marko/cwsvJudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

redirecting login

Browse Source
This commit is contained in:
marko
2022-06-06 12:55:17 +02:00
parent 706b722b12
commit 3e3fb6d953
12 changed files with 304 additions and 144 deletions
Download Patch File Download Diff File Expand all files Collapse all files

191
homepage/participo/lib/participoLib/participo.php
View File

@@ -2,11 +2,89 @@
class participo{
private static $db = null;
static public function initDbConnection(){}
private static $message = ['error' => NULL, 'success' => NULL, 'notice' => NULL];
/**
* Returns the current login status
*
* The login status is stored in the session cookie. If it is not even set it means the login is invalid.
*
* @return The login status or false if none is set so far
*/
static public function isLoginValid(){
return ($_SESSION['login'] ?? false);
}
/**
* A little Box with the login status as html entity
*
* @return string htmlEntity showing the login status
*/
static public function htmlLoginStatus(){
return
"<div style=\"border: 1px solid black\">".
"Datum: ".date("Y-m-d")."<br />".
"Angemeldet als <strong>".htmlspecialchars($_SESSION['user']['username'])."</strong>.<br />".
"<a href=\"logout.php\">Sitzung beenden</a>".
"</div>";
}
/**
* Checks, if there already is a valid login, if not redirect to the login form
*
* @retval void
*/
static public function authentificate(){
session_start();
if ( !self::isLoginValid() ) {
header("Location: login?returnToUrl=".urlencode($_SERVER['REQUEST_URI']), TRUE, 301);
exit(); // should'nt matter
}
}
static public function getMessages(){return self::$message;}
static public function addMessage($type, $message){self::$message[$type] = (self::$message[$type] ?? "").$message;}
static public function checkCredentials($loginName, $password){
sleep(1); // just to discurrage brute force attacks
// Check for dbConnection
if(!dbConnector::getDbConnection()){
self::addMessage('error', "<div>No DbConnection available</div>");
return false;
}
// query all users with the entered name
$user = dbConnector::query(
"SELECT `id`, `loginName`, `pwHash`, `config` FROM `wkParticipo_Users` WHERE `loginName` = :loginName",
['loginName' => ['value'=>$loginName, 'data_type'=>PDO::PARAM_STR]]
);
// If there is no such user OR the password isn't valid the login fails
if( empty($user || !password_verify( $password, $user['pwHash']) )){
sleep(5); // discourage brute force attacks
self::addMessage('error', "<div>Falsches Passwort oder LoginName</div>");
return false;
}
session_start();
// case valid login: Set the session data
$_SESSION = array(
'login' => true,
'user' => array(
'username' => $row['loginName'],
'userId' => $row['id'],
'userConfig' => json_decode($row['config'], true)
)
);
// Logging Logins
logLoginsToJsonFile($_SESSION['user']['username']);
self::addMessage('success', "<div>Anmeldung erfolgreich</div>");
return true;
}
}
/**
* Action element of an MaterializeCss (App-)card
*/
@@ -273,4 +351,111 @@ function logLoginsToJsonFile($userName, $fileName="lastLogins.json"){
}
}
class dbConnector{
static private $db = null;
// connect to the database
public static function connect($hostname, $dbName, $user, $password){
return self::setDbConnection( self::connectToPdo($hostname, $dbName, $user, $password) );
}
public static function getDbConnection(){return self::$db;}
/// perform a pdo-query
///
/// @param $aQueryString
/// @param $aBindArray e.g. array(
/// ':userId' => array('value'=>$anUserId, 'data_type'=>PDO::PARAM_INT),
/// ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) )
/// @param $someOption
function query($aQueryString, $aBindArray = array(), $someOptions = array()){
// Standardbelegungen
if( empty($someOptions['dbCharset' ]) ) $someOptions['dbCharset' ] = "ISO-8859-1";
if( empty($someOptions['outCharset']) ) $someOptions['outCharset'] = "UTF-8";
if( empty($someOptions['dontFetch' ]) ) $someOptions['dontFetch' ] = false;
/// @toDo: Bisher wird nur die Rückgabe konvertiert. Eigentlich muss
/// doch auch die Eingabe konvertiert werden. Aber das jetzt
/// umzustellen wird schwer! Die User im Wettkampfplaner sind ja z.B.
/// als UTF8 in latin1(?) gespeichert.
/// @toDo: Die Standardwerte sollten vielleicht aus einer config
/// kommen, nicht hardcoded
try{
$pdoStatement = self::$db->prepare( $aQueryString );
foreach( $aBindArray as $bindName => $bind ){
if( $bind['data_type'] == PDO::PARAM_STR)
$bind['value'] = iconv(
$someOptions['outCharset'],
$someOptions['dbCharset'],
$bind['value']
);
$pdoStatement->bindValue(
$bindName,
$bind['value'],
(isset($bind['data_type'])?$bind['data_type']:PDO::PARAM_STR)
);
}
$pdoResult = $pdoStatement->execute();
if(!$pdoResult){
echo("Error during dbQuery!\n");
echo("DB-Error:\n"); var_dump(self::$db->errorInfo());
}
if($someOptions['dontFetch']){
$ret = NULL;
}
else{
$ret = $pdoStatement->fetchAll(PDO::FETCH_ASSOC);
}
}
catch(PDOException $db_error){
print "Error!: " . $db_error->getMessage() . "<br/>";
return null;
}
// Zeichensatzkonvertierung
if( is_array($ret) ){
foreach($ret as &$entry){
array_walk(
$entry,
function (&$value, $key, $someOptions) {
$value = iconv($someOptions['dbCharset'], $someOptions['outCharset'], $value);
},
$someOptions
);
}
}
return $ret;
}
// get a Connection to the database
static private function connectToPdo($hostname, $dbName, $user, $password){
$dbConnection=null;
try{
$dbConnection = new PDO(
'mysql:host='.$hostname.';dbname='.$dbName,
$user,
$password
);
}
catch(PDOException $dbError){
echo( "Error whilst getting a dbConnection!: " . $dbError->getMessage() );
}
return $dbConnection;
}
// set the dbConnection (just setting, no establishing)
private static function setDbConnection($dbConnection){
$success = false;
if($dbConnection instanceof PDO){
self::$db = $dbConnection;
$success = true;
}
else{
self::$db = null;
}
}
}
?>