Compare commits
6 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| a4ae987f94 | |||
|
26c4f801d3 | ||
|
|
49581da52c | ||
| 57faf21a67 | |||
| 5ff90e0d78 | |||
| 7a4a1074c5 |
@@ -4,6 +4,8 @@ RUN composer --working-dir=/srv install
|
||||
|
||||
FROM php:apache
|
||||
LABEL maintainer="Luke Tainton <luke@tainton.uk>"
|
||||
ARG VERSION
|
||||
RUN docker-php-ext-install pdo_mysql && a2enmod rewrite remoteip
|
||||
COPY vhost.conf /etc/apache2/sites-enabled/000-default.conf
|
||||
COPY --from=build /srv /srv
|
||||
RUN echo $VERSION > /srv/includes/VERSION
|
||||
|
||||
@@ -1,53 +1,84 @@
|
||||
<?php
|
||||
function get_all_users($db) {
|
||||
try {
|
||||
$stmt = "SELECT * FROM users";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
} catch (PDOException $e) {
|
||||
echo("Error: " . $e->getMessage());
|
||||
}
|
||||
return $result;
|
||||
|
||||
function get_version()
|
||||
{
|
||||
$version = "v" . file_get_contents(__DIR__ . '/VERSION');
|
||||
return $version;
|
||||
}
|
||||
|
||||
function get_user_name($db, $user_uuid) {
|
||||
try {
|
||||
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':uuid', $user_uuid);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
$usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
|
||||
} catch (PDOException $e) {
|
||||
echo("Error: " . $e->getMessage());
|
||||
}
|
||||
return $usr;
|
||||
function user_exists($db, $uuid)
|
||||
{
|
||||
try {
|
||||
$sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid");
|
||||
$sql->bindParam(':uuid', $uuid);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
} catch (PDOException $e) {
|
||||
$alert = array("danger", "Error during check for user record: " . $e->getMessage());
|
||||
die();
|
||||
}
|
||||
if (empty($result)) {
|
||||
return false;
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
function get_my_open_requests($db) {
|
||||
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid AND status != 'Closed'";
|
||||
$ticket_sql = $db->prepare($ticket_stmt);
|
||||
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
|
||||
$ticket_sql->execute();
|
||||
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$ticket_result = $ticket_sql->fetchAll();
|
||||
return $ticket_result;
|
||||
function get_all_users($db)
|
||||
{
|
||||
try {
|
||||
$stmt = "SELECT * FROM users";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
} catch (PDOException $e) {
|
||||
echo("Error: " . $e->getMessage());
|
||||
}
|
||||
return $result;
|
||||
}
|
||||
|
||||
function get_my_closed_requests($db) {
|
||||
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid AND status = 'Closed'";
|
||||
$ticket_sql = $db->prepare($ticket_stmt);
|
||||
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
|
||||
$ticket_sql->execute();
|
||||
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$ticket_result = $ticket_sql->fetchAll();
|
||||
return $ticket_result;
|
||||
function get_user_name($db, $user_uuid)
|
||||
{
|
||||
try {
|
||||
$stmt = "SELECT given_name, family_name FROM users WHERE uuid=:uuid";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':uuid', $user_uuid);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
$usr = $result[0]['given_name'] . " " . $result[0]['family_name'];
|
||||
} catch (PDOException $e) {
|
||||
echo("Error: " . $e->getMessage());
|
||||
}
|
||||
return $usr;
|
||||
}
|
||||
|
||||
function get_subscribed_requests($db) {
|
||||
function get_my_open_requests($db)
|
||||
{
|
||||
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid AND status != 'Closed'";
|
||||
$ticket_sql = $db->prepare($ticket_stmt);
|
||||
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
|
||||
$ticket_sql->execute();
|
||||
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$ticket_result = $ticket_sql->fetchAll();
|
||||
return $ticket_result;
