marko/cwsvJudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add apiKey management

Browse Source
This commit is contained in:
marko
2022-11-19 12:57:49 +01:00
parent b1de004603
commit 7a531a1d4c
10 changed files with 466 additions and 236 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
homepage/participo/api.apiKeys.add.php Normal file
View File

@@ -0,0 +1,38 @@
<?php
require_once 'config/participo.php';
require_once './local/cwsvJudo.php';
require_once 'participoLib/apiKey.php';
dbConnector::connect(
$cwsvJudoConfig['db']['host'],
$cwsvJudoConfig['db']['name'],
$cwsvJudoConfig['db']['user'],
$cwsvJudoConfig['db']['password']
);
$jsonPost = file_get_contents('php://input');
$call = json_decode($jsonPost, $associative = true);
if ($call) {
$allowKey = ApiKey::loadFromDb($call['apiKey']);
if (!$allowKey) {
die(json_encode(['success' => false]));
}
if (!$allowKey->isValidFor('apiKeys.create')) {
die(json_encode(['success' => false]));
}
$newKey = ApiKey::create();
$newLoginApiKey = new ApiKey(null, $call['userId'], $newKey, 'login', $call['endDate']);
$newLoginApiKey->addToDb();
$insertedApiKey = ApiKey::loadFromDb($newKey);
if (!$insertedApiKey) {
die(json_encode(['success' => false]));
}
echo(json_encode(['success' => true, 'apiKey' => $newKey]));
}

19
homepage/participo/config/participo.php
View File

@@ -1,17 +1,12 @@
<?php <?php
/// @file some variable definitions /// @file some variable definitions
$config['basePath'] = "/users/cwsvjudo/www"; $config['basePath'] = '/users/cwsvjudo/www';
$config['baseUrl'] = "http://cwsvjudo.bplaced.net"; $config['baseUrl'] = 'http://cwsvjudo.bplaced.net';
$config['ressourceUrl'] = "http://cwsvjudo.bplaced.net/ressourcen"; $config['ressourceUrl'] = 'http://cwsvjudo.bplaced.net/ressourcen';
setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge'); setlocale(LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
set_include_path( implode( set_include_path(implode(
PATH_SEPARATOR, PATH_SEPARATOR,
[ get_include_path() [get_include_path(), $config['basePath'], $config['basePath'] . '/ressourcen', $config['basePath'] . '/ressourcen/phpLib', './lib/']
, $config['basePath']
, $config['basePath']."/ressourcen/"
, $config['basePath']."/ressourcen/phpLib"
, "./lib/"]
)); ));
?>

3
homepage/participo/events.php
View File

@@ -29,13 +29,10 @@ include_once 'events.inc.php';
function openModal(modalId){ function openModal(modalId){
var modalElement = document.querySelector(modalId); var modalElement = document.querySelector(modalId);
if( modalElement === null ){ if( modalElement === null ){
console.log(`No modalElement by name ${modalId} found. Won't open!`);
return; return;
} }
var modalInstance = M.Modal.getInstance(modalElement); var modalInstance = M.Modal.getInstance(modalElement);
console.log("before opening: ", modalInstance);
modalInstance.open(); modalInstance.open();
console.log("after opening: ", modalInstance);
} }
// What to do when the document is loaded. // What to do when the document is loaded.

4
homepage/participo/index.php
View File

@@ -5,8 +5,10 @@ require_once './local/cwsvJudo.php';
require_once './lib/db.php'; // should be replaced require_once './lib/db.php'; // should be replaced
require_once './lib/api.php'; // should be replaced require_once './lib/api.php'; // should be replaced
require_once 'participoLib/participo.php'; require_once 'participoLib/participo.php';
require_once 'participoLib/planer.php'; require_once 'participoLib/planer.php';
require_once 'participoLib/apiKey.php';
require_once 'config/phpcount.config.php'; require_once 'config/phpcount.config.php';
require_once 'phpcount/phpcount.php'; require_once 'phpcount/phpcount.php';
@@ -18,10 +20,12 @@ dbConnector::connect(
$cwsvJudoConfig['db']['user'], $cwsvJudoConfig['db']['user'],
$cwsvJudoConfig['db']['password'] $cwsvJudoConfig['db']['password']
); );
eventPlaner::setDbConnection(dbConnector::getDbConnection()); eventPlaner::setDbConnection(dbConnector::getDbConnection());
participo::authentificate(); participo::authentificate();
$userData = getUserData(dbConnector::getDbConnection(), $_SESSION['user']['userId']); $userData = getUserData(dbConnector::getDbConnection(), $_SESSION['user']['userId']);
?> ?>
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>

