database. // function check_dir_photo($fn,$ln) { global $USER; $filename = name_to_file( $fn,$ln ); $path = '/gavilan.edu/staff/images_sm/' . $filename; $dir_pic_exists = 0; $dir_pic_path = 'images_sm/nobody.jpg'; if (file_exists($path)) { $dir_pic_exists = 1; $dir_pic_path = 'images_sm/' . $filename; } $USER->dir_pic_exists = $dir_pic_exists; $USER->dir_pic_path = $dir_pic_path; return $dir_pic_exists; } include('single_sign_on.php'); // _ _ // (_) (_) // _ __ ___ _ __ _ __ ___ _ ___ ___ _ ___ _ __ ___ // | '_ \ / _ \ '__| '_ ` _ \| / __/ __| |/ _ \| '_ \/ __| // | |_) | __/ | | | | | | | \__ \__ \ | (_) | | | \__ \ // | .__/ \___|_| |_| |_| |_|_|___/___/_|\___/|_| |_|___/ // | | // |_| /* NEXT STEPS: - figure out permissions system - which means knowing dept / hierarchy - which means cross referencing PERSONNEL and EXT and CONF_USERS..... ## Permissions summary 0. There is a list of table+column combos that users are allowed to edit. 0.5 An activity "belongs" to the user who owns it (or created it). 1. Simple cases: - current user is updating their own (allowable) record. Allow. 2. Superuser: - current user is executive, hr, it, or root. (7,2,8,3) Allow. 3. User is "Dept Editor" (4) and -is updating a record belonging to someone in their dept. Allow. 4. Harder: Updating events 5. Updating attendance, approvals, or other restricted tables. Only FPLC (1) or superusers. ## Calls which edit the database Everything is sent in two arguments: cols and vals. They are comma separated and actual commas are replaced with [CMA] This relies on the app knowing the correct columns for the given table. Everything goes through the permission checker, which uses the: current user, target table, and target table row id to figure out if its allowed. TODO: permissions function TODO: prefer to POST these calls just to be a little cleaner. TODO: psuedo permissions but just to decide which navigation buttons to show: - faculty see the welcome letters editor - certain permissions see: big staff dir list editor (filtered per their dept), activities big list editor or results - who sees the logs page? also... determine who sees a particular "edit" button show up for activities... who sees the "survey results, attendees reports" show up for past activities... Sample URLs: https://www.gavilan.edu/staff/dir_api.php?a=update&cols=name,msg&vals=peter,hello https://intranet1.gavilan.edu/dir/dir_api.php?a=update&cols=name,msg&vals=peter,hello */ function check_permission( $acting_user, $target_id, $table ) { // TODO return true; } // _ _ _ // (_) | | | | // _ __ ___ _ ___ ___ | |__ ___| |_ __ // | '_ ` _ \| / __|/ __| | '_ \ / _ \ | '_ \ // | | | | | | \__ \ (__ | | | | __/ | |_) | // |_| |_| |_|_|___/\___| |_| |_|\___|_| .__/ // | | // // // Helper tables // // JOB TITLES LIST function job_titles() { global $c; return multi_row_select("SELECT DISTINCT id, name FROM gavi_titles ORDER BY name",1, $c); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='get/jobtitles') { echo job_titles(); exit(); } // all SUB MENUS // function sub_menus() { global $c; $ddd = multi_row_select('SELECT * FROM gavi_departments ORDER BY name',0, $c); $ttt = multi_row_select('SELECT * FROM gavi_titles ORDER BY name',0, $c); $rrr = multi_row_select("SELECT * FROM gavi_roles ORDER BY 'descr'",0, $c); $ccc = multi_row_select('SELECT * FROM gavi_committees ORDER BY name',0, $c); $sss = multi_row_select('SELECT * FROM conf_sessiontypes ORDER BY id',0, $c); $ppp = multi_row_select("SELECT * FROM `conf_sessions` WHERE `type` = '20' OR `type` = '21' ORDER BY starttime",0, $c); return json_encode( array( 'departments'=>$ddd, 'titles'=>$ttt, 'roles'=>$rrr, 'committees'=>$ccc, 'sessiontypes'=>$sss, 'parents'=>$ppp ) ); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='menus') { echo sub_menus(); exit(); } // all NAMES // function get_names() { global $c, $AY, $USER; $q = "SELECT u.id, u.name FROM conf_users AS u ORDER BY u.name"; echo json_encode( array("users"=>multi_row_select($q,0,$c), "result"=>"success","err"=>mysqli_error($c))); exit(); } if (isset($_GET['a']) && $_GET['a'] == 'get/names') { get_names(); } // get most RECENT LOGS // function get_recent_logs() { global $c, $USER; $my_sessions = multi_row_select("SELECT * FROM `gavi_logs` ORDER BY `id` DESC LIMIT 150",0,$c); echo json_encode($my_sessions); exit(); } if (isset($_GET['a']) && $_GET['a'] == 'get/logs') { get_recent_logs(); } // gavilan college EVENTS // function get_events() { global $c; echo json_encode( multi_row_select("SELECT * FROM events WHERE date >= CURDATE() AND visible='1' ORDER BY time LIMIT 6;",0)); } if (isset($_GET['a']) && $_GET['a'] == 'get/gavevents') { get_events(); exit(); } // GOTT and workshop signups // Export MySQL table as JSON grouped by 'training' + 'date_req' with unique 'email' within each group function signups() { global $c; // SQL query to fetch data from the table $sql = "SELECT * FROM rsvp WHERE DATE(date_rsvp) >= '2023-01-01'"; $result = mysqli_query($c, $sql); // Create an associative array to hold the grouped data $groupedData = array(); // Loop through the result rows while ($row = mysqli_fetch_assoc($result)) { // Generate the group key by concatenating 'training' and 'date_req' $groupKey = $row['training'] . $row['date_rsvp']; // Check if the group key already exists in the grouped data array if (!array_key_exists($groupKey, $groupedData)) { // If the group key doesn't exist, create a new array for the group $groupedData[$groupKey] = array(); } // Check if the 'email' already exists within the group $emailExists = false; foreach ($groupedData[$groupKey] as $existingRow) { if ($existingRow['email'] === $row['email']) { $emailExists = true; break; } } // Add the row data to the corresponding group if the 'email' doesn't already exist if (!