marko/cwsvJudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c332fcdcd88e908f2073f053c18b47fffa3dfa41
cwsvJudo/homepage/participo/lib/participoLib/participo.php
marko c332fcdcd8 added addStarter function to Event
2022-10-28 12:54:44 +02:00

614 lines
17 KiB
PHP
Raw Blame History

<?php
// require_once("spyc/Spyc.php");
class participo
{
private static $db = null;
private static $message = ['error' => null, 'success' => null, 'notice' => null];
private static $userId = null;
/**
* Returns the current login status
*
* The login status is stored in the session cookie. If it is not even set it means the login is invalid.
*
* @return The login status or false if none is set so far
*/
public static function isLoginValid()
{
return ($_SESSION['login'] ?? false);
}
/**
* A little Box with the login status as html entity
*
* @return string htmlEntity showing the login status
*/
public static function htmlLoginStatus()
{
return
'<div style="border: 1px solid black">' .
'Datum: ' . date('Y-m-d') . '<br />' .
'Angemeldet als <strong>' . htmlspecialchars($_SESSION['user']['username']) . '</strong>.<br />' .
'<a href="logout.php">Sitzung beenden</a>' .
'</div>';
}
/**
* Checks, if there already is a valid login, if not redirect to the login form
* @todo rename to authenticate
*
* @retval void
*/
public static function authentificate()
{
session_start();
if (!self::isLoginValid()) {
header('Location: login?returnToUrl=' . urlencode($_SERVER['REQUEST_URI'] . ($_POST['fragment'] ?? '')), true, 301);
exit(); // should'nt matter
}
participo::$userId = $_SESSION['user']['userId'];
}
public static function getMessages()
{
return self::$message;
}
public static function addMessage($type, $message)
{
self::$message[$type] = (self::$message[$type] ?? '') . $message;
}
/**
* check password for user
*
* @param string $loginName user who wants to get in
* @param string $password password for the user
*
* @retval true $password belongs to $loginName
* @retval false otherwise
*/
public static function checkCredentials($loginName, $password)
{
sleep(1); // just to discourage brute force attacks
// Check for dbConnection
if (!dbConnector::getDbConnection()) {
self::addMessage('error', '<div>No DbConnection available</div>');
return false;
}
// query *all* users with the entered name
// @todo check for e.g., len(user)=1
// @todo getUser?
$user = dbConnector::query(
'SELECT `id`, `loginName`, `pwHash`, `config` FROM `wkParticipo_Users` WHERE `loginName` = :loginName',
['loginName' => ['value' => $loginName, 'data_type' => PDO::PARAM_STR]]
);
$user = $user[0];
// If there is no such user OR the password isn't valid the login fails
if (empty($user) || !password_verify($password, $user['pwHash'])) {
sleep(5); // discourage brute force attacks
self::addMessage('error', '<div>Falsches Passwort oder LoginName</div>');
return false;
}
session_start();
// case valid login: Set the session data
$_SESSION = [
'login' => true,
'user' => [
'username' => $user['loginName'],
'userId' => $user['id'],
'userConfig' => json_decode($user['config'], true)
]
];
// Logging Logins
logLoginsToJsonFile($_SESSION['user']['username']);
self::addMessage('success', '<div>Anmeldung erfolgreich</div>');
return true;
}
/**
* Checks, if a user is an admin
*
* @param [type] $userId id of the user to check
* @retval true user with id $userId has attribute "isAdmin"
* @retval false otherwise
*/
public static function isUserAdmin($userId)
{
return self::hasUserAttribute($userId, 'isAdmin');
}
/**
* Checks, if a user as a certain attribute
*
* @param [type] $userId id of the user to check
* @param [type] $attributeName string name of the attribute to check
* @return boolean
*/
public static function hasUserAttribute($userId, $attributeName)
{
// sqlQuery: Select the user if it has the given attribute
$query = <<<SQL
SELECT `wkParticipo_user<=>userAttributes`.userId, `wkParticipo_userAttributes`.name
FROM `wkParticipo_user<=>userAttributes` LEFT JOIN `wkParticipo_userAttributes`
ON `wkParticipo_user<=>userAttributes`.`attributeId` = `wkParticipo_userAttributes`.`id`
WHERE `wkParticipo_userAttributes`.name = :attributeName AND userId=:userId;
SQL;
$params = [
