marko/cwsvJudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
ece0ef50251411703910512d15e68389d74d7140
cwsvJudo/homepage/participo/lib/participoLib/participo.php

567 lines
17 KiB
PHP
Raw Blame History

<?php
require_once 'participoLib/dbConnector.php';
require_once 'participoLib/user.php';
/**
* FrameWork for the participoApp
*/
class participo
{
private static $db = null;
private static $message = ['error' => null, 'success' => null, 'notice' => null];
private static $userId = null;
/** Returns the current login status
*
* The login status is stored in the session cookie. If it is not even set it means the login is invalid.
*
* @return bool true if the login status is true, false otherwise
*/
public static function isLoginValid()
{
return (isset($_SESSION) && array_key_exists('login', $_SESSION) && $_SESSION['login'] == true);
}
public static function getSessionUserId()
{
$userId = null;
if (isset($_SESSION) && array_key_exists('user', $_SESSION) && array_key_exists('userId', $_SESSION['user'])) {
$userId = $_SESSION['user']['userId'];
}
return $userId;
}
/** Remove all login data from the session data
*
* @return void
*/
public static function logout()
{
foreach (['login', 'user'] as $key) {
unset($_SESSION[$key]);
}
}
/** A little Box with the login status as html entity
*
* @return string htmlEntity showing the login status
*/
public static function htmlLoginStatus()
{
return
'<div style="border: 1px solid black">' .
'Datum: ' . date('Y-m-d') . '<br />' .
'Eingeloggt als <strong>' . htmlspecialchars($_SESSION['user']['username']) . '</strong>.<br />' .
'<a href="logout.php">Sitzung beenden</a>' .
'</div>';
}
/** Checking if an action is allowed. A present apiKey overrides (and deletes) a present login.
*
* 1. If apiKey is present:
* - chancel current login
* - If apiKey is valid for requested action:
* - set some session data
* - return
* 2. If there is a valid Login session:
* - return
* 3. redirect to Login Page
*
* @todo rename to authenticate (authorize?)
*
* @param $action the action we want to get authorized for (default=['login'])
*
* @retval void
*/
public static function authentificate($action = ['login'])
{
// Ensure a session is started
session_start();
// check if an apiKey was received
if (array_key_exists('apiKey', $_GET)) {
self::logout();
$key = ApiKey::loadFromDb($_GET['apiKey']);
if (isset($key) && $key->isValidFor($action)) {
$user = User::loadFromDb($key->getUserId());
// case valid login: Set the session data
$_SESSION = [
'login' => true, //false,
'apiKey' => $key->getKey(),
'user' => [
'username' => $user->getLoginName(),
'userId' => $user->getId(),
'userConfig' => $user->getConfig(),
]
];
// we're not logged in, but authorized for the stuff we want to do. So don't redirect
return;
};
}
// if not returned yet: no login, no valid apiKey -> redirect to login page
if (!self::isLoginValid()) {
header('Location: login?returnToUrl=' . urlencode($_SERVER['REQUEST_URI'] . ($_POST['fragment'] ?? '')), true, 301);
exit(); // shouldn't matter
}
}
public static function getMessages()
{
return self::$message;
}
public static function addMessage($type, $message)
{
self::$message[$type] = (self::$message[$type] ?? '') . $message;
}
/** check password for user
*
* @param string $loginName user who wants to get in
* @param string $password password for the user
*
* @retval true $password belongs to $loginName
* @retval false otherwise
*/
public static function checkCredentials($loginName, $password)
{
sleep(1); // just to discourage brute force attacks
// Check for dbConnection
if (!dbConnector::getDbConnection()) {
self::addMessage('error', '<div>No DbConnection available</div>');
return false;
}
$user = User::loadFromDbByLoginName($loginName);
// If there is no such user OR the password isn't valid the login fails
if ($user == null || !$user->verifyPassword($password)) {
sleep(5); // discourage brute force attacks
self::addMessage('error', '<div>Falsches Passwort oder LoginName</div>');
return false;
}
session_start();
// case valid login: Set the session data
$_SESSION = [
'login' => true,
'user' => [
'username' => $user->getLoginName(),
'userId' => $user->getId(),
'userConfig' => json_decode($user->getConfig(), true)
]
];
// Logging Logins
logLoginsToJsonFile($_SESSION['user']['username']);
self::addMessage('success', '<div>Anmeldung erfolgreich</div>');
return true;
}
/** Checks, if a user is an admin
*
* @param [type] $userId id of the user to check
* @retval true user with id $userId has attribute "isAdmin"
* @retval false otherwise
*/
public static function isUserAdmin($userId)
{
return self::hasUserAttribute($userId, 'isAdmin');
}
public static function getKids($userId = null)
{
$userId = $userId ?? $_SESSION['user']['userId'] ?? null;
$query =
'SELECT * FROM `wkParticipo_Users` '
. 'INNER JOIN `vormundschaft` ON `wkParticipo_Users`.`id` = `vormundschaft`.`kidId` '
. 'WHERE `vormundschaft`.`userId` = :userId;';
$params = [':userId' => ['value' => $userId, 'data_type' => PDO::PARAM_INT]];
$response = dbConnector::query($query, $params);
$kids = [];
foreach ($response as $r) {
$kids[] = User::fromDbArray($r, ['id' => 'kidId']);
}
return $kids;
}
/** Check if one user is ward of another
*
* @param integer $kidId ID of the ward
* @param integer|null $userId ID of the guardian, if null it is tried to read it from the session data
* @return boolean true if kid is ward of user, false otherwise
*/
public static function isWardOf(int $kidId, int $userId = null)
{
// Try to get the Guard from the session data.
