új regisztrációs felület

43ae7bd9 · Hakkel Tamás · e4cf0357 · 43ae7bd9 · 43ae7bd9 · 43ae7bd9
Commit 43ae7bd9 authored May 25, 2018 by Hakkel Tamás
--- a/auth/.htaccess
+++ b/auth/.htaccess
+AuthType shibboleth
+ShibRequireSession On
+Require valid-user
+
+RewriteEngine On
+RewriteCond %{SERVER_PORT} 80 
+RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
--- a/auth/backend.php
+++ b/auth/backend.php
+<?php
+if (! isset($_SERVER['uid'])) output($db,'Access denied');
+
+ob_start("ob_gzhandler");
+header('Vary: Accept-Encoding');
+header('Pragma: no-cache');
+header('Cache-Control: no-cache');
+header('Accept-Ranges: bytes');
+header('Content-Encoding: gzip');
+
+$shibboleth = $_SERVER['uid'];
+$now = microtime(true);
+$enabled_time_window = 20; // in sec
+$required_time_between_trials = 30; // in sec
+$enabled_trials_per_day = 5;
+$today = strtotime(date('Y-m-d').' 00:00 GMT');
+
+$db = new PDO('sqlite:../db/db.sqlite');
+$db->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
+
+$result = $db->prepare('
+    SELECT count(*)
+    FROM new_registration_log
+    WHERE shibboleth=:shibboleth AND timestamp > :today AND action="start"');
+$result->execute(array(
+    'shibboleth' => $shibboleth,
+    'today' => $today));
+$tmp = $result->fetch(PDO::FETCH_NUM);
+$trials_today = intval($tmp[0]);
+
+if (intval($trials_today) > $enabled_trials_per_day) {
+    sqlSave($db,$now,$shibboleth,'locked');
+    output($db,'locked');
+}
+
+if ($last_action === 'locked' AND $last_action > $today) {
+    output($db,'locked');
+}
+
+$result = $db->prepare('
+    SELECT timestamp,action
+    FROM new_registration_log
+    WHERE shibboleth=:shibboleth AND action != "page loaded"
+    ORDER BY timestamp DESC
+    LIMIT 1');
+$result->execute(array('shibboleth' => $shibboleth));
+$last_entry = $result->fetch(PDO::FETCH_ASSOC);
+$last_action = $last_entry['action'];
+$last_timestamp = floatval($last_entry['timestamp'])/1000;
+
+if ($last_action === 'start' AND $last_timestamp > $now - $enabled_time_window) {
+    $result = $db->prepare('
+        SELECT card_ID
+        FROM card_log
+        WHERE timestamp > :start
+        GROUP BY card_ID
+        HAVING count(*) > 2');
+    $result->execute(array('start' => $last_entry['timestamp']));
+    $card_IDs = $result->fetchAll(PDO::FETCH_ASSOC);
+    if (! $card_IDs)
+        output($db,'waiting',$last_timestamp + $enabled_time_window);
+    elseif (count($card_IDs) > 1) {
+        sqlSave($db,$now,$shibboleth,'ambiguous');
+        output($db,'ambiguous');
+    } else {
+        saveUser($db,$card_IDs[0]['card_ID']);
+        sqlSave($db,$now,$shibboleth,'success');
+        output($db,'success');
+    }
+}
+
+if ($last_action === 'timeout' AND $last_timestamp > $now - $required_time_between_trials) {
+    output($db,'timeout');
+}
+
+if (! isset($_POST['action'])){
+    sqlSave($db,$now,$shibboleth,'page loaded');
+    output($db,'page loaded');
+}
+
+if ($last_action === 'start'
+        AND $last_timestamp < $now - $enabled_time_window
+        AND $last_timestamp > $now - $required_time_between_trials) {
+    sqlSave($db,$now,$shibboleth,'timeout');
+    output($db,'timeout');
+}
+
+if (($last_action === 'start' OR $last_action === 'timeout')
+        AND $last_timestamp < $now - $required_time_between_trials) {
+    sqlSave($db,$now,$shibboleth,'start');
+    output($db,'waiting',$last_timestamp + $enabled_time_window);
+}
+
+if ($last_action === 'success') {
+    sqlSave($db,$now,$shibboleth,'start');
+    output($db,'waiting',$last_timestamp + $enabled_time_window);
+}
+
+sqlSave($db,$now,$shibboleth,'start');
+output($db,'waiting',$last_timestamp + $enabled_time_window);
+
+function output($db,$message,$timestamp = NULL) {
+    $result = $db->prepare('
+        SELECT count(*)
+        FROM user
+        WHERE shibboleth=:shibboleth');
+    $result->execute(array('shibboleth' => $_SERVER['uid']));
+    $result = $result->fetch(PDO::FETCH_NUM);
+    $isRegistered = ($result[0] === '1');
+
+    die(json_encode(array(
+        'message' => $message,
+        'again' => $isRegistered,
+        'timestamp' => $timestamp*1000.
