flotsam/Servers/XmlRpcGroupsServer/xmlrpc.php

<?php
//	ini_set("display_errors",0);
    /*
      Actual failures that result in mysql or php errors should be returned as:
      
      return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
      
      Methods that run without errors, but do not have the intended result should return as:
      
      return array('succeed' => 'false', 'message' => 'No Groups Found', 'params' => var_export($params, TRUE));
      
      or if applicable:
      
      return array('succeed' => 'false', 'message' => 'What went wrong', 'params' => var_export($params, TRUE), 'sql' => $sql);
    */

    include("phpxmlrpclib/xmlrpc.inc");
    include("phpxmlrpclib/xmlrpcs.inc");

    include("config.php");
	

    $groupPowers = array(
        'None' => '0',
        /// <summary>Can send invitations to groups default role</summary>
        'Invite' => '2',
        /// <summary>Can eject members from group</summary>
        'Eject' => '4',
        /// <summary>Can toggle 'Open Enrollment' and change 'Signup fee'</summary>
        'ChangeOptions' => '8',
        /// <summary>Can create new roles</summary>
        'CreateRole' => '16',
        /// <summary>Can delete existing roles</summary>
        'DeleteRole' => '32',
        /// <summary>Can change Role names, titles and descriptions</summary>
        'RoleProperties' => '64',
        /// <summary>Can assign other members to assigners role</summary>
        'AssignMemberLimited' => '128',
        /// <summary>Can assign other members to any role</summary>
        'AssignMember' => '256',
        /// <summary>Can remove members from roles</summary>
        'RemoveMember' => '512',
        /// <summary>Can assign and remove abilities in roles</summary>
        'ChangeActions' => '1024',
        /// <summary>Can change group Charter, Insignia, 'Publish on the web' and which
        /// members are publicly visible in group member listings</summary>
        'ChangeIdentity' => '2048',
        /// <summary>Can buy land or deed land to group</summary>
        'LandDeed' => '4096',
        /// <summary>Can abandon group owned land to Governor Linden on mainland, or Estate owner for
        /// private estates</summary>
        'LandRelease' => '8192',
        /// <summary>Can set land for-sale information on group owned parcels</summary>
        'LandSetSale' => '16384',
        /// <summary>Can subdivide and join parcels</summary>
        'LandDivideJoin' => '32768',
        /// <summary>Can join group chat sessions</summary>
        'JoinChat' => '65536',
        /// <summary>Can toggle "Show in Find Places" and set search category</summary>
        'FindPlaces' => '131072',
        /// <summary>Can change parcel name, description, and 'Publish on web' settings</summary>
        'LandChangeIdentity' => '262144',
        /// <summary>Can set the landing point and teleport routing on group land</summary>
        'SetLandingPoint' => '524288',
        /// <summary>Can change music and media settings</summary>
        'ChangeMedia' => '1048576',
        /// <summary>Can toggle 'Edit Terrain' option in Land settings</summary>
        'LandEdit' => '2097152',
        /// <summary>Can toggle various About Land > Options settings</summary>
        'LandOptions' => '4194304',
        /// <summary>Can always terraform land, even if parcel settings have it turned off</summary>
        'AllowEditLand' => '8388608',
        /// <summary>Can always fly while over group owned land</summary>
        'AllowFly' => '16777216',
        /// <summary>Can always rez objects on group owned land</summary>
        'AllowRez' => '33554432',
        /// <summary>Can always create landmarks for group owned parcels</summary>
        'AllowLandmark' => '67108864',
        /// <summary>Can use voice chat in Group Chat sessions</summary>
        'AllowVoiceChat' => '134217728',
        /// <summary>Can set home location on any group owned parcel</summary>
        'AllowSetHome' => '268435456',
        /// <summary>Can modify public access settings for group owned parcels</summary>
        'LandManageAllowed' => '536870912',
        /// <summary>Can manager parcel ban lists on group owned land</summary>
        'LandManageBanned' => '1073741824',
        /// <summary>Can manage pass list sales information</summary>
        'LandManagePasses' => '2147483648',
        /// <summary>Can eject and freeze other avatars on group owned land</summary>
        'LandEjectAndFreeze' => '4294967296',
        /// <summary>Can return objects set to group</summary>
        'ReturnGroupSet' => '8589934592',
        /// <summary>Can return non-group owned/set objects</summary>
        'ReturnNonGroup' => '17179869184',
        /// <summary>Can landscape using Linden plants</summary>
        'LandGardening' => '34359738368',
        /// <summary>Can deed objects to group</summary>
        'DeedObject' => '68719476736',
        /// <summary>Can moderate group chat sessions</summary>
        'ModerateChat' => '137438953472',
        /// <summary>Can move group owned objects</summary>
        'ObjectManipulate' => '274877906944',
        /// <summary>Can set group owned objects for-sale</summary>
        'ObjectSetForSale' => '549755813888',
        /// <summary>Pay group liabilities and receive group dividends</summary>
        'Accountable' => '1099511627776',
        /// <summary>Can send group notices</summary>
        'SendNotices'    => '4398046511104',
        /// <summary>Can receive group notices</summary>
        'ReceiveNotices' => '8796093022208',
        /// <summary>Can create group proposals</summary>
        'StartProposal' => '17592186044416',
        /// <summary>Can vote on group proposals</summary>
        'VoteOnProposal' => '35184372088832',
        /// <summary>Can return group owned objects</summary>
        'ReturnGroupOwned' => '281474976710656',
        /// <summary>Members are visible to non-owners</summary>
		    'RoleMembersVisible' => '140737488355328'
		);
	
    $uuidZero = "00000000-0000-0000-0000-000000000000";
    
    $groupDBCon = mysql_connect($dbHost,$dbUser,$dbPassword);
    if (!$groupDBCon)
    {
        die('Could not connect: ' . mysql_error());
    }
    mysql_select_db($dbName, $groupDBCon);

    // This is filled in by secure()
    $requestingAgent = $uuidZero;
    
    function test() 
    {
        return array('name' => 'Joe','age' => 27);
    }

    // Use a common signature for all the group functions  ->  struct foo($struct)
    $common_sig = array(array($xmlrpcStruct, $xmlrpcStruct));

    function createGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
	
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;

        $groupID        = $params["GroupID"];
        $name           = $params["Name"];
        $charter        = $params["Charter"];
        $insigniaID     = $params["InsigniaID"];
        $founderID      = $params["FounderID"];
        $membershipFee  = $params["MembershipFee"];
        $openEnrollment = $params["OpenEnrollment"];
        $showInList     = $params["ShowInList"];
        $allowPublish   = $params["AllowPublish"];
        $maturePublish  = $params["MaturePublish"];
        $ownerRoleID    = $params["OwnerRoleID"];
        $everyonePowers = $params["EveryonePowers"];
        $ownersPowers   = $params["OwnersPowers"];
        
