add apiKey management
This commit is contained in:
marko
@@ -1,4 +1,6 @@
|
||||
<?php
|
||||
|
||||
require_once 'participoLib/dbConnector.php';
|
||||
// require_once("spyc/Spyc.php");
|
||||
|
||||
class participo
|
||||
@@ -43,6 +45,34 @@ class participo
|
||||
public static function authentificate()
|
||||
{
|
||||
session_start();
|
||||
|
||||
// check if an api key was received
|
||||
if (array_key_exists('apiKey', $_GET)) {
|
||||
$key = ApiKey::loadFromDb($_GET['apiKey']);
|
||||
if ($key) {
|
||||
if ($key->isValidFor('login')) {
|
||||
// query *all* users with the entered name
|
||||
// @todo check for e.g., len(user)=1
|
||||
// @todo getUser?
|
||||
$user = dbConnector::query(
|
||||
'SELECT `id`, `loginName`, `config` FROM `wkParticipo_Users` WHERE `id` = :id',
|
||||
['id' => ['value' => $key->getUserId(), 'data_type' => PDO::PARAM_INT]]
|
||||
);
|
||||
$user = $user[0];
|
||||
|
||||
// case valid login: Set the session data
|
||||
$_SESSION = [
|
||||
'login' => true,
|
||||
'user' => [
|
||||
'username' => $user['loginName'],
|
||||
'userId' => $user['id'],
|
||||
'userConfig' => json_decode($user['config'], true)
|
||||
]
|
||||
];
|
||||
};
|
||||
}
|
||||
}
|
||||
|
||||
if (!self::isLoginValid()) {
|
||||
header('Location: login?returnToUrl=' . urlencode($_SERVER['REQUEST_URI'] . ($_POST['fragment'] ?? '')), true, 301);
|
||||
exit(); // should'nt matter
|
||||
@@ -430,126 +460,6 @@ function logLoginsToJsonFile($userName, $fileName = 'lastLogins.json')
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* interface for connecting and communicating with a database
|
||||
*/
|
||||
class dbConnector
|
||||
{
|
||||
private static $db = null;
|
||||
|
||||
// connect to the database
|
||||
public static function connect($hostname, $dbName, $user, $password)
|
||||
{
|
||||
return self::setDbConnection(self::connectToPdo($hostname, $dbName, $user, $password));
|
||||
}
|
||||
|
||||
public static function getDbConnection()
|
||||
{
|
||||
return self::$db;
|
||||
}
|
||||
|
||||
/// perform a pdo-query
|
||||
///
|
||||
/// @param $aQueryString
|
||||
/// @param $aBindArray e.g. array(
|
||||
/// ':userId' => array('value'=>$anUserId, 'data_type'=>PDO::PARAM_INT),
|
||||
/// ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) )
|
||||
/// @param $someOption
|
||||
public static function query($aQueryString, $aBindArray = [], $someOptions = [])
|
||||
{
|
||||
// Standardbelegungen
|
||||
if (empty($someOptions['dbCharset'])) {
|
||||
$someOptions['dbCharset'] = 'ISO-8859-1';
|
||||
}
|
||||
if (empty($someOptions['outCharset'])) {
|
||||
$someOptions['outCharset'] = 'UTF-8';
|
||||
}
|
||||
if (empty($someOptions['dontFetch'])) {
|
||||
$someOptions['dontFetch'] = false;
|
||||
}
|
||||
|
||||
/// @toDo: Bisher wird nur die Rückgabe konvertiert. Eigentlich muss
|
||||
/// doch auch die Eingabe konvertiert werden. Aber das jetzt
|
||||
/// umzustellen wird schwer! Die User im Wettkampfplaner sind ja z.B.
|
||||
/// als UTF8 in latin1(?) gespeichert.
|
||||
/// @toDo: Die Standardwerte sollten vielleicht aus einer config
|
||||
/// kommen, nicht hardcoded
|
||||
try {
|
||||
$pdoStatement = self::$db->prepare($aQueryString);
|
||||
foreach ($aBindArray as $bindName => $bind) {
|
||||
if ($bind['data_type'] == PDO::PARAM_STR) {
|
||||
$bind['value'] = iconv(
|
||||
$someOptions['outCharset'],
|
||||
$someOptions['dbCharset'],
|
||||
$bind['value']
|
||||
);
|
||||
}
|
||||
$pdoStatement->bindValue(
|
||||
$bindName,
|
||||
$bind['value'],
|
||||
(isset($bind['data_type']) ? $bind['data_type'] : PDO::PARAM_STR)
|
||||
);
|
||||
}
|
||||
$pdoResult = $pdoStatement->execute();
|
||||
if (!$pdoResult) {
|
||||
echo("Error during dbQuery!\n");
|
||||
echo("DB-Error:\n");
|
||||
var_dump(self::$db->errorInfo());
|
||||
}
|
||||
if ($someOptions['dontFetch']) {
|
||||
$ret = null;
|
||||
} else {
|
||||
$ret = $pdoStatement->fetchAll(PDO::FETCH_ASSOC);
|
||||
}
|
||||
} catch(PDOException $db_error) {
|
||||
print 'Error!: ' . $db_error->getMessage() . '<br/>';
|
||||
return null;
|
||||
}
|
||||
|
||||
// Zeichensatzkonvertierung
|
||||
if (is_array($ret)) {
|
||||
foreach ($ret as &$entry) {
|
||||
array_walk(
|
||||
$entry,
|
||||
function (&$value, $key, $someOptions) {
|
||||
$value = iconv($someOptions['dbCharset'], $someOptions['outCharset'], $value);
|
||||
},
|
||||
$someOptions
|
||||
);
|
||||
}
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
// get a Connection to the database
|
||||
private static function connectToPdo($hostname, $dbName, $user, $password)
|
||||
{
|
||||
$dbConnection = null;
|
||||
try {
|
||||
$dbConnection = new PDO(
|
||||
'mysql:host=' . $hostname . ';dbname=' . $dbName,
|
||||
$user,
|
||||
$password
|
||||
);
|
||||
} catch(PDOException $dbError) {
|
||||
echo('Error whilst getting a dbConnection!: ' . $dbError->getMessage());
|
||||
}
|
||||
return $dbConnection;
|
||||
}
|
||||
|
||||
// set the dbConnection (just setting, no establishing)
|
||||
private static function setDbConnection($dbConnection)
|
||||
{
|
||||
$success = false;
|
||||
if ($dbConnection instanceof PDO) {
|
||||
self::$db = $dbConnection;
|
||||
$success = true;
|
||||
} else {
|
||||
self::$db = null;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* User for the Participo system
|
||||
*/
|
||||
|
||||
Reference in New Issue
Block a user