SpreadQuiz/interface.php

<?php

ini_set('display_startup_errors', '1');

require_once "globals.php";

if (!file_exists(INSTALL_INDICATOR)) {
    exit();
}

if (!isset($_REQUEST["action"])) {
    exit();
}

require_once "common_func.php";

// load databases only if something meaningful have arrived
require_once "usermgr.php";
require_once "groupmgr.php";
require_once "gamemgr.php";
require_once "testmgr.php";

require_once "controller.php";

require_once "class/ReqHandler.php";

require_once "class/UserMgr.php";

// ------------------------

$userMgr = new UserMgr();

// ------------------------

$result = "";
$success = false;

// user-related variables
$user = null;
$nickname = "";
$privilege = PRIVILEGE_NONE;
$is_quizmaster = false;
// --------

// create request handler
$rh = new ReqHandler();

// action dump callback
function dump_actions(ReqHandler &$rh, array $params): string {
    return $rh->dump_actions();
}

$rh->add("dump_actions", [], PRIVILEGE_QUIZMASTER, "dump_actions", RESP_PLAIN, "Dump all registered actions.");

/* ------------ ACTIONS AVAILABLE WITHOUT LOGGING IN ---------- */

// login the user
function login(ReqHandler &$rh, array $params): string
{
    global $userMgr;
    global $user;

    $nickname = $params["nickname"];
    $password = $params["password"];

    $user = $userMgr->getUser($nickname);
    if (($user !== null) && $user->checkPassword($password)) {
        session_start();
        $_SESSION["nickname"] = $nickname;
        $result = "OK";
    } else {
        $result = "FAIL";
    }

    return $result;
}

$rh->add("login", ["nickname", "password"], PRIVILEGE_NONE, "login", RESP_PLAIN, "Log in the user.");

// exit script if there's no live session or nickname is missing or the referenced user is non-existent
if ((session_status() != PHP_SESSION_ACTIVE) || (!isset($_SESSION["nickname"])) || (count(get_user($_SESSION["nickname"])) == 0)) {
    goto process_and_print;
}

$user = $userMgr->getUser($_SESSION["nickname"]);
$nickname = $user->getNickname();
$privilege = $user->getPrivilege();
$is_quizmaster = $privilege === PRIVILEGE_QUIZMASTER;

/* ---------- ACTIONS REQUIRING BEING LOGGED IN ------------ */

function logout(ReqHandler &$rh, array $params): string
{
    $_SESSION = []; // clean up session data
    setcookie(SESSION_NAME, "", -1); // invalidate cookie
    return "OK";
}

function get_user_info(ReqHandler &$rh, array $params): array
{
    global $user;
    $user_data_filtered = $user->toArray();
    unset($user_data_filtered["password"]);
    return $user_data_filtered;
}

function get_available_games(ReqHandler &$rh, array $params): array
{
    global $user;
    $games_by_groups = [];
    $groupids = $user->getGroups();
    foreach ($groupids as $groupid) {
        $group_data = get_group($groupid);
        $game_collection = [
            "groupname" => $group_data["groupname"],
            "description" => $group_data["description"],
            "games" => []
        ];
        $gameids = $group_data["games"];
        foreach ($gameids as $gameid) {
            $game = get_game($gameid);
            $game_collection["games"][] = $game;
        }
        $games_by_groups[] = $game_collection;
    }

    return $games_by_groups;
}

function start_or_continue_test(ReqHandler &$rh, array $params): string
{
    global $nickname;
    $testid = create_or_continue_test($params["gameid"], $nickname);
    return $testid;
}

function get_results_overview(ReqHandler &$rh, array $params): array
{
    global $nickname;
    $concluded_tests = get_concluded_tests($params["gameid"], $nickname);
    $overviews = [];
    foreach ($concluded_tests as $ct) {
        $overview = [
            "testid" => $ct["_id"],
            "start_time" => $ct["start_time"],
            "end_time" => $ct["end_time"],
            ...$ct["summary"]
        ];
        $overviews[] = $overview;
    }
    return $overviews;
}

$rh->add("logout", [], PRIVILEGE_PLAYER, "logout", RESP_PLAIN, "Log out the user.");
$rh->add("get_user_info", [], PRIVILEGE_PLAYER, "get_user_info", RESP_JSON, "Get user information.");
$rh->add("get_available_games", [], PRIVILEGE_PLAYER, "get_available_games", RESP_JSON, "Get available games to the player.");
$rh->add("start_or_continue_test", ["gameid"], PRIVILEGE_PLAYER, "start_or_continue_test", RESP_PLAIN, "Start new or continue an ongoing test.");
$rh->add("get_results_overview", ["gameid"], PRIVILEGE_PLAYER, "get_results_overview", RESP_JSON, "Get a quick overview of player's results of a single game.");


