forked from berhsi/matrix-register
refactor code style, conditions
This commit is contained in:
parent
42f756b918
commit
0483ceab53
16
lib/base.php
16
lib/base.php
|
|
@ -25,9 +25,25 @@ class BaseClass {
|
|||
*/
|
||||
|
||||
private $config_path = "/etc/matrix-register/register.ini";
|
||||
|
||||
/**
|
||||
* @var Config
|
||||
*/
|
||||
public $config; // Instanz der die Klasse Config
|
||||
|
||||
/**
|
||||
* @var Logger
|
||||
*/
|
||||
public $log; // Instanz der Klasse Logger
|
||||
|
||||
/**
|
||||
* @var Database
|
||||
*/
|
||||
public $db; // Instanz der Klasse Database
|
||||
|
||||
/**
|
||||
* @var string
|
||||
*/
|
||||
public $token = ""; // Variable für Token oder temp. Password
|
||||
|
||||
public function __construct() {
|
||||
|
|
|
|||
|
|
@ -53,7 +53,7 @@ function getNick(string $mid): string
|
|||
}
|
||||
}
|
||||
|
||||
function getRemoteHexIP() {
|
||||
function getRemoteHexIP(): string {
|
||||
|
||||
/**
|
||||
* Wandelt die IP des anfragenden Clients in einen Hexadezimalen
|
||||
|
|
|
|||
94
lib/db.php
94
lib/db.php
|
|
@ -69,7 +69,6 @@ class Connection {
|
|||
}
|
||||
else {
|
||||
throw new Exception("Wrong driver for database: {$driver}");
|
||||
return false;
|
||||
}
|
||||
} catch (PDOException $e) {
|
||||
throw new Exception($e->getMessage());
|
||||
|
|
@ -100,15 +99,31 @@ class Connection {
|
|||
|
||||
class Database {
|
||||
|
||||
protected const PREPARE_OPTIONS_CURSOR_FWDONLY = [
|
||||
PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY,
|
||||
];
|
||||
|
||||
/**
|
||||
* Stellt das Datenbankobjekt und die Methoden zum Arbeiten mit der
|
||||
* Datenbank zur verfügung.
|
||||
*/
|
||||
|
||||
/**
|
||||
* @var PDO
|
||||
*/
|
||||
private $pdo;
|
||||
|
||||
/**
|
||||
* @var Logger
|
||||
*/
|
||||
private $log;
|
||||
|
||||
public function __construct($pdo, $log)
|
||||
/**
|
||||
* Database constructor.
|
||||
* @param PDO $pdo
|
||||
* @param Logger $log
|
||||
*/
|
||||
public function __construct(PDO $pdo, Logger $log)
|
||||
{
|
||||
/**
|
||||
* Übernimmt beim Erstellen der Klasse die Connection zur Datenbank
|
||||
|
|
@ -216,35 +231,31 @@ class Database {
|
|||
* Klassenfunktion searchUser(). Braucht getNick() common.php!
|
||||
*/
|
||||
|
||||
$userFound = false;
|
||||
$users = [];
|
||||
$this->log->d("Search for localpart {$nick} in users");
|
||||
$query = "SELECT name FROM users WHERE name LIKE :nick";
|
||||
$pattern = "%$nick%";
|
||||
try {
|
||||
$response = $this->searchUser($query, $pattern);
|
||||
} catch (PDOException $e) {
|
||||
$this->log->e("searchUser() returns true because PDOException");
|
||||
return true;
|
||||
}
|
||||
$count = count($response);
|
||||
$query = "SELECT `name` FROM users WHERE `name` = :nick";
|
||||
$name = "@" . $nick . ":matrix.kraut.space";
|
||||
$users = $this->searchUser($query, $name);
|
||||
$count = count($users);
|
||||
if ($count == 0)
|
||||
{
|
||||
$this->log->d("Nothing found");
|
||||
return false;
|
||||
}
|
||||
else
|
||||
{
|
||||
foreach ($response as $array) {
|
||||
$uid = getNick($array['name']);
|
||||
return $userFound;
|
||||
} else {
|
||||
foreach ($users as $user) {
|
||||
$uid = getNick($user['name']);
|
||||
$this->log->d("Compare {$nick} with {$uid}");
|
||||
if ($uid === $nick) {
|
||||
$this->log->i("MXID localpart already exists: {$nick}");
|
||||
return true;
|
||||
$userFound = true;
|
||||
break;
|
||||
} else {
|
||||
$this->log->d("False");
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
return $userFound;
|
||||
}
|
||||
|
||||
public function UserExistsInRequests(string $nick): bool
|
||||
|
|
@ -258,13 +269,13 @@ class Database {
|
|||
* Funktion searchUser().
