epagris/SpreadQuiz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
SpreadQuiz/interface.php
Wiesner András c5dbb9ff87 - ...
2024-03-18 07:19:50 +01:00

390 lines
14 KiB
PHP
Raw Blame History

<?php
require_once "globals.php";
if (!file_exists(INSTALL_INDICATOR)) {
exit();
}
if (!isset($_REQUEST["action"])) {
exit();
}
require_once "common_func.php";
// load databases only if something meaningful have arrived
require_once "usermgr.php";
require_once "groupmgr.php";
require_once "gamemgr.php";
require_once "testmgr.php";
$action = $_REQUEST["action"];
$result = "";
// no-login accessible actions
switch ($action) {
case "login":
{
$nickname = $_REQUEST["nickname"];
$password = $_REQUEST["password"];
if (check_user_credentials($nickname, $password)) {
session_start();
$_SESSION["nickname"] = $nickname;
$result = "OK";
} else {
$result = "FAIL";
}
}
break;
}
// exit script if there's no live session or nickname is missing or the referenced user is non-existent
if ((session_status() != PHP_SESSION_ACTIVE) || (!isset($_SESSION["nickname"])) || (count(get_user($_SESSION["nickname"])) == 0)) {
goto print_result;
}
$user_data = get_user($_SESSION["nickname"]);
$nickname = $user_data["nickname"];
$privilege = $user_data["privilege"];
// login-requiring actions
switch ($action) {
case "logout":
{
$_SESSION = []; // clean up session data
setcookie(SESSION_NAME, "", -1); // invalidate cookie
}
break;
case "get_user_info":
{
$user_data_filtered = $user_data;
unset($user_data_filtered["password"]);
$result = json_encode($user_data_filtered);
}
break;
case "get_available_games":
{
$games_by_groups = [];
$groupids = $user_data["groups"];
foreach ($groupids as $groupid) {
$group_data = get_group($groupid);
$game_collection = [
"groupname" => $group_data["groupname"],
"description" => $group_data["description"],
"games" => []
];
$gameids = $group_data["games"];
foreach ($gameids as $gameid) {
$game = get_game($gameid);
$game_collection["games"][] = $game;
}
$games_by_groups[] = $game_collection;
}
$result = json_encode($games_by_groups);
}
break;
case "start_or_continue_test":
{
$gameid = trim($_REQUEST["gameid"] ?: "");
$testid = create_or_continue_test($gameid, $nickname);
$result = $testid;
}
break;
case "get_results_overview":
{
$gameid = trim($_REQUEST["gameid"] ?: "");
$concluded_tests = get_concluded_tests($gameid, $nickname);
$overviews = [];
foreach ($concluded_tests as $ct) {
$overview = [
"testid" => $ct["_id"],
"start_time" => $ct["start_time"],
"end_time" => $ct["end_time"],
...$ct["summary"]
];
$overviews[] = $overview;
}
$result = json_encode($overviews);
}
break;
}
// test-related queries
if ((($testid = trim($_REQUEST["testid"] ?: "")) !== "") &&
((count($test_data = get_test($testid))) > 0) &&
($test_data["nickname"] === $nickname)) {
// update the test if timed
update_timed_tests([$test_data]);
switch ($action) {
case "get_test":
{
$test_data_with_current_time = $test_data;
$test_data_with_current_time["current_time"] = time();
$result = json_encode($test_data_with_current_time);
}
break;
case "save_answer":
{
$chidx = $_REQUEST["challenge_index"];
$answeridx = $_REQUEST["answer_index"];
save_answer($testid, $chidx, $answeridx);
}
break;
case "submit_test":
{
conclude_test($testid);
}
break;
}
}
// creator or quizmaster actions
if (($privilege !== PRIVILEGE_CREATOR) && ($privilege !== PRIVILEGE_QUIZMASTER)) {
goto print_result;
}
switch ($action) {
case "create_game":
case "update_game":
{
$update = $action === "update_game";
$data = json_decode($_REQUEST["data"], true) ?: [];
if (($data === []) || (trim($data["name"] ?: "") === "")) { // no further processing
goto print_result; // ~exit...
