Beispiel #1
0
function processGroupInput($checks = 1)
{
    global $submitErr, $submitErrMsg, $user;
    $return = array();
    $return["groupid"] = getContinuationVar("groupid");
    $return["type"] = getContinuationVar("type");
    $return["custom"] = getContinuationVar("custom", 1);
    $return["courseroll"] = getContinuationVar("courseroll", 0);
    $return["name"] = getContinuationVar('name', processInputVar("name", ARG_STRING));
    $return["affiliationid"] = getContinuationVar('affiliationid', processInputVar("affiliationid", ARG_NUMERIC, $user['affiliationid']));
    $return["resourcetypeid"] = getContinuationVar('resourcetypeid', processInputVar("resourcetypeid", ARG_NUMERIC));
    $return["owner"] = getContinuationVar('owner', processInputVar("owner", ARG_STRING));
    $return["ownergroup"] = processInputVar("ownergroup", ARG_NUMERIC);
    $return["editgroupid"] = getContinuationVar('editgroupid', processInputVar("editgroupid", ARG_NUMERIC));
    $return["isowner"] = getContinuationVar("isowner");
    $return["initialmax"] = getContinuationVar('initialmax', processInputVar("initialmax", ARG_NUMERIC));
    $return["totalmax"] = getContinuationVar('totalmax', processInputVar("totalmax", ARG_NUMERIC));
    $return["maxextend"] = getContinuationVar('maxextend', processInputVar("maxextend", ARG_NUMERIC));
    $return["overlap"] = getContinuationVar('overlap', processInputVar("overlap", ARG_NUMERIC, 0));
    $return['editgroupids'] = getContinuationVar('editgroupids');
    $editgroupids = explode(',', $return['editgroupids']);
    $return['ownergroupids'] = getContinuationVar('ownergroupids');
    $ownergroupids = explode(',', $return['ownergroupids']);
    $groupwasnone = getContinuationVar('groupwasnone');
    $editname = getContinuationVar('editname', 1);
    $affils = getAffiliations();
    if (!array_key_exists($return['affiliationid'], $affils)) {
        $return['affiliationid'] = $user['affiliationid'];
    }
    if (!$checks) {
        return $return;
    }
    if ($return['custom'] == 1 && $return['courseroll'] == 0 && $editname) {
        if ($return['type'] == 'user' && !preg_match('/^[-a-zA-Z0-9_\\.: ]{3,30}$/', $return["name"])) {
            $submitErr |= GRPNAMEERR;
            $submitErrMsg[GRPNAMEERR] = "Name must be between 3 and 30 characters " . "and can only contain letters, numbers, " . "spaces, and these characters: - . _ :";
        } elseif ($return['type'] == 'resource' && !preg_match('/^[-a-zA-Z0-9_\\. ]{3,30}$/', $return["name"])) {
            $submitErr |= GRPNAMEERR;
            $submitErrMsg[GRPNAMEERR] = "Name must be between 3 and 30 characters " . "and can only contain letters, numbers, " . "spaces, and these characters: - . _";
        }
    }
    if ($return['type'] == 'user') {
        $extraid = $return['affiliationid'];
    } else {
        $extraid = $return['resourcetypeid'];
    }
    if (!empty($return["type"]) && !empty($return["name"]) && !($submitErr & GRPNAMEERR) && checkForGroupName($return["name"], $return["type"], $return["groupid"], $extraid)) {
        $submitErr |= GRPNAMEERR;
        $submitErrMsg[GRPNAMEERR] = "A group already exists with this name.";
    }
    if ($return['custom'] == 1 && $return['courseroll'] == 0 && $return["type"] == "user" && !validateUserid($return["owner"])) {
        $submitErr |= GRPOWNER;
        $submitErrMsg[GRPOWNER] = "Submitted ID is not valid";
    }
    if ($return["type"] == "user" && $return["courseroll"] == 0 && $return["custom"] == 1 && ($return['editgroupid'] == 0 && !$groupwasnone || !in_array($return['editgroupid'], $editgroupids)) || $return['type'] == 'resource' && !in_array($return['ownergroup'], $ownergroupids)) {
        $submitErr |= EDITGROUPERR;
        $submitErrMsg[EDITGROUPERR] = "Invalid group was selected";
    }
    if ($return["type"] == "user" && $return["initialmax"] < 30) {
        $submitErr |= INITIALMAXERR;
        $submitErrMsg[INITIALMAXERR] = "Initial max time must be at least 30 " . "minutes";
    }
    if ($return["type"] == "user" && $return["totalmax"] < 30) {
        $submitErr |= TOTALMAXERR;
        $submitErrMsg[TOTALMAXERR] = "Total max time must be at least 30 " . "minutes";
    }
    if ($return["type"] == "user" && $return["maxextend"] < 15) {
        $submitErr |= MAXEXTENDERR;
        $submitErrMsg[MAXEXTENDERR] = "Max extend time must be at least 15 " . "minutes";
