From c90c7bfb5d72d327e6fe8fb3a85d852ec1ee94a4 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Tue, 3 Mar 2015 19:01:30 +0100 Subject: Third Commit --- inc/image.inc.php | 14 +++++++++ inc/session.inc.php | 62 +++++++++++++++++++++++++++++----------- inc/user.inc.php | 38 +++++++++++++++++++++--- inc/util.inc.php | 4 +-- index.php | 2 +- modules/logout.inc.php | 8 ++++++ modules/sharemode.inc.php | 51 +++++++++++++++++++++++++++++++++ templates/sharemode/deploy.html | 45 +++++++++++++++++++++++++++++ templates/sharemode/remove.html | 27 +++++++++++++++++ templates/sharemode/testacc.html | 5 ++++ 10 files changed, 233 insertions(+), 23 deletions(-) create mode 100644 inc/image.inc.php create mode 100644 modules/sharemode.inc.php create mode 100644 templates/sharemode/deploy.html create mode 100644 templates/sharemode/remove.html create mode 100644 templates/sharemode/testacc.html diff --git a/inc/image.inc.php b/inc/image.inc.php new file mode 100644 index 0000000..2c0ec74 --- /dev/null +++ b/inc/image.inc.php @@ -0,0 +1,14 @@ + $userid)); + } + +} + diff --git a/inc/session.inc.php b/inc/session.inc.php index b9adfcb..6718006 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -4,8 +4,8 @@ class Session { private static $sid = false; - private static $uid = false; private static $data = false; + private static $needUpdate = true; private static function generateSessionId() { @@ -26,7 +26,6 @@ class Session public static function create() { self::generateSessionId(); - self::$uid = 0; self::$data = array(); } @@ -38,20 +37,19 @@ class Session if (self::readSessionData()) return true; // Loading session data failed self::delete(); + return false; } public static function getUid() { - return self::$uid; + return self::get('uid'); } public static function setUid($value) { - if (self::$uid === false) - Util::traceError('Tried to set session data with no active session'); if (!is_numeric($value) || $value < 1) Util::traceError('Invalid user id: ' . $value); - self::$uid = $value; + self::set('uid', (int)$value); } public static function get($key) @@ -61,6 +59,16 @@ class Session return false; } + public static function set($key, $value) + { + if (!is_array(self::$data)) + Util::traceError('Tried to set session data with no active session'); + if (isset(self::$data[$key]) && self::$data[$key] === $value) + return; + self::$data[$key] = $value; + self::$needUpdate = true; + } + private static function loadSessionId() { if (self::$sid !== false) @@ -73,27 +81,49 @@ class Session self::$sid = $id; return true; } - + public static function delete() { if (self::$sid === false) return; Database::exec('DELETE FROM websession WHERE sid = :sid', array('sid' => self::$sid)); @setcookie('sid', '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); self::$sid = false; - self::$uid = false; + self::$data = false; } - + public static function save() { - if (self::$sid === false || self::$uid === false || self::$uid === 0) + if (self::$sid === false || self::$data === false || !self::$needUpdate) return; - $ret = Database::exec('INSERT INTO websession (sid, userid, dateline) ' - . ' VALUES (:sid, :uid, UNIX_TIMESTAMP()) ' - . ' ON DUPLICATE KEY UPDATE userid = VALUES(userid), dateline = VALUES(dateline)', - array('sid' => self::$sid, 'uid' => self::$uid)); - if (!$ret) Util::traceError('Storing session data in dahdähbank failed.'); + $data = json_encode(self::$data); + $ret = Database::exec('INSERT INTO websession (sid, dateline, data) ' + . ' VALUES (:sid, UNIX_TIMESTAMP(), :data) ' + . ' ON DUPLICATE KEY UPDATE dateline = VALUES(dateline), data = VALUES(data)', + array('sid' => self::$sid, 'data' => $data)); + if ($ret === false) + Util::traceError('Storing session data in Dahdähbank failed.'); $ret = @setcookie('sid', self::$sid, time() + CONFIG_SESSION_TIMEOUT, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); - if (!$ret) Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); + if ($ret === false) + Util::traceError('Error: Could not set Cookie for Client (headers already sent)'); } + + public static function readSessionData() + { + if (self::$sid === false || self::$data !== false) + Util::traceError('Tried to readSessionData on an active session!'); + $data = Database::queryFirst('SELECT dateline, data FROM websession WHERE sid = :sid LIMIT 1', array('sid' => self::$sid)); + if ($data === false) + return false; + if ($data['dateline'] + CONFIG_SESSION_TIMEOUT < time()) { + self::delete(); + return false; + } + self::$needUpdate = ($data['dateline'] + 3600 < time()); + self::$data = @json_decode($data['data'], true); + if (!is_array(self::$data)) + self::$data = array(); + return true; + } + } diff --git a/inc/user.inc.php b/inc/user.inc.php index f023ae7..496857e 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -7,6 +7,7 @@ class User private static $organization = NULL; private static $isShib = false; private static $isInDb = false; + private static $isAnonymous = false; public static function isLoggedIn() { @@ -28,11 +29,23 @@ class User return self::$user !