From 5136f6622e7ca87695c158a31cb8e78299f1967a Mon Sep 17 00:00:00 2001
From: Simon Rettberg
Date: Wed, 3 Jun 2015 14:26:22 +0200
Subject: Allow registration, add support for creating test accounts, rename
satellite to organization
---
inc/image.inc.php | 10 ++++++++
inc/user.inc.php | 51 +++++++++++++++++++++++++++++++++++++----
index.php | 8 ++++++-
modules/adduser.inc.php | 4 ++--
modules/main.inc.php | 16 +++++++++++++
modules/register.inc.php | 31 +++++++++++++++++++++++--
templates/main/deploy.html | 15 ++++++++++++
templates/sharemode/remove.html | 4 ++--
8 files changed, 127 insertions(+), 12 deletions(-)
diff --git a/inc/image.inc.php b/inc/image.inc.php
index 2c0ec74..5b8f077 100644
--- a/inc/image.inc.php
+++ b/inc/image.inc.php
@@ -9,6 +9,16 @@ class Image
return false;
return Database::exec('DELETE FROM image WHERE ownerid = :userid', array('userid' => $userid));
}
+
+ public static function getImageCount($login)
+ {
+ $ret = Database::queryFirst('SELECT Count(*) AS cnt FROM image '
+ . ' INNER JOIN user ON (image.ownerid = user.userid) '
+ . ' WHERE user.login = :login', array('login' => $login));
+ if ($ret === false)
+ return 0;
+ return $ret['cnt'];
+ }
}
diff --git a/inc/user.inc.php b/inc/user.inc.php
index 3325421..c09e936 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -60,6 +60,13 @@ class User
return self::$user['firstname'] . ' ' . self::$user['lastname'];
}
+ public static function getFirstName()
+ {
+ if (!self::isLoggedIn())
+ return false;
+ return self::$user['firstname'];
+ }
+
public static function getLastName()
{
if (!self::isLoggedIn())
@@ -87,6 +94,11 @@ class User
), true);
}
+ /**
+ * Organization ID used locally in our DB
+ *
+ * @return string
+ */
public static function getOrganizationId()
{
$org = self::getOrganization();
@@ -103,6 +115,11 @@ class User
return $org['name'];
}
+ /**
+ * Organization ID as supplied by shibboleth
+ *
+ * @return string
+ */
public static function getRemoteOrganizationId()
{
if (empty(self::$user['organization']))
@@ -115,8 +132,8 @@ class User
if (!self::isLoggedIn())
return false;
if (is_null(self::$organization)) {
- self::$organization = Database::queryFirst('SELECT organizationid, name FROM satellite_suffix '
- . ' INNER JOIN satellite USING (organizationid) '
+ self::$organization = Database::queryFirst('SELECT organizationid, name FROM organization_suffix '
+ . ' INNER JOIN organization USING (organizationid) '
. ' WHERE suffix = :org LIMIT 1', array('org' => self::$user['organization']));
}
return self::$organization;
@@ -194,21 +211,44 @@ class User
return true;
}
- public static function deploy($anonymous)
+ public static function deploy($anonymous, $existingLogin = false)
{
if (empty(self::$user['shibid']))
Util::traceError('NO SHIBID');
+
+ // Merging with test-account:
+ if (!empty($existingLogin)) {
+ if ($anonymous) {
+ $ret = Database::exec("UPDATE user SET shibid = :shibid, firstname = '', lastname = '', email = '', password = '' "
+ . " WHERE login = :login LIMIT 1", array(
+ 'shibid' => self::$user['shibid'],
+ 'login' => $existingLogin
+ ));
+ } else {
+ $ret = Database::exec("UPDATE user SET shibid = :shibid, password = '', firstname = :firstname, lastname = :lastname, email = :email "
+ . " WHERE login = :login LIMIT 1", array(
+ 'shibid' => self::$user['shibid'],
+ 'login' => $existingLogin,
+ 'firstname' => self::$user['firstname'],
+ 'lastname' => self::$user['lastname'],
