From 1cf9365a77d7ac3379d3da85ba6e8f79a54e0c9f Mon Sep 17 00:00:00 2001
From: marko <marko@cana>
Date: Sat, 25 Jun 2022 19:12:10 +0200
Subject: [PATCH] - restructure includes - new participo functions: isAdmin,
 hasUserAttribute

---
 homepage/participo/config/participo.php       |  4 ++
 homepage/participo/index.php                  | 24 +++-----
 homepage/participo/infoZettel.php             |  6 +-
 homepage/participo/kyu.php                    |  5 +-
 .../participo/lib/participoLib/participo.php  | 57 +++++++++++++++++--
 homepage/participo/login.php                  |  4 +-
 homepage/participo/sidenav/kyu.php            |  3 +
 7 files changed, 72 insertions(+), 31 deletions(-)

diff --git a/homepage/participo/config/participo.php b/homepage/participo/config/participo.php
index d3b7012..33887f9 100644
--- a/homepage/participo/config/participo.php
+++ b/homepage/participo/config/participo.php
@@ -5,4 +5,8 @@ $config['basePath'] = "/users/cwsvjudo/www";
 $config['baseUrl'] = "http://cwsvjudo.bplaced.net";
 $config['ressourceUrl'] = "http://cwsvjudo.bplaced.net/ressourcen";
 
+setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
+set_include_path(get_include_path() . PATH_SEPARATOR . "./lib/");
+set_include_path(get_include_path() . PATH_SEPARATOR . $config['basePath']."/ressourcen/");
+
 ?>
diff --git a/homepage/participo/index.php b/homepage/participo/index.php
index 27490eb..2b22f0a 100644
--- a/homepage/participo/index.php
+++ b/homepage/participo/index.php
@@ -1,19 +1,13 @@
 <?php
-setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
-	require_once("config/participo.php");
+require_once("config/participo.php");
 
-	require_once("./local/dbConf.php");
 	require_once("./local/cwsvJudo.php");
 
-	require_once("./lib/db.php");
-	require_once("./lib/api.php");
-	require_once("./lib/participoLib/participo.php");
-	require_once("./lib/participoLib/planer.php");
+	require_once("./lib/db.php");// should be replaced
+	require_once("./lib/api.php");// should be replaced
+	require_once("participoLib/participo.php");
+	require_once("participoLib/planer.php");
 
-	require_once("./auth.php");
-
-	require_once($config['basePath']."/config/cwsvJudo.config.php");
-	require_once($config['basePath']."/config/phpcount.config.php");
 
 	dbConnector::connect(
 		$cwsvJudoConfig["db"]["host"], 
@@ -21,9 +15,9 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
 		$cwsvJudoConfig["db"]["user"],
 		$cwsvJudoConfig["db"]["password"]
 	);
-
-	$userData = getUserData(dbConnector::getDbConnection(), $_SESSION['user']['userId']);
 	eventPlaner::setDbConnection( dbConnector::getDbConnection() );
+	participo::authentificate();
+	$userData = getUserData(dbConnector::getDbConnection(), $_SESSION['user']['userId']);
 
 ?>
 <!DOCTYPE html>
@@ -80,7 +74,7 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
 				<li class="bold">
 					<a class="waves-effect waves-teal right-align" href="#configApps">Einstellen<i class="material-icons">settings</i></a>
 				</li>
-<?php if( isUserAdmin(dbConnector::getDbConnection(), $userData['id']) ){?>
+<?php if( participo::isUserAdmin( $userData['id']) ){?>
 				<li class="bold">
 					<a class="waves-effect waves-teal right-align" href="#admiStuff">adminStuff</a>
 				</li>
@@ -192,7 +186,7 @@ echo(
 			</div> <!-- configApps -->
 <?php
 // AdminStuff, thats only visible for Admins
-if( isUserAdmin(dbConnector::getDbConnection(), $userData['id']) ){
+if( participo::isUserAdmin( $userData['id'] ) ){
 	echo(
 		"<h2>AdminStuff</h2>".
 		"<div id=\"admiStuff\" class=\"row\">".
diff --git a/homepage/participo/infoZettel.php b/homepage/participo/infoZettel.php
index b4e9bae..2032553 100644
--- a/homepage/participo/infoZettel.php
+++ b/homepage/participo/infoZettel.php
@@ -1,9 +1,7 @@
 <?php
-setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
-set_include_path(get_include_path() . PATH_SEPARATOR . "./lib/");
-	require_once("participoLib/participo.php");
-
 	require_once("config/participo.php");
+
+	require_once("participoLib/participo.php");
 	
 	require_once("./local/dbConf.php");
 	require_once("./local/cwsvJudo.php");
diff --git a/homepage/participo/kyu.php b/homepage/participo/kyu.php
index 260e423..cdc7cae 100644
--- a/homepage/participo/kyu.php
+++ b/homepage/participo/kyu.php
@@ -1,9 +1,8 @@
 <?php
 require_once("./config/participo.php");
-//require_once("./auth.php");
 
-require($config['basePath']."/ressourcen/parsedown/Parsedown.php");
-require($config['basePath']."/ressourcen/spyc/Spyc.php");
+require_once($config['basePath'] . "/ressourcen/parsedown/Parsedown.php");
+require_once($config['basePath'] . "/ressourcen/spyc/Spyc.php");
 