$emailExists) { $groupedData[$groupKey][] = $row; } } // Return the grouped data as JSON return json_encode($groupedData); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='signups') { echo signups(); exit(); } // ___ | | | | // ___ ___ _ _ _ __ ___ ___ ___ ( _ ) | |_ ___ __ _ ___| |__ ___ _ __ ___ // / __/ _ \| | | | '__/ __|/ _ \/ __| / _ \/\ | __/ _ \/ _` |/ __| '_ \ / _ \ '__/ __| // | (_| (_) | |_| | | \__ \ __/\__ \ | (_> < | || __/ (_| | (__| | | | __/ | \__ \ // \___\___/ \__,_|_| |___/\___||___/ \___/\/ \__\___|\__,_|\___|_| |_|\___|_| |___/ // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // Courses in a semester function semester_sections() { global $c; return multi_row_select("SELECT * FROM `gavi_sections` s WHERE s.sem='fa21' ORDER BY s.teacher_id",1, $c); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='list/semester') { echo semester_sections(); exit(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // STAFF + COURSES COMBINED function staff_dir_w_sections() { global $c; // just one semesters sections? $WHERE = "WHERE pgs.sem='fa21'"; // all recorded semesters $WHERE = ""; return multi_row_select("SELECT p.first_name,p.last_name,p.department,p.status,p.staff_type, p.room,phone_number,LOWER(p.email) AS email,p.web_on, p.id, e.id AS ext_id, e.role, e.goo_short, e.c_users AS c_users_id_ext, e.ilearn_id, e.sched_alias, e.dept1, e.dept2, e.gtitle, e.active, e.use_dir_photo, e.general_photo_release, e.dir_photo_path, e.etc, e.espanol, e.zoom, e.preferred_contact, c.id AS conf_id, c.goo AS conf_goo, c.name AS conf_name, d.name AS dept1name, t.name AS titlename, d.parent AS deptparent, GROUP_CONCAT(DISTINCT s.code SEPARATOR ', ') AS sections, COUNT(s.code) AS num_taught FROM gavi_db.personnel p LEFT JOIN PeterDB.gavi_personnel_ext e ON p.id=e.personnel LEFT JOIN PeterDB.conf_users c ON LOWER(p.email)=LOWER(c.email) LEFT JOIN PeterDB.gavi_departments d ON e.dept1=d.id LEFT JOIN PeterDB.gavi_titles t ON e.gtitle=t.id LEFT JOIN ( SELECT * FROM PeterDB.gavi_sections pgs {$WHERE}) s ON e.id=s.teacher_id GROUP BY p.id ORDER BY p.last_name LIMIT 2500",0, $c); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='list/staffsemester') { echo json_encode(staff_dir_w_sections()); exit(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // SEARCH AN INSTRUCTOR BY NAME IN SCHEDULE // function get_instructor() { global $c; $i = ok($_REQUEST['inst']); echo json_encode( single_row_select("SELECT * FROM gavi_personnel_ext WHERE sched_alias='{$i}';",0)); exit(); } if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'get/instructor/name' ) { get_instructor(); } function get_instructor_fuzzy() { global $c; $i = ok($_REQUEST['inst']); echo json_encode( single_row_select("SELECT * FROM gavi_personnel_ext WHERE sched_alias LIKE '{$i}';",0)); exit(); } if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'get/instructor/fuzzyname' ) { get_instructor_fuzzy(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // COURSE SECTIONS in a semester // function get_sections($semester) { global $c; $semester = ok($semester); return multi_row_select("SELECT s.id,s.code,s.name,s.descr,s.teacher_id,s.days,s.start_date,s.end_date,s.units,s.ztc,s.location,s.delivery,s.status,s.pnp,s.note,s.crn,s.sem,p.personnel AS personnel_id,p.use_dir_photo,p.dir_photo_path,d.last_name,d.first_name,d.phone_number,d.email,d.room,d.web_on,s.sem FROM PeterDB.gavi_sections s LEFT JOIN PeterDB.gavi_personnel_ext p ON s.teacher_id=p.id LEFT JOIN personnel d ON d.id=p.personnel WHERE sem='{$semester}' ORDER BY code;",0); } if (isset($_REQUEST['a']) && preg_match('/^get\/sections\/(\w\w\d\d)$/', $_REQUEST['a'], $matches)) { echo json_encode( get_sections( $matches[1] ) ); exit(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // all COURSE SECTIONS by semester and crn only // function get_all_sections() { global $c; echo json_encode( multi_row_select("SELECT s.id,s.code,s.crn,s.sem,s.teacher_id,s.delivery,s.status,p.personnel AS personnel_id,d.last_name,d.first_name FROM PeterDB.gavi_sections s LEFT JOIN PeterDB.gavi_personnel_ext p ON s.teacher_id=p.id LEFT JOIN personnel d ON d.id=p.personnel ORDER BY sem,code;",0)); exit(); } if (isset($_REQUEST['a']) && $_REQUEST['a'] == 'get/sections') { get_all_sections(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // all COURSE SECTIONS of a single INSTRUCTOR // // use their gavi_personnel_ext id // function get_instructor_sections($teacherid) { global $c; echo json_encode( multi_row_select("SELECT s.id,s.code,s.name,s.descr,s.teacher_id,s.days,s.times,s.link,s.start_date,s.end_date,s.units,s.ztc,s.location,s.delivery,s.xlist_to,s.status,s.pnp,s.note,s.crn,s.sem,s.year FROM PeterDB.gavi_sections s WHERE s.teacher_id='{$teacherid}' ORDER BY s.sem,s.code;",0)); exit(); } if (isset($_REQUEST['a']) && preg_match('/^get\/sections\/(\d+)$/', $_REQUEST['a'], $matches)) { get_instructor_sections( $matches[1] ); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // COURSE SINGLE SECTION including welcome letter // // Housekeeping: if the gavi_welcome_letters row doesn't exist, we need to make it and populate it with the example text. // // function get_section($sem,$crn) { global $c, $c; $sem = ok($sem); $crn = ok($crn); $sched_id = 0; $sched_entry = single_row_select( "SELECT * FROM PeterDB.gavi_sections gs WHERE sem='{$sem}' AND crn='{$crn}';",0); if ($sched_entry) { $sched_id = $sched_entry['id']; } else { echo json_encode( array( "result"=>"fail", "reason"=>"no row for that section {$sem} {$crn}.") ); exit(); } $wl_entry = single_row_select( "SELECT s.id,s.code,s.name,s.descr,s.teacher_id,s.days,s.start_date,s.end_date,s.units,s.ztc,s.location,s.delivery,s.status,s.pnp,s.note,s.crn,s.sem,w.id AS wl_id,w.photo_path,w.format,w.length,w.course_desc,w.what_expect,w.assessments,w.textbook,w.other_info,w.introduction,w.additional_resources FROM PeterDB.gavi_welcome_letters w LEFT JOIN PeterDB.gavi_sections s ON w.section_id=s.id WHERE w.section_id='{$sched_id}';",0); if ($wl_entry) { echo json_encode($wl_entry); exit(); } else { // no WL row for that section $logaction = log_it("Creating default welcome letter for Semester: $sem CRN: $crn"); $default = json_decode( file_get_contents('default_welcome_letter.json') ); $default->what_expect = okh($default->what_expect); $default->assessments = okh($default->assessments); $default->textbook = okh($default->textbook); $default->other_info = okh($default->other_info); $default->introduction = okh($default->introduction); $default->additional_resources = okh($default->additional_resources); $q = "INSERT INTO PeterDB.gavi_welcome_letters (section_id,format,length,text_title,course_desc,what_expect,assessments,textbook,other_info,introduction,additional_resources) VALUES ('{$sched_id}', '', '', '', '', '{$default->what_expect}', '{$default->assessments}', '{$default->textbook}', '{$default->other_info}', '{$default->introduction}', '{$default->additional_resources}');"; $new_id = single_row_insert($q,0,$c); $q4 = "SELECT s.id,s.code,s.name,s.descr,s.teacher_id,s.days,s.start_date,s.end_date,s.units,s.ztc,s.location,s.delivery,s.status,s.pnp,s.note,s.crn,s.sem,w.id AS wl_id, w.photo_path,w.format,w.length,w.course_desc,w.what_expect,w.assessments,w.textbook,w.other_info,w.introduction,w.additional_resources FROM PeterDB.gavi_welcome_letters w LEFT JOIN PeterDB.gavi_sections s ON w.section_id=s.id WHERE w.id=" . $new_id . ";"; $wl_entry = single_row_select( $q4, 0); echo json_encode($wl_entry); exit(); } } if (isset($_REQUEST['a']) && preg_match('/^get\/section\/(\w\w\d\d)\/(\d+)$/', $_REQUEST['a'], $matches)) { get_section( $matches[1], $matches[2] ); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // update a course section record /*function update_section($update=1) { global $USER, $c; $WHERECLAUSE = ""; $START = "INSERT INTO gavi_sections SET "; $action = "inserted"; if ( check_permission( $USER->id, 0, 'gavi_sections')) { if ($update) { $START = "UPDATE webpages SET "; $WHERECLAUSE = " WHERE id={$_REQUEST['id']}"; $action = "updated"; $logaction = log_it("updating section id {$_REQUEST['id']}"); } else { $logaction = log_it("inserting new section"); } } else { echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") ); exit(); } $cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']); $vals = $_->map($vals, 'unescape_commas'); $cv = $_->zip($cols,$vals); $q = $_->reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . ok($a[1]) . "', "; }, $START); $q = substr($q, 0, -2); $q .