marko/cwsvJudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

added password management

Browse Source
This commit is contained in:
marko
2021-12-13 05:23:20 +01:00
parent 681cb61698
commit bb603f4977
8 changed files with 372 additions and 153 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
homepage/participo/css/participo.css Normal file
View File

@@ -0,0 +1,11 @@
/*
on large screens add a padding on the left for the fixed sidnav
*/
header, main, footer {
padding-left: 300px;
}
@media only screen and (max-width : 992px) {
header, main, footer {
padding-left: 0;
}
}

66
homepage/participo/images/account.svg Normal file
View File

@@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<!-- Created with Inkscape (http://www.inkscape.org/) -->
<svg
xmlns:dc="http://purl.org/dc/elements/1.1/"
xmlns:cc="http://creativecommons.org/ns#"
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:svg="http://www.w3.org/2000/svg"
xmlns="http://www.w3.org/2000/svg"
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
version="1.1"
id="svg2"
xml:space="preserve"
width="6666.6665"
height="6666.6665"
viewBox="0 0 6666.6665 6666.6665"
sodipodi:docname="account.svg"
inkscape:version="0.92.4 (5da689c313, 2019-01-14)"><metadata
id="metadata8"><rdf:RDF><cc:Work
rdf:about=""><dc:format>image/svg+xml</dc:format><dc:type
rdf:resource="http://purl.org/dc/dcmitype/StillImage" /><dc:title></dc:title></cc:Work></rdf:RDF></metadata><defs
id="defs6"><clipPath
clipPathUnits="userSpaceOnUse"
id="clipPath18"><path
d="M 0,5000 H 5000 V 0 H 0 Z"
id="path16"
inkscape:connector-curvature="0" /></clipPath></defs><sodipodi:namedview
pagecolor="#ffffff"
bordercolor="#666666"
borderopacity="1"
objecttolerance="10"
gridtolerance="10"
guidetolerance="10"
inkscape:pageopacity="0"
inkscape:pageshadow="2"
inkscape:window-width="640"
inkscape:window-height="480"
id="namedview4"
showgrid="false"
inkscape:zoom="0.035400001"
inkscape:cx="3333.3333"
inkscape:cy="3333.3333"
inkscape:window-x="288"
inkscape:window-y="113"
inkscape:window-maximized="0"
inkscape:current-layer="g10" /><g
id="g10"
inkscape:groupmode="layer"
inkscape:label="account-6491185"
transform="matrix(1.3333333,0,0,-1.3333333,0,6666.6667)"><g
id="g12"><g
id="g14"
clip-path="url(#clipPath18)"><g
id="g20"
transform="translate(3839.9414,1190.9668)"><path
d="m 0,0 c -368.75,292.187 -832.91,468.994 -1339.941,468.994 -507.056,0 -971.192,-176.807 -1339.917,-468.994 -330.494,338.232 -535.083,799.951 -535.083,1309.033 0,1033.887 841.113,1875 1875,1875 1033.886,0 1875,-841.113 1875,-1875 C 535.059,799.951 330.469,338.232 0,0 m -1339.941,-565.967 c -386.89,0 -746.729,117.871 -1045.655,319.483 294.532,213.183 655.078,340.478 1045.655,340.478 390.576,0 751.123,-127.246 1045.703,-340.478 -298.975,-201.612 -658.789,-319.483 -1045.703,-319.483 m 0,4125 c -1242.627,0 -2250,-1007.348 -2250,-2250 0,-1242.627 1007.373,-2250 2250,-2250 1242.627,0 2250,1007.373 2250,2250 0,1242.652 -1007.373,2250 -2250,2250"
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path22"
inkscape:connector-curvature="0" /></g><g
id="g24"
transform="translate(2500,2125)"><path
d="M 0,0 C -310.156,0 -562.5,252.344 -562.5,562.5 -562.5,872.656 -310.156,1125 0,1125 310.156,1125 562.5,872.656 562.5,562.5 562.5,252.344 310.156,0 0,0 M 0,1500 C -517.773,1500 -937.5,1080.273 -937.5,562.5 -937.5,44.727 -517.773,-375 0,-375 517.773,-375 937.5,44.727 937.5,562.5 937.5,1080.273 517.773,1500 0,1500"
style="fill:#000000;fill-opacity:1;fill-rule:nonzero;stroke:none"
id="path26"
inkscape:connector-curvature="0" /></g></g></g></g></svg>
Side by Side