        $escapedParams         = array_map("mysql_real_escape_string", $params);
        $escapedGroupID        = $escapedParams["GroupID"];
        $escapedName           = $escapedParams["Name"];
        $escapedCharter        = $escapedParams["Charter"];
        $escapedInsigniaID     = $escapedParams["InsigniaID"];
        $escapedFounderID      = $escapedParams["FounderID"];
        $escapedMembershipFee  = $escapedParams["MembershipFee"];
        $escapedOpenEnrollment = $escapedParams["OpenEnrollment"];
        $escapedShowInList     = $escapedParams["ShowInList"];
        $escapedAllowPublish   = $escapedParams["AllowPublish"];
        $escapedMaturePublish  = $escapedParams["MaturePublish"];
        $escapedOwnerRoleID    = $escapedParams["OwnerRoleID"];

        // Create group
        $sql = "INSERT INTO osgroup
                (GroupID, Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID)
                VALUES
                ('$escapedGroupID', '$escapedName', '$escapedCharter', '$escapedInsigniaID', '$escapedFounderID', $escapedMembershipFee, $escapedOpenEnrollment, $escapedShowInList, $escapedAllowPublish, $escapedMaturePublish, '$escapedOwnerRoleID')";
        
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        // Create Everyone Role
        // NOTE: FIXME: This is a temp fix until the libomv enum for group powers is fixed in OpenSim
		
        $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $uuidZero, 'Name' => 'Everyone', 'Description' => 'Everyone in the group is in the everyone role.', 'Title' => "Member of $name", 'Powers' => $everyonePowers));
        if( isset($result['error']) )
        {
            return $result;
        }

        // Create Owner Role
        $result = _addRoleToGroup(array('GroupID' => $groupID, 'RoleID' => $ownerRoleID, 'Name' => 'Owners', 'Description' => "Owners of $name", 'Title' => "Owner of $name", 'Powers' => $ownersPowers));
        if( isset($result['error']) )
        {
            return $result;
        }

        // Add founder to group, will automatically place them in the Everyone Role, also places them in specified Owner Role
        $result = _addAgentToGroup(array('AgentID' => $founderID, 'GroupID' => $groupID, 'RoleID' => $ownerRoleID));
        if( isset($result['error']) )
        {
            return $result;
        }
        
        // Select the owner's role for the founder
        $result = _setAgentGroupSelectedRole(array('AgentID' => $founderID, 'RoleID' => $ownerRoleID, 'GroupID' => $groupID));
        if( isset($result['error']) )
        {
            return $result;
        }
        
        // Set the new group as the founder's active group
        $result = _setAgentActiveGroup(array('AgentID' => $founderID, 'GroupID' => $groupID));
        if( isset($result['error']) )
        {
            return $result;
        }
        
        return getGroup(array("GroupID"=>$groupID));
    }
    
	  // Private method, does not include security, to only be called from places that have already verified security
    function _addRoleToGroup($params)
    {
        $everyonePowers = 8796495740928; // This should now be fixed, when libomv was updated...		
	
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = mysql_real_escape_string( $params['GroupID'] );
        $roleID  = mysql_real_escape_string( $params['RoleID'] );
        $name    = mysql_real_escape_string( $params['Name'] );
        $desc    = mysql_real_escape_string( $params['Description'] );
        $title   = mysql_real_escape_string( $params['Title'] );
        $powers  = mysql_real_escape_string( $params['Powers'] );

        if( !isset($powers) || ($powers == 0) || ($powers == '') )
        {
            $powers = $everyonePowers;
        }
        
        $sql = " INSERT INTO osrole (GroupID, RoleID, Name, Description, Title, Powers) VALUES "
              ." ('$groupID', '$roleID', '$name', '$desc', '$title', $powers)";

        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()
                       , 'method' => 'addRoleToGroup'
                       , 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
	
    function addRoleToGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
      
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = $params['GroupID'];
          
        // Verify the requesting agent has permission
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['CreateRole'])) )
        {
            return $error;
        }

        return _addRoleToGroup($params);
    }
    
    function updateGroupRole($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = mysql_real_escape_string( $params['GroupID'] );
        $roleID  = mysql_real_escape_string( $params['RoleID'] );
        $name    = mysql_real_escape_string( $params['Name'] );
        $desc    = mysql_real_escape_string( $params['Description'] );
        $title   = mysql_real_escape_string( $params['Title'] );
        $powers  = mysql_real_escape_string( $params['Powers'] );
        
        // Verify the requesting agent has permission
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
        {
            return $error;
        }
		
        $sql = " UPDATE osrole SET RoleID = '$roleID' ";
        if( isset($params['Name']) )
        {
            $sql .= ", Name = '$name'";
        }
        if( isset($params['Description']) )
        {
            $sql .= ", Description = '$desc'";
        }
        if( isset($params['Title']) )
        {
            $sql .= ", Title = '$title'";
        }
        if( isset($params['Powers']) )
        {
            $sql .= ", Powers = $powers";
        }
        
        $sql .= " WHERE GroupID = '$groupID' AND RoleID = '$roleID'";

        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
    
    function removeRoleFromGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = mysql_real_escape_string( $params['GroupID'] );
        $roleID  = mysql_real_escape_string( $params['RoleID'] );
        
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['RoleProperties'])) )
        {
            return $error;
        }
		
        /// 1. Remove all members from Role
        /// 2. Set selected Role to uuidZero for anyone that had the role selected
        /// 3. Delete roll
        
        $sql = "DELETE FROM osgrouprolemembership WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        $sql = "UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        $sql = "DELETE FROM osrole WHERE GroupID = '$groupID' AND RoleID = '$roleID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
    
    function getGroup($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
          return $error;
        }
		
        return _getGroup($params);
    }
		
    function _getGroup($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $sql = " SELECT osgroup.GroupID, osgroup.Name, Charter, InsigniaID, FounderID, MembershipFee, OpenEnrollment, ShowInList, AllowPublish, MaturePublish, OwnerRoleID"
              ." , count(osrole.RoleID) as GroupRolesCount, count(osgroupmembership.AgentID) as GroupMembershipCount "
              ." FROM osgroup "
              ." LEFT JOIN osrole ON (osgroup.GroupID = osrole.GroupID)"
              ." LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
              ." WHERE ";

        if( isset($params['GroupID']) )
        {
            $sql .= "osgroup.GroupID = '" . mysql_real_escape_string($params['GroupID']). "'";
        } 
        else if( isset($params['Name']) ) 
        {
            $sql .= "osgroup.Name = '" . mysql_real_escape_string($params['Name']) . "'";
        } 
        else 
        {
            return array("error" => "Must specify GroupID or Name");
        }
        
        $sql .= " GROUP BY osgroup.GroupID, osgroup.name, charter, insigniaID, founderID, membershipFee, openEnrollment, showInList, allowPublish, maturePublish, ownerRoleID";
        
