DBUser, $mysqllogin->DBPassword, $mysqllogin->DBName); if ($_SERVER['REQUEST_METHOD'] === 'POST') { $action = htmlspecialchars($_POST["action"]); if($action == "login"){ $uname = htmlspecialchars($_POST["username"]); $pwd = htmlspecialchars($_POST["password"]); $stmt1 = $mysqli->prepare("SELECT PWD, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin FROM Users WHERE Username = ?;"); $stmt1->bind_param('s', $uname); $stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv); $stmt1->execute(); $stmt1->store_result(); if ($stmt1->num_rows > 0){ while ($stmt1->fetch()){ if(password_verify($pwd, $pwdhash)){ $_SESSION["username"] = $uname; $_SESSION["loggedin"] = 1; $_SESSION["userID"] = $uid; $_SESSION["fullname"] = $fullname; $_SESSION["nickname"] = $nick; $_SESSION["canseefullnames"] = $fullnamepriv; $_SESSION["canseeotherscomments"] = $otherscommentspriv; $_SESSION["isadmin"] = $adminpriv; } } } echo "Logged in"; return; } if($action == "logout"){ session_destroy(); echo "Logged out"; return; } function processUserRelated($actionin, mysqli $mysqliconn){ if($actionin == "setnickname"){ $newNick = htmlspecialchars($_POST["newnick"]); $_SESSION["nickname"] = $newNick; $stmt2 = $mysqliconn->prepare("UPDATE Users SET Nickname=? WHERE ID = ?;"); $stmt2->bind_param('si', $newNick, $_SESSION["userID"]); $stmt2->execute(); $stmt2->store_result(); } if($actionin == "setfullname"){ $newFull = htmlspecialchars($_POST["newFull"]); $_SESSION["fullname"] = $newNick; $stmt3 = $mysqliconn->prepare("UPDATE Users SET FullName=? WHERE ID = ?;"); $stmt3->bind_param('si', $newFull, $_SESSION["userID"]); $stmt3->execute(); $stmt3->store_result(); } if($actionin == "setpassword"){ $oldPWD = htmlspecialchars($_POST["oldPWD"]); $newPWD = htmlspecialchars($_POST["newPWD"]); $stmt4 = $mysqliconn->prepare("SELECT PWD FROM Users WHERE ID = ? AND Username = ?;"); $stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]); $stmt4->bind_result($pwdhash); $stmt4->execute(); $stmt4->store_result(); if ($stmt4->num_rows > 0){ while ($stmt4->fetch()){ if(password_verify($oldPWD, $pwdhash)){ $stmt5 = $mysqliconn->prepare("UPDATE Users SET PWD=? WHERE ID = ?;"); $newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT); $stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]); $stmt5->execute(); $stmt5->store_result(); return "Password changed"; } } } } if($actionin == "getcurrentuser"){ //TODO Create this query } if($actionin == "getallusers"){ $stmt6 = $mysqliconn->prepare("SELECT ID, Username, Nickname, FullName, IsAdmin FROM Users;"); $stmt6->execute(); $stmt6->bind_result($id, $uname, $nick, $fnamex, $isadmin); $stmt6->store_result(); $outarr = array(); if ($stmt6->num_rows > 0){ while ($stmt6->fetch()){ if ($_SESSION["canseefullnames"] == 1){ $fname = $fnamex; } else{ $fname = ""; } $tmparr["id"] = $id; $tmparr["username"] = $uname; $tmparr["nickname"] = $nick; $tmparr["fullname"] = $fname; $tmparr["isadmin"] = $isadmin; array_push($outarr, $tmparr); } } return json_encode($outarr); } if($actionin == "adduser"){ if($_SESSION["isadmin"] == 1){ $stmt7 = $mysqliconn->prepare("INSERT INTO Users (Username, Nickname, FullName, PWD, CanSeeFullNames, CanSeeOthersComments, IsAdmin) VALUES (?, ?, ?, ?, ?, ?, ?);"); $uname = htmlspecialchars($_POST["username"]); $nick = htmlspecialchars($_POST["nickname"]); $fname = htmlspecialchars($_POST["fullname"]); $pwdx = htmlspecialchars($_POST["password"]); $canfullnames = intval($_POST["canseefullnames"]); $cancomments = intval($_POST["canseeotherscomments"]); $pwd = password_hash($pwdx, PASSWORD_DEFAULT); $admin = intval($_POST["isadmin"]); $stmt7->bind_param("ssssiii", $uname, $nick, $fname, $pwd, $canfullnames, $cancomments, $admin); $stmt7->execute(); $stmt7->store_result(); return "User added"; } } return 0; } function processCitationRelated($actionin, mysqli $mysqliconn){ if($actionin == "getallcitations"){ //TODO Create this query } if($actionin == "getrandomcitation"){ //TODO Create this query } if($actionin == "getcitationsfulltextsearch"){ //TODO Create this query } if($actionin == "getcitationsbyuser"){ //TODO Create this query } if($actionin == "getcitationthreadbyid"){ //TODO Create this query } if($actionin == "getcitationversionbyid"){ //TODO Create this query } if($actionin == "getcitationsbysource"){ //TODO Create this query } if($actionin == "getcitationsbytags"){ //TODO Create this query } if($actionin == "getcitationsbyverse"){ //TODO Create this query } if($actionin == "getcitationsuggestionsbyverse"){ //TODO Create this query } return 0; } function processTagsRelated($actionin, mysqli $mysqliconn){ if($actionin == "createtag"){ $stmt9 = $mysqliconn->prepare("INSERT INTO Tags (TagName, CreatorID) VALUES (?, ?);"); $tagname = htmlspecialchars($_POST["tagname"]); $uid = $_SESSION["userID"]; $stmt9->bind_param("si", $tagname, $uid); $stmt9->execute(); $stmt9->store_result(); } if($actionin == "getalltags"){ $stmt10 = $mysqliconn->prepare("SELECT ID, TagName, CreatorID FROM Tags;"); $stmt10->execute(); $stmt10->bind_result($id, $tagname, $creatorid); $stmt10->store_result(); $outarr = array(); if ($stmt10->num_rows > 0){ while ($stmt10->fetch()){ $tmparr["id"] = $id; $tmparr["tagname"] = $tagname; $tmparr["creatorid"] = $creatorid; array_push($outarr, $tmparr); } } return json_encode($outarr); } if($actionin == "gettagsbycreator"){ $stmt11 = $mysqliconn->prepare("SELECT ID, TagName, CreatorID FROM Tags WHERE CreatorID = ?;"); $cruid = intval($_POST['creatorid']); $stmt11->bind_param("i", $cruid); $stmt11->execute(); $stmt11->bind_result($id, $tagname, $creatorid); $stmt11->store_result(); $outarr = array(); if ($stmt11->num_rows > 0){ while ($stmt11->fetch()){ $tmparr["id"] = $id; $tmparr["tagname"] = $tagname; $tmparr["creatorid"] = $creatorid; array_push($outarr, $tmparr); } } return json_encode($outarr); } return 0; } function processSourcesRelated($actionin, mysqli $mysqliconn){ if($actionin == "createsource"){ $stmt12 = $mysqliconn->prepare("INSERT INTO Sources (PublicationID, Place, CreatorID) VALUES (?, ?, ?);"); $publicationid = intval($_POST["publicationid"]); $place = htmlspecialchars($_POST["place"]); $cruid = $_SESSION["userID"]; $stmt12->bind_param("isi", $publicationid, $place, $cruid); $stmt12->execute(); $stmt12->store_result(); } if($actionin == "getallsources"){ //TODO Use JOIN to embed the publication info $stmt17 = $mysqliconn->prepare("SELECT ID, PublicationID, Place, CreatorID FROM