|
||||
}
|
||||
|
||||
function get_my_closed_requests($db)
|
||||
{
|
||||
$ticket_stmt = "SELECT * FROM tickets WHERE created_by=:uuid AND status = 'Closed'";
|
||||
$ticket_sql = $db->prepare($ticket_stmt);
|
||||
$ticket_sql->bindParam(':uuid', $_SESSION['uuid']);
|
||||
$ticket_sql->execute();
|
||||
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$ticket_result = $ticket_sql->fetchAll();
|
||||
return $ticket_result;
|
||||
}
|
||||
|
||||
function get_subscribed_requests($db)
|
||||
{
|
||||
$requests = array();
|
||||
$sub_tickets_stmt = "SELECT ticket_uuid FROM ticket_subscribers WHERE user_uuid=:uuid";
|
||||
$sub_tickets_sql = $db->prepare($sub_tickets_stmt);
|
||||
@@ -56,96 +87,108 @@
|
||||
$sub_tickets_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$sub_tickets_result = $sub_tickets_sql->fetchAll();
|
||||
foreach ($sub_tickets_result as $tkt) {
|
||||
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':uuid', $tkt['ticket_uuid']);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
array_push($requests, $result[0]);
|
||||
$stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':uuid', $tkt['ticket_uuid']);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
array_push($requests, $result[0]);
|
||||
}
|
||||
return $requests;
|
||||
}
|
||||
|
||||
function get_open_subscribed_requests($db) {
|
||||
$requests = array();
|
||||
$all_subs = get_subscribed_requests($db);
|
||||
foreach ($all_subs as $sub) {
|
||||
if ($sub['status'] != 'Closed') {
|
||||
array_push($requests, $sub);
|
||||
function get_open_subscribed_requests($db)
|
||||
{
|
||||
$requests = array();
|
||||
$all_subs = get_subscribed_requests($db);
|
||||
foreach ($all_subs as $sub) {
|
||||
if ($sub['status'] != 'Closed') {
|
||||
array_push($requests, $sub);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $requests;
|
||||
return $requests;
|
||||
}
|
||||
|
||||
function get_closed_subscribed_requests($db) {
|
||||
$requests = array();
|
||||
$all_subs = get_subscribed_requests($db);
|
||||
foreach ($all_subs as $sub) {
|
||||
if ($sub['status'] == 'Closed') {
|
||||
array_push($requests, $sub);
|
||||
function get_closed_subscribed_requests($db)
|
||||
{
|
||||
$requests = array();
|
||||
$all_subs = get_subscribed_requests($db);
|
||||
foreach ($all_subs as $sub) {
|
||||
if ($sub['status'] == 'Closed') {
|
||||
array_push($requests, $sub);
|
||||
}
|
||||
}
|
||||
}
|
||||
return $requests;
|
||||
return $requests;
|
||||
}
|
||||
|
||||
function get_request($db, $uuid) {
|
||||
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
|
||||
$ticket_sql = $db->prepare($ticket_stmt);
|
||||
$ticket_sql->bindParam(':uuid', $uuid);
|
||||
$ticket_sql->execute();
|
||||
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$ticket_result = $ticket_sql->fetchAll();
|
||||
$request = $ticket_result[0];
|
||||
return $request;
|
||||
function get_request($db, $uuid)
|
||||
{
|
||||
$ticket_stmt = "SELECT * FROM tickets WHERE uuid=:uuid";
|
||||
$ticket_sql = $db->prepare($ticket_stmt);
|
||||
$ticket_sql->bindParam(':uuid', $uuid);
|
||||
$ticket_sql->execute();
|
||||
$ticket_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$ticket_result = $ticket_sql->fetchAll();
|
||||
$request = $ticket_result[0];
|
||||
return $request;
|
||||
}
|
||||
|
||||
|
||||
function get_updates($db, $request) {
|
||||
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
|
||||
$updates_sql = $db->prepare($updates_stmt);
|
||||
$updates_sql->bindParam(':uuid', $request['uuid']);
|
||||
$updates_sql->execute();
|
||||
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$updates_result = $updates_sql->fetchAll();
|
||||
return $updates_result;
|
||||
function get_updates($db, $request)
|
||||
{
|
||||
$updates_stmt = "SELECT * FROM ticket_updates WHERE ticket=:uuid";
|
||||
