torsten/fvsjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial

Browse Source
This commit is contained in:
Torsten Schulz
2023-06-16 11:57:49 +02:00
commit 44da93c0e9
328 changed files with 134580 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

517
include/renderer.php Normal file
View File

@@ -0,0 +1,517 @@
<?php
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\SMTP;
use PHPMailer\PHPMailer\Exception;
use PhpImap\Mailbox;
require 'vendor/autoload.php';
class Renderer {
protected string $templateName;
private array $menuItems = [];
protected array $internalMenuItems = [];
protected $hiddenCount = 0;
protected array $predefines = [];
protected array $errors = [];
protected array $formFields = [];
protected string $formSendButtonLabel = '';
protected bool $isAjaxForm = false;
protected string $encType = 'application/x-www-form-urlencoded';
protected $dbConnection;
protected string $encryptionKey = 'CXOoBDbt0qjJ6zlTILGVsFIZTE0aTZUC';
protected array $content = [];
protected string $dbTable = '';
protected bool $dbGenerateSaltField = false;
protected bool $dbUpdate = false;
protected bool $cleanFields = false;
protected array $messages = [];
protected string $salt = '';
private string $website = '';
protected bool $saveAllFields = false;
protected string $imapServer = 'imap.gmx.net';
protected int $imapPort = 993;
protected string $smtpServer = 'mail.gmx.net';
protected int $smtpPort = 465;
protected string $emailUser = 'foerderverein-ajs@gmx.de';
protected string $emailPassword = 'HarheimerWeg16';
protected $mbox;
public function __construct(?string $templateName = null) {
session_start();
$this->createPublicMenuItems();
$this->createInternalMenuItems();
if (!isset($_SESSION['userid'])) {
$_SESSION['userid'] = 0;
}
$scriptName = $this->getScriptName();
if (!in_array($scriptName, array_merge($this->menuItems, $this->internalMenuItems))) {
header('Location: /', true, 301);
return;
}
$this->templateName = $templateName ?: (!in_array($scriptName, ['ffajs', 'fvajs', '', '/']) ? $scriptName : 'index');
$this->connectDb();
}
private function createPublicMenuItems(): void {
$this->menuItems = $this->getMenuItemsFromFile('publicpages');
}
private function createInternalMenuItems(): void {
$this->internalMenuItems = $this->getMenuItemsFromFile('internalpages');
}
private function getMenuItemsFromFile(string $fileName): array {
$items = json_decode(file_get_contents('conf/' . $fileName . '.conf'));
$menu = [];
foreach ($items as $url => $caption) {
$menu[($caption !== '' ? $caption : '$hidden:0' . $this->hiddenCount++)] = $url;
}
return $menu;
}
public function getScriptName(): string {
return $this->getSplittedUri()[0];
}
public function getUrl(): string {
return filter_input(INPUT_SERVER, 'REQUEST_URI');
}
protected function getUriParams(): array {
$paramPairs = explode('&', $this->getSplittedUri()[1]);
$result = [];
foreach ($paramPairs as $paramPair) {
$pair = explode('=', $paramPair);
if (count($pair) === 2) {
$result[$pair[0]] = $pair[1];
}
}
return $result;
}
protected function getSplittedUri(): array {
$scriptNameParts = pathinfo(filter_input(INPUT_SERVER, 'REQUEST_URI'));
$uri = $scriptNameParts['filename'] ?: 'index';
return explode('?', $uri);
}
private function connectDb(): void {
$user = 'ffajs';
$password = 'BpAJSis1999xx';
$host = 'tsschulz.de';
$port = 3306;
$db = 'ffajs';
$this->dbConnection = mysqli_connect($host, $user, $password, $db, $port);
}
public function render(): void {
if (trim(filter_input(INPUT_POST, 'action', FILTER_SANITIZE_STRING)) !== '') {
$this->formAction();
}
$this->website = file_get_contents('templates/page.html');
$this->header();
$this->menu();
if ($_SESSION['userid'] === 0 && in_array($this->getScriptName() , $this->internalMenuItems, false)) {
$this->templateName = 'login_error';
}
$this->body();
$this->footer();
echo $this->website;
}
private function header(): void {
$this->website = str_replace('{{header}}', file_get_contents('templates/header.html'), $this->website);
}
private function menu(): void {
$menu = '<menu>';
$scriptName = $this->getScriptName();
foreach ($this->menuItems as $page => $link) {
if (substr($page, 0, 8) === '$hidden:') {
continue;
}
$menu .= '<a href="' . $link . '"' . ($link === $scriptName ? 'class="active"' : '') . '>' . $page . '</a>';
}
if (isset($_SESSION) && $_SESSION['userid'] === 0) {
$menu .= '<a href="login" class="login"><img src="' . (filter_input(INPUT_SERVER, 'HTTP_HOST') == 'localhost' ? '/ffajs' : '') .
