public static function init()
{
self::$prefix = HOST . ':hash:';
@(self::$hash = $_COOKIE['hash']);
if (self::$hash and R::EXISTS(self::$prefix . self::$hash)) {
$pipeline = R::pipeline();
$pipeline->HSET(self::$prefix . self::$hash, 'LAST', now());
$pipeline->EXPIRE(self::$prefix . self::$hash, USER_SESSION_TIMEOUT);
$pipeline->execute();
self::setCookie();
self::$me = R::toHash(R::HGETALL(self::$prefix . self::$hash));
} else {
self::login();
}
if (USER_STAT) {
$IP = IP();
$STAMP = curdate();
$HOST = HOST;
$HASH = self::$hash;
$METHOD = IS_AJAX ? 'AJAX' : (IS_POST ? 'POST' : 'GET');
R::RPUSH("{$HOST}:stat:{$STAMP}:{$IP}:{$HASH}", implode(chr(10), array(now(), $METHOD, REF(), SITE . URI())));
}
}
function URIinfo($uid, $user_id, $key, $db, $timer = array())
{
$uid_info = uid($uid);
$element = $GLOBALS['s3codes'][substr($uid, 0, 1)];
$local_info = s3info($element, ereg_replace('^' . letter($uid), '', $uid), $db);
#echo $uid.'<pre>';print_r($local_info);exit;
if (is_array($local_info) && !empty($local_info)) {
$uid_info['Did'] = $GLOBALS['Did'];
$uid_info['uid'] = $uid;
$element_info = $local_info;
$letter = strtoupper(substr($element, 0, 1));
$info = include_all(compact('elements', 'letter', 'element_info', 'user_id', 'db', 'key', 'timer'));
$info['remote_uri'] = 0;
#echo '<pre>';print_r($info);exit;
}
if ($uid_info['Did'] == $GLOBALS['Did'] || $uid_info['Did'] == S3DB_URI_BASE) {
if (is_array($local_info) && !empty($local_info)) {
$uid = str_replace(S3DB_URI_BASE . '/', '', $uid_info['uid']);
$uid_info['Did'] = $GLOBALS['Did'];
$uid_info['uid'] = $uid;
$element_info = s3info($element, ereg_replace('^' . letter($uid), '', $uid), $db);
$letter = strtoupper(substr($element, 0, 1));
$info = include_all(compact('elements', 'letter', 'element_info', 'user_id', 'db', 'key'));
$info['remote_uri'] = 0;
} else {
$info = false;
}
#echo 'loca'.$uid;exit;
#$info = URI($uid_info['uid'], $user_id, $db);
#$info['remote_uri']=0;
} else {
#echo 'ola'.$uid;exit;
$key = $key != '' ? $key : get_user_key($user_id, $db);
#echo $user_id;exit;
$info = remoteURI($letter . $uid_info['uid'], $key, $user_id, $db);
#echo '<pre>';print_r($info);exit;
$info['remote_uri'] = 1;
if (!is_array($info) || empty($info)) {
$info = URI($uid, $user_id, $db);
}
if (!is_array($info)) {
$info = false;
}
}
#echo '<pre>';print_r($info);exit;
return $info;
}
exit;
}
#just to know where we are...
$thisScript = end(explode('/', $_SERVER['SCRIPT_FILENAME'])) . '?' . $_SERVER['argv'][0];
$key = $_GET['key'];
#Get the key, send it to check validity
include_once '../core.header.php';
if ($key_valid != '0' && $_SESSION['db'] == '') {
exit;
}
if ($key) {
$user_id = get_entry('access_keys', 'account_id', 'key_id', $key, $db);
} else {
$user_id = $_SESSION['user']['account_id'];
}
$deployment_info = URI('D' . $GLOBALS['Did'], $user_id, $db);
#Universal variables
$sortorder = $_REQUEST['orderBy'];
$direction = $_REQUEST['direction'];
$project_id = $_REQUEST['project_id'];
#$acl = find_final_acl($user_id, $project_id, $db);
$uni = compact('db', 'acl', 'user_id', 'key', 'project_id', 'dbstruct');
#relevant extra arguments
$args = '?key=' . $_REQUEST['key'];
include '../webActions.php';
#include the specification of the link map. Must be put in here becuase arguments vary.
#Find all the projects for this user
$s3ql = compact('user_id', 'db');
$s3ql['from'] = 'projects';
if ($sortorder != '') {
$s3ql['order_by'] = $sortorder . ' ' . $direction;
function deleteCoreResource($uid, $user_id, $db)
{
#function deleteCoreResource performs very simple deleteResource queries - given a uid, it retrieves a table and the correct numeric id to delete.