$userId = $userId ?? $_SESSION['user']['userId'] ?? null;
$query = 'SELECT `kidId` FROM `vormundschaft` WHERE `userId` = :userId AND `kidId` = :kidId;';
$params = [
':userId' => ['value' => $userId, 'data_type' => PDO::PARAM_INT],
':kidId' => ['value' => $kidId, 'data_type' => PDO::PARAM_INT]
];
$response = dbConnector::query($query, $params);
return (count($response) >= 1);
}
/** Checks, if a user as a certain attribute
*
* @param [type] $userId id of the user to check
* @param [type] $attributeName string name of the attribute to check
* @return boolean
*/
public static function hasUserAttribute($userId, $attributeName)
{
// sqlQuery: Select the user if it has the given attribute
$query = <<<SQL
SELECT `wkParticipo_user<=>userAttributes`.userId, `wkParticipo_userAttributes`.name
FROM `wkParticipo_user<=>userAttributes` LEFT JOIN `wkParticipo_userAttributes`
ON `wkParticipo_user<=>userAttributes`.`attributeId` = `wkParticipo_userAttributes`.`id`
WHERE `wkParticipo_userAttributes`.name = :attributeName AND userId=:userId;
SQL;
$params = [
':userId' => ['value' => $userId, 'data_type' => PDO::PARAM_INT],
':attributeName' => ['value' => $attributeName, 'data_type' => PDO::PARAM_STR]
];
$attributedUsers = dbConnector::query($query, $params);
// Since the id should be unique, there should only be one result this is just for dealing with empty arrays
foreach ($attributedUsers as $u) {
if ($u['userId'] == $userId) {
return true;
}
}
return false;
}
public static function getEventStarter($sinceDate = null)
{
$userId = $_SESSION['user']['userId'];
if (!$sinceDate) {
$sinceDate = 'CURDATE()';
} else {
$sinceDate = 'DATE("' . $sinceDate . '")';
}
$query = <<<SQL
SELECT
`wkParticipo_Events`.`date` as eventDate
, `wkParticipo_Starter`.`id` as starterId
, `wkParticipo_Users`.`name` as userName
, `wkParticipo_Users`.`vorname` as userFirstname
, `wettkampfkalender`.`veranstaltung` as eventName
FROM `wkParticipo_Starter`
LEFT JOIN `wkParticipo_Users` ON `wkParticipo_Starter`.`userId` = `wkParticipo_Users`.`id`
LEFT JOIN `wkParticipo_Events` ON `wkParticipo_Starter`.`eventId` = `wkParticipo_Events`.`id`
LEFT JOIN `wettkampfkalender` ON `wkParticipo_Events`.`wkId` = `wettkampfkalender`.`lfdeNr`
LEFT JOIN `vormundschaft` ON `wkParticipo_Users`.`id` = `vormundschaft`.`kidId`
WHERE `wkParticipo_Events`.`date` >= $sinceDate AND `vormundschaft`.`userId` = $userId
ORDER BY `wkParticipo_Events`.`date` DESC;
SQL;
$comingStarts = dbConnector::query($query);
return $comingStarts;
}
}
/** Action element of an MaterializeCss (App-)card
*/
class AppCardAction
{
private $caption = null; //< Caption for the action
private $link = '.'; //< link for the action
/** Constructor for the AppAction
*
* @param string $caption caption for the action
* @param string $link link to the action
*/
public function __construct($caption, $link = '.')