// test-related queries
function does_test_belong_to_user(array $test_data): bool
{
    global $nickname;
    return $test_data["nickname"] === $nickname;
}

function is_test_access_approved(array $test_data): bool
{
    global $nickname;
    global $is_quizmaster;

    return does_test_belong_to_user($test_data) || is_user_contributor_to_game($test_data["gameid"], $nickname) || $is_quizmaster;
}

function access_test_data(string $testid): array|null
{
    $testid = trim($testid);
    $test_data = ($testid !== "") ? get_test($testid) : null;

    // fetch test data
    if ($test_data === null) {
        return [];
    }

    // check if access is approved to the specific test
    if (!is_test_access_approved($test_data)) {
        return [];
    }

    // update the test if timed
    update_timed_tests([$test_data]);

    return $test_data;
}


function get_player_test(ReqHandler &$rh, array $params): array
{
    $result = [];
    $test_data = access_test_data($params["testid"]);

    if ($test_data !== null) {
        $test_data_with_current_time = $test_data;
        $test_data_with_current_time["current_time"] = time();
        $result = $test_data_with_current_time;
    }

    return $result;
}

function save_player_answer(ReqHandler &$rh, array $params): string
{
    if (access_test_data($params["testid"] !== null)) {
        save_answer($params["testid"], $params["challenge_index"], $params["answer_index"]);
        return "OK";
    } else {
        return "FAIL";
    }
}

function submit_test(ReqHandler &$rh, array $params): string
{
    if (access_test_data($params["testid"] !== null)) {
        conclude_test($params["testid"]);
        return "OK";
    } else {
        return "FAIL";
    }
}

function patch_through_image(string $gameid, string $img_url)
{
    $game_dir = get_game_dir_by_gameid($gameid);
    $image_fetch_url = $game_dir . DIRECTORY_SEPARATOR . $img_url;

    $img_fp = fopen($image_fetch_url, "r");
    if ($img_fp === false) {
        $img_fp = fopen(MISSING_IMAGE_PLACEHOLDER, "r");
    }
    fpassthru($img_fp);
    fclose($img_fp);
}

function get_image(ReqHandler &$rh, array $params): string
{
    $img_url = trim($params["img_url"] ?? "");
    if ($img_url !== "") {
        $gameid = $params["gameid"];
        patch_through_image($gameid, $img_url);
    }

    return "";
}

$rh->add("get_test", ["testid"], PRIVILEGE_PLAYER, "get_player_test", RESP_JSON, "Get player's test by ID.");
$rh->add("save_answer", ["testid", "challenge_index", "answer_index"], PRIVILEGE_PLAYER, "save_player_answer", RESP_PLAIN, "Store player's answer.");
$rh->add("submit_test", ["testid"], PRIVILEGE_PLAYER, "submit_test", RESP_PLAIN, "Finish player's test.");
$rh->add("get_image", ["gameid", "img_url"], PRIVILEGE_PLAYER, "get_image", RESP_NONE, "Get image per game.");

// execute query if user has the player privilege level
if ($privilege === PRIVILEGE_PLAYER) {
    goto process_and_print;
}

/* --------------- CREATOR LEVEL ACTIONS ---------------- */

$requester_nickname = $is_quizmaster ? "*" : $nickname; // "*" means every game

function create_update_game(ReqHandler &$rh, array $params): array
{
    global $userMgr;
    global $nickname;
    global $is_quizmaster;

    $update = $params[ReqHandler::ACTION_KEY] === "update_game";
    $data = json_decode($params["data"], true) ?? [];
    if (($data === []) || (trim($data["name"] ?? "") === "")) { // no further processing
        return []; // ~exit...
    }

    // fetch fields
    $gameid = $data["_id"];
    $name = $data["name"];
    $description = $data["description"];
    $contributors = explode_list($data["contributors"] ?? "");
    $owner = $update ? trim($data["owner"] ?? $nickname) : $nickname;
    $groups = explode_list($data["groups"] ?? "");
    $properties = $data["properties"] ?? [];

    // convert group compounds to group IDs
    $groupids = get_groupids_by_compounds($groups); // convert group compounds to _ids

