示例#1
0
function executeChange($currUser, $userid, $newrole)
{
    if ($newrole !== "1" && $newrole !== "2" && $newrole !== "3" && $newrole !== "4") {
        return "Invalid status!";
    }
    $userDAO = new UserDAO();
    $userChan = $userDAO->getUserByID($userid);
    $userCurr = $userDAO->getUserByID($currUser);
    //get current session user
    if ($userCurr->getRole()->getRoleID() !== "1" && $userCurr->getRole()->getRoleID() !== "2") {
        return "You have no right to change user status!";
    }
    if ($userChan === null) {
        //database
        return "Could not find this user!";
    }
    if ($userChan->getRole()->getRoleID() === $newrole) {
        //type
        return "Old status is equal to new status, don't need to change!";
    }
    if ($userCurr->getRole()->getRoleID() === "2") {
        if ($newrole === "1" || $newrole === "2") {
            return "You have no right to set an advanced user.";
        }
    }
    $roleDAO = new RoleDAO();
    $newroleObj = $roleDAO->getRoleByID($newrole);
    $userChan->setRole($newroleObj);
    $userDAO->updateUser($userChan);
    return true;
}
示例#2
0
function verify()
{
    if (isset($_GET["groupid"]) && isset($_GET["accept"])) {
        $groupID = $_GET["groupid"];
        if (!isValidID($groupID)) {
            return;
        }
        $groupDAO = new GroupDAO();
        $group = $groupDAO->getGroupByID($groupID);
        if ($group === null) {
            return;
        }
        $userDAO = new UserDAO();
        $user = $userDAO->getUserByID($_SESSION["userID"]);
        $gmDAO = new GroupMemberDAO();
        $gm = $gmDAO->getGroupMember($group, $user);
        if ($gm === null) {
            return;
        }
        $status = $gm->getAcceptStatus();
        if ($status == "1") {
            return;
        }
        if ($_GET["accept"] == "1") {
            $gm->setAcceptStatus("1");
            $gmDAO->updateGroupMember($gm);
        } elseif ($_GET["accept"] == "3") {
            $gmDAO->deleteGroupMember($gm);
        }
    }
}
示例#3
0
function displaySettings()
{
    $tpl = new FastTemplate("templates/");
    $tpl->define(array("web_main" => "web_main.html", "web_header" => "web_header.html", "head_script" => "settings/head_script.html", "profile" => "settings/profile.html", "department" => "settings/department.html", "department_option" => "settings/department_option.html", "authority" => "settings/authority.html", "body" => "settings/body.html", "web_nav" => "web_nav.html", "web_footer" => "web_footer.html"));
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($_SESSION["userID"]);
    //display profile
    displayProfile($user, $tpl);
    //display group
    displayGroup($user, $tpl);
    $role = $user->getRole();
    if ($role->getRoleID() == "1" || $role->getRoleID() == "2") {
        //display user
        displayUser($user, $tpl);
        desplayDepartment($user, $tpl);
        //display record
        displayRecord($user, $tpl);
        $tpl->parse("SETTINGS_AUTHORITY", "authority");
    } else {
        $tpl->assign("SETTINGS_DEPARTMENT", "");
        $tpl->assign("SETTINGS_USER", "");
        $tpl->assign("SETTINGS_RECORD", "");
        $tpl->assign("SETTINGS_AUTHORITY", "");
    }
    $tpl->assign("TITLE", "My Profile");
    $tpl->parse("WEB_HEADER", "web_header");
    $tpl->parse("HEAD_SCRIPT", "head_script");
    $tpl->parse("WEB_NAV", "web_nav");
    $tpl->parse("SETTINGS_PROFILE", "profile");
    $tpl->parse("BODY", ".body");
    $tpl->parse("WEB_FOOTER", "web_footer");
    $tpl->parse("MAIN", "web_main");
    $tpl->FastPrint();
}
function execChangeProfile($firstname, $lastname, $sex, $departmentID)
{
    if (!isValidName($firstname) || !isValidName($lastname)) {
        return "Please enter valid names!";
    }
    if (!isValidID($departmentID)) {
        return "Invalid department id!";
    }
    $departDAO = new DepartmentDAO();
    $depart = $departDAO->getDepartmentByID($departmentID);
