123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293 |
- <?php
- // Storage API
- // PHP Backend
- // CBlue SPRL, Jean-Karim Bockstael, <jeankarim@cblue.be>
- require_once('../inc/global.inc.php');
- // variable cleaning...
- foreach (array("svkey", "svvalue") as $key) {
- $_REQUEST[$key] = Database::escape_string($_REQUEST[$key]);
- }
- foreach (array("svuser", "svcourse", "svsco", "svlength", "svasc") as $key) {
- $_REQUEST[$key] = intval($_REQUEST[$key]);
- }
- switch ($_REQUEST['action']) {
- case "get":
- print storage_get($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
- break;
- case "set":
- if (storage_can_set($_REQUEST['svuser'])) {
- print storage_set($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svvalue']);
- }
- break;
- case "getall":
- print storage_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco']);
- break;
- case "stackpush":
- if (storage_can_set($_REQUEST['svuser'])) {
- print storage_stack_push($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svvalue']);
- }
- break;
- case "stackpop":
- if (storage_can_set($_REQUEST['svuser'])) {
- print storage_stack_pop($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
- }
- break;
- case "stacklength":
- print storage_stack_length($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
- break;
- case "stackclear":
- if (storage_can_set($_REQUEST['svuser'])) {
- print storage_stack_clear($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
- }
- break;
- case "stackgetall":
- if (storage_can_set($_REQUEST['svuser']))
- print storage_stack_getall($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey']);
- break;
- case "getposition":
- print storage_get_position($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc']);
- break;
- case "getleaders":
- print storage_get_leaders($_REQUEST['svuser'], $_REQUEST['svcourse'], $_REQUEST['svsco'], $_REQUEST['svkey'], $_REQUEST['svasc'], $_REQUEST['svlength']);
- break;
- case "usersgetall":
- // security issue
- print "NOT allowed, security issue, see sources";
- // print storage_get_all_users();
- break;
- default:
- // Do nothing
- }
- function storage_can_set($sv_user) {
- // platform admin can change any user's stored values, other users can only change their own values
- $allowed = ((api_is_platform_admin()) || ($sv_user == api_get_user_id()));
- if (!$allowed) {
- print "ERROR : Not allowed";
- }
- return $allowed;
- }
- function storage_get($sv_user, $sv_course, $sv_sco, $sv_key) {
- $sql = "select sv_value
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."
- where user_id= '$sv_user'
- and sco_id = '$sv_sco'
- and course_id = '$sv_course'
- and sv_key = '$sv_key'";
- $res = Database::query($sql);
- if (Database::num_rows($res) > 0) {
- $row = Database::fetch_assoc($res);
- if (get_magic_quotes_gpc()) {
- return stripslashes($row['sv_value']);
- } else {
- return $row['sv_value'];
- }
- }
- else {
- return null;
- }
- }
- function storage_get_leaders($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length) {
- // get leaders
- $sql_leaders = "select u.user_id, firstname, lastname, email, username, sv_value as value
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." sv,
- ".Database::get_main_table(TABLE_MAIN_USER)." u
- where u.user_id=sv.user_id
- and sco_id = '$sv_sco'
- and course_id = '$sv_course'
- and sv_key = '$sv_key'
- order by sv_value ".($sv_asc ? "ASC": "DESC")." limit $sv_length";
- // $sql_data = "select sv.user_id as user_id, sv_key as variable, sv_value as value
- // from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." sv
- // where sv.user_id in (select u2.user_id from ($sql_leaders) u2)
- // and sco_id = '$sv_sco'
- // and course_id = '$sv_course'";
- // $resData = Database::query($sql_data);
- // $data = Array();
- // while($row = Database::fetch_assoc($resData))
- // $data[] = $row; // fetching all data
- //
- $resLeaders = Database::query($sql_leaders);
- $result = array();
- while ($row = Database::fetch_assoc($resLeaders)) {
- $row["values"] = array();
- // foreach($data as $dataRow) {
- // if ($dataRow["user_id"] = $row["user_id"])
- // $row["values"][$dataRow["variable"]] = $dataRow["value"];
- // }
- $result[] = $row;
- }
- return json_encode($result);
- }
- function storage_get_position($sv_user, $sv_course, $sv_sco, $sv_key, $sv_asc, $sv_length) {
- $sql = "select count(list.user_id) as position
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." search,
- ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)." list
- where search.user_id= '$sv_user'
- and search.sco_id = '$sv_sco'
- and search.course_id = '$sv_course'
- and search.sv_key = '$sv_key'
- and list.sv_value ".($sv_asc ? "<=": ">=")." search.sv_value
- and list.sco_id = search.sco_id
- and list.course_id = search.course_id
- and list.sv_key = search.sv_key
- order by list.sv_value" ;
- $res = Database::query($sql);
- if (Database::num_rows($res) > 0) {
- $row = Database::fetch_assoc($res);
- return $row['position'];
- }
- else {
- return null;
- }
- }
- function storage_set($sv_user, $sv_course, $sv_sco, $sv_key, $sv_value) {
- $sv_value = Database::escape_string($sv_value);
- $sql = "replace into ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."
