} else {
return NULL;
}
}
function respond($status, $SESSIONID, $USERNAME, $EXIT = false)
{
echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>";
if ($EXIT == true) {
exit;
}
}
// MAIN
if (count($_POST) > 0 or count($_GET) > 0) {
#
// VALIDATE INPUTS
$USERNAME = _INPUT("USERNAME");
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', '', true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true);
}
// CHECK STATUS IS RESET
$stmt = $mysqli->prepare("SELECT tmp, status FROM users WHERE usr = ?");
$stmt->bind_param('s', $USERNAME);
// EXECUTE AND GET RESULTS
$stmt->execute();
$stmt->bind_result($tmp, $stat);
// IMPORT PHP LIBRARIES
include_once '/srv/www/php-lib/cge_std_tools.php';
// Including CGE_std clases and functions
//////////////////////// MAIN /////////////////////////
if (count($_POST) + count($_GET) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
// VALIDATE SESSION
$SESSIONID = $_SESSION['SESSIONID'];
$USERNAME = $_SESSION['USERNAME'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', true);
}
// VALIDATE INPUTS
$sid = _INPUT("SID");
if ($sid == '' or $sid == null) {
respond("NOSID", '', true);
}
if (preg_match("/[^0-9]/", $sid)) {
respond("BADSID", array('VALUE' => $sid), true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true);
}
// VALIDATE USER AND EXTRACT UID => $status = ACCEPTED or NOUSER or INVALIDSESSION
list($status, $uid) = ValidateUser($mysqli, $USERNAME, $SESSIONID);
// VERIFY SERVICE ACCESS PERMISSIONS => $status = ACCEPTED or NOACCESS or NOSERVICE
}
}
// MAIN
if ((count($_POST) > 0 or count($_GET) > 0) and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
# count($_POST)>0 or count($_GET)>0
// VALIDATE SESSION
$SESSIONID = $_SESSION['SESSIONID'];
$USERNAME = $_SESSION['USERNAME'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', true);
}
// VALIDATE INPUTS
$SID = _INPUT("SID");
if (preg_match("/[^0-9]/", $SID)) {
respond("BADID", '', true);
}
if ($SID == '') {
respond("NOID", '', true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', true);
}
// CHECK USERNAME, SESSIONID AND ISOLATE
$stmt = $mysqli->prepare("SELECT u.id, u.session_id, i.isolate_path, s.folder \n FROM users u \n INNER JOIN isolates i ON i.owner = u.id \n INNER JOIN services s ON s.isolate_id = i.id \n WHERE u.usr = ?\n AND s.id = ?\n ;");
$stmt->bind_param('ss', $USERNAME, $SID);
<?php
$album_cat = _INPUT("sac", "");
?>
<div id="lightbox">
<div id="lightboxPhoto">
</div>
<div id="lightboxCaption">
(Click image to close)
</div>
</div>
<div class="sc_album_cat">
<?php
$current_album = album_categories_list($album_cat);
?>
</div>
<div class="sc_album_content">
<?php
album_content($current_album);
?>
</div>
respond('NODATA', '');
}
} else {
// RESPOND WITH REJECTION
respond($status, '', '');
}
//CLOSING DATABASE
$mysqli->close();
} else {
// VALIDATE INPUTS
$filename = _INPUT('FILENAME');
$iid = _INPUT('IID');
$date = _INPUT('DATE');
$sid = _INPUT('SID');
$service = _INPUT('SERVICE');
$version = _INPUT('VERSION');
if ($filename == '') {
respond("NOFILENAME", '', true);
}
if ($iid == '') {
respond("NOIID", '', true);
}
if ($date == '') {
respond("NODATE", '', true);
}
if ($sid == '') {
respond("NOSID", '', true);
}
if ($service == '') {
respond("NOSERVICE", '', true);
}
//"run$rid"
} elseif ($pm_id) {
$isolate['runs'][$rid]['servicedata']['pm_id'] = $pm_id;
