diff options
Diffstat (limited to 'modules')
-rw-r--r-- | modules/adduser.inc.php | 11 | ||||
-rw-r--r-- | modules/agb.inc.php | 1 | ||||
-rw-r--r-- | modules/images.inc.php | 51 | ||||
-rw-r--r-- | modules/main.inc.php | 38 | ||||
-rw-r--r-- | modules/register.inc.php | 29 | ||||
-rw-r--r-- | modules/suitelogin.inc.php | 31 |
6 files changed, 130 insertions, 31 deletions
diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php index c725e27..207858b 100644 --- a/modules/adduser.inc.php +++ b/modules/adduser.inc.php @@ -25,10 +25,10 @@ class Page_AddUser extends Page Message::addError('Keine Einrichtung gewählt.'); } else if (empty($firstname) || empty($lastname) || empty($login) || empty($password)) { - Message:addError('Ein Feld wurde nicht ausgefüllt.'); + Message::addError('Ein Feld wurde nicht ausgefüllt.'); } else { // Validate login - if (preg_match('/^[a-z0-9_\.\-]+@([a-z0-9_\.\-]+)$/i', $login, $out)) { + if (preg_match('/^[a-z0-9_.\-]+@([a-z0-9_.\-]+)$/i', $login, $out)) { // Complete login $suffix = $out[1]; } else if (strpos($login, '@') !== false) { @@ -47,8 +47,9 @@ class Page_AddUser extends Page if ($ok === false) { Message::addError('Login-Suffix @{{0}} ist ungültig.', $suffix); } else { - Database::exec('INSERT INTO user (userid, password, organizationid, firstname, lastname, email) ' - . ' VALUES (:userid, :password, :organization, :firstname, :lastname, :email)', array( + Database::exec('INSERT INTO user (userid, password, organizationid, firstname, lastname, email) + VALUES (:userid, :password, :organization, :firstname, :lastname, :email) + ON DUPLICATE KEY UPDATE password = VALUES(password)', array( 'userid' => $login, 'password' => Crypto::hash6($password), 'organization' => $organizationid, @@ -78,4 +79,4 @@ class Page_AddUser extends Page Render::addTemplate('adduser/_page', array('orgs' => $orgs)); } -}
\ No newline at end of file +} diff --git a/modules/agb.inc.php b/modules/agb.inc.php index 7d38482..8728612 100644 --- a/modules/agb.inc.php +++ b/modules/agb.inc.php @@ -13,6 +13,7 @@ class Page_Agb extends Page $data['linkidmmail'] = CONFIG_IDM_LINK_MAIL; $data['linkidmepsa'] = CONFIG_IDM_LINK_EPSA; $data['linkidmpid'] = CONFIG_IDM_LINK_PID; + $data['helpmail'] = CONFIG_HELPMAIL; Render::addTemplate('agb/_page', $data); } diff --git a/modules/images.inc.php b/modules/images.inc.php new file mode 100644 index 0000000..f962c07 --- /dev/null +++ b/modules/images.inc.php @@ -0,0 +1,51 @@ +<?php + +class Page_Images extends Page +{ + + protected function doPreprocess() + { + User::load(); + if (!User::isShibbolethAuth()) { + Message::addError('Not {{0}}', CONFIG_IDM); + Util::redirect('?do=Main'); + } + if (!User::isAdmin()) { + Message::addError('Not admin!'); + Util::redirect('?do=Main'); + } + if (Request::post('action') === 'delete') { + $image = Request::post('image'); + $row = Database::queryFirst('SELECT filepath FROM imageversion WHERE imageversionid = :version', + ['version' => $image]); + if ($row === false) { + Message::addError('Image {{0}} nicht gefunden', $image); + } else { + // PHP process doesn't have write permissions to VM store, plus we don't have the absolute path + // for now this has to do, until someone comes along and adds an RPC method in the java app. + Message::addInfo('Vergessen Sie nicht, {{0}} vom Storage zu löschen', $row['filepath']); + Database::exec("DELETE FROM imageversion WHERE imageversionid = :version", + ['version' => $image]); + } + Util::redirect('?do=images'); + } + } + + protected