From 0a8b4687d825fbc813cc08be452176e4dbc11543 Mon Sep 17 00:00:00 2001
From: Tim Repke <repketim@informatik.hu-berlin.de>
Date: Thu, 25 Sep 2014 21:34:58 +0100
Subject: [PATCH] updated DB scheme, changed login handling (now users in
users.txt), new superadmin page, adjusted config, added number of
registrations in overview
---
registration-system/admin/commons_admin.php | 26 ++-
registration-system/admin/index.php | 7 +-
registration-system/admin/pages.php | 3 +
registration-system/admin/pages_sa.php | 17 ++
registration-system/config.inc.php | 14 +-
registration-system/index.php | 9 +-
.../other/sqlDumps/fsfahrt_25092014.sql | 204 ++++++++++++++++++
registration-system/passwd/.htaccess | 4 +
8 files changed, 272 insertions(+), 12 deletions(-)
create mode 100644 registration-system/admin/pages_sa.php
create mode 100644 registration-system/other/sqlDumps/fsfahrt_25092014.sql
create mode 100644 registration-system/passwd/.htaccess
diff --git a/registration-system/admin/commons_admin.php b/registration-system/admin/commons_admin.php
index f2ba3bd..7c8ed9f 100644
--- a/registration-system/admin/commons_admin.php
+++ b/registration-system/admin/commons_admin.php
@@ -31,12 +31,12 @@ function checkIfLogin()
function isValidUser($user, $password)
{
- global $config_admins;
+ $config_admins = readUserFile();
foreach($config_admins as $cfg_user => $cfg_password)
{
if ($cfg_user != $user)
continue;
-
+ $cfg_password = $cfg_password["pw"];
if ($cfg_password[0] == '{')
{
if (strpos($cfg_password, "{SHA254}") >= 0)
@@ -57,6 +57,28 @@ function isValidUser($user, $password)
return false;
}
+function readUserFile(){
+ global $config_userfile;
+ $ret = [];
+
+ $handle = fopen($config_userfile, "r");
+ if ($handle) {
+ while (($line = fgets($handle)) !== false) {
+ $tmp = explode(" ", $line);
+ if(count($tmp)>=3){
+ $ret[$tmp[1]] = ["pw" => $tmp[2], "sa" => $tmp[0]];
+ }
+ }
+ } else { }
+ fclose($handle);
+ return $ret;
+}
+
+function isSuperAdmin(){
+ $config_admins = readUserFile();
+ return isset($_SESSION['loggedIn']) && isset($config_admins[$_SESSION['loggedIn']]) && $config_admins[$_SESSION['loggedIn']]['sa'] === "S";
+}
+
function isLoggedIn()
{
return isset($_SESSION['loggedIn']) && $_SESSION['loggedIn'] != '';
diff --git a/registration-system/admin/index.php b/registration-system/admin/index.php
index 67b69d1..e636de3 100644
--- a/registration-system/admin/index.php
+++ b/registration-system/admin/index.php
@@ -5,7 +5,7 @@
* Date: 8/8/14
* Time: 4:19 PM
*/
-error_reporting(E_ALL || E_STRICT);
+error_reporting(E_ALL | E_STRICT);
session_start();
@@ -33,6 +33,7 @@ if (isLoggedIn())
"Notizen" => "notes",
"Listenexport" => "export",
"Infos" => "infos",
+ "SA*" => "admin",
"Deadlink" => "dead"
);
@@ -64,6 +65,10 @@ if (isLoggedIn())
page_export(); break;
case "infos":
page_infos(); break;
+ case "admin":
+ if(isSuperAdmin()) page_sa();
+ else page_404($page);
+ break;
default:
page_404($page);
}
diff --git a/registration-system/admin/pages.php b/registration-system/admin/pages.php
index 68d18ab..caba1d9 100644
--- a/registration-system/admin/pages.php
+++ b/registration-system/admin/pages.php
@@ -43,6 +43,9 @@ function page_export(){
function page_infos(){
require_page("pages_infos.php");
}
