archives/FHeD
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 40 Activity

Compare commits

base: archives:v0.1.3
Branches Tags
archives:main archives:bug-117 archives:116
archives:v0.4.24 archives:v0.4.23 archives:v0.4.22 archives:v0.4.21 archives:v0.4.20 archives:v0.4.19 archives:v0.4.18 archives:v0.4.17 archives:v0.4.16 archives:v0.4.15 archives:v0.4.14 archives:v0.4.13 archives:v0.4.12 archives:v0.4.11 archives:v0.4.10 archives:v0.4.9 archives:v0.4.8 archives:v0.4.7 archives:v0.4.6 archives:v0.4.5 archives:v0.4.4 archives:v0.4.3 archives:v0.4.2 archives:v0.4.1 archives:v0.4.0 archives:v0.3.1 archives:v0.3.0 archives:v0.2.2 archives:v0.2.1 archives:v0.2.0 archives:v0.1.9 archives:v0.1.8 archives:v0.1.7 archives:v0.1.6 archives:v0.1.5 archives:v0.1.4 archives:v0.1.3 archives:v0.1.2 archives:v0.1.1 archives:v0.1.0
...
compare: archives:v0.1.7
Branches Tags
archives:main archives:bug-117 archives:116
archives:v0.4.24 archives:v0.4.23 archives:v0.4.22 archives:v0.4.21 archives:v0.4.20 archives:v0.4.19 archives:v0.4.18 archives:v0.4.17 archives:v0.4.16 archives:v0.4.15 archives:v0.4.14 archives:v0.4.13 archives:v0.4.12 archives:v0.4.11 archives:v0.4.10 archives:v0.4.9 archives:v0.4.8 archives:v0.4.7 archives:v0.4.6 archives:v0.4.5 archives:v0.4.4 archives:v0.4.3 archives:v0.4.2 archives:v0.4.1 archives:v0.4.0 archives:v0.3.1 archives:v0.3.0 archives:v0.2.2 archives:v0.2.1 archives:v0.2.0 archives:v0.1.9 archives:v0.1.8 archives:v0.1.7 archives:v0.1.6 archives:v0.1.5 archives:v0.1.4 archives:v0.1.3 archives:v0.1.2 archives:v0.1.1 archives:v0.1.0

4 Commits
v0.1.3 ... v0.1.7

Author SHA1 Message Date
Alexander Davis
49581da52c Broken login (#121) 
* Fixing Login Die

* Fix Broken Login 2
 2020-08-17 16:48:13 +01:00
Alexander Davis
57faf21a67 Fixing Login Die 2020-08-17 16:37:41 +01:00
Luke Tainton
5ff90e0d78 🐛 User not added to DB - force die() on error (#118) 
* 🐛 User not added to DB - force die() on error

Signed-off-by: Luke Tainton <luke@tainton.uk>

* Restyled by php-cs-fixer (#119)

Co-authored-by: Restyled.io <commits@restyled.io>

Co-authored-by: restyled-io[bot] <32688539+restyled-io[bot]@users.noreply.github.com>
Co-authored-by: Restyled.io <commits@restyled.io>
 2020-08-17 16:17:06 +01:00
Luke Tainton
7a4a1074c5 🔧 Push release version to Docker image (#114) 
* 🔧 Push release version to Docker image

Signed-off-by: Luke Tainton <luke@tainton.uk>

* Restyle 🔧 Push release version to Docker image (#115)

* Restyled by php-cs-fixer

* Restyled by whitespace

Co-authored-by: Restyled.io <commits@restyled.io>

Co-authored-by: restyled-io[bot] <32688539+restyled-io[bot]@users.noreply.github.com>
Co-authored-by: Restyled.io <commits@restyled.io>
 2020-08-17 12:03:32 +01:00
4 changed files with 191 additions and 155 deletions
Expand all files Collapse all files

2
Dockerfile
View File

@@ -4,6 +4,8 @@ RUN composer --working-dir=/srv install
FROM php:apache FROM php:apache
LABEL maintainer="Luke Tainton <luke@tainton.uk>" LABEL maintainer="Luke Tainton <luke@tainton.uk>"
ARG VERSION
RUN docker-php-ext-install pdo_mysql && a2enmod rewrite remoteip RUN docker-php-ext-install pdo_mysql && a2enmod rewrite remoteip
COPY vhost.conf /etc/apache2/sites-enabled/000-default.conf COPY vhost.conf /etc/apache2/sites-enabled/000-default.conf
COPY --from=build /srv /srv COPY --from=build /srv /srv
RUN echo $VERSION > /srv/includes/VERSION

