From 7c2a6987331f8f123689bd6ed69fa33cc2ce155c Mon Sep 17 00:00:00 2001
From: Unknown <mascaro.lucas@yahoo.fr>
Date: Wed, 14 Mar 2018 00:12:18 +0100
Subject: [PATCH 1/2] implemented multi-bdd login

---
 build/api/core/AuthSystemDefault.php   | 30 +++++---
 build/database/core/DatabaseDriver.php | 12 ++--
 build/database/core/Repo.php           |  4 ++
 build/database/repo/professor.php      | 95 ++++++++++++++++++++++++--
 4 files changed, 123 insertions(+), 18 deletions(-)

diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php
index 21e0540..58b9ece 100644
--- a/build/api/core/AuthSystemDefault.php
+++ b/build/api/core/AuthSystemDefault.php
@@ -29,24 +29,36 @@
 
 			/* (2) Check CAS
 			---------------------------------------------------------*/
-			if( isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){
+			if( (!isset($_SESSION["isLogged"]) || !$_SESSION["isLogged"]) && isset($_SESSION['CAS']['login']) && isset($_SESSION['CAS']['ticket']) ){
 
-				/* (1) Get professor repo */
+				/* (1) If the user is not logged we try to retrive the list of the linked department*/
 				/** @var professor $prof_repo */
 				$prof_repo = Repo::getRepo('professor');
 
 				/* (2) Get professor with this login */
-				$by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']);
+				$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);
+				if(is_array($deps)){
+					$_SESSION['CurrentDatabase'] = $deps[0]["dbName"];
+					$_SESSION['CurrentDepartementId'] = $deps[0]["idDep"];
 
-				/* (3) If found -> store useful information */
-				if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){
+					Repo::switchDatabase($_SESSION['CurrentDatabase']);
 
-					$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];
-					$_SESSION['CAS']['id']    = (int)  $by_login['idProfesseur'];
+					$by_login = $prof_repo->getByLogin($_SESSION['CAS']['login']);
 
-				/* (4) If no login found -> remove CAS auth */
-				}else
+					/* (3) If found -> store useful information */
+					if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){
+
+						$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];
+						$_SESSION['CAS']['id']    = (int)  $by_login['idProfesseur'];
+						$_SESSION["isLogged"] 	  = true;
+
+						/* (4) If no login found -> remove CAS auth */
+					}else
+						$_SESSION['CAS'] = [];
+				}else{
 					$_SESSION['CAS'] = [];
+				}
+
 
 			}
 
diff --git a/build/database/core/DatabaseDriver.php b/build/database/core/DatabaseDriver.php
index 080fd09..391e0ed 100755
--- a/build/database/core/DatabaseDriver.php
+++ b/build/database/core/DatabaseDriver.php
@@ -126,12 +126,14 @@
 					$conf[$label]['local']['debug'] = false;
 				}
 
-				self::$instance[$label] = new DatabaseDriver($conf[$label]['local']['host'], $conf[$label]['local']['dbname'], $conf[$label]['local']['user'], $conf[$label]['local']['password'],$conf[$label]['local']['debug']);
-				/* (2) If Remote -> instanciates with Remote configuration */
-				// else
-				// 	self::$instance[$label] = new DatabaseDriver($conf[$label]['remote']['host'], $conf[$label]['remote']['dbname'], $conf[$label]['remote']['user'], $conf[$label]['remote']['password']);
+				if(isset($_SESSION['CurrentDatabase']) && is_string($_SESSION['CurrentDatabase'])){
+					$conf[$label]['local']['dbname'] = $_SESSION['CurrentDatabase'];
+				}
 
-				return true;
+				self::$instance[$label] = new DatabaseDriver($conf[$label]['local']['host'], $conf[$label]['local']['dbname'], $conf[$label]['local']['user'], $conf[$label]['local']['password'],$conf[$label]['local']['debug']);
+
+
+				return true ;
 
 			}catch(\Exception $e){
 
diff --git a/build/database/core/Repo.php b/build/database/core/Repo.php
index d5d86f3..96fdd2e 100644
--- a/build/database/core/Repo.php
+++ b/build/database/core/Repo.php
@@ -77,6 +77,10 @@
 			return static::$driver->isDebugEnabled();
 		}
 
+		public static function switchDatabase(string $dbName){
+			return static::$driver->pdo()->prepare("USE $dbName")->execute();
+		}
+
 
