public static function callApi($extra_params = null, $api_url = REDCAP_API_URL, $json_decode = true)
{
$default_params = array('token' => REDCAP_API_TOKEN, 'format' => 'json', 'content' => 'record');
$params = array_merge($default_params, $extra_params);
//logIt("New Params:" . print_r($params,true), "DEBUG");
// logIt(json_encode($params,1),"DEBUG");
$result = self::http_post($api_url, $params);
// logIt('call API Raw result: ' . print_r($params), "DEBUG");
if ($json_decode) {
$result = json_decode($result, true);
if (isset($result->error)) {
logIt('Error in writeToApi: ' . $result->error, "DEBUG");
return false;
}
} else {
// Return raw result
}
//logIt('call API result: ' . print_r($result,true), "DEBUG");
return $result;
}
<?php
// ============================================================================
// PREPRINTS/DELETE_PREPRINT.PHP
// ============================================================================
require_once "config.manage.php";
core_declare_input("rowId");
if (!$authClass->isAdmin()) {
errorPage("Preprints may only be deleted by administrative staff");
}
$deleteRes = $dbClass->query("SELECT * FROM publications WHERE RowId='" . $rowId . "'");
$row = $dbClass->next_record($deleteRes);
$q = $dbClass->query("UPDATE publications SET " . "Status='free', Field='', Location='', Authors='', " . "Title='', PublIn='' WHERE RowId='" . $rowId . "'");
mail2secretary("Deleted");
logIt("delete", pp_preprintID($row["Year"], $row["Report"]), uid2gecos($row["Id"]));
if (file_exists($row["Location"])) {
unlink($row["Location"]);
}
require "show_preprints.php";
function appsLog($type, $text, $dummy)
{
list($to, $fr, $s) = split(" ", $text);
logIt($type, eregi_replace("^.*=", "", $s), eregi_replace("^.*=", "", $to));
}
bugPage("no account found for UID='{$res_UID}'");
}
$res_login = $account["name"];
if (!$authClass->isAdmin() && $res_login != $AUTH_login) {
errorPage("Reserving of preprint nbrs for others is only " . "permitted for administrative staff.");
}
$res_gecos = $account["gecos"];
$res_ppn = pp_reserveNumber($nor_pp_year, $res_UID, $field, $authors, $title);
// reread back the record
$q = $dbClass->query("SELECT * FROM publications WHERE Year={$nor_pp_year} AND Report={$res_ppn} AND Field='{$field}'");
$row = $dbClass->next_record($q);
$_POST["rowId"] = $row["RowId"];
require "update_preprint.inc.php";
mail2secretary("Reserved");
mail_PPsubmitter("Reserved");
logIt("submit", pp_preprintID($nor_pp_year, $res_ppn), $res_gecos);
echo x("p", x("i", "Preprint number <b>{$res_ppn}</b> has been reserved for {$res_gecos}<br>Please quote:"));
show_preprint($_POST["rowId"], "index.php", $showcancelButton = False);
endPage();
// ==========================================================================
/// @fn void ( void )
///
/// ...
///
/// @global
/// @parameter ...
/// @return ...
/// @gobals[out] - none
/// @sideeffect - none
///
/// @calledby ...
function sendReminder()
{
global $dbClass, $row;
$action = "reminder";
if ($_SESSION[$action][$action]++) {
return;
}
$remindingPeriod = core_getConfig("remindingPeriod", 7 * 24 * 3600);
// a week
if ($q = getPendingPreprints("Tm < " . (time() - $remindingPeriod))) {
while ($row = $dbClass->next_record($q)) {
$pp = pp_preprintID($row["Year"], $row["Report"]);
$gecos = uid2gecos($row["Id"]);
if (core_getoption("CLI")) {
print sprintf("%-15s %-25s %-15s %s \n", $pp, uid2login($row["Id"]), $gecos, long_date_and_time_string($row["Tm"]));
}
$l = $dbClass->query("SELECT * FROM " . PP_LOGTABLE . " WHERE text REGEXP '" . $pp . " ' " . "AND type = '" . $action . "' ORDER BY time DESC");
$tobeSent = !$dbClass->num_rows($l);
while ($log = $dbClass->next_record($l)) {
if ((int) $log["time"] > time() - $remindingPeriod) {
break;
}
$tobeSent = True;
}
if ($tobeSent) {
logIt($action, $pp, $gecos);
mailReminder();
}
}
}
}
public function createNewUser($pass, $verifymail = true)
{
if (self::usernameExists()) {
$this->error = "Error creating user (CODE 001)";
// Don't create a user if they already exist!