== false && self::$isShib === false; } + public static function isAnonymous() + { + return self::$isAnonymous; + } + public static function getData() { return self::$user; } + public static function getId() + { + if (!isset(self::$user['userid'])) + return false; + return (int)self::$user['userid']; + } + public static function getName() { if (!self::isLoggedIn()) @@ -97,7 +110,7 @@ class User { if (self::isLoggedIn()) return true; - Session::load(); + $hasSession = Session::load(); if (empty($_SERVER['persistent-id'])) { if (Session::getUid() === false) return false; @@ -106,6 +119,11 @@ class User return self::$user !== false; } // Try bwIDM etc. + if (!$hasSession) { + Session::create(); + Session::set('token', md5(mt_rand() . $_SERVER['REMOTE_ADDR'] . microtime(true) . $_SERVER['persistent-id'] . mt_rand())); + Session::save(); + } self::$isShib = true; if (!isset($_SERVER['sn'])) $_SERVER['sn'] = ''; if (!isset($_SERVER['givenName'])) $_SERVER['givenName'] = ''; @@ -133,9 +151,14 @@ class User // No match in database, user is not signed up return true; } + if (Session::getUid() === false) { + Session::setUid($user['userid']); + Session::save(); + } // Already signed up, see if we can fetch missing fields from DB self::$user['login'] = $user['login']; self::$isInDb = true; + self::$isAnonymous = (empty($user['firstname']) && empty($user['lastname'])); foreach (array('firstname', 'lastname', 'email') as $key) { if (empty(self::$user[$key])) self::$user[$key] = $user[$key]; @@ -149,13 +172,15 @@ class User Util::traceError('NO SHIBID'); if ($anonymous) { Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " - . " VALUES (:shibid, :shibid, :org, '', '', '')", array( + . " VALUES (:shibid, :shibid, :org, '', '', '') " + . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = ''", array( 'shibid' => self::$user['shibid'], 'org' => self::getOrganizationId() )); } else { Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " - . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email)", array( + . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) " + . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email)", array( 'shibid' => self::$user['shibid'], 'firstname' => self::$user['firstname'], 'lastname' => self::$user['lastname'], @@ -181,8 +206,13 @@ class User public static function logout() { + foreach ($_COOKIE as $name => $value) { + if (substr($name, 0, 5) !== '_shib') + continue; + @setcookie($name, '', time() - 8640000, null, null, !empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] != 'off', true); + } Session::delete(); - Header('Location: ?do=Main&fromlogout'); + Header('Location: ?do=Logout&noredirect=yes'); exit(0); } diff --git a/inc/util.inc.php b/inc/util.inc.php index 4378a08..aaf46c6 100644 --- a/inc/util.inc.php +++ b/inc/util.inc.php @@ -95,11 +95,11 @@ SADFACE; */ public static function verifyToken() { - if (Session::get('token') === false) + if (Session::get('token') === false && Session::getUid() === false) return true; if (isset($_REQUEST['token']) && Session::get('token') === $_REQUEST['token']) return true; - Message::addError('token'); + Message::addError('Fehlerhaftes Token!'); return false; } diff --git a/index.php b/index.php index 3728ccd..8fde6b9 100644 --- a/index.php +++ b/index.php @@ -68,7 +68,7 @@ abstract class Page } -// Error reporting (hopefully goind to stderr, not being printed on pages) +// Error reporting (hopefully going to stderr, not being printed on pages) error_reporting(E_ALL); // Autoload classes from ./inc which adhere to naming scheme .inc.php diff --git a/modules/logout.inc.php b/modules/logout.inc.php index 90cd225..1f22fb4 100644 --- a/modules/logout.inc.php +++ b/modules/logout.inc.php @@ -3,6 +3,14 @@ class Page_Logout extends Page { + public function doPreprocess() + { + if (Request::any('noredirect') === false) { + User::load(); + User::logout(); + } + } + public function doRender() { Render::addTemplate('logout/_page'); diff --git a/modules/sharemode.inc.php b/modules/sharemode.inc.php new file mode 100644 index 0000000..ed7c4a4 --- /dev/null +++ b/modules/sharemode.inc.php @@ -0,0 +1,51 @@ + 1) + Message::addSuccess('Es wurden {{0}} VMs gelöscht', $del); + if ($del == 1) + Message::addSuccess('Es wurde {{0}} VM gelöscht', $del); + } + Message::addSuccess('Ihre persönlichen Daten wurden deprovisioniert'); + Util::redirect('?do=Main'); + } + } + + public function doRender() + { + if (User::isLocalOnly()) { + // Local anyways, no way to de-provision user data + Render::addTemplate('sharemode/testacc'); + } elseif (User::isShibbolethAuth()) { + // Shibboleth user + if (User::isAnonymous()) { + // Did not deploy user data to DB, so show deploy form + $data = User::getData(); + $data['organization'] = User::getOrganizationName(); + Render::addTemplate('sharemode/deploy', $data); + } else { + // User is known in DB, show delete form + Render::addTemplate('sharemode/remove'); + } + } + } + +} + diff --git a/templates/sharemode/deploy.html b/templates/sharemode/deploy.html new file mode 100644 index 0000000..23db87b --- /dev/null +++ b/templates/sharemode/deploy.html @@ -0,0 +1,45 @@ +
+ + +
+

