epagris/SpreadQuiz
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
SpreadQuiz/interface.php
Epagris fc1a438782 - typo fixed
2024-09-16 21:49:19 +02:00

612 lines
21 KiB
PHP
Raw Blame History

<?php
ini_set('display_startup_errors', '1');
require_once "globals.php";
if (!file_exists(INSTALL_INDICATOR)) {
exit();
}
if (!isset($_REQUEST["action"])) {
exit();
}
require_once "common_func.php";
// load databases only if something meaningful have arrived
require_once "usermgr.php";
require_once "groupmgr.php";
require_once "gamemgr.php";
require_once "testmgr.php";
require_once "controller.php";
require_once "class/ReqHandler.php";
// ------------------------
function patch_through_image(string $gameid, string $img_url)
{
$game_dir = get_game_dir_by_gameid($gameid);
$image_fetch_url = $game_dir . DIRECTORY_SEPARATOR . $img_url;
$img_fp = fopen($image_fetch_url, "r");
if ($img_fp === false) {
$img_fp = fopen(MISSING_IMAGE_PLACEHOLDER, "r");
}
fpassthru($img_fp);
fclose($img_fp);
}
// ------------------------
$action = $_REQUEST["action"];
$result = "";
$success = false;
$privilege = PRIVILEGE_NONE;
// create request handler
$rh = new ReqHandler();
/* ------------ ACTIONS AVAILABLE WITHOUT LOGGING IN ---------- */
// login the user
function login(ReqHandler &$rh, array $params): string
{
$nickname = $params["nickname"];
$password = $params["password"];
if (check_user_credentials($nickname, $password)) {
session_start();
$_SESSION["nickname"] = $nickname;
$result = "OK";
} else {
$result = "FAIL";
}
return $result;
}
$rh->add("login", ["nickname", "password"], PRIVILEGE_NONE, "login", RESP_PLAIN, "Log in the user.");
// exit script if there's no live session or nickname is missing or the referenced user is non-existent
if ((session_status() != PHP_SESSION_ACTIVE) || (!isset($_SESSION["nickname"])) || (count(get_user($_SESSION["nickname"])) == 0)) {
goto process_and_print;
}
$user_data = get_user($_SESSION["nickname"]);
$nickname = $user_data["nickname"];
$privilege = $user_data["privilege"];
$is_quizmaster = $privilege === PRIVILEGE_QUIZMASTER;
/* ---------- ACTIONS REQUIRING BEING LOGGED IN ------------ */
function logout(ReqHandler &$rh, array $params): string
{
$_SESSION = []; // clean up session data
setcookie(SESSION_NAME, "", -1); // invalidate cookie
return "OK";
}
function get_user_info(ReqHandler &$rh, array $params): array
{
global $user_data;
$user_data_filtered = $user_data;
unset($user_data_filtered["password"]);
return $user_data_filtered;
}
function get_available_games(ReqHandler &$rh, array $params): array
{
global $user_data;
$games_by_groups = [];
$groupids = $user_data["groups"];
foreach ($groupids as $groupid) {
$group_data = get_group($groupid);
$game_collection = [
"groupname" => $group_data["groupname"],
"description" => $group_data["description"],
"games" => []
];
$gameids = $group_data["games"];
foreach ($gameids as $gameid) {
$game = get_game($gameid);
$game_collection["games"][] = $game;
}
$games_by_groups[] = $game_collection;
}
return $games_by_groups;
}
function start_or_continue_test(ReqHandler &$rh, array $params): string
{
global $nickname;
$testid = create_or_continue_test($params["gameid"], $nickname);
return $testid;
}
function get_results_overview(ReqHandler &$rh, array $params): array
{
global $nickname;
$concluded_tests = get_concluded_tests($params["gameid"], $nickname);
$overviews = [];
foreach ($concluded_tests as $ct) {
$overview = [
"testid" => $ct["_id"],
"start_time" => $ct["start_time"],