return false;
}
if (empty($pass)) {
$this->error = "Error creating user (CODE 002)";
// Missing password
return false;
}
// Salt and Hash password
//$salt = generateRandomString(25, true);
$password_salt_hash = generateHash($pass);
//logIt("Hashing $pass with $salt to yield $password_hash","DEBUG");
$data = array(REDCAP_FIRST_FIELD => $this->next_user_id, getRF('username') => $this->username, getRF('password') => $password_salt_hash, getRF('firstname') => ucfirst($this->firstname), getRF('lastname') => $this->lastname, getRF('zip') => $this->zip, getRF('city') => $this->city, getRF('state') => $this->state, getRF('age') => $this->age, getRF('email') => $this->email, getRF('created_ts') => date('Y-m-d H:i:s'));
// Add event if longitudinal
if (REDCAP_PORTAL_EVENT !== NULL) {
$data['redcap_event_name'] = REDCAP_PORTAL_EVENT;
}
logIt("CREATE NEW USER WITH DATA:" . print_r($data, true), "DEBUG");
$result = RC::writeToApi($data, array('returnContent' => 'ids'));
$new_user_id = is_array($result) ? current($result) : null;
if (is_numeric($new_user_id)) {
$this->new_user_id = $new_user_id;
if ($verifymail) {
$newuser = new RedcapPortalUser($new_user_id);
$newuser->createEmailToken();
$newuser->emailEmailToken();
}
} else {
logIt("Error creating new user: "******"ERROR");
$this->error = "Error creating user via API";
}
logIt("CREATE NEW USER RESULT:" . json_encode($result), "DEBUG");
return $new_user_id;
}
public function testLogic($logic)
{
logIt('testLogic: ' . $logic);
if (LogicTester::isValid($logic)) {
// Append current event details
if (REDCap::isLongitudinal() && $this->redcap_event_name) {
$logic = LogicTester::logicPrependEventName($logic, $this->redcap_event_name);
}
// Test logic
logIt('Logic:' . $logic, 'DEBUG');
if (LogicTester::evaluateLogicSingleRecord($logic, $this->record)) {
$result = RCView::img(array('class' => 'imgfix', 'src' => 'accept.png')) . " True";
} else {
$result = RCView::img(array('class' => 'imgfix', 'src' => 'cross.png')) . " False";
}
} else {
$result = RCView::img(array('class' => 'imgfix', 'src' => 'error.png')) . " Invalid Syntax";
}
return $result;
}
function updateUser($data = array(), $extra_params = array(), $flushLog = true)
{
// Add record ID if not already there
$data[REDCAP_FIRST_FIELD] = $this->user_id;
// Add event if longitudinal
if (REDCAP_PORTAL_EVENT !== NULL) {
$data['redcap_event_name'] = REDCAP_PORTAL_EVENT;
}
logIt("updateUser data1:" . print_r($data, true), "DEBUG");
if ($flushLog && count($this->log_entry > 0)) {
$newLog = array(getRF('log') => implode("\n", $this->log_entry));
$data = array_merge($data, $newLog);
//$this->log_entry = array();
}
//logIt("updateUser data2:".print_r($data,true), "DEBUG");
$result = RC::writeToApi($data, $extra_params);
if (isset($result['error'])) {
logIt('Error updating User: '******'error'] . " with: " . print_r($data, true));
return false;
}
//logIt("updateUser result:".print_r($result,true), "DEBUG");
// Flush the log
if ($flushLog) {
$this->log_entry = array();
}
// Reload the session user from the API
self::refreshUser();
return true;
//$result;
}
function postTweet($OAuth, $status)
{
if (empty($status)) {
return false;
}
$connection = new TwitterOAuth($OAuth['consumer_key'], $OAuth['consumer_secret'], $OAuth['access_token'], $OAuth['access_token_secret']);
$result = $connection->post('statuses/update', array('status' => $status . ' #PinScore'));
if (empty($result->id)) {
logIt('Error posting tweet. ' . $result->errors[0]->message);
} else {
return true;
}
}
function queryAPI($params) {
global $api_token, $api_url;
// Assuming the following for all queries
$params['token'] = $api_token;
$params['format'] = 'json';
$params['type'] = 'flat';
logIt('Params: '.print_r($params,true), "DEBUG");
$r = curl_init($api_url);
curl_setopt($r, CURLOPT_POST, 1);
curl_setopt($r, CURLOPT_POSTFIELDS, http_build_query($params));
curl_setopt($r, CURLOPT_RETURNTRANSFER, 1);
$r_result = curl_exec($r);
$r_error = curl_error($r);
curl_close($r);
if ($r_error) {
logIt("Curl call failed ($r_error) with params (".json_encode($params).")", 'ERROR');
exit;
}
logIt('r_result: '.print_r($r_result,true), "DEBUG");
$results = json_decode($r_result,true);
return $results;
}
addSessionAlert(lang("ACCOUNT_PASS_MISMATCH"));
$valid = false;
}
//End data validation
if ($valid) {
$salt = $loggedInUser->getSalt();
//Make a new password from the existing salt
$entered_pass_new = generateHash($password_new, $salt);
// Check that things are still good so we should update the password
if ($valid) {
//This function will update the hash_pw property.
