$notebook = ''; $all_accessible_notebooks = ''; if ($action == 'create') { if (!isset($_REQUEST['user_id']) || !is_numeric($_REQUEST['user_id'])) { util_redirectToAppPage('app_code/notebook.php?action=list', 'failure', util_lang('no_user_specified')); } // $notebook = new Notebook(['user_id' => $USER->user_id, 'name'=>util_lang('new_notebook_title').' '.util_currentDateTimeString(),'DB'=>$DB]); $notebook = Notebook::createNewNotebookForUser($USER->user_id, $DB); } elseif ($action == 'list') { $all_accessible_notebooks = $USER->getAccessibleNotebooks($ACTIONS['view']); // $listable_notebooks = $USER->getAccessibleNotebooks($ACTIONS['list']); // exit; if (count($all_accessible_notebooks) < 1) { $notebook = new Notebook(['DB' => $DB]); if (!$USER->canActOnTarget($ACTIONS['create'], $notebook)) { util_redirectToAppHome('failure', util_lang('no_notebooks_found')); } } else { $notebook = $all_accessible_notebooks[0]; } } else { // if ((! isset($_REQUEST['notebook_id'])) || (! is_numeric($_REQUEST['notebook_id']))) { //// util_redirectToAppHome('failure',util_lang('no_notebook_specified')); // util_redirectToAppPage('app_code/notebook.php?action=list','failure',util_lang('no_notebook_specified')); // } if ($_REQUEST['notebook_id'] == 'NEW') { $notebook = Notebook::createNewNotebookForUser($USER->user_id, $DB); } else { $notebook = Notebook::getOneFromDb(['notebook_id' => $_REQUEST['notebook_id']], $DB); if (!$notebook->matchesDb) { // util_redirectToAppHome('failure',util_lang('no_notebook_found'));
function util_redirectToAppHomeWithPrejudice() { util_wipeSession(); util_redirectToAppHome(); }
} $ap = Authoritative_Plant::createNewAuthoritativePlant($DB); } } if ($action == 'create' || $action == 'update') { if (!$ap) { $action = 'list'; } } elseif (!$ap || !$ap->matchesDb) { $action = 'list'; } # 3. confirm that the user is allowed to take that action on that object (if not, redirect them to the home page with an appropriate warning) if ($action == 'list' && !$USER->canActOnTarget($ACTIONS[$action], $ap)) { // util_prePrintR($USER); // exit; util_redirectToAppHome('failure', util_lang('no_permission')); } elseif ($action != 'list' && !$USER->canActOnTarget($ACTIONS[$action], $ap)) { if ($action == 'view') { util_redirectToAppPage('app_code/authoritative_plant.php?action=list', 'failure', util_lang('no_permission')); } util_redirectToAppPage('app_code/authoritative_plant.php?action=view&authoritative_plant_id=' . $_REQUEST['authoritative_plant_id'], 'failure', util_lang('no_permission')); } if ($action != 'delete') { require_once '../app_head.php'; } # 4. branch behavior based on the action # update - update the object with the data coming in, then show the object (w/ 'saved' message) # verify/publish - set the appropriate flag (true or false, depending on data coming in), then show the object (w/ 'saved' message) # *list* - not a standard action; show a list (tree) of all metadata to which the user has view access # view - show the object # create/edit - show a form with the object's current values ($action is 'update' on form submit)
// // SECTION: must be signed in to view pages; otherwise, redirect to index splash page // if (!strpos(APP_FOLDER . "/index.php", $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF'])) { // // TODO: add logging? // util_redirectToAppHome('info', 'msg_do_sign_in'); // } // } } else { // SECTION: authenticated if ($_SESSION['fingerprint'] != $FINGERPRINT) { // TODO: add logging? util_redirectToAppHomeWithPrejudice(); } if (isset($_REQUEST['submit_signout'])) { // SECTION: wants to log out util_wipeSession(); util_redirectToAppHome(); // NOTE: the above is the same as util_redirectToAppHomeWithPrejudice, but this code is easier to follow/read when the two parts are shown here } } $IS_AUTHENTICATED = util_checkAuthentication(); if ($IS_AUTHENTICATED) { // SECTION: is signed in // now create user object $USER = new User(['username' => $_SESSION['userdata']['username'], 'DB' => $DB]); //echo "<pre>"; print_r($USER); echo "</pre>"; // now check if user data differs from session data, and if so, update the users db record (this might be a part of the User construct method) $USER->refreshFromDb(); //echo "<pre>"; print_r($USER); echo "</pre>"; //print_r($_SESSION['userdata']); $USER->updateDbFromAuth($_SESSION['userdata']); //echo "<pre>"; print_r($USER); echo "</pre>";