"end_time" => $ct["end_time"],
...$ct["summary"]
];
$overviews[] = $overview;
}
return $overviews;
}
$rh->add("logout", [], PRIVILEGE_PLAYER, "logout", RESP_PLAIN, "Log out the user.");
$rh->add("get_user_info", [], PRIVILEGE_PLAYER, "get_user_info", RESP_JSON, "Get user information.");
$rh->add("get_available_games", [], PRIVILEGE_PLAYER, "get_available_games", RESP_JSON, "Get available games to the player.");
$rh->add("start_or_continue_test", ["gameid"], PRIVILEGE_PLAYER, "start_or_continue_test", RESP_PLAIN, "Start new or continue an ongoing test.");
$rh->add("get_results_overview", ["gameid"], PRIVILEGE_PLAYER, "get_results_overview", RESP_JSON, "Get a quick overview of player's results of a single game.");
// test-related queries
function does_test_belong_to_user(array $test_data): bool
{
global $nickname;
return $test_data["nickname"] === $nickname;
}
function is_test_access_approved(array $test_data): bool
{
global $nickname;
global $is_quizmaster;
return does_test_belong_to_user($test_data) || is_user_contributor_to_game($test_data["gameid"], $nickname) || $is_quizmaster;
}
function access_test_data(string $testid): array|null
{
$testid = trim($testid);
$test_data = ($testid !== "") ? get_test($testid) : null;
// fetch test data
if ($test_data === null) {
return [];
}
// check if access is approved to the specific test
if (!is_test_access_approved($test_data)) {
return [];
}
// update the test if timed
update_timed_tests([$test_data]);
return $test_data;
}
function get_player_test(ReqHandler &$rh, array $params): array
{
$result = [];
$test_data = access_test_data($params["testid"]);
if ($test_data !== null) {
$test_data_with_current_time = $test_data;
$test_data_with_current_time["current_time"] = time();
$result = $test_data_with_current_time;
}
return $result;
}
function save_player_answer(ReqHandler &$rh, array $params): string
{
if (access_test_data($params["testid"] !== null)) {
save_answer($params["testid"], $params["challenge_index"], $params["answer_index"]);
return "OK";
} else {
return "FAIL";
}
}
function submit_test(ReqHandler &$rh, array $params): string
{
if (access_test_data($params["testid"] !== null)) {
conclude_test($params["testid"]);
return "OK";
} else {
return "FAIL";
}
}
function get_image(ReqHandler &$rh, array $params): string
{
$img_url = trim($params["img_url"] ?? "");
if ($img_url !== "") {
$gameid = $params["gameid"];
patch_through_image($gameid, $img_url);
}
return "";
}
$rh->add("get_test", ["testid"], PRIVILEGE_PLAYER, "get_player_test", RESP_JSON, "Get player's test by ID.");
$rh->add("save_answer", ["testid", "challenge_index", "answer_index"], PRIVILEGE_PLAYER, "save_player_answer", RESP_PLAIN, "Store player's answer.");
$rh->add("submit_test", ["testid"], PRIVILEGE_PLAYER, "submit_test", RESP_PLAIN, "Finish player's test.");
$rh->add("get_image", ["gameid", "img_url"], PRIVILEGE_PLAYER, "get_image", RESP_NONE, "Get image per game.");
// execute query if user has the player privilege level
if ($privilege === PRIVILEGE_PLAYER) {
goto process_and_print;
}
/* --------------- CREATOR LEVEL ACTIONS ---------------- */
$requester_nickname = $is_quizmaster ? "*" : $nickname; // "*" means every game
function create_update_game(ReqHandler &$rh, array $params): array
{
global $nickname;
global $is_quizmaster;
$update = $params[ReqHandler::ACTION_KEY] === "update_game";
$data = json_decode($params["data"], true) ?? [];
if (($data === []) || (trim($data["name"] ?? "") === "")) { // no further processing
return []; // ~exit...