$updates_sql = $db->prepare($updates_stmt);
|
||||
$updates_sql->bindParam(':uuid', $request['uuid']);
|
||||
$updates_sql->execute();
|
||||
$updates_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$updates_result = $updates_sql->fetchAll();
|
||||
return $updates_result;
|
||||
}
|
||||
|
||||
function get_files($db, $request) {
|
||||
$stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':uuid', $request['uuid']);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
return $result;
|
||||
function get_files($db, $request)
|
||||
{
|
||||
$stmt = "SELECT * FROM ticket_uploads WHERE ticket=:uuid";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':uuid', $request['uuid']);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
return $result;
|
||||
}
|
||||
|
||||
function get_single_file($db, $fileid) {
|
||||
$stmt = "SELECT * FROM ticket_uploads WHERE id=:fileid";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':fileid', $fileid);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
$file = $result[0];
|
||||
return $file;
|
||||
function get_single_file($db, $fileid)
|
||||
{
|
||||
$stmt = "SELECT * FROM ticket_uploads WHERE id=:fileid";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':fileid', $fileid);
|
||||
$sql->execute();
|
||||
$sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$result = $sql->fetchAll();
|
||||
$file = $result[0];
|
||||
return $file;
|
||||
}
|
||||
|
||||
function get_subscribers($db, $request) {
|
||||
$subs = array();
|
||||
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
|
||||
$users_sql = $db->prepare($users_stmt);
|
||||
$users_sql->bindParam(':uuid', $request['uuid']);
|
||||
$users_sql->execute();
|
||||
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$users_result = $users_sql->fetchAll();
|
||||
foreach ($users_result as $u) {
|
||||
array_push($subs, $u['user_uuid']);
|
||||
}
|
||||
return $subs;
|
||||
function get_subscribers($db, $request)
|
||||
{
|
||||
$subs = array();
|
||||
$users_stmt = "SELECT user_uuid FROM ticket_subscribers WHERE ticket_uuid=:uuid";
|
||||
$users_sql = $db->prepare($users_stmt);
|
||||
$users_sql->bindParam(':uuid', $request['uuid']);
|
||||
$users_sql->execute();
|
||||
$users_sql->setFetchMode(PDO::FETCH_ASSOC);
|
||||
$users_result = $users_sql->fetchAll();
|
||||
foreach ($users_result as $u) {
|
||||
array_push($subs, $u['user_uuid']);
|
||||
}
|
||||
return $subs;
|
||||
}
|
||||
|
||||
function isAuthorised($user, $authorised_users, $request) {
|
||||
if ( in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) { return true; } else { return false; }
|
||||
function isAuthorised($user, $authorised_users, $request)
|
||||
{
|
||||
if (in_array($user, $authorised_users) || $_SESSION['uuid'] == $request['created_by']) {
|
||||
return true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,9 +1,9 @@
|
||||
<footer class="footer mt-auto py-3">
|
||||
<div class="text-center text-muted">
|
||||
<?php
|
||||
echo($_ENV['APP_NAME'] . " v" . $_ENV['APP_VERSION']);
|
||||
echo($_ENV['APP_NAME'] . " " . get_version());
|
||||
if ($_ENV['APP_NAME'] != "FHeD") {
|
||||
echo(", powered by FHeD");
|
||||
echo("| Powered by FHeD");
|
||||
};
|
||||
?><br>
|
||||
<?php if (is_signed_in()) {
|
||||
|
||||
@@ -4,9 +4,9 @@
|
||||
|
||||
// Perform the OIDC authentication
|
||||
try {
|
||||
$oidc->authenticate();
|
||||
$_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token;
|
||||
$oidc_user = array(
|
||||
$oidc->authenticate();
|
||||
$_SESSION['access_token'] = $oidc->requestClientCredentialsToken()->access_token;
|
||||
$oidc_user = array(
|
||||
'sub' => $oidc->requestUserInfo('sub'),
|
||||
'username' => $oidc->requestUserInfo('preferred_username'),
|
||||
'given_name' => $oidc->requestUserInfo('given_name'),
|
||||
@@ -14,46 +14,41 @@
|
||||
