public function processChangepassword($password)
{
if (!isset($GLOBALS['loggedin']) || !$GLOBALS['loggedin']) {
// only logged in users
NavigationUtility::redirect();
}
if (!is_null($password)) {
$password = hash('sha512', $password);
$changepasswordResult = $this->changePassword($password, $this->mysqli);
if ($changepasswordResult) {
$this->logger->log("User changed password sucessfully ", Logger::INFO);
MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_passwordchange_success');
NavigationUtility::redirect();
} else {
$this->logger->log("Something went wrong when user tried to change password ", Logger::WARNING);
MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed');
NavigationUtility::redirectToErrorPage();
}
}
}
<script language="JavaScript"><!--
javascript:window.history.forward(1);
//--></script>
<div class="jumbotron">
<?php
use quizzenger\utilities\NavigationUtility;
if (is_null($this->_['quizinfo']['quizid'])) {
NavigationUtility::redirect();
}
?>
<h1>Willkommen bei Quizzenger</h1>
<p>
Du wurdest eingeladen am Quiz "<?php
echo htmlspecialchars($this->_['quizinfo']['quizname']);
?>
" teilzunehmen.
</p>
<p>
<a href="<?php
echo $this->_['quizinfo']['firstUrl'];
?>
" class="btn btn-primary btn-lg" role="button">
Quiz starten!
</a>
</p>
</div>
public function query($query, $rowCheck = false)
{
$queryResult = $this->mysqli->query($query);
if (!$queryResult || $rowCheck && $queryResult->num_rows == 0) {
$callers = debug_backtrace();
$firstCallerInfo = $callers[1]['class'] . "/" . $callers[1]['function'] . " on line " . $callers[1]['line'];
if ($this->mysqli->error == "") {
$error = "Query didn't return any results";
} else {
$error = $this->mysqli->error;
}
$this->logger->log($this->getCaller(2) . " failed to get result. SQL Error: " . $error, Logger::ERROR);
MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed');
NavigationUtility::redirectToErrorPage();
}
return $queryResult;
}
public function opQuestionWithAnswers($operation, $chosenCategory)
{
$answerModel = ModelCollection::answerModel();
$categoryModel = ModelCollection::categoryModel();
$tagModel = ModelCollection::tagModel();
PermissionUtility::checkLogin();
$this->checkForMissingParametersOpQwA($chosenCategory, $operation, $categoryModel);
if (FORCE_RECAPTCHA_FOR_NEW_QUESTIONS) {
$this->checkRecaptcha();
}
if ($_POST['opquestion_form_questionType'] == SINGLECHOICE_TYPE) {
$type = $_POST['opquestion_form_questionType'];
if ($operation == "new") {
$questionID = $this->newQuestion($type, $_POST['opquestion_form_questionText'], $_SESSION['user_id'], $chosenCategory, $_POST['opquestion_form_attachment'], $_POST['opquestion_form_attachmentLocal']);
//moveTempFile
if ($_POST['opquestion_form_attachmentLocal'] == '1') {
$success = $this->moveTempFile($_POST['opquestion_form_attachmentTempFileName'], $questionID . '.' . $_POST['opquestion_form_attachment']);
if ($success == false) {
$this->logger->log("Attachment could not be moved", Logger::WARNING);
}
}
//remove all files in temp dir
$this->removeAllFilesInTempDir();
//insert all Answers to Db
for ($i = 1; $i <= SINGLECHOICE_ANSWER_COUNT; $i++) {
if ($_POST['opquestion_form_correctness'] == $i) {
$correctnessOfAnswer = 100;
} else {
$correctnessOfAnswer = 0;
}
$answerModel->newAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $questionID);
}
} elseif ($operation == "edit") {
$questionID = $_POST['opquestion_form_question_id'];
$result = $this->editQuestion($type, $_POST['opquestion_form_questionText'], $_SESSION['user_id'], $_POST['opquestion_form_question_id'], $_POST['opquestion_form_attachment'], $_POST['opquestion_form_attachmentLocal']);
//moveTempFile
if ($_POST['opquestion_form_attachmentLocal'] == '1' && $_POST['opquestion_form_attachmentTempFileName'] != $_POST['opquestion_form_attachmentOld']) {
$this->removeAttachment($questionID . '.' . $_POST['opquestion_form_attachmentOld']);
$success = $this->moveTempFile($_POST['opquestion_form_attachmentTempFileName'], $questionID . '.' . $_POST['opquestion_form_attachment']);