+ 'email' => self::$user['email']
+ ));
+ }
+ return $ret > 0;
+ }
+
+ // New account
if ($anonymous) {
Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
. " VALUES (:shibid, :shibid, :org, '', '', '') "
- . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = ''", array(
+ . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = '', password = ''", array(
'shibid' => self::$user['shibid'],
'org' => self::getOrganizationId()
));
} else {
Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) "
. " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) "
- . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email)", array(
+ . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email), password = ''", array(
'shibid' => self::$user['shibid'],
'firstname' => self::$user['firstname'],
'lastname' => self::$user['lastname'],
@@ -216,6 +256,7 @@ class User
'org' => self::getOrganizationId()
));
}
+ return true;
}
public static function updatePassword($pass)
diff --git a/index.php b/index.php
index 8e06975..3b8250a 100644
--- a/index.php
+++ b/index.php
@@ -2,12 +2,18 @@
$dest = @readlink($_SERVER['SCRIPT_FILENAME']);
if (!empty($dest) && $dest !== $_SERVER['SCRIPT_FILENAME']) {
- //error_log($dest . ' !== ' . $_SERVER['SCRIPT_FILENAME'] . ', chdir to ' . dirname($dest));
chdir(dirname($dest));
}
require_once 'config.php';
+if (defined('CONFIG_FORCE_DOMAIN')) {
+ if (!empty($_SERVER['SERVER_NAME']) && strcasecmp($_SERVER['SERVER_NAME'], CONFIG_FORCE_DOMAIN) !== 0) {
+ Header('HTTP/1.1 400 Bad Request');
+ die('
Bad Request
');
+ }
+}
+
/**
* Page class which all "modules" must be extending from
diff --git a/modules/adduser.inc.php b/modules/adduser.inc.php
index fc0dfa7..f27717b 100644
--- a/modules/adduser.inc.php
+++ b/modules/adduser.inc.php
@@ -40,7 +40,7 @@ class Page_AddUser extends Page
$suffix = $organizationid;
$login .= "@$suffix";
}
- $ok = Database::queryFirst('SELECT organizationid FROM satellite_suffix WHERE organizationid = :o AND suffix = :s LIMIT 1', array(
+ $ok = Database::queryFirst('SELECT organizationid FROM organization_suffix WHERE organizationid = :o AND suffix = :s LIMIT 1', array(
'o' => $organizationid,
's' => $suffix
));
@@ -66,7 +66,7 @@ class Page_AddUser extends Page
protected function doRender()
{
// Show mask
- $res = Database::simpleQuery('SELECT organizationid, name FROM satellite ORDER BY name ASC');
+ $res = Database::simpleQuery('SELECT organizationid, name FROM organization ORDER BY name ASC');
$orgs = array();
$orgs[] = array(
'organizationid' => '',
diff --git a/modules/main.inc.php b/modules/main.inc.php
index c1382e6..3e3aff8 100644
--- a/modules/main.inc.php
+++ b/modules/main.inc.php
@@ -59,6 +59,22 @@ class Page_Main extends Page
{
$data = User::getData();
$data['organization'] = User::getOrganizationName();
+ // Shoe testacc merge form if organization has test accounts
+ $res = Database::queryFirst('SELECT Count(*) as cnt FROM user WHERE organizationid = :oid', array(
+ 'oid' => User::getOrganizationId()
+ ));
+ if ($res !== false && $res['cnt'] > 0) {
+ $data['testacc'] = true;
+ $mail = trim(User::getMail());
+ if (!empty($mail)) {
+ $existing = Database::queryFirst('SELECT login FROM user WHERE email = :email LIMIT 1', array(
+ 'email' => $mail
+ ));
+ if ($existing !== false) {
+ $data['testlogin'] = $existing['login'];
+ }
+ }
+ }
Render::addTemplate('main/deploy', $data);
}