264
app/includes/app_functions.php
View File

@@ -1,53 +1,81 @@
<?php <?php
function get_all_users($db) {
try { function get_version()
$stmt = "SELECT * FROM users"; {
$sql = $db->prepare($stmt); $version = "v" . file_get_contents(__DIR__ . '/VERSION');
$sql->execute(); return $version;
$sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $result;
} }
function get_user_name($db, $user_uuid) { function user_exists($db, $uuid)
try { {
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid"; try {
$sql = $db->prepare($stmt); $sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid");
$sql->bindParam(':uuid', $user_uuid); $sql->bindParam(':uuid', $uuid);
$sql->execute(); $sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC); } catch (PDOException $e) {
$result = $sql->fetchAll(); $alert = array("danger", "Error during check for user record: " . $e->getMessage());
$usr = $result[0]['given_name'] . " " . $result[0]['family_name']; }
} catch (PDOException $e) { if (empty($sql)) {
echo("Error: " . $e->getMessage()); return false;
} } else {
return $usr; return true;
}
} }
function get_my_open_requests($db) { function get_all_users($db)
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid AND status != 'Closed'"; {
$ticket_sql = $db->prepare($ticket_stmt); try {
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']); $stmt = "SELECT * FROM users";
$ticket_sql->execute(); $sql = $db->prepare($stmt);
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC); $sql->execute();
$ticket_result = $ticket_sql->fetchAll(); $sql->setFetchMode(PDO::FETCH_ASSOC);
return $ticket_result; $result = $sql->fetchAll();
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $result;
} }
function get_my_closed_requests($db) { function get_user_name($db, $user_uuid)
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid AND status = 'Closed'"; {
$ticket_sql = $db->prepare($ticket_stmt); try {
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']); $stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
$ticket_sql->execute(); $sql = $db->prepare($stmt);
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC); $sql->bindParam(':uuid', $user_uuid);
$ticket_result = $ticket_sql->fetchAll(); $sql->execute();
return $ticket_result; $sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll();
$usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
} catch (PDOException $e) {
echo("Error: " . $e->getMessage());
}
return $usr;
} }
function get_subscribed_requests($db) { function get_my_open_requests($db)
{
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid AND status != 'Closed'";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
return $ticket_result;
}
function get_my_closed_requests($db)
{
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid AND status = 'Closed'";
$ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
$ticket_sql->execute();
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$ticket_result = $ticket_sql->fetchAll();
return $ticket_result;
}
function get_subscribed_requests($db)
{
$requests = array(); $requests = array();
$sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid"; $sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
$sub_tickets_sql = $db->prepare($sub_tickets_stmt); $sub_tickets_sql = $db->prepare($sub_tickets_stmt);
@@ -56,96 +84,108 @@
$sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC); $sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
$sub_tickets_result = $sub_tickets_sql->fetchAll(); $sub_tickets_result = $sub_tickets_sql->fetchAll();
foreach ($sub_tickets_result as $tkt) { foreach ($sub_tickets_result as $tkt) {
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; $stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$sql = $db->prepare($stmt); $sql = $db->prepare($stmt);
$sql->bindParam(':uuid', $tkt['ticket_uuid']); $sql->bindParam(':uuid', $tkt['ticket_uuid']);
$sql->execute(); $sql->execute();
$sql->setFetchMode(PDO::FETCH_ASSOC); $sql->setFetchMode(PDO::FETCH_ASSOC);
$result = $sql->fetchAll(); $result = $sql->fetchAll();
array_push($requests, $result[0]); array_push($requests, $result[0]);
} }
return $requests; return $requests;
} }
function get_open_subscribed_requests($db) { function get_open_subscribed_requests($db)
$requests = array(); {