157
homepage/participo/lib/api.php
View File

@@ -1,15 +1,16 @@
<?php <?php
function processPostData($db, $post, $redirectLocation = "."){ function processPostData($db, $post, $redirectLocation = '.')
{
sleep(1); sleep(1);
if($post['action']){ if ($post['action']) {
// if there is a redirectlocation, set it // if there is a redirectlocation, set it
if($post['redirectLocation']){ if ($post['redirectLocation']) {
$redirectLocation = $post['redirectLocation']; $redirectLocation = $post['redirectLocation'];
} }
// change a users password // change a users password
if($post['action']=="changePassword"){ if ($post['action'] == 'changePassword') {
$success = changePassword( $success = changePassword(
$db, $db,
$post['changerId'], $post['changerId'],
@@ -19,68 +20,70 @@ function processPostData($db, $post, $redirectLocation = "."){
$post['newPasswordAgain'] $post['newPasswordAgain']
); );
// append success to the redirectlocation // append success to the redirectlocation
if($success){ if ($success) {
$redirectLocation .= "?changePasswordSuccess=true"; $redirectLocation .= '?changePasswordSuccess=true';
} } else {
else{ $redirectLocation .= '?changePasswordSuccess=false';
$redirectLocation .= "?changePasswordSuccess=false";
} }
}// end changePassword }// end changePassword
// redirect to the redirectlocation // redirect to the redirectlocation
header("Location: ".$redirectLocation); header('Location: ' . $redirectLocation);
}// end processing action }// end processing action
return; return;
} }
function sendEmail($toEmail, $emailText, $emailSubject){ function sendEmail($toEmail, $emailText, $emailSubject)
try{ {
$date=new DateTime(); try {
$date = new DateTime();
mail( mail(
$toEmail, $toEmail,
$emailSubject, $emailSubject,
$emailText $emailText
); );
} } catch(Exception $e) {
catch(Exception $e) { echo 'Message: ' . $e->getMessage();
echo 'Message: ' .$e->getMessage();
} }
} }
function attendancesAssocArray2text($attendancesAssocArray){ function attendancesAssocArray2text($attendancesAssocArray)
$ret = ""; {
foreach($attendancesAssocArray as $date => $attendees){ $ret = '';
$ret .= $date."\n"; foreach ($attendancesAssocArray as $date => $attendees) {
foreach($attendees as $a){ $ret .= $date . "\n";
foreach ($attendees as $a) {
$ret .= "\n"; $ret .= "\n";
$ret .= "Name: ".$a['name'].", ".$a['vorname']."\n"; $ret .= 'Name: ' . $a['name'] . ', ' . $a['vorname'] . "\n";
$ret .= "PLZ: ".$a['corona_PLZ']."\n"; $ret .= 'PLZ: ' . $a['corona_PLZ'] . "\n";
$ret .= "Tel.: ".$a['corona_telephon']."\n"; $ret .= 'Tel.: ' . $a['corona_telephon'] . "\n";
$ret .= "eMail: ".$a['corona_eMail']."\n"; $ret .= 'eMail: ' . $a['corona_eMail'] . "\n";
} }
$ret .= "\n"; $ret .= "\n";
} }
return $ret; return $ret;
} }
function attendancesAssocArray2mdList($attendancesAssocArray, $date=null){ function attendancesAssocArray2mdList($attendancesAssocArray, $date = null)
if($date == null) {
$date=new DateTime(); if ($date == null) {
$ret = "# Anwesenheitsliste zur Corona-Kontaktverfolgung der Abteilung Judo des CWSV vom ".$date->format("Y-m-d")."\n\n"; $date = new DateTime();
foreach($attendancesAssocArray as $d => $attendees){ }
$ret .= "## ".$d."\n"; $ret = '# Anwesenheitsliste zur Corona-Kontaktverfolgung der Abteilung Judo des CWSV vom ' . $date->format('Y-m-d') . "\n\n";
$i=0; foreach ($attendancesAssocArray as $d => $attendees) {
foreach($attendees as $a){ $ret .= '## ' . $d . "\n";
$i = 0;
foreach ($attendees as $a) {
$i += 1; $i += 1;
$ret .= "\n"; $ret .= "\n";
$ret .= $i." ".$a['name'].", ".$a['vorname']."\n"; $ret .= $i . ' ' . $a['name'] . ', ' . $a['vorname'] . "\n";
$ret .= " - PLZ: ".$a['corona_PLZ']."\n"; $ret .= ' - PLZ: ' . $a['corona_PLZ'] . "\n";
$ret .= " - Tel.: ".$a['corona_telephon']."\n"; $ret .= ' - Tel.: ' . $a['corona_telephon'] . "\n";
$ret .= " - eMail: ".$a['corona_eMail']."\n"; $ret .= ' - eMail: ' . $a['corona_eMail'] . "\n";
} }
$ret .= "\n"; $ret .= "\n";
} }
return $ret; return $ret;
} }
//! Checks if multiple keys exist in an array //! Checks if multiple keys exist in an array
@@ -89,19 +92,20 @@ return $ret;
//! @param array|string $keys keys to check for //! @param array|string $keys keys to check for
//! //!
//! @return bool true, if *all* keys are set in the array //! @return bool true, if *all* keys are set in the array
