925/matrix-register
1
0
Fork 0
forked from berhsi/matrix-register
Code Issues Pull requests Projects Releases Wiki Activity

refactor code style, conditions

Browse source
This commit is contained in:
Sebastian Wagner 2021-03-04 23:24:04 +01:00
parent 42f756b918
commit 0483ceab53
5 changed files with 121 additions and 85 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lib/base.php
View file

@ -25,9 +25,25 @@ class BaseClass {
*/ */
private $config_path = "/etc/matrix-register/register.ini"; private $config_path = "/etc/matrix-register/register.ini";
/**
* @var Config
*/
public $config; // Instanz der die Klasse Config public $config; // Instanz der die Klasse Config
/**
* @var Logger
*/
public $log; // Instanz der Klasse Logger public $log; // Instanz der Klasse Logger
/**
* @var Database
*/
public $db; // Instanz der Klasse Database public $db; // Instanz der Klasse Database
/**
* @var string
*/
public $token = ""; // Variable für Token oder temp. Password public $token = ""; // Variable für Token oder temp. Password
public function __construct() { public function __construct() {

2
lib/common.php
View file

@ -53,7 +53,7 @@ function getNick(string $mid): string
} }
} }
function getRemoteHexIP() { function getRemoteHexIP(): string {
/** /**
* Wandelt die IP des anfragenden Clients in einen Hexadezimalen * Wandelt die IP des anfragenden Clients in einen Hexadezimalen