        $result = mysql_query($sql, $groupDBCon);
        
        if (!$result) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        if (mysql_num_rows($result) == 0) 
        {
            return array('succeed' => 'false', 'error' => 'Group Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        return mysql_fetch_assoc($result);
    }        
    
    function updateGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
          return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = mysql_real_escape_string( $params["GroupID"] );
        $charter = mysql_real_escape_string( $params["Charter"] );
        $insigniaID = mysql_real_escape_string( $params["InsigniaID"] );
        $membershipFee = mysql_real_escape_string( $params["MembershipFee"] );
        $openEnrollment = mysql_real_escape_string( $params["OpenEnrollment"] );
        $showInList = mysql_real_escape_string( $params["ShowInList"] );
        $allowPublish = mysql_real_escape_string( $params["AllowPublish"] );
        $maturePublish = mysql_real_escape_string( $params["MaturePublish"] );
        
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['ChangeOptions'])) )
        {
            return $error;
        }
		
        // Create group
        $sql = "UPDATE osgroup
                SET
                    Charter = '$charter'
                    , InsigniaID = '$insigniaID'
                    , MembershipFee = $membershipFee
                    , OpenEnrollment= $openEnrollment
                    , ShowInList    = $showInList
                    , AllowPublish  = $allowPublish
                    , MaturePublish = $maturePublish
                WHERE
                    GroupID = '$groupID'";
        
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        return array('success' => 'true');
    }

    function findGroups($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $search = mysql_real_escape_string( $params['Search'] );
        
        $sql = " SELECT osgroup.GroupID, osgroup.Name, count(osgroupmembership.AgentID) as Members "
              ." FROM osgroup LEFT JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID) "
              ." WHERE "
			  ." (    MATCH (osgroup.name) AGAINST ('$search' IN BOOLEAN MODE)"
              ."   OR osgroup.name LIKE '%$search%'"
              ."   OR osgroup.name REGEXP '$search'"
			  ." ) AND ShowInList = 1" 
              ." GROUP BY osgroup.GroupID, osgroup.Name";
        
        $result = mysql_query($sql, $groupDBCon);
        
        if (!$result) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        if( mysql_num_rows($result) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'No groups found.', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $results = array();

        while ($row = mysql_fetch_assoc($result)) 
        {
            $groupID = $row['GroupID'];
            $results[$groupID] = $row;
        }
        
        return array('results' => $results, 'success' => TRUE);
    }
    
    function _setAgentActiveGroup($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string( $params['AgentID'] );
        $groupID = mysql_real_escape_string( $params['GroupID'] );
		
        $sql = " UPDATE osagent "
              ." SET ActiveGroupID = '$groupID'"
              ." WHERE AgentID = '$agentID'";
    
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_affected_rows() == 0 )
        {
            $sql = " INSERT INTO osagent (ActiveGroupID, AgentID) VALUES "
                  ." ('$groupID', '$agentID')";
        
            if (!mysql_query($sql, $groupDBCon))
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }
        }
    
        return array("success" => "true");
    }

    function setAgentActiveGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = $params['AgentID'];
        $groupID = $params['GroupID'];
        
        if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
        {
            return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
        }
        
        return _setAgentActiveGroup($params);
    }
    
    function addAgentToGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = $params["GroupID"];
        $agentID = $params["AgentID"];        
		
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
        {
            // If they don't have direct permission, check to see if the group is marked for open enrollment
            $groupInfo = _getGroup( array ('GroupID' => $groupID) );
          
            if( isset($groupInfo['error']))
            {
                return $groupInfo;
            }

            if($groupInfo['OpenEnrollment'] != 1)
            {
                $escapedAgentID = mysql_real_escape_string($agentID);
                $escapedGroupID = mysql_real_escape_string($groupID);

                // Group is not open enrollment, check if the specified agentid has an invite
                $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite"
                      ." WHERE osgroupinvite.AgentID = '$escapedAgentID' AND osgroupinvite.GroupID = '$escapedGroupID'";
                        
                $results = mysql_query($sql, $groupDBCon);
                if (!$results) 
                {
                    return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
                }
                  
                if( mysql_num_rows($results) == 1 )
                {
                    // if there is an invite, make sure we're adding the user to the role specified in the invite
                    $inviteInfo = mysql_fetch_assoc($results);
                    $params['RoleID'] = $inviteInfo['RoleID'];
                } 
                else 
                {
                    // Not openenrollment, not invited, return permission denied error
                    return $error;
                }
            } 
        }

        return _addAgentToGroup($params);
    }
    
	  // Private method, does not include security, to only be called from places that have already verified security
    function _addAgentToGroup($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = $params["AgentID"];
        $groupID = $params["GroupID"];
        
        $roleID  = $uuidZero;
        if( isset($params["RoleID"]) )
        {
            $roleID = $params["RoleID"];
        }

        $escapedAgentID = mysql_real_escape_string($agentID);
        $escapedGroupID = mysql_real_escape_string($groupID);
        $escapedRoleID = mysql_real_escape_string($roleID);
    
        // Check if agent already a member
        $sql = " SELECT count(AgentID) as isMember FROM osgroupmembership WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'";
        $result = mysql_query($sql, $groupDBCon);
        if (!$result)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        // If not a member, add membership, select role (defaults to uuidZero, or everyone role)
        if( mysql_result($result, 0) == 0 )
        {
            $sql = " INSERT INTO osgroupmembership (GroupID, AgentID, Contribution, ListInProfile, AcceptNotices, SelectedRoleID) VALUES "
                  ."('$escapedGroupID','$escapedAgentID', 0, 1, 1,'$escapedRoleID')";
        
            if (!mysql_query($sql, $groupDBCon))
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }
        }
        
        // Make sure they're in the Everyone role
        $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $uuidZero, "AgentID" => $agentID));
        if( isset($result['error']) )
        {
            return $result;
        }
        
        // Make sure they're in specified role, if they were invited
        if( $roleID != $uuidZero )
        {
            $result = _addAgentToGroupRole(array("GroupID" => $groupID, "RoleID" => $roleID, "AgentID" => $agentID));
            if( isset($result['error']) )
            {
                return $result;
            }
        }

		    //Set the role they were invited to as their selected role
        _setAgentGroupSelectedRole(array('AgentID' => $agentID, 'RoleID' => $roleID, 'GroupID' => $groupID));
		
        // Set the group as their active group.
        // _setAgentActiveGroup(array("GroupID" => $groupID, "AgentID" => $agentID));
		
        return array("success" => "true");
    }
    
    function removeAgentFromGroup($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $agentID = $params["AgentID"];
        $groupID = $params["GroupID"];

