login($_POST["username"], $_POST["password"]);
$title = "Registration successful";
include "htmlheader.php";
?>
<h2><?php
echo htmlspecialchars($title);
?>
</h2>
<p>You have successfully registered as <strong><?php
echo htmlspecialchars($_POST["username"]);
?>
</strong>.
You've been logged in and can now go ahead and deposit, rate and comment
on items.</p>
<?php
if (userhasprivileges()) {
?>
<p><strong>You have raised privileges.</strong></p>
<?php
}
?>
<?php
include "htmlfooter.php";
exit;
}
// finish transaction (which didn't happen anyway)
db()->exec("COMMIT;");
}
$title = "Register";
include "htmlheader.php";
?>
if ($_REQUEST["user"] == username()) {
badrequest("you can't delete yourself");
}
db()->exec("UPDATE users SET deleted=1 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> has been deleted";
break;
case "undelete":
db()->exec("UPDATE users SET deleted=0 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> has been undeleted";
break;
case "grant":
db()->exec("UPDATE users SET privileges=1 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> is now privileged";
break;
case "revoke":
if (userhasprivileges($_REQUEST["user"]) && privilegedusers() == 1) {
badrequest("can't revoke the privileges of the last remaining privileged user");
}
db()->exec("UPDATE users SET privileges=0 WHERE username='******';");
$message = "User <strong>" . htmlspecialchars($_REQUEST["user"]) . "</strong> is now unprivileged";
break;
default:
badrequest("unrecognized action");
}
}
// get users from database
$result = db()->query("\n\tSELECT\n\t\tusers.username AS username,\n\t\tusers.registered AS registered,\n\t\tusers.privileges AS privileges,\n\t\tusers.deleted AS deleted,\n\t\tCOALESCE(items.cnt, 0) AS itemcount,\n\t\tCOALESCE(ratings.cnt, 0) AS ratingcount,\n\t\tCOALESCE(comments.cnt, 0) AS commentcount\n\tFROM users\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM items GROUP BY user) AS items ON users.username=items.user\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM ratings GROUP BY user) AS ratings ON users.username=ratings.user\n\tLEFT JOIN (SELECT user, COUNT(*) AS cnt FROM comments GROUP BY user) AS comments ON users.username=comments.user\n\tORDER BY users.username ASC\n;");
$users = array();
while ($row = $result->fetchArray(SQLITE3_ASSOC)) {
$users[] = $row;
}
<?php
if (!authoredineqiat($item["xml"])) {
?>
<img src="<?php
echo SITEROOT_WEB;
?>
images/error.png" width="16" height="16" alt="warning sign" title="Item was not authored in Eqiat and so may not be editable">
<?php
}
?>
</li>
<?php
}
?>
<?php
if ($item["user"] == username() || userhasprivileges()) {
?>
<li>
<a class="confirmdeleteitem" href="<?php
echo SITEROOT_WEB;
?>
?page=deleteItem&qtiid=<?php
echo htmlspecialchars($item["identifier"]);
?>
">
Delete
</a>
</li>
<?php
}
?>
/*------------------------------------------------------------------------------
(c) 2010 JISC-funded EASiHE project, University of Southampton
Licensed under the Creative Commons 'Attribution non-commercial share alike'
licence -- see the LICENCE file for more details
------------------------------------------------------------------------------*/
if (!loggedin()) {
forbidden();
}
if (!isset($_REQUEST["qtiid"])) {
badrequest("no QTI ID was specified");
}
$item = getitem($_REQUEST["qtiid"]);
if (!$item) {
badrequest("no item with the given QTI ID exists in the database");
}
if ($item["user"] != username() && !userhasprivileges()) {
forbidden();
}
// start transaction
db()->exec("BEGIN TRANSACTION;");
// delete ratings
db()->exec("DELETE FROM ratings WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete comments
db()->exec("DELETE FROM comments WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete keywords
db()->exec("DELETE FROM keywords WHERE item='" . db()->escapeString($item["identifier"]) . "';");
// delete item
db()->exec("DELETE FROM items WHERE identifier='" . db()->escapeString($item["identifier"]) . "';");
// commit changes
db()->exec("COMMIT;");
$title = "Item deleted";