'/images/icons/key.png" class="menu-icon" alt="login" /></a>';
} else {
$menu .= '<div class="internal-menu-main"><span class="intern">Verwaltung</span><div class="internal-menu-sub">';
foreach ($this->internalMenuItems as $page => $link) {
if (substr($page, 0, 8) === '$hidden:') {
continue;
}
$menu .= '<a class="intern" href="' . $link . '"' . ($link === $scriptName ? 'class="active"' : '') . '>' . $page . '</a>';
}
$menu .= '</div></div>';
$menu .= '<a href="logout" class="login"><img src="' . (filter_input(INPUT_SERVER, 'HTTP_HOST') == 'localhost' ? '/ffajs' : '') .
'/images/icons/key.png" class="menu-icon" alt="logout" /></a>';
}
$menu .= '</menu>';
$this->website = str_replace('{{menu}}', $menu, $this->website);
}
protected function body(): void {
$this->generateContent();
$rawContent = file_get_contents('templates/' . $this->templateName . '.html');
$errorHtml = count($this->errors) > 0
? '<div class="error">' . implode('<br />', $this->errors) . '</div>'
: '';
$messagesHtml = count($this->messages) > 0
? '<div class="messages">' . implode('<br />', $this->messages) . '</div>'
: '';
$placeholders = ['{{errors}}', '{{form}}', '{{messages}}'];
$renderedContent = [$errorHtml, $this->renderForm(), $messagesHtml];
foreach ($this->content as $placeholder => $html) {
$placeholders[] = '{{' . $placeholder . '}}';
$renderedContent[] = $html;
}
$content = str_replace($placeholders, $renderedContent, $rawContent);
$this->website = str_replace('{{content}}', $content, $this->website);
}
private function footer(): void {
$this->website = str_replace('{{footer}}', file_get_contents('templates/footer.html'), $this->website);
}
protected function showInputField(array $errors, string $inputType, string $fieldName, int $fieldLength): void {
echo '<input type="' . $inputType . '" name="' . $fieldName . '" size="' . $fieldLength . '" value="' . filter_input(INPUT_POST, $fieldName, FILTER_SANITIZE_STRING) . '" />';
if (isset($errors[$fieldName])) {
echo '<span class="error">' . $errors[$fieldName] . '</span>';
}
}
protected function renderForm(): string {
$form = '<form method="post" action="' . $this->getUrl() . '" enctype="' . $this->encType . '"><table class="form">';
$label = '';
$input = '';
$error = '';
for ($formFieldIndex = 0; $formFieldIndex < count($this->formFields); ++$formFieldIndex) {
$newLabelExtension = $this->renderLabel($formFieldIndex);
$label .= (strlen($label) > 0 && strlen($newLabelExtension) > 0 ? ' / ' : '') . $newLabelExtension;
$input .= $this->renderInput($formFieldIndex);
if (isset($this->formFields[$formFieldIndex]['name']) && isset($this->errors[$this->formFields[$formFieldIndex]['name'] ])) {
$error .= '<span class="error">' . $this->errors[$this->formFields[$formFieldIndex]['name'] ] . '</span>';
}
if (!isset($this->formFields[$formFieldIndex]['combine_with_next_line'] ) || !$this->formFields[$formFieldIndex]['combine_with_next_line']) {
$form .= '<tr><th>' . $label . '</th><td>' . $input . '</td><td>' . $error . '</td></tr>';
$label = '';
$input = '';
$error = '';
}
}
$form .= '</table>';
if (!$this->isAjaxForm) {
$form .= '<button type="submit" name="action" value="submit">' . $this->formSendButtonLabel . '</button>';
}
$form .= '<button type="reset">Zurücksetzen</button>';
$form .= '</form>';
return $form;
}
protected function renderLabel(int $index): string {
if (!isset($this->formFields[$index]['name']) && !isset($this->formFields[$index]['label'])) {
return '';
} elseif (isset($this->formFields[$index]['label'])) {
