Exemplo n.º 1
0
function create_characteristic($level, $shortName, $description, $programSpecifier)
{
    if (is_null($level) || $level == "") {
        page_fail_on_field(BAD_REQUEST, 'level', 'must be non-empty');
    }
    if (is_null($shortName) || $shortName == "") {
        page_fail_on_field(BAD_REQUEST, 'short_name', 'must be non-empty');
    }
    if (is_null($description) || $description == "") {
        page_fail_on_field(BAD_REQUEST, 'description', 'must be non-empty');
    }
    $info = array('table' => 'abet_characteristic', 'fields' => array('level', 'short_name', 'description'), 'values' => array(array("s:{$level}", "s:{$shortName}", "s:{$description}")));
    if (!is_null($programSpecifier) && $programSpecifier != "") {
        $info['fields'][] = 'program_specifier';
        $info['values'][0][] = "s:{$programSpecifier}";
    }
    list($code, $json) = Query::perform_transaction(function (&$rollback) use($info) {
        $insert = new Query(new QueryBuilder(INSERT_QUERY, $info));
        if (!$insert->validate_update()) {
            $rollback = true;
            return array(SERVER_ERROR, "{\"success\":false}");
        }
        $query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('abet_characteristic' => array('id', 'level', 'short_name', 'description', 'program_specifier')), 'where' => 'abet_characteristic.id = LAST_INSERT_ID()')));
        if ($query->is_empty()) {
            $rollback = true;
            return array(SERVER_ERROR, "{\"success\":false}");
        }
        return array(OKAY, json_encode($query->get_row_assoc()));
    });
    http_response_code($code);
    return $json;
}
Exemplo n.º 2
0
function create_course($title, $courseNumber, $coordinator, $instructor, $description, $textbook, $creditHours)
{
    if (is_null($title) || $title == "") {
        page_fail_on_field(BAD_REQUEST, 'title', 'must be non-empty');
    }
    if (is_null($courseNumber) || $courseNumber == "") {
        page_fail_on_field(BAD_REQUEST, 'course_number', 'must be non-empty');
    }
    if (is_null($coordinator)) {
        page_fail_on_field(BAD_REQUEST, 'coordinator', 'must be non-empty');
    }
    if (is_null($instructor) || $instructor == "") {
        page_fail_on_field(BAD_REQUEST, 'instructor', 'must be non-empty');
    }
    if (is_null($description) || $description == "") {
        page_fail_on_field(BAD_REQUEST, 'description', 'must be non-empty');
    }
    if (is_null($textbook) || $textbook == "") {
        page_fail_on_field(BAD_REQUEST, 'textbook', 'must be non-empty');
    }
    if (is_null($creditHours) || $creditHours == "") {
        page_fail_on_field(BAD_REQUEST, 'credit_hours', 'must be non-empty');
    }
    $info = array('table' => 'course', 'fields' => array('title', 'course_number', 'fk_coordinator', 'instructor', 'description', 'textbook', 'credit_hours'), 'values' => array(array("s:{$title}", "s:{$courseNumber}", "i:{$coordinator}", "s:{$instructor}", "s:{$description}", "s:{$textbook}", "s:{$creditHours}")));
    list($code, $json) = Query::perform_transaction(function (&$rollback) use($info) {
        $insert = new Query(new QueryBuilder(INSERT_QUERY, $info));
        if (!$insert->validate_update()) {
            $rollback = true;
            return array(SERVER_ERROR, "{\"success\":false}");
        }
        $query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('course' => array('id', 'title', 'fk_coordinator', 'instructor', 'description', 'textbook', 'credit_hours')), 'aliases' => array('course.fk_coordinator' => 'coordinator'), 'where' => 'course.id = LAST_INSERT_ID()')));
        if ($query->is_empty()) {
            $rollback = true;
            return array(SERVER_ERROR, "{\"success\":false}");
        }
        return array(OKAY, json_encode($query->get_row_assoc()));
    });
    http_response_code($code);
    return $json;
}
Exemplo n.º 3
0
// validate user name: must be lowercase or numeric and start with letter
$un = strtolower($_POST['username']);
if ($un != $_POST['username']) {
    echo json_encode(array("error" => "username must be lowercase", "errField" => "username"));
    http_response_code(BAD_REQUEST);
    exit;
}
unset($un);