if ($success == false) {
$this->logger->log("Attachment could not be moved", Logger::WARNING);
}
}
//remove all files in temp dir
$this->removeAllFilesInTempDir();
//edit answers
$answers = $answerModel->getAnswersByQuestionID($_POST['opquestion_form_question_id']);
$i = 0;
foreach ($answers as $answer) {
$i = $i + 1;
if ($_POST['opquestion_form_correctness'] == $i) {
$correctnessOfAnswer = 100;
} else {
$correctnessOfAnswer = 0;
}
if ($operation == "edit") {
$answerModel->editAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $answer['id']);
} else {
$answerModel->newAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $questionID);
}
}
}
if ($operation == "edit") {
$tagModel->removeAllTagsOfQuestionById($_POST['opquestion_form_question_id']);
// delete all and readd below. otherwise its way too complicated and not really faster
}
$this->handleNewTagCreation($questionID, $operation, $tagModel);
if ($operation == "new") {
return $questionID;
}
return;
}
$this->logger->log("Invalid questionType used in questionmodel", Logger::WARNING);
MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed');
NavigationUtility::redirectToErrorPage();
}
public function processRegistration($username, $email, $password)
{
$error_msg = "";
if (is_null($username) || is_null($email) || is_null($password)) {
$this->logger->log("Error trying to register : Missing fields", Logger::ERROR);
MessageQueue::pushPersistent($_SESSION['user_id'], 'err_missing_input');
NavigationUtility::redirect('./index.php?view=error');
} else {
// sanitize and validate the data passed in
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$error_msg = "err_register_invalid_mail";
}
$password = hash('sha512', $password);
// Username validity isn't checked, only sanitized
$prep_stmt = "SELECT id FROM user WHERE email = ? LIMIT 1";
$stmt = $this->mysqli->prepare($prep_stmt);
// check if mail is already registered
if ($stmt) {
$stmt->bind_param('s', $email);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
$error_msg = "err_register_existing_info";
}
} else {
$error_msg = "err_register_check";
}
$stmt->close();
// check if username is already registered
$prep_stmt = "SELECT id FROM user WHERE username = ? LIMIT 1";
$stmt = $this->mysqli->prepare($prep_stmt);
if ($stmt) {
$stmt->bind_param('s', $username);
$stmt->execute();
$stmt->store_result();
if ($stmt->num_rows == 1) {
$error_msg = "err_register_existing_info";
}
} else {
$error_msg = "err_register_check";
}
$stmt->close();
if (empty($error_msg)) {
// We don't need to set seed since PHP 5.2.1
// Uniqid for more entropy due to mt_rand not being 100% top notch
$random_salt = hash('sha512', uniqid(mt_rand(), true));
$password = hash('sha512', $password . $random_salt);
if ($insert_stmt = $this->mysqli->prepare("INSERT INTO user (username, email, password, salt) VALUES (?, ?, ?, ?)")) {
$insert_stmt->bind_param('ssss', $username, $email, $password, $random_salt);
if (!$insert_stmt->execute()) {
$this->logger->log("Error trying to register (insert). SQL Error: " . $this->mysqli->error(), Logger::ERROR);
MessageQueue::pushPersistent($_SESSION['user_id'], 'err_register_insert');
NavigationUtility::redirect('./index.php?view=error');
}
}
$this->logger->log("User registered sucessfully", Logger::INFO);
MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_register_success');
NavigationUtility::redirect('./index.php');
} else {
$this->logger->log("Error trying to register :" . $error_msg, Logger::ERROR);
MessageQueue::pushPersistent($_SESSION['user_id'], $error_msg);
NavigationUtility::redirect('./index.php?view=error');
}
}
}
public function logout()
{
//Clean up properly in orde to destroy session for good
$_SESSION = array();
// Unset all session values
$params = session_get_cookie_params();
// get session parameters so we an delete the cookie
// Renders it invalid / deleted
setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"]);
// Bye!
session_destroy();
MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_logout_success');
NavigationUtility::redirect();
}