Merge pull request #10 from BioKIC/master

Merge BioKIC/Symbiota developments

admin/portalindex.php

@@ -59,8 +59,11 @@ function validateHandshakeForm(f){
 		</div>
 		<div id="innertext">
 			<?php
-			if($isEditor){
-				if($formSubmit){
+			if(!isset($GLOBALS['ACTIVATE_PORTAL_INDEX'])){
+				echo 'This feature has not yet been activated within this portal';
+			}
+			elseif($isEditor){
+				if($formSubmit && $formSubmit != 'listCollections'){
 					echo '<fieldset>';
 					echo '<legend>Action Panel</legend>';
 					if($formSubmit == 'importProfile'){
@@ -78,20 +81,27 @@ function validateHandshakeForm(f){
 					echo '</fieldset>';
 				}
 				$selfArr = $portalManager->getSelfDetails();
+				if($formSubmit != 'listCollections'){
+					?>
+					<fieldset>
+						<legend>Current Portal Details</legend>
+						<div class="field-row"><label>Portal title:</label> <?php echo $selfArr['portalName']; ?></div>
+						<div class="field-row"><label>Root URL:</label> <?php echo $selfArr['urlRoot']; ?></div>
+						<div class="field-row"><label>Global Unique Identifier:</label> <?php echo $selfArr['guid']; ?></div>
+						<div class="field-row"><label>Manager email:</label> <?php echo $selfArr['managerEmail']; ?></div>
+						<div class="field-row"><label>Software version:</label> <?php echo $selfArr['symbiotaVersion']; ?></div>
+						<hr />
+						<div class="handshake-div"><a href="#" onclick="$('.handshake-div').toggle(); return false;">Initiate Handshake with External Portal</a></div>
+						<div class="handshake-div" style="display:none">
+							<form action="portalindex.php" method="post" onsubmit="return validateHandshakeForm(this)">
+								<div class="field-row"><label>Path to Remote Portal:</label> <input name="remotePath" type="text" value="<?php echo $remotePath; ?>" style="width: 500px" /></div>
+								<div class="field-row"><button name="formsubmit" type="submit" value="initiateHandshake">Initiate Handshake</button></div>
+							</form>
+						</div>
+					</fieldset>
+					<?php
+				}
 				?>
-				<fieldset>
-					<legend>Current Portal Details</legend>
-					<div class="field-row"><label>Portal title:</label> <?php echo $selfArr['portalName']; ?></div>
-					<div class="field-row"><label>Root URL:</label> <?php echo $selfArr['urlRoot']; ?></div>
-					<div class="field-row"><label>Global Unique Identifier:</label> <?php echo $selfArr['guid']; ?></div>
-					<div class="field-row"><label>Manager email:</label> <?php echo $selfArr['managerEmail']; ?></div>
-					<div class="field-row"><label>Software version:</label> <?php echo $selfArr['symbiotaVersion']; ?></div>
-					<hr />
-					<form action="portalindex.php" method="post" onsubmit="return validateHandshakeForm(this)">
-						<div class="field-row"><label>Path to Remote Portal:</label> <input name="remotePath" type="text" value="<?php echo $remotePath; ?>" style="width: 500px" /></div>
-						<div class="field-row"><button name="formsubmit" type="submit" value="initiateHandshake">Initiate Handshake</button></div>
-					</form>
-				</fieldset>
 				<fieldset>
 					<legend>Portal Index</legend>
 					<?php
@@ -197,6 +207,7 @@ function validateHandshakeForm(f){
 						}
 						echo '<hr/>';
 					}
+					if(!$indexArr) echo '<div>Portal Index empty. No portals have yet been registered.</div>';
 					?>
 				</fieldset>
 				<?php

