From b625e7fe5c7aec7e89fb36a0931e4df25f9f3bed Mon Sep 17 00:00:00 2001
From: Jan Vales <jan@jvales.net>
Date: Tue, 14 Jul 2015 16:40:29 +0200
Subject: [PATCH] das ganze mal committet, bevor was schief geht :)

---
 db_funcs.php         | 77 ++++++++++++++++++++++++++++++++++++
 funcs.php            | 94 ++++++++++++++++++++++++++++++++++++++++++++
 index.php            |  5 +++
 list.php             | 12 ++++++
 person.php           | 79 +++++++++++++++++++++++++++++++++++++
 settings.php.example | 11 ++++++
 stats.php            | 10 +++++
 7 files changed, 288 insertions(+)
 create mode 100644 db_funcs.php
 create mode 100644 funcs.php
 create mode 100644 index.php
 create mode 100644 list.php
 create mode 100644 person.php
 create mode 100644 settings.php.example
 create mode 100644 stats.php

diff --git a/db_funcs.php b/db_funcs.php
new file mode 100644
index 0000000..29ef2df
--- /dev/null
+++ b/db_funcs.php
@@ -0,0 +1,77 @@
+<?php
+
+/**
+* welcome.TU.code Anmeldesystem.
+* by Jan Vales <jan@jvales.net> (aka. Someone <someone@somenet.org>)
+*/
+
+require_once('./settings.php');
+
+function db_get_uinfo($user, $pass){
+  $lvl = -1;
+  $prep = $GLOBALS['dbc']->prepare('SELECT uname,lvl FROM users WHERE lower(uname)=lower(?) and pwd=encode(digest(?, \'sha512\'),\'hex\')');
+  $prep->execute(array($user, $pass));
+  $row = $prep->fetch();
+  if(isset($row['uname'])){
+    return $row;
+  }else{
+    return NULL;
+  }
+}
+
+function db_list_anmeldungen(){
+  $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE lower(uname)=lower(?)');
+  $prep->execute(array($GLOBALS['uname'],));
+  if($GLOBALS['lvl'] >= 2){
+    $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen');
+    $prep->execute();
+  }
+  return $prep->fetchAll();
+}
+
+function db_get_person($id){
+  $prep = $GLOBALS['dbc']->prepare('SELECT * FROM anmeldungen WHERE id = ?');
+  $prep->execute(array($id,));
+  return $prep->fetch();
+}
+
+function db_delete_person($id){
+  if($GLOBALS['lvl'] >= 2){
+    $prep = $GLOBALS['dbc']->prepare('DELETE FROM anmeldungen WHERE id = ?');
+    $prep->execute(array($id,));
+  }else{
+    $prep = $GLOBALS['dbc']->prepare('DELETE FROM anmeldungen WHERE id = ? and lower(uname) = ?');
+    $prep->execute(array($id,$GLOBALS['uname']));
+  }
+  return $prep->rowCount();
+}
+
+function db_store_person($id, $pdata){
+  $p = db_get_person($id);
+
+  if($p !== FALSE && $p['id'] == $id){
+    // found, we do updating, if uname == uname.
+    if($p['uname'] == $GLOBALS['uname'] || $GLOBALS['lvl'] >= 2){
+      if($pdata['analphabet'] == '')$pdata['analphabet'] = 0;
+      if($pdata['fotoerlaubnis'] == '')$pdata['fotoerlaubnis'] = 0;
+      if($pdata['videoerlaubnis'] == '')$pdata['videoerlaubnis'] = 0;
+      if($pdata['vorwissen'] == '')$pdata['vorwissen'] = 0;
+      if($pdata['gebdatum'] == '')$pdata['gebdatum'] = '1900-01-01';
+      $prep = $GLOBALS['dbc']->prepare('UPDATE anmeldungen SET nname=?, vname=?, gebdatum=?, nationaliaet=?, sprachen=?, analphabet=?, bemerkungen=?, vorwissen=?, fotoerlaubnis=?, videoerlaubnis=? WHERE id=?');
+      $prep->execute(array($pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], $pdata['analphabet'], $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis'], $p['id']));
+      return $prep->rowCount();
+	}
+  }else{
+    // inserting a new person.