function array_keys_exist( array $array, $keys ) { function array_keys_exist(array $array, $keys)
if ( ! is_array( $keys ) ) { {
if (!is_array($keys)) {
$keys = func_get_args(); $keys = func_get_args();
array_shift( $keys ); array_shift($keys);
} }
$count = 0; $count = 0;
foreach ( $keys as $key ) { foreach ($keys as $key) {
if ( isset( $array[$key] ) || array_key_exists( $key, $array ) ) { if (isset($array[$key]) || array_key_exists($key, $array)) {
$count++; $count++;
} }
} }
return count( $keys ) === $count; return count($keys) === $count;
} }
/// updates users password without checking any rights /// updates users password without checking any rights
@@ -109,22 +113,22 @@ function array_keys_exist( array $array, $keys ) {
/// - $db : pdoDbConnection to use /// - $db : pdoDbConnection to use
/// - $userId : id of the user with the password to change /// - $userId : id of the user with the password to change
/// - $password : the password to set /// - $password : the password to set
function updateUserPassword($db, $userId, $password){ function updateUserPassword($db, $userId, $password)
{
// we don't save the actual password but it's hash // we don't save the actual password but it's hash
if($password != ""){ if ($password != '') {
$password = password_hash( $password, PASSWORD_DEFAULT); $password = password_hash($password, PASSWORD_DEFAULT);
} else {
$password = null;
} }
else{
$password = NULL; $query = 'UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;';
} $params = [
':val' => ['value' => $password, 'data_type' => PDO::PARAM_STR],
$query = "UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;"; ':id' => ['value' => $userId, 'data_type' => PDO::PARAM_INT]
$params = array( ];
':val' => array('value'=>$password, 'data_type'=>PDO::PARAM_STR),
':id' => array('value'=>$userId, 'data_type'=>PDO::PARAM_INT)
);
dbConnector::query($query, $params); dbConnector::query($query, $params);
return; return;
} }
@@ -134,43 +138,42 @@ function updateUserPassword($db, $userId, $password){
/// - $changerId: userId who changes the password /// - $changerId: userId who changes the password
/// - $changeeId: userId whose password should be changed /// - $changeeId: userId whose password should be changed
/// - $ownPassword: password of the user who changes the password /// - $ownPassword: password of the user who changes the password
/// - $newPasword: the new password /// - $newPassword: the new password
/// - $newPasswordAgain: controllInput of the new password /// - $newPasswordAgain: controllInput of the new password
function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain){ function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain)
{
// we need a dbConnection // we need a dbConnection
if( !$db ){ if (!$db) {
// echo("No DB!"); // echo("No DB!");
return false; return false;
} }
$changerInfo = getUserData($db, $changerId); $changerInfo = getUserData($db, $changerId);
// check the password of the changer // check the password of the changer
if( !password_verify( $changerPassword, $changerInfo['pwHash']) ){ if (!password_verify($changerPassword, $changerInfo['pwHash'])) {
// echo("Wrong changerPasswod"); // echo("Wrong changerPasswod");
return false; return false;
} }
// check if the changer is allowed to change the changees password // check if the changer is allowed to change the changees password
if ( $changerId != $changeeId ){ if ($changerId != $changeeId) {
$changersKidsIds = getUsersKidsIds($db, $changerId); $changersKidsIds = getUsersKidsIds($db, $changerId);
// if( !in_array($changeeId, $changersKidsIds) ){ // if( !in_array($changeeId, $changersKidsIds) ){
if( !isUserInKidIds($changeeId, $changersKidsIds) ){ if (!isUserInKidIds($changeeId, $changersKidsIds)) {
// echo("not your child: ".$changeeId." not in "); var_dump($changersKidsIds); // echo("not your child: ".$changeeId." not in "); var_dump($changersKidsIds);
return false; return false;
} }
} }
// check if the two inputs are the same // check if the two inputs are the same
if( $newPassword != $newPasswordAgain ){ if ($newPassword != $newPasswordAgain) {
// echo("new pw missmatch"); // echo("new pw missmatch");
return false; return false;
} }
updateUserPassword($db, $changeeId, $newPassword); updateUserPassword($db, $changeeId, $newPassword);
return true; return true;
} }
?>