function doRender() + { + $res = Database::simpleQuery('SELECT b.displayname, b.description, + v.imageversionid, v.createtime, v.expiretime, v.filesize, v.filepath + FROM imagebase b + INNER JOIN imageversion v USING (imagebaseid) + ORDER BY b.imagebaseid ASC, v.createtime ASC'); + $rows = []; + while ($row = $res->fetch(PDO::FETCH_ASSOC)) { + $row['createtime_s'] = date('d.m.Y', $row['createtime']); + $row['expiretime_s'] = date('d.m.Y', $row['expiretime']); + $row['filesize_s'] = Util::readableFileSize($row['filesize']); + $rows[] = $row; + } + Render::addTemplate('image-list', ['list' => $rows]); + } + +} diff --git a/modules/main.inc.php b/modules/main.inc.php index db62096..3b605a3 100644 --- a/modules/main.inc.php +++ b/modules/main.inc.php @@ -35,16 +35,18 @@ class Page_Main extends Page return; } if (!User::isTutor()) { + Message::addError('Sie sind kein Mitarbeiter der Einrichtung "' . User::getOrganizationName() + . '" und können daher die ' . CONFIG_SUITE . '-Suite nicht nutzen.'); return; } // User is not in DB, so he might want so sign up for the service - see if conditions are met - if (User::getOrganization() !== false) { + if (User::getOrganization() !== null) { // Organization is known, show signup form $this->renderShibbolethUnregistered(); return; } // Nothing we can do here, show error message :-( - if (User::getRemoteOrganizationId() !== false) { + if (User::getRemoteOrganizationId() !== null) { // Organization is not known, see if we at least have an idea Message::addWarning('Ihre Hochschule/Einrichtung {{0}} ist leider nicht bekannt. Bitte kontaktieren Sie den Support.', User::getRemoteOrganizationId()); } else { @@ -62,20 +64,24 @@ class Page_Main extends Page { $data = User::getData(); $data['organization'] = User::getOrganizationName(); - // Shoe testacc merge form if organization has test accounts - $res = Database::queryFirst('SELECT Count(*) as cnt FROM user WHERE organizationid = :oid', array( - 'oid' => User::getOrganizationId() - )); - if ($res !== false && $res['cnt'] > 0) { - $data['testacc'] = true; - $mail = trim(User::getMail()); - if (!empty($mail)) { - $existing = Database::queryFirst('SELECT userid FROM user WHERE email = :email LIMIT 1', array( - 'email' => $mail - )); - if ($existing !== false) { - $data['testlogin'] = $existing['userid']; - } + // Show testacc merge form if organization has test accounts + $mail = trim(User::getMail()); + $fn = User::getFirstName(); + $ln = User::getLastName(); + if (!empty($mail) && (!empty($fn) || !empty($ln))) { + $extra = ''; + if (!CONFIG_ALLOW_SHIB_MERGE) { + $extra = ' AND password IS NOT NULL AND Length(password) <> 0 '; + } + $existing = Database::queryFirst('SELECT userid FROM user + WHERE email = :email AND lastname = :ln AND firstname = :fn AND organizationid = :org ' . $extra . ' LIMIT 1', array( + 'email' => $mail, + 'fn' => $fn, + 'ln' => $ln, + 'org' => User::getOrganizationId(), + )); + if ($existing !== false) { + $data['testlogin'] = $existing['userid']; } } $data['suite'] = CONFIG_SUITE; diff --git a/modules/register.inc.php b/modules/register.inc.php index 19ccfcf..f55e900 100644 --- a/modules/register.inc.php +++ b/modules/register.inc.php @@ -23,26 +23,35 @@ class Page_Register extends Page Util::redirect('?do=Main'); } - if (Request::post('testlogin')) { + $anonymous = (Request::post('share') !== 'on'); + $testLogin = Request::post('testlogin'); + if (empty($testLogin)) { + $testLogin = false; + } + if ($testLogin !