"Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
Methods that run without errors, but do not have the intended result should return as:
return array('succeed' => 'false', 'message' => 'No Groups Found', 'params' => var_export($params, TRUE));
or if applicable:
return array('succeed' => 'false', 'message' => 'What went wrong', 'params' => var_export($params, TRUE), 'sql' => $sql);
*/
// Modified by Fumi.Iseki '09 5/31
// Modified by Fumi.Iseki '14 3/4
// Modified by Fumi.Iseki '14 5/15 for MySQLi
// Modified by Fumi.Iseki '16 7/14
include(dirname(__FILE__).'/phpxmlrpclib/xmlrpc.inc');
include(dirname(__FILE__).'/phpxmlrpclib/xmlrpcs.inc');
// Global
$osagent = XMLGROUP_ACTIVE_TBL;
$osgroup = XMLGROUP_LIST_TBL;
$osgroupinvite = XMLGROUP_INVITE_TBL;
$osgroupmembership = XMLGROUP_MEMBERSHIP_TBL;
$osgroupnotice = XMLGROUP_NOTICE_TBL;
$osgrouprolemembership = XMLGROUP_ROLE_MEMBER_TBL;
$osrole = XMLGROUP_ROLE_TBL;
$groupPowers = array(
'None' => 0,
/// Can send invitations to groups default role
'Invite' => 1,
/// Can eject members from group
'Eject' => 2,
/// Can toggle 'Open Enrollment' and change 'Signup fee'
'ChangeOptions' => 4,
/// Can create new roles
'CreateRole' => 8,
/// Can delete existing roles
'DeleteRole' => 16,
/// Can change Role names, titles and descriptions
'RoleProperties' => 32,
/// Can assign other members to assigners role
'AssignMemberLimited' => 64,
/// Can assign other members to any role
'AssignMember' => 128,
/// Can remove members from roles
'RemoveMember' => 256,
/// Can assign and remove abilities in roles
'ChangeActions' => 512,
/// Can change group Charter, Insignia, 'Publish on the web' and which
/// members are publicly visible in group member listings
'ChangeIdentity' => 1024,
/// Can buy land or deed land to group
'LandDeed' => 2048,
/// Can abandon group owned land to Governor Linden on mainland, or Estate owner for
/// private estates
'LandRelease' => 4096,
/// Can set land for-sale information on group owned parcels
'LandSetSale' => 8192,
/// Can subdivide and join parcels
'LandDivideJoin' => 16384,
/// Can join group chat sessions
'JoinChat' => 32768,
/// Can toggle "Show in Find Places" and set search category
'FindPlaces' => 65536,
/// Can change parcel name, description, and 'Publish on web' settings
'LandChangeIdentity' => 131072,
/// Can set the landing point and teleport routing on group land
'SetLandingPoint' => 262144,
/// Can change music and media settings
'ChangeMedia' => 524288,
/// Can toggle 'Edit Terrain' option in Land settings
'LandEdit' => 1048576,
/// Can toggle various About Land > Options settings
'LandOptions' => 2097152,
/// Can always terraform land, even if parcel settings have it turned off
'AllowEditLand' => 4194304,
/// Can always fly while over group owned land
'AllowFly' => 8388608,
/// Can always rez objects on group owned land
'AllowRez' => 16777216,
/// Can always create landmarks for group owned parcels
'AllowLandmark' => 33554432,
/// Can use voice chat in Group Chat sessions
'AllowVoiceChat' => 67108864,
/// Can set home location on any group owned parcel
'AllowSetHome' => 134217728,
/// Can modify public access settings for group owned parcels
'LandManageAllowed' => 268435456,
/// Can manager parcel ban lists on group owned land
'LandManageBanned' => 536870912,
/// Can manage pass list sales information
'LandManagePasses' => 1073741824,
/// Can eject and freeze other avatars on group owned land
'LandEjectAndFreeze' => 2147483648,
/// Can return objects set to group
'ReturnGroupSet' => 4294967296,
/// Can return non-group owned/set objects
'ReturnNonGroup' => 8589934592,
/// Can landscape using Linden plants
'LandGardening' => 17179869184,
/// Can deed objects to group
'DeedObject' => 34359738368,
/// Can moderate group chat sessions
'ModerateChat' => 68719476736,
/// Can move group owned objects
'ObjectManipulate' => 137438953472,
/// Can set group owned objects for-sale
'ObjectSetForSale' => 274877906944,
/// Pay group liabilities and receive group dividends
'Accountable' => 549755813888,
/// Can send group notices
'SendNotices' => 1099511627776,
/// Can receive group notices
'ReceiveNotices' => 2199023255552,
/// Can create group proposals
'StartProposal' => 4398046511104,
/// Can vote on group proposals
'VoteOnProposal' => 8796093022208,
/// Can return group owned objects
'ReturnGroupOwned' => 17592186044416
);
$uuidZero = "00000000-0000-0000-0000-000000000000";
$groupDBCon = mysqli_connect($XMLGRP_DB_HOST, $XMLGRP_DB_USER, $XMLGRP_DB_PASS, $XMLGRP_DB_NAME);
if (!$groupDBCon)
{
die('Could not connect: ' . mysqli_connect_error());
}
// This is filled in by secure()
$requestingAgent = $uuidZero;
function test()
{
return array('name' => 'Joe','age' => 27);
}
// Use a common signature for all the group functions -> struct foo($struct)
$common_sig = array(array($xmlrpcStruct, $xmlrpcStruct));
function createGroup($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params["GroupID"];
$name = addslashes( $params["Name"] );
$charter = addslashes( $params["Charter"] );
$insigniaID = $params["InsigniaID"];
$founderID = $params["FounderID"];
$membershipFee = $params["MembershipFee"];
$openEnrollment = $params["OpenEnrollment"];
$showInList = $params["ShowInList"];
$allowPublish = $params["AllowPublish"];
$maturePublish = $params["MaturePublish"];
$ownerRoleID = $params["OwnerRoleID"];
$everyonePowers = $params["EveryonePowers"];
$ownersPowers = $params["OwnersPowers"];
// Create group
$sql = "INSERT INTO $osgroup
(GroupID, Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID)
VALUES
('$groupID','$name','$charter','$insigniaID','$founderID',$membershipFee,$openEnrollment,$showInList,$allowPublish,$maturePublish,'$ownerRoleID')";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
// Create Everyone Role
// NOTE: FIXME: This is a temp fix until the libomv enum for group powers is fixed in OpenSim
$everyonePowers = 8796495740928;
$result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $uuidZero, 'Name' => 'Everyone',
