/** * Adds an admin user * * @param array $reg_data * @param \PDO $link * @return array */ function register_admin_user($reg_data, $link) { $lang = $reg_data['lang']; /** @noinspection PhpIncludeInspection */ require dirname(__FILE__) . "/../../languages/{$lang}/admin/admregtxt.php"; if (strlen($reg_data['user']) < USER_MINLENGTH) { return array('error' => REG_ADM_USR_USER_TOO_SHORT); } if (strlen($reg_data['user']) > USER_MAXLENGTH) { return array('error' => REG_ADM_USR_USER_TOO_LONG); } if (strlen($reg_data['password']) < PASS_MINLENGTH) { return array('error' => REG_ADM_USR_PASS_TOO_SHORT); } if ($reg_data['password'] !== $reg_data['password2']) { return array('error' => REG_ADM_USR_PASS_NO_MATCH); } if (($email = filter_var($reg_data['email'], FILTER_VALIDATE_EMAIL)) === false) { return array('error' => REG_ADM_USR_MUST_PROVIDE_VALID_EMAIL); } $use_password_hash = defined('SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION') && (SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION === true || is_string(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION) && (trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === 'on' || trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === 'true' || trim(strtolower(SYNAPP_USE_PASSWORD_HASH_AUTHENTICATION)) === '1')) ? true : false; if ($use_password_hash) { $password = password_hash($reg_data['password'], PASSWORD_DEFAULT); } else { $password = hash('sha256', mt_rand() . '$' . $reg_data['password'] . NORAINBOW_SALT); } $sql = "INSERT INTO `synadmin` ( `uuid`, `user`, `password`, `email`, `lang` ) VALUES ( :uuid, :user , :password , :email , :lang )"; $stmt = $link->prepare($sql); $v5uuid = \synapp\info\tools\uuid\uuid::v5(\synapp\info\tools\uuid\uuid::v4(), SYNAPP_MAIL_DOMAIN); $stmt->bindValue(':uuid', $v5uuid, PDO::PARAM_STR); $stmt->bindValue(':user', $reg_data['user'], PDO::PARAM_STR); $stmt->bindValue(':password', $password, PDO::PARAM_STR); $stmt->bindValue(':email', $email, PDO::PARAM_STR); $stmt->bindValue(':lang', $reg_data['lang'], PDO::PARAM_STR); if ($stmt->execute()) { return array('uuid' => $v5uuid); } else { error_log($link->errorInfo()); return array('error' => REG_ADM_COULDNT_PERFORM_DATABASE_OPERATION); } }
/** * Processes an action on raffle collection. * * @param null|array $request * @throws Exception * @return array */ private function processRaffleAction($request = null) { if ($request === null) { $request = $this->request; } $out = array(); $out['subtitle'] = _('(Listing raffles)'); $data = null; //check login if (!isset($this->access_token)) { throw new Exception('Unauthenticated request.', 401); } $this->adminDAO = isset($this->adminDAO) ? $this->adminDAO : new AdminDAO($this->client_id, $this->client_secret, $this->admin_redirect_uri, null, null, null, null, null, $this->debug); $authResponse = $this->adminDAO->authenticate(null, null, $this->adminDAO->getAccessToken()); if (isset($authResponse['authUrl'])) { throw new Exception("Auth error: Invalid admin access token.", 500); } $adminClient = $this->adminDAO->getClient(); $tableIds = $this->adminDAO->getTableIds(); $adminId = $this->adminDAO->getAdminId(); $this->user = isset($this->user) ? $this->user : new User($this->client_id, $this->client_secret, $this->redirect_uri, $this->access_token, null, null, null, $this->debug); $authResponse = $this->user->authenticate(null, null, $this->access_token); if (isset($authResponse['authUrl'])) { if (!$this->webapp) { throw new Exception("Authentication required (token found but expired/revoked).", 401); } else { return $this->processUserAction(array('collection' => 'user', 'action' => 'logout')); } } $userId = $this->user->requestUserId(); $isAdmin = $adminId === $userId ? true : false; $this->raffleDAO = isset($this->raffleDAO) ? $this->raffleDAO : new RaffleDAO($tableIds, null, $adminClient, $this->debug); $this->raffle = isset($this->raffle) ? $this->raffle : new Raffle($this->raffleDAO, $userId, $isAdmin); $request['raffleid'] = isset($request['raffleid']) ? $request['raffleid'] : (isset($request['resource']) ? trim($request['resource'], '/') : null); switch (isset($request['action']) ? $request['action'] : '') { case 'list': $filterArray = $this->getListRaffleFilterArray($userId, $isAdmin, $request); $data = $this->raffle->getList($filterArray); break; case 'create': if (!isset($request['description'])) { throw new Exception('Must specify a raffle description', 400); } $data = $this->raffle->create($request['description'], $userId); break; case 'delete': if (!isset($request['raffleid']) || !uuid::is_valid($request['raffleid'])) { throw new Exception('Must specify a raffleid to delete', 400); } $data = $this->raffle->delete($request['raffleid']); break; case 'join': if (!isset($request['raffleid']) || !uuid::is_valid($request['raffleid'])) { throw new Exception('Must specify a raffleid to join', 400); } $data = $this->raffle->join($request['raffleid'], isset($request['comment']) ? $request['comment'] : '', $userId); break; case 'leave': if (!isset($request['raffleid']) || !uuid::is_valid($request['raffleid'])) { throw new Exception('Must specify a raffleid to leave', 400); } $data = $this->raffle->leave($request['raffleid'], $userId); break; case 'check': if (!isset($request['raffleid']) || !uuid::is_valid($request['raffleid'])) { throw new Exception('Must specify a raffleid to check', 400); } $data = $this->raffle->check($request['raffleid']); break; case 'open': if (!isset($request['raffleid']) || !uuid::is_valid($request['raffleid'])) { throw new Exception('Must specify a raffleid to open', 400); } $data = $this->raffle->updateStatus($request['raffleid'], 'open'); break; case 'close': if (!isset($request['raffleid']) || !uuid::is_valid($request['raffleid'])) { throw new Exception('Must specify a raffleid to close', 400); } $data = $this->raffle->updateStatus($request['raffleid'], 'closed'); break; case 'raffle': if (!isset($request['raffleid']) || !uuid::is_valid($request['raffleid'])) { throw new Exception('Must specify a raffleid to raffle', 400); } $data = $this->raffle->raffle($request['raffleid'], isset($request['limit']) && intval($request['limit']) > 0 ? intval($request['limit']) : null); break; default: throw new Exception('The request does not contain a valid action.', 404); } $out['data'] = $data; return $out; }
/** * @param $description * @param $userId * @param null $created * @param string $privacy * @param string $status * @param null $raffleId * @param null $tableId * @param null $fusionTablesService * @throws Exception * @return stdClass */ public function addRaffle($description, $userId, $created = null, $privacy = null, $status = null, $raffleId = null, $tableId = null, $fusionTablesService = null) { if ($privacy === null) { $privacy = 'public'; } else { $privacy = $this->escape_mysql_string($privacy); } if ($status === null) { $status = 'closed'; } else { $status = $this->escape_mysql_string($status); } if ($created === null) { $created = date("Y-m-d H:i:s"); } else { $created = $this->escape_mysql_string($created); } if ($raffleId === null) { $raffleId = uuid::v5(uuid::v4(), 'synapp\\info\\tools\\gplusraffle'); } else { $raffleId = $this->escape_mysql_string($raffleId); } if ($tableId === null || $tableId === 'raffles') { $tableId = $this->escape_mysql_string($this->tableIds['raffles']); } else { $tableId = $this->escape_mysql_string($tableId); } $userId = $this->escape_mysql_string($userId); $description = $this->escape_mysql_string($description); if ($fusionTablesService === null) { $fusionTablesService = $this->fusionTablesService; } // create new raffle with creatorid = $userId $sql = "INSERT INTO {$tableId} " . "('raffleid','raffledescription','creatorid','created','privacy','status') " . "VALUES ('{$raffleId}', '{$description}', '{$userId}', '{$created}', '{$privacy}', '{$status}')"; $result = $fusionTablesService->query->sql($sql); if (isset($result->columns) && is_array($result->columns) && $result->columns[0] === 'rowid' && isset($result->rows) && is_array($result->rows) && count($result->rows) === 1) { $resultObject = new stdClass(); $resultObject->columns = array('raffleid', 'raffledescription', 'creatorid', 'created', 'privacy', 'status'); $resultObject->rows = array(array($raffleId, $description, $userId, $created, $privacy, $status)); return $resultObject; } else { throw new Exception("Couldn't create raffle with id {$raffleId}", 500); } }
