181 lines
4.6 KiB
PHP
181 lines
4.6 KiB
PHP
<?php
|
|
|
|
function processPostData($db, $post, $redirectLocation = '.')
|
|
{
|
|
sleep(1);
|
|
if ($post['action']) {
|
|
// if there is a redirectlocation, set it
|
|
if ($post['redirectLocation']) {
|
|
$redirectLocation = $post['redirectLocation'];
|
|
}
|
|
|
|
// change a users password
|
|
if ($post['action'] == 'changePassword') {
|
|
$success = changePassword(
|
|
$db,
|
|
$post['changerId'],
|
|
$post['changeeId'],
|
|
$post['changerPassword'],
|
|
$post['newPassword'],
|
|
$post['newPasswordAgain']
|
|
);
|
|
// append success to the redirectlocation
|
|
if ($success) {
|
|
$redirectLocation .= '?changePasswordSuccess=true';
|
|
} else {
|
|
$redirectLocation .= '?changePasswordSuccess=false';
|
|
}
|
|
}// end changePassword
|
|
|
|
// redirect to the redirectlocation
|
|
header('Location: ' . $redirectLocation);
|
|
}// end processing action
|
|
return;
|
|
}
|
|
|
|
function sendEmail($toEmail, $emailText, $emailSubject)
|
|
{
|
|
try {
|
|
$date = new DateTime();
|
|
mail(
|
|
$toEmail,
|
|
$emailSubject,
|
|
$emailText
|
|
);
|
|
} catch(Exception $e) {
|
|
echo 'Message: ' . $e->getMessage();
|
|
}
|
|
}
|
|
|
|
function attendancesAssocArray2text($attendancesAssocArray)
|
|
{
|
|
$ret = '';
|
|
foreach ($attendancesAssocArray as $date => $attendees) {
|
|
$ret .= $date . "\n";
|
|
foreach ($attendees as $a) {
|
|
$ret .= "\n";
|
|
$ret .= 'Name: ' . $a['name'] . ', ' . $a['vorname'] . "\n";
|
|
$ret .= 'PLZ: ' . $a['corona_PLZ'] . "\n";
|
|
$ret .= 'Tel.: ' . $a['corona_telephon'] . "\n";
|
|
$ret .= 'eMail: ' . $a['corona_eMail'] . "\n";
|
|
}
|
|
$ret .= "\n";
|
|
}
|
|
return $ret;
|
|
}
|
|
|
|
function attendancesAssocArray2mdList($attendancesAssocArray, $date = null)
|
|
{
|
|
if ($date == null) {
|
|
$date = new DateTime();
|
|
}
|
|
$ret = '# Anwesenheitsliste zur Corona-Kontaktverfolgung der Abteilung Judo des CWSV vom ' . $date->format('Y-m-d') . "\n\n";
|
|
foreach ($attendancesAssocArray as $d => $attendees) {
|
|
$ret .= '## ' . $d . "\n";
|
|
$i = 0;
|
|
foreach ($attendees as $a) {
|
|
$i += 1;
|
|
$ret .= "\n";
|
|
$ret .= $i . ' ' . $a['name'] . ', ' . $a['vorname'] . "\n";
|
|
$ret .= ' - PLZ: ' . $a['corona_PLZ'] . "\n";
|
|
$ret .= ' - Tel.: ' . $a['corona_telephon'] . "\n";
|
|
$ret .= ' - eMail: ' . $a['corona_eMail'] . "\n";
|
|
}
|
|
$ret .= "\n";
|
|
}
|
|
return $ret;
|
|
}
|
|
|
|
//! Checks if multiple keys exist in an array
|
|
//!
|
|
//! @param array $array array to check for key
|
|
//! @param array|string $keys keys to check for
|
|
//!
|
|
//! @return bool true, if *all* keys are set in the array
|
|
function array_keys_exist(array $array, $keys)
|
|
{
|
|
if (!is_array($keys)) {
|
|
$keys = func_get_args();
|
|
array_shift($keys);
|
|
}
|
|
$count = 0;
|
|
foreach ($keys as $key) {
|
|
if (isset($array[$key]) || array_key_exists($key, $array)) {
|
|
$count++;
|
|
}
|
|
}
|
|
|
|
return count($keys) === $count;
|
|
}
|
|
|
|
/// updates users password without checking any rights
|
|
/// params:
|
|
/// - $db : pdoDbConnection to use
|
|
/// - $userId : id of the user with the password to change
|
|
/// - $password : the password to set
|
|
function updateUserPassword($db, $userId, $password)
|
|
{
|
|
// we don't save the actual password but it's hash
|
|
if ($password != '') {
|
|
$password = password_hash($password, PASSWORD_DEFAULT);
|
|
} else {
|
|
$password = null;
|
|
}
|
|
|
|
$query = 'UPDATE `cwsvjudo`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;';
|
|
$params = [
|
|
':val' => ['value' => $password, 'data_type' => PDO::PARAM_STR],
|
|
':id' => ['value' => $userId, 'data_type' => PDO::PARAM_INT]
|
|
];
|
|
dbConnector::query($query, $params);
|
|
|
|
return;
|
|
}
|
|
|
|
/// Change a users password (apiFunction)
|
|
/// params:
|
|
/// - $db: dbConnection to use
|
|
/// - $changerId: userId who changes the password
|
|
/// - $changeeId: userId whose password should be changed
|
|
/// - $ownPassword: password of the user who changes the password
|
|
/// - $newPassword: the new password
|
|
/// - $newPasswordAgain: controllInput of the new password
|
|
function changePassword($db, $changerId, $changeeId, $changerPassword, $newPassword, $newPasswordAgain)
|
|
{
|
|
// we need a dbConnection
|
|
if (!$db) {
|
|
// echo("No DB!");
|
|
return false;
|
|
}
|
|
|
|
$changerInfo = getUserData($db, $changerId);
|
|
|
|
// check the password of the changer
|
|
if (!password_verify($changerPassword, $changerInfo['pwHash'])) {
|
|
// echo("Wrong changerPasswod");
|
|
return false;
|
|
}
|
|
|
|
// check if the changer is allowed to change the changees password
|
|
if ($changerId != $changeeId) {
|
|
$changersKidsIds = getUsersKidsIds($db, $changerId);
|
|
|
|
// if( !in_array($changeeId, $changersKidsIds) ){
|
|
if (!isUserInKidIds($changeeId, $changersKidsIds)) {
|
|
// echo("not your child: ".$changeeId." not in ");
|
|
// var_dump($changersKidsIds);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// check if the two inputs are the same
|
|
if ($newPassword != $newPasswordAgain) {
|
|
// echo("new pw missmatch");
|
|
return false;
|
|
}
|
|
|
|
updateUserPassword($db, $changeeId, $newPassword);
|
|
|
|
return true;
|
|
}
|