From 706b722b12171f05540fc782ba6ff3a13f46982a Mon Sep 17 00:00:00 2001 From: marko Date: Thu, 26 May 2022 07:37:26 +0200 Subject: [PATCH 1/3] eventsection with at least a list of events --- homepage/participo/css/participo.css | 41 +++++- homepage/participo/events.inc.php | 25 ++++ homepage/participo/events.php | 49 +++++++ homepage/participo/lib/planerLib/planer.php | 135 ++++++++++++++++---- homepage/participo/shared/sidenav.inc.php | 39 ++++++ 5 files changed, 260 insertions(+), 29 deletions(-) create mode 100644 homepage/participo/events.inc.php create mode 100644 homepage/participo/events.php create mode 100644 homepage/participo/shared/sidenav.inc.php diff --git a/homepage/participo/css/participo.css b/homepage/participo/css/participo.css index af93700..3b81feb 100644 --- a/homepage/participo/css/participo.css +++ b/homepage/participo/css/participo.css @@ -1,16 +1,49 @@ /* on large screens add a padding on the left for the fixed sidnav */ -header, main, footer { +header, +main, +footer { padding-left: 300px; - } +} + @media only screen and (max-width : 992px) { - header, main, footer { + + header, + main, + footer { padding-left: 0; } } -.card video{ +.card video { width: 100%; max-width: 100%; } + +/* +overrides for the header font sizes +*/ +h1 { + font-size: 2.00rem; +} + +h2 { + font-size: 1.50rem; +} + +h3 { + font-size: 1.25rem; +} + +h3 { + font-size: 1.20rem; +} + +h3 { + font-size: 1.15rem; +} + +h6 { + font-size: 1.10rem; +} diff --git a/homepage/participo/events.inc.php b/homepage/participo/events.inc.php new file mode 100644 index 0000000..c4c1378 --- /dev/null +++ b/homepage/participo/events.inc.php @@ -0,0 +1,25 @@ + \ No newline at end of file diff --git a/homepage/participo/events.php b/homepage/participo/events.php new file mode 100644 index 0000000..2978706 --- /dev/null +++ b/homepage/participo/events.php @@ -0,0 +1,49 @@ + "Event Planer", + 'description' => "Planung von (Nich-)Teilnahmen an Wettkämpfen und anderen Veranstaltungen" +); + +include_once("events.inc.php"); + +?> + + + + + + + + + + + + + + <?php echo($meta['title']);?> + ])> + + + + + + + +
+ +
+ + +
+ +
+ + + diff --git a/homepage/participo/lib/planerLib/planer.php b/homepage/participo/lib/planerLib/planer.php index 2e5422f..7b6c91b 100644 --- a/homepage/participo/lib/planerLib/planer.php +++ b/homepage/participo/lib/planerLib/planer.php @@ -1,11 +1,5 @@ $db = $db; - } -} class shiai{ private $id = null; //< unique id @@ -20,9 +14,9 @@ class shiai{ function __construct($id, $date, $name, $ageclasses, $place, $announcementUrl, $routeUrl, $galleryUrl, $promoImgUrl){ //! @todo input validation and sanitation - $this->$id = (int) $id; - $this->$date = DateTime::createFromFormat("Y-m-d", $date); - $this->$name = $name; + $this->id = (int) $id; + $this->date = DateTime::createFromFormat("Y-m-d", $date); + $this->name = $name; $this->ageclasses = $ageclasses; $this->place = $place; $this->announcementUrl = $announcementUrl; @@ -30,18 +24,29 @@ class shiai{ $this->galleryUrl = $galleryUrl; $this->promoImgUrl = $promoImgUrl; } - static public function fromArray($member){ - $id = $member['lfdeNr'] ?? null; - $date = $member['Datum'] ?? null; - $name = $member['Veranstaltung'] ?? ""; - $ageclasses = $member['Altersklassen'] ?? null; - $place = $member['Ort'] ?? ""; - $announcementUrl = $member['Ausschreibung'] ?? null; - $routeUrl = $member['Routenplaner'] ?? null; - $galleryUrl = $member['galleryLink'] ?? null; - $promoImgUrl = $member['promoPic'] ?? null; + + public function getName(){ + return $this->name; } -} + public function getId(){ + return $this->id; + } + + static public function fromArray($member){ + return new shiai( + $member['lfdeNr'] ?? null, + $member['Datum'] ?? null, + $member['Veranstaltung'] ?? "", + $member['Altersklassen'] ?? null, + $member['Ort'] ?? "", + $member['Ausschreibung'] ?? null, + $member['Routenplaner'] ?? null, + $member['galleryLink'] ?? null, + $member['promoPic'] ?? null + ); + } +} // end class shiai + class event{ private $id = null; //< unique id of the event in the db private $date = null; //< date for the event (@todo ranges?) @@ -51,14 +56,94 @@ class event{ private $shiai = null; - function __construct($id, $date, $shiaiId, $deadline, $remarks){ + function __construct($id, $date, $shiaiId, $deadline, $remarks, $shiai){ //! @todo InputValidation - $this->$id = (int) $id; - $this->$date = DateTime::createFromFormat("Y-m-d", $date); + $this->id = (int) $id; + $this->date = DateTime::createFromFormat("Y-m-d", $date); $this->shiaiId = (($shiaiId!=null)?((int)$shiaiId):(null)); - $this->deadline = DateTime::createFromFormat("Y-m-d"); + $this->deadline = DateTime::createFromFormat("Y-m-d", $deadline); $this->remarks = $remarks; + + $this->shiai = $shiai; + } + + public function htmlTableRow(){ + return + "". + "".