forked from berhsi/matrix-register
refactor code style, conditions
This commit is contained in:
parent
42f756b918
commit
0483ceab53
16
lib/base.php
16
lib/base.php
|
@ -25,9 +25,25 @@ class BaseClass {
|
||||||
*/
|
*/
|
||||||
|
|
||||||
private $config_path = "/etc/matrix-register/register.ini";
|
private $config_path = "/etc/matrix-register/register.ini";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var Config
|
||||||
|
*/
|
||||||
public $config; // Instanz der die Klasse Config
|
public $config; // Instanz der die Klasse Config
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var Logger
|
||||||
|
*/
|
||||||
public $log; // Instanz der Klasse Logger
|
public $log; // Instanz der Klasse Logger
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var Database
|
||||||
|
*/
|
||||||
public $db; // Instanz der Klasse Database
|
public $db; // Instanz der Klasse Database
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var string
|
||||||
|
*/
|
||||||
public $token = ""; // Variable für Token oder temp. Password
|
public $token = ""; // Variable für Token oder temp. Password
|
||||||
|
|
||||||
public function __construct() {
|
public function __construct() {
|
||||||
|
|
|
@ -53,7 +53,7 @@ function getNick(string $mid): string
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
function getRemoteHexIP() {
|
function getRemoteHexIP(): string {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Wandelt die IP des anfragenden Clients in einen Hexadezimalen
|
* Wandelt die IP des anfragenden Clients in einen Hexadezimalen
|
||||||
|
|
94
lib/db.php
94
lib/db.php
|
@ -69,7 +69,6 @@ class Connection {
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
throw new Exception("Wrong driver for database: {$driver}");
|
throw new Exception("Wrong driver for database: {$driver}");
|
||||||
return false;
|
|
||||||
}
|
}
|
||||||
} catch (PDOException $e) {
|
} catch (PDOException $e) {
|
||||||
throw new Exception($e->getMessage());
|
throw new Exception($e->getMessage());
|
||||||
|
@ -100,15 +99,31 @@ class Connection {
|
||||||
|
|
||||||
class Database {
|
class Database {
|
||||||
|
|
||||||
|
protected const PREPARE_OPTIONS_CURSOR_FWDONLY = [
|
||||||
|
PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY,
|
||||||
|
];
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Stellt das Datenbankobjekt und die Methoden zum Arbeiten mit der
|
* Stellt das Datenbankobjekt und die Methoden zum Arbeiten mit der
|
||||||
* Datenbank zur verfügung.
|
* Datenbank zur verfügung.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var PDO
|
||||||
|
*/
|
||||||
private $pdo;
|
private $pdo;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var Logger
|
||||||
|
*/
|
||||||
private $log;
|
private $log;
|
||||||
|
|
||||||
public function __construct($pdo, $log)
|
/**
|
||||||
|
* Database constructor.
|
||||||
|
* @param PDO $pdo
|
||||||
|
* @param Logger $log
|
||||||
|
*/
|
||||||
|
public function __construct(PDO $pdo, Logger $log)
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Übernimmt beim Erstellen der Klasse die Connection zur Datenbank
|
* Übernimmt beim Erstellen der Klasse die Connection zur Datenbank
|
||||||
|
@ -216,35 +231,31 @@ class Database {
|
||||||
* Klassenfunktion searchUser(). Braucht getNick() common.php!
|
* Klassenfunktion searchUser(). Braucht getNick() common.php!
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
$userFound = false;
|
||||||
|
$users = [];
|
||||||
$this->log->d("Search for localpart {$nick} in users");
|
$this->log->d("Search for localpart {$nick} in users");
|
||||||
$query = "SELECT name FROM users WHERE name LIKE :nick";
|
$query = "SELECT `name` FROM users WHERE `name` = :nick";
|
||||||
$pattern = "%$nick%";
|
$name = "@" . $nick . ":matrix.kraut.space";
|
||||||
try {
|
$users = $this->searchUser($query, $name);
|
||||||
$response = $this->searchUser($query, $pattern);
|
$count = count($users);
|
||||||
} catch (PDOException $e) {
|
|
||||||
$this->log->e("searchUser() returns true because PDOException");
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
$count = count($response);
|
|
||||||
if ($count == 0)
|
if ($count == 0)
|
||||||
{
|
{
|
||||||
$this->log->d("Nothing found");
|
$this->log->d("Nothing found");
|
||||||
return false;
|
return $userFound;
|
||||||
}
|
} else {
|
||||||
else
|
foreach ($users as $user) {
|
||||||
{
|
$uid = getNick($user['name']);
|
||||||
foreach ($response as $array) {
|
|
||||||
$uid = getNick($array['name']);
|
|
||||||
$this->log->d("Compare {$nick} with {$uid}");
|
$this->log->d("Compare {$nick} with {$uid}");
|
||||||
if ($uid === $nick) {
|
if ($uid === $nick) {
|
||||||
$this->log->i("MXID localpart already exists: {$nick}");
|
$this->log->i("MXID localpart already exists: {$nick}");
|
||||||
return true;
|
$userFound = true;
|
||||||
|
break;
|
||||||
} else {
|
} else {
|
||||||
$this->log->d("False");
|
$this->log->d("False");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return false;
|
return $userFound;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function UserExistsInRequests(string $nick): bool
|
public function UserExistsInRequests(string $nick): bool
|
||||||
|
@ -258,13 +269,13 @@ class Database {
|
||||||
* Funktion searchUser().