    if ($depart === null) {
        return "Could not find the depart!";
    }
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($_SESSION["userID"]);
    $user->setDepartment($depart);
    if ($user->getFirstName() != $firstname) {
        $user->setFirstName($firstname);
    }
    if ($user->getLastName() != $lastname) {
        $user->setLastName($lastname);
    }
    if ($user->getGender() != $sex) {
        $user->setGender($sex);
    }
    if (isset($_FILES["uploadphoto"])) {
        $ans = uploadPhoto($user, $_FILES["uploadphoto"]);
        if ($ans !== true) {
            return $ans;
        }
    }
    $userDAO->updateUser($user);
    return true;
}
function execEditGroup($userID, $groupID, $checkedUser)
{
    if (gettype($checkedUser) != "array") {
        return "Wrong type of group member!";
    }
    $checkedUser[] = $userID;
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    if (!isValidID($groupID)) {
        return "Invalid group ID!";
    }
    $groupDAO = new GroupDAO();
    $group = $groupDAO->getGroupByID($groupID);
    if ($group === null) {
        return "Group doesn't exist!";
    }
    if ($group->getOwner()->getUserID() !== $userID) {
        return "You are not the owner of this group!";
    }
    $gmDAO = new GroupMemberDAO();
    $gms = $gmDAO->getGroupMembersByGroup($group);
    foreach ($gms as $gm) {
        $alreadyUser = $gm->getUser();
        if (in_array($alreadyUser->getUserID(), $checkedUser)) {
            continue;
        }
        $gmDAO->deleteGroupMember($gm);
    }
    return true;
}
function executeChange($userID, $recordID, $newRecordStatus)
{
    if ($newRecordStatus !== "1" && $newRecordStatus !== "2" && $newRecordStatus !== "3") {
        return "Invalid status!";
    }
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    $recordDAO = new RecordDAO();
    $record = $recordDAO->getRecordByID($recordID);
    if ($record === null) {
        return "Could not find this record!";
    }
    if ($record->getDisplayStatus() === $newRecordStatus) {
        return "Old status is equal to new status, don't need to change!";
    }
    if ($user->getRole()->getRoleID() === "3") {
        if ($record->getUser()->getUserID() !== $userID) {
            return "You have no right to change group status!";
        }
        if ($newStatus === "3") {
            return "You have no right to delete this record!";
        }
    }
    if ($newRecordStatus !== "3") {
        $record->setDisplayStatus($newRecordStatus);
        $recordDAO->updateRecord($record);
        // Do not have updateRecord function
    } else {
        $recordDAO->deleteRecord($record);
        //Do not have this function
    }
    return true;
}
示例#7
0
function uploadFile($userID, $groupID, $file)
{
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    if ($user->getRole()->getRoleID() == "4") {
        return "This user was forbidden to upload file!";
    }
    if (!isValidID($groupID)) {
        return "Group id is not valid!";
    }
    $groupDAO = new GroupDAO();
    $group = $groupDAO->getGroupByID($groupID);
    if ($group === null) {
        return "Can not find this group!";
    }
    if ($group->getActivateStatus() === "2") {
        return "Group is not activated!";
    }
    $groupMemberDAO = new GroupMemberDAO();
    $groupMember = $groupMemberDAO->getGroupMember($group, $user);
    if ($groupMember === null) {
        return "User didn't belong to this group!";
    }
    if (gettype($file["error"]) == "array") {
        return "Only accept one file!";
    }
    $res = isValidUploadFile($file["error"]);
    if ($res !== true) {
        return $res;
    }
    $fileType = -1;
    $res = isValidImage($file["name"]);
    if ($res === true) {
        $fileType = "2";
    }
    $res = isValidFile($file["name"]);
    if ($res === true) {
        $fileType = "3";
    }
    if ($fileType === -1) {
        return "Only accepts jpeg/jpg/gif/png/zip file!";
