-
Notifications
You must be signed in to change notification settings - Fork 0
/
professor_ajax.php
executable file
·391 lines (209 loc) · 8.24 KB
/
professor_ajax.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
<?php
/*
* PHP Script that handles php AJAX requests from professor.php page
* Author: Alexander Troshchenko
* Class: CSE 2010
*
* Part of Group 3 Facebook Project Professor Rater
*
*/
// Get Facebook Object and connect to database
include "facebook_login.php";
include "mysql.php";
// Abort code if no action was received
if (!isset($_REQUEST['action'])){
echo "Error #0000: No action Specified";
exit();
}
//Handle Different actions
// Adding comment
if ($_REQUEST['action']=='add_comment'){
// Check whether required fields are filled in
$required_fields=array( 'author', 'target', 'body', 'liked', 'subject');
// Run through each field and exit if any field is empty
foreach ($required_fields as $field){
if (str_replace(" ", "",$_POST[$field])==""){
echo "nullfield";
exit();
}
}
// Process string. Node, this part of code can be used on other pages
$restricted_strings=array('<', '>');
$replacements=array('[', ']');
$processed_comment=str_replace($restricted_strings, $replacements,$_POST['body']);
// Construct a MySQL Reques and send it
$sql=sprintf("INSERT INTO comments VALUES (null, '%s', '%s', '%s', '%s', 0 )",$_POST['author'],$_POST['target'],$_POST['subject'], $processed_comment );
mysql_query($sql);
// Print errors
if (mysql_error()){
echo mysql_error();
}
// Alter professor rating
// Form request and get professor's ratings
$sql=sprintf("SELECT likes, dislikes, ratings FROM professors WHERE facebook_id='%s'",$_POST['target']);
$professor_rating=mysql_fetch_array(mysql_query($sql));
if (mysql_error()){
echo mysql_error();
}
// Assign variables
$likes=(int)$professor_rating['likes'];
$dislikes=(int)$professor_rating['dislikes'];
$ratings=(int)$professor_rating['ratings'];
// Increment likes or dislikes depending on what user entered
if ($_REQUEST['liked']=='1'){
$likes=$likes+1;
} else {
$dislikes=$dislikes+1;
}
$ratio=$likes/$dislikes;
$ratings=$ratings+1;
// Update data on professor's page
$sql=sprintf("UPDATE professors SET likes='%d', dislikes='%d', ratings='%d', ratio='%f' WHERE facebook_id='%s' ", $likes, $dislikes, $ratings, $ratio,$_POST['target']);
mysql_query($sql);
if (mysql_error()){
echo mysql_error();
}
// Get settings from database.
$record_rated=mysql_fetch_array(mysql_query("SELECT value FROM options WHERE name='record_rated' "));
$enable_notifications=mysql_fetch_array(mysql_query("SELECT value FROM options WHERE name='enable_notifications'"));
// If settings set to record who rated what class
if ($record_rated['value']=='1'){
// Construct a rated_id:class and append it to already rated classes
$rated=$_REQUEST['target'].':'.$_REQUEST['subject'];
$current_info=mysql_fetch_array(mysql_query(sprintf("SELECT rated_id, liked_id, disliked_id FROM users WHERE facebook_id='%s'",$_POST['author'])));
// Choose to add to liked ids or disliked and construct SQL request
if ($_REQUEST['liked']=='1'){
//Construct liked id
if ($current_info['liked_id']==""){
$constructedLikedId="";
} else {
$constructedLikedId=$current_info['liked_id'].",";
}
$sql=sprintf("UPDATE users SET liked_id = '%s' , rated_id= '%s' WHERE facebook_id='%s'", $constructedLikedId.$rated , $current_info['rated_id'].",".$rated,$_POST['author'] );
} else {
// Construct disliked ID
if ($current_info['disliked_id']==""){
$constructedDislikedId="";
} else {
$constructedDislikedId=$current_info['disliked_id'].",";
}
$sql=sprintf("UPDATE users SET disliked_id = '%s' , rated_id= '%s' WHERE facebook_id='%s'", $constructedDislikedId.$rated , $current_info['rated_id'].",".$rated,$_POST['author'] );
}
mysql_query($sql);
if (mysql_error()){
echo mysql_error();
}
}
