/** * * */ function getUserResByTag(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); try { $u = $fks->userSession(null); if (!$u instanceof folksoUser && !$q->is_param('user')) { return $r->setError(404, 'No user'); } elseif ($q->is_param('user')) { $u = new folksoUser($dbc); // we create a user object anyway $u->setUid($q->get_param('user')); if (!$u->exists($q->get_param('user'))) { return $r->setError(404, 'Missing or invalid user'); } } $i = new folksoDBinteract($dbc); $uq = new folksoUserQuery(); $sql = $uq->resourcesByTag($q->tag, $u->userid); $i->query($sql); /* these are inside the try block because exists() hits the DB */ if ($i->rowCount == 0) { if (isset($u->nick) || $u->exists()) { return $r->setOk(204, 'User has no resources with this tag'); } else { // no longer necessary return $r->setError(404, 'Unknown user'); } } } catch (dbException $e) { return $r->handleDBexception($e); } catch (badUseridException $e) { return $r->handleDBexception($e); // TODO: update this with new class } $r->setOk(200, 'Found'); $df = new folksoDisplayFactory(); if ($q->content_type() == 'json') { $dd = new folksoDataJson('resid', 'url', 'title'); } else { $dd = $df->ResourceList('xml'); } $r->t($dd->startform()); while ($row = $i->result->fetch_object()) { $r->t($dd->line($row->id, htmlspecialchars($row->uri_raw), htmlspecialchars($row->title))); } $r->t($dd->endform()); return $r; }
* @package Folkso * @author Joseph Fahey * @copyright 2009 Gnu Public Licence (GPL) * @subpackage webinterface */ require_once 'folksoDBconnect.php'; require_once 'folksoDBinteract.php'; require_once 'folksoFabula.php'; require_once 'folksoAdmin.php'; require_once 'folksoUser.php'; require_once 'folksoSession.php'; require_once 'folksoClient.php'; $loc = new folksoFabula(); //$dbc = $loc->locDBC(); $test_dbc = new folksoDBconnect('localhost', 'tester_dude', 'testy', 'testostonomie'); $fks = new folksoSession($test_dbc); if ($_COOKIE['folksosess']) { $fks->setSid($_COOKIE['folksosess']); } else { // warning, dev only!!!!! $fks->startSession('gustav-2009-001'); } $u = $fks->userSession(); if (!$u instanceof folksoUser) { print "Error not a logged user"; // header('Location: ' . $loc->loginPage()); exit; } $cl = new folksoClient('localhost', $loc->server_web_path . 'user.php', 'GET'); print $cl->method; $cl->set_getfields(array('folksouid' => $u->userid, 'folksogetmytags' => 1));
/** * rename tag * * rename, newname * */ function renameTag(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); $u = $fks->userSession(null, 'folkso', 'admin'); if (!$u instanceof folksoUser || !$u->checkUserRight('folkso', 'admin')) { return $r->unAuthorized($u); } try { $i = new folksoDBinteract($dbc); if (!$i->tagp($q->tag)) { $r->setError(404, 'Tag not found', 'Nothing to rename. No such tag: ' . $q->tag); return $r; } $query = "UPDATE tag\n SET tagdisplay = '" . $i->dbescape($q->get_param('newname')) . "', " . "tagnorm = normalize_tag('" . $i->dbescape($q->get_param('newname')) . "') " . "where "; if (is_numeric($q->tag)) { $query .= " id = " . $q->tag; } else { $query .= " tagnorm = normalize_tag('" . $i->dbescape($q->tag) . "')"; } $i->query($query); } catch (dbException $e) { return $r->handleDBexception($e); } $r->setOk(204, 'Tag renamed'); return $r; }
/** * Web params: POST + note + delete * * "note" must be a numerical note id. */ function rmNote(folksoquery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); $u = $fks->userSession(null, 'folkso', 'redac'); if (!$u instanceof folksoUser || !$u->checkUserRight('folkso', 'redac')) { return $r->unAuthorized($u); } try { $i = new folksoDBinteract($dbc); if (!is_numeric($q->get_param('note'))) { $r->setError(400, 'Bad note argument', $q->get_param('note') . ' is not a number'); return $r; } $sql = "DELETE FROM note WHERE id = " . $q->get_param('note'); $i->query($sql); } catch (dbException $e) { return $r->handleDBexception($e); } $r->setOk(200, 'Deleted'); $r->t("The note " . $q->get_param('note') . " was deleted."); return $r; }
/** * Based on the request received, checks each response object is * checked to see if it is equiped to handle the request. */ public function Respond() { if (!$this->valid_method()) { // some kind of error header('HTTP/1.0 405'); print "NOT OK. Illegal request method for this resource."; return; } if (!$this->validClientAddress($_SERVER['REMOTE_HOST'], $_SERVER['REMOTE_ADDR'])) { header('HTTP/1.0 403'); print "Sorry, this not available to you"; return; } $q = new folksoQuery($_SERVER, $_GET, $_POST); $realm = 'folkso'; $loc = new folksoFabula(); $dbc = $loc->locDBC(); $fks = new folksoSession($dbc); /** * $sid: session ID */ $sid = $_COOKIE['folksosess'] ? $_COOKIE['folksosess'] : $q->get_param('session'); try { $fks->setSid($sid); } catch (badSidException $e) { if ($q->is_write_method()) { header('HTTP/1.1 403 Login required'); // redirect instead header('Location: ' . $loc->loginPage()); exit; } } /* check each response object and run the response if activatep returns true*/ $repflag = false; if (count($this->responseObjects) === 0) { trigger_error("No responseObjects available", E_USER_ERROR); } /** Walking the response objects **/ foreach ($this->responseObjects as $resp) { if ($resp->activatep($q)) { $repflag = true; $resp->Respond($q, $dbc, $fks); break; } } /** check for no valid response **/ if (!$repflag) { header('HTTP/1.1 400'); print "Client did not make a valid query. (folksoServer)"; // default response or error page... } }