= $WHERECLAUSE; single_row_insert($q,0,$c); echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>$action, "logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c))); exit(); } //if (isset($_POST['a']) && $_POST['a']=='update/section') { update_section(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='update/section') { update_section(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='add/section') { update_section(0); } */ // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // update a WELCOME LETTER // /*function update_welcome_letter($update=1) { global $USER, $c, $_; $WHERECLAUSE = ""; $START = "INSERT INTO gavi_welcome_letters SET "; $action = "inserted"; if ( check_permission( $USER->id, 0, 'gavi_welcome_letters')) { if ($update) { $START = "UPDATE gavi_welcome_letters SET "; $WHERECLAUSE = " WHERE id={$_REQUEST['id']}"; $action = "updated"; $logaction = log_it("updating welcome letter id {$_REQUEST['id']}"); } else { $logaction = log_it("inserting new welcome letter"); } } else { echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") ); exit(); } $cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']); $vals = $_->map($vals, 'unescape_commas'); $cv = $_->zip($cols,$vals); $q = $_->reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . okh($a[1]) . "', "; }, $START); $q = substr($q, 0, -2); $q .= $WHERECLAUSE; single_row_insert($q,0,$c); echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>$action, "logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c))); exit(); } //if (isset($_POST['a']) && $_POST['a']=='update/letter') { update_welcome_letter(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='update/letter') { update_welcome_letter(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='add/letter') { update_welcome_letter(0); } */ // __ _ __ _ _ // / _| | / / | | (_) // | |_| | _____ __ / / _ __ __| | ___ ___ ___ ___ _ ___ _ __ ___ // | _| |/ _ \ \/ / / / | '_ \ / _` | / __|/ _ \/ __/ __| |/ _ \| '_ \/ __| // | | | | __/> < / / | |_) | (_| | \__ \ __/\__ \__ \ | (_) | | | \__ \ // |_| |_|\___/_/\_\ /_/ | .__/ \__,_| |___/\___||___/___/_|\___/|_| |_|___/ // | | // |_| // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // GET LIST OF ALL SESSIONS / WORKSHOPS / EVENTS // function get_sessions() { global $c, $AY; return multi_row_select("SELECT c.id,c.title,c.desc,c.length,c.starttime,c.track,c.location,c.location_irl,c.mode,c.gets_survey,c.category,c.parent,c.recording,c.instructions,c.image_url,c.is_flex_approved,c.cal_uid,sst.type AS typeStr, sst.id AS type, GROUP_CONCAT(ctg.tag) AS tags FROM conf_sessions c LEFT JOIN conf_sessiontypes sst ON c.type=sst.id LEFT JOIN conf_tagmember ct ON c.id=ct.session LEFT JOIN conf_tags ctg ON ctg.id=ct.tag WHERE c.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) GROUP BY c.id ORDER BY c.track, c.starttime;",0); } if (isset($_GET['a']) && $_GET['a'] == 'get/sessions') { echo json_encode(get_sessions()); exit(); } function multi_row_1d($qry) { global $c; $savedQuery = mysqli_query($c, $qry); while($savedResult = mysqli_fetch_array($savedQuery)) { $savedArray[] = $savedResult[0]; } return $savedArray; } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // GET LIST OF ALL SESSIONS + HOSTS // function get_ses_hosts() { global $c, $AY; return multi_row_select("select s.id, s.title, s.starttime, u.name, u.email, u.id AS hostid from conf_sessions as s LEFT OUTER JOIN conf_hosts as h ON h.session=s.id LEFT OUTER JOIN conf_users AS u ON h.host=u.id WHERE s.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) ORDER BY u.name;",1); } //return multi_row_1d("select DISTINCT(u.email) from conf_sessions as s LEFT OUTER JOIN conf_hosts as h ON h.session=s.id LEFT OUTER JOIN conf_users AS u ON h.host=u.id WHERE s.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) ORDER BY u.name;"); } if (isset($_GET['a']) && $_GET['a'] == 'get/hosts') { echo get_ses_hosts(); exit(); } // // ALL HOST ENTRIES // /*function get_all_hosts() { global $c, $_; $hh = multi_row_select("select host,session FROM conf_hosts ORDER BY host;",0); $byhost = $_->groupBy($hh, function($n) { return $n['host']; }); $_->map( $byhost, function($v,$k) use (&$allhost) { global $_; $allhost[$k] = $_->pluck($v,'session'); return array( $k => $_->pluck($v,'session')); }); return $allhost; } if (isset($_GET['a']) && $_GET['a'] == 'get/allhosts') { echo json_encode(get_all_hosts()); exit(); } */ // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // LIST THE CURRENT USER'S SIGNED UP, (OR HOSTING,) SESSIONS / WORKSHOPS / EVENTS // function get_user_sessions() { global $c, $AY, $USER; $my_sessions = multi_row_select("SELECT c.id,c.title,c.desc,c.length,c.starttime,c.track,c.location,c.location_irl,c.mode,c.gets_survey,c.category,c.parent,c.recording,c.instructions,c.image_url,c.is_flex_approved,sst.type,sst.id AS typeId, GROUP_CONCAT(ctg.tag) AS tags FROM conf_sessions c JOIN conf_signups as sup on c.id=sup.session LEFT JOIN conf_hosts as h ON h.session=c.id JOIN conf_sessiontypes sst ON c.type=sst.id LEFT JOIN conf_tagmember ct ON c.id=ct.session LEFT JOIN conf_tags ctg ON ctg.id=ct.tag WHERE (h.host='{$USER['conf_id']}' OR sup.user='{$USER['conf_id']}') AND c.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) GROUP BY c.id ORDER BY c.track, c.starttime;",0,$c); echo json_encode($my_sessions); exit(); } if (isset($_GET['a']) && $_GET['a'] == 'get/mysessions') { get_user_sessions(); } // // GET ROSTERS OF ALL SESSIONS function get_rosters() { global $AY, $c; /* "SELECT i.user, i.session, i.timestamp, u.goo, u.email, u.name, s.title, s.track, s.starttime, s.location, s.id AS sesid FROM conf_signups as i LEFT JOIN conf_users as u ON i.user=u.id RIGHT JOIN conf_sessions as s ON i.session=s.id WHERE s.