return $this->formFields[$index]['label'];
}
return '<label for="' . $this->formFields[$index]['name'] . '">' . $this->formFields[$index]['label'] . '</label>';
}
protected function renderInput(int $index): string {
if ($this->formFields[$index]['type'] === 'combobox') {
return $this->renderCombobox($index);
}
if ($this->formFields[$index]['type'] === 'textarea') {
return $this->renderTextarea($index);
}
if ($this->formFields[$index]['type'] === 'infotext') {
return '';
}
if ($this->formFields[$index]['type'] === 'dbselect') {
return $this->renderDbSelect($index);
}
if ($this->formFields[$index]['type'] === 'spacer') {
return '&nbsp;';
}
if ($this->formFields[$index]['type'] === 'button') {
return $this->renderButton($index);
}
return $this->renderStandardInput($index);
}
protected function renderCombobox(int $index): string {
$inputField = '<select size="1" id="' . $this->formFields[$index]['name']
. '" name="' . $this->formFields[$index]['name'] . '" size="' . $this->formFields[$index]['size'] . '"'
. ' value="' . $this->inputValue($index) . '">';
$inputValue = $this->inputValue($index);
foreach ($this->formFields[$index]['values'] as $value) {
$inputField .= '<option value="' . $value . '"';
if ($value == $inputValue || (isset($this->formFields[$index]['default']) && $inputValue == '' && $value == $this->formFields[$index]['default'])) {
$inputField .= ' selected';
}
$inputField .= '>' . $value . '</option>';
}
$inputField .= '</select>';
return $inputField;
}
protected function renderStandardInput(int $index): string {
return '<input type="' . $this->formFields[$index]['type'] . '" id="' . $this->formFields[$index]['name'] .
'" name="' . $this->formFields[$index]['name'] . '" size="' . $this->formFields[$index]['size'] . '"' .
' value="' . $this->inputValue($index) . '" />';
}
protected function renderTextarea(int $index): string {
return '<textarea id="' . $this->formFields[$index]['name'] .'" '
. 'name="' . $this->formFields[$index]['name'] . '" cols="' . $this->formFields[$index]['cols'] . '" '
. 'rows="' . $this->formFields[$index]['rows'] . '">' . $this->inputValue($index) . '</textarea>';
}
protected function renderDbSelect(int $index): string {
$query = 'SELECT `id`, `' . $this->formFields[$index]['optionfield'] . '` as label FROM `' . $this->formFields[$index]['sourcedb'] . '` ORDER BY `id`';
$dbResult = mysqli_query($this->dbConnection, $query);
$inputValue = $this->inputValue($index);
$selectField = '<select id="' . $this->formFields[$index]['name'] . '" '
. 'name="' . $this->formFields[$index]['name'] . '">';
if (isset($this->formFields[$index]['with_null_field']) && $this->formFields[$index]['with_null_field'] === true) {
$selectField .= '<option value="NULL">---</option>';
}
while ($row = mysqli_fetch_assoc($dbResult)) {
$selectField .= '<option value="' . $row['id'] . '"';
if ($row['id'] == $inputValue) {
$selectField .= ' selected';
}
$selectField .= '>' . $row['label'] . '</option>';
}
$selectField .= '</select>';
return $selectField;
}
protected function renderButton(int $index): string {
return '<button id="' . $this->formFields[$index]['name'] . '" name="' . $this->formFields[$index]['name'] . '">' . $this->formFields[$index]['text'] . '</button>';
}
protected function inputValue($index): string {
if (isset($this->formFields[$index]['value'])) {
return $this->formFields[$index]['value'];
} elseif ($this->cleanFields) {
return '';
}