+function page_sa(){
+ require_once("pages_sa.php");
+}
function require_page($page){
if(!@file_exists($page) ) {
diff --git a/registration-system/admin/pages_sa.php b/registration-system/admin/pages_sa.php
new file mode 100644
index 0000000..c0ed70b
--- /dev/null
+++ b/registration-system/admin/pages_sa.php
@@ -0,0 +1,17 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: tim
+ * Date: 9/25/14
+ * Time: 9:24 PM
+ */
+
+global $text, $headers, $admin_db, $config_current_fahrt_id, $ajax, $config_reisearten, $config_reisearten_0, $config_studitypen_o, $config_admin_verbose_level, $config_verbose_level, $config_essen;
+//$config_admin_verbose_level = 4;
+//$config_verbose_level = 4;
+
+$text .= "<h1>SuperAdmin Panel</h1>";
+
+// neue fahrt anlegen
+// neue nutzer anlegen
+
diff --git a/registration-system/config.inc.php b/registration-system/config.inc.php
index b2248ce..a4eda6c 100644
--- a/registration-system/config.inc.php
+++ b/registration-system/config.inc.php
@@ -56,18 +56,20 @@ $config_reisearten_destroyed = array(
"mit Schlauchboot"
);
-$config_superadmins = array(
- // username => password
- "tim_sa" => '{SHA-256}8013a101f26fd8dcc8c40d0eb1dcb513$c3a97d44e67564ed79a60fa0de6ea4193bb18932a8d08b5e8d664bd14b32a4f5', // broetchen
- "manu_sa" => '{SHA-256}12c9b021c42741545f9f01e2afd67aa2$7112be28c0c11f987de4401798a2ba041e518bb3f22bcb8cf4f3bf3f590b65b9' // mepmepmep
-);
+/* // deprecated:
$config_admins = array(
// username => password
- "george" => "peter",
"tim" => '{SHA-256}8013a101f26fd8dcc8c40d0eb1dcb513$c3a97d44e67564ed79a60fa0de6ea4193bb18932a8d08b5e8d664bd14b32a4f5', // broetchen
"manu" => '{SHA-256}12c9b021c42741545f9f01e2afd67aa2$7112be28c0c11f987de4401798a2ba041e518bb3f22bcb8cf4f3bf3f590b65b9' // mepmepmep
+ ,"nosa" => "{SHA-256}10be99b14c2627e8691134db9bacf456$0a7ce2973159cb2f3c971a62944fb865e5110780503513da6f6f1e16326f18a1" // murmeltier
+);
+
+$config_superadmins = array(
+ "tim", "manu"
);
+*/
+$config_userfile = __DIR__."/passwd/users.txt"; // relative to configfile
$config_mailtag = "[FS-Fahrt] - ";
$config_baseurl = "http://fsfahrt.repke.eu/anmeldung/registration-system/";
diff --git a/registration-system/index.php b/registration-system/index.php
index 9c119ab..ae51e1a 100644
--- a/registration-system/index.php
+++ b/registration-system/index.php
@@ -362,7 +362,7 @@ function index_show_formular_helper_input($name, $id, $value, $subtext){
function index_show_alleFahrten(){
global $index_db;
comm_verbose(2,"Liste aller Fahrten (Jahr, Ziel, Zeitraum, Anz. Mitfahrer)");
- $foos = $index_db->select("fahrten",array('fahrt_id','titel','ziel','von','bis','beschreibung','leiter','kontakt'));
+ $foos = $index_db->select("fahrten",array('fahrt_id','titel','ziel','von','bis','beschreibung','leiter','kontakt'), ["ORDER"=>"fahrt_id DESC"]);
foreach($foos as $foo){
index_show_fahrtHeader($foo);
}
@@ -379,11 +379,14 @@ function index_show_fahrtHeader($fahrt){
if(!$fahrt){ index_show_alleFahrten(); return;}
else $fahrt = $fahrt[0];
}
-
+ $cnt = $index_db->count("bachelor", ["AND"=>
+ ["backstepped" => NULL,
+ "fahrt_id" => $fahrt['fahrt_id']]]);
echo '<div class="fahrt"><a href="index.php?fid='.$fahrt['fahrt_id'].'">'.$fahrt['titel'].'</a>';
echo 'Ziel: <i>'.$fahrt['ziel'].'</i><br />';
