summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
Diffstat (limited to 'modules')
-rw-r--r--modules/adduser.inc.php11
-rw-r--r--modules/agb.inc.php1
-rw-r--r--modules/images.inc.php51
-rw-r--r--modules/main.inc.php38
-rw-r--r--modules/register.inc.php29
-rw-r--r--modules/suitelogin.inc.php31
6 files changed, 130 insertions, 31 deletions
diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php
index c725e27..207858b 100644
--- a/modules/adduser.inc.php
+++ b/modules/adduser.inc.php
@@ -25,10 +25,10 @@ class Page_AddUser extends Page
Message::addError('Keine Einrichtung gewählt.');
} else if (empty($firstname) || empty($lastname)
|| empty($login) || empty($password)) {
- Message:addError('Ein Feld wurde nicht ausgefüllt.');
+ Message::addError('Ein Feld wurde nicht ausgefüllt.');
} else {
// Validate login
- if (preg_match('/^[a-z0-9_\.\-]+@([a-z0-9_\.\-]+)$/i', $login, $out)) {
+ if (preg_match('/^[a-z0-9_.\-]+@([a-z0-9_.\-]+)$/i', $login, $out)) {
// Complete login
$suffix = $out[1];
} else if (strpos($login, '@') !== false) {
@@ -47,8 +47,9 @@ class Page_AddUser extends Page
if ($ok === false) {
Message::addError('Login-Suffix @{{0}} ist ungültig.', $suffix);
} else {
- Database::exec('INSERT INTO user (userid, password, organizationid, firstname, lastname, email) '
- . ' VALUES (:userid, :password, :organization, :firstname, :lastname, :email)', array(
+ Database::exec('INSERT INTO user (userid, password, organizationid, firstname, lastname, email)
+ VALUES (:userid, :password, :organization, :firstname, :lastname, :email)
+ ON DUPLICATE KEY UPDATE password = VALUES(password)', array(
'userid' => $login,
'password' => Crypto::hash6($password),
'organization' => $organizationid,
@@ -78,4 +79,4 @@ class Page_AddUser extends Page
Render::addTemplate('adduser/_page', array('orgs' => $orgs));
}
-} \ No newline at end of file
+}
diff --git a/modules/agb.inc.php b/modules/agb.inc.php
index 7d38482..8728612 100644
--- a/modules/agb.inc.php
+++ b/modules/agb.inc.php
@@ -13,6 +13,7 @@ class Page_Agb extends Page
$data['linkidmmail'] = CONFIG_IDM_LINK_MAIL;
$data['linkidmepsa'] = CONFIG_IDM_LINK_EPSA;
$data['linkidmpid'] = CONFIG_IDM_LINK_PID;
+ $data['helpmail'] = CONFIG_HELPMAIL;
Render::addTemplate('agb/_page', $data);
}
diff --git a/modules/images.inc.php b/modules/images.inc.php
new file mode 100644
index 0000000..f962c07
--- /dev/null
+++ b/modules/images.inc.php
@@ -0,0 +1,51 @@
+<?php
+
+class Page_Images extends Page
+{
+
+ protected function doPreprocess()
+ {
+ User::load();
+ if (!User::isShibbolethAuth()) {
+ Message::addError('Not {{0}}', CONFIG_IDM);
+ Util::redirect('?do=Main');
+ }
+ if (!User::isAdmin()) {
+ Message::addError('Not admin!');
+ Util::redirect('?do=Main');
+ }
+ if (Request::post('action') === 'delete') {
+ $image = Request::post('image');
+ $row = Database::queryFirst('SELECT filepath FROM imageversion WHERE imageversionid = :version',
+ ['version' => $image]);
+ if ($row === false) {
+ Message::addError('Image {{0}} nicht gefunden', $image);
+ } else {
+ // PHP process doesn't have write permissions to VM store, plus we don't have the absolute path
+ // for now this has to do, until someone comes along and adds an RPC method in the java app.
