minor fixes, log annotations, protect core with empty index.html

3eb6d544 · Hakkel Tamas · cb0fee1b · 3eb6d544 · 3eb6d544 · 3eb6d544
Commit 3eb6d544 authored 6 years ago by Hakkel Tamas
--- a/admin/index.php
+++ b/admin/index.php
@@ -25,6 +25,9 @@ function site_content() {
    ORDER BY name ASC');
  $result->execute();
  $result = $result->fetchAll(PDO::FETCH_ASSOC); ?>
+    <div class="text-center mb-3">
+        <a class="btn btn-primary" href="{BASE_URL}db">{Go to database...|Adatbázis megnyitása...}</a>
+    </div>
    <div class="row">
        <div class="col-sm-10 offset-sm-1 col-lg-8 offset-lg-2">
            <table class="table table-striped table-hover">
@@ -46,7 +49,7 @@ function site_content() {
                        <a href="{BASE_URL}profile/?<?=$row['shibboleth']?>">
                        <?=$row['name']?></td>
                        </a>
-                    <td><?=$row['verified'] ?? 0 + $row['unverified'] ?? 0?></td>
+                    <td><?=($row['verified'] ?? 0) + ($row['unverified'] ?? 0)?></td>
                    <td>
                        <a href="{BASE_URL}verified/?<?=$row['shibboleth']?>">
                        <?=$row['verified'] ?? 0?>

--- a/auth/messages.json
+++ b/auth/messages.json
@@ -12,8 +12,8 @@
        "hu": "<div class='text-center'>Olvasd le a kártyádat 3x a következő <span class='time'></span> másodpercen belül.</div>"
    },
    "success": {
-        "en": "You have successfully [registered and|] authenticated your card. From now, every time, you check in with that card, we will record your face and use these images to train the face recognition system.",
-        "hu": "A [regisztráció és|] kártya-hitelesítés sikeres volt. Mostantól minden egyes alkalommal, amikor ezzel a kártyával lépsz be az épületbe, rögzíteni fogjuk az arcodat, és az így készített képeket az arcfelismerő rendszer tanításához fel fogjuk használni."
+        "en": "You have successfully [registered and|] authenticated your card. From now, every time, you check in with that card, we will record your face and use these images to train the face recognition system.<div class='text-center'><a class='btn btn-primary m-2' href='{BASE_URL}profile'>Profile</a><a class='btn btn-primary m-2' href='{BASE_URL}verified'>Verified photos</a><a class='btn btn-primary m-2' href='{BASE_URL}unverified'>Unverified Photos</a></div>",
+        "hu": "A [regisztráció és|] kártya-hitelesítés sikeres volt. Mostantól minden egyes alkalommal, amikor ezzel a kártyával lépsz be az épületbe, rögzíteni fogjuk az arcodat, és az így készített képeket az arcfelismerő rendszer tanításához fel fogjuk használni.<div class='text-center'><a class='btn btn-primary m-2' href='{BASE_URL}profile'>Profil</a><a class='btn btn-primary m-2' href='{BASE_URL}verified'>Hitelesített képeks</a><a class='btn btn-primary m-2' href='{BASE_URL}unverified'>Nem hitelesített képek</a></div>"
    },
    "timeout": {
        "en": "<div class='text-center'>The authentication session has been timed out.<br><button onclick='start()' class='mt-3 btn btn-primary'>Start again</button></div>",

--- a/core/functions.js
+++ b/core/functions.js
@@ -71,9 +71,10 @@ function navbarAdjustments(isAdmin, isRegistered) {
    if (! isAdmin)
        $("#admin").hide();
    if (isRegistered) {
+        $("#auth").attr("id","auth-2");
+        $("#auth-2").hide();
        $("#auth-1 a").attr("href", "{BASE_URL}auth");
        $("#auth-1").attr("id","auth");
-        $("#auth-2").hide();
        $("#profile, #verified, #unverified, #auth-1").show();
    } else {
        $("#auth").attr("id","auth-1");

--- a/core/index.html
+++ b/core/index.html
--- a/photos/backend.php
+++ b/photos/backend.php
 <?php
+if (!isset($_POST['page']) OR
+    ($_POST['page'] !== 'verified' AND $_POST['page'] !== 'unverified'))
+    die('Missing or wrong page information');
+
 require_once('../core/functions.php'); // isAdmin, isRegistered, shibboleth, db

 // Once the page is loaded, we do not want to send already loaded images
@@ -126,7 +130,8 @@ function updateAcceptedPhotos($card_ID, $accepted) {
    $statement = $db->prepare("
        UPDATE photo SET is_it_sure = TRUE
        WHERE photo_ID IN ($accepted) AND card_ID = :card_ID");
-    return $statement->execute([ 'card_ID' => $card_ID ]);
+    return $statement->execute([ 'card_ID' => $card_ID ]) AND
+        saveAnnotation($card_ID, $accepted, 'accepted');
 }

 function deleteRejectedPhotos($card_ID, $rejected) {
@@ -137,7 +142,23 @@ function deleteRejectedPhotos($card_ID, $rejected) {
    $statement = $db->prepare("
        DELETE FROM photo
        WHERE photo_ID IN ($rejected) AND card_ID = :card_ID");
-    return $statement->execute([ 'card_ID' => $card_ID ]);
+    return saveAnnotation($card_ID, $rejected, 'rejected') AND
+        $statement->execute([ 'card_ID' => $card_ID ]);
+}
+
+function saveAnnotation($card_ID, $IDs, $decision) {
+    global $db;
+    $statement = $db->prepare("
+    INSERT INTO annotation (user_ID, photo_timestamp, annotation_timestamp, source, annotation)
+    SELECT user_ID, timestamp, :now, :source, :annotation
+        FROM photo JOIN user USING(card_ID)
+        WHERE photo_ID IN ($IDs) AND card_ID = :card_ID");
+    return $statement->execute([
+        'now' => microtime(true)*1000,
+        'source' => $_POST['page'],
+        'annotation' => $decision,
+        'card_ID' => $card_ID
+    ]);
 }

 function getPhotos($limit, $last_timestamp) {