$loggedInUser->updatePassword($entered_pass_new);
addSessionMessage("Password Updated", "success");
}
} else {
logIt("Change Password: Invalid Request", "INFO");
}
//PASSWORD SECURITY QUESTIONS
$password_reset_data = array();
$all_valid = true;
foreach ($password_reset_pairs as $i => $pair) {
$q = isset($_POST[$pair['question']]) ? $_POST[$pair['question']] : null;
$a = isset($_POST[$pair['answer']]) ? $_POST[$pair['answer']] : null;
$password_reset_data[$i]['question'] = $q;
$password_reset_data[$i]['answer'] = $a;
if (empty($q) || empty($a)) {
// Invalid responses
addSessionAlert("Invalid password reset values for question {$i}");
$all_valid = false;
} else {
$a = hashSecurityAnswer($a);
function add_SQLuser()
{
global $t, $links, $tabs, $dbClass, $authClass;
if (!$_REQUEST["t"]) {
$_REQUEST["t"] = "event";
}
$accE = $_REQUEST["t"] == "event";
$error = array();
if ($_REQUEST["button"]) {
$users = getSQLusers();
if ($v = $_REQUEST["full_name"]) {
foreach ($users as $k => $u) {
if (strToLower($u["gecos"]) == strToLower($v)) {
$error[] = x("li", "'{$v}' is already known as '{$u['email']}'");
}
}
if ($accE && !eregi("20[0-9][0-9]\$", $v)) {
$error[] = x("li", "'event title' must have the year at the end");
}
}
if ($v = strToLower($_REQUEST["username"])) {
foreach ($users as $k => $u) {
if (strToLower($u["email"]) == strToLower($v)) {
$error[] = x("li", "'{$v}' is already known as '{$u['gecos']}'");
}
}
if ($accE && !eregi("^[a-z0-9]*\$", $v)) {
$error[] = x("li", "'{$v}' is not a valid login name");
}
if (!$accE && !eregi("@", $v)) {
$error[] = x("li", "'{$v}' is not a valid e-mail address");
}
}
}
if ($error || !$_REQUEST["username"] || !$_REQUEST["full_name"]) {
/*
* (re)send the form
*/
$tt = new table("cellpadding='10'", "<center>" . x("h3", "Adding new external user"));
$tt->tr("", "valign='top' colspan='3'", x("i", "The external user account is associated either with a <ul>" . "<li> a person (identified by his e-mail and password) or</li>" . "<li> a Nordita event (program, conference, etc.)</li></ul>"));
$tt->tro();
$tt->td($accE ? "Both the <b>event title</b> and <b>login name</b><br>must end by the 4-digits Year." . "<br><br><b>contact e-mail</b> is a comma-separated list<br>of the organizer e-mails" : "");
$tt->tdo("valign='top'");
$t = new table("", "<form action='" . $links[$tabs->active] . "' method='post'>");
if ($error) {
str(False, "errors detected:" . x("ul", join("\n", $error)), "colspan='3' class='registered'");
}
$r = "input type ='radio' name='t' onchange='submit()'";
str("account type", "<{$r} value='human' " . ($accE ? "" : "checked") . ">personal account <{$r} value='event' " . ($accE ? "checked" : "") . ">event account");
str($accE ? "event title" : "full name", "<input type='text' name='full_name' value='{$_REQUEST['full_name']}' size='35'>");
str($accE ? "login name" : "e-mail", "<input type='text' name='username' value='{$_REQUEST['username']}' size='35'>");
if ($accE) {
str("proposed password", "<input type='password' name='pwd' value='{$_REQUEST['pwd']}' size='35'>");
}
if ($accE) {
str("confirm password", "<input type='password' name='pwd2' value='{$_REQUEST['pwd2']}' size='35'>");
}
if ($accE) {
str("contact e-mail(s)", "<input type='text' name='contact' value='{$_REQUEST['contact']}' size='35'>");
}
