clemens/praxis-creutzburg-web
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Inital

Browse Source
This commit is contained in:
Clemens Creutzburg
2026-03-20 17:13:38 +01:00
parent 4c84735b75
commit c043ee9a52
1152 changed files with 317560 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
zeiterfassung/inc/config.inc.php
+27
View File
@@ -0,0 +1,27 @@
<?php
//Datenbankverbindung
$dbhost = "mysql2fda.netcup.net";
$dbuser = "k25330_pracreutz";
$dbpassword = "be4K8DSASDA2y";
$dbname = "k25330_pracreutz";
// SQL Datum festlegen
$sqltoday = date("Y-m-d");
#$sqlyesterday = date("Y-m-d", strtotime("-1 day", $sqltoday ));
#$yesterday = Date('Y-m-d', strtotime('-1 day'));
#$yesteryesterday = Date('Y-m-d', strtotime('-2 days'));
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
$pdo = new PDO("mysql:host=$dbhost;dbname=$dbname", $dbuser, $dbpassword, $options);
#$conn = new mysqli($dbhost,$dbuser,$dbpassword,$dbname);
?>
zeiterfassung/inc/functions.inc.php
+190
View File
@@ -0,0 +1,190 @@
<?php
include_once("password.inc.php");
/**
* Checks that the user is logged in.
* @return Returns the row of the logged in user
*/
function check_user() {
global $pdo;
if(!isset($_SESSION['userid']) && isset($_COOKIE['identifier']) && isset($_COOKIE['securitytoken'])) {
$identifier = $_COOKIE['identifier'];
$securitytoken = $_COOKIE['securitytoken'];
$statement = $pdo->prepare("SELECT * FROM securitytokens WHERE identifier = :identifier");
$result = $statement->execute(array('identifier' => $identifier));
$securitytoken_row = $statement->fetch();
//echo $securitytoken;
if(sha1($securitytoken) !== $securitytoken_row['securitytoken']) {
//Vermutlich wurde der Security Token gestohlen
//Hier ggf. eine Warnung o.ä. anzeigen
echo 'In der letzte Sitzung nicht abgemeldet oder neuer/anderen Browser genutzt.<br><br><br>';
} else { //Token war korrekt
//Setze neuen Token
$neuer_securitytoken = random_string();
$insert = $pdo->prepare("UPDATE securitytokens SET securitytoken = :securitytoken WHERE identifier = :identifier");
$insert->execute(array('securitytoken' => sha1($neuer_securitytoken), 'identifier' => $identifier));
setcookie("identifier",$identifier,time()+(3600*24*365)); //1 Jahr Gültigkeit
setcookie("securitytoken",$neuer_securitytoken,time()+(3600*24*365)); //1 Jahr Gültigkeit
//Logge den Benutzer ein
$_SESSION['userid'] = $securitytoken_row['user_id'];
}
}
if(!isset($_SESSION['userid'])) {
die('Bitte zuerst <a href="login.php" >einloggen</a>');
}
$statement = $pdo->prepare("SELECT * FROM users WHERE id = :id");
$result = $statement->execute(array('id' => $_SESSION['userid']));
$user = $statement->fetch();
return $user;
}
/**
* Returns true when the user is checked in, else false
*/
function is_checked_in() {
return isset($_SESSION['userid']);
}
function is_checked_in_index() {
if( isset($_SESSION['userid']) || isset($_COOKIE['identifier'])){
return true;
}else{
return false;
}
}
/**
* Returns a random string
*/
function random_string() {
if(function_exists('openssl_random_pseudo_bytes')) {
$bytes = openssl_random_pseudo_bytes(16);
$str = bin2hex($bytes);
} else if(function_exists('mcrypt_create_iv')) {
$bytes = mcrypt_create_iv(16, MCRYPT_DEV_URANDOM);
$str = bin2hex($bytes);
} else {
//Replace your_secret_string with a string of your choice (>12 characters)
$str = md5(uniqid('your_secret_string', true));
}
return $str;
}
/**
* Returns the URL to the site without the script name
*/
function getSiteURL() {
$protocol = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off' || $_SERVER['SERVER_PORT'] == 443) ? "https://" : "http://";
return $protocol.$_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']).'/';
}
/**
* Outputs an error message and stops the further exectution of the script.