|
* Funktion searchUser().
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
$response = [];
|
||||||
$this->log->d("Search for localpart {$nick} in requests");
|
$this->log->d("Search for localpart {$nick} in requests");
|
||||||
$query = "SELECT nick FROM requests WHERE nick = :nick";
|
$query = "SELECT nick FROM requests WHERE nick = :nick";
|
||||||
try {
|
try {
|
||||||
$response = $this->searchUser($query, $nick);
|
$response = $this->searchUser($query, $nick);
|
||||||
} catch (PDOException $e) {
|
} catch (PDOException $e) {
|
||||||
$this->log->e("searchUser() returns true because PDOException");
|
$this->log->e("searchUser() returns true because PDOException");
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
$count = count($response);
|
$count = count($response);
|
||||||
if ($count > 0) {
|
if ($count > 0) {
|
||||||
|
@ -284,24 +295,22 @@ class Database {
|
||||||
* Funktion.
|
* Funktion.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
try
|
try {
|
||||||
{
|
$stmt = $this->pdo->prepare(
|
||||||
$stmt = $this->pdo->prepare($query,
|
$query,
|
||||||
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
|
self::PREPARE_OPTIONS_CURSOR_FWDONLY
|
||||||
|
);
|
||||||
$stmt->execute(array(':nick' => $nick)); // gibt bool zurück
|
$stmt->execute(array(':nick' => $nick)); // gibt bool zurück
|
||||||
$response = $stmt->fetchAll();
|
return $stmt->fetchAll();
|
||||||
return $response;
|
} catch (PDOException $e) {
|
||||||
}
|
|
||||||
catch (PDOException $e)
|
|
||||||
{
|
|
||||||
$errormsg = $e->getMessage();
|
$errormsg = $e->getMessage();
|
||||||
$this->log->e("A PDO-Exception occurres");
|
$this->log->e("A PDO-Exception occurres");
|
||||||
$this->log->e("Error: {$errormsg}");
|
$this->log->e("Error: {$errormsg}");
|
||||||
throw new PDOException($errormsg);
|
throw $e;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public function getTimestamps(): array {
|
public function getTimestamps(string $ip): array {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Schaut in der Datenbank, ob es bereits Einträge mit der aktuellen
|
* Schaut in der Datenbank, ob es bereits Einträge mit der aktuellen
|
||||||
|
@ -310,10 +319,10 @@ class Database {
|
||||||
* TODO: flexibler gestalten? IP als Parameter übergeben?
|
* TODO: flexibler gestalten? IP als Parameter übergeben?
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$ip = getRemoteHexIP();
|
|
||||||
$this->log->i("Search for IP: {$_SERVER['REMOTE_ADDR']}");
|
$this->log->i("Search for IP: {$_SERVER['REMOTE_ADDR']}");
|
||||||
$stmt = $this->pdo->prepare("SELECT time FROM requests WHERE
|
$stmt = $this->pdo->prepare(
|
||||||
ip = :ip");
|
"SELECT `time` FROM requests WHERE ip = :ip"
|
||||||
|
);
|
||||||
try {
|
try {
|
||||||
$stmt->BindValue(':ip', $ip, PDO::PARAM_LOB);
|
$stmt->BindValue(':ip', $ip, PDO::PARAM_LOB);
|
||||||
$stmt->execute();
|
$stmt->execute();
|
||||||
|
@ -326,7 +335,7 @@ class Database {
|
||||||
return $response;
|
return $response;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function saveRequest($token): bool
|
public function saveRequest(string $token, string $ip): bool
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Speichert den gewünschten Nick, die Emailadresse, das Token, die
|
* Speichert den gewünschten Nick, die Emailadresse, das Token, die
|
||||||
|
@ -338,7 +347,6 @@ class Database {
|
||||||
* oder reichen die prepared Statments?
|
* oder reichen die prepared Statments?
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$ip = getRemoteHexIP();
|
|
||||||
$nick = $_POST['login'];
|
$nick = $_POST['login'];
|
||||||
$email = $_POST['email'];
|
$email = $_POST['email'];
|
||||||
$time = getNow();
|
$time = getNow();
|
||||||
|
@ -377,8 +385,10 @@ class Database {
|
||||||
$token = $_GET['token'];
|
$token = $_GET['token'];
|
||||||
$query = "SELECT id, nick, token FROM requests WHERE token = :token";
|
$query = "SELECT id, nick, token FROM requests WHERE token = :token";
|
||||||
try {
|
try {
|
||||||
$stmt = $this->pdo->prepare($query,
|
$stmt = $this->pdo->prepare(
|
||||||
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
|
$query,
|
||||||
|
self::PREPARE_OPTIONS_CURSOR_FWDONLY
|
||||||
|
);
|
||||||
$stmt->execute(array(':token' => $token)); // gibt bool zurück
|
$stmt->execute(array(':token' => $token)); // gibt bool zurück
|
||||||
$response = $stmt->fetchAll();
|
$response = $stmt->fetchAll();
|
||||||
} catch (PDOException $e) {
|
} catch (PDOException $e) {
|
||||||
|
@ -398,8 +408,10 @@ class Database {
|
||||||
|
|
||||||
$query = "DELETE FROM requests WHERE id = :id";
|
$query = "DELETE FROM requests WHERE id = :id";
|
||||||
try {
|
try {
|
||||||
$stmt = $this->pdo->prepare($query,
|
$stmt = $this->pdo->prepare(
|
||||||
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY));
|
$query,
|
||||||
|
self::PREPARE_OPTIONS_CURSOR_FWDONLY
|
||||||
|
);
|
||||||
$stmt->execute(array(':id' => $id)); // gibt bool zurück
|
$stmt->execute(array(':id' => $id)); // gibt bool zurück
|
||||||
} catch (PDOException $e) {
|
} catch (PDOException $e) {
|
||||||
$this->log->e("PDO Exception occures");
|
$this->log->e("PDO Exception occures");
|
||||||
|
@ -407,7 +419,7 @@ class Database {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
$this->log->d("Database operation successfull");
|
$this->log->d("Database operation successfull");
|
||||||
return $stmt->rowCount();;
|
return $stmt->rowCount();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -19,12 +19,13 @@ require_once("common.php");
|
||||||
class Request extends BaseClass {
|
class Request extends BaseClass {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Klasse zur Bearbeitung einer Anfrage nach einem Matrix Accuont. Erbt
|
* Klasse zur Bearbeitung einer Anfrage nach einem Matrix Account. Erbt
|
||||||
* aus der Klasse BaseClass ein Konfigurations- und ein Datenbankobjekt
|
* aus der Klasse BaseClass ein Konfigurations- und ein Datenbankobjekt
|
||||||
* ($this->config, $this->db), die Funktion generateToken() und sowie
|
* ($this->config, $this->db), die Funktion generateToken() und sowie
|
||||||
* die Variable $this-token.
|
* die Variable $this-token.