    }
    if (checkUserHasPerm('Set Overlapping Reservation Count') && $return["type"] == "user" && ($return["overlap"] < 0 || $return["overlap"] == 1)) {
        $submitErr |= MAXOVERLAPERR;
        $submitErrMsg[MAXOVERLAPERR] = "Overlap can be 0 or greater than or equal to 2";
    }
    return $return;
}
Beispiel #2
0
function processGroupInput($checks = 1)
{
    global $submitErr, $submitErrMsg, $user, $viewmode;
    $return = array();
    $return["groupid"] = getContinuationVar("groupid");
    $return["type"] = getContinuationVar("type");
    $return["name"] = getContinuationVar('name', processInputVar("name", ARG_STRING));
    $return["affiliationid"] = getContinuationVar('affiliationid', processInputVar("affiliationid", ARG_NUMERIC, $user['affiliationid']));
    $return["resourcetypeid"] = getContinuationVar('resourcetypeid', processInputVar("resourcetypeid", ARG_NUMERIC));
    $return["owner"] = getContinuationVar('owner', processInputVar("owner", ARG_STRING));
    $return["ownergroup"] = processInputVar("ownergroup", ARG_NUMERIC);
    $return["editgroupid"] = getContinuationVar('editgroupid', processInputVar("editgroupid", ARG_NUMERIC));
    $return["isowner"] = getContinuationVar("isowner");
    $return["initialmax"] = getContinuationVar('initialmax', processInputVar("initialmax", ARG_NUMERIC));
    $return["totalmax"] = getContinuationVar('totalmax', processInputVar("totalmax", ARG_NUMERIC));
    $return["maxextend"] = getContinuationVar('maxextend', processInputVar("maxextend", ARG_NUMERIC));
    $return["overlap"] = getContinuationVar('overlap', processInputVar("overlap", ARG_NUMERIC, 0));
    $affils = getAffiliations();
    if (!array_key_exists($return['affiliationid'], $affils)) {
        $return['affiliationid'] = $user['affiliationid'];
    }
    if (!$checks) {
        return $return;
    }
    if (!ereg('^[-a-zA-Z0-9_\\.: ]{3,30}$', $return["name"])) {
        $submitErr |= GRPNAMEERR;
        $submitErrMsg[GRPNAMEERR] = "Name must be between 3 and 30 characters " . "and can only contain letters, numbers, and " . "these characters: - _ . :";
    }
    if ($return['type'] == 'user') {
        $extraid = $return['affiliationid'];
    } else {
        $extraid = $return['resourcetypeid'];
    }
    if (!empty($return["type"]) && !empty($return["name"]) && !($submitErr & GRPNAMEERR) && checkForGroupName($return["name"], $return["type"], $return["groupid"], $extraid)) {
        $submitErr |= GRPNAMEERR;
        $submitErrMsg[GRPNAMEERR] = "A group already exists with this name.";
    }
    if ($return["type"] == "user" && !validateUserid($return["owner"])) {
        $submitErr |= GRPOWNER;
        $submitErrMsg[GRPOWNER] = "Submitted ID is not valid";
    }
    if ($return["type"] == "user" && $return["initialmax"] < 30) {
        $submitErr |= INITIALMAXERR;
        $submitErrMsg[INITIALMAXERR] = "Initial max time must be at least 30 " . "minutes";
    }
    if ($return["type"] == "user" && $return["totalmax"] < 30) {
        $submitErr |= TOTALMAXERR;
        $submitErrMsg[TOTALMAXERR] = "Total max time must be at least 30 " . "minutes";
    }
    if ($return["type"] == "user" && $return["maxextend"] < 15) {
        $submitErr |= MAXEXTENDERR;
        $submitErrMsg[MAXEXTENDERR] = "Max extend time must be at least 15 " . "minutes";
    }
    if ($viewmode == ADMIN_DEVELOPER && $return["type"] == "user" && ($return["overlap"] < 0 || $return["overlap"] == 1)) {
        $submitErr |= MAXOVERLAPERR;
        $submitErrMsg[MAXOVERLAPERR] = "Overlap can be 0 or greater than or equal to 2";
    }
    return $return;
}
Beispiel #3
0
function validateAPIgroupInput($items, $exists)
{
    # initialMaxTime
    if (array_key_exists('initialMaxTime', $items)) {
        if (!is_numeric($items['initialMaxTime']) || $items['initialMaxTime'] < 1 || $items['initialMaxTime'] > 65535) {
            return array('status' => 'error', 'errorcode' => 21, 'errormsg' => 'submitted initialMaxTime is invalid');
        }
    }
    # totalMaxTime
    if (array_key_exists('totalMaxTime', $items)) {
        if (!is_numeric($items['totalMaxTime']) || $items['totalMaxTime'] < 1 || $items['totalMaxTime'] > 65535) {
            return array('status' => 'error', 'errorcode' => 22, 'errormsg' => 'submitted totalMaxTime is invalid');
        }
    }
