/** Returns the UserId for the current session or dies. It is strongly advised to check if the session is valid first. */ function session_getUid() { if (!isset($_SESSION['UserId'])) { Config::error('UserId is not set in validate.php:session_getUid()'); } return Config::getConnection()->escape_string($_SESSION['UserId']); }
/** @param $lambda function($column) @return $lambda() || Exception Executes given $lambda with $column if possible, and returns an Exception otherwise. */ private function withColumn($lambda) { //Check if projection is on single column: if (count($this->descriptions) !== 1) { return new Exception('Projection on other than a single table in TranslationTableProjection.update()'); } foreach ($this->descriptions as $tableName => $desc) { if (count($desc['columns']) !== 1) { return new Exception('Projection on other than a single column in TranslationTableProjection.update()'); } foreach ($desc['columns'] as $column) { return $lambda($column); } } //Die because something is wrong: Config::error('Unreachable code?!', true, true); }
Translation::createTranslation($_GET['TranslationName'], $_GET['BrowserMatch'], $_GET['ImagePath'], $_GET['RfcLanguage'], $_GET['Active']); header('Location: ' . $_SERVER['HTTP_REFERER'], 302); break; /** @param TranslationId @returns 'OK'|'FAIL' */ /** @param TranslationId @returns 'OK'|'FAIL' */ case 'deleteTranslation': if (Translation::deleteTranslation($_GET['TranslationId'])) { header('Location: ' . $_SERVER['HTTP_REFERER'], 302); } else { Config::error('FAIL: Cannot delete Translation 1.', false, true); } break; /** @param $_GET['Providers'] JSON array of strings @param $_GET['Study'] String of the study to use @param $_GET['TranslationId'] The TranslationId to use Delivers a JSON object that maps names of providers to their offsets. */ /** @param $_GET['Providers'] JSON array of strings @param $_GET['Study'] String of the study to use @param $_GET['TranslationId'] The TranslationId to use Delivers a JSON object that maps names of providers to their offsets. */ case 'offsets':
/** A helper function to execute multiple queries, and return all their results in a single array. */ public function runQueries($qs) { if (is_string($qs)) { $qs = array($qs); } $rows = array(); foreach ($qs as $q) { $set = $this->dbConnection->query($q); if ($set === false) { Config::error("Problems with query: {$q}", true); continue; } $rows = array_merge($rows, $this->fetchRows($set)); } return $rows; }
public static function getLastImport() { $q = 'SELECT UNIX_TIMESTAMP(Time) FROM Edit_Imports ORDER BY TIME DESC LIMIT 1'; $t = static::fetchAll($q); if (count($t) > 0) { return current(current($t)); } Config::error('Query failed in DataProvider::getLastImport()'); return 0; }
/** @param $category String @return $description array('Req' => String, 'Description' => String) || array() Given a $category this method fetches the description text that belongs to it. */ public static function categoryToDescription($category) { //Checking projections: $regex = '/^' . preg_quote($category, '/') . '$/'; $projections = TranslationColumnProjection::filterCategoryRegex(self::$projections, $regex); if (count($projections) !== 0) { $desc = current($projections)->getDescription(); if ($desc instanceof Exception) { Config::error('' . $desc); return array(); } return $desc; } //Checking provider edge case: if (array_key_exists($category, self::$providers)) { if ($category === 'StudyTitleTranslationProvider') { return TranslationProvider::getDescription('dt_studyTitle_trans'); } else { Config::error("Unexpected case in Translation::categoryToDescription for {$category}"); } } return array(); }
@return 'FAIL' | String html - new option for LanguageFamilies. */ /** @param studyix String - Interpretation as int @param familyix String - Interpretation as int @param subfamilyix String - Interpretation as int @param name String @return 'FAIL' | String html - new option for LanguageFamilies. */ case 'createLanguageFamily': //Fetching expected parameters: $studyix = $dbConnection->escape_string($_GET['studyix']); $familyix = $dbConnection->escape_string($_GET['familyix']); $subfamilyix = $dbConnection->escape_string($_GET['familyix']); $name = $dbConnection->escape_string($_GET['name']); /* Depending tables have to be created first, because the procedure 'createTablesAndRecreateViews' aborts if the study already exists, to avoid recreating the views without need. */ $dbConnection->query("CALL createTables('{$name}')"); //Inserting the new Study: $q = "INSERT INTO Studies(StudyIx, FamilyIx, SubFamilyIx, Name) " . "VALUES ({$studyix}, {$familyix}, {$subfamilyix}, '{$name}')"; $dbConnection->query($q); if ($dbConnection->affected_rows != 1) { Config::error('FAIL'); } //Done: echo "<option data-dbid='{$studyix}{$familyix}{$subfamilyix}' data-studyix='{$studyix}'" . " data-familyix='{$familyix}' data-subfamilyix='{$subfamilyix}'>{$name}</option>"; break; }