}
// fetch fields
$gameid = $data["_id"];
$name = $data["name"];
$description = $data["description"];
$contributors = explode_list($data["contributors"] ?? "");
$owner = $update ? trim($data["owner"] ?? $nickname) : $nickname;
$groups = explode_list($data["groups"] ?? "");
$properties = $data["properties"] ?? [];
// convert group compounds to group IDs
$groupids = get_groupids_by_compounds($groups); // convert group compounds to _ids
// remove group ID's this user cannot edit
// $groupids_with_editor_access = [];
// foreach ($groupids as $groupid) {
// if (is_user_editor_to_group($groupid, $nickname) || $is_quizmaster) {
// $groupids_with_editor_access[] = $groupid;
// }
// }
// result
$result = [];
// create or update
if (!$update) {
create_game($name, $owner, $description);
} else if (is_user_contributor_to_game($gameid, $nickname) || $is_quizmaster) {
$game_data = get_game($gameid);
if (count($game_data) !== 0) {
// group management
$old_groupids = $game_data["groups"]; // retain old groupids
$new_groupids = $groupids; // get new groupids
$groupids_add = array_diff($new_groupids, $old_groupids); // groups this user needs to be added to
$groupids_remove = array_diff($old_groupids, $new_groupids); // groups this user need to be removed from
foreach ($groupids_add as $groupid) { // execute insertion and removal
change_group_game_assignments($groupid, $gameid, null);
}
foreach ($groupids_remove as $groupid) {
change_group_game_assignments($groupid, null, $gameid);
}
// re-fetch game data
$game_data = get_game($gameid);
// update game header data
$game_data["name"] = $name;
$game_data["description"] = $description;
if (($game_data["owner"] === $nickname) || $is_quizmaster) {
$game_data["owner"] = $owner;
}
$game_data["contributors"] = array_intersect($contributors, get_all_nicknames());
$game_data["properties"]["time_limit"] = $properties["time_limit"];
$game_data["properties"]["repeatable"] = $properties["repeatable"];
// process game public flag: a game might be only public if not being time-constrained and is allowed to be taken multiple times
$game_data["public"] = ($properties["time_limit"] !== 0) || (!$properties["repeatable"]) ? false : $data["public"];
// update game data
update_game($game_data);
// update game file if supplied
if (isset($_FILES["game_file"])) {
// decide weather it's a package or a plain table
$file = $_FILES["game_file"];
$challenge_import_status = [];
// determine MIME type
$file_type = strtolower(pathinfo($file["name"], PATHINFO_EXTENSION));
if ($file_type === "zip") { // a package was uploaded
$zip = new ZipArchive;
if ($zip->open($file["tmp_name"])) {
$game_dir = get_game_dir_by_gameid($gameid); // get game directory
//$game_files = glob($game_dir); // get list of existing game files
// remove former files recursively
$dir_iter = new RecursiveDirectoryIterator($game_dir, FilesystemIterator::SKIP_DOTS);
foreach ($dir_iter as $dir_item) {
$item_path = $dir_item->getPathname();
$dir_item->isDir() ? rmdir($item_path) : unlink($item_path);
}
// extract package contents to the game directory
$zip->extractTo($game_dir . DIRECTORY_SEPARATOR);
// search for the CSV table file
$csv_files = glob($game_dir . DIRECTORY_SEPARATOR . "*.csv") ?? [];
if (count($csv_files)) {
$challenge_import_status = import_challenges_from_csv($csv_files[0], $gameid);
}
}
} else if ($file_type === "csv") { // a plain table was uploaded
$challenge_import_status = import_challenges_from_csv($file["tmp_name"], $gameid);
}
$result = $challenge_import_status;
}
}
}
return $result;
}
function get_all_game_headers(ReqHandler &$rh, array $params): array
{
global $requester_nickname;
$game_headers = get_all_game_data_by_contributor_nickname($requester_nickname);
foreach ($game_headers as &$game_header) {
resolve_groupids($game_header["groups"]);
}
return $game_headers;
}
function get_challenges(ReqHandler &$rh, array $params): string
{
global $is_quizmaster;
global $requester_nickname;
$gameid = $params["gameid"];