$s3codes = $GLOBALS['s3codes'];
$s3tables = $GLOBALS['s3tables'];
$s3ids = $GLOBALS['s3ids'];
$messages = $GLOBALS['message'];
$uid_info = uid($uid);
$letter = letter($uid);
$table = $s3codes[$letter];
if ($table == '') {
return substr($uid_info['uid'], 0, strlen($uid_info['uid'])) . ' is not a valid resource identifyer';
}
#map resource to the right table
$table_id = $s3ids[$table];
$table = $s3tables[$table];
#numeric id
$num_id = ltrim(str_replace($GLOBALS['Did'] . '/', '', $uid), $letter);
#$sql = "delete from s3db_".$table." where ".$table_id." = '".$num_id."'";
switch ($letter) {
case 'I':
#also, for every item there is a "has UID" statement that needs to be deleted. But the rule is being deleted when the collection is deleted (from item). So items and statemnts need to be deleted first
if ($num_id != '') {
$SQL = "select statement_id from s3db_statement where rule_id in (select rule_id from s3db_rule where verb = 'has UID' and object = 'UID') and resource_id = '" . $num_id . "'";
$db->query($SQL);
if ($db->next_record()) {
$stat2delete = $db->f('statement_id');
$sql1 = "delete from s3db_statement where statement_id = '" . $stat2delete . "'";
$db->query($sql1);
$sql2 = "delete from s3db_permission where uid = 'S" . $stat2delete . "' or shared_with = 'S" . $stat2delete . "'";
#echo $sql2.'<BR>';
$db->query($sql2);
}
}
$instance_info = URI($uid, $user_id, $db);
$s3ql = compact('user_id', 'db');
$s3ql['select'] = '*';
$s3ql['from'] = 'statements';
$s3ql['where']['value'] = $num_id;
$stats_to_delete = S3QLaction($s3ql);
if (is_array($stats_to_delete)) {
foreach ($stats_to_delete as $sInd => $stat_info) {
if ($stat_info['object_id'] == $instance_info['resource_class_id'] && $stat_info['delete']) {
$s3ql = compact('user_id', 'db');
$s3ql['delete'] = 'statement';
$s3ql['where']['statement_id'] = $stat_info['statement_id'];
S3QLaction($s3ql);
}
}
}
break;
case 'C':
#remove also the rule "hasUID"
if ($num_id != '') {
$rule_has_UID_sql = "delete from s3db_rule where subject_id = '" . $num_id . "' and object='UID' and verb='has UID'";
$db->query($rule_has_UID_sql, __LINE__, __FILE__);
}
break;
}
#after dependencies are deleted, delete the resource
$sql = "delete from s3db_" . $table . " where " . $table_id . " = '" . $num_id . "'";
#echo $sql.'<BR>';
$db->query($sql);
##Now delete this id in the permissions table
#
if ($uid != '') {
$deleteSQL = "delete from s3db_permission where uid='" . $uid . "' or shared_with = '" . $uid . "'";
$db->query($deleteSQL);
}
$dbdata = get_object_vars($db);
if ($dbdata['Errno'] == 0) {
return True;
} else {
return False;
}
}
function filterByElement($s3ql, $user_id, $db)
{
switch ($s3ql['from']) {
case 'users':
#$user_query_const .= " and account_type !=".$regexp." '(u|p|a|r)'";
$user_query_const .= " and account_type != 'g'";
if (!user_is_admin($user_id, $db) || $s3ql['where']['account_status'] == '') {
$user_query_const .= " and account_status = 'A'";
}
if ($s3ql['where']['group_id'] != '') {
$group_info = s3info('group', $s3ql['where']['group_id'], $db);
if (!is_array($group_info)) {
return False;
echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'Group ' . $s3ql['where']['group_id'] . ' does not exist', $s3ql['format'], '');
} else {
#$group_members_query=str_replace("*", "substr(uid, 2, length(uid))", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'])));
$group_members_query = str_replace("*", "replace(substr(uid, 2, length(uid)), '" . $GLOBALS['Did'] . '/U' . "', '')", select(array('uid' => 'U' . $s3ql['where']['user_id'], 'shared_with' => 'G' . $s3ql['where']['group_id'])));
$user_query_const .= " and account_id in (" . $group_members_query . ")";
#group_id is artifical, don't use it in determining output
$s3ql['where'] = array_diff_key($s3ql['where'], array('group_id' => ''));
$s3ql['where'] = array_filter($s3ql['where']);
}
}
#if there is any coreID, this is a check on permissions. Check first if user can query the resource, then check for permission
$COREids = $GLOBALS['COREids'];
foreach ($COREids as $s3code => $s3coreId) {
if ($s3ql['where'][$s3coreId] != '' && $s3coreId != 'user_id') {
$stream = "upstream";
$id_name = $s3coreId;
$code_id = $s3ql['where'][$s3coreId];
$uid = strtoupper(substr($s3code, 0, 1)) . $s3ql['where'][$s3coreId];
$element_info = URIinfo($uid, $user_id, $s3ql['key'], $db);
if (!is_array($element_info)) {
echo formatReturn($GLOBALS['error_codes']['something_missing'], $uid . ' was not found', $s3ql['format'], '');
return false;
}
if (!$element_info['view']) {
echo formatReturn($GLOBALS['error_codes']['no_permission_message'], $uid . ' was not found', $s3ql['format'], '');
return false;
}
$user_query_const .= " and account_id in (" . str_replace('*', 'substr(shared_with,2,length(shared_with))', select(array('shared_with' => 'U', 'uid' => $uid, 'stream' => 'upstream'))) . ")";
}
}
break;
case 'groups':
#secial query will be pefrformed on listS3DB.