== false) { // Check if one of firstname, lastname or email matches - $user = Database::queryFirst('SELECT firstname, lastname, email, organizationid FROM user WHERE userid = :login LIMIT 1', - array('login' => Request::post('testlogin'))); + $user = Database::queryFirst('SELECT firstname, lastname, email, password, organizationid FROM user WHERE userid = :login LIMIT 1', + array('login' => $testLogin)); if ($user === false || User::getOrganizationId() !== $user['organizationid']) { // Invalid Login Message::addError('Test-Account {{0}} unbekannt. ' - . ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', Request::post('testlogin'), CONFIG_SUITE); + . ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', $testLogin, CONFIG_SUITE); + Util::redirect('?do=Main'); + } + if (empty($user['password']) && !CONFIG_ALLOW_SHIB_MERGE) { + Message::addError('Verknüpfung mit altem Shibboleth-basiertem Account nicht erlaubt'); Util::redirect('?do=Main'); } - if (User::getLastName() !== $user['lastname'] - && User::getFirstName() !== $user['firstname'] - && User::getMail() !== $user['email']) { + if (strcasecmp(User::getLastName(), $user['lastname']) !== 0 + || strcasecmp(User::getFirstName(), $user['firstname']) !== 0 + || strcasecmp(User::getMail(), $user['email']) !== 0) { // No match by personal information Message::addError('Ihre Metadaten stimmen nicht mit dem Test-Account {{0}} überein. ' - . ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', Request::post('testlogin'), CONFIG_SUITE); + . ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', $testLogin, CONFIG_SUITE); Util::redirect('?do=Main'); } // Check if anonymous is requested, but user shared VMs with his testacc - if (Image::getImageCount(Request::post('testlogin')) > 0) { + if ($anonymous && Image::getImageCount($testLogin) > 0) { Message::addError('Sie haben mit Ihrem Test-Account Virtuelle Maschinen auf den Zentral-Server hochgeladen und können" . " sich daher nicht ohne Teilnahme am landesweiten VM-Austausch registrieren.'); Util::redirect('?do=Main'); @@ -59,7 +68,7 @@ class Page_Register extends Page } elseif (!User::hasFullName()) { Message::addError('Ihr Identity Provider hat keinen Namen zu Ihrem Account geliefert. Registrierung nicht möglich.'); // Put stuff in DB - } elseif (User::deploy(Request::post('share') !== 'on', Request::post('testlogin'))) { + } elseif (User::deploy($anonymous, $testLogin)) { Message::addSuccess('Ihr Konto wurde freigeschaltet'); } else { Message::addError('Fehler beim Zusammenführen mit Ihrem Test-Account. Bitte wenden Sie sich an den Support.'); diff --git a/modules/suitelogin.inc.php b/modules/suitelogin.inc.php new file mode 100644 index 0000000..df3b8f0 --- /dev/null +++ b/modules/suitelogin.inc.php @@ -0,0 +1,31 @@ +<?php + +class Page_SuiteLogin extends Page +{ + + protected function doPreprocess() + { + if (empty($_SERVER['persistent-id'])) + Util::redirect(CONFIG_PREFIX . 'shib/?do=SuiteLogin'); + + if (!Request::any('msg')) { + $at = Request::any('accessToken'); + if ($at === false || strlen($at) < 20) { + Message::addError('Missing access token'); + } else { + $response = ShibAuth::login($at); + + if ($response['status'] === 'ok') { + Message::addSuccess("Login erfolgreich, Sie können dieses Fenster jetzt schließen"); + } else { + Message::addError("Login fehlgeschlagen: {{0}}", $response['error']); + if ($response['status'] === 'unregistered') { + Util::redirect('?do=Register'); + } + } + } + Util::redirect('?do=SuiteLogin&msg=1'); + } + } + +} |