function execSignup($username, $password, $confirmpw, $firstname, $lastname, $gender)
{
if ($username == "" || !isValidUsername($username)) {
return "Username is empty or invalid!";
}
if ($password == "" || !isValidPassword($password)) {
return "Password is empty or invalid!";
}
if ($confirmpw == "" || !isValidPassword($confirmpw)) {
return "Confirm Password is empty or invalid!";
}
if ($firstname == "" || !isValidName($firstname)) {
return "First Name is empty or invalid!";
}
if ($lastname == "" || !isValidName($lastname)) {
return "Last Name is empty or invalid!";
}
if ($gender == "" || !isValidGender($gender)) {
return "Gender is empty or invalid!";
}
$userDAO = new UserDAO();
//verify username exist
$result = $userDAO->getUserByUsername($username);
if ($result !== null) {
return "Username exists, please change to another one!";
}
//verify $password == $confirmpw
if ($password != $confirmpw) {
return "Password and Confirm Password must be same!";
}
$roleDAO = new RoleDAO();
$role = $roleDAO->getRoleByID(3);
//normal user
$departmentDAO = new DepartmentDAO();
$depart = $departmentDAO->getDepartmentByID(1);
//root department
$encryptPW = encryptPassword($password);
$photoURL = "photo/default.png";
$user = new User($role, $depart, $username, $encryptPW, $firstname, $lastname, $gender, $photoURL);
if ($userDAO->insertUser($user) === true) {
return true;
} else {
return "Insert user into table error, please contact administrator!";
}
}
function execLogin($username, $password)
{
$username = (string) $username;
$password = (string) $password;
if ($username == "" || $password == "") {
return "Username or password can not be empty!";
}
if (!isValidUsername($username) || !isValidPassword($password)) {
return "Username or password is invalid!";
}
$userDAO = new UserDAO();
$user = $userDAO->getUserByUsername($username);
if ($user === null || !verifyPassword($password, $user->getPassword())) {
return "There is no user account matching the Username and Password provided.";
}
if ($user->getRole()->getRoleID() == "4") {
return "This user was forbidden to login!";
}
login($user->getUserID());
return true;
}
/**
* Get all public annotations for a particular point in the text of a particular URL.
*
* @param $url string
* @param $username string
* @param $block string
* @return array Annotations
*/
function &getVisibleAnnotationsByUrlUserBlock($url, $username, $block, $all)
{
$annotations = array();
$currentUser = Request::getUser();
$query = 'SELECT a.*' . ', u.username AS userlogin' . ", concat(u.first_name,' ',u.middle_name,' ',u.last_name) AS username" . ' FROM annotations a' . ' JOIN users u ON u.user_id=a.userid' . ' WHERE ';
$queryParams = array();
if ($url) {
array_push($queryParams, $url);
$query .= "a.url=?";
} else {
$query .= '1=1';
}
// Only fetch annotations visible to the current user
$findUserId = 0;
if ($username) {
$userdao = new UserDAO();
$tuser = $userdao->getUserByUsername($username);
if ($tuser) {
if ($currentUser && ($currentUser->getUsername() == $username || $all)) {
$query .= " AND a.userid=?";
} elseif ($username) {
$query .= ' AND a.access_perms&' . AN_ACCESS_PUBLIC . ' AND a.userid=?';
}
array_push($queryParams, $tuser->getUserId());
} else {
$query .= ' AND 1=0';
}
} elseif (!$all) {
$query .= ' AND a.access_perms&' . AN_ACCESS_PUBLIC;
}
if ($block) {
// This implementation ignores the word and char fields of point
$testBlockStr = $block->getPaddedPathStr();
$query .= " AND a.start_block <= ? AND a.end_block >= ?";
array_push($queryParams, $testBlockStr, $testBlockStr);
}
$query .= " ORDER BY a.start_block, a.start_line, a.start_word, a.start_char";
$result =& $this->retrieve($query, $queryParams);
if (DEBUG_ANNOTATION_QUERY) {
echo "\n<p>" . htmlspecialchars($query) . "</p>\n";
echo "<p>";
for ($i = 0; $i < count($queryParams); ++$i) {
echo ($i > 0 ? ' , ' : '') . $queryParams[$i];
}
echo "</p>\n";
}
$annotations = array();
while (!$result->EOF) {
$annotations[] =& $this->_returnAnnotationfromRow($result->GetRowAssoc(false));
$result->MoveNext();
}
$result->Close();
unset($result);
return $annotations;
}
