marko/cwsvJudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f28fa7b51b394f489f39b5e22c312b1c04b1f5be
cwsvJudo/homepage/participo/lib/participoLib/participo.php
marko f28fa7b51b WIP: bring participo back - consistent use of bootstrap - formatting - 
phpstan level 0 error free - fixes for kyu subpage - move mams into
participo framework - remove legacy `lib/db.php` usage - add attributer
admin function - add newsposter - fixing apiKey creation
2025-11-19 12:24:38 +01:00

793 lines
25 KiB
PHP
Raw Blame History

<?php
require_once "participoLib/dbConnector.php";
require_once "participoLib/user.php";
require_once "participoLib/event.php";
require_once "participoLib/eventPage.php";
require_once "participoLib/starter.php";
require_once "participoLib/planer.php";
/**
* FrameWork for the participoApp
*/
class participo
{
/** a page describing an event */
private static $eventPage = null;
/** getter for the eventPage, creates a new one if not already created */
public static function eventPage()
{
if (!self::$eventPage) {
self::$eventPage = new EventPage();
}
self::$eventPage->init();
return self::$eventPage;
}
public static function getDbConnection()
{
return dbConnector::getDbConnection();
}
private static $db = null;
private static $message = [
"error" => null,
"success" => null,
"notice" => null,
];
/** id of session user
*
* Session user describes the currently logged in user
*
* @var int>0
*/
private static $userId = null;
private static $sessionUser = null;
/** get session users id
*
* if not set so far it is loaded from the session cookies
*
* @return int id of session user
*/
public static function getSessionUserId()
{
if (!isset(self::$userId)) {
self::$userId = $_SESSION["user"]["userId"] ?? null;
}
self::$userId = filterId(self::$userId);
return self::$userId;
}
/** lazy loading of the session user */
public static function sessionUser(bool $forceLoading = true)
{
if (is_null(self::$sessionUser) || $forceLoading) {
self::$sessionUser = User::loadFromDb(self::getSessionUserId());
}
return self::$sessionUser;
}
/** Returns the current login status
*
* The login status is stored in the session cookie. If it is not even set it means the login is invalid.
*
* @return bool true if the login status is true, false otherwise
*/
public static function isLoginValid()
{
return isset($_SESSION) &&
array_key_exists("login", $_SESSION) &&
$_SESSION["login"] == true;
}
/** Remove all login data from the session data
*
* @return void
*/
public static function logout()
{
foreach (["login", "user"] as $key) {
unset($_SESSION[$key]);
}
}
/** A little Box with the login status as html entity
*
* @return string htmlEntity showing the login status
*/
public static function htmlLoginStatus()
{
return '<div style="border: 1px solid black">' .
"Datum: " .
date("Y-m-d") .
"<br />" .
"Eingeloggt als <strong>" .
htmlspecialchars($_SESSION["user"]["username"]) .
"</strong>.<br />" .
'<a href="logout.php">Sitzung beenden</a>' .
"</div>";
}
/** Checking if an action is allowed. A present apiKey overrides (and deletes) a present login.
*
* 1. If apiKey is present:
* - chancel current login
* - If apiKey is valid for requested action:
* - set some session data
* - return
* 2. If there is a valid Login session:
* - return
* 3. redirect to Login Page
*
* @todo rename to authenticate (authorize?)
*
* @param $action the action we want to get authorized for (default=['login'])
*
* @retval void
*/
public static function authentificate($action = "login")
{
// Ensure a session is started
session_start();
// check if an apiKey was received
if (array_key_exists("apiKey", $_GET)) {
self::logout();
$key = ApiKey::loadFromDb($_GET["apiKey"]);
if (isset($key) && $key->isValidFor($action)) {
$user = User::loadFromDb($key->getUserId());
// case valid login: Set the session data
$_SESSION = [
"login" => true, //false,
"apiKey" => $key->getKey(),
"user" => [
"username" => $user->getLoginName(),
"userId" => $user->getId(),
"userConfig" => $user->getConfig(),
],
];
logLoginsToJsonFile($user->getLoginName());
// we're not logged in, but authorized for the stuff we want to do. So don't redirect
return;
}
}
// if not returned yet: no login, no valid apiKey -> redirect to login page
if (!self::isLoginValid()) {
header(
"Location: login?returnToUrl=" .
