524 lines
15 KiB
PHP
524 lines
15 KiB
PHP
<?php
|
|
|
|
require_once 'participoLib/dbConnector.php';
|
|
// require_once("spyc/Spyc.php");
|
|
|
|
class participo
|
|
{
|
|
private static $db = null;
|
|
private static $message = ['error' => null, 'success' => null, 'notice' => null];
|
|
private static $userId = null;
|
|
|
|
/**
|
|
* Returns the current login status
|
|
*
|
|
* The login status is stored in the session cookie. If it is not even set it means the login is invalid.
|
|
*
|
|
* @return The login status or false if none is set so far
|
|
*/
|
|
public static function isLoginValid()
|
|
{
|
|
return ($_SESSION['login'] ?? false);
|
|
}
|
|
|
|
/**
|
|
* A little Box with the login status as html entity
|
|
*
|
|
* @return string htmlEntity showing the login status
|
|
*/
|
|
public static function htmlLoginStatus()
|
|
{
|
|
return
|
|
'<div style="border: 1px solid black">' .
|
|
'Datum: ' . date('Y-m-d') . '<br />' .
|
|
'Angemeldet als <strong>' . htmlspecialchars($_SESSION['user']['username']) . '</strong>.<br />' .
|
|
'<a href="logout.php">Sitzung beenden</a>' .
|
|
'</div>';
|
|
}
|
|
|
|
/**
|
|
* Checks, if there already is a valid login, if not redirect to the login form
|
|
* @todo rename to authenticate
|
|
*
|
|
* @retval void
|
|
*/
|
|
public static function authentificate()
|
|
{
|
|
session_start();
|
|
|
|
// check if an api key was received
|
|
if (array_key_exists('apiKey', $_GET)) {
|
|
$key = ApiKey::loadFromDb($_GET['apiKey']);
|
|
if ($key) {
|
|
if ($key->isValidFor('login')) {
|
|
// query *all* users with the entered name
|
|
// @todo check for e.g., len(user)=1
|
|
// @todo getUser?
|
|
$user = dbConnector::query(
|
|
'SELECT `id`, `loginName`, `config` FROM `wkParticipo_Users` WHERE `id` = :id',
|
|
['id' => ['value' => $key->getUserId(), 'data_type' => PDO::PARAM_INT]]
|
|
);
|
|
$user = $user[0];
|
|
|
|
// case valid login: Set the session data
|
|
$_SESSION = [
|
|
'login' => true,
|
|
'user' => [
|
|
'username' => $user['loginName'],
|
|
'userId' => $user['id'],
|
|
'userConfig' => json_decode($user['config'], true)
|
|
]
|
|
];
|
|
};
|
|
}
|
|
}
|
|
|
|
if (!self::isLoginValid()) {
|
|
header('Location: login?returnToUrl=' . urlencode($_SERVER['REQUEST_URI'] . ($_POST['fragment'] ?? '')), true, 301);
|
|
exit(); // should'nt matter
|
|
}
|
|
participo::$userId = $_SESSION['user']['userId'];
|
|
}
|
|
|
|
public static function getMessages()
|
|
{
|
|
return self::$message;
|
|
}
|
|
|
|
public static function addMessage($type, $message)
|
|
{
|
|
self::$message[$type] = (self::$message[$type] ?? '') . $message;
|
|
}
|
|
|
|
/**
|
|
* check password for user
|
|
*
|
|
* @param string $loginName user who wants to get in
|
|
* @param string $password password for the user
|
|
*
|
|
* @retval true $password belongs to $loginName
|
|
* @retval false otherwise
|
|
*/
|
|
public static function checkCredentials($loginName, $password)
|
|
{
|
|
sleep(1); // just to discourage brute force attacks
|
|
// Check for dbConnection
|
|
if (!dbConnector::getDbConnection()) {
|
|
self::addMessage('error', '<div>No DbConnection available</div>');
|
|
return false;
|
|
}
|
|
|
|
// query *all* users with the entered name
|
|
// @todo check for e.g., len(user)=1
|
|
// @todo getUser?