$user_query_const .= " and account_type " . $GLOBALS['regexp'] . " '(g)'";
if ($group_id != '1' || $s3ql['where']['account_status'] != 'I') {
$user_query_const .= " and account_status = 'A'";
}
if ($s3ql['where']['user_id'] != '') {
$user_members = select(array('uid' => 'U' . $s3ql['where']['user_id'], 'shared_with' => 'G' . $s3ql['where']['group_id'], 'stream' => 'upstream'));
$user_members_query = str_replace("*", "substr(shared_with, 2, length(shared_with))", $user_members);
$user_query_const .= " and account_id in (" . $user_members_query . ")";
#$user_query_const .= " and account_id in (select group_id from s3db_account_group where account_id ".$regexp." ".$s3ql['where']['user_id'].")";
$s3ql['where'] = array_diff_key($s3ql['where'], array('user_id' => ''));
$s3ql['where'] = array_filter($s3ql['where']);
}
#implicated user id. When queried with user_id, this query gives all the groups where user_id is involved, which are all the groups he can change.
break;
case 'accesslog':
#if(!user_is_admin($user_id, $db))
if ($user_id != '1' && !user_is_admin($user_id, $db)) {
echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to see accesslog', $s3ql['format'], '');
return False;
}
break;
case 'rulelog':
if ($user_id != '1') {
$user_projects = findUserProjects($user_id, $db);
$user_query_const .= " and project_id " . $regexp . " " . create_list($user_projects) . "";
}
break;
case 'keys':
$P['table'] = 'access_keys';
if ($user_id != '1') {
$user_query_const .= " and account_id = '" . $user_id . "'";
}
break;
case 'filekeys':
$P['table'] = 'file_transfer';
if ($user_id != '1') {
$user_query_const .= " and created_by = '" . $user_id . "'";
}
break;
case 'projects':
if ($user_id != '1' && $s3ql['where']['project_status'] != 'I') {
$user_query_const .= " and project_status = 'A'";
}
break;
case 'requests':
if ($user_id != '1') {
$user_rules = findUserRules($user_id, $db);
$user_query_const .= " and rule_id " . $regexp . " '" . create_list($user_rules) . "'";
}
break;
case 'rules':
if ($s3ql['where']['class_id'] != '') {
$class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db);
$user_query_const .= " and (subject_id = '" . $class_info['resource_id'] . "' or object_id = '" . $class_info['resource_id'] . "')";
}
break;
case 'statements':
#
if ($s3ql['where']['class_id'] != '') {
$class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db);
$user_query_const .= " and rule_id = '" . $class_info['rule_id'] . "'";
}
break;
case 'collections':
$user_query_const .= " and iid = '0'";
if ($s3ql['where']['rule_id'] != '') {
$element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db);
$user_query_const .= " and resource_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'";
}
break;
case 'items':
$user_query_const .= " and iid = '1'";
if ($s3ql['where']['rule_id'] != '') {
$element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db);
$user_query_const .= " and resource_class_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'";
}
break;
}
return $user_query_const;
}
echo "Rule accepted";
}
}
}
echo "</font>";
}
}
##Action for the button of submitting a UID
# {
if ($_POST['connect']) {
if ($_POST['rule_id'] == '') {
echo "Please specify rule_id to connect";
} else {
#ok, so you want to share? are you asking to see a rule or a resource? you know, you won't be able to see anything before asking the share the resource!
#Check if the rule exists internally
$rule_info = URI('R' . $_POST['rule_id'], $user_id, $db);
echo "<tr><td><font color='red'>";
#swtich will repond with an output to any validation
if (!is_array($rule_info)) {
echo "Rule " . $_POST['rule_id'] . " does not exist";
}
#is the subject already shared?
