<?php
// check if a user has access to something
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$user = $_SESSION['user_id'];
$id = intval($_POST['id']);
$table = $_POST['table'];
if (in_array($table, array('tem', 'fm', 'img'))) {
$q = new myQuery("SELECT COUNT(*) AS c FROM {$table} WHERE id={$id} AND user_id={$user}");
$c = $q->get_one();
if ($c == 0) {
$return['error'] = true;
$return['errorText'] = "Either the item does't exist or you do not own it.";
}
} else {
$return['error'] = true;
$return['errorText'] = "You cannot check for access in the {$table} table.";
}
scriptReturn($return);
exit;
if (is_dir($dir . '/' . $currentFile)) {
$ret2 = countFilesProc($dir . '/' . $currentFile);
$ret['files'] += $ret2['files'];
$ret['size'] += $ret2['size'];
} else {
$ret['files']++;
$ret['size'] += filesize($dir . '/' . $currentFile);
}
}
}
closedir($odir);
return $ret;
}
$user = $_SESSION['user_id'];
$proj_id = $_POST['proj_id'];
$q = new myQuery("SELECT project.user_id as owner \n FROM project \n LEFT JOIN project_user ON (project.id=project_id)\n WHERE project_user.user_id='{$user}' AND project_id='{$proj_id}'");
if ($q->get_num_rows() > 0) {
$return['filemtime'] = filemtime(IMAGEBASEDIR . $proj_id);
if ($return['filemtime'] != $_POST['filemtime']) {
$res = countFilesProc(IMAGEBASEDIR . $proj_id);
if ($res) {
$return['mysize'] = $q->get_one() == $user ? $res['size'] : 0;
$return['files'] = $res['files'] | 0;
$return['trash'] = $res['trash'] | 0;
$return['tmp'] = $res['tmp'] | 0;
$return['size'] = formatBytes($res['size']);
}
}
}
scriptReturn($return);
exit;
<?php
// set up data to delineate an image
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
ini_set('max_execution_time', 10);
if (array_key_exists('img', $_POST)) {
if (is_numeric($_POST['img'])) {
// get saved image by id number
$q = new myQuery('SELECT name FROM img WHERE id=' . intval($_POST['img']));
$name = '/images' . $q->get_one();
echo $name;
exit;
} else {
$name = my_clean($_POST['img']);
}
$imgname = str_replace("//", "/", $name);
if (substr($imgname, -4) == '.tem') {
// find the actual image associated with this tem if only a tem was passed
$imgname = preg_replace('@\\.(jpg|png|gif|tem)$@', '.jpg', $imgname);
if (!file_exists(IMAGEBASEDIR . $imgname)) {
$imgname = preg_replace('@\\.(jpg|png|gif|tem)$@', '.png', $imgname);
} else {
if (!file_exists(IMAGEBASEDIR . $imgname)) {
$imgname = preg_replace('@\\.(jpg|png|gif|tem)$@', '.gif', $imgname);
} else {
if (!file_exists(IMAGEBASEDIR . $imgname)) {
$imgname = preg_replace('@\\.(jpg|png|gif|tem)$@', '.tem', $imgname);
}
}
}
} else {
$ret['files']++;
$ret['size'] += filesize($dir . '/' . $currentFile);
}
}
}
closedir($odir);
return $ret;
}
$total_size = 0;
foreach ($return['projects'] as $i => $proj) {
$st = microtime(true);
$res = countFilesOO(IMAGEBASEDIR . $proj['id']);
if ($proj['user_id'] == $user) {
$mysize += $res['size'];
}
if ($res) {
$return['projects'][$i]['filemtime'] = filemtime(IMAGEBASEDIR . $proj['id']);
$return['projects'][$i]['files'] = $res['files'] | 0;
$return['projects'][$i]['trash'] = $res['trash'] | 0;
$return['projects'][$i]['tmp'] = $res['tmp'] | 0;
$return['projects'][$i]['size'] = formatBytes($res['size']);
}
$return['time']['proj' . $proj['id']] = microtime(true) - $st;
}
//$return['userAllocation'] = userAllocation($user);
$q = new myQuery("SELECT allocation FROM user WHERE id='{$user}'");
$allocation = $q->get_one(0, 'allocation');
$return['userAllocation'] = array('allocation' => $allocation, 'size' => $mysize / 1024 / 1024);
scriptReturn($return);
exit;
<?php
// check project permissions and set project_id SESSION variable
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$proj_id = validID($_POST['project']) ? $_POST['project'] : 0;
$q = new myQuery("SELECT perm\n FROM project_user\n WHERE user_id='{$_SESSION['user_id']}'\n AND project_id='{$proj_id}'");
if ($q->get_num_rows() == 1) {
$return['perm'] = $q->get_one();
$_SESSION['project_id'] = $proj_id;
} else {
$return['error'] = true;
$return['errorText'] = 'You do not have permission to access this project.';
}
scriptReturn($return);
exit;
$return['Description'] = array_merge($return['Description'], explode(' ', trim($vars[1])));
} else {
$return['Description'][trim($vars[0])] = trim($vars[1]);
}
} else {
$return['Description'][] = $d;
}
}
} else {
$return['Description'] = str_replace("\n", "<br>", trim($origdesc));
}
}
if (is_numeric($img['id'])) {
$q = new myQuery("SELECT GROUP_CONCAT(tag SEPARATOR '; ') as tags FROM tag WHERE id={$img['id']} GROUP BY id");
if ($q->get_num_rows() > 0) {
$return = array_merge(array('Tags' => $q->get_one()), $return);
}
}
// add embedded tem info
$tem = str_replace('ASCII', '', $exif['UserComment']);
if (!empty($tem)) {
$return['Embedded Tem'] = "<pre>" . $tem . "</pre>";
}
} elseif (exif_imagetype($filename) == IMAGETYPE_PNG) {
$png = new PNG_Reader($filename);
$rawTextData = $png->get_chunks('tEXt');
$metadata = array();
foreach ($rawTextData as $data) {
$sections = explode("", $data);
if ($sections > 1) {
$key = array_shift($sections);
function checkAllocation()
{
// check permissions for this project
$q = new myQuery("SELECT perm\n FROM project_user\n WHERE user_id='{$_SESSION['user_id']}'\n AND project_id='{$_SESSION['project_id']}'");
$perm = $q->get_one();
if ($perm !== 'all') {
$return = array("error" => true, "errorText" => "You do not have permission to save files to this project.");
scriptReturn($return);
exit;
}
// check overall allocation
$ua = userAllocation($_SESSION['user_id']);
if ($ua['size'] > $ua['allocation']) {
$return = array("error" => true, "size" => $ua['size'], "allocation" => $ua['allocation'], "errorText" => "You have exceeded your allocation of " . round($ua['allocation'] / 1024, 1) . " GB");
scriptReturn($return);
exit;
}
// return true if all fine
return true;
}
<?php
// remove an owner from a project
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$user = $_SESSION['user_id'];
$project = $_POST['project'];
$deluser = $_POST['owner'];
$q = new myQuery("SELECT 1 FROM project_user WHERE project_id='{$project}' AND user_id='{$user}'");
if ($q->get_affected_rows() > 0) {
$q = new myQuery("SELECT COUNT(*) as c FROM project_user WHERE project_id='{$project}' GROUP BY project_id");
if ($q->get_one() < 2) {
$return['error'] = true;
$return['errorText'] = "This project only has one user. Please add more before deleting users to avoid abandoning projects.";
} else {
$q = new myQuery("DELETE FROM project_user WHERE project_id='{$project}' AND user_id='{$deluser}'");
if ($q->get_affected_rows() == 0) {
$return['error'] = true;
$return['errorText'] = "This user could not be deleted from this project";
}
}
} else {
$return['error'] = true;
$return['errorText'] = "You do not have permission to delete users from this project";
}
scriptReturn($return);
exit;
?>
<?php
// get default values for a tem in the database
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$user = $_SESSION['user_id'];
$tem_id = intval($_POST['tem_id']);
$q = new myQuery("SELECT name FROM tem WHERE id=" . $tem_id);
$return['name'] = $q->get_one();
$q = new myQuery("SELECT n as i, name, x, y FROM point WHERE tem_id=" . $tem_id . " ORDER BY n");
$return['defaultTem'] = $q->get_assoc();
$q = new myQuery("SELECT points FROM line WHERE tem_id=" . $tem_id . " ORDER BY n");
$return['defaultLines'] = array_map(function ($a) {
return explode(',', $a['points']);
}, $q->get_assoc());
$q = new myQuery("SELECT n, color FROM line WHERE tem_id=" . $tem_id . " ORDER BY n");
$return['lineColors'] = $q->get_assoc(false, false, 'color');
$q = new myQuery("SELECT 3ptdelin1, 3ptdelin2, 3ptdelin3 FROM tem WHERE id=" . $tem_id);
$pts = $q->get_row();
$return['fitPoints'] = array($pts['3ptdelin1'], $pts['3ptdelin2'], $pts['3ptdelin3']);
scriptReturn($return);
exit;
/*
CREATE TABLE tem (
id INT(11) NOT NULL AUTO_INCREMENT,
user_id INT(4) NOT NULL,
name VARCHAR(255) NOT NULL,
notes TEXT,
public BOOL DEFAULT 0,
3ptdelin1 INT(4),
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
date_default_timezone_set('Europe/London');
include DOC_ROOT . '/include/classes/PHPMailer/PHPMailerAutoload.php';
$return = array('error' => false, 'errorText' => '');
$id = my_clean($_POST['id']);
$auth = cleanData($_POST, 'auth', array("user", "disabled"), $default = 'disabled');
$q = new myQuery("UPDATE user SET status='{$auth}' WHERE id={$id}");
if ($auth == "user" && $q->get_affected_rows() == 1) {
// create a new password
$chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNPQRSTUVWXYZ123456789123456789";
$password = substr(str_shuffle($chars), 0, 10);
$salt = '$2y$10$' . substr(md5(microtime()), 0, 21) . '$';
$hash = crypt($password, $salt);
$q = new myQuery(array("UPDATE user SET password='******' WHERE id='{$id}'", "SELECT email FROM user WHERE id='{$id}'"));
$email = $q->get_one();
$return['email'] = $email;
if (DEBUG) {
$return['newpass'] = $password;
}
// only for debugging!!!!
// email new password to the user
$to = $email;
$subject = 'WebMorph.org Account Authorized';
$headers = "From: lisa.debruine@glasgow.ac.uk\r\n";
$headers .= "Reply-To: lisa.debruine@glasgow.ac.uk\r\n";
$headers .= "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=ISO-8859-1\r\n";
$message = "<html><body style='color: rgb(50,50,50); font-family:\"Lucida Grande\"';>" . "<p>Hi {$email},</p>\n" . "<p>Your requested <a href='http://webmorph.org'>WebMorph</a> account has been authorized.</p>\n" . "<p>Remember, WebMorph is in beta testing, so there are likely to be problems sometimes. \n WebMorph should work with Chrome and Safari, but I develop in FireFox, so errors are usually \n caught there first.</p>\n" . "<div style='border: 3px solid hsl(200,100%,20%); " . " box-shadow: 2px 2px 4px rgba(0,0,0,0.5);border-radius: 1em; padding: 1em; " . " text-align: center; width: 18em; margin: auto;'>\n" . " Your new password:\n" . " <div style='font-size: 200%; margin-top: 0.5em;'>{$password}</div>\n" . "</div>\n" . "<p>You can reset your password after logging in by going to the Preferences menu option.</p>\n" . "<p>Kind regards,</p>\n" . "<p>Lisa DeBruine</p>\n" . "</body></html>\n.";
$text_message = "Hi {$email},\n" . "Your requested <a href='http://webmorph.org'>WebMorph</a> account has been authorized.\n\n" . "Remember, WebMorph is in beta testing, so there are likely to be problems sometimes. \n WebMorph should work with Chrome and Safari, but I develop in FireFox, so errors are usually \n caught there first. \n\n" . "Your new password: {$password} \n\n" . "You can reset your password after logging in by going to the Preferences menu option.</p>\n\n" . "Kind regards,\n" . "Lisa DeBruine\n.";
//mail($to, $subject, $message, $headers);
<?php
// delete a default template from the database
require_once $_SERVER['DOCUMENT_ROOT'] . '/include/main_func.php';
auth();
$return = array('error' => false, 'errorText' => '');
$user = $_SESSION['user_id'];
// check if user has permission to delete this template
$tem_id = intval($_POST['id']);
$q = new myQuery("SELECT COUNT(*) as c FROM tem WHERE user_id={$user} AND id={$tem_id} AND id>1");
if ($q->get_one() == 0) {
$return['error'] = true;
$return['errorText'] = 'You do not have permission to delete this template.';
header('Content-Type: application/json');
echo json_encode($return);
exit;
}
$q = new myQuery("DELETE FROM tem WHERE id={$tem_id};");
$return['tem_deleted'] = $q->get_affected_rows();
if ($return['tem_deleted'] == 0) {
$return['error'] = true;
$return['errorText'] = "Template {$tem_id} was not deleted.";
} else {
$q->set_query("DELETE FROM point WHERE tem_id={$tem_id};");
$return['points_deleted'] = $q->get_affected_rows();
$q->set_query("DELETE FROM line WHERE tem_id={$tem_id};");
$return['lines_deleted'] = $q->get_affected_rows();
}
scriptReturn($return);
exit;
public function getID()
{
$ps = $this->getPointNumber();
$ls = count($this->_lines);
$user_id = $_SESSION['user_id'];
$q = new myQuery("SELECT tem.id, \n COUNT(DISTINCT p.n) as ps, \n COUNT(DISTINCT l.n) as ls,\n COUNT(DISTINCT sym) as syms \n FROM tem \n LEFT JOIN point as p on p.tem_id=tem.id \n LEFT JOIN line as l on l.tem_id=tem.id\n WHERE tem.public=1 OR tem.user_id={$user_id}\n GROUP BY tem.id\n HAVING ps={$ps} AND ls={$ls} AND syms>0");
if ($q->get_num_rows() >= 1) {
return intval($q->get_one());
} else {
return false;
}
}
return false;
case 'mirror':
if (preg_match('/^(true|t|1)$/i', $data)) {
$img->mirror();
return true;
}
return false;
}
}
$return = array('error' => true, 'errorText' => '', 'newFileName' => '');
$image = safeFileName($_POST['theData']['image']);
if ($image) {
ini_set('memory_limit', '512M');
$default_rgb = array(255, 255, 255);
$q = new myQuery("SELECT prefval FROM pref WHERE user_id='{$_SESSION['user_id']}' AND pref='mask_color'");
if ($q->get_num_rows() == 1 && preg_match('/rgb\\((\\d{1,3}),(\\d{1,3}),(\\d{1,3})\\)$/i', $q->get_one(), $rgb)) {
$default_rgb = array_slice($rgb, 1);
}
include_once DOC_ROOT . '/include/classes/psychomorph.class.php';
if (array_key_exists('hasTem', $_POST['theData'])) {
$img = new PsychoMorph_ImageTem($image);
} else {
$img = new PsychoMorph_Image($image);
}
// set order
$possible_edits = array('align', 'resize', 'rotate', 'crop', 'mask', 'sym', 'mirror');
if ($_POST['theData']['order'] == '' || $_POST['theData']['order'] == 'false') {
$edits = $possible_edits;
} else {
$edits = explode(',', $_POST['theData']['order']);
}
echo "<h3>Time Comparison</h3>\n<ul>\n\t<li>MySQL time: {$mysql_time}</li>\n\t<li>PHP time: {$php_time}</li>\n</ul>";
echo "<h3>MySQLi Test</h3>";
$q = new myQuery("SELECT id, firstname FROM user LIMIT 3");
echo '<table><thead><tr><th></th><th>Answer</th><th>True Value</th></thead></tr><tbody>';
echo '<tr><td>Query</td><td>' . $q->get_query() . '</td><td>SELECT id, firstname FROM user LIMIT 3</td></tr>';
echo '<tr><td>N Rows</td><td>' . $q->get_num_rows() . '</td><td>3</td></tr>';
echo '<tr><td>get_row()</td><td>';
print_r($q->get_row());
echo '</td><td>Array ( [id] => 1 [firstname] => Lisa )</td></tr>';
echo '<tr><td>get_row(2)</td><td>';
print_r($q->get_row(2));
echo '</td><td>Array ( [id] => 3 [firstname] => Amanda )</td></tr>';
echo '<tr><td>get_col("id")</td><td>';
print_r($q->get_col('id'));
echo '</td><td>Array ( [0] => 1 [1] => 2 [2] => 3 )</td></tr>';
echo '<tr><td>get_one()</td><td>' . $q->get_one() . '</td><td>1</td></tr>';
echo '<tr><td>get_one(2, "firstname")</td><td>' . $q->get_one(2, 'firstname') . '</td><td>Amanda</td></tr>';
echo '<tr><td>get_one(2, "error")</td><td>' . $q->get_one(2, 'error') . '</td><td>Column <code>error</code> does not exist in row <code>2</code></td></tr>';
echo '<tr><td>get_assoc()</td><td>';
print_r($q->get_assoc());
echo '</td><td>Array ( [0] => Array ( [id] => 1 [firstname] => Lisa ) [1] => Array ( [id] => 2 [firstname] => Ben ) [2] => Array ( [id] => 3 [firstname] => Amanda ) )</td></tr>';
echo '<tr><td>get_result_as_table()</td><td>' . $q->get_result_as_table() . '</td><td>
<table class="query">
<thead><tr> <th>id</th><th>firstname</th></tr></thead><tbody>
<tr><td>1</td> <td>Lisa</td></tr>
<tr><td>2</td><td>Ben</td></tr>
<tr><td>3</td><td>Amanda</td></tr>
</tbody></table></td></tr>';
echo '<tr><td>prepare()</td><td>';
$query = "SELECT id, email FROM user WHERE firstname!=? AND lastname!=?";
$params = array("ss", "Lisa", "DeBruine");
$firstname = my_clean($_POST['firstname']);
$lastname = my_clean($_POST['lastname']);
$org = my_clean($_POST['org']);
$sex = in_array($_POST['sex'], array('male', 'female', 'other')) ? $_POST['sex'] : 'NULL';
$research = $_POST['research'] == 'true' ? 1 : 0;
$business = $_POST['business'] == 'true' ? 1 : 0;
$personal = $_POST['personal'] == 'true' ? 1 : 0;
$school = $_POST['school'] == 'true' ? 1 : 0;
$art = $_POST['art'] == 'true' ? 1 : 0;
$status = $_POST['invite'] === 'faces94' ? 'user' : 'requested';
$q = new myQuery("INSERT INTO user \n (email, password, firstname, lastname, organisation, sex, research, business, personal, art, school, status, regdate) \n VALUES ('{$email}', '{$hash}', '{$firstname}', '{$lastname}', '{$org}', '{$sex}', {$research}, {$business}, {$personal}, {$art}, {$school}, '{$status}', NOW())");
date_default_timezone_set('Europe/London');
include DOC_ROOT . '/include/classes/PHPMailer/PHPMailerAutoload.php';
if ($status == "requested") {
$q = new myQuery("SELECT COUNT(*) as c FROM user WHERE status='requested'");
$wait_list = $q->get_one();
$message = "<html><body style='color: rgb(50,50,50); font-family:\"Lucida Grande\"';>" . "<p>Hi {$firstname} {$lastname},</p>\n" . "<p>You (or someone) just created an account at <a href='http://webmorph.org'>WebMorph</a>.</p>\n" . "<p>You will receive an email with your password when your account is authorized. \n Because WebMorph is in alpha testing, we are limiting the number of users. \n You are number {$wait_list} on the wait list.</p>\n" . "<p>Kind regards,</p>\n" . "<p>Lisa DeBruine</p>\n" . "</body></html>\n.";
$text_message = "Hi {$firstname} {$lastname},\n" . "You (or someone) just created an account at <a href='http://webmorph.org'>WebMorph</a>.\n\n" . "You will receive an email with your password when your account is authorized. Because WebMorph is in alpha testing, we are limiting the number of users. You are number {$wait_list} on the wait list.\n" . "Kind regards,\n" . "Lisa DeBruine\n.";
} else {
// mail pasword to user
$message = "<html><body style='color: rgb(50,50,50); font-family:\"Lucida Grande\"';>" . "<p>Hi {$firstname} {$lastname},</p>\n" . "<p>You (or someone) just created an account at " . "<a href='http://webmorph.org'>WebMorph</a>.</p>\n" . "<div style='border: 3px solid hsl(200,100%,30%); " . " box-shadow: 2px 2px 4px rgba(0,0,0,0.5);border-radius: 1em; padding: 1em; " . " text-align: center; width: 18em; margin: auto;'>\n" . " Your new password:\n" . " <div style='font-size: 200%; margin-top: 0.5em;'>{$password}</div>\n" . "</div>\n" . "<p>You can reset your password after logging in by going to the Preferences menu option.</p>\n" . "<p>Kind regards,</p>\n" . "<p>Lisa DeBruine</p>\n" . "</body></html>\n.";
$text_message = "Hi {$firstname} {$lastname},\n" . "You (or someone) just created an account at <a href='http://webmorph.org'>WebMorph</a>.\n\n" . "Your new password: {$password} \n\n" . "You can reset your password after logging in by going to the Preferences menu option.\n\n" . "Kind regards,\n" . "Lisa DeBruine\n.";
}
$mail = new PHPMailer();
//Create a new PHPMailer instance
/*
$mail->isSMTP(); //Tell PHPMailer to use SMTP
$mail->SMTPDebug = 0; //Enable SMTP debugging 0=off, 1=client, 2=server
$mail->Debugoutput = 'html'; //Ask for HTML-friendly debug output
$mail->Host = "mail.psy.gla.ac.uk"; //Set the hostname of the mail server
$mail->Port = 25; //Set the SMTP port number - likely to be 25, 465 or 587
