Skip to content
Snippets Groups Projects
Commit 4295ffd3 authored by Tim Repke's avatar Tim Repke
Browse files

cleanup environment and add admin env stuff

parent 947ce539
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
registration-system/frameworks/Environment.php
+ 102
166
View file @ 4295ffd3
<?php
require_once __DIR__.'/../config.inc.php';
require_once __DIR__.'/../lang.php';
require_once __DIR__ . '/../config.inc.php';
require_once __DIR__ . '/../lang.php';
require_once 'medoo.php';
require_once 'commons.php';
require_once 'soft_protect.php';
class Environment {
const LOGIN_RIGHTS_NONE = 0;
const LOGIN_RIGHTS_ADMIN = 1;
const LOGIN_RIGHTS_SUDO = 2;
private static $__instance;
public $database;
public $config;
private $dangling_form_data;
private $permission_level = Environment::LOGIN_RIGHTS_NONE;
public static function getEnv() {
if(self::$__instance == NULL) self::$__instance = new Environment();
public static function getEnv($admin = false) {
if (self::$__instance == NULL) self::$__instance = new Environment($admin);
return self::$__instance;
}
protected function __construct() {
protected function __construct($admin = false) {
global $config_db, $config_studitypen, $config_essen, $config_reisearten, $invalidCharsRegEx,
$config_reisearten_o, $config_essen_o, $config_studitypen_o;
$this->database = new medoo(array(
'database_type' => $config_db["type"],
'database_name' => $config_db["name"],
'server' => $config_db["host"],
'username' => $config_db["user"],
'password' => $config_db["pass"]
'server' => $config_db["host"],
'username' => $config_db["user"],
'password' => $config_db["pass"]
));
$this->config = [
'studitypen' => $config_studitypen,
'essen' => $config_essen,
'essen' => $config_essen,
'reisearten' => $config_reisearten,
'invalidChars' => $invalidCharsRegEx
];
$this->oconfig = [
'studitypen' => $config_studitypen_o,
'essen' => $config_essen_o,
'essen' => $config_essen_o,
'reisearten' => $config_reisearten_o
];
}
// signup method
if ($admin) {
self::adminCheckIfLogin();
if (self::adminIsLoggedIn())
$this->permission_level = self::adminGetLevel();
}
}
// only waitlist
/**
* @returns TRUE iff regular registration is allowed
*/
public function isRegistrationOpen($fid) {
$ret = $this->getRegistrationState($fid);
return $ret === 0;
// ========================================================================================================
// ADMIN STUFF
private static function adminCheckIfLogin() {
if (isset($_GET['logout'])) {
Environment::adminLogOut();
} else if (isset($_POST['user']) and isset($_POST['password'])) {
$user = $_POST['user'];
$password = $_POST['password'];
if (Environment::adminIsValidUser($user, $password))
$_SESSION['loggedIn'] = $user;
}
}
/**
* @returns TRUE iff regular registration is allowed
* @param $fid - fahrt id to check
* @param $mail - email address to check
* @param $list - list to check (bachelor or waitlist)
*/
public function isRegistered($fid, $mail, $list = 'bachelor') {
return $this->database->has($list, ['AND' => ['fahrt_id'=>$fid, 'mehl' => $mail]]);
private static function adminIsValidUser($user, $password) {
$config_admins = Environment::adminReadUsersFile();
foreach ($config_admins as $cfg_user => $cfg_password) {
if ($cfg_user != $user)
continue;
$cfg_password = $cfg_password["pw"];
if ($cfg_password[0] == '{') {
if (strpos($cfg_password, "{SHA254}") >= 0) {
$beginOfSalt = strpos($cfg_password, "$");
$salt = substr($cfg_password, 9, strpos($cfg_password, "$") - 9);
$hash = substr($cfg_password, $beginOfSalt + 1);
if (hash('sha256', $password . $salt) == $hash)
return true;
}
} else {
// ONLY sha256 yet, others not implemented
}
}
return false;
}
/**
* returns value depending on registration status
* 0 = registration open (slots available)
* 1 = all slots taken -> waitlist open
* 2 = registration closed!