    }
    $record = new Record($group, $user, $fileType, "temp", "1");
    $recordDAO = new RecordDAO();
    $recordDAO->insertRecord($record);
    $fileDir = "upload/";
    $filePath = $fileDir . $record->getRecordID() . "_" . $file["name"];
    $record->setContent($filePath);
    $recordDAO->updateRecord($record);
    if (file_exists($filePath)) {
        unlink($filePath);
    }
    if (!move_uploaded_file($file['tmp_name'], $filePath)) {
        return "Fail to move file, please contact administrator!";
    }
    return true;
}
示例#8
0
function execCreateGroup($userID, $groupMember, $groupName)
{
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    if ($user->getRole()->getRoleID() == "4") {
        return "This user was forbidden to do this!";
    }
    if (gettype($groupMember) != "array") {
        return "Wrong type of group member!";
    }
    if (count($groupMember) === 0) {
        return "You must choose at least one group member!";
    }
    if (count(array_unique($groupMember)) < count($groupMember)) {
        return "Group member has duplicate value!";
    }
    if (in_array($userID, $groupMember)) {
        return "Group owner should not be a group member!";
    }
    if ($groupName === "" || !isValidGroupName($groupName)) {
        return "Invalid group name, length should be between 2 to 20 and only accepts a-z, A-Z, single space!";
    }
    $arr = array();
    foreach ($groupMember as $groupUserID) {
        $groupUser = $userDAO->getUserByID($groupUserID);
        if ($groupUser === null) {
            return "Could not find some group members!";
        }
        $arr[] = $groupUser;
    }
    $newGroup = new Group($user, $groupName, "1");
    $groupDAO = new GroupDAO();
    $groupDAO->insertGroup($newGroup);
    $gmDAO = new GroupMemberDAO();
    $newGM = new GroupMember($newGroup, $user, "1");
    $gmDAO->insertGroupMember($newGM);
    foreach ($arr as $gmUser) {
        $newGM = new GroupMember($newGroup, $gmUser, "2");
        $gmDAO->insertGroupMember($newGM);
    }
    return true;
}
function execAddToGroup($userID, $groupID, $adduserIDs)
{
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    if (!isValidID($groupID)) {
        return "Invalid group ID!";
    }
    if (gettype($adduserIDs) != "array") {
        return "Wrong type of user id!";
    }
    if (count($adduserIDs) === 0) {
        return "You have to choose users to add to this group!";
    }
    foreach ($adduserIDs as $adduserID) {
        if (!isValidID($adduserID)) {
            return "Invalid user ID!";
        }
    }
    $groupDAO = new GroupDAO();
    $group = $groupDAO->getGroupByID($groupID);
    if ($group === null) {
        return "Group doesn't exist!";
    }
    if ($group->getOwner()->getUserID() !== $userID) {
        return "You are not the owner of this group!";
    }
    $gmDAO = new GroupMemberDAO();
    foreach ($adduserIDs as $auID) {
        $aduser = $userDAO->getUserByID($auID);
        if ($aduser === null) {
            continue;
        }
        $gm = $gmDAO->getGroupMember($group, $aduser);
        if ($gm !== null) {
            continue;
        }
        $gm = new GroupMember($group, $aduser, "2");
        $gmDAO->insertGroupMember($gm);
    }
    return true;
}
示例#10
0
function postRecord($userID, $groupID, $messageType, $content)
{
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    if ($user->getRole()->getRoleID() == "4") {
        return "This user was forbidden to post!";
    }
    if (!isValidID($groupID)) {
        return "Group id is not valid!";
    }
    if (!isValidMessageType($messageType)) {
        return "Message type is not valid!";
    }
    if (gettype($content) != "string" || strlen($content) > 1000) {
        return "Wrong type content or exceed max length(1000)!";
    }
    if ($messageType == "4") {
        if (!preg_match("/^http:\\/\\//i", $content)) {
            return "Only accept http url!";
        }