$this->date->format("Y-m-d")."". + "id."\" >".$this->shiai->getName()."". + ""; + } + + static public function fromArray($member){ + $shiai = json_decode($member['bemerkungen'], true); + + return new event( + $member['id'] ?? null, + $member['date'] ?? null, + $member['wkId'] ?? null, + $member['meldefrist'] ?? null, + $member['bemerkungen'] ?? null, + shiai::fromArray( ($shiai != null) ? $shiai : $member ) + ); + } +} // end class event + +class eventPlaner{ + static private $db = null; + // set the dbConnection (just setting, no establishing) + public static function setDbConnection($dbConnection){ + if($dbConnection instanceof PDO) + self::$db = $dbConnection; + else + self::$db = null; + return; + } + + static public function getCommingWkEvents($someOptions=array() ){ + // wir befinden uns in der Übergangsphase: + // - als Standard wird das derzeitige Verhalten definiert (ISO-8859-1 + // und die Konvertierung erfolgt ausserhalb) + // - wenn einmal alle mbConvertEncoding weg sind, kann der Standard auf + // das gewünschte Verhalten umgestellt werden + $dbCharset = $someOptions['dbCharset'] ?? "ISO-8859-1"; + // dbCharset = $someOptions['outCharset'] ?? "UTF-8";// das spätere, gewünschte Verhalten + $outCharset = $someOptions['outCharset'] ?? "ISO-8859-1"; + + $query = + "SELECT ". + "wkParticipo_Events.id, ". + "wkParticipo_Events.date, ". + "wkParticipo_Events.wkId, ". + "wkParticipo_Events.meldefrist, ". + "wkParticipo_Events.bemerkungen, ". + "wkParticipo_Events.kvOptions, ". + "wettkampfkalender.Datum, ". + "wettkampfkalender.Veranstaltung, ". + "wettkampfkalender.Altersklassen, ". + "wettkampfkalender.Ort, ". + "wettkampfkalender.Ausschreibung, ". + "wettkampfkalender.Routenplaner ". + "FROM wkParticipo_Events ". + "LEFT JOIN wettkampfkalender ". + "ON wettkampfkalender.lfdeNr = wkParticipo_Events.wkId ". + "WHERE wkParticipo_Events.date >= CURDATE() ". + "ORDER BY wkParticipo_Events.date;"; + $ret = dbQuery(self::$db, $query); + $events = array(); + foreach($ret as $event){ + array_push( $events, event::fromArray( $event ) ); + } + return $events; + } + + static public function getHtmlEventTable($eventList){ + $ret = ""; + foreach($eventList as $event){ + $ret .= $event->htmlTableRow(); + } + $ret .= "
"; + return $ret; } } - ?> \ No newline at end of file diff --git a/homepage/participo/shared/sidenav.inc.php b/homepage/participo/shared/sidenav.inc.php new file mode 100644 index 0000000..453ab71 --- /dev/null +++ b/homepage/participo/shared/sidenav.inc.php @@ -0,0 +1,39 @@ + +
+ + + +
From 3e3fb6d953f6f06f9af3138068a7fde355385e15 Mon Sep 17 00:00:00 2001 From: marko Date: Mon, 6 Jun 2022 12:55:17 +0200 Subject: [PATCH 2/3] redirecting login --- homepage/participo/attendance.php | 14 +- homepage/participo/auth.php | 4 +- homepage/participo/events.inc.php | 18 +- homepage/participo/events.php | 43 +++- homepage/participo/index.php | 98 +-------- homepage/participo/lib/api.php | 2 +- homepage/participo/lib/db.php | 17 +- .../participo/lib/participoLib/participo.php | 191 +++++++++++++++++- .../{planerLib => participoLib}/planer.php | 20 ++ homepage/participo/login.php | 30 ++- homepage/participo/user.php | 9 +- submodules/materialize | 2 +- 12 files changed, 304 insertions(+), 144 deletions(-) rename homepage/participo/lib/{planerLib => participoLib}/planer.php (89%) diff --git a/homepage/participo/attendance.php b/homepage/participo/attendance.php index fa7f477..55e7edb 100644 --- a/homepage/participo/attendance.php +++ b/homepage/participo/attendance.php @@ -15,15 +15,15 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge'); require_once($config['basePath']."/config/cwsvJudo.config.php"); require_once($config['basePath']."/config/phpcount.config.php"); - $dbConnection = getPdoDbConnection( + dbConnector::connect( $cwsvJudoConfig["db"]["host"], $cwsvJudoConfig["db"]["name"], $cwsvJudoConfig["db"]["user"], $cwsvJudoConfig["db"]["password"] ); - $userData = getUserData($dbConnection, $_SESSION['user']['userId']); - $usersKids = getUsersKids($dbConnection, $_SESSION['user']['userId']); + $userData = getUserData(dbConnector::getDbConnection(), $_SESSION['user']['userId']); + $usersKids = getUsersKids(dbConnector::getDbConnection(), $_SESSION['user']['userId']); abstract class AttendanceType { const __default = null; @@ -273,13 +273,13 @@ foreach($usersKids as $k){ if($_SESSION['login']){ ?>
- UserAttribute::InTraining]));?> + UserAttribute::InTraining]));?> Eigene Anwesenheiten". - Attendance::userAttendanceHtmlTable($dbConnection, $userData['id']) + Attendance::userAttendanceHtmlTable(dbConnector::getDbConnection(), $userData['id']) ); require_once("./lib/participoLib/participo.php"); } @@ -290,7 +290,7 @@ if($_SESSION['login']){ if($userData['id']==$k['kidId']) continue; echo( "

