#and make the user inactive
$s3ql = compact('user_id', 'db');
if ($_POST['deleteuser'] == 'Remove from Deployment') {
$s3ql['delete'] = 'user';
$s3ql['where']['user_id'] = $imp_user_id;
$s3ql['flag'] = 'resource';
} elseif ($_POST['deleteuser'] == 'Deactivate Account') {
$s3ql['update'] = 'user';
$s3ql['where']['user_id'] = $imp_user_id;
$s3ql['where']['account_status'] = 'I';
#$s3ql['where']['permission_level']='000';
}
$s3ql['format'] = 'html';
#echo '<pre>';print_r($s3ql);exit;
$deleted = S3QLaction($s3ql);
$deleted = html2cell($deleted);
#echo $deleted;
#exit;
if ($deleted[2]['error_code'] == '0') {
Header('Location: ' . $action['listusers']);
exit;
} else {
ereg('<message>(.*)</message>', $deleted, $s3qlouput);
$message = $s3qlouput[0];
}
}
include '../S3DBjavascript.php';
include '../tabs.php';
#echo '<pre>';print_r($users);exit;
#$user_list=create_user_list($users);
$section_num = '2';
#if(in_array('user_id', array_keys($done)))
if ($msg['error_code'] == 0) {
#preg_match('[0-9]', $done, $inserted_user_id);
$inserted_user_id = $msg['user_id'];
#insert the user in the specified groups
$selected_groups = $_POST['account_groups'];
#echo $inserted_user_id;
if (is_array($selected_groups)) {
foreach ($selected_groups as $group_id) {
$s3ql = compact('user_id', 'db');
$s3ql['insert'] = 'user';
$s3ql['where']['user_id'] = $inserted_user_id;
$s3ql['where']['group_id'] = $group_id;
$s3ql['format'] = 'html';
$done = S3QLaction($s3ql);
$msg = html2cell($done);
$msg = $msg[2];
}
}
header('Location:' . $action['listusers']);
exit;
} else {
$message = $msg['message'];
}
}
}
#pass the variables to the form
$account_lid = $_POST['account_lid'];
$account_uname = $_POST['account_uname'];
$addr1 = $_POST['addr1'];
$addr2 = $_POST['addr2'];
function render_inserted_statement_all($I)
{
extract($I);
$_SESSION['current_color'] = '0';
$_SESSION['previous_verb'] = '';
$instance_id = $instance_info['resource_id'];
$stats = '';
if (is_array($rules)) {
foreach ($rules as $rule_info) {
$report_msg = '';
$subject = $rule_info['subject'];
$verb = $rule_info['verb'];
$object = $rule_info['object'];
$rule_id = $rule_info['rule_id'];
$rule_notes = $rule_info['notes'];
$notes = $_POST['text_' . $instance_id . '_' . $rule_id];
$index = $index + 1;
if (in_array($rule_id, $rule_ids)) {
#echo 'upload_input_'.$instance_id.'_'.$rule_id.'<BR>';
#gather data from post
if ($_FILES['upload_input_' . $instance_id . '_' . $rule_id]['name'] == '') {
$value = $_POST['input_' . $instance_id . '_' . $rule_id];
if ($value == '') {
$value = $_POST['input_' . str_replace('.', '_', $instance_id) . '_' . str_replace('.', '_', $rule_id)];
}
#insert the statement, run S3QL
$s3ql = compact('db', 'user_id');
$s3ql['insert'] = 'statement';
#$s3ql['where']['project_id'] = $project_id;
$s3ql['where']['item_id'] = $instance_id;
$s3ql['where']['rule_id'] = $rule_id;
$s3ql['where']['value'] = $value;
$s3ql['where']['notes'] = $notes;
#$s3ql['format']='html';
$done = S3QLaction($s3ql);
$done = html2cell($done);
#ereg('<error>([0-9]+)</error>.*<(message|statement_id)>(.*)</(message|statement_id)>', $done, $s3qlout);
$statement_id = $done[2]['statement_id'];
$S = compact('user_id', 'rule_info', 'instance_id', 'statement_id', 'value', 'notes', 'db', 'done');
if ($done[2]['error_code'] == '0') {
$report_msg = render_inserted($s3ql, $statement_id);
#$report_msg .= sprintf("%s\n", ' <br /><input type="button" value="Insert Another" onClick="window.location=\''.$action['instanceform'].'\'">');
#$report_msg .= sprintf("%s\n", ' <br /><input type="button" value="Close Window" onClick="window.location=\''.$action['instanceform'].'\'">');
} else {
$report_msg = couldnot_insert_statement($S);
#render_statement_already_exists($s3ql);
}
#elseif($s3qlout[1]=='7')
#{
#$report_msg = render_resource_doesnot_exist($s3ql);
#}
#elseif($s3qlout[1]=='3')
#{
#$report_msg = render_value_cannot_be_null($s3ql);
#}
} else {
#project is the same that will go to instance
$project_id = $rule_info['project_id'];
$value = project_folder_name($project_id, $db);