        // An agent is always allowed to remove themselves from a group -- so only check if the requesting agent is different then the agent being removed.
        if( $agentID != $requestingAgent )
        {
            if( is_array($error = checkGroupPermission($groupID, $groupPowers['RemoveMember'])) )
            {
                return $error;
            }
        }

        $escapedAgentID = mysql_real_escape_string($agentID);
        $escapedGroupID = mysql_real_escape_string($groupID);
		
        // 1. If group is agent's active group, change active group to uuidZero
        // 2. Remove Agent from group (osgroupmembership)
        // 3. Remove Agent from all of the groups roles (osgrouprolemembership)
        
        $sql = " UPDATE osagent "
              ." SET ActiveGroupID = '$uuidZero'"
              ." WHERE AgentID = '$escapedAgentID' AND ActiveGroupID = '$escapedGroupID'";

        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        $sql = " DELETE FROM osgroupmembership "
              ." WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        $sql = " DELETE FROM osgrouprolemembership "
              ." WHERE AgentID = '$escapedAgentID' AND GroupID = '$escapedGroupID'";
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
    
    function _addAgentToGroupRole($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params["AgentID"]);
        $groupID = mysql_real_escape_string($params["GroupID"]);
        $roleID = mysql_real_escape_string($params["RoleID"]);
    
        // Check if agent already a member
        $sql = " SELECT count(AgentID) as isMember FROM osgrouprolemembership WHERE AgentID = '$agentID' AND RoleID = '$roleID' AND GroupID = '$groupID'";
        $result = mysql_query($sql, $groupDBCon);
        if (!$result)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
    
        if( mysql_result($result, 0) == 0 )
        {
            $sql = " INSERT INTO osgrouprolemembership (GroupID, RoleID, AgentID) VALUES "
                  ."('$groupID', '$roleID', '$agentID')";
        
            if (!mysql_query($sql, $groupDBCon))
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }
        }
    
        return array("success" => "true");
    }
    
    function addAgentToGroupRole($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $agentID = $params["AgentID"];
        $groupID = $params["GroupID"];
        $roleID = $params["RoleID"];

        $escapedAgentID = mysql_real_escape_string($agentID);
        $escapedGroupID = mysql_real_escape_string($groupID);
        $escapedRoleID = mysql_real_escape_string($roleID);
    
        // Check if being assigned to Owners role, assignments to an owners role can only be requested by owners.
        $sql = " SELECT OwnerRoleID, osgrouprolemembership.AgentID "
              ." FROM osgroup LEFT JOIN osgrouprolemembership ON (osgroup.GroupID = osgrouprolemembership.GroupID AND osgroup.OwnerRoleID = osgrouprolemembership.RoleID) "
            ." WHERE osgrouprolemembership.AgentID = '" . mysql_real_escape_string($requestingAgent) . "' AND osgroup.GroupID = '$escapedGroupID'";
			  
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
		
        if( mysql_num_rows($results) == 0 )
        {
			return array('error' => "Group ($groupID) not found or Agent ($agentID) is not in the owner's role", 'params' => var_export($params, TRUE));
		}

        $ownerRoleInfo = mysql_fetch_assoc($results);
        if( ($ownerRoleInfo['OwnerRoleID'] == $roleID) && ($ownerRoleInfo['AgentID'] != $requestingAgent) )
        {
            return array('error' => "Requesting agent $requestingAgent is not a member of the Owners Role and cannot add members to the owners role.", 'params' => var_export($params, TRUE));
        }
	
        if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
        {
            return $error;
        }
	
		return _addAgentToGroupRole($params);
    }
    
    function removeAgentFromGroupRole($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $agentID = mysql_real_escape_string($params["AgentID"]);
        $groupID = mysql_real_escape_string($params["GroupID"]);
        $roleID  = mysql_real_escape_string($params["RoleID"]);

        if( is_array($error = checkGroupPermission($groupID, $groupPowers['AssignMember'])) )
        {
            return $error;
        }
		
        // If agent has this role selected, change their selection to everyone (uuidZero) role
        $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$uuidZero' WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND SelectedRoleID = '$roleID'";
        $result = mysql_query($sql, $groupDBCon);
        if (!$result)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        $sql = " DELETE FROM osgrouprolemembership WHERE AgentID = '$agentID' AND GroupID = '$groupID' AND RoleID = '$roleID'";
    
        if (!mysql_query($sql, $groupDBCon))
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array("success" => "true");
    }
    
    function _setAgentGroupSelectedRole($params)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params["AgentID"]);
        $groupID = mysql_real_escape_string($params["GroupID"]);
        $roleID = mysql_real_escape_string($params["RoleID"]);
    
        $sql = " UPDATE osgroupmembership SET SelectedRoleID = '$roleID' WHERE AgentID = '$agentID' AND GroupID = '$groupID'";
        $result = mysql_query($sql, $groupDBCon);
        if (!$result)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
    
        return array('success' => 'true');
    }

    function setAgentGroupSelectedRole($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = $params["AgentID"];
        $groupID = $params["GroupID"];
        $roleID = $params["RoleID"];
    
        if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
        {
            return array('error' => "Agent can only change their own Selected Group Role", 'params' => var_export($params, TRUE));
        }
	
        return _setAgentGroupSelectedRole($params);
    }
	
    function getAgentGroupMembership($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $groupID = mysql_real_escape_string($params['GroupID']);
        $agentID = mysql_real_escape_string($params['AgentID']);
        
        $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
              ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
              ." , osgroupmembership.SelectedRoleID, osrole.Title"
              ." , osagent.ActiveGroupID "
              ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
              ."              JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
              ."              JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
              ." WHERE osgroup.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'";
        
        $groupmembershipResult = mysql_query($sql, $groupDBCon);
        if (!$groupmembershipResult) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_num_rows($groupmembershipResult) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'None Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult);
        
        $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
              ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
              ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
        $groupPowersResult = mysql_query($sql, $groupDBCon);
        if (!$groupPowersResult) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
        
        return array_merge($groupMembershipInfo, $groupPowersInfo);
    }

    function getAgentGroupMemberships($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params['AgentID']);
        
        $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
              ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
              ." , osgroupmembership.SelectedRoleID, osrole.Title"
              ." , IFNULL(osagent.ActiveGroupID, '$uuidZero') AS ActiveGroupID"
              ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
              ."              JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
              ."         LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
              ." WHERE osgroupmembership.AgentID = '$agentID'";
        
        $groupmembershipResults = mysql_query($sql, $groupDBCon);
        if (!$groupmembershipResults) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        if( mysql_num_rows($groupmembershipResults) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'No Memberships', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $groupResults = array();
        while($groupMembershipInfo = mysql_fetch_assoc($groupmembershipResults))
        {
            $groupID = $groupMembershipInfo['GroupID'];
            $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
                  ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
                  ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
            $groupPowersResult = mysql_query($sql, $groupDBCon);
            if (!$groupPowersResult) 
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }
            $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
            $groupResults[$groupID] = array_merge($groupMembershipInfo, $groupPowersInfo);
        }
        
        return $groupResults;
    }
    
    // Parameters should not already be mysql_real_escape_string() escaped
    function canAgentViewRoleMembers( $agentID, $groupID, $roleID )
    {
        global $membersVisibleTo, $groupDBCon;
		
        if( $membersVisibleTo == 'All' ) 
          return true;