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) {$where} ORDER BY sesid;" */ $where = ''; if (isset($_REQUEST['id'])) { $ID = ok($_REQUEST['id']); $where = "AND s.id={$ID}"; } return multi_row_select( "SELECT i.user, i.session, u.goo, u.email, u.name, s.id AS sesid FROM conf_signups as i LEFT JOIN conf_users as u ON i.user=u.id RIGHT JOIN conf_sessions as s ON i.session=s.id WHERE s.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) {$where} ORDER BY sesid;",0,$c); } if (isset($_GET['a']) && $_GET['a'] == 'get/rosters') { echo json_encode(get_rosters()); exit(); } // // GET ALL SIGNUPS function get_signups() { global $AY, $c; $where = ''; if (isset($_REQUEST['id'])) { $ID = ok($_REQUEST['id']); $where = "WHERE s.id={$ID}"; } return multi_row_select( "SELECT i.id, i.user, i.session, i.timestamp, i.certified_at, i.badged_at, i.not_flex FROM conf_signups AS i JOIN conf_sessions AS s ON i.session=s.id WHERE s.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) {$where} ORDER BY i.id DESC;",0,$c); } if (isset($_GET['a']) && $_GET['a'] == 'get/signups') { echo json_encode(get_signups()); exit(); } // // GET ALL USERS function get_users() { global $AY, $c; return multi_row_select( "SELECT * FROM conf_users AS u ORDER BY u.email;",0,$c); } if (isset($_GET['a']) && $_GET['a'] == 'get/users') { echo json_encode(get_users()); exit(); } // // GET ALL HOSTS function get_hosttable() { global $AY, $c; return multi_row_select( "SELECT * FROM conf_hosts;",0,$c); } if (isset($_GET['a']) && $_GET['a'] == 'get/hosttable') { echo json_encode(get_hosttable()); exit(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // ARBITRARY USER'S SIGNED UP, (OR HOSTING,) SESSIONS / WORKSHOPS / EVENTS // // all years // function get_anyuser_sessions($usr) { global $c, $AY, $USER; $my_sessions = multi_row_select("SELECT c.id,c.title,c.desc,c.length,c.starttime,c.track,c.location,c.location_irl,c.mode,c.gets_survey,c.category,c.parent,c.recording,c.instructions,c.image_url,c.is_flex_approved,sst.type,sst.id AS typeId, GROUP_CONCAT(ctg.tag) AS tags FROM conf_sessions c JOIN conf_signups as sup on c.id=sup.session LEFT JOIN conf_hosts as h ON h.session=c.id JOIN conf_sessiontypes sst ON c.type=sst.id LEFT JOIN conf_tagmember ct ON c.id=ct.session LEFT JOIN conf_tags ctg ON ctg.id=ct.tag WHERE (h.host='{$usr}' OR sup.user='{$usr}') GROUP BY c.id ORDER BY c.starttime LIMIT 150;",0,$c); // AND c.starttime BETWEEN CAST('{$AY['begin']}' AS DATE) AND CAST('{$AY['end']}' AS DATETIME) return $my_sessions; } if (isset($_GET['a']) && preg_match('/get\/sessions\/(\d+)$/', $_GET['a'], $matches)) { echo json_encode( get_anyuser_sessions($matches[1])); exit(); } // MY Survey ANSWERS function get_questions() { global $c, $USER; //return $USER->id; return multi_row_select( "SELECT ses.id as ses_id, sup.id as sup_id, sup.certified_at as cert, sup.surveyed_at as surveyed, cus.id as user, qset.order, qq.id, qq.question, qq.type, qq.id as qid, ans.answer FROM conf_sessions as ses JOIN conf_signups as sup on ses.id = sup.session JOIN conf_users as cus on cus.id = sup.user JOIN conf_q_set as qset on ses.gets_survey = qset.q_set RIGHT JOIN conf_questions as qq on qset.question = qq.id LEFT OUTER JOIN conf_answers as ans on ans.user = sup.user AND ans.question = qq.id AND ans.session = ses.id WHERE (cus.id='{$USER['conf_id']}') ORDER BY ses.starttime, ses.track asc, qset.order", 0); } if (isset($_GET['a']) && $_GET['a'] == 'get/questions') { echo json_encode(get_questions()); exit(); } // Single session QUESTIONS and possibly ansers function get_session_questions($id) { global $c, $USER; //print_r($USER); exit(); $u = $USER['conf_id']; return multi_row_select( "SELECT ses.title, {$u} AS user, ses.id as session, q.id AS qid, q.question, q.type, ans.answer FROM conf_sessions AS ses JOIN conf_q_set AS qset ON ses.gets_survey=qset.q_set JOIN conf_questions AS q ON q.id=qset.question LEFT OUTER JOIN conf_answers AS ans ON ans.user={$u} AND ans.question=q.id AND ans.session=ses.id WHERE ses.id={$id}", 0); } if (isset($_GET['a'])&& preg_match('/get\/questions\/(\d+)$/', $_GET['a'], $matches)) { echo json_encode(get_session_questions($matches[1])); exit(); } // ALL Survey ANSWERS function get_answers_all() { global $c; return multi_row_select( "SELECT ses.id AS ses_id, ses.title as s_title, ses.starttime, qq.id as q_id, qq.question as question, qq.type as type, ans.answer AS answer FROM conf_sessions AS ses JOIN conf_signups as sup on ses.id = sup.session JOIN conf_users as cus on cus.id = sup.user JOIN conf_q_set as qset on ses.gets_survey = qset.q_set RIGHT JOIN conf_questions as qq on qset.question = qq.id LEFT OUTER JOIN conf_answers as ans on ans.user = sup.user AND ans.question = qq.id AND ans.session = ses.id WHERE ans.answer is not null ORDER BY ses.starttime, ses.track asc, qset.order", 0); } if (isset($_GET['a']) && $_GET['a'] == 'get/answers/all') { echo json_encode(get_answers_all()); exit(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // function set_answers() { global $c; $ses_id = ok($_REQUEST['session']); $u = ok($_REQUEST['user']); $q = ok($_REQUEST['qid']); $answer = ok($_REQUEST['answer']); $existing = does_exist( "select * from `conf_answers` where `user`='$u' and `session`='$ses_id' and `question`='$q';",0,$c ); if ($existing) { $qupdate = "UPDATE conf_answers SET answer='$answer' WHERE session=$ses_id AND user=$u AND question=$q"; single_row_update($qupdate,0); $logaction = log_it("updated answer for session: $ses_id"); } else { $qupdate = "INSERT INTO conf_answers SET user='$u', question='$q', session='$ses_id', answer='$answer'"; single_row_insert($qupdate,0,$c); $logaction = log_it("Saved answer for session: $ses_id"); } echo json_encode( array("result"=>"success", "logaction"=>$logaction, "action"=>"save survey answer","query"=>$qupdate,"err"=>mysqli_error($c))); exit(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='update/answers') { set_answers(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // function set_cert() { #echo "saving"; global $USER, $c; $ses_id = ok($_REQUEST['ses_id']); $cert = ok($_REQUEST['cert']); $date = "'" . date('Y-m-d H:i:s') . "'"; if ($cert=="null") { $date = "NULL"; } $qupdate = "UPDATE conf_signups SET `certified_at`=$date where `user`='$USER' and `session`='$ses_id'"; single_row_update($qupdate, 0); $logaction = log_it("updated certified state for session: $ses_id"); echo json_encode( array("result"=>"success", "logaction"=>$logaction, "action"=>"save cert","query"=>$qupdate,"err"=>mysqli_error($c))); //print_r($_POST); exit(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='set/cert') { set_cert(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // SIGNUP