$notes = $_REQUEST['text_' . $instance_id . '_' . $rule_id];
$filename = $_FILES['upload_input_' . $instance_id . '_' . $rule_id]['name'];
$mimetype = $_FILES['upload_input_' . $instance_id . '_' . $rule_id]['type'];
$filesize = filesize($_FILES['upload_input_' . $instance_id . '_' . $rule_id]['tmp_name']);
$uploadedfile = $_FILES['upload_input_' . $instance_id . '_' . $rule_id]['tmp_name'];
if ($filesize <= 0) {
$report_msg = 'Filesize cannot be null';
} elseif ($filename == '') {
$report_msg = 'Filename cannot be empty';
} elseif ($value == '' || $uploadedfile == '') {
$report_msg = 'Could not move file, please check with you administrator if file uploads are allowed.';
} else {
$tmp = fileNameAndExtension($filename);
extract($tmp);
#write a filekey to send the file by the API
$filekey = generateAFilekey(compact('filename', 'extension', 'filesize', 'user_id', 'db'));
#move the file like the API would do
$file = $uploadedfile;
$fileMoved = MoveFile(compact('filekey', 'db', 'file'));
#generate a statement_id
if ($fileMoved) {
$s3ql = compact('db', 'user_id');
$s3ql['insert'] = 'file';
$s3ql['where']['filekey'] = $filekey;
$s3ql['where']['notes'] = $notes;
$s3ql['where']['project_id'] = $project_id;
$s3ql['where']['rule_id'] = $rule_id;
$s3ql['where']['item_id'] = $instance_id;
$s3ql['format'] = 'html';
$done = S3QLaction($s3ql);
$done = html2cell($done);
#echo '<pre>';print_r($done);
#ereg('<statement_id>([0-9]+)</statement_id>', $done, $s3qlout);
$statement_id = $done[2]['file_id'];
if ($statement_id != '') {
$insert = 'file';
$S = compact('rule_id', 'instance_id', 'db', 'insert', 'filename');
$report_msg = render_inserted($S, $statement_id);
}
} else {
$report_msg = "<font color='red'>Could not move the file</font>";
exit;
}
}
}
} else {
$report_msg = render_empty_form(compact('index', 'rule_info', 'project_id', 'instance_id', 'db'));
}
$finalOutput .= $report_msg;
}
}
//echo $stats;
return $finalOutput;
}
function remoteURIOLD($uid, $key, $user_id, $db)
{
#function remoteURI performs a call on a remote Did for retrieving information on a specific s3id
#syntax: remoteURI($uid, $key, $db)
#uid should be a concatenation of Did and user_id. Did is either a URL or an alphanumeric string that can be called on mothership
#echo $uid;
#find this user's id
#$local_user = $GLOBALS['Did'].'/'.'U'.$user_id;
#$myip = captureIp();
#$myip = ($myip!='')?$myip:$_SERVER['SERVER_NAME'];
#$local_user = (($_SERVER['HTTPS']!='')?'https://':'http://'.$myip.'/'.strtok($_SERVER['PHP_SELF'], '/')).'/'.'U'.$user_id;
#test Did. Is it a url? or a way to find a url?
#ereg('(.*)(/|_)(D|U|G|P|C|R|I|S)([0-9]+$)', $uid, $out);
#ereg('(D(.*)|http://(.*)|https://(.*))(_|/)(U|G|P|C|R|I|S)([0-9]+$|D|http://|https://)', $uid, $out);
$local_user = S3DB_URI_BASE . '/' . 'U' . $user_id;
#echo $local_user;exit;
$uid_info = uid($uid);
#echo $uid;
#echo '<pre>';print_r($uid_info);exit;
$letter = substr($uid_info['uid'], 0, 1);
#echo $uid;
if (ereg('^(U|G|P|C|R|I|S)', $uid)) {
$uid = substr($uid, 1, strlen($uid));
#if uid brings a letter, leave just a the id
$Did = substr($uid_info['Did'], 1, strlen($uid_info['Did']));
} else {
$Did = $uid_info['Did'];
}
$remoteId = $uid_info['uid'];
#echo $Did;exit;
#echo http_test_existance($Did);exit;
#test Did. if is not url, must find url first
#First let's try calling the remote resource without authientication; it might be a public resource
ereg('^(D|http.*)/(D|P|C|R|I|S|G|U)([0-9]+)', $uid, $uid_in_remote);
$did_call = $Did . '/URI.php?uid=' . $uid_in_remote[2] . $uid_in_remote[3] . '&format=php';
$did_data = stream_get_contents(@fopen($did_call, 'r'));
$msg = unserialize($did_data);
$msg = $msg[0];
#$msg=html2cell($did_data);$msg = $msg[2];
if ($msg['uri'] != '') {
#Good, it's a public resource
return $msg;
}
$did_call = $Did . '/URI.php?key=' . $key . '&user_id=' . $local_user . '&uid=' . $uid_in_remote[2] . $uid_in_remote[3];
$did_data = stream_get_contents(@fopen($did_call, 'r'));
if ($did_data == '') {
$did_url = findDidUrl($Did, $db);
#internal - does it exist on inside table?