$game_data = get_game($gameid);
$result = "";
if ((count($game_data) > 0) && ($is_quizmaster || (is_user_contributor_to_game($gameid, $requester_nickname)))) {
$result = file_get_contents(get_game_file_by_gameid($gameid));
}
return $result;
}
function delete_games(ReqHandler &$rh, array $params): string
{
global $nickname;
$gameids = explode_list(trim($params["ids"]));
foreach ($gameids as $gameid) {
if (($gameid !== "") && (is_user_owner_of_the_game($gameid, $nickname))) { // only the owner may delete a game
delete_game($gameid);
}
}
return "OK";
}
function export_game_file_csv(ReqHandler &$rh, array $params): string
{
global $nickname;
$gameid = trim($params["gameid"]);
if (($gameid !== "") && is_user_contributor_to_game($gameid, $nickname)) {
$f = tmpfile();
header("Content-Type: text/csv");
header("Content-Disposition: attachment; filename=\"challenges_$gameid.csv\"\r\n");
export_challenges_to_csv($f, $gameid);
fseek($f, 0);
fpassthru($f);
}
return "";
}
function get_player_results_by_gameid(ReqHandler &$rh, array $params): array
{
global $nickname;
global $is_quizmaster;
$gameid = trim($params["gameid"]);
$filter = trim($params["filter"] ?? "");
$ordering = trim($params["orderby"] ?? "");
$result = [];
if (($gameid !== "") && (is_user_contributor_to_game($gameid, $nickname) || $is_quizmaster)) {
$game_results = get_results_by_gameid($gameid, $filter, $ordering, true);
$result = $game_results;
}
return $result;
}
function generate_detailed_game_stats(ReqHandler &$rh, array $params): array
{
$testids = json_decode(trim($params["testids"]), true);
$gameid = trim($params["gameid"]);
$stats = generate_detailed_stats($gameid, $testids);
return $stats;
}
$rh->add(["create_game", "update_game"], ["data"], PRIVILEGE_CREATOR, "create_update_game", RESP_JSON, "Create or update game.");
$rh->add("get_all_game_headers", [], PRIVILEGE_CREATOR, "get_all_game_headers", RESP_JSON, "Get all game headers.");
$rh->add("get_challenges", [], PRIVILEGE_CREATOR, "get_challenges", RESP_PLAIN, "Get game challenges.");
$rh->add("delete_games", ["ids"], PRIVILEGE_CREATOR, "delete_games", RESP_PLAIN, "Delete games.");
$rh->add("export_game_file_csv", ["gameid"], PRIVILEGE_CREATOR, "export_game_file_csv", RESP_NONE, "Export game CSV file.");
$rh->add("get_results_by_gameid", ["gameid"], PRIVILEGE_CREATOR, "get_player_results_by_gameid", RESP_JSON, "Get game results.");
$rh->add("generate_detailed_stats", ["gameid", "testids"], PRIVILEGE_CREATOR, "generate_detailed_game_stats", RESP_JSON, "Generate detailed game stats.");
// execute processing if user is a creator
if ($privilege === PRIVILEGE_CREATOR) {
goto process_and_print;
}
/* ------------------------ QUIZMASTER ACTIONS --------------------- */
function create_update_group(ReqHandler &$rh, array $params): string
{
global $user_data;
$update = $params[ReqHandler::ACTION_KEY] === "update_group";
$groupname = trim($params["groupname"]);
$description = trim($params["description"]);
$editors = (!$update) ? [] : explode_list(trim($params["editors"]));
$owner = (!$update) ? $user_data["nickname"] : trim($params["owner"]);
$result = "FAIL";
if ($owner === "") {
$owner = $user_data["nickname"];
}
if ($groupname != "") {
if (!$update) {
create_group($groupname, $owner, $description);
$result = "OK";
} else {
$gid = $params["id"];
$group = get_group($gid);
if (count($group) !== 0) {
$group["unique"] = manage_unique_in_siblings($gid, $groupname); // manage unique flag in case of renaming
$group["groupname"] = $groupname;
$group["description"] = $description;
$group["editors"] = array_intersect($editors, $group["users"]); // a user cannot be an editor if not part of the group
$group["owner"] = $owner;
update_group($group);
$result = "OK";
}
}
}
return $result;
}
function delete_groups(ReqHandler &$rh, array $params): string
{
$groups = explode_list($params["ids"] ?? "");
foreach ($groups as $g) {
delete_group($g);
}
return "OK";
}
function get_all_player_groups(ReqHandler &$rh, array $params): array
{