#find among all the rules on this project if the subject already is shared/exists. Every shared rule must go through the same process of validation as creating a rule
$s3ql['insert'] = 'rule';
$s3ql['where']['rule_id'] = $_POST['rule_id'];
$s3ql['where']['project_id'] = $project_id;
$done = S3QLaction($s3ql);
ereg('<error>([0-9]+)</error><message>(.*)</message>', $done, $s3qlout);
if ($s3qlout[1] != '0') {
echo $s3qlout['2'];
} else {
<?php
#s3dbfiles.php returns the most recent version of the requested file as stored in the local s3db
###
#Detect which file is being requested. All files are public
ini_set('display_errors', 0);
if ($_REQUEST['su3d']) {
ini_set('display_errors', 1);
}
$fileID2get = $_REQUEST['file_id'] != '' ? $_REQUEST['file_id'] : $_REQUEST['statement_id'];
if (file_exists('config.inc.php')) {
include 'config.inc.php';
} else {
Header('Location: index.php');
exit;
}
#include('updates.s3db.php');
$key = $GLOBALS['update_project']['key'];
include_once 'core.header.php';
###
#Find the corresponding file on s3db, sort by created_n and return the first one found
if ($fileID2get == '') {
echo "Please provide a file_id in the format: s3dbfiles.php?file_id=xx";
} elseif (isLocal('S' . $fileID2get, $db)) {
$statement_info = URI('S' . $fileID2get, $user_id, $db);
$format = $_REQUEST['format'];
pushDownload2Header(compact('statement_info', 'db', 'user_id', 'format'));
} else {
echo "Echo file_id=" . $fileID2get . " is not a valid file_id";
}
exit;
function validate_permission1($Z)
{
#Syntax: validate_permission(compact('permission_info', 'user_id', 'db', 'info'));
extract($Z);
$s3codes = $GLOBALS['s3codes'];
#if(ereg('(C|I)', substr($permission_info['uid'], 0,1)))
# return (7);
if (ereg('^D', $permission_info['uid'])) {
return 0;
}
if ($permission_info['shared_with'] != '') {
$shared_with_info = URI($permission_info['shared_with'], $user_id, $db);
#echo '<pre>';print_r($shared_with_info);
} else {
return 8;
}
if ($permission_info['uid'] != '') {
$shared_id_info = URI($permission_info['uid'], $user_id, $db);
} else {
return 8;
}
#if(!is_array($shared_with_info))
# return (4);
#elseif(!is_array($shared_id_info))
# return (5);
#user cannot grant permission on a resource greater than he himself has
#elseif(!$shared_id_info['add_data'])
if (!ereg('(^[0-2][0-2]$|^[0-2][0-2][0-2]$)', $permission_info['permission_level'])) {
return 1;
} elseif (substr($shared_id_info['permission_level'], 0, 1) < substr($permission_info['permission_level'], 0, 1) || substr($shared_id_info['permission_level'], 1, 1) < substr($permission_info['permission_level'], 1, 1) || substr($shared_id_info['permission_level'], 2, 1) < substr($permission_info['permission_level'], 2, 1)) {
return 6;
} elseif (has_permission($permission_info, $db)) {
return 2;
} else {
return 0;
}
}
function filterByElement($s3ql, $user_id, $db)
{
switch ($s3ql['from']) {
case 'users':
#$user_query_const .= " and account_type !=".$regexp." '(u|p|a|r)'";
$user_query_const .= " and account_type != 'g'";
if (!user_is_admin($user_id, $db) || $s3ql['where']['account_status'] == '') {
$user_query_const .= " and account_status = 'A'";
}
if ($s3ql['where']['group_id'] != '') {
$group_info = s3info('group', $s3ql['where']['group_id'], $db);
if (!is_array($group_info)) {
return False;
echo formatReturn($GLOBALS['error_codes']['something_does_not_exist'], 'Group ' . $s3ql['where']['group_id'] . ' does not exist', $s3ql['format'], '');
} else {
#$group_members_query=str_replace("*", "substr(uid, 2, length(uid))", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'])));
#$group_members_query=str_replace("*", "replace(substr(uid, 2, length(uid)), '".$GLOBALS['Did'].'/U'."', '')", select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'])));
$group_members_query = "select id from s3db_permission where shared_with = 'G" . $s3ql['where']['group_id'] . "' and uid " . $GLOBALS['regexp'] . " '^U'";
$user_query_const .= " and account_id in (" . $group_members_query . ")";
#group_id is artifical, don't use it in determining output
$s3ql['where'] = array_diff_key($s3ql['where'], array('group_id' => ''));
$s3ql['where'] = array_filter($s3ql['where']);
}
}
break;
case 'groups':
#secial query will be pefrformed on listS3DB.