'Description' => 'Everyone in the group is in the everyone role.', 'Title' => "Member of $name", 'Powers' => $everyonePowers));
if( isset($result['error']) )
{
return $result;
}
// Create Owner Role
$result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $ownerRoleID, 'Name' => 'Owners',
'Description' => "Owners of $name", 'Title' => "Owner of $name", 'Powers' => $ownersPowers));
if( isset($result['error']) )
{
return $result;
}
// Add founder to group, will automatically place them in the Everyone Role, also places them in specified Owner Role
$result = _addAgentToGroup(array('AgentID' => $founderID, 'GroupID' => $groupID, 'RoleID' => $ownerRoleID));
if( isset($result['error']) )
{
return $result;
}
// Select the owner's role for the founder
$result = _setAgentGroupSelectedRole(array('AgentID' => $founderID, 'RoleID' => $ownerRoleID, 'GroupID' => $groupID));
if( isset($result['error']) )
{
return $result;
}
// Set the new group as the founder's active group
$result = _setAgentActiveGroup(array('AgentID' => $founderID, 'GroupID' => $groupID));
if( isset($result['error']) )
{
return $result;
}
return getGroup(array("GroupID"=>$groupID));
}
// Private method, does not include security, to only be called from places that have already verified security
function _addRoleToGroup($params)
{
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
$roleID = $params['RoleID'];
$name = addslashes( $params['Name'] );
$desc = addslashes( $params['Description'] );
$title = addslashes( $params['Title'] );
$powers = $params['Powers'];
$sql = " INSERT INTO $osrole (GroupID, RoleID, Name, Description, Title, Powers) VALUES "
." ('$groupID', '$roleID', '$name', '$desc', '$title', $powers)";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon)
, 'method' => 'addRoleToGroup'
, 'params' => var_export($params, TRUE));
}
return array("success" => "true");
}
function addRoleToGroup($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
$groupID = $params['GroupID'];
// Verify the requesting agent has permission
if( is_array($error = checkGroupPermission($groupID, $groupPowers['CreateRole'])) )
{
return $error;
}
return _addRoleToGroup($params);
}
function updateGroupRole($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
$roleID = $params['RoleID'];
$name = addslashes( $params['Name'] );
$desc = addslashes( $params['Description'] );
$title = addslashes( $params['Title'] );
$powers = $params['Powers'];
// Verify the requesting agent has permission
if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
{
return $error;
}
$sql = " UPDATE $osrole SET RoleID = '$roleID' ";
if( isset($params['Name']) )
{
$sql .= ", Name = '$name'";
}
if( isset($params['Description']) )
{
$sql .= ", Description = '$desc'";
}
if( isset($params['Title']) )
{
$sql .= ", Title = '$title'";
}
if( isset($params['Powers']) )
{
$sql .= ", Powers = $powers";
}
$sql .= " WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array("success" => "true");
}
function removeRoleFromGroup($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
$roleID = $params['RoleID'];
if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
{
return $error;
}
/// 1. Remove all members from Role
/// 2. Set selected Role to uuidZero for anyone that had the role selected
/// 3. Delete roll
$sql = "DELETE FROM $osgrouprolemembership WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$sql = "UPDATE $osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$sql = "DELETE FROM $osrole WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array("success" => "true");
}
function getGroup($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
return _getGroup($params);
}
function _getGroup($params)
{
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$sql = " SELECT $osgroup.GroupID, $osgroup.Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID"
." , count($osrole.RoleID) as GroupRolesCount, count($osgroupmembership.AgentID) as GroupMembershipCount "
." FROM $osgroup "
." LEFT JOIN $osrole ON ($osgroup.GroupID = $osrole.GroupID)"
." LEFT JOIN $osgroupmembership ON ($osgroup.GroupID = $osgroupmembership.GroupID)"
." WHERE ";
if( isset($params['GroupID']) )
{
$sql .= "$osgroup.GroupID = '".$params['GroupID']."'";
} else if( isset($params['Name']) )
{
$sql .= "$osgroup.Name = '".addslashes($params['Name'])."'";
} else {
return array("error" => "Must specify GroupID or Name");
}
$sql .= " GROUP BY $osgroup.GroupID, $osgroup.name, charter, insigniaID, founderID, membershipFee, openEnrollment, showInList, allowPublish, maturePublish, ownerRoleID";
$result = mysqli_query($groupDBCon, $sql);
if (!$result)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if (mysqli_num_rows($result) == 0)
{
return array('succeed' => 'false', 'error' => 'Group Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
return mysqli_fetch_assoc($result);
}
function updateGroup($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params["GroupID"];
$charter = addslashes( $params["Charter"] );
$insigniaID = $params["InsigniaID"];
$membershipFee = $params["MembershipFee"];
$openEnrollment = $params["OpenEnrollment"];
$showInList = $params["ShowInList"];
$allowPublish = $params["AllowPublish"];
$maturePublish = $params["MaturePublish"];
if( is_array($error = checkGroupPermission($groupID, $groupPowers['ChangeOptions'])) )
{
return $error;
}
// Create group
$sql = "UPDATE $osgroup
SET
Charter = '$charter'
, InsigniaID = '$insigniaID'
, MembershipFee = $membershipFee
, OpenEnrollment= $openEnrollment
, ShowInList = $showInList
, AllowPublish = $allowPublish
, MaturePublish = $maturePublish
WHERE
GroupID = '$groupID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array('success' => 'true');
}
function findGroups($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$search = addslashes( $params['Search'] );
// FULLTEXT indexes is not supported in InnoDB :(
$sql = " SELECT $osgroup.GroupID, $osgroup.Name, count($osgroupmembership.AgentID) as Members "
." FROM $osgroup LEFT JOIN $osgroupmembership ON ($osgroup.GroupID = $osgroupmembership.GroupID) "