$dateDiff_min = (strtotime(date('Y-m-d H:i:s')) - strtotime($did_url['checked_valid'])) / 60;
#did_url empty? Mothership working?#checked no longer than an hour?
if (empty($did_url['url']) || $dateDiff_min > 60) {
$mothership = $uid_info['MS'] != '' ? $uid_info['MS'] : $GLOBALS['s3db_info']['deployment']['mothership'];
#because s3db.org is under sourceforge, find the real url of that mother ship first.
if (ereg('http://s3db.org|http://www.s3db.org', $mothership)) {
if (http_test_existance('http://s3db.org/ms.txt')) {
$handle = fopen('http://s3db.org/ms.txt', 'rb');
$real_ms = stream_get_contents($handle);
fclose($handle);
} else {
$real_ms = 'http://s3db.virtual.vps-host.net/central/';
}
if (ereg('frameset', $real_ms)) {
ereg('src="(http.*" )', $real_ms, $out);
if (http_test_existance(trim($out[1], "\" "))) {
$mothership = fread(fopen(trim($out[1], "\" "), 'r'), '100');
}
}
}
if (http_test_existance($mothership)) {
#call mothership, find true url
$true_url = fread(fopen($mothership . '/s3rl.php?Did=' . $Did, 'r'), '100000');
#echo '<pre>';print_r($true_url);exit;
if (!empty($true_url)) {
$data = html2cell($true_url);
}
#echo '<pre>data';print_r($data);exit;
$data[2]['deployment_id'] = substr($Did, 1, strlen($Did));
if (http_test_existance(trim($data[2]['url']))) {
$data[2]['checked_valid'] = date('Y-m-d H:i:s');
} else {
$data[2]['checked_valid'] = '';
}
#now update true url in local
if (empty($did_url)) {
insertDidUrl($data[2], $db);
} else {
updateDidUrl($data[2], $db);
}
#and define the variable
$url = trim($data[2]['url']);
} else {
#motherhsips seems to be down... try asking the url that gave the this uid for a URL.
#need the url from the deployment where this ID is being shared from.
}
} else {
$url = trim($did_url['url']);
}
#echo '<pre>';print_r($did_url);exit;
} else {
$url = $Did;
}
#secho $url;
#build the call url
$url = substr($url, -1) == '/' ? $url : $url . '/';
$key = $key != '' ? $key : get_user_key($user_id, $db);
$url2call = $url . 'URI.php?uid=' . $remoteId . '&key=' . $key . '&user_id=' . $local_user;
#echo $url2call;exit;
if (!http_test_existance($url2call)) {
return $GLOBALS['messages']['something_does_not_exist'] . '<message>' . $remoteId . ' does not appear to be a valid remote resource</message>';
}
$data = array('uid' => $remoteId, 'key' => $key, 'user_id' => $local_user);
#now try to access it. I am assuming user already has access in the remote resource
$h = fopen($url2call, 'r');
$urldata = fread($h, '10000');
if ($urldata == '') {
return "could not find user on the url provided";
} else {
#now, which part of the data am I waiting? what element is this?
#$relevant_fields = $GLOBALS['dbstruct'][$GLOBALS['s3codes'][substr($remoteId, 0,1)]];
$element = $GLOBALS['s3codes'][substr($remoteId, 0, 1)];
$id_name = $GLOBALS['s3ids'][$element];
#some remote header require translation
$remote_resource_names = array('created_by' => 'user_id', 'project_owner' => 'user_id', 'resource_id' => ereg('I|S', substr($remoteId, 0, 1)) ? 'instance_id' : 'class_id', 'subject_id' => 'class_id', 'object_id' => 'class_id', 'verb_id' => 'instance_id');
$data = html2cell($urldata);
#echo 'before or after?<pre>';print_r($data);
if (is_array($data)) {
$relevant_fields = $data[1];
$data = $data[2];
$relevant_data = array_intersect_key($data, array_flip($relevant_fields));
#whatever points to resources must come with the remote ID
foreach ($relevant_data as $fieldName => $fieldData) {
if (in_array($fieldName, array_keys($remote_resource_names)) || ereg('_id$', $fieldName) && !ereg('http://|https://|_', $fieldData)) {
$uidLetter = $remote_resource_names[$fieldName] != '' ? strtoupper(substr($remote_resource_names[$fieldName], 0, 1)) : strtoupper(substr($fieldName, 0, 1));
#echo $fieldName;
if ($fieldData != '') {
$DidData[$fieldName] = $Did . '/' . $uidLetter . $fieldData;
}
} else {
$DidData[$fieldName] = $fieldData;
}
}
#translate old acl into new permission_levels
if ($DidData['acl'] != '' && strlen($DidData['acl']) == '1') {
$DidData['acl'] = $DidData['acl'] == '3' ? '222' : ($DidData['acl'] == '2' && ereg('I|S', $letter) ? '222' : ($DidData['acl'] == '2' && ereg('P|C|R', $letter) ? '202' : ($DidData['acl'] == '1' && ereg('P|C|R', $letter) ? '201' : ($DidData['acl'] == '1' && ereg('I|S', $letter) ? '211' : ($DidData['acl'] == '0' ? '000' : '000')))));