*/
function error($error_msg) {
include("templates/header.inc.php");
include("templates/error.inc.php");
include("templates/footer.inc.php");
exit();
}
/**
* Prüft, ob der Benutzer administrator ist
*/
function check_admin() {
global $pdo;
if(isset($_SESSION['userid'])) {
$statement = $pdo->prepare("SELECT userid FROM users_admin WHERE userid = :id");
$statement->execute(array('id' => $_SESSION['userid']));
$count = $statement->rowCount();
if($count == 1){
return true;
}else{
return false;
}
}else{
return false;
}
}
/**
* Non-invasive admin check that prefers the `users.admin` flag but
* falls back to the legacy `users_admin` table. Does not modify
* `check_user()` behavior.
*/
function is_admin_user() {
global $pdo;
if (!isset($_SESSION['userid'])) {
return false;
}
// Prefer the admin flag in users table (supports BIT(1) or TINYINT)
$stmt = $pdo->prepare("SELECT admin FROM users WHERE id = ?");
$stmt->execute([$_SESSION['userid']]);
$row = $stmt->fetch();
if ($row && !empty($row['admin'])) {
return true;
}
// Fallback to legacy users_admin table
$statement = $pdo->prepare("SELECT userid FROM users_admin WHERE userid = :id");
$statement->execute(array('id' => $_SESSION['userid']));
return ($statement->rowCount() == 1);
}
/**
* Prüft, ob der Benutzer Bearbeiter ist
*/
function check_worker() {
global $pdo;
if(isset($_SESSION['userid'])) {
$statement = $pdo->prepare("SELECT userid FROM users_worker WHERE userid = :id");
$statement->execute(array('id' => $_SESSION['userid']));
$count = $statement->rowCount();
if($count == 1){
return true;
}else{
return false;
}
}else{
return false;
}
}
function isValidSequence($sequence) {
$events = explode(',', $sequence);
$previousType = null;
foreach ($events as $type) {
if ($previousType === $type) {
// Ein Fehler, wenn zwei gleiche Typen aufeinanderfolgen
return false;
}
$previousType = $type;
}
// Überprüfen Sie, ob die Sequenz mit einem KOMMEN beginnt und einem GEHEN endet
return $events[0] === 'KOMMEN' && end($events) === 'GEHEN';
}
?>
zeiterfassung/inc/password.inc.php
+317
View File
@@ -0,0 +1,317 @@
<?php
/**
* A Compatibility library with PHP 5.5's simplified password hashing API.
*
* @author Anthony Ferrara <ircmaxell@php.net>
* @license http://www.opensource.org/licenses/mit-license.html MIT License
* @copyright 2012 The Authors
*/
namespace {
if (!defined('PASSWORD_BCRYPT')) {
/**
* PHPUnit Process isolation caches constants, but not function declarations.
* So we need to check if the constants are defined separately from
* the functions to enable supporting process isolation in userland
* code.
*/
define('PASSWORD_BCRYPT', 1);
define('PASSWORD_DEFAULT', PASSWORD_BCRYPT);
define('PASSWORD_BCRYPT_DEFAULT_COST', 10);
}
if (!function_exists('password_hash')) {
/**
* Hash the password using the specified algorithm
*
* @param string $password The password to hash
* @param int $algo The algorithm to use (Defined by PASSWORD_* constants)
* @param array $options The options for the algorithm to use
*
* @return string|false The hashed password, or false on error.
