marko/cwsvJudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

WIP: bring participo back - consistent use of bootstrap - formatting -

Browse Source 
phpstan level 0 error free - fixes for kyu subpage - move mams into
participo framework - remove legacy `lib/db.php` usage - add attributer
admin function - add newsposter - fixing apiKey creation
This commit is contained in:
marko
2025-11-07 10:37:25 +01:00
parent 672eaccfc9
commit f28fa7b51b
96 changed files with 6152 additions and 6053 deletions
Download Patch File Download Diff File Expand all files Collapse all files

252
homepage/participo/lib/api.php
View File

@@ -1,89 +1,48 @@
<?php
function processPostData($db, $post, $redirectLocation = '.')
require_once "participoLib/participo.php";
function processPostData($db, $post, $redirectLocation = ".")
{
sleep(1);
if ($post['action']) {
// if there is a redirectlocation, set it
if ($post['redirectLocation']) {
$redirectLocation = $post['redirectLocation'];
}
sleep(1);
if ($post["action"] ?? false) {
// if there is a redirectlocation, set it
if ($post["redirectLocation"]) {
$redirectLocation = $post["redirectLocation"];
}
// change a users password
if ($post['action'] == 'changePassword') {
$success = changePassword(
$db,
$post['changerId'],
$post['changeeId'],
$post['changerPassword'],
$post['newPassword'],
$post['newPasswordAgain']
);
// append success to the redirectlocation
if ($success) {
$redirectLocation .= '?changePasswordSuccess=true';
} else {
$redirectLocation .= '?changePasswordSuccess=false';
}
}// end changePassword
// change a users password
if ($post["action"] == "changePassword") {
$success = changePassword(
$db,
$post["changerId"],
$post["changeeId"],
$post["changerPassword"],
$post["newPassword"],
$post["newPasswordAgain"],
);
// append success to the redirectlocation
if ($success) {
$redirectLocation .= "?changePasswordSuccess=true";
} else {
$redirectLocation .= "?changePasswordSuccess=false";
}
} // end changePassword
// redirect to the redirectlocation
header('Location: ' . $redirectLocation);
}// end processing action
return;
// redirect to the redirectlocation
header("Location: {$redirectLocation}");
} // end processing action
return;
}
function sendEmail($toEmail, $emailText, $emailSubject)
{
try {
$date = new DateTime();
mail(
$toEmail,
$emailSubject,
$emailText
);
} catch(Exception $e) {
echo 'Message: ' . $e->getMessage();
}
}
function attendancesAssocArray2text($attendancesAssocArray)
{
$ret = '';
foreach ($attendancesAssocArray as $date => $attendees) {
$ret .= $date . "\n";
foreach ($attendees as $a) {
$ret .= "\n";
$ret .= 'Name: ' . $a['name'] . ', ' . $a['vorname'] . "\n";
$ret .= 'PLZ: ' . $a['corona_PLZ'] . "\n";
$ret .= 'Tel.: ' . $a['corona_telephon'] . "\n";
$ret .= 'eMail: ' . $a['corona_eMail'] . "\n";
}
$ret .= "\n";
}
return $ret;
}
function attendancesAssocArray2mdList($attendancesAssocArray, $date = null)
{
if ($date == null) {
$date = new DateTime();
}
$ret = '# Anwesenheitsliste zur Corona-Kontaktverfolgung der Abteilung Judo des CWSV vom ' . $date->format('Y-m-d') . "\n\n";
foreach ($attendancesAssocArray as $d => $attendees) {
$ret .= '## ' . $d . "\n";
$i = 0;
foreach ($attendees as $a) {
$i += 1;
$ret .= "\n";
$ret .= $i . ' ' . $a['name'] . ', ' . $a['vorname'] . "\n";
$ret .= ' - PLZ: ' . $a['corona_PLZ'] . "\n";
$ret .= ' - Tel.: ' . $a['corona_telephon'] . "\n";
$ret .= ' - eMail: ' . $a['corona_eMail'] . "\n";
}
$ret .= "\n";
}
return $ret;
try {
$date = new DateTime();
mail($toEmail, $emailSubject, $emailText);
} catch (Exception $e) {
echo "Message: " . $e->getMessage();
}
}
//! Checks if multiple keys exist in an array
@@ -94,18 +53,18 @@ function attendancesAssocArray2mdList($attendancesAssocArray, $date = null)
//! @return bool true, if *all* keys are set in the array
function array_keys_exist(array $array, $keys)
{
if (!is_array($keys)) {
$keys = func_get_args();
array_shift($keys);
