function getRequestedCategory($categoryID, &$strResponseData)
{
assert(isset($categoryID));
$arrCategoryItems = array();
$strResponseMessage = "Unsuccessful";
$dbConnection = getDBConnection($strResponseMessage);
if (!$dbConnection->connect_errno) {
$stmtQuery = "SELECT category_item_id, name, price FROM icaict515a_category_items";
$stmtQuery .= " WHERE category_id=?";
if ($stmt = $dbConnection->prepare($stmtQuery)) {
$categoryID = scrubInput($categoryID, $dbConnection);
$stmt->bind_param('s', $categoryID);
if ($stmt->execute()) {
$stmt->bind_result($db_category_item_id, $db_name, $db_price);
while ($stmt->fetch()) {
$orderItem = new structCategoryItem();
$orderItem->categoryItemID = $db_category_item_id;
$orderItem->name = $db_name;
$orderItem->price = $db_price;
$arrCategoryItems[] = $orderItem;
}
$strResponseMessage = "Success";
}
$stmt->close();
// Free resultset
}
$dbConnection->close();
}
$strResponseData = json_encode($arrCategoryItems);
return $strResponseMessage;
}
function updateDeptDB($deptID, $deptName, $deptManagerID, $deptBudget)
{
assert(isset($deptID));
assert(isset($deptName));
assert(isset($deptManagerID));
assert(isset($deptBudget));
global $strResponseMessage;
global $strResponseData;
$strResponseMessage = "Unsuccessful";
$strResponseData = "Update failed. Please contact Administrator to update details";
$dbConnection = getDBConnection($strResponseMessage);
if (!$dbConnection->connect_errno) {
$stmtQuery = "UPDATE icaict515a_departments SET name=?, manager_id=?, budget=?";
$stmtQuery .= " WHERE department_id=?";
if ($stmt = $dbConnection->prepare($stmtQuery)) {
$deptID = scrubInput($deptID, $dbConnection);
$deptName = scrubInput($deptName, $dbConnection);
$deptManagerID = scrubInput($deptManagerID, $dbConnection);
$deptBudget = scrubInput($deptBudget, $dbConnection);
$stmt->bind_param("ssss", $deptName, $deptManagerID, $deptBudget, $deptID);
if ($stmt->execute()) {
$strResponseMessage = "Success";
if ($dbConnection->affected_rows > 0) {
$strResponseData = "Update Successful";
} else {
$strResponseData = "Nothing changed. Details are still the same.";
}
}
$stmt->close();
}
$dbConnection->close();
}
return $strResponseMessage == "Success";
}
function insertNewISORequest($cleanedInputs)
{
//database-related variables
$dbHost = "192.168.122.1";
//ionia's private IP
$username = "******";
$password = "******";
$dbname = "testrig";
//actually attempt connecting to the database using PHP's PDO
try {
$dbLink = new PDO("mysql:host={$dbHost};dbname={$dbname}", $username, $password);
//error mode for PDO is exception
$dbLink->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$cmd = "INSERT INTO testParameters\n (cid,username,useremail,user_tt_id,requested_tests)\n VALUES (?, ?, ?, ?, ?)";
$statement = $dbLink->prepare($cmd);
$CID = scrubInput($_SESSION["CID"]);
$statement->execute(array($CID, $cleanedInputs["username"], $cleanedInputs["email"], $cleanedInputs["troubleTicket"], $cleanedInputs["testCSV"]));
} catch (PDOException $e) {
echo "<h1> Oops! Something went wrong while interacting with the database:</h1> <br>" . $e->getMessage();
return 0;
}
$dbLink = null;
return 1;
}
if (!empty($_SESSION["username"])) {
print 'You are already logged in, ' . $_SESSION["username"];
} else {
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$errFlag = 0;
if (empty($_REQUEST["trUsername"])) {
$inputErrors["trUsername"] = "******";
$errFlag = 1;
}
if (empty($_REQUEST["trPassword"])) {
$inputErrors["trPassword"] = "******";
$errFlag = 1;
}
if ($errFlag != 1) {