        $content = substr($content, 7);
        if ($content === "") {
            return "Invalid url!";
        }
    }
    $groupDAO = new GroupDAO();
    $group = $groupDAO->getGroupByID($groupID);
    if ($group === null) {
        return "Can not find this group!";
    }
    if ($group->getActivateStatus() === "2") {
        return "Group is not activated!";
    }
    $groupMemberDAO = new GroupMemberDAO();
    $groupMember = $groupMemberDAO->getGroupMember($group, $user);
    if ($groupMember === null) {
        return "User didn't belong to this group!";
    }
    $record = new Record($group, $user, $messageType, $content, "1");
    $recordDAO = new RecordDAO();
    $recordDAO->insertRecord($record);
    return true;
}
示例#11
0
function execChangePW($password, $newpassword, $confirmpw)
{
    if ($password == "" || $newpassword == "" || $confirmpw == "") {
        return "Please fill all the necessary information!";
    }
    if (!isValidPassword($password) || !isValidPassword($newpassword)) {
        return "Please enter a valid password!";
    }
    if ($newpassword !== $confirmpw) {
        return "The new password and the confirmed new password must be the same!";
    }
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($_SESSION["userID"]);
    if (!verifyPassword($password, $user->getPassword())) {
        return "The old password you entered is not correct!";
    }
    $encryptPW = encryptPassword($newpassword);
    $user->setPassword($encryptPW);
    $userDAO->updateUser($user);
    return true;
}
function executeChange($userID, $groupID, $newStatus)
{
    $newStatus = $newStatus;
    if ($newStatus !== "1" && $newStatus !== "2" && $newStatus !== "3") {
        return "Invalid status!";
    }
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    $groupDAO = new GroupDAO();
    $group = $groupDAO->getGroupByID($groupID);
    if ($group === null) {
        return "Could not find this group!";
    }
    if ($group->getActivateStatus() === $newStatus) {
        return "Old status is equal to new status, don't need to change!";
    }
    if ($user->getRole()->getRoleID() === "3") {
        if ($group->getOwner()->getUserID() !== $userID) {
            return "You have no right to change group status!";
        }
        if ($newStatus === "3") {
            return "You have no right to delete this group!";
        }
    }
    if ($newStatus !== "3") {
        $group->setActivateStatus($newStatus);
        $groupDAO->updateGroup($group);
    } else {
        //delete records
        $recordDAO = new RecordDAO();
        $recordDAO->deleteRecordsByGroup($group);
        //delete groupmember
        $gmDAO = new GroupMemberDAO();
        $gmDAO->deleteGroupMembersByGroup($group);
        //delete group
        $groupDAO->deleteGroup($group);
    }
    return true;
}
function execEditDep($userID, $departmentID, $departmentName)
{
    if (!isValidID($departmentID)) {
        return "Invalid parent ID!";
    }
    if (!isValidDepartmentName($departmentName)) {
        return "Invalid department name!";
    }
    $departDAO = new DepartmentDAO();
    $depart = $departDAO->getDepartmentByID($departmentID);
    if ($depart === null) {
        return "Could not find this department!";
    }
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    $role = $user->getRole();
    if ($role->getRoleID() == "4" || $role->getRoleID() == "3") {
        return "You have no right to do this!";
    }
    $depart->setDepartmentName($departmentName);
    $departDAO->updateDepartment($depart);
    return true;
}
示例#14
0
function changeRecordStatus($adminID, $recordID, $displayStatus)
{
    $userDAO = new UserDAO();
    $admin = $userDAO->getUserByID($adminID);
    if ($admin->getRole()->getRoleID !== 1 || $admin->getRole()->getRoleID !== 2) {
        return "You do not have the right to change record status!";
    }
    $recordDAO = new RecordDAO();
    $record = $recordDAO->getRecordByID($recordID);