If we're signed in we can go ahead and retrieve the ID token, which is part of the bundle of data that is exchange in the authenticate step - we only need to do a network call if we have to retrieve the Google certificate to verify it, and that can be cached. ************************************************/ if ($client->getAccessToken() && !$client->isAccessTokenExpired()) { $_SESSION['access_token'] = $client->getAccessToken(); $token_data = ''; //$client->verifyIdToken()->getAttributes(); $tableSchema = array('raffles' => array('raffleid' => 'STRING', 'raffledescription' => 'STRING', 'creatorid' => 'STRING', 'created' => 'DATETIME', 'privacy' => 'STRING', 'status' => 'STRING'), 'participants' => array('raffleid' => 'STRING', 'participantid' => 'STRING', 'comment' => 'STRING', 'joined' => 'DATETIME'), 'winners' => array('raffleid' => 'STRING', 'winnerid' => 'STRING', 'raffled' => 'DATETIME')); $plusService = new Google_Service_Plus($client); $person = $plusService->people->get('me'); $uuid = new uuid(); $raffleids = array(uuid::v5(uuid::v4(), 'synapp\\info\\tools\\gplusraffle'), uuid::v5(uuid::v4(), 'synapp\\info\\tools\\gplusraffle'), uuid::v5(uuid::v4(), 'synapp\\info\\tools\\gplusraffle'), uuid::v5(uuid::v4(), 'synapp\\info\\tools\\gplusraffle')); $insertQueries = array(array('tableName' => 'raffles', 'sql' => " ('raffleid','raffledescription','creatorid','created','privacy','status') " . "VALUES ('{$raffleids['0']}', 'test raffle 1','{$person->id}','" . date("Y-m-d H:i:s") . "','public','closed')"), array('tableName' => 'raffles', 'sql' => " ('raffleid','raffledescription','creatorid','created','privacy','status') " . "VALUES ('{$raffleids['1']}', 'test raffle 2','{$person->id}','" . date("Y-m-d H:i:s") . "','public','closed')"), array('tableName' => 'raffles', 'sql' => " ('raffleid','raffledescription','creatorid','created','privacy','status') " . "VALUES ('{$raffleids['2']}', 'test raffle 3','{$person->id}','" . date("Y-m-d H:i:s") . "','public','closed')"), array('tableName' => 'raffles', 'sql' => " ('raffleid','raffledescription','creatorid','created','privacy','status') " . "VALUES ('{$raffleids['3']}', 'test raffle 4','{$person->id}','" . date("Y-m-d H:i:s") . "','public','closed')"), array('tableName' => 'participants', 'sql' => " ('raffleid','participantid','comment','joined') " . "VALUES ('{$raffleids['0']}', '{$person->id}', 'Comment 1','" . date("Y-m-d H:i:s") . "')"), array('tableName' => 'participants', 'sql' => " ('raffleid','participantid','joined') " . "VALUES ('{$raffleids['1']}', '{$person->id}', 'Comment 2','" . date("Y-m-d H:i:s") . "')"), array('tableName' => 'participants', 'sql' => " ('raffleid','participantid','joined') " . "VALUES ('{$raffleids['2']}', '{$person->id}', 'Comment 3','" . date("Y-m-d H:i:s") . "')"), array('tableName' => 'participants', 'sql' => " ('raffleid','participantid','joined') " . "VALUES ('{$raffleids['3']}', '{$person->id}', 'Comment 4','" . date("Y-m-d H:i:s") . "')"), array('tableName' => 'winners', 'sql' => " ('raffleid','winnerid','raffled') " . "VALUES ('{$raffleids['0']}', '{$person->id}','" . date("Y-m-d H:i:s") . "')"), array('tableName' => 'winners', 'sql' => " ('raffleid','winnerid','raffled') " . "VALUES ('{$raffleids['1']}', '{$person->id}','" . date("Y-m-d H:i:s") . "')"), array('tableName' => 'winners', 'sql' => " ('raffleid','winnerid','raffled') " . "VALUES ('{$raffleids['2']}', '{$person->id}','" . date("Y-m-d H:i:s") . "')"), array('tableName' => 'winners', 'sql' => " ('raffleid','winnerid','raffled') " . "VALUES ('{$raffleids['3']}', '{$person->id}','" . date("Y-m-d H:i:s") . "')")); $selectQueries = array(array('tableName' => 'raffles', 'sql' => ""), array('tableName' => 'participants', 'sql' => ""), array('tableName' => 'winners', 'sql' => ""), array('tableName' => 'raffles', 'sql' => " WHERE raffleid='{$raffleids['0']}'"), array('tableName' => 'raffles', 'sql' => " WHERE raffleid!='{$raffleids['0']}'")); $fusionTablesService = new Google_Service_Fusiontables($client); $errors = array(); $tableids = array(); foreach ($tableSchema as $tableName => $columns) { $tableColumns = array(); foreach ($columns as $columnName => $columnType) { $column = new Google_Service_Fusiontables_Column(); $column->setName($columnName); $column->setType($columnType); $tableColumns[] = $column; } $table = new Google_Service_Fusiontables_Table(); $table->setName($tableName);