public function processLogin($email, $password) { if (isset($GLOBALS['loggedin']) && $GLOBALS['loggedin']) { // no manual / spoofed / replayed double logins MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_login_already'); NavigationUtility::redirect(); } if (!is_null($email) && !is_null($password)) { $password = hash('sha512', $password); $loginResult = $this->login($email, $password, $this->mysqli); if ($loginResult == 1) { $this->logger->log("User logged in sucessfully ", Logger::INFO); $pageBefore = filter_input(INPUT_GET, 'pageBefore', $filter = FILTER_SANITIZE_SPECIAL_CHARS); $pageBefore = str_replace('||', '&', $pageBefore); //case pageBefore contained multiple parameters if (!isset($pageBefore) || empty($pageBefore)) { $pageBefore = 'default'; } MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_login_success'); NavigationUtility::redirect('./index.php?view=' . $pageBefore); } elseif ($loginResult == -1) { $this->logger->log("User tried to log in with bad credentials, email: " . $email, Logger::WARNING); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_login_bad_credentials'); NavigationUtility::redirectToErrorPage(); } elseif ($loginResult == -2) { $this->logger->log("User has reached maximum login tries, email: " . $email, Logger::WARNING); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_login_tries_exceeded', ['timeout' => (int) BRUTE_FORCE_COOLDOWN / 60]); NavigationUtility::redirectToErrorPage(); } elseif ($loginResult == -3) { $this->logger->log("Inactive User tried to login, email: " . $email, Logger::INFO); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_login_inactive'); NavigationUtility::redirectToErrorPage(); } else { $this->logger->log("User tried to log in with bad credentials (unkown return from login), email: " . $email, Logger::WARNING); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_login_bad_credentials'); NavigationUtility::redirectToErrorPage(); } } else { $this->logger->log("Invalid POST request made", Logger::WARNING); die('Invalid Request. Please stop this'); } }
public function processChangepassword($password) { if (!isset($GLOBALS['loggedin']) || !$GLOBALS['loggedin']) { // only logged in users NavigationUtility::redirect(); } if (!is_null($password)) { $password = hash('sha512', $password); $changepasswordResult = $this->changePassword($password, $this->mysqli); if ($changepasswordResult) { $this->logger->log("User changed password sucessfully ", Logger::INFO); MessageQueue::pushPersistent($_SESSION['user_id'], 'mes_passwordchange_success'); NavigationUtility::redirect(); } else { $this->logger->log("Something went wrong when user tried to change password ", Logger::WARNING); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed'); NavigationUtility::redirectToErrorPage(); } } }
public function query($query, $rowCheck = false) { $queryResult = $this->mysqli->query($query); if (!$queryResult || $rowCheck && $queryResult->num_rows == 0) { $callers = debug_backtrace(); $firstCallerInfo = $callers[1]['class'] . "/" . $callers[1]['function'] . " on line " . $callers[1]['line']; if ($this->mysqli->error == "") { $error = "Query didn't return any results"; } else { $error = $this->mysqli->error; } $this->logger->log($this->getCaller(2) . " failed to get result. SQL Error: " . $error, Logger::ERROR); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed'); NavigationUtility::redirectToErrorPage(); } return $queryResult; }
public function opQuestionWithAnswers($operation, $chosenCategory) { $answerModel = ModelCollection::answerModel(); $categoryModel = ModelCollection::categoryModel(); $tagModel = ModelCollection::tagModel(); PermissionUtility::checkLogin(); $this->checkForMissingParametersOpQwA($chosenCategory, $operation, $categoryModel); if (FORCE_RECAPTCHA_FOR_NEW_QUESTIONS) { $this->checkRecaptcha(); } if ($_POST['opquestion_form_questionType'] == SINGLECHOICE_TYPE) { $type = $_POST['opquestion_form_questionType']; if ($operation == "new") { $questionID = $this->newQuestion($type, $_POST['opquestion_form_questionText'], $_SESSION['user_id'], $chosenCategory, $_POST['opquestion_form_attachment'], $_POST['opquestion_form_attachmentLocal']); //moveTempFile if ($_POST['opquestion_form_attachmentLocal'] == '1') { $success = $this->moveTempFile($_POST['opquestion_form_attachmentTempFileName'], $questionID . '.' . $_POST['opquestion_form_attachment']); if ($success == false) { $this->logger->log("Attachment could not be moved", Logger::WARNING); } } //remove all files in temp dir $this->removeAllFilesInTempDir(); //insert all Answers to Db for ($i = 1; $i <= SINGLECHOICE_ANSWER_COUNT; $i++) { if ($_POST['opquestion_form_correctness'] == $i) { $correctnessOfAnswer = 100; } else { $correctnessOfAnswer = 0; } $answerModel->newAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $questionID); } } elseif ($operation == "edit") { $questionID = $_POST['opquestion_form_question_id']; $result = $this->editQuestion($type, $_POST['opquestion_form_questionText'], $_SESSION['user_id'], $_POST['opquestion_form_question_id'], $_POST['opquestion_form_attachment'], $_POST['opquestion_form_attachmentLocal']); //moveTempFile if ($_POST['opquestion_form_attachmentLocal'] == '1' && $_POST['opquestion_form_attachmentTempFileName'] != $_POST['opquestion_form_attachmentOld']) { $this->removeAttachment($questionID . '.' . $_POST['opquestion_form_attachmentOld']); $success = $this->moveTempFile($_POST['opquestion_form_attachmentTempFileName'], $questionID . '.' . $_POST['opquestion_form_attachment']); if ($success == false) { $this->logger->log("Attachment could not be moved", Logger::WARNING); } } //remove all files in temp dir $this->removeAllFilesInTempDir(); //edit answers $answers = $answerModel->getAnswersByQuestionID($_POST['opquestion_form_question_id']); $i = 0; foreach ($answers as $answer) { $i = $i + 1; if ($_POST['opquestion_form_correctness'] == $i) { $correctnessOfAnswer = 100; } else { $correctnessOfAnswer = 0; } if ($operation == "edit") { $answerModel->editAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $answer['id']); } else { $answerModel->newAnswer($correctnessOfAnswer, $_POST['opquestion_form_answer' . $i], $_POST['opquestion_form_answerexplanation' . $i], $questionID); } } } if ($operation == "edit") { $tagModel->removeAllTagsOfQuestionById($_POST['opquestion_form_question_id']); // delete all and readd below. otherwise its way too complicated and not really faster } $this->handleNewTagCreation($questionID, $operation, $tagModel); if ($operation == "new") { return $questionID; } return; } $this->logger->log("Invalid questionType used in questionmodel", Logger::WARNING); MessageQueue::pushPersistent($_SESSION['user_id'], 'err_db_query_failed'); NavigationUtility::redirectToErrorPage(); }