".$k['vorname']." ".$k['name']."

". - Attendance::userAttendanceHtmlTable($dbConnection, $k['kidId']) + Attendance::userAttendanceHtmlTable(dbConnector::getDbConnection(), $k['kidId']) ); } } diff --git a/homepage/participo/auth.php b/homepage/participo/auth.php index c25f3a6..4cdd5bf 100644 --- a/homepage/participo/auth.php +++ b/homepage/participo/auth.php @@ -1,9 +1,9 @@ "Event Planer", + 'description' => "Planung von (Nicht-)Teilnahmen an Wettkämpfen und anderen Veranstaltungen" + ); ?> \ No newline at end of file diff --git a/homepage/participo/events.php b/homepage/participo/events.php index 2978706..f2da302 100644 --- a/homepage/participo/events.php +++ b/homepage/participo/events.php @@ -1,8 +1,5 @@ "Event Planer", - 'description' => "Planung von (Nich-)Teilnahmen an Wettkämpfen und anderen Veranstaltungen" -); +set_include_path(get_include_path() . PATH_SEPARATOR . "./lib/"); include_once("events.inc.php"); @@ -28,7 +25,7 @@ include_once("events.inc.php"); <?php echo($meta['title']);?> - ])> + @@ -37,12 +34,46 @@ include_once("events.inc.php");
- + +
+