*
* @param $fid (optional) to pass this parameter
* @returns int the state of the trip (see above)
*/
public function getRegistrationState($fid = NULL) {
if(is_null($fid)) $fid = $this->getSelectedTripId();
private static function adminReadUsersFile() {
global $config_userfile;
$ret = [];
$handle = fopen($config_userfile, "r");
if ($handle) {
while (($line = fgets($handle)) !== false) {
$tmp = explode(" ", $line);
if (count($tmp) >= 3) {
$ret[$tmp[1]] = ["pw" => $tmp[2], "sa" => $tmp[0]];
}
}
}
fclose($handle);
return $ret;
}
comm_verbose(3,"checking if fid ". $fid . " is open");
$open = $this->database->has('fahrten', ['AND' => ['fahrt_id'=>$fid, 'regopen'=>1]]);
if(!$open)
return 2;
private static function adminIsLoggedIn() {
return isset($_SESSION['loggedIn']) and $_SESSION['loggedIn'] != '';
}
$cnt = $this->database->count("bachelor", ["AND"=>
["backstepped" => NULL,
"fahrt_id" => $fid]]);
$max = $this->database->get("fahrten", "max_bachelor", ["fahrt_id" => $fid]);
$wl = $this->database->count('waitlist', ['AND' =>
["transferred" => NULL,
"fahrt_id" => $fid]]);
private static function adminGetLevel() {
$config_admins = Environment::adminReadUsersFile();
if (isset($_SESSION['loggedIn']) && isset($config_admins[$_SESSION['loggedIn']])) {
if ($config_admins[$_SESSION['loggedIn']]['sa'] === 'S')
return Environment::LOGIN_RIGHTS_SUDO;
elseif ($config_admins[$_SESSION['loggedIn']]['sa'] === 'N')
return Environment::LOGIN_RIGHTS_ADMIN;
}
return Environment::LOGIN_RIGHTS_NONE;
}
comm_verbose(3,"cnt: ".$cnt.", max: ".$max.", open: ".($open ? "yes" : "no"));
public function isAdmin() {
return $this->permission_level == Environment::LOGIN_RIGHTS_ADMIN or
$this->permission_level == Environment::LOGIN_RIGHTS_SUDO;
}
if ( $cnt < $max && $wl == 0 )
return 0;
public function isSuperAdmin() {
return $this->permission_level == Environment::LOGIN_RIGHTS_SUDO;
}
return 1;
public static function adminLogOut() {
session_destroy();
header("location: ..");
}
/**
* @return trip selected via $_REQUEST (or null)
* @return int|null trip selected via $_REQUEST (or null)
*/
public function getSelectedTripId() {
if(isset($_REQUEST['fid']))
return (int) $_REQUEST['fid'];
if (isset($_REQUEST['fid']))
return (int)$_REQUEST['fid'];
else
return null;
}
......@@ -115,11 +153,11 @@ class Environment {
* @return bool true iff selected trip id is in the DB
*/
public function isSelectedTripIdValid() {
$fid = $this->getSelectedTripId();
if ($fid == null) return false;
$fid = $this->getSelectedTripId();
if ($fid == null) return false;
$valid = $this->database->has('fahrten',
['fahrt_id'=> $fid]);
if(!$valid) comm_verbose(1,"FID nicht vorhanden!");
['fahrt_id' => $fid]);
if (!$valid) comm_verbose(1, "FID nicht vorhanden!");
return $valid;
}
......@@ -147,114 +185,12 @@ class Environment {
}
public function getBachelor($bid = NULL) {
if(!is_null($this->dangling_form_data))
if (!is_null($this->dangling_form_data))
return $this->dangling_form_data;
if(is_null($bid))
if (is_null($bid))
return $this->getEmptyBachelor();
else
return $this->getBachelorFromDB($bid);
}
/**
* Given a registration id, return all parameters from the db
*
* @param $bid
* @return null or registration details
*/
public function getBachelorFromDB($bid) {
if(!is_null($bid) &&
$this->database->has('bachelor', ['bachelor_id' => $bid])){
$bachelor = $this->database->select('bachelor',
['forname','sirname','anday','abday','antyp','abtyp','pseudo',
'mehl','essen','public','virgin','studityp','comment'],
['bachelor_id'=>$bid]);
$bachelor['id'] = $bid;
return $bachelor[0];
}
return $this->getEmptyBachelor();
}
/**
* Will return an empty registration field
*
* @return array
*/
public function getEmptyBachelor() {
$possible_dates = comm_get_possible_dates($this->database, $this->getSelectedTripId());
return [
'forname' => "", 'sirname' => "",
'anday' => $possible_dates[0], 'abday' => $possible_dates[count($possible_dates)-1],
'antyp' => "", 'abtyp' => "",
'pseudo' => "", 'mehl' => "", 'essen' => "", 'public' => "",
'studityp' => "", 'comment'=>""
];
}
/**
* @param $data
* @return bool
*/
public function sendBachelorToDB($data) {
// === prepare data to insert ===
$data['anm_time'] = time();
$data['anday'] = date('Y-m-d', DateTime::createFromFormat('d.m.Y',$data['anday'])->getTimestamp());
$data['abday'] = date('Y-m-d', DateTime::createFromFormat('d.m.Y',$data['abday'])->getTimestamp());
if($this->isInWaitlistMode()){
if($this->getRegistrationState($data['fahrt_id'])==1){
$this->database->exec("LOCK TABLES fahrten, waitlist WRITE"); // count should not be calculated in two scripts at once
// === prepare data to insert ===
$data['waitlist_id'] = comm_generate_key($this->database,
["bachelor" => "bachelor_id", "waitlist" => "waitlist_id"],
['fahrt_id'=>$data['fahrt_id']]);
// === insert data ===
$insertOk = !$this->isRegistered($data['fahrt_id'], $data['mehl'], 'waitlist');
if($insertOk) $this->database->insert("waitlist", $data);
$this->database->exec("UNLOCK TABLES"); // insert is done now, count may be recalculated in other threads
if(!$insertOk) return false;
// === notify success ===
$this->feedbackHelper("lang_waitmail", $data['mehl'], $data['waitlist_id'], $data['fahrt_id']);
}
else return false;
} else {
$this->database->exec("LOCK TABLES fahrten, bachelor WRITE"); // count should not be calculated in two scripts at once
// === prepare data to insert ===
$data['version'] = 1;
$data['bachelor_id'] = comm_generate_key($this->database,
["bachelor" => "bachelor_id"],
['fahrt_id'=>$data['fahrt_id']]);
// === check regstration full ===
$res = $this->database->get("fahrten",
["regopen", "max_bachelor"],
["fahrt_id" => $data['fahrt_id']]);
if (!$res || $res['regopen'] != "1") {
$this->database->exec("UNLOCK TABLES");
return false;
}
$insertOk = $this->isRegistrationOpen($data['fahrt_id']) && !$this->isRegistered($data['fahrt_id'], $data['mehl']);
if ($insertOk)
$this->database->insert("bachelor", $data);
$this->database->exec("UNLOCK TABLES"); // insert is done now, count may be recalculated in other threads
if (!$insertOk)
return false; // full
// === notify success ===
$this->feedbackHelper(["lang_regmail", "lang_payinfomail"], $data['mehl'], $data['bachelor_id'], $data['fahrt_id']);
}
return true;
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Impressum | Datenschutzerklärung