+ Message::addInfo('Vergessen Sie nicht, {{0}} vom Storage zu löschen', $row['filepath']);
+ Database::exec("DELETE FROM imageversion WHERE imageversionid = :version",
+ ['version' => $image]);
+ }
+ Util::redirect('?do=images');
+ }
+ }
+
+ protected function doRender()
+ {
+ $res = Database::simpleQuery('SELECT b.displayname, b.description,
+ v.imageversionid, v.createtime, v.expiretime, v.filesize, v.filepath
+ FROM imagebase b
+ INNER JOIN imageversion v USING (imagebaseid)
+ ORDER BY b.imagebaseid ASC, v.createtime ASC');
+ $rows = [];
+ while ($row = $res->fetch(PDO::FETCH_ASSOC)) {
+ $row['createtime_s'] = date('d.m.Y', $row['createtime']);
+ $row['expiretime_s'] = date('d.m.Y', $row['expiretime']);
+ $row['filesize_s'] = Util::readableFileSize($row['filesize']);
+ $rows[] = $row;
+ }
+ Render::addTemplate('image-list', ['list' => $rows]);
+ }
+
+}
diff --git a/modules/main.inc.php b/modules/main.inc.php
index db62096..3b605a3 100644
--- a/modules/main.inc.php
+++ b/modules/main.inc.php
@@ -35,16 +35,18 @@ class Page_Main extends Page
return;
}
if (!User::isTutor()) {
+ Message::addError('Sie sind kein Mitarbeiter der Einrichtung "' . User::getOrganizationName()
+ . '" und können daher die ' . CONFIG_SUITE . '-Suite nicht nutzen.');
return;
}
// User is not in DB, so he might want so sign up for the service - see if conditions are met
- if (User::getOrganization() !== false) {
+ if (User::getOrganization() !== null) {
// Organization is known, show signup form
$this->renderShibbolethUnregistered();
return;
}
// Nothing we can do here, show error message :-(
- if (User::getRemoteOrganizationId() !== false) {
+ if (User::getRemoteOrganizationId() !== null) {
// Organization is not known, see if we at least have an idea
Message::addWarning('Ihre Hochschule/Einrichtung {{0}} ist leider nicht bekannt. Bitte kontaktieren Sie den Support.', User::getRemoteOrganizationId());
} else {
@@ -62,20 +64,24 @@ class Page_Main extends Page
{
$data = User::getData();
$data['organization'] = User::getOrganizationName();
- // Shoe testacc merge form if organization has test accounts
- $res = Database::queryFirst('SELECT Count(*) as cnt FROM user WHERE organizationid = :oid', array(
- 'oid' => User::getOrganizationId()
- ));
- if ($res !== false && $res['cnt'] > 0) {
- $data['testacc'] = true;
- $mail = trim(User::getMail());
- if (!empty($mail)) {
- $existing = Database::queryFirst('SELECT userid FROM user WHERE email = :email LIMIT 1', array(
- 'email' => $mail
- ));
- if ($existing !== false) {
- $data['testlogin'] = $existing['userid'];
- }
+ // Show testacc merge form if organization has test accounts
+ $mail = trim(User::getMail());
+ $fn = User::getFirstName();
+ $ln = User::getLastName();
+ if (!empty($mail) && (!empty($fn) || !empty($ln))) {
+ $extra = '';
+ if (!CONFIG_ALLOW_SHIB_MERGE) {
+ $extra = ' AND password IS NOT NULL AND Length(password) <> 0 ';
+ }
+ $existing = Database::queryFirst('SELECT userid FROM user
+ WHERE email = :email AND lastname = :ln AND firstname = :fn AND organizationid = :org ' . $extra . ' LIMIT 1', array(
+ 'email' => $mail,
+ 'fn' => $fn,
+ 'ln' => $ln,
+ 'org' => User::getOrganizationId(),
+ ));
+ if ($existing !== false) {
+ $data['testlogin'] = $existing['userid'];
}
}
$data['suite'] = CONFIG_SUITE;
diff --git a/modules/register.inc.php b/modules/register.inc.php
index 19ccfcf..f55e900 100644
--- a/modules/register.inc.php
+++ b/modules/register.inc.php
@@ -23,26 +23,35 @@ class Page_Register extends Page
Util::redirect('?do=Main');
}
- if (Request::post('testlogin')) {
+ $anonymous = (Request::post('share') !== 'on');
+ $testLogin = Request::post('testlogin');
+ if (empty($testLogin)) {