Übersicht anstehender Events

+ +

Detailansicht kommender Wettkämpfe

+ asHtmlCard());?>
diff --git a/homepage/participo/index.php b/homepage/participo/index.php index f45462f..27490eb 100644 --- a/homepage/participo/index.php +++ b/homepage/participo/index.php @@ -1,110 +1,30 @@ = CURDATE() ". - "ORDER BY wkParticipo_Events.date;"; - $ret = dbQuery($dbConn, $query); - // $results = $anMysqlConn->query($query); - - // // Bei einem Fehler bei der Abfrage soll NULL zurückgeliefert werden - // if( !$results ){ - // echo("No Results: ".$anMysqlConn->error); - // return NULL; - // } - // // Bei einem leeren Ergebnis (NULL oder leeres Array) soll ein leeres Array zurückgeliefert werden - // if( empty($results) ) return array(); - - // while( $result = $results->fetch_assoc() ){ - // array_walk( - // $result, - // function (&$value, $key, $someOptions) { - // $value = iconv($someOptions['dbCharset'], $someOptions['outCharset'], $value); - // }, - // $someOptions - // ); - // array_push( $ret, $result); - // } - return $ret; -} + $userData = getUserData(dbConnector::getDbConnection(), $_SESSION['user']['userId']); + eventPlaner::setDbConnection( dbConnector::getDbConnection() ); -// array(12) { -// ["id"]=> string(3) "139" -// ["date"]=> string(10) "2021-12-29" -// ["wkId"]=> string(0) "" -// ["meldefrist"]=> string(10) "2021-12-28" -// ["bemerkungen"]=> string(374) "{ "Datum": "2021-12-29", "Veranstaltung": "Jahresabschlusstraining", "Altersklassen": "alle", "bemerkungen": " - -// Zum Abschluss des Jahres noch einmal eine kleine Einheit hauptsächlich zum Spielen -// Zeit: 16:00--19:00 Uhr - -// ", "Ort": "unser Dojo, Str. Usti nad Labem 42, 09120 Chemnitz", "Routenplaner": "https://osm.org/go/0MIYhLf3Q-" }" -// ["kvOptions"]=> string(0) "" -// ["Datum"]=> string(0) "" -// ["Veranstaltung"]=> string(0) "" -// ["Altersklassen"]=> string(0) "" -// ["Ort"]=> string(0) "" -// ["Ausschreibung"]=> string(0) "" -// ["Routenplaner"]=> string(0) "" -// } -function getHtmlEventTable($eventList){ - $ret = ""; - foreach($eventList as $event){ - $e = json_decode($event['bemerkungen'], true); - $e = (($e==null)?$event:$e); - $e['id']=$event['id']; - $ret .= ""; - } - $ret .= "
".$e['Datum']."".$e['Veranstaltung']."
"; - return $ret; -} ?> @@ -160,9 +80,9 @@ function getHtmlEventTable($eventList){
  • Einstellensettings
    • - +
  • - adminStuff + adminStuff
    • @@ -189,7 +109,7 @@ echo( AppCard::fromArray([ 'link' => "/pages/desktop/wkParticipo", 'title' => "Event-Planer", - 'description'=> "Organisieren der Teilnahmen (und nicht-Teilnahmen) an Wettkämpfen, Sondertrainingseinheiten, Feiern etc.

    ".getHtmlEventTable(getCommingWkEvents($dbConnection))."

    ", + 'description'=> "Organisieren der Teilnahmen (und nicht-Teilnahmen) an Wettkämpfen, Sondertrainingseinheiten, Feiern etc.

    ".eventPlaner::getHtmlEventTable(eventPlaner::getCommingWkEvents())."

    ", 'imgUrl' => "/ressourcen/graphiken/icons/terminKalender.svg", 'actions' => [ AppCardAction::fromArray(['caption'=>"Planer", 'link'=>"/pages/desktop/wkParticipo"]), @@ -272,7 +192,7 @@ echo( AdminStuff". "