{
//! @todo input sanitation
$this->link = $link;
$this->caption = $caption;
}
/** Create htmlCode for the action
*
* @return string with htmlCode of the action
*/
public function htmlCode()
{
return '<a href="' . $this->link . '">' . $this->caption . '</a>';
}
/** Create AppCardAction from assoziative array
*
* @param array $member array with the member values
* @return AppCardAction
*/
public static function fromArray($member)
{
$caption = $member['caption'] ?? null;
$link = $member['link'] ?? '.';
return new AppCardAction($caption, $link);
}
}
/** MaterializeCss card for an App
*/
class AppCard
{
private $title = ''; //< title of the card
private $description = ''; //< description of the App
private $link = null; //< link for the card-content
private $imgUrl = null; //< url for an image right under the title
private $actionList = []; //< list of actions for the bottom of the card
/**
* Constructor for the AppCard
*
* @param string $title title of the card
* @param string $description description of the card
* @param string $link link for the card-content
* @param string $imgUrl url for an image right under the title
* @param array $actionList list of actions at the bottom of the card
*/
public function __construct($title, $description, $link = null, $imgUrl = null, $actionList = [])
{
//! @todo input sanitation
$this->title = $title;
$this->description = $description;
$this->link = $link;
$this->imgUrl = $imgUrl;
$this->actionList = $actionList;
}
/**
* Create htmlCode for the AppCard
*
* @return string html code for the AppCard
*/
public function htmlCode($options = [])
{
$extraClass = $options['extraClass'] ?? '';
$actionListCode = '';
foreach ($this->actionList as $a) {
$actionListCode .= $a->htmlCode();
}
return
'<div style="padding:1%;" class="col s12 m6 ' . $extraClass . '">' .
'<div style="margin:1%;" class="card blue-grey darken-1">' .
'<div class="card-content white-text">' .
(($this->link != null) ? ('<a href="' . $this->link . '">') : ('')) . '<span class="card-title">' . $this->title . '</span>' . (($this->link != null) ? ('</a>') : ('')) .
(($this->imgUrl != null) ? ('<img alt="' . $this->title . '" style="display:block;margin-left:auto;margin-right:auto;max-height:10vh;" class="responsive-img" src="' . $this->imgUrl . '" />') : ('')) .
'<p>' . $this->description . '</p>' .
'</div>' .
'<div class="card-action">' . $actionListCode . '</div>' .
'</div>' .
'</div>';
}
/**
* Create AppCard from an associative array
*
* @param array $member array with member as keys and values as the member values
* @return AppCard from array values
*/
public static function fromArray($member)
{
$title = $member['title'] ?? '';
$description = $member['description'] ?? '';
$link = $member['link'] ?? null;
$imgUrl = $member['imgUrl'] ?? null;
$actionList = $member['actions'] ?? [];
return new AppCard($title, $description, $link, $imgUrl, $actionList);
}
}
/** Generate a html table of the last logins of the users
*
* @param string $jsonFileName path to the json file with the logged logins
* @return string Html table of users last logins
*/
function lastLoginTable($jsonFileName = 'lastLogins.json')
{
$lastLogins = json_decode(file_get_contents($jsonFileName), true);
$lastLoginsTable =
'<table>' .
'<thead><tr><th>userName</th><th>lastLogins</th></tr></thead>' .
