adding docu, some cleanup

homepage/participo/apiKeyTest.php

@@ -17,10 +17,11 @@ dbConnector::connect(
 
 $userId = 1;
 $apiKey = ApiKey::create();
-$rightString = 'event:' . PHP_EOL . '  id: 1';
+// $rightString = 'event:' . PHP_EOL . '  id: 1';
-$rightArray = Spyc::YAMLLoadString($rightString);
+// $rightArray = Spyc::YAMLLoadString($rightString);
+$right = 'login';
 $date = new DateTime();
-$newKey = new ApiKey(null, $userId, $apiKey, $rightString, $date->format('Y-m-d'));
+$newKey = new ApiKey(null, $userId, $apiKey, $right, $date->format('Y-m-d'));
 $newKey->addToDb();
 $loadedKey = ApiKey::loadFromDb($apiKey);
 
@@ -29,7 +30,7 @@ $loadedKey = ApiKey::loadFromDb($apiKey);
 <html>
     <body>
         <ul>
-			<li>rightsRoundabout: <?echo( $loadedKey->isValidFor($rightArray) ? 'TRUE' : 'FALSE' );?></li>
+			<li>rightsRoundabout: <?echo( $loadedKey->isValidFor($right) ? 'TRUE' : 'FALSE' );?></li>
 		</ul>
     </body>
 <html>

homepage/participo/lib/participoLib/apiKey.php

@@ -1,44 +1,82 @@
 <?php
 
-// require_once('Base62x/base62x.php');
 require_once 'participoLib/dbConnector.php';
+require_once 'participoLib/participo.php';
 
-/**
+/** Framework for apiKeys
- * Framework for apiKeys
  */
 class ApiKey
 {
+	/** unique identifier in the database
+	 *
+	 * @var int >0
+	 */
 	private $id = null;
+	/** Id of the user
+	 *
+	 * @var int > 0
+	 */
 	private $userId = null;
+	/** base62 coded key
+	 *
+	 * @var string
+	 */
 	private $key = null;
+	/** what you can do with this key
+	 *
+	 * @var array(string)
+	 */
 	private $rights = null;
+	/** until when the key is valid 
+	 * 
+	 * @var DateTime
+	 */
 	private $endDate = null;
 
+	/** Constructor
+	 *
+	 * sets all the members:
+	 * - converts the params to the internal type
+	 * - provides input sanitation
+	 * 
+	 * @param mixed $id unique identifier of the apiKey
+	 * @param mixed $userId $id of the user the apiKey belongs to
+	 * @param mixed $key key identifier/representation
+	 * @param mixed $rights set of rights describing what the key is valid for
+	 * @param mixed $endDate the last day the key will be valid
+	 */
 	public function __construct($id, $userId, $key, $rights, $endDate)
 	{
-		//! @todo input validation and sanitation
+		$this->id = filterId($id);
-		$this->id = filter_var($id, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]);
+		$this->userId = filterId($userId);
-		$this->userId = filter_var($userId, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]);
 		$this->key = self::isWellFormatted($key) ? $key : null;
 		$this->rights = explode(',', $rights);
 		$this->endDate = DateTime::createFromFormat('Y-m-d', $endDate);
 
+		// @todo It would be safer to set an endDate in the past as "default" value
 		if ($this->endDate == false) {
 			$this->endDate = null;
 		}
 	}
 
+	/** Getter for the userId
+	 *
+	 * @return int >0 representing the id of the user the apiKey is for
+	 */
 	public function getUserId()
 	{
 		return $this->userId;
 	}
 	
+	/** Getter for the apiKey
+	 *
+	 * @return string base62 coded string representing the apiKey
+	 */
 	public function getKey(){
 		return $this->key;
 	}
 	
-	/**
+	/** Checking if the apiKey is valid for a certain action
-	 * testing if the apiKey is valid for a certain action
 	 *
 	 * @param string $action the action to test the apiKey against
 	 * @return boolean true if apiKey is valid for the action, false otherwise
@@ -54,8 +92,7 @@ class ApiKey
 		);
 	}
 
-	/**
+	/** request a specific apiKey from the db
-	 * request a specific apiKey from the db
 	 *
 	 * @param string $key the key to request
 	 * @return ApiKey found in the db, null otherwise
@@ -77,6 +114,10 @@ class ApiKey
 		return ApiKey::fromDbArray($response[0]);
 	}
 
+	/** Add a key to the DB
+	 *
+	 * @return void
+	 */
 	public function addToDb()
 	{
 		$query = 'INSERT INTO `cwsvjudo`.`participo_apiKeys` (userId, apiKey, rights, endDate) VALUES (:userId, :apiKey, :rights, :endDate);';
@@ -88,6 +129,7 @@ class ApiKey
 		];
 		$response = dbConnector::query($query, $params);
 		// @todo use the response in an error handling/messaging
+		// @todo differentiate between inserting and updating if the id is set it should only be updated (e.g. prolonging)
 	}
 
 	/** create an Api key from the return of an sql select * */
@@ -102,10 +144,15 @@ class ApiKey
 		);
 	}
 
+	/**
+	 * List of symbols that can be used for the encoding
+	 *
+	 * @var string
+	 */
 	private static $BASE = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
 
-	/**
+	/** quick and dirty implementation of a convert_to_base62
-	 * quick and dirty implementation of a convert_to_base62
+	 * 
 	 * stolen from https://stackoverflow.com/a/4964352
 	 *
 	 * @param [int] $num
@@ -114,6 +161,7 @@ class ApiKey
 	 */
 	private static function toBase($num, $b = 62) :string
 	{
+		$b = filter_var($id, FILTER_VALIDATE_INT, ['options' => ['default' => strlen(self::$BASE), 'min_range' => 1]]);
 		// @todo What is with negative numbers? How are they supposed to be converted?
 		$r = $num % $b ;
 		$res = ApiKey::$BASE[$r];
@@ -126,8 +174,7 @@ class ApiKey
 		return $res;
 	}
 
-	/**
+	/** simple check if a string is a well formatted apiKey
-	 * simple check if a string a well formatted apiKey
 	 *
 	 * Basically checks, if it consists only of 0-9, a-z or A-Z
 	 *
@@ -139,8 +186,7 @@ class ApiKey
 		return (bool) preg_match('/^[0-9a-zA-Z]+$/', $string);
 	}
 
-	/**
+	/** provides a random api key value
-	 * provides a random api key value
 	 *
 	 * @return string a random api key value
 	 */
@@ -150,6 +196,7 @@ class ApiKey
 		return ApiKey::toBase(random_int(0, PHP_INT_MAX));
 	}
 
+	/** more of a backup */
 	private static function createTable()
 	{
 		dbConnector::query("CREATE TABLE `cwsvjudo`.`participo_apiKeys` (`id` INT NOT NULL AUTO_INCREMENT COMMENT 'unique identifier' , `userId` INT NOT NULL COMMENT 'id of the user the key belongs to' , `apiKey` VARCHAR(16) NOT NULL COMMENT 'the apiKey itself' , `rights` INT NOT NULL COMMENT 'a comma separated list of rights for the key' , `endDate` DATE NOT NULL COMMENT 'endDate for the apiKey' , PRIMARY KEY (`id`), UNIQUE (`key`)); ");

homepage/participo/lib/participoLib/participo.php

@@ -95,6 +95,7 @@ class participo
 						'userConfig' => $user->getConfig(),
 					]
 				];
+				logLoginsToJsonFile($user->getLoginName());
 				// we're not logged in, but authorized for the stuff we want to do. So don't redirect
 				return;
 			};