From 160880836462e277c77427e71a2ba97a2ad17184 Mon Sep 17 00:00:00 2001 From: Simon Rettberg Date: Mon, 28 Oct 2013 18:29:29 +0100 Subject: DB-Support, add user functionality --- inc/db.inc.php | 54 +++++++++++++++++++++++++++++++++++++++++++++++++++++ inc/message.inc.php | 15 +++++++++++++-- inc/session.inc.php | 6 ++++-- inc/user.inc.php | 25 ++++++++++++++----------- 4 files changed, 85 insertions(+), 15 deletions(-) create mode 100644 inc/db.inc.php (limited to 'inc') diff --git a/inc/db.inc.php b/inc/db.inc.php new file mode 100644 index 00000000..09341a07 --- /dev/null +++ b/inc/db.inc.php @@ -0,0 +1,54 @@ + "SET NAMES utf8")); + } catch (PDOException $e) { + Util::traceError('Connecting to the local database failed: ' . $e->getMessage()); + } + } + + public static function queryFirst($query, $args = array()) + { + $res = self::simpleQuery($query, $args); + if ($res === false) return false; + return $res->fetch(PDO::FETCH_ASSOC); + } + + public static function exec($query, $args = array()) + { + $res = self::simpleQuery($query, $args); + if ($res === false) return false; + return $res->rowCount(); + } + + public static function simpleQuery($query, $args = array()) + { + self::init(); + //if (empty($args)) Util::traceError('Query with zero arguments!'); + if (!isset(self::$statements[$query])) { + self::$statements[$query] = self::$dbh->prepare($query); + } else { + self::$statements[$query]->closeCursor(); + } + if (self::$statements[$query]->execute($args) === false) { + Util::traceError("Database Error: \n" . implode("\n", self::$statements[$query]->errorInfo())); + } + return self::$statements[$query]; + } + + public static function prepare($query) + { + self:init(); + return self::$dbh->prepare($query); + } + +} + diff --git a/inc/message.inc.php b/inc/message.inc.php index 238ed939..b24bf2a1 100644 --- a/inc/message.inc.php +++ b/inc/message.inc.php @@ -2,13 +2,18 @@ // TODO: Move to extra file $error_text = array( - 'loginfail' => 'Benutzername oder Kennwort falsch', - 'token' => 'Ungültiges Token. CSRF Angriff?', + 'loginfail' => 'Benutzername oder Kennwort falsch', + 'token' => 'Ungültiges Token. CSRF Angriff?', + 'adduser-disabled' => 'Keine ausreichenden Rechte, um weitere Benutzer hinzuzufügen', + 'password-mismatch' => 'Passwort und Passwortbestätigung stimmen nicht überein', + 'empty-field' => 'Ein benötigtes Feld wurde nicht ausgefüllt', + 'adduser-success' => 'Benutzer erfolgreich hinzugefügt', ); class Message { private static $list = array(); + private static $flushed = false; public static function addError($id) { @@ -16,6 +21,7 @@ class Message 'type' => 'error', 'id' => $id ); + if (self::$flushed) self::renderList(); } public static function addWarning($id) @@ -24,6 +30,7 @@ class Message 'type' => 'warning', 'id' => $id ); + if (self::$flushed) self::renderList(); } public static function addInfo($id) @@ -32,6 +39,7 @@ class Message 'type' => 'info', 'id' => $id ); + if (self::$flushed) self::renderList(); } public static function addSuccess($id) @@ -40,6 +48,7 @@ class Message 'type' => 'success', 'id' => $id ); + if (self::$flushed) self::renderList(); } public static function renderList() @@ -48,6 +57,8 @@ class Message foreach (self::$list as $item) { Render::addTemplate('messagebox-' . $item['type'], array('message' => $error_text[$item['id']])); } + self::$list = array(); + self::$flushed = true; } } diff --git a/inc/session.inc.php b/inc/session.inc.php index 4b4d4139..402e6cd9 100644 --- a/inc/session.inc.php +++ b/inc/session.inc.php @@ -19,19 +19,21 @@ class Session . $_SERVER['REMOTE_ADDR'] . mt_rand(0, 65535) . $_SERVER['REMOTE_PORT'] + . mt_rand(0, 65535) . $_SERVER['HTTP_USER_AGENT'] + . mt_rand(0, 65535) . microtime(true) . mt_rand(0, 65535) ); } - public static function createSession() + public static function create() { self::generateSessionId(); self::$data = array(); } - public static function loadSession() + public static function load() { // Try to load session id from cookie if (!self::loadSessionId()) return false; diff --git a/inc/user.inc.php b/inc/user.inc.php index f10a4f65..b988bbeb 100644 --- a/inc/user.inc.php +++ b/inc/user.inc.php @@ -14,13 +14,16 @@ class User public static function getName() { if (self::$user === false) return false; - return self::$user['name']; + return self::$user['fullname']; } public static function load() { - if (Session::loadSession()) { - self::$user['name'] = 'Hans'; + if (Session::load()) { + $uid = Session::get('uid'); + if ($uid === false || $uid < 1) self::logout(); + self::$user = Database::queryFirst('SELECT * FROM user WHERE userid = :uid LIMIT 1', array(':uid' => $uid)); + if (self::$user === false) self::logout(); return true; } return false; @@ -28,14 +31,14 @@ class User public static function login($user, $pass) { - if ($user == 'test' && $pass == 'test') { - Session::createSession();; - Session::set('uid', 1); - Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT'])); - Session::save(); - return true; - } - return false; + $ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user)); + if ($ret === false) return false; + if (crypt($pass, $ret['passwd']) !== $ret['passwd']) return false; + Session::create(); + Session::set('uid', $ret['userid']); + Session::set('token', md5(rand() . time() . rand() . $_SERVER['REMOTE_ADDR'] . rand() . $_SERVER['REMOTE_PORT'] . rand() . $_SERVER['HTTP_USER_AGENT'])); + Session::save(); + return true; } public static function logout() -- cgit v1.2.3-55-g7522