diff --git a/modules/register.inc.php b/modules/register.inc.php
index 0fec4c7..d24d304 100644
--- a/modules/register.inc.php
+++ b/modules/register.inc.php
@@ -19,10 +19,37 @@ class Page_Register extends Page
Util::redirect('?do=Main');
}
+ if (Request::post('testlogin')) {
+ // Check if one of firstname, lastname or email matches
+ $user = Database::queryFirst('SELECT firstname, lastname, email, organizationid FROM user WHERE login = :login LIMIT 1', array('login' => Request::post('testlogin')));
+ if ($user === false || User::getOrganizationId() !== $user['organizationid']) {
+ // Invalid Login
+ Message::addError('Test-Account {{0}} unbekannt. '
+ . ' Bitte wenden Sie sich an den bwLehrpool-Support, wenn dieser Test-Account Ihnen gehört.', Request::post('testlogin'));
+ Util::redirect('?do=Main');
+ }
+ if (User::getLastName() !== $user['lastname']
+ && User::getFirstName() !== $user['firstname']
+ && User::getMail() !== $user['email']) {
+ // No match by personal information
+ Message::addError('Ihre Metadaten stimmen nicht mit dem Test-Account {{0}} überein. '
+ . ' Bitte wenden Sie sich an den bwLehrpool-Support, wenn dieser Test-Account Ihnen gehört.', Request::post('testlogin'));
+ Util::redirect('?do=Main');
+ }
+ // Check if anonymous is requested, but user shared VMs with his testacc
+ if (Image::getImageCount(Request::post('testlogin')) > 0) {
+ Message::addError('Sie haben mit Ihrem Test-Account Virtuelle Maschinen auf den Zentral-Server hochgeladen und können sich daher nicht ohne Teilnahme am landesweiten VM-Austausch registrieren.');
+ Util::redirect('?do=Main');
+ }
+ }
+
if (Request::post('agb') === 'on') {
// Put stuff in DB
- User::deploy(Request::post('share') !== 'on');
- Message::addSuccess('Ihr Konto wurde freigeschaltet');
+ if (User::deploy(Request::post('share') !== 'on', Request::post('testlogin'))) {
+ Message::addSuccess('Ihr Konto wurde freigeschaltet');
+ } else {
+ Message::addError('Fehler beim Zusammenführen mit Ihrem Test-Account. Bitte wenden Sie sich an den Support.');
+ }
Util::redirect('?do=Main');
}
Message::addError('Sie müssen den Nutzungsbedingungen zustimmen');
diff --git a/templates/main/deploy.html b/templates/main/deploy.html
index f8f20c2..d9e3ed2 100644
--- a/templates/main/deploy.html
+++ b/templates/main/deploy.html
@@ -59,6 +59,21 @@
{{email}}
+
+ {{#testacc}}
+
+ Haben Sie bisher einen lokalen Account (Test-Account) benutzt? Falls ja können Sie diesen
+ jetzt mit Ihrem bwIDM-Account zusammenführen, um Ihre bisherigen Veranstaltungen und Virtuelle
+ Maschinen zu übernehmen. Ansonsten lassen Sie das Feld leer.
+
+
+
+
+ Test-Login
+
+
+
+ {{/testacc}}
diff --git a/templates/sharemode/remove.html b/templates/sharemode/remove.html
index d91590e..479e0f7 100644
--- a/templates/sharemode/remove.html
+++ b/templates/sharemode/remove.html
@@ -8,7 +8,7 @@
Sie nicht mehr am landesweiten VM-Austausch teilnehmen. Eventuell von
Ihnen freigegebene Virtuelle Maschinen werden auf dem Zentral-Server einem
generischen Benutzer überschrieben. Sollten Sie dem nicht zustimmen, setzen
- Sie bitte den Haken bei alle von mir erstellen VMs löschen. Beachten
+ Sie bitte den Haken bei alle von mir erstellten VMs löschen. Beachten
Sie jedoch, dass Ihre VMs bereits von anderen Hochschulen genutzt werden
könnten. In diesem Fall werden die dort vorhandenen lokalen Kopien
nicht gelöscht, um den Lehrbetrieb nicht zu stören.
@@ -18,7 +18,7 @@
-
+