'<tbody>';
foreach ($lastLogins as $userName => $lastLogins) {
$lastLoginsTable .=
'<tr><td>' . $userName . '</td><td>' . $lastLogins['lastLogins'][0] . '</td></tr>';
}
$lastLoginsTable .= '</tbody></table>';
return $lastLoginsTable;
}
/// Eine Fehler/Warnung/Notiz/Erfolgsmeldung als divBox im String zurückgeben
function htmlRetMessage($anRetMessage)
{
$retHtmlString = '';
if (!empty($anRetMessage)) {
$retHtmlString .= '<div style="border: 1px solid;">';
if (!empty($anRetMessage['error'])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= 'ERROR:<br />';
$retHtmlString .= $anRetMessage['error'];
$retHtmlString .= '</div>';
}
if (!empty($anRetMessage['warning'])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= 'WARNING:<br />';
$retHtmlString .= $anRetMessage['warning'];
$retHtmlString .= '</div>';
}
if (!empty($anRetMessage['notice'])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= 'Info:<br />';
$retHtmlString .= $anRetMessage['notice'];
$retHtmlString .= '</div>';
}
if (!empty($anRetMessage['success'])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= 'SUCCESS:<br />';
$retHtmlString .= $anRetMessage['success'];
$retHtmlString .= '</div>';
}
$retHtmlString .= '</div>';
}
return $retHtmlString;
}
/** load a MarkdownFile with yaml header
*
* @param string $fileName filename of the markdown file
* @return array associative array('yaml'=>array(..), 'mdText'=>string) containing the yamlHeader as associative array and the markdown text as string
*/
function loadMarkdownFile($fileName)
{
// load the whole file
$fileText = file_get_contents($fileName);
// split at '---' to get ((),yamls,array)
$fileParts = preg_split('/[\n]*[-]{3}[\n]/', $fileText, 3);
// not all mdFiles have a yamlHeader, so the mdText can be at different indices
$yaml = [];
$mdText = '';
switch(count($fileParts)) {
case 1:{
$mdText = $fileParts[0];
break;
}
case 3:{
$yaml = Spyc::YAMLLoadString($fileParts[1]);
$mdText = $fileParts[2];
break;
}
default:{
$mdText = $fileText;
}
}
// get a title, if none is in the markdown
if (!array_key_exists('title', $yaml)) {
// find the first heading, set it as header and remove it from the markdown
if (preg_match('/^#(.*)$/m', $mdText, $matches)) {
$yaml['title'] = $matches[1];
$mdText = preg_replace('/^#(.*)$/m', '', $mdText, 1);
} else {
// fallback for the title, if not even one heading is found
$yaml['title'] = '<fehlender Titel>';
}
}
return [
'yaml' => $yaml, 'mdText' => $mdText
];
}
/** Log the Login of an user into a logFile
*
* @param string $userName name of the user
* @param string $fileName filename to log to
* @return void
*/
function logLoginsToJsonFile($userName, $fileName = 'lastLogins.json')
{
try {
$lastLogins = json_decode(file_get_contents($fileName), true);
if ($lastLogins == null) {
return;
}
if (!array_key_exists($userName, $lastLogins)) {
$lastLogins[$userName] = [];
}
if (!array_key_exists('lastLogins', $lastLogins[$userName])) {
$lastLogins[$userName]['lastLogins'] = [];
}
$lastLogins[$userName]['lastLogins'] = array_merge([date('Y-m-d H:i:s')], $lastLogins[$userName]['lastLogins']);
file_put_contents($fileName, json_encode($lastLogins));
} catch (Exception $e) {
// silently ignore errors
}
}
/// @brief Gibt die URL der gerade aufgerufenen Seite zurück
function getCurPagesUrl()
{
$pageURL = 'http';
if ($_SERVER['HTTPS'] == 'on') {
$pageURL .= 's';
}
$pageURL .= '://';
if ($_SERVER['SERVER_PORT'] != '80') {
$pageURL .= $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . $_SERVER['REQUEST_URI'];
} else {
$pageURL .= $_SERVER['SERVER_NAME'] . $_SERVER['REQUEST_URI'];
}
return $pageURL;
}
/**
* space saving way to put a date
*
* @param [DateTime] $date
* @return string html tag containing the date
*/
function getHtmlSquareDate($date = null)
{
$date = $date ?? new DateTime;
$year = $date->format('Y');
$month = $date->format('M');
$day = $date->format('d');
return
'<div>'
. '<div>'
. '<span style="font-size:large">' . $day . '</span>'
. '<span style="writing-mode: sideways-lr">' . $month . '</span>'
. '</div>'
. '<div style="font-size: small">' . $year . '</div>'
. '</div>';
}
/**
* filter_var for a (db)id
*
* check for valid id; null is default; only values > 0 are excepted
*
* @param [type] $id
* @retval int>0 filtered id
* @retval null sth. went wrong
*/
function filterId($id)
{
return filter_var($id, FILTER_VALIDATE_INT, ['options' => ['default' => null, 'min_range' => 1]]);
}
Reference in New Issue View Git Blame Copy Permalink