'email' => $oidc->requestUserInfo('email'),
|
||||
);
|
||||
} catch (Jumbojett\OpenIDConnectClientException $e) {
|
||||
$alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage());
|
||||
$alert = array("danger", "Error during OpenID Connect authentication: " . $e->getMessage());
|
||||
}
|
||||
|
||||
// Check if the user already exists
|
||||
try {
|
||||
$user_exist_sql = $db->prepare("SELECT uuid FROM users WHERE uuid=:uuid");
|
||||
$user_exist_sql->bindParam(':uuid', $oidc_user['sub']);
|
||||
$user_exist_sql->execute();
|
||||
} catch (PDOException $e) {
|
||||
$alert = array("danger", "Error during check for user record: " . $e->getMessage());
|
||||
}
|
||||
|
||||
if (empty($user_exist_sql)) {
|
||||
// User doesn't already exist
|
||||
try {
|
||||
$stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':sub', $oidc_user['sub']);
|
||||
$sql->bindParam(':username', $oidc_user['username']);
|
||||
$sql->bindParam(':given', $oidc_user['given_name']);
|
||||
$sql->bindParam(':family', $oidc_user['family_name']);
|
||||
$sql->bindParam(':email', $oidc_user['email']);
|
||||
$sql->execute();
|
||||
} catch (Jumbojett\PDOException $e) {
|
||||
$alert = array("danger", "Error during creation of new user record: " . $e->getMessage());
|
||||
}
|
||||
if (user_exists($db, $oidc_user['sub']) == false) {
|
||||
// User doesn't already exist
|
||||
try {
|
||||
$stmt = "INSERT INTO users (uuid, uid, given_name, family_name, email) VALUES (:sub, :username, :given, :family, :email)";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':sub', $oidc_user['sub']);
|
||||
$sql->bindParam(':username', $oidc_user['username']);
|
||||
$sql->bindParam(':given', $oidc_user['given_name']);
|
||||
$sql->bindParam(':family', $oidc_user['family_name']);
|
||||
$sql->bindParam(':email', $oidc_user['email']);
|
||||
$sql->execute();
|
||||
} catch (PDOException $e) {
|
||||
echo("Error during creation of new user record: " . $e->getMessage());
|
||||
die();
|
||||
$alert = array("danger", "Error during creation of new user record: " . $e->getMessage());
|
||||
}
|
||||
} else {
|
||||
// User already exists
|
||||
try {
|
||||
$stmt = "UPDATE users SET uid=:username, given_name=:given, family_name=:family, email=:email WHERE uuid=:sub";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':sub', $oidc_user['sub']);
|
||||
$sql->bindParam(':username', $oidc_user['username']);
|
||||
$sql->bindParam(':given', $oidc_user['given_name']);
|
||||
$sql->bindParam(':family', $oidc_user['family_name']);
|
||||
$sql->bindParam(':email', $oidc_user['email']);
|
||||
$sql->execute();
|
||||
} catch (Jumbojett\PDOException $e) {
|
||||
$alert = array("danger", "Error during existing user record update: " . $e->getMessage());
|
||||
}
|
||||
// User already exists
|
||||
try {
|
||||
$stmt = "UPDATE users SET uid=:username, given_name=:given, family_name=:family, email=:email WHERE uuid=:sub";
|
||||
$sql = $db->prepare($stmt);
|
||||
$sql->bindParam(':sub', $oidc_user['sub']);
|
||||
$sql->bindParam(':username', $oidc_user['username']);
|
||||
$sql->bindParam(':given', $oidc_user['given_name']);
|
||||
$sql->bindParam(':family', $oidc_user['family_name']);
|
||||
$sql->bindParam(':email', $oidc_user['email']);
|
||||
$sql->execute();
|
||||
} catch (PDOException $e) {
|
||||
echo("Error during existing user record update: " . $e->getMessage());
|
||||
die();
|
||||
$alert = array("danger", "Error during existing user record update: " . $e->getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
oidc_set_vars($oidc_user['sub'], $oidc_user['username'], $oidc_user['given_name'], $oidc_user['family_name'], $oidc_user['email']);
|
||||
@@ -62,4 +57,3 @@
|
||||
$_SESSION['is_signed_in'] = "true";
|
||||
|
||||
header('Location: /');
|
||||
?>
|
||||
|
||||
Reference in New Issue
Block a user