|
|
$user = dbConnector::query(
|
|
'SELECT `id`, `loginName`, `pwHash`, `config` FROM `wkParticipo_Users` WHERE `loginName` = :loginName',
|
|
['loginName' => ['value' => $loginName, 'data_type' => PDO::PARAM_STR]]
|
|
);
|
|
$user = $user[0];
|
|
|
|
// If there is no such user OR the password isn't valid the login fails
|
|
if (empty($user) || !password_verify($password, $user['pwHash'])) {
|
|
sleep(5); // discourage brute force attacks
|
|
self::addMessage('error', '<div>Falsches Passwort oder LoginName</div>');
|
|
return false;
|
|
}
|
|
|
|
session_start();
|
|
// case valid login: Set the session data
|
|
$_SESSION = [
|
|
'login' => true,
|
|
'user' => [
|
|
'username' => $user['loginName'],
|
|
'userId' => $user['id'],
|
|
'userConfig' => json_decode($user['config'], true)
|
|
]
|
|
];
|
|
|
|
// Logging Logins
|
|
logLoginsToJsonFile($_SESSION['user']['username']);
|
|
|
|
self::addMessage('success', '<div>Anmeldung erfolgreich</div>');
|
|
return true;
|
|
}
|
|
|
|
/**
|
|
* Checks, if a user is an admin
|
|
*
|
|
* @param [type] $userId id of the user to check
|
|
* @retval true user with id $userId has attribute "isAdmin"
|
|
* @retval false otherwise
|
|
*/
|
|
public static function isUserAdmin($userId)
|
|
{
|
|
return self::hasUserAttribute($userId, 'isAdmin');
|
|
}
|
|
|
|
/**
|
|
* Checks, if a user as a certain attribute
|
|
*
|
|
* @param [type] $userId id of the user to check
|
|
* @param [type] $attributeName string name of the attribute to check
|
|
* @return boolean
|
|
*/
|
|
public static function hasUserAttribute($userId, $attributeName)
|
|
{
|
|
// sqlQuery: Select the user if it has the given attribute
|
|
$query = <<<SQL
|
|
SELECT `wkParticipo_user<=>userAttributes`.userId, `wkParticipo_userAttributes`.name
|
|
FROM `wkParticipo_user<=>userAttributes` LEFT JOIN `wkParticipo_userAttributes`
|
|
ON `wkParticipo_user<=>userAttributes`.`attributeId` = `wkParticipo_userAttributes`.`id`
|
|
WHERE `wkParticipo_userAttributes`.name = :attributeName AND userId=:userId;
|
|
SQL;
|
|
$params = [
|
|
':userId' => ['value' => $userId, 'data_type' => PDO::PARAM_INT],
|
|
':attributeName' => ['value' => $attributeName, 'data_type' => PDO::PARAM_STR]
|
|
];
|
|
$attributedUsers = dbConnector::query($query, $params);
|
|
// Since the id should be unique, there should only be one result this is just for dealing with empty arrays
|
|
foreach ($attributedUsers as $u) {
|
|
if ($u['userId'] == $userId) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|
|
|
|
public static function getEventStarter($sinceDate = null)
|
|
{
|
|
$userId = $_SESSION['user']['userId'];
|
|
if (!$sinceDate) {
|
|
$sinceDate = 'CURDATE()';
|
|
} else {
|
|
$sinceDate = 'DATE("' . $sinceDate . '")';
|
|
}
|
|
$query = <<<SQL
|
|
SELECT
|
|
`wkParticipo_Events`.`date` as eventDate
|
|
, `wkParticipo_Starter`.`id` as starterId
|
|
, `wkParticipo_Users`.`name` as userName
|
|
, `wkParticipo_Users`.`vorname` as userFirstname
|
|
, `wettkampfkalender`.`veranstaltung` as eventName
|
|
FROM `wkParticipo_Starter`
|
|
LEFT JOIN `wkParticipo_Users` ON `wkParticipo_Starter`.`userId` = `wkParticipo_Users`.`id`
|
|
LEFT JOIN `wkParticipo_Events` ON `wkParticipo_Starter`.`eventId` = `wkParticipo_Events`.`id`
|
|
LEFT JOIN `wettkampfkalender` ON `wkParticipo_Events`.`wkId` = `wettkampfkalender`.`lfdeNr`
|
|
LEFT JOIN `vormundschaft` ON `wkParticipo_Users`.`id` = `vormundschaft`.`kidId`
|
|
WHERE `wkParticipo_Events`.`date` >= $sinceDate AND `vormundschaft`.`userId` = $userId
|
|
ORDER BY `wkParticipo_Events`.`date` DESC;
|
|
SQL;
|
|
$commingStarts = dbConnector::query($query);
|
|
|
|
return $commingStarts;
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Action element of an MaterializeCss (App-)card
|
|
*/
|
|
class AppCardAction
|
|
{
|
|
private $caption = null; //< Caption for the action
|
|
private $link = '.'; //< link for the action
|
|
|
|
/**
|
|
* Constructor for the AppAction
|
|
*
|
|
* @param string $caption caption for the action
|
|
* @param string $link link to the action
|
|
*/
|
|
public function __construct($caption, $link = '.')