+    )));
+}
+
+function saveUser($db,$card_ID) {
+    $result = $db->prepare('
+        SELECT count(*)
+        FROM user
+        WHERE shibboleth=:shibboleth');
+    $result->execute(array('shibboleth' => $_SERVER['uid']));
+    $isAlreadyRegistered = $result->fetch(PDO::FETCH_NUM);
+    if (intval($isAlreadyRegistered[0]) > 0)
+        $db->exec("UPDATE user SET card_ID = '$card_ID' WHERE shibboleth = '{$_SERVER['uid']}'");
+    else
+        $db->exec("INSERT INTO user (shibboleth,name,email,card_ID)
+                   VALUES ('{$_SERVER['uid']}','{$_SERVER['displayName']}','{$_SERVER['mail']}','$card_ID')");
+       
+}
+
+function sqlSave($db,$now,$shibboleth,$last_action) {
+    $now *= 1000;
+    $now = number_format($now, 0, '.', '');
+    $db->exec("INSERT INTO new_registration_log (timestamp,shibboleth,action)
+        VALUES ($now, '$shibboleth','$last_action')");
+}
--- a/auth/index.php
+++ b/auth/index.php
+<!DOCTYPE html>
+<html>
+
+<head>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <meta name="description" content="PPKE ITK beléptető kapu">
+  <meta name="author" content="Hakkel Tamás">
+  <title>Sam</title>
+  <link rel="shortcut icon" href="../logo.ico">
+
+  <link rel="stylesheet"
+    href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css"
+    integrity="sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4"
+    crossorigin="anonymous">
+
+  <link href="https://fonts.googleapis.com/css?family=Quicksand:400,500" rel="stylesheet">
+
+  <script defer src="https://code.jquery.com/jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8="
+    crossorigin="anonymous"></script>
+
+  <style>
+    body {
+      font-family: 'Quicksand', sans-serif;
+      font-weight: 300;
+    }
+    nav {
+      font-size: 25px;
+      box-shadow: 0px 3px 5px lightgrey;
+      font-weight: 500;
+      position: fixed;
+    }
+    #logo {
+      height: 2.5rem;
+      padding: 0rem 1rem 0rem 0rem;
+    }
+    #loader {
+      width: 70px;
+      text-align: center;
+      position: fixed;
+      z-index: 999;
+      overflow: show;
+      margin: auto;
+      top: 50%;
+      left: 0;
+      bottom: 0;
+      right: 0;
+    }
+    #loader:before {
+      content: '';
+      display: block;
+      position: fixed;
+      top: 0;
+      left: 0;
+      width: 100%;
+      height: 100%;
+      background-color: rgba(0, 0, 0, 0.3);
+    }
+    #loader>div {
+      width: 18px;
+      height: 18px;
+      background-color: #333;
+      border-radius: 100%;
+      display: inline-block;
+      -webkit-animation: sk-bouncedelay 1.4s infinite ease-in-out both;
+      animation: sk-bouncedelay 1.4s infinite ease-in-out both;
+    }
+    #loader .bounce1 {
+      -webkit-animation-delay: -0.32s;
+      animation-delay: -0.32s;
+    }
+    #loader .bounce2 {
+      -webkit-animation-delay: -0.16s;
+      animation-delay: -0.16s;
+    }
+    @-webkit-keyframes sk-bouncedelay {
+      0%,
+      80%,
+      100% {
+        -webkit-transform: scale(0)
+      }
+      40% {
+        -webkit-transform: scale(1.0)
+      }
+    }
+    @keyframes sk-bouncedelay {
+      0%,
+      80%,
+      100% {
+        -webkit-transform: scale(0);
+        transform: scale(0);
+      }
+      40% {
+        -webkit-transform: scale(1.0);
+        transform: scale(1.0);
+      }
+    }
+  </style>
+
+</head>
+
+<body>
+  <nav class="navbar fixed-top navbar-expand-sm navbar-light bg-light">
+    <span class="navbar-brand">
+      <img src="../logo.svg" width="30" height="30" class="d-inline-block align-top" alt="logo">
+      <span class="text">Registration</span><span class="text" style="display:none">Regisztráció</span>
+  </span>
+    </nav>
+  <div class="container" style="margin-top:6em">
+    <div id="loader">
+      <div class="bounce1"></div>
+      <div class="bounce2"></div>
+      <div class="bounce3"></div>
+    </div>
+    <div id="error-setup" style="display:none">
+      <div class="row">
+        <div class="col-sm-10 offset-sm-1 col-lg-8 offset-lg-2">
+          <p>
+            <span class="text">Error encountered while loading page... :(</span>
+            <span class="text" style="display:none">Valami hiba történt az oldal betöltése során... :(</span>
+          </p>
+        </div>
+      </div>
+    </div>
+    <div id="description" style="display:none">
+      <div class="row">
+        <div class="col-sm-10 offset-sm-1 col-lg-8 offset-lg-2 text-justify">
+          <p>
+            <span class="text">
+              <p><span class="again" style="display:none">You have already registered. </span>
+                To authenticate your card click on the button below and check in 3 times with your card
+                at the marked card reader within 20 seconds. 