':userId' => ['value' => $userId, 'data_type' => PDO::PARAM_INT],
':attributeName' => ['value' => $attributeName, 'data_type' => PDO::PARAM_STR]
];
$attributedUsers = dbConnector::query($query, $params);
// Since the id should be unique, there should only be one result this is just for dealing with empty arrays
foreach ($attributedUsers as $u) {
if ($u['userId'] == $userId) {
return true;
}
}
return false;
}
public static function getEventStarter($sinceDate = null)
{
$userId = $_SESSION['user']['userId'];
if (!$sinceDate) {
$sinceDate = 'CURDATE()';
} else {
$sinceDate = 'DATE("' . $sinceDate . '")';
}
$query = <<<SQL
SELECT
`wkParticipo_Events`.`date` as eventDate
, `wkParticipo_Starter`.`id` as starterId
, `wkParticipo_Users`.`name` as userName
, `wkParticipo_Users`.`vorname` as userFirstname
, `wettkampfkalender`.`veranstaltung` as eventName
FROM `wkParticipo_Starter`
LEFT JOIN `wkParticipo_Users` ON `wkParticipo_Starter`.`userId` = `wkParticipo_Users`.`id`
LEFT JOIN `wkParticipo_Events` ON `wkParticipo_Starter`.`eventId` = `wkParticipo_Events`.`id`
LEFT JOIN `wettkampfkalender` ON `wkParticipo_Events`.`wkId` = `wettkampfkalender`.`lfdeNr`
LEFT JOIN `vormundschaft` ON `wkParticipo_Users`.`id` = `vormundschaft`.`kidId`
WHERE `wkParticipo_Events`.`date` >= $sinceDate AND `vormundschaft`.`userId` = $userId
ORDER BY `wkParticipo_Events`.`date` DESC;
SQL;
$commingStarts = dbConnector::query($query);
return $commingStarts;
}
}
/**
* Action element of an MaterializeCss (App-)card
*/
class AppCardAction
{
private $caption = null; //< Caption for the action
private $link = '.'; //< link for the action
/**
* Constructor for the AppAction
*
* @param string $caption caption for the action
* @param string $link link to the action
*/
public function __construct($caption, $link = '.')
{
//! @todo input sanitation
$this->link = $link;
$this->caption = $caption;
}
/**
* Create htmlCode for the action
*
* @return string with htmlCode of the action
*/
public function htmlCode()
{
return '<a href="' . $this->link . '">' . $this->caption . '</a>';
}
/**
* Create AppCardAction from assoziative array
*
* @param array $member array with the member values
* @return AppCardAction
*/
public static function fromArray($member)
{
$caption = $member['caption'] ?? null;
$link = $member['link'] ?? '.';
return new AppCardAction($caption, $link);
}
}
/**
* MaterializeCss card for an App
*/
class AppCard
{
private $title = ''; //< title of the card
private $description = ''; //< description of the App
private $link = null; //< link for the card-content
private $imgUrl = null; //< url for an image right under the title
private $actionList = []; //< list of actions for the bottom of the card
/**
* Constructor for the AppCard
*
* @param string $title title of the card
* @param string $description description of the card
* @param string $link link for the card-content
* @param string $imgUrl url for an image right under the title
* @param array $actionList list of actions at the bottom of the card
*/
public function __construct($title, $description, $link = null, $imgUrl = null, $actionList = [])
{
//! @todo input sanitation
$this->title = $title;
$this->description = $description;
$this->link = $link;
$this->imgUrl = $imgUrl;
$this->actionList = $actionList;
}
/**
* Create htmlCode for the AppCard
*
* @return string html code for the AppCard
*/
public function htmlCode($options = [])
{
$extraClass = $options['extraClass'] ?? '';
$actionListCode = '';
foreach ($this->actionList as $a) {
$actionListCode .= $a->htmlCode();
}
return
'<div style="padding:1%;" class="col s12 m6 ' . $extraClass . '">' .
'<div style="margin:1%;" class="card blue-grey darken-1">' .
'<div class="card-content white-text">' .
(($this->link != null) ? ('<a href="' . $this->link . '">') : ('')) . '<span class="card-title">' . $this->title . '</span>' . (($this->link != null) ? ('</a>') : ('')) .
(($this->imgUrl != null) ? ('<img alt="' . $this->title . '" style="display:block;margin-left:auto;margin-right:auto;max-height:10vh;" class="responsive-img" src="' . $this->imgUrl . '" />') : ('')) .
'<p>' . $this->description . '</p>' .
'</div>' .
'<div class="card-action">' . $actionListCode . '</div>' .
'</div>' .