|
|
{
|
|
//! @todo input sanitation
|
|
$this->link = $link;
|
|
$this->caption = $caption;
|
|
}
|
|
|
|
/**
|
|
* Create htmlCode for the action
|
|
*
|
|
* @return string with htmlCode of the action
|
|
*/
|
|
public function htmlCode()
|
|
{
|
|
return '<a href="' . $this->link . '">' . $this->caption . '</a>';
|
|
}
|
|
|
|
/**
|
|
* Create AppCardAction from assoziative array
|
|
*
|
|
* @param array $member array with the member values
|
|
* @return AppCardAction
|
|
*/
|
|
public static function fromArray($member)
|
|
{
|
|
$caption = $member['caption'] ?? null;
|
|
$link = $member['link'] ?? '.';
|
|
return new AppCardAction($caption, $link);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* MaterializeCss card for an App
|
|
*/
|
|
class AppCard
|
|
{
|
|
private $title = ''; //< title of the card
|
|
private $description = ''; //< description of the App
|
|
private $link = null; //< link for the card-content
|
|
private $imgUrl = null; //< url for an image right under the title
|
|
private $actionList = []; //< list of actions for the bottom of the card
|
|
|
|
/**
|
|
* Constructor for the AppCard
|
|
*
|
|
* @param string $title title of the card
|
|
* @param string $description description of the card
|
|
* @param string $link link for the card-content
|
|
* @param string $imgUrl url for an image right under the title
|
|
* @param array $actionList list of actions at the bottom of the card
|
|
*/
|
|
public function __construct($title, $description, $link = null, $imgUrl = null, $actionList = [])
|
|
{
|
|
//! @todo input sanitation
|
|
$this->title = $title;
|
|
$this->description = $description;
|
|
$this->link = $link;
|
|
$this->imgUrl = $imgUrl;
|
|
$this->actionList = $actionList;
|
|
}
|
|
|
|
/**
|
|
* Create htmlCode for the AppCard
|
|
*
|
|
* @return string html code for the AppCard
|
|
*/
|
|
public function htmlCode($options = [])
|
|
{
|
|
$extraClass = $options['extraClass'] ?? '';
|
|
$actionListCode = '';
|
|
foreach ($this->actionList as $a) {
|
|
$actionListCode .= $a->htmlCode();
|
|
}
|
|
return
|
|
'<div style="padding:1%;" class="col s12 m6 ' . $extraClass . '">' .
|
|
'<div style="margin:1%;" class="card blue-grey darken-1">' .
|
|
'<div class="card-content white-text">' .
|
|
(($this->link != null) ? ('<a href="' . $this->link . '">') : ('')) . '<span class="card-title">' . $this->title . '</span>' . (($this->link != null) ? ('</a>') : ('')) .
|
|
(($this->imgUrl != null) ? ('<img alt="' . $this->title . '" style="display:block;margin-left:auto;margin-right:auto;max-height:10vh;" class="responsive-img" src="' . $this->imgUrl . '" />') : ('')) .
|
|
'<p>' . $this->description . '</p>' .
|
|
'</div>' .
|
|
'<div class="card-action">' . $actionListCode . '</div>' .
|
|
'</div>' .
