|
|
|
|
@@ -2,11 +2,89 @@
|
|
|
|
|
|
|
|
|
|
class participo{
|
|
|
|
|
private static $db = null;
|
|
|
|
|
static public function initDbConnection(){}
|
|
|
|
|
private static $message = ['error' => NULL, 'success' => NULL, 'notice' => NULL];
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Returns the current login status
|
|
|
|
|
*
|
|
|
|
|
* The login status is stored in the session cookie. If it is not even set it means the login is invalid.
|
|
|
|
|
*
|
|
|
|
|
* @return The login status or false if none is set so far
|
|
|
|
|
*/
|
|
|
|
|
static public function isLoginValid(){
|
|
|
|
|
return ($_SESSION['login'] ?? false);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* A little Box with the login status as html entity
|
|
|
|
|
*
|
|
|
|
|
* @return string htmlEntity showing the login status
|
|
|
|
|
*/
|
|
|
|
|
static public function htmlLoginStatus(){
|
|
|
|
|
return
|
|
|
|
|
"<div style=\"border: 1px solid black\">".
|
|
|
|
|
"Datum: ".date("Y-m-d")."<br />".
|
|
|
|
|
"Angemeldet als <strong>".htmlspecialchars($_SESSION['user']['username'])."</strong>.<br />".
|
|
|
|
|
"<a href=\"logout.php\">Sitzung beenden</a>".
|
|
|
|
|
"</div>";
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Checks, if there already is a valid login, if not redirect to the login form
|
|
|
|
|
*
|
|
|
|
|
* @retval void
|
|
|
|
|
*/
|
|
|
|
|
static public function authentificate(){
|
|
|
|
|
session_start();
|
|
|
|
|
if ( !self::isLoginValid() ) {
|
|
|
|
|
header("Location: login?returnToUrl=".urlencode($_SERVER['REQUEST_URI']), TRUE, 301);
|
|
|
|
|
exit(); // should'nt matter
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static public function getMessages(){return self::$message;}
|
|
|
|
|
static public function addMessage($type, $message){self::$message[$type] = (self::$message[$type] ?? "").$message;}
|
|
|
|
|
|
|
|
|
|
static public function checkCredentials($loginName, $password){
|
|
|
|
|
sleep(1); // just to discurrage brute force attacks
|
|
|
|
|
// Check for dbConnection
|
|
|
|
|
if(!dbConnector::getDbConnection()){
|
|
|
|
|
self::addMessage('error', "<div>No DbConnection available</div>");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// query all users with the entered name
|
|
|
|
|
$user = dbConnector::query(
|
|
|
|
|
"SELECT `id`, `loginName`, `pwHash`, `config` FROM `wkParticipo_Users` WHERE `loginName` = :loginName",
|
|
|
|
|
['loginName' => ['value'=>$loginName, 'data_type'=>PDO::PARAM_STR]]
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// If there is no such user OR the password isn't valid the login fails
|
|
|
|
|
if( empty($user || !password_verify( $password, $user['pwHash']) )){
|
|
|
|
|
sleep(5); // discourage brute force attacks
|
|
|
|
|
self::addMessage('error', "<div>Falsches Passwort oder LoginName</div>");
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
session_start();
|
|
|
|
|
// case valid login: Set the session data
|
|
|
|
|
$_SESSION = array(
|
|
|
|
|
'login' => true,
|
|
|
|
|
'user' => array(
|
|
|
|
|
'username' => $row['loginName'],
|
|
|
|
|
'userId' => $row['id'],
|
|
|
|
|
'userConfig' => json_decode($row['config'], true)
|
|
|
|
|
)
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
// Logging Logins
|
|
|
|
|
logLoginsToJsonFile($_SESSION['user']['username']);
|
|
|
|
|
|
|
|
|
|
self::addMessage('success', "<div>Anmeldung erfolgreich</div>");
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Action element of an MaterializeCss (App-)card
|
|
|
|
|
*/
|
|
|
|
|
@@ -273,4 +351,111 @@ function logLoginsToJsonFile($userName, $fileName="lastLogins.json"){
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
class dbConnector{
|
|
|
|
|
static private $db = null;
|
|
|
|
|
|
|
|
|
|
// connect to the database
|
|
|
|
|
public static function connect($hostname, $dbName, $user, $password){
|
|
|
|
|
return self::setDbConnection( self::connectToPdo($hostname, $dbName, $user, $password) );
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
public static function getDbConnection(){return self::$db;}
|
|
|
|
|
|
|
|
|
|
/// perform a pdo-query
|
|
|
|
|
///
|
|
|
|
|
/// @param $aQueryString
|
|
|
|
|
/// @param $aBindArray e.g. array(
|
|
|
|
|
/// ':userId' => array('value'=>$anUserId, 'data_type'=>PDO::PARAM_INT),
|
|
|
|
|
/// ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) )
|
|
|
|
|
/// @param $someOption
|
|
|
|
|
function query($aQueryString, $aBindArray = array(), $someOptions = array()){
|
|
|
|
|
// Standardbelegungen
|
|
|
|
|
if( empty($someOptions['dbCharset' ]) ) $someOptions['dbCharset' ] = "ISO-8859-1";
|
|
|
|
|
if( empty($someOptions['outCharset']) ) $someOptions['outCharset'] = "UTF-8";
|
|
|
|
|
if( empty($someOptions['dontFetch' ]) ) $someOptions['dontFetch' ] = false;
|
|
|
|
|
|
|
|
|
|
/// @toDo: Bisher wird nur die Rückgabe konvertiert. Eigentlich muss
|
|
|
|
|
/// doch auch die Eingabe konvertiert werden. Aber das jetzt
|
|
|
|
|
/// umzustellen wird schwer! Die User im Wettkampfplaner sind ja z.B.