        $agentID = mysql_real_escape_string($agentID);
        $groupID = mysql_real_escape_string($groupID);
        $roleID  = mysql_real_escape_string($roleID); 
		
        $sql  = " SELECT CASE WHEN min(OwnerRoleMembership.AgentID) IS NOT NULL THEN 1 ELSE 0 END AS IsOwner ";
        $sql .= " FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osgroupmembership.AgentID = '$agentID')";
        $sql .= "         LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (OwnerRoleMembership.GroupID = osgroup.GroupID ";
        $sql .= "                   AND OwnerRoleMembership.RoleID  = osgroup.OwnerRoleID ";
        $sql .= "                   AND OwnerRoleMembership.AgentID = '$agentID')";
        $sql .= " WHERE osgroup.GroupID = '$groupID' GROUP BY osgroup.GroupID";	
		
        $viewMemberResults = mysql_query($sql, $groupDBCon);
        if (!$viewMemberResults)
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error());
        }
        
        if (mysql_num_rows($viewMemberResults) == 0) 
        {
            return false;
        }
		
        $viewMemberInfo = mysql_fetch_assoc($viewMemberResults);
		
        switch( $membersVisibleTo )
        {
            case 'Group':
                // if we get to here, there is at least one row, so they are a member of the group
                return true;
            case 'Owners':
            default:
                return $viewMemberInfo['IsOwner'];			
        }
    }
	
    function getGroupMembers($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = $params['GroupID'];
        $escapedGroupID = mysql_real_escape_string($groupID);
        
        $sql = " SELECT osgroupmembership.AgentID"
              ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
              ." , osgroupmembership.SelectedRoleID, osrole.Title"
              ." , CASE WHEN OwnerRoleMembership.AgentID IS NOT NULL THEN 1 ELSE 0 END AS IsOwner"
              ." FROM osgroup JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID)"
              ."              JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
              ."              JOIN osrole AS OwnerRole ON (osgroup.OwnerRoleID  = OwnerRole.RoleID AND osgroup.GroupID  = OwnerRole.GroupID)"
              ."         LEFT JOIN osgrouprolemembership AS OwnerRoleMembership ON (osgroup.OwnerRoleID       = OwnerRoleMembership.RoleID 
                                                                               AND (osgroup.GroupID           = OwnerRoleMembership.GroupID)
                                                                               AND (osgroupmembership.AgentID = OwnerRoleMembership.AgentID))"
              ." WHERE osgroup.GroupID = '$escapedGroupID'";
        
        $groupmemberResults = mysql_query($sql, $groupDBCon);
        if (!$groupmemberResults) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if (mysql_num_rows($groupmemberResults) == 0) 
        {
            return array('succeed' => 'false', 'error' => 'No Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $roleMembersVisibleBit = $groupPowers['RoleMembersVisible'];
        $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, '');
		
        $memberResults = array();
        while ($memberInfo = mysql_fetch_assoc($groupmemberResults))
        {
            $agentID = $memberInfo['AgentID'];
            $sql = " SELECT BIT_OR(osrole.Powers) AS AgentPowers, ( BIT_OR(osrole.Powers) & $roleMembersVisibleBit) as MemberVisible"
                  ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
                  ." WHERE osgrouprolemembership.GroupID = '$escapedGroupID' AND osgrouprolemembership.AgentID = '$agentID'";
            $memberPowersResult = mysql_query($sql, $groupDBCon);
            if (!$memberPowersResult) 
            {
                return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
            }

            $memberPowersCount = mysql_num_rows($memberPowersResult);
            error_log("Found $memberPowersCount rows for agent $agentID for requesting agent $requestingAgent");

            if ($memberPowersCount == 0) 
            {
                if ($canViewAllGroupRoleMembers || $agentID == $requestingAgent)
                {
                    $memberResults[$agentID] = array_merge($memberInfo, array('AgentPowers' => 0));
                } 
                else 
                {
                    // if can't view all group role members and there is no Member Visible bit, then don't return this member's info
                    unset($memberResults[$agentID]);
                }
            } 
            else 
            {
                $memberPowersInfo = mysql_fetch_assoc($memberPowersResult);
                if ($memberPowersInfo['MemberVisible'] || $canViewAllGroupRoleMembers || $agentID == $requestingAgent)
                {
                    $memberResults[$agentID] = array_merge($memberInfo, $memberPowersInfo);
                } 
                else 
                {
                    // if can't view all group role members and there is no Member Visible bit, then don't return this member's info
                    unset($memberResults[$agentID]);
                }
            }
        }

        error_log("Returning " . count($memberResults) . " visible members for group $groupID for agent $agentID");
        
        if (count($memberResults) == 0) 
        {
            return array('succeed' => 'false', 'error' => 'No Visible Group Members found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
		
        return $memberResults;
    }
    
    function getAgentActiveMembership($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params['AgentID']);
        
        $sql = " SELECT osgroup.GroupID, osgroup.Name as GroupName, osgroup.Charter, osgroup.InsigniaID, osgroup.FounderID, osgroup.MembershipFee, osgroup.OpenEnrollment, osgroup.ShowInList, osgroup.AllowPublish, osgroup.MaturePublish"
              ." , osgroupmembership.Contribution, osgroupmembership.ListInProfile, osgroupmembership.AcceptNotices"
              ." , osgroupmembership.SelectedRoleID, osrole.Title"
              ." , osagent.ActiveGroupID "
              ." FROM osagent JOIN osgroup ON (osgroup.GroupID = osagent.ActiveGroupID)"
              ."              JOIN osgroupmembership ON (osgroup.GroupID = osgroupmembership.GroupID AND osagent.AgentID = osgroupmembership.AgentID)"
              ."              JOIN osrole ON (osgroupmembership.SelectedRoleID = osrole.RoleID AND osgroupmembership.GroupID = osrole.GroupID)"
              ." WHERE osagent.AgentID = '$agentID'";
        
        $groupmembershipResult = mysql_query($sql, $groupDBCon);
        if (!$groupmembershipResult) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        if (mysql_num_rows($groupmembershipResult) == 0) 
        {
            return array('succeed' => 'false', 'error' => 'No Active Group Specified', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        $groupMembershipInfo = mysql_fetch_assoc($groupmembershipResult);
        
