diff --git a/.gitignore b/.gitignore index 0d019fc..005a1ab 100644 --- a/.gitignore +++ b/.gitignore @@ -1,2 +1,3 @@ .vscode/ -config.php \ No newline at end of file +config.php +test.php \ No newline at end of file diff --git a/Session.class.php b/Session.class.php index 7b96477..790c401 100644 --- a/Session.class.php +++ b/Session.class.php @@ -3,8 +3,19 @@ session_start(); require_once("Database.class.php"); +require_once("constants.php"); class Session { + public static function get_admin_session() + { + return Database::escape_string($_SESSION[$GLOBALS["SESSION_ADMIN"]]); + } + + public static function get_visitor_session() + { + return Database::escape_string($_SESSION[$GLOBALS["SESSION_VISITOR"]]); + } + public static function generate_id() { return uniqid(uniqid("", true), true); @@ -13,33 +24,54 @@ class Session { public static function login($user_id) { $session_id = self::generate_id(); - $_SESSION["gastoadmin"] = $session_id; + $expiry = time() + $GLOBALS["SESSION_ADMIN_VALIDITY"]; + $query = "INSERT INTO `user_sessions` (`session_id`, `user_id`, `expiry`) VALUES ('$session_id', $user_id, $expiry);"; + Database::execute_query($query); + $_SESSION[$GLOBALS["SESSION_ADMIN"]] = $session_id; + return self::is_logged_in() == $user_id; } public static function logout() { - unset($_SESSION["gastroadmin"]); + $query = "DELETE FROM `admin_sessions` WHERE `session_id` = '" . self::get_admin_session() . "';"; + Database::execute_query($query); + unset($_SESSION[$GLOBALS["SESSION_ADMIN"]]); } public static function is_logged_in() { - $query = "SELECT `user_id` FROM `visitor_sessions` WHERE `session_id` = '" . $_SESSION["gastroadmin"] . "';"; - Database::execute_query($query) + $query = "SELECT `user_id` FROM `admin_sessions` WHERE `session_id` = '" . self::get_admin_session() . "';"; + $result = Database::execute_query($query); + if ($result->num_rows == 1) { + return $result->fetch_assoc()["user_id"]; + } + return false; } public static function remember_visitor($visitor_id) { $session_id = self::generate_id(); - $_SESSION["gastroguest"] = $session_id; + $expiry = time() + $GLOBALS["SESSION_VISITOR_VALIDITY"]; + $query = "INSERT INTO `visitor_sessions` (`session_id`, `user_id`, `expiry`) VALUES ('$session_id', $visitor_id, $expiry);"; + Database::execute_query($query); + $_SESSION[$GLOBALS["SESSION_VISITOR"]] = $session_id; + return self::get_visitor() == $visitor_id; } - public static function get_visitor($visitor_id) + public static function get_visitor() { - # TODO + $query = "SELECT `visitor_id` FROM `visitor_sessions` WHERE `session_id` = '" . self::get_visitor_session() . "';"; + $result = Database::execute_query($query); + if ($result->num_rows == 1) { + return $result->fetch_assoc()["visitor_id"]; + } + return false; } public static function forget_visitor($visitor_id) { - # TODO + $query = "DELETE FROM `visitor_sessions` WHERE `session_id` = '" . self::get_visitor_session() . "';"; + Database::execute_query($query); + unset($_SESSION[$GLOBALS["SESSION_VISITOR"]]); } } \ No newline at end of file diff --git a/Setting.class.php b/Setting.class.php index d4af3b5..fff3b8f 100644 --- a/Setting.class.php +++ b/Setting.class.php @@ -10,18 +10,21 @@ class Setting { $this->settingKey = Database::escape_string($setting_key); } - public function get($default="") + public function get($default="", $set=false) { $query = "SELECT `setting_value` FROM `settings` WHERE `setting_key` = '" . $this->settingKey . "';"; $result = Database::execute_query($query); if ($result->num_rows == 1) { - return $result->fetch_assoc()["setting_key"]; + return $result->fetch_assoc()["setting_value"]; } else { if (!empty($default)) { + if ($set) { + $this->set($default); + } return $default; } - return false; } + return false; } public function set($value) diff --git a/Template.class.php b/Template.class.php index 91899e6..0d0175a 100644 --- a/Template.class.php +++ b/Template.class.php @@ -222,7 +222,11 @@ class Template * @uses $template */ private function replaceLangVars($lang) { - $this->template = preg_replace("/\{L_(.*)\}/isUe", "\$lang[strtolower('\\1')]", $this->template); + $this->template = preg_replace_callback("/\{L_(.