    ". diff --git a/homepage/participo/lib/api.php b/homepage/participo/lib/api.php index b455d83..b39ccb0 100644 --- a/homepage/participo/lib/api.php +++ b/homepage/participo/lib/api.php @@ -123,7 +123,7 @@ function updateUserPassword($db, $userId, $password){ ':val' => array('value'=>$password, 'data_type'=>PDO::PARAM_STR), ':id' => array('value'=>$userId, 'data_type'=>PDO::PARAM_INT) ); - dbQuery($db, $query, $params); + dbConnector::query($query, $params); return; } diff --git a/homepage/participo/lib/db.php b/homepage/participo/lib/db.php index d76a942..ae428cb 100644 --- a/homepage/participo/lib/db.php +++ b/homepage/participo/lib/db.php @@ -1,19 +1,4 @@ getMessage() ); - } -return $dbConnection; -} - function createDb($dbConnection){ << NULL, 'success' => NULL, 'notice' => NULL]; + + /** + * Returns the current login status + * + * The login status is stored in the session cookie. If it is not even set it means the login is invalid. + * + * @return The login status or false if none is set so far + */ + static public function isLoginValid(){ + return ($_SESSION['login'] ?? false); + } + + /** + * A little Box with the login status as html entity + * + * @return string htmlEntity showing the login status + */ + static public function htmlLoginStatus(){ + return + "
    ". + "Datum: ".date("Y-m-d")."
    ". + "Angemeldet als ".htmlspecialchars($_SESSION['user']['username']).".
    ". + "Sitzung beenden". + "
    "; + } + + /** + * Checks, if there already is a valid login, if not redirect to the login form + * + * @retval void + */ + static public function authentificate(){ + session_start(); + if ( !self::isLoginValid() ) { + header("Location: login?returnToUrl=".urlencode($_SERVER['REQUEST_URI']), TRUE, 301); + exit(); // should'nt matter + } + } + + static public function getMessages(){return self::$message;} + static public function addMessage($type, $message){self::$message[$type] = (self::$message[$type] ?? "").$message;} + + static public function checkCredentials($loginName, $password){ + sleep(1); // just to discurrage brute force attacks + // Check for dbConnection + if(!dbConnector::getDbConnection()){ + self::addMessage('error', "
    No DbConnection available
    "); + return false; + } + + // query all users with the entered name + $user = dbConnector::query( + "SELECT `id`, `loginName`, `pwHash`, `config` FROM `wkParticipo_Users` WHERE `loginName` = :loginName", + ['loginName' => ['value'=>$loginName, 'data_type'=>PDO::PARAM_STR]] + ); + + // If there is no such user OR the password isn't valid the login fails + if( empty($user || !password_verify( $password, $user['pwHash']) )){ + sleep(5); // discourage brute force attacks + self::addMessage('error', "
    Falsches Passwort oder LoginName
    "); + return false; + } + + session_start(); + // case valid login: Set the session data + $_SESSION = array( + 'login' => true, + 'user' => array( + 'username' => $row['loginName'], + 'userId' => $row['id'], + 'userConfig' => json_decode($row['config'], true) + ) + ); + + // Logging Logins + logLoginsToJsonFile($_SESSION['user']['username']); + + self::addMessage('success', "
    Anmeldung erfolgreich
    "); + return true; + } } - - /** * Action element of an MaterializeCss (App-)card */ @@ -273,4 +351,111 @@ function logLoginsToJsonFile($userName, $fileName="lastLogins.json"){ } } + +class dbConnector{ + static private $db = null; + + // connect to the database + public static function connect($hostname, $dbName, $user, $password){ + return self::setDbConnection( self::connectToPdo($hostname, $dbName, $user, $password) ); + } + + public static function getDbConnection(){return self::$db;} + + /// perform a pdo-query + /// + /// @param $aQueryString + /// @param $aBindArray e.g. array( + /// ':userId' => array('value'=>$anUserId, 'data_type'=>PDO::PARAM_INT), + /// ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) ) + /// @param $someOption + function query($aQueryString, $aBindArray = array(), $someOptions = array()){ + // Standardbelegungen + if( empty($someOptions['dbCharset' ]) ) $someOptions['dbCharset' ] = "ISO-8859-1"; + if( empty($someOptions['outCharset']) ) $someOptions['outCharset'] = "UTF-8"; + if( empty($someOptions['dontFetch' ]) ) $someOptions['dontFetch' ] = false; + + /// @toDo: Bisher wird nur die Rückgabe konvertiert. Eigentlich muss + /// doch auch die Eingabe konvertiert werden. Aber das jetzt + /// umzustellen wird schwer! Die User im Wettkampfplaner sind ja z.B. + /// als UTF8 in latin1(?) gespeichert. + /// @toDo: Die Standardwerte sollten vielleicht aus einer config + /// kommen, nicht hardcoded + try{ + $pdoStatement = self::$db->prepare( $aQueryString ); + foreach( $aBindArray as $bindName => $bind ){ + if( $bind['data_type'] == PDO::PARAM_STR) + $bind['value'] = iconv( + $someOptions['outCharset'], + $someOptions['dbCharset'], + $bind['value'] + ); + $pdoStatement->bindValue( + $bindName, + $bind['value'], + (isset($bind['data_type'])?