494 lines
18 KiB
PHP
494 lines
18 KiB
PHP
<?php
|
|
|
|
session_start();
|
|
$mysqllogin = json_decode(file_get_contents("secrets/MysqlLogin.json"), false);
|
|
|
|
$mysqli = new mysqli('localhost', $mysqllogin->DBUser, $mysqllogin->DBPassword, $mysqllogin->DBName);
|
|
|
|
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
|
|
$action = htmlspecialchars($_POST["action"]);
|
|
|
|
if($action == "login"){
|
|
$uname = htmlspecialchars($_POST["username"]);
|
|
$pwd = htmlspecialchars($_POST["password"]);
|
|
$stmt1 = $mysqli->prepare("SELECT PWD, ID, FullName, Nickname, CanSeeFullNames, CanSeeOthersComments, IsAdmin FROM Users WHERE Username = ?;");
|
|
$stmt1->bind_param('s', $uname);
|
|
$stmt1->bind_result($pwdhash, $uid, $fullname, $nick, $fullnamepriv, $otherscommentspriv, $adminpriv);
|
|
$stmt1->execute();
|
|
$stmt1->store_result();
|
|
if ($stmt1->num_rows > 0){
|
|
while ($stmt1->fetch()){
|
|
if(password_verify($pwd, $pwdhash)){
|
|
$_SESSION["username"] = $uname;
|
|
$_SESSION["loggedin"] = 1;
|
|
$_SESSION["userID"] = $uid;
|
|
$_SESSION["fullname"] = $fullname;
|
|
$_SESSION["nickname"] = $nick;
|
|
$_SESSION["canseefullnames"] = $fullnamepriv;
|
|
$_SESSION["canseeotherscomments"] = $otherscommentspriv;
|
|
$_SESSION["isadmin"] = $adminpriv;
|
|
}
|
|
}
|
|
}
|
|
echo "Logged in";
|
|
return;
|
|
}
|
|
|
|
if($action == "logout"){
|
|
session_destroy();
|
|
echo "Logged out";
|
|
return;
|
|
}
|
|
|
|
|
|
|
|
|
|
function processUserRelated($actionin, mysqli $mysqliconn){
|
|
|
|
if($actionin == "setnickname"){
|
|
$newNick = htmlspecialchars($_POST["newnick"]);
|
|
$_SESSION["nickname"] = $newNick;
|
|
$stmt2 = $mysqliconn->prepare("UPDATE Users SET Nickname=? WHERE ID = ?;");
|
|
$stmt2->bind_param('si', $newNick, $_SESSION["userID"]);
|
|
$stmt2->execute();
|
|
$stmt2->store_result();
|
|
}
|
|
|
|
if($actionin == "setfullname"){
|
|
$newFull = htmlspecialchars($_POST["newFull"]);
|
|
$_SESSION["fullname"] = $newNick;
|
|
$stmt3 = $mysqliconn->prepare("UPDATE Users SET FullName=? WHERE ID = ?;");
|
|
$stmt3->bind_param('si', $newFull, $_SESSION["userID"]);
|
|
$stmt3->execute();
|
|
$stmt3->store_result();
|
|
}
|
|
|
|
if($actionin == "setpassword"){
|
|
$oldPWD = htmlspecialchars($_POST["oldPWD"]);
|
|
$newPWD = htmlspecialchars($_POST["newPWD"]);
|
|
$stmt4 = $mysqliconn->prepare("SELECT PWD FROM Users WHERE ID = ? AND Username = ?;");
|
|
$stmt4->bind_param('is', $_SESSION["userID"], $_SESSION["username"]);
|
|
$stmt4->bind_result($pwdhash);
|
|
$stmt4->execute();
|
|
$stmt4->store_result();
|
|
if ($stmt4->num_rows > 0){
|
|
while ($stmt4->fetch()){
|
|
if(password_verify($oldPWD, $pwdhash)){
|
|
$stmt5 = $mysqliconn->prepare("UPDATE Users SET PWD=? WHERE ID = ?;");
|
|
$newPWDhash = password_hash($newPWD, PASSWORD_DEFAULT);
|
|
$stmt5->bind_param('si', $newPWDhash, $_SESSION["userID"]);
|
|
$stmt5->execute();
|
|
$stmt5->store_result();
|
|
return "Password changed";
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if($actionin == "getcurrentuser"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getallusers"){
|
|
$stmt6 = $mysqliconn->prepare("SELECT ID, Username, Nickname, FullName, IsAdmin FROM Users;");
|
|
$stmt6->execute();
|
|
$stmt6->bind_result($id, $uname, $nick, $fnamex, $isadmin);
|
|
$stmt6->store_result();
|
|
$outarr = array();
|
|
if ($stmt6->num_rows > 0){
|
|
while ($stmt6->fetch()){
|
|
if ($_SESSION["canseefullnames"] == 1){
|
|
$fname = $fnamex;
|
|
}
|
|
else{
|
|
$fname = "";
|
|
}
|
|
$tmparr["id"] = $id;
|
|
$tmparr["username"] = $uname;
|
|
$tmparr["nickname"] = $nick;
|
|
$tmparr["fullname"] = $fname;
|
|