urlencode(
$_SERVER["REQUEST_URI"] . ($_POST["fragment"] ?? ""),
),
true,
301,
);
exit(); // shouldn't matter
}
}
/** Initialize the participoApp
*
* - init the db connection
* - validate the login
*
* @param array $config configuration values (e.g. for the database)
* @param array $secrets secret values (e.g. passwords)
* @return void
*/
public static function init(array $config, array $secrets)
{
self::initDb(
$config["db"]["host"],
$config["db"]["name"],
$config["db"]["user"],
$secrets["db"][$config["db"]["user"]],
$config["db"]["dbCharset"],
$config["db"]["outCharset"],
);
self::authentificate();
}
public static function initDb(
$host,
$name,
$user,
$password,
$dbCharset,
$outCharset,
) {
dbConnector::setOptions([
"dbCharset" => $dbCharset,
"outCharset" => $outCharset,
]);
dbConnector::connect($host, $name, $user, $password);
}
/** Framework to parse parameters get/post requests
*
* - Each param given in to this function is looked up in the request and put through the parsing function.
* - Params in the request that aren't in given a parsing function aren't parsed and hence not returned.
*
* @param array $params [array(paramName => parseFunction)] array of the name of the param and a sanitizer/parsing/input function
* @return array array(parsedParam=>paramValue) Associative array of the name of the param and its parsed value
*/
public static function parseParams(array $params): array
{
$method = $_SERVER["REQUEST_METHOD"];
// $request = explode("/", substr(@$_SERVER["PATH_INFO"], 1));
$parsedParams = [];
foreach ($params as $paramName => $parseFunction) {
$parsedParams[$paramName] = null;
switch ($method) {
// case 'PUT':
// do_something_with_put($request);
// break;
case "POST":
$parsedParams[$paramName] = $parseFunction(
$_POST[$paramName] ?? null,
);
break;
case "GET":
$parsedParams[$paramName] = $parseFunction(
$_GET[$paramName] ?? null,
);
break;
default:
// handle_error($request);
break;
}
}
return $parsedParams;
}
public static function getMessages()
{
return self::$message;
}
public static function addMessage($type, $message)
{
self::$message[$type] = (self::$message[$type] ?? "") . $message;
}
/** check password for user
*
* @param string $loginName user who wants to get in
* @param string $password password for the user
*
* @retval true $password belongs to $loginName
* @retval false otherwise
*/
public static function checkCredentials($loginName, $password)
{
sleep(1); // just to discourage brute force attacks
// Check for dbConnection
if (!dbConnector::getDbConnection()) {
self::addMessage("error", "<div>No DbConnection available</div>");
return false;
}
$user = User::loadFromDbByLoginName($loginName);
// If there is no such user OR the password isn't valid the login fails
if ($user == null || !$user->verifyPassword($password)) {
sleep(5); // discourage brute force attacks
self::addMessage(
"error",
"<div>Falsches Passwort oder LoginName</div>",
);
return false;
}
session_start();
// case valid login: Set the session data
$_SESSION = [
"login" => true,
"user" => [
"username" => $user->getLoginName(),
"userId" => $user->getId(),
"userConfig" => $user->getConfig(),
],
];
// Logging Logins
logLoginsToJsonFile($_SESSION["user"]["username"]);
self::addMessage("success", "<div>Anmeldung erfolgreich</div>");
return true;
}
/** Checks, if a user is an admin
*
* @param int $userId id of the user to check (defaults to `null`))
* @return bool `true` if user with id $userId has attribute "isAdmin", `false` otherwise
*/
public static function isUserAdmin(?int $userId = null): bool
{
$userId ??= $_SESSION["user"]["userId"];
return self::hasUserAttribute($userId, "isAdmin");
}
public static function getUserId() {}
/** get current logged in users kids */
public static function getKids($userId = null)
{
$userId = $userId ?? ($_SESSION["user"]["userId"] ?? null);
$query =
"SELECT * FROM `wkParticipo_Users` " .
"INNER JOIN `vormundschaft` " .
"ON `wkParticipo_Users`.`id` = `vormundschaft`.`kidId` " .
"INNER JOIN `wkParticipo_user<=>userAttributes` " .
"ON `wkParticipo_Users`.`id` = `wkParticipo_user<=>userAttributes`.`userId`" .
"WHERE `vormundschaft`.`userId` = :userId " .
"AND `vormundschaft`.`userId` = :userId " .