    //need function
    if ($record->getDisplayStatus() === $displayStatus) {
        return "Same Status, no need to change it!";
    }
    $record->setDisplayStatus($displayStatus);
    $recordDAO->updateRecord($record);
    //need function
}
示例#15
0
function displayIndex($userID)
{
    $tpl = new FastTemplate("templates/");
    $tpl->define(array("web_main" => "web_main.html", "web_header" => "web_header.html", "head_script" => "index/head_script.html", "user" => "index/user.html", "department" => "index/department.html", "list_item" => "index/list_item.html", "group" => "index/group.html", "comment" => "index/comment.html", "link" => "index/link.html", "image" => "index/image.html", "invitation" => "index/invitation.html", "group_option" => "index/group_option.html", "body" => "index/body.html", "web_nav" => "web_nav.html", "web_footer" => "web_footer.html"));
    $userDAO = new UserDAO();
    $user = $userDAO->getUserByID($userID);
    //initial owner group
    $groupDAO = new GroupDAO();
    $groups = $groupDAO->getGroupsByOwner($user);
    if ($groups === null) {
        $tpl->assign("INDEX_GROUP_OPTION", "");
    } else {
        foreach ($groups as $ownerGroup) {
            $tpl->assign("INDEX_GROUP_OPTIONID", $ownerGroup->getGroupID());
            $tpl->assign("INDEX_GROUP_OPTIONNAME", $ownerGroup->getGroupName());
            $tpl->parse("INDEX_GROUP_OPTION", ".group_option");
        }
    }
    //initial list item
    $gmDAO = new GroupMemberDAO();
    $gms = $gmDAO->getGroupMembersByUser($user);
    if ($gms !== null) {
        $i = 1;
        $hasoneaccept = false;
        foreach ($gms as $gm) {
            if ($gm->getAcceptStatus() == "2") {
                continue;
            }
            $group = $gm->getGroup();
            $tpl->assign("INDEX_LIST_ITEM_GROUPID", $group->getGroupID());
            if ($i == 1) {
                $tpl->assign("INDEX_GROUP_HEADER", $group->getGroupName());
                $tpl->assign("INDEX_LIST_ITEM_ACTIVE", "active");
            } else {
                $tpl->assign("INDEX_LIST_ITEM_ACTIVE", "");
            }
            $tpl->assign("INDEX_LIST_ITEM_SEQ", $i);
            $tpl->assign("INDEX_LIST_ITEM_GROUPNAME", $group->getGroupName());
            $tpl->parse("INDEX_LIST_ITEM_LI", ".list_item");
            $hasoneaccept = true;
            $i++;
        }
        if ($hasoneaccept == false) {
            $tpl->assign("INDEX_LIST_ITEM_LI", "");
            $tpl->assign("INDEX_GROUP_HEADER", "");
        }
    } else {
        $tpl->assign("INDEX_LIST_ITEM_LI", "");
        $tpl->assign("INDEX_GROUP_HEADER", "");
    }
    //initial comments
    $recordDAO = new RecordDAO();
    if ($gms !== null) {
        $hasGMSflag = false;
        $i = 1;
        foreach ($gms as $gm) {
            if ($gm->getAcceptStatus() == "2") {
                continue;
            }
            $group = $gm->getGroup();
            if ($i == 1) {
                $tpl->assign("INDEX_GROUP_HIDE", "");
            } else {
                $tpl->assign("INDEX_GROUP_HIDE", "hide");
            }
            $tpl->assign("INDEX_GROUP_SEQ", $i);
            $records = $recordDAO->getRecordsByGroup($group);
            if ($records === null) {
                $tpl->assign("INDEX_GROUP_COMMENT", "");
            } else {
                $hasOneFlag = false;
                $tpl->clear("INDEX_GROUP_COMMENT");
                foreach ($records as $rec) {
                    if ($rec->getDisplayStatus() === "2") {
                        continue;
                    }
                    $commentUser = $rec->getUser();
                    $tpl->assign("INDEX_GROUP_COMMENT_USERPHOTO", $commentUser->getPhotoURL());
                    $tpl->assign("INDEX_GROUP_COMMENT_USERNAME", $commentUser->getFirstName() . " " . $commentUser->getLastName());
                    $tpl->assign("INDEX_GROUP_COMMENT_TIME", $rec->getTime());