for (possibly overlapping time) session ... /// id_c_users // function signup() { global $c, $AY, $USER; preg_match('/signup\/(\d+)$/', $_GET['a'], $matches); $ses = $matches[1]; $ts = date("Y-m-d H:i:s"); $logaction = log_it("Signed up for session: " . $ses); $sesh = ""; if (isset($_SESSION)) { $sesh = $_SESSION; } $existing = does_exist( "SELECT i.id FROM conf_signups AS i JOIN conf_sessions AS s ON i.session=s.id WHERE s.id={$ses} AND i.user=" . $USER['conf_id'],0,$c); if ($existing) { $qupdate = "UPDATE conf_signups SET session={$ses}, timestamp='{$ts}' WHERE session={$ses} AND user=" . $USER['conf_id']; single_row_update($qupdate,1,$c); echo json_encode( array("result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$qupdate,"err"=>mysqli_error($c))); } else { $q = "INSERT INTO conf_signups (session,user,timestamp) VALUES ({$ses}," . $USER['conf_id'] . ",'{$ts}')"; single_row_insert($q,1,$c); echo json_encode( array( /* "userglobal"=>$USER, */ "result"=>"success","action"=>"inserted", /* "logaction"=>$logaction, */ "ses"=>$sesh,"query"=>$q,"err"=>mysqli_error($c))); } exit(); } if (isset($_GET['a']) && preg_match('/signup\/(\d+)$/', $_GET['a'], $matches)) { signup(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // CANCEL a signup // function signdown() { global $c, $AY, $USER; preg_match('/signdown\/(\d+)$/', $_GET['a'], $matches); $ses = $matches[1]; $q = "DELETE FROM conf_signups WHERE session={$ses} AND user=" . $USER['conf_id']; single_row_update($q,1); $logaction = log_it("Canceled signup for session: $ses"); echo json_encode( array("result"=>"success","action"=>"deleted","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c))); exit(); } if (isset($_GET['a']) && preg_match('/signdown\/(\d+)$/', $_GET['a'], $matches)) { signdown(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // add a HOST for a session ... // function addhost($sesid,$hostid) { global $c; $sesid = ok($sesid); $hostid = ok($hostid); $existing = does_exist("SELECT h.host, h.session FROM conf_hosts AS h WHERE h.host={$hostid} AND h.session={$sesid}",0,$c); if ($existing) { return array("result"=>"success","action"=>"already a host"); } else { $qupdate = "INSERT INTO conf_hosts SET session='{$sesid}', host='{$hostid}';"; $new_id = single_row_insert($qupdate,0,$c); $e = mysqli_error($c); if ($new_id) { $success = " with new id {$new_id}"; } else { $success = " -- error: {$e}"; } $logaction = log_it("Added host {$hostid} to session: {$sesid}"); return array("result"=>"success".$success,"action"=>"added host","query"=>$qupdate,"err"=>$e); } } if (isset($_GET['a']) && preg_match('/add\/host\/(\d+)\/(\d+)$/', $_GET['a'], $matches)) { echo json_encode(addhost($matches[1], $matches[2])); exit(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // REMOVE a HOST for a session ... // function removehost($sesid,$hostid) { global $c; $sesid = ok($sesid); $hostid = ok($hostid); $qupdate = "DELETE FROM conf_hosts WHERE session='{$sesid}' AND host='{$hostid}';"; $new_id = single_row_update($qupdate,0); $e = mysqli_error($c); $logaction = log_it("Removed host {$hostid} to session: {$sesid}"); return array("result"=>"success","action"=>"removed host","query"=>$qupdate,"err"=>$e); } if (isset($_GET['a']) && preg_match('/remove\/host\/(\d+)\/(\d+)$/', $_GET['a'], $matches)) { echo json_encode(removehost($matches[1], $matches[2])); exit(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // NEW SESSION // function new_session() { global $c, $AY, $USER; $title = ok($_POST['title']); $starttime = ok($_POST['starttime']); $length = ok($_POST['length']); if ($length=='') { $length=1; } $track = ok($_POST['track']); $gets_survey = ok($_POST['gets_survey']); $is_flex_approved = ok($_POST['is_flex_approved']); $category = ok($_POST['title']); if ($category=='') { $category=0; } $author = ok($_POST['author']); if ($author=='') { $author=1; } // $USER->id_c_users; } $is_custom = ok($_POST['is_custom']); $parent = ok($_POST['parent']); $desc = okh($_POST['desc']); $location = okh($_POST['location']); $recording = okh($_POST['recording']); $instructions = okh($_POST['instructions']); $type = ok($_POST['type']); if ($type=='') { $type=19; } $cal_uid = ok($_POST['cal_uid']); $mode = okh($_POST['mode']); $location_irl = okh($_POST['location_irl']); $q = "INSERT INTO conf_sessions (`title`,`starttime`,`length`,`track`,`gets_survey`,`is_flex_approved`,`category`,`author`,`is_custom`,`parent`,`desc`,`location`,`mode`,`recording`,`instructions`,`type`,`cal_uid`) VALUES ('{$title}', '{$starttime}', '{$length}', '{$track}', '{$gets_survey}', '{$is_flex_approved}', '{$category}', '{$author}', '{$is_custom}', '{$parent}', '{$desc}', '{$location}', '{$location_irl}', '{$mode}', '{$recording}', '{$instructions}', '{$type}', '{$cal_uid}');"; $ins = single_row_insert($q,0,$c); $logaction = log_it("created new session id: {$ins}: {$title}"); echo json_encode( array( /*"all_args"=>$_POST,*/ "result"=>"success","action"=>"inserted new session","new_id"=>$ins, "query"=>$q,"logaction"=>$logaction,"err"=>mysqli_error($c))); exit(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='set/newsession') { new_session(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // Editing of session info // function reducer ($memo, $a) { return $memo . "`" . ok($a[0]) . "` = '" . okh($a[1]) . "', "; } function set_sessioninfo() { global $c, $AY, $USER, $_; $table = 'conf_sessions'; $DO_CHECKING = 0; if (isset($_POST['id'])) { $ID = ok($_REQUEST['id']); if ($DO_CHECKING) { // (! check_permission( $USER->conf_id, $ID, $table)) { echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") ); exit(); } else { $logaction = log_it("edited session id: {$ID}"); $WHERECLAUSE = " WHERE id={$ID}"; $date = date('Y-m-d H:i:s'); $cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']); $vals = array_map('unescape_commas', $vals); $cv = array_map(null,$cols,$vals); $q = array_reduce($cv, 'reducer', "UPDATE `{$table}` SET "); $q = substr($q, 0, -2); $q .= $WHERECLAUSE; single_row_update($q,0); echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>"updated", "query"=>$q,"err"=>mysqli_error($c))); } } else { echo json_encode( array("result"=>"fail", "err"=>"no activity id specified") ); } exit(); } //if (isset($_POST['a']) && $_POST['a']=='update/activity') { set_sessioninfo(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='update/activity') { set_sessioninfo(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // App SETTINGS // // // GET function get_settings() { global $AY, $c; return multi_row_select( "SELECT * FROM conf_uinforecord;",0,$c); } if (isset($_GET['a']) && $_GET['a'] == 'get/settings') { echo json_encode(get_settings()); exit(); } function set_settings() { global $c, $AY, $USER, $_; $table = 'conf_uinforecord'; $DO_CHECKING = 0; if (isset($_POST['id'])) { $ID = ok($_REQUEST['id']); if ($DO_CHECKING) { // (! check_permission( $USER->conf_id, $ID, $table)) { echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") ); exit(); } else { $logaction = log_it("edited session id: {$ID}"); $WHERECLAUSE = " WHERE id={$ID}"; $date = date('Y-m-d H:i:s'); $cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']); $vals = array_map('unescape_commas', $vals); $cv = array_map(null,$cols,$vals); $q = array_reduce($cv, 'reducer', "UPDATE `{$table}` SET "); $q = substr($q, 0, -2); $q .