summaryrefslogtreecommitdiffstats
path: root/inc
diff options
context:
space:
mode:
Diffstat (limited to 'inc')
-rw-r--r--inc/image.inc.php8
-rw-r--r--inc/user.inc.php34
2 files changed, 23 insertions, 19 deletions
diff --git a/inc/image.inc.php b/inc/image.inc.php
index 5b8f077..1bad04f 100644
--- a/inc/image.inc.php
+++ b/inc/image.inc.php
@@ -7,14 +7,14 @@ class Image
{
if ($userid === false || !is_numeric($userid))
return false;
- return Database::exec('DELETE FROM image WHERE ownerid = :userid', array('userid' => $userid));
+ //return Database::exec('DELETE FROM image WHERE ownerid = :userid', array('userid' => $userid));
+ // TODO
}
public static function getImageCount($login)
{
- $ret = Database::queryFirst('SELECT Count(*) AS cnt FROM image '
- . ' INNER JOIN user ON (image.ownerid = user.userid) '
- . ' WHERE user.login = :login', array('login' => $login));
+ $ret = Database::queryFirst('SELECT Count(*) AS cnt FROM imagebase '
+ . ' WHERE imagebase.ownerid = :userid', array('userid' => $login));
if ($ret === false)
return 0;
return $ret['cnt'];
diff --git a/inc/user.inc.php b/inc/user.inc.php
index c09e936..28a1fd5 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -43,7 +43,7 @@ class User
{
if (!isset(self::$user['userid']))
return false;
- return (int) self::$user['userid'];
+ return self::$user['userid'];
}
public static function getMail()
@@ -152,10 +152,16 @@ class User
return true;
$hasSession = Session::load();
if (empty($_SERVER['persistent-id'])) {
- if (Session::getUid() === false)
+ if (Session::getUid() === false) {
+ if (!empty($_SERVER['Shib-Session-ID'])) {
+ Message::addError('Sie haben sich erfolgreich mittels bwIDM authentifiziert,'
+ . ' aber der IdP Ihrer Einrichtung scheint die benötigten Metadaten nicht'
+ . ' an den bwLehrpool-SP zu übermitteln. Bitte wenden Sie sich an den Support.');
+ }
return false;
+ }
// Try user from local DB
- self::$user = Database::queryFirst('SELECT userid, shibid, login, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid()));
+ self::$user = Database::queryFirst('SELECT userid, shibid, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid()));
self::$isInDb = self::$user !== false;
return self::$isInDb;
}
@@ -174,9 +180,8 @@ class User
$_SERVER['mail'] = '';
$shibId = md5($_SERVER['persistent-id']);
self::$user = array(
- 'userid' => 0,
+ 'userid' => NULL,
'shibid' => $shibId,
- 'login' => NULL,
'firstname' => $_SERVER['givenName'],
'lastname' => $_SERVER['sn'],
'email' => $_SERVER['mail'],
@@ -190,7 +195,7 @@ class User
if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out))
self::$user['organization'] = $out[1];
// Get matching db entry if any
- $user = Database::queryFirst('SELECT userid, login, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId));
+ $user = Database::queryFirst('SELECT userid, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId));
if ($user === false) {
// No match in database, user is not signed up
return true;
@@ -201,7 +206,6 @@ class User
Session::save();
}
// Already signed up, see if we can fetch missing fields from DB
- self::$user['login'] = $user['login'];
self::$isInDb = true;
self::$isAnonymous = (empty($user['firstname']) && empty($user['lastname']));
foreach (array('firstname', 'lastname', 'email') as $key) {
@@ -220,15 +224,15 @@ class User
if (!empty($existingLogin)) {
if ($anonymous) {
$ret = Database::exec("UPDATE user SET shibid = :shibid, firstname = '', lastname = '', email = '', password = '' "
- . " WHERE login = :login LIMIT 1", array(
+ . " WHERE userid = :userid LIMIT 1", array(
'shibid' => self::$user['shibid'],
- 'login' => $existingLogin
+ 'userid' => $existingLogin
));
} else {
$ret = Database::exec("UPDATE user SET shibid = :shibid, password = '', firstname = :firstname, lastname = :lastname, email = :email "
- . " WHERE login = :login LIMIT 1", array(
+ . " WHERE userid = :userid LIMIT 1", array(
'shibid' => self::$user['shibid'],
- 'login' => $existingLogin,
+ 'userid' => $existingLogin,
'firstname' => self::$user['firstname'],
'lastname' => self::$user['lastname'],
'email' => self::$user['email']
@@ -239,14 +243,14 @@ class User
// New account
if ($anonymous) {
- Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
+ Database::exec("INSERT INTO user (shibid, userid, organizationid, firstname, lastname, email) "
. " VALUES (:shibid, :shibid, :org, '', '', '') "
. " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = '', password = ''", array(
'shibid' => self::$user['shibid'],
'org' => self::getOrganizationId()
));
} else {
- Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
+ Database::exec("INSERT INTO user (shibid, userid, organizationid, firstname, lastname, email) "
. " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) "
. " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email), password = ''", array(
'shibid' => self::$user['shibid'],
@@ -284,7 +288,7 @@ class User
public static function login($user, $pass)
{
- $ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
+ $ret = Database::queryFirst('SELECT userid, password FROM user WHERE userid = :user LIMIT 1', array(':user' => $user));
if ($ret === false)
return false;
if (!Crypto::verify($pass, $ret['password']))
@@ -305,7 +309,7 @@ class User
}
Session::delete();
if (self::$isShib) {
- Header('Location: ' . CONFIG_PREFIX . '?do=Logout&noredirect=yes');
+ Header('Location: /Shibboleth.sso/Logout');
} else {
Header('Location: ?do=Main');
}