        $groupID = $groupMembershipInfo['GroupID'];
        $sql = " SELECT BIT_OR(osrole.Powers) AS GroupPowers"
              ." FROM osgrouprolemembership JOIN osrole ON (osgrouprolemembership.GroupID = osrole.GroupID AND osgrouprolemembership.RoleID = osrole.RoleID)"
              ." WHERE osgrouprolemembership.GroupID = '$groupID' AND osgrouprolemembership.AgentID = '$agentID'";
        $groupPowersResult = mysql_query($sql, $groupDBCon);
        if (!$groupPowersResult) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        $groupPowersInfo = mysql_fetch_assoc($groupPowersResult);
        
        return array_merge($groupMembershipInfo, $groupPowersInfo);
    }
    
    function getAgentRoles($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $agentID = mysql_real_escape_string($params['AgentID']);
        
        $sql = " SELECT "
              ." osrole.RoleID, osrole.GroupID, osrole.Title, osrole.Name, osrole.Description, osrole.Powers"
              ." , CASE WHEN osgroupmembership.SelectedRoleID = osrole.RoleID THEN 1 ELSE 0 END AS Selected"
              ." FROM osgroupmembership JOIN osgrouprolemembership  ON (osgroupmembership.GroupID = osgrouprolemembership.GroupID AND osgroupmembership.AgentID = osgrouprolemembership.AgentID)"
              ."                        JOIN osrole ON ( osgrouprolemembership.RoleID = osrole.RoleID AND osgrouprolemembership.GroupID = osrole.GroupID)"
              ."                   LEFT JOIN osagent ON (osagent.AgentID = osgroupmembership.AgentID)"
              ." WHERE osgroupmembership.AgentID = '$agentID'";
              
        if( isset($params['GroupID']) )
        {
            $groupID = $params['GroupID'];
            $sql .= " AND osgroupmembership.GroupID = '$groupID'";
        }

        $roleResults = mysql_query($sql, $groupDBCon);
        if (!$roleResults) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }

        if( mysql_num_rows($roleResults) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'None found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $roles = array();
        while($role = mysql_fetch_assoc($roleResults))
        {
            $ID = $role['GroupID'].$role['RoleID'];
            $roles[$ID] = $role;
        }
        
        return $roles;
    }
    
    function getGroupRoles($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
          return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $groupID = mysql_real_escape_string($params['GroupID']);
        
        $sql = " SELECT "
              ." osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers, count(osgrouprolemembership.AgentID) as Members"
              ." FROM osrole LEFT JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)"
              ." WHERE osrole.GroupID = '$groupID'"
              ." GROUP BY osrole.RoleID, osrole.Name, osrole.Title, osrole.Description, osrole.Powers";
              
        $roleResults = mysql_query($sql, $groupDBCon);
        if (!$roleResults) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_num_rows($roleResults) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'No roles found for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $roles = array();
        while($role = mysql_fetch_assoc($roleResults))
        {
            $RoleID = $role['RoleID'];
            $roles[$RoleID] = $role;
        }
        
        return $roles;
    }

    function getGroupRoleMembers($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID = $params['GroupID'];        
		
        $roleMembersVisibleBit = $groupPowers['RoleMembersVisible'];
        $canViewAllGroupRoleMembers = canAgentViewRoleMembers($requestingAgent, $groupID, '');
		
        $escapedGroupID = mysql_real_escape_string($groupID);

        $sql = " SELECT "
              ." osrole.RoleID, osgrouprolemembership.AgentID"
	      		  ." , (osrole.Powers & $roleMembersVisibleBit) as MemberVisible"
              ." FROM osrole JOIN osgrouprolemembership ON (osrole.GroupID = osgrouprolemembership.GroupID AND osrole.RoleID = osgrouprolemembership.RoleID)"
              ." WHERE osrole.GroupID = '$escapedGroupID'";
              
        $memberResults = mysql_query($sql, $groupDBCon);
        if (!$memberResults) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_num_rows($memberResults) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'No role memberships found for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }		

        $members = array();
        while($member = mysql_fetch_assoc($memberResults))
        {
            if( $canViewAllGroupRoleMembers || $member['MemberVisible'] || ($member['AgentID'] == $requestingAgent) )
            {
                $Key = $member['AgentID'] . $member['RoleID'];
                $members[$Key ] = $member;
            }
        }
		
        if( count($members) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'No role memberships visible for group', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        return $members;
    }
    
    function setAgentGroupInfo($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
		
        if (isset($params['AgentID'])) {
            $agentID = mysql_real_escape_string($params['AgentID']);
        } else {
            $agentID = "";
        }
        if (isset($params['GroupID'])) {
            $groupID = mysql_real_escape_string($params['GroupID']);
        } else {
            $groupID = "";
        }
        if (isset($params['SelectedRoleID'])) {
            $roleID  = mysql_real_escape_string($params['SelectedRoleID']);
        } else {
            $roleID = "";
        }
        if (isset($params['AcceptNotices'])) {
            $acceptNotices = mysql_real_escape_string($params['AcceptNotices']);
        } else {
            $acceptNotices = 1;
        }
        if (isset($params['ListInProfile'])) {
            $listInProfile  = mysql_real_escape_string($params['ListInProfile']);
        } else {
            $listInProfile = 0;
        }

        if( isset($requestingAgent) && ($requestingAgent != $uuidZero) && ($requestingAgent != $agentID) )
        {
            return array('error' => "Agent can only change their own group info", 'params' => var_export($params, TRUE));
        }
    
        $sql = " UPDATE "
              ."     osgroupmembership"
              ." SET "
              ."    AgentID = '$agentID'";

        if( isset($params['SelectedRoleID']) )
        {
            $sql .="    , SelectedRoleID = '$roleID'";
        }
        if( isset($params['AcceptNotices']) )
        {
            $sql .="    , AcceptNotices = $acceptNotices";
        }
        if( isset($params['ListInProfile']) )
        {
            $sql .="    , ListInProfile = $listInProfile";
        }
        
        $sql .=" WHERE osgroupmembership.GroupID = '$groupID' AND osgroupmembership.AgentID = '$agentID'";
              
        $memberResults = mysql_query($sql, $groupDBCon);
        if (!$memberResults) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array('success'=> 'true');
    }
    
    function getGroupNotices($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $groupID = mysql_real_escape_string($params['GroupID']);
        
        $sql = " SELECT "
              ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket"
              ." FROM osgroupnotice"
              ." WHERE osgroupnotice.GroupID = '$groupID'";
              
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_num_rows($results) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'No Notices', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        $notices = array();
        while($notice = mysql_fetch_assoc($results))
        {
            $NoticeID = $notice['NoticeID'];
            $notices[$NoticeID] = $notice;
        }
        
        return $notices;
    }

    function getGroupNotice($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $noticeID = mysql_real_escape_string($params['NoticeID']);
        
        $sql = " SELECT "
              ." GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket"
              ." FROM osgroupnotice"
              ." WHERE osgroupnotice.NoticeID = '$noticeID'";
              