'</div>';
}
/**
* Create AppCard from an associative array
*
* @param array $member array with member as keys and values as the member values
* @return AppCard from array values
*/
public static function fromArray($member)
{
$title = $member['title'] ?? '';
$description = $member['description'] ?? '';
$link = $member['link'] ?? null;
$imgUrl = $member['imgUrl'] ?? null;
$actionList = $member['actions'] ?? [];
return new AppCard($title, $description, $link, $imgUrl, $actionList);
}
}
/**
* Generate a html table of the last logins of the users
*
* @param string $jsonFileName path to the json file with the logged logins
* @return string Html table of users last logins
*/
function lastLoginTable($jsonFileName = 'lastLogins.json')
{
$lastLogins = json_decode(file_get_contents($jsonFileName), true);
$lastLoginsTable =
'<table>' .
'<thead><tr><th>userName</th><th>lastLogins</th></tr></thead>' .
'<tbody>';
foreach ($lastLogins as $userName => $lastLogins) {
$lastLoginsTable .=
'<tr><td>' . $userName . '</td><td>' . $lastLogins['lastLogins'][0] . '</td></tr>';
}
$lastLoginsTable .= '</tbody></table>';
return $lastLoginsTable;
}
/// Eine Fehler/Warnung/Notiz/Erfolgsmeldung als divBox im String zurückgeben
function htmlRetMessage($anRetMessage)
{
$retHtmlString = '';
if (!empty($anRetMessage)) {
$retHtmlString .= '<div style="border: 1px solid;">';
if (!empty($anRetMessage['error'])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= 'ERROR:<br />';
$retHtmlString .= $anRetMessage['error'];
$retHtmlString .= '</div>';
}
if (!empty($anRetMessage['warning'])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= 'WARNING:<br />';
$retHtmlString .= $anRetMessage['warning'];
$retHtmlString .= '</div>';
}
if (!empty($anRetMessage['notice'])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= 'Info:<br />';
$retHtmlString .= $anRetMessage['notice'];
$retHtmlString .= '</div>';
}
if (!empty($anRetMessage['success'])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= 'SUCCESS:<br />';
$retHtmlString .= $anRetMessage['success'];
$retHtmlString .= '</div>';
}
$retHtmlString .= '</div>';
}
return $retHtmlString;
}
/**
* load a MarkdownFile with yaml header
*
* @param string $fileName filename of the markdown file
* @return array assocative array('yaml'=>array(..), 'mdText'=>string) containing the yamlHeader as associative array and the markdown text as string
*/
function loadMarkdownFile($fileName)
{
// load the whole file
$fileText = file_get_contents($fileName);
// split at '---' to get ((),yamls,array)
$fileParts = preg_split('/[\n]*[-]{3}[\n]/', $fileText, 3);
// not all mdfiles have a yamlHeader, so the mdText can be at different indices
$yaml = [];
$mdText = '';
switch(count($fileParts)) {
case 1:{
$mdText = $fileParts[0];
break;
}
case 3:{
$yaml = Spyc::YAMLLoadString($fileParts[1]);
$mdText = $fileParts[2];
break;
}
default:{
$mdText = $fileText;
}
}
// get a title, if none is in the markdown
if (!array_key_exists('title', $yaml)) {
// find the first heading, set it as header and remove it from the markdown
if (preg_match('/^#(.*)$/m', $mdText, $matches)) {
$yaml['title'] = $matches[1];
$mdText = preg_replace('/^#(.*)$/m', '', $mdText, 1);
} else {
// fallback for the title, if not even one heading is found
$yaml['title'] = '<fehlender Titel>';
}
}
return [
'yaml' => $yaml, 'mdText' => $mdText
];
}
/**
* Log the Login of an user into a logFile
*
* @param string $userName name of the user
* @param string $fileName filename to log to
* @return void
*/
function logLoginsToJsonFile($userName, $fileName = 'lastLogins.json')
{
try {
$lastLogins = json_decode(file_get_contents($fileName), true);
if ($lastLogins == null) {
return;
}
if (!array_key_exists($userName, $lastLogins)) {
$lastLogins[$userName] = [];
}
if (!array_key_exists('lastLogins', $lastLogins[$userName])) {
$lastLogins[$userName]['lastLogins'] = [];
}
$lastLogins[$userName]['lastLogins'] = array_merge([date('Y-m-d H:i:s')], $lastLogins[$userName]['lastLogins']);
file_put_contents($fileName, json_encode($lastLogins));
} catch (Exception $e) {
// silently ignore errors
}
}
/**
* interface for connecting and communicating with a database
*/
class dbConnector
{
private static $db = null;
// connect to the database
public static function connect($hostname, $dbName, $user, $password)
{
return self::setDbConnection(self::connectToPdo($hostname, $dbName, $user, $password));
}
public static function getDbConnection()
{
return self::$db;
}
/// perform a pdo-query
///
/// @param $aQueryString
/// @param $aBindArray e.g. array(
/// ':userId' => array('value'=>$anUserId, 'data_type'=>PDO::PARAM_INT),
/// ':attributeId'=> array('value'=>$anAttributeId, 'data_type'=>PDO::PARAM_INT) )
/// @param $someOption
public static function query($aQueryString, $aBindArray = [], $someOptions = [])
{
// Standardbelegungen
if (empty($someOptions['dbCharset'])) {
$someOptions['dbCharset'] = 'ISO-8859-1';
}
if (empty($someOptions['outCharset'])) {
$someOptions['outCharset'] = 'UTF-8';
}
if (empty($someOptions['dontFetch'])) {
$someOptions['dontFetch'] = false;
}
/// @toDo: Bisher wird nur die Rückgabe konvertiert. Eigentlich muss
/// doch auch die Eingabe konvertiert werden. Aber das jetzt
/// umzustellen wird schwer! Die User im Wettkampfplaner sind ja z.B.
