summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--inc/image.inc.php14
-rw-r--r--inc/session.inc.php62
-rw-r--r--inc/user.inc.php38
-rw-r--r--inc/util.inc.php4
-rw-r--r--index.php2
-rw-r--r--modules/logout.inc.php8
-rw-r--r--modules/sharemode.inc.php51
-rw-r--r--templates/sharemode/deploy.html45
-rw-r--r--templates/sharemode/remove.html27
-rw-r--r--templates/sharemode/testacc.html5
10 files changed, 233 insertions, 23 deletions
diff --git a/inc/image.inc.php b/inc/image.inc.php
new file mode 100644
index 0000000..2c0ec74
--- /dev/null
+++ b/inc/image.inc.php
@@ -0,0 +1,14 @@
+<?php
+
+class Image
+{
+
+ public static function deleteOwnedBy($userid)
+ {
+ if ($userid === false || !is_numeric($userid))
+ return false;
+ return Database::exec('DELETE FROM image WHERE ownerid = :userid', array('userid' => $userid));
+ }
+
+}
+
diff --git a/inc/session.inc.php b/inc/session.inc.php
index b9adfcb..6718006 100644
--- a/inc/session.inc.php
+++ b/inc/session.inc.php
@@ -4,8 +4,8 @@
class Session
{
private static $sid = false;
- private static $uid = false;
private static $data = false;
+ private static $needUpdate = true;
private static function generateSessionId()
{
@@ -26,7 +26,6 @@ class Session
public static function create()
{
self::generateSessionId();
- self::$uid = 0;
self::$data = array();
}
@@ -38,20 +37,19 @@ class Session
if (self::readSessionData()) return true;
// Loading session data failed
self::delete();
+ return false;
}
public static function getUid()
{
- return self::$uid;
+ return self::get('uid');
}
public static function setUid($value)
{
- if (self::$uid === false)
- Util::traceError('Tried to set session data with no active session');
if (!is_numeric($value) || $value < 1)
Util::traceError('Invalid user id: ' . $value);
- self::$uid = $value;
+ self::set('uid', (int)$value);
}
public static function get($key)
@@ -61,6 +59,16 @@ class Session
return false;
}
+ public static function set($key, $value)
+ {
+ if (!is_array(self::$data))
+ Util::traceError('Tried to set session data with no active session');
+ if (isset(self::$data[$key]) && self::$data[$key] === $value)
+ return;
+ self::$data[$key] = $value;
+ self::$needUpdate = true;
+ }
+
private static function loadSessionId()
{
if (self::$sid !== false)
@@ -73,27 +81,49 @@ class Session
self::$sid = $id;
return true;
}
-
+
public static function delete()
{
if (self::$sid === false) return;
Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid));
@setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
self::$sid = false;
- self::$uid = false;
+ self::$data = false;
}
-
+
public static function save()
{
- if (self::$sid === false || self::$uid === false || self::$uid === 0)
+ if (self::$sid === false || self::$data === false || !self::$needUpdate)
return;
- $ret = Database::exec('INSERT INTO websession (sid, userid, dateline) '
- . ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) '
- . ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)',
- array('sid' => self::$sid, 'uid' => self::$uid));
- if (!$ret) Util::traceError('Storing session data in dahdähbank failed.');
+ $data = json_encode(self::$data);
+ $ret = Database::exec('INSERT INTO websession (sid, dateline, data) '
+ . ' VALUES (:sid, UNIX_TIMESTAMP(), :data) '
+ . ' ON DUPLICATE KEY UPDATE dateline = VALUES(dateline), data = VALUES(data)',
+ array('sid' => self::$sid, 'data' => $data));
+ if ($ret === false)
+ Util::traceError('Storing session data in Dahdähbank failed.');
$ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
- if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
+ if ($ret === false)
+ Util::traceError('Error: Could not set Cookie for Client (headers already sent)');
}
+
+ public static function readSessionData()
+ {
+ if (self::$sid === false || self::$data !== false)
+ Util::traceError('Tried to readSessionData on an active session!');
+ $data = Database::queryFirst('SELECT dateline, data FROM websession WHERE sid = :sid LIMIT 1', array('sid' => self::$sid));
+ if ($data === false)
+ return false;
+ if ($data['dateline'] + CONFIG_SESSION_TIMEOUT < time()) {
+ self::delete();
+ return false;
+ }
+ self::$needUpdate = ($data['dateline'] + 3600 < time());
+ self::$data = @json_decode($data['data'], true);
+ if (!is_array(self::$data))
+ self::$data = array();
+ return true;
+ }
+
}
diff --git a/inc/user.inc.php b/inc/user.inc.php
index f023ae7..496857e 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -7,6 +7,7 @@ class User
private static $organization = NULL;
private static $isShib = false;
private static $isInDb = false;
+ private static $isAnonymous = false;
public static function isLoggedIn()
{
@@ -28,11 +29,23 @@ class User
return self::$user !== false && self::$isShib === false;
}
+ public static function isAnonymous()
+ {
+ return self::$isAnonymous;
+ }
+
public static function getData()
{
return self::$user;
}
+ public static function getId()
+ {
+ if (!isset(self::$user['userid']))
+ return false;
+ return (int)self::$user['userid'];
+ }
+
public static function getName()
{
if (!self::isLoggedIn())
@@ -97,7 +110,7 @@ class User
{
if (self::isLoggedIn())
return true;
- Session::load();
+ $hasSession = Session::load();
if (empty($_SERVER['persistent-id'])) {
if (Session::getUid() === false)
return false;
@@ -106,6 +119,11 @@ class User
return self::$user !== false;
}
// Try bwIDM etc.