*/
function password_hash($password, $algo, array $options = array()) {
if (!function_exists('crypt')) {
trigger_error("Crypt must be loaded for password_hash to function", E_USER_WARNING);
return null;
}
if (is_null($password) || is_int($password)) {
$password = (string) $password;
}
if (!is_string($password)) {
trigger_error("password_hash(): Password must be a string", E_USER_WARNING);
return null;
}
if (!is_int($algo)) {
trigger_error("password_hash() expects parameter 2 to be long, " . gettype($algo) . " given", E_USER_WARNING);
return null;
}
$resultLength = 0;
switch ($algo) {
case PASSWORD_BCRYPT:
$cost = PASSWORD_BCRYPT_DEFAULT_COST;
if (isset($options['cost'])) {
$cost = (int) $options['cost'];
if ($cost < 4 || $cost > 31) {
trigger_error(sprintf("password_hash(): Invalid bcrypt cost parameter specified: %d", $cost), E_USER_WARNING);
return null;
}
}
// The length of salt to generate
$raw_salt_len = 16;
// The length required in the final serialization
$required_salt_len = 22;
$hash_format = sprintf("$2y$%02d$", $cost);
// The expected length of the final crypt() output
$resultLength = 60;
break;
default:
trigger_error(sprintf("password_hash(): Unknown password hashing algorithm: %s", $algo), E_USER_WARNING);
return null;
}
$salt_req_encoding = false;
if (isset($options['salt'])) {
switch (gettype($options['salt'])) {
case 'NULL':
case 'boolean':
case 'integer':
case 'double':
case 'string':
$salt = (string) $options['salt'];
break;
case 'object':
if (method_exists($options['salt'], '__tostring')) {
$salt = (string) $options['salt'];
break;
}
case 'array':
case 'resource':
default:
trigger_error('password_hash(): Non-string salt parameter supplied', E_USER_WARNING);
return null;
}
if (PasswordCompat\binary\_strlen($salt) < $required_salt_len) {
trigger_error(sprintf("password_hash(): Provided salt is too short: %d expecting %d", PasswordCompat\binary\_strlen($salt), $required_salt_len), E_USER_WARNING);
return null;
} elseif (0 == preg_match('#^[a-zA-Z0-9./]+$#D', $salt)) {
$salt_req_encoding = true;
}
} else {
$buffer = '';
$buffer_valid = false;
if (function_exists('mcrypt_create_iv') && !defined('PHALANGER')) {
$buffer = mcrypt_create_iv($raw_salt_len, MCRYPT_DEV_URANDOM);
if ($buffer) {
$buffer_valid = true;
}
}
if (!$buffer_valid && function_exists('openssl_random_pseudo_bytes')) {
$strong = false;
$buffer = openssl_random_pseudo_bytes($raw_salt_len, $strong);
if ($buffer && $strong) {
$buffer_valid = true;
}
}
if (!$buffer_valid && @is_readable('/dev/urandom')) {
$file = fopen('/dev/urandom', 'r');
$read = 0;
$local_buffer = '';
while ($read < $raw_salt_len) {
$local_buffer .= fread($file, $raw_salt_len - $read);
$read = PasswordCompat\binary\_strlen($local_buffer);
}
fclose($file);
if ($read >= $raw_salt_len) {
$buffer_valid = true;
}
$buffer = str_pad($buffer, $raw_salt_len, "\0") ^ str_pad($local_buffer, $raw_salt_len, "\0");
}
if (!$buffer_valid || PasswordCompat\binary\_strlen($buffer) < $raw_salt_len) {
$buffer_length = PasswordCompat\binary\_strlen($buffer);
for ($i = 0; $i < $raw_salt_len; $i++) {
if ($i < $buffer_length) {
$buffer[$i] = $buffer[$i] ^ chr(mt_rand(0, 255));
} else {
$buffer .= chr(mt_rand(0, 255));
}
}
}
$salt = $buffer;
$salt_req_encoding = true;
}
if ($salt_req_encoding) {
// encode string with the Base64 variant used by crypt
$base64_digits =
'ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/';
$bcrypt64_digits =
'./ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
$base64_string = base64_encode($salt);
$salt = strtr(rtrim($base64_string, '='), $base64_digits, $bcrypt64_digits);
}
$salt = PasswordCompat\binary\_substr($salt, 0, $required_salt_len);
$hash = $hash_format . $salt;
$ret = crypt($password, $hash);
if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != $resultLength) {
return false;
}
return $ret;
}
/**
* Get information about the password hash. Returns an array of the information
* that was used to generate the password hash.