- (user_id, sco_id, course_id, sv_key, sv_value)
- values
- ('$sv_user','$sv_sco','$sv_course','$sv_key','$sv_value')";
- $res = Database::query($sql);
- return Database::affected_rows($res);
- }
- function storage_getall($sv_user, $sv_course, $sv_sco) {
- $sql = "select sv_key, sv_value
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES)."
- where user_id= '$sv_user'
- and sco_id = '$sv_sco'
- and course_id = '$sv_course'";
- $res = Database::query($sql);
- $data = array();
- while ($row = Database::fetch_assoc($res)) {
- if (get_magic_quotes_gpc()) {
- $row['sv_value'] = stripslashes($row['sv_value']);
- }
- $data[] = $row;
- }
- return json_encode($data);
- }
- function storage_stack_push($sv_user, $sv_course, $sv_sco, $sv_key, $sv_value) {
- $sv_value = Database::escape_string($sv_value);
- Database::query("start transaction");
- $sqlorder = "select ifnull((select max(stack_order)
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
- where user_id= '$sv_user'
- and sco_id='$sv_sco'
- and course_id='$sv_course'
- and sv_key='$sv_key'
- ), 0) as stack_order";
- $resorder = Database::query($sqlorder);
- $row = Database::fetch_assoc($resorder);
- $stack_order = (1 + $row['stack_order']);
- $sqlinsert = "insert into ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
- (user_id, sco_id, course_id, sv_key, stack_order, sv_value)
- values
- ('$sv_user', '$sv_sco', '$sv_course', '$sv_key', '$stack_order', '$sv_value')";
- $resinsert = Database::query($sqlinsert);
- if ($resorder && $resinsert) {
- Database::query("commit");
- return 1;
- }
- else {
- Database::query("rollback");
- return 0;
- }
- }
- function storage_stack_pop($sv_user, $sv_course, $sv_sco, $sv_key) {
- Database::query("start transaction");
- $sqlselect = "select sv_value, stack_order
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
- where user_id= '$sv_user'
- and sco_id='$sv_sco'
- and course_id='$sv_course'
- and sv_key='$sv_key'
- order by stack_order desc
- limit 1";
- $resselect = Database::query($sqlselect);
- $rowselect = Database::fetch_assoc($resselect);
- $stack_order = $rowselect['stack_order'];
- $sqldelete = "delete
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
- where user_id= '$sv_user'
- and sco_id='$sv_sco'
- and course_id='$sv_course'
- and sv_key='$sv_key'
- and stack_order='$stack_order'";
- $resdelete = Database::query($sqldelete);
- if ($resselect && $resdelete) {
- Database::query("commit");
- if (get_magic_quotes_gpc()) {
- return stripslashes($rowselect['sv_value']);
- } else {
- return $rowselect['sv_value'];
- }
- } else {
- Database::query("rollback");
- return null;
- }
- }
- function storage_stack_length($sv_user, $sv_course, $sv_sco, $sv_key) {
- $sql = "select count(*) as length
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
- where user_id= '$sv_user'
- and sco_id='$sv_sco'
- and course_id='$sv_course'
- and sv_key='$sv_key'";
- $res = Database::query($sql);
- $row = Database::fetch_assoc($res);
- return $row['length'];
- }
- function storage_stack_clear($sv_user, $sv_course, $sv_sco, $sv_key) {
- $sql = "delete
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
- where user_id= '$sv_user'
- and sco_id='$sv_sco'
- and course_id='$sv_course'
- and sv_key='$sv_key'";
- $res = Database::query($sql);
- return Database::num_rows($res);
- }
- function storage_stack_getall($sv_user, $sv_course, $sv_sco, $sv_key) {
- $sql = "select stack_order as stack_order, sv_value as value
- from ".Database::get_main_table(TABLE_TRACK_STORED_VALUES_STACK)."
- where user_id= '$sv_user'
- and sco_id='$sv_sco'
- and course_id='$sv_course'
- and sv_key='$sv_key'";
- $res = Database::query($sql);
- $results = array();
- while ($row = Database::fetch_assoc($res)) {
- if (get_magic_quotes_gpc()) {
- $row['value'] = stripslashes($row['value']);
- }
- $results[] = $row;
- }
- return json_encode($results);
- }
- function storage_get_all_users() {
- $sql = "select user_id, username, firstname, lastname
- from ".Database::get_main_table(TABLE_MAIN_USER)."
- order by user_id asc";
- $res = Database::query($sql);
- $results = array();
- while ($row = Database::fetch_assoc($res)) {
- $results[] = $row;
- }
- return json_encode($results);
- }
|