$inputs["trUsername"] = scrubInput($_REQUEST["trUsername"]);
$inputs["trPassword"] = scrubInput($_REQUEST["trPassword"]);
logIn($inputs["trUsername"], $inputs["trPassword"]);
}
}
}
//END AJAX processing
?>
<html>
<head>
<link href="trstylesheet.css" rel="stylesheet" type="text/css" />
</head>
function getMemberNameDB($email, &$bSuccess)
{
assert(isset($email));
$strName = "";
$bSuccess = FALSE;
$dbConnection = getDBConnection($strResponseMessage);
if (!$dbConnection->connect_errno) {
$stmtQuery = "SELECT firstname, lastname FROM icaict515a_employees WHERE email=?";
if ($stmt = $dbConnection->prepare($stmtQuery)) {
$email = scrubInput($email, $dbConnection);
$stmt->bind_param('s', $email);
if ($stmt->execute()) {
$stmt->bind_result($db_firstname, $db_lastname);
if ($stmt->fetch()) {
$strName = $db_firstname . " " . $db_lastname;
$bSuccess = TRUE;
}
}
$stmt->close();
// Free resultset
}
$dbConnection->close();
}
return $strName;
}
}
if ($_REQUEST["testRigPassword"] != $_REQUEST["testRigPasswordConfirm"]) {
$testRigPasswordConfirmError = "passwords do not match";
$errFlag = 1;
}
if ($errFlag != 1) {
$inputs["fName"] = scrubInput($_REQUEST["fName"]);
$inputs["lName"] = scrubInput($_REQUEST["lName"]);
$inputs["email"] = scrubInput($_REQUEST["email"]);
$inputs["testRigUsername"] = scrubInput($_REQUEST["testRigUsername"]);
$inputs["phoneNumber"] = scrubInput($_REQUEST["phoneNumber"]);
$inputs["instName"] = scrubInput($_REQUEST["instName"]);
$inputs["scpUsername"] = scrubInput($_REQUEST["scpUsername"]);
$inputs["scpDstIp"] = scrubInput($_REQUEST["scpDstIp"]);
$inputs["scpPubKey"] = scrubInput($_REQUEST["scpPubKey"]);
$inputs["rtEmailAddress"] = scrubInput($_REQUEST["rtEmailAddress"]);
//hash the password
$inputs["testRigPassword"] = password_hash($_REQUEST["testRigPassword"], PASSWORD_BCRYPT);
//echo "You entered:<hr>First Name: ".$inputs["fName"]. "<br>Last Name: " . $inputs["lName"]. "<br>Email: " . $inputs["email"] . "<br>Phone: " . $inputs["phoneNumber"] . "<br>Institution: " . $inputs["instName"] . "<br>SCP Username: "******"scpUsername"]. "<br>Dst IP: " .$inputs["scpDstIp"]. "<br>Key: " . $inputs["scpPubKey"] . "<br>" . "Password: "******"testRigPassword"] . "<br>";
//insert this shit into the DB
if (insertIntoDB($inputs)) {
if (triggerNotification($inputs)) {
echo "Your subscription request to TestRig2.0 has been received. Please allow 1 ";
echo "business day to process the request and receive approval notification.";
} else {
echo "The attempt to send notification of your request failed.";
}
} else {
echo "There was a problem processing your request.";
}
}
foreach ($checkedTests as $val) {
$val = scrubInput($val);
//just in case someone does something funky to the form
if ($count == count($checkedTests) - 1) {
$testString = $testString . $val;
} else {
$testString = $testString . $val . ", ";
}
$count++;
}
//END foreach checkedTests
$inputs["username"] = scrubInput($_REQUEST["username"]);
$inputs["email"] = scrubInput($_REQUEST["email"]);
$inputs["troubleTicket"] = scrubInput($_REQUEST["troubleTicket"]);
$inputs["testCSV"] = $testString;
$inputs["queueName"] = scrubInput($_REQUEST["queueName"]);
//everything is scrubbed and prepped for entry into the DB, so let's do this
insertNewISORequest($inputs);
// It turns out that exec has an issue with some versions of bash which prevents it
// from properly redirecting STDIN and STDERR to a file. This prevents exec from going into
// the background. Turns out this proc_close(proc_open()) trick does work.