} elseif ($rf_id) {
$isolate['runs'][$rid]['servicedata']['rf_id'] = $rf_id;
}
return $isolate;
}
}
// MAIN
if (count($_POST) > 0) {
# or count($_GET)>0 // There is inputs
// GET INPUTS
$USERNAME = _INPUT('USERNAME');
$SESSIONID = _INPUT('SESSIONID');
$ACTION = _INPUT('ACTION');
// Checking if username is invalid
if (preg_match("/[^A-Za-z0-9\\,\\_\\-\\.\\@]/", $USERNAME) or strlen($USERNAME) < 2) {
respond('BADUSER', '');
}
// Checking if session id is invalid
if (preg_match("/[^A-Za-z0-9]/", $SESSIONID) or strlen($SESSIONID) < 40) {
respond('BADSESSIONID', '');
}
// Checking if action is invalid
if (preg_match("/[^a-z]/", $ACTION) or strlen($ACTION) != 3) {
respond('BADACTION', '');
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
<?php
$blog_page = _INPUT("bp", "front");
$blog_list_offset = _INPUT("o", 0);
/*
if($blog_page === "front") {
blog_front_page();
} else {
blog_post($blog_page);
}
*/
switch ($blog_page) {
case "front":
blog_front_page();
break;
case "archive":
$archive_year = _INPUT("ayr", "");
$archive_month = _INPUT("amo", "");
if ($archive_month === "" || $archive_year === "") {
blog_archives_list();
//switch to archive front
} else {
blog_archive($archive_year, $archive_month);
}
break;
default:
blog_post($blog_page);
break;
}
$name = _INPUT('NAME');
$note = _INPUT('NOTE');
$mdate = _INPUT('MDATE');
$technology = _INPUT('TECHNOLOGY');
$ipublic = _INPUT('IPUBLIC');
$country = _INPUT('COUNTRY');
$region = _INPUT('REGION');
$city = _INPUT('CITY');
$zip = _INPUT('ZIP');
$lon = _INPUT('LON');
$lat = _INPUT('LAT');
$lnote = _INPUT('LOCNOTE');
$origin = _INPUT('ORIGIN');
$onote = _INPUT('ONOTE');
$pathogenicity = _INPUT('PATHOGENICITY');
$pnote = _INPUT('PNOTE');
if ($iid == '' or $iid == null) {
respond("NOIID", '', true);
}
if ($country == '' or $country == null) {
respond("NOCOUNTRY", '', true);
}
if (preg_match("/[^0-9]/", $iid)) {
respond("BADIID", array('VALUE' => $iid), true);
}
if (preg_match("/[^0-9\\.]/", $lon)) {
respond("BADLON", array('VALUE' => $lon), true);
}
if (preg_match("/[^0-9\\.]/", $lat)) {
respond("BADLAT", array('VALUE' => $lat), true);
}
}
}
// MAIN
if (count($_POST) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
# count($_POST)>0 or count($_GET)>0
// VALIDATE SESSION
$SESSIONID = $_SESSION['SESSIONID'];
$USERNAME = $_SESSION['USERNAME'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', true);
}
// VALIDATE INPUTS
$IID = _INPUT("IID");
if (preg_match("/[^0-9]/", $IID)) {
respond("BADID", '', true);
}
if ($IID == '') {
respond("NOID", '', true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', true);
}
// CHECK USERNAME, SESSIONID AND ISOLATE
$stmt = $mysqli->prepare("SELECT u.id, u.session_id, i.public, i.isolate_path\n FROM isolates i\n INNER JOIN users u ON u.id = i.owner\n WHERE u.usr = ?\n AND i.id = ?\n ;");
$stmt->bind_param('ss', $USERNAME, $IID);
respond("NORESULTS", $msg, true);
}
}
//////////////////////// MAIN ////////////////////////
// CHECK FOR CORRECT INPUTS
if (isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
// VALIDATE SESSION
$SESSIONID = $_SESSION['SESSIONID'];
$USERNAME = $_SESSION['USERNAME'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', true, true, true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', true, true, true);
}
if (_INPUT('view') == 'resistance') {