}
$gameid = $data["_id"];
$name = $data["name"];
$description = $data["description"];
$contributors = explode_list($data["contributors"] ?: "");
$owner = $update ? trim($data["owner"] ?: $nickname) : $nickname;
$groups = explode_list($data["groups"] ?: "");
$properties = $data["properties"] ?: [];
$groupids = get_groupids_by_compounds($groups); // convert group compounds to _ids
// remove group ID's this user cannot edit
$groupids_with_editor_access = [];
foreach ($groupids as $groupid) {
if (is_user_editor_to_group($groupid, $nickname)) {
$groupids_with_editor_access[] = $groupid;
}
}
$groupids_with_editor_access = $groupid;
if (!$update) {
create_game($name, $owner, $description);
} else if (is_user_contributor_to_game($gameid, $nickname)) {
$game_data = get_game($gameid);
if (count($game_data) !== 0) {
// group management
$old_groupids = $game_data["groups"]; // retain old groupids
$new_groupids = $groupids; // get new groupids
$groupids_add = array_diff($new_groupids, $old_groupids); // groups this user needs to be added to
$groupids_remove = array_diff($old_groupids, $new_groupids); // groups this user need to be removed from
foreach ($groupids_add as $groupid) { // execute insertion and removal
change_group_game_assignments($groupid, $gameid, null);
}
foreach ($groupids_remove as $groupid) {
change_group_game_assignments($groupid, null, $gameid);
}
// re-fetch game data
$game_data = get_game($gameid);
// update game header data
$game_data["name"] = $name;
$game_data["description"] = $description;
if (($game_data["owner"] === $nickname) || ($privilege === PRIVILEGE_QUIZMASTER)) {
$game_data["owner"] = $owner;
}
$game_data["contributors"] = array_intersect($contributors, get_all_nicknames());
$game_data["properties"]["time_limit"] = $properties["time_limit"];
$game_data["properties"]["repeatable"] = $properties["repeatable"];
update_game($game_data);
// update game file if supplied
if (isset($_FILES["game_file"])) {
import_challenges_from_csv($_FILES["game_file"]["tmp_name"], $data["_id"]);
}
}
}
}
break;
case "get_all_game_headers":
{
$requester_nickname = ($privilege === PRIVILEGE_QUIZMASTER) ? "*" : $nickname; // "*" means every game
$game_headers = get_all_game_data_by_contributor_nickname($requester_nickname);
foreach ($game_headers as &$game_header) {
resolve_groupids($game_header["groups"]);
}
$result = json_encode($game_headers);
}
break;
case "delete_games":
{
$gameids = explode_list(trim($_REQUEST["ids"] ?: ""));
foreach ($gameids as $gameid) {
if (($gameid !== "") && (is_user_owner_of_the_game($gameid, $nickname))) { // only the owner may delete a game
delete_game($gameid);
}
}
}
break;
case "export_game_file_csv":
{
$gameid = trim($_REQUEST["gameid"] ?: "");
if (($gameid !== "") && is_user_contributor_to_game($gameid, $nickname)) {
$f = tmpfile();
header("Content-Type: text/csv");
header("Content-Disposition: attachment; filename=\"challenges_$gameid.csv\"\r\n");
export_challenges_to_csv($f, $gameid);
fseek($f, 0);
fpassthru($f);
}
}
break;
}
// quizmaster actions
if ($privilege !== PRIVILEGE_QUIZMASTER) {
goto print_result;
}
switch ($action) {
case "create_group":
case "update_group":
{
$update = $action === "update_group";
$groupname = trim($_REQUEST["groupname"] ?: "");
$description = trim($_REQUEST["description"] ?: "");
$editors = explode_list(trim($_REQUEST["editors"] ?: ""));
$owner = (!$update) ? $user_data["nickname"] : trim($_REQUEST["owner"]);
if ($owner === "") {
$owner = $user_data["nickname"];
}
if ($groupname != "") {
switch ($action) {
case "create_group":
create_group($groupname, $owner, $description);
break;
case "update_group":
{
$gid = $_REQUEST["id"];
$group = get_group($gid);
if (count($group) !== 0) {
$group["unique"] = manage_unique_in_siblings($gid, $groupname); // manage unique flag in case of renaming
$group["groupname"] = $groupname;
$group["description"] = $description;
$group["editors"] = array_intersect($editors, $group["users"]); // a user cannot be an editor if not part of the group
$group["owner"] = $owner;
update_group($group);
}
}
break;
}
}
}
break;
case "delete_groups":
{
$groups = explode_list($_REQUEST["ids"] ?: "");
foreach ($groups as $g) {
delete_group($g);
}
}
break;
case "get_all_groups":
$result = json_encode(get_all_groups());
break;
case "search_groups":
{
$needle = $_REQUEST["needle"] ?: "";
$result = json_encode(search_groups($needle));
}
break;
case "create_user":
case "update_user":
{
$update = $action === "update_user";
$target_nickname = trim($_REQUEST["nickname"] ?: "");
$password = trim($_REQUEST["password"] ?: "");
$groups = explode_list($_REQUEST["groups"] ?: "");
$realname = trim($_REQUEST["realname"] ?: "");
$privilege = trim($_REQUEST["privilege"] ?: PRIVILEGE_PLAYER);
$groupids = get_groupids_by_compounds($groups); // convert group compounds to _ids
if (($target_nickname !== "")) {
if ((!$update) && ($password !== "")) { // CREATE
add_user($target_nickname, $password, $realname, $groupids, $privilege);
} else if ($update) { // UPDATE
$user_data = get_user($target_nickname); // load user data
// group management
$old_groupids = $user_data["groups"]; // retain old groupids
$new_groupids = $groupids; // get new groupids
$groupids_add = array_diff($new_groupids, $old_groupids); // groups this user needs to be added to
$groupids_remove = array_diff($old_groupids, $new_groupids); // groups this user need to be removed from
foreach ($groupids_add as $groupid) { // execute insertion and removal
change_group_user_assignments($groupid, $target_nickname, null);
}
foreach ($groupids_remove as $groupid) {
change_group_user_assignments($groupid, null, $target_nickname);
}
// re-fetch user
$user_data = get_user($target_nickname); // load user data
// further field update
$user_data["realname"] = $realname;
$user_data["privilege"] = $privilege;
// password replacement, if requested
if ($password !== "") {
$user_data["password"] = password_hash($password, PASSWORD_DEFAULT);
}
update_user($user_data);
}
}
}
break;
case "delete_users":
{
$users = explode_list($_REQUEST["users"] ?: "");
foreach ($users as $g) {
delete_user($g);
}
}
break;
case "get_all_users":
{
$user_data_filtered = get_all_users();
for ($i = 0; $i < count($user_data_filtered); $i++) {
unset($user_data_filtered[$i]["password"]); // remove password from records
resolve_groupids($user_data_filtered[$i]["groups"]); // resolve group IDs
}
$result = json_encode($user_data_filtered);
}
break;
case "import_users_from_csv":
{
if (!isset($_FILES["users_table"])) {
goto print_result;
}
}
break;
}
// ----------
print_result:
if ($result !== "") {
echo $result;
}
Reference in New Issue View Git Blame Copy Permalink