|
|
'</div>';
|
|
}
|
|
|
|
/**
|
|
* Create AppCard from an associative array
|
|
*
|
|
* @param array $member array with member as keys and values as the member values
|
|
* @return AppCard from array values
|
|
*/
|
|
public static function fromArray($member)
|
|
{
|
|
$title = $member['title'] ?? '';
|
|
$description = $member['description'] ?? '';
|
|
$link = $member['link'] ?? null;
|
|
$imgUrl = $member['imgUrl'] ?? null;
|
|
$actionList = $member['actions'] ?? [];
|
|
|
|
return new AppCard($title, $description, $link, $imgUrl, $actionList);
|
|
}
|
|
}
|
|
|
|
/**
|
|
* Generate a html table of the last logins of the users
|
|
*
|
|
* @param string $jsonFileName path to the json file with the logged logins
|
|
* @return string Html table of users last logins
|
|
*/
|
|
function lastLoginTable($jsonFileName = 'lastLogins.json')
|
|
{
|
|
$lastLogins = json_decode(file_get_contents($jsonFileName), true);
|
|
$lastLoginsTable =
|
|
'<table>' .
|
|
'<thead><tr><th>userName</th><th>lastLogins</th></tr></thead>' .
|
|
'<tbody>';
|
|
foreach ($lastLogins as $userName => $lastLogins) {
|
|
$lastLoginsTable .=
|
|
'<tr><td>' . $userName . '</td><td>' . $lastLogins['lastLogins'][0] . '</td></tr>';
|
|
}
|
|
$lastLoginsTable .= '</tbody></table>';
|
|
return $lastLoginsTable;
|
|
}
|
|
|
|
/// Eine Fehler/Warnung/Notiz/Erfolgsmeldung als divBox im String zurückgeben
|
|
function htmlRetMessage($anRetMessage)
|
|
{
|
|
$retHtmlString = '';
|
|
if (!empty($anRetMessage)) {
|
|
$retHtmlString .= '<div style="border: 1px solid;">';
|
|
if (!empty($anRetMessage['error'])) {
|
|
$retHtmlString .= '<div style="border: 1px solid;">';
|
|
$retHtmlString .= 'ERROR:<br />';
|
|
$retHtmlString .= $anRetMessage['error'];
|
|
$retHtmlString .= '</div>';
|
|
}
|
|
if (!empty($anRetMessage['warning'])) {
|
|
$retHtmlString .= '<div style="border: 1px solid;">';
|
|
$retHtmlString .= 'WARNING:<br />';
|
|
$retHtmlString .= $anRetMessage['warning'];
|
|
$retHtmlString .= '</div>';
|
|
}
|
|
if (!empty($anRetMessage['notice'])) {
|
|
$retHtmlString .= '<div style="border: 1px solid;">';
|
|
$retHtmlString .= 'Info:<br />';
|
|
$retHtmlString .= $anRetMessage['notice'];
|
|
$retHtmlString .= '</div>';
|
|
}
|
|
if (!empty($anRetMessage['success'])) {
|
|
$retHtmlString .= '<div style="border: 1px solid;">';
|
|
$retHtmlString .= 'SUCCESS:<br />';
|
|
$retHtmlString .= $anRetMessage['success'];
|
|
$retHtmlString .= '</div>';
|
|
}
|
|
$retHtmlString .= '</div>';
|
|
}
|
|
return $retHtmlString;
|
|
}
|
|
|
|
/**
|
|
* load a MarkdownFile with yaml header
|
|
*
|
|
* @param string $fileName filename of the markdown file
|
|
* @return array assocative array('yaml'=>array(..), 'mdText'=>string) containing the yamlHeader as associative array and the markdown text as string
|
|
*/
|
|
function loadMarkdownFile($fileName)
|
|
{
|
|
// load the whole file
|
|
$fileText = file_get_contents($fileName);
|
|
// split at '---' to get ((),yamls,array)
|
|
$fileParts = preg_split('/[\n]*[-]{3}[\n]/', $fileText, 3);
|
|
// not all mdfiles have a yamlHeader, so the mdText can be at different indices
|
|
$yaml = [];
|
|
$mdText = '';
|
|
switch(count($fileParts)) {