$value = filter_input(INPUT_POST, $this->formFields[$index]['name'], FILTER_SANITIZE_STRING) ?: '';
if (trim($value) === '' && isset($this->predefines[$this->formFields[$index]['name']])) {
$value = $this->predefines[$this->formFields[$index]['name']];
}
return $value;
}
protected function formAction(): void {
}
protected function formCheckFields(): bool {
foreach ($this->formFields as $field) {
$value = filter_input(INPUT_POST, $field['name'], isset($field['filter']) ? $field['filter'] : FILTER_SANITIZE_STRING);
if (isset($field['optional']) && ($field['optional'] == false) && trim($value) === '' && $field['type'] !== 'file') {
$this->errors[$field['name']] = 'Das Feld darf nicht leer sein';
continue;
}
if (isset($field['regex']) && !preg_match($field['regex'], $value)) {
$this->errors[$field['name']] = 'Inkorrekte eingabe';
}
}
return count($this->errors) === 0;
}
protected function createDbInsert(): string {
$preparedFieldData = $this->createDbKeyValues();
return 'INSERT INTO `' . $this->dbTable . '` (' . implode(', ', $preparedFieldData['keys'])
. ') VALUES (' . implode(', ', $preparedFieldData['values']) . ')';
}
protected function createKeyValuePairsForUpdate(array $data): string {
$resultArray = [];
$numEntries = count($data['keys']);
for ($i = 0; $i < $numEntries; ++$i) {
$resultArray[] = $data['keys'][$i] . ' = ' . $data['values'][$i];
}
return implode(', ', $resultArray);
}
protected function createDbUpdate(): string {
$preparedFieldData = $this->createDbKeyValues();
$query = 'UPDATE `' . $this->dbTable . '` SET ';
$query .= $this->createKeyValuePairsForUpdate($preparedFieldData);
$query .= ' WHERE `id` = ' . $this->getUriParams()['id'];
return $query;
}
protected function saveToDb(): void {
$query = $this->dbUpdate
? $this->createDbUpdate()
: $this->createDbInsert();
mysqli_query($this->dbConnection, $query);
}
protected function createDbKeyValues(): array {
$keysArray = [];
$valuesArray = [];
$salt = $this->salt != '' ? $this->salt : $this->generateRandomString();
foreach ($this->formFields as $field) {
if (!$this->saveAllFields && isset($field['optional']) && $field['optional'] === true && trim(filter_input(INPUT_POST, $field['name'], $field['filter'])) === '') {
continue;
}
$keysArray[] = '`' . $field['dbfield'] . '`';
if (isset($field['with_null_field']) && filter_input(INPUT_POST, $field['name']) === 'NULL') {
$valuesArray[] = 'NULL';
} else {
$rawValue = filter_input(INPUT_POST, $field['name'], $field['filter']);
$dbValue = $rawValue === '' || (isset($field['encryption']) && $field['encryption'] === false) ? $rawValue : $this->encode($rawValue, $salt);
$valuesArray[] = '"' . $dbValue . '"';
}
}
if ($this->dbGenerateSaltField) {
$keysArray[] = '`salt`';
$valuesArray[] = '"' . $salt . '"';
}
return ['keys' => $keysArray, 'values' => $valuesArray];
}
protected function getDbEncryptedValueIfNeeded(array $formData, string $fieldName, string $salt): mixed {
$formField = $this->getFormField($fieldName);
if (count($formField) !== 0) {
if (!$this->fieldHasToBeEncrypted($fieldName)) {
return $formData[$fieldName];
}
}
return $this->encode($formData[$fieldName], $salt);
}
protected function getFormField($fieldName): array {
foreach ($this->formFields as $formField) {
if (!isset($formField['name'])) {
continue;
}
if ($formField['name'] === $fieldName) {
return $formField;
}
}
return [];
}
protected function fieldHasToBeEncrypted(string $fieldName): bool {
$formField = $this->getFormField($fieldName);