= $WHERECLAUSE; single_row_update($q,0); echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>"updated", "query"=>$q,"err"=>mysqli_error($c))); } } else { echo json_encode( array("result"=>"fail", "err"=>"no activity id specified") ); } exit(); } //if (isset($_POST['a']) && $_POST['a']=='update/activity') { set_sessioninfo(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='update/activity') { set_sessioninfo(); } // _ __ __ ______ ___________ _____ _____ _____ _____________ __ // | | / _|/ _| | _ \_ _| ___ \ ___/ __ \_ _| _ | ___ \ \ / / // ___| |_ __ _| |_| |_ | | | | | | | |_/ / |__ | / \/ | | | | | | |_/ /\ V / // / __| __/ _` | _| _| | | | | | | | /| __|| | | | | | | | / \ / // \__ \ || (_| | | | | | |/ / _| |_| |\ \| |___| \__/\ | | \ \_/ / |\ \ | | // |___/\__\__,_|_| |_| |___/ \___/\_| \_\____/ \____/ \_/ \___/\_| \_| \_/ // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // Everyone. Basic dir. Include status==0 which is unpublished. function staff_dir() { global $c; return multi_row_select('SELECT first_name,last_name,department,status, room,phone_number,email,web_on,id FROM personnel',1, $c); } // Everyone. Basic dir function staff_dir_ext() { global $c; return multi_row_select('SELECT p.first_name,p.last_name,p.department,p.status, p.room,phone_number,LOWER(p.email) AS email,p.web_on, p.id, e.id AS ext_id, e.role, e.goo_short, e.c_users AS c_users_id_ext, e.ilearn_id, e.sched_alias, e.dept1, e.dept2, e.gtitle, e.active, e.use_dir_photo, e.general_photo_release, e.dir_photo_path, e.etc, c.id AS conf_id, c.goo AS conf_goo, c.name AS conf_name FROM gavi_db.personnel p LEFT JOIN PeterDB.gavi_personnel_ext e ON p.id=e.personnel LEFT JOIN PeterDB.conf_users c ON LOWER(p.email)=LOWER(c.email) ORDER BY p.last_name LIMIT 5000',1, $c); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='list') { echo staff_dir_ext(); exit(); } // Everyone. Directory info with DEPTS and TITLES added function staff_dir_full_ext() { global $c; return multi_row_select('SELECT p.first_name,p.last_name,p.department,p.status, p.room,phone_number,LOWER(p.email) AS email,p.web_on, p.id, e.id AS ext_id, e.role, e.goo_short, e.c_users AS c_users_id_ext, e.ilearn_id, e.sched_alias, e.dept1, e.dept2, e.gtitle, e.active, e.use_dir_photo, e.general_photo_release, e.dir_photo_path, e.etc, e.espanol, e.zoom, e.preferred_contact, c.id AS conf_id, c.goo AS conf_goo, c.name AS conf_name, d.name AS dept1name, t.name AS titlename, d.parent AS deptparent FROM gavi_db.personnel p LEFT JOIN PeterDB.gavi_personnel_ext e ON p.id=e.personnel LEFT JOIN PeterDB.conf_users c ON LOWER(p.email)=LOWER(c.email) LEFT JOIN PeterDB.gavi_departments d ON e.dept1=d.id LEFT JOIN PeterDB.gavi_titles t ON e.gtitle=t.id ORDER BY p.last_name LIMIT 5000',1, $c); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='list2') { echo staff_dir_full_ext(); exit(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // update a name, lname, dept, phone, extension, email, type, room, status, user_id, or web_on /*function update_dir() { global $USER, $c, $c2, $_; $WHERECLAUSE = " WHERE id={$USER->id}"; if (isset($_POST['id'])) { // editing another person's data if (! check_permission( $USER->id, $_POST['id'], 'personnel')) { echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") ); exit(); } else { $logaction = log_it("updating personnel record of personnel id {$_POST['id']}"); $WHERECLAUSE = " WHERE id={$_POST['id']}"; } } else { $logaction = log_it("updating personnel record"); } // date modified is now $date = date('Y-m-d H:i:s'); $cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']); $vals = $_->map($vals, 'unescape_commas'); $cv = $_->zip($cols,$vals); $q = $_->reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . ok($a[1]) . "', "; }, "UPDATE personnel SET "); //$q = substr($q, 0, -2); $q .= "time_updated='" . $date . "'"; $q .= $WHERECLAUSE; if ($USER->id) { single_row_update($q,0,$c); echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c))); } else { $logaction2 = log_it("failed to update personnel record"); echo json_encode( array("result"=>"fail", "err"=>"dont have an id for user") ); } exit(); } //if (isset($_POST['a']) && $_POST['a']=='update') { update_dir(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='update') { update_dir(); } // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // update goo, dept1/dept2, title, active, use_dir_photo function update_dir_ext() { global $USER, $c, $c2, $_; $WHERECLAUSE = " WHERE id={$USER->ext_id}"; #print_r($_REQUEST); if (isset($_REQUEST['id'])) { // editing another person's data if (! check_permission( $USER->id, $_REQUEST['id'], 'personnel_ext')) { echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") ); exit(); } else { $logaction = log_it("updating personnel_ext record of personnel id {$_REQUEST['id']}"); $WHERECLAUSE = " WHERE id={$_REQUEST['id']}"; } } else { $logaction = log_it("updating personnel_ext record"); } // date modified is now $date = date('Y-m-d H:i:s'); $cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']); $vals = $_->map($vals, 'unescape_commas'); $cv = $_->zip($cols,$vals); $q = $_->reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . ok($a[1]) . "', "; }, "UPDATE gavi_personnel_ext SET "); $q = substr($q, 0, -2); $q .= $WHERECLAUSE; single_row_update($q,0,$c2); echo json_encode( array("result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c2))); exit(); } //if (isset($_POST['a']) && $_POST['a']=='update_xt') { update_dir_ext(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='update_xt') { update_dir_ext(); } */ // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // // update person, officehours, title, picture, education, bio, courses, personal_page, changed /*function update_webpage() { global $USER_PERS_ID, $USER, $c, $c2, $_; $WHERECLAUSE = " WHERE person={$USER->id}"; if (isset($_POST['id'])) { // editing another person's data if (! check_permission( $USER->id, $_POST['id'], 'personnel')) { echo json_encode( array("result"=>"fail", "err"=>"dont have permission to edit this") ); exit(); } else { $logaction = log_it("updating bio webpage record of personnel id {$_POST['id']}"); $WHERECLAUSE = " WHERE person={$_POST['id']}"; } } else { $logaction = log_it("updating bio webpage record"); } $date = date('Y-m-d H:i:s'); $cols = explode(',', $_REQUEST['cols']); $vals = explode(',', $_REQUEST['vals']); $vals = $_->map($vals, 'unescape_commas'); $cv = $_->zip($cols,$vals); $q = $_->reduce($cv, function($memo, $a) { return $memo . ok($a[0]) . "='" . okh($a[1]) . "', "; }, "UPDATE webpages SET "); $q .