$tmparr["isadmin"] = $isadmin;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
|
|
if($actionin == "adduser"){
|
|
if($_SESSION["isadmin"] == 1){
|
|
$stmt7 = $mysqliconn->prepare("INSERT INTO Users (Username, Nickname, FullName, PWD, CanSeeFullNames, CanSeeOthersComments, IsAdmin) VALUES (?, ?, ?, ?, ?, ?, ?);");
|
|
$uname = htmlspecialchars($_POST["username"]);
|
|
$nick = htmlspecialchars($_POST["nickname"]);
|
|
$fname = htmlspecialchars($_POST["fullname"]);
|
|
$pwdx = htmlspecialchars($_POST["password"]);
|
|
$canfullnames = intval($_POST["canseefullnames"]);
|
|
$cancomments = intval($_POST["canseeotherscomments"]);
|
|
$pwd = password_hash($pwdx, PASSWORD_DEFAULT);
|
|
$admin = intval($_POST["isadmin"]);
|
|
$stmt7->bind_param("ssssiii", $uname, $nick, $fname, $pwd, $canfullnames, $cancomments, $admin);
|
|
$stmt7->execute();
|
|
$stmt7->store_result();
|
|
return "User added";
|
|
}
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
function processCitationRelated($actionin, mysqli $mysqliconn){
|
|
|
|
if($actionin == "getallcitations"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getrandomcitation"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getcitationsfulltextsearch"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getcitationsbyuser"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getcitationthreadbyid"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getcitationversionbyid"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getcitationsbysource"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getcitationsbytags"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getcitationsbyverse"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
if($actionin == "getcitationsuggestionsbyverse"){
|
|
//TODO Create this query
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
|
|
function processTagsRelated($actionin, mysqli $mysqliconn){
|
|
|
|
if($actionin == "createtag"){
|
|
|
|
$stmt9 = $mysqliconn->prepare("INSERT INTO Tags (TagName, CreatorID) VALUES (?, ?);");
|
|
$tagname = htmlspecialchars($_POST["tagname"]);
|
|
$uid = $_SESSION["userID"];
|
|
$stmt9->bind_param("si", $tagname, $uid);
|
|
$stmt9->execute();
|
|
$stmt9->store_result();
|
|
|
|
}
|
|
|
|
if($actionin == "getalltags"){
|
|
$stmt10 = $mysqliconn->prepare("SELECT ID, TagName, CreatorID FROM Tags;");
|
|
$stmt10->execute();
|
|
$stmt10->bind_result($id, $tagname, $creatorid);
|
|
$stmt10->store_result();
|
|
$outarr = array();
|
|
if ($stmt10->num_rows > 0){
|
|
while ($stmt10->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["tagname"] = $tagname;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
|
|
if($actionin == "gettagsbycreator"){
|
|
$stmt11 = $mysqliconn->prepare("SELECT ID, TagName, CreatorID FROM Tags WHERE CreatorID = ?;");
|
|
$cruid = intval($_POST['creatorid']);
|
|
$stmt11->bind_param("i", $cruid);
|
|
$stmt11->execute();
|
|
$stmt11->bind_result($id, $tagname, $creatorid);
|
|
$stmt11->store_result();
|
|
$outarr = array();
|
|
if ($stmt11->num_rows > 0){
|
|
while ($stmt11->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["tagname"] = $tagname;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
function processSourcesRelated($actionin, mysqli $mysqliconn){
|
|
|
|
if($actionin == "createsource"){
|
|
$stmt12 = $mysqliconn->prepare("INSERT INTO Sources (PublicationID, Place, CreatorID) VALUES (?, ?, ?);");
|
|
$publicationid = intval($_POST["publicationid"]);
|
|
$place = htmlspecialchars($_POST["place"]);
|
|
$cruid = $_SESSION["userID"];
|
|
$stmt12->bind_param("isi", $publicationid, $place, $cruid);
|
|
$stmt12->execute();
|
|
$stmt12->store_result();