." WHERE "
// ." ( MATCH ($osgroup.name) AGAINST ('$search' IN BOOLEAN MODE)"
// ." OR $osgroup.name LIKE '%$search%'"
// ." OR $osgroup.name REGEXP '$search'"
// ." ) AND ShowInList = 1"
." ( $osgroup.name LIKE '%$search%'"
." OR $osgroup.name REGEXP '$search'"
." ) AND ShowInList = 1"
." GROUP BY $osgroup.GroupID, $osgroup.Name";
$result = mysqli_query($groupDBCon, $sql);
if (!$result)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($result) == 0 )
{
return array('succeed' => 'false', 'error' => 'No groups found.', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
$results = array();
while ($row = mysqli_fetch_assoc($result))
{
$groupID = $row['GroupID'];
$results[$groupID] = $row;
}
return array('results' => $results, 'success' => TRUE);
}
function _setAgentActiveGroup($params)
{
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params['AgentID'];
$groupID = $params['GroupID'];
$sql = " UPDATE $osagent "
." SET ActiveGroupID = '$groupID'"
." WHERE AgentID = '$agentID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_affected_rows($groupDBCon) == 0 )
{
$sql = " INSERT INTO $osagent (ActiveGroupID, AgentID) VALUES "
." ('$groupID', '$agentID')";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
}
return array("success" => "true");
}
function setAgentActiveGroup($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
$agentID = $params['AgentID'];
$groupID = $params['GroupID'];
if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
{
return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
}
return _setAgentActiveGroup($params);
}
function addAgentToGroup($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params["GroupID"];
$agentID = $params["AgentID"];
if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
{
// If they don't have direct permission, check to see if the group is marked for open enrollment
$groupInfo = _getGroup( array ('GroupID'=>$groupID) );
if( isset($groupInfo['error']))
{
return $groupInfo;
}
if($groupInfo['OpenEnrollment'] != 1)
{
// Group is not open enrollment, check if the specified agentid has an invite
$sql = " SELECT GroupID, RoleID, AgentID FROM $osgroupinvite"
." WHERE $osgroupinvite.AgentID = '$agentID' AND $osgroupinvite.GroupID = '$groupID'";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($results) == 1 )
{
// if there is an invite, make sure we're adding the user to the role specified in the invite
$inviteInfo = mysqli_fetch_assoc($results);
$params['RoleID'] = $inviteInfo['RoleID'];
} else {
// Not openenrollment, not invited, return permission denied error
return $error;
}
}
}
return _addAgentToGroup($params);
}
// Private method, does not include security, to only be called from places that have already verified security
function _addAgentToGroup($params)
{
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params["AgentID"];
$groupID = $params["GroupID"];
$roleID = $uuidZero;
if( isset($params["RoleID"]) )
{
$roleID = $params["RoleID"];
}
// Check if agent already a member
$sql = " SELECT count(AgentID) as isMember FROM $osgroupmembership WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
$result = mysqli_query($groupDBCon, $sql);
if (!$result)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
// If not a member, add membership, select role (defaults to uuidZero, or everyone role)
//if( mysql_result($result, 0) == 0 )
$row = mysqli_fetch_row($result);
if(is_array($row) and $row[0]==0)
{
$sql = " INSERT INTO $osgroupmembership (GroupID, AgentID, Contribution, ListInProfile, AcceptNotices, SelectedRoleID) VALUES "
."('$groupID','$agentID', 0, 1, 1,'$roleID')";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
}
// Make sure they're in the Everyone role
$result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $uuidZero, "AgentID" => $agentID));
if( isset($result['error']) )
{
return $result;
}
// Make sure they're in specified role, if they were invited
if( $roleID != $uuidZero )
{
$result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $roleID, "AgentID" => $agentID));
if( isset($result['error']) )
{
return $result;
}
}
return array("success" => "true");
}
function removeAgentFromGroup($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params["AgentID"];
$groupID = $params["GroupID"];
if( is_array($error = checkGroupPermission($groupID, $groupPowers['RemoveMember'])) )
{
return $error;
}
// 1. If group is agent's active group, change active group to uuidZero
// 2. Remove Agent from group (osgroupmembership)
// 3. Remove Agent from all of the groups roles (osgrouprolemembership)
$sql = " UPDATE $osagent "
." SET ActiveGroupID = '$uuidZero'"
." WHERE AgentID = '$agentID' AND ActiveGroupID = '$groupID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$sql = " DELETE FROM $osgroupmembership "
." WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$sql = " DELETE FROM $osgrouprolemembership "
." WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array("success" => "true");
}
function _addAgentToGroupRole($params)
{
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params["AgentID"];
$groupID = $params["GroupID"];
$roleID = $params["RoleID"];
// Check if agent already a member
$sql = " SELECT count(AgentID) as isMember FROM $osgrouprolemembership WHERE AgentID = '$agentID' AND RoleID = '$roleID' AND GroupID = '$groupID'";
$result = mysqli_query($groupDBCon, $sql);
if (!$result)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
//if( mysql_result($result, 0) == 0 )
$row = mysqli_fetch_row($result);
if(is_array($row) and $row[0]==0)
{
$sql = " INSERT INTO $osgrouprolemembership (GroupID, RoleID, AgentID) VALUES "
."('$groupID', '$roleID', '$agentID')";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
}
return array("success" => "true");
}
function addAgentToGroupRole($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params["AgentID"];
$groupID = $params["GroupID"];
$roleID = $params["RoleID"];
// Check if being assigned to Owners role, assignments to an owners role can only be requested by owners.