api/app/Http/Controllers/InstallationController.php

@@ -196,12 +196,15 @@ public function portalHandshake($id, Request $request){
 								foreach($remoteInstallationArr['results'] as $portal){
 									if(PortalIndex::where('guid',$portal['guid'])->count()) $currentRegistered++;
 									elseif($portal['guid'] != $_ENV['PORTAL_GUID']){
-										//Add remote
-										PortalIndex::create($portal);
-										//Touch remote installation but don't wait for a response because propagation across a large network can take awhile
-										$urlTouch = $portal['urlRoot'].'/api/v2/installation/'.$_ENV['PORTAL_GUID'].'/touch?endpoint='.htmlentities($this->getServerDomain().$_ENV['CLIENT_ROOT']);
-										$this->getAPIResponce($urlTouch, true);
-										$newRegistration++;
+										//If remote exists, add by retriving info directly from source
+										$remotePing = $portal['urlRoot'].'/api/v2/installation/ping';
+										if($newRemote = $this->getAPIResponce($remotePing)){
+											PortalIndex::create($newRemote);
+											//Touch remote installation but don't wait for a response because propagation across a large network can take awhile
+											$urlTouch = $portal['urlRoot'].'/api/v2/installation/'.$_ENV['PORTAL_GUID'].'/touch?endpoint='.htmlentities($this->getServerDomain().$_ENV['CLIENT_ROOT']);
+											$this->getAPIResponce($urlTouch, true);
+											$newRegistration++;
+										}
 									}
 								}
 								$responseArr['Current registered remotes obtained from remote library'] = $currentRegistered;
@@ -306,6 +309,10 @@ public function showOccurrences($id, Request $request){
 
 	public function create(Request $request){
 		/*
+		$validated = $request->validate([
+			'portalName' => 'required|max:45',
+			'urlRoot' => 'required|max:150',
+		]);
 		$portalIndex = PortalIndex::create($request->all());
 
 		return response()->json($portalIndex, 201);

api/vendor/laravel/lumen-framework/config/database.php

@@ -142,11 +142,15 @@
 		require_once($symbBasePath.'/config/dbconnection.php');
 		foreach(MySQLiConnectionFactory::$SERVERS as $dbArr){
 			if($dbArr['type'] = 'write'){
-				$params['connections']['mysql']['host'] = $dbArr['host'];
-				$params['connections']['mysql']['port'] = $dbArr['port'];
+				$host = 'localhost';
+				if(isset($dbArr['host'])) $host = $dbArr['host'];
+				$params['connections']['mysql']['host'] = $host;
 				$params['connections']['mysql']['database'] = $dbArr['database'];
 				$params['connections']['mysql']['username'] = $dbArr['username'];
 				$params['connections']['mysql']['password'] = $dbArr['password'];
+				$port = '3306';
+				if(isset($dbArr['port'])) $port = $dbArr['port'];
+				$params['connections']['mysql']['port'] = $port;
 			}
 		}
 	}

api/vendor/psr/log/src/LoggerInterface.php

@@ -27,7 +27,7 @@ interface LoggerInterface
      *
      * @return void
      */
-    public function emergency(string|\Stringable $message, array $context = []);
+    public function emergency(string $message, array $context = []);
 
     /**
      * Action must be taken immediately.
@@ -40,7 +40,7 @@ public function emergency(string|\Stringable $message, array $context = []);
      *
      * @return void
      */
-    public function alert(string|\Stringable $message, array $context = []);
+    public function alert(string $message, array $context = []);
 
     /**
      * Critical conditions.
@@ -52,7 +52,7 @@ public function alert(string|\Stringable $message, array $context = []);
      *
      * @return void
      */
-    public function critical(string|\Stringable $message, array $context = []);
+    public function critical(string $message, array $context = []);
 
     /**
      * Runtime errors that do not require immediate action but should typically
@@ -63,7 +63,7 @@ public function critical(string|\Stringable $message, array $context = []);
      *
      * @return void
      */
-    public function error(string|\Stringable $message, array $context = []);
+    public function error(string $message, array $context = []);
 
     /**
      * Exceptional occurrences that are not errors.
@@ -76,7 +76,7 @@ public function error(string|\Stringable $message, array $context = []);
      *
      * @return void
      */
-    public function warning(string|\Stringable $message, array $context = []);
+    public function warning(string $message, array $context = []);
 
     /**
      * Normal but significant events.
@@ -86,7 +86,7 @@ public function warning(string|\Stringable $message, array $context = []);
      *
      * @return void
      */
-    public function notice(string|\Stringable $message, array $context = []);
+    public function notice(string $message, array $context = []);
 
     /**
      * Interesting events.
@@ -98,7 +98,7 @@ public function notice(string|\Stringable $message, array $context = []);
      *
      * @return void
      */
-    public function info(string|\Stringable $message, array $context = []);
+    public function info(string $message, array $context = []);
 
     /**
      * Detailed debug information.
@@ -108,7 +108,7 @@ public function info(string|\Stringable $message, array $context = []);
      *
      * @return void
      */
-    public function debug(string|\Stringable $message, array $context = []);
+    public function debug(string $message, array $context = []);
 