153
homepage/participo/lib/participoLib/apiKey.php Normal file
View File

@@ -0,0 +1,153 @@
<?php
// require_once('Base62x/base62x.php');
require_once 'participoLib/dbConnector.php';
/**
* Framework for apiKeys
*/
class ApiKey
{
private $id = null;
private $userId = null;
private $key = null;
private $rights = null;
private $endDate = null;
public function __construct($id, $userId, $key, $rights, $endDate)
{
//! @todo input validation and sanitation
$this->id = filter_var($id, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]);
$this->userId = filter_var($userId, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]);
$this->key = self::isWellFormatted($key) ? $key : null;
$this->rights = explode(',', $rights);
$this->endDate = DateTime::createFromFormat('Y-m-d', $endDate);
if ($this->endDate == false) {
$this->endDate = null;
}
}
public function getUserId()
{
return $this->userId;
}
/**
* testing if the apiKey is valid for a certain action
*
* @param string $action the action to test the apiKey against
* @return boolean true if apiKey is valid for the action, false otherwise
*/
public function isValidFor(string $action)
{
// @todo add as validation: does the user exist and is 'active' (?)
$today = new DateTime();
return (
$this->id != null
&& in_array($action, $this->rights)
&& ($this->endDate->format('Y-m-d') >= $today->format('Y-m-d'))
);
}
/**
* request a specific apiKey from the db
*
* @param string $key the key to request
* @return ApiKey found in the db, null otherwise
*/
public static function loadFromDb(string $key)
{
if (!self::isWellFormatted($key)) {
return null;
}
$query = 'SELECT * FROM `cwsvjudo`.`participo_apiKeys` WHERE apiKey = :key;';
$params = [':key' => ['value' => $key, 'data_type' => PDO::PARAM_STR]];
$response = dbConnector::query($query, $params);
// apiKeys are considered unique. so every other count is treated as error to prevent unprivileged access
if (count($response) != 1) {
return null;
}
return ApiKey::fromDbArray($response[0]);
}
public function addToDb()
{
$query = 'INSERT INTO `cwsvjudo`.`participo_apiKeys` (userId, apiKey, rights, endDate) VALUES (:userId, :apiKey, :rights, :endDate);';
$params = [
':userId' => ['value' => $this->userId, 'data_type' => PDO::PARAM_INT],
':apiKey' => ['value' => $this->key, 'data_type' => PDO::PARAM_STR],
':rights' => ['value' => implode(',', $this->rights), 'data_type' => PDO::PARAM_STR],
':endDate' => ['value' => $this->endDate->format('Y-m-d'), 'data_type' => PDO::PARAM_STR]
];
$response = dbConnector::query($query, $params);
// @todo use the response in an error handling/messaging
}
/** create an Api key from the return of an sql select * */
private static function fromDbArray(array $apiKey)
{
return new ApiKey(
$apiKey['id'] ?? null,
$apiKey['userId'] ?? null,
$apiKey['apiKey'] ?? null,
$apiKey['rights'] ?? null,
$apiKey['endDate'] ?? null
);
}
private static $BASE = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
/**
* quick and dirty implementation of a convert_to_base62
* stolen from https://stackoverflow.com/a/4964352
*
* @param [int] $num
* @param integer $b
* @return void
*/
private static function toBase($num, $b = 62) :string
{
// @todo What is with negative numbers? How are they supposed to be converted?
$r = $num % $b ;
$res = ApiKey::$BASE[$r];
$q = floor($num / $b);
while ($q) {
$r = $q % $b;
$q = floor($q / $b);
$res = ApiKey::$BASE[$r] . $res;
}
return $res;
}
/**
* simple check if a string a well formatted apiKey
*
* Basically checks, if it consists only of 0-9, a-z or A-Z
*
* @param string $string string to check
* @return boolean true if it is base62 encoded, false otherwise
*/
public static function isWellFormatted(string $string)
{
return (bool) preg_match('/^[0-9a-zA-Z]+$/', $string);
}
/**
* provides a random api key value
*
* @return string a random api key value
*/
public static function create()
{
// @todo What is with negative numbers? How are they supposed to be converted?
return ApiKey::toBase(random_int(0, PHP_INT_MAX));
}
private static function createTable()
{
dbConnector::query("CREATE TABLE `cwsvjudo`.`participo_apiKeys` (`id` INT NOT NULL AUTO_INCREMENT COMMENT 'unique identifier' , `userId` INT NOT NULL COMMENT 'id of the user the key belongs to' , `apiKey` VARCHAR(16) NOT NULL COMMENT 'the apiKey itself' , `rights` INT NOT NULL COMMENT 'a comma separated list of rights for the key' , `endDate` DATE NOT NULL COMMENT 'endDate for the apiKey' , PRIMARY KEY (`id`), UNIQUE (`key`)); ");
}
}

