function metacomplete(folksoQuery $q, folksoWsseCreds $cred, folksoDBconnect $dbc) { $i = new folksoDBinteract($dbc); if ($i->db_error()) { header('HTTP/1.1 501 Database error'); die($i->error_info()); } $sql = "select tagdisplay " . " from metatag " . " where " . " tagnorm like '" . $i->dbescape(strtolower($q->get_param('q'))) . "%'"; $i->query($sql); switch ($i->result_status) { case 'DBERR': header('HTTP/1.1 501 Database query error'); die($i->error_info()); break; case 'NOROWS': header('HTTP/1.1 204 No matching tags'); return; break; case 'OK': header('HTTP/1.1 200 OK I guess'); while ($row = $i->result->fetch_object()) { /** For entirely numeric tags, we enclose them in quotes so that they can be treated as text instead of as ids. **/ if (is_numeric($row->tagdisplay)) { print '"' . $row->tagdisplay . '"' . "\n"; } else { print $row->tagdisplay . "\n"; } } break; } }
function autocomplete(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $i = new folksoDBinteract($dbc); $r = new folksoResponse(); if ($i->db_error()) { $r->dbConnectionError($i->error_info()); return $r; } $sql = "SELECT tagdisplay " . "FROM tag " . "WHERE tagnorm like '" . $i->dbescape(strtolower($q->get_param('q'))) . "%'"; $i->query($sql); switch ($i->result_status) { case 'DBERR': $r->dbQueryError($i->error_info()); return $r; break; case 'NOROWS': $r->setOk(204, 'No matching tags'); return $r; break; case 'OK': $r->setOk(200, 'OK I guess'); while ($row = $i->result->fetch_object()) { /** For entirely numeric tags, we enclose them in quotes so that they can be treated as text instead of as ids. **/ if (is_numeric($row->tagdisplay)) { $r->t('"' . $row->tagdisplay . '"' . "\n"); } else { $r->t($row->tagdisplay . "\n"); } } return $r; break; } }
function testMethodStuff() { $q = new folksoQuery(array('REQUEST_METHOD' => 'GET'), array('folksores' => 1234), array()); $this->assertIsA($q, folksoQuery, 'Problem with object creation'); $this->assertEqual($q->method(), 'get', 'Reporting incorrect method'); $this->assertFalse($q->is_write_method, 'is_write_method should report false on GET'); $qq = new folksoQuery(array('REQUEST_METHOD' => 'POST'), array('folksostuff' => 'hoohoa'), array()); $this->assertEqual($qq->method(), 'post', 'Reporting incorrect method, should be post'); $this->assertTrue($qq->is_write_method(), 'Is write method should say true on POST'); }
/** * * */ function getUserResByTag(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); try { $u = $fks->userSession(null); if (!$u instanceof folksoUser && !$q->is_param('user')) { return $r->setError(404, 'No user'); } elseif ($q->is_param('user')) { $u = new folksoUser($dbc); // we create a user object anyway $u->setUid($q->get_param('user')); if (!$u->exists($q->get_param('user'))) { return $r->setError(404, 'Missing or invalid user'); } } $i = new folksoDBinteract($dbc); $uq = new folksoUserQuery(); $sql = $uq->resourcesByTag($q->tag, $u->userid); $i->query($sql); /* these are inside the try block because exists() hits the DB */ if ($i->rowCount == 0) { if (isset($u->nick) || $u->exists()) { return $r->setOk(204, 'User has no resources with this tag'); } else { // no longer necessary return $r->setError(404, 'Unknown user'); } } } catch (dbException $e) { return $r->handleDBexception($e); } catch (badUseridException $e) { return $r->handleDBexception($e); // TODO: update this with new class } $r->setOk(200, 'Found'); $df = new folksoDisplayFactory(); if ($q->content_type() == 'json') { $dd = new folksoDataJson('resid', 'url', 'title'); } else { $dd = $df->ResourceList('xml'); } $r->t($dd->startform()); while ($row = $i->result->fetch_object()) { $r->t($dd->line($row->id, htmlspecialchars($row->uri_raw), htmlspecialchars($row->title))); } $r->t($dd->endform()); return $r; }