+ if (!$hasSession) {
+ Session::create();
+ Session::set('token', md5(mt_rand() . $_SERVER['REMOTE_ADDR'] . microtime(true) . $_SERVER['persistent-id'] . mt_rand()));
+ Session::save();
+ }
self::$isShib = true;
if (!isset($_SERVER['sn'])) $_SERVER['sn'] = '';
if (!isset($_SERVER['givenName'])) $_SERVER['givenName'] = '';
@@ -133,9 +151,14 @@ class User
// No match in database, user is not signed up
return true;
}
+ if (Session::getUid() === false) {
+ Session::setUid($user['userid']);
+ Session::save();
+ }
// Already signed up, see if we can fetch missing fields from DB
self::$user['login'] = $user['login'];
self::$isInDb = true;
+ self::$isAnonymous = (empty($user['firstname']) && empty($user['lastname']));
foreach (array('firstname', 'lastname', 'email') as $key) {
if (empty(self::$user[$key]))
self::$user[$key] = $user[$key];
@@ -149,13 +172,15 @@ class User
Util::traceError('NO SHIBID');
if ($anonymous) {
Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
- . " VALUES (:shibid, :shibid, :org, '', '', '')", array(
+ . " VALUES (:shibid, :shibid, :org, '', '', '') "
+ . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = ''", array(
'shibid' => self::$user['shibid'],
'org' => self::getOrganizationId()
));
} else {
Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
- . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email)", array(
+ . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) "
+ . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email)", array(
'shibid' => self::$user['shibid'],
'firstname' => self::$user['firstname'],
'lastname' => self::$user['lastname'],
@@ -181,8 +206,13 @@ class User
public static function logout()
{
+ foreach ($_COOKIE as $name => $value) {
+ if (substr($name, 0, 5) !== '_shib')
+ continue;
+ @setcookie($name, '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true);
+ }
Session::delete();
- Header('Location: ?do=Main&fromlogout');
+ Header('Location: ?do=Logout&noredirect=yes');
exit(0);
}
diff --git a/inc/util.inc.php b/inc/util.inc.php
index 4378a08..aaf46c6 100644
--- a/inc/util.inc.php
+++ b/inc/util.inc.php
@@ -95,11 +95,11 @@ SADFACE;
*/
public static function verifyToken()
{
- if (Session::get('token') === false)
+ if (Session::get('token') === false && Session::getUid() === false)
return true;
if (isset($_REQUEST['token']) && Session::get('token') === $_REQUEST['token'])
return true;
- Message::addError('token');
+ Message::addError('Fehlerhaftes Token!');
return false;
}
diff --git a/index.php b/index.php
index 3728ccd..8fde6b9 100644
--- a/index.php
+++ b/index.php
@@ -68,7 +68,7 @@ abstract class Page
}
-// Error reporting (hopefully goind to stderr, not being printed on pages)
+// Error reporting (hopefully going to stderr, not being printed on pages)
error_reporting(E_ALL);
// Autoload classes from ./inc which adhere to naming scheme <lowercasename>.inc.php
diff --git a/modules/logout.inc.php b/modules/logout.inc.php
index 90cd225..1f22fb4 100644
--- a/modules/logout.inc.php
+++ b/modules/logout.inc.php
@@ -3,6 +3,14 @@
class Page_Logout extends Page
{
+ public function doPreprocess()
+ {
+ if (Request::any('noredirect') === false) {
+ User::load();
+ User::logout();
+ }
+ }
+
public function doRender()
{
Render::addTemplate('logout/_page');
diff --git a/modules/sharemode.inc.php b/modules/sharemode.inc.php
new file mode 100644
index 0000000..ed7c4a4
--- /dev/null
+++ b/modules/sharemode.inc.php
@@ -0,0 +1,51 @@
+<?php
+
+class Page_ShareMode extends Page
+{
+
+ public function doPreprocess()
+ {
+ if (!User::load()) {
+ Message::addError('Sie sind nicht angemeldet');
+ Util::redirect(CONFIG_PREFIX);
+ }
+ // Äktschn
+ if (Request::post('action') === 'deploy') {
+ User::deploy(false);
+ Message::addSuccess('Sie haben sich erfolgreich für die Teilnahme am VM-Austausch freigeschaltet');
+ Util::redirect('?do=Main');
+ } else if (Request::post('action') === 'remove') {
+ User::deploy(true);
+ if (Request::post('delvms', 'off') !== 'off') {
+ $del = Image::deleteOwnedBy(User::getId());
+ if ($del > 1)
