function create_characteristic($level, $shortName, $description, $programSpecifier)
{
if (is_null($level) || $level == "") {
page_fail_on_field(BAD_REQUEST, 'level', 'must be non-empty');
}
if (is_null($shortName) || $shortName == "") {
page_fail_on_field(BAD_REQUEST, 'short_name', 'must be non-empty');
}
if (is_null($description) || $description == "") {
page_fail_on_field(BAD_REQUEST, 'description', 'must be non-empty');
}
$info = array('table' => 'abet_characteristic', 'fields' => array('level', 'short_name', 'description'), 'values' => array(array("s:{$level}", "s:{$shortName}", "s:{$description}")));
if (!is_null($programSpecifier) && $programSpecifier != "") {
$info['fields'][] = 'program_specifier';
$info['values'][0][] = "s:{$programSpecifier}";
}
list($code, $json) = Query::perform_transaction(function (&$rollback) use($info) {
$insert = new Query(new QueryBuilder(INSERT_QUERY, $info));
if (!$insert->validate_update()) {
$rollback = true;
return array(SERVER_ERROR, "{\"success\":false}");
}
$query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('abet_characteristic' => array('id', 'level', 'short_name', 'description', 'program_specifier')), 'where' => 'abet_characteristic.id = LAST_INSERT_ID()')));
if ($query->is_empty()) {
$rollback = true;
return array(SERVER_ERROR, "{\"success\":false}");
}
return array(OKAY, json_encode($query->get_row_assoc()));
});
http_response_code($code);
return $json;
}
function create_course($title, $courseNumber, $coordinator, $instructor, $description, $textbook, $creditHours)
{
if (is_null($title) || $title == "") {
page_fail_on_field(BAD_REQUEST, 'title', 'must be non-empty');
}
if (is_null($courseNumber) || $courseNumber == "") {
page_fail_on_field(BAD_REQUEST, 'course_number', 'must be non-empty');
}
if (is_null($coordinator)) {
page_fail_on_field(BAD_REQUEST, 'coordinator', 'must be non-empty');
}
if (is_null($instructor) || $instructor == "") {
page_fail_on_field(BAD_REQUEST, 'instructor', 'must be non-empty');
}
if (is_null($description) || $description == "") {
page_fail_on_field(BAD_REQUEST, 'description', 'must be non-empty');
}
if (is_null($textbook) || $textbook == "") {
page_fail_on_field(BAD_REQUEST, 'textbook', 'must be non-empty');
}
if (is_null($creditHours) || $creditHours == "") {
page_fail_on_field(BAD_REQUEST, 'credit_hours', 'must be non-empty');
}
$info = array('table' => 'course', 'fields' => array('title', 'course_number', 'fk_coordinator', 'instructor', 'description', 'textbook', 'credit_hours'), 'values' => array(array("s:{$title}", "s:{$courseNumber}", "i:{$coordinator}", "s:{$instructor}", "s:{$description}", "s:{$textbook}", "s:{$creditHours}")));
list($code, $json) = Query::perform_transaction(function (&$rollback) use($info) {
$insert = new Query(new QueryBuilder(INSERT_QUERY, $info));
if (!$insert->validate_update()) {
$rollback = true;
return array(SERVER_ERROR, "{\"success\":false}");
}
$query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('course' => array('id', 'title', 'fk_coordinator', 'instructor', 'description', 'textbook', 'credit_hours')), 'aliases' => array('course.fk_coordinator' => 'coordinator'), 'where' => 'course.id = LAST_INSERT_ID()')));
if ($query->is_empty()) {
$rollback = true;
return array(SERVER_ERROR, "{\"success\":false}");
}
return array(OKAY, json_encode($query->get_row_assoc()));
});
http_response_code($code);
return $json;
}
// validate user name: must be lowercase or numeric and start with letter
$un = strtolower($_POST['username']);
if ($un != $_POST['username']) {
echo json_encode(array("error" => "username must be lowercase", "errField" => "username"));
http_response_code(BAD_REQUEST);
exit;
}
unset($un);