+    if($pdata['analphabet'] == '')$pdata['analphabet'] = 0;
+    if($pdata['fotoerlaubnis'] == '')$pdata['fotoerlaubnis'] = 0;
+    if($pdata['videoerlaubnis'] == '')$pdata['videoerlaubnis'] = 0;
+    if($pdata['vorwissen'] == '')$pdata['vorwissen'] = 0;
+    if($pdata['gebdatum'] == '')$pdata['gebdatum'] = '1900-01-01';
+    $prep = $GLOBALS['dbc']->prepare('INSERT INTO anmeldungen(uname, nname, vname, gebdatum, nationaliaet, sprachen, analphabet, bemerkungen, vorwissen, fotoerlaubnis, videoerlaubnis) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?) returning id;');
+    $prep->execute(array($GLOBALS['uname'], $pdata['nname'], $pdata['vname'], $pdata['gebdatum'], $pdata['nationaliaet'], $pdata['sprachen'], $pdata['analphabet'], $pdata['bemerkungen'], $pdata['vorwissen'], $pdata['fotoerlaubnis'], $pdata['videoerlaubnis']));
+    $r = $prep->fetchColumn(); 
+	return -$r;
+  }
+}
+
diff --git a/funcs.php b/funcs.php
new file mode 100644
index 0000000..f7bf2c4
--- /dev/null
+++ b/funcs.php
@@ -0,0 +1,94 @@
+<?php
+
+/**
+* welcome.TU.code Anmeldesystem.
+* by Jan Vales <jan@jvales.net> (aka. Someone <someone@somenet.org>)
+*/
+
+require_once('./settings.php');
+require_once('./db_funcs.php');
+
+function login(){
+//  if(!isset($_SERVER['HTTPS'])){
+//    $url = 'https://'.$_SERVER["HTTP_HOST"].$_SERVER['REQUEST_URI'];
+//    header('Location: '.$url, true, 301);
+//    exit('<h1>Redirecting to: <a href="'.$url.'">'.$url.'</a></h1>');
+//  }
+  $uinfo = db_get_uinfo($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+  if($uinfo['lvl'] >= 1){
+    $GLOBALS['uname'] = $uinfo['uname'];
+    $GLOBALS['lvl'] = $uinfo['lvl'];
+  }else{
+    header('WWW-Authenticate: Basic realm="WelcomeTUcode login"');
+    header('HTTP/1.0 401 Unauthorized');
+    exit('Nicht eingeloggt. Falsche Anmeldedaten?');
+  }
+}
+
+function list_anmeldungen(){
+  $liste = db_list_anmeldungen();
+  $ret = '<table border=1><tr><th>Aktion</th><th>id</th><th>Anmeldung bei</th><th>Nachname(n)</th><th>Vorname(n)</th><th>Geboren</th><th>Nationalität</th><th>Sprachkenntnis</th>'.
+    '<th>Vorwissen</th><th>Analphabet</th><th>fotoerlaubnis</th><th>Videoerlaubnis</th><th>Bemerkung</th></tr>';
+  foreach ($liste as &$person) {
+    $ret .='<tr id="pers_'.$person['id'].'"><td><a href="./person.php?id='.$person['id'].'">Bearbeiten</a></td><td>'.$person['id'].'</td><td>'.$person['uname'].'</td>'.
+	'<td>'.$person['nname'].'</td><td>'.$person['vname'].'</td><td>'.$person['gebdatum'].'</td><td>'.$person['nationaliaet'].'</td>'.
+	'<td>'.$person['sprachen'].'</td><td>'.$person['vorwissen'].'</td><td>'.$person['analphabet'].'</td><td>'.$person['fotoerlaubnis'].'</td>'.