+ Sie nehmen derzeit nicht am landesweiten VM-Austausch teil. +

+

+ Sofern Sie am landesweiten VM-Austausch teilnehmen wollen, werden Sie für andere Dozenten + über diese Daten auffindbar sein. Andernfalls werden diese Daten lediglich auf den + bwLehrpool-Satelliten-Server Ihrer eigenen Einrichtung übertragen. +

+
+
+ + Einrichtung + + {{organization}} +
+
+ + Vorname + + {{firstname}} +
+
+ + Nachname + + {{lastname}} +
+
+ + Mail + + {{email}} +
+
+ +
+ +
+ +
+
diff --git a/templates/sharemode/remove.html b/templates/sharemode/remove.html new file mode 100644 index 0000000..a007fc6 --- /dev/null +++ b/templates/sharemode/remove.html @@ -0,0 +1,27 @@ +
+ + +
+

+ Wenn Sie Ihre persönlichen Daten vom Zentral-Server entfernen, können + Sie nicht mehr am landesweiten VM-Austausch teilnehmen. Eventuell von + Ihnen freigegebene Virtuelle Maschinen werden auf dem Zentral-Server einem + generischen Benutzer überschrieben. Sollten Sie dem nicht zustimmen, setzen + Sie bitte den Haken bei alle von mir erstellen VMs löschen. Beachten + Sie jedoch, dass Ihre VMs bereits von anderen Hochschulen genutzt werden + könnten. In diesem Fall werden die dort vorhandenen lokalen Kopien + nicht gelöscht, um den Lehrbetrieb nicht zu stören. +

+ +
+ + + + +
+ +
+ +
+
+
diff --git a/templates/sharemode/testacc.html b/templates/sharemode/testacc.html new file mode 100644 index 0000000..666acbc --- /dev/null +++ b/templates/sharemode/testacc.html @@ -0,0 +1,5 @@ +

+ Sie benutzen einen bwLehrpool-Test-Account, Ihre persönlichen Daten sind daher + zwangsläufig auf dem Zentral-Server gespeichert. Zum Entfernen Ihrer persönlichen + Daten müssen Sie sich vollständig vom bwLehrpool-Service abmelden. +

-- cgit v1.2.3-55-g7522