/// als UTF8 in latin1(?) gespeichert.
/// @toDo: Die Standardwerte sollten vielleicht aus einer config
/// kommen, nicht hardcoded
try {
$pdoStatement = self::$db->prepare($aQueryString);
foreach ($aBindArray as $bindName => $bind) {
if ($bind['data_type'] == PDO::PARAM_STR) {
$bind['value'] = iconv(
$someOptions['outCharset'],
$someOptions['dbCharset'],
$bind['value']
);
}
$pdoStatement->bindValue(
$bindName,
$bind['value'],
(isset($bind['data_type']) ? $bind['data_type'] : PDO::PARAM_STR)
);
}
$pdoResult = $pdoStatement->execute();
if (!$pdoResult) {
echo("Error during dbQuery!\n");
echo("DB-Error:\n");
var_dump(self::$db->errorInfo());
}
if ($someOptions['dontFetch']) {
$ret = null;
} else {
$ret = $pdoStatement->fetchAll(PDO::FETCH_ASSOC);
}
} catch(PDOException $db_error) {
print 'Error!: ' . $db_error->getMessage() . '<br/>';
return null;
}
// Zeichensatzkonvertierung
if (is_array($ret)) {
foreach ($ret as &$entry) {
array_walk(
$entry,
function (&$value, $key, $someOptions) {
$value = iconv($someOptions['dbCharset'], $someOptions['outCharset'], $value);
},
$someOptions
);
}
}
return $ret;
}
// get a Connection to the database
private static function connectToPdo($hostname, $dbName, $user, $password)
{
$dbConnection = null;
try {
$dbConnection = new PDO(
'mysql:host=' . $hostname . ';dbname=' . $dbName,
$user,
$password
);
} catch(PDOException $dbError) {
echo('Error whilst getting a dbConnection!: ' . $dbError->getMessage());
}
return $dbConnection;
}
// set the dbConnection (just setting, no establishing)
private static function setDbConnection($dbConnection)
{
$success = false;
if ($dbConnection instanceof PDO) {
self::$db = $dbConnection;
$success = true;
} else {
self::$db = null;
}
}
}
/**
* User for the Participo system
*/
class User
{
private $id;
private $loginName;
private $name;
private $firstName;
private $dateOfBirth;
private $eMail;
public function __construct($id, $loginName, $name, $firstName, $dateOfBirth, $eMail)
{
$this->id = (int) id;
$this->loginName = $loginName;
$this->name = $name;
$this->firstName = $firstName;
$this->dateOfBirth = $dateOfBirth != null ? DateTime::createFromFormat('Y-m-d', $dateOfBirth) : null;
$this->eMail = $eMail;
}
/**
* Create a User from an assoziative array like it is returned from db requests
*
* @param array $member associative array with the UserData from the dbRequest
* @return User initialized user
*/
public static function fromDbArray($member)
{
return new User(
$member['id'] ?? null,
$member['loginName'] ?? null,
$member['name'] ?? null,
$member['vorname'] ?? null,
$member['gebDatum'] ?? null,
array_key_exist('eMail', $member) ? explode(',', $member['eMail']) : null
);
}
/**
* Export the User data into an associative array
*/
public function toAssoc()
{
return [
'id' => $this->id,
'loginName' => $this->loginName,
'name' => $this->name,
'vorname' => $this->firstName,
'gebDatum' => $this->dateOfBirth,
'eMail' => $this->eMail];
}
public function loadFromDb($dbConn, $id)
{
$this->set(
loadUserDataFromDb($dbConn, $id)
);
}
}
Reference in New Issue View Git Blame Copy Permalink