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_num_rows($results) == 0 )
        {
            return array('succeed' => 'false', 'error' => 'Group Notice Not Found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
        
        return mysql_fetch_assoc($results);
    }
    
    function addGroupNotice($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
        $groupID        = mysql_real_escape_string($params['GroupID']);
        $noticeID       = mysql_real_escape_string($params['NoticeID']);
        $fromName       = mysql_real_escape_string($params['FromName']);
        $subject        = mysql_real_escape_string($params['Subject']);
        $binaryBucket   = mysql_real_escape_string($params['BinaryBucket']);
        $message        = mysql_real_escape_string($params['Message']);
        $timeStamp      = mysql_real_escape_string($params['TimeStamp']);

        if( is_array($error = checkGroupPermission($groupID, $groupPowers['SendNotices'])) )
        {
            return $error;
        }
        
        $sql = " INSERT INTO osgroupnotice"
              ." (GroupID, NoticeID, Timestamp, FromName, Subject, Message, BinaryBucket)"
              ." VALUES "
              ." ('$groupID', '$noticeID', $timeStamp, '$fromName', '$subject', '$message', '$binaryBucket')";
              
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array('success' => 'true');
    }
    
    function addAgentToGroupInvite($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
		
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;

        if( is_array($error = checkGroupPermission($params['GroupID'], $groupPowers['Invite'])) )
        {
            return $error;
        }

        $inviteID   = mysql_real_escape_string($params['InviteID']);
        $groupID    = mysql_real_escape_string($params['GroupID']);
        $roleID     = mysql_real_escape_string($params['RoleID']);
        $agentID    = mysql_real_escape_string($params['AgentID']);
		
        // Remove any existing invites for this agent to this group
        $sql = " DELETE FROM osgroupinvite"
              ." WHERE osgroupinvite.AgentID = '$agentID' AND osgroupinvite.GroupID = '$groupID'";
              
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        // Add new invite for this agent to this group for the specifide role
        $sql = " INSERT INTO osgroupinvite"
              ." (InviteID, GroupID, RoleID, AgentID) VALUES ('$inviteID', '$groupID', '$roleID', '$agentID')";
              
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array('success' => 'true');
    }

    function getAgentToGroupInvite($params)
    {
        if( is_array($error = secureRequest($params, FALSE)) )
        {
            return $error;
        }

        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $inviteID = mysql_real_escape_string($params['InviteID']);

        $sql = " SELECT GroupID, RoleID, AgentID FROM osgroupinvite"
              ." WHERE osgroupinvite.InviteID = '$inviteID'";
              
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        if( mysql_num_rows($results) == 1 )
        {
            $inviteInfo = mysql_fetch_assoc($results);
            $groupID  = $inviteInfo['GroupID'];
            $roleID   = $inviteInfo['RoleID'];
            $agentID  = $inviteInfo['AgentID'];
        
            return array('success' => 'true', 'GroupID'=>$groupID, 'RoleID'=>$roleID, 'AgentID'=>$agentID);
        } 
        else 
        {
            return array('succeed' => 'false', 'error' => 'Invitation not found', 'params' => var_export($params, TRUE), 'sql' => $sql);
        }
    }
    
    function removeAgentToGroupInvite($params)
    {
        if( is_array($error = secureRequest($params, TRUE)) )
        {
            return $error;
        }
	
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon;
        $inviteID = mysql_real_escape_string($params['InviteID']);
        
        $sql = " DELETE FROM osgroupinvite"
              ." WHERE osgroupinvite.InviteID = '$inviteID'";
              
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            return array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error(), 'params' => var_export($params, TRUE));
        }
        
        return array('success' => 'true');
    }
    
    function secureRequest($params, $write = FALSE)
    {
        global $groupWriteKey, $groupReadKey, $verifiedReadKey, $verifiedWriteKey, $groupRequireAgentAuthForWrite, $requestingAgent;
        global $overrideAgentUserService;

        // Cache this for access by other security functions
        $requestingAgent = $params['RequestingAgentID'];
        
        if( isset($groupReadKey) && ($groupReadKey != '') && (!isset($verifiedReadKey) || ($verifiedReadKey !== TRUE)) )
        {
            if( !isset($params['ReadKey']) || ($params['ReadKey'] != $groupReadKey ) )
            {
                return array('error' => "Invalid (or No) Read Key Specified", 'params' => var_export($params, TRUE));
            } 
            else 
            {
                $verifiedReadKey = TRUE;
            }
        }
        
        if( ($write == TRUE) && isset($groupWriteKey) && ($groupWriteKey != '') && (!isset($verifiedWriteKey) || ($verifiedWriteKey !== TRUE)) )
        {
            if( !isset($params['WriteKey']) || ($params['WriteKey'] != $groupWriteKey ) )
            {
                return array('error' => "Invalid (or No) Write Key Specified", 'params' => var_export($params, TRUE));
            } 
            else 
            {
                $verifiedWriteKey = TRUE;
            }
        }
        
        if( ($write == TRUE) && isset($groupRequireAgentAuthForWrite) && ($groupRequireAgentAuthForWrite == TRUE) )
        {
            // Note: my brain can't do boolean logic this morning, so just putting this here instead of integrating with line above.
            // If the write key has already been verified for this request, don't check it again.  This comes into play with methods that call other methods, such as CreateGroup() which calls Addrole()
            if( isset($verifiedWriteKey) && ($verifiedWriteKey !== TRUE))
            {
                return TRUE;
            }
          
            if( !isset($params['RequestingAgentID']) 
                || !isset($params['RequestingAgentUserService'])
                || !isset($params['RequestingSessionID']) )
            {
                return array('error' => "Requesting AgentID and SessionID must be specified", 'params' => var_export($params, TRUE));
            }
            
            // NOTE: an AgentID and SessionID of $uuidZero will likely be a region making a request, that is not tied to a specific agent making the request.
            