    # maxExtendTime
    if (array_key_exists('maxExtendTime', $items)) {
        if (!is_numeric($items['maxExtendTime']) || $items['maxExtendTime'] < 1 || $items['maxExtendTime'] > 65535) {
            return array('status' => 'error', 'errorcode' => 23, 'errormsg' => 'submitted maxExtendTime is invalid');
        }
    }
    # affiliation
    if (array_key_exists('affiliation', $items)) {
        $esc_affiliation = mysql_escape_string($items['affiliation']);
        $affilid = getAffiliationID($esc_affiliation);
        if (is_null($affilid)) {
            return array('status' => 'error', 'errorcode' => 17, 'errormsg' => 'unknown affiliation');
        }
        $items['affiliationid'] = $affilid;
    }
    # name
    if (array_key_exists('name', $items)) {
        if (!ereg('^[-a-zA-Z0-9_\\.: ]{3,30}$', $items['name'])) {
            return array('status' => 'error', 'errorcode' => 19, 'errormsg' => 'Name must be between 3 and 30 characters ' . 'and can only contain letters, numbers, and ' . 'these characters: - _ . :');
        }
        $esc_name = mysql_escape_string($items['name']);
        $doesexist = checkForGroupName($esc_name, 'user', '', $affilid);
        if ($exists && !$doesexist) {
            return array('status' => 'error', 'errorcode' => 18, 'errormsg' => 'user group with submitted name and affiliation does not exist');
        } elseif (!$exists && $doesexist) {
            return array('status' => 'error', 'errorcode' => 27, 'errormsg' => 'existing user group with submitted name and affiliation');
        } elseif ($exists && $doesexist) {
            $items['id'] = getUserGroupID($esc_name, $affilid);
        }
    }
    # owner
    if (array_key_exists('owner', $items)) {
        if (!validateUserid(mysql_escape_string($items['owner']))) {
            return array('status' => 'error', 'errorcode' => 20, 'errormsg' => 'submitted owner is invalid');
        }
    }
    # managingGroup
    if (array_key_exists('managingGroup', $items)) {
        $parts = explode('@', $items['managingGroup']);
        if (count($parts) != 2) {
            return array('status' => 'error', 'errorcode' => 24, 'errormsg' => 'submitted managingGroup is invalid');
        }
        $esc_mgName = mysql_escape_string($parts[0]);
        $esc_mgAffil = mysql_escape_string($parts[1]);
        $mgaffilid = getAffiliationID($esc_mgAffil);
        if (!checkForGroupName($esc_mgName, 'user', '', $mgaffilid)) {
            return array('status' => 'error', 'errorcode' => 25, 'errormsg' => 'submitted managingGroup does not exist');
        }
        $items['managingGroupID'] = getUserGroupID($esc_mgName, $mgaffilid);
        $items['managingGroupName'] = $parts[0];
        $items['managingGroupAffilid'] = $mgaffilid;
    }
    $items['status'] = 'success';
    return $items;
}
Beispiel #4
0
function XMLRPCaddResourceGroup($name, $managingGroup, $type)
{
    global $user;
    if (!in_array("groupAdmin", $user['privileges'])) {
        return array('status' => 'error', 'errorcode' => 16, 'errormsg' => 'access denied for managing groups');
    }
    $validate = array('managingGroup' => $managingGroup);
    $rc = validateAPIgroupInput($validate, 0);
    if ($rc['status'] == 'error') {
        return $rc;
    }
    if ($typeid = getResourceTypeID($type)) {
        if (checkForGroupName($name, 'resource', '', $typeid)) {
            return array('status' => 'error', 'errorcode' => 76, 'errormsg' => 'resource group already exists');
        }
        if (get_magic_quotes_gpc()) {
            $name = stripslashes($name);
        }
        if (!preg_match('/^[-a-zA-Z0-9_\\. ]{3,30}$/', $name)) {
            return array('status' => 'error', 'errorcode' => 87, 'errormsg' => 'Name must be between 3 and 30 characters and can only contain letters, numbers, spaces, and these characters: - . _');
        }
        $name = mysql_real_escape_string($name);
        $data = array('type' => 'resource', 'ownergroup' => $rc['managingGroupID'], 'resourcetypeid' => $typeid, 'name' => $name);
        if (!addGroup($data)) {
            return array('status' => 'error', 'errorcode' => 26, 'errormsg' => 'failure while adding group to database');
        }
    } else {
        return array('status' => 'error', 'errorcode' => 68, 'errormsg' => 'invalid resource type');
    }
    return array('status' => 'success');
}