$bind['data_type']:PDO::PARAM_STR) + ); + } + $pdoResult = $pdoStatement->execute(); + if(!$pdoResult){ + echo("Error during dbQuery!\n"); + echo("DB-Error:\n"); var_dump(self::$db->errorInfo()); + } + if($someOptions['dontFetch']){ + $ret = NULL; + } + else{ + $ret = $pdoStatement->fetchAll(PDO::FETCH_ASSOC); + } + } + catch(PDOException $db_error){ + print "Error!: " . $db_error->getMessage() . "
    "; + return null; + } + + // Zeichensatzkonvertierung + if( is_array($ret) ){ + foreach($ret as &$entry){ + array_walk( + $entry, + function (&$value, $key, $someOptions) { + $value = iconv($someOptions['dbCharset'], $someOptions['outCharset'], $value); + }, + $someOptions + ); + } + } + return $ret; + } + + // get a Connection to the database + static private function connectToPdo($hostname, $dbName, $user, $password){ + $dbConnection=null; + try{ + $dbConnection = new PDO( + 'mysql:host='.$hostname.';dbname='.$dbName, + $user, + $password + ); + } + catch(PDOException $dbError){ + echo( "Error whilst getting a dbConnection!: " . $dbError->getMessage() ); + } + return $dbConnection; + } + + // set the dbConnection (just setting, no establishing) + private static function setDbConnection($dbConnection){ + $success = false; + if($dbConnection instanceof PDO){ + self::$db = $dbConnection; + $success = true; + } + else{ + self::$db = null; + } + } + + +} ?> \ No newline at end of file diff --git a/homepage/participo/lib/planerLib/planer.php b/homepage/participo/lib/participoLib/planer.php similarity index 89% rename from homepage/participo/lib/planerLib/planer.php rename to homepage/participo/lib/participoLib/planer.php index 7b6c91b..1e09d61 100644 --- a/homepage/participo/lib/planerLib/planer.php +++ b/homepage/participo/lib/participoLib/planer.php @@ -28,6 +28,9 @@ class shiai{ public function getName(){ return $this->name; } + public function getAgeClasses(){ + return $this->ageclasses ? $this->ageclasses : "-"; + } public function getId(){ return $this->id; } @@ -67,6 +70,21 @@ class event{ $this->shiai = $shiai; } + function asHtmlCard(){ + return + "
    ". + "
    ". + "".$this->shiai->getName()."". + "
    ". + "
    Datum
    ". + "
    ".$this->date->format("Y-m-d")."
    ". + "
    Meldefrist
    ". + "
    ".$this->deadline->format("Y-m-d")."
    ". + "
    Altersklassen
    ". + "
    ".$this->shiai->getAgeClasses()."
    ". + "
    ". + "
    "; + } public function htmlTableRow(){ return "". @@ -146,4 +164,6 @@ class eventPlaner{ return $ret; } } + + ?> \ No newline at end of file diff --git a/homepage/participo/login.php b/homepage/participo/login.php index fa9aadd..b4ebe6f 100644 --- a/homepage/participo/login.php +++ b/homepage/participo/login.php @@ -6,9 +6,17 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge'); require_once("./local/dbConf.php"); -// Check, if the login is already set. If so move to the main page. + require_once($config['basePath']."/config/cwsvJudo.config.php"); + dbConnector::connect( + $cwsvJudoConfig["db"]["host"], + $cwsvJudoConfig["db"]["name"], + $cwsvJudoConfig["db"]["user"], + $cwsvJudoConfig["db"]["password"] + ); + +// Check, if the login is already set. If so move to the main page if (isset($_SESSION['login'])) { - header('Location: http://' . $_SERVER['HTTP_HOST'] . '/index.php'); + header("Location: http://" . ($_POST['returnToUrl'] ?? "."), TRUE, 301); } // Otherwise check credentials if given. else{ @@ -17,12 +25,14 @@ else{ empty($_POST['f']['username']) || empty($_POST['f']['password']) ) { - $message['error'] = 'Es wurden nicht alle Felder ausgefüllt.'; + $message = ['error' => "Es wurden nicht alle Felder ausgefüllt."]; } else { - - $message = checkCredentials($_POST['f']['username'], $_POST['f']['password'], $db_server, $db_user, $db_password, $db_name); - if( !isset($message['error']) ) - $message['notice'] = "OnlineApps - cwsvJudo"; + if( participo::checkCredentials( $_POST['f']['username'], $_POST['f']['password']) ){ + $returnToUrl = $_POST['returnToUrl'] ?? "."; + participo::addMessage('success', ""); + participo::addMessage('notice', "OnlineApps - cwsvJudo"); + header("Location: " . $returnToUrl ); + } } } } @@ -42,18 +52,20 @@ else{