+ $testLogin = false;
+ }
+ if ($testLogin !== false) {
// Check if one of firstname, lastname or email matches
- $user = Database::queryFirst('SELECT firstname, lastname, email, organizationid FROM user WHERE userid = :login LIMIT 1',
- array('login' => Request::post('testlogin')));
+ $user = Database::queryFirst('SELECT firstname, lastname, email, password, organizationid FROM user WHERE userid = :login LIMIT 1',
+ array('login' => $testLogin));
if ($user === false || User::getOrganizationId() !== $user['organizationid']) {
// Invalid Login
Message::addError('Test-Account {{0}} unbekannt. '
- . ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', Request::post('testlogin'), CONFIG_SUITE);
+ . ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', $testLogin, CONFIG_SUITE);
+ Util::redirect('?do=Main');
+ }
+ if (empty($user['password']) && !CONFIG_ALLOW_SHIB_MERGE) {
+ Message::addError('Verknüpfung mit altem Shibboleth-basiertem Account nicht erlaubt');
Util::redirect('?do=Main');
}
- if (User::getLastName() !== $user['lastname']
- && User::getFirstName() !== $user['firstname']
- && User::getMail() !== $user['email']) {
+ if (strcasecmp(User::getLastName(), $user['lastname']) !== 0
+ || strcasecmp(User::getFirstName(), $user['firstname']) !== 0
+ || strcasecmp(User::getMail(), $user['email']) !== 0) {
// No match by personal information
Message::addError('Ihre Metadaten stimmen nicht mit dem Test-Account {{0}} überein. '
- . ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', Request::post('testlogin'), CONFIG_SUITE);
+ . ' Bitte wenden Sie sich an den {{1}}-Support, wenn dieser Test-Account Ihnen gehört.', $testLogin, CONFIG_SUITE);
Util::redirect('?do=Main');
}
// Check if anonymous is requested, but user shared VMs with his testacc
- if (Image::getImageCount(Request::post('testlogin')) > 0) {
+ if ($anonymous && Image::getImageCount($testLogin) > 0) {
Message::addError('Sie haben mit Ihrem Test-Account Virtuelle Maschinen auf den Zentral-Server hochgeladen und können"
. " sich daher nicht ohne Teilnahme am landesweiten VM-Austausch registrieren.');
Util::redirect('?do=Main');
@@ -59,7 +68,7 @@ class Page_Register extends Page
} elseif (!User::hasFullName()) {
Message::addError('Ihr Identity Provider hat keinen Namen zu Ihrem Account geliefert. Registrierung nicht möglich.');
// Put stuff in DB
- } elseif (User::deploy(Request::post('share') !== 'on', Request::post('testlogin'))) {
+ } elseif (User::deploy($anonymous, $testLogin)) {
Message::addSuccess('Ihr Konto wurde freigeschaltet');
} else {
Message::addError('Fehler beim Zusammenführen mit Ihrem Test-Account. Bitte wenden Sie sich an den Support.');
diff --git a/modules/suitelogin.inc.php b/modules/suitelogin.inc.php
new file mode 100644
index 0000000..df3b8f0
--- /dev/null
+++ b/modules/suitelogin.inc.php
@@ -0,0 +1,31 @@
+<?php
+
+class Page_SuiteLogin extends Page
+{
+
+ protected function doPreprocess()
+ {
+ if (empty($_SERVER['persistent-id']))
+ Util::redirect(CONFIG_PREFIX . 'shib/?do=SuiteLogin');
+
+ if (!Request::any('msg')) {
+ $at = Request::any('accessToken');
+ if ($at === false || strlen($at) < 20) {
+ Message::addError('Missing access token');
+ } else {
+ $response = ShibAuth::login($at);
+
+ if ($response['status'] === 'ok') {
+ Message::addSuccess("Login erfolgreich, Sie können dieses Fenster jetzt schließen");
+ } else {
+ Message::addError("Login fehlgeschlagen: {{0}}", $response['error']);
+ if ($response['status'] === 'unregistered') {
+ Util::redirect('?do=Register');
+ }
+ }
+ }
+ Util::redirect('?do=SuiteLogin&msg=1');
+ }
+ }
+
+}
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-05-02 05:53:27 +0200