/** * Checks to see if this Response should be used to respond to the query $q. * * If there are 'exclude' parameters, they are checked first. If any * of them are present, param_check returns 'false'. * * Then we check the 'required' parameters in $this->activate_params * and returns false if any of them are missing. If one of the * 'oneof' fields is present (and assuming conditions in the other * arrays are met), 'true' is returned. * * @param folksoQuery $q * @return boolean */ private function param_check(folksoQuery $q) { if (is_array($this->activate_params['exclude'])) { foreach ($this->activate_params['exclude'] as $no) { if ($q->is_param($no)) { return false; } } } $all_requireds = array(); foreach (array($this->activate_params['required'], $this->activate_params['required_single'], $this->activate_params['required_multiple']) as $arr) { if (is_array($arr)) { $all_requireds = array_merge($all_requireds, $arr); } } foreach ($all_requireds as $p) { if (!$q->is_param($p)) { return false; } } if (is_array($this->activate_params['required_single'])) { foreach ($this->activate_params['required_single'] as $p) { if (!$q->is_single_param($p)) { return false; } } } if (is_array($this->activate_params['required_multiple'])) { foreach ($this->activate_params['required_multiple'] as $p) { if (!$q->is_multiple_param($p)) { return false; } } } $oneof = false; if (is_array($this->activate_params['oneof'])) { foreach ($this->activate_params['oneof'] as $p) { if ($q->is_param($p)) { $oneof = true; } } if (!$oneof) { return false; } } return true; }
/** * rename tag * * rename, newname * */ function renameTag(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); $u = $fks->userSession(null, 'folkso', 'admin'); if (!$u instanceof folksoUser || !$u->checkUserRight('folkso', 'admin')) { return $r->unAuthorized($u); } try { $i = new folksoDBinteract($dbc); if (!$i->tagp($q->tag)) { $r->setError(404, 'Tag not found', 'Nothing to rename. No such tag: ' . $q->tag); return $r; } $query = "UPDATE tag\n SET tagdisplay = '" . $i->dbescape($q->get_param('newname')) . "', " . "tagnorm = normalize_tag('" . $i->dbescape($q->get_param('newname')) . "') " . "where "; if (is_numeric($q->tag)) { $query .= " id = " . $q->tag; } else { $query .= " tagnorm = normalize_tag('" . $i->dbescape($q->tag) . "')"; } $i->query($query); } catch (dbException $e) { return $r->handleDBexception($e); } $r->setOk(204, 'Tag renamed'); return $r; }
/** * Add a note to a resource * * Web params: POST, note, res */ function addNote(folksoQuery $q, folksoDBconnect $dbc, folksoSession $fks) { $r = new folksoResponse(); $u = $fks->userSession(null, 'folkso', 'tag'); if (!$u instanceof folksoUser || !$u->checkUserRight('folkso', 'tag')) { return $r->unAuthorized($u); } try { $i = new folksoDBinteract($dbc); $sql = "INSERT INTO note " . "SET note = '" . $i->dbescape($q->get_param("note")) . "', " . "userid = '" . $u->userid . "', " . "resource_id = "; if (is_numeric($q->res)) { $sql .= $q->res; } else { $sql .= "(SELECT id FROM resource " . " WHERE uri_normal = url_whack('" . $q->res . "'))"; } $i->query($sql); } catch (dbException $e) { return $r->handleDBexception($e); } $r->setOk(202, 'Note accepted'); $r->t("This note will be added to the resource: " . $q->res); $r->t("\n\nText of the submitted note:\n" . $q->get_param('note')); return $r; }
/** * "True" means authorization _is_ necessary, false means it isn't. We * could check the fields for some GETs here too, to see if this is an * individualized GET request. (Or maybe it isn't necessary to do so * either.) * * @param folksoQuery $q */ function is_auth_necessary(folksoQuery $q) { return false; if ($q->method() == 'get' || $q->method() == 'head' || $this->clientAccessRestrict == 'LOCAL') { return false; } else { return true; } }