|
|
|
|
|
/// als UTF8 in latin1(?) gespeichert.
|
|
|
|
|
/// @toDo: Die Standardwerte sollten vielleicht aus einer config
|
|
|
|
|
/// kommen, nicht hardcoded
|
|
|
|
|
try{
|
|
|
|
|
$pdoStatement = self::$db->prepare( $aQueryString );
|
|
|
|
|
foreach( $aBindArray as $bindName => $bind ){
|
|
|
|
|
if( $bind['data_type'] == PDO::PARAM_STR)
|
|
|
|
|
$bind['value'] = iconv(
|
|
|
|
|
$someOptions['outCharset'],
|
|
|
|
|
$someOptions['dbCharset'],
|
|
|
|
|
$bind['value']
|
|
|
|
|
);
|
|
|
|
|
$pdoStatement->bindValue(
|
|
|
|
|
$bindName,
|
|
|
|
|
$bind['value'],
|
|
|
|
|
(isset($bind['data_type'])?$bind['data_type']:PDO::PARAM_STR)
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
$pdoResult = $pdoStatement->execute();
|
|
|
|
|
if(!$pdoResult){
|
|
|
|
|
echo("Error during dbQuery!\n");
|
|
|
|
|
echo("DB-Error:\n"); var_dump(self::$db->errorInfo());
|
|
|
|
|
}
|
|
|
|
|
if($someOptions['dontFetch']){
|
|
|
|
|
$ret = NULL;
|
|
|
|
|
}
|
|
|
|
|
else{
|
|
|
|
|
$ret = $pdoStatement->fetchAll(PDO::FETCH_ASSOC);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
catch(PDOException $db_error){
|
|
|
|
|
print "Error!: " . $db_error->getMessage() . "<br/>";
|
|
|
|
|
return null;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// Zeichensatzkonvertierung
|
|
|
|
|
if( is_array($ret) ){
|
|
|
|
|
foreach($ret as &$entry){
|
|
|
|
|
array_walk(
|
|
|
|
|
$entry,
|
|
|
|
|
function (&$value, $key, $someOptions) {
|
|
|
|
|
$value = iconv($someOptions['dbCharset'], $someOptions['outCharset'], $value);
|
|
|
|
|
},
|
|
|
|
|
$someOptions
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return $ret;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// get a Connection to the database
|
|
|
|
|
static private function connectToPdo($hostname, $dbName, $user, $password){
|
|
|
|
|
$dbConnection=null;
|
|
|
|
|
try{
|
|
|
|
|
$dbConnection = new PDO(
|
|
|
|
|
'mysql:host='.$hostname.';dbname='.$dbName,
|
|
|
|
|
$user,
|
|
|
|
|
$password
|
|
|
|
|
);
|
|
|
|
|
}
|
|
|
|
|
catch(PDOException $dbError){
|
|
|
|
|
echo( "Error whilst getting a dbConnection!: " . $dbError->getMessage() );
|
|
|
|
|
}
|
|
|
|
|
return $dbConnection;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
// set the dbConnection (just setting, no establishing)
|
|
|
|
|
private static function setDbConnection($dbConnection){
|
|
|
|
|
$success = false;
|
|
|
|
|
if($dbConnection instanceof PDO){
|
|
|
|
|
self::$db = $dbConnection;
|
|
|
|
|
$success = true;
|
|
|
|
|
}
|
|
|
|
|
else{
|
|
|
|
|
self::$db = null;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
}
|
|
|
|
|
?>
|
marko