$user_query_const .= " and account_type " . $GLOBALS['regexp'] . " '(g)'";
if ($group_id != '1' || $s3ql['where']['account_status'] != 'I') {
$user_query_const .= " and account_status = 'A'";
}
if ($s3ql['where']['user_id'] != '') {
$user2query = $s3ql['where']['user_id'];
$user_members_query = "select shared_with_num from s3db_permission where shared_with " . $GLOBALS['regexp'] . " '^G' and uid = 'U" . $user2query . "'";
$user_query_const .= " and account_id in (" . $user_members_query . ")";
#$user_members = select(array('uid'=>'U'.$s3ql['where']['user_id'], 'shared_with'=>'G'.$s3ql['where']['group_id'], 'stream'=>'upstream'));
#$user_members_query=str_replace("*", "substr(shared_with, 2, length(shared_with))", $user_members);
#$user_query_const .= " and account_id in (select group_id from s3db_account_group where account_id ".$regexp." ".$s3ql['where']['user_id'].")";
$s3ql['where'] = array_diff_key($s3ql['where'], array('user_id' => ''));
$s3ql['where'] = array_filter($s3ql['where']);
}
#implicated user id. When queried with user_id, this query gives all the groups where user_id is involved, which are all the groups he can change.
break;
case 'accesslog':
#if(!user_is_admin($user_id, $db))
if ($user_id != '1' && !user_is_admin($user_id, $db)) {
echo formatReturn($GLOBALS['error_codes']['no_permission_message'], 'User does not have permission to see accesslog', $s3ql['format'], '');
exit;
//return (False);
}
break;
case 'rulelog':
if ($user_id != '1') {
$user_projects = findUserProjects($user_id, $db);
$user_query_const .= " and project_id " . $GLOBALS['regexp'] . " '" . create_list($user_projects) . "'";
}
break;
case 'keys':
$P['table'] = 'access_keys';
if ($user_id != '1') {
$user_query_const .= " and account_id = '" . $user_id . "'";
}
break;
case 'filekeys':
$P['table'] = 'file_transfer';
if ($user_id != '1') {
$user_query_const .= " and created_by = '" . $user_id . "'";
}
break;
case 'projects':
if ($user_id != '1' && $s3ql['where']['project_status'] != 'I') {
$user_query_const .= " and project_status = 'A'";
}
break;
case 'requests':
if ($user_id != '1') {
$user_rules = findUserRules($user_id, $db);
$user_query_const .= " and rule_id " . $regexp . " '" . create_list($user_rules) . "'";
}
break;
case 'rules':
if ($s3ql['where']['class_id'] != '') {
$class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db);
$user_query_const .= " and (subject_id = '" . $class_info['resource_id'] . "' or object_id = '" . $class_info['resource_id'] . "')";
}
$user_query_const .= " and object!='UID'";
break;
case 'statements':
#
if ($s3ql['where']['class_id'] != '') {
$class_info = URI('C' . $s3ql['where']['class_id'], $user_id, $db);
$user_query_const .= " and rule_id = '" . $class_info['rule_id'] . "'";
}
$user_query_const .= " and rule_id not in (select rule_id from s3db_rule where object='UID')";
$user_query_const .= " and rule_id!=''";
break;
case 'collections':
$user_query_const .= " and iid = '0'";
if ($s3ql['where']['rule_id'] != '') {
$element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db);
$user_query_const .= " and resource_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'";
}
break;
case 'items':
$user_query_const .= " and iid = '1'";
if ($s3ql['where']['rule_id'] != '') {
$element_info = URI('R' . $s3ql['where']['rule_id'], $user_id, $db);
$user_query_const .= " and resource_class_id '^" . $regexp . " " . fastClassID(array('entity' => $element_info['subject'], 'project_id' => $element_info['project_id'], 'db' => $db)) . "'\$'";
}
break;
}
return $user_query_const;
}
if (file_exists('../config.inc.php')) {
include '../config.inc.php';
} else {
Header('Location: http://' . $def . '/s3db/');
exit;
}
$key = $_GET['key'];
#Get the key, send it to check validity
include_once '../core.header.php';
#Universal variables
$sortorder = $_REQUEST['orderBy'];
$direction = $_REQUEST['direction'];
$project_id = $_REQUEST['project_id'];
#$acl = find_final_acl($user_id, $project_id, $db);
$uni = compact('db', 'acl', 'user_id', 'key', 'project_id', 'dbstruct', 'sortorder', 'direction');
$project_info = URI('P' . $project_id, $user_id, $db);
$acl = $project_info['acl'];
#relevant extra arguments
$args = '?key=' . $_REQUEST['key'] . '&project_id=' . $_REQUEST['project_id'];
#Define the page actions
include '../webActions.php';
#include the specification of the link map. Must be put in here becuase arguments vary.