123
homepage/participo/lib/participoLib/dbConnector.php Normal file
View File

@@ -0,0 +1,123 @@
<?php
/**
* interface for connecting and communicating with a database
*/
class dbConnector
{
private static $db = null;
// connect to the database
public static function connect($hostname, $dbName, $user, $password)
{
return self::setDbConnection(self::connectToPdo($hostname, $dbName, $user, $password));
}
public static function getDbConnection()
{
return self::$db;
}
/// perform a pdo-query
///
/// @param $aQueryString
/// @param $aBindArray e.g. array(
/// ':userId' => array('value'=>$anUserId, 'data_type'=>PDO::PARAM_INT),
/// ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) )
/// @param $someOption
public static function query($aQueryString, $aBindArray = [], $someOptions = [])
{
// var_dump($aQueryString, $aBindArray);
// Standardbelegungen
if (empty($someOptions['dbCharset'])) {
$someOptions['dbCharset'] = 'ISO-8859-1';
}
if (empty($someOptions['outCharset'])) {
$someOptions['outCharset'] = 'UTF-8';
}
if (empty($someOptions['dontFetch'])) {
$someOptions['dontFetch'] = false;
}
/// @toDo: Bisher wird nur die Rückgabe konvertiert. Eigentlich muss
/// doch auch die Eingabe konvertiert werden. Aber das jetzt
/// umzustellen wird schwer! Die User im Wettkampfplaner sind ja z.B.
/// als UTF8 in latin1(?) gespeichert.
/// @toDo: Die Standardwerte sollten vielleicht aus einer config
/// kommen, nicht hardcoded
try {
$pdoStatement = self::$db->prepare($aQueryString);
foreach ($aBindArray as $bindName => $bind) {
if ($bind['data_type'] == PDO::PARAM_STR) {
$bind['value'] = iconv(
$someOptions['outCharset'],
$someOptions['dbCharset'],
$bind['value']
);
}
$pdoStatement->bindValue(
$bindName,
$bind['value'],
(isset($bind['data_type']) ? $bind['data_type'] : PDO::PARAM_STR)
);
}
$pdoResult = $pdoStatement->execute();
if (!$pdoResult) {
echo("Error during dbQuery!\n");
echo("DB-Error:\n");
var_dump(self::$db->errorInfo());
}
if ($someOptions['dontFetch']) {
$ret = null;
} else {
$ret = $pdoStatement->fetchAll(PDO::FETCH_ASSOC);
}
} catch(PDOException $db_error) {
print 'Error!: ' . $db_error->getMessage() . '<br/>';
return null;
}
// Zeichensatzkonvertierung
if (is_array($ret)) {
foreach ($ret as &$entry) {
array_walk(
$entry,
function (&$value, $key, $someOptions) {
$value = iconv($someOptions['dbCharset'], $someOptions['outCharset'], $value);
},
$someOptions
);
}
}
return $ret;
}
// get a Connection to the database
private static function connectToPdo($hostname, $dbName, $user, $password)
{
// var_dump($hostname, $dbName, $user, $password);
$dbConnection = null;
try {
$dbConnection = new PDO(
'mysql:host=' . $hostname . ';dbname=' . $dbName,
$user,
$password
);
} catch(PDOException $dbError) {
echo('Error whilst getting a dbConnection!: ' . $dbError->getMessage());
}
return $dbConnection;
}
// set the dbConnection (just setting, no establishing)
private static function setDbConnection($dbConnection)
{
$success = false;
if ($dbConnection instanceof PDO) {
self::$db = $dbConnection;
$success = true;
} else {
self::$db = null;
}
}
}

150
homepage/participo/lib/participoLib/participo.php
View File

@@ -1,4 +1,6 @@
<?php <?php
require_once 'participoLib/dbConnector.php';
// require_once("spyc/Spyc.php"); // require_once("spyc/Spyc.php");
class participo class participo
@@ -43,6 +45,34 @@ class participo
public static function authentificate() public static function authentificate()
{ {
session_start(); session_start();
// check if an api key was received
if (array_key_exists('apiKey', $_GET)) {
$key = ApiKey::loadFromDb($_GET['apiKey']);
if ($key) {
if ($key->isValidFor('login')) {
// query *all* users with the entered name
// @todo check for e.g., len(user)=1
// @todo getUser?
$user = dbConnector::query(
'SELECT `id`, `loginName`, `config` FROM `wkParticipo_Users` WHERE `id` = :id',
['id' => ['value' => $key->getUserId(), 'data_type' => PDO::PARAM_INT]]
);
$user = $user[0];
// case valid login: Set the session data
$_SESSION = [
'login' => true,
'user' => [
'username' => $user['loginName'],
'userId' => $user['id'],
'userConfig' => json_decode($user['config'], true)
]
];
};
}
}
if (!self::isLoginValid()) { if (!self::isLoginValid()) {
header('Location: login?returnToUrl=' . urlencode($_SERVER['REQUEST_URI'] . ($_POST['fragment'] ?? '')), true, 301); header('Location: login?returnToUrl=' . urlencode($_SERVER['REQUEST_URI'] . ($_POST['fragment'] ?? '')), true, 301);
exit(); // should'nt matter exit(); // should'nt matter
@@ -430,126 +460,6 @@ function logLoginsToJsonFile($userName, $fileName = 'lastLogins.json')
} }
} }
/**
* interface for connecting and communicating with a database
*/
class dbConnector
{
private static $db = null;
// connect to the database
public static function connect($hostname, $dbName, $user, $password)
{
return self::setDbConnection(self::connectToPdo($hostname, $dbName, $user, $password));
}
public static function getDbConnection()
{
return self::$db;
}
/// perform a pdo-query
///
/// @param $aQueryString
/// @param $aBindArray e.g. array(
/// ':userId' => array('value'=>$anUserId, 'data_type'=>PDO::PARAM_INT),
/// ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) )
/// @param $someOption
public static function query($aQueryString, $aBindArray = [], $someOptions = [])
{
// Standardbelegungen
if (empty($someOptions['dbCharset'])) {
$someOptions['dbCharset'] = 'ISO-8859-1';
}
if (empty($someOptions['outCharset'])) {
$someOptions['outCharset'] = 'UTF-8';
}
if (empty($someOptions['dontFetch'])) {
$someOptions['dontFetch'] = false;
}
/// @toDo: Bisher wird nur die Rückgabe konvertiert. Eigentlich muss
/// doch auch die Eingabe konvertiert werden. Aber das jetzt
/// umzustellen wird schwer! Die User im Wettkampfplaner sind ja z.B.
/// als UTF8 in latin1(?) gespeichert.
/// @toDo: Die Standardwerte sollten vielleicht aus einer config
/// kommen, nicht hardcoded
try {
$pdoStatement = self::$db->prepare($aQueryString);
foreach ($aBindArray as $bindName => $bind) {
if ($bind['data_type'] == PDO::PARAM_STR) {
$bind['value'] = iconv(
$someOptions['outCharset'],
$someOptions['dbCharset'],
$bind['value']
);
}
$pdoStatement->bindValue(
$bindName,
$bind['value'],
(isset($bind['data_type']) ? $bind['data_type'] : PDO::PARAM_STR)
);
}
$pdoResult = $pdoStatement->execute();
if (!$pdoResult) {
echo("Error during dbQuery!\n");
echo("DB-Error:\n");
var_dump(self::$db->errorInfo());
}
if ($someOptions['dontFetch']) {
$ret = null;
} else {
$ret = $pdoStatement->fetchAll(PDO::FETCH_ASSOC);
}
} catch(PDOException $db_error) {
print 'Error!: ' . $db_error->getMessage() . '<br/>';
return null;
}
// Zeichensatzkonvertierung
if (is_array($ret)) {
foreach ($ret as &$entry) {
array_walk(
$entry,
function (&$value, $key, $someOptions) {
$value = iconv($someOptions['dbCharset'], $someOptions['outCharset'], $value);
},
$someOptions
);
}
}
return $ret;
}
// get a Connection to the database
private static function connectToPdo($hostname, $dbName, $user, $password)
{
$dbConnection = null;
try {
$dbConnection = new PDO(
'mysql:host=' . $hostname . ';dbname=' . $dbName,
$user,
$password
);
} catch(PDOException $dbError) {
echo('Error whilst getting a dbConnection!: ' . $dbError->getMessage());
}
return $dbConnection;
}
// set the dbConnection (just setting, no establishing)
private static function setDbConnection($dbConnection)
{
$success = false;
if ($dbConnection instanceof PDO) {
self::$db = $dbConnection;
$success = true;
} else {
self::$db = null;
}
}
}
/** /**
* User for the Participo system * User for the Participo system
*/ */

1
homepage/participo/lib/participoLib/planer.php
View File

@@ -1,4 +1,5 @@
<?php <?php
require_once 'participoLib/apiKey.php';
/** /**
* frame for a shiai * frame for a shiai