|
||||
*/
|
||||
|
||||
$response = [];
|
||||
$this->log->d("Search for localpart {$nick} in requests");
|
||||
$query = "SELECT nick FROM requests WHERE nick = :nick";
|
||||
try {
|
||||
$response = $this->searchUser($query, $nick);
|
||||
} catch (PDOException $e) {
|
||||
$this->log->e("searchUser() returns true because PDOException");
|
||||
return true;
|
||||
}
|
||||
$count = count($response);
|
||||
if ($count > 0) {
|
||||
|
|
@ -284,24 +295,22 @@ class Database {
|
|||
* Funktion.
|
||||
*/
|
||||
|
||||
try
|
||||
{
|
||||
$stmt = $this->pdo->prepare($query,
|
||||
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
|
||||
try {
|
||||
$stmt = $this->pdo->prepare(
|
||||
$query,
|
||||
self::PREPARE_OPTIONS_CURSOR_FWDONLY
|
||||
);
|
||||
$stmt->execute(array(':nick' => $nick)); // gibt bool zurück
|
||||
$response = $stmt->fetchAll();
|
||||
return $response;
|
||||
}
|
||||
catch (PDOException $e)
|
||||
{
|
||||
return $stmt->fetchAll();
|
||||
} catch (PDOException $e) {
|
||||
$errormsg = $e->getMessage();
|
||||
$this->log->e("A PDO-Exception occurres");
|
||||
$this->log->e("Error: {$errormsg}");
|
||||
throw new PDOException($errormsg);
|
||||
throw $e;
|
||||
}
|
||||
}
|
||||
|
||||
public function getTimestamps(): array {
|
||||
public function getTimestamps(string $ip): array {
|
||||
|
||||
/**
|
||||
* Schaut in der Datenbank, ob es bereits Einträge mit der aktuellen
|
||||
|
|
@ -310,10 +319,10 @@ class Database {
|
|||
* TODO: flexibler gestalten? IP als Parameter übergeben?
|
||||
*/
|
||||
|
||||
$ip = getRemoteHexIP();
|
||||
$this->log->i("Search for IP: {$_SERVER['REMOTE_ADDR']}");
|
||||
$stmt = $this->pdo->prepare("SELECT time FROM requests WHERE
|
||||
ip = :ip");
|
||||
$stmt = $this->pdo->prepare(
|
||||
"SELECT `time` FROM requests WHERE ip = :ip"
|
||||
);
|
||||
try {
|
||||
$stmt->BindValue(':ip', $ip, PDO::PARAM_LOB);
|
||||
$stmt->execute();
|
||||
|
|
@ -326,7 +335,7 @@ class Database {
|
|||
return $response;
|
||||
}
|
||||
|
||||
public function saveRequest($token): bool
|
||||
public function saveRequest(string $token, string $ip): bool
|
||||
{
|
||||
/**
|
||||
* Speichert den gewünschten Nick, die Emailadresse, das Token, die
|
||||
|
|
@ -338,7 +347,6 @@ class Database {
|
|||
* oder reichen die prepared Statments?