proc_close(proc_open("/home/rapier/testrig/isobuilder/isobuilder.pl -f /home/rapier/testrig/isobuilder/isobuilder.cfg -c {$_SESSION['CID']} -u {$_SESSION['UID']} 2>&1 /dev/null &", array(), $dummy_var));
}
//END successful submission if/then
?>
<div id="inputSection" name="inputSection">
<form id="isoRequest" name="isoRequest" action="<?php
echo htmlspecialchars($_SERVER["PHP_SELF"]);
?>
function insertNewISORequest($cleanedInputs)
{
//this function will insert parameters for an ISO into the test_parameters table
//database-related variables
$dbHost = "192.168.122.1";
//ionia's private IP
$username = "******";
$password = "******";
$dbname = "testrig";
//generate a timestamp for the ISO's creation date
date_default_timezone_set('UTC');
$creationTimestamp = date('YmdHs');
//actually attempt connecting to the database using PHP's PDO
try {
$dbLink = new PDO("mysql:host={$dbHost};dbname={$dbname}", $username, $password);
//error mode for PDO is exception
$dbLink->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$cmd = "INSERT INTO testParameters\n\t\t\t\t (cid, username,\n useremail, user_tt_id,\n requested_tests, creation_timestamp, \n queue_name, target,\n maxrun, validtodate) \n\t\t\t\tVALUES (?, ?, \n ?, ?, \n ?, ?, \n ?, ?,\n ?, ?)";
$statement = $dbLink->prepare($cmd);
$CID = scrubInput($_SESSION["CID"]);
$statement->execute(array($CID, $cleanedInputs["username"], $cleanedInputs["email"], $cleanedInputs["troubleTicket"], $cleanedInputs["testCSV"], $creationTimestamp, $cleanedInputs["queueName"], $cleanedInputs["target"], $cleanedInputs["maxRun"], $cleanedInputs["validToDate"]));
} catch (PDOException $e) {
echo "<h1> Oops! Something went wrong while interacting with the database:</h1> <br>" . $e->getMessage();
return 0;
}
$dbLink = null;
//we need to add the UID of the recently created ISO to the session for the ISO creation to take place
//since we have all of the other params for this iso, we can query for the combination of them and then get the UID
//do we need a new db handle? -> yup, it wouldn't work unless I made a new one
$dbh = new PDO("mysql:host={$dbHost};dbname={$dbname}", $username, $password);
$sqlStmnt = $dbh->prepare('SELECT uid FROM testParameters
WHERE cid = :cid
AND username = :username
AND useremail = :email
AND user_tt_id = :troubleTicket
AND requested_tests = :testCSV');
$sqlStmnt->bindParam(':cid', $_SESSION["CID"], PDO::PARAM_STR);
$sqlStmnt->bindParam(':username', $cleanedInputs["username"], PDO::PARAM_STR);
$sqlStmnt->bindParam(':email', $cleanedInputs["email"], PDO::PARAM_STR);
$sqlStmnt->bindParam(':troubleTicket', $cleanedInputs["troubleTicket"], PDO::PARAM_STR);
$sqlStmnt->bindParam(':testCSV', $cleanedInputs["testCSV"], PDO::PARAM_STR);
$sqlStmnt->execute();
$uidQueryResult = $sqlStmnt->fetch(PDO::FETCH_ASSOC);
//returns FALSE if empty result
if (!$uidQueryResult) {
print "an error occurred interacting with the database!";
} else {
$_SESSION["UID"] = $uidQueryResult["uid"];
}
return 1;
}
function getDBPasswordDB($dbConnection, $userID, &$dbPassword)
{
assert(isset($dbConnection));
assert(isset($userID));
$bSuccess = FALSE;
if (!$dbConnection->connect_errno) {
$stmtQuery = "SELECT password FROM icaict515a_employees WHERE employee_id=?";
if ($stmt = $dbConnection->prepare($stmtQuery)) {
$userID = scrubInput($userID, $dbConnection);
$stmt->bind_param('i', $userID);
if ($bSuccess = $stmt->execute()) {
$stmt->bind_result($db_password);
if ($stmt->fetch()) {
$dbPassword = $db_password;
}
}
$stmt->close();
}
}
return $bSuccess;
}