str(" ", "<input type='submit' name='button' value='submit'> <input type='submit' name='button' value='cancel'>");
$t->close("</form>");
$tt->tdc();
$tt->trc();
$tt->close("</center>");
} else {
/*
* the form is ok. Create the account, send info mail
*/
$users = getSQLusers();
$uid = -1000;
while ($users[$uid]) {
--$uid;
}
if (!$_REQUEST["pwd"]) {
$_REQUEST["pwd"] = $authClass->random_password(8);
}
$dbClass->query("INSERT INTO accounts (id,username,password,new_password,full_name,status,superviser) " . "VALUES ('{$uid}','{$_REQUEST['username']}','{$_REQUEST['pwd']}','{$_REQUEST['pwd']}','{$_REQUEST['full_name']}',1,'{$_REQUEST['contact']}')");
logIt("newuser", $_REQUEST["username"], $_REQUEST["full_name"]);
print x("h3", "New user for the Preprints Database");
$t = new table();
# $t->tr("","",$uid,"uid:");
$t->tr("", "", $_REQUEST["full_name"], "name:");
$t->tr("", "", $_REQUEST["username"], x("b", "login name:"));
if ($_REQUEST["contact"]) {
$t->tr("", "", $_REQUEST["contact"], x("b", "contact e-mail:"));
} else {
$t->tr("", "colspan='2'", x("i", "The password is sent to " . $_REQUEST["username"]));
}
$t->close();
mail2newUser($_REQUEST["username"]);
}
}
default:
errorExit("An unknown error occured during file upload.");
}
}
$q = $dbClass->query("SELECT * FROM publications WHERE RowId=" . $dbClass->quote($rowId));
$row = $dbClass->next_record($q);
$status = $row["Status"];
if ($status == "reserved" && !(empty($location) && empty($journal)) && !empty($authors) && !empty($title)) {
$status = "registered";
mail2secretary("Registered");
logIt("register", pp_preprintID($row["Year"], $row["Report"]), uid2gecos($res_UID));
unset($pp_id);
}
$dbClass->query("UPDATE publications SET " . " Field=" . $dbClass->quote($field) . ",Location=" . $dbClass->quote($location) . ",Authors=" . $dbClass->quote($authors) . ",Title=" . $dbClass->quote($title) . ",PublIn=" . $dbClass->quote($journal) . ",Id=" . $dbClass->quote($res_UID) . ",Status=" . $dbClass->quote($status) . " WHERE RowId=" . $dbClass->quote($rowId));
if ($pp_id) {
logIt("edit", $pp_id, uid2gecos($res_UID));
}
// ==========================================================================
/// @fn void ( void )
///
/// ...
///
/// @global
/// @parameter ...
/// @return ...
/// @gobals[out] - none
/// @sideeffect - none
///
/// @calledby ...
// ==========================================================================
function errorExit($text)
function getRF($property)
{
global $redcap_field_map;
if (isset($redcap_field_map[$property])) {
return $redcap_field_map[$property];
} else {
logIt("Error finding {$property} in redcap_field_map", "ERROR");
return false;
}
}
<?php
// ============================================================================
// PREPRINTS/ACCEPT_PREPRINT.PHP
// ============================================================================
include_once "config.manage.php";
core_declare_input("rowId");
if (!$authClass->isAdmin()) {
errorPage("Preprints may only be accepted by administrative staff");
}
$time = time();
$dbClass->query("update publications set Status='ok', Tm=" . $time . " where RowId=" . $rowId);
$res = $dbClass->query("select * from publications where RowId=" . $rowId);
while ($row = $dbClass->next_record($res)) {
mail2secretary("Accepted");
logIt("accept", pp_preprintID($row["Year"], $row["Report"]), uid2gecos($row["Id"]));
}
header("Location: show_preprints.php");