Sources;"); $stmt17->execute(); $stmt17->bind_result($id, $publicationid, $place, $creatorid); $stmt17->store_result(); $outarr = array(); if ($stmt17->num_rows > 0){ while ($stmt17->fetch()){ $tmparr["id"] = $id; $tmparr["publicationid"] = $publicationid; $tmparr["place"] = $place; $tmparr["creatorid"] = $creatorid; array_push($outarr, $tmparr); } } return json_encode($outarr); } if($actionin == "getallsourcesbycreator"){ //TODO Use JOIN to embed the publication info $stmt13 = $mysqliconn->prepare("SELECT ID, PublicationID, Place, CreatorID FROM Sources WHERE CreatorID = ?;"); $cruid = intval($_POST['creatorid']); $stmt13->bind_param("i", $cruid); $stmt13->execute(); $stmt13->bind_result($id, $publicationid, $place, $creatorid); $stmt13->store_result(); $outarr = array(); if ($stmt13->num_rows > 0){ while ($stmt13->fetch()){ $tmparr["id"] = $id; $tmparr["publicationid"] = $publicationid; $tmparr["place"] = $place; $tmparr["creatorid"] = $creatorid; array_push($outarr, $tmparr); } } return json_encode($outarr); } return 0; } function processCommentRelated($actionin, mysqli $mysqliconn){ if($actionin == "createcomment"){ $stmt14 = $mysqliconn->prepare("INSERT INTO Comments (CreatorID, CitationID, CitationThreadID, Content) VALUES (?, ?, ?, ?);"); $creatorid = $_SESSION["userid"]; $citationid = intval($_POST["citationid"]); $citationthreadid = intval($_POST["citationthreadid"]); $content = htmlspecialchars($_POST["content"]); $stmt14->bind_param("iiis", $creatorid, $citationid, $citationthreadid, $content); $stmt14->execute(); $stmt14->store_result(); } if($actionin == "getallcommentsbycreator"){ //TODO Use JOIN to embed the citation info $stmt15 = $mysqliconn->prepare("SELECT ID, CreatorID, CitationID, CitationThreadID, Content FROM Comments WHERE CreatorID = ?;"); $cruid = intval($_POST['creatorid']); $stmt15->bind_param("i", $cruid); $stmt15->execute(); $stmt15->bind_result($id, $creatorid, $citationid, $citationthreadid, $content); $stmt15->store_result(); $outarr = array(); if ($stmt15->num_rows > 0){ while ($stmt15->fetch()){ $tmparr["id"] = $id; $tmparr["creatorid"] = $creatorid; $tmparr["citationid"] = $citationid; $tmparr["citationthreadid"] = $citationthreadid; $tmparr["content"] = $content; array_push($outarr, $tmparr); } } return json_encode($outarr); } //TODO Also send user info with ID if($actionin == "getcommentsbycitationlatestversion"){ //TODO Create this query //TODO Use JOIN to embed the citation info } if($actionin == "getcommentsbycitationbyversion"){ //TODO Create this query //TODO Use JOIN to embed the citation info } if($actionin == "getcommentsbycitationallversions"){ //TODO Create this query //TODO Use JOIN to embed the citation info } return 0; } function processAuthorRelated($actionin, mysqli $mysqliconn){ if($actionin == "createauthor"){ $stmt16 = $mysqliconn->prepare("INSERT INTO Authors (AuthorName, CreatorID) VALUES (?, ?);"); $authorname = htmlspecialchars($_POST["authorname"]); $cruid = $_SESSION["userID"]; $stmt16->bind_param("si", $authorname, $cruid); $stmt16->execute(); $stmt16->store_result(); } if($actionin == "getallauthors"){ $stmt18 = $mysqliconn->prepare("SELECT ID, AuthorName, CreatorID FROM Authors;"); $stmt18->execute(); $stmt18->bind_result($id, $authorname, $creatorid); $stmt18->store_result(); $outarr = array(); if ($stmt18->num_rows > 0){ while ($stmt18->fetch()){ $tmparr["id"] = $id; $tmparr["authorname"] = $authorname; $tmparr["creatorid"] = $creatorid; array_push($outarr, $tmparr); } } return json_encode($outarr); } if($actionin == "getallauthorsbycreator"){ $stmt19 = $mysqliconn->prepare("SELECT ID, AuthorName, CreatorID FROM Authors WHERE CreatorID = ?;"); $cruid = intval($_POST['creatorid']); $stmt19->bind_param("i", $cruid); $stmt19->execute(); $stmt19->bind_result($id, $authorname, $creatorid); $stmt19->store_result(); $outarr = array(); if ($stmt19->num_rows > 0){ while ($stmt19->fetch()){ $tmparr["id"] = $id; $tmparr["authorname"] = $authorname; $tmparr["creatorid"] = $creatorid; array_push($outarr, $tmparr); } } return json_encode($outarr); } } function processPublicationRelated($actionin, mysqli $mysqliconn){ if($actionin == "createpublication"){ $stmt20 = $mysqliconn->prepare("INSERT INTO Publications (PublicationName, AuthorID, CreatorID) VALUES (?, ?, ?);"); $publicationname = htmlspecialchars($_POST["publicationname"]); $authorid = intval($_POST['authorid']); $cruid = $_SESSION["userID"]; $stmt20->bind_param("sii", $publicationname, $authorid, $cruid); $stmt20->execute(); $stmt20->store_result(); } if($actionin == "getallpublications"){ $stmt21 = $mysqliconn->prepare("SELECT ID, PublicationName, AuthorID, CreatorID FROM Publications;"); $stmt21->execute(); $stmt21->bind_result($id, $publicationname, $authorid, $creatorid); $stmt21->store_result(); $outarr = array(); if ($stmt21->num_rows > 0){ while ($stmt21->fetch()){ $tmparr["id"] = $id; $tmparr["publicationname"] = $publicationname; $tmparr["authorid"] = $authorid; $tmparr["creatorid"] = $creatorid; array_push($outarr, $tmparr); } } return json_encode($outarr); } if($actionin == "getallpublicationsbycreator"){ $stmt22 = $mysqliconn->prepare("SELECT ID, PublicationName, AuthorID, CreatorID FROM Publications WHERE CreatorID = ?;"); $cruid = intval($_POST['creatorid']); $stmt22->bind_param("i", $cruid); $stmt22->execute(); $stmt22->bind_result($id, $publicationname, $authorid, $creatorid); $stmt22->store_result(); $outarr = array(); if ($stmt22->num_rows > 0){ while ($stmt22->fetch()){ $tmparr["id"] = $id; $tmparr["publicationname"] = $publicationname; $tmparr["authorid"] = $authorid; $tmparr["creatorid"] = $creatorid; array_push($outarr, $tmparr); } } return json_encode($outarr); } } if($_SESSION["loggedin"] == 1){ $citationreturn = processCitationRelated($action, $mysqli); if($citationreturn != 0){ echo $citationreturn; return; } $commentreturn = processCommentRelated($action, $mysqli); if($commentreturn != 0){ echo $commentreturn; return; } $tagsreturn = processTagsRelated($action, $mysqli); if($tagsreturn != 0){ echo $tagsreturn; return; } $sourcereturn = processSourcesRelated($action, $mysqli); if($sourcereturn != 0){ echo $sourcereturn; return; } $authorreturn = processAuthorRelated($action, $mysqli); if($authorreturn != 0){ echo $authorreturn; return; } $publicationreturn = processPublicationRelated($action, $mysqli); if($publicationreturn != 0){ echo $publicationreturn; return; } $userreturn = processUserRelated($action, $mysqli); if($userreturn != 0){ echo $userreturn; return; } } else{ echo "Not logged in"; return; } } ?>