synced-timer/index.php

251 lines
7.7 KiB
PHP
Raw Normal View History

2021-07-11 09:12:51 +02:00
<?php
define('L_EXEC', true);
require_once './theme.php';
require_once './strings.php';
require_once './storageHelper.php';
class SyncedTimer
{
private $_serverConfig = array(
"hideIndexPhp" => true
);
private $_themeConfig = array();
private $_translations;
private $_basepath;
private $_resourcePath;
private $_path;
private $_dataFile = "./data.json";
private $_storageHelper;
public function __construct($translations)
{
session_start();
$this->_translations = $translations;
$this->_storageHelper = new StorageHelper($this->_dataFile);
$this->_calculateBasepath();
$this->_themeConfig["basePath"] = $this->_basepath;
$this->_themeConfig["mainIcon"] = $this->_resourcePath . "IconSmallSquareOutline.png";
$this->_theme = new LandingpageTheme($this->_themeConfig, $this->_storageHelper, $this->_translations);
$this->_processRequest();
}
private function _processRequest()
{
$this->_updatePermissions();
$this->_checkPagePermissions();
if ($this->_stringEndsWith($this->_path, "submit")) {
if ($_SERVER['REQUEST_METHOD'] !== 'POST') {
$this->_redirect('/');
}
switch ($this->_path) {
case '/login/submit':
$this->_handleLoginSubmit();
break;
case '/logout/submit':
unset($_SESSION["auth"]);
$this->_redirect('/');
break;
case '/manage/submit':
$this->_handleManageSubmit();
$this->_redirect('/manage');
break;
default:
$this->_redirect("/");
break;
}
} else {
if ($this->_path === '/logout') {
$this->_redirect('/');
} else {
$paramList = explode('/', ltrim($this->_path, '/'), 2);
$endpoint = $paramList[0];
$username = $paramList[1];
if ($endpoint === "api" && isset($username))
$this->_printJson($username);
else
$this->_theme->printPage($endpoint, $username);
}
}
unset($_SESSION['lastResult']);
}
private function _calculateBasepath()
{
if ($this->_serverConfig['hideIndexPhp']) {
$this->_basepath = str_replace(basename($_SERVER["SCRIPT_NAME"]), '', $_SERVER['SCRIPT_NAME']);
$this->_resourcePath = $this->_basepath;
} else {
$this->_basepath = $_SERVER["SCRIPT_NAME"];
$this->_resourcePath = str_replace(basename($_SERVER["SCRIPT_NAME"]), '', $_SERVER['SCRIPT_NAME']);
}
$this->_basepath = rtrim($this->_basepath, "/ ");
if (($this->_basepath !== '' && strpos($_SERVER['REQUEST_URI'], $this->_basepath) === false) || $_SERVER['REQUEST_URI'] === $this->_basepath)
$this->_path = "/";
else
$this->_path = str_replace($this->_basepath, "", $_SERVER['REQUEST_URI']);
}
private function _redirect($path)
{
header('Location: ' . $this->_basepath . $path);
die();
}
//
// - Page printer (theme)
//
private function _printJson($username)
{
header('Content-Type: application/json');
header('Access-Control-Allow-Origin: *');
$allUserdata = $this->_storageHelper->loadUserdata();
if (array_key_exists($username, $allUserdata)) {
$userdata = $allUserdata[$username];
die(json_encode(array(
"status" => 200,
"data" => array(
"time" => $userdata["time"],
"startedAt" => $userdata["startedAt"],
"header" => $userdata["header"]
)
)));
} else {
http_response_code(404);
die(json_encode(array(
"status" => 404,
"data" => null
)));
}
}
// -----------------------
// - Permission handlers -
// -----------------------
private function _updatePermissions()
{
$_SESSION['permissions'][''] = false;
$_SESSION['permissions']['t'] = true;
$_SESSION['permissions']['api'] = true;
$_SESSION['permissions']['login'] = !$this->_isUserAuthenticated();
$_SESSION['permissions']['logout'] = $this->_isUserAuthenticated();
$_SESSION['permissions']['manage'] = $this->_isUserAuthenticated();
}
private function _checkPagePermissions()
{
$pageRedirectOnInsufficientPermissionsPriority = [
0 => "manage",
1 => "login"
];
$page = explode("/", $this->_path)[1];
if (!isset($_SESSION['permissions'][$page])) {
$this->_redirect('/');
} else if ($_SESSION['permissions'][$page] === false) {
if (!$this->_isUserAuthenticated()) {
$_SESSION['lastResult'] = 'loginRequired';
}
if ($this->_path === '/' || $this->_path === '') {
// if the root is opened, do not throw an error!
unset($_SESSION['lastResult']);
}
// redirect to the first page the user has access to
foreach ($pageRedirectOnInsufficientPermissionsPriority as $page) {
if ($_SESSION['permissions'][$page])
$this->_redirect("/" . $page);
}
die($this->_translations['results']['noPermissionToAnyPage']);
}
}
// -------------------
// - Submit handlers -
// -------------------
private function _handleLoginSubmit()
{
$username = $_POST["username"];
$password = $_POST["password"];
$userData = $this->_storageHelper->loadUserdata();
if (array_key_exists($username, $userData) && password_verify($password, $userData[$username]['password'])) {
$_SESSION["auth"]["loggedIn"] = true;
$_SESSION["auth"]["username"] = $username;
$_SESSION['lastResult'] = "loginSuccess";
$this->_redirect("/manage");
} else {
$_SESSION['lastResult'] = "loginFailed";
$this->_redirect("/login");
}
}
private function _handleManageSubmit()
{
$time = $_POST["time"];
$header = $_POST["header"];
$startedAt = time();
$newData = array(
"time" => intval($time),
"header" => $header,
"startedAt" => $startedAt
);
$this->_storageHelper->writeUserdata($_SESSION["auth"]["username"], $newData);
$_SESSION['lastResult'] = "timerSetSuccessfully";
}
// ----------------------------
// - General helper functions -
// ----------------------------
private function _isUserAuthenticated()
{
$authenticated =
isset($_SESSION['auth'])
&& isset($_SESSION['auth']['loggedIn'])
&& $_SESSION['auth']['loggedIn'] === true
&& isset($_SESSION['auth']['username']);
if (!$authenticated && isset($_SESSION['auth'])) {
unset($_SESSION['auth']);
}
return $authenticated;
}
private function _stringStartsWith($haystack, $needle)
{
$length = strlen($needle);
return substr($haystack, 0, $length) === $needle;
}
private function _stringEndsWith($haystack, $needle)
{
$length = strlen($needle);
if (!$length) {
return true;
}
return substr($haystack, -$length) === $needle;
}
}
new SyncedTimer($translations);