After

Width:  |  Height:  |  Size: 3.3 KiB

6
homepage/participo/index.php
View File

@@ -118,13 +118,13 @@ if($_SESSION['login']){
<div class="row" id="Configs">
<div style="padding:1%;" class="col s12 m6">
<div style="margin:1%;" class="card blue-grey darken-1">
<a href="http://cwsvjudo.bplaced.net/pages/desktop/wkParticipo/userInfo.php"><div class="card-content white-text">
<a href="./user"><div class="card-content white-text">
<span class="card-title">User-Infos</span>
<img style="max-height:10vh;" class="responsive-img" src="images/obi.svg" />
<img style="max-height:10vh;" class="responsive-img" src="images/account.svg" />
<p>Einstellungen zum Benutzer</p>
</div><a>
<div class="card-action">
<a href="http://cwsvjudo.bplaced.net/pages/desktop/wkParticipo/userInfo.php">Einstellungen</a>
<a href="./user">Einstellungen</a>
</div>
</div>
</div>

226
homepage/participo/lib/api.php
View File

@@ -1,116 +1,35 @@
<?php
function processPostData($db, $post, $redirectLocation = "."){
sleep(1);
if($post['action']){
if($post['action']=="giveUserAnAchievement"){
giveUserAnAchievement(
$db,
$post['userId'],
$post['achievementId']
);
$u = getUserData($db, $post['userId']);
$a = getAchievement($db, $post['achievementId']);
sendEmail(
"cwsvjudo@arcor.de",
"kwT",
$u['vorname']." ".$u['name']." got achievement ".$a[0]['name']
);
}
if($post['action']=="addAchievement"){
addAchievement(
$db,
$post['name'],
$post['rootId'],
$post['achievementGroupId'],
$post['level'],
$post['description'],
$post['imgUrl']
);
}
if($post['action']=="addAchievementGroup"){
addAchievementGroup(
$db,
$post['name'],
$post['rootId'],
$post['unlockingAchievementId'],
$post['imgUrl']
);
}
if($post['action']=="autoAddAchievements"){
$g=new achievementGroup;
$g->setDbConnection($db);
$g->loadAchievementGroupFromDb($post['achievementGroupId']);
$g->autoAddAchievements(
$post['messageTemplate'],
$post['from'],
$post['to'],
$post['step']
);
}
if($post['action']=="updateAchievement"){
updateAchievement(
$db,
$post['achievementId'],
$post['name'],
$post['rootId'],
$post['achievementGroupId'],
$post['level'],
$post['description'],
$post['imgUrl']
);
}
if($post['action']=="updateAchievementGroup"){
updateAchievement(
$db,
$post['achievementGroupId'],
$post['name'],
$post['rootId'],
$post['unlockingAchievementId'],
$post['imgUrl']
);
}
if($post['action']=="setBday"){
setBday(
$db,
$post['userId'],
$post['bday']
);
}
if($post['action']=="setRecord"){
$u = getUserData($db, $post['userId']);
$g = new achievementGroup;
$g->setDbConnection($db);
$g->loadAchievementGroupFromDb($post['achievementGroupId']);
sendEmail(
"cwsvjudo@arcor.de",
$u['vorname']." ".$u['name']." got ".$post['value']." in ".$g->getName(),
"[machs] Rekord eingetragen"
);
setRecord(
$db,
$post['userId'],
$post['achievementGroupId'],
$post['value']
);
}
if($post['action']=="reportRecord"){
# $u = getUserData($db, $post['userId']);
# $ag = new achievementGroup;
# achievementGroup::setDbConnection($db);
# $ag->loadAchievementGroupFromDb($post['achievementGroupId']);
$m = $post['userId']." hat in ".$post['achievementGroupId']." ".$post['value']." geschafft!";
# $m = $u['vorname']." ".$u['name']." hat in ".$ag->getName()." ".$post['value']." geschafft!";
sendEmail("cwsvjudo@arcor.de", $m, "[machs] Rekordmeldung");