// Notify person if he or she was rated
if ($enable_notifications['value']=='1'){
// Link to redirect on clicking notification
$link="?location=professor&pid=".$_REQUEST['target'];
// Text to say depending on like or dislike
if ($_REQUEST['liked']=='1'){
$text="Someone left a positive comment on your page and your new ratio is ".round($ratio, 2).", go check it out!";
} else {
$text="Unfortuanately, someone disliked you. Your new ratio is ".round($ratio, 2);
}
// Actually sen the notification
$response=$fb->api('/'.$_REQUEST['target'].'/notifications', 'POST', array(
'access_token' => $fb->getAppId() . '|' . $fb->getApiSecret(),
'href' => $link,
'template' => $text
));
}
exit();
}
// Delete users page
if ($_REQUEST['action']=='delete_page'){
if (!isset($_REQUEST['id'])){
echo "You have not specified ID to delete, if you're not an administrator, please report to support service";
exit();
}
// Delete all the comments related to that person
$sql=sprintf("DELETE FROM comments WHERE professor_id='%s'",$_POST['id'] );
mysql_query($sql);
// Output any errors that could occur at deleting comments
if (mysql_error()){
echo mysql_error();
}
/* Commented out: Do not remove authored comments. Person is still responsible for what he has wrote
// Delete all the comments authored by the person
$sql=sprintf("DELETE FROM comments WHERE author_id='%s'",$_POST['id'] );
mysql_query($sql);
// Output any errors that could occur at deleting comments
if (mysql_error()){
echo mysql_error();
}
*/
// Delete user from users list
$sql=sprintf("DELETE FROM users WHERE facebook_id='%s'",$_POST['id'] );
mysql_query($sql);
// Output any errors that could occur at deleting comments
if (mysql_error()){
echo mysql_error();
}
// Delete user from professors list and user's list
$sql=sprintf("DELETE FROM professors WHERE facebook_id='%s'",$_POST['id'] );
mysql_query($sql);
// Output any errors that could occur at deleting comments
if (mysql_error()){
echo mysql_error();
}
exit();
}
// Update profile
if ($_REQUEST['action']=='update_profile'){
// Simply update user profile
$sql=sprintf("UPDATE professors SET subjects='%s', school='%s' WHERE facebook_id='%s' ",$_POST['subjects'],$_POST['school_name'],$_POST['user_id']);
mysql_query($sql);
// Print out error if there is any
if (mysql_error()){
echo mysql_error();
}
exit();
}
// report comment handling
if ($_REQUEST['action']=='report_comment'){
// Check presence of the id
if(empty($_REQUEST['id'])){
echo "No comment ID specified, contact the support";
exit();
}
// Update the report count of the comment, so it won't be showed
$sql=sprintf("UPDATE comments SET reports='1' WHERE id='%s' ", $_POST['id'] );
mysql_query($sql);
if (mysql_error()){
echo mysql_error();
return;
}
// Add report to the databse so admin could change it
$sql=sprintf("INSERT INTO comments_reports VALUES(NULL, %s, 1)", $_POST['id']);
mysql_query($sql);
if (mysql_error()){
echo mysql_error();
return;
}
}
// Report professor handling
if ($_REQUEST['action']=='report_professor'){
// Check presence of all variables
$required_variables=explode(" ", "action id reason author");
foreach ( $required_variables as $variable){
if (empty($_REQUEST[$variable])){
echo "There is problem with the AJAX script, please contact the support";
}
}
// Process string. Node, this part of code can be used on other pages
$restricted_strings=array('<', '>');
$replacements=array('[', ']');
$processed_reason=str_replace($restricted_strings, $replacements, $_POST['reason']);
//Form a report in database with review status 1.
$sql=sprintf("INSERT INTO professors_reports VALUES (NULL, '%s', '%s', '%s', 1)",$_POST['id'], $_POST['author'], mysql_real_escape_string($processed_reason) );
mysql_query($sql);
if (mysql_error()){
//echo mysql_error();
echo "There is an error in database request, please contact the support";
exit();
}
}
?>