$sql = " SELECT OwnerRoleID, AgentID "
." FROM $osgroup LEFT JOIN $osgrouprolemembership ON ($osgroup.GroupID = $osgrouprolemembership.GroupID AND $osgroup.OwnerRoleID = $osgrouprolemembership.RoleID) "
." WHERE $osgrouprolemembership.AgentID = '$agentID' AND $osgroup.GroupID = '$groupID'";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($results) != 0 )
{
$ownerRoleInfo = mysqli_fetch_assoc($results);
if( ($ownerRoleInfo['OwnerRoleID'] == $roleID) && ($ownerRoleInfo['AgentID'] != $requestingAgent) )
{
return array('error' => "Requesting agent $requestingAgent is not a member of the Owners Role and cannot add members to the owners role.",
'params' => var_export($params, TRUE));
}
}
if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
{
return $error;
}
return _addAgentToGroupRole($params);
}
function removeAgentFromGroupRole($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params["AgentID"];
$groupID = $params["GroupID"];
$roleID = $params["RoleID"];
if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
{
return $error;
}
// If agent has this role selected, change their selection to everyone (uuidZero) role
$sql = " UPDATE $osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
$result = mysqli_query($groupDBCon, $sql);
if (!$result)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$sql = " DELETE FROM $osgrouprolemembership WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND RoleID = '$roleID'";
if (!mysqli_query($groupDBCon, $sql))
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array("success" => "true");
}
function _setAgentGroupSelectedRole($params)
{
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params["AgentID"];
$groupID = $params["GroupID"];
$roleID = $params["RoleID"];
$sql = " UPDATE $osgroupmembership SET SelectedRoleID = '$roleID' WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
$result = mysqli_query($groupDBCon, $sql);
if (!$result)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array('success' => 'true');
}
function setAgentGroupSelectedRole($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
$agentID = $params["AgentID"];
$groupID = $params["GroupID"];
$roleID = $params["RoleID"];
if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
{
return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
}
return _setAgentGroupSelectedRole($params);
}
function getAgentGroupMembership($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
$agentID = $params['AgentID'];
$sql = " SELECT $osgroup.GroupID, $osgroup.Name as GroupName, $osgroup.Charter, $osgroup.InsigniaID, $osgroup.FounderID"
." , $osgroup.MembershipFee, $osgroup.OpenEnrollment, $osgroup.ShowInList, $osgroup.AllowPublish, $osgroup.MaturePublish"
." , $osgroupmembership.Contribution, $osgroupmembership.ListInProfile, $osgroupmembership.AcceptNotices"
." , $osgroupmembership.SelectedRoleID, $osrole.Title"
." , $osagent.ActiveGroupID "
." FROM $osgroup JOIN $osgroupmembership ON ($osgroup.GroupID = $osgroupmembership.GroupID)"
." JOIN $osrole ON ($osgroupmembership.SelectedRoleID = $osrole.RoleID AND $osgroupmembership.GroupID = $osrole.GroupID)"
." JOIN $osagent ON ($osagent.AgentID = $osgroupmembership.AgentID)"
." WHERE $osgroup.GroupID = '$groupID' AND $osgroupmembership.AgentID = '$agentID'";
$groupmembershipResult = mysqli_query($groupDBCon, $sql);
if (!$groupmembershipResult)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($groupmembershipResult) == 0 )
{
return array('succeed' => 'false', 'error' => 'None Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
$groupMembershipInfo = mysqli_fetch_assoc($groupmembershipResult);
$sql = " SELECT BIT_OR($osrole.Powers) AS GroupPowers"
." FROM $osgrouprolemembership JOIN $osrole ON ($osgrouprolemembership.GroupID = $osrole.GroupID AND $osgrouprolemembership.RoleID = $osrole.RoleID)"
." WHERE $osgrouprolemembership.GroupID = '$groupID' AND $osgrouprolemembership.AgentID = '$agentID'";
$groupPowersResult = mysqli_query($groupDBCon, $sql);
if (!$groupPowersResult)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$groupPowersInfo = mysqli_fetch_assoc($groupPowersResult);
return array_merge($groupMembershipInfo, $groupPowersInfo);
}
function getAgentGroupMemberships($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params['AgentID'];
$sql = " SELECT $osgroup.GroupID, $osgroup.Name as GroupName, $osgroup.Charter, $osgroup.InsigniaID, $osgroup.FounderID"
." , $osgroup.MembershipFee, $osgroup.OpenEnrollment, $osgroup.ShowInList, $osgroup.AllowPublish, $osgroup.MaturePublish"
." , $osgroupmembership.Contribution, $osgroupmembership.ListInProfile, $osgroupmembership.AcceptNotices"
." , $osgroupmembership.SelectedRoleID, $osrole.Title"
." , IFNULL($osagent.ActiveGroupID, '$uuidZero') AS ActiveGroupID"
." FROM $osgroup JOIN $osgroupmembership ON ($osgroup.GroupID = $osgroupmembership.GroupID)"
." JOIN $osrole ON ($osgroupmembership.SelectedRoleID = $osrole.RoleID AND $osgroupmembership.GroupID = $osrole.GroupID)"
." LEFT JOIN $osagent ON ($osagent.AgentID = $osgroupmembership.AgentID)"
." WHERE $osgroupmembership.AgentID = '$agentID'";