}
if($post['redirectLocation'])
// if there is a redirectlocation, set it
if($post['redirectLocation']){
$redirectLocation = $post['redirectLocation'];
header("Location: ".$redirectLocation);
}
}
// change a users password
if($post['action']=="changePassword"){
$success = changePassword(
$db,
$post['changerId'],
$post['changeeId'],
$post['changerPassword'],
$post['newPassword'],
$post['newPasswordAgain']
);
// append success to the redirectlocation
if($success){
$redirectLocation .= "?changePasswordSuccess=true";
}
else{
$redirectLocation .= "?changePasswordSuccess=false";
}
}// end changePassword
// redirect to the redirectlocation
header("Location: ".$redirectLocation);
}// end processing action
return;
}
@@ -163,4 +82,95 @@ function attendancesAssocArray2mdList($attendancesAssocArray, $date=null){
}
return $ret;
}
//! Checks if multiple keys exist in an array
//!
//! @param array $array array to check for key
//! @param array|string $keys keys to check for
//!
//! @return bool true, if *all* keys are set in the array
function array_keys_exist( array $array, $keys ) {
if ( ! is_array( $keys ) ) {
$keys = func_get_args();
array_shift( $keys );
}
$count = 0;
foreach ( $keys as $key ) {
if ( isset( $array[$key] ) || array_key_exists( $key, $array ) ) {
$count++;
}
}
return count( $keys ) === $count;
}
/// updates users password without checking any rights
/// params:
/// - $db : pdoDbConnection to use
/// - $userId : id of the user with the password to change
/// - $password : the password to set
function updateUserPassword($db, $userId, $password){
// we don't save the actual password but it's hash
if($password != ""){
$password = password_hash( $password, PASSWORD_DEFAULT);
}
else{
$password = NULL;
}
$query = "UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;";
$params = array(
':val' => array('value'=>$password, 'data_type'=>PDO::PARAM_STR),
':id' => array('value'=>$userId, 'data_type'=>PDO::PARAM_INT)
);
dbQuery($db, $query, $params);
return;
}
/// Change a users password (apiFunction)
/// params:
/// - $db: dbConnection to use
/// - $changerId: userId who changes the password
/// - $changeeId: userId whose password should be changed
/// - $ownPassword: password of the user who changes the password
/// - $newPasword: the new password
/// - $newPasswordAgain: controllInput of the new password
function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain){
// we need a dbConnection
if( !$db ){
// echo("No DB!");
return false;
}
$changerInfo = getUserData($db, $changerId);
// check the password of the changer
if( !password_verify( $changerPassword, $changerInfo['pwHash']) ){
// echo("Wrong changerPasswod");
return false;
}
// check if the changer is allowed to change the changees password
if ( $changerId != $changeeId ){
$changersKidsIds = getUsersKidsIds($db, $changerId);
// if( !in_array($changeeId, $changersKidsIds) ){
if( !isUserInKidIds($changeeId, $changersKidsIds) ){
// echo("not your child: ".$changeeId." not in "); var_dump($changersKidsIds);
return false;
}
}
// check if the two inputs are the same
if( $newPassword != $newPasswordAgain ){
// echo("new pw missmatch");
return false;
}
updateUserPassword($db, $changeeId, $newPassword);
return true;
}
?>