    // remove group ID's this user cannot edit
//    $groupids_with_editor_access = [];
//    foreach ($groupids as $groupid) {
//        if (is_user_editor_to_group($groupid, $nickname) || $is_quizmaster) {
//            $groupids_with_editor_access[] = $groupid;
//        }
//    }

    // result
    $result = [];

    // create or update
    if (!$update) {
        create_game($name, $owner, $description);
    } else if (is_user_contributor_to_game($gameid, $nickname) || $is_quizmaster) {
        $game_data = get_game($gameid);
        if (count($game_data) !== 0) {

            // group management
            $old_groupids = $game_data["groups"]; // retain old groupids
            $new_groupids = $groupids; // get new groupids
            $groupids_add = array_diff($new_groupids, $old_groupids); // groups this user needs to be added to
            $groupids_remove = array_diff($old_groupids, $new_groupids); // groups this user need to be removed from
            foreach ($groupids_add as $groupid) { // execute insertion and removal
                change_group_game_assignments($groupid, $gameid, null);
            }
            foreach ($groupids_remove as $groupid) {
                change_group_game_assignments($groupid, null, $gameid);
            }

            // re-fetch game data
            $game_data = get_game($gameid);

            // update game header data
            $game_data["name"] = $name;
            $game_data["description"] = $description;
            if (($game_data["owner"] === $nickname) || $is_quizmaster) {
                $game_data["owner"] = $owner;
            }

            $game_data["contributors"] = array_intersect($contributors, $userMgr->getAllNicknames());
            $game_data["properties"]["time_limit"] = $properties["time_limit"];
            $game_data["properties"]["repeatable"] = $properties["repeatable"];

            // process game public flag: a game might be only public if not being time-constrained and is allowed to be taken multiple times
            $game_data["public"] = ($properties["time_limit"] !== 0) || (!$properties["repeatable"]) ? false : $data["public"];

            // update game data
            update_game($game_data);

            // update game file if supplied
            if (isset($_FILES["game_file"])) {
                // decide weather it's a package or a plain table
                $file = $_FILES["game_file"];
                $challenge_import_status = [];

                // determine MIME type
                $file_type = strtolower(pathinfo($file["name"], PATHINFO_EXTENSION));

                if ($file_type === "zip") { // a package was uploaded
                    $zip = new ZipArchive;
                    if ($zip->open($file["tmp_name"])) {

                        $game_dir = get_game_dir_by_gameid($gameid); // get game directory
                        //$game_files = glob($game_dir); // get list of existing game files
                        // remove former files recursively
                        $dir_iter = new RecursiveDirectoryIterator($game_dir, FilesystemIterator::SKIP_DOTS);
                        foreach ($dir_iter as $dir_item) {
                            $item_path = $dir_item->getPathname();
                            $dir_item->isDir() ? rmdir($item_path) : unlink($item_path);
                        }

                        // extract package contents to the game directory
                        $zip->extractTo($game_dir . DIRECTORY_SEPARATOR);

                        // search for the CSV table file
                        $csv_files = glob($game_dir . DIRECTORY_SEPARATOR . "*.csv") ?? [];
                        if (count($csv_files)) {
                            $challenge_import_status = import_challenges_from_csv($csv_files[0], $gameid);
                        }
                    }
                } else if ($file_type === "csv") { // a plain table was uploaded
                    $challenge_import_status = import_challenges_from_csv($file["tmp_name"], $gameid);
                }
                $result = $challenge_import_status;
            }
        }
    }

    return $result;
}

function get_all_game_headers(ReqHandler &$rh, array $params): array
{
    global $requester_nickname;
    $game_headers = get_all_game_data_by_contributor_nickname($requester_nickname);
    foreach ($game_headers as &$game_header) {
        resolve_groupids($game_header["groups"]);
    }
    return $game_headers;
}

function get_challenges(ReqHandler &$rh, array $params): string
{
    global $is_quizmaster;
    global $requester_nickname;
    $gameid = $params["gameid"];
    $game_data = get_game($gameid);
    $result = "";
    if ((count($game_data) > 0) && ($is_quizmaster || (is_user_contributor_to_game($gameid, $requester_nickname)))) {
        $result = file_get_contents(get_game_file_by_gameid($gameid));
    }

    return $result;
}

function delete_games(ReqHandler &$rh, array $params): string
{
    global $nickname;

