From 29b53025f931fa5c8725cae0c64790018b7f744e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Wiesner=20Andr=C3=A1s?= <wabe@t-email.hu>
Date: Thu, 12 Sep 2024 11:15:47 +0200
Subject: [PATCH] - get_image redesign and its dependencies

---
 controller.php      | 21 +++++++++++++++++++++
 interface.php       | 42 +++++++++++++++++++++++++++---------------
 js/common.js        |  4 ++--
 js/default_frame.js |  6 +++---
 js/testground.js    | 33 ++++++++++++++++++++-------------
 testground.php      |  4 ++--
 testmgr.php         | 14 +++++---------
 usermgr.php         |  2 ++
 8 files changed, 82 insertions(+), 44 deletions(-)
 create mode 100644 controller.php

diff --git a/controller.php b/controller.php
new file mode 100644
index 0000000..6e4b54f
--- /dev/null
+++ b/controller.php
@@ -0,0 +1,21 @@
+<?php
+
+require_once "globals.php";
+require_once "common_func.php";
+
+require_once "usermgr.php";
+require_once "groupmgr.php";
+require_once "gamemgr.php";
+
+function does_user_access_game($nickname, $gameid): bool {
+    // get game and user data
+    $game_data = get_game($gameid);
+    $user_data = get_user($nickname);
+    if ((count($game_data) === 0) || (count($user_data) === 0)) {
+        return false;
+    }
+
+    // check if this user has permission to take this test
+    // if the intersection of user's groups and game's assigned groups is zero, then the user has no access to this game
+    return count(array_intersect($game_data["groups"], $user_data["groups"])) !== 0;
+}
diff --git a/interface.php b/interface.php
index 7dfdd8d..cc6b863 100644
--- a/interface.php
+++ b/interface.php
@@ -1,5 +1,7 @@
 <?php
 
+ini_set('display_startup_errors', '1');
+
 require_once "globals.php";
 
 if (!file_exists(INSTALL_INDICATOR)) {
@@ -18,12 +20,18 @@ require_once "groupmgr.php";
 require_once "gamemgr.php";
 require_once "testmgr.php";
 
+require_once "controller.php";
+
+const MISSING_IMAGE_PLACEHOLDER = "media/image-missing_120px.png";
 function patch_through_image(string $gameid, string $img_url)
 {
     $game_dir = get_game_dir_by_gameid($gameid);
     $image_fetch_url = $game_dir . DIRECTORY_SEPARATOR . $img_url;
 
     $img_fp = fopen($image_fetch_url, "r");
+    if ($img_fp === false) {
+        $img_fp = fopen(MISSING_IMAGE_PLACEHOLDER, "r");
+    }
     fpassthru($img_fp);
     fclose($img_fp);
 }
@@ -122,9 +130,12 @@ switch ($action) {
 }
 
 // test-related queries
-if (isset($_REQUEST["testid"]) && (($testid = trim($_REQUEST["testid"])) !== "") &&
-    ((count($test_data = get_test($testid))) > 0) &&
-    (($test_data["nickname"] === $nickname) || $is_quizmaster || is_user_contributor_to_game($test_data["gameid"], $nickname))) {
+$is_a_default_test_with_access = isset($_REQUEST["testid"]) && (($testid = trim($_REQUEST["testid"])) !== "") &&
+    ((count($test_data = get_test($testid))) > 0) && (($test_data["nickname"] === $nickname));
+
+$user_is_contributor_or_quizmaster = $is_quizmaster || is_user_contributor_to_game($test_data["gameid"], $nickname);
+
+if ($is_a_default_test_with_access || $user_is_contributor_or_quizmaster) {
 
     // update the test if timed
     update_timed_tests([$test_data]);
@@ -137,18 +148,6 @@ if (isset($_REQUEST["testid"]) && (($testid = trim($_REQUEST["testid"])) !== "")
                 $result = json_encode($test_data_with_current_time);
             }
             break;
-        case "get_image":
-            {
-                $img_url = trim($_REQUEST["image_url"] ?: "");
-                if ($img_url !== "") {
-                    $gameid = $test_data["gameid"];
-                    patch_through_image($gameid, $img_url);
-                }
-            }
-            break;
-    }
-
-    switch ($action) {
         case "save_answer":
             {
                 $chidx = $_REQUEST["challenge_index"];
@@ -164,6 +163,19 @@ if (isset($_REQUEST["testid"]) && (($testid = trim($_REQUEST["testid"])) !== "")
     }
 }
 