|
||||
*/
|
||||
|
||||
$ip = getRemoteHexIP();
|
||||
$nick = $_POST['login'];
|
||||
$email = $_POST['email'];
|
||||
$time = getNow();
|
||||
|
|
@ -377,8 +385,10 @@ class Database {
|
|||
$token = $_GET['token'];
|
||||
$query = "SELECT id, nick, token FROM requests WHERE token = :token";
|
||||
try {
|
||||
$stmt = $this->pdo->prepare($query,
|
||||
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
|
||||
$stmt = $this->pdo->prepare(
|
||||
$query,
|
||||
self::PREPARE_OPTIONS_CURSOR_FWDONLY
|
||||
);
|
||||
$stmt->execute(array(':token' => $token)); // gibt bool zurück
|
||||
$response = $stmt->fetchAll();
|
||||
} catch (PDOException $e) {
|
||||
|
|
@ -398,8 +408,10 @@ class Database {
|
|||
|
||||
$query = "DELETE FROM requests WHERE id = :id";
|
||||
try {
|
||||
$stmt = $this->pdo->prepare($query,
|
||||
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
|
||||
$stmt = $this->pdo->prepare(
|
||||
$query,
|
||||
self::PREPARE_OPTIONS_CURSOR_FWDONLY
|
||||
);
|
||||
$stmt->execute(array(':id' => $id)); // gibt bool zurück
|
||||
} catch (PDOException $e) {
|
||||
$this->log->e("PDO Exception occures");
|
||||
|
|
@ -407,7 +419,7 @@ class Database {
|
|||
return false;
|
||||
}
|
||||
$this->log->d("Database operation successfull");
|
||||
return $stmt->rowCount();;
|
||||
return $stmt->rowCount();
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -19,12 +19,13 @@ require_once("common.php");
|
|||
class Request extends BaseClass {
|
||||
|
||||
/**
|
||||
* Klasse zur Bearbeitung einer Anfrage nach einem Matrix Accuont. Erbt
|
||||
* Klasse zur Bearbeitung einer Anfrage nach einem Matrix Account. Erbt
|
||||
* aus der Klasse BaseClass ein Konfigurations- und ein Datenbankobjekt
|
||||
* ($this->config, $this->db), die Funktion generateToken() und sowie
|
||||
* die Variable $this-token.
|
||||
* @param string $message
|
||||
* @return bool
|
||||
*/
|
||||
|
||||
public function checkRequest(string &$message): bool {
|
||||
|
||||
/**
|
||||
|
|
@ -40,33 +41,39 @@ class Request extends BaseClass {
|
|||
return false;
|
||||
}
|
||||
|
||||
$ip = getRemoteHexIP();
|
||||
$this->log->i("Request started for nick: {$_POST['login']}");
|
||||
if (false === $this->checkCaptcha()) {
|
||||
$message = "Captcha invalid";
|
||||
return false;
|
||||
} else if (false === $this->checkEmail()) {
|
||||
$message = "Email invalid";
|
||||
return false;
|
||||
} else if (false === $this->checkMXID($this->config->getMxDomain())) {
|
||||
$message = "User ID invalid";
|
||||
return false;
|
||||
} else if (false === $this->checkUser()) {
|
||||
$message = "User Id is already taken";
|
||||
return false;
|
||||
} else if (false === $this->checkRequests()) {
|
||||
$message = "Too many requests";
|
||||
return false;
|
||||
} else {
|
||||
if ($this->generateToken(16) === true) {
|
||||
if ($this->saveRequest() === true) {
|
||||
if ($this->sendVerificationMail() === true) {
|
||||
$login = htmlspecialchars($_POST['login']);
|
||||
$message = "Your request for '{$login}' is saved and a
|
||||
verification mail is send";
|
||||
return true;
|
||||
try {
|
||||
if (false === $this->checkCaptcha()) {
|
||||
$message = "Captcha invalid";
|
||||
return false;
|
||||
} else if (false === $this->checkEmail()) {
|
||||
$message = "Email invalid";
|
||||
return false;
|
||||
} else if (false === $this->checkMXID($this->config->getMxDomain())) {
