Exemple #1
0
     #current microtime
     if ($wbo->validate()) {
         #if there's no payload (as opposed to blank), then update the metadata
         if ($wbo->payload_exists()) {
             $db->store_object($wbo);
         } else {
             $db->update_object($wbo);
         }
     } else {
         report_problem(WEAVE_ERROR_INVALID_WBO, 400);
     }
     echo json_encode($server_time);
 } else {
     if ($_SERVER['REQUEST_METHOD'] == 'POST') {
         $json = get_json();
         check_quota($db);
         check_timestamp($collection, $db);
         $success_ids = array();
         $failed_ids = array();
         $db->begin_transaction();
         foreach ($json as $wbo_data) {
             $wbo = new wbo();
             if (!$wbo->extract_json($wbo_data)) {
                 $failed_ids[$wbo->id()] = $wbo->get_error();
                 continue;
             }
             $wbo->collection($collection);
             $wbo->modified($server_time);
             if ($wbo->validate()) {
                 #if there's no payload (as opposed to blank), then update the metadata
                 if ($wbo->payload_exists()) {
Exemple #2
0
     if ($nb) {
         $erreur_affichage = "<hr />\n\t\t\t\t\t\t\t\t<div class='row'>\n\t\t\t\t\t\t\t\t\t<div class='colonne10'><img src='./images/error.png' /></div>\n\t\t\t\t\t\t\t\t\t<div class='colonne-suite'>{$titre_prete} : <span class='erreur'>" . $msg["circ_pret_piege_expl_todo"] . "</span><br />";
         $alert_sound_list[] = "critique";
         $erreur_affichage .= "<input type='button' class='bouton' value='{$msg[76]}' onClick=\"document.location='./circ.php?categ=pret&id_empr={$id_empr}'\" />";
         $erreur_affichage .= "&nbsp;<input type='button' class='bouton' value='{$msg[389]}' onClick=\"document.location='./circ.php?categ=pret&id_empr={$id_empr}&cb_doc={$cb_doc}&expl_todo=1&confirm={$confirm}'\" />";
         $erreur_affichage .= "</div></div><br />";
         $empr = new emprunteur($id_empr, $erreur_affichage, FALSE, 1);
         $affichage = $empr->fiche;
         print pmb_bidi($affichage);
         print alert_sound_script();
         exit;
     }
 }
 //Y-a-t-il un quota ?
 if (!$quota) {
     $qt = check_quota($id_empr, $id_expl);
     //Si quota violé
     if (is_array($qt)) {
         $erreur_affichage = "<hr />\n\t\t\t\t\t\t\t\t<div class='row'>\n\t\t\t\t\t\t\t\t\t<div class='colonne10'><img src='./images/error.png' /></div>\n\t\t\t\t\t\t\t\t\t<div class='colonne-suite'>{$titre_prete} : <span class='erreur'>" . $qt["MESSAGE"] . "</span><br />";
         $alert_sound_list[] = "critique";
         $erreur_affichage .= "<input type='button' class='bouton' value='{$msg[76]}' onClick=\"document.location='./circ.php?categ=pret&id_empr={$id_empr}'\" />";
         if ($qt["FORCE"] == 1) {
             $quota = 1;
             $erreur_affichage .= "&nbsp;<input type='button' class='bouton' value='{$msg[389]}' onClick=\"document.location='./circ.php?categ=pret&id_empr={$id_empr}&cb_doc={$cb_doc}&quota={$quota}'\" />";
         }
         $erreur_affichage .= "</div></div><br />";
         $empr = new emprunteur($id_empr, $erreur_affichage, FALSE, 1);
         $affichage = $empr->fiche;
         print pmb_bidi($affichage);
         print alert_sound_script();
         exit;
Exemple #3
0
             if (substr($subquery, 0, 6) == 'INSERT') {
                 $tempID = $connect->Insert_ID($thissurvey['tablename'], "id");
                 // Find out id immediately if inserted
                 $_SESSION['srid'] = $tempID;
                 $saved_id = $tempID;
             }
             if ($bFinalizeThisAnswer === true) {
                 $connect->Execute("DELETE FROM " . db_table_name("saved_control") . " where srid=" . $_SESSION['srid'] . ' and sid=' . $surveyid);
                 // Checked
             }
         } else {
             echo submitfailed($connect->ErrorMsg());
         }
     }
     if ($bQuotaMatched) {
         check_quota('enforce', $surveyid);
     }
 } elseif (isset($move)) {
     // This else block is only there to take care of date conversion if the survey is not active - otherwise this is done in creatInsertQuery
     $fieldmap = createFieldMap($surveyid);
     //Creates a list of the legitimate questions for this survey
     $inserts = array_unique($_SESSION['insertarray']);
     foreach ($inserts as $value) {
         //Work out if the field actually exists in this survey
         unset($fieldexists);
         if (isset($fieldmap[$value])) {
             $fieldexists = $fieldmap[$value];
         }
         //Iterate through possible responses