94
lib/db.php
View file

@ -69,7 +69,6 @@ class Connection {
} }
else { else {
throw new Exception("Wrong driver for database: {$driver}"); throw new Exception("Wrong driver for database: {$driver}");
return false;
} }
} catch (PDOException $e) { } catch (PDOException $e) {
throw new Exception($e->getMessage()); throw new Exception($e->getMessage());
@ -100,15 +99,31 @@ class Connection {
class Database { class Database {
protected const PREPARE_OPTIONS_CURSOR_FWDONLY = [
PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY,
];
/** /**
* Stellt das Datenbankobjekt und die Methoden zum Arbeiten mit der * Stellt das Datenbankobjekt und die Methoden zum Arbeiten mit der
* Datenbank zur verfügung. * Datenbank zur verfügung.
*/ */
/**
* @var PDO
*/
private $pdo; private $pdo;
/**
* @var Logger
*/
private $log; private $log;
public function __construct($pdo, $log) /**
* Database constructor.
* @param PDO $pdo
* @param Logger $log
*/
public function __construct(PDO $pdo, Logger $log)
{ {
/** /**
* Übernimmt beim Erstellen der Klasse die Connection zur Datenbank * Übernimmt beim Erstellen der Klasse die Connection zur Datenbank
@ -216,35 +231,31 @@ class Database {
* Klassenfunktion searchUser(). Braucht getNick() common.php! * Klassenfunktion searchUser(). Braucht getNick() common.php!
*/ */
$userFound = false;
$users = [];
$this->log->d("Search for localpart {$nick} in users"); $this->log->d("Search for localpart {$nick} in users");
$query = "SELECT name FROM users WHERE name LIKE :nick"; $query = "SELECT `name` FROM users WHERE `name` = :nick";
$pattern = "%$nick%"; $name = "@" . $nick . ":matrix.kraut.space";
try { $users = $this->searchUser($query, $name);
$response = $this->searchUser($query, $pattern); $count = count($users);
} catch (PDOException $e) {
$this->log->e("searchUser() returns true because PDOException");
return true;
}
$count = count($response);
if ($count == 0) if ($count == 0)
{ {
$this->log->d("Nothing found"); $this->log->d("Nothing found");
return false; return $userFound;
} } else {
else foreach ($users as $user) {
{ $uid = getNick($user['name']);
foreach ($response as $array) {
$uid = getNick($array['name']);
$this->log->d("Compare {$nick} with {$uid}"); $this->log->d("Compare {$nick} with {$uid}");
if ($uid === $nick) { if ($uid === $nick) {
$this->log->i("MXID localpart already exists: {$nick}"); $this->log->i("MXID localpart already exists: {$nick}");
return true; $userFound = true;
break;
} else { } else {
$this->log->d("False"); $this->log->d("False");
} }
} }
} }
return false; return $userFound;
} }
public function UserExistsInRequests(string $nick): bool public function UserExistsInRequests(string $nick): bool
@ -258,13 +269,13 @@ class Database {
* Funktion searchUser(). * Funktion searchUser().
*/ */
$response = [];
$this->log->d("Search for localpart {$nick} in requests"); $this->log->d("Search for localpart {$nick} in requests");
$query = "SELECT nick FROM requests WHERE nick = :nick"; $query = "SELECT nick FROM requests WHERE nick = :nick";
try { try {
$response = $this->searchUser($query, $nick); $response = $this->searchUser($query, $nick);
} catch (PDOException $e) { } catch (PDOException $e) {
$this->log->e("searchUser() returns true because PDOException"); $this->log->e("searchUser() returns true because PDOException");
return true;
} }
$count = count($response); $count = count($response);
if ($count > 0) { if ($count > 0) {
@ -284,24 +295,22 @@ class Database {
* Funktion. * Funktion.
*/ */
try try {
{ $stmt = $this->pdo->prepare(
$stmt = $this->pdo->prepare($query, $query,
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); self::PREPARE_OPTIONS_CURSOR_FWDONLY
);
$stmt->execute(array(':nick' => $nick)); // gibt bool zurück $stmt->execute(array(':nick' => $nick)); // gibt bool zurück
$response = $stmt->fetchAll(); return $stmt->fetchAll();
return $response; } catch (PDOException $e) {
}
catch (PDOException $e)
{
$errormsg = $e->getMessage(); $errormsg = $e->getMessage();
$this->log->e("A PDO-Exception occurres"); $this->log->e("A PDO-Exception occurres");
$this->log->e("Error: {$errormsg}"); $this->log->e("Error: {$errormsg}");
throw new PDOException($errormsg); throw $e;
} }
} }
public function getTimestamps(): array { public function getTimestamps(string $ip): array {
/** /**
* Schaut in der Datenbank, ob es bereits Einträge mit der aktuellen * Schaut in der Datenbank, ob es bereits Einträge mit der aktuellen
@ -310,10 +319,10 @@ class Database {
* TODO: flexibler gestalten? IP als Parameter übergeben? * TODO: flexibler gestalten? IP als Parameter übergeben?
*/ */
$ip = getRemoteHexIP();
$this->log->i("Search for IP: {$_SERVER['REMOTE_ADDR']}"); $this->log->i("Search for IP: {$_SERVER['REMOTE_ADDR']}");
$stmt = $this->pdo->prepare("SELECT time FROM requests WHERE $stmt = $this->pdo->prepare(
ip = :ip"); "SELECT `time` FROM requests WHERE ip = :ip"
);
try { try {
$stmt->BindValue(':ip', $ip, PDO::PARAM_LOB); $stmt->BindValue(':ip', $ip, PDO::PARAM_LOB);
$stmt->execute(); $stmt->execute();
@ -326,7 +335,7 @@ class Database {
return $response; return $response;
} }
public function saveRequest($token): bool public function saveRequest(string $token, string $ip): bool
{ {
/** /**
* Speichert den gewünschten Nick, die Emailadresse, das Token, die * Speichert den gewünschten Nick, die Emailadresse, das Token, die
@ -338,7 +347,6 @@ class Database {
* oder reichen die prepared Statments? * oder reichen die prepared Statments?
*/ */
$ip = getRemoteHexIP();
$nick = $_POST['login']; $nick = $_POST['login'];
$email = $_POST['email']; $email = $_POST['email'];
$time = getNow(); $time = getNow();
@ -377,8 +385,10 @@ class Database {
$token = $_GET['token']; $token = $_GET['token'];
$query = "SELECT id, nick, token FROM requests WHERE token = :token"; $query = "SELECT id, nick, token FROM requests WHERE token = :token";
try { try {
$stmt = $this->pdo->prepare($query, $stmt = $this->pdo->prepare(
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $query,
self::PREPARE_OPTIONS_CURSOR_FWDONLY
);
$stmt->execute(array(':token' => $token)); // gibt bool zurück $stmt->execute(array(':token' => $token)); // gibt bool zurück
$response = $stmt->fetchAll(); $response = $stmt->fetchAll();
} catch (PDOException $e) { } catch (PDOException $e) {
@ -398,8 +408,10 @@ class Database {
$query = "DELETE FROM requests WHERE id = :id"; $query = "DELETE FROM requests WHERE id = :id";
try { try {
$stmt = $this->pdo->prepare($query, $stmt = $this->pdo->prepare(
array(PDO::ATTR_CURSOR => PDO::CURSOR_FWDONLY)); $query,
self::PREPARE_OPTIONS_CURSOR_FWDONLY
);
$stmt->execute(array(':id' => $id)); // gibt bool zurück $stmt->execute(array(':id' => $id)); // gibt bool zurück
} catch (PDOException $e) { } catch (PDOException $e) {
$this->log->e("PDO Exception occures"); $this->log->e("PDO Exception occures");
@ -407,7 +419,7 @@ class Database {
return false; return false;
} }
$this->log->d("Database operation successfull"); $this->log->d("Database operation successfull");
return $stmt->rowCount();; return $stmt->rowCount();
} }
} }

