summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--inc/image.inc.php10
-rw-r--r--inc/user.inc.php51
-rw-r--r--index.php8
-rw-r--r--modules/adduser.inc.php4
-rw-r--r--modules/main.inc.php16
-rw-r--r--modules/register.inc.php31
-rw-r--r--templates/main/deploy.html15
-rw-r--r--templates/sharemode/remove.html4
8 files changed, 127 insertions, 12 deletions
diff --git a/inc/image.inc.php b/inc/image.inc.php
index 2c0ec74..5b8f077 100644
--- a/inc/image.inc.php
+++ b/inc/image.inc.php
@@ -9,6 +9,16 @@ class Image
return false;
return Database::exec('DELETE FROM image WHERE ownerid = :userid', array('userid' => $userid));
}
+
+ public static function getImageCount($login)
+ {
+ $ret = Database::queryFirst('SELECT Count(*) AS cnt FROM image '
+ . ' INNER JOIN user ON (image.ownerid = user.userid) '
+ . ' WHERE user.login = :login', array('login' => $login));
+ if ($ret === false)
+ return 0;
+ return $ret['cnt'];
+ }
}
diff --git a/inc/user.inc.php b/inc/user.inc.php
index 3325421..c09e936 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -60,6 +60,13 @@ class User
return self::$user['firstname'] . ' ' . self::$user['lastname'];
}
+ public static function getFirstName()
+ {
+ if (!self::isLoggedIn())
+ return false;
+ return self::$user['firstname'];
+ }
+
public static function getLastName()
{
if (!self::isLoggedIn())
@@ -87,6 +94,11 @@ class User
), true);
}
+ /**
+ * Organization ID used locally in our DB
+ *
+ * @return string
+ */
public static function getOrganizationId()
{
$org = self::getOrganization();
@@ -103,6 +115,11 @@ class User
return $org['name'];
}
+ /**
+ * Organization ID as supplied by shibboleth
+ *
+ * @return string
+ */
public static function getRemoteOrganizationId()
{
if (empty(self::$user['organization']))
@@ -115,8 +132,8 @@ class User
if (!self::isLoggedIn())
return false;
if (is_null(self::$organization)) {
- self::$organization = Database::queryFirst('SELECT organizationid, name FROM satellite_suffix '
- . ' INNER JOIN satellite USING (organizationid) '
+ self::$organization = Database::queryFirst('SELECT organizationid, name FROM organization_suffix '
+ . ' INNER JOIN organization USING (organizationid) '
. ' WHERE suffix = :org LIMIT 1', array('org' => self::$user['organization']));
}
return self::$organization;
@@ -194,21 +211,44 @@ class User
return true;
}
- public static function deploy($anonymous)
+ public static function deploy($anonymous, $existingLogin = false)
{
if (empty(self::$user['shibid']))
Util::traceError('NO SHIBID');
+
+ // Merging with test-account:
+ if (!empty($existingLogin)) {
+ if ($anonymous) {
+ $ret = Database::exec("UPDATE user SET shibid = :shibid, firstname = '', lastname = '', email = '', password = '' "
+ . " WHERE login = :login LIMIT 1", array(
+ 'shibid' => self::$user['shibid'],
+ 'login' => $existingLogin
+ ));
+ } else {
+ $ret = Database::exec("UPDATE user SET shibid = :shibid, password = '', firstname = :firstname, lastname = :lastname, email = :email "
+ . " WHERE login = :login LIMIT 1", array(
+ 'shibid' => self::$user['shibid'],
+ 'login' => $existingLogin,
+ 'firstname' => self::$user['firstname'],
+ 'lastname' => self::$user['lastname'],
+ 'email' => self::$user['email']
+ ));
+ }
+ return $ret > 0;
+ }
+
+ // New account
if ($anonymous) {
Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
. " VALUES (:shibid, :shibid, :org, '', '', '') "
- . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = ''", array(
+ . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = '', password = ''", array(