}
#return the original uid to the apporpriate id_name
$DidData[$id_name] = $uid;
#figure out if user also has local permission on this resource
$info = $DidData;
$id = $letter . $uid;
$P = permissionOnResource(compact('info', 'key', 'user_id', 'db', 'id'));
#given permission on 2 deploykents, (local+rmote), find which one user has the most permission
if ($P != '' && $DidData['acl'] != '') {
$view = max(array(substr($DidData['acl'], 0, 1), substr($P, 0, 1)));
$change = max(array(substr($DidData['acl'], 1, 1), substr($P, 1, 1)));
$add_data = max(array(substr($DidData['acl'], 2, 1), substr($P, 2, 1)));
$DidData['acl'] = $view . $change . $add_data;
} else {
$DidData['acl'] = $P != '' ? $P : $DidData['acl'];
}
$element_info = $DidData;
#echo '<pre>';print_r($element_info);
#Define if ser can view or not view data. View is the first number in the 3 d code. It ranges from 0 to 2
if (ereg('^2', $element_info['acl']) || ereg('^1', $element_info['acl']) && $element_info['created_by'] == $user_id) {
#2 means user can view anything associated with this resource (downstream). 1 means he can see, as long as resource was created by himself
$element_info['view'] = '1';
#yes, access is granted.
} else {
$element_info['view'] = '0';
#no, sorry :-(
}
#Decide if user can change (update) or not change data on resource
$change_digit = substr($element_info['acl'], 1, strlen($element_info['acl']));
#it is the second digit who specifies this
if (ereg('^2', $change_digit) || ereg('^1', $change_digit) && $element_info['created_by'] == $user_id) {
$element_info['change'] = '1';
} else {
$element_info['change'] = '0';
#nope.
}
#can user insert data in this resource? Information is in the very last digit. In case it only has 2 digits, reading th last digit will work too because it propagates
if (ereg('2$', $element_info['acl']) || ereg('1$', $element_info['acl']) && $element_info['created_by'] == $user_id) {
$element_info['add_data'] = '1';
} else {
$element_info['add_data'] = '0';
}
#create the element "delete", in case it is eventually created...For now it is the same as change
$element_info['delete'] = $element_info['change'];
$element_info['delete_data'] = $element_info['add_data'];
return $element_info;
} else {
#return ($GLOBALS['messages']['something_went_wrong'].'<message> Deployment '.$Did.' responded: '.$urldata.'</message>');
return formatReturn($GLOBALS['error_codes']['no_results'], 'Deployment ' . $Did . ' responded: ' . $urldata, $format, '');
}
}
#echo $resp;
}
function authenticate_OLD($key, $url)
{
if ($key != '') {
$key_valid = check_key_validity($key, $db);
if ($key_valid) {
return 0;
} elseif (!$key_valid) {
#if key is not valid, check if there is a username (including remote url) and a key
#$url = $_REQUEST['url'];
if ($url == '') {
#sorry, no access :-(
return 1;
exit;
} else {
#URL contains info on user in the last part of the path. (for example: URL=https://ibl.mdanderson.org/s3db/U4)
$user_id_info = uid($url);
$db = CreateObject('s3dbapi.db');
$db->Halt_On_Error = 'no';
$db->Host = $GLOBALS['s3db_info']['server']['db']['db_host'];
$db->Type = $GLOBALS['s3db_info']['server']['db']['db_type'];
$db->Database = $GLOBALS['s3db_info']['server']['db']['db_name'];
$db->User = $GLOBALS['s3db_info']['server']['db']['db_user'];
$db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass'];
$db->connect();
#test url validity
$user = $user_id_info['uid'];
$url2call = remoteURLretrieval($user_id_info, $db);
#now remove the user from the uri, to get to the real URL
$rawUrl = $url2call . '/URI.php?key=' . $key;
#echo $rawUrl;exit;
if (!http_test_existance($rawUrl)) {
return 4;
}
#go to remote url URI.php to find a username and user_id
#check if the key that was provided is valid in the remote url
$h = fopen($rawUrl, 'r');
$urldata = fread($h, '10000');
$account_info = html2cell($urldata);
#if key is valid in the remote url, check if locally the user has been authorized to access data (there should be an entry on users table where the username is the url+user_id+uname(since this one can be changed, it might not be such a good idea to keep it here. Alternativelly, unam has to be remotelly verified once in a while...)
