From 93d1acd95d1bf99d3f428abdd85078d1bac7119f Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Thu, 10 Sep 2015 15:15:28 +0200 Subject: Adapt to master-server changes (Db scheme) --- inc/image.inc.php | 8 ++++---- inc/user.inc.php | 34 +++++++++++++++++++--------------- 2 files changed, 23 insertions(+), 19 deletions(-) (limited to 'inc') diff --git a/inc/image.inc.php b/inc/image.inc.php index 5b8f077..1bad04f 100644 --- a/inc/image.inc.php +++ b/inc/image.inc.php @@ -7,14 +7,14 @@ class Image { if ($userid === false || !is_numeric($userid)) return false; - return Database::exec('DELETE FROM image WHERE ownerid = :userid', array('userid' => $userid)); + //return Database::exec('DELETE FROM image WHERE ownerid = :userid', array('userid' => $userid)); + // TODO } public static function getImageCount($login) { - $ret = Database::queryFirst('SELECT Count(*) AS cnt FROM image ' - . ' INNER JOIN user ON (image.ownerid = user.userid) ' - . ' WHERE user.login = :login', array('login' => $login)); + $ret = Database::queryFirst('SELECT Count(*) AS cnt FROM imagebase ' + . ' WHERE imagebase.ownerid = :userid', array('userid' => $login)); if ($ret === false) return 0; return $ret['cnt']; diff --git a/inc/user.inc.php b/inc/user.inc.php index c09e936..28a1fd5 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -43,7 +43,7 @@ class User { if (!isset(self::$user['userid'])) return false; - return (int) self::$user['userid']; + return self::$user['userid']; } public static function getMail() @@ -152,10 +152,16 @@ class User return true; $hasSession = Session::load(); if (empty($_SERVER['persistent-id'])) { - if (Session::getUid() === false) + if (Session::getUid() === false) { + if (!empty($_SERVER['Shib-Session-ID'])) { + Message::addError('Sie haben sich erfolgreich mittels bwIDM authentifiziert,' + . ' aber der IdP Ihrer Einrichtung scheint die benötigten Metadaten nicht' + . ' an den bwLehrpool-SP zu übermitteln. Bitte wenden Sie sich an den Support.'); + } return false; + } // Try user from local DB - self::$user = Database::queryFirst('SELECT userid, shibid, login, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid())); + self::$user = Database::queryFirst('SELECT userid, shibid, organizationid AS organization, firstname, lastname, email FROM user WHERE userid = :uid LIMIT 1', array('uid' => Session::getUid())); self::$isInDb = self::$user !== false; return self::$isInDb; } @@ -174,9 +180,8 @@ class User $_SERVER['mail'] = ''; $shibId = md5($_SERVER['persistent-id']); self::$user = array( - 'userid' => 0, + 'userid' => NULL, 'shibid' => $shibId, - 'login' => NULL, 'firstname' => $_SERVER['givenName'], 'lastname' => $_SERVER['sn'], 'email' => $_SERVER['mail'], @@ -190,7 +195,7 @@ class User if (isset($_SERVER['affiliation']) && preg_match('/@([a-zA-Z\-\._]+)(;|$)/', $_SERVER['affiliation'], $out)) self::$user['organization'] = $out[1]; // Get matching db entry if any - $user = Database::queryFirst('SELECT userid, login, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId)); + $user = Database::queryFirst('SELECT userid, firstname, lastname, email, fixedname FROM user WHERE shibid = :shibid LIMIT 1', array('shibid' => $shibId)); if ($user === false) { // No match in database, user is not signed up return true; @@ -201,7 +206,6 @@ class User Session::save(); } // Already signed up, see if we can fetch missing fields from DB - self::$user['login'] = $user['login']; self::$isInDb = true; self::$isAnonymous = (empty($user['firstname']) && empty($user['lastname'])); foreach (array('firstname', 'lastname', 'email') as $key) { @@ -220,15 +224,15 @@ class User if (!empty($existingLogin)) { if ($anonymous) { $ret = Database::exec("UPDATE user SET shibid = :shibid, firstname = '', lastname = '', email = '', password = '' " - . " WHERE login = :login LIMIT 1", array( + . " WHERE userid = :userid LIMIT 1", array( 'shibid' => self::$user['shibid'], - 'login' => $existingLogin + 'userid' => $existingLogin )); } else { $ret = Database::exec("UPDATE user SET shibid = :shibid, password = '', firstname = :firstname, lastname = :lastname, email = :email " - . " WHERE login = :login LIMIT 1", array( + . " WHERE userid = :userid LIMIT 1", array( 'shibid' => self::$user['shibid'], - 'login' => $existingLogin, + 'userid' => $existingLogin, 'firstname' => self::$user['firstname'], 'lastname' => self::$user['lastname'], 'email' => self::$user['email'] @@ -239,14 +243,14 @@ class User // New account if ($anonymous) { - Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " + Database::exec("INSERT INTO user (shibid, userid, organizationid, firstname, lastname, email) " . " VALUES (:shibid, :shibid, :org, '', '', '') " . " ON DUPLICATE KEY UPDATE firstname = '', lastname = '', email = '', password = ''", array( 'shibid' => self::$user['shibid'], 'org' => self::getOrganizationId() )); } else { - Database::exec("INSERT INTO user (shibid, login, organizationid, firstname, lastname, email) " + Database::exec("INSERT INTO user (shibid, userid, organizationid, firstname, lastname, email) " . " VALUES (:shibid, :shibid, :org, :firstname, :lastname, :email) " . " ON DUPLICATE KEY UPDATE firstname = VALUES(firstname), lastname = VALUES(lastname), email = VALUES(email), password = ''", array( 'shibid' => self::$user['shibid'], @@ -284,7 +288,7 @@ class User public static function login($user, $pass) { - $ret = Database::queryFirst('SELECT userid, password FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); + $ret = Database::queryFirst('SELECT userid, password FROM user WHERE userid = :user LIMIT 1', array(':user' => $user)); if ($ret === false) return false; if (!Crypto::verify($pass, $ret['password'])) @@ -305,7 +309,7 @@ class User } Session::delete(); if (self::$isShib) { - Header('Location: ' . CONFIG_PREFIX . '?do=Logout&noredirect=yes'); + Header('Location: /Shibboleth.sso/Logout'); } else { Header('Location: ?do=Main'); } -- cgit v1.2.3-55-g7522