+              <p>
+              <div class="text-center mb-3"><button class="start btn btn-primary">Start <span class="again" style="display:none">card authentication</span><span class="again">registration</span></button></div>
+              <p><span class="again">
+                By registering you accept that we store pictures of you, and pair them with your card ID and
+                name, and that we send occasionally an email to your university email address about the operation
+                of the system. We use the collected data only to train the face recognition system.</span> You can delete
+                your registration any time by sending email to the <a href="mailto:info@sam.itk.ppke.hu">info@sam.itk.ppke.hu</a>
+                address, and if you encounter any error, please email us as well.
+              </p>
+            </span>
+            <span class="text" style="display:none">
+              <p><span class="again" style="display:none">Egyszer már regisztráltál. </span>
+                A kártyád hitelesítéséhez kattints az alábbi gombra, majd 20 másodpercen belül 
+                olvasd le a megjelölt kártyaolvasónál 3x a kártyádat.
+              </p>
+              <div class="text-center mb-3"><button class="start btn btn-primary"><span class="again" style="display:none">Kártya hitelesítés</span><span class="again">Regisztráció</span> indítása</button></div>
+              <p><span class="again">
+                A regisztrációval elfogadod, hogy a eltároljuk a rólad készült felvételeket, majd a kártya-azonosítóddal és
+                a neveddel összepárosítsuk őket, illetve hogy az egyetemi email címedre alkalmanként levelet küldjünk
+                a rendszer működésével kapcsolatban. A tárolt adatokat kizárólag az arcfelismerő tanítására használjuk.</span>
+                A regisztráció törlése bármikor kérhető a <a href="mailto:info@sam.itk.ppke.hu">info@sam.itk.ppke.hu</a>
+                email címre küldött üzenetben, illetve az esetleges hibabejelentéseket is ide várjuk.
+              </p>
+            </span>
+          </p>
+        </div>
+      </div>
+    </div>
+    <div id="message" style="display:none">
+      <div class="row">
+        <div class="col-sm-10 offset-sm-1 col-lg-8 offset-lg-2 text-justify">
+          <p>
+            <span class="text">
+              <p id="waiting" class="message" style="display:none">
+                Check in 3 times with your card at the marked card reader within <span class="time"></span> seconds.
+              </p>
+              <p id="success" class="message" style="display:none">
+                You have successfully <span class="again">registered</span><span class="again" style="display:none">authenticated your card</span>.
+              </p>
+              <p id="timeout" class="message" style="display:none">
+                The <span class="again">registration</span><span class="again" style="display:none">authentication</span> session has been timed out. Please, try again 30 seconds later.
+              </p>
+              <p id="ambigous" class="message" style="display:none">
+                Unknown error occured. Please, refresh page and try again.
+              </p>
+              <p id="locked" class="message" style="display:none">
+                You can try at most 5 times a day to <span class="again">register</span><span class="again" style="display:none">authenticate your card</span> and you exceeded that limit. Please, try again tomorrow.
+              </p>
+            </span>
+            <span class="text" style="display:none">
+              <p id="waiting" class="message" style="display:none">
+                Olvasd le a kártyádat 3x a következő <span class="time"></span> másodpercen belül.