$view = 'resistance';
} else {
$view = '';
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true, true, true);
}
// VALIDATE USER AND EXTRACT UID => $status = ACCEPTED or NOUSER or INVALIDSESSION
list($status, $uid) = ValidateUser($mysqli, $USERNAME, $SESSIONID);
// CLOSING CONNECTION
$mysqli->close();
// Extract Result data
}
}
// MAIN
if (count($_POST) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
#+count($_GET)
// VALIDATE SESSION
$USERNAME = $_SESSION['USERNAME'];
$SESSIONID = $_SESSION['SESSIONID'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', '', true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', '', true);
}
// VALIDATE INPUTS
$IID = _INPUT('ISOLATEID');
if (preg_match("/[^0-9]/", $IID)) {
respond("BADISOLATE", '', '', true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true);
}
// CHECK USERNAME AND SESSIONID
$stmt = $mysqli->prepare("SELECT id, session_id FROM users WHERE usr = ?");
$stmt->bind_param('s', $USERNAME);
// EXECUTE AND GET RESULTS
$stmt->execute();
$stmt->bind_result($uid, $sid);
ini_set('display_errors', 1);
error_reporting(E_ALL);
require_once "./system/phpfastcache.php";
include './system/parsedown.php';
include './system/ParsedownExtra.php';
include './system/settings.php';
$fastCache = phpFastCache();
if ($clear_all_caches) {
$fastCache->clean();
}
$cache_time = 3600 * 24 * $cache_time_days;
// Cache time is in seconds.
$enabled_plugins = array();
$enabled_stylesheets = array();
$enabled_scripts = array();
$current_page = _INPUT('p', 'index');
$registered_pages = array('Home' => sculpt_page_url('index'));
$registered_processors = array('system' => '');
include './extras/plugins/enabled.php';
function sculpt_system($arg)
{
if (isset($arg)) {
switch ($arg) {
case "path":
return "./system/";
break;
case "content_path":
return "./content/";
break;
case "default_look":
return "appearance/armature/main.php";
include_once '/srv/www/php-lib/cge_std_tools.php';
// Including CGE_std clases and functions
//////////////////////// MAIN /////////////////////////
if (count($_POST) + count($_GET) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
// VALIDATE SESSION
$SESSIONID = $_SESSION['SESSIONID'];
$USERNAME = $_SESSION['USERNAME'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', true, true, true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', true, true, true);
}
// VALIDATE INPUTS
$iid = _INPUT('IID');
$sid = _INPUT('SID');
if (preg_match("/[^0-9]/", $iid)) {
respond("BADIID", array('VALUE' => $iid), true, true, true);
}
if (preg_match("/[^0-9]/", $sid)) {
respond("BADSID", array('VALUE' => $sid), true, true, true);
}
// Set global variables
$htdocs = "/srv/www/htdocs/services/";
$wwwroot = "https://cge.cbs.dtu.dk/services/";
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true, true, true);
}
} else {
return NULL;
}
}
function respond($status, $SESSIONID, $USERNAME, $EXIT = false)
{
echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>";
if ($EXIT == true) {
exit;
}
}
// MAIN
if (count($_POST) > 0) {
# or count($_GET)>0
// VALIDATE INPUT
$EMAIL = _INPUT("EMAIL");
if (!is_email($EMAIL)) {
respond("BADEMAIL", '', '', true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true);
}
// CHECK USERNAME AND EMAIL AVAILABILITY
$stmt = $mysqli->prepare("SELECT status, usr, pwd FROM users WHERE email = ?");
