Epagris
59e113333a
- test-related request block redesigned - elvis operator replaced with the more adequate null coalescing one
508 lines
19 KiB
PHP
508 lines
19 KiB
PHP
<?php
|
|
|
|
ini_set('display_startup_errors', '1');
|
|
|
|
require_once "globals.php";
|
|
|
|
if (!file_exists(INSTALL_INDICATOR)) {
|
|
exit();
|
|
}
|
|
|
|
if (!isset($_REQUEST["action"])) {
|
|
exit();
|
|
}
|
|
|
|
require_once "common_func.php";
|
|
|
|
// load databases only if something meaningful have arrived
|
|
require_once "usermgr.php";
|
|
require_once "groupmgr.php";
|
|
require_once "gamemgr.php";
|
|
require_once "testmgr.php";
|
|
|
|
require_once "controller.php";
|
|
|
|
function patch_through_image(string $gameid, string $img_url)
|
|
{
|
|
$game_dir = get_game_dir_by_gameid($gameid);
|
|
$image_fetch_url = $game_dir . DIRECTORY_SEPARATOR . $img_url;
|
|
|
|
$img_fp = fopen($image_fetch_url, "r");
|
|
if ($img_fp === false) {
|
|
$img_fp = fopen(MISSING_IMAGE_PLACEHOLDER, "r");
|
|
}
|
|
fpassthru($img_fp);
|
|
fclose($img_fp);
|
|
}
|
|
|
|
$action = $_REQUEST["action"];
|
|
|
|
$result = "";
|
|
|
|
// no-login accessible actions
|
|
switch ($action) {
|
|
case "login":
|
|
{
|
|
$nickname = $_REQUEST["nickname"];
|
|
$password = $_REQUEST["password"];
|
|
if (check_user_credentials($nickname, $password)) {
|
|
session_start();
|
|
$_SESSION["nickname"] = $nickname;
|
|
$result = "OK";
|
|
} else {
|
|
$result = "FAIL";
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
|
|
// exit script if there's no live session or nickname is missing or the referenced user is non-existent
|
|
if ((session_status() != PHP_SESSION_ACTIVE) || (!isset($_SESSION["nickname"])) || (count(get_user($_SESSION["nickname"])) == 0)) {
|
|
goto print_result;
|
|
}
|
|
|
|
$user_data = get_user($_SESSION["nickname"]);
|
|
$nickname = $user_data["nickname"];
|
|
$privilege = $user_data["privilege"];
|
|
$is_quizmaster = $privilege === PRIVILEGE_QUIZMASTER;
|
|
|
|
// login-requiring actions
|
|
switch ($action) {
|
|
case "logout":
|
|
{
|
|
$_SESSION = []; // clean up session data
|
|
setcookie(SESSION_NAME, "", -1); // invalidate cookie
|
|
}
|
|
break;
|
|
case "get_user_info":
|
|
{
|
|
$user_data_filtered = $user_data;
|
|
unset($user_data_filtered["password"]);
|
|
$result = json_encode($user_data_filtered);
|
|
}
|
|
break;
|
|
case "get_available_games":
|
|
{
|
|
$games_by_groups = [];
|
|
$groupids = $user_data["groups"];
|
|
foreach ($groupids as $groupid) {
|
|
$group_data = get_group($groupid);
|
|
$game_collection = [
|
|
"groupname" => $group_data["groupname"],
|
|
"description" => $group_data["description"],
|
|
"games" => []
|
|
];
|
|
$gameids = $group_data["games"];
|
|
foreach ($gameids as $gameid) {
|
|
$game = get_game($gameid);
|
|
$game_collection["games"][] = $game;
|
|
}
|
|
$games_by_groups[] = $game_collection;
|
|
}
|
|