"AND `wkParticipo_user<=>userAttributes`.`attributeId` = 4;";
$params = [
":userId" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
];
$response = dbConnector::query($query, $params);
$kids = [];
foreach ($response as $r) {
$kids[] = User::fromDbArray($r, ["id" => "kidId"]);
}
return $kids;
}
/** Check if one user is ward of another
*
* @param integer $kidId ID of the ward
* @param ?integer $userId ID of the guardian, if null it is tried to read it from the session data
* @return bool true if kid is ward of user, false otherwise
*/
public static function isWardOf(int $kidId, ?int $userId = null): bool
{
// Try to get the Guard from the session data.
$userId ??= $_SESSION["user"]["userId"] ?? null;
$query =
"SELECT `kidId` FROM `vormundschaft` WHERE `userId` = :userId AND `kidId` = :kidId;";
$params = [
":userId" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
":kidId" => ["value" => $kidId, "data_type" => PDO::PARAM_INT],
];
$response = dbConnector::query($query, $params);
return count($response) >= 1;
}
/** Checks, if a user as a certain attribute
*
* @param [type] $userId id of the user to check
* @param [type] $attributeName string name of the attribute to check
* @return boolean
*/
public static function hasUserAttribute($userId, $attributeName)
{
// sqlQuery: Select the user if it has the given attribute
$query = <<<SQL
SELECT `wkParticipo_user<=>userAttributes`.userId, `wkParticipo_userAttributes`.name
FROM `wkParticipo_user<=>userAttributes` LEFT JOIN `wkParticipo_userAttributes`
ON `wkParticipo_user<=>userAttributes`.`attributeId` = `wkParticipo_userAttributes`.`id`
WHERE `wkParticipo_userAttributes`.name = :attributeName AND userId=:userId;
SQL;
$params = [
":userId" => ["value" => $userId, "data_type" => PDO::PARAM_INT],
":attributeName" => [
"value" => $attributeName,
"data_type" => PDO::PARAM_STR,
],
];
$attributedUsers = dbConnector::query($query, $params);
// Since the id should be unique, there should only be one result this is just for dealing with empty arrays
foreach ($attributedUsers as $u) {
if ($u["userId"] == $userId) {
return true;
}
}
return false;
}
public static function getEventStarter($sinceDate = null)
{
$userId = $_SESSION["user"]["userId"];
if (!$sinceDate) {
$sinceDate = "CURDATE()";
} else {
$sinceDate = 'DATE("' . $sinceDate . '")';
}
$query = <<<SQL
SELECT
`wkParticipo_Events`.`date` as eventDate
, `wkParticipo_Starter`.`id` as starterId
, `wkParticipo_Users`.`name` as userName
, `wkParticipo_Users`.`vorname` as userFirstname
, `wettkampfkalender`.`veranstaltung` as eventName
FROM `wkParticipo_Starter`
LEFT JOIN `wkParticipo_Users` ON `wkParticipo_Starter`.`userId` = `wkParticipo_Users`.`id`
LEFT JOIN `wkParticipo_Events` ON `wkParticipo_Starter`.`eventId` = `wkParticipo_Events`.`id`
LEFT JOIN `wettkampfkalender` ON `wkParticipo_Events`.`wkId` = `wettkampfkalender`.`lfdeNr`
LEFT JOIN `vormundschaft` ON `wkParticipo_Users`.`id` = `vormundschaft`.`kidId`
WHERE `wkParticipo_Events`.`date` >= $sinceDate AND `vormundschaft`.`userId` = $userId
ORDER BY `wkParticipo_Events`.`date` DESC;
SQL;
$comingStarts = dbConnector::query($query);
return $comingStarts;
}
}
/** Action element of an MaterializeCss (App-)card
*/
class AppCardAction
{
private $caption = null; //< Caption for the action
private $link = "."; //< link for the action
/** Constructor for the AppAction
*
* @param string $caption caption for the action
* @param string $link link to the action
*/
public function __construct($caption, $link = ".")