$stmt->bind_param('s', $EMAIL);
// EXECUTE AND GET RESULTS
$stmt->execute();
$stmt->bind_result($stat, $usr, $pwd);
{
echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>";
if ($EXIT == true) {
exit;
}
}
// MAIN
if (count($_POST) > 0) {
# or count($_GET)>0
$securimage = new Securimage();
$key = ")gIs56bi%";
// VALIDATE INPUTS
$USERNAME = _INPUT("USERNAME");
$PASSWORD = sha1($key . $USERNAME . _INPUT("PASSWORD") . $key);
$EMAIL = _INPUT("EMAIL");
$CAPTCHA = preg_replace("/[^A-Za-z0-9]/", '', _INPUT("CAPTCHA"));
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', '', true);
}
if (!is_email($EMAIL)) {
respond("BADEMAIL", $EMAIL, '', true);
}
//if ($securimage->check($CAPTCHA) == false) { respond("BADIMAGE", '', '', true); }
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true);
}
// CHECK USERNAME AND EMAIL AVAILABILITY
$stmt = $mysqli->prepare("SELECT usr FROM users WHERE usr = ? OR email = ?");
// IMPORT PHP LIBRARIES
include_once '/srv/www/php-lib/cge_std_tools.php';
// Including CGE_std clases and functions
//////////////////////// MAIN /////////////////////////
if (count($_POST) + count($_GET) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
// VALIDATE SESSION
$SESSIONID = $_SESSION['SESSIONID'];
$USERNAME = $_SESSION['USERNAME'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', true);
}
// VALIDATE INPUTS
$iid = _INPUT('IID');
if ($iid == '' or $iid == null) {
respond("NOIID", '', true);
}
if (preg_match("/[^0-9]/", $iid)) {
respond("BADIID", array('VALUE' => $iid), true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true);
}
// VALIDATE USER AND EXTRACT UID => $status = ACCEPTED or NOUSER or INVALIDSESSION
list($status, $uid) = ValidateUser($mysqli, $USERNAME, $SESSIONID);
// VERIFY ISOLATE ACCESS PERMISSIONS => $status = ACCEPTED or NOACCESS or NOISOLATE
if (preg_match("/[^A-Za-z0-9]/", _INPUT("SESSIONID")) or strlen(_INPUT("SESSIONID")) < 40) {
respond("BADSESSIONID", '');
exit;
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', '');
exit;
}
//CHECK FOR CORRECT USERNAME AND SESSIONID ### TODO ###
//GET DATA FROM DATABASE
$stmt = $mysqli->prepare("SELECT i.id, i.sample_name,\n m.country, m.region, m.city, m.zip_code, m.collection_date, m.isolation_source, m.pathogenic,\n r.id rid, r.run_id, r.service, r.date,\n a.id, a.n50,\n mlst.id m_id,\n pmlst.id pm_id,\n rf.id rf_id\n FROM isolates i \n LEFT OUTER JOIN meta m ON i.id = m.isolate_id\n LEFT OUTER JOIN runs r ON i.id = r.isolate_id\n LEFT OUTER JOIN assembly a ON i.id = a.isolate_id\n LEFT OUTER JOIN mlst ON r.id = mlst.runid\n LEFT OUTER JOIN pmlst ON r.id = pmlst.runid\n LEFT OUTER JOIN resfinder rf ON r.id = rf.runid\n WHERE r.user_id = ?\n ;");
$stmt->bind_param('s', $USERNAME);
$USERNAME = preg_replace('/[^A-Za-z0-9\\_\\-\\.\\@\\,]/', '', _INPUT("USERNAME"));
//EXECUTE PREPARED STATEMENT
$stmt->execute();
// BIND RESULT VARIABLES
$stmt->bind_result($r_id, $r_name, $r_country, $r_region, $r_city, $r_zip, $r_mdate, $r_origin, $r_pathogenicity, $r_rid, $r_uid, $r_service, $r_rdate, $r_aid, $r_n50, $r_m_id, $r_pm_id, $r_rf_id);
// FETCH RESULTS
$count = 0;
$DATA = array();
while ($stmt->fetch()) {