|
|
case 1:{
|
|
$mdText = $fileParts[0];
|
|
break;
|
|
}
|
|
case 3:{
|
|
$yaml = Spyc::YAMLLoadString($fileParts[1]);
|
|
$mdText = $fileParts[2];
|
|
break;
|
|
}
|
|
default:{
|
|
$mdText = $fileText;
|
|
}
|
|
}
|
|
// get a title, if none is in the markdown
|
|
if (!array_key_exists('title', $yaml)) {
|
|
// find the first heading, set it as header and remove it from the markdown
|
|
if (preg_match('/^#(.*)$/m', $mdText, $matches)) {
|
|
$yaml['title'] = $matches[1];
|
|
$mdText = preg_replace('/^#(.*)$/m', '', $mdText, 1);
|
|
} else {
|
|
// fallback for the title, if not even one heading is found
|
|
$yaml['title'] = '<fehlender Titel>';
|
|
}
|
|
}
|
|
|
|
return [
|
|
'yaml' => $yaml, 'mdText' => $mdText
|
|
];
|
|
}
|
|
|
|
/**
|
|
* Log the Login of an user into a logFile
|
|
*
|
|
* @param string $userName name of the user
|
|
* @param string $fileName filename to log to
|
|
* @return void
|
|
*/
|
|
function logLoginsToJsonFile($userName, $fileName = 'lastLogins.json')
|
|
{
|
|
try {
|
|
$lastLogins = json_decode(file_get_contents($fileName), true);
|
|
if ($lastLogins == null) {
|
|
return;
|
|
}
|
|
if (!array_key_exists($userName, $lastLogins)) {
|
|
$lastLogins[$userName] = [];
|
|
}
|
|
if (!array_key_exists('lastLogins', $lastLogins[$userName])) {
|
|
$lastLogins[$userName]['lastLogins'] = [];
|
|
}
|
|
$lastLogins[$userName]['lastLogins'] = array_merge([date('Y-m-d H:i:s')], $lastLogins[$userName]['lastLogins']);
|
|
file_put_contents($fileName, json_encode($lastLogins));
|
|
} catch (Exception $e) {
|
|
// silently ignore errors
|
|
}
|
|
}
|
|
|
|
/**
|
|
* User for the Participo system
|
|
*/
|
|
class User
|
|
{
|
|
private $id;
|
|
private $loginName;
|
|
private $name;
|
|
private $firstName;
|
|
private $dateOfBirth;
|
|
private $eMail;
|
|
|
|
public function __construct($id, $loginName, $name, $firstName, $dateOfBirth, $eMail)
|
|
{
|
|
$this->id = (int) id;
|
|
$this->loginName = $loginName;
|
|
$this->name = $name;
|
|
$this->firstName = $firstName;
|
|
$this->dateOfBirth = $dateOfBirth != null ? DateTime::createFromFormat('Y-m-d', $dateOfBirth) : null;
|
|
$this->eMail = $eMail;
|
|
}
|
|
|
|
/**
|
|
* Create a User from an assoziative array like it is returned from db requests
|
|
*
|
|
* @param array $member associative array with the UserData from the dbRequest
|
|
* @return User initialized user
|
|
*/
|
|
public static function fromDbArray($member)
|
|
{
|
|
return new User(
|
|
$member['id'] ?? null,
|
|
$member['loginName'] ?? null,
|
|
$member['name'] ?? null,
|
|
$member['vorname'] ?? null,
|
|
$member['gebDatum'] ?? null,
|
|
array_key_exist('eMail', $member) ? explode(',', $member['eMail']) : null
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Export the User data into an associative array
|
|
*/
|
|
public function toAssoc()
|
|
{
|
|
return [
|
|
'id' => $this->id,
|
|
'loginName' => $this->loginName,
|
|
'name' => $this->name,
|
|
'vorname' => $this->firstName,
|
|
'gebDatum' => $this->dateOfBirth,
|
|
'eMail' => $this->eMail];
|
|
}
|
|
|
|
public function loadFromDb($dbConn, $id)
|
|
{
|
|
$this->set(
|
|
loadUserDataFromDb($dbConn, $id)
|
|
);
|
|
}
|
|
}
|