         if (isset($_SESSION[$value]) && isset($fieldexists) && $_SESSION[$value] != '') {
             if ($fieldexists['type'] == 'D' && isset($_POST[$value])) {
     $pCreate_mailbox_username_text = $PALANG['pCreate_mailbox_username_text_error1'];
 }
 if (empty($fPassword) or empty($fPassword2) or $fPassword != $fPassword2) {
     if (empty($fPassword) and empty($fPassword2) and $CONF['generate_password'] == "YES") {
         $fPassword = generate_password();
     } else {
         $error = 1;
         $tUsername = escape_string($_POST['fUsername']);
         $tName = $fName;
         $tQuota = $fQuota;
         $tDomain = $fDomain;
         $pCreate_mailbox_password_text = $PALANG['pCreate_mailbox_password_text_error'];
     }
 }
 if ($CONF['quota'] == "YES") {
     if (!check_quota($fQuota, $fDomain)) {
         $error = 1;
         $tUsername = escape_string($_POST['fUsername']);
         $tName = $fName;
         $tQuota = $fQuota;
         $tDomain = $fDomain;
         $pCreate_mailbox_quota_text = $PALANG['pCreate_mailbox_quota_text_error'];
     }
 }
 $result = db_query("SELECT * FROM {$table_alias} WHERE address='{$fUsername}'");
 if ($result['rows'] == 1) {
     $error = 1;
     $tUsername = escape_string($_POST['fUsername']);
     $tName = $fName;
     $tQuota = $fQuota;
     $tDomain = $fDomain;
 /**
  * Write values to database.
  * @param <type> $updatedValues
  * @param <boolean> $finished - true if the survey needs to be finalized
  */
 private function _UpdateValuesInDatabase($updatedValues, $finished = false, $setSubmitDate = false)
 {
     // Update these values in the database
     global $connect;
     //  TODO - now that using $this->updatedValues, may be able to remove local copies of it (unless needed by other sub-systems)
     $updatedValues = $this->updatedValues;
     if (!$this->surveyOptions['deletenonvalues']) {
         $nonNullValues = array();
         foreach ($updatedValues as $key => $value) {
             if (!is_null($value)) {
                 if (isset($value['value']) && !is_null($value['value'])) {
                     $nonNullValues[$key] = $value;
                 }
             }
         }
         $updatedValues = $nonNullValues;
     }
     $message = '';
     if ($this->surveyOptions['datestamp'] == true && $this->surveyOptions['anonymized'] == true) {
         // On anonymous datestamped surveys, set the datestamp to 1-1-1980
         $datestamp = date("Y-m-d H:i:s", mktime(0, 0, 0, 1, 1, 1980));
     } else {
         // Otherwise, use the real date/time, it will only be saved when the table holds a
         // datestamp field
         $datestamp = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $this->surveyOptions['timeadjust']);
     }
     $_SESSION['datestamp'] = $datestamp;
     if ($this->surveyOptions['active'] && !isset($_SESSION['srid'])) {
         // Create initial insert row for this record
         $sdata = array("datestamp" => $datestamp, "ipaddr" => $this->surveyOptions['ipaddr'] ? getIPAddress() : '', "startlanguage" => $this->surveyOptions['startlanguage'], "token" => $this->surveyOptions['token'], "refurl" => $this->surveyOptions['refurl'] ? getenv("HTTP_REFERER") : NULL, "startdate" => $datestamp);
         //One of the strengths of ADOdb's AutoExecute() is that only valid field names for $table are updated
         if ($connect->AutoExecute($this->surveyOptions['tablename'], $sdata, 'INSERT')) {
             $srid = $connect->Insert_ID($this->surveyOptions['tablename'], "id");
             $_SESSION['srid'] = $srid;
         } else {
             $message .= $this->gT("Unable to insert record into survey table: ") . $connect->ErrorMsg() . "<br/>";
             $_SESSION['flashmessage'] = $message;
             echo $message;
         }
         //Insert Row for Timings, if needed
         if ($this->surveyOptions['savetimings']) {
             $tdata = array('id' => $srid, 'interviewtime' => 0);
             if ($connect->AutoExecute($this->surveyOptions['tablename_timings'], $tdata, 'INSERT')) {
                 $trid = $connect->Insert_ID($this->surveyOptions['tablename_timings'], "sid");
             } else {
                 $message .= $this->gT("Unable to insert record into timings table ") . $connect->ErrorMsg() . "<br/>";
                 $_SESSION['flashmessage'] = $message;
                 echo $message;
             }
         }
     }
     if (count($updatedValues) > 0 || $finished) {
         $query = 'UPDATE ' . $this->surveyOptions['tablename'] . " SET ";
         $setter = array();
         switch ($this->surveyMode) {
             case 'question':
                 $thisstep = $this->currentQuestionSeq;