|
||||
$message = "User ID invalid";
|
||||
return false;
|
||||
} else if (false === $this->checkUser($_POST['login'] ?? '')) {
|
||||
$message = "User Id is already taken";
|
||||
return false;
|
||||
} else if (false === $this->checkRequests($ip)) {
|
||||
$message = "Too many requests";
|
||||
return false;
|
||||
} else {
|
||||
if ($this->generateToken(16) === true) {
|
||||
if ($this->saveRequest($ip) === true) {
|
||||
if ($this->sendVerificationMail() === true) {
|
||||
$login = htmlspecialchars($_POST['login']);
|
||||
$message = "Your request for '{$login}' is saved and a
|
||||
verification mail is send";
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
} catch (Throwable $e) {
|
||||
$this->log->e($e->getMessage());
|
||||
$message = "unexpected error";
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
|
@ -139,8 +146,20 @@ class Request extends BaseClass {
|
|||
return true;
|
||||
}
|
||||
|
||||
private function checkUser(): bool {
|
||||
/**
|
||||
* @param string $nick
|
||||
* @return bool
|
||||
*/
|
||||
private function userExistsInRequestsOrUsers(string $nick): bool
|
||||
{
|
||||
return $this->db->UserExistsInRequests($nick) || $this->db->UserExistsInUsers($nick);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param string $login
|
||||
* @return bool
|
||||
*/
|
||||
private function checkUser(string $login): bool {
|
||||
/**
|
||||
* Prüft, ob der gewünschte Nutzernamen nicht bereits vergeben ist.
|
||||
* Dazu wird in den Datenbanktabellen users (bereits registrierte
|
||||
|
|
@ -152,24 +171,17 @@ class Request extends BaseClass {
|
|||
*/
|
||||
|
||||
$this->log->d("Checking if username is available");
|
||||
$nick = $_POST['login'];
|
||||
if ($this->db->UserExistsInRequests($nick) === true) {
|
||||
return false;
|
||||
}
|
||||
if ($this->db->UserExistsInUsers($nick) === true) {
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
return ! $this->userExistsInRequestsOrUsers($login);
|
||||
}
|
||||
|
||||
private function checkRequests(): bool {
|
||||
private function checkRequests(string $ip): bool {
|
||||
|
||||
/**
|
||||
* Prüft, ob für es von der aktuellen Remote IP bereits Anfragen
|
||||
* gibt. Diese sollten gewisse Limits nicht überschreiten.
|
||||
*/
|
||||
|
||||
$timestamps = $this->db->getTimestamps();
|
||||
$timestamps = $this->db->getTimestamps($ip);
|
||||
$now = getNow();
|
||||
|
||||
// Wenn es der erste Request ist -> return true
|
||||
|
|
@ -212,7 +224,7 @@ class Request extends BaseClass {
|
|||
return true;
|
||||
}
|
||||
|
||||
private function saveRequest(): bool {
|
||||
private function saveRequest(string $ip): bool {
|
||||
|
||||
/**
|
||||
* Veranlaßt die Speicherung der Anfrage in der Tabelle requests.
|
||||
|
|
@ -221,13 +233,10 @@ class Request extends BaseClass {
|
|||
*/
|
||||
|
||||
try {
|
||||
$response = $this->db->saveRequest($this->token);
|
||||
return $this->db->saveRequest($this->token, $ip);
|
||||
} catch (Exception $e) {
|
||||
$this->log->e("Error: Database returns: {$e->getMessage()}");
|
||||
}
|
||||
if ($response === true) {
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
@ -265,4 +274,4 @@ class Request extends BaseClass {
|
|||
|
||||
}
|
||||
|
||||
?>
|
||||
|
||||
|
|
|
|||
|
|
@ -37,4 +37,3 @@ const HTML_FOOTER = <<<END
|
|||
</footer>
|
||||
END;
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue