initial draft of the achievement system

homepage/machs/auth.php

@@ -0,0 +1,16 @@
+<?php
+session_start();
+	// Falls der serverseitige Logincookie nicht gesetzt ist, 
+	// leite zur loginSeite weiter
+ 	if (empty($_SESSION['login'])) {
+		header('Location: login.php', TRUE, 301);
+		exit;
+	} else {
+		$login_status = 
+			"<div style=\"border: 1px solid black\">".
+				"Datum: ".date("Y-m-d")."<br />".
+				"Angemeldet als <strong>".htmlspecialchars($_SESSION['user']['username'])."</strong> angemeldet.<br />".
+				"<a href=\"logout.php\">Sitzung beenden</a>".
+			"</div>";
+	}
+?>

homepage/machs/config.php

@@ -0,0 +1,8 @@
+<?php
+
+$config['basePath'] = "/users/cwsvjudo/www";
+
+$config['baseUrl'] = "http://cwsvjudo.bplaced.net";
+$config['ressourceUrl'] = "http://cwsvjudo.bplaced.net/ressourcen";
+
+?>

homepage/machs/index.php

@@ -0,0 +1,57 @@
+<?php
+setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
+	require_once("config.php");
+	
+	require_once("./local/dbConf.php");
+	require_once("./local/achievementsConf.php");
+
+	require_once("./lib/achievementsLib.php");
+
+	require_once("./auth.php");
+
+	$basePath = "/users/cwsvjudo/www";
+	require_once($basePath."/config/cwsvJudo.config.php");
+	require_once($basePath."/config/phpcount.config.php");
+	require_once($basePath."/ressourcen/phpLib/phpcount/phpcount.php");
+	require_once($basePath."/ressourcen/phpLib/cwsvJudo/miscAssis.php");
+
+	$dbConnection = getCwsvJudoDbConn();
+
+	try{
+		$results = dbQuery(
+			$dbConnection, 
+			"SELECT * FROM cwsvjudo.achievements;"
+		);
+	}
+	catch(PDOException $db_error){
+		print "Error!: " . $db_error->getMessage() . "<br/>queryString: ".$queryString."<br />"; var_dump($bindArray);
+	}
+
+?>
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="utf-8" />
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+		
+		<title>Achievements</title>
+		<meta name="description" content="Achievements">
+		
+		<link rel="icon" href="<?echo($config['ressourceUrl']);?>/graphiken/icons/cwsv.ico" />
+		<link rel="apple-touch-icon" href="<?echo($config['baseUrl']);?>/apple-touch-icon.png">
+		
+		<style>
+			<?php 
+#				$css = file_get_contents( $basePath."/pages/desktop/wkParticipo/wkParticipo.css");
+#				echo(colorThemeCss($_SESSION['user']['userConfig']['colors']));
+#				echo($css);
+			?>
+		</style>
+	</head>
+	<body>
+		<?php echo $login_status; ?>
+		<h1>Achievements</h1>
+		<?php echo( arrayKeyed2htmlTableString($results, ["id", "name", "rootId", "level", "description"], $withCaption = true) );?>
+	</body>
+</html>
+

homepage/machs/lib/achievementsLib.php

@@ -0,0 +1,36 @@
+<?php
+// Eine Fehler/Warnung/Notiz/Erfolgsmeldung als divBox im String zurückgeben
+function htmlRetMessage($anRetMessage){
+$retHtmlString = "";
+if( !empty($anRetMessage) ){
+	$retHtmlString .= "<div style=\"border: 1px solid;\">";
+	if( !empty($anRetMessage['error']) ){
+		$retHtmlString .= "<div style=\"border: 1px solid;\">";
+		$retHtmlString .= "ERROR:<br />";
+		$retHtmlString .= $anRetMessage['error'];
+		$retHtmlString .= "</div>";
+	}
+	if( !empty($anRetMessage['warning']) ){
+		$retHtmlString .= "<div style=\"border: 1px solid;\">";
+		$retHtmlString .= "WARNING:<br />";
+		$retHtmlString .= $anRetMessage['warning'];
+		$retHtmlString .= "</div>";
+	}
+	if( !empty($anRetMessage['notice']) ){
+		$retHtmlString .= "<div style=\"border: 1px solid;\">";
+		$retHtmlString .= "Info:<br />";
+		$retHtmlString .= $anRetMessage['notice'];
+		$retHtmlString .= "</div>";
+	}
+	if( !empty($anRetMessage['success']) ){
+		$retHtmlString .= "<div style=\"border: 1px solid;\">";
+		$retHtmlString .= "SUCCESS:<br />";
+		$retHtmlString .= $anRetMessage['success'];
+		$retHtmlString .= "</div>";
+	}
+	$retHtmlString .= "</div>";
+}
+//	print_r($anRetMessage);
+return $retHtmlString;
+}
+?>

homepage/machs/local/.htaccess

@@ -0,0 +1 @@
+Deny from all

homepage/machs/local/achievementsConf.php

@@ -0,0 +1,10 @@
+<?php
+// Die Domains, Basedomain und Subdomain sind nicht wörtlich zu nehmen
+// effektiv ist es einfach eine Zweiteilung des Domainnamens
+	$wkParticipoConf['baseDomain'] = "cwsvjudo.bplaced.net";
+	$wkParticipoConf['subDomain'] = "";
+/// Basis(/Root)-Verzeichnis auf dem Server (für Dateizugriffe, insbesondere phpIncludes)
+	$wkParticipoConf['basePath'] = "/users/cwsvjudo/www";
+	$wkParticipoConf['rootDir'] = "/pages/desktop/wkParticipo";
+	$wkParticipoConf['adminEmail'] = "cwsvjudo@arcor.de";
+?>

homepage/machs/local/dbConf.php

@@ -0,0 +1,8 @@
+<?php
+
+$db_server='localhost';
+$db_user='cwsvjudo';
+$db_password='***REMOVED***';
+$db_name='cwsvjudo';
+
+?>

homepage/machs/login.php

@@ -0,0 +1,101 @@
+<?php
+setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
+
+	require_once("config.php");
+	
+	require_once("./local/dbConf.php");
+	require_once("./local/achievementsConf.php");
+
+	require_once("./lib/achievementsLib.php");
+
+function checkCredentials($username, $password, $db_server, $db_user, $db_password, $db_name){
+	$mysqli = @new mysqli($db_server, $db_user, $db_password, $db_name);
+	if ($mysqli->connect_error) {
+		$message['error'] = 'Datenbankverbindung fehlgeschlagen: ' . $mysqli->connect_error;
+	} else {
+		$query = sprintf(
+			"SELECT id, loginName, pwHash, config FROM wkParticipo_Users WHERE loginName = '%s'",
+			$mysqli->real_escape_string($_POST['f']['username'])
+		);
+		$result = $mysqli->query($query);
+		if ($row = $result->fetch_array(MYSQLI_ASSOC)) {
+			if( password_verify( $_POST['f']['password'], $row['pwHash']) ){
+				session_start();
+				$_SESSION = array(
+					'login' => true,
+					'user'  => array(
+						'username'  => $row['loginName'],
+						'userId' => $row['id'],
+						'userConfig' => json_decode($row['config'], true)
+					),
+				);
+				$message['success'] = 'Anmeldung erfolgreich, <a href="index.php">weiter zum Inhalt</a>.';				
+				header('Location: http://' . $_SERVER['HTTP_HOST'] . '/achievements?user=' . $_POST['f']['username']);
+			} else {
+				sleep(1);
+				$message['error'] = 'Das Kennwort ist nicht korrekt.';
+			}
+		}
+	}
+return $message;
+}
+
+
+if (isset($_SESSION['login'])) {
+	header('Location: http://' . $_SERVER['HTTP_HOST'] . '/index.php');
+}
+else{
+	if (!empty($_POST)) {
+		if (
+			empty($_POST['f']['username']) ||
+			empty($_POST['f']['password'])
+		) {
+			$message['error'] = 'Es wurden nicht alle Felder ausgefüllt.';
+		} else {
+			
+			$message = checkCredentials($_POST['f']['username'], $_POST['f']['password'], $db_server, $db_user, $db_password, $db_name);
+			if( !isset($message['error']) )
+				$message['notice'] = "Achievement-System der Judoka des Chemnitzer WSV";
+		}
+	}
+}
+?>
+<!DOCTYPE html>
+<html>
+	<head>
+		<meta charset="utf-8" />
+		<title>Wettkampfplanung - Login</title>
+		<meta name="description" content="Loginseite des Achievementsystemes der Judoka des CWSV">
+
+		<link rel="stylesheet" href="style.css">
+		<meta name="viewport" content="width=device-width, initial-scale=1.0" />
+	</head>
+	<body>
+		<h1>Achievementsystem der Judoka des Chemnitzer WSV</h1>
+		<?php echo(htmlRetMessage($message));?>
+		<form class="loginForm" action="./login.php" method="post">
+			<fieldset>
+				<legend>Benutzerdaten</legend>
+				<div>
+					<label for="username">Benutzername</label>
+					<input  id="username"type="text" name="f[username]" <?php echo isset($_POST['f']['username']) ? ' value="' . htmlspecialchars($_POST['f']['username']) . '"' : '' ?> />
+				</div>
+				<div>
+					<label for="password">Kennnwort</label>
+					<input  id="password" type="password" name="f[password]" />
+				</div>
+			</fieldset>
+			<fieldset>
+				<div>
+					<button type="submit" name="submit" value="Anmelden">Anmelden</button>
+				</div>
+			</fieldset>
+			<fieldset class="notice"><legend>Hinweise</legend>
+				<ul>
+					<li>Logindaten sind über den Übungsleiter zu beantragen.</li>
+					<li>Dieses Projekt ist in mehr oder weniger aktiven Entwicklung. Sollte mal was nicht funktionieren, kann es sein, dass ich gerade daran herumschreibe. Also ruhig zu einem späteren Zeitpunkt noch einmal probieren.</li>
+				</ul>
+			</fieldset>
+		</form>
+	</body>
+</html>