 $mdRoot = "markdown/".(array_key_exists('kyu', $_GET)?$_GET['kyu']:"8")."terKyu";
 
diff --git a/homepage/participo/lib/participoLib/participo.php b/homepage/participo/lib/participoLib/participo.php
index b35bade..4ea60e3 100644
--- a/homepage/participo/lib/participoLib/participo.php
+++ b/homepage/participo/lib/participoLib/participo.php
@@ -1,4 +1,5 @@
 <?php
+// require_once("spyc/Spyc.php");
 
 class participo{
 	private static $db = null;
@@ -62,14 +63,17 @@ class participo{
 			return false;
 		}
 
-		// query all users with the entered name
+		// query *all* users with the entered name
+		// @todo check for e.g., len(user)=1
+		// @todo getUser?
 		$user = dbConnector::query(
 			"SELECT `id`, `loginName`, `pwHash`, `config` FROM `wkParticipo_Users` WHERE `loginName` = :loginName",
 			['loginName' => ['value'=>$loginName, 'data_type'=>PDO::PARAM_STR]]
 		);
+		$user = $user[0];
 
 		// If there is no such user OR the password isn't valid the login fails
-		if( empty($user || !password_verify( $password, $user['pwHash']) )){
+		if( empty($user) || !password_verify( $password, $user['pwHash'])){
 			sleep(5); // discourage brute force attacks
 			self::addMessage('error', "<div>Falsches Passwort oder LoginName</div>");
 			return false;
@@ -80,9 +84,9 @@ class participo{
 		$_SESSION = array(
 			'login' => true,
 			'user'  => array(
-				'username'  => $row['loginName'],
-				'userId' => $row['id'],
-				'userConfig' => json_decode($row['config'], true)
+				'username'  => $user['loginName'],
+				'userId' => $user['id'],
+				'userConfig' => json_decode($user['config'], true)
 			)
 		);
 
@@ -92,6 +96,44 @@ class participo{
 		self::addMessage('success', "<div>Anmeldung erfolgreich</div>");
 		return true;
 	}
+
+	/**
+	 * Checks, if a user is an admin
+	 *
+	 * @param [type] $userId id of the user to check
+	 * @retval true user with id $userId has attribute "isAdmin"
+	 * @retval false otherwise
+	 */
+	static function isUserAdmin($userId){
+		return self::hasUserAttribute( $userId, "isAdmin");
+	}
+	
+	/**
+	 * Checks, if a user as a certain attribute
+	 *
+	 * @param [type] $userId id of the user to check
+	 * @param [type] $attributeName string name of the attribute to check
+	 * @return boolean
+	 */
+	static public function hasUserAttribute($userId, $attributeName){
+		// sqlQuery: Select the user if it has the given attribute
+		$query = <<<SQL
+SELECT `wkParticipo_user<=>userAttributes`.userId, `wkParticipo_userAttributes`.name 
+FROM `wkParticipo_user<=>userAttributes` LEFT JOIN `wkParticipo_userAttributes` 
+ON `wkParticipo_user<=>userAttributes`.`attributeId` = `wkParticipo_userAttributes`.`id` 
+WHERE `wkParticipo_userAttributes`.name = :attributeName AND userId=:userId;
+SQL;
+		$params = array(
+			':userId'        => array('value'=>$userId,        'data_type'=>PDO::PARAM_INT), 
+			':attributeName' => array('value'=>$attributeName, 'data_type'=>PDO::PARAM_STR) 
+		);
+		$attributedUsers = dbConnector::query($query, $params);
+		// Since the id should be unique, there should only be one result this is just for dealing with empty arrays
+		foreach($attributedUsers as $u)
+			if($u['userId']==$userId)
+				return true;
+	return false;
+	}
 }
 
 /**
@@ -310,6 +352,9 @@ function loadMarkdownFile($fileName){
 function logLoginsToJsonFile($userName, $fileName="lastLogins.json"){
 	try{
 		$lastLogins = json_decode(file_get_contents($fileName), true);
+		if ($lastLogins == NULL){
+			return;
+		}
 		if(!array_key_exists($userName, $lastLogins))
 			$lastLogins[$userName] = [];
 		if(!array_key_exists('lastLogins', $lastLogins[$userName]))
@@ -340,7 +385,7 @@ class dbConnector{
 	///  ':userId'     => array('value'=>$anUserId,      'data_type'=>PDO::PARAM_INT), 
 	///  ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) )
 	/// @param $someOption
-	function query($aQueryString, $aBindArray = array(), $someOptions = array()){
+	public static function query($aQueryString, $aBindArray = array(), $someOptions = array()){
 		// Standardbelegungen
 		if( empty($someOptions['dbCharset' ]) ) $someOptions['dbCharset' ] = "ISO-8859-1";
 		if( empty($someOptions['outCharset']) ) $someOptions['outCharset'] = "UTF-8";
diff --git a/homepage/participo/login.php b/homepage/participo/login.php
index 9d12351..c3bf93a 100644
--- a/homepage/participo/login.php
+++ b/homepage/participo/login.php
@@ -1,9 +1,7 @@
 <?php
-setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
-set_include_path(get_include_path() . PATH_SEPARATOR . "./lib/");
+require_once("config/participo.php");
 
 	require_once("participoLib/participo.php");
-	require_once("config/participo.php");
 	
 	require_once("./local/dbConf.php");
 
diff --git a/homepage/participo/sidenav/kyu.php b/homepage/participo/sidenav/kyu.php
index eb92103..904178f 100644
--- a/homepage/participo/sidenav/kyu.php
+++ b/homepage/participo/sidenav/kyu.php
@@ -13,3 +13,6 @@
 <li>
     <a href="kyu.php?kyu=4">4. Kyu - orange-grün</a>
 </li>
+<li>
+    <a href="kyu.php?kyu=A">Nage-no-kata</a>
+</li>