+              </p>
+              <p id="success" class="message" style="display:none">
+                A <span class="again">regisztráció</span><span class="again" style="display:none">hitelesítés</span> sikeres volt.
+              </p>
+              <p id="timeout" class="message" style="display:none">
+                A <span class="again">regisztrációs</span><span class="again" style="display:none">hitelesítési</span> időt túllépted. Kérlek, próbálkozz fél perc múlva.
+              </p>
+              <p id="ambigous" class="message" style="display:none">
+                  Ismeretlen hiba történt. Kérlek, frissítsd az oldalt és próbálkozz újra.
+              </p>
+              <p id="locked" class="message" style="display:none">
+                  Egy nap csak 5x próbálkozhatsz meg a <span class="again">regisztrációval</span><span class="again" style="display:none">hitelesítéssel</span>, és te meghaladtad ezt a limitet. Kérlek, próbálkozz újra holnap.
+              </p>
+            </span>
+          </p>
+        </div>
+      </div>
+    </div>
+  </div>
+
+  <script>
+    var language = navigator.languages ? navigator.languages[0] : (navigator.language || navigator.userLanguage);
+    waitFor("jQuery", setup);
+    function waitFor(what, callback) {
+      if (window[what]) callback();
+      else setTimeout(() => waitFor(what, callback), 50);
+    }
+    function setup() {
+      if (language === "hu" || language === "hu-HU")
+        $(".text").toggle();
+      $.post("backend.php")
+        .done(processReceivedData)
+        .fail((error) => { console.log(error); $("#error-setup").show(); })
+        .always(() => $("#loader").hide());
+      $(".start").click(function(){
+        $("#description").hide();
+        $("#message").show();
+        fetch();
+      });
+    }
+    function fetch() {
+      $.post("backend.php", {"action": true})
+      .done(processReceivedData)
+      .fail((error) => { console.log(error); $("#error-setup").show(); });
+    }
+    var interval;
+    var first = true;
+    function processReceivedData(data) {
+      var parsed = JSON.parse(data);
+      if (parsed['again'] && first){
+        $('.again').toggle();
+        first = false;
+      }
+      var message = parsed['message'];
+      if (message === "page loaded") {
+        $("#description").show();
+      } else {
+        $("#message").show();
+        $(".message").hide();
+        $("#" + message).show();
+        if (['locked','ambiguous','success','timeout'].includes(message) ) {
+          clearInterval(interval);
+          interval = null;
+        } else if (! interval)
+          interval = setInterval(fetch,300);
+        if (message === 'waiting'){
+          var time = new Date( - new Date());
+          $(".time").text(Math.floor((parsed['timestamp'] - Date.now())/1000));
+        }
+      }
+    }
+  </script>
+</body>
+
+</html>
--- a/auth/test.php
+++ b/auth/test.php
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Document</title>
+
+    <script defer
+        src="https://code.jquery.com/jquery-3.3.1.min.js"
+        integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8="
+        crossorigin="anonymous"></script>
+
+    <link rel="stylesheet"
+        href="https://stackpath.bootstrapcdn.com/bootstrap/4.1.0/css/bootstrap.min.css"
+        integrity="sha384-9gVQ4dYFwwWSjIDZnLEWnxCjeSWFphJiwGPXr1jddIhOegiu1FwO5qRGvFXOdJZ4"
+        crossorigin="anonymous">
+</head>
+<body>
+    <button id="start" class="btn btn-primary">Indítás</button>
+
+    <script>
+
+    </script>
+</body>
+</html>
\ No newline at end of file
--- a/db.php
+++ b/db.php
@@ -44,7 +44,29 @@ if ($success)
 else
 	$db->rollBack();

-die(json_encode(array(
+$answer = json_encode(array(
 	'success' => $success,
 	'answer' => $success ? $result->fetchAll(PDO::FETCH_ASSOC) : $error[2]
-)));
+));
+
+$db = new PDO('sqlite:../belepteto-dev/db/db.sqlite');
+$db->beginTransaction();
+$queries = explode(';',$_POST['query']);
+foreach ($queries as $query) {
+	if (trim($query) === '') continue;
+	$result = $db->prepare($query);
+	$success = $result !== FALSE;
+	if ($success)
+		$result->execute();
+	else {
+		$error = $db->errorInfo();
+		break;
+	}
+}
+
+if ($success)
+	$db->commit();
+else
+	$db->rollBack();
+
+die($answer);