diff --git a/homepage/participo/css/participo.css b/homepage/participo/css/participo.css new file mode 100644 index 0000000..abe6b04 --- /dev/null +++ b/homepage/participo/css/participo.css @@ -0,0 +1,11 @@ +/* +on large screens add a padding on the left for the fixed sidnav +*/ +header, main, footer { + padding-left: 300px; + } +@media only screen and (max-width : 992px) { + header, main, footer { + padding-left: 0; + } +} diff --git a/homepage/participo/images/account.svg b/homepage/participo/images/account.svg new file mode 100644 index 0000000..db6c35d --- /dev/null +++ b/homepage/participo/images/account.svg @@ -0,0 +1,66 @@ + + + +image/svg+xml \ No newline at end of file diff --git a/homepage/participo/index.php b/homepage/participo/index.php index a31aed3..f1e92e3 100644 --- a/homepage/participo/index.php +++ b/homepage/participo/index.php @@ -118,13 +118,13 @@ if($_SESSION['login']){
-
+
User-Infos - +

Einstellungen zum Benutzer
- Einstellungen + Einstellungen
diff --git a/homepage/participo/lib/api.php b/homepage/participo/lib/api.php index 72f2ae7..b455d83 100644 --- a/homepage/participo/lib/api.php +++ b/homepage/participo/lib/api.php @@ -1,116 +1,35 @@ setDbConnection($db); - $g->loadAchievementGroupFromDb($post['achievementGroupId']); - $g->autoAddAchievements( - $post['messageTemplate'], - $post['from'], - $post['to'], - $post['step'] - ); - } - - if($post['action']=="updateAchievement"){ - updateAchievement( - $db, - $post['achievementId'], - $post['name'], - $post['rootId'], - $post['achievementGroupId'], - $post['level'], - $post['description'], - $post['imgUrl'] - ); - } - - if($post['action']=="updateAchievementGroup"){ - updateAchievement( - $db, - $post['achievementGroupId'], - $post['name'], - $post['rootId'], - $post['unlockingAchievementId'], - $post['imgUrl'] - ); - } - - if($post['action']=="setBday"){ - setBday( - $db, - $post['userId'], - $post['bday'] - ); - } - if($post['action']=="setRecord"){ - $u = getUserData($db, $post['userId']); - $g = new achievementGroup; - $g->setDbConnection($db); - $g->loadAchievementGroupFromDb($post['achievementGroupId']); - sendEmail( - "cwsvjudo@arcor.de", - $u['vorname']." ".$u['name']." got ".$post['value']." in ".$g->getName(), - "[machs] Rekord eingetragen" - ); - setRecord( - $db, - $post['userId'], - $post['achievementGroupId'], - $post['value'] - ); - } - if($post['action']=="reportRecord"){ -# $u = getUserData($db, $post['userId']); -# $ag = new achievementGroup; -# achievementGroup::setDbConnection($db); -# $ag->loadAchievementGroupFromDb($post['achievementGroupId']); - $m = $post['userId']." hat in ".$post['achievementGroupId']." ".$post['value']." geschafft!"; -# $m = $u['vorname']." ".$u['name']." hat in ".$ag->getName()." ".$post['value']." geschafft!"; - sendEmail("cwsvjudo@arcor.de", $m, "[machs] Rekordmeldung"); - } - if($post['redirectLocation']) + // if there is a redirectlocation, set it + if($post['redirectLocation']){ $redirectLocation = $post['redirectLocation']; - header("Location: ".$redirectLocation); - } + } + + // change a users password + if($post['action']=="changePassword"){ + $success = changePassword( + $db, + $post['changerId'], + $post['changeeId'], + $post['changerPassword'], + $post['newPassword'], + $post['newPasswordAgain'] + ); + // append success to the redirectlocation + if($success){ + $redirectLocation .= "?changePasswordSuccess=true"; + } + else{ + $redirectLocation .= "?changePasswordSuccess=false"; + } + }// end changePassword + + // redirect to the redirectlocation + header("Location: ".