update server code

bancika · Nov 18, 2016 · b134c8f · b134c8f
1 parent 327a302
commit b134c8f
Show file tree

Hide file tree

Showing 12 changed files with 306 additions and 35 deletions.
diff --git a/diylc-server-api/v1/createUser.php b/diylc-server-api/v1/createUser.php
@@ -4,7 +4,7 @@
 $pwd=$_REQUEST["password"];
 $email=$_REQUEST["email"];
 $website=$_REQUEST["website"];
-$website=$_REQUEST["bio"];
+$bio=$_REQUEST["bio"];
 
 if (!$name) {
 	echo "{\"string\":Username not provided.}";

diff --git a/diylc-server-api/v1/db/diylc_category.sql b/diylc-server-api/v1/db/diylc_category.sql
@@ -3,8 +3,8 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost:3306
--- Generation Time: Oct 28, 2016 at 10:45 AM
--- Server version: 5.6.33
+-- Generation Time: Nov 18, 2016 at 01:08 PM
+-- Server version: 5.6.34
 -- PHP Version: 5.6.20
 
 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
@@ -34,7 +34,7 @@ CREATE TABLE IF NOT EXISTS `diylc_category` (
   PRIMARY KEY (`category_id`),
   UNIQUE KEY `category_id` (`category_id`),
   KEY `category_id_2` (`category_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=22 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=27 ;
 
 --
 -- Dumping data for table `diylc_category`
@@ -55,7 +55,11 @@ INSERT INTO `diylc_category` (`category_id`, `name`, `sort_order`, `parent_id`)
 (21, 'Hi-Fi Preamps', 160, 9),
 (20, 'Guitar Preamps', 120, 9),
 (18, 'Guitar Wiring Diagrams', 400, 0),
-(19, 'Other', 1000, 0);
+(19, 'Other', 1000, 0),
+(25, 'Fuzzes', 225, 1),
+(23, 'Power Supplies', 300, 0),
+(24, 'Overdrives', 232, 1),
+(26, 'Tremolos/Vibratos', 238, 1);
 
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;

diff --git a/diylc-server-api/v1/db/diylc_project.sql b/diylc-server-api/v1/db/diylc_project.sql
@@ -3,8 +3,8 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost:3306
--- Generation Time: Oct 28, 2016 at 10:45 AM
--- Server version: 5.6.33
+-- Generation Time: Nov 18, 2016 at 01:09 PM
+-- Server version: 5.6.34
 -- PHP Version: 5.6.20
 
 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
@@ -38,8 +38,10 @@ CREATE TABLE IF NOT EXISTS `diylc_project` (
   `keywords` varchar(1024) NOT NULL,
   `view_count` int(11) NOT NULL DEFAULT '0',
   `download_count` int(11) NOT NULL DEFAULT '0',
+  `deleted` bit(1) NOT NULL DEFAULT b'0',
   PRIMARY KEY (`project_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=28 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=198 ;
+
 
 /*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
 /*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;

diff --git a/diylc-server-api/v1/db/diylc_user.sql b/diylc-server-api/v1/db/diylc_user.sql
@@ -3,8 +3,8 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost:3306
--- Generation Time: Oct 28, 2016 at 10:45 AM
--- Server version: 5.6.33
+-- Generation Time: Nov 18, 2016 at 01:10 PM
+-- Server version: 5.6.34
 -- PHP Version: 5.6.20
 
 SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
@@ -39,8 +39,4 @@ CREATE TABLE IF NOT EXISTS `diylc_user` (
   `ip` varchar(50) NOT NULL,
   `country` varchar(50) NOT NULL,
   PRIMARY KEY (`user_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=14 ;
-
-/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
-/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
-/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=36 ;
diff --git a/diylc-server-api/v1/deleteProject.php b/diylc-server-api/v1/deleteProject.php
@@ -0,0 +1,80 @@
+<?php
+
+$name=$_REQUEST["username"];
+$token=$_REQUEST["token"];
+$machineId=$_REQUEST["machineId"];
+$projectId=$_REQUEST["projectId"];
+
+//echo var_dump($_FILES);
+
+$thumbnailFile=$_FILES["thumbnail"];
+$projectFile=$_FILES["project"];
+
+if (!$name) {
+	echo "{\"string\":Username not provided.}";
+	exit;
+}
+if (!$token) {
+	echo "{\"string\":Token not provided.}";
+	exit;
+}
+if (!$machineId) {
+	echo "{\"string\":Machine ID not provided.}";
+	exit;
+}
+if (!$projectId) {
+	echo "{\"string\":Project Id not provided.}";
+	exit;
+}
+
+// Load help class
+require_once("properties.php");
+
+// Load properties
+$dbProperties = new Properties();
+$propertiesFile = fopen("db.properties", "rb");
+$dbProperties->load($propertiesFile);
+
+// Connect to the DB
+$username=$dbProperties->getProperty("user");
+$password=$dbProperties->getProperty("pass");
+$database=$dbProperties->getProperty("db");
+$mysqli = new mysqli(localhost,$username,$password,$database);
+
+// Verify that the user is logged in
+$sql = "
+SELECT user_id 
+FROM diylc_user 
+WHERE name = \"".addslashes($name)."\" AND token= \"".addslashes($token)."\" AND machine_id = \"".addslashes($machineId)."\"";
+
+if (!$result = $mysqli->query($sql)) {
+	echo "{\"string\":Error while looking up the user.}";
+	exit;
+}
+
+if ($row = $result->fetch_assoc()) {
+	$userId = $row["user_id"];
+
+	// Update the existing project in the database
+	$sql= "
+	UPDATE diylc_project 
+	SET deleted = 1
+	WHERE project_id=".addslashes($projectId)." AND owner_user_id=".$userId;
+
+	//echo "{\"string\":\"".$sql."\"}";
+	//exit;
+
+	if (!$result = $mysqli->query($sql) || $mysqli->affected_rows == 0) {
+		echo "{\"string\":\"Error while deleting the project from the database. ".$mysqli->error."\"}";
+		exit;
+	} else {
+		echo "{\"string\":Success}";
+
+	}	
+} else {
+	echo "{\"string\":User is not logged in.}";		
+}
+
+$mysqli->close();
+
+?>
diff --git a/diylc-server-api/v1/getAnnouncements.php b/diylc-server-api/v1/getAnnouncements.php
@@ -1,3 +1,3 @@
 {"list":{"org.diylc.announcements.Announcement":[
-{"title":"Welcome note","date":"2016-10-25","text":"Thank you for trying out the latest and greatest DIYLC beta version.<br>Please note that all project submitted during beta testing stage will be deleted<br> once the we are ready for the release for a fresh start.<br>Enjoy surfing the cloud and please send your feedback to bancika@gmail.com"},
+{"title":"Welcome note","date":"2016-11-12","text":"Thank you for trying out the latest and greatest DIYLC.<br>The new version brings \"Project Cloud\" feature I worked on over the last few months.<br>Enjoy surfing the cloud and please send your feedback to bancika@gmail.com"},
 ]}}
diff --git a/diylc-server-api/v1/getComments.php b/diylc-server-api/v1/getComments.php
@@ -22,7 +22,8 @@
 SELECT c.*, u.name username
 FROM diylc_comment c
 INNER JOIN diylc_user u ON u.user_id = c.user_id
-WHERE project_id = ".$projectId;
+WHERE project_id = ".$projectId."
+ORDER BY posted_at";
 
 //echo $sql;
 

diff --git a/diylc-server-api/v1/search.php b/diylc-server-api/v1/search.php
@@ -2,10 +2,12 @@
 
