コード例 #1
0
ファイル: usermodel.php プロジェクト: szingg/Quizzenger-2
 public function processChangepassword($password)
 {
     if (!isset($GLOBALS['loggedin']) || !$GLOBALS['loggedin']) {
         // only logged in users
         NavigationUtility::redirect();
     }
     if (!is_null($password)) {
         $password = hash('sha512', $password);
         $changepasswordResult = $this->changePassword($password, $this->mysqli);
         if ($changepasswordResult) {
             $this->logger->log("User changed password sucessfully ", Logger::INFO);
             MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_passwordchange_success');
             NavigationUtility::redirect();
         } else {
             $this->logger->log("Something went wrong when user tried to change password ", Logger::WARNING);
             MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed');
             NavigationUtility::redirectToErrorPage();
         }
     }
 }
コード例 #2
0
ファイル: quizstart.php プロジェクト: szingg/Quizzenger-2
<script language="JavaScript"><!--
javascript:window.history.forward(1);
//--></script>
<div class="jumbotron">
	<?php 
use quizzenger\utilities\NavigationUtility;
if (is_null($this->_['quizinfo']['quizid'])) {
    NavigationUtility::redirect();
}
?>
	<h1>Willkommen bei Quizzenger</h1>
	<p>
		Du wurdest eingeladen am Quiz "<?php 
echo htmlspecialchars($this->_['quizinfo']['quizname']);
?>
" teilzunehmen.
	</p>
  	<p>
  		<a href="<?php 
echo $this->_['quizinfo']['firstUrl'];
?>
" class="btn btn-primary btn-lg" role="button">
	  		Quiz starten!
		</a>
	</p>
</div>
コード例 #3
0
ファイル: sqlhelper.php プロジェクト: szingg/Quizzenger-2
 public function query($query, $rowCheck = false)
 {
     $queryResult = $this->mysqli->query($query);
     if (!$queryResult || $rowCheck && $queryResult->num_rows == 0) {
         $callers = debug_backtrace();
         $firstCallerInfo = $callers[1]['class'] . "/" . $callers[1]['function'] . " on line " . $callers[1]['line'];
         if ($this->mysqli->error == "") {
             $error = "Query didn't return any results";
         } else {
             $error = $this->mysqli->error;
         }
         $this->logger->log($this->getCaller(2) . " failed to get result. SQL Error: " . $error, Logger::ERROR);
         MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed');
         NavigationUtility::redirectToErrorPage();
     }
     return $queryResult;
 }
コード例 #4
0
ファイル: questionmodel.php プロジェクト: szingg/Quizzenger-2
 public function opQuestionWithAnswers($operation, $chosenCategory)
 {
     $answerModel = ModelCollection::answerModel();
     $categoryModel = ModelCollection::categoryModel();
     $tagModel = ModelCollection::tagModel();
     PermissionUtility::checkLogin();
     $this->checkForMissingParametersOpQwA($chosenCategory, $operation, $categoryModel);
     if (FORCE_RECAPTCHA_FOR_NEW_QUESTIONS) {
         $this->checkRecaptcha();
     }
     if ($_POST['opquestion_form_questionType'] == SINGLECHOICE_TYPE) {
         $type = $_POST['opquestion_form_questionType'];
         if ($operation == "new") {
             $questionID = $this->newQuestion($type, $_POST['opquestion_form_questionText'], $_SESSION['user_id'], $chosenCategory, $_POST['opquestion_form_attachment'], $_POST['opquestion_form_attachmentLocal']);
             //moveTempFile
             if ($_POST['opquestion_form_attachmentLocal'] == '1') {
                 $success = $this->moveTempFile($_POST['opquestion_form_attachmentTempFileName'], $questionID . '.' . $_POST['opquestion_form_attachment']);
                 if ($success == false) {
                     $this->logger->log("Attachment could not be moved", Logger::WARNING);
                 }
             }
             //remove all files in temp dir
             $this->removeAllFilesInTempDir();
             //insert all Answers to Db
             for ($i = 1; $i <= SINGLECHOICE_ANSWER_COUNT; $i++) {
                 if ($_POST['opquestion_form_correctness'] == $i) {
                     $correctnessOfAnswer = 100;
                 } else {
                     $correctnessOfAnswer = 0;
                 }
                 $answerModel->newAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $questionID);
             }
         } elseif ($operation == "edit") {
             $questionID = $_POST['opquestion_form_question_id'];
             $result = $this->editQuestion($type, $_POST['opquestion_form_questionText'], $_SESSION['user_id'], $_POST['opquestion_form_question_id'], $_POST['opquestion_form_attachment'], $_POST['opquestion_form_attachmentLocal']);
             //moveTempFile
             if ($_POST['opquestion_form_attachmentLocal'] == '1' && $_POST['opquestion_form_attachmentTempFileName'] != $_POST['opquestion_form_attachmentOld']) {
                 $this->removeAttachment($questionID . '.' . $_POST['opquestion_form_attachmentOld']);
                 $success = $this->moveTempFile($_POST['opquestion_form_attachmentTempFileName'], $questionID . '.' . $_POST['opquestion_form_attachment']);
                 if ($success == false) {
                     $this->logger->log("Attachment could not be moved", Logger::WARNING);
                 }
             }