$redirectLocation); + }// end processing action return; } @@ -163,4 +82,95 @@ function attendancesAssocArray2mdList($attendancesAssocArray, $date=null){ } return $ret; } + +//! Checks if multiple keys exist in an array +//! +//! @param array $array array to check for key +//! @param array|string $keys keys to check for +//! +//! @return bool true, if *all* keys are set in the array +function array_keys_exist( array $array, $keys ) { + if ( ! is_array( $keys ) ) { + $keys = func_get_args(); + array_shift( $keys ); + } + $count = 0; + foreach ( $keys as $key ) { + if ( isset( $array[$key] ) || array_key_exists( $key, $array ) ) { + $count++; + } + } + + return count( $keys ) === $count; +} + +/// updates users password without checking any rights +/// params: +/// - $db : pdoDbConnection to use +/// - $userId : id of the user with the password to change +/// - $password : the password to set +function updateUserPassword($db, $userId, $password){ + // we don't save the actual password but it's hash + if($password != ""){ + $password = password_hash( $password, PASSWORD_DEFAULT); + } + else{ + $password = NULL; + } + + $query = "UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;"; + $params = array( + ':val' => array('value'=>$password, 'data_type'=>PDO::PARAM_STR), + ':id' => array('value'=>$userId, 'data_type'=>PDO::PARAM_INT) + ); + dbQuery($db, $query, $params); + + return; +} + +/// Change a users password (apiFunction) +/// params: +/// - $db: dbConnection to use +/// - $changerId: userId who changes the password +/// - $changeeId: userId whose password should be changed +/// - $ownPassword: password of the user who changes the password +/// - $newPasword: the new password +/// - $newPasswordAgain: controllInput of the new password +function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain){ + // we need a dbConnection + if( !$db ){ +// echo("No DB!"); + return false; + } + + $changerInfo = getUserData($db, $changerId); + + // check the password of the changer + if( !password_verify( $changerPassword, $changerInfo['pwHash']) ){ +// echo("Wrong changerPasswod"); + return false; + } + + // check if the changer is allowed to change the changees password + if ( $changerId != $changeeId ){ + $changersKidsIds = getUsersKidsIds($db, $changerId); + +// if( !in_array($changeeId, $changersKidsIds) ){ + if( !isUserInKidIds($changeeId, $changersKidsIds) ){ +// echo("not your child: ".$changeeId." not in "); var_dump($changersKidsIds); + return false; + } + } + + // check if the two inputs are the same + if( $newPassword != $newPasswordAgain ){ +// echo("new pw missmatch"); + return false; + } + + updateUserPassword($db, $changeeId, $newPassword); + + return true; +} + ?> diff --git a/homepage/participo/lib/db.php b/homepage/participo/lib/db.php index 059ce33..ba94771 100644 --- a/homepage/participo/lib/db.php +++ b/homepage/participo/lib/db.php @@ -193,6 +193,16 @@ SQL; return $result; } +function isUserInKidIds($uId, $idList){ + foreach($idList as $id){ + if($id['kidId'] == $uId) + return true; + } + return false; +} + + +// @todo: Achtung, als id ist die id der Vormundschaft gespeichert. Unter kidId die des Kindes. function getUsersKids($db, $userId){ $query = << + + + + + + + diff --git a/homepage/participo/user.php b/homepage/participo/user.php index 15f78d9..d3fa7e5 100644 --- a/homepage/participo/user.php +++ b/homepage/participo/user.php @@ -12,6 +12,19 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge'); require_once($config['basePath']."/config/cwsvJudo.config.php"); require_once($config['basePath']."/config/phpcount.config.php"); + + $dbConnection = getPdoDbConnection( + $cwsvJudoConfig["db"]["host"], + $cwsvJudoConfig["db"]["name"], + $cwsvJudoConfig["db"]["user"], + $cwsvJudoConfig["db"]["password"] + ); + + $userData = getUserData($dbConnection, $_SESSION['user']['userId']); + $usersKids = getUsersKids($dbConnection, $_SESSION['user']['userId']); + + processPostData($dbConnection, $_POST); + ?> @@ -20,7 +33,7 @@ setlocale (LC_ALL, 'de_DE@euro', 'de_DE', 'de', 'ge');