= "changed='" . $date . "'"; $q .= $WHERECLAUSE; if ($USER->id) { single_row_update($q,0,$c); echo json_encode( array("rawvalstr"=>$_REQUEST['vals'], "result"=>"success","action"=>"updated","logaction"=>$logaction, "query"=>$q,"err"=>mysqli_error($c))); } else { $logaction2 = log_it("failed to update bio webpage record"); echo json_encode( array("result"=>"fail", "err"=>"dont have an id for user") ); } exit(); } //if (isset($_POST['a']) && $_POST['a']=='update_web') { update_webpage(); } if (isset($_REQUEST['a']) && $_REQUEST['a']=='update_web') { update_webpage(); } */ // _ _ __ __ // | | | | / _|/ _| // _ __ __ _ _ __ __| | ___ _ __ ___ ___| |_ _ _| |_| |_ // | '__/ _` | '_ \ / _` |/ _ \| '_ ` _ \ / __| __| | | | _| _| // | | | (_| | | | | (_| | (_) | | | | | | \__ \ |_| |_| | | | | // |_| \__,_|_| |_|\__,_|\___/|_| |_| |_| |___/\__|\__,_|_| |_| // // // // // // Next couple functions are for importing, merging, or just dealing w/ historical data // // and/or transition tasks...... // // function handle_pic_upload() { global $USER; $uploaddir = '/gavilan.edu/staff/uploads/'; $date = date('Ymd_Hi'); $uploadfile = $uploaddir . name_to_lc($USER->first_name,$USER->last_name) . "_" . $date . "_" . basename($_FILES['file']['name']); echo '
'; if (move_uploaded_file($_FILES['file']['tmp_name'], $uploadfile)) { echo "File is valid, and was successfully uploaded.\n"; } else { echo "Possible file upload attack!\n"; } echo 'Here is some more debugging info:'; print_r($_FILES); print "
"; } //if (isset($_REQUEST['file'])) { handle_pic_upload(); } /* if (isset($_FILES['file'])) { handle_pic_upload(); } function get_a_user_by_pid($user_pid) { global $c, $_; $q1 = "SELECT last_name, first_name, department, extension, phone_number, email, room, user_id, time_updated, id, web_on FROM personnel WHERE id='{$user_pid}'"; $usr_dir = single_row_select($q1, 0); $q2 = "SELECT id AS id_c_users, goo, email AS email_c_users, name, active FROM conf_users WHERE email='{$usr_dir['email']}'"; $usr_conf = single_row_select($q2, 0, $c2); $mega = $_->extend( (object) $usr_dir, (object) $usr_conf ); $q3 = "SELECT id AS ext_id, personnel AS personnel_id, goo_short, c_users AS c_users_id_ext, ilearn_id, sched_alias, dept1, dept2, gtitle, active, use_dir_photo, etc FROM gavi_personnel_ext WHERE personnel='{$mega->id}'"; $usr_ext = single_row_select($q3,0,$c2); $mega = $_->extend( (object) $mega, (object) $usr_ext ); $q4 = 'SELECT person, officehours, title, picture, education, bio, courses, personal_page, changed FROM webpages WHERE person=' . $mega->id; // personnel=1'); $usr_web = single_row_select($q4,0,$c); $mega = $_->extend( (object) $mega, (object) $usr_web ); // ????? */ /* if (!isset($mega->use_dir_photo)) { $mega->pic_exists = check_dir_photo($mega->first_name, $mega->last_name); if ($mega->pic_exists) { $filename = "images_sm/" . name_to_file( $mega->first_name, $mega->last_name ); $mega->bbqueryfix = "UPDATE gavi_personnel_ext SET use_dir_photo=1, dir_photo_path='{$filename}' WHERE id='{$mega->ext_id}'"; } else { $mega->bbqueryfix = "UPDATE gavi_personnel_ext SET use_dir_photo=0 WHERE id='{$mega->ext_id}'"; } } if (! isset($mega->ext_id)) { $mega->aaqueryfix = "INSERT INTO gavi_personnel_ext (personnel) VALUES('{$mega->id}')"; } elseif ($mega->id && ! $mega->personnel_id) { $mega->aaqueryfix = "UPDATE gavi_personnel_ext SET personnel='{$mega->id}' WHERE id='{$mega->ext_id}'"; } */ /* echo json_encode( $mega ); exit(); } if (isset($_REQUEST['a']) && preg_match('/^get\/user\/(\d+)$/', $_REQUEST['a'], $matches)) { get_a_user_by_pid( $matches[1] ); } */ /* function get_a_user($user_email) { global $c, $c2, $_; $q1 = "SELECT last_name, first_name, department, extension, phone_number, email, room, user_id, time_updated, id, web_on FROM personnel WHERE email='" . $user_email . "'"; //p2($q1); $usr_dir = single_row_select($q1, 0); //p2($usr_dir); $q2 = "SELECT id AS id_c_users, goo, email AS email_c_users, name, active FROM conf_users WHERE email='" . $user_email . "'"; //p2($q2); $usr_conf = single_row_select($q2, 0, $c2); //p2($usr_conf); $mega = $_->extend( (object) $usr_dir, (object) $usr_conf ); $q3 = 'SELECT id AS ext_id, personnel AS personnel_id, goo_short, c_users AS c_users_id_ext, ilearn_id, sched_alias, dept1, dept2, gtitle, active, use_dir_photo, etc FROM gavi_personnel_ext WHERE personnel=' . $mega['id']; //p2($q3); $usr_ext = single_row_select($q3,0,$c2); //p2($usr_ext); $mega = $_->extend( (object) $mega, (object) $usr_ext ); $q4 = 'SELECT person, officehours, title, picture, education, bio, courses, personal_page, changed FROM webpages WHERE person=' . $mega['id']; // personnel=1'); //p2($q3); $usr_web = single_row_select($q4,0,$c); //p2($usr_ext); $mega = $_->extend( (object) $mega, (object) $usr_web ); if (!isset($mega->use_dir_photo)) { $mega->pic_exists = check_dir_photo($mega->first_name, $mega->last_name); if ($mega->pic_exists) { $filename = "images_sm/" . name_to_file( $mega->first_name, $mega->last_name ); $mega->bbqueryfix = "UPDATE gavi_personnel_ext SET use_dir_photo=1, dir_photo_path='{$filename}' WHERE id='{$mega->ext_id}'"; } else { $mega->bbqueryfix = "UPDATE gavi_personnel_ext SET use_dir_photo=0 WHERE id='{$mega->ext_id}'"; } } if (! isset($mega['ext_id'])) { $mega->aaqueryfix = "INSERT INTO gavi_personnel_ext (personnel) VALUES('{$mega['id']}')"; } elseif ($mega->id && ! $mega->personnel_id) { $mega->aaqueryfix = "UPDATE gavi_personnel_ext SET personnel='{$mega['id']}' WHERE id='{$mega['ext_id']}'"; } return $mega; } */ /* function insert_c2($q) { global $c2; $result = single_row_insert($q,0,$c2); return $result; } */ function merge_tables() { global $c, $_; $all_personnel = multi_row_select('SELECT first_name,last_name,department,room,phone_number,email,web_on,id FROM personnel WHERE status IS null OR status=1',0, $c); $emails = $_->pluck($all_personnel, 'email'); echo json_encode($emails); //exit(); $emails = array_slice($emails, 0, 10); $full = $_->map( $emails, "get_a_user" ); echo json_encode($full); //$results = $_->map( $_->pluck($full,'aaqueryfix'), insert_c2); //$results = $_->pluck($full,'bbqueryfix'); //$results = $_->map( $results, insert_c2); //echo json_encode( $full ); exit(); } if (isset($_REQUEST['merge'])) { merge_tables(); } function fetch_personnel_dir() { global $c; $all_personnel = multi_row_select('SELECT * FROM personnel',0, $c); echo json_encode($all_personnel); exit(); } if (isset($_REQUEST['personnel'])) { fetch_personnel_dir(); } function fetch_conf_users() { global $c; $all_personnel = multi_row_select('SELECT * FROM conf_users',0, $c); echo json_encode($all_personnel); exit(); } if (isset($_REQUEST['users'])) { fetch_conf_users(); } function fetch_personnel_ext() { global $c; $all_personnel = multi_row_select('SELECT * FROM gavi_personnel_ext',0, $c); echo json_encode($all_personnel); exit(); } if (isset($_REQUEST['personnelext'])) { fetch_personnel_ext(); } /* in ilearn but not personnel dir or others in personnel but not others */ // // // NAVIGATION function navigation($user) { ?>