$isolat = array('id' => $r_id, 'name' => $r_name, 'metadata' => array('country' => $r_country, 'region' => $r_region, 'city' => $r_city, 'zip' => $r_zip, 'date' => $r_mdate, 'origin' => $r_origin, 'pathogenicity' => $r_pathogenicity), 'assembly' => array('id' => $r_aid, 'n50' => $r_n50), 'runs' => array("run{$r_rid}" => array('uid' => $r_uid, 'service' => $r_service, 'date' => $r_rdate, 'servicedata' => array())));
// ADD SERVICE DATA
if ($r_m_id) {
$isolat['runs']["run{$r_rid}"]['servicedata']['m_id'] = $r_m_id;
} elseif ($r_pm_id) {
$isolat['runs']["run{$r_rid}"]['servicedata']['pm_id'] = $r_pm_id;
} elseif ($r_rf_id) {
// Including CGE_std clases and functions
$wwwroot = "http://cge.cbs.dtu.dk/services/";
$htdocs = "/srv/www/htdocs/services/";
function _INPUT($name)
{
if ($_SERVER['REQUEST_METHOD'] == 'GET') {
return strip_tags($_GET[$name]);
}
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
return strip_tags($_POST[$name]);
}
}
if (count($_POST) > 0) {
$uid = preg_replace('/[^0-9\\_]/', '', _INPUT("UID"));
$service = preg_replace('/[^A-Za-z]/', '', _INPUT("SERVICE"));
$version = preg_replace('/[^0-9\\.]/', '', _INPUT("VERSION"));
if ($version != '') {
# Adding dash to version
$version = '-' . $version;
}
$wwwroot .= $service . $version . "/";
//include $htdocs.$service.$version."/header.html"; # Header file
# INCLUDE STANDARD HTML HEADER
$CGE = new CGE();
// Load the Class
# INCLUDE CGE MENU
# Format is: ServerName, "(Link/Path.html, 'NameOfLink'),(Link/Path.html, 'NameOfLink')"
$CGE->std_header("", "(" . $wwwroot . "instructions.php,'Instructions'),(" . $wwwroot . "output.php,'Output'),(" . $wwwroot . "abstract.php,'Article abstract')");
// Print the Menu
if ($uid != "" and $service != "") {
$fullPath = "/panfs1/cge-servers/" . $service . "/" . $service . $version . "/IO/" . $uid . "/final_output/" . $service . ".out.gz";
// IMPORT PHP LIBRARIES
include_once '/srv/www/php-lib/cge_std_tools.php';
// Including CGE_std clases and functions
//////////////////////// MAIN /////////////////////////
if (count($_POST) + count($_GET) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
// VALIDATE SESSION
$SESSIONID = $_SESSION['SESSIONID'];
$USERNAME = $_SESSION['USERNAME'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', true);
}
// VALIDATE INPUTS
$iid = _INPUT("IID");
if ($iid == '' or $iid == null) {
respond("NOIID", '', true);
}
if (preg_match("/[^0-9]/", $iid)) {
respond("BADIID", array('VALUE' => $iid), true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("MYSQLERROR", array('MESSAGE' => "Connect failed: %s\n", mysqli_connect_error()), true);
}
// VALIDATE USER AND EXTRACT UID => $status = ACCEPTED or NOUSER or INVALIDSESSION
list($status, $uid) = ValidateUser($mysqli, $USERNAME, $SESSIONID);
// VERIFY ISOLATE ACCESS PERMISSIONS => $status = ACCEPTED or NOACCESS or NOISOLATE
} else {
return NULL;
}
}
function respond($status, $SESSIONID, $USERNAME, $EXIT = false)
{
echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>";
if ($EXIT == true) {
exit;
}
}
// MAIN
if (count($_POST) > 0 or count($_GET) > 0) {
// VALIDATE INPUTS
$USERNAME = _INPUT("USERNAME");
$ACTIVATE = _INPUT("ACTIVATE");
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', '', true);
}
if (preg_match("/[^A-fa-f0-9]/", $ACTIVATE)) {
respond("BADHASH", '', '', true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true);
}
// CHECK ACTIVATION CODE AND STATUS
$stmt = $mysqli->prepare("SELECT tmp, status FROM users WHERE usr = ?");
$stmt->bind_param('s', $USERNAME);