'shibid' => self::$user['shibid'],
'org' => self::getOrganizationId()
));
} else {
Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
. " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) "
- . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email)", array(
+ . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email), password = ''", array(
'shibid' => self::$user['shibid'],
'firstname' => self::$user['firstname'],
'lastname' => self::$user['lastname'],
@@ -216,6 +256,7 @@ class User
'org' => self::getOrganizationId()
));
}
+ return true;
}
public static function updatePassword($pass)
diff --git a/index.php b/index.php
index 8e06975..3b8250a 100644
--- a/index.php
+++ b/index.php
@@ -2,12 +2,18 @@
$dest = @readlink($_SERVER['SCRIPT_FILENAME']);
if (!empty($dest) && $dest !== $_SERVER['SCRIPT_FILENAME']) {
- //error_log($dest . ' !== ' . $_SERVER['SCRIPT_FILENAME'] . ', chdir to ' . dirname($dest));
chdir(dirname($dest));
}
require_once 'config.php';
+if (defined('CONFIG_FORCE_DOMAIN')) {
+ if (!empty($_SERVER['SERVER_NAME']) && strcasecmp($_SERVER['SERVER_NAME'], CONFIG_FORCE_DOMAIN) !== 0) {
+ Header('HTTP/1.1 400 Bad Request');
+ die('<h1>Bad Request</h1>');
+ }
+}
+
/**
* Page class which all "modules" must be extending from
diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php
index fc0dfa7..f27717b 100644
--- a/modules/adduser.inc.php
+++ b/modules/adduser.inc.php
@@ -40,7 +40,7 @@ class Page_AddUser extends Page
$suffix = $organizationid;
$login .= "@$suffix";
}
- $ok = Database::queryFirst('SELECT organizationid FROM satellite_suffix WHERE organizationid = :o AND suffix = :s LIMIT 1', array(
+ $ok = Database::queryFirst('SELECT organizationid FROM organization_suffix WHERE organizationid = :o AND suffix = :s LIMIT 1', array(
'o' => $organizationid,
's' => $suffix
));
@@ -66,7 +66,7 @@ class Page_AddUser extends Page
protected function doRender()
{
// Show mask
- $res = Database::simpleQuery('SELECT organizationid, name FROM satellite ORDER BY name ASC');
+ $res = Database::simpleQuery('SELECT organizationid, name FROM organization ORDER BY name ASC');
$orgs = array();
$orgs[] = array(
'organizationid' => '',
diff --git a/modules/main.inc.php b/modules/main.inc.php
index c1382e6..3e3aff8 100644
--- a/modules/main.inc.php
+++ b/modules/main.inc.php
@@ -59,6 +59,22 @@ class Page_Main extends Page
{
$data = User::getData();
$data['organization'] = User::getOrganizationName();
+ // Shoe testacc merge form if organization has test accounts
+ $res = Database::queryFirst('SELECT Count(*) as cnt FROM user WHERE organizationid = :oid', array(
+ 'oid' => User::getOrganizationId()
+ ));
+ if ($res !== false && $res['cnt'] > 0) {
+ $data['testacc'] = true;
+ $mail = trim(User::getMail());
+ if (!empty($mail)) {
+ $existing = Database::queryFirst('SELECT login FROM user WHERE email = :email LIMIT 1', array(
+ 'email' => $mail
+ ));
+ if ($existing !== false) {
+ $data['testlogin'] = $existing['login'];
+ }
+ }
+ }
Render::addTemplate('main/deploy', $data);
}
diff --git a/modules/register.inc.php b/modules/register.inc.php
index 0fec4c7..d24d304 100644
--- a/modules/register.inc.php
+++ b/modules/register.inc.php
@@ -19,10 +19,37 @@ class Page_Register extends Page
Util::redirect('?do=Main');
}
+ if (Request::post('testlogin')) {
+ // Check if one of firstname, lastname or email matches
+ $user = Database::queryFirst('SELECT firstname, lastname, email, organizationid FROM user WHERE login = :login LIMIT 1', array('login' => Request::post('testlogin')));
+ if ($user === false || User::getOrganizationId() !== $user['organizationid']) {