if (!ctype_alpha($_POST['username'][0])) {
echo json_encode(array("error" => "username must begin with alphabetic character", "errField" => "username"));
http_response_code(BAD_REQUEST);
exit;
}
// validate user role; must be one of 'admin', 'faculty', 'observer'
if ($_POST['role'] != 'faculty' && $_POST['role'] != 'admin' && $_POST['role'] != 'observer') {
page_fail_on_field(BAD_REQUEST, 'role', 'role must be one of \'faculty\', \'admin\' or \'observer\'');
}
// perform a transaction that will atomically check the database and do an
// insert
list($code, $json) = Query::perform_transaction(function (&$rollback) {
// make sure username is not already in use for another user
$query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('userprofile' => 'username'), 'where' => 'username = ? AND id <> ?', 'where-params' => array("s:{$_POST['username']}", "s:{$_SESSION['id']}"), 'limit' => 1)));
// check select result
if (!$query->is_empty()) {
$rollback = true;
return array(BAD_REQUEST, json_encode(array("error" => "the requested username is unavailable", "errField" => "username")));
}
// insert new 'userauth' entity
$hash = password_hash($_POST['passwd'], PASSWORD_DEFAULT);
$query = new Query(new QueryBuilder(INSERT_QUERY, array('table' => 'userauth', 'fields' => array('passwd', 'role'), 'values' => array(array("s:{$hash}", "s:{$_POST['role']}")))));
if (!$query->validate_update()) {
$assess = ABETAssessment::create('', $row['id'], null, $critId);
$assess->add_general_content();
}
return array(OKAY, json_encode($row));
});
http_response_code($code);
echo $json;
}
} else {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// verify fields
static $fields = array('id', 'name', 'abbrv', 'semester', 'year', 'description');
$a = array_map(function ($x) {
if (!array_key_exists($x, $_POST)) {
return null;
}
return !is_null($_POST[$x]) && $_POST[$x] !== '';
}, $fields);
if (($key = array_search(false, $a, false)) !== false) {
if (is_null($a[$key])) {
page_fail_with_reason(BAD_REQUEST, "missing field name");
}
page_fail_on_field(BAD_REQUEST, $fields[$key], 'value must have non-zero length');
}
// update the specified element
$query = new Query(new QueryBuilder(UPDATE_QUERY, array('table' => 'program', 'updates' => array('name' => "s:{$_POST['name']}", 'abbrv' => "s:{$_POST['abbrv']}", 'semester' => "s:{$_POST['semester']}", 'year' => "i:{$_POST['year']}", 'description' => "s:{$_POST['description']}"), 'where' => 'id = ?', 'where-params' => array("i:{$_POST['id']}"), 'limit' => 1)));
echo "{\"success\":true}";
} else {
page_fail(BAD_REQUEST);
}
}
require_once 'abet1-misc.php';
/* change-passwd.php - JSON transfer specification
Supports: POST
Fields: (POST)
*-----------------------*
| old_passwd new_passwd |
*-----------------------*
This script allows an authenticated user to change their password. They must
supply their current password for the new one to be accepted.
On success, the JSON object {"success":true} will be returned. Otherwise the
object {"success":false} will be returned with some non-200 http response code.
*/
if (!abet_is_authenticated()) {
page_fail(UNAUTHORIZED);
}
if ($_SERVER['REQUEST_METHOD'] != 'POST' || !array_key_exists('old_passwd', $_POST) || !array_key_exists('new_passwd', $_POST)) {
page_fail(BAD_REQUEST);
}
// verify old password
if (!abet_verify($_SESSION['user'], $_POST['old_passwd'], $id, $role)) {
page_fail_on_field(BAD_REQUEST, "old_passwd", "password was incorrect");
}
// attempt to update passwords; if this fails then the user used one of their
// old passwords
if (!abet_change_password($_SESSION['user'], $_POST['new_passwd'])) {
page_fail_on_field(BAD_REQUEST, 'new_passwd', 'password was previously used');
}
echo "{\"success\":true}";