                 break;
             case 'group':
                 $thisstep = $this->currentGroupSeq;
                 break;
             case 'survey':
                 $thisstep = 1;
                 break;
         }
         $setter[] = db_quote_id('lastpage') . "=" . db_quoteall($thisstep);
         if ($this->surveyOptions['datestamp'] && isset($_SESSION['datestamp'])) {
             $setter[] = db_quote_id('datestamp') . "=" . db_quoteall($_SESSION['datestamp']);
         }
         if ($this->surveyOptions['ipaddr']) {
             $setter[] = db_quote_id('ipaddr') . "=" . db_quoteall(getIPAddress());
         }
         foreach ($updatedValues as $key => $value) {
             if (!empty($key)) {
                 $val = is_null($value) ? NULL : $value['value'];
                 $type = is_null($value) ? NULL : $value['type'];
                 // Clean up the values to cope with database storage requirements
                 switch ($type) {
                     case 'D':
                         //DATE
                         if (trim($val) == '') {
                             $val = NULL;
                             // since some databases can't store blanks in date fields
                         }
                         // otherwise will already be in yyyy-mm-dd format after ProcessCurrentResponses()
                         break;
                     case '|':
                         //File upload
                         // This block can be removed once we require 5.3 or later
                         if (function_exists('get_magic_quotes_gpc') && get_magic_quotes_gpc()) {
                             $val = addslashes($val);
                         }
                         break;
                     case 'N':
                         //NUMERICAL QUESTION TYPE
                     //NUMERICAL QUESTION TYPE
                     case 'K':
                         //MULTIPLE NUMERICAL QUESTION
                         if (trim($val) == '') {
                             $val = NULL;
                             // since some databases can't store blanks in numerical inputs
                         }
                         break;
                     default:
                         break;
                 }
                 if (is_null($val)) {
                     $setter[] = db_quote_id($key) . "=NULL";
                 } else {
                     $setter[] = db_quote_id($key) . "=" . db_quoteall($val, true);
                 }
             }
         }
         $query .= implode(', ', $setter);
         $query .= " WHERE ID=";
         if (isset($_SESSION['srid']) && $this->surveyOptions['active']) {
             $query .= $_SESSION['srid'];
             if (!db_execute_assoc($query)) {
                 echo submitfailed($connect->ErrorMsg());
                 if (($this->debugLevel & LEM_DEBUG_VALIDATION_SUMMARY) == LEM_DEBUG_VALIDATION_SUMMARY) {
                     $message .= 'Error in SQL update: ' . $connect->ErrorMsg() . '<br/>';
                 }
             }
             // Save Timings if needed
             if ($this->surveyOptions['savetimings']) {
                 set_answer_time();
             }
             if ($finished) {
                 // Delete the save control record if successfully finalize the submission
                 $query = "DELETE FROM " . db_table_name("saved_control") . " where srid=" . $_SESSION['srid'] . ' and sid=' . $this->sid;
                 $connect->Execute($query);
                 // Checked
                 if (($this->debugLevel & LEM_DEBUG_VALIDATION_SUMMARY) == LEM_DEBUG_VALIDATION_SUMMARY) {
                     $message .= ';<br/>' . $query;
                 }
             } elseif ($this->surveyOptions['allowsave'] && isset($_SESSION['scid'])) {
                 $connect->Execute("UPDATE " . db_table_name("saved_control") . " SET saved_thisstep=" . db_quoteall($thisstep) . " where scid=" . $_SESSION['scid']);
                 // Checked
             }
             // Check quotas whenever results are saved
             $bQuotaMatched = false;
             $aQuotas = check_quota('return', $this->sid);
             if ($aQuotas !== false) {
                 if ($aQuotas != false) {
                     foreach ($aQuotas as $aQuota) {
                         if (isset($aQuota['status']) && $aQuota['status'] == 'matched') {
                             $bQuotaMatched = true;
                         }
                     }
                 }
             }
             if ($bQuotaMatched) {
                 check_quota('enforce', $this->sid);
                 // will create a page and quit.