*
* array(
* 'algo' => 1,
* 'algoName' => 'bcrypt',
* 'options' => array(
* 'cost' => PASSWORD_BCRYPT_DEFAULT_COST,
* ),
* )
*
* @param string $hash The password hash to extract info from
*
* @return array The array of information about the hash.
*/
function password_get_info($hash) {
$return = array(
'algo' => 0,
'algoName' => 'unknown',
'options' => array(),
);
if (PasswordCompat\binary\_substr($hash, 0, 4) == '$2y$' && PasswordCompat\binary\_strlen($hash) == 60) {
$return['algo'] = PASSWORD_BCRYPT;
$return['algoName'] = 'bcrypt';
list($cost) = sscanf($hash, "$2y$%d$");
$return['options']['cost'] = $cost;
}
return $return;
}
/**
* Determine if the password hash needs to be rehashed according to the options provided
*
* If the answer is true, after validating the password using password_verify, rehash it.
*
* @param string $hash The hash to test
* @param int $algo The algorithm used for new password hashes
* @param array $options The options array passed to password_hash
*
* @return boolean True if the password needs to be rehashed.
*/
function password_needs_rehash($hash, $algo, array $options = array()) {
$info = password_get_info($hash);
if ($info['algo'] !== (int) $algo) {
return true;
}
switch ($algo) {
case PASSWORD_BCRYPT:
$cost = isset($options['cost']) ? (int) $options['cost'] : PASSWORD_BCRYPT_DEFAULT_COST;
if ($cost !== $info['options']['cost']) {
return true;
}
break;
}
return false;
}
/**
* Verify a password against a hash using a timing attack resistant approach
*
* @param string $password The password to verify
* @param string $hash The hash to verify against
*
* @return boolean If the password matches the hash
*/
function password_verify($password, $hash) {
if (!function_exists('crypt')) {
trigger_error("Crypt must be loaded for password_verify to function", E_USER_WARNING);
return false;
}
$ret = crypt($password, $hash);
if (!is_string($ret) || PasswordCompat\binary\_strlen($ret) != PasswordCompat\binary\_strlen($hash) || PasswordCompat\binary\_strlen($ret) <= 13) {
return false;
}
$status = 0;
for ($i = 0; $i < PasswordCompat\binary\_strlen($ret); $i++) {
$status |= (ord($ret[$i]) ^ ord($hash[$i]));
}
return $status === 0;
}
}
}
namespace PasswordCompat\binary {
if (!function_exists('PasswordCompat\\binary\\_strlen')) {
/**
* Count the number of bytes in a string
*
* We cannot simply use strlen() for this, because it might be overwritten by the mbstring extension.
* In this case, strlen() will count the number of *characters* based on the internal encoding. A
* sequence of bytes might be regarded as a single multibyte character.
*
* @param string $binary_string The input string
*
* @internal
* @return int The number of bytes
*/
function _strlen($binary_string) {
if (function_exists('mb_strlen')) {
return mb_strlen($binary_string, '8bit');
}
return strlen($binary_string);
}
/**
* Get a substring based on byte limits
*
* @see _strlen()
*
* @param string $binary_string The input string
* @param int $start
* @param int $length
*
* @internal
* @return string The substring
*/
function _substr($binary_string, $start, $length) {
if (function_exists('mb_substr')) {
return mb_substr($binary_string, $start, $length, '8bit');
}
return substr($binary_string, $start, $length);
}
/**
* Check if current PHP version is compatible with the library
*
* @return boolean the check result
*/
function check() {
static $pass = NULL;
if (is_null($pass)) {
if (function_exists('crypt')) {
$hash = '$2y$04$usesomesillystringfore7hnbRJHxXVLeakoG8K30oukPsA.ztMG';
$test = crypt("password", $hash);
$pass = $test == $hash;
} else {
$pass = false;
}
}
return $pass;
}
}
}