     /**
      * Logs with an arbitrary level.
@@ -121,5 +121,5 @@ public function debug(string|\Stringable $message, array $context = []);
      *
      * @throws \Psr\Log\InvalidArgumentException
      */
-    public function log($level, string|\Stringable $message, array $context = []);
+    public function log($level, string $message, array $context = []);
 }

checklists/checklistadmin.php

@@ -14,13 +14,20 @@
 if(!$clid && isset($_POST['delclid'])) $clid = $_POST['delclid'];
 $clManager->setClid($clid);
 
+
+$statusStr = '';
 if($action == 'SubmitAdd'){
-	//Anyone with a login can create a checklist
-	$newClid = $clManager->createChecklist($_POST);
-	header('Location: checklist.php?clid='.$newClid);
+
+	//Conform User Checklist permission 
+	if($IS_ADMIN || (array_key_exists('ClAdmin',$USER_RIGHTS) && in_array($clid,$USER_RIGHTS['ClAdmin'])) || array_key_exists('ClCreate',$USER_RIGHTS)){		
+		$newClid = $clManager->createChecklist($_POST);
+		header('Location: checklist.php?clid='.$newClid);
+	} 
+
+	//If we made it here the user does not have any checklist roles. cancel further execution.
+	$statusStr = 'You do not have permission to create a Checklist.';
 }
 
-$statusStr = '';
 $isEditor = 0;
 if($IS_ADMIN || (array_key_exists('ClAdmin',$USER_RIGHTS) && in_array($clid,$USER_RIGHTS['ClAdmin']))){
 	$isEditor = 1;
@@ -58,7 +65,7 @@
 }
 $clArray = $clManager->getMetaData();
 $defaultArr = array();
-if($clArray['defaultsettings']){
+if(array_key_exists('defaultsettings',$clArray)){
 	$defaultArr = json_decode($clArray['defaultsettings'], true);
 }
 ?>

checklists/clgmap.php

@@ -7,6 +7,9 @@
 $pid = $_REQUEST['pid'];
 $target = array_key_exists('target',$_REQUEST)?$_REQUEST['target']:'checklists';
 
+//Sanitation
+if(!is_numeric($pid)) $pid = 0;
+
 $clManager = new ChecklistManager();
 $clManager->setProj($pid);
 ?>

checklists/clsppeditor.php

@@ -4,10 +4,15 @@
 @include_once($SERVER_ROOT.'/content/lang/checklists/clsppeditor.'.$LANG_TAG.'.php');
 header("Content-Type: text/html; charset=".$CHARSET);
 
-$clid = array_key_exists("clid",$_REQUEST)?$_REQUEST["clid"]:"";
-$tid = array_key_exists("tid",$_REQUEST)?$_REQUEST["tid"]:"";
-$tabIndex = array_key_exists("tabindex",$_POST)?$_POST["tabindex"]:0;
-$action = array_key_exists("action",$_POST)?$_POST["action"]:"";
+$clid = array_key_exists('clid',$_REQUEST)?$_REQUEST['clid']:0;
+$tid = array_key_exists('tid',$_REQUEST)?$_REQUEST['tid']:0;
+$tabIndex = array_key_exists('tabindex',$_POST)?$_POST['tabindex']:0;
+$action = array_key_exists('action',$_POST)?$_POST['action']:'';
+
+//Sanitation
+if(!is_numeric($clid)) $clid = 0;
+if(!is_numeric($tid)) $tid = 0;
+if(!is_numeric($tabIndex)) $tabIndex = 0;
 
 $isEditor = false;
 if($IS_ADMIN || (array_key_exists("ClAdmin",$USER_RIGHTS) && in_array($clid,$USER_RIGHTS["ClAdmin"]))){

classes/OccurrenceAccessStats.php

@@ -65,28 +65,30 @@ public function batchRecordEventsBySql($sqlFrag, $accessType){
 		return $status;
 	}
 