My Itinerary

All Sessions

'; var_dump($temp_usr); echo ''; exit(); } if (isset($_REQUEST['test'])) { test_sso(); } // _ _ _ // | | (_) | | // | |__ _ __ _ _ __ ___ _ __ ___ _ __| |_ // | '_ \| |/ _` | | '__/ _ \ '_ \ / _ \| '__| __| // | |_) | | (_| | | | | __/ |_) | (_) | | | |_ // |_.__/|_|\__, | |_| \___| .__/ \___/|_| \__| // __/ | | | // |___/ |_| function report_all_by_user() { global $c, $_; $q = "select u.goo, lower(u.email) as email, u.name, u.id as userid, s.session as sessionid, s.certified_at, e.title, e.starttime, e.type, e.id as sesid, e.parent from conf_users u join conf_signups s on u.id = s.user join conf_sessions e on e.id = s.session order by lower(u.email), lower(u.name), e.starttime;"; $result = multi_row_select($q, 0); $data = $_->groupBy($result, 'email'); echo ""; echo ""; $_->each($data, function($sessions, $email) { global $_; $_->each($sessions, function($session) { echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; echo ""; }); }); echo "
Email Name User ID Session ID Certified At Title Start Time Type Session ID Parent
{$session['email']} {$session['name']} {$session['userid']} {$session['sessionid']} {$session['certified_at']} {$session['title']} {$session['starttime']} {$session['type']} {$session['sesid']} {$session['parent']}
"; # print_r($result); } function report_all_by_session() { // Query 1: Sessions with hosts $query1 = "SELECT s.id AS sessionid, s.title, s.starttime, s.mode, s.parent, GROUP_CONCAT(u1.name SEPARATOR ',') AS hostname FROM conf_sessions s JOIN conf_hosts h ON h.session = s.id JOIN conf_users u1 ON h.host = u1.id GROUP BY s.id ORDER BY s.id DESC"; // Query 2: Sessions with signups $query2 = "SELECT s.id AS sessionid, s.title, s.starttime, u.name FROM conf_sessions s JOIN conf_signups i ON i.session = s.id JOIN conf_users u ON u.id = i.user ORDER BY s.id DESC"; // Query 3: Sessions with ratings and comments $query3 = "SELECT s.id AS sessionid, s.title, s.starttime, u.name, a.answer, a.question FROM conf_sessions s JOIN conf_answers a ON a.session = s.id JOIN conf_users u ON u.id = a.user ORDER BY s.id DESC, a.question"; // Execute the queries $result1 = query($query1,0); $result2 = query($query2,0); $result3 = query($query3,0); // Create an associative array to store the results $sessions = array(); // Process the results of Query 1 while ($row = $result1->fetch_assoc()) { $sessionid = $row['sessionid']; $sessions[$sessionid]['title'] = isset($row['title']) ? $row['title'] : ""; $sessions[$sessionid]['starttime'] = $row['starttime']; $sessions[$sessionid]['mode'] = $row['mode']; $sessions[$sessionid]['parent'] = $row['parent']; $sessions[$sessionid]['hosts'] = $row['hostname']; } // Process the results of Query 2 while ($row = $result2->fetch_assoc()) { $sessionid = $row['sessionid']; if (!isset($sessions[$sessionid]['signups'])) { $sessions[$sessionid]['signups'] = array(); } $sessions[$sessionid]['signups'][] = $row['name']; } // Process the results of Query 3 while ($row = $result3->fetch_assoc()) { $sessionid = $row['sessionid']; if (!isset($sessions[$sessionid]['ratings'])) { $sessions[$sessionid]['ratings'] = array(); } $sessions[$sessionid]['ratings'][] = array( 'name' => $row['name'], 'answer' => $row['answer'], 'question' => $row['question'] ); } //echo '
'; //print_r($sessions); //echo '
'; // Display the results in a table echo ''; echo ''; foreach ($sessions as $sessionid => $session) { if (! isset($session['title'])) { echo ''; continue; } echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; echo ''; } echo '
Session ID Title Start Time Mode Parent Hosts Signups Ratings/Comments
' . $sessionid . ' ' . $session['title'] . ' ' . $session['starttime'] . ' ' . $session['mode'] . ' ' . $session['parent'] . ' ' . $session['hosts'] . ' ' . (isset($session['signups']) ? implode(', ', $session['signups']) : '') . ' '; if (isset($session['ratings'])) { foreach ($session['ratings'] as $rating) { //echo $rating['name'] . ': ' . $rating['answer'] . ' (' . $rating['question'] . ')
'; echo $rating['answer'] . '
'; } } echo '
'; } // __ ____ ____ __ _ ____ // ____/ /__ / __/___ ___ __/ / /_ ________ / /___ ___________ __ __________ _____ (_)___ / __/___ // / __ / _ \/ /_/ __ `/ / / / / __/ ______ / ___/ _ \/ __/ / / / ___/ __ \ / / / / ___/ _ \/ ___/ / / __ \/ /_/ __ \ // / /_/ / __/ __/ /_/ / /_/ / / /_ /_____/ / / / __/ /_/ /_/ / / / / / / / /_/ (__ ) __/ / / / / / / __/ /_/ / // \__,_/\___/_/ \__,_/\__,_/_/\__/ /_/ \___/\__/\__,_/_/ /_/ /_/ \__,_/____/\___/_/ /_/_/ /_/_/ \____/ // // // ........finally, if no parameters were matched....... // // DO NOTHING IF FILE WAS INCLUDED from another php page. // // OTHERWISE, RETURN BASIC USER INFO // // if (basename(__FILE__) == basename($_SERVER["SCRIPT_FILENAME"])) { // Called directly as api or in browser // if ($USER_GOO) { // Default case is current user data to be embedded in editor page. Log the access //$USER->logresult = log_it("accessed dir app (in intranet folder)"); //$USER->pics = user_pic_look( $USER->first_name, $USER->last_name, $USER->conf_goo ); //$USER->options = $OPTIONS; echo json_encode($USER); exit(); } else { echo json_encode( array("result"=>"fail", "err"=>"not logged in") ); exit(); } } // // ELSE it was "included"... do nothing. // // draw big text // https://patorjk.com/software/taag/#p=display&c=c%2B%2B&f=Doom&t=sup // // __ __ _______ ______ __ __ __ // / /_/ /_ ___ / ____/ | / / __ \ / /_/ /_ ____ _____ / /__ __ ______ __ __ // / __/ __ \/ _ \ / __/ / |/ / / / / / __/ __ \/ __ `/ __ \/ //_/ / / / / __ \/ / / / // / /_/ / / / __/ / /___/ /| / /_/ / / /_/ / / / /_/ / / / / ,< / /_/ / /_/ / /_/ / // \__/_/ /_/\___/ /_____/_/ |_/_____/ \__/_/ /_/\__,_/_/ /_/_/|_| \__, /\____/\__,_/ // /____/ // peter h 2021 ?>