if ($_REQUEST['project_id'] != '') {
echo '<FRAMESET ROWS="50%,50%" Border="2"><FRAME SRC="' . $action['projectstree'] . '" NAME=""><FRAME SRC="' . $action['map'] . '&project_id=' . $project_id . '" NAME="" MARGINWIDTH="1px" MARGINHEIGHT="1px">';
} else {
echo '<FRAMESET><FRAME SRC="' . $action['projectstree'] . '" MARGINWIDTH="1px" MARGINHEIGHT="1px">';
}
?>
</FRAMESET>
</HEAD>
function insert_s3db($D)
{
#insert_s3db(compact('element', 'inputs', 'user_id', 'db'));
#this is meant to be a general function for every insert, froum user to group. It create the entry, based on information on array $info and adds an entry on permissions
#There will be 2 special cases: creating a class also creates the rule "has UID" and creating an instance also creates the statament where reosurce_id is instance_id and rule is "hasUID"
extract($D);
$table = $GLOBALS['s3tables'][$element];
#echo '<pre>';print_r($D);
$cols_for_entry = $GLOBALS['dbstruct'][$element];
$letter = strtoupper(substr($element, 0, 1));
#some special restrictions apply
switch ($letter) {
case 'U':
$cols_for_entry = array_diff($cols_for_entry, array('addr1', 'addr2', 'city', 'state', 'postal_code', 'country'));
array_push($cols_for_entry, 'account_pwd');
$inputs['account_addr_id'] = insert_address($D);
break;
case 'G':
$cols_for_entry = array_merge($cols_for_entry, array('account_pwd', 'account_group'));
$inputs['account_type'] = 'g';
$inputs['account_group'] = $inputs['account_type'];
$inputs['account_uname'] = $inputs['account_lid'];
break;
case 'C':
$inputs['iid'] = '0';
break;
case 'I':
$inputs['iid'] = '1';
$inputs['resource_class_id'] = $inputs['resource_class_id'] == '' ? $inputs['class_id'] : $inputs['resource_class_id'];
$inputs['resource_id'] = $inputs['resource_id'] != '' ? $inputs['resource_id'] : $inputs['instance_id'];
break;
case 'F':
$element = 'statement';
$cols_for_entry = $GLOBALS['dbstruct']['statements'];
$table = $GLOBALS['s3tables']['statements'];
$inputs['statement_id'] = s3id();
#now need to move file from tmp folder into final folder
$moved = tmpfile2folder(array('inputs' => $inputs, 'db' => $db, 'user_id' => $user_id));
if (!$moved[0]) {
return $moved[1];
} else {
$inputs = $moved[1];
}
break;
}
#remove ''_id from cols for entry if that field is empty;
if ($inputs[$GLOBALS['s3ids'][$element]] == '') {
#never levae the primary key input empty
#$inputs[$GLOBALS['s3ids'][$element]] = find_latest_UID($table, $db)+1;
$inputs[$GLOBALS['s3ids'][$element]] = s3id();
}
$sql = buildInsertString($cols_for_entry, $inputs, $table);
#echo $sql;exit;
$db->query($sql, __LINE__, __FILE__);
if ($db->Errno == 1) {
$inputs[$GLOBALS['s3ids'][$element]] = s3id();
$sql = buildInsertString($cols_for_entry, $inputs, $table);
$db->query($sql, __LINE__, __FILE__);
}
$dbdata = get_object_vars($db);
#$dbdata['Errno']='0';
#echo '<pre>';print_r($dbdata);exit;
if ($dbdata['Errno'] != '0') {
if ($table == 'account') {
$sql = "update s3db_" . $table . " set account_status = 'A' where account_id = '" . $inputs['account_id'] . "'";
$db->query($sql, __LINE__, __FILE__);
$dbdata = get_object_vars($db);
}
if ($dbdata['Errno'] != 0) {
return array(False, $GLOBALS['error_codes']['something_went_wrong'] . '<message>' . str_replace('key', $GLOBALS['COREids'][$element], $dbdata['Error']) . '</message>', $GLOBALS['error_codes']['something_went_wrong'], $dbdata['Error']);
}
} else {
#$element_id = $db->get_last_insert_id($table, $GLOBALS['s3ids'][$element]);
#$element_id = find_latest_UID($table, $db);
$element_id = $inputs[$GLOBALS['s3ids'][$element]];
$info[$letter . $element_id] = $inputs;
#special restrictions apply after create:
switch ($letter) {
case 'P':
$project_id = $element_id;
#if project_id is remote, need to change it's name a bit because / and # are not allowed in project_name;
#$project_id = urlencode($project_id);
#create the folder on the extras for the files of this project
$folder_code_name = random_string(15) . '.project' . urlencode($project_id);
$maindir = $GLOBALS['s3db_info']['server']['db']['uploads_folder'] . $GLOBALS['s3db_info']['server']['db']['uploads_file'];