if (is_array($account_info)) {
#data has been found in remote url
if ($user == $user_id_info['Did'] . '/' . 'U' . $account_info[2]['account_id']) {
if (validate_remote_user($account_info[2], $url, $key)) {
#user was authenticated IN REMOTE!!! Now we have to authenticate it in local
#create a key for this user that is the same as the one he just provided
return 0;
} else {
#we can introduce it now...let's allow for this option to be configured with s3db config
if ($GLOBALS['s3db_info']['server']['allow_peer_authentication'] == '1') {
if (insert_remote_user($account_info[2], $url)) {
if (validate_remote_user($account_info[2], $url, $key)) {
#now we can validate it again
return 0;
} else {
return 2;
}
} else {
return 5;
}
} else {
return 2;
}
}
} else {
return 3;
}
} else {
return 4;
}
}
}
} elseif ($key == '') {
if ($_SESSION['db'] != '') {
$db = $_SESSION['db'];
$user_id = $_SESSION['user']['account_id'];
} elseif (in_array('key', array_keys($_REQUEST))) {
#the url seems prepared to take in a key, but it is empty
echo '<S3QL>';
echo '<error>0</error>';
echo '<connection>Successfully connected to <uri>' . $http . $def . S3DB_URI_BASE . '/</uri></connection><BR>';
echo '<message>Please provide a key to access S3DB</message><BR>';
echo '<message>For syntax specification and instructions refer to http://s3db.org/apibasic.html</message>';
echo '</S3QL>';
exit;
} else {
#no key and no session found
echo '<body onload="window.parent.location=\'' . S3DB_URI_BASE . '/login.php?error=2\'">';
exit;
}
}
}
function findFileItemId($file, $user_id, $db)
{
### => This part to uncomment once queries are made faster
#Is there an item with this path value on path rule?
/*
$s3ql=compact('user_id','db');
$s3ql['select']='*';
$s3ql['from']='statements';
$s3ql['where']['rule_id']=$GLOBALS['update_project']['path']['rule_id'];
$s3ql['where']['file_name']=$path;
#$s3ql['where']['value']=base64_encode($file);
$s3ql['where']['local']=1;
$s3ql['limit']='1';
$s3ql['format']='html';
$stat =S3QLaction($s3ql);
if(!is_array($stat))
{
$s3ql=compact('user_id','db');
$s3ql['insert']='item';
$s3ql['where']['collection_id']=$GLOBALS['update_project']['collection_id'];
$s3ql['where']['notes']=base64_encode($file);
$s3ql['format']='html';
$inserted =S3QLaction($s3ql);
ereg('<error>([0-9]+)</error>(.*)<(message|item_id)>(.*)</(message|item_id)>', $inserted, $s3qlout);
$item_id = $s3qlout[4];
###
#Now fill up the stat - for information retrieval purposes only (this avoids having to create a long list to keep track of the item where the file is
$s3ql=compact('user_id','db');
$s3ql['insert']='statement';
$s3ql['where']['item_id']=$item_id;
$s3ql['where']['rule_id']=$GLOBALS['update_project']['path']['rule_id'];
$s3ql['where']['value']=base64_encode($file);
$s3ql['local']=1;
$inserted =S3QLaction($s3ql);
}
else{
$stat_info=$stat[0];
$item_id = $stat_info['item_id'];
}
*/
$sql = "select resource_id from s3db_statement where rule_id = '" . $GLOBALS['update_project']['file']['rule_id'] . "' and file_name = '" . $file . "' order by created_on desc limit 1";
$db->query($sql, __LINE__, __FILE__);
if ($db->next_record()) {
$item_id = $db->f('resource_id');
} else {
$s3ql = compact('user_id', 'db');
$s3ql['insert'] = 'item';
$s3ql['where']['collection_id'] = $GLOBALS['update_project']['collection_id'];
$s3ql['where']['notes'] = urlencode($file);
$s3ql['format'] = 'html';
$inserted = S3QLaction($s3ql);
$msg = html2cell($inserted);
$msg = $msg[2];
#ereg('<error>([0-9]+)</error>(.*)<(message|item_id)>(.*)</(message|item_id)>', $inserted, $s3qlout);
$item_id = $msg['item_id'];
###
#Now fill up the stat - for information retrieval purposes only (this avoids having to create a long list to keep track of the item where the file is
$s3ql = compact('user_id', 'db');
$s3ql['insert'] = 'statement';
$s3ql['where']['item_id'] = $item_id;
$s3ql['where']['rule_id'] = $GLOBALS['update_project']['path']['rule_id'];
$s3ql['where']['value'] = urlencode($file);
$s3ql['local'] = 1;
$inserted = S3QLaction($s3ql);
}
return $item_id;
}
$statements[0] = $statement_info;
$statements = include_rule_info($statements, $project_id, $db);
$statements = include_button_notes($statements, $project_id, $db);
$statements = Values2Links($statements);
$statement_info = $statements[0];
#echo '<pre>';print_r($statement_info);
if ($_POST['delete_statement'] != '') {
$s3ql = compact('db', 'user_id');
$s3ql['delete'] = 'statement';
$s3ql['where']['statement_id'] = $statement_id;
$s3ql['flag'] = 'all';
#$s3ql['format']='html';
#$s3ql['where']['project_id'] = $project_id;
#$s3ql['where']['confirm'] = 'yes';
$done = S3QLaction($s3ql);
$done = html2cell($done);
#echo '<pre>';print_r($done);
#ereg('<error>([0-9]+)</error>.*<message>(.*)</message>', $done, $s3qlout);
if ($done[2]['error_code'] == '0') {
$js = sprintf("%s\n", '<script type="text/javascript">');
$js .= sprintf("%s\n", 'function kill_me()');
$js .= sprintf("%s\n", '{');
$js .= sprintf("%s\n", ' opener.window.location.reload(); self.close(); return false;');
$js .= sprintf("%s\n", '}');
$js .= sprintf("%s\n", '</script>');
echo $js;
} else {
echo '<font color="red">' . $done[2]['message'] . '</font>';
}
}
?>
function remoteURLretrieval($uid_info, $db)
{
if (is_array($uid_info)) {
extract($uid_info);
} else {
$uid_info = uid($uid_info);
extract($uid_info);
}
if (!http_test_existance($Did)) {
$did_url = findDidUrl($Did, $db);
$dateDiff_min = (strtotime(date('Y-m-d H:i:s')) - strtotime($did_url['checked_valid'])) / 60;
#did_url empty? Mothership working?#checked no longer than an hour?
if (empty($did_url) || $dateDiff_min > 60) {
#$mothership = $GLOBALS['s3db_info']['deployment']['mothership'];
$mothership = $uid_info['MS'];
if (http_test_existance($mothership)) {
#call mothership, find true url
$true_url = fread(fopen($mothership . '/s3rl.php?Did=' . $Did, 'r'), '100000');
if (!empty($true_url)) {
$data = html2cell($true_url);
}
$data[2]['deployment_id'] = substr($Did, 1, strlen($Did));
if (http_test_existance(trim($data[2]['url']))) {
$data[2]['checked_valid'] = date('Y-m-d H:i:s');
} else {
$data[2]['checked_valid'] = '';
}
#now update true url in local
if (empty($did_url)) {
insertDidUrl($data[2], $db);
} else {
updateDidUrl($data[2], $db);
}
#and define the variable
$url = $data['url'];
}
} else {
$url = trim($did_url['url']);
}
#echo '<pre>';print_r($did_url);exit;
} else {
$url = $Did;
}
return $url;
}
if (urldecode($rule['OBJECT']) != 'UID') {
$s3ql['insert'] = 'rule';
$s3ql['where'] = '';
$s3ql['where']['project_id'] = $project_id;
$s3ql['where']['subject_id'] = $class_id;
$s3ql['where']['verb'] = urldecode($rule['VERB']);
if ($classes[urldecode($rule['OBJECT'])] != '') {
#was there a class created with this object name?
$s3ql['where']['object_id'] = $classes[$rule['OBJECT']]['class_id'];
} else {
$s3ql['where']['object'] = urldecode($rule['OBJECT']);
}
$s3ql['where']['notes'] = urldecode($rule['NOTES']);
$s3ql['format'] = 'html';
$ruleInserted = S3QLaction($s3ql);
$msg = html2cell($ruleInserted);
$msg = $msg[2];
#echo $ruleInserted;
#ereg('<error>([0-9]+)</error>(.*)<(rule_id|message)>(.*)</(rule_id|message)>', $ruleInserted, $s3qloutRule);
if ($msg['error_code'] == '0') {
$rule_id = $msg['rule_id'];
$report .= '<tr><td><font color = "#00CC33">Rule ' . $rule['SUBJECT'] . ' ' . $rule['VERB'] . ' ' . $rule['OBJECT'] . ' created</font></td></tr>';
} else {
echo urldecode($rule['OBJECT']) != 'UID';
#echo '<pre>';print_r($rule);
$report .= '<tr><td><font color = "red">Rule ' . $rule['SUBJECT'] . ' ' . $rule['VERB'] . ' ' . $rule['OBJECT'] . ' was NOT created. Reason: ' . $msg['message'] . '</font></td></tr>';
}
}
}
}
}
function Query($s3ql)
{
if (!ereg('^' . S3DB_URI_BASE, $s3ql['url'])) {
$s3ql = array_filter(array_diff_key($s3ql, array('db' => '', 'user_id' => '')));
$rule_query = S3QLquery($s3ql);
$result = html2cell(stream_get_contents(fopen($rule_query, 'r')));
return $result;
} else {
$s3ql = array_filter(array_diff_key($s3ql, array('url' => '', 'key' => '')));
$result = S3QLaction($s3ql);
return $result;
}
}
function registerURL($U)
{
#this function call the db but it should NOT leave this one function
extract($U);
include_once 'config.inc.php';