    Loginseite der Online-Apps der Judoka des CWSV

    - +
    Benutzerdaten
    - /> + />
    + "); ?> + "); ?>
    diff --git a/homepage/participo/user.php b/homepage/participo/user.php index 4ccad3b..be9fc29 100644 --- a/homepage/participo/user.php +++ b/homepage/participo/user.php @@ -5,6 +5,7 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge'); require_once("./local/dbConf.php"); require_once("./local/cwsvJudo.php"); + require_once("./lib/participoLib/participo.php"); require_once("./lib/db.php"); require_once("./lib/api.php"); @@ -13,17 +14,17 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge'); require_once($config['basePath']."/config/cwsvJudo.config.php"); require_once($config['basePath']."/config/phpcount.config.php"); - $dbConnection = getPdoDbConnection( + dbConnector::connect( $cwsvJudoConfig["db"]["host"], $cwsvJudoConfig["db"]["name"], $cwsvJudoConfig["db"]["user"], $cwsvJudoConfig["db"]["password"] ); - $userData = getUserData($dbConnection, $_SESSION['user']['userId']); - $usersKids = getUsersKids($dbConnection, $_SESSION['user']['userId']); + $userData = getUserData(dbConnector::getDbConnection(), $_SESSION['user']['userId']); + $usersKids = getUsersKids(dbConnector::getDbConnection(), $_SESSION['user']['userId']); - processPostData($dbConnection, $_POST); + processPostData(dbConnector::getDbConnection(), $_POST); ?> diff --git a/submodules/materialize b/submodules/materialize index 4800c83..4463268 160000 --- a/submodules/materialize +++ b/submodules/materialize @@ -1 +1 @@ -Subproject commit 4800c83116852ee5672c963090b2832afb4e0786 +Subproject commit 4463268d489e9ad40d0b98efbcf9cbda6570d076 From 8329a6b2dfa96df93b57e1940036e05384ebf5aa Mon Sep 17 00:00:00 2001 From: marko Date: Sun, 12 Jun 2022 19:54:29 +0200 Subject: [PATCH 3/3] self opening modals, loginredirects keep fragment data --- homepage/participo/events.inc.php | 9 ++-- homepage/participo/events.php | 18 ++++++- homepage/participo/infoZettel.php | 9 ++-- .../participo/lib/participoLib/participo.php | 49 ++++--------------- .../participo/lib/participoLib/planer.php | 19 ++++++- homepage/participo/login.php | 15 ++++-- infoZettelOrg/Makefile | 8 +-- .../pandocTemplate-cwsvJudoZettel.latex | 2 +- 8 files changed, 72 insertions(+), 57 deletions(-) diff --git a/homepage/participo/events.inc.php b/homepage/participo/events.inc.php index 2d83610..f99bd9b 100644 --- a/homepage/participo/events.inc.php +++ b/homepage/participo/events.inc.php @@ -1,14 +1,17 @@ @@ -21,6 +19,21 @@ include_once("events.inc.php"); // specify options here }); }); + document.addEventListener('DOMContentLoaded', function() { + var elems = document.querySelectorAll('.modal'); + var instances = M.Modal.init(elems, { + // specify options here + }); + }); + + // Open the given modal + document.addEventListener('DOMContentLoaded', function () { + // So far we assume the first given fragment (the stuff behind the #) is the modalId + var eventId = window.location.hash.substr(1); + var Modalelem = document.querySelector('#event-modal-'+eventId); + var instance = M.Modal.init(Modalelem); + instance.open(); + }); @@ -70,6 +83,7 @@ include_once("events.inc.php");

    Übersicht anstehender Events

    +

    Detailansicht kommender Wettkämpfe

    diff --git a/homepage/participo/infoZettel.php b/homepage/participo/infoZettel.php index 538f7f5..b4e9bae 100644 --- a/homepage/participo/infoZettel.php +++ b/homepage/participo/infoZettel.php @@ -1,5 +1,8 @@ -
    diff --git a/homepage/participo/lib/participoLib/participo.php b/homepage/participo/lib/participoLib/participo.php index 2803a5f..b35bade 100644 --- a/homepage/participo/lib/participoLib/participo.php +++ b/homepage/participo/lib/participoLib/participo.php @@ -37,7 +37,7 @@ class participo{ static public function authentificate(){ session_start(); if ( !self::isLoginValid() ) { - header("Location: login?returnToUrl=".urlencode($_SERVER['REQUEST_URI']), TRUE, 301); + header("Location: login?returnToUrl=".urlencode($_SERVER['REQUEST_URI'].($_POST['fragment'] ?? "")), TRUE, 301); exit(); // should'nt matter } } @@ -45,6 +45,15 @@ class participo{ static public function getMessages(){return self::$message;} static public function addMessage($type, $message){self::$message[$type] = (self::$message[$type] ?? "").$message;} + /** + * check password for user + * + * @param string $loginName user who wants to get in + * @param string $password passwor for the user + * + * @retval true $password belongs to $loginName + * @retval false otherwise + */ static public function checkCredentials($loginName, $password){ sleep(1); // just to discurrage brute force attacks // Check for dbConnection @@ -291,44 +300,6 @@ function loadMarkdownFile($fileName){ ); } - -function checkCredentials($username, $password, $db_server, $db_user, $db_password, $db_name){ - sleep(1); - $mysqli = @new mysqli($db_server, $db_user, $db_password, $db_name); - if ($mysqli->connect_error) { - $message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error; - } else { - $query = sprintf( - "SELECT id, loginName, pwHash, config FROM wkParticipo_Users WHERE loginName = '%s'", - $mysqli->real_escape_string($_POST['f']['username']) - ); - $result = $mysqli->query($query); - if ($row = $result->fetch_array(MYSQLI_ASSOC)) { - if( password_verify( $_POST['f']['password'], $row['pwHash']) ){ - session_start(); - $_SESSION = array( - 'login' => true, - 'user' => array( - 'username' => $row['loginName'], - 'userId' => $row['id'], - 'userConfig' => json_decode($row['config'], true) - ), - ); - $message['success'] = 'Anmeldung erfolgreich, weiter zum Inhalt.'; - - // Logging Logins - logLoginsToJsonFile($_SESSION['user']['username']); - - header('Location: http://' . $_SERVER['HTTP_HOST'] . '/participo?user=' . $_POST['f']['username']); - } else { - sleep(5); - $message['error'] = 'Das Kennwort ist nicht korrekt.'; - } - } - } -return $message; -} - /** * Log the Login of an user into a logFile * diff --git a/homepage/participo/lib/participoLib/planer.php b/homepage/participo/lib/participoLib/planer.php index 1e09d61..a22f79a 100644 --- a/homepage/participo/lib/participoLib/planer.php +++ b/homepage/participo/lib/participoLib/planer.php @@ -88,10 +88,23 @@ class event{ public function htmlTableRow(){ return "". - "".$this->date->format("Y-m-d")."". + "Datum ".$this->date->format("Y-m-d")."". "id."\" >".$this->shiai->getName()."". + "id."\">add". ""; } + public function htmlModal(){ + return + "
    id."\" class=\"modal\">". + "
    ". + "

