| 12345678910111213141516171819202122232425262728293031323334353637383940 |
- <?php
- class EditDataAction implements IAction {
- public function execute() {
- if(!Authorize::isLoggedIn() || !Authorize::hasPermission()) {
- return array("error" => "Access not authorized");
- }
- $projectId = $_POST['project_id'] ?? $_GET['project_id'] ?? "";
- $bucket = $_POST['bucket'] ?? $_GET['bucket'] ?? "";
- $folder = $_POST['folder'] ?? $_GET['folder'] ?? "";
- $displayName = $_POST['display_name'] ?? $_GET['display_name'] ?? "";
-
-
- //TODO: scrub inputs
- if(empty($projectId) || empty($bucket) || empty($folder) || empty($displayName)) {
- return array("error" => "One or more required fields missing: project_id, bucket, folder, display_name");
- }
-
- $db = SqliteDatabase::getSingleton();
- $sql = "UPDATE projects SET bucket = :bucket, folder = :folder, display_name = :display_name WHERE rowid = :project_id";
- $preparedQuery = $db->prepare($sql);
- $preparedQuery->bindValue(':bucket', $bucket);
- $preparedQuery->bindValue(':folder', $folder);
- $preparedQuery->bindValue(':display_name', $displayName);
- $preparedQuery->bindValue(':project_id', $projectId);
- try {
- $result = $preparedQuery->execute();
- $loggerData = array();
- $loggerData['display_name'] = $_SESSION['display_name'];
- $loggerData['user_id'] = $_SESSION['user_id'];
- $loggerData['project_id'] = $projectId;
- $loggerData['project_display_name'] = $displayName;
- SecurityLogger::action("edit-project", $loggerData, time());
- return array("status" => "success", "message" => "Updated project '" . $displayName . "' (".$projectId.").");
- }
- catch(Exception $e) {
- return array("error" => "Error when updating project '" . $displayName. "' (".$projectId."): invalid fields?" , "exception" => $e->getMessage());
- }
- }
- }
|