+	'<td>'.$person['videoerlaubnis'].'</td><td>'.$person['bemerkungen'].'</td></tr>';
+/*    echo '<div class="person" id="pers_'.$person['id'].'" style="border:1px solid black;"><div id="pers_'.$person['id'].'_vname">'.$person['vname'].'</div>
+	<div id="pers_'.$person['id'].'_nname">'.$person['nname'].'</div> <div id="pers_'.$person['id'].'_gebdatum">'.$person['gebdatum'].'</div>
+	<div id="pers_'.$person['id'].'_nationaliaet">'.$person['nationaliaet'].'</div> <div id="pers_'.$person['id'].'_sprachen">'.$person['sprachen'].'</div>
+	<div id="pers_'.$person['id'].'_vorwissen">'.$person['vorwissen'].'</div> <div id="pers_'.$person['id'].'_analphabet">'.$person['analphabet'].'</div>
+	<div id="pers_'.$person['id'].'_fotoerlaubnis">'.$person['fotoerlaubnis'].'</div> <div id="pers_'.$person['id'].'_videoerlaubnis">'.$person['videoerlaubnis'].'</div>
+	<div class="bemerkung" id="pers_'.$person['id'].'_bemerkungen">'.$person['bemerkungen'].'</div>
+	</div>';*/
+  }
+  return $ret.'</table>';
+}
+
+function store_person(){
+  if(!isset($_REQUEST['delete']) && !isset($_REQUEST['save'])) return 0;
+
+//var_export($_REQUEST);
+
+  if(isset($_REQUEST['delete']))return db_delete_person($_REQUEST['id']);
+  if(isset($_REQUEST['save'])){
+
+    if(!isset($_REQUEST['vname']))return '-vname- not set!';
+    $pdata['vname']=$_REQUEST['vname'];
+
+    if(!isset($_REQUEST['nname']))return '-nname- not set!';
+    $pdata['nname']=$_REQUEST['nname'];
+
+    if(!isset($_REQUEST['gebdatum']))return '-gebdatum- not set!';
+    $pdata['gebdatum']=$_REQUEST['gebdatum'];
+	
+    if(!isset($_REQUEST['nationaliaet']))return '-nationaliaet- not set!';
+    $pdata['nationaliaet']=$_REQUEST['nationaliaet'];
+
+    if(!isset($_REQUEST['sprachen']))return '-sprachen- not set!';
+    $pdata['sprachen']=$_REQUEST['sprachen'];
+
+    if(!isset($_REQUEST['vorwissen']))return '-vorwissen- not set!';
+    $pdata['vorwissen']=$_REQUEST['vorwissen'];
+	
+    if(!isset($_REQUEST['analphabet']))return '-analphabet- not set!';
+    $pdata['analphabet']=$_REQUEST['analphabet'];
+
+    if(!isset($_REQUEST['fotoerlaubnis']))return '-fotoerlaubnis- not set!';
+    $pdata['fotoerlaubnis']=$_REQUEST['fotoerlaubnis'];
+
+    if(!isset($_REQUEST['videoerlaubnis']))return '-videoerlaubnis- not set!';
+    $pdata['videoerlaubnis']=$_REQUEST['videoerlaubnis'];
+
+    if(!isset($_REQUEST['bemerkungen']))return '-bemerkungen- not set!';
+    $pdata['bemerkungen']=$_REQUEST['bemerkungen'];
+
+    return db_store_person($_REQUEST['id'], $pdata);
+  }
+}
+
+function get_person($id){
+  if(!is_numeric($id)) return NULL;
+  return db_get_person($id);
+}
+
diff --git a/index.php b/index.php
new file mode 100644
index 0000000..23db70e
--- /dev/null
+++ b/index.php
@@ -0,0 +1,5 @@
+<h1>anmeldesystem</h1>
+
+<p><a href="./list.php">zu der Liste der angemeldeten</a></p>
+<p><a href="./stats.php">Stats</a></p>
+
diff --git a/list.php b/list.php
new file mode 100644
index 0000000..1e5a475
--- /dev/null
+++ b/list.php
@@ -0,0 +1,12 @@
+<?php
+require_once('./funcs.php');
+
+login();
+
+?>
+
+<h1>Anmeldungsliste</h1>
+<p><a href="./person.php">Person hinzufügen</a></p>
+<?php echo list_anmeldungen(); ?>
+<p><a href="./person.php">Person hinzufügen</a></p>
+
diff --git a/person.php b/person.php
new file mode 100644
index 0000000..044b727
--- /dev/null
+++ b/person.php
@@ -0,0 +1,79 @@
+<?php
+
+/**
+* welcome.TU.code Anmeldesystem.