             } else {
                 if ($finished) {
                     $sQuery = 'UPDATE ' . $this->surveyOptions['tablename'] . " SET " . db_quote_id('submitdate') . "=" . db_quoteall($datestamp) . " WHERE ID=" . $_SESSION['srid'];
                     $connect->Execute($sQuery);
                     // Checked
                 }
             }
         }
         if (($this->debugLevel & LEM_DEBUG_VALIDATION_SUMMARY) == LEM_DEBUG_VALIDATION_SUMMARY) {
             $message .= $query;
         }
     }
     return $message;
 }
Exemple #6
0
}
if ($can == false) {
    if ($_output == 'html') {
        httpStatusExit(403, 'Forbidden', '403-404.php');
    } else {
        httpStatusExit(403, 'Forbidden');
    }
}
// intercept requests for WebID generator
if (isset($_POST['SPKAC'])) {
    require_once '../inc/webidgen.php';
    // exit required so it can successfully send the certificate
    exit;
}
// check quota
if (check_quota($_root, $_SERVER["CONTENT_LENGTH"]) == false) {
    httpStatusExit(507, 'Insufficient Storage');
}
// create dir structure if it doesn't exist
$d = dirname($_filename);
if (!file_exists($d)) {
    mkdir($d, 0777, true);
}
// intercept requests for images
if (isset($_FILES["image"])) {
    // Check if the user uploaded a new picture
    if (isset($_FILES['image']) && $_FILES['image']['error'] == 0) {
        // Allow only pictures with a size smaller than 5MB
        if ($_FILES['image']['size'] <= IMAGE_SIZE) {
            // Using getimagesize() to avoid fake mime types
            $image_info = exif_imagetype($_FILES['image']['tmp_name']);
 /**
  * Write values to database.
  * @param <type> $updatedValues
  * @param <boolean> $finished - true if the survey needs to be finalized
  */
 private function _UpdateValuesInDatabase($updatedValues, $finished = false)
 {
     // Update these values in the database
     global $connect;
     $message = '';
     $_SESSION['datestamp'] = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $this->surveyOptions['timeadjust']);
     if ($this->surveyOptions['active'] && !isset($_SESSION['srid'])) {
         // Create initial insert row for this record
         $today = date_shift(date("Y-m-d H:i:s"), "Y-m-d H:i:s", $this->surveyOptions['timeadjust']);
         $sdata = array("datestamp" => $today, "ipaddr" => $this->surveyOptions['ipaddr'] && isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : '', "startlanguage" => $this->surveyOptions['startlanguage'], "token" => $this->surveyOptions['token'], "datestamp" => $this->surveyOptions['datestamp'] ? $_SESSION['datestamp'] : NULL, "refurl" => $this->surveyOptions['refurl'] ? getenv("HTTP_REFERER") : NULL, "startdate" => $this->surveyOptions['datestamp'] ? $_SESSION['datestamp'] : date("Y-m-d H:i:s", 0));
         //One of the strengths of ADOdb's AutoExecute() is that only valid field names for $table are updated
         if ($connect->AutoExecute($this->surveyOptions['tablename'], $sdata, 'INSERT')) {
             $srid = $connect->Insert_ID($this->surveyOptions['tablename'], "id");
             $_SESSION['srid'] = $srid;
         } else {
             $message .= $this->gT("Unable to insert record into survey table: ") . $connect->ErrorMsg() . "<br/>";
             $_SESSION['flashmessage'] = $message;
             echo $message;
         }
         //Insert Row for Timings, if needed
         if ($this->surveyOptions['savetimings']) {
             $tdata = array('id' => $srid, 'interviewtime' => 0);
             if ($connect->AutoExecute($this->surveyOptions['tablename_timings'], $tdata, 'INSERT')) {
                 $trid = $connect->Insert_ID($this->surveyOptions['tablename_timings'], "sid");
             } else {
                 $message .= $this->gT("Unable to insert record into timings table ") . $connect->ErrorMsg() . "<br/>";
                 $_SESSION['flashmessage'] = $message;
                 echo $message;
             }
         }
     }
     if (count($updatedValues) > 0 || $finished) {
         $query = 'UPDATE ' . $this->surveyOptions['tablename'] . " SET ";
         $setter = array();
         switch ($this->surveyMode) {
             case 'question':
                 $thisstep = $this->currentQuestionSeq;
                 break;
             case 'group':
                 $thisstep = $this->currentGroupSeq;
                 break;
             case 'survey':
                 $thisstep = 1;
                 break;
         }
         $setter[] = db_quote_id('lastpage') . "=" . db_quoteall($thisstep);
         if ($this->surveyOptions['datestamp'] && isset($_SESSION['datestamp'])) {
             $setter[] = db_quote_id('datestamp') . "=" . db_quoteall($_SESSION['datestamp']);
         }
         if ($this->surveyOptions['ipaddr'] && isset($_SERVER['REMOTE_ADDR'])) {
             $setter[] = db_quote_id('ipaddr') . "=" . db_quoteall($_SERVER['REMOTE_ADDR']);
         }
         if ($finished) {
             $setter[] = db_quote_id('submitdate') . "=" . db_quoteall($_SESSION['datestamp']);
         }
         foreach ($updatedValues as $key => $value) {
             $val = is_null($value) ? NULL : $value['value'];
             $type = is_null($value) ? NULL : $value['type'];
             // Clean up the values to cope with database storage requirements
             switch ($type) {
                 case 'D':
                     //DATE
                     if (trim($val) == '') {
                         $val = NULL;
                         // since some databases can't store blanks in date fields
                     }
                     // otherwise will already be in yyyy-mm-dd format after ProcessCurrentResponses()
                     break;
                 case 'N':
                     //NUMERICAL QUESTION TYPE
                 //NUMERICAL QUESTION TYPE
                 case 'K':
                     //MULTIPLE NUMERICAL QUESTION
                     if (trim($val) == '') {
                         $val = NULL;
                         // since some databases can't store blanks in numerical inputs
                     }
                     break;
                 default:
                     break;
             }
             if (is_null($val)) {
                 $setter[] = db_quote_id($key) . "=NULL";
             } else {
                 $setter[] = db_quote_id($key) . "=" . db_quoteall($val);
             }
         }
         $query .= implode(', ', $setter);
         $query .= " WHERE ID=";
         if (isset($_SESSION['srid']) && $this->surveyOptions['active']) {
             $query .= $_SESSION['srid'];
             if (!db_execute_assoc($query)) {
                 echo submitfailed($connect->ErrorMsg());
                 if (($this->debugLevel & LEM_DEBUG_VALIDATION_SUMMARY) == LEM_DEBUG_VALIDATION_SUMMARY) {
                     $message .= 'Error in SQL update: ' . $connect->ErrorMsg() . '<br/>';
                 }
             }
             // Save Timings if needed
             if ($this->surveyOptions['savetimings']) {
                 set_answer_time();
             }
             if ($finished) {
                 // Delete the save control record if successfully finalize the submission
                 $query = "DELETE FROM " . db_table_name("saved_control") . " where srid=" . $_SESSION['srid'] . ' and sid=' . $this->sid;
                 $connect->Execute($query);
                 // Checked
                 if (($this->debugLevel & LEM_DEBUG_VALIDATION_SUMMARY) == LEM_DEBUG_VALIDATION_SUMMARY) {
                     $message .= ';<br/>' . $query;
                 }
                 // Check Quotas
                 $bQuotaMatched = false;
                 $aQuotas = check_quota('return', $this->sid);
                 if ($aQuotas !== false) {
                     if ($aQuotas != false) {
                         foreach ($aQuotas as $aQuota) {
                             if (isset($aQuota['status']) && $aQuota['status'] == 'matched') {
                                 $bQuotaMatched = true;
                             }
                         }
                     }
                 }
                 if ($bQuotaMatched) {
                     check_quota('enforce', $this->sid);
                     // will create a page and quit.
                 }
             } else {
                 if ($this->surveyOptions['allowsave'] && isset($_SESSION['scid'])) {
                     $connect->Execute("UPDATE " . db_table_name("saved_control") . " SET saved_thisstep=" . db_quoteall($thisstep) . " where scid=" . $_SESSION['scid']);
                     // Checked
                 }
             }
         }
         if (($this->debugLevel & LEM_DEBUG_VALIDATION_SUMMARY) == LEM_DEBUG_VALIDATION_SUMMARY) {
             $message .= $query;
         }
     }
     return $message;
 }
Exemple #8
0
<?php

/* MKCOL.php
 * service HTTP MKCOL controller
 */
require_once 'runtime.php';
// permissions
if (empty($_user)) {
    httpStatusExit(401, 'Unauthorized');
}
if ($_wac->can('Write') == false) {
    httpStatusExit(403, 'Forbidden');
}
// check quota (avoids making lots of dirs if out of space)
if (check_quota($_root, 10) == false) {
    httpStatusExit(507, 'Insufficient Storage');
}
// action
@mkdir($_filename, 0777, true);
header("Link: <" . $_metabase . $_metaname . ">; rel=meta", false);
httpStatusExit(201, 'Created');