added password management
This commit is contained in:
marko
@@ -1,116 +1,35 @@
|
||||
<?php
|
||||
|
||||
function processPostData($db, $post, $redirectLocation = "."){
|
||||
sleep(1);
|
||||
if($post['action']){
|
||||
if($post['action']=="giveUserAnAchievement"){
|
||||
giveUserAnAchievement(
|
||||
$db,
|
||||
$post['userId'],
|
||||
$post['achievementId']
|
||||
);
|
||||
$u = getUserData($db, $post['userId']);
|
||||
$a = getAchievement($db, $post['achievementId']);
|
||||
sendEmail(
|
||||
"cwsvjudo@arcor.de",
|
||||
"kwT",
|
||||
$u['vorname']." ".$u['name']." got achievement ".$a[0]['name']
|
||||
);
|
||||
}
|
||||
if($post['action']=="addAchievement"){
|
||||
addAchievement(
|
||||
$db,
|
||||
$post['name'],
|
||||
$post['rootId'],
|
||||
$post['achievementGroupId'],
|
||||
$post['level'],
|
||||
$post['description'],
|
||||
$post['imgUrl']
|
||||
);
|
||||
}
|
||||
|
||||
if($post['action']=="addAchievementGroup"){
|
||||
addAchievementGroup(
|
||||
$db,
|
||||
$post['name'],
|
||||
$post['rootId'],
|
||||
$post['unlockingAchievementId'],
|
||||
$post['imgUrl']
|
||||
);
|
||||
}
|
||||
|
||||
if($post['action']=="autoAddAchievements"){
|
||||
$g=new achievementGroup;
|
||||
$g->setDbConnection($db);
|
||||
$g->loadAchievementGroupFromDb($post['achievementGroupId']);
|
||||
$g->autoAddAchievements(
|
||||
$post['messageTemplate'],
|
||||
$post['from'],
|
||||
$post['to'],
|
||||
$post['step']
|
||||
);
|
||||
}
|
||||
|
||||
if($post['action']=="updateAchievement"){
|
||||
updateAchievement(
|
||||
$db,
|
||||
$post['achievementId'],
|
||||
$post['name'],
|
||||
$post['rootId'],
|
||||
$post['achievementGroupId'],
|
||||
$post['level'],
|
||||
$post['description'],
|
||||
$post['imgUrl']
|
||||
);
|
||||
}
|
||||
|
||||
if($post['action']=="updateAchievementGroup"){
|
||||
updateAchievement(
|
||||
$db,
|
||||
$post['achievementGroupId'],
|
||||
$post['name'],
|
||||
$post['rootId'],
|
||||
$post['unlockingAchievementId'],
|
||||
$post['imgUrl']
|
||||
);
|
||||
}
|
||||
|
||||
if($post['action']=="setBday"){
|
||||
setBday(
|
||||
$db,
|
||||
$post['userId'],
|
||||
$post['bday']
|
||||
);
|
||||
}
|
||||
if($post['action']=="setRecord"){
|
||||
$u = getUserData($db, $post['userId']);
|
||||
$g = new achievementGroup;
|
||||
$g->setDbConnection($db);
|
||||
$g->loadAchievementGroupFromDb($post['achievementGroupId']);
|
||||
sendEmail(
|
||||
"cwsvjudo@arcor.de",
|
||||
$u['vorname']." ".$u['name']." got ".$post['value']." in ".$g->getName(),
|
||||
"[machs] Rekord eingetragen"
|
||||
);
|
||||
setRecord(
|
||||
$db,
|
||||
$post['userId'],
|
||||
$post['achievementGroupId'],
|
||||
$post['value']
|
||||
);
|
||||
}
|
||||
if($post['action']=="reportRecord"){
|
||||
# $u = getUserData($db, $post['userId']);
|
||||
# $ag = new achievementGroup;
|
||||
# achievementGroup::setDbConnection($db);
|
||||
# $ag->loadAchievementGroupFromDb($post['achievementGroupId']);
|
||||
$m = $post['userId']." hat in ".$post['achievementGroupId']." ".$post['value']." geschafft!";
|
||||
# $m = $u['vorname']." ".$u['name']." hat in ".$ag->getName()." ".$post['value']." geschafft!";
|
||||
sendEmail("cwsvjudo@arcor.de", $m, "[machs] Rekordmeldung");
|
||||
}
|
||||
if($post['redirectLocation'])
|
||||
// if there is a redirectlocation, set it
|
||||
if($post['redirectLocation']){
|
||||
$redirectLocation = $post['redirectLocation'];
|
||||
header("Location: ".$redirectLocation);
|
||||
}
|
||||
}
|
||||
|
||||
// change a users password
|
||||
if($post['action']=="changePassword"){
|
||||
$success = changePassword(
|
||||
$db,
|
||||
$post['changerId'],
|
||||
$post['changeeId'],
|
||||
$post['changerPassword'],
|
||||
$post['newPassword'],
|
||||
$post['newPasswordAgain']
|
||||
);
|
||||
// append success to the redirectlocation
|
||||
if($success){
|
||||
$redirectLocation .= "?changePasswordSuccess=true";
|
||||
}
|
||||
else{
|
||||
$redirectLocation .= "?changePasswordSuccess=false";
|
||||
}
|
||||
}// end changePassword
|
||||
|
||||
// redirect to the redirectlocation
|
||||
header("Location: ".$redirectLocation);
|
||||
}// end processing action
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -163,4 +82,95 @@ function attendancesAssocArray2mdList($attendancesAssocArray, $date=null){
|
||||
}
|
||||
return $ret;
|
||||
}
|
||||
|
||||
//! Checks if multiple keys exist in an array
|
||||
//!