echo 'Datum: <i>'.comm_from_mysqlDate($fahrt['von'])." - ".comm_from_mysqlDate($fahrt['bis']).'</i><br />';
- echo "Ansprechpartner: <i>".$fahrt['leiter']." (".comm_convert_mail($fahrt['kontakt']).")</i>";
+ echo "Ansprechpartner: <i>".$fahrt['leiter']." (".comm_convert_mail($fahrt['kontakt']).")</i><br />";
+ echo "Anmeldungen: <i>".$cnt."</i>";
echo '<p>'.$fahrt['beschreibung'].'</p>
</div>';
}
diff --git a/registration-system/other/sqlDumps/fsfahrt_25092014.sql b/registration-system/other/sqlDumps/fsfahrt_25092014.sql
new file mode 100644
index 0000000..1c96bb9
--- /dev/null
+++ b/registration-system/other/sqlDumps/fsfahrt_25092014.sql
@@ -0,0 +1,204 @@
+-- phpMyAdmin SQL Dump
+-- version 4.2.5
+-- http://www.phpmyadmin.net
+--
+-- Host: localhost:3306
+-- Generation Time: Sep 25, 2014 at 10:03 PM
+-- Server version: 5.5.38-0ubuntu0.14.04.1
+-- PHP Version: 5.5.14
+
+SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
+SET time_zone = "+00:00";
+
+
+/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
+/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
+/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
+/*!40101 SET NAMES utf8 */;
+
+--
+-- Database: `fsfahrt`
+--
+CREATE DATABASE IF NOT EXISTS `fsfahrt` DEFAULT CHARACTER SET utf8 COLLATE utf8_general_ci;
+USE `fsfahrt`;
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `bachelor`
+--
+
+DROP TABLE IF EXISTS `bachelor`;
+CREATE TABLE IF NOT EXISTS `bachelor` (
+ `bachelor_id` varchar(15) NOT NULL,
+ `fahrt_id` int(11) NOT NULL,
+ `anm_time` int(11) NOT NULL,
+ `version` int(11) NOT NULL,
+ `forname` varchar(50) NOT NULL,
+ `sirname` varchar(50) NOT NULL,
+ `anday` date NOT NULL,
+ `abday` date NOT NULL,
+ `antyp` varchar(100) NOT NULL,
+ `abtyp` varchar(100) NOT NULL,
+ `pseudo` varchar(50) NOT NULL,
+ `mehl` varchar(100) NOT NULL,
+ `essen` varchar(50) NOT NULL,
+ `public` int(11) NOT NULL,
+ `virgin` int(11) NOT NULL,
+ `studityp` varchar(11) NOT NULL,
+ `comment` text NOT NULL,
+ `paid` int(10) DEFAULT NULL COMMENT 'zahlung erhalten am unix timestamp',
+ `repaid` int(10) DEFAULT NULL COMMENT 'rückzahlung abgeschickt am unix timestamp',
+ `backstepped` int(10) DEFAULT NULL COMMENT 'rücktritt als unix timestamp'
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
+--
+-- Dumping data for table `bachelor`
+--
+
+INSERT INTO `bachelor` (`bachelor_id`, `fahrt_id`, `anm_time`, `version`, `forname`, `sirname`, `anday`, `abday`, `antyp`, `abtyp`, `pseudo`, `mehl`, `essen`, `public`, `virgin`, `studityp`, `comment`, `paid`, `repaid`, `backstepped`) VALUES
+('5b61b92044983e1', 2, 0, 1, 'asd', 'ad', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'ffas', 'asdasd@asd.de', 'Alles', 1, 0, '0', 'dasd', NULL, NULL, 1411059051),
+('f35f12ca7c55462', 2, 0, 1, 'fcacs', 'ads', '2013-10-18', '2013-10-19', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'fas', 'asd@asd.de', 'Alles', 0, 0, '0', 'adasdasda', NULL, NULL, NULL),
+('068e4198f255a1e', 2, 0, 1, 'göll', 'asd', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'adsad', 'adskd@asdl.de', 'Alles', 1, 0, '0', 'adasd', 1409779206, NULL, NULL),
+('d748d40c0d7e475', 2, 0, 1, 'ad', 'adsd', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'asdadl', 'asdas@asd.de', 'Vegan', 1, 0, '0', 'ad', NULL, NULL, NULL),