$destinationfolder = $maindir . '/' . $folder_code_name;
#create the folder for the project
if (mkdir($destinationfolder, 0777)) {
$indexfile = $destinationfolder . '/index.php';
if (file_exists($destinationfolder)) {
file_put_contents($indexfile, 'This folder cannot be accessed');
chmod($indexfile, 0777);
}
$sql = "update s3db_project set project_folder = '" . $folder_code_name . "' where project_id = '" . $project_id . "'";
$db->query($sql, __LINE__, __FILE__);
} else {
echo "Could not create directory for this project. You might not be able to upload files to this project.";
}
break;
case 'I':
$class_id = $inputs['resource_class_id'];
$statement_info = $inputs;
$statement_info['rule_id'] = fastRuleID4class(compact('class_id', 'db', 'user_id'));
$statement_info['value'] = $element_id;
$statement_info['resource_id'] = $element_id;
#$stat_inserted = insert_s3db(array('element'=>'statement', 'inputs'=>$statement_info, 'db'=>$db, 'user_id'=>$user_id));
#echo '<pre>';print_r($statement_info);exit;
$stat_inserted = insert_statement(compact('statement_info', 'db', 'user_id'));
$action = 'create';
insert_statement_log(compact('oldvalues', 'inputs', 'action', 'statement_info', 'user_id', 'db'));
#echo '<pre>';print_r($stat_inserted);
if ($stat_inserted[0]) {
ereg('<statement_id>([0-9]+)</statement_id>', $stat_inserted[1], $s3qlout);
$statement_info['statement_id'] = $stat_inserted[1];
}
$info['S' . $statement_info['statement_id']] = $statement_info;
break;
case 'C':
$rule_info = $inputs;
$rule_info['subject'] = $inputs['entity'];
$rule_info['subject_id'] = $element_id;
$rule_info['verb_id'] = '0';
$rule_info['verb'] = 'has UID';
$rule_info['object'] = 'UID';
#echo '<pre>';print_r($inputs);
#echo '<pre>';print_r($rule_info);exit;
$rule_inserted = insert_rule(compact('rule_info', 'db', 'user_id'));
break;
case 'R':
$rule_info = $inputs;
$rule_info['rule_id'] = $element_id;
#echo '<pre>';print_r($rule_info);exit;
$action = 'create';
$rule_inserted = insert_rule_log(compact('rule_info', 'action', 'db', 'user_id'));
break;
case 'S':
$statement_info = $inputs;
$action = 'create';
insert_statement_log(compact('oldvalues', 'action', 'statement_info', 'user_id', 'db'));
case 'F':
$statement_info = $inputs;
$action = 'create';
insert_statement_log(compact('oldvalues', 'action', 'statement_info', 'user_id', 'db'));
}
#now add an entry that specifies user "creator' with permission level on 222 this entry (because someone has to have it)
#some resources need to be mirrored, or swapped:
if (ereg('^(U|G)$', $letter)) {
#owner of groups is automatically created within it with PL 222
if (ereg('^G$', $letter)) {
$permission_info = array('uid' => 'U' . $user_id, 'shared_with' => strtoupper(substr($element, 0, 1)) . $element_id, 'permission_level' => '222');
#echo '<pre>';print_r($permission_info);
insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
} elseif (ereg('^U$', $letter)) {
##also, for each user insertions, create an item_id for this user in the userManagement project. This will only create it if it does not yet exist
include_once S3DB_SERVER_ROOT . '/s3dbcore/authentication.php';
$user_proj = create_authentication_proj($db, $user_id);
#now, create an item in the userManagement project for this user
$user2add = $element_id;
$c = compact('user2add', 'user_proj', 'user_id', 'db');
$user_proj = insert_authentication_tuple($c);
if ($inputs['permission_level'] != "") {
##creator has specified that his own permissions can propagate
$permission_info = array('uid' => 'U' . $user_id, 'shared_with' => 'U' . $user2add, 'permission_level' => $inputs['permission_level']);
insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
}
}
#and then insert them i deployment
$permission_info = array('uid' => 'D' . $GLOBALS['Did'], 'shared_with' => strtoupper(substr($element, 0, 1)) . $element_id);
$permission_info['permission_level'] = $inputs['permission_level'] != '' ? $inputs['permission_level'] : '200';
} else {
if (ereg('^P$', $letter)) {
#project has a special treatment, creators of project get to have permission level 222 on it.
$permission_info['shared_with'] = 'U' . $user_id;
$permission_info['shared_with'] = 'U' . $user_id;
$permission_info['uid'] = $letter . $element_id;
$permission_info['permission_level'] = 'YYY';
##This assures that it will migrate to child resources
insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
} elseif (ereg('^R$', $letter)) {
#Rule require permission to be inserted also for subject_id, verb_id and, if exists, object-id
##For SUBJECT
$permission_info = array('uid' => 'R' . $rule_info['rule_id'], 'shared_with' => 'C' . $rule_info['subject_id'], 'permission_level' => '222', 'info' => $info);
#insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
##For VERB
$permission_info = array('uid' => 'R' . $rule_info['rule_id'], 'shared_with' => 'I' . $rule_info['verb_id'], 'permission_level' => '222', 'info' => $info);
#insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
#FOR OBJECT
if ($rule_info['object_id']) {
$permission_info = array('uid' => 'R' . $rule_info['rule_id'], 'shared_with' => 'C' . $rule_info['object_id'], 'permission_level' => '222', 'info' => $info);
#insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
}
$permission_info['shared_with'] = 'P' . $inputs['project_id'];
} elseif (ereg('^C$', $letter)) {
$permission_info['shared_with'] = 'P' . $inputs['project_id'];
} elseif (ereg('^I$', $letter)) {
#insert for statement too
$permission_info = array('uid' => 'S' . $statement_info['statement_id'], 'shared_with' => 'R' . $statement_info['rule_id'], 'permission_level' => '222', 'info' => $info);
#insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
#and then for instance
$permission_info['shared_with'] = 'C' . $inputs['resource_class_id'];
} elseif (ereg('^S|F$', $letter)) {
if ($letter == 'F') {
$element_id = $statement_info['statement_id'];
$element = 'file';
$letter = 'S';
}
$permission_info = array('uid' => $letter . $statement_info['statement_id'], 'shared_with' => 'I' . $statement_info['resource_id'], 'permission_level' => '222', 'info' => $info);
#insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
##If there is an object_id, insert one for that too
if ($statement_info['object_id']) {
$permission_info = array('uid' => $letter . $statement_info['statement_id'], 'shared_with' => 'I' . $statement_info['object_id'], 'permission_level' => '222', 'info' => $info);
#insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
}
#And add one for the rule
$permission_info['shared_with'] = 'R' . $inputs['rule_id'];
}
#and not these are global
$permission_info['permission_level'] = $inputs['permission_level'] != '' ? $inputs['permission_level'] : '222';
$permission_info['uid'] = $letter . $element_id;
$info[$permission_info['uid']] = URI($permission_info['uid'], $user_id, $db);
}
#echo '<pre>';print_r($permission_info);
#insert_permission(compact('permission_info', 'db', 'user_id', 'info'));
return array(TRUE, $GLOBALS['error_codes']['success'] . "; " . $element . '_id' . ': <' . $element . '_id' . '>' . $element_id . '</' . $element . '_id' . '>' . '<a href =" ' . $query['url'] . '?key=' . $D['key'] . '&query=<S3QL><select>*</select><from>' . $GLOBALS['plurals'][$element] . '</from><where><' . $element . '_id>' . $element_id . '</' . $element . '_id></where></S3QL>">View ' . $element . '</a>', $element, $element . '_id' => $element_id, $GLOBALS['messages']['success'], strtoupper($element) . ' inserted');
}
}
function user_is_public($user_id, $db)
{
$user_info = URI('U' . $user_id, $user_id, $db);
if ($user_info['account_type'] == 'p') {
return true;
} else {
#find the group of users called "public"
#find all the users in that group
#return true if this user in that group
return false;
}
}
<?php
$o = URI('foo')->setX(1)->setY(2);
function value($statement_info, $user_id, $db)
{
$action = $GLOBALS['action'];
$rule_id = $statement_info['rule_id'];
$rule_info = s3info('rule', $rule_id, $db);
if ($rule_info['object_id'] != '') {
$instance_id = $statement_info['value'];
$intance_info = URI('I' . $instance_id, $user_id, $db);
$notes = $intance_info['notes'];
if ($notes != '') {
$statement_info['button_notes'] = $notes;
} else {
$statement_info['button_notes'] = $instance_id;
}
$value = '<input type="button" value="' . $statement_info['button_notes'] . '" onClick="window.open(\'' . $action['instance'] . '&instance_id=' . $instance_id . '\')">';
} else {
$value = include_fileLinks($statement_info, $db);
}
return $value;
}