+ Message::addSuccess('Es wurden {{0}} VMs gelöscht', $del);
+ if ($del == 1)
+ Message::addSuccess('Es wurde {{0}} VM gelöscht', $del);
+ }
+ Message::addSuccess('Ihre persönlichen Daten wurden deprovisioniert');
+ Util::redirect('?do=Main');
+ }
+ }
+
+ public function doRender()
+ {
+ if (User::isLocalOnly()) {
+ // Local anyways, no way to de-provision user data
+ Render::addTemplate('sharemode/testacc');
+ } elseif (User::isShibbolethAuth()) {
+ // Shibboleth user
+ if (User::isAnonymous()) {
+ // Did not deploy user data to DB, so show deploy form
+ $data = User::getData();
+ $data['organization'] = User::getOrganizationName();
+ Render::addTemplate('sharemode/deploy', $data);
+ } else {
+ // User is known in DB, show delete form
+ Render::addTemplate('sharemode/remove');
+ }
+ }
+ }
+
+}
+
diff --git a/templates/sharemode/deploy.html b/templates/sharemode/deploy.html
new file mode 100644
index 0000000..23db87b
--- /dev/null
+++ b/templates/sharemode/deploy.html
@@ -0,0 +1,45 @@
+<form method="post" action="?do=ShareMode">
+ <input type="hidden" name="token" value="{{token}}">
+ <input type="hidden" name="action" value="deploy">
+ <div class="form-narrow">
+ <p>
+ Sie nehmen derzeit nicht am landesweiten VM-Austausch teil.
+ </p>
+ <p>
+ Sofern Sie am landesweiten VM-Austausch teilnehmen wollen, werden Sie für andere Dozenten
+ über diese Daten auffindbar sein. Andernfalls werden diese Daten lediglich auf den
+ bwLehrpool-Satelliten-Server Ihrer eigenen Einrichtung übertragen.
+ </p>
+ <div class="group-group">
+ <div class="input-group">
+ <span class="input-group-addon slx-ga">
+ Einrichtung
+ </span>
+ <span class="form-control">{{organization}}</span>
+ </div>
+ <div class="input-group">
+ <span class="input-group-addon slx-ga">
+ Vorname
+ </span>
+ <span class="form-control">{{firstname}}</span>
+ </div>
+ <div class="input-group">
+ <span class="input-group-addon slx-ga">
+ Nachname
+ </span>
+ <span class="form-control">{{lastname}}</span>
+ </div>
+ <div class="input-group">
+ <span class="input-group-addon slx-ga">
+ Mail
+ </span>
+ <span class="form-control">{{email}}</span>
+ </div>
+ </div>
+
+ <div class="pull-right">
+ <button type="submit" class="btn btn-primary">Zum VM-Austausch anmelden</button>
+ </div>
+
+ </div>
+</form>
diff --git a/templates/sharemode/remove.html b/templates/sharemode/remove.html
new file mode 100644
index 0000000..a007fc6
--- /dev/null
+++ b/templates/sharemode/remove.html
@@ -0,0 +1,27 @@
+<form method="post" action="?do=ShareMode">
+ <input type="hidden" name="token" value="{{token}}">
+ <input type="hidden" name="action" value="remove">
+ <div class="form-narrow">
+ <p>
+ Wenn Sie Ihre persönlichen Daten vom Zentral-Server entfernen, können
+ Sie nicht mehr am landesweiten VM-Austausch teilnehmen. Eventuell von
+ Ihnen freigegebene Virtuelle Maschinen werden auf dem Zentral-Server einem
+ generischen Benutzer überschrieben. Sollten Sie dem nicht zustimmen, setzen
+ Sie bitte den Haken bei <b>alle von mir erstellen VMs löschen</b>. Beachten
+ Sie jedoch, dass Ihre VMs bereits von anderen Hochschulen genutzt werden
+ könnten. In diesem Fall werden die dort vorhandenen lokalen Kopien
+ nicht gelöscht, um den Lehrbetrieb nicht zu stören.
+ </p>
+
+ <div class="input-group">
+ <span class="input-group-addon">
+ <input name="delvms" type="checkbox" id="delvms">
+ </span>
+ <span class="form-control"><label for="delvms">Alle von mir erstellen VMs löschen</label></span>
+ </div>
+
+ <div class="pull-right">
+ <button type="submit" class="btn btn-primary">Persönliche Daten deprovisionieren</button>
+ </div>
+ </div>
+</form>
diff --git a/templates/sharemode/testacc.html b/templates/sharemode/testacc.html
new file mode 100644
index 0000000..666acbc
--- /dev/null
+++ b/templates/sharemode/testacc.html
@@ -0,0 +1,5 @@
+<p>
+ Sie benutzen einen bwLehrpool-Test-Account, Ihre persönlichen Daten sind daher
+ zwangsläufig auf dem Zentral-Server gespeichert. Zum Entfernen Ihrer persönlichen
+ Daten müssen Sie sich vollständig <a href="?do=DeleteUser">vom bwLehrpool-Service abmelden</a>.
+</p>