f28fa7b51b
phpstan level 0 error free - fixes for kyu subpage - move mams into participo framework - remove legacy `lib/db.php` usage - add attributer admin function - add newsposter - fixing apiKey creation
171 lines
4.5 KiB
PHP
171 lines
4.5 KiB
PHP
<?php
|
|
|
|
require_once "participoLib/participo.php";
|
|
|
|
function processPostData($db, $post, $redirectLocation = ".")
|
|
{
|
|
sleep(1);
|
|
if ($post["action"] ?? false) {
|
|
// if there is a redirectlocation, set it
|
|
if ($post["redirectLocation"]) {
|
|
$redirectLocation = $post["redirectLocation"];
|
|
}
|
|
|
|
// change a users password
|
|
if ($post["action"] == "changePassword") {
|
|
$success = changePassword(
|
|
$db,
|
|
$post["changerId"],
|
|
$post["changeeId"],
|
|
$post["changerPassword"],
|
|
$post["newPassword"],
|
|
$post["newPasswordAgain"],
|
|
);
|
|
// append success to the redirectlocation
|
|
if ($success) {
|
|
$redirectLocation .= "?changePasswordSuccess=true";
|
|
} else {
|
|
$redirectLocation .= "?changePasswordSuccess=false";
|
|
}
|
|
} // end changePassword
|
|
|
|
// redirect to the redirectlocation
|
|
header("Location: {$redirectLocation}");
|
|
} // end processing action
|
|
return;
|
|
}
|
|
|
|
function sendEmail($toEmail, $emailText, $emailSubject)
|
|
{
|
|
try {
|
|
$date = new DateTime();
|
|
mail($toEmail, $emailSubject, $emailText);
|
|
} catch (Exception $e) {
|
|
echo "Message: " . $e->getMessage();
|
|
}
|
|
}
|
|
|
|
//! Checks if multiple keys exist in an array
|
|
//!
|
|
//! @param array $array array to check for key
|
|
//! @param array|string $keys keys to check for
|
|
//!
|
|
//! @return bool true, if *all* keys are set in the array
|
|
function array_keys_exist(array $array, $keys)
|
|
{
|
|
if (!is_array($keys)) {
|
|
$keys = func_get_args();
|
|
array_shift($keys);
|
|
}
|
|
$count = 0;
|
|
foreach ($keys as $key) {
|
|
if (isset($array[$key]) || array_key_exists($key, $array)) {
|
|
$count++;
|
|
}
|
|
}
|
|
|
|
return count($keys) === $count;
|
|
}
|
|
|
|
/// updates users password without checking any rights
|
|
/// params:
|
|
/// - $db : pdoDbConnection to use
|
|
/// - $userId : id of the user with the password to change
|
|
/// - $password : the password to set
|
|
function updateUserPassword($db, $userId, $password)
|
|
{
|
|
// we don't save the actual password but it's hash
|
|
if ($password != "") {
|
|
$password = password_hash($password, PASSWORD_DEFAULT);
|
|
} else {
|
|
$password = null;
|
|
}
|
|
|
|
$query =
|
|
"UPDATE `cwsvjudo_main`.`wkParticipo_Users` SET `pwHash`=:val WHERE `id`=:id;";
|
|
$params = [
|
|
":val" => ["value" => $password, "data_type" => PDO::PARAM_STR],
|
|
":id" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
|
|
];
|
|
dbConnector::query($query, $params);
|
|
|
|
return;
|
|
}
|
|
|
|
/// Change a users password (apiFunction)
|
|
/// params:
|
|
/// - $db: dbConnection to use
|
|
/// - $changerId: userId who changes the password
|
|
/// - $changeeId: userId whose password should be changed
|
|
/// - $ownPassword: password of the user who changes the password
|
|
/// - $newPassword: the new password
|
|
/// - $newPasswordAgain: controllInput of the new password
|
|
function changePassword(
|
|
$db,
|
|
$changerId,
|
|
$changeeId,
|
|
$changerPassword,
|
|
$newPassword,
|
|
$newPasswordAgain,
|
|
) {
|
|
// we need a dbConnection
|
|
if (!$db) {
|
|
// echo("No DB!");
|
|
return false;
|
|
}
|
|
|
|
$changerInfo = getUserData($db, $changerId);
|
|
|
|
// check the password of the changer
|
|
if (!password_verify($changerPassword, $changerInfo["pwHash"])) {
|
|
// echo("Wrong changerPasswod");
|
|
return false;
|
|
}
|
|
|
|
// check if the changer is allowed to change the changees password
|
|
if ($changerId != $changeeId) {
|
|
$changersKidsIds = getUsersKidsIds($db, $changerId);
|
|
|
|
// if( !in_array($changeeId, $changersKidsIds) ){
|
|
if (!isUserInKidIds($changeeId, $changersKidsIds)) {
|
|
// echo("not your child: ".$changeeId." not in ");
|
|
// var_dump($changersKidsIds);
|
|
return false;
|
|
}
|
|
}
|
|
|
|
// check if the two inputs are the same
|
|
if ($newPassword != $newPasswordAgain) {
|
|
// echo("new pw missmatch");
|
|
return false;
|
|
}
|
|
|
|
updateUserPassword($db, $changeeId, $newPassword);
|
|
|
|
return true;
|
|
}
|
|
|
|
function getUsersKidsIds($db, $userId)
|
|
{
|
|
$query = <<<SQL
|
|
SELECT `kidId`
|
|
FROM `vormundschaft`
|
|
WHERE userId = :userId;
|
|
SQL;
|
|
$params = [
|
|
":userId" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
|
|
];
|
|
$result = dbConnector::query($db, $query, $params);
|
|
return $result;
|
|
}
|
|
|
|
function isUserInKidIds($uId, $idList)
|
|
{
|
|
foreach ($idList as $id) {
|
|
if ($id["kidId"] == $uId) {
|
|
return true;
|
|
}
|
|
}
|
|
return false;
|
|
}
|