2017-10-22 17:57:55 +02:00
|
|
|
<?php
|
|
|
|
date_default_timezone_set('Europe/Oslo');
|
2018-02-10 18:08:53 +01:00
|
|
|
setlocale(LC_ALL, 'nb_NO');
|
2017-10-22 17:57:55 +02:00
|
|
|
require __DIR__ . '/../../src/_autoload.php';
|
2024-02-15 22:57:03 +01:00
|
|
|
require __DIR__ . '/../../config.php';
|
2024-03-12 19:33:09 +01:00
|
|
|
$pdo = new \PDO($DB_DSN, $DB_USER, $DB_PASS);
|
2017-10-22 17:57:55 +02:00
|
|
|
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
|
|
|
|
|
2018-08-09 00:48:53 +02:00
|
|
|
if(!isset($_POST['title']) or !isset($_POST['desc']) or !isset($_POST['active'])){
|
2017-10-22 17:57:55 +02:00
|
|
|
header('Location: ' . $_SERVER['HTTP_REFERER']);
|
|
|
|
exit();
|
|
|
|
}
|
|
|
|
|
|
|
|
require_once(__DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php');
|
2024-04-08 22:11:43 +02:00
|
|
|
$as = new \SimpleSAML\Auth\Simple('default-sp');
|
2017-10-22 17:57:55 +02:00
|
|
|
$as->requireAuth();
|
|
|
|
$attrs = $as->getAttributes();
|
|
|
|
|
2018-02-24 21:09:15 +01:00
|
|
|
$id = $_POST['id'];
|
2018-08-09 00:48:53 +02:00
|
|
|
$do_delete = isset($_POST['delete']);
|
2018-08-09 00:49:49 +02:00
|
|
|
$do_join_or_leave = isset($_POST['join_or_leave']);
|
2018-08-09 00:48:53 +02:00
|
|
|
|
2018-02-24 21:09:15 +01:00
|
|
|
$active = $_POST['active'];
|
2017-10-22 17:57:55 +02:00
|
|
|
|
|
|
|
$title = $_POST['title'];
|
|
|
|
$desc = $_POST['desc'];
|
2018-02-26 16:24:50 +01:00
|
|
|
$name = $attrs['cn'][0];
|
|
|
|
$uname = $attrs['uid'][0];
|
|
|
|
$mail = $attrs['mail'][0];
|
2017-10-22 17:57:55 +02:00
|
|
|
|
|
|
|
$statement;
|
|
|
|
if($id == 0){
|
2018-02-26 16:24:50 +01:00
|
|
|
$query = 'INSERT INTO projects (name, description, active) VALUES (:title, :desc, 1)';
|
2017-10-22 17:57:55 +02:00
|
|
|
$statement = $pdo->prepare($query);
|
|
|
|
|
|
|
|
$statement->bindParam(':title', $title, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':desc', $desc, PDO::PARAM_STR);
|
2018-02-26 16:24:50 +01:00
|
|
|
|
|
|
|
$statement->execute();
|
2018-08-09 00:49:49 +02:00
|
|
|
$new_id = $pdo->lastInsertId();
|
2018-02-26 16:24:50 +01:00
|
|
|
|
2018-08-09 00:49:49 +02:00
|
|
|
$ownerQuery = "INSERT INTO projectmembers (projectid, name, uname, mail, role, lead, owner) VALUES (:id, :owner, :owneruname, :owneremail, 'Prosjektleder', 1, 1)";
|
|
|
|
$statement = $pdo->prepare($ownerQuery);
|
|
|
|
$statement->bindParam(':id', $new_id, PDO::PARAM_STR);
|
2018-02-26 16:24:50 +01:00
|
|
|
$statement->bindParam(':owner', $name, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':owneruname', $uname, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':owneremail', $mail, PDO::PARAM_STR);
|
|
|
|
|
|
|
|
$statement->execute();
|
2018-08-09 00:49:49 +02:00
|
|
|
}
|
|
|
|
else {
|
2018-02-26 16:26:10 +01:00
|
|
|
$projectManager = new \pvv\side\ProjectManager($pdo);
|
|
|
|
$owner = $projectManager->getProjectOwner($id);
|
2018-08-09 00:49:49 +02:00
|
|
|