|
|
}
|
|
|
|
if($actionin == "getallsources"){
|
|
//TODO Use JOIN to embed the publication info
|
|
$stmt17 = $mysqliconn->prepare("SELECT ID, PublicationID, Place, CreatorID FROM Sources;");
|
|
$stmt17->execute();
|
|
$stmt17->bind_result($id, $publicationid, $place, $creatorid);
|
|
$stmt17->store_result();
|
|
$outarr = array();
|
|
if ($stmt17->num_rows > 0){
|
|
while ($stmt17->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["publicationid"] = $publicationid;
|
|
$tmparr["place"] = $place;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
|
|
if($actionin == "getallsourcesbycreator"){
|
|
//TODO Use JOIN to embed the publication info
|
|
$stmt13 = $mysqliconn->prepare("SELECT ID, PublicationID, Place, CreatorID FROM Sources WHERE CreatorID = ?;");
|
|
$cruid = intval($_POST['creatorid']);
|
|
$stmt13->bind_param("i", $cruid);
|
|
$stmt13->execute();
|
|
$stmt13->bind_result($id, $publicationid, $place, $creatorid);
|
|
$stmt13->store_result();
|
|
$outarr = array();
|
|
if ($stmt13->num_rows > 0){
|
|
while ($stmt13->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["publicationid"] = $publicationid;
|
|
$tmparr["place"] = $place;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
function processCommentRelated($actionin, mysqli $mysqliconn){
|
|
|
|
if($actionin == "createcomment"){
|
|
$stmt14 = $mysqliconn->prepare("INSERT INTO Comments (CreatorID, CitationID, CitationThreadID, Content) VALUES (?, ?, ?, ?);");
|
|
$creatorid = $_SESSION["userid"];
|
|
$citationid = intval($_POST["citationid"]);
|
|
$citationthreadid = intval($_POST["citationthreadid"]);
|
|
$content = htmlspecialchars($_POST["content"]);
|
|
$stmt14->bind_param("iiis", $creatorid, $citationid, $citationthreadid, $content);
|
|
$stmt14->execute();
|
|
$stmt14->store_result();
|
|
}
|
|
|
|
if($actionin == "getallcommentsbycreator"){
|
|
//TODO Use JOIN to embed the citation info
|
|
$stmt15 = $mysqliconn->prepare("SELECT ID, CreatorID, CitationID, CitationThreadID, Content FROM Comments WHERE CreatorID = ?;");
|
|
$cruid = intval($_POST['creatorid']);
|
|
$stmt15->bind_param("i", $cruid);
|
|
$stmt15->execute();
|
|
$stmt15->bind_result($id, $creatorid, $citationid, $citationthreadid, $content);
|
|
$stmt15->store_result();
|
|
$outarr = array();
|
|
if ($stmt15->num_rows > 0){
|
|
while ($stmt15->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
$tmparr["citationid"] = $citationid;
|
|
$tmparr["citationthreadid"] = $citationthreadid;
|
|
$tmparr["content"] = $content;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
//TODO Also send user info with ID
|
|
if($actionin == "getcommentsbycitationlatestversion"){
|
|
//TODO Create this query
|
|
//TODO Use JOIN to embed the citation info
|
|
}
|
|
|
|
if($actionin == "getcommentsbycitationbyversion"){
|
|
//TODO Create this query
|
|
//TODO Use JOIN to embed the citation info
|
|
}
|
|
|
|
if($actionin == "getcommentsbycitationallversions"){
|
|
//TODO Create this query
|
|
//TODO Use JOIN to embed the citation info
|
|
}
|
|
|
|
return 0;
|
|
}
|
|
|
|
function processAuthorRelated($actionin, mysqli $mysqliconn){
|
|
|
|
if($actionin == "createauthor"){
|
|
$stmt16 = $mysqliconn->prepare("INSERT INTO Authors (AuthorName, CreatorID) VALUES (?, ?);");
|
|
$authorname = htmlspecialchars($_POST["authorname"]);
|
|
$cruid = $_SESSION["userID"];
|
|
$stmt16->bind_param("si", $authorname, $cruid);
|
|
$stmt16->execute();
|
|
$stmt16->store_result();
|
|
}
|
|
|
|
if($actionin == "getallauthors"){
|
|
$stmt18 = $mysqliconn->prepare("SELECT ID, AuthorName, CreatorID FROM Authors;");
|
|
$stmt18->execute();
|
|
$stmt18->bind_result($id, $authorname, $creatorid);