}
$count = 0;
foreach ($keys as $key) {
if (isset($array[$key]) || array_key_exists($key, $array)) {
$count++;
}
}
if (!is_array($keys)) {
$keys = func_get_args();
array_shift($keys);
}
$count = 0;
foreach ($keys as $key) {
if (isset($array[$key]) || array_key_exists($key, $array)) {
$count++;
}
}
return count($keys) === $count;
return count($keys) === $count;
}
/// updates users password without checking any rights
@@ -115,21 +74,22 @@ function array_keys_exist(array $array, $keys)
/// - $password : the password to set
function updateUserPassword($db, $userId, $password)
{
// we don't save the actual password but it's hash
if ($password != '') {
$password = password_hash($password, PASSWORD_DEFAULT);
} else {
$password = null;
}
// we don't save the actual password but it's hash
if ($password != "") {
$password = password_hash($password, PASSWORD_DEFAULT);
} else {
$password = null;
}
$query = 'UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;';
$params = [
':val' => ['value' => $password, 'data_type' => PDO::PARAM_STR],
':id' => ['value' => $userId, 'data_type' => PDO::PARAM_INT]
];
dbConnector::query($query, $params);
$query =
"UPDATE `cwsvjudo_main`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;";
$params = [
":val" => ["value" => $password, "data_type" => PDO::PARAM_STR],
":id" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
];
dbConnector::query($query, $params);
return;
return;
}
/// Change a users password (apiFunction)
@@ -140,41 +100,71 @@ function updateUserPassword($db, $userId, $password)
/// - $ownPassword: password of the user who changes the password
/// - $newPassword: the new password
/// - $newPasswordAgain: controllInput of the new password
function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain)
{
// we need a dbConnection
if (!$db) {
// echo("No DB!");
return false;
}
function changePassword(
$db,
$changerId,
$changeeId,
$changerPassword,
$newPassword,
$newPasswordAgain,
) {
// we need a dbConnection
if (!$db) {
// echo("No DB!");
return false;
}
$changerInfo = getUserData($db, $changerId);
$changerInfo = getUserData($db, $changerId);
// check the password of the changer
if (!password_verify($changerPassword, $changerInfo['pwHash'])) {
// echo("Wrong changerPasswod");
return false;
}
// check the password of the changer
if (!password_verify($changerPassword, $changerInfo["pwHash"])) {
// echo("Wrong changerPasswod");
return false;
}
// check if the changer is allowed to change the changees password
if ($changerId != $changeeId) {
$changersKidsIds = getUsersKidsIds($db, $changerId);
// check if the changer is allowed to change the changees password
if ($changerId != $changeeId) {
$changersKidsIds = getUsersKidsIds($db, $changerId);
// if( !in_array($changeeId, $changersKidsIds) ){
if (!isUserInKidIds($changeeId, $changersKidsIds)) {
// echo("not your child: ".$changeeId." not in ");
// var_dump($changersKidsIds);
return false;
}
}
// if( !in_array($changeeId, $changersKidsIds) ){
if (!isUserInKidIds($changeeId, $changersKidsIds)) {
// echo("not your child: ".$changeeId." not in ");
// var_dump($changersKidsIds);
return false;
}
}
// check if the two inputs are the same
if ($newPassword != $newPasswordAgain) {
// echo("new pw missmatch");
return false;
}
// check if the two inputs are the same
if ($newPassword != $newPasswordAgain) {
// echo("new pw missmatch");
return false;
}
updateUserPassword($db, $changeeId, $newPassword);
updateUserPassword($db, $changeeId, $newPassword);
return true;
return true;
}
function getUsersKidsIds($db, $userId)
{
$query = <<<SQL
SELECT `kidId`
FROM `vormundschaft`
WHERE userId = :userId;
SQL;
$params = [
":userId" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
];
$result = dbConnector::query($db, $query, $params);
return $result;
}
function isUserInKidIds($uId, $idList)
{
foreach ($idList as $id) {
if ($id["kidId"] == $uId) {
return true;
}
}
return false;
}