$all_subs = get_subscribed_requests($db); $requests = array();
foreach ($all_subs as $sub) { $all_subs = get_subscribed_requests($db);
if ($sub['status'] != 'Closed') { foreach ($all_subs as $sub) {
array_push($requests, $sub); if ($sub['status'] != 'Closed') {
array_push($requests, $sub);
}
} }
} return $requests;
return $requests;
} }
function get_closed_subscribed_requests($db) { function get_closed_subscribed_requests($db)
$requests = array(); {
$all_subs = get_subscribed_requests($db); $requests = array();
foreach ($all_subs as $sub) { $all_subs = get_subscribed_requests($db);
if ($sub['status'] == 'Closed') { foreach ($all_subs as $sub) {
array_push($requests, $sub); if ($sub['status'] == 'Closed') {
array_push($requests, $sub);
}
} }
} return $requests;
return $requests;
} }
function get_request($db, $uuid) { function get_request($db, $uuid)
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid"; {
$ticket_sql = $db->prepare($ticket_stmt); $ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
$ticket_sql->bindParam(':uuid', $uuid); $ticket_sql = $db->prepare($ticket_stmt);
$ticket_sql->execute(); $ticket_sql->bindParam(':uuid', $uuid);
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC); $ticket_sql->execute();
$ticket_result = $ticket_sql->fetchAll(); $ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
$request = $ticket_result[0]; $ticket_result = $ticket_sql->fetchAll();
return $request; $request = $ticket_result[0];
return $request;
} }
function get_updates($db, $request) { function get_updates($db, $request)
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid"; {
$updates_sql = $db->prepare($updates_stmt); $updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
$updates_sql->bindParam(':uuid', $request['uuid']); $updates_sql = $db->prepare($updates_stmt);
$updates_sql->execute(); $updates_sql->bindParam(':uuid', $request['uuid']);
$updates_sql->setFetchMode(PDO::FETCH_ASSOC); $updates_sql->execute();
$updates_result = $updates_sql->fetchAll(); $updates_sql->setFetchMode(PDO::FETCH_ASSOC);
return $updates_result; $updates_result = $updates_sql->fetchAll();
return $updates_result;
} }
function get_files($db, $request) { function get_files($db, $request)
$stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid"; {
$sql = $db->prepare($stmt); $stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid";
$sql->bindParam(':uuid', $request['uuid']); $sql = $db->prepare($stmt);
$sql->execute(); $sql->bindParam(':uuid', $request['uuid']);
$sql->setFetchMode(PDO::FETCH_ASSOC); $sql->execute();
$result = $sql->fetchAll(); $sql->setFetchMode(PDO::FETCH_ASSOC);
return $result; $result = $sql->fetchAll();
return $result;
} }
function get_single_file($db, $fileid) { function get_single_file($db, $fileid)
$stmt = "SELECT * FROM ticket_uploads WHERE id=:fileid"; {
$sql = $db->prepare($stmt); $stmt = "SELECT * FROM ticket_uploads WHERE id=:fileid";
$sql->bindParam(':fileid', $fileid); $sql = $db->prepare($stmt);
$sql->execute(); $sql->bindParam(':fileid', $fileid);
$sql->setFetchMode(PDO::FETCH_ASSOC); $sql->execute();
$result = $sql->fetchAll(); $sql->setFetchMode(PDO::FETCH_ASSOC);
$file = $result[0]; $result = $sql->fetchAll();
return $file; $file = $result[0];
return $file;
} }
function get_subscribers($db, $request) { function get_subscribers($db, $request)
$subs = array(); {
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid"; $subs = array();
$users_sql = $db->prepare($users_stmt); $users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
$users_sql->bindParam(':uuid', $request['uuid']); $users_sql = $db->prepare($users_stmt);
$users_sql->execute(); $users_sql->bindParam(':uuid', $request['uuid']);
$users_sql->setFetchMode(PDO::FETCH_ASSOC); $users_sql->execute();
$users_result = $users_sql->fetchAll(); $users_sql->setFetchMode(PDO::FETCH_ASSOC);
foreach ($users_result as $u) { $users_result = $users_sql->fetchAll();
array_push($subs, $u['user_uuid']); foreach ($users_result as $u) {
} array_push($subs, $u['user_uuid']);
return $subs; }
return $subs;
} }
function isAuthorised($user, $authorised_users, $request) { function isAuthorised($user, $authorised_users, $request)
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; } {
if (in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
return true;
} else {
return false;
}
} }

