// When the user changes a road's hash if (isset($_POST['changeRoadHash'])) { requireCSRF(); requirePostDataFields('oldhash', 'newhash'); $oldhash = $_POST['oldhash']; $newhash = $athena . '/' . htmlentities(substr($_POST['newhash'], 0, 36)); if (!$loggedin) { dieJSON(array('error' => true, 'errorDesc' => 'Not logged in', 'hash' => $oldhash)); } if (preg_match('/\\/.*?[^\\w\\-]/', $newhash) || !strlen($_POST['newhash'])) { dieJSON(array('error' => true, 'errorDesc' => 'Malformed hash supplied', 'hash' => $oldhash)); } if ($athena !== hashOwner($oldhash) && $oldhash !== 'null') { dieJSON(array('error' => true, 'errorDesc' => 'Bad owner or hash', 'hash' => $oldhash)); } if (CourseRoadDB::hashExists($newhash)) { dieJSON(array('error' => true, 'errorDesc' => 'New hash is already taken', 'hash' => $oldhash)); } CourseRoadDB::changeRoadHash($oldhash, $newhash, $athena); dieJSON(array('success' => true, 'hash' => $newhash)); } // And when the user adds a comment if (isset($_POST['setRoadComment'])) { requireCSRF(); requirePostDataFields('hash', 'comment'); $hash = $_POST['hash']; $comment = htmlentities(substr($_POST['comment'], 0, 100)); if (!$loggedin) { dieJSON(array('error' => true, 'errorDesc' => 'Not logged in', 'hash' => $oldhash)); } if ($athena !== hashOwner($hash) && $hash !== 'null') {
* By: Danny Ben-David (dannybd@mit.edu) */ require 'functions.php'; // Beginnings of an external API hook. From a comma-separated list of classes, // a year value and a term, this will drop a set of classes into CourseRoad, to // be saved by the user. if (isset($_GET['addclasses'])) { if (!isset($_GET['year'])) { $_GET['year'] = false; } if (!isset($_GET['term'])) { $_GET['term'] = 1; } // SESSION.add_new_term holds onto the new term's data $_SESSION['add_new_term'] = array('year' => $_GET['year'], 'term' => $_GET['term'], 'classes' => explode(',', $_GET['addclasses'])); if (!(isset($_GET['hash']) && CourseRoadDB::hashExists($_GET['hash']))) { $_GET['hash'] = ''; } } // Record failed login attempts (when user denies login after pressing Login) if (isset($_GET['triedlogin'])) { $_SESSION['triedcert'] = true; redirectHash($_SESSION['crhash']); } // A visible "?hash=" in the URL is unwanted, so we redirect to remove it, // but first store the hash to make loading faster. if (isset($_GET['hash'])) { redirectHash(urldecode($_GET['hash'])); } // Store that we've been to index.php. $_SESSION['wenttoindex'] = true;