$groupmembershipResults = mysqli_query($groupDBCon, $sql);
if (!$groupmembershipResults)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($groupmembershipResults) == 0 )
{
return array('succeed' => 'false', 'error' => 'No Memberships', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
$groupResults = array();
while($groupMembershipInfo = mysqli_fetch_assoc($groupmembershipResults))
{
$groupID = $groupMembershipInfo['GroupID'];
$sql = " SELECT BIT_OR($osrole.Powers) AS GroupPowers"
." FROM $osgrouprolemembership JOIN $osrole ON ($osgrouprolemembership.GroupID = $osrole.GroupID AND $osgrouprolemembership.RoleID = $osrole.RoleID)"
." WHERE $osgrouprolemembership.GroupID = '$groupID' AND $osgrouprolemembership.AgentID = '$agentID'";
$groupPowersResult = mysqli_query($groupDBCon, $sql);
if (!$groupPowersResult)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$groupPowersInfo = mysqli_fetch_assoc($groupPowersResult);
$groupResults[$groupID] = array_merge($groupMembershipInfo, $groupPowersInfo);
}
return $groupResults;
}
function getGroupMembers($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
$sql = " SELECT $osgroupmembership.AgentID"
." , $osgroupmembership.Contribution, $osgroupmembership.ListInProfile, $osgroupmembership.AcceptNotices"
." , $osgroupmembership.SelectedRoleID, $osrole.Title"
." , CASE WHEN OwnerRoleMembership.AgentID IS NOT NULL THEN 1 ELSE 0 END AS IsOwner"
." FROM $osgroup JOIN $osgroupmembership ON ($osgroup.GroupID = $osgroupmembership.GroupID)"
." JOIN $osrole ON ($osgroupmembership.SelectedRoleID = $osrole.RoleID AND $osgroupmembership.GroupID = $osrole.GroupID)"
." JOIN $osrole AS OwnerRole ON ($osgroup.OwnerRoleID = OwnerRole.RoleID AND $osgroup.GroupID = OwnerRole.GroupID)"
." LEFT JOIN $osgrouprolemembership AS OwnerRoleMembership ON ($osgroup.OwnerRoleID = OwnerRoleMembership.RoleID
AND ($osgroup.GroupID = OwnerRoleMembership.GroupID)
AND ($osgroupmembership.AgentID = OwnerRoleMembership.AgentID))"
." WHERE $osgroup.GroupID = '$groupID'";
$groupmemberResults = mysqli_query($groupDBCon, $sql);
if (!$groupmemberResults)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if (mysqli_num_rows($groupmemberResults) == 0)
{
return array('succeed' => 'false', 'error' => 'No Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
$memberResults = array();
while($memberInfo = mysqli_fetch_assoc($groupmemberResults))
{
$agentID = $memberInfo['AgentID'];
$sql = " SELECT BIT_OR($osrole.Powers) AS AgentPowers"
." FROM $osgrouprolemembership JOIN $osrole ON ($osgrouprolemembership.GroupID = $osrole.GroupID AND $osgrouprolemembership.RoleID = $osrole.RoleID)"
." WHERE $osgrouprolemembership.GroupID = '$groupID' AND $osgrouprolemembership.AgentID = '$agentID'";
$memberPowersResult = mysqli_query($groupDBCon, $sql);
if (!$memberPowersResult)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if (mysqli_num_rows($groupmemberResults) == 0)
{
$memberResults[$agentID] = array_merge($memberInfo, array('AgentPowers' => 0));
} else {
$memberPowersInfo = mysqli_fetch_assoc($memberPowersResult);
$memberResults[$agentID] = array_merge($memberInfo, $memberPowersInfo);
}
}
return $memberResults;
}
function getAgentActiveMembership($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
secureRequest($params, FALSE);
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params['AgentID'];
$sql = " SELECT $osgroup.GroupID, $osgroup.Name as GroupName, $osgroup.Charter, $osgroup.InsigniaID, $osgroup.FounderID"
." , $osgroup.MembershipFee, $osgroup.OpenEnrollment, $osgroup.ShowInList, $osgroup.AllowPublish, $osgroup.MaturePublish"
." , $osgroupmembership.Contribution, $osgroupmembership.ListInProfile, $osgroupmembership.AcceptNotices"
." , $osgroupmembership.SelectedRoleID, $osrole.Title"
." , $osagent.ActiveGroupID "
." FROM $osagent JOIN $osgroup ON ($osgroup.GroupID = $osagent.ActiveGroupID)"
." JOIN $osgroupmembership ON ($osgroup.GroupID = $osgroupmembership.GroupID AND $osagent.AgentID = $osgroupmembership.AgentID)"
." JOIN $osrole ON ($osgroupmembership.SelectedRoleID = $osrole.RoleID AND $osgroupmembership.GroupID = $osrole.GroupID)"
." WHERE $osagent.AgentID = '$agentID'";
$groupmembershipResult = mysqli_query($groupDBCon, $sql);
if (!$groupmembershipResult)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if (mysqli_num_rows($groupmembershipResult) == 0)
{
return array('succeed' => 'false', 'error' => 'No Active Group Specified', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
$groupMembershipInfo = mysqli_fetch_assoc($groupmembershipResult);
$groupID = $groupMembershipInfo['GroupID'];
$sql = " SELECT BIT_OR($osrole.Powers) AS GroupPowers"
." FROM $osgrouprolemembership JOIN $osrole ON ($osgrouprolemembership.GroupID = $osrole.GroupID AND $osgrouprolemembership.RoleID = $osrole.RoleID)"
." WHERE $osgrouprolemembership.GroupID = '$groupID' AND $osgrouprolemembership.AgentID = '$agentID'";
$groupPowersResult = mysqli_query($groupDBCon, $sql);
if (!$groupPowersResult)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$groupPowersInfo = mysqli_fetch_assoc($groupPowersResult);
