Commit dc8a1e6e authored by Michael Ochmann's avatar Michael Ochmann

added restriction for uppercase letters; added submitting of groups; added...

added restriction for uppercase letters; added submitting of groups; added minimum length to shortcodes
parent 1ea8634a
......@@ -10,6 +10,7 @@ class Authenticator {
private $settings;
private $challenge;
private $user;
private $groups;
private $authenticated;
public function __construct(URLShortener $root) {
......@@ -18,6 +19,7 @@ class Authenticator {
if ($this->settings->system->debug) {
$this->authenticated = true;
$this->user = "heinz";
$this->groups = ["fsinf", "student"];
return;
}
......@@ -50,6 +52,10 @@ class Authenticator {
return $this->user;
}
public function inGroup($group) {
return in_array($group, $this->groups);
}
public function sendRequest() {
$obj = new \stdClass();
$obj->challenge = $this->challenge;
......@@ -72,8 +78,9 @@ class Authenticator {
$template->render();
exit;
}
$this->user = $data->username;
$this->authenticated = true;
$this->user = $data->username;
$this->authenticated = true;
$this->groups = $data->groups;
$_SESSION["username"] = $data->username;
header("Location: ./");
}
......
......@@ -7,11 +7,10 @@ class DatabaseHandler extends \mysqli {
private $settings;
protected function __construct() {
public function __construct() {
$this->settings = SettingsHandler::Instance()->database;
parent::__construct($this->settings->host, $this->settings->user, $this->settings->password, $this->settings->database);
$q = $this->query("sdsds");
}
public static function Instance() {
......
......@@ -9,6 +9,8 @@ class PostHandler {
public function __construct(URLShortener $root) {
$this->root = $root;
if (!$root->authenticator->authenticated())
return;
$this->db = DatabaseHandler::Instance();
$this->settings = SettingsHandler::Instance();
$this->add();
......@@ -26,6 +28,18 @@ class PostHandler {
$shortcode = $_POST["shorturl"] == "" ? $this->generateShortcode() : $_POST["shorturl"];
$minLen = $this->settings->system->shortcodeMinLength;
if (strlen($shortcode) < $minLen) {
new Alert("Der Shortcode muss mindestens <b>$minLen</b> Zeichen lang sein.", AlertLevel::ERROR);
header("Location: ./");
exit;
}
if (preg_match("/^[A-Z]/", $shortcode) && !$this->root->authenticator->inGroup("fsinf")) {
new Alert("Shortcodes die mit einem Großbuchstaben beginnen sind für den Fachschaftsrat reserviert.", AlertLevel::ERROR);
header("Location: ./");
exit;
}
$query = $this->db->prepare("SELECT shortcode FROM urls WHERE shortcode = ?");
$query->bind_param("s", $shortcode);
$query->execute();
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment