From 0483ceab5360addd7f6be8a7e72179de69ce4562 Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Thu, 4 Mar 2021 23:24:04 +0100 Subject: [PATCH] refactor code style, conditions --- lib/base.php | 16 +++++++++ lib/common.php | 2 +- lib/db.php | 94 ++++++++++++++++++++++++++++--------------------- lib/request.php | 93 ++++++++++++++++++++++++++---------------------- static/web.php | 1 - 5 files changed, 121 insertions(+), 85 deletions(-) diff --git a/lib/base.php b/lib/base.php index 5d6f4fa..ff5bde0 100644 --- a/lib/base.php +++ b/lib/base.php @@ -25,9 +25,25 @@ class BaseClass { */ private $config_path = "/etc/matrix-register/register.ini"; + + /** + * @var Config + */ public $config; // Instanz der die Klasse Config + + /** + * @var Logger + */ public $log; // Instanz der Klasse Logger + + /** + * @var Database + */ public $db; // Instanz der Klasse Database + + /** + * @var string + */ public $token = ""; // Variable für Token oder temp. Password public function __construct() { diff --git a/lib/common.php b/lib/common.php index 9ea6b85..e1ac2ec 100644 --- a/lib/common.php +++ b/lib/common.php @@ -53,7 +53,7 @@ function getNick(string $mid): string } } -function getRemoteHexIP() { +function getRemoteHexIP(): string { /** * Wandelt die IP des anfragenden Clients in einen Hexadezimalen diff --git a/lib/db.php b/lib/db.php index b784497..a3c5940 100644 --- a/lib/db.php +++ b/lib/db.php @@ -69,7 +69,6 @@ class Connection { } else { throw new Exception("Wrong driver for database: {$driver}"); - return false; } } catch (PDOException $e) { throw new Exception($e->getMessage()); @@ -100,15 +99,31 @@ class Connection { class Database { + protected const PREPARE_OPTIONS_CURSOR_FWDONLY = [ + PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY, + ]; + /** * Stellt das Datenbankobjekt und die Methoden zum Arbeiten mit der * Datenbank zur verfügung. */ + /** + * @var PDO + */ private $pdo; + + /** + * @var Logger + */ private $log; - public function __construct($pdo, $log) + /** + * Database constructor. + * @param PDO $pdo + * @param Logger $log + */ + public function __construct(PDO $pdo, Logger $log) { /** * Übernimmt beim Erstellen der Klasse die Connection zur Datenbank @@ -216,35 +231,31 @@ class Database { * Klassenfunktion searchUser(). Braucht getNick() common.php! */ + $userFound = false; + $users = []; $this->log->d("Search for localpart {$nick} in users"); - $query = "SELECT name FROM users WHERE name LIKE :nick"; - $pattern = "%$nick%"; - try { - $response = $this->searchUser($query, $pattern); - } catch (PDOException $e) { - $this->log->e("searchUser() returns true because PDOException"); - return true; - } - $count = count($response); + $query = "SELECT `name` FROM users WHERE `name` = :nick"; + $name = "@" . $nick . ":matrix.kraut.space"; + $users = $this->searchUser($query, $name); + $count = count($users); if ($count == 0) { $this->log->d("Nothing found"); - return false; - } - else - { - foreach ($response as $array) { - $uid = getNick($array['name']); + return $userFound; + } else { + foreach ($users as $user) { + $uid = getNick($user['name']); $this->log->d("Compare {$nick} with {$uid}"); if ($uid === $nick) { $this->log->i("MXID localpart already exists: {$nick}"); - return true; + $userFound = true; + break; } else { $this->log->d("False"); } } } - return false; + return $userFound; } public function UserExistsInRequests(string $nick): bool @@ -258,13 +269,13 @@ class Database { * Funktion searchUser(). */ + $response = []; $this->log->d("Search for localpart {$nick} in requests"); $query = "SELECT nick FROM requests WHERE nick = :nick"; try { $response = $this->searchUser($query, $nick); } catch (PDOException $e) { $this->log->e("searchUser() returns true because PDOException"); - return true; } $count = count($response); if ($count > 0) { @@ -284,24 +295,22 @@ class Database { * Funktion. */ - try - { - $stmt = $this->pdo->prepare($query, - array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); + try { + $stmt = $this->pdo->prepare( + $query, + self::PREPARE_OPTIONS_CURSOR_FWDONLY + ); $stmt->execute(array(':nick' => $nick)); // gibt bool zurück - $response = $stmt->fetchAll(); - return $response; - } - catch (PDOException $e) - { + return $stmt->fetchAll(); + } catch (PDOException $e) { $errormsg = $e->getMessage(); $this->log->e("A PDO-Exception occurres"); $this->log->e("Error: {$errormsg}"); - throw new PDOException($errormsg); + throw $e; } } - public function getTimestamps(): array { + public function getTimestamps(string $ip): array { /** * Schaut in der Datenbank, ob es bereits Einträge mit der aktuellen @@ -310,10 +319,10 @@ class Database { * TODO: flexibler gestalten? IP als Parameter übergeben? */ - $ip = getRemoteHexIP(); $this->log->i("Search for IP: {$_SERVER['REMOTE_ADDR']}"); - $stmt = $this->pdo->prepare("SELECT time FROM requests WHERE - ip = :ip"); + $stmt = $this->pdo->prepare( + "SELECT `time` FROM requests WHERE ip = :ip" + ); try { $stmt->BindValue(':ip', $ip, PDO::PARAM_LOB); $stmt->execute(); @@ -326,7 +335,7 @@ class Database { return $response; } - public function saveRequest($token): bool + public function saveRequest(string $token, string $ip): bool { /** * Speichert den gewünschten Nick, die Emailadresse, das Token, die @@ -338,7 +347,6 @@ class Database { * oder reichen die prepared Statments? */ - $ip = getRemoteHexIP(); $nick = $_POST['login']; $email = $_POST['email']; $time = getNow(); @@ -377,8 +385,10 @@ class Database { $token = $_GET['token']; $query = "SELECT id, nick, token FROM requests WHERE token = :token"; try { - $stmt = $this->pdo->prepare($query, - array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); + $stmt = $this->pdo->prepare( + $query, + self::PREPARE_OPTIONS_CURSOR_FWDONLY + ); $stmt->execute(array(':token' => $token)); // gibt bool zurück $response = $stmt->fetchAll(); } catch (PDOException $e) { @@ -398,8 +408,10 @@ class Database { $query = "DELETE FROM requests WHERE id = :id"; try { - $stmt = $this->pdo->prepare($query, - array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); + $stmt = $this->pdo->prepare( + $query, + self::PREPARE_OPTIONS_CURSOR_FWDONLY + ); $stmt->execute(array(':id' => $id)); // gibt bool zurück } catch (PDOException $e) { $this->log->e("PDO Exception occures"); @@ -407,7 +419,7 @@ class Database { return false; } $this->log->d("Database operation successfull"); - return $stmt->rowCount();; + return $stmt->rowCount(); } } diff --git a/lib/request.php b/lib/request.php index ca707c6..287551b 100644 --- a/lib/request.php +++ b/lib/request.php @@ -19,12 +19,13 @@ require_once("common.php"); class Request extends BaseClass { /** - * Klasse zur Bearbeitung einer Anfrage nach einem Matrix Accuont. Erbt + * Klasse zur Bearbeitung einer Anfrage nach einem Matrix Account. Erbt * aus der Klasse BaseClass ein Konfigurations- und ein Datenbankobjekt * ($this->config, $this->db), die Funktion generateToken() und sowie * die Variable $this-token. + * @param string $message + * @return bool */ - public function checkRequest(string &$message): bool { /** @@ -40,33 +41,39 @@ class Request extends BaseClass { return false; } + $ip = getRemoteHexIP(); $this->log->i("Request started for nick: {$_POST['login']}"); - if (false === $this->checkCaptcha()) { - $message = "Captcha invalid"; - return false; - } else if (false === $this->checkEmail()) { - $message = "Email invalid"; - return false; - } else if (false === $this->checkMXID($this->config->getMxDomain())) { - $message = "User ID invalid"; - return false; - } else if (false === $this->checkUser()) { - $message = "User Id is already taken"; - return false; - } else if (false === $this->checkRequests()) { - $message = "Too many requests"; - return false; - } else { - if ($this->generateToken(16) === true) { - if ($this->saveRequest() === true) { - if ($this->sendVerificationMail() === true) { - $login = htmlspecialchars($_POST['login']); - $message = "Your request for '{$login}' is saved and a - verification mail is send"; - return true; + try { + if (false === $this->checkCaptcha()) { + $message = "Captcha invalid"; + return false; + } else if (false === $this->checkEmail()) { + $message = "Email invalid"; + return false; + } else if (false === $this->checkMXID($this->config->getMxDomain())) { + $message = "User ID invalid"; + return false; + } else if (false === $this->checkUser($_POST['login'] ?? '')) { + $message = "User Id is already taken"; + return false; + } else if (false === $this->checkRequests($ip)) { + $message = "Too many requests"; + return false; + } else { + if ($this->generateToken(16) === true) { + if ($this->saveRequest($ip) === true) { + if ($this->sendVerificationMail() === true) { + $login = htmlspecialchars($_POST['login']); + $message = "Your request for '{$login}' is saved and a + verification mail is send"; + return true; + } } } } + } catch (Throwable $e) { + $this->log->e($e->getMessage()); + $message = "unexpected error"; } return false; } @@ -139,8 +146,20 @@ class Request extends BaseClass { return true; } - private function checkUser(): bool { + /** + * @param string $nick + * @return bool + */ + private function userExistsInRequestsOrUsers(string $nick): bool + { + return $this->db->UserExistsInRequests($nick) || $this->db->UserExistsInUsers($nick); + } + /** + * @param string $login + * @return bool + */ + private function checkUser(string $login): bool { /** * Prüft, ob der gewünschte Nutzernamen nicht bereits vergeben ist. * Dazu wird in den Datenbanktabellen users (bereits registrierte @@ -152,24 +171,17 @@ class Request extends BaseClass { */ $this->log->d("Checking if username is available"); - $nick = $_POST['login']; - if ($this->db->UserExistsInRequests($nick) === true) { - return false; - } - if ($this->db->UserExistsInUsers($nick) === true) { - return false; - } - return true; + return ! $this->userExistsInRequestsOrUsers($login); } - private function checkRequests(): bool { + private function checkRequests(string $ip): bool { /** * Prüft, ob für es von der aktuellen Remote IP bereits Anfragen * gibt. Diese sollten gewisse Limits nicht überschreiten. */ - $timestamps = $this->db->getTimestamps(); + $timestamps = $this->db->getTimestamps($ip); $now = getNow(); // Wenn es der erste Request ist -> return true @@ -212,7 +224,7 @@ class Request extends BaseClass { return true; } - private function saveRequest(): bool { + private function saveRequest(string $ip): bool { /** * Veranlaßt die Speicherung der Anfrage in der Tabelle requests. @@ -221,13 +233,10 @@ class Request extends BaseClass { */ try { - $response = $this->db->saveRequest($this->token); + return $this->db->saveRequest($this->token, $ip); } catch (Exception $e) { $this->log->e("Error: Database returns: {$e->getMessage()}"); } - if ($response === true) { - return true; - } return false; } @@ -265,4 +274,4 @@ class Request extends BaseClass { } -?> + diff --git a/static/web.php b/static/web.php index bf0275e..887c79a 100644 --- a/static/web.php +++ b/static/web.php @@ -37,4 +37,3 @@ const HTML_FOOTER = << END; -?>