$key = $GLOBALS['deployment_project']['key'];
include 'core.header.php';
#include (S3DB_SERVER_ROOT.'/webActions.php');
#require_once(S3DB_SERVER_ROOT.'/s3dbcore/class.db.inc.php');
#include_once(S3DB_SERVER_ROOT.'/s3dbcore/common_functions.inc.php');
#include_once(S3DB_SERVER_ROOT.'/s3dbcore/callback.php');
#Generate Did, and, since we're on it, name if empty
if (!$Did && $case == 'registernewURL') {
$Did = s3id();
}
if (!$name && $case == 'registernewURL') {
$name = 'D' . $Did;
$U['name'] = $name;
}
$db = CreateObject('s3dbapi.db');
$db->Halt_On_Error = 'no';
$db->Host = $GLOBALS['s3db_info']['server']['db']['db_host'];
$db->Type = $GLOBALS['s3db_info']['server']['db']['db_type'];
$db->Database = $GLOBALS['s3db_info']['server']['db']['db_name'];
$db->User = $GLOBALS['s3db_info']['server']['db']['db_user'];
$db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass'];
$db->connect();
$U['db'] = $db;
list($inputValid, $errMessage) = validate_register_inputs($U);
if ($inputValid) {
switch ($case) {
case 'registernewURL':
$protocol = $_SERVER['HTTPS'] != '' ? 'https://' : 'http://';
$url = ereg('localhost', $url) ? $protocol . getClientIP() . str_replace($protocol . 'localhost', '', $url) : $url;
#echo $sql;exit;
#echo $s3rl;exit;
if ($Did != '') {
$sql = "select * from s3db_deployment where deployment_id = '" . $Did . "'";
$db->query($sql, __LINE__, __FILE__);
if ($db->next_record()) {
return array(False, 'Did already exists. Please provide another one or leave that field blank for an arbitrary value');
}
}
#if($Did!=''){
$sql = "insert into s3db_deployment (deployment_id, url, publickey, message, created_on) values ('" . $Did . "', '" . $url . "', '" . $publicKey . "', '" . random_string(20) . "', now())";
#echo $sql;
$db->query($sql, __LINE__, __FILE__);
$s3rl = $Did;
#}
#else{
#include('s3id.php');
#$sql = "insert into s3db_deployment (deployment_id, url, publickey, message, created_on) values ('".$Did."', '".$url."', '".$publicKey."', '".random_string(20)."', now())";
#echo $sql;exit;
#$db->query($sql, __LINE__, __FILE__);
if ($db->Errno == 0) {
##Now create an entry in the project of deployemnts;
#create a remote user to access this entry
$s3ql = compact('user_id', 'db');
$s3ql['insert'] = 'user';
$s3ql['where']['user_id'] = $url . (substr($url, strlen($url) - 1, 1) == '/' ? '' : '/') . 'U1';
$s3ql['where']['permission_level'] = '111';
$s3ql['format'] = 'php';
$done = unserialize(S3QLaction($s3ql));
//$msg=html2cell($done);
$msg = $done[0];
if (ereg('^(4|9|0)$', $msg['error_code'])) {
$remoteUser = $s3ql['where']['user_id'];
$user_id = '1';
$s3ql = compact('user_id', 'db');
$s3ql['insert'] = 'item';
$s3ql['where']['collection_id'] = $GLOBALS['deployment_project']['collection_id'];
$s3ql['where']['item_id'] = $Did;
$s3ql['where']['notes'] = $name == '' ? urlencode('Deployment ' . $Did) : $name;
$s3ql['format'] = 'php';
$done = unserialize(S3QLaction($s3ql));
$msg = $done[0];
if ($msg['error_code'] == '0' || $msg['error_code'] == '4') {
$s3ql = compact('user_id', 'db');
$s3ql['insert'] = 'user';
$s3ql['where']['item_id'] = $msg['item_id'];
$s3ql['where']['user_id'] = $remoteUser;
$s3ql['where']['permission_level'] = '222';
$done = S3QLaction($s3ql);
$item_id = $msg['item_id'];
$msg = html2cell($done);
$msg = $msg[2];
#find the collectiont rules
$s3ql = compact('user_id', 'db');
$s3ql['from'] = 'rules';
$s3ql['where']['subject_id'] = $GLOBALS['deployment_project']['collection_id'];
$rules = S3QLaction($s3ql);
if (!empty($rules)) {
$s3ql = compact('user_id', 'db');
$s3ql['insert'] = 'statement';
$s3ql['where']['item_id'] = $item_id;
foreach ($rules as $key => $rule_info) {
if (in_array($rule_info['object'], array_keys($_GET))) {
$s3ql['where']['rule_id'] = $rule_info['rule_id'];
if ($rule_info['object'] == 'keywords') {
$keywords = explode(',', $_GET['keywords']);
foreach ($keywords as $word) {
if (is_base64_encoded($word)) {
$word = base64_decode($word);
}
$s3ql['where']['value'] = $word;
$done = S3QLaction($s3ql);
}
} elseif ($rule_info['object'] == 'url') {
$s3ql['where']['value'] = $url;
$done = S3QLaction($s3ql);
} elseif ($rule_info['object'] == 'description') {
$v = $_GET[$rule_info['object']];
if (is_base64_encoded($v)) {
$v = base64_decode($v);
}
$s3ql['where']['value'] = $v;
$done = S3QLaction($s3ql);
} elseif ($rule_info['object'] == 'name') {
$s3ql['where']['value'] = $name;
$done = S3QLaction($s3ql);
} else {
$v = $_GET[$rule_info['object']];
$s3ql['where']['value'] = $v;
$done = S3QLaction($s3ql);
}
}
}
}
}
}
}
#After registering url, return Did
if ($Did != '') {
return array(True, array('deployment_id' => $Did, 'name' => $name));
} else {
return array(False, '');
}
break;
case 'findURL':
##Let's first check if there is already a deployment in this URL
if ($url != '') {
$sql = "select * from s3db_deployment where url = '" . $url . "'";
$db->query($sql, __LINE__, __FILE__);
if ($db->next_record()) {
$reg = array('deployment_id' => $db->f('deployment_id'), 'url' => $db->f('url'), 'modified_on' => $db->f('modified_on'));
return array(True, $reg);
}
} elseif ($Did != '') {
$sql = "select * from s3db_deployment where deployment_id = '" . str_replace('D', '', $Did) . "'";
$db->query($sql, __LINE__, __FILE__);
if ($db->next_record()) {
$reg = array('url' => $db->f('url'), 'publicKey' => $db->f('publickey'), 'modified_on' => $db->f('modified_on'));
return array(True, $reg);
} else {
return array(False, 'Did not found');
}
}
break;
case 'updateURL':
#did the user send the decripted message already? Validate and change the message
if ($message != '') {
$sql = "select * from s3db_deployment where deployment_id = '" . str_replace('D', '', $Did) . "'";
$db->query($sql, __LINE__, __FILE__);
if ($db->next_record()) {
$oldUrl = $db->f('url');
$storedMessage = $db->f('message');
#do messages match?
if ($storedMessage != $message) {
#$sql = "update s3db_register set message= '".random_string(20)."' where deployment_id = '".str_replace('D', '', $Did)."'";
return array(False, 'Error code:<error>3</error><description> Decripted Message does not match the request</description>');
} else {
#echo 'ahaa, you found it :-)';
#update key
$sql = "update s3db_deployment set url = '" . $newUrl . "', message= '" . random_string(20) . "', modified_on = now() where deployment_id = '" . str_replace('D', '', $Did) . "'";
$db->query($sql, __LINE__, __FILE__);
##Now update the entry on s3db
$sql = "update s3db_statement set url='" . $newUrl . "' where rule_id='' and item_id=''";
$dbdata = get_object_vars($db);
if ($dbdata['Errno'] == '0') {
return array(True, 'Error code:<error>0</error><description> URL updated</description>');
} else {
return array(False, 'Error code:<error>1</error><description> Could not update URL</description>');
}
}
} else {
return array(False, 'Error code:<error>2</error> Could not find Did');
}
} else {
#send a message to the url to make sure he is who he says he is
$sql = "select * from s3db_deployment where deployment_id = '" . ereg_replace('^D', '', $Did) . "'";
$db->query($sql);
if ($db->next_record()) {
$publicKey = $db->f('publickey');
$message = $db->f('message');
} else {
return array(False, 'Could not find URL');
}
#encript it
require_once 'pearlib/RSACrypt/RSA.php';
$encripted = encrypt($message, $publicKey);
if ($encripted == '') {
$encripted = encrypt($message, urlencode($publicKey));
}
$ErrMessage = "For authentication, please decript this message using your private key: <message>" . rawurlencode($encripted) . "</message><br />(Note: you might need to remove url encoding that your browser might have added before decoding. Plase refer to http://www.asciitable.com/ for the correct characters.)";
echo formatReturn($GLOBALS['error_codes']['success'], $ErrMessage, $format, array('encripted' => $encripted));
exit;
#echo "For authentication, please decript this message using your private key: <message>".rawurlencode($encripted)."</message>";
#echo "<br />(Note: you might need to remove url encoding that your browser might have added before decoding. Plase refer to http://www.asciitable.com/ for the correct characters.)";
# exit;
}
}
} else {
echo formatReturn($GLOBALS['error_codes']['wrong_input'], $errMessage, $format, '');
}
}