+ // Invalid Login
+ Message::addError('Test-Account {{0}} unbekannt. '
+ . ' Bitte wenden Sie sich an den bwLehrpool-Support, wenn dieser Test-Account Ihnen gehört.', Request::post('testlogin'));
+ Util::redirect('?do=Main');
+ }
+ if (User::getLastName() !== $user['lastname']
+ && User::getFirstName() !== $user['firstname']
+ && User::getMail() !== $user['email']) {
+ // No match by personal information
+ Message::addError('Ihre Metadaten stimmen nicht mit dem Test-Account {{0}} überein. '
+ . ' Bitte wenden Sie sich an den bwLehrpool-Support, wenn dieser Test-Account Ihnen gehört.', Request::post('testlogin'));
+ Util::redirect('?do=Main');
+ }
+ // Check if anonymous is requested, but user shared VMs with his testacc
+ if (Image::getImageCount(Request::post('testlogin')) > 0) {
+ Message::addError('Sie haben mit Ihrem Test-Account Virtuelle Maschinen auf den Zentral-Server hochgeladen und können sich daher nicht ohne Teilnahme am landesweiten VM-Austausch registrieren.');
+ Util::redirect('?do=Main');
+ }
+ }
+
if (Request::post('agb') === 'on') {
// Put stuff in DB
- User::deploy(Request::post('share') !== 'on');
- Message::addSuccess('Ihr Konto wurde freigeschaltet');
+ if (User::deploy(Request::post('share') !== 'on', Request::post('testlogin'))) {
+ Message::addSuccess('Ihr Konto wurde freigeschaltet');
+ } else {
+ Message::addError('Fehler beim Zusammenführen mit Ihrem Test-Account. Bitte wenden Sie sich an den Support.');
+ }
Util::redirect('?do=Main');
}
Message::addError('Sie müssen den Nutzungsbedingungen zustimmen');
diff --git a/templates/main/deploy.html b/templates/main/deploy.html
index f8f20c2..d9e3ed2 100644
--- a/templates/main/deploy.html
+++ b/templates/main/deploy.html
@@ -59,6 +59,21 @@
<span class="form-control">{{email}}</span>
</div>
</div>
+
+ {{#testacc}}
+ <p>
+ Haben Sie bisher einen lokalen Account (Test-Account) benutzt? Falls ja können Sie diesen
+ jetzt mit Ihrem bwIDM-Account zusammenführen, um Ihre bisherigen Veranstaltungen und Virtuelle
+ Maschinen zu übernehmen. Ansonsten lassen Sie das Feld leer.
+ </p>
+
+ <div class="input-group">
+ <span class="input-group-addon">
+ Test-Login
+ </span>
+ <input class="form-control" name="testlogin" type="text" value="{{testlogin}}" placeholder="login@einrichtung.de">
+ </div>
+ {{/testacc}}
<div class="pull-right">
<button type="submit" class="btn btn-primary">Registrieren</button>
diff --git a/templates/sharemode/remove.html b/templates/sharemode/remove.html
index d91590e..479e0f7 100644
--- a/templates/sharemode/remove.html
+++ b/templates/sharemode/remove.html
@@ -8,7 +8,7 @@
Sie nicht mehr am landesweiten VM-Austausch teilnehmen. Eventuell von
Ihnen freigegebene Virtuelle Maschinen werden auf dem Zentral-Server einem
generischen Benutzer überschrieben. Sollten Sie dem nicht zustimmen, setzen
- Sie bitte den Haken bei <b>alle von mir erstellen VMs löschen</b>. Beachten
+ Sie bitte den Haken bei <b>alle von mir erstellten VMs löschen</b>. Beachten
Sie jedoch, dass Ihre VMs bereits von anderen Hochschulen genutzt werden
könnten. In diesem Fall werden die dort vorhandenen lokalen Kopien
nicht gelöscht, um den Lehrbetrieb nicht zu stören.
@@ -18,7 +18,7 @@
<span class="input-group-addon">
<input name="delvms" type="checkbox" id="delvms">
</span>
- <span class="form-control"><label for="delvms">Alle von mir erstellen VMs löschen</label></span>
+ <span class="form-control"><label for="delvms">Alle von mir erstellten VMs löschen</label></span>
</div>
<div class="pull-right">