|
||||
//! @param array $array array to check for key
|
||||
//! @param array|string $keys keys to check for
|
||||
//!
|
||||
//! @return bool true, if *all* keys are set in the array
|
||||
function array_keys_exist( array $array, $keys ) {
|
||||
if ( ! is_array( $keys ) ) {
|
||||
$keys = func_get_args();
|
||||
array_shift( $keys );
|
||||
}
|
||||
$count = 0;
|
||||
foreach ( $keys as $key ) {
|
||||
if ( isset( $array[$key] ) || array_key_exists( $key, $array ) ) {
|
||||
$count++;
|
||||
}
|
||||
}
|
||||
|
||||
return count( $keys ) === $count;
|
||||
}
|
||||
|
||||
/// updates users password without checking any rights
|
||||
/// params:
|
||||
/// - $db : pdoDbConnection to use
|
||||
/// - $userId : id of the user with the password to change
|
||||
/// - $password : the password to set
|
||||
function updateUserPassword($db, $userId, $password){
|
||||
// we don't save the actual password but it's hash
|
||||
if($password != ""){
|
||||
$password = password_hash( $password, PASSWORD_DEFAULT);
|
||||
}
|
||||
else{
|
||||
$password = NULL;
|
||||
}
|
||||
|
||||
$query = "UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;";
|
||||
$params = array(
|
||||
':val' => array('value'=>$password, 'data_type'=>PDO::PARAM_STR),
|
||||
':id' => array('value'=>$userId, 'data_type'=>PDO::PARAM_INT)
|
||||
);
|
||||
dbQuery($db, $query, $params);
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
/// Change a users password (apiFunction)
|
||||
/// params:
|
||||
/// - $db: dbConnection to use
|
||||
/// - $changerId: userId who changes the password
|
||||
/// - $changeeId: userId whose password should be changed
|
||||
/// - $ownPassword: password of the user who changes the password
|
||||
/// - $newPasword: the new password
|
||||
/// - $newPasswordAgain: controllInput of the new password
|
||||
function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain){
|
||||
// we need a dbConnection
|
||||
if( !$db ){
|
||||
// echo("No DB!");
|
||||
return false;
|
||||
}
|
||||
|
||||
$changerInfo = getUserData($db, $changerId);
|
||||
|
||||
// check the password of the changer
|
||||
if( !password_verify( $changerPassword, $changerInfo['pwHash']) ){
|
||||
// echo("Wrong changerPasswod");
|
||||
return false;
|
||||
}
|
||||
|
||||
// check if the changer is allowed to change the changees password
|
||||
if ( $changerId != $changeeId ){
|
||||
$changersKidsIds = getUsersKidsIds($db, $changerId);
|
||||
|
||||
// if( !in_array($changeeId, $changersKidsIds) ){
|
||||
if( !isUserInKidIds($changeeId, $changersKidsIds) ){
|
||||
// echo("not your child: ".$changeeId." not in "); var_dump($changersKidsIds);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// check if the two inputs are the same
|
||||
if( $newPassword != $newPasswordAgain ){
|
||||
// echo("new pw missmatch");
|
||||
return false;
|
||||
}
|
||||
|
||||
updateUserPassword($db, $changeeId, $newPassword);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user