|
|
$stmt18->store_result();
|
|
$outarr = array();
|
|
if ($stmt18->num_rows > 0){
|
|
while ($stmt18->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["authorname"] = $authorname;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
|
|
if($actionin == "getallauthorsbycreator"){
|
|
$stmt19 = $mysqliconn->prepare("SELECT ID, AuthorName, CreatorID FROM Authors WHERE CreatorID = ?;");
|
|
$cruid = intval($_POST['creatorid']);
|
|
$stmt19->bind_param("i", $cruid);
|
|
$stmt19->execute();
|
|
$stmt19->bind_result($id, $authorname, $creatorid);
|
|
$stmt19->store_result();
|
|
$outarr = array();
|
|
if ($stmt19->num_rows > 0){
|
|
while ($stmt19->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["authorname"] = $authorname;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
|
|
}
|
|
function processPublicationRelated($actionin, mysqli $mysqliconn){
|
|
if($actionin == "createpublication"){
|
|
$stmt20 = $mysqliconn->prepare("INSERT INTO Publications (PublicationName, AuthorID, CreatorID) VALUES (?, ?, ?);");
|
|
$publicationname = htmlspecialchars($_POST["publicationname"]);
|
|
$authorid = intval($_POST['authorid']);
|
|
$cruid = $_SESSION["userID"];
|
|
$stmt20->bind_param("sii", $publicationname, $authorid, $cruid);
|
|
$stmt20->execute();
|
|
$stmt20->store_result();
|
|
}
|
|
|
|
if($actionin == "getallpublications"){
|
|
$stmt21 = $mysqliconn->prepare("SELECT ID, PublicationName, AuthorID, CreatorID FROM Publications;");
|
|
$stmt21->execute();
|
|
$stmt21->bind_result($id, $publicationname, $authorid, $creatorid);
|
|
$stmt21->store_result();
|
|
$outarr = array();
|
|
if ($stmt21->num_rows > 0){
|
|
while ($stmt21->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["publicationname"] = $publicationname;
|
|
$tmparr["authorid"] = $authorid;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
|
|
if($actionin == "getallpublicationsbycreator"){
|
|
$stmt22 = $mysqliconn->prepare("SELECT ID, PublicationName, AuthorID, CreatorID FROM Publications WHERE CreatorID = ?;");
|
|
$cruid = intval($_POST['creatorid']);
|
|
$stmt22->bind_param("i", $cruid);
|
|
$stmt22->execute();
|
|
$stmt22->bind_result($id, $publicationname, $authorid, $creatorid);
|
|
$stmt22->store_result();
|
|
$outarr = array();
|
|
if ($stmt22->num_rows > 0){
|
|
while ($stmt22->fetch()){
|
|
$tmparr["id"] = $id;
|
|
$tmparr["publicationname"] = $publicationname;
|
|
$tmparr["authorid"] = $authorid;
|
|
$tmparr["creatorid"] = $creatorid;
|
|
array_push($outarr, $tmparr);
|
|
}
|
|
}
|
|
return json_encode($outarr);
|
|
}
|
|
}
|
|
|
|
|
|
if($_SESSION["loggedin"] == 1){
|
|
|
|
$citationreturn = processCitationRelated($action, $mysqli);
|
|
if($citationreturn != 0){
|
|
echo $citationreturn;
|
|
return;
|
|
}
|
|
|
|
$commentreturn = processCommentRelated($action, $mysqli);
|
|
if($commentreturn != 0){
|
|
echo $commentreturn;
|
|
return;
|
|
}
|
|
|
|
$tagsreturn = processTagsRelated($action, $mysqli);
|
|
if($tagsreturn != 0){
|
|
echo $tagsreturn;
|
|
return;
|
|
}
|
|
|
|
$sourcereturn = processSourcesRelated($action, $mysqli);
|
|
if($sourcereturn != 0){
|
|
echo $sourcereturn;
|
|
return;
|
|
}
|
|
|
|
$authorreturn = processAuthorRelated($action, $mysqli);
|
|
if($authorreturn != 0){
|
|
echo $authorreturn;
|
|
return;
|
|
}
|
|
|
|
$publicationreturn = processPublicationRelated($action, $mysqli);
|
|
if($publicationreturn != 0){
|
|
echo $publicationreturn;
|
|
return;
|
|
}
|
|
|
|
$userreturn = processUserRelated($action, $mysqli);
|
|
if($userreturn != 0){
|
|
echo $userreturn;
|
|
return;
|
|
}
|
|
}
|
|
else{
|
|
echo "Not logged in";
|
|
return;
|
|
}
|
|
}
|
|
|
|
?>
|