                    $type = $rec->getMessageType();
                    $con = $rec->getContent();
                    if ($type == "1") {
                        $tpl->assign("INDEX_GROUP_COMMENT_CONTENT", htmlentities($con));
                    } else {
                        if ($type == "2") {
                            $tpl->assign("INDEX_CONTENT_IMGURL", $con);
                            $tpl->parse("INDEX_GROUP_COMMENT_CONTENT", "image");
                        } else {
                            if ($type == "3") {
                                $tpl->assign("INDEX_GROUP_CONTENT_LINKURL", $con);
                                $baseName = pathinfo($con, PATHINFO_BASENAME);
                                $pos = strpos($baseName, "_");
                                $oriName = substr($baseName, $pos + 1);
                                $tpl->assign("INDEX_GROUP_CONTENT_LINKNAME", htmlentities($oriName));
                                $tpl->parse("INDEX_GROUP_COMMENT_CONTENT", "link");
                            } else {
                                if ($type == "4") {
                                    $tpl->assign("INDEX_GROUP_CONTENT_LINKURL", "http://" . rawurlencode($con));
                                    $tpl->assign("INDEX_GROUP_CONTENT_LINKNAME", htmlentities($con));
                                    $tpl->parse("INDEX_GROUP_COMMENT_CONTENT", "link");
                                }
                            }
                        }
                    }
                    $tpl->parse("INDEX_GROUP_COMMENT", ".comment");
                    $hasOneFlag = true;
                }
                if ($hasOneFlag == false) {
                    $tpl->assign("INDEX_GROUP_COMMENT", "");
                }
            }
            $tpl->parse("INDEX_GROUP", ".group");
            $hasGMSflag = true;
            $i++;
        }
        if ($hasGMSflag == false) {
            $tpl->assign("INDEX_GROUP_COMMENT", "");
            $tpl->parse("INDEX_GROUP", "group");
        }
    } else {
        $tpl->assign("INDEX_GROUP_COMMENT", "");
        $tpl->parse("INDEX_GROUP", "group");
    }
    //initial department and user
    $result = findDepartAndUser(1, $userID);
    if (count($result) === 0) {
        $tpl->assign("INDEX_DEPART_USER", "");
    } else {
        foreach ($result as $node) {
            if ($node["type"] == 1) {
                $tpl->assign("INDEX_DEPARTID", $node["id"]);
                $tpl->assign("INDEX_DEPART_NAME", $node["name"]);
                $tpl->parse("INDEX_DEPART_USER", ".department");
            } elseif ($node["type"] == 2) {
                $tpl->assign("INDEX_USERID", $node["id"]);
                $tpl->assign("INDEX_USER_NAME", $node["name"]);
                $tpl->parse("INDEX_DEPART_USER", ".user");
            }
        }
    }
    //initial annocement
    $flag = false;
    $gmArr = $gmDAO->getGroupMembersByUser($user);
    if ($gmArr !== null) {
        foreach ($gmArr as $gmPend) {
            if ($gmPend->getAcceptStatus() == "2") {
                $gmGroup = $gmPend->getGroup();
                $gmOwner = $gmGroup->getOwner();
                $tpl->assign("INDEX_INVITATION_OWNER", $gmOwner->getFirstName() . " " . $gmOwner->getLastName());
                $tpl->assign("INDEX_INVITATION_GROUPNAME", $gmGroup->getGroupName());
                $tpl->assign("INDEX_INVITATION_GROUPID", $gmGroup->getGroupID());
                $tpl->parse("INDEX_INVITATION", ".invitation");
                $flag = true;
            }
        }
    }
    if ($flag === false) {
        $tpl->assign("INDEX_INVITATION", "");
    }
    $tpl->assign("TITLE", "Home");
    $tpl->parse("WEB_HEADER", "web_header");
    $tpl->parse("HEAD_SCRIPT", "head_script");
    $tpl->parse("WEB_NAV", "web_nav");
    $tpl->parse("BODY", ".body");
    $tpl->parse("WEB_FOOTER", "web_footer");
    $tpl->parse("MAIN", "web_main");
    $tpl->FastPrint();
}