            $UserService = $params['RequestingAgentUserService'];
            if( isset($overrideAgentUserService) && ($overrideAgentUserService != "") )
            {
                $UserService = $overrideAgentUserService;
            }
            
            $client = new xmlrpc_client($UserService);
            $client->return_type = 'phpvals';
            
            $verifyParams = new xmlrpcval(array('avatar_uuid' => new xmlrpcval($params['RequestingAgentID'], 'string')
                           ,'session_id'  => new xmlrpcval($params['RequestingSessionID'], 'string'))
                           , 'struct');

            $message = new xmlrpcmsg("check_auth_session", array($verifyParams));
            $resp = $client->send($message, 5);
            if ($resp->faultCode()) 
            {
                return array('error' => "Error validating AgentID and SessionID"
                             , 'xmlrpcerror'=> $resp->faultString()
                             , 'params' => var_export($params, TRUE));
            } 
        
            $verifyReturn = $resp->value();
        
            if( !isset($verifyReturn['auth_session']) || ($verifyReturn['auth_session'] != 'TRUE') )
            {
                return array('error' => "UserService.check_auth_session() did not return TRUE"
                             , 'userservice' => var_export($verifyReturn, TRUE)
                             , 'params' => var_export($params, TRUE));
              
            }
        }
        
        return TRUE;
    }

    function checkGroupPermission($GroupID, $Permission)
    {
        global $groupEnforceGroupPerms, $requestingAgent, $uuidZero, $groupDBCon, $groupPowers;
		
        if( !isset($Permission) || ($Permission == 0) )
        {
            return array('error' => 'No Permission value specified for checkGroupPermission'
                       , 'Permission' => $Permission);
        }
		
        // If it isn't set to true, then always return true, otherwise verify they have perms
        if( !isset($groupEnforceGroupPerms) || ($groupEnforceGroupPerms != TRUE) )
        {
            return true;
        }
        
        if( !isset($requestingAgent) || ($requestingAgent == $uuidZero) )
        {
            return array('error' => 'Requesting agent was either not specified or not validated.'
                       , 'requestingAgent' => $requestingAgent);
        }
        
        $params = array('AgentID' => $requestingAgent, 'GroupID' => $GroupID);
        $reqAgentMembership = getAgentGroupMembership($params);

        if( isset($reqAgentMembership['error'] ) )
        {
            return array('error' => 'Could not get agent membership for group'
                       , 'params' => var_export($params, TRUE)
             , 'nestederror' => $reqAgentMembership['error']);
        }

        // Worlds ugliest bitwise operation, EVER
        $PermMask   = $reqAgentMembership['GroupPowers'];
        $PermValue  = $Permission;
        
        global $groupDBCon;
        $sql = " SELECT $PermMask & $PermValue AS Allowed";
        $results = mysql_query($sql, $groupDBCon);
        if (!$results) 
        {
            echo print_r( array('error' => "Could not successfully run query ($sql) from DB: " . mysql_error()));
        }
        $PermMasked = mysql_result($results, 0);
        
        if( $PermMasked != $Permission )
        {
            $permNames = array_flip($groupPowers);

            return array('error' => 'Agent does not have group power to ' . $Permission .'('.$permNames[$Permission].')'
             , 'PermMasked' => $PermMasked
                       , 'params' => var_export($params, TRUE)
             , 'permBitMaskSql' => $sql
             , 'Permission' => $Permission);
        }
        
        /*
        return array('error' => 'Reached end'
               , 'reqAgentMembership' => var_export($reqAgentMembership, TRUE)
               , 'GroupID' => $GroupID
               , 'Permission' => $Permission
               , 'PermMasked' => $PermMasked
               );
        */
        return TRUE;
    }
	
    
    $s = new xmlrpc_server(array(
                            "test"                               => array("function" => "test")
                          , "groups.createGroup"                => array("function" => "createGroup", "signature" => $common_sig)
                          , "groups.updateGroup"                => array("function" => "updateGroup", "signature" => $common_sig)
                          , "groups.getGroup"                   => array("function" => "getGroup", "signature" => $common_sig)
                          , "groups.findGroups"                    => array("function" => "findGroups", "signature" => $common_sig)

                          , "groups.getGroupRoles"                => array("function" => "getGroupRoles", "signature" => $common_sig)
                          , "groups.addRoleToGroup"                => array("function" => "addRoleToGroup", "signature" => $common_sig)
                          , "groups.removeRoleFromGroup"        => array("function" => "removeRoleFromGroup", "signature" => $common_sig)
                          , "groups.updateGroupRole"            => array("function" => "updateGroupRole", "signature" => $common_sig)
                          , "groups.getGroupRoleMembers"        => array("function" => "getGroupRoleMembers", "signature" => $common_sig)
                          
                          , "groups.setAgentGroupSelectedRole"    => array("function" => "setAgentGroupSelectedRole", "signature" => $common_sig)
                          , "groups.addAgentToGroupRole"        => array("function" => "addAgentToGroupRole", "signature" => $common_sig)
                          , "groups.removeAgentFromGroupRole"   => array("function" => "removeAgentFromGroupRole", "signature" => $common_sig)
                          
                          , "groups.getGroupMembers"            => array("function" => "getGroupMembers", "signature" => $common_sig)
                          , "groups.addAgentToGroup"            => array("function" => "addAgentToGroup", "signature" => $common_sig)
                          , "groups.removeAgentFromGroup"        => array("function" => "removeAgentFromGroup", "signature" => $common_sig)
                          , "groups.setAgentGroupInfo"            => array("function" => "setAgentGroupInfo", "signature" => $common_sig)

                          , "groups.addAgentToGroupInvite"        => array("function" => "addAgentToGroupInvite", "signature" => $common_sig)
                          , "groups.getAgentToGroupInvite"        => array("function" => "getAgentToGroupInvite", "signature" => $common_sig)
                          , "groups.removeAgentToGroupInvite"    => array("function" => "removeAgentToGroupInvite", "signature" => $common_sig)
                          
                          , "groups.setAgentActiveGroup"        => array("function" => "setAgentActiveGroup", "signature" => $common_sig)
                          , "groups.getAgentGroupMembership"    => array("function" => "getAgentGroupMembership", "signature" => $common_sig)
                          , "groups.getAgentGroupMemberships"    => array("function" => "getAgentGroupMemberships", "signature" => $common_sig)
                          , "groups.getAgentActiveMembership"    => array("function" => "getAgentActiveMembership", "signature" => $common_sig)
                          , "groups.getAgentRoles"                => array("function" => "getAgentRoles", "signature" => $common_sig)
                          
                          , "groups.getGroupNotices"            => array("function" => "getGroupNotices", "signature" => $common_sig)
                          , "groups.getGroupNotice"                => array("function" => "getGroupNotice", "signature" => $common_sig)
                          , "groups.addGroupNotice"                => array("function" => "addGroupNotice", "signature" => $common_sig)
                          
                          
                          
                          
                            ), false);

    $s->functions_parameters_type = 'phpvals';
    if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "") 
	  {
		    $s->setDebug($debugXMLRPC);
    }
    $s->service();

    if (isset($debugXMLRPC) && $debugXMLRPC > 0 && isset($debugXMLRPCFile) && $debugXMLRPCFile != "") 
	  {
        $f = fopen($debugXMLRPCFile,"a");
        fwrite($f,"\n----- " . date("Y-m-d H:i:s") . " -----\n");
        $debugInfo = $s->serializeDebug();
        $debugInfo = split("\n",$debugInfo);
        unset($debugInfo[0]);
        unset($debugInfo[count($debugInfo) -1]);
        $debugInfo = join("\n",$debugInfo);	
        fwrite($f,base64_decode($debugInfo));
        fclose($f);
    }
    
    mysql_close($groupDBCon);
?>