$result = json_encode($games_by_groups);
|
|
}
|
|
break;
|
|
case "start_or_continue_test":
|
|
{
|
|
$gameid = trim($_REQUEST["gameid"] ?? "");
|
|
$testid = create_or_continue_test($gameid, $nickname);
|
|
$result = $testid;
|
|
}
|
|
break;
|
|
case "get_results_overview":
|
|
{
|
|
$gameid = trim($_REQUEST["gameid"] ?? "");
|
|
$concluded_tests = get_concluded_tests($gameid, $nickname);
|
|
$overviews = [];
|
|
foreach ($concluded_tests as $ct) {
|
|
$overview = [
|
|
"testid" => $ct["_id"],
|
|
"start_time" => $ct["start_time"],
|
|
"end_time" => $ct["end_time"],
|
|
...$ct["summary"]
|
|
];
|
|
$overviews[] = $overview;
|
|
}
|
|
$result = json_encode($overviews);
|
|
}
|
|
break;
|
|
}
|
|
|
|
// test-related queries
|
|
const TEST_RELATED_ACTIONS = ["get_test", "save_answer", "submit_test"];
|
|
if (in_array($action, TEST_RELATED_ACTIONS)) {
|
|
|
|
$testid = trim($_REQUEST["testid"] ?? "");
|
|
$test_data = ($testid !== "") ? get_test($testid) : [];
|
|
$is_a_default_test_with_access = ($testid !== "") && ((count($test_data)) > 0) && (($test_data["nickname"] === $nickname));
|
|
|
|
$user_is_contributor_or_quizmaster = $is_quizmaster || is_user_contributor_to_game($test_data["gameid"], $nickname);
|
|
|
|
if ($is_a_default_test_with_access || $user_is_contributor_or_quizmaster) {
|
|
|
|
// update the test if timed
|
|
update_timed_tests([$test_data]);
|
|
|
|
switch ($action) {
|
|
case "get_test":
|
|
{
|
|
$test_data_with_current_time = $test_data;
|
|
$test_data_with_current_time["current_time"] = time();
|
|
$result = json_encode($test_data_with_current_time);
|
|
}
|
|
break;
|
|
case "save_answer":
|
|
{
|
|
$chidx = $_REQUEST["challenge_index"];
|
|
$answeridx = $_REQUEST["answer_index"];
|
|
save_answer($testid, $chidx, $answeridx);
|
|
}
|
|
break;
|
|
case "submit_test":
|
|
{
|
|
conclude_test($testid);
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
// $user_has_access_to_game = does_user_access_game($nickname, $gameid);
|
|
|
|
// get_image needs special treatment
|
|
if ($action === "get_image") {
|
|
if ($is_a_default_test_with_access || $user_is_contributor_or_quizmaster) { // default case
|
|
$img_url = trim($_REQUEST["img_url"] ?? "");
|
|
if ($img_url !== "") {
|
|
$gameid = $_REQUEST["gameid"];
|
|
patch_through_image($gameid, $img_url);
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
// creator or quizmaster actions
|
|
if (($privilege !== PRIVILEGE_CREATOR) && ($privilege !== PRIVILEGE_QUIZMASTER)) {
|
|
goto print_result;
|
|
}
|
|
|
|
$requester_nickname = $is_quizmaster ? "*" : $nickname; // "*" means every game
|
|
|
|
switch ($action) {
|
|
case "create_game":
|
|
case "update_game":
|
|
{
|
|
$update = $action === "update_game";
|
|
$data = json_decode($_REQUEST["data"], true) ?? [];
|
|
if (($data === []) || (trim($data["name"] ?? "") === "")) { // no further processing
|
|
goto print_result; // ~exit...