// MAIN
if (count($_POST) > 0 and isset($_SESSION['SESSIONID']) and isset($_SESSION['USERNAME'])) {
# or count($_GET)>0
$key = ")gIs56bi%";
// VALIDATE INPUTS
$SESSIONID = $_SESSION['SESSIONID'];
$USERNAME = $_SESSION['USERNAME'];
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', '', true);
}
if (preg_match("/[^A-fa-f0-9]/", $SESSIONID)) {
respond("BADSESSION", '', '', true);
}
$NEW_USERNAME = _INPUT("USERNAME");
$NEW_EMAIL = _INPUT("EMAIL");
$NEW_PASSWORD = sha1($key . $NEW_USERNAME . _INPUT("PASSWORD") . $key);
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $NEW_USERNAME)) {
respond("BADUSER2", '', '', true);
}
if (!is_email($NEW_EMAIL)) {
respond("BADEMAIL", '', '', true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli('cge', 'cgeclient', 'www', 'cge');
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true);
}
// CHECK USERNAME AND SESSIONID
$stmt = $mysqli->prepare("SELECT session_id, email FROM users WHERE usr = ?");
$stmt->bind_param('s', $USERNAME);
return NULL;
}
}
function respond($status, $SESSIONID, $USERNAME, $EXIT = false)
{
echo "<?xml version='1.0' encoding='UTF-8'?><SESSION><STATUS>{$status}</STATUS><SESSIONID>{$SESSIONID}</SESSIONID><USERNAME>{$USERNAME}</USERNAME></SESSION>";
if ($EXIT == true) {
exit;
}
}
if (count($_POST) > 0) {
# or count($_GET)>0
$key = ")gIs56bi%";
// VALIDATE INPUTS
$USERNAME = _INPUT("USERNAME");
$PASSWORD = sha1($key . $USERNAME . _INPUT("PASSWORD") . $key);
if (preg_match("/[^A-Za-z0-9\\_\\-\\.\\@\\,]/", $USERNAME)) {
respond("BADUSER", '', '', true);
}
// CONNECT TO THE DATABASE
$mysqli = new mysqli($host, $user, $passwd, $db, $port);
// CHECK CONNECTION
if (mysqli_connect_errno()) {
respond("Connect failed: %s\n", mysqli_connect_error(), '', '', true);
}
// CHECK FOR CORRECT USERNAME AND PASSWORD
$stmt = $mysqli->prepare("SELECT status FROM users WHERE usr = ? AND pwd = ?");
$stmt->bind_param('ss', $USERNAME, $PASSWORD);
// EXECUTE AND GET RESULTS
$stmt->execute();
$stmt->bind_result($stat);
get_user_details();
</script>
<!-- END OF CONTENT --><?php
} elseif ($ACTION == "cancel_create") {
$uid = _INPUT("uid");
$tmp = _INPUT("tmp");
echo "<p id='msg'>Cancelling your account creation...</p><script type='text/javascript'>cancel_create('{$uid}', '{$tmp}');</script>";
} elseif ($ACTION == "confirm_create") {
$uid = _INPUT("uid");
$tmp = _INPUT("tmp");
echo "<p id='msg'>Activating your account...</p><script type='text/javascript'>confirm_create('{$uid}', '{$tmp}');</script>";
} elseif ($ACTION == "cancel_reset") {
$uid = _INPUT("uid");
echo "<p id='msg'>Cancelling reset of your password...</p><script type='text/javascript'>cancel_reset('{$uid}');</script>";
} elseif ($ACTION == "cancel_delete") {
$uid = _INPUT("uid");
$tmp = _INPUT("tmp");
echo "<p id='msg'>Cancelling the deletion of your account...</p><script type='text/javascript'>cancel_delete('{$uid}', '{$tmp}');</script>";
} elseif ($ACTION == "confirm_delete") {
$uid = _INPUT("uid");
$tmp = _INPUT("tmp");
echo "<p id='msg'>Finalising deletion of your account...</p><script type='text/javascript'>confirm_delete('{$uid}', '{$tmp}');</script>";
} else {
echo "<p id='msg'>Redirecting to service overview page...</p><script type='text/javascript'>window.location='/services/index.php';</script>";
}
$CGE->Piwik(15);
// Printing Piwik codes!!