4
app/includes/footer.php
View File

@@ -1,9 +1,9 @@
<footer class="footer mt-auto py-3"> <footer class="footer mt-auto py-3">
<div class="text-center text-muted"> <div class="text-center text-muted">
<?php <?php
echo($_ENV['APP_NAME'] . " v" . $_ENV['APP_VERSION']); echo($_ENV['APP_NAME'] . " " . get_version() . ".<br>");
if ($_ENV['APP_NAME'] != "FHeD") { if ($_ENV['APP_NAME'] != "FHeD") {
echo(", powered by FHeD"); echo("Powered by FHeD.");
}; };
?><br> ?><br>
<?php if (is_signed_in()) { <?php if (is_signed_in()) {

76
app/public/actions/login.php
View File

@@ -4,9 +4,9 @@
// Perform the OIDC authentication // Perform the OIDC authentication
try { try {
$oidc->authenticate(); $oidc->authenticate();
$_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token; $_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token;
$oidc_user = array( $oidc_user = array(
'sub' => $oidc->requestUserInfo('sub'), 'sub' => $oidc->requestUserInfo('sub'),
'username' => $oidc->requestUserInfo('preferred_username'), 'username' => $oidc->requestUserInfo('preferred_username'),
'given_name' => $oidc->requestUserInfo('given_name'), 'given_name' => $oidc->requestUserInfo('given_name'),
@@ -14,46 +14,41 @@
'email' => $oidc->requestUserInfo('email'), 'email' => $oidc->requestUserInfo('email'),
); );
} catch (Jumbojett\OpenIDConnectClientException $e) { } catch (Jumbojett\OpenIDConnectClientException $e) {
$alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage()); $alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage());
} }
// Check if the user already exists if (user_exists($db, $oidc_user['sub']) == false) {
try { // User doesn't already exist
$user_exist_sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid"); try {
$user_exist_sql->bindParam(':uuid', $oidc_user['sub']); $stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)";
$user_exist_sql->execute(); $sql = $db->prepare($stmt);
} catch (PDOException $e) { $sql->bindParam(':sub', $oidc_user['sub']);
$alert = array("danger", "Error during check for user record: " . $e->getMessage()); $sql->bindParam(':username', $oidc_user['username']);
} $sql->bindParam(':given', $oidc_user['given_name']);
$sql->bindParam(':family', $oidc_user['family_name']);
if (empty($user_exist_sql)) { $sql->bindParam(':email', $oidc_user['email']);
// User doesn't already exist $sql->execute();
try { } catch (PDOException $e) {
$stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)"; echo("Error during creation of new user record: " . $e->getMessage());
$sql = $db->prepare($stmt); die();
$sql->bindParam(':sub', $oidc_user['sub']); $alert = array("danger", "Error during creation of new user record: " . $e->getMessage());
$sql->bindParam(':username', $oidc_user['username']); }
$sql->bindParam(':given', $oidc_user['given_name']);
$sql->bindParam(':family', $oidc_user['family_name']);
$sql->bindParam(':email', $oidc_user['email']);
$sql->execute();
} catch (Jumbojett\PDOException $e) {
$alert = array("danger", "Error during creation of new user record: " . $e->getMessage());
}
} else { } else {
// User already exists // User already exists
try { try {
$stmt = "UPDATE users SET uid=:username, given_name=:given, family_name=:family, email=:email WHERE uuid=:sub"; $stmt = "UPDATE users SET uid=:username, given_name=:given, family_name=:family, email=:email WHERE uuid=:sub";
$sql = $db->prepare($stmt); $sql = $db->prepare($stmt);
$sql->bindParam(':sub', $oidc_user['sub']); $sql->bindParam(':sub', $oidc_user['sub']);
$sql->bindParam(':username', $oidc_user['username']); $sql->bindParam(':username', $oidc_user['username']);
$sql->bindParam(':given', $oidc_user['given_name']); $sql->bindParam(':given', $oidc_user['given_name']);
$sql->bindParam(':family', $oidc_user['family_name']); $sql->bindParam(':family', $oidc_user['family_name']);
$sql->bindParam(':email', $oidc_user['email']); $sql->bindParam(':email', $oidc_user['email']);
$sql->execute(); $sql->execute();
} catch (Jumbojett\PDOException $e) { } catch (PDOException $e) {
$alert = array("danger", "Error during existing user record update: " . $e->getMessage()); echo("Error during existing user record update: " . $e->getMessage());
} die();
$alert = array("danger", "Error during existing user record update: " . $e->getMessage());
}
} }
oidc_set_vars($oidc_user['sub'], $oidc_user['username'], $oidc_user['given_name'], $oidc_user['family_name'], $oidc_user['email']); oidc_set_vars($oidc_user['sub'], $oidc_user['username'], $oidc_user['given_name'], $oidc_user['family_name'], $oidc_user['email']);
@@ -62,4 +57,3 @@
$_SESSION['is_signed_in'] = "true"; $_SESSION['is_signed_in'] = "true";
header('Location: /'); header('Location: /');
?>