+// $user_has_access_to_game = does_user_access_game($nickname, $gameid);
+
+// get_image needs special treatment
+if ($action === "get_image") {
+    if ($is_a_default_test_with_access || $user_is_contributor_or_quizmaster) { // default case
+        $img_url = trim($_REQUEST["img_url"] ?: "");
+        if ($img_url !== "") {
+            $gameid = $test_data["gameid"];
+            patch_through_image($gameid, $img_url);
+        }
+    }
+}
+
 // creator or quizmaster actions
 if (($privilege !== PRIVILEGE_CREATOR) && ($privilege !== PRIVILEGE_QUIZMASTER)) {
     goto print_result;
diff --git a/js/common.js b/js/common.js
index a00c4b6..cf616b9 100644
--- a/js/common.js
+++ b/js/common.js
@@ -1,6 +1,6 @@
-function unix_time_to_human_readable(tunix) {
+function unix_time_to_human_readable(tunix, date_delim = ". ") {
     const date = new Date(Number(tunix) * 1000);
-    return date.getFullYear() + ". " + String(date.getMonth() + 1).padStart(2, "0") + ". " + String(date.getDate()).padStart(2, "0") + ". "
+    return date.getFullYear() + date_delim + String(date.getMonth() + 1).padStart(2, "0") + date_delim + String(date.getDate()).padStart(2, "0") + ". "
         + String(date.getHours()).padStart(2, "0") + ":" + String(date.getMinutes()).padStart(2, "0") + ":" + String(date.getSeconds()).padStart(2, "0");
 }
 
diff --git a/js/default_frame.js b/js/default_frame.js
index 205d433..8fecf62 100644
--- a/js/default_frame.js
+++ b/js/default_frame.js
@@ -56,13 +56,13 @@ function start_or_continue_test(gameid) {
     request(req).then(resp => {
         if (resp.length > 0) // response is non-zero
         {
-            open_test(resp);
+            open_test(resp, gameid);
         }
     });
 }
 
-function open_test(testid) {
-    window.open("testground.php?testid=" + testid, "_new");
+function open_test(testid, gameid) {
+    window.open(`testground.php?testid=${testid}&gameid=${gameid}`, "_new");
 }
 
 function list_corresponding_results(gameid) {
diff --git a/js/testground.js b/js/testground.js
index 061e687..5dbf9e9 100644
--- a/js/testground.js
+++ b/js/testground.js
@@ -6,7 +6,7 @@ function populate_infobox(test_data, view_only) {
         clearInterval(INTERVAL_HANDLE);
     }
 
-    let test_concluded = TEST_DATA["state"] === "concluded";
+    let test_concluded = test_data["state"] === "concluded";
 
     let game_nameS = document.getElementById("game_name");
     let durationS = document.getElementById("duration");
@@ -70,14 +70,23 @@ function populate_infobox(test_data, view_only) {
     }
 }
 
-function populate_challenges(test_data, view_only = false) {
+function assemble_answer_radio_id(challenge_N, answer_N) {
+    return challenge_N + "_" + answer_N;
+}
+
+function mark_answers(challenges, view_only = false) {
+    for (let i = 0; i < challenges.length; i++) {
+       let marked_answerR = document.getElementById(assemble_answer_radio_id(i, challenges[i]["player_answer"]));
+       marked_answerR.checked = true;
+    }
+}
+
+function populate_challenges(challenges, concluded, view_only = false, gameid) {
     let test_display = document.getElementById("test_display");
     test_display.innerHTML = "";
 
-    let test_concluded = TEST_DATA["state"] === "concluded";
-
     let challenge_N = 0;
-    test_data["challenges"].forEach((challenge) => {
+    challenges.forEach((challenge) => {
         let challenge_N_snapshot = challenge_N;
         let challenge_box = document.createElement("section");
         challenge_box.classList.add("challenge");
@@ -90,7 +99,7 @@ function populate_challenges(test_data, view_only = false) {
 