-	private function insertAccessEvent($accessType, $queryStr){
+	public function insertAccessEvent($accessType, $queryStr){
 		$occurAccessID = false;
-		$remoteAddr = $_SERVER['REMOTE_ADDR'];
-		$userData = @get_browser();
-		if($userData) $userData = json_encode($userData);
-		else $userData = $_SERVER['HTTP_USER_AGENT'];
-		$sql = 'INSERT INTO omoccuraccess(ipAddress, accessType, queryStr, userAgent) VALUES(?, ?, ?, ?)';
-		$stmt = $this->conn->stmt_init();
-		$stmt->prepare($sql);
-		$stmt->bind_param('ssss', $remoteAddr, $accessType, $queryStr, $userData);
-		if($stmt->execute()){
-			$occurAccessID = $this->conn->insert_id;
-		}
-		else{
-			$this->errorMessage = date('Y-m-d H:i:s').' - ERROR creating access event: '.$this->conn->error;
-			$this->logOrEcho($this->errorMessage);
+		if(isset($GLOBALS['RECORD_STATS'])){
+			$remoteAddr = $_SERVER['REMOTE_ADDR'];
+			$userData = @get_browser();
+			if($userData) $userData = json_encode($userData);
+			else $userData = $_SERVER['HTTP_USER_AGENT'];
+			$sql = 'INSERT INTO omoccuraccess(ipAddress, accessType, queryStr, userAgent) VALUES(?, ?, ?, ?)';
+			$stmt = $this->conn->stmt_init();
+			$stmt->prepare($sql);
+			$stmt->bind_param('ssss', $remoteAddr, $accessType, $queryStr, $userData);
+			if($stmt->execute()){
+				$occurAccessID = $this->conn->insert_id;
+			}
+			else{
+				$this->errorMessage = date('Y-m-d H:i:s').' - ERROR creating access event: '.$this->conn->error;
+				$this->logOrEcho($this->errorMessage);
+			}
+			$stmt->close();
 		}
-		$stmt->close();
 		return $occurAccessID;
 	}
 
-	private function insertAccessOccurrence($occurAccessID, $occid){
+	public function insertAccessOccurrence($occurAccessID, $occid){
 		$status = false;
 		$sql = 'INSERT INTO omoccuraccesslink(occurAccessID, occid) VALUES(?, ?)';
 		$stmt = $this->conn->stmt_init();
@@ -104,7 +106,7 @@ private function insertAccessOccurrence($occurAccessID, $occid){
 	private function insertAccessOccurrenceBatch($occurAccessID, $sqlFrag){
 		$status = false;
 		if(is_numeric($occurAccessID)){
-			$sql = 'INSERT INTO omoccuraccessstats(occurAccessID, occid) SELECT '.$occurAccessID.', o.occid '.$sqlFrag;
+			$sql = 'INSERT INTO omoccuraccesslink(occurAccessID, occid) SELECT '.$occurAccessID.', o.occid '.$sqlFrag;
 			if($this->conn->query($sql)){
 				$status = true;
 			}

classes/OccurrenceDownload.php

@@ -133,6 +133,7 @@ private function writeOutData($outstream){
 			$result = $this->conn->query($sql,MYSQLI_USE_RESULT);
 			if($result){
 				$statsManager = new OccurrenceAccessStats();
+				$occurAccessID = $statsManager->insertAccessEvent('download', substr($sql, strpos($sql, 'WHERE ')));
 				$outputHeader = true;
 				while($row = $result->fetch_assoc()){
 					if($outputHeader){
@@ -155,7 +156,7 @@ private function writeOutData($outstream){
 					}
 					//Set access statistics
 					if($this->isPublicDownload){
-						if($this->schemaType != 'checklist') if(array_key_exists('occid',$row)) $statsManager->recordAccessEvent($row['occid'], 'download');
+						if($this->schemaType != 'checklist') if(array_key_exists('occid',$row)) $statsManager->insertAccessOccurrence($occurAccessID, $row['occid']);
 					}
 					$recCnt++;
 				}

classes/OccurrenceIndividual.php

@@ -701,13 +701,17 @@ public function getExternalEditArr(){
 
 	public function getAccessStats(){
 		$retArr = Array();
-		$sql = 'SELECT year(accessdate) as accessdate, accesstype, count(*) AS cnt FROM omoccuraccessstats WHERE (occid = '.$this->occid.') GROUP BY accessdate, accesstype';
-		//echo '<div>'.$sql.'</div>';
-		$rs = $this->conn->query($sql);
-		while($r = $rs->fetch_object()){
-			$retArr[$r->accessdate][$r->accesstype] = $r->cnt;
+		if(isset($GLOBALS['RECORD_STATS'])){
+			$sql = 'SELECT year(s.accessdate) as accessdate, s.accesstype, s.cnt
+				FROM omoccuraccesssummary s INNER JOIN omoccuraccesssummarylink l ON s.oasid = l.oasid
+				WHERE (l.occid = '.$this->occid.') GROUP BY s.accessdate, s.accesstype';
+			//echo '<div>'.$sql.'</div>';
+			$rs = $this->conn->query($sql);
+			while($r = $rs->fetch_object()){
+				$retArr[$r->accessdate][$r->accesstype] = $r->cnt;
+			}
+			$rs->free();
 		}
-		$rs->free();
 		return $retArr;
 	}