{
//! @todo input sanitation
$this->link = $link;
$this->caption = $caption;
}
/** Create htmlCode for the action
*
* @return string with htmlCode of the action
*/
public function htmlCode()
{
return '<a href="' . $this->link . '">' . $this->caption . "</a>";
}
/** Create AppCardAction from assoziative array
*
* @param array $member array with the member values
* @return AppCardAction
*/
public static function fromArray($member)
{
$caption = $member["caption"] ?? null;
$link = $member["link"] ?? ".";
return new AppCardAction($caption, $link);
}
}
/** MaterializeCss card for an App
*/
class AppCard
{
private $title = ""; //< title of the card
private $description = ""; //< description of the App
private $link = null; //< link for the card-content
private $imgUrl = null; //< url for an image right under the title
private $actionList = []; //< list of actions for the bottom of the card
/**
* Constructor for the AppCard
*
* @param string $title title of the card
* @param string $description description of the card
* @param string $link link for the card-content
* @param string $imgUrl url for an image right under the title
* @param array $actionList list of actions at the bottom of the card
*/
public function __construct(
$title,
$description,
$link = null,
$imgUrl = null,
$actionList = [],
) {
//! @todo input sanitation
$this->title = $title;
$this->description = $description;
$this->link = $link;
$this->imgUrl = $imgUrl;
$this->actionList = $actionList;
}
/**
* Create htmlCode for the AppCard
*
* @return string html code for the AppCard
*/
public function htmlCode($options = [])
{
$extraClass = $options["extraClass"] ?? "";
$actionListCode = "";
foreach ($this->actionList as $a) {
$actionListCode .= $a->htmlCode();
}
return '<div style="padding:1%;" class="col s12 m6 ' .
$extraClass .
'">' .
'<div style="margin:1%;" class="card blue-grey darken-1">' .
'<div class="card-content white-text">' .
($this->link != null ? '<a href="' . $this->link . '">' : "") .
'<span class="card-title">' .
$this->title .
"</span>" .
($this->link != null ? "</a>" : "") .
($this->imgUrl != null
? '<img alt="' .
$this->title .
'" style="display:block;margin-left:auto;margin-right:auto;max-height:10vh;" class="responsive-img" src="' .
$this->imgUrl .
'" />'
: "") .
"<p>" .
$this->description .
"</p>" .
"</div>" .
'<div class="card-action">' .
$actionListCode .
"</div>" .
"</div>" .
"</div>";
}
/**
* Create AppCard from an associative array
*
* @param array $member array with member as keys and values as the member values
* @return AppCard from array values
*/
public static function fromArray($member)
{
$title = $member["title"] ?? "";
$description = $member["description"] ?? "";
$link = $member["link"] ?? null;
$imgUrl = $member["imgUrl"] ?? null;
$actionList = $member["actions"] ?? [];
return new AppCard($title, $description, $link, $imgUrl, $actionList);
}
}
/** Generate a html table of the last logins of the users
*
* @param string $jsonFileName path to the json file with the logged logins
* @return string Html table of users last logins
*/
function lastLoginTable($jsonFileName = "lastLogins.json")
{
// load the jsonfile into an associative array
$lastLogins = is_file($jsonFileName)
? json_decode(file_get_contents($jsonFileName), true)
: [];
// collecting the last login of the users ...
$lastLoginRows = [];
foreach ($lastLogins as $userName => $lastLogins) {
$lastLoginRows[$userName] = $lastLogins["lastLogins"][0];
}
// and sort it so the last login is first in line
arsort($lastLoginRows);
// build the table
$lastLoginsTable =
"<table>" .
"<thead><tr><th>userName</th><th>lastLogin</th></tr></thead>" .
"<tbody>";
foreach ($lastLoginRows as $userName => $lastLogin) {
$lastLoginsTable .=
"<tr><td>" . $userName . "</td><td>" . $lastLogin . "</td></tr>";
}
$lastLoginsTable .= "</tbody>" . "</table>";
return $lastLoginsTable;
}
/// Eine Fehler/Warnung/Notiz/Erfolgsmeldung als divBox im String zurückgeben
function htmlRetMessage($anRetMessage)
{
$retHtmlString = "";
if (!empty($anRetMessage)) {
$retHtmlString .= '<div style="border: 1px solid;">';
if (!empty($anRetMessage["error"])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= "ERROR:<br />";
$retHtmlString .= $anRetMessage["error"];
$retHtmlString .= "</div>";
}
if (!empty($anRetMessage["warning"])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= "WARNING:<br />";
$retHtmlString .= $anRetMessage["warning"];
$retHtmlString .= "</div>";