|
|
}
|
|
$gameid = $data["_id"];
|
|
$name = $data["name"];
|
|
$description = $data["description"];
|
|
$contributors = explode_list($data["contributors"] ?? "");
|
|
$owner = $update ? trim($data["owner"] ?? $nickname) : $nickname;
|
|
$groups = explode_list($data["groups"] ?? "");
|
|
$properties = $data["properties"] ?? [];
|
|
|
|
$groupids = get_groupids_by_compounds($groups); // convert group compounds to _ids
|
|
|
|
// remove group ID's this user cannot edit
|
|
$groupids_with_editor_access = [];
|
|
foreach ($groupids as $groupid) {
|
|
if (is_user_editor_to_group($groupid, $nickname) || $is_quizmaster) {
|
|
$groupids_with_editor_access[] = $groupid;
|
|
}
|
|
}
|
|
|
|
// create or update
|
|
if (!$update) {
|
|
create_game($name, $owner, $description);
|
|
} else if (is_user_contributor_to_game($gameid, $nickname) || $is_quizmaster) {
|
|
$game_data = get_game($gameid);
|
|
if (count($game_data) !== 0) {
|
|
// group management
|
|
$old_groupids = $game_data["groups"]; // retain old groupids
|
|
$new_groupids = $groupids; // get new groupids
|
|
$groupids_add = array_diff($new_groupids, $old_groupids); // groups this user needs to be added to
|
|
$groupids_remove = array_diff($old_groupids, $new_groupids); // groups this user need to be removed from
|
|
foreach ($groupids_add as $groupid) { // execute insertion and removal
|
|
change_group_game_assignments($groupid, $gameid, null);
|
|
}
|
|
foreach ($groupids_remove as $groupid) {
|
|
change_group_game_assignments($groupid, null, $gameid);
|
|
}
|
|
|
|
// re-fetch game data
|
|
$game_data = get_game($gameid);
|
|
|
|
// update game header data
|
|
$game_data["name"] = $name;
|
|
$game_data["description"] = $description;
|
|
if (($game_data["owner"] === $nickname) || ($privilege === PRIVILEGE_QUIZMASTER)) {
|
|
$game_data["owner"] = $owner;
|
|
}
|
|
$game_data["contributors"] = array_intersect($contributors, get_all_nicknames());
|
|
$game_data["properties"]["time_limit"] = $properties["time_limit"];
|
|
$game_data["properties"]["repeatable"] = $properties["repeatable"];
|
|
|
|
// process game public flag: a game might be only public if not being time-constrained and is allowed to be taken multiple times
|
|
if (($properties["time_limit"] !== 0) || (!$properties["repeatable"])) {
|
|
$game_data["public"] = false;
|
|
} else {
|
|
$game_data["public"] = $data["public"];
|
|
}
|
|
|
|
// update game data
|
|
update_game($game_data);
|
|
|
|
// update game file if supplied
|
|
if (isset($_FILES["game_file"])) {
|
|
// decide weather it's a package or a plain table
|
|
$file = $_FILES["game_file"];
|
|
$challenge_import_status = [];
|
|
|
|
// determine MIME type
|
|
$file_type = strtolower(pathinfo($file["name"], PATHINFO_EXTENSION));
|
|
|
|
if ($file_type === "zip") { // a package was uploaded
|
|
$zip = new ZipArchive;
|
|
if ($zip->open($file["tmp_name"])) {
|
|
|
|
$game_dir = get_game_dir_by_gameid($gameid); // get game directory
|
|
$game_files = glob($game_dir); // get list of existing game files
|
|
// remove former files recursively
|
|
$dir_iter = new RecursiveDirectoryIterator($game_dir, FilesystemIterator::SKIP_DOTS);
|
|
foreach ($dir_iter as $dir_item) {
|
|
$item_path = $dir_item->getPathname();
|
|
$dir_item->isDir() ? rmdir($item_path) : unlink($item_path);
|
|
}
|
|
|
|
// extract package contents to the game directory
|
|
$zip->extractTo($game_dir . DIRECTORY_SEPARATOR);
|
|
|
|
// search for the CSV table file