10
homepage/participo/lib/db.php
View File

@@ -193,6 +193,16 @@ SQL;
return $result;
}
function isUserInKidIds($uId, $idList){
foreach($idList as $id){
if($id['kidId'] == $uId)
return true;
}
return false;
}
// @todo: Achtung, als id ist die id der Vormundschaft gespeichert. Unter kidId die des Kindes.
function getUsersKids($db, $userId){
$query = <<<SQL
SELECT *

1
homepage/participo/markdown Symbolic link
View File

@@ -0,0 +1 @@
../../DieJudoGürtelprüfung/markdown/

8
homepage/participo/shared/imports.php Normal file
View File

@@ -0,0 +1,8 @@
<!-- Compiled and minified CSS -->
<link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/@materializecss/materialize@1.1.0-alpha/dist/css/materialize.min.css">
<!-- Compiled and minified JavaScript -->
<script src="https://cdn.jsdelivr.net/npm/@materializecss/materialize@1.1.0-alpha/dist/js/materialize.min.js"></script>
<!--Import Google Icon Font-->
<link rel="stylesheet" href="https://fonts.googleapis.com/icon?family=Material+Icons">
<!-- participo specific style adjustments -->
<link rel="stylesheet" href="css/participo.css">

197
homepage/participo/user.php
View File

@@ -12,6 +12,19 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
require_once($config['basePath']."/config/cwsvJudo.config.php");
require_once($config['basePath']."/config/phpcount.config.php");
$dbConnection = getPdoDbConnection(
$cwsvJudoConfig["db"]["host"],
$cwsvJudoConfig["db"]["name"],
$cwsvJudoConfig["db"]["user"],
$cwsvJudoConfig["db"]["password"]
);
$userData = getUserData($dbConnection, $_SESSION['user']['userId']);
$usersKids = getUsersKids($dbConnection, $_SESSION['user']['userId']);
processPostData($dbConnection, $_POST);
?>
<!DOCTYPE html>
<html>
@@ -20,7 +33,7 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
<meta name="viewport" content="width=device-width, initial-scale=1.0" />
<?php
include("./shared/imports.php");
readfile("./shared/imports.php");
?>
<!-- inits for the materializeCss -->
<script>
@@ -65,65 +78,165 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');
if($_SESSION['login']){
?>
<main>
<!-- List of Mitmach-Apps -->
<div class="row" id="AppList">
<h1>Benutzer-Einstellungen</h1>
<p>
<?php
if( array_key_exists('changePasswordSuccess', $_GET) ){
if($_GET['changePasswordSuccess'] == "true"){
echo("<div>Password geändert</div>");
}else{
echo("<div>Fehler während setzens des Passwortes.</div>");
}
}
?>
</p>
<h2>Benutzer-Info</h2>
<p>Informationen zum eigenen Benutzerkonto</p>
<div id="userInfo" class="row">
<div style="padding:1%;" class="col s12 m6">
<div style="margin:1%;" class="card blue-grey darken-1">
<a href="kyu"><div class="card-content white-text">
<span class="card-title">Kyu</span>
<img style="max-height:10vh;" class="responsive-img" src="images/obi.svg" />
<p>Die Prüfungsprogamme der einzelnen Gürtelstufen in Bild Ton und Text.</p>
</div><a>
<div class="card-action">
<a href="kyu">Kuy-Programme</a>
<div class="card-content white-text">
<span class="card-title"><?php echo($userData['name']);?>, <?php echo($userData['vorname']); ?></span>
<img style="max-height:10vh;" class="responsive-img" src="images/account.svg" />
<dl>
<dt>Name</dt><dd><?php echo($userData['name']); ?></dd>
<dt>Vorname</dt><dd><?php echo($userData['vorname']); ?></dd>
<dt>Email</dt><dd><?php echo($userData['gebDatum']); ?></dd>
</dl>
</div>
</div>
</div>
<div style="padding:1%;" class="col s12 m6">
<div class="card blue-grey darken-1">
<a href="/machs"><div class="card-content white-text">
<span class="card-title">Mein Achievement System</span>
<img style="max-height:10vh;" class="responsive-img" src="images/mountain-climber.svg" />
<p>Ein kleines Achievementsystem für die tägliche Herausforderung</p>
</div><a>
<div class="card-action">
<a href="/machs">mAchS</a>
</div>
<div class="card-action">
<!--
<a href="">kommt bald</a>
-->
</div>
</div>
<div style="padding:1%;" class="col s12 m6">
<div class="card blue-grey darken-1">
<a href="/pages/desktop/wkParticipo"><div class="card-content white-text">
<span class="card-title">Event-Planer</span>
<img style="max-height:10vh;" class="responsive-img" src="/ressourcen/graphiken/icons/terminKalender.svg" />
<p>Organisieren der Teilnahmen (und nicht-Teilnahmen) an Wettkämpfen, Sondertrainingseinheiten, Feiern etc.</p>
</div><a>
<div class="card-action">
<a href="/pages/desktop/wkParticipo">Planer</a>
</div>
<div style="margin:1%;" class="card blue-grey darken-1">
<div class="card-content white-text">
<span class="card-title">Passwort setzen</span>
Im folgenden Formular kann das Passwort geändert werden. Man sollte darauf achten, dass man beim <a href="https://www.bsi-fuer-buerger.de/BSIFB/DE/Empfehlungen/Passwoerter/Umgang/umgang_node.html">Umgang mit Passwörtern</a> die nötige Vorsicht walten lässt.