}
if (!empty($anRetMessage["notice"])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= "Info:<br />";
$retHtmlString .= $anRetMessage["notice"];
$retHtmlString .= "</div>";
}
if (!empty($anRetMessage["success"])) {
$retHtmlString .= '<div style="border: 1px solid;">';
$retHtmlString .= "SUCCESS:<br />";
$retHtmlString .= $anRetMessage["success"];
$retHtmlString .= "</div>";
}
$retHtmlString .= "</div>";
}
return $retHtmlString;
}
/** load a MarkdownFile with yaml header
*
* @param string $fileName filename of the markdown file
* @return array associative array('yaml'=>array(..), 'mdText'=>string) containing the yamlHeader as associative array and the markdown text as string
*/
function loadMarkdownFile($fileName)
{
// load the whole file
$fileText = file_get_contents($fileName);
// split at '---' to get ((),yamls,array)
$fileParts = preg_split('/[\n]*[-]{3}[\n]/', $fileText, 3);
// not all mdFiles have a yamlHeader, so the mdText can be at different indices
$yaml = [];
$mdText = "";
switch (count($fileParts)) {
case 1:
$mdText = $fileParts[0];
break;
case 3:
$yaml = Spyc::YAMLLoadString($fileParts[1]);
$mdText = $fileParts[2];
break;
default:
$mdText = $fileText;
}
// get a title, if none is in the markdown
if (!array_key_exists("title", $yaml)) {
// find the first heading, set it as header and remove it from the markdown
if (preg_match('/^#(.*)$/m', $mdText, $matches)) {
$yaml["title"] = $matches[1];
$mdText = preg_replace('/^#(.*)$/m', "", $mdText, 1);
} else {
// fallback for the title, if not even one heading is found
$yaml["title"] = "<fehlender Titel>";
}
}
return [
"yaml" => $yaml,
"mdText" => $mdText,
];
}
/** Log the Login of an user into a logFile
*
* @param string $userName name of the user
* @param string $fileName filename to log to
* @return void
*/
function logLoginsToJsonFile($userName, $fileName = "lastLogins.json")
{
try {
$lastLogins = is_file($fileName)
? json_decode(file_get_contents($fileName), true)
: null;
if ($lastLogins == null) {
return;
}
if (!array_key_exists($userName, $lastLogins)) {
$lastLogins[$userName] = [];
}
if (!array_key_exists("lastLogins", $lastLogins[$userName])) {
$lastLogins[$userName]["lastLogins"] = [];
}
$usersLastLogins = $lastLogins[$userName]["lastLogins"];
$usersLastLogins = array_merge([date("Y-m-d H:i:s")], $usersLastLogins);
$usersLastLogins = array_slice($usersLastLogins, 0, 10);
$lastLogins[$userName]["lastLogins"] = $usersLastLogins;
file_put_contents($fileName, json_encode($lastLogins));
} catch (Exception $e) {
// silently ignore errors
}
}
/// @brief Gibt die URL der gerade aufgerufenen Seite zurück
function getCurPagesUrl()
{
$pageURL = "http";
if ($_SERVER["HTTPS"] ?? "off" == "on") {
$pageURL .= "s";
}
$pageURL .= "://";
if ($_SERVER["SERVER_PORT"] != "80") {
$pageURL .=
$_SERVER["SERVER_NAME"] .
":" .
$_SERVER["SERVER_PORT"] .
$_SERVER["REQUEST_URI"];
} else {
$pageURL .= $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"];
}
return $pageURL;
}
/** space saving way to put a date
*
* @param [DateTime] $date
* @return string html tag containing the date
*/
function getHtmlSquareDate($date = null)
{
$date = $date ?? new DateTime();
$year = $date->format("Y");
$month = $date->format("M");
$day = $date->format("d");
return "<div>" .
"<div>" .
'<span style="font-size:large">' .
$day .
"</span>" .
'<span style="writing-mode: sideways-lr">' .
$month .
"</span>" .
"</div>" .
'<div style="font-size: small">' .
$year .
"</div>" .
"</div>";
}
/** filter_var for a pos int
*
* check for int; null is default; only values > 0 are excepted
*
* @param [type] $id
* @return int (>0) filtered id or null on failure
* */
function filterPosInt(mixed $id): ?int
{
return filter_var($id, FILTER_VALIDATE_INT, [
"options" => ["default" => null, "min_range" => 1],
]);
}
/** filter_var for a (db)id
*
* check for valid id; null is default; only values > 0 are excepted
*
* @param mixed $id
* @return ?int filtered id or null on failure
*/
function filterId(mixed $id): ?int
{
return filterPosInt($id);
}
/** filter a variable as count
*
* - count means a non negative integer
* - helper function to stay DRY
*
* @param mixed $variable
* @param integer $min
* @return integer the input variable as integer >= 0
*/
function filterCount($variable, int $min = 0)
{
return filter_var($variable, FILTER_VALIDATE_INT, [
"options" => ["default" => null, "min_range" => 1],
]);
}
Reference in New Issue View Git Blame Copy Permalink