    ".$this->shiai->getName()."

    ". + "

    A bunch of text

    ". + "
    ". // end modal-content + "
    ". + "Agree". + "
    ". + "
    "; + } static public function fromArray($member){ $shiai = json_decode($member['bemerkungen'], true); @@ -157,10 +170,14 @@ class eventPlaner{ static public function getHtmlEventTable($eventList){ $ret = ""; + $ret .= ""; foreach($eventList as $event){ $ret .= $event->htmlTableRow(); } $ret .= "
    "; + foreach($eventList as $event){ + $ret .= $event->htmlModal(); + } return $ret; } } diff --git a/homepage/participo/login.php b/homepage/participo/login.php index b4ebe6f..9d12351 100644 --- a/homepage/participo/login.php +++ b/homepage/participo/login.php @@ -1,7 +1,8 @@ "Es wurden nicht alle Felder ausgefüllt."]; } else { if( participo::checkCredentials( $_POST['f']['username'], $_POST['f']['password']) ){ - $returnToUrl = $_POST['returnToUrl'] ?? "."; + $returnToUrl = ($_POST['returnToUrl'] ?? ".").($_POST['fragment'] ?? ""); participo::addMessage('success', ""); participo::addMessage('notice', "OnlineApps - cwsvJudo"); - header("Location: " . $returnToUrl ); + header("Location: " . $returnToUrl, TRUE, 301 ); } } } @@ -66,6 +67,14 @@ else{
    "); ?> "); ?> + + + +
    diff --git a/infoZettelOrg/Makefile b/infoZettelOrg/Makefile index 84c2499..583e5de 100644 --- a/infoZettelOrg/Makefile +++ b/infoZettelOrg/Makefile @@ -1,3 +1,5 @@ +include Makefile.private + infoZettel=$(patsubst %.md,%.pdf,$(wildcard *.md)) infoZettel-2x2=$(patsubst %.md,%-2x2.pdf,$(wildcard *.md)) kyuZettel=$(patsubst %.md,%.pdf,$(wildcard kyuZettel/*.md)) @@ -60,14 +62,14 @@ aushang/%.pdf: aushang/%.md .PHONY: infoZettelUpload #infoZettelUpload: $(infoZettelUploads) infoZettelUpload: infoZettel - curl -T "{$$(echo *.md | tr ' ' ',')}" ftp://cwsvjudo:***REMOVED***@cwsvjudo.bplaced.net/www/infoZettel/ + curl -T "{$$(echo *.md | tr ' ' ',')}" ftp://$(uploadUser):$(uploadPassword)@cwsvjudo.bplaced.net/www/infoZettel/ uploadTouch/%.md: %.md - curl --verbose --upload-file $^ ftp://cwsvjudo:***REMOVED***@cwsvjudo.bplaced.net/www/infoZettel/$^ + curl --verbose --upload-file $^ ftp://$(uploadUser):$(uploadPassword)@cwsvjudo.bplaced.net/www/infoZettel/$^ touch $@ uploadTouch/%.pdf: %.pdf - curl --verbose --upload-file $^ ftp://cwsvjudo:***REMOVED***@cwsvjudo.bplaced.net/www/temp/druck/$^ + curl --verbose --upload-file $^ ftp://$(uploadUser):$(uploadPassword)@cwsvjudo.bplaced.net/www/temp/druck/$^ touch $@ .PHONY: echo diff --git a/infoZettelOrg/pandocTemplate-cwsvJudoZettel.latex b/infoZettelOrg/pandocTemplate-cwsvJudoZettel.latex index f367de4..670d5a4 100644 --- a/infoZettelOrg/pandocTemplate-cwsvJudoZettel.latex +++ b/infoZettelOrg/pandocTemplate-cwsvJudoZettel.latex @@ -149,7 +149,7 @@ $endfor$ %%% \providecommand{\tightlist}{% \setlength{\itemsep}{0pt}\setlength{\parskip}{0pt}} -\usepackage{cwsvJudoZettel} +\usepackage{styles/cwsvJudoZettel} \begin{document}