         if (challenge["image_url"] !== "") {
             let qimg = document.createElement("img");
-            qimg.src = `interface.php?action=get_image&testid=${test_data["_id"]}&image_url=${challenge["image_url"]}`;
+            qimg.src = `interface.php?action=get_image&gameid=${gameid}&img_url=${challenge["image_url"]}`;
             qimg.classList.add("question-image")
             challenge_box.insertBefore(qimg, answer_container);
         }
@@ -110,19 +119,16 @@ function populate_challenges(test_data, view_only = false) {
             answer_radio.type = "radio";
             answer_radio.id = `${challenge_N}_${answer_N}`;
             answer_radio.name = `challenge_${challenge_N}`;
-            answer_radio.disabled = test_concluded || view_only;
+            answer_radio.disabled = concluded || view_only;
             let answer_N_snapshot = answer_N;
             answer_radio.addEventListener("input", () => {
                 save_answer(challenge_N_snapshot, answer_N_snapshot);
             });
-            if (player_answer === answer_N) {
-                answer_radio.checked = true;
-            }
 
             let answer_text = document.createElement("label");
             answer_text.innerHTML = preprocess_inserts(answer);
             answer_text.setAttribute("for", answer_radio.id);
-            if (test_concluded && (challenge["correct_answer"] === answer_N)) {
+            if (concluded && (challenge["correct_answer"] === answer_N)) {
                 answer_text.classList.add("correct-answer")
 
                 if (player_answer !== challenge["correct_answer"]) {
@@ -143,7 +149,7 @@ function populate_challenges(test_data, view_only = false) {
     MathJax.typeset();
 }
 
-function populate_all(test_id, view_only) {
+function populate_all(test_id, gameid, view_only) {
     let req = {
         action: "get_test",
         view_only: view_only,
@@ -151,7 +157,8 @@ function populate_all(test_id, view_only) {
     }
     request(req).then(resp => {
         TEST_DATA = JSON.parse(resp);
-        populate_challenges(TEST_DATA, view_only);
+        let concluded = TEST_DATA["state"] === "concluded";
+        populate_challenges(TEST_DATA["challenges"], concluded, view_only, gameid);
         populate_infobox(TEST_DATA, view_only);
     });
 }
diff --git a/testground.php b/testground.php
index 6df803a..bc1f92e 100644
--- a/testground.php
+++ b/testground.php
@@ -10,12 +10,12 @@ if (!get_autologin_state() || !isset($_REQUEST["testid"])) {
 
 $testid = trim($_REQUEST["testid"] ?: "");
 $view_only = trim($_REQUEST["view_only"] ?: "false") === "true" ? true : false;
+$gameid = trim($_REQUEST["gameid"] ?: "");
 
 if ($testid === "") {
     exit();
 }
 
-
 ?>
 
 <!DOCTYPE html>
@@ -64,7 +64,7 @@ if ($testid === "") {
     </section>
 </section>
 <script>
-    populate_all("<?=$testid ?>", <?=$view_only ?>);
+    populate_all("<?=$testid ?>", "<?=$gameid ?>", <?=$view_only ?>);
 </script>
 </body>
 </html>
\ No newline at end of file
diff --git a/testmgr.php b/testmgr.php
index 488932a..02b8ab7 100644
--- a/testmgr.php
+++ b/testmgr.php
@@ -15,18 +15,14 @@ function create_or_continue_test(string $gameid, string $nickname): string
 {
     global $testdb;
 
-    // get game and user data
-    $game_data = get_game($gameid);
-    $user_data = get_user($nickname);
-    if ((count($game_data) === 0) || (count($user_data) === 0)) {
+    // check if user has access to the specific game
+    if (!does_user_access_game($nickname, $gameid)) {
         return "";
     }
 
-    // check if this user has permission to take this test
-    // if the intersection of user's groups and game's assigned groups is zero, then the user has no access to this game
-    if (count(array_intersect($game_data["groups"], $user_data["groups"])) === 0) {
-        return "";
-    }
+    // fetch game data
+    $game_data = get_game($gameid);
+    $user_data = get_user($nickname);
 
     // check if the user had taken this test before
     $fetch_criteria = [["gameid", "=", (int)$gameid], "AND", ["nickname", "=", $nickname]];
diff --git a/usermgr.php b/usermgr.php
index bf009fa..7d99bc5 100644
--- a/usermgr.php
+++ b/usermgr.php
@@ -3,6 +3,8 @@
 require_once "globals.php";
 require_once "common_func.php";
 
+require_once "controller.php";
+
 $userdb = new \SleekDB\Store(USERDB, DATADIR, ["timeout" => false]);
 
 const PRIVILEGE_PLAYER = "player";