# Displays a standard footer; two parameters:
# First a simple headline like: "Support"
# then a list of emails like this: "('Scientific problems','foo','*****@*****.**'),('Technical problems','bar','*****@*****.**')"
$CGE->standard_foot("Support", "('Technical problems','CGE Support','*****@*****.**')");
$serviceRoot = "/srv/www/htdocs/services/";
# STANDARD CBS PAGE TEMPLATES, always include this file
include_once '/srv/www/php-lib/cge_std_tools.php';
// Including CGE_std clases and functions
// Load the CGE class (title, meta_tags, banner_path, css_paths, js_paths) '' is default
$CGE = new CGE('Sample Overview', '<base href="' . $domain . '" target="_blank">', '', '/tools_new/client/platform/styles/isolate_manager.css', '/tools_new/client/platform/scripts/isolate_manager.js');
# CGE MENU
# Format is: ServerName, "(Link/Path.html, 'NameOfLink'),(Link/Path.html, 'NameOfLink')"
$CGE->std_header("Sample Overview", "(/tools_new/client/platform/sample/,'Home'),(/services/,'Services'),(/services/cge/index.php,'Batch Upload'),(/services/CGEpipeline-1.0/map.php,'MapViewer')", FALSE);
// Print the Menu
// REQUIRE THE USER TO LOGIN
if ($CGE->user_is_logged_in()) {
$ACTION = _INPUT("action");
if ($ACTION == "edit") {
// SHOW EDITING FORM
$iid = _INPUT("iid");
?>
<!-- START OF CONTENT -->
<div id='edit'>
<button onclick="delete_isolate(<?php
echo $iid;
?>
);location.href=window.location.pathname;">Delete sample</button>
<h3>Sample files: <span id='files' style='color:grey;'>No files were found!</span></h3>
<form name='profile'>
<p>
<input type='hidden' name='iid'>
Sample name: <input type='text' id='name' name='name'><br>
Description: <textarea name='note'></textarea><br>
Sampling Date: <input type='text' name='mdate' onchange='check_date(this.value, "date_check");'> <span id='date_check' style='font-weight: bold;'></span><br>
Sequencing Technology:
echo md5(uniqid());
?>
" alt="CAPTCHA Image" align="left" />
<object type="application/x-shockwave-flash" data="./securimage/securimage_play.swf?bgcol=#ffffff&icon_file=./securimage/images/audio_icon.png&audio_file=./securimage/securimage_play.php" height="32" width="32">
<param name="movie" value="./securimage/securimage_play.swf?bgcol=#ffffff&icon_file=./securimage/images/audio_icon.png&audio_file=./securimage/securimage_play.php" />
</object>
<a tabindex="-1" style="border-style: none;" href="#" title="Refresh Image" onclick="document.getElementById('siimage').src = './securimage/securimage_show.php?sid=' + Math.random(); this.blur(); return false"><img src="./securimage/images/refresh.png" alt="Reload Image" height="32" width="32" onclick="this.blur()" align="bottom" border="0" /></a><br />
<strong>Enter Code*:</strong><br />
<input type="text" name="captcha" size="12" maxlength="8" />
</p>
<input type='button' value='Create User' onclick="check_name();check_email();check_password();create_login(this.form.username.value, this.form.password.value, this.form.email.value, this.form.captcha.value)">
</form>
<!-- END OF CONTENT -->
<?php
} elseif (_INPUT("action") == "edit") {
// SHOW EDIT FORM AND DELETE BUTTON
?>
<h1>Edit Profile</h1>
<h3>Login information: <?php
$CGE->showhide("info_login");
?>
</h3>
<form name='change_user_info'>
<p id='info_login' class="hide" style="display:None;">
Change username to: <input type='text' name='username' onchange='check_name();'> <span id='username' style='font-weight: bold;'></span><br>
Change password to: <input type='password' name='password' onkeyup='password_strength();check_password();'> Security: <span id='password_strength' style='font-weight: bold;'>None</span><br>
Confirm password: <input type='password' name='passwordcheck' onkeyup='check_password();'> <span id='check_password' style='font-weight: bold;'></span><br>
<input type='button' value='Save changes to login information' onclick="cremate_login(this.form.username.value, this.form.password.value, this.form.captcha.value)"><br>
</p>
