init

4 files changed, 375 insertions, 0 deletions

diff --git a/class/.user.php.swp b/class/.user.php.swp
new file mode 100644
index 0000000..3864e3f
--- /dev/null
+++ b/class/.user.php.swp
diff --git a/class/cache.php b/class/cache.php
new file mode 100644
index 0000000..8005484
--- /dev/null
+++ b/class/cache.php
@@ -0,0 +1,69 @@
+<?php
+
+class cache {
+	public $token = "";
+
+	private $db;
+
+	public function __construct($rconnect, $rdb){
+		$this->db = new Redis();	
+
+		try {
+			$this->db->connect($rconnect);
+		} catch (Exception $e) {
+			return $e->getMessage();
+		}
+		try {
+			$this->db->ping();
+		} catch (Exception $e) {
+			return $e->getMessage();
+		}
+		try {
+			$this->db->select($rdb);
+		} catch (Exception $e) {
+			return $e->getMessage();
+		}
+	}
+
+	public function check(){
+		try {
+			return $this->db->ping();
+		} catch (Exception $e) {
+			return $e->getMessage();
+		}
+	}
+
+	public function setKey($key, $value, $ttl = null){
+		$this->db->set($key, $value, $ttl);
+	}
+
+	public function getValue($key){
+		return $this->db->get($key);
+	}
+
+	public function getToken($data, $append = ""){
+		$this->token = CACHEPREFIX . $append . md5(strtolower($data));
+		return $this->token;
+	}
+	
+	public function exists($key){
+		return $this->db->exists($key);
+	}
+
+	public function delete($key){
+		return $this->db->delete($key);
+	}
+
+	public function del($key){
+		return $this->db->delete($key);
+	}
+
+	public function flush($token = null){
+		if ( is_null($token) )
+			return $this->db->flushDB();
+		else
+			return $this->db->delete($token);
+	}
+}
+
+
diff --git a/class/mysql.php b/class/mysql.php
new file mode 100644
index 0000000..8d75538
--- /dev/null
+++ b/class/mysql.php
@@ -0,0 +1,153 @@
+<?php
+
+class db {
+	
+	protected $db;
+
+	public function __construct(){
+		$this->open();
+	}
+
+	public function open(){
+		try {
+			$this->db = new mysqli(DBHOST, DBUSER, DBPASSWORD, DBNAME);	
+		} catch (Exception $e){
+			failure("<p>".$e->getMessage()."</p>", '500 Server Failure', false, '<h1>Failed to open database connection.</h1>');
+		}
+
+		if ( $this->db->connect_errno ){
+			failure("<p>Can't connect to the database. MySQL gave this error code: " . $this->db->connect_errno . "</p>", '500 Server Failure', false, '<h1>Connection to MySQL server failed.</h1>');
+		}
+
+		if ( ! $this->db->ping() ){
+			failure("<p>Can't reach MySQL server. Server says: " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>Can't reach MySQL server!</h1>");
+		}
+
+		if ( ! $this->db->set_charset(DBCHARSET) ){
+			failure("<p>Can't set " . DBCHARSET . " as the charset on your MySQL server.</p>" , '500 Server Failure', false, "<h1>Setting Charset failed!</h1>");
+		}
+
+	}
+
+	public function close(){
+		$this->db->close();	
+	}
+
+	public function check(){
+		if ( ! $this->db->ping() ){
+			return false;
+		}
+
+		return true;
+	}
+
+	# does a single MySQL query with output (SELECT, INSERT, UPDATE... )
+	public function doQuery($string){
+		if ( ! $this->check() )
+			return false;
+
+		return $this->db->query($string);
+	}
+
+	# does multiple queries WITHOUT output (INSERT, UPDATE, DELETE... )
+	public function execMultipleQueries($sql){
+		if ( ! $this->check() )
+			return false;	
+
+		$result = $this->db->multi_query($sql);
+		if ( ! $result )
+			return false;
+
+		do {
+			if( ! $this->db->more_results() )	
+				break;
+			if ( ! $this->db->next_result() ){
+				if ( $this->db->error != "" ){
+					//$result->free();
+					return false;
+				}
+			}
+		} while (true);
+
+		return true;
+	}
+
+	# code by WordPress. See @link https://core.trac.wordpress.org/browser/branches/4.0/src/wp-includes/wp-db.php#L1154
+	# syntax like sprintf()
+	public function prepare( $query, $args ) {
+		if ( is_null( $query ) )
+			return;
+		
+		// This is not meant to be foolproof -- but it will catch obviously incorrect usage.
