From 2f0d1fc6b370b70782d2f6fb273d0638ac6760ab Mon Sep 17 00:00:00 2001
From: Krombel <krombel@krombel.de>
Date: Tue, 6 Mar 2018 18:01:05 +0100
Subject: [PATCH] make database config configurable

---
 config.sample.php |  6 ++++
 database.php      | 89 ++++++++++++++++++++++++++---------------------
 public/index.php  |  6 ++--
 3 files changed, 59 insertions(+), 42 deletions(-)

diff --git a/config.sample.php b/config.sample.php
index b3fe96f..b7c1f28 100644
--- a/config.sample.php
+++ b/config.sample.php
@@ -13,5 +13,11 @@ $config = [
 
     // optional: Do you have a place where howTo's are located? If not leave this value out
     "howToURL" => "https://my-url-for-storing-howTos.net",
+
+    // to define where the data should be stored:
+    "databaseURI" => "sqlite:" . dirname(__FILE__) . "/db_file.sqlite",
+    // credentials for sqlite not used
+    "databaseUser" => "dbUser123",
+    "databasePass" => "secretPassword",
 ]
 ?>
diff --git a/database.php b/database.php
index 122c802..caf241a 100644
--- a/database.php
+++ b/database.php
@@ -1,5 +1,10 @@
 <?php  
-$db_file = dirname(__FILE__)."/db_file.sqlite";
+require_once("config.php");
+if (!isset($config["databaseURI"])) {
+	throw new Exception ("malformed configuration: databaseURI not defined");
+}
+$db_input = "sqlite:" . dirname(__FILE__) . "/db_file.sqlite";
+$db_input = $config["databaseURI"];
 
 abstract class RegisterState
 {
@@ -32,52 +37,53 @@ class mxDatabase
 
 	/**
 	 * Creates mxDatabase object
-	 * @param db_file path to the sqlite file where the credentials should be stored
+	 * @param db_input path to the sqlite file where the credentials should be stored
+	 *     or a param which can be used to connect to a database with PDO
 	 */
-	function __construct($db_file) {
+	function __construct($db_input, $user='', $password='') {
 		// create database file when not existent yet
-		if (!file_exists($db_file)) {
-			$this->db = new PDO('sqlite:' . $db_file);
-			$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-			$this->db->exec("CREATE TABLE registrations(
-				id INTEGER PRIMARY KEY AUTOINCREMENT,
-				state INT DEFAULT 0,
-				first_name TEXT,
-				last_name TEXT,
-				username TEXT,
-				note TEXT,
-				email TEXT,
-				verify_token TEXT,
-				admin_token TEXT,
-				request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP)");
-			$this->db->exec("CREATE TABLE logins (
-				id INTEGER PRIMARY KEY AUTOINCREMENT,
-				active INT DEFAULT 1,
-				first_name TEXT,
-				last_name TEXT,
-				localpart TEXT,
-				password_hash TEXT,
-				email TEXT,
-				create_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
-				last_modified TIMESTAMP DEFAULT CURRENT_TIMESTAMP
-				)");
-			// make sure the bot is allowed to login
-			require_once("config.php");
-			$password = $this->addUser("Register", "Bot", "register_bot", $register_email);
+		$this->db = new PDO($db_input, $user, $password);
+		$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
+		$this->db->exec("CREATE TABLE IF NOT EXISTS registrations(
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			state INT DEFAULT 0,
+			first_name TEXT,
+			last_name TEXT,
+			username TEXT,
+			password_hash TEXT DEFAULT '',
+			note TEXT,
+			email TEXT,
+			verify_token TEXT,
+			admin_token TEXT,
+			request_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP)");
+		$this->db->exec("CREATE TABLE IF NOT EXISTS logins (
+			id INTEGER PRIMARY KEY AUTOINCREMENT,
+			active INT DEFAULT 1,
+			first_name TEXT,
+			last_name TEXT,
+			localpart TEXT,
+			password_hash TEXT,
+			email TEXT,
+			create_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP,
+			last_modified TIMESTAMP DEFAULT CURRENT_TIMESTAMP
+			)");
+		// make sure the bot is allowed to login
+		require_once("config.php");
+		if (!$this->userRegistered("register_bot")) {
+			$password = $this->addUser("Register", "Bot", "register_bot", $config["register_email"]);
 			$config["register_password"] = $password;
 			$myfile = fopen("config.json", "w");
 			fwrite($myfile, json_encode($config, JSON_PRETTY_PRINT));
 			fclose($myfile);
 		}
-		else {
-			// establish connection
-			$this->db = new PDO('sqlite:' . $db_file);
-			$this->db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
-		}
 
 		// set writeable when not set already
-		if (!is_writable($db_file)) {
-			chmod($db_file, 0777);
+		if (strpos($db_input, "sqlite") === 0) {
+			$sqlite_file = substr($db_input, strlen("sqlite:"));
+			if (!is_writable($sqlite_file)) {
+				chmod($sqlite_file, 0660);
+			}
+			unset($sqlite_file);
 		}
 	}
 
@@ -254,6 +260,11 @@ class mxDatabase
 	 * 
 	 */
 	function addUser($first_name, $last_name, $username, $email) {
+		// check if user already exists and abort in that case
+		if ($this->userRegistered($username)) {
+			return NULL;
+		}
+
 		// generate a password with 10 characters
 		$password = bin2hex(openssl_random_pseudo_bytes(5));
 		$password_hash = password_hash($password, PASSWORD_BCRYPT, ["cost"=>12]);
@@ -269,5 +280,5 @@ class mxDatabase
 	}
 }
 
-$mx_db = new mxDatabase($db_file);
+$mx_db = new mxDatabase($db_input);
 ?>
diff --git a/public/index.php b/public/index.php
index bbdb464..5807e1e 100644
--- a/public/index.php
+++ b/public/index.php
@@ -76,7 +76,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 		print("</head><body>");
 		print("<h1>Erfolgreich</h1>");
 		print("<p>Bitte überprüfe deine E-Mails um deine E-Mail-Adresse zu bestätigen.</p>");
-		print("<a href=\"" . "/index.php" . "\">Zur Registrierungsseite</a>");
+		print("<a href=\"" . $config["webroot"] . "/index.php" . "\">Zur Registrierungsseite</a>");
 	} catch (Exception $e) {
 		print("<title>" . $language["REGISTRATION_REQUEST_FAILED"] . "</title>");
 		print("</head><body>");
@@ -119,13 +119,13 @@ body{
 									<div class="col-xs-6 col-sm-6 col-md-6">
 										<div class="form-group">
 											<input type="text" name="first_name" id="first_name" class="form-control input-sm"
-								placeholder="Vorname" pattern="[A-Z][a-z]+">
+												placeholder="Vorname" pattern="[A-Z][a-z]+">
 										</div>
 									</div>
 									<div class="col-xs-6 col-sm-6 col-md-6">
 										<div class="form-group">
 											<input type="text" name="last_name" id="last_name" class="form-control input-sm"
-							      placeholder="Nachname" pattern="[A-Z][a-z]+">
+												placeholder="Nachname" pattern="[A-Z][a-z]+">
 										</div>
 									</div>
 								</div>