return get_all_groups();
}
function search_player_groups(ReqHandler &$rh, array $params): array
{
return search_groups($params["needle"]);
}
function create_update_user(ReqHandler &$rh, array $params): string
{
$update = $params[ReqHandler::ACTION_KEY] === "update_user";
$target_nickname = trim($params["nickname"]);
$password = trim($params["password"]);
$groups = explode_list($params["groups"]);
$realname = trim($params["realname"]);
$privilege = trim($params["privilege"]);
$groupids = get_groupids_by_compounds($groups); // convert group compounds to _ids
$success = false;
if (($target_nickname !== "")) {
if ((!$update) && ($password !== "")) { // CREATE
$success = add_user($target_nickname, $password, $realname, $groupids, $privilege);
} else if ($update) { // UPDATE
$user_data = get_user($target_nickname); // load user data
if (count ($user_data) > 0) {
// group management
$old_groupids = $user_data["groups"]; // retain old groupids
$new_groupids = $groupids; // get new groupids
$groupids_add = array_diff($new_groupids, $old_groupids); // groups this user needs to be added to
$groupids_remove = array_diff($old_groupids, $new_groupids); // groups this user need to be removed from
foreach ($groupids_add as $groupid) { // execute insertion and removal
change_group_user_assignments($groupid, $target_nickname, null);
}
foreach ($groupids_remove as $groupid) {
change_group_user_assignments($groupid, null, $target_nickname);
}
// re-fetch user
$user_data = get_user($target_nickname); // load user data
// further field update
$user_data["realname"] = $realname;
$user_data["privilege"] = $privilege;
// password replacement, if requested
if ($password !== "") {
$user_data["password"] = password_hash($password, PASSWORD_DEFAULT);
}
$success = update_user($user_data);
}
}
}
return $success ? "OK" : "FAIL";
}
function delete_users(ReqHandler &$rh, array $params): string {
$users = explode_list($params["users"]);
foreach ($users as $g) {
delete_user($g);
}
return "OK";
}
function get_all_game_users(ReqHandler &$rh, array $params): array {
$user_data_filtered = get_all_users();
for ($i = 0; $i < count($user_data_filtered); $i++) {
unset($user_data_filtered[$i]["password"]); // remove password from records
resolve_groupids($user_data_filtered[$i]["groups"]); // resolve group IDs
}
return $user_data_filtered;
}
function import_users_from_csv(ReqHandler &$rh, array $params): string {
if (!isset($_FILES["users_table"])) {
}
return "OK";
}
$rh->add("create_group", ["groupname", "description"], PRIVILEGE_QUIZMASTER, "create_update_group", RESP_PLAIN, "Create group.");
$rh->add("update_group", ["groupname", "description", "owner", "editors", "id"], PRIVILEGE_QUIZMASTER, "create_update_group", RESP_PLAIN, "Update group.");
$rh->add("delete_group", ["ids"], PRIVILEGE_QUIZMASTER, "delete_group", RESP_PLAIN, "Delete group.");
$rh->add("get_all_groups", [], PRIVILEGE_QUIZMASTER, "get_all_player_groups", RESP_JSON, "Get all player groups.");
$rh->add("search_groups", ["needle"], PRIVILEGE_QUIZMASTER, "search_player_groups", RESP_JSON, "Serach and fetch player groups.");
$rh->add(["create_user", "update_user"], ["nickname", "password", "groups", "realname", "privilege"], PRIVILEGE_QUIZMASTER, "create_update_user", RESP_PLAIN, "Create or update user.");
$rh->add("delete_users", ["users"], PRIVILEGE_QUIZMASTER, "delete_users", RESP_PLAIN, "Delete users.");
$rh->add("get_all_users", [], PRIVILEGE_QUIZMASTER, "get_all_game_users", RESP_JSON, "Get all users.");
$rh->add("import_users_from_csv", [], PRIVILEGE_QUIZMASTER, "import_users_from_csv", RESP_JSON, "Get all users.");
function dump_actions(ReqHandler &$rh, array $params): string {
return $rh->dump_actions();
}
$rh->add("dump_actions", [], PRIVILEGE_QUIZMASTER, "dump_actions", RESP_PLAIN, "Dump all registered actions.");
// ----------
process_and_print:
[$result, $success] = $rh->process($privilege);
if ($success && ($result !== "")) {
echo $result;
}
Reference in New Issue View Git Blame Copy Permalink