+* by Jan Vales <jan@jvales.net> (aka. Someone <someone@somenet.org>)
+*/
+
+require_once('./funcs.php');
+
+login();
+
+$status = store_person();
+$person = get_person($_REQUEST['id']);
+
+if(isset($_REQUEST['api'])){
+  header('Content-Type: application/json');
+  header('Access-Control-Allow-Origin: *');
+  mb_internal_encoding('UTF-8');
+  $send['status'] = $status;
+  $send['person'] = $person;
+  exit(json_encode($send));
+}
+
+?>
+
+<h1>Person bearbeiten</h1>
+<?php
+if($status == 1 && isset($_REQUEST['delete'])){
+  echo '<h2>Person gelöscht</h2>';
+}elseif($status == 1 && isset($_REQUEST['save'])){
+  echo '<h2>Person aktualisiert</h2>';
+}elseif($status < 0){
+  echo '<h2>Person angelegt. ID:'.-$status.'</h2>';
+}
+?>
+<p><a href="list.php">Zurück zur Übersicht</a></p>
+<form method="post" enctype="multipart/form-data">
+<input type="submit" name="save" value="Speichern"> <input type="submit" name="delete" value="Löschen">
+
+<p>Vorname(n)<br>
+<input type="text" name="vname" value="<?php echo $person['vname'];?>"></p>
+<p>Nachname(n)<br>
+<input type="text" name="nname" value="<?php echo $person['nname'];?>"></p>
+<p>Geboren<br>
+<input type="text" name="gebdatum" value="<?php echo $person['gebdatum'];?>"></p>
+<p>Nationalität<br>
+<input type="text" name="nationaliaet" value="<?php echo $person['nationaliaet'];?>"></p>
+<p>Sprachkenntnisse<br>
+<input type="text" name="sprachen" value="<?php echo $person['sprachen'];?>"></p>
+<p>Vorwissen<br>
+<input type="text" name="vorwissen" value="<?php echo $person['vorwissen'];?>"></p>
+<p>Analphabet<br>
+<input type="text" name="analphabet" value="<?php echo $person['analphabet'];?>"></p>
+<p>Fotoerlaubnis<br>
+<input type="text" name="fotoerlaubnis" value="<?php echo $person['fotoerlaubnis'];?>"></p>
+<p>Videoerlaubnis<br>
+<input type="text" name="videoerlaubnis" value="<?php echo $person['videoerlaubnis'];?>"></p>
+<p>Besonderes/Bemerkungen<br>
+<textarea rows="6" cols="50" name="bemerkungen"><?php echo $person['bemerkungen'];?></textarea></p>
+
+<input type="submit" name="save" value="Speichern"> <input type="submit" name="delete" value="Löschen">
+</form>
+<p><a href="list.php">Zurück zur Übersicht</a></p>
+
+<?php
+
+/*
+
+<br>Comment or context:<br><textarea rows="3" cols="50" name="comment"></textarea><br>Hashtag, if needed:<br>
+<input type="text" name="web_suffix"><br>
+  Image upload<br><input type="file" name="img"><br>
+  Image position:<br>
+  <input type="radio" id="imgtop" name="image_pos" value="1" checked="yes"><label for="imgtop">Top</label><br>
+  <input type="radio" id="imgbot" name="image_pos" value="2"><label for="imgbot">Bottom</label><br><br>
+  Comment for Admins/Mods:<br><textarea rows="3" cols="50" name="comment_intern"></textarea><br><br><input type="submit" name="submit" value="Submit"></form>';
+<form>
+
+*/
+
diff --git a/settings.php.example b/settings.php.example
new file mode 100644
index 0000000..3cae100
--- /dev/null
+++ b/settings.php.example
@@ -0,0 +1,11 @@
+<?php
+
+ini_set('display_errors',1);
+ini_set('display_startup_errors',1);
+error_reporting(-1);
+
+$GLOBALS['dbc'] = new PDO('pgsql:host=localhost;port=5432;dbname=SETME;user=SETME;password=SETME');
+$GLOBALS['dbc']->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+$GLOBALS['dbc']->setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE, PDO::FETCH_ASSOC);
+
+
diff --git a/stats.php b/stats.php
new file mode 100644
index 0000000..eee7cea
--- /dev/null
+++ b/stats.php
@@ -0,0 +1,10 @@
+<?php
+require_once('./funcs.php');
+
+login();
+
+?>
+
+<h1>Stats</h1>
+TODO, wenn überhaupt (kann-Ziel)
+
-- 
2.43.0