+('ec2cac23f915bf9', 2, 0, 1, 'gbhg', 'ncvbx', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'cvxcvxsdfs', 'ads@asdl.de', 'Alles', 1, 0, '0', 'ycyxc', NULL, NULL, 1408205076),
+('78a322842b66657', 2, 0, 1, 'lkblka', 'kbvnfj', '2013-10-18', '2013-10-20', 'individuell', 'gemeinsam mit Rad', 'kmkm', 'sdkk@ksad.de', 'Vegan', 1, 0, 'MasterErsti', 'asda', NULL, NULL, NULL),
+('8d70b435d61c302', 2, 0, 1, 'gm', 'sdlkjflkj', '2013-10-18', '2013-10-20', 'gemeinsam mit Rad', 'individuell', 'skldfmlk', 'sfjdkl@dfjklj.de', 'Grießbrei', 1, 0, 'Hoersti', 'asddsa', NULL, NULL, NULL),
+('c8c1d8a327fd88f', 2, 0, 1, 'lkdnl', 'sdkjfhnk', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Rad', 'adhsj', 'fsfahrt@byom.de', 'Frutarisch', 1, 0, 'Hoersti', 'adas', 1408205076, NULL, NULL),
+('7f5609769cce5f1', 2, 0, 1, 'lkdnl', 'sdkjfhnk', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Rad', 'adhsj', 'fsfahrt@byom.de', 'Frutarisch', 1, 0, 'Hoersti', 'adas', 1408105076, 1408205076, NULL),
+('61fd805b3bbe4b5', 2, 0, 1, 'rcsa', 'adas', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'gdsfa', 'asdas@deda-de.de', 'Extrawurst', 1, 0, 'Wechsli', '', NULL, NULL, 1411251707),
+('9593abed7ec0b79', 2, 0, 1, 'bla', 'blubb', '2013-10-18', '2013-10-20', 'mit Kamel', 'mit Kamel', 'ah', 'reichskanzlei@web.dr', 'Vegetarisch', 1, 0, 'Tutor', 'Mit Kamel!', NULL, NULL, NULL),
+('4eb203cf14c7a4e', 2, 1409761827, 1, 'dlklödsa', 'adlökl', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Rad', 'dsaoif', 'daskdj@asdkj.de', 'Alles', 1, 0, 'Ersti', '', NULL, NULL, NULL),
+('810789efb42264d', 2, 1409763812, 1, 'klalsd', 'ladköl', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'sdkfölk', 'alksd@aslkdj.de', 'Alles', 1, 0, 'Ersti', '', NULL, NULL, NULL),
+('09ca2d98ea68524', 2, 1411224273, 1, 'ölmm', 'ölkö', '2013-10-18', '2013-10-20', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'lkkldslk', 'aksdllk@asdjk.de', 'Alles', 1, 0, 'Ersti', '', NULL, NULL, 1411251706),
+('9de69c5684a4c28', 2, 1411249881, 1, 'random', 'so random', '2013-10-18', '2013-10-20', 'individuell', 'individuell', 'superrandom', 'ran@om.de', 'Alles', 1, 0, 'Ersti', 'randomtest', NULL, NULL, NULL),
+('0baff8036ee698b', 2, 1411432206, 1, 'as', 'das', '0000-00-00', '0000-00-00', 'gemeinsam mit Bus/Bahn', 'gemeinsam mit Bus/Bahn', 'ffas', 'asdsa@asd.de', 'Vegan', 1, 0, 'Hoersti', '', NULL, NULL, NULL),
+('54cdf371a2f56b9', 2, 1411432331, 1, 'klau', 'asdk', '0000-00-00', '0000-00-00', 'Kamel/Individuell', 'gemeinsam mit Bus/Bahn', 'mutter', 'back@web.de', 'Vegan', 1, 0, 'Ersti', '', NULL, NULL, NULL);
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `fahrten`
+--
+
+DROP TABLE IF EXISTS `fahrten`;
+CREATE TABLE IF NOT EXISTS `fahrten` (
+`fahrt_id` int(11) NOT NULL,
+ `titel` varchar(200) NOT NULL,
+ `ziel` varchar(100) NOT NULL,
+ `von` date NOT NULL,
+ `bis` date NOT NULL,
+ `regopen` int(1) NOT NULL,
+ `beschreibung` text NOT NULL,
+ `leiter` varchar(100) NOT NULL,
+ `kontakt` varchar(100) NOT NULL,
+ `map_pin` text NOT NULL,
+ `max_bachelor` int(4) NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
+
+--
+-- Dumping data for table `fahrten`
+--
+