*)\}/isU", + function($matches) use ($lang) { + return $lang[strtolower($matches[1])]; + }, + $this->template); } /** diff --git a/User.class.php b/User.class.php new file mode 100644 index 0000000..4541ae9 --- /dev/null +++ b/User.class.php @@ -0,0 +1,61 @@ +user_id = $user_id; + } + + public function id() { + return $this->user_id; + } + + public static function authenticate($username, $password) + { + $escaped_username = Database::escape_string($username); + $query = "SELECT `password`, `user_id` FROM `users` WHERE username='$escaped_username';"; + $result = Database::execute_query($query); + + if ($result->num_rows == 1) + { + $user = $result->fetch_assoc(); + if (password_verify($password, $user["password"])) + { + return new self($user["user_id"]); + } + } + + return false; + } + + public static function register($username, $password, $admin=false) + { + $escaped_username = Database::escape_string($username); + $hashed_password = password_hash($password, PASSWORD_DEFAULT); + $admin_status = (int)$admin; + + if (!password_verify($password, $hashed_password)) + { + die("Something went wrong trying to hash the password..."); + } + + $query = "INSERT INTO `users` (`email`, `password`, `is_admin`) VALUES ('$escaped_username', '$hashed_password', $admin_status);"; + + if (!Database::execute_query($query)) { + return false; + } + + $id_query = "SELECT `user_id` FROM `users` WHERE `email` = '$escaped_username';"; + $id_result = Database::execute_query($id_query); + + if ($id_result->num_rows == 1) { + return new self($id_result->fetch_assoc()["user_id"]); + } + return false; + } +} \ No newline at end of file diff --git a/constants.php b/constants.php new file mode 100644 index 0000000..b8cdd52 --- /dev/null +++ b/constants.php @@ -0,0 +1,6 @@ + \ No newline at end of file diff --git a/language/de/main.php b/language/de/main.php new file mode 100644 index 0000000..e69de29 diff --git a/sql/schema.sql b/sql/schema.sql index 7387791..4fa4567 100644 --- a/sql/schema.sql +++ b/sql/schema.sql @@ -9,7 +9,6 @@ CREATE TABLE IF NOT EXISTS `users` ( `display_name` VARCHAR(255), `email` VARCHAR(255) NOT NULL UNIQUE, `password` VARCHAR(255) NOT NULL, - `salt` VARCHAR(255) NOT NULL, `is_admin` BOOLEAN, PRIMARY KEY (`user_id`) ); @@ -17,9 +16,9 @@ CREATE TABLE IF NOT EXISTS `users` ( CREATE TABLE IF NOT EXISTS `user_sessions` ( `session_id` VARCHAR(255) NOT NULL, `user_id` INT NOT NULL, - `expiry` DATETIME NOT NULL, + `expiry` INT NOT NULL, PRIMARY KEY (`session_id`), - FOREIGN KEY (`user_id`) REFERENCES `users`(`user_id`) + FOREIGN KEY (`user_id`) REFERENCES `users`(`user_id`) ON DELETE CASCADE ); CREATE TABLE IF NOT EXISTS `locations` ( @@ -34,17 +33,17 @@ CREATE TABLE IF NOT EXISTS `permissions` ( `location_id` INT NOT NULL, `is_owner` BOOLEAN, PRIMARY KEY (`user_id`, `location_id`), - FOREIGN KEY (`user_id`) REFERENCES `users`(`user_id`), - FOREIGN KEY (`location_id`) REFERENCES `locations`(`location_id`) + FOREIGN KEY (`user_id`) REFERENCES `users`(`user_id`) ON DELETE CASCADE, + FOREIGN KEY (`location_id`) REFERENCES `locations`(`location_id`) ON DELETE CASCADE ); CREATE TABLE IF NOT EXISTS `visits` ( `visit_id` VARCHAR(255) NOT NULL, `location_id` INT NOT NULL, - `arrival` DATETIME NOT NULL, - `departure` DATETIME NOT NULL, + `arrival` INT NOT NULL, + `departure` INT NOT NULL, PRIMARY KEY (`visit_id`), - FOREIGN KEY (`location_id`) REFERENCES `locations`(`location_id`) + FOREIGN KEY (`location_id`) REFERENCES `locations`(`location_id`) ON DELETE CASCADE ); CREATE TABLE IF NOT EXISTS `visitors` ( @@ -61,13 +60,13 @@ CREATE TABLE IF NOT EXISTS `visitors` ( `phone` VARCHAR(255), `email` VARCHAR(255), PRIMARY KEY (`visitor_id`), - FOREIGN KEY (`visit_id`) REFERENCES `visits`(`visit_id`) + FOREIGN KEY (`visit_id`) REFERENCES `visits`(`visit_id`) ON DELETE CASCADE ); CREATE TABLE IF NOT EXISTS `visitor_sessions` ( `session_id` VARCHAR(255) NOT NULL, `visitor_id` VARCHAR(255) NOT NULL, - `expiry` DATETIME, + `expiry` INT, PRIMARY KEY (`session_id`), - FOREIGN KEY (`visitor_id`) REFERENCES `visitors`(`visitor_id`) + FOREIGN KEY (`visitor_id`) REFERENCES `visitors`(`visitor_id`) ON DELETE CASCADE ); \ No newline at end of file diff --git a/views/index.php b/views/index.php deleted file mode 100644 index 2c0beb6..0000000 --- a/views/index.php +++ /dev/null @@ -1,27 +0,0 @@ -load("index.tpl"); - -// Die Sprachdatei laden -$langs[] = "de/lang_main.php"; -$lang = $tpl->loadLanguage($langs); - -// Platzhalter ersetzen -$title = new Setting("title"); -$tpl->assign( "website_title", $title->get("GastroData") ); -$tpl->assign( "time", date("H:i") ); - -// Zugriff auf eine Sprachvariable -$tpl->assign( "test", $lang['test'] ); - -// Und die Seite anzeigen -$tpl->display(); \ No newline at end of file