    $gameids = explode_list(trim($params["ids"]));
    foreach ($gameids as $gameid) {
        if (($gameid !== "") && (is_user_owner_of_the_game($gameid, $nickname))) { // only the owner may delete a game
            delete_game($gameid);
        }
    }

    return "OK";
}

function export_game_file_csv(ReqHandler &$rh, array $params): string
{
    global $nickname;
    $gameid = trim($params["gameid"]);
    if (($gameid !== "") && is_user_contributor_to_game($gameid, $nickname)) {
        $f = tmpfile();
        header("Content-Type: text/csv");
        header("Content-Disposition: attachment; filename=\"challenges_$gameid.csv\"\r\n");
        export_challenges_to_csv($f, $gameid);
        fseek($f, 0);
        fpassthru($f);
    }
    return "";
}

function get_player_results_by_gameid(ReqHandler &$rh, array $params): array
{
    global $nickname;
    global $is_quizmaster;

    $gameid = trim($params["gameid"]);
    $filter = trim($params["filter"] ?? "");
    $ordering = trim($params["orderby"] ?? "");

    $result = [];
    if (($gameid !== "") && (is_user_contributor_to_game($gameid, $nickname) || $is_quizmaster)) {
        $game_results = get_results_by_gameid($gameid, $filter, $ordering, true);
        $result = $game_results;
    }

    return $result;
}

function generate_detailed_game_stats(ReqHandler &$rh, array $params): array
{
    $testids = json_decode(trim($params["testids"]), true);
    $gameid = trim($params["gameid"]);
    $stats = generate_detailed_stats($gameid, $testids);
    return $stats;
}

$rh->add(["create_game", "update_game"], ["data"], PRIVILEGE_CREATOR, "create_update_game", RESP_JSON, "Create or update game.");
$rh->add("get_all_game_headers", [], PRIVILEGE_CREATOR, "get_all_game_headers", RESP_JSON, "Get all game headers.");
$rh->add("get_challenges", [], PRIVILEGE_CREATOR, "get_challenges", RESP_PLAIN, "Get game challenges.");
$rh->add("delete_games", ["ids"], PRIVILEGE_CREATOR, "delete_games", RESP_PLAIN, "Delete games.");
$rh->add("export_game_file_csv", ["gameid"], PRIVILEGE_CREATOR, "export_game_file_csv", RESP_NONE, "Export game CSV file.");
$rh->add("get_results_by_gameid", ["gameid"], PRIVILEGE_CREATOR, "get_player_results_by_gameid", RESP_JSON, "Get game results.");
$rh->add("generate_detailed_stats", ["gameid", "testids"], PRIVILEGE_CREATOR, "generate_detailed_game_stats", RESP_JSON, "Generate detailed game stats.");

// execute processing if user is a creator
if ($privilege === PRIVILEGE_CREATOR) {
    goto process_and_print;
}


/* ------------------------ QUIZMASTER ACTIONS --------------------- */

function create_update_group(ReqHandler &$rh, array $params): string
{
    global $user;

    $update = $params[ReqHandler::ACTION_KEY] === "update_group";
    $groupname = trim($params["groupname"]);
    $description = trim($params["description"]);
    $editors = (!$update) ? [] : explode_list(trim($params["editors"]));
    $owner = (!$update) ? $user->getNickname() : (trim($params["owner"]) ?: $user->getNickname());

    $result = "FAIL";
    if ($groupname != "") {
        if (!$update) {
            create_group($groupname, $owner, $description);
            $result = "OK";
        } else {
            $gid = $params["id"];
            $group = get_group($gid);
            if (count($group) !== 0) {
                $group["unique"] = manage_unique_in_siblings($gid, $groupname); // manage unique flag in case of renaming
                $group["groupname"] = $groupname;
                $group["description"] = $description;
                $group["editors"] = array_intersect($editors, $group["users"]); // a user cannot be an editor if not part of the group
                $group["owner"] = $owner;
                update_group($group);
                $result = "OK";
            }
        }
    }
    return $result;
}

function delete_groups(ReqHandler &$rh, array $params): string
{
    $groups = explode_list($params["ids"] ?? "");
    foreach ($groups as $g) {
        delete_group($g);
    }
    return "OK";
}

function get_all_player_groups(ReqHandler &$rh, array $params): array
{
    return get_all_groups();
}

function search_player_groups(ReqHandler &$rh, array $params): array
{
    return search_groups($params["needle"]);
}

function create_update_user(ReqHandler &$rh, array $params): string
{
    global $userMgr;

