Projects/nettsiden
8
3
Fork 0
Code Issues 28 Pull Requests Activity
Files
6a096de179ac682ad8b04263fddc4162cf398994
nettsiden/www/prosjekt/update.php
h7x4 6a096de179 WIP more stuff lol
2026-01-13 15:25:04 +09:00

227 lines
6.0 KiB
PHP
Raw Blame History

<?php
date_default_timezone_set('Europe/Oslo');
setlocale(\LC_ALL, 'nb_NO');
require __DIR__ . '/../../src/_autoload.php';
require __DIR__ . '/../../config.php';
$pdo = new PDO($DB_DSN, $DB_USER, $DB_PASS);
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$required_fields = [
'title',
'desc_no',
'desc_en',
'gitea',
'issue',
'wiki',
'programming-languages',
'technologies',
'keywords',
'license',
'logo'
];
foreach ($required_fields as $field) {
if (!isset($_POST[$field])) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
}
require_once __DIR__ . '/../../vendor/simplesamlphp/simplesamlphp/lib/_autoload.php';
$as = new SimpleSAML\Auth\Simple('default-sp');
$as->requireAuth();
$attrs = $as->getAttributes();
$id = $_POST['id'] ?? 0;
$do_delete = isset($_POST['delete']);
$do_join_or_leave = isset($_POST['join_or_leave']);
function clean_tags(string $raw): string {
$tags = array_map('trim', explode(',', $raw));
$tags = array_filter($tags, fn($tag) => !empty($tag));
return implode(',', $tags);
}
$title = $_POST['title'];
$desc_no = $_POST['desc_no'];
$desc_en = $_POST['desc_en'];
$gitea = $_POST['gitea'];
$issue = $_POST['issue'];
$wiki = $_POST['wiki'];
$langs = clean_tags($_POST['programming-languages']);
$techs = clean_tags($_POST['technologies']);
$keywords = clean_tags($_POST['keywords']);
$license = $_POST['license'];
$logo = $_POST['logo'];
$is_hidden = isset($_POST['is_hidden']) ? 1 : 0;
$name = $attrs['cn'][0];
$uname = $attrs['uid'][0];
$mail = $attrs['mail'][0];
if ($id == 0) { // Create new project
$query = <<<END
INSERT INTO
project(
title,
description_no,
description_en,
gitea_link,
issue_board_link,
wiki_link,
programming_languages,
technologies,
keywords,
license,
logo_url,
is_hidden
)
VALUES
(
:title,
:desc_no,
:desc_en,
:gitea,
:issue,
:wiki,
:programming_languages,
:technologies,
:keywords,
:license,
:logo,
:is_hidden
)
END;
$statement = $pdo->prepare($query);
$statement->bindParam(':title', $title, PDO::PARAM_STR);
$statement->bindParam(':desc_no', $desc_no, PDO::PARAM_STR);
$statement->bindParam(':desc_en', $desc_en, PDO::PARAM_STR);
$statement->bindParam(':gitea', $gitea, PDO::PARAM_STR);
$statement->bindParam(':issue', $issue, PDO::PARAM_STR);
$statement->bindParam(':wiki', $wiki, PDO::PARAM_STR);
$statement->bindParam(':programming_languages', $langs, PDO::PARAM_STR);
$statement->bindParam(':technologies', $techs, PDO::PARAM_STR);
$statement->bindParam(':keywords', $keywords, PDO::PARAM_STR);
$statement->bindParam(':license', $license, PDO::PARAM_STR);
$statement->bindParam(':logo', $logo, PDO::PARAM_STR);
$statement->bindParam(':is_hidden', $is_hidden, PDO::PARAM_BOOL);
$statement->execute();
$new_project_id = $pdo->lastInsertId();
$insertOrganizerQuery = <<<END
INSERT INTO
project_maintainer (
uname,
project_id,
name,
email,
is_organizer
)
VALUES
(
:username,
:project_id,
:user_real_name,
:user_email,
TRUE
)
END;
$statement = $pdo->prepare($insertOrganizerQuery);
$statement->bindParam(':username', $uname, PDO::PARAM_STR);
$statement->bindParam(':project_id', $new_project_id, PDO::PARAM_INT);
$statement->bindParam(':user_real_name', $name, PDO::PARAM_STR);
$statement->bindParam(':user_email', $mail, PDO::PARAM_STR);
$statement->execute();
} else { // Update existing project
$projectManager = new pvv\side\ProjectManager($pdo);
// $owner = $projectManager->getProjectOwner($id);
$members = $projectManager->getProjectMaintainers($id);
// if ($do_join_or_leave and $owner['uname'] != $uname) {
if ($do_join_or_leave) {
$is_member = false;
foreach ($members as $member) {
if ($member['uname'] == $uname && $member['owner'] == 0) {
$is_member = true;
break;
}
}
if ($is_member) {// leave
$query = '
DELETE FROM projectmembers
WHERE
projectid = :id
AND uname = :uname
';
$statement = $pdo->prepare($query);
$statement->bindParam(':id', $id, PDO::PARAM_STR);
$statement->bindParam(':uname', $uname, PDO::PARAM_STR);
$statement->execute();
echo 'leave';
} else {// join
$query = '
INSERT INTO
projectmembers(projectid, name, uname, mail, role)
VALUES
(:id, :name, :uname, :mail, \'Medlem\')
';
$statement = $pdo->prepare($query);
$statement->bindParam(':id', $id, PDO::PARAM_STR);
$statement->bindParam(':name', $name, PDO::PARAM_STR);
$statement->bindParam(':uname', $uname, PDO::PARAM_STR);
$statement->bindParam(':mail', $mail, PDO::PARAM_STR);
$statement->execute();
echo 'join';
}
header('Location: ./info.php?id=' . $id);
exit;
}
if ($uname != $owner['uname']) {
header('Content-Type: text/plain', true, 403);
echo "Illegal action, you're not the project owner for project with ID " . $id . "\r\n";
exit;
}
if ($do_delete) {
// this should be done as a transaction...
$pdo->beginTransaction();
// NOTE: project members are deleted via ON DELETE CASCADE
$query = 'DELETE FROM projects WHERE id=:id';
$statement = $pdo->prepare($query);
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$statement->execute();
$pdo->commit();
} else {
$query = '
UPDATE
projects
SET
name = :title,
description = :desc
WHERE
id = :id
';
$statement = $pdo->prepare($query);
$statement->bindParam(':title', $title, PDO::PARAM_STR);
$statement->bindParam(':desc', $desc, PDO::PARAM_STR);
$statement->bindParam(':id', $id, PDO::PARAM_INT);
$statement->execute();
}
}
header('Location: ./mine.php');
?>
<a href="..">Om du ikke ble omdirigert tilbake klikk her</a>
Reference in New Issue View Git Blame Copy Permalink