<h1 id="title">User Profile - <?php echo $title ?></h1> <section id="main-body" class="row"> <paper-fab id="enter-search" icon="icons:search" class="click" data-href="?mode=search" data-toggle="tooltip" title="Search Profiles"></paper-fab> <script type="text/javascript"> window.publicProfile = <?php echo json_encode($structuredData); ?>; window.isViewingSelf = <?php echo strbool($isViewingSelf); ?>; window.profileUid = "<?php echo $viewUserId; ?>"; </script> <?php if($isViewingSelf) { ?> <div class="col-xs-12 self-link"> <div class="form-group"> <div class="col-xs-10 col-sm-8 col-md-6"> <div class="input-group"> <iron-icon icon="icons:link"></iron-icon> <?php $profileLink = "https://amphibiandisease.org/profile.php?id=" . $viewUser->getHardlink(); ?> <paper-input label="Profile Link" id="profile-link-field" readonly value="<?php echo $profileLink; ?>"/> </div> </div> <div class="fab-wrapper col-xs-2"> <paper-fab icon="icons:content-copy" class="materialblue" id="copy-profile-link" data-clipboard-text="<?php echo $profileLink; ?>" data-toggle="tooltip" title="Copy Link"></paper-fab> </div> </div> </div> <?php } ?> <div id="basic-profile" class="col-xs-12 col-md-6 profile-region" data-source="social"> <h3>Basic Profile</h3> <style type="text/css"> #profile-image-uploader { background: url('<?php echo $viewUser->getuserPicture(); ?>') no-repeat center center;
function readProjectData($get, $precleaned = false, $debug = false) { /*** * ***/ global $db, $login_status; if ($precleaned) { $project = $get; } else { $project = $db->sanitize($get['project']); } $userdata = $login_status['detail']; unset($userdata['source']); unset($userdata['iv']); unset($userdata['userdata']['random_seed']); unset($userdata['userdata']['special_1']); unset($userdata['userdata']['special_2']); unset($userdata['userdata']['su_flag']); unset($userdata['userdata']['admin_flag']); # Base response $response = array('status' => false, 'error' => 'UNPROCESSED_READ', 'human_error' => 'Server error handling project read', 'project' => array('project_id' => $project, 'public' => false), 'user' => array('user' => $login_status['detail']['userdata']['dblink'], 'has_edit_permissions' => false, 'has_view_permissions' => false, 'is_author' => false)); if ($debug) { $response['debug'] = array(); } # Actual projecting $query = 'SELECT * FROM ' . $db->getTable() . " WHERE `project_id`='" . $project . "'"; if ($debug) { $response['debug']['query'] = $query; } $l = $db->openDB(); $r = mysqli_query($l, $query); $row = mysqli_fetch_assoc($r); # First check the user auth $uid = $userdata['uid']; if ($debug) { $pc = array('checked_id' => $uid, 'checked_data' => $row, 'performed_query' => $query); $response['debug']['permissions'] = $pc; } $permission = checkProjectAuthorized($row, $uid); if ($permission['can_view'] !== true) { $response['human_error'] = 'You are not authorized to view this project'; $response['error'] = 'ACCESS_AUTHORIZATION_FAILED'; $response['details'] = $permission; return $response; } # It's good, so set permissions $response['user']['has_edit_permissions'] = $permission['can_edit']; $response['user']['has_view_permissions'] = $permission['can_view']; $response['user']['is_author'] = $permission['is_author']; # Rewrite the users to be more practical $u = new UserFunctions($row['author'], 'dblink'); $detail = $u->getUser($row['author']); $accessData = array('editors' => array(), 'viewers' => array(), 'total' => array(), 'editors_list' => array(), 'viewers_list' => array(), 'author' => $u->getUsername(), 'composite' => array(), 'raw' => $row['access_data']); # Add the author to the lists $accessData['editors_list'][] = $u->getUsername(); $accessData['total'][] = $u->getUsername(); $accessData['editors'][] = $u->getHardlink(); $accessData['composite'][$u->getUsername()] = $u->getHardlink(); # Editors foreach ($permission['editors'] as $editor) { # Get the editor data $u = new UserFunctions($editor, 'dblink'); $detail = $u->getUser($editor); $editor = array('email' => $u->getUsername(), 'user_id' => $u->getHardlink()); $accessData['editors'][] = $editor; $accessData['editors_list'][] = $u->getUsername(); $accessData['total'][] = $u->getUsername(); $accessData['composite'][$u->getUsername()] = $editor; } foreach ($permission['viewers'] as $viewer) { # Get the viewer data $u = new UserFunctions($viewer, 'dblink'); $detail = $u->getUser($viewer); $viewer = array('email' => $u->getUsername(), 'user_id' => $u->getHardlink()); $accessData['viewers'][] = $viewer; $accessData['viewers_list'][] = $u->getUsername(); $accessData['composite'][$u->getUsername()] = $viewer; if (!in_array($accessData['total'], $u->getUsername())) { $accessData['total'][] = $u->getUsername(); } } sort($accessData['total']); # Replace the dumb permissions $row['access_data'] = $accessData; # Append it $row['public'] = boolstr($row['public']); $row['includes_anura'] = boolstr($row['includes_anura']); $row['includes_caudata'] = boolstr($row['includes_caudata']); $row['includes_gymnophiona'] = boolstr($row['includes_gymnophiona']); $response['project'] = $row; # Do we want to flag if the current user is a superuser? # Return it! $response['status'] = true; $response['error'] = null; $response['human_error'] = null; $response['project_id'] = $project; $response['project_id_raw'] = $get['project']; return $response; }