|
|
$csv_files = glob($game_dir . DIRECTORY_SEPARATOR . "*.csv") ?? [];
|
|
if (count($csv_files)) {
|
|
$challenge_import_status = import_challenges_from_csv($csv_files[0], $gameid);
|
|
}
|
|
}
|
|
} else if ($file_type === "csv") { // a plain table was uploaded
|
|
$challenge_import_status = import_challenges_from_csv($file["tmp_name"], $gameid);
|
|
}
|
|
$result = json_encode($challenge_import_status);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
case "get_all_game_headers":
|
|
{
|
|
$game_headers = get_all_game_data_by_contributor_nickname($requester_nickname);
|
|
foreach ($game_headers as &$game_header) {
|
|
resolve_groupids($game_header["groups"]);
|
|
}
|
|
$result = json_encode($game_headers);
|
|
}
|
|
break;
|
|
case "get_challenges":
|
|
{
|
|
$gameid = ($_REQUEST["gameid"] ?? "");
|
|
$game_data = get_game($gameid);
|
|
if ((count($game_data) > 0) && ($is_quizmaster || (is_user_contributor_to_game($gameid, $requester_nickname)))) {
|
|
$result = file_get_contents(get_game_file_by_gameid($gameid));
|
|
}
|
|
}
|
|
break;
|
|
case "delete_games":
|
|
{
|
|
$gameids = explode_list(trim($_REQUEST["ids"] ?? ""));
|
|
foreach ($gameids as $gameid) {
|
|
if (($gameid !== "") && (is_user_owner_of_the_game($gameid, $nickname))) { // only the owner may delete a game
|
|
delete_game($gameid);
|
|
}
|
|
}
|
|
}
|
|
break;
|
|
case "export_game_file_csv":
|
|
{
|
|
$gameid = trim($_REQUEST["gameid"] ?? "");
|
|
if (($gameid !== "") && is_user_contributor_to_game($gameid, $nickname)) {
|
|
$f = tmpfile();
|
|
header("Content-Type: text/csv");
|
|
header("Content-Disposition: attachment; filename=\"challenges_$gameid.csv\"\r\n");
|
|
export_challenges_to_csv($f, $gameid);
|
|
fseek($f, 0);
|
|
fpassthru($f);
|
|
}
|
|
}
|
|
break;
|
|
case "get_results_by_gameid":
|
|
{
|
|
$gameid = trim($_REQUEST["gameid"] ?? "");
|
|
$filter = trim($_REQUEST["filter"] ?? "");
|
|
$ordering = trim($_REQUEST["orderby"] ?? "");
|
|
if (($gameid !== "") && (is_user_contributor_to_game($gameid, $nickname) || $is_quizmaster)) {
|
|
$game_results = get_results_by_gameid($gameid, $filter, $ordering, true);
|
|
$result = json_encode($game_results);
|
|
}
|
|
}
|
|
break;
|
|
case "generate_detailed_stats":
|
|
{
|
|
$testids = json_decode(trim($_REQUEST["testids"] ?? "[]"), true);
|
|
$gameid = trim($_REQUEST["gameid"] ?? "");
|
|
$stats = generate_detailed_stats($gameid, $testids);
|
|
$result = json_encode($stats);
|
|
}
|
|
break;
|
|
|
|
// case "get_image":
|
|
// {
|
|
// $gameid = trim($_REQUEST["gameid"] ?? "");
|
|
// $img_url = trim($_REQUEST["img_url"] ?? "");
|
|
// patch_through_image($gameid, $img_url);
|
|
// }
|
|
// break;
|
|
}
|
|
|
|
// quizmaster actions
|
|
if ($privilege !== PRIVILEGE_QUIZMASTER) {
|
|
goto print_result;
|
|
}
|
|
|
|
switch ($action) {
|
|
case "create_group":
|
|
case "update_group":
|
|
{
|
|
$update = $action === "update_group";
|
|
$groupname = trim($_REQUEST["groupname"] ?? "");
|
|
$description = trim($_REQUEST["description"] ?? "");
|
|
$editors = explode_list(trim($_REQUEST["editors"] ?? ""));
|
|
$owner = (!$update) ? $user_data["nickname"] : trim($_REQUEST["owner"]);
|
|
if ($owner === "") {
|
|
$owner = $user_data["nickname"];
|
|
}
|
|
if ($groupname != "") {
|
|
switch ($action) {
|
|
case "create_group":
|
|
create_group($groupname, $owner, $description);
|
|
break;
|
|
case "update_group":
|
|
{
|
|
$gid = $_REQUEST["id"];
|
|
