OXIESEC PANEL
- Current Dir:
/
/
var
/
www
/
opalv1
/
api
Server IP: 10.0.0.4
Upload:
Create Dir:
Name
Size
Modified
Perms
📁
..
-
02/25/2024 03:43:29 AM
rwxr-xr-x
📄
add.edit.paper.php
7.04 KB
02/18/2024 05:41:10 AM
rw-rw-r--
📄
article.php
1.13 KB
02/18/2024 05:42:18 AM
rw-rw-r--
📄
featured.articles.php
517 bytes
02/18/2024 05:04:20 AM
rw-rw-r--
📄
login.php
1.19 KB
02/17/2024 03:38:38 PM
rw-rw-r--
📄
register.php
1.73 KB
02/17/2024 03:38:38 PM
rw-rw-r--
📄
search.php
3.13 KB
02/18/2024 05:01:46 AM
rw-rw-r--
📄
user.articles.php
1.03 KB
02/18/2024 05:49:34 AM
rw-rw-r--
📄
verify.php
869 bytes
02/18/2024 06:01:26 AM
rw-rw-r--
Editing: add.edit.paper.php
Close
<? // Opal API: Add or Edit Paper require_once '../inc/config.php'; $editType = isset($_POST['type']) ? $_POST['type'] : ''; if ($editType == '') die(json_encode(['status' => 500, 'message' => 'Invalid Call!'])); // Update Paper Status if ($editType == 'status') { $userId = isset($_POST['userId']) ? $_POST['userId'] : ''; $paperId = isset($_POST['paperId']) ? $_POST['paperId'] : ''; $paperStatus = isset($_POST['status']) ? $_POST['status'] : '0'; if ($userId == '' || $paperId == '' || $paperStatus == '') die(json_encode(['status' => 500, 'message' => 'Could not edit Paper Status!'])); $sql = "UPDATE articles SET isPublished=$paperStatus WHERE userId=(SELECT userId FROM users WHERE email='$userId') AND articleId=$paperId"; mysqli_query($db, $sql); $dataJSON = ['status' => 200]; echo json_encode($dataJSON); } // Add Paper if ($editType == 'add') { $userId = isset($_POST['userId']) ? $_POST['userId'] : ''; $categoryId = isset($_POST['categoryId']) ? $_POST['categoryId'] : ''; $title = isset($_POST['title']) ? trim($_POST['title']) : ''; $summary = isset($_POST['summary']) ? trim($_POST['summary']) : ''; $doi = isset($_POST['doi']) ? trim($_POST['doi']) : ''; $yearPublished = isset($_POST['yearPublished']) ? trim($_POST['yearPublished']) : ''; $author = isset($_POST['author']) ? $_POST['author'] : ''; if ($userId == '' || $categoryId == '' || $title == '' || $summary == '') die(json_encode(['status' => 500, 'message' => 'Could not add Paper!'])); $title = mysqli_real_escape_string($db, $title); $summary = mysqli_real_escape_string($db, $summary); $doi = mysqli_real_escape_string($db, $doi); $yearPublished = mysqli_real_escape_string($db, $yearPublished); $sql = "SELECT userId FROM users WHERE email='$userId'"; $result = mysqli_query($db, $sql); $numRows = mysqli_num_rows($result); if ($numRows == 0) die(json_encode(['status' => 500, 'message' => 'Could not add Paper!'])); $row = mysqli_fetch_assoc($result); $userId = $row['userId']; $sql = "INSERT INTO articles(userId,categoryId,articleTitle,articleDOI,articleSummary,yearPublished,dateCreated) VALUES($userId,$categoryId,'$title','$doi','$summary','$yearPublished',Now())"; mysqli_query($db, $sql); $articleId = mysqli_insert_id($db); $arrAuthors = json_decode($author, true); foreach ($arrAuthors as $item) { $authorSalutation = trim($item['salutation']); $authorFirstName = trim($item['firstName']); $authorLastName = trim($item['lastName']); if ($authorSalutation != '' && $authorFirstName != '' && $authorLastName != '' ) { $authorSalutation = mysqli_real_escape_string($db, $authorSalutation); $authorFirstName = mysqli_real_escape_string($db, $authorFirstName); $authorLastName = mysqli_real_escape_string($db, $authorLastName); $sql = "INSERT INTO authors(salutation,firstName,lastName) VALUES('$authorSalutation','$authorFirstName','$authorLastName')"; mysqli_query($db, $sql); $authorId = mysqli_insert_id($db); $sql = "INSERT INTO article_authors(articleId,authorId) VALUES($articleId,$authorId)"; mysqli_query($db, $sql); } } // Article PDF if (isset($_FILES['filePdf'])) { $temp = $_FILES['filePdf']; if (is_uploaded_file($temp['tmp_name'])) { $uploadDir = "../uploads/pdf/"; $uploadFileName = subStr('00000' . $articleId, -5) . '_' . rand(10000,99999) . '_' . createArticleURL($title); move_uploaded_file($temp['tmp_name'], $uploadDir . $uploadFileName . '.pdf'); $sql = "UPDATE articles SET filePdf='$uploadFileName.pdf' WHERE articleId=$articleId"; mysqli_query($db, $sql); } } // Article Image if (isset($_FILES['fileImg'])) { $temp = $_FILES['fileImg']; if (is_uploaded_file($temp['tmp_name'])) { $uploadDir = "../uploads/img/"; $uploadFileName = $articleId . '.' . strtolower(pathinfo($_FILES['fileImg']['name'])['extension']); move_uploaded_file($temp['tmp_name'], $uploadDir . $uploadFileName); $sql = "UPDATE articles SET fileImg='$uploadFileName' WHERE articleId=$articleId"; mysqli_query($db, $sql); } } $dataJSON = ['status' => 200]; echo json_encode($dataJSON); } // Edit Paper if ($editType == 'edit') { $userId = isset($_POST['userId']) ? $_POST['userId'] : ''; $paperId = isset($_POST['paperId']) ? $_POST['paperId'] : ''; $categoryId = isset($_POST['categoryId']) ? $_POST['categoryId'] : ''; $title = isset($_POST['title']) ? $_POST['title'] : ''; $summary = isset($_POST['summary']) ? $_POST['summary'] : ''; $doi = isset($_POST['doi']) ? $_POST['doi'] : ''; $yearPublished = isset($_POST['yearPublished']) ? $_POST['yearPublished'] : ''; $author = isset($_POST['author']) ? $_POST['author'] : ''; if ($userId == '' || $paperId == '' || $categoryId == '' || $title == '' || $summary == '') die(json_encode(['status' => 500, 'message' => 'Could not edit Paper!'])); $title = mysqli_real_escape_string($db, $title); $summary = mysqli_real_escape_string($db, $summary); $doi = mysqli_real_escape_string($db, $doi); $yearPublished = mysqli_real_escape_string($db, $yearPublished); $sql = "UPDATE articles SET categoryId=$categoryId,articleTitle='$title',articleDOI='$doi',articleSummary='$summary',yearPublished='$yearPublished',dateModified=Now() WHERE userId=(SELECT userId FROM users WHERE email='$userId') AND articleId=$paperId"; mysqli_query($db, $sql); $arrAuthors = json_decode($author, true); foreach ($arrAuthors as $item) { $authorId = $item['id']; $authorSalutation = $item['salutation']; $authorFirstName = $item['firstName']; $authorLastName = $item['lastName']; $authorSalutation = mysqli_real_escape_string($db, $authorSalutation); $authorFirstName = mysqli_real_escape_string($db, $authorFirstName); $authorLastName = mysqli_real_escape_string($db, $authorLastName); if ($authorId == '') { $sql = "INSERT INTO authors(salutation,firstName,lastName) VALUES('$authorSalutation','$authorFirstName','$authorLastName')"; mysqli_query($db, $sql); $authorId = mysqli_insert_id($db); $sql = "INSERT INTO article_authors(articleId,authorId) VALUES($paperId,$authorId)"; mysqli_query($db, $sql); } elseif ($authorId != '' && $authorFirstName == '' && $authorLastName == '') { $sql = "DELETE FROM authors WHERE authorId=$authorId"; mysqli_query($db, $sql); $sql = "DELETE FROM article_authors WHERE authorId=$authorId"; mysqli_query($db, $sql); } else { $sql = "UPDATE authors SET salutation='$authorSalutation',firstName='$authorFirstName',lastName='$authorLastName' WHERE authorId=$authorId"; mysqli_query($db, $sql); } } // Article Image if (isset($_FILES['fileImg'])) { $temp = $_FILES['fileImg']; if (is_uploaded_file($temp['tmp_name'])) { $uploadDir = "../uploads/img/"; $uploadFileName = $paperId . '.' . strtolower(pathinfo($_FILES['fileImg']['name'])['extension']); move_uploaded_file($temp['tmp_name'], $uploadDir . $uploadFileName); $sql = "UPDATE articles SET fileImg='$uploadFileName' WHERE articleId=$paperId"; mysqli_query($db, $sql); } } $dataJSON = ['status' => 200]; echo json_encode($dataJSON); }