return array_merge($groupMembershipInfo, $groupPowersInfo);
}
function getAgentRoles($params=null)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$agentID = $params['AgentID'];
$sql = " SELECT "
." $osrole.RoleID, $osrole.GroupID, $osrole.Title, $osrole.Name, $osrole.Description, $osrole.Powers"
." , CASE WHEN $osgroupmembership.SelectedRoleID = $osrole.RoleID THEN 1 ELSE 0 END AS Selected"
." FROM $osgroupmembership JOIN $osgrouprolemembership ON ($osgroupmembership.GroupID = $osgrouprolemembership.GroupID"
." AND $osgroupmembership.AgentID = $osgrouprolemembership.AgentID)"
." JOIN $osrole ON ( $osgrouprolemembership.RoleID = $osrole.RoleID AND $osgrouprolemembership.GroupID = $osrole.GroupID)"
." LEFT JOIN $osagent ON ($osagent.AgentID = $osgroupmembership.AgentID)"
." WHERE $osgroupmembership.AgentID = '$agentID'";
if( isset($params['GroupID']) )
{
$groupID = $params['GroupID'];
$sql .= " AND $osgroupmembership.GroupID = '$groupID'";
}
$roleResults = mysqli_query($groupDBCon, $sql);
if (!$roleResults)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($roleResults) == 0 )
{
return array('succeed' => 'false', 'error' => 'None found', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
$roles = array();
while($role = mysqli_fetch_assoc($roleResults))
{
$ID = $role['GroupID'].$role['RoleID'];
$roles[$ID] = $role;
}
return $roles;
}
function getGroupRoles($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
$sql = " SELECT "
." $osrole.RoleID, $osrole.Name, $osrole.Title, $osrole.Description, $osrole.Powers, count($osgrouprolemembership.AgentID) as Members"
." FROM $osrole LEFT JOIN $osgrouprolemembership ON ($osrole.GroupID = $osgrouprolemembership.GroupID AND $osrole.RoleID = $osgrouprolemembership.RoleID)"
." WHERE $osrole.GroupID = '$groupID'"
." GROUP BY $osrole.RoleID, $osrole.Name, $osrole.Title, $osrole.Description, $osrole.Powers";
$roleResults = mysqli_query($groupDBCon, $sql);
if (!$roleResults)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($roleResults) == 0 )
{
return array('succeed' => 'false', 'error' => 'No roles found for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
$roles = array();
while($role = mysqli_fetch_assoc($roleResults))
{
$RoleID = $role['RoleID'];
$roles[$RoleID] = $role;
}
return $roles;
}
function getGroupRoleMembers($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
// $roleID = $params['RoleID'];
$sql = " SELECT "
." $osrole.RoleID, $osgrouprolemembership.AgentID"
." FROM $osrole JOIN $osgrouprolemembership ON ($osrole.GroupID = $osgrouprolemembership.GroupID AND $osrole.RoleID = $osgrouprolemembership.RoleID)"
." WHERE $osrole.GroupID = '$groupID'";
// ." AND $osrole.RoleID = '$roleID'";
$memberResults = mysqli_query($groupDBCon, $sql);
if (!$memberResults)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
$members = array();
while($member = mysqli_fetch_assoc($memberResults))
{
$Key = $member['AgentID'] . $member['RoleID'];
$members[$Key ] = $member;
}
return $members;
}
function setAgentGroupInfo($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
if (isset($params['AgentID'])) {
$agentID = $params['AgentID'];
} else {
$agentID = "";
}
if (isset($params['GroupID'])) {
$groupID = $params['GroupID'];
} else {
$groupID = "";
}
if (isset($params['SelectedRoleID'])) {
$roleID = $params['SelectedRoleID'];
} else {
$roleID = "";
}
if (isset($params['AcceptNotice'])) {
$acceptNotices = $params['AcceptNotices'];
} else {
$acceptNotices = "";
}
if (isset($params['ListInProfile'])) {
$listInProfile = $params['ListInProfile'];
} else {
$listInProfile = "";
}
if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
{
return array('error' => "Agent can only change their own group info", 'params' => var_export($params, TRUE));
}
$sql = " UPDATE "
." $osgroupmembership"
." SET "
." AgentID = '$agentID'";
if( isset($params['SelectedRoleID']) )
{
$sql .=" , SelectedRoleID = '$roleID'";
}
if( isset($params['AcceptNotices']) )
{
$sql .=" , AcceptNotices = '$acceptNotices'";
}
if( isset($params['ListInProfile']) )
{
$sql .=" , ListInProfile = '$listInProfile'";
}
$sql .=" WHERE $osgroupmembership.GroupID = '$groupID' AND $osgroupmembership.AgentID = '$agentID'";
$memberResults = mysqli_query($groupDBCon, $sql);
if (!$memberResults)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array('success'=> 'true');
}
function getGroupNotices($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
$sql = " SELECT "
." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket"
." FROM $osgroupnotice"
." WHERE $osgroupnotice.GroupID = '$groupID'";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($results) == 0 )
{
return array('succeed' => 'false', 'error' => 'No Notices', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
$notices = array();
while($notice = mysqli_fetch_assoc($results))
{
$NoticeID = $notice['NoticeID'];
$notices[$NoticeID] = $notice;
}
return $notices;
}
function getGroupNotice($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$noticeID = $params['NoticeID'];
$sql = " SELECT "
." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket"
." FROM $osgroupnotice"