 $className="org.diylc.plugins.cloud.model.ProjectEntity";
 $criteria=$_REQUEST["criteria"];
-$category=$_REQUEST["category"];
+$category=str_replace("- ", "", $_REQUEST["category"]);
 $page=$_REQUEST["page"];
+$username=$_REQUEST["username"];
 $itemsPerPage=$_REQUEST["itemsPerPage"];
 $sort=$_REQUEST["sort"];
+$projectId=$_REQUEST["projectId"];
 if(!$page)
 	$page=1;
 if(!$itemsPerPage)
@@ -16,9 +18,13 @@
 $condition="";
 
 if ($category)
-	$condition = $condition." AND LOWER(c.search_name) = LOWER('".$category."')";
+	$condition = $condition." AND LOWER(c.search_name) LIKE LOWER('%".addslashes($category)."%')";
 if ($criteria)
-	$condition = $condition." AND (LOWER(p.description) LIKE LOWER('%".$criteria."%') OR LOWER(p.name) LIKE LOWER('%".$criteria."%') OR LOWER(p.keywords) LIKE LOWER('%".$criteria."%'))";
+	$condition = $condition." AND (LOWER(p.description) LIKE LOWER('%".addslashes($criteria)."%') OR LOWER(p.name) LIKE LOWER('%".addslashes($criteria)."%') OR LOWER(p.keywords) LIKE LOWER('%".addslashes($criteria)."%'))";
+if ($username)
+	$condition = $condition." AND u.name = \"".addslashes($username)."\"";
+if ($projectId)
+	$condition = $condition." AND p.project_id=".addslashes($projectId);
 
 $limit = " LIMIT ".$itemsPerPage." OFFSET ".(($page-1)*$itemsPerPage);
 
@@ -58,7 +64,7 @@ function ip_details($IPaddress)
 $ip = $_SERVER["REMOTE_ADDR"];
 $location = ip_details($ip);
 
-$sql = "INSERT INTO diylc_search_history (ip, country, criteria, category, sort, search_time) VALUES (\"".$ip."\", \"".$location->country."\",\"".$criteria."\",\"".$category."\",\"".$sort."\",NOW())";
+$sql = "INSERT INTO diylc_search_history (ip, country, criteria, category, sort, search_time) VALUES (\"".$ip."\", \"".$location->country."\",\"".addslashes($criteria)."\",\"".addslashes($category)."\",\"".$sort."\",NOW())";
 
 $mysqli->query($sql);
 
@@ -70,9 +76,9 @@ function ip_details($IPaddress)
 //}
 
 $sql = "
-SELECT p.project_id, p.name, p.description, c.search_name AS 'category', u.name AS 'owner', p.last_update, p.view_count, p.download_count, (SELECT COUNT(*) FROM diylc_comment co WHERE co.project_id = p.project_id) comment_count
+SELECT p.project_id, p.name, p.description, c.search_name AS 'category', c.display_name AS 'category_for_display', u.name AS 'owner', p.keywords, p.last_update, p.view_count, p.download_count, (SELECT COUNT(*) FROM diylc_comment co WHERE co.project_id = p.project_id) comment_count
 FROM diylc_project p, diylc_category_view c, diylc_user u 
-WHERE p.category_id = c.category_id AND p.owner_user_id = u.user_id ".$condition.$orderBy.$limit;
+WHERE p.deleted = 0 AND p.category_id = c.category_id AND p.owner_user_id = u.user_id ".$condition.$orderBy.$limit;
 
 //echo $sql;
 
@@ -100,11 +106,13 @@ function ip_details($IPaddress)
 
 	echo "{";
 	echo "\"id\":".$row["project_id"].",";
-	echo "\"name\":\"".$row["name"]."\",";
-	echo "\"description\":\"".$row["description"]."\",";
-	echo "\"owner\":\"".$row["owner"]."\",";
+	echo "\"name\":\"".addslashes($row["name"])."\",";
+	echo "\"description\":\"".addslashes($row["description"])."\",";
+	echo "\"owner\":\"".addslashes($row["owner"])."\",";
 	echo "\"category\":\"".$row["category"]."\",";
-	echo "\"updated\":\"".$updated ."\",";		
+	echo "\"categoryForDisplay\":\"".$row["category_for_display"]."\",";
+	echo "\"updated\":\"".$updated."\",";		
+	echo "\"keywords\":\"".$row["keywords"]."\",";	
 	echo "\"thumbnailUrl\":\"http://diy-fever.com/diylc/api/v1/downloadThumbnail.php?id=".$row["project_id"]."\",";
 	echo "\"downloadUrl\":\"http://diy-fever.com/diylc/api/v1/downloadProject.php?id=".$row["project_id"]."\",";        
 	echo "\"commentCount\":\"".$row["comment_count"]."\",";

