sixfold/app.sixfold.org
1
0
Fork 0
Code Activity

Improve error handling when viewing submissions

Browse source
This commit is contained in:
Ainsley Ellis 2024-12-05 10:57:22 +00:00
parent 1167368f3a
commit 8c0948c703
3 changed files with 137 additions and 69 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
config/apache/app.sixfold.org.conf
View file

@ -93,8 +93,9 @@
RewriteRule ^/games/([0-9]+)/submit$ /games/submit.php?game=$1 RewriteRule ^/games/([0-9]+)/submit$ /games/submit.php?game=$1
RewriteRule ^/games/([0-9]+)/update$ /games/update.php?game=$1 RewriteRule ^/games/([0-9]+)/update$ /games/update.php?game=$1
RewriteRule ^/doc/([a-z0-9]+)$ /docs/$1 [L,R=301] RewriteRule ^/doc/([a-z0-9]+)$ /docs/$1 [L,R=301] # Old site URL
RewriteRule ^/docs/([a-z0-9]+)$ /docs/index.php?hash=$1 [L,QSA] RewriteRule ^/docs/([a-z0-9]+)$ /docs/submission.php?hash=$1 [L,QSA]
RewriteRule ^/members/([^\.]+?)$ /members/member.php?handle=$1 [L] RewriteRule ^/members/([^\.]+?)$ /members/member.php?handle=$1 [L]
# PayPal order processing rewrites # PayPal order processing rewrites

62
www/docs/index.php
View file

@ -1,69 +1,13 @@
<?php <?php
$title = "Documents"; $title = "Documents";
$description = "Read a document."; ?>
<?php include "partials/head.php"; ?>
if (isset($_GET["hash"])):
$sql = "SELECT
id,
member_id AS owner,
game_id,
basename,
title,
doc_is_public AS is_public
FROM submissions
WHERE hash = :hash
";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"hash" => $_GET["hash"],
]);
$doc = $stmt->fetch(PDO::FETCH_OBJ);
$sql = "SELECT
member_id
FROM assignments
WHERE submission_id = :submission_id
";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"submission_id" => $doc->id,
]);
$doc->readers = $stmt->fetchAll(PDO::FETCH_COLUMN);
$IS_OWNER = LOGGED_IN ? $_SESSION["account"]->id === $doc->owner : false;
$IS_READER = LOGGED_IN ? in_array($_SESSION["account"]->id, $doc->readers, true) : false;
if ($IS_OWNER || $IS_READER || IS_ADMIN || $doc->is_public) :
header('Content-Type: application/pdf');
header('Content-Disposition: inline; filename="' . slugify($doc->title) . '.pdf"');
echo file_get_contents(sprintf('%s/assets/docs/%s/%s', ABS_PATH, $doc->game_id, $doc->basename));
die;
endif;
else:
include "partials/head.php"; ?>
<body> <body>
<?php include "partials/header.php"; ?> <?php include "partials/header.php"; ?>
<main id="main" class="flow"> <main id="main" class="flow">
<header> <header>
<h1><?= $title ?></h1> <h1><?= $title ?></h1>
</header> </header>
<?php if (!LOGGED_IN && isset($_GET['hash']) && !$doc->is_public): ?>
<p>You must log in to access this page.</p>
<?php
http_response_code(401);
include "partials/login-form.php";
?>
<?php elseif (!isset($_GET["hash"])): ?>
<p><a href='/docs/random' class='call-to-action'>Read a random document</a></p> <p><a href='/docs/random' class='call-to-action'>Read a random document</a></p>
<?php endif; ?>
</main> </main>
<?php include "partials/footer.php"; ?> <?php include "partials/footer.php";
<?php
endif; ?>

123
www/docs/submission.php Normal file
View file

@ -0,0 +1,123 @@
<?php
$sql = "SELECT
id,
member_id AS owner,
game_id,
basename,
title,
doc_is_public AS is_public
FROM submissions
WHERE hash = :hash
";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"hash" => $_GET["hash"],
]);
$submission = $stmt->fetch(PDO::FETCH_OBJ);
if (!$submission):
$title = "Submission Not Found";
$description =
"We couldn't find a submission with that hash.";
http_response_code(404);
include "partials/head.php";
?>
<body>
<?php include "partials/header.php"; ?>
<main id="main" class="flow">
<header>
<h1><?= $title ?></h1>
</header>
<p>We couldn't find a submission with that hash.</p>
</main>
<?php include "partials/footer.php"; ?>
</body>
</html>
<?php die();
endif;
$sql = "SELECT
member_id
FROM assignments
WHERE submission_id = :submission_id
";
$stmt = $db["data"]->prepare($sql);
$stmt->execute([
"submission_id" => $submission->id,
]);
$submission->readers = $stmt->fetchAll(PDO::FETCH_COLUMN);
$IS_OWNER = LOGGED_IN ? $_SESSION["account"]->id === $submission->owner : false;
$IS_READER = LOGGED_IN
? in_array($_SESSION["account"]->id, $submission->readers, true)
: false;
if ($IS_OWNER || $IS_READER || IS_ADMIN || $submission->is_public):
$file = file_get_contents(
sprintf(
"%s/assets/docs/%s/%s",
ABS_PATH,
$submission->game_id,
$submission->basename
)
);
if ($file) {
header("Content-Type: application/pdf");
header(
'Content-Disposition: inline; filename="' .
slugify($submission->title) .
'.pdf"'
);
echo $file;
} else {
$title = "Internal Server Error";
$description =
"The server encountered an error when attempting to open the requested file.";
http_response_code(500);
include "partials/head.php";
?>
<body>
<?php include "partials/header.php"; ?>
<main id="main" class="flow">
<header>
<h1><?= $title ?></h1>
</header>
<p>The server encountered an error when attempting to open the requested file. Please try again later.</p>
</main>
<?php include "partials/footer.php"; ?>
</body>
</html>
<?php
die();
echo "error";
}
die();
elseif (!LOGGED_IN):
http_response_code(401);
$title = "Log In";
$description = "Log in to read this submission.";
include "partials/head.php";
?>
<body>
<?php include "partials/header.php"; ?>
<main id="main" class="flow">
<header>
<h1><?= $title ?></h1>
</header>
<p>You must log in to view this submission.</p>
<?php include "partials/login-form.php"; ?>
</main>
<?php include "partials/footer.php"; ?>
</body>
</html>
<?php die();
endif;