54
homepage/participo/login.php
View File

@@ -1,36 +1,38 @@
<?php <?php
require_once("config/participo.php"); require_once 'config/participo.php';
require_once("participoLib/participo.php"); require_once 'participoLib/participo.php';
require_once 'participoLib/apiKey.php';
require_once("./local/dbConf.php");
require_once($config['basePath']."/config/cwsvJudo.config.php"); require_once './local/dbConf.php';
dbConnector::connect(
$cwsvJudoConfig["db"]["host"],
$cwsvJudoConfig["db"]["name"],
$cwsvJudoConfig["db"]["user"],
$cwsvJudoConfig["db"]["password"]
);
// Check, if the login is already set. If so move to the main page require_once $config['basePath'] . '/config/cwsvJudo.config.php';
dbConnector::connect(
$cwsvJudoConfig['db']['host'],
$cwsvJudoConfig['db']['name'],
$cwsvJudoConfig['db']['user'],
$cwsvJudoConfig['db']['password']
);
// Check, if the login is already set. If so move to the main page (or the returnToUrl)
if (isset($_SESSION['login'])) { if (isset($_SESSION['login'])) {
header("Location: http://" . ($_POST['returnToUrl'] ?? "."), TRUE, 301); header('Location: http://' . ($_POST['returnToUrl'] ?? '.'), true, 301);
} }
// Otherwise check credentials if given. // Otherwise check credentials if given.
else{ else {
if (!empty($_POST)) { if (!empty($_POST)) {
if ( if (
empty($_POST['f']['username']) || empty($_POST['f']['username']) ||
empty($_POST['f']['password']) empty($_POST['f']['password'])
) { ) {
$message = ['error' => "Es wurden nicht alle Felder ausgefüllt."]; $message = ['error' => 'Es wurden nicht alle Felder ausgefüllt.'];
} else { } else {
if( participo::checkCredentials( $_POST['f']['username'], $_POST['f']['password']) ){ if (participo::checkCredentials($_POST['f']['username'], $_POST['f']['password'])) {
$returnToUrl = ($_POST['returnToUrl'] ?? ".").($_POST['fragment'] ?? ""); $returnToUrl = ($_POST['returnToUrl'] ?? '.') . ($_POST['fragment'] ?? '');
participo::addMessage('success', "<div><a href=\"".$returnToUrl."\">weiter zum Inhalt</a>.</div>"); participo::addMessage('success', '<div><a href="' . $returnToUrl . '">weiter zum Inhalt</a>.</div>');
participo::addMessage('notice', "OnlineApps - cwsvJudo"); participo::addMessage('notice', 'OnlineApps - cwsvJudo');
header("Location: " . $returnToUrl, TRUE, 301 ); header('Location: ' . $returnToUrl, true, 301);
} }
} }
} }
@@ -44,14 +46,14 @@ else{
<meta name="viewport" content="width=device-width, initial-scale=1.0" /> <meta name="viewport" content="width=device-width, initial-scale=1.0" />
<!-- includes of neccessary libs --> <!-- includes of neccessary libs -->
<?php readfile("./shared/imports.php");?> <?php readfile('./shared/imports.php'); ?>
<title>cwsvJudo Online Apps</title> <title>cwsvJudo Online Apps</title>
<meta name="description" content="Loginseite der Online-Apps der Judoka des CWSV"> <meta name="description" content="Loginseite der Online-Apps der Judoka des CWSV">
</head> </head>
<body class="container"> <body class="container">
<h1>Loginseite der Online-Apps der Judoka des CWSV</h1> <h1>Loginseite der Online-Apps der Judoka des CWSV</h1>
<?php echo(htmlRetMessage(participo::getMessages()));?> <?php echo(htmlRetMessage(participo::getMessages())); ?>
<form action="./login.php" method="post"> <form action="./login.php" method="post">
<fieldset> <fieldset>
<legend>Benutzerdaten</legend> <legend>Benutzerdaten</legend>
@@ -63,8 +65,12 @@ else{
<label for="password">Kennnwort</label> <label for="password">Kennnwort</label>
<input id="password" type="password" name="f[password]" /> <input id="password" type="password" name="f[password]" />
</div> </div>
<?php if( isset( $_GET['returnToUrl']) ) echo("<input type=\"hidden\" name=\"returnToUrl\" value=\"".htmlspecialchars( $_GET['returnToUrl'])."\" />"); ?> <?php if (isset($_GET['returnToUrl'])) {
<?php if( isset($_POST['returnToUrl']) ) echo("<input type=\"hidden\" name=\"returnToUrl\" value=\"".htmlspecialchars($_POST['returnToUrl'])."\" />"); ?> echo('<input type="hidden" name="returnToUrl" value="' . htmlspecialchars($_GET['returnToUrl']) . '" />');
} ?>
<?php if (isset($_POST['returnToUrl'])) {
echo('<input type="hidden" name="returnToUrl" value="' . htmlspecialchars($_POST['returnToUrl']) . '" />');
} ?>
<input id="fragment" type="hidden" name="fragment" /> <input id="fragment" type="hidden" name="fragment" />
<!-- add the fragment to the post data--> <!-- add the fragment to the post data-->
<script> <script>