$members = $projectManager->getProjectMembers($id);
|
|
|
|
|
|
|
|
//if ($do_join_or_leave and $owner['uname'] != $uname) {
|
|
|
|
if ($do_join_or_leave) {
|
|
|
|
$is_member = False;
|
|
|
|
foreach($members as $member){
|
|
|
|
if ($member['uname'] == $uname and $member['owner']==0){
|
|
|
|
$is_member = True;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ($is_member){//leave
|
|
|
|
$query = "DELETE FROM projectmembers WHERE projectid=:id AND uname=:uname and lead=0 and owner=0;";
|
|
|
|
$statement = $pdo->prepare($query);
|
|
|
|
$statement->bindParam(':id', $id, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':uname', $uname, PDO::PARAM_STR);
|
|
|
|
|
|
|
|
$statement->execute();
|
|
|
|
print("leave");
|
|
|
|
}
|
|
|
|
else{//join
|
|
|
|
$query = "INSERT INTO projectmembers (projectid, name, uname, mail, role, lead, owner) VALUES (:id, :name, :uname, :mail, 'Medlem', 0, 0)";
|
|
|
|
$statement = $pdo->prepare($query);
|
|
|
|
$statement->bindParam(':id', $id, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':name', $name, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':uname', $uname, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':mail', $mail, PDO::PARAM_STR);
|
|
|
|
|
|
|
|
$statement->execute();
|
|
|
|
print("join");
|
|
|
|
}
|
|
|
|
header('Location: ./info.php?id=' . $id);
|
|
|
|
exit();
|
|
|
|
}
|
2018-02-26 16:26:10 +01:00
|
|
|
|
|
|
|
if($uname != $owner['uname']){
|
|
|
|
header('Content-Type: text/plain', true, 403);
|
2018-08-09 00:48:53 +02:00
|
|
|
echo "Illegal action, you're not the project owner for project with ID " . $id . "\r\n";
|
2018-02-26 16:26:10 +01:00
|
|
|
exit();
|
|
|
|
}
|
2018-08-09 00:48:53 +02:00
|
|
|
|
|
|
|
if ($do_delete) {
|
|
|
|
// this should be done as a transaction...
|
|
|
|
$pdo->beginTransaction();
|
|
|
|
|
|
|
|
$query = 'DELETE FROM projects WHERE id=:id';
|
|
|
|
$statement = $pdo->prepare($query);
|
|
|
|
$statement->bindParam(':id', $id, PDO::PARAM_INT);
|
|
|
|
$statement->execute();
|
|
|
|
|
|
|
|
$query = 'DELETE FROM projectmembers WHERE projectid=:id';
|
|
|
|
$statement = $pdo->prepare($query);
|
|
|
|
$statement->bindParam(':id', $id, PDO::PARAM_INT);
|
|
|
|
$statement->execute();
|
|
|
|
|
|
|
|
$pdo->commit();
|
|
|
|
}else{
|
|
|
|
$query = 'UPDATE projects SET name=:title, description=:desc WHERE id=:id';
|
|
|
|
$statement = $pdo->prepare($query);
|
2018-02-26 16:26:10 +01:00
|
|
|
|
2018-08-09 00:48:53 +02:00
|
|
|
$statement->bindParam(':title', $title, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':desc', $desc, PDO::PARAM_STR);
|
|
|
|
$statement->bindParam(':id', $id, PDO::PARAM_INT);
|
|
|
|
|
|
|
|
$statement->execute();
|
|
|
|
}
|
2018-02-26 16:24:50 +01:00
|
|
|
}
|
2017-10-22 17:57:55 +02:00
|
|
|
|
2017-10-28 20:09:54 +02:00
|
|
|
header('Location: ./mine.php');
|
2017-10-22 17:57:55 +02:00
|
|
|
?>
|
|
|
|
|
2018-08-09 00:48:53 +02:00
|
|
|
<a href="..">Om du ikke ble omdirigert tilbake klikk her</a>
|