." WHERE $osgroupnotice.NoticeID = '$noticeID'";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($results) == 0 )
{
return array('succeed' => 'false', 'error' => 'Group Notice Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
return mysqli_fetch_assoc($results);
}
function addGroupNotice($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$groupID = $params['GroupID'];
$noticeID = $params['NoticeID'];
$fromName = addslashes($params['FromName']);
$subject = addslashes($params['Subject']);
$binaryBucket = $params['BinaryBucket'];
$message = addslashes($params['Message']);
$timeStamp = $params['TimeStamp'];
if( is_array($error = checkGroupPermission($groupID, $groupPowers['SendNotices'])) )
{
return $error;
}
$sql = " INSERT INTO $osgroupnotice"
." (GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket)"
." VALUES "
." ('$groupID', '$noticeID', $timeStamp, '$fromName', '$subject', '$message', '$binaryBucket')";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array('success' => 'true');
}
function addAgentToGroupInvite($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$inviteID = $params['InviteID'];
$groupID = $params['GroupID'];
$roleID = $params['RoleID'];
$agentID = $params['AgentID'];
//$tmStamp = time();
$tmStamp = 0;
if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
{
return $error;
}
// Remove any existing invites for this agent to this group
$sql = " DELETE FROM $osgroupinvite"
." WHERE $osgroupinvite.AgentID = '$agentID' AND $osgroupinvite.GroupID = '$groupID'";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
// Add new invite for this agent to this group for the specifide role
$sql = " INSERT INTO $osgroupinvite"
." (InviteID, GroupID, RoleID, AgentID, tmstamp) VALUES ('$inviteID', '$groupID', '$roleID', '$agentID', '$tmStamp')";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array('success' => 'true');
}
function getAgentToGroupInvite($params)
{
if( is_array($error = secureRequest($params, FALSE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$inviteID = $params['InviteID'];
$sql = " SELECT GroupID, RoleID, AgentID FROM $osgroupinvite"
." WHERE $osgroupinvite.InviteID = '$inviteID'";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
if( mysqli_num_rows($results) == 1 )
{
$inviteInfo = mysqli_fetch_assoc($results);
$groupID = $inviteInfo['GroupID'];
$roleID = $inviteInfo['RoleID'];
$agentID = $inviteInfo['AgentID'];
return array('success' => 'true', 'GroupID'=>$groupID, 'RoleID'=>$roleID, 'AgentID'=>$agentID);
} else {
return array('succeed' => 'false', 'error' => 'Invitation not found', 'params' => var_export($params, TRUE), 'sql' => $sql);
}
}
function removeAgentToGroupInvite($params)
{
if( is_array($error = secureRequest($params, TRUE)) )
{
return $error;
}
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
global $osagent, $osgroup, $osgroupinvite, $osgroupmembership, $osgroupnotice, $osgrouprolemembership, $osrole;
$inviteID = $params['InviteID'];
$sql = " DELETE FROM $osgroupinvite"
." WHERE $osgroupinvite.InviteID = '$inviteID'";
$results = mysqli_query($groupDBCon, $sql);
if (!$results)
{
return array('error' => "Could not successfully run query ($sql) from DB: " . mysqli_error($groupDBCon), 'params' => var_export($params, TRUE));
}
return array('success' => 'true');
}
function secureRequest($params, $write = FALSE)
{
global $GroupWriteKey, $GroupReadKey, $VerifiedReadKey, $VerifiedWriteKey, $GroupRequireAgentAuthForWrite, $requestingAgent;
if( isset($GroupReadKey) && ($GroupReadKey != '') && (!isset($VerifiedReadKey) || ($VerifiedReadKey !== TRUE)) )
{
if( !isset($params['ReadKey']) || ($params['ReadKey'] != $GroupReadKey ) )
{
return array('error' => "Invalid (or No) Read Key Specified", 'params' => var_export($params, TRUE));
} else {
$VerifiedReadKey = TRUE;
}
}
if( ($write == TRUE) && isset($GroupWriteKey) && ($GroupWriteKey != '') && (!isset($VerifiedWriteKey) || ($VerifiedWriteKey !== TRUE)) )
{
if( !isset($params['WriteKey']) || ($params['WriteKey'] != $GroupWriteKey ) )
{
return array('error' => "Invalid (or No) Write Key Specified", 'params' => var_export($params, TRUE));
} else {
$VerifiedWriteKey = TRUE;
}
}
if( ($write == TRUE) && isset($GroupRequireAgentAuthForWrite) && ($GroupRequireAgentAuthForWrite == TRUE) )
{
// Note: my brain can't do boolean logic this morning, so just putting this here instead of integrating with line above.
// If the write key has already been verified for this request, don't check it again.
// This comes into play with methods that call other methods, such as CreateGroup() which calls Addrole()
if( isset($VerifiedWriteKey) && ($VerifiedWriteKey !== TRUE))
{
return TRUE;
}
if( !isset($params['RequestingAgentID'])
|| !isset($params['RequestingAgentUserService'])
|| !isset($params['RequestingSessionID'])
)
{
return array('error' => "Requesting AgentID and SessionID must be specified", 'params' => var_export($params, TRUE));
}
$requestingAgent = $params['RequestingAgentID'];
// NOTE: an AgentID and SessionID of $uuidZero will likely be a region making a request, that is not tied to a specific agent making the request.