return !isset($formField['encryption']) || $formField['encryption'] !== false;
}
protected function generateContent(): void {
}
protected function generateRandomString($length = 16) {
$characters = '0123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
$charactersLength = strlen($characters);
$randomString = '';
for ($i = 0; $i < $length; $i++) {
$randomString .= $characters[rand(0, $charactersLength - 1)];
}
return $randomString;
}
protected function encode(string $toEncode, string $salt): string {
return openssl_encrypt($toEncode, 'aes-256-cbc', $this->encryptionKey, 0, $salt);
}
protected function decode(string $toDecode, string $salt): string {
return openssl_decrypt($toDecode, 'aes-256-cbc', $this->encryptionKey, 0, $salt);
}
protected function initSmtpMailer(): PHPMailer {
$mail = new PHPMailer(true);
$mail->SMTPDebug = SMTP::DEBUG_OFF;
$mail->isSMTP();
$mail->Host = $this->smtpServer;
$mail->Port = $this->smtpPort;
$mail->SMTPAuth = true;
$mail->Username = $this->emailUser;
$mail->Password = $this->emailPassword;
$mail->SMTPSecure = PHPMailer::ENCRYPTION_SMTPS;
$mail->CharSet = PHPMailer::CHARSET_UTF8;
$mail->isHTML(true);
return $mail;
}
protected function sendMail(PHPMailer $mail, string $subject, string $body, string $signature): void {
$completeBody = $body . $signature . $this->emailLegalInformation();
$mail->Subject = $subject;
$mail->Body = $completeBody;
$mail->AltBody = 'Diese Email benötigt HTML-Ansicht';
$mail->send();
}
protected function connectToImap(): bool {
$this->mbox = new PhpImap\Mailbox(
'{' . $this->imapServer . ':' . $this->imapPort . '/imap/ssl}INBOX',
$this->emailUser,
$this->emailPassword,
__DIR__,
'UTF-8',
true,
false
);
$this->mbox->setConnectionArgs(
CL_EXPUNGE,
3,
[]
);
/* $this->mbox = imap_open ("{" . $this->imapServer . ":" . $this->imapPort . "/imap/ssl}INBOX", $this->emailUser, $this->emailPassword);
if ($this->mbox === false) {
$errors = imap_errors();
$this->errors = is_array($errors) ? $errors : [$errors];
}*/
return ($this->mbox !== false);
}
protected function saveFileLocal(string $newFileName, string $content, string $salt): void {
$encodedFile = $this->encode($content, $salt);
file_put_contents('/var/shared/fvajs/' . $newFileName, $encodedFile);
}
protected function emailLegalInformation(): string {
return '';
}
protected function generateSignature(string $signatureType): string {
$sender = ($signatureType === 'Persönliche Signatur') ? $this->generatePersonalSignature() : 'Der Vorstand';
return '<p>-------------<br/>'
. $sender .'<br/><br/>'
. 'Verein der Freunde und F&ouml;rderer der August-Jaspert-Schule e.V.<br/>'
. 'Harheimer Weg 16<br/>'
. '60437 Frankfurt<br/>'
. 'Email: foerderverein-ajs@gmx.de<br/>'
. 'Homepage: https://fvajs.de<br/>'
. 'Registergerich: Amtsgerich Frankfurt a.M. <Registernummer>'
. 'Vertretungsberechtigt: Lucas Fastabend, Alexandra <nachname>, Torsten Schulz'
. '</p>';
}
protected function generatePersonalSignature(): string {
$query = sprintf('SELECT c.first_name, c.last_name, c.salt, cp.description
FROM clubmember c
JOIN `user` u
ON u.id = c.user_id
LEFT JOIN clubmember_position cp
ON cp.id = c.position_id
WHERE u.id = %d', $_SESSION['userid']);
$dbResult = mysqli_query($this->dbConnection, $query);
$row = mysqli_fetch_assoc($dbResult);
$name = $this->decode($row['first_name'], $row['salt']) . ' ' . $this->decode($row['last_name'], $row['salt']);
if (trim($row['description']) === '') {
return name;
}
return htmlspecialchars($name . ' (' . $row['description'] . ')');
}
}