    $update = $params[ReqHandler::ACTION_KEY] === "update_user";
    $target_nickname = trim($params["nickname"]);
    $password = trim($params["password"]);
    $groups = explode_list($params["groups"]);
    $realname = trim($params["realname"]);
    $privilege = trim($params["privilege"]);

    $groupids = get_groupids_by_compounds($groups); // convert group compounds to _ids

    $success = false;
    if (($target_nickname !== "")) {
        if ((!$update) && ($password !== "")) { // CREATE
            $success = $userMgr->addUser($target_nickname, $password, $realname, $groupids, $privilege);
        } else if ($update) { // UPDATE
            $tuser =  $userMgr->getUser($target_nickname); // load user data
            if ($tuser !== null) {

                // group management
                $old_groupids = $tuser->getGroups(); // retain old groupids
                $new_groupids = $groupids; // get new groupids
                $groupids_add = array_diff($new_groupids, $old_groupids); // groups this user needs to be added to
                $groupids_remove = array_diff($old_groupids, $new_groupids); // groups this user need to be removed from
                foreach ($groupids_add as $groupid) { // execute insertion and removal
                    change_group_user_assignments($groupid, $target_nickname, null);
                }
                foreach ($groupids_remove as $groupid) {
                    change_group_user_assignments($groupid, null, $target_nickname);
                }

                // re-fetch user
                //$tuser = get_user($target_nickname); // load user data

                // further field update
                $tuser->setRealname($realname);
                $tuser->setPrivilege($privilege);

                // password replacement, if requested
                if ($password !== "") {
                    $tuser->changePassword(password_hash($password, PASSWORD_DEFAULT), "", false);
                }

                $success = true;
            }
        }
    }

    return $success ? "OK" : "FAIL";
}

function delete_users(ReqHandler &$rh, array $params): string {
    global $userMgr;
    $nicknames = explode_list($params["users"]);
    foreach ($nicknames as $nick) {
        $userMgr->deleteUser($nick);
    }
    return "OK";
}

function get_all_game_users(ReqHandler &$rh, array $params): array {
    global $userMgr;
    $user_data_filtered = [];
    $all_users = $userMgr->getAllUsers();
    for ($i = 0; $i < count($all_users); $i++) {
        $a = $all_users[$i]->toArray(); // convert user to array
        unset($a["password"]); // remove password from records
        resolve_groupids($a["groups"]);  // resolve group IDs
        $user_data_filtered[] = $a;
    }
    return $user_data_filtered;
}

function import_users_from_csv(ReqHandler &$rh, array $params): string {
    if (!isset($_FILES["users_table"])) {

    }
    return "OK";
}

$rh->add("create_group", ["groupname", "description"], PRIVILEGE_QUIZMASTER, "create_update_group", RESP_PLAIN, "Create group.");
$rh->add("update_group", ["groupname", "description", "owner", "editors", "id"], PRIVILEGE_QUIZMASTER, "create_update_group", RESP_PLAIN, "Update group.");
$rh->add("delete_groups", ["ids"], PRIVILEGE_QUIZMASTER, "delete_groups", RESP_PLAIN, "Delete group.");
$rh->add("get_all_groups", [], PRIVILEGE_QUIZMASTER, "get_all_player_groups", RESP_JSON, "Get all player groups.");
$rh->add("search_groups", ["needle"], PRIVILEGE_QUIZMASTER, "search_player_groups", RESP_JSON, "Serach and fetch player groups.");

$rh->add(["create_user", "update_user"], ["nickname", "password", "groups", "realname", "privilege"], PRIVILEGE_QUIZMASTER, "create_update_user", RESP_PLAIN, "Create or update user.");
$rh->add("delete_users", ["users"], PRIVILEGE_QUIZMASTER, "delete_users", RESP_PLAIN, "Delete users.");
$rh->add("get_all_users", [], PRIVILEGE_QUIZMASTER, "get_all_game_users", RESP_JSON, "Get all users.");
$rh->add("import_users_from_csv", [], PRIVILEGE_QUIZMASTER, "import_users_from_csv", RESP_JSON, "Get all users.");

function test(ReqHandler &$rh, array $params): string {
    $usrmgr = new UserMgr();
    $nicknames = $usrmgr->getAllNicknames();
    return join(", ", $nicknames);
}

$rh->add("test", [], PRIVILEGE_QUIZMASTER, "test", RESP_PLAIN, "Test.");

// ----------

process_and_print:

[$result, $success] = $rh->process($privilege);

if ($success && ($result !== "")) {
    echo $result;
}