93
lib/request.php
View file

@ -19,12 +19,13 @@ require_once("common.php");
class Request extends BaseClass { class Request extends BaseClass {
/** /**
* Klasse zur Bearbeitung einer Anfrage nach einem Matrix Accuont. Erbt * Klasse zur Bearbeitung einer Anfrage nach einem Matrix Account. Erbt
* aus der Klasse BaseClass ein Konfigurations- und ein Datenbankobjekt * aus der Klasse BaseClass ein Konfigurations- und ein Datenbankobjekt
* ($this->config, $this->db), die Funktion generateToken() und sowie * ($this->config, $this->db), die Funktion generateToken() und sowie
* die Variable $this-token. * die Variable $this-token.
* @param string $message
* @return bool
*/ */
public function checkRequest(string &$message): bool { public function checkRequest(string &$message): bool {
/** /**
@ -40,33 +41,39 @@ class Request extends BaseClass {
return false; return false;
} }
$ip = getRemoteHexIP();
$this->log->i("Request started for nick: {$_POST['login']}"); $this->log->i("Request started for nick: {$_POST['login']}");
if (false === $this->checkCaptcha()) { try {
$message = "Captcha invalid"; if (false === $this->checkCaptcha()) {
return false; $message = "Captcha invalid";
} else if (false === $this->checkEmail()) { return false;
$message = "Email invalid"; } else if (false === $this->checkEmail()) {
return false; $message = "Email invalid";
} else if (false === $this->checkMXID($this->config->getMxDomain())) { return false;
$message = "User ID invalid"; } else if (false === $this->checkMXID($this->config->getMxDomain())) {
return false; $message = "User ID invalid";
} else if (false === $this->checkUser()) { return false;
$message = "User Id is already taken"; } else if (false === $this->checkUser($_POST['login'] ?? '')) {
return false; $message = "User Id is already taken";
} else if (false === $this->checkRequests()) { return false;
$message = "Too many requests"; } else if (false === $this->checkRequests($ip)) {
return false; $message = "Too many requests";
} else { return false;
if ($this->generateToken(16) === true) { } else {
if ($this->saveRequest() === true) { if ($this->generateToken(16) === true) {
if ($this->sendVerificationMail() === true) { if ($this->saveRequest($ip) === true) {
$login = htmlspecialchars($_POST['login']); if ($this->sendVerificationMail() === true) {
$message = "Your request for '{$login}' is saved and a $login = htmlspecialchars($_POST['login']);
verification mail is send"; $message = "Your request for '{$login}' is saved and a
return true; verification mail is send";
return true;
}
} }
} }
} }
} catch (Throwable $e) {
$this->log->e($e->getMessage());
$message = "unexpected error";
} }
return false; return false;
} }
@ -139,8 +146,20 @@ class Request extends BaseClass {
return true; return true;
} }
private function checkUser(): bool { /**
* @param string $nick
* @return bool
*/
private function userExistsInRequestsOrUsers(string $nick): bool
{
return $this->db->UserExistsInRequests($nick) || $this->db->UserExistsInUsers($nick);
}
/**
* @param string $login
* @return bool
*/
private function checkUser(string $login): bool {
/** /**
* Prüft, ob der gewünschte Nutzernamen nicht bereits vergeben ist. * Prüft, ob der gewünschte Nutzernamen nicht bereits vergeben ist.
* Dazu wird in den Datenbanktabellen users (bereits registrierte * Dazu wird in den Datenbanktabellen users (bereits registrierte
@ -152,24 +171,17 @@ class Request extends BaseClass {
*/ */
$this->log->d("Checking if username is available"); $this->log->d("Checking if username is available");
$nick = $_POST['login']; return ! $this->userExistsInRequestsOrUsers($login);
if ($this->db->UserExistsInRequests($nick) === true) {
return false;
}
if ($this->db->UserExistsInUsers($nick) === true) {
return false;
}
return true;
} }
private function checkRequests(): bool { private function checkRequests(string $ip): bool {
/** /**
* Prüft, ob für es von der aktuellen Remote IP bereits Anfragen * Prüft, ob für es von der aktuellen Remote IP bereits Anfragen
* gibt. Diese sollten gewisse Limits nicht überschreiten. * gibt. Diese sollten gewisse Limits nicht überschreiten.
*/ */
$timestamps = $this->db->getTimestamps(); $timestamps = $this->db->getTimestamps($ip);
$now = getNow(); $now = getNow();
// Wenn es der erste Request ist -> return true // Wenn es der erste Request ist -> return true
@ -212,7 +224,7 @@ class Request extends BaseClass {
return true; return true;
} }
private function saveRequest(): bool { private function saveRequest(string $ip): bool {
/** /**
* Veranlaßt die Speicherung der Anfrage in der Tabelle requests. * Veranlaßt die Speicherung der Anfrage in der Tabelle requests.
@ -221,13 +233,10 @@ class Request extends BaseClass {
*/ */
try { try {
$response = $this->db->saveRequest($this->token); return $this->db->saveRequest($this->token, $ip);
} catch (Exception $e) { } catch (Exception $e) {
$this->log->e("Error: Database returns: {$e->getMessage()}"); $this->log->e("Error: Database returns: {$e->getMessage()}");
} }
if ($response === true) {
return true;
}
return false; return false;
} }
@ -265,4 +274,4 @@ class Request extends BaseClass {
} }
?>

1
static/web.php
View file

@ -37,4 +37,3 @@ const HTML_FOOTER = <<<END
</footer> </footer>
END; END;
?>