$client = new xmlrpc_client($params['RequestingAgentUserService']);
$client->return_type = 'phpvals';
$verifyParams = new xmlrpcval(array('avatar_uuid' => new xmlrpcval($params['RequestingAgentID'], 'string')
,'session_id' => new xmlrpcval($params['RequestingSessionID'], 'string')), 'struct');
$message = new xmlrpcmsg("check_auth_session", array($verifyParams));
$resp = $client->send($message, 5);
if ($resp->faultCode())
{
return array('error' => "Error validating AgentID and SessionID"
, 'xmlrpcerror'=> $resp->faultString()
, 'params' => var_export($params, TRUE));
}
$verifyReturn = $resp->value();
if( !isset($verifyReturn['auth_session']) || ($verifyReturn['auth_session'] != 'TRUE') )
{
return array('error' => "UserService.check_auth_session() did not return TRUE"
, 'userservice' => var_export($verifyReturn, TRUE)
, 'params' => var_export($params, TRUE));
}
}
return TRUE;
}
function checkGroupPermission($GroupID, $Permission)
{
global $GroupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
// If it isn't set to true, then always return true, otherwise verify they have perms
if( !isset($GroupEnforceGroupPerms) || ($GroupEnforceGroupPerms != TRUE) )
{
return true;
}
if( !isset($requestingAgent) || ($requestingAgent == $uuidZero) )
{
return array('error' => 'Requesting agent was either not specified or not validated.'
, 'params' => var_export($params, TRUE));
}
$params = array('AgentID' => $requestingAgent, 'GroupID' => $GroupID);
$reqAgentMembership = getAgentGroupMembership($params);
if( isset($reqAgentMembership['error'] ) )
{
return array('error' => 'Could not get agent membership for group'
, 'params' => var_export($params, TRUE)
, 'nestederror' => $reqAgentMembership['error']);
}
if( $reqAgentMembership['GroupPowers'] & $Permission != $Permission )
{
return array('error' => 'Agent does not have group power to $Permission'
, 'params' => var_export($params, TRUE));
}
}
$s = new xmlrpc_server(array(
"test" => array("function" => "test")
, "groups.createGroup" => array("function" => "createGroup", "signature" => $common_sig)
, "groups.updateGroup" => array("function" => "updateGroup", "signature" => $common_sig)
, "groups.getGroup" => array("function" => "getGroup", "signature" => $common_sig)
, "groups.findGroups" => array("function" => "findGroups", "signature" => $common_sig)
, "groups.getGroupRoles" => array("function" => "getGroupRoles", "signature" => $common_sig)
, "groups.addRoleToGroup" => array("function" => "addRoleToGroup", "signature" => $common_sig)
, "groups.removeRoleFromGroup" => array("function" => "removeRoleFromGroup", "signature" => $common_sig)
, "groups.updateGroupRole" => array("function" => "updateGroupRole", "signature" => $common_sig)
, "groups.getGroupRoleMembers" => array("function" => "getGroupRoleMembers", "signature" => $common_sig)
, "groups.setAgentGroupSelectedRole" => array("function" => "setAgentGroupSelectedRole", "signature" => $common_sig)
, "groups.addAgentToGroupRole" => array("function" => "addAgentToGroupRole", "signature" => $common_sig)
, "groups.removeAgentFromGroupRole" => array("function" => "removeAgentFromGroupRole", "signature" => $common_sig)
, "groups.getGroupMembers" => array("function" => "getGroupMembers", "signature" => $common_sig)
, "groups.addAgentToGroup" => array("function" => "addAgentToGroup", "signature" => $common_sig)
, "groups.removeAgentFromGroup" => array("function" => "removeAgentFromGroup", "signature" => $common_sig)
, "groups.setAgentGroupInfo" => array("function" => "setAgentGroupInfo", "signature" => $common_sig)
, "groups.addAgentToGroupInvite" => array("function" => "addAgentToGroupInvite", "signature" => $common_sig)
, "groups.getAgentToGroupInvite" => array("function" => "getAgentToGroupInvite", "signature" => $common_sig)
, "groups.removeAgentToGroupInvite" => array("function" => "removeAgentToGroupInvite", "signature" => $common_sig)
, "groups.setAgentActiveGroup" => array("function" => "setAgentActiveGroup", "signature" => $common_sig)
, "groups.getAgentGroupMembership" => array("function" => "getAgentGroupMembership", "signature" => $common_sig)
, "groups.getAgentGroupMemberships" => array("function" => "getAgentGroupMemberships", "signature" => $common_sig)
, "groups.getAgentActiveMembership" => array("function" => "getAgentActiveMembership", "signature" => $common_sig)
, "groups.getAgentRoles" => array("function" => "getAgentRoles", "signature" => $common_sig)
, "groups.getGroupNotices" => array("function" => "getGroupNotices", "signature" => $common_sig)
, "groups.getGroupNotice" => array("function" => "getGroupNotice", "signature" => $common_sig)
, "groups.addGroupNotice" => array("function" => "addGroupNotice", "signature" => $common_sig)
), false);
$s->functions_parameters_type = 'phpvals';
if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "")
{
$s->setDebug($debugXMLRPC);
}
$s->service();
if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "")
{
$f = fopen($debugXMLRPCFile,"a");
fwrite($f,"\n----- " . date("Y-m-d H:i:s") . " -----\n");
$debugInfo = $s->serializeDebug();
//$debugInfo = split("\n",$debugInfo);
$debugInfo = explode("\n",$debugInfo);
unset($debugInfo[0]);
unset($debugInfo[count($debugInfo) -1]);
$debugInfo = join("\n",$debugInfo);
fwrite($f,base64_decode($debugInfo));
fclose($f);
}
mysqli_close($groupDBCon);