             //remove all files in temp dir
             $this->removeAllFilesInTempDir();
             //edit answers
             $answers = $answerModel->getAnswersByQuestionID($_POST['opquestion_form_question_id']);
             $i = 0;
             foreach ($answers as $answer) {
                 $i = $i + 1;
                 if ($_POST['opquestion_form_correctness'] == $i) {
                     $correctnessOfAnswer = 100;
                 } else {
                     $correctnessOfAnswer = 0;
                 }
                 if ($operation == "edit") {
                     $answerModel->editAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $answer['id']);
                 } else {
                     $answerModel->newAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $questionID);
                 }
             }
         }
         if ($operation == "edit") {
             $tagModel->removeAllTagsOfQuestionById($_POST['opquestion_form_question_id']);
             // delete all and readd below. otherwise its way too complicated and not really faster
         }
         $this->handleNewTagCreation($questionID, $operation, $tagModel);
         if ($operation == "new") {
             return $questionID;
         }
         return;
     }
     $this->logger->log("Invalid questionType used in questionmodel", Logger::WARNING);
     MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed');
     NavigationUtility::redirectToErrorPage();
 }
コード例 #5
0
 public function processRegistration($username, $email, $password)
 {
     $error_msg = "";
     if (is_null($username) || is_null($email) || is_null($password)) {
         $this->logger->log("Error trying to register : Missing fields", Logger::ERROR);
         MessageQueue::pushPersistent($_SESSION['user_id'], 'err_missing_input');
         NavigationUtility::redirect('./index.php?view=error');
     } else {
         // sanitize and validate the data passed in
         if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
             $error_msg = "err_register_invalid_mail";
         }
         $password = hash('sha512', $password);
         // Username validity isn't checked, only sanitized
         $prep_stmt = "SELECT id FROM user WHERE email = ? LIMIT 1";
         $stmt = $this->mysqli->prepare($prep_stmt);
         // check if mail is already registered
         if ($stmt) {
             $stmt->bind_param('s', $email);
             $stmt->execute();
             $stmt->store_result();
             if ($stmt->num_rows == 1) {
                 $error_msg = "err_register_existing_info";
             }
         } else {
             $error_msg = "err_register_check";
         }
         $stmt->close();
         // check if username is already registered
         $prep_stmt = "SELECT id FROM user WHERE username = ? LIMIT 1";
         $stmt = $this->mysqli->prepare($prep_stmt);
         if ($stmt) {
             $stmt->bind_param('s', $username);
             $stmt->execute();
             $stmt->store_result();
             if ($stmt->num_rows == 1) {
                 $error_msg = "err_register_existing_info";
             }
         } else {
             $error_msg = "err_register_check";
         }
         $stmt->close();
         if (empty($error_msg)) {
             // We don't need to set seed since PHP 5.2.1
             // Uniqid for more entropy due to mt_rand not being 100% top notch
             $random_salt = hash('sha512', uniqid(mt_rand(), true));
             $password = hash('sha512', $password . $random_salt);
             if ($insert_stmt = $this->mysqli->prepare("INSERT INTO user (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
                 $insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
                 if (!$insert_stmt->execute()) {
                     $this->logger->log("Error trying to register (insert). SQL Error: " . $this->mysqli->error(), Logger::ERROR);
                     MessageQueue::pushPersistent($_SESSION['user_id'], 'err_register_insert');
                     NavigationUtility::redirect('./index.php?view=error');
                 }
             }
             $this->logger->log("User registered sucessfully", Logger::INFO);
             MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_register_success');
             NavigationUtility::redirect('./index.php');
         } else {
             $this->logger->log("Error trying to register :" . $error_msg, Logger::ERROR);
             MessageQueue::pushPersistent($_SESSION['user_id'], $error_msg);
             NavigationUtility::redirect('./index.php?view=error');
         }
     }
 }
コード例 #6
0
ファイル: sessionmodel.php プロジェクト: szingg/Quizzenger-2
 public function logout()
 {
     //Clean up properly in orde to destroy session for good
     $_SESSION = array();
     // Unset all session values
     $params = session_get_cookie_params();
     // get session parameters so we an delete the cookie
     // Renders it invalid / deleted
     setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
     // Bye!
     session_destroy();
     MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_logout_success');
     NavigationUtility::redirect();
 }