+		if ( strpos( $query, '%' ) === false ) {
+			return false;
+		}
+		
+		$args = func_get_args();
+		array_shift( $args );
+
+		// If args were passed as an array (as in vsprintf), move them up
+		if ( isset( $args[0] ) && is_array($args[0]) )
+			$args = $args[0];
+
+		$query = str_replace( "'%s'", '%s', $query ); // in case someone mistakenly already singlequoted it
+		$query = str_replace( '"%s"', '%s', $query ); // doublequote unquoting
+		$query = preg_replace( '|(?<!%)%f|' , '%F', $query ); // Force floats to be locale unaware
+		$query = preg_replace( '|(?<!%)%s|', "'%s'", $query ); // quote the strings, avoiding escaped strings like %%s
+
+		array_walk( $args, array( $this, '_escape_by_ref' ) );
+
+		return @vsprintf( $query, $args );
+	}
+
+	private function _escape_by_ref( &$string ){
+		if ( ! is_float( $string ) )
+			$string = $this->_real_escape( $string );
+	}
+
+	private function _real_escape( $string ){
+		return $this->db->real_escape_string($string);
+	}
+	# WordPress End
+
+	public function createTables(){
+		$user_table = 
+		'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'user 
+			( id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(id), 
+			name VARCHAR(70), UNIQUE(name), 
+			password VARCHAR(70), UNIQUE(password), 
+			email VARCHAR(70), UNIQUE(email), 
+			register INTEGER 
+			) ENGINE=InnoDB;';
+
+		$banned_user_table = 
+		'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'banned_user
+			( banned_id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(banned_id),
+			login_attempts INTEGER,
+			ip TEXT,
+			session_id TEXT,
+			time INTEGER,
+			user INTEGER
+			)
+		ENGINE=InnoDB;';
+
+		$jg_table = 
+		'CREATE TABLE IF NOT EXISTS ' . DBPREFIX . 'member
+			( member_id INTEGER AUTO_INCREMENT NOT NULL, PRIMARY KEY(member_id),
+			name varchar(70), UNIQUE(name),
+			adresse TEXT,
+			telefonnummer TEXT,
+			handynummer TEXT,
+			email varchar(70), UNIQUE(email),
+			geburtstag TEXT
+			)
+		ENGINE=InnoDB;';
+
+		if ( ! $this->execMultipleQueries('BEGIN; '. $user_table . ' ' . $banned_user_table . ' ' . $jg_table . ' COMMIT;') )
+			failure("<p>There was a problem during bootstrapping the database schema. " . $this->db->error . "</p>", '500 Server Failure', false, "<h1>CREATE TABLE FAILED</h1>");
+	}
+	
+	public function __destruct(){
+		$this->close();
+	}
+}
diff --git a/class/user.php b/class/user.php
new file mode 100644
index 0000000..969d734
--- /dev/null
+++ b/class/user.php
@@ -0,0 +1,153 @@
+<?php
+
+class jg {
+
+	public $username;
+	public $login 	= false;
+
+	private $pepper;
+	private $query 	= false;
+	
+	public function __construct($name = null){
+
+		$this->username = $name;
+
+		if ( isset($_SESSION["loggedin"]) )
+			$this->login = $_SESSION["loggedin"];
+		
+		$this->_setPepper();
+
+		$this->_setQuery();
+	}
+
+	# get's everything from the database
+	private function _setQuery(){
+		global $db;
+
+		$sql = $db->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username);
+		$db_db = $db->doQuery($sql);
+		if ( is_bool($db_db) )
+			$this->query = false;
+		else
+			$this->query = $db_db->fetch_array(MYSQLI_ASSOC);
+	}
+
+	private function _setPepper(){
+		if ( PEPPER_IS_FILE )
+			$this->pepper = file_get_contents(PEPPER);
+		else
+			$this->pepper = PEPPER;
+	}
+
+	public function getUser(){
+		return $this->query['name'];
+	}
+
+	public function getUserId(){
+		return $this->query['id'];
+	}
+
+	public function getPassword(){
+		return $this->query['password'];
+	}
+
+	public function getEmail(){
+		if ( $this->query['email'] == "null" )
+			return "";
+		else
+			return $this->query['email'];	
+	}
+
+	public function getRegister(){
+		return $this->query['register'];
+	}
+
+	# check if valid user
+	public function isValidUser(){
+		if( ( is_bool($this->query) && ! $this->query ) || is_null($this->query) )
+			return false;
+
+		return true;
+	}
+
+	# check if current user is authenticated
+	public function isLoggedIn(){
+		return $this->login;	
+	}
+
+	public function login($user, $password){
+		if ( is_null($this->username) )
+			$this->__construct($user);
+		
+		# get hashed password from the database
+		$hashed_password = $this->getPassword();
+
+		# do the password check with php function
+		if ( ! password_verify($password . PEPPER, $hashed_password) )
+			return false;
+
+		# set login to true
+		$this->login = true;
+
+		$this->username=$user;
+
+		# start a session if needed
+		if ( session_status() != PHP_SESSION_ACTIVE ) {
+			session_name(SESSION);
+			session_start();
+		}
+
+		# set session variable to true
+		$_SESSION["loggedin"] = true;
+
+		# assign userid to the session variable
+		$_SESSION["userid"] = $this->getUserId();
+		$_SESSION["username"] = $this->username;
+
+		return true;
+	}
+
+	public function logout(){
+
+		# no session active, so return false
+		if ( session_status() != PHP_SESSION_ACTIVE )	
+			return false;
+
+		# set login to false
+		$this->login = false;
+
+		# destroy session
+		if( ! session_destroy() )
+			return false;
+
+		return true;
+	}
+
+	public function register($name, $password, $email){
+		global $db;
+
+		$hash	  = password_hash($password . PEPPER, PASSWORD_DEFAULT);
+
+		$sql = $db->prepare("
+			INSERT INTO " . DBPREFIX . "user (id, name, password, email, register) VALUES (NULL, %s, %s, %s, %d);", $name, $hash, $email, time() 
+		);
+
+		if ( ! $db->doQuery($sql) )
+			return false;
+
+		# the user is successfull registered, thus already logged in
+		$this->username = $name;
+
+		# redefine the class attributes
+		$this->_setPepper();
+		$this->_setQuery();
+
+		$this->login($name, $password);
+
+		return true;
+	}
+
+	public function __destruct(){
+		return true;
+	}
+}