homepage/machs/machs.php

@@ -0,0 +1,203 @@
+<?php
+error_reporting(E_ALL | E_STRICT); 
+ini_set('display_errors',1);
+
+
+$basePath = "/users/cwsvjudo/www";
+
+	require_once($basePath."/config/cwsvJudo.config.php");
+	require_once($basePath."/ressourcen/phpLib/cwsvJudo/miscAssis.php");
+
+/// einem User ein achievement zuordnen
+///
+/// @param $aDbConnection PDO-Datenbankverbindung, die benutzt werden soll
+/// @param $anUserId ID des Users, der das Attribut erhalten soll
+/// @param $anachievementId ID des zu vergebenden Attributes
+///
+/// - Es erfolgt keine Kontrolle, ob:
+///   - die achievementId überhaupt existiert,
+///   - ob die userId überhaupt existiert,
+///   - ob der User das achievement bereits hat,
+function giveUserAnAchievment($aDbConnection, $anUserId, $anAchievementId){
+	withdrawUsersAchievement($aDbConnection, $anUserId, $anAchievementId);
+	try{
+		dbQuery(
+			$aDbConnection, 
+			"INSERT INTO `achievements<=>user` (userId, achievementId) VALUES (:userId, :achievementId);", 
+			array( 
+				':userId'       => array('value'=>$anUserId,      'data_type'=>PDO::PARAM_INT), 
+				':achievementId'=> array('value'=>$anAchievementId, 'data_type'=>PDO::PARAM_INT) 
+			)
+		);
+	}
+	catch(PDOException $db_error){
+		print "Error!: " . $db_error->getMessage() . "<br/>queryString: ".$queryString."<br />"; var_dump($bindArray);
+	}
+return;
+}
+
+/// einem User ein Achievement entziehen
+function withdrawUsersAchievement($aDbConnection, $anUserId, $anAchievementId, $limit = NULL){
+	try{
+// Variablen für das Binden an die Query vorbereiten
+// inklusive Validierung der Werte
+		$bindArray = array();
+		if( is_positive_integer( $anUserId ) ){
+			$bindArray[':userId'] = array('value'=>$anUserId, 'data_type'=>PDO::PARAM_INT);
+		}
+		else{
+			throw new InvalidArgumentException("withdrawUsersAchievement: userId must be positive integer!");
+		}
+		if( is_positive_integer($anAchievementId) ){
+			$bindArray[':achievementId'] = array('value'=>$anAchievementId, 'data_type'=>PDO::PARAM_INT);
+		}
+		else{
+			throw new InvalidArgumentException("withdrawUsersAchievement: anAchievementId must be positive integer");
+		}
+		if( is_positive_integer( $limit ) ){
+			$bindArray[':limit'] = array('value' => $limit, 'data_type' => PDO::PARAM_INT);
+		}
+
+// Zusammenstellen der Query
+		$queryString = 
+			"DELETE FROM `achievements<=>user` ".
+				"WHERE `userId`=:userId ".
+				"AND `achievementId`=:achievementId".
+				(is_positive_integer( $limit )?" LIMIT :limit":"").
+			";";
+
+		echo("queryString: ".$queryString."<br />"); var_dump($bindArray);
+		dbQuery(
+			$aDbConnection,
+			$queryString,
+			$bindArray
+		);
+	}
+	catch(PDOException $db_error){
+		print "Error!: " . $db_error->getMessage() . "<br/>queryString: ".$queryString."<br />"; var_dump($bindArray);
+	}
+return;
+}// Ende withdrawUsersAchievement
+
+var_dump($_GET);
+
+$actions = ["giveUserAnAchievement", "withdrawUsersAchievement"];
+
+
+$dbConn = getCwsvJudoDbConn();
+$dbConn->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION );
+
+if(isset($_GET['action'])){
+	switch($_GET['action']){
+		case "giveUserAnAchievement":
+			try{
+				giveUserAnAchievment($dbConn, intval($_GET['userId']), intval($_GET['achievementId']));
+			}
+			catch(Exception $e){
+				print("UPS: ".$e->getMessage());
+			}
+		break;
+		case "withdrawUsersAchievement":
+			try{
+				withdrawUsersAchievement($dbConn, intval($_GET['userId']), intval($_GET['achievementId']));
+			}
+			catch(Exception $e){
+				print("UPS: ".$e->getMessage());
+			}
+		break;
+		default:
+			echo("Ungültige Aktion (".$_GET['action'].") erwünscht!");
+		break;
+	}
+}
+
+$users = 
+	dbQuery(
+		$dbConn, 
+		"SELECT * FROM cwsvjudo.wkParticipo_Users;"
+	);
+
+$userAchievements = 
+	dbQuery(
+		$dbConn, 
+		"SELECT * FROM cwsvjudo.achievements;"
+	);
+
+
+?>
+<html>
+	<head>
+	</head>
+	<body>
+		<form>
+			<label>Action:
+				<select name="action">
+					<option disabled selected value> -- Aktion auswählen -- </option>
+					<?php
+						foreach($actions as $action)
+							echo("<option>".$action."</option>");
+					?>
+				</select>
+			</label>
+			<label>User:
+				<select name="userId">
+					<option disabled selected value> -- User auswählen -- </option>
+					<?php
+						foreach($users as $user)
+							echo("<option value=\"".$user['id']."\">".$user['loginName']."</option>");
+					?>
+				</select>
+			</label>
+			<label>Attribut:
+				<select name="achievementId">
+					<option disabled selected value> -- Attribut auswählen -- </option>
+					<?php
+						foreach($userAchievements as $userAchievement)
+							echo("<option value=\"".$userAchievement['id']."\">".$userAchievement['name']."</option>");
+					?>
+				</select>
+			</label>
+			<button type="submit">Eingaben absenden</button>
+		</form>
+		<h1>Attribute</h1>
+		<?php echo(array2htmlTableString($userAchievements));?>
+		<?php
+			foreach($userAchievements as $userAchievement){
+				echo("<h2>".$userAchievement["name"]."</h2>");
+				// get the users with the attribute by a cross join
+				// remark: there are two id-columns, from which one gets lost (the one from the user) in the phpArray.
+				//         so we (have to) use the userId from the attribute
+				// in short attributed => userId, unattributed => id (is the id of the user)
+				$achievedUsers =
+					dbQuery(
+						$dbConn,
+						"SELECT * FROM wkParticipo_Users, `achievements<=>user` WHERE wkParticipo_Users.id = `achievements<=>user`.userId AND `achievements<=>user`.achievementId = :achievementId;", 
+						array(":achievementId"=>array('value'=>$userAchievement['id'], 'data_type'=>PDO::PARAM_INT))
+					);
+				// Add a withthraw link entry
+				foreach($achievedUsers as $index => $user){
+					$achievedUsers[$index] += ["withdrawLink" => "<a href=\"?action=withdrawUsersAchievement&userId=".$user["userId"]."&achievementId=".$userAchievement["id"]."\">withdraw ".$userAchievement["name"]."</a>"];
+				}
+				echo( "<h3>have it</h3>".arrayKeyed2htmlTableString($achievedUsers, ["userId", "name", "vorname", "withdrawLink"]) );
+				$achievedKeyList = [];
+				foreach($achievedUsers as $user){
+					$achievedKeyList[] = $user["userId"];
+				}
+				$unachievedUsers = array();
+				foreach($users as $user){
+					if(!in_array($user["id"], $achievedKeyList)){
+						$unachievedUsers[] =  $user;
+					}
+				}
+				// Add a giveAttribute link entry to every user
+				foreach($unachievedUsers as $index => $user){
+					$unachievedUsers[$index] += ["giveAchievementLink" => "<a href=\"?action=giveUserAnAchievement&userId=".$user["id"]."&achievementId=".$userAchievement["id"]."\">give Attribute ".$userAchievement["name"]."</a>"];
+				}
+				echo( "<h3>give it</h3>".arrayKeyed2htmlTableString($unachievedUsers, ["id", "name", "vorname", "giveAchievementLink"]) );
+			}
+		?>
+
+		<h1>User</h1>
+		<?php echo(array2htmlTableString($users));?>
+	</body>
+</html>