+INSERT INTO `fahrten` (`fahrt_id`, `titel`, `ziel`, `von`, `bis`, `regopen`, `beschreibung`, `leiter`, `kontakt`, `map_pin`, `max_bachelor`) VALUES
+(1, 'Porno laut im Flur Fahrt', 'Irgendwo', '2012-10-17', '2012-10-19', 0, 'irgendein Text', 'Willi', 'hans@wurst.de', '', 2),
+(2, 'Vodka in Hand Faart', 'Halbinsell', '2013-10-18', '2013-10-20', 1, 'Mehr Text passt nicht! <br><b>asdasd</b><br>', 'Timm', 'wahr@gi.nah', '52.46500637658367 13.90170872363285', 20);
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `notes`
+--
+
+DROP TABLE IF EXISTS `notes`;
+CREATE TABLE IF NOT EXISTS `notes` (
+`note_id` int(11) NOT NULL,
+ `fahrt_id` int(11) NOT NULL,
+ `note` text NOT NULL
+) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=3 ;
+
+--
+-- Dumping data for table `notes`
+--
+
+INSERT INTO `notes` (`note_id`, `fahrt_id`, `note`) VALUES
+(1, 1, 'fahrt1 note'),
+(2, 2, '<h1><b>Testnotiz 123<br></b></h1>hier kann man <i>notizen </i>hinterlassen test<br><br><h2><b>Dumme Bemerkung</b></h2>Notiz = no <span class="wysiwyg-color-red">tits!<br></span><b><br><br>aoisdkd<br>asdlji<br><br></b><b><br></b>');
+
+-- --------------------------------------------------------
+
+--
+-- Table structure for table `waitlist`
+--
+
+DROP TABLE IF EXISTS `waitlist`;
+CREATE TABLE IF NOT EXISTS `waitlist` (
+`waitlist_id` int(11) NOT NULL,
+ `fahrt_id` int(11) NOT NULL,
+ `anm_time` int(11) NOT NULL,
+ `forname` varchar(50) NOT NULL,
+ `sirname` varchar(50) NOT NULL,
+ `anday` date NOT NULL,
+ `abday` date NOT NULL,
+ `antyp` varchar(100) NOT NULL,
+ `abtyp` varchar(100) NOT NULL,
+ `pseudo` varchar(50) NOT NULL,
+ `mehl` varchar(100) NOT NULL,
+ `essen` varchar(50) NOT NULL,
+ `public` int(11) NOT NULL,
+ `virgin` int(11) NOT NULL,
+ `studityp` varchar(11) NOT NULL,
+ `comment` text NOT NULL,
+ `transferred` int(11) NOT NULL
+) ENGINE=InnoDB DEFAULT CHARSET=utf8 AUTO_INCREMENT=1 ;
+
+--
+-- Indexes for dumped tables
+--
+
+--
+-- Indexes for table `bachelor`
+--
+ALTER TABLE `bachelor`
+ ADD PRIMARY KEY (`bachelor_id`,`fahrt_id`);
+
+--
+-- Indexes for table `fahrten`
+--
+ALTER TABLE `fahrten`
+ ADD PRIMARY KEY (`fahrt_id`);
+
+--
+-- Indexes for table `notes`
+--
+ALTER TABLE `notes`
+ ADD PRIMARY KEY (`note_id`);
+
+--
+-- Indexes for table `waitlist`
+--
+ALTER TABLE `waitlist`
+ ADD PRIMARY KEY (`waitlist_id`);
+
+--
+-- AUTO_INCREMENT for dumped tables
+--
+
+--
+-- AUTO_INCREMENT for table `fahrten`
+--
+ALTER TABLE `fahrten`
+MODIFY `fahrt_id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=3;
+--
+-- AUTO_INCREMENT for table `notes`
+--
+ALTER TABLE `notes`
+MODIFY `note_id` int(11) NOT NULL AUTO_INCREMENT,AUTO_INCREMENT=3;
+--
+-- AUTO_INCREMENT for table `waitlist`
+--
+ALTER TABLE `waitlist`
+MODIFY `waitlist_id` int(11) NOT NULL AUTO_INCREMENT;
+/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
+/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
+/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
diff --git a/registration-system/passwd/.htaccess b/registration-system/passwd/.htaccess
new file mode 100644
index 0000000..bbdfaf9
--- /dev/null
+++ b/registration-system/passwd/.htaccess
@@ -0,0 +1,4 @@
+<Files users.txt>
+ Order deny,allow
+ Deny from all
+</Files>
\ No newline at end of file
--
GitLab