$assess = ABETAssessment::create('', $row['id'], null, $critId); $assess->add_general_content(); } return array(OKAY, json_encode($row)); }); http_response_code($code); echo $json; } } else { if ($_SERVER['REQUEST_METHOD'] == 'POST') { // verify fields static $fields = array('id', 'name', 'abbrv', 'semester', 'year', 'description'); $a = array_map(function ($x) { if (!array_key_exists($x, $_POST)) { return null; } return !is_null($_POST[$x]) && $_POST[$x] !== ''; }, $fields); if (($key = array_search(false, $a, false)) !== false) { if (is_null($a[$key])) { page_fail_with_reason(BAD_REQUEST, "missing field name"); } page_fail_on_field(BAD_REQUEST, $fields[$key], 'value must have non-zero length'); } // update the specified element $query = new Query(new QueryBuilder(UPDATE_QUERY, array('table' => 'program', 'updates' => array('name' => "s:{$_POST['name']}", 'abbrv' => "s:{$_POST['abbrv']}", 'semester' => "s:{$_POST['semester']}", 'year' => "i:{$_POST['year']}", 'description' => "s:{$_POST['description']}"), 'where' => 'id = ?', 'where-params' => array("i:{$_POST['id']}"), 'limit' => 1))); echo "{\"success\":true}"; } else { page_fail(BAD_REQUEST); } }
function create_file($gcId) { // we must change the file permissions to rw-r--r-- so that mySQL can // read the uploaded file; this allows 'others' to read the file (beware!) chmod($_FILES['file']['tmp_name'], 0644); // perform update/select operations within a transaction list($code, $message) = Query::perform_transaction(function (&$rollback) use($gcId) { global $DATETIME_FORMAT; // create new file_upload entity $insert = new Query(new QueryBuilder(INSERT_QUERY, array('table' => 'file_upload', 'fields' => array('file_name', 'file_contents', 'file_comment', 'file_created', 'fk_author', 'fk_content_set'), 'values' => array(array("s:{$_FILES['file']['name']}", "l:LOAD_FILE('{$_FILES['file']['tmp_name']}')", "s:", "l:NOW()", "i:{$_SESSION['id']}", "i:{$gcId}"))))); if (!$insert->validate_update()) { $rollback = true; return array(SERVER_ERROR, "failed to insert file_upload"); } // select the newly created row from the DB, along with some info about the user $row = (new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('file_upload' => array('id', 'file_name', 'file_comment'), 1 => "DATE_FORMAT(file_created,'{$DATETIME_FORMAT}') file_created", 'userprofile' => array('first_name', 'last_name')), 'joins' => 'INNER JOIN userprofile ON userprofile.id = file_upload.fk_author', 'where' => 'file_upload.id = LAST_INSERT_ID()'))))->get_row_assoc(); if (is_null($row)) { $rollback = true; return array(SERVER_ERROR, "could not retrieve inserted row"); } // format the data for the client // id, file_name, file_comment (empty), file_created, author (string) $entity = new stdClass(); $entity->id = $row['id']; $entity->file_name = $row['file_name']; $entity->file_comment = $row['file_comment']; $entity->file_created = $row['file_created']; $entity->author = "{$row['first_name']} {$row['last_name']}"; return array(OKAY, json_encode($entity)); }); if ($code != OKAY) { page_fail_with_reason($code, $message); } return $message; }