<?php /** This script creates a dump of all translations in the database as a JSON object. Having a JSON object rather than a SQL script allows us, to merge translations in a clever fashion instead of simply replacing all of them. The dynamic translations, for example, have a timestamp attached, so that we can keep the latest of them even when they differ between machines. */ /* Setup and session verification */ chdir('..'); require_once 'common.php'; //We only check for the session, if not on cli: if (php_sapi_name() !== 'cli') { session_validate() or Config::error('403 Forbidden'); session_mayTranslate() or Config::error('403 Forbidden'); } //Our information object: $info = array('dynamicTranslation' => array(), 'staticDescription' => array(), 'staticTranslation' => array(), 'translations' => array()); //Fetching translations: $q = 'SELECT TranslationId, TranslationName, BrowserMatch, ImagePath, Active, RfcLanguage, ' . 'UNIX_TIMESTAMP(lastChangeStatic) AS \'lastChangeStatic\', ' . 'UNIX_TIMESTAMP(lastChangeDynamic) AS \'lastChangeDynamic\' ' . 'FROM Page_Translations'; $set = $dbConnection->query($q); while ($r = $set->fetch_assoc()) { $tId = $r['TranslationId']; unset($r['TranslationId']); $info['translations'][$tId] = $r; } //Cast to object to aid json_encode: $info['translations'] = (object) $info['translations']; //Fetching static descriptions: $q = 'SELECT Req, Description FROM Page_StaticDescription';
} else { $allowed = session_validate() && session_mayEdit(); if (!$allowed) { //Special case for action=export: if (array_key_exists('ch1', $_GET) && array_key_exists('ch2', $_GET)) { $db = Config::getConnection(); $login = $dbConnection->escape_string($_GET['ch1']); $hash = $dbConnection->escape_string($_GET['ch2']); $q = "SELECT AccessEdit FROM Edit_Users" . " WHERE Login = '******' AND Hash = '{$hash}'"; if ($r = $db->query($q)->fetch_row()) { $allowed = $r[0] == 1; } unset($db, $login, $hash, $q, $r); } if (!$allowed) { Config::error('403 Forbidden'); die('403 Forbidden'); } } if (array_key_exists('action', $_GET)) { $action = $_GET['action']; switch ($action) { case 'import': if (array_key_exists('import', $_FILES)) { $file = file_get_contents($_FILES['import']['tmp_name']); error_log('Got some data:'); error_log($file); } else { die('import file missing.'); } break;
<?php require_once 'categorySelection.php'; require_once 'query/translationTableProjection.php'; if (array_key_exists('tId', $_GET)) { $tId = intval($_GET['tId']); } else { $tId = 1; } if (array_key_exists('tables', $_GET)) { $tables = explode(',', $_GET['tables']); $projection = TranslationTableProjection::projectTables($tables); } else { $projection = TranslationTableProjection::projectAll(); } if ($projection instanceof Exception) { Config::error($projection->getMessage(), true, true); } else { $changed = $projection->translationNotOriginal($tId); require_once 'showTable.php'; showTable(array('projection' => $changed)); } ?> <script type="application/javascript"> <?php require_once 'js/translation.js'; ?> </script>
array_push($export, $row); } header("Pragma: public"); header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Content-Type: application/json; charset=utf-8"); header("Content-Disposition: attachment;filename=\"users.json\""); header("Content-Transfer-Encoding: binary"); die(Config::toJSON($export)); break; case 'import': if (count($_FILES) === 1) { $file = file_get_contents($_FILES['import']['tmp_name']); $data = json_decode($file); foreach ($data as $user) { $UserId = $dbConnection->escape_string($user->UserId); $Login = $dbConnection->escape_string($user->Login); $Hash = $dbConnection->escape_string($user->Hash); $AccessEdit = $dbConnection->escape_string($user->AccessEdit); $AccessTranslate = $dbConnection->escape_string($user->AccessTranslate); $q = "INSERT INTO Edit_Users(UserId, Login, Hash, AccessEdit, AccessTranslate) " . "VALUES ({$UserId}, '{$Login}', '{$Hash}', {$AccessEdit}, {$AccessTranslate}) " . "ON DUPLICATE KEY UPDATE Login='******', Hash='{$Hash}'" . ", AccessEdit={$AccessEdit}, AccessTranslate={$AccessTranslate}"; $dbConnection->query($q); } header('LOCATION: ../index.php'); } else { die('Sorry, you need to supply a file.'); } break; default: Config::error('Call to unsupported action.'); }
<body> <?php /* Setup and session verification */ require_once 'dbimport/Importer.php'; chdir('..'); require_once 'common.php'; require_once '../query/cacheProvider.php'; session_validate() or Config::error('403 Forbidden'); session_mayEdit() or Config::error('403 Forbidden'); //Parsing client data, and using Importer: $uId = $dbConnection->escape_string(session_getUid()); $merge = false; $fs = array(); $uploads = $_FILES['upload']; if (count($uploads['name']) === 1 && $uploads['name'][0] === '') { Config::error('No file given.'); echo '<h1>You need to select a file first.</h1>'; } else { while (count($uploads['name']) > 0) { array_push($fs, array('name' => array_pop($uploads['name']), 'path' => array_pop($uploads['tmp_name']))); } CacheProvider::cleanCache('../'); $log = Importer::processFiles($fs, $uId, $merge); echo '<ul><li>' . implode($log, '</li><li>') . '</li></ul>'; $tables = implode(',', Importer::findTables($fs)); $href = "../translate.php?tId=1&action=compareOriginal&tables={$tables}"; echo '<a target="_parent" href="' . $href . '" class="btn btn-primary">Review translations</a>'; } ?> </body> </html>
$confirm = $_POST['confirm']; if ($newP !== $confirm) { Config::error("New password doesn't match confirmation."); } $hash = password_hash($_POST['new'], PASSWORD_BCRYPT); if (!$hash) { //Fallback to md5 $hash = md5($_POST['new']); } $uid = session_getUid(); $q = "UPDATE Edit_Users SET Hash = '{$hash}' WHERE UserId = {$uid}"; $dbConnection->query($q); session_destroy(); header('LOCATION: index.php'); } else { Config::error('Invalid session!'); } break; case 'meanings': require_once 'meanings.php'; break; default: if (session_validate()) { if (session_mayEdit()) { header('LOCATION: userAccount.php'); } else { header('LOCATION: translate.php'); } } else { ?> <!DOCTYPE HTML>