<form action="./user" method="post">
<input name="action" type="hidden" value="changePassword" />
<input name="redirectLocation" type="hidden" value="./user" />
<input name="changerId" type="hidden" value="<?php echo($userData['id']); ?>" />
<input name="changeeId" type="hidden" value="<?php echo($userData['id']); ?>" />
<fieldset>
<legend>Neues Passwort vergeben</legend>
<div>
<label for="changerPassword">Eigenes Passwort</label>
<input type="password" name="changerPassword" id="changerPassword" />
</div>
<div>
<label for="newPassword">Neues Passwort</label>
<input type="password" name="newPassword" id="newPassword" />
</div>
<div>
<label for="newPasswordAgain">Neues Passwort wiederholen</label>
<input type="password" name="newPasswordAgain" id="newPasswordAgain" />
</div>
</fieldset>
<fieldset>
<div><button type="submit">Passwort neu setzen</button></div>
</fieldset>
</form>
</div>
</div>
<div class="card-action">
<!--
<a href="">kommt bald</a>
-->
</div>
</div>
</div>
<h2>Berechtigungen</h2>
<div class="divider"></div>
<!-- List of ConfigStuff -->
<div class="row" id="Configs">
<p>Liste der User, für die man meldeberechtigt ist (bzw. Änderungen vornehmen darf). In der Regel ist das das eigene Kind (bei Eltern) oder man selber (bei Volljährigen).</p>
<div class="row" id="kidsList">
<?php
foreach($usersKids as $kid){ ?>
<div style="padding:1%;" class="col s12 m6">
<div style="margin:1%;" class="card blue-grey darken-1">
<a href="http://cwsvjudo.bplaced.net/pages/desktop/wkParticipo/userInfo.php"><div class="card-content white-text">
<span class="card-title">User-Infos</span>
<img style="max-height:10vh;" class="responsive-img" src="images/obi.svg" />
<p>Einstellungen zum Benutzer</p>
</div><a>
<div class="card-content white-text">
<span class="card-title"><?php echo($kid['name']);?>, <?php echo($kid['vorname']); ?></span>
<img style="max-height:10vh;" class="responsive-img" src="images/account.svg" />
<dl>
<dt>Name</dt><dd><?php echo($kid['name']); ?></dd>
<dt>Vorname</dt><dd><?php echo($kid['vorname']); ?></dd>
<dt>Geb.datum</dt><dd><?php echo($kid['gebDatum']); ?></dd>
</dl>
</div>
<span class="card-title">Passwort</span>
<p>Im folgenden Formular kann das Passwort des Kindes gesetzt werden. Das eigene Passwort muss dabei noch einmal zur Kontrolle eingegeben werden. Das neue Passwort muss zweimal blind eingegeben.</p>
<p>
<?php
if( ($kid['pwHash'] == "") || ($kid['pwHash']) == NULL ){
echo("<p>Derzeit ist kein Passwort gesetzt!</p>");
}
else{
echo("<p>Es ist derzeit ein Passwort gesetzt!</p>");
?>
<p>Es besteht auch die Möglickeit, das Passwort ganz zu entfernen. Man kann sich dann nicht mehr mit diesem Konto einloggen. Das eigene Passwort muss dabei noch einmal zur Kontrolle eingegeben werden.</p>
<form action="./user" method="post">
<input name="action" type="hidden" value="changePassword" />
<input name="redirectLocation" type="hidden" value="./user" />
<input name="changerId" type="hidden" value="<?php echo($userData['id']); ?>" />
<input name="changeeId" type="hidden" value="<?php echo($kid['kidId']); ?>" />
<input name="newPassword" type="hidden" value="" />
<input name="newPasswordAgain" type="hidden" value="" />
<fieldset>
<div>
<label for="changerPassword">Eigenes Passwort</label>
<input type="password" name="changerPassword" id="changerPassword" />
</div>
</fieldset>
<fieldset>
<div><button type="submit">Passwort entfernen</button></div>
</fieldset>
</form>
<?php
}
?>
</p>
<form action="./user" method="post">
<input name="action" type="hidden" value="changePassword" />
<input name="redirectLocation" type="hidden" value="./user" />
<input name="changerId" type="hidden" value="<?php echo($userData['id']); ?>" />
<input name="changeeId" type="hidden" value="<?php echo($kid['kidId']); ?>" />
<fieldset>
<legend>Neues Passwort vergeben</legend>
<div>
<label for="changerPassword">Eigenes Passwort</label>
<input type="password" name="changerPassword" id="changerPassword" />
</div>
<div>
<label for="newPassword">Neues Passwort des Kindes</label>
<input type="password" name="newPassword" id="newPassword" />
</div>
<div>
<label for="newPasswordAgain">Neues Passwort wiederholen</label>
<input type="password" name="newPasswordAgain" id="newPasswordAgain" />
</div>
</fieldset>
<fieldset>
<div><button type="submit">Passwort neu setzen</button></div>
</fieldset>
</form>
<div class="card-action">
<a href="http://cwsvjudo.bplaced.net/pages/desktop/wkParticipo/userInfo.php">Einstellungen</a>
<!--
<a href="">kommt bald</a>
-->
</div>
</div>
</div>
</div>
<?php
}
?>
</main>
<?php
}