if (!ctype_alpha($_POST['username'][0])) {
    echo json_encode(array("error" => "username must begin with alphabetic character", "errField" => "username"));
    http_response_code(BAD_REQUEST);
    exit;
}
// validate user role; must be one of 'admin', 'faculty', 'observer'
if ($_POST['role'] != 'faculty' && $_POST['role'] != 'admin' && $_POST['role'] != 'observer') {
    page_fail_on_field(BAD_REQUEST, 'role', 'role must be one of \'faculty\', \'admin\' or \'observer\'');
}
// perform a transaction that will atomically check the database and do an
// insert
list($code, $json) = Query::perform_transaction(function (&$rollback) {
    // make sure username is not already in use for another user
    $query = new Query(new QueryBuilder(SELECT_QUERY, array('tables' => array('userprofile' => 'username'), 'where' => 'username = ? AND id <> ?', 'where-params' => array("s:{$_POST['username']}", "s:{$_SESSION['id']}"), 'limit' => 1)));
    // check select result
    if (!$query->is_empty()) {
        $rollback = true;
        return array(BAD_REQUEST, json_encode(array("error" => "the requested username is unavailable", "errField" => "username")));
    }
    // insert new 'userauth' entity
    $hash = password_hash($_POST['passwd'], PASSWORD_DEFAULT);
    $query = new Query(new QueryBuilder(INSERT_QUERY, array('table' => 'userauth', 'fields' => array('passwd', 'role'), 'values' => array(array("s:{$hash}", "s:{$_POST['role']}")))));
    if (!$query->validate_update()) {
Exemplo n.º 4
0
                $assess = ABETAssessment::create('', $row['id'], null, $critId);
                $assess->add_general_content();
            }
            return array(OKAY, json_encode($row));
        });
        http_response_code($code);
        echo $json;
    }
} else {
    if ($_SERVER['REQUEST_METHOD'] == 'POST') {
        // verify fields
        static $fields = array('id', 'name', 'abbrv', 'semester', 'year', 'description');
        $a = array_map(function ($x) {
            if (!array_key_exists($x, $_POST)) {
                return null;
            }
            return !is_null($_POST[$x]) && $_POST[$x] !== '';
        }, $fields);
        if (($key = array_search(false, $a, false)) !== false) {
            if (is_null($a[$key])) {
                page_fail_with_reason(BAD_REQUEST, "missing field name");
            }
            page_fail_on_field(BAD_REQUEST, $fields[$key], 'value must have non-zero length');
        }
        // update the specified element
        $query = new Query(new QueryBuilder(UPDATE_QUERY, array('table' => 'program', 'updates' => array('name' => "s:{$_POST['name']}", 'abbrv' => "s:{$_POST['abbrv']}", 'semester' => "s:{$_POST['semester']}", 'year' => "i:{$_POST['year']}", 'description' => "s:{$_POST['description']}"), 'where' => 'id = ?', 'where-params' => array("i:{$_POST['id']}"), 'limit' => 1)));
        echo "{\"success\":true}";
    } else {
        page_fail(BAD_REQUEST);
    }
}
Exemplo n.º 5
0
require_once 'abet1-misc.php';
/* change-passwd.php - JSON transfer specification
    Supports: POST

    Fields: (POST)
    *-----------------------*
    | old_passwd new_passwd |
    *-----------------------*

    This script allows an authenticated user to change their password. They must
    supply their current password for the new one to be accepted.

    On success, the JSON object {"success":true} will be returned. Otherwise the
    object {"success":false} will be returned with some non-200 http response code.
*/
if (!abet_is_authenticated()) {
    page_fail(UNAUTHORIZED);
}
if ($_SERVER['REQUEST_METHOD'] != 'POST' || !array_key_exists('old_passwd', $_POST) || !array_key_exists('new_passwd', $_POST)) {
    page_fail(BAD_REQUEST);
}
// verify old password
if (!abet_verify($_SESSION['user'], $_POST['old_passwd'], $id, $role)) {
    page_fail_on_field(BAD_REQUEST, "old_passwd", "password was incorrect");
}
// attempt to update passwords; if this fails then the user used one of their
// old passwords
if (!abet_change_password($_SESSION['user'], $_POST['new_passwd'])) {
    page_fail_on_field(BAD_REQUEST, 'new_passwd', 'password was previously used');
}
echo "{\"success\":true}";