$group = get_group($gid);
|
|
if (count($group) !== 0) {
|
|
$group["unique"] = manage_unique_in_siblings($gid, $groupname); // manage unique flag in case of renaming
|
|
$group["groupname"] = $groupname;
|
|
$group["description"] = $description;
|
|
$group["editors"] = array_intersect($editors, $group["users"]); // a user cannot be an editor if not part of the group
|
|
$group["owner"] = $owner;
|
|
update_group($group);
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
|
|
}
|
|
}
|
|
break;
|
|
case "delete_groups":
|
|
{
|
|
$groups = explode_list($_REQUEST["ids"] ?? "");
|
|
foreach ($groups as $g) {
|
|
delete_group($g);
|
|
}
|
|
}
|
|
break;
|
|
case "get_all_groups":
|
|
$result = json_encode(get_all_groups());
|
|
break;
|
|
case "search_groups":
|
|
{
|
|
$needle = $_REQUEST["needle"] ?? "";
|
|
$result = json_encode(search_groups($needle));
|
|
}
|
|
break;
|
|
case "create_user":
|
|
case "update_user":
|
|
{
|
|
$update = $action === "update_user";
|
|
$target_nickname = trim($_REQUEST["nickname"] ?? "");
|
|
$password = trim($_REQUEST["password"] ?? "");
|
|
$groups = explode_list($_REQUEST["groups"] ?? "");
|
|
$realname = trim($_REQUEST["realname"] ?? "");
|
|
$privilege = trim($_REQUEST["privilege"] ?? PRIVILEGE_PLAYER);
|
|
|
|
$groupids = get_groupids_by_compounds($groups); // convert group compounds to _ids
|
|
|
|
if (($target_nickname !== "")) {
|
|
if ((!$update) && ($password !== "")) { // CREATE
|
|
add_user($target_nickname, $password, $realname, $groupids, $privilege);
|
|
} else if ($update) { // UPDATE
|
|
$user_data = get_user($target_nickname); // load user data
|
|
|
|
// group management
|
|
$old_groupids = $user_data["groups"]; // retain old groupids
|
|
$new_groupids = $groupids; // get new groupids
|
|
$groupids_add = array_diff($new_groupids, $old_groupids); // groups this user needs to be added to
|
|
$groupids_remove = array_diff($old_groupids, $new_groupids); // groups this user need to be removed from
|
|
foreach ($groupids_add as $groupid) { // execute insertion and removal
|
|
change_group_user_assignments($groupid, $target_nickname, null);
|
|
}
|
|
foreach ($groupids_remove as $groupid) {
|
|
change_group_user_assignments($groupid, null, $target_nickname);
|
|
}
|
|
|
|
// re-fetch user
|
|
$user_data = get_user($target_nickname); // load user data
|
|
|
|
// further field update
|
|
$user_data["realname"] = $realname;
|
|
$user_data["privilege"] = $privilege;
|
|
|
|
// password replacement, if requested
|
|
if ($password !== "") {
|
|
$user_data["password"] = password_hash($password, PASSWORD_DEFAULT);
|
|
}
|
|
|
|
update_user($user_data);
|
|
}
|
|
}
|
|
|
|
}
|
|
break;
|
|
case "delete_users":
|
|
{
|
|
$users = explode_list($_REQUEST["users"] ?? "");
|
|
foreach ($users as $g) {
|
|
delete_user($g);
|
|
}
|
|
}
|
|
break;
|
|
case "get_all_users":
|
|
{
|
|
$user_data_filtered = get_all_users();
|
|
for ($i = 0; $i < count($user_data_filtered); $i++) {
|
|
unset($user_data_filtered[$i]["password"]); // remove password from records
|
|
resolve_groupids($user_data_filtered[$i]["groups"]); // resolve group IDs
|
|
}
|
|
$result = json_encode($user_data_filtered);
|
|
}
|
|
break;
|
|
case "import_users_from_csv":
|
|
{
|
|
if (!isset($_FILES["users_table"])) {
|
|
goto print_result;
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
|
|
// ----------
|
|
|
|
print_result:
|
|
|
|
if ($result !== "") {
|
|
echo $result;
|
|
} |