|
||||||
|
* @param string $message
|
||||||
|
* @return bool
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public function checkRequest(string &$message): bool {
|
public function checkRequest(string &$message): bool {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -40,33 +41,39 @@ class Request extends BaseClass {
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$ip = getRemoteHexIP();
|
||||||
$this->log->i("Request started for nick: {$_POST['login']}");
|
$this->log->i("Request started for nick: {$_POST['login']}");
|
||||||
if (false === $this->checkCaptcha()) {
|
try {
|
||||||
$message = "Captcha invalid";
|
if (false === $this->checkCaptcha()) {
|
||||||
return false;
|
$message = "Captcha invalid";
|
||||||
} else if (false === $this->checkEmail()) {
|
return false;
|
||||||
$message = "Email invalid";
|
} else if (false === $this->checkEmail()) {
|
||||||
return false;
|
$message = "Email invalid";
|
||||||
} else if (false === $this->checkMXID($this->config->getMxDomain())) {
|
return false;
|
||||||
$message = "User ID invalid";
|
} else if (false === $this->checkMXID($this->config->getMxDomain())) {
|
||||||
return false;
|
$message = "User ID invalid";
|
||||||
} else if (false === $this->checkUser()) {
|
return false;
|
||||||
$message = "User Id is already taken";
|
} else if (false === $this->checkUser($_POST['login'] ?? '')) {
|
||||||
return false;
|
$message = "User Id is already taken";
|
||||||
} else if (false === $this->checkRequests()) {
|
return false;
|
||||||
$message = "Too many requests";
|
} else if (false === $this->checkRequests($ip)) {
|
||||||
return false;
|
$message = "Too many requests";
|
||||||
} else {
|
return false;
|
||||||
if ($this->generateToken(16) === true) {
|
} else {
|
||||||
if ($this->saveRequest() === true) {
|
if ($this->generateToken(16) === true) {
|
||||||
if ($this->sendVerificationMail() === true) {
|
if ($this->saveRequest($ip) === true) {
|
||||||
$login = htmlspecialchars($_POST['login']);
|
if ($this->sendVerificationMail() === true) {
|
||||||
$message = "Your request for '{$login}' is saved and a
|
$login = htmlspecialchars($_POST['login']);
|
||||||
verification mail is send";
|
$message = "Your request for '{$login}' is saved and a
|
||||||
return true;
|
verification mail is send";
|
||||||
|
return true;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
} catch (Throwable $e) {
|
||||||
|
$this->log->e($e->getMessage());
|
||||||
|
$message = "unexpected error";
|
||||||
}
|
}
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -139,8 +146,20 @@ class Request extends BaseClass {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function checkUser(): bool {
|
/**
|
||||||
|
* @param string $nick
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
private function userExistsInRequestsOrUsers(string $nick): bool
|
||||||
|
{
|
||||||
|
return $this->db->UserExistsInRequests($nick) || $this->db->UserExistsInUsers($nick);
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param string $login
|
||||||
|
* @return bool
|
||||||
|
*/
|
||||||
|
private function checkUser(string $login): bool {
|
||||||
/**
|
/**
|
||||||
* Prüft, ob der gewünschte Nutzernamen nicht bereits vergeben ist.
|
* Prüft, ob der gewünschte Nutzernamen nicht bereits vergeben ist.
|
||||||
* Dazu wird in den Datenbanktabellen users (bereits registrierte
|
* Dazu wird in den Datenbanktabellen users (bereits registrierte
|
||||||
|
@ -152,24 +171,17 @@ class Request extends BaseClass {
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$this->log->d("Checking if username is available");
|
$this->log->d("Checking if username is available");
|
||||||
$nick = $_POST['login'];
|
return ! $this->userExistsInRequestsOrUsers($login);
|
||||||
if ($this->db->UserExistsInRequests($nick) === true) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
if ($this->db->UserExistsInUsers($nick) === true) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
return true;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
private function checkRequests(): bool {
|
private function checkRequests(string $ip): bool {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Prüft, ob für es von der aktuellen Remote IP bereits Anfragen
|
* Prüft, ob für es von der aktuellen Remote IP bereits Anfragen
|
||||||
* gibt. Diese sollten gewisse Limits nicht überschreiten.
|
* gibt. Diese sollten gewisse Limits nicht überschreiten.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
$timestamps = $this->db->getTimestamps();
|
$timestamps = $this->db->getTimestamps($ip);
|
||||||
$now = getNow();
|
$now = getNow();
|
||||||
|
|
||||||
// Wenn es der erste Request ist -> return true
|
// Wenn es der erste Request ist -> return true
|
||||||
|
@ -212,7 +224,7 @@ class Request extends BaseClass {
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
private function saveRequest(): bool {
|
private function saveRequest(string $ip): bool {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Veranlaßt die Speicherung der Anfrage in der Tabelle requests.
|
* Veranlaßt die Speicherung der Anfrage in der Tabelle requests.
|
||||||
|
@ -221,13 +233,10 @@ class Request extends BaseClass {
|
||||||
*/
|
*/
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$response = $this->db->saveRequest($this->token);
|
return $this->db->saveRequest($this->token, $ip);
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
$this->log->e("Error: Database returns: {$e->getMessage()}");
|
$this->log->e("Error: Database returns: {$e->getMessage()}");
|
||||||
}
|
}
|
||||||
if ($response === true) {
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -265,4 +274,4 @@ class Request extends BaseClass {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
|
@ -37,4 +37,3 @@ const HTML_FOOTER = <<<END
|
||||||
</footer>
|
</footer>
|
||||||
END;
|
END;
|
||||||
|
|
||||||
?>
|
|
||||||
|
|
Loading…
Reference in a new issue