require_once 'admin/CONFIG.php'; ?> <script src="https://www.google.com/recaptcha/api.js" async defer></script> <p class="col-xs-12 col-md-3 col-lg-2 col-xl-1"> Contact email: <br/> <span class="text-muted small">Please solve the CAPTCHA to see the contact email</span> </p> <div class="g-recaptcha col-xs-12 col-md-9 col-lg-10 col-xl-11" data-sitekey="<?php echo $recaptcha_public_key; ?>" data-callback="renderEmail"></div> </div> </div> <div class="needs-auth col-xs-12" id="auth-block"> <?php $limitedProject = array(); $cleanCarto = deEscape($project['carto_id']); $carto = json_decode($cleanCarto, true); # TODO RECONSTRUCT LIMITED MULTIBOUNDS HERE $multiBounds = $carto["bounding_polygon"]["multibounds"]; $north = -90; $south = 90; $west = 180; $east = -180; foreach($multiBounds as $polygon) { foreach($polygon as $point) { if($point["lat"] > $north) $north = $point["lat"]; if($point["lng"] > $east) $east = $point["lng"]; if($point["lng"] < $west) $west = $point["lng"]; if($point["lat"] < $south) $south = $point["lat"]; } }
// } // $data['execution_time'] = elapsed(); // header('Cache-Control: no-cache, must-revalidate'); // header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); // header('Content-type: application/json'); // $json = json_encode($data, JSON_FORCE_OBJECT); # | JSON_UNESCAPED_UNICODE // $replace_array = array('"','"'); // print str_replace($replace_array, '\\"', $json); // exit(); // } # parse_str($_SERVER['QUERY_STRING'],$_POST); $do = isset($_REQUEST['action']) ? strtolower($_REQUEST['action']) : null; try { $test = decode64($_REQUEST["test"]); $test_sanitized = $db->sanitize($test); $test_desanitized = deEscape($test_sanitized); $testArr = array("encoded" => $_REQUEST["test"], "decoded" => $test, "written" => $test_sanitized, "read_back" => $test_desanitized); } catch (Exception $e) { $testArr = array(); } switch ($do) { case 'upload': # Set access-control header header('Access-Control-Allow-Origin: amphibiandisease.org'); case 'fetch': doCartoSqlApiPush($_REQUEST); break; case 'validate': doAWebValidate($_REQUEST); break; case 'is_human':
function listProjects($unauthenticated = true) { /*** * List accessible projects to the user. * * @param bool $unauthenticated -> Check for authorized projects * to the user if false. Default true. ***/ global $db, $login_status; $query = 'SELECT `project_id`,`project_title`, `carto_id`, `author_data` FROM ' . $db->getTable() . ' WHERE `public` IS TRUE'; $l = $db->openDB(); $r = mysqli_query($l, $query); $authorizedProjects = array(); $editableProjects = array(); $authoredProjects = array(); $publicProjects = array(); $queries = array(); $queries[] = $query; $checkedPermissions = array(); $cartoTableList = array(); while ($row = mysqli_fetch_row($r)) { $authorizedProjects[$row[0]] = $row[1]; $publicProjects[] = $row[0]; try { $cartoJson = json_decode(deEscape($row[2]), true); $authorJson = json_decode(deEscape($row[3]), true); $cartoTable = $cartoJson["table"]; $creation = $authorJson["entry_date"]; $cartoTableList[$row[0]] = array("table" => $cartoTable, "creation" => $creation); } catch (Exception $e) { } } if (!$unauthenticated) { try { $uid = $login_status['detail']['uid']; } catch (Exception $e) { $queries[] = 'UNAUTHORIZED'; } if (!empty($uid)) { $query = 'SELECT `project_id`,`project_title`,`author`, `carto_id`, `author_data` FROM `' . $db->getTable() . "` WHERE (`access_data` LIKE '%" . $uid . "%' OR `author`='{$uid}')"; $queries[] = $query; $r = mysqli_query($l, $query); while ($row = mysqli_fetch_row($r)) { $pid = $row[0]; if (empty($pid)) { continue; } # All results here are authorized projects $authorizedProjects[$pid] = $row[1]; try { $cartoJson = json_decode(deEscape($row[3]), true); $authorJson = json_decode(deEscape($row[4]), true); $cartoTable = $cartoJson["table"]; $creation = $authorJson["entry_date"]; $cartoTableList[$row[0]] = array("table" => $cartoTable, "creation" => $creation); } catch (Exception $e) { } if ($row[2] == $uid) { $authoredProjects[] = $pid; $editableProjects[] = $pid; } else { # Check permissions $access = checkProjectIdAuthorized($pid); $accessCopy = $access; unset($accessCopy["detail"]); $checkedPermissions[$pid] = $accessCopy; $isEditor = $access["detailed_authorization"]["can_edit"]; $isViewer = $access["detailed_authorization"]["can_view"]; if ($isEditor === true) { $editableProjects[] = $pid; } } } } } $result = array('status' => true, 'projects' => $authorizedProjects, 'public_projects' => $publicProjects, 'authored_projects' => $authoredProjects, 'editable_projects' => $editableProjects, 'check_authentication' => !$unauthenticated, "carto_table_map" => $cartoTableList); return $result; }