diff --git a/diylc-server-api/v1/testUpload.html b/diylc-server-api/v1/testUpload.html
@@ -0,0 +1,27 @@
+<html>
+	<body>
+		<form method="POST" action="http://www.diy-fever.com/diylc/api/upload.php" enctype="multipart/form-data">
+			Username: <input type="text" name="username" value="testUser3">			
+			<br>
+			MachineId: <input type="text" name="machineId" value="tttjg">
+			<br>
+			Token: <input type="text" name="token" value="testUser35800ffaabb0b92.58166942">
+			<br>
+			Name: <input type="text" name="projectName" value="">
+			<br>
+			Category: <input type="text" name="category" value="TestCat">
+			<br>
+			Description: <input type="text" name="description" value="The quick brown fox jumps over the lazy dog.">
+			<br>
+			Version: <input type="text" name="diylcVersion" value="3.0.0">
+			<br>
+			Keywords: <input type="text" name="keywords" value="">
+			<br>
+			Thumb: <input type="file" name="thumbnail" id="thumbnail">
+			<br>												
+			Project: <input type="file" name="project" id="project">
+			<br>									
+			<input type="submit" name="submit" value="Submit">  
+		</form>
+	</body>
+</html>
diff --git a/diylc-server-api/v1/updateUserDetails.php b/diylc-server-api/v1/updateUserDetails.php
@@ -50,7 +50,7 @@
 }
 
 if ($mysqli->affected_rows === 0) {
-	echo "{\"string\":Could not update the account.}";
+	echo "{\"string\":\"Could not update the account. ".$mysqli->error."\"}";
 } else {
 	echo "{\"string\":Success}";
 }

diff --git a/diylc-server-api/v1/upload.php b/diylc-server-api/v1/upload.php
@@ -8,6 +8,7 @@
 $description=$_REQUEST["description"];
 $diylcVersion=$_REQUEST["diylcVersion"];
 $keywords=$_REQUEST["keywords"];
+$projectId=$_REQUEST["projectId"];
 
 //echo var_dump($_FILES);
 
@@ -99,15 +100,23 @@
 	}
 
 	if ($row = $result->fetch_assoc()) {
-		$categoryId = $row["category_id"];	
+		$categoryId = $row["category_id"];
 
-		// Insert into the database
-		$sql= "
-		INSERT INTO diylc_project (name, description, category_id, owner_user_id, diylc_version, keywords, uploaded_on, last_update) 
-		VALUES (\"".$projectName."\",\"".$description."\",".$categoryId.",".$userId.",\"".$diylcVersion."\",\"".$keywords."\",now(),now())";
+		if ($projectId && is_numeric($projectId)) {
+			// Update the existing project in the database
+			$sql= "
+			UPDATE diylc_project 
+			SET name=\"".$projectName."\", description=\"".$description."\", category_id=".$categoryId.", diylc_version=\"".$diylcVersion."\", keywords = \"".$keywords."\", last_update = NOW()
+			WHERE project_id=".addslashes($projectId)." AND owner_user_id=".$userId;
+		} else {			
+			// Insert into the database
+			$sql= "
+			INSERT INTO diylc_project (name, description, category_id, owner_user_id, diylc_version, keywords, uploaded_on, last_update) 
+			VALUES (\"".addslashes($projectName)."\",\"".addslashes($description)."\",".$categoryId.",".$userId.",\"".addslashes($diylcVersion)."\",\"".addslashes($keywords)."\",now(),now())";
+		}
 
-		if (!$result = $mysqli->query($sql)) {
-			echo "{\"string\":Error while uploading the project into the database.}";
+		if (!$result = $mysqli->query($sql) || $mysqli->affected_rows == 0) {
+			echo "{\"string\":\"Error while uploading the project into the database. ".$mysqli->error."\"}";
 			exit;
 		} else {
 			$projectId = $mysqli->insert_id;