 
 
diff --git a/build/database/repo/professor.php b/build/database/repo/professor.php
index 98df637..298c246 100644
--- a/build/database/repo/professor.php
+++ b/build/database/repo/professor.php
@@ -27,7 +27,7 @@ class professor extends Repo_i {
 	* @return prof_id<int>				The professor's UID (or -1 on error)
 	*
 	---------------------------------------------------------*/
-	public function create(string $lastName, string $firstName, int $category, $hoursToDo = 0, $initials = "", $isAdmin = false , $casLogin = "" ) : ?int{
+	public function create(string $lastName, string $firstName, int $category, int $hoursToDo = 0, ?string $initials = null , bool $isAdmin = false , ?string $casLogin = null ) : ?int{
 
 		/* (1) Prepare Statement */
 		$st = $this->pdo->prepare("INSERT INTO
@@ -45,12 +45,30 @@ class professor extends Repo_i {
 			':cat'       => $category
 		]);
 
+		$profId = $this->pdo->lastInsertId();
+
+		/* (3) synchroize the meta database */
+		if(!is_null($casLogin)){
+			$st = $this->pdo->prepare("INSERT IGNORE INTO meta_vhost.casUser(casLogin, firstName, lastName) VALUE (:casLogin,:firstName,:lastName)");
+			$st->execute([
+				"casLogin" => $casLogin,
+				"firstName" => $firstName,
+				"lastName" => $lastName
+			]);
+
+			$st = $this->pdo->prepare("INSERT INTO meta_vhost.linkedDep(departement_iddepartement, casUser_casLogin) VALUE (:idDep,:casLogin)");
+			$st->execute([
+				"idDep" => $_SESSION['CurrentDepartementId'],
+				"casLogin" => $casLogin
+			]);
+		}
+
 		/* (3) Manage error */
 		if( !$success )
 			return NULL;
 
 		/* (4) Return inserted ID */
-		return $this->pdo->lastInsertId();
+		return $profId;
 
 	}
 
@@ -97,6 +115,37 @@ class professor extends Repo_i {
 
 	}
 
+	public function getLinkedDepartment(string $casLogin) : ?array{
+
+		/* (1) Prepare Statement */
+		$st = $this->pdo->prepare("SELECT d2.iddepartement idDep, d2.label labelDep, d2.databaseName dbName
+											FROM meta_vhost.casUser
+											JOIN meta_vhost.linkedDep D ON casUser.casLogin = D.casUser_casLogin
+											JOIN meta_vhost.departement d2 ON D.departement_iddepartement = d2.iddepartement
+											WHERE casLogin = :caslogin");
+
+		/* (2) Check if statement error */
+		if( is_bool($st) )
+			return NULL;
+
+		/* (3) Bind params and execute statement */
+		$success = $st->execute([ ':caslogin' => $casLogin ]);
+
+		/* (4) Manage error */
+		if( !$success )
+			return NULL;
+
+		/* (5) Get data */
+		$fetched = $st->fetchAll();
+
+		/* (6) Return NULL on no result */
+		if( $fetched === false )
+			return NULL;
+
+		/* (7) Return data */
+		return $fetched;
+	}
+
 
 
 
@@ -140,7 +189,31 @@ class professor extends Repo_i {
 		$st = $this->pdo->prepare($sql_rq);
 
 		/* (5) Return execution success */
-		return $st->execute($bind_param);
+		$success = $st->execute($bind_param);
+
+		$prof = $this->get($id);
+		if($success && !is_null($prof[0]["casLogin"])){
+			//try to get the user
+			$st = $this->pdo->prepare("SELECT * FROM meta_vhost.casUser WHERE casLogin = :casLogin");
+			$st->execute([
+				"casLogin" => $prof[0]["casLogin"]
+			]);
+
+			//is the user does not already exists, we create it
+			if(!is_array($st->fetch())){
+				$st = $this->pdo->prepare("INSERT INTO meta_vhost.casUser(casLogin, firstName, lastName)
+												VALUE(:casLogin,:firstName,:lastName)");
+			}else{
+				$st = $this->pdo->prepare("UPDATE meta_vhost.casUser SET casLogin = :casLogin,firstName = :firstName, lastName = :lastName ");
+			}
+			$st->execute([
+				"firstName" => $prof[0]["firstName"],
+				"lastName" => $prof[0]["lastName"],
+				"casLogin" => $prof[0]["casLogin"]
+			]);
+		}
+
+		return $success;
 
 	}
 
@@ -358,11 +431,25 @@ class professor extends Repo_i {
 	---------------------------------------------------------*/
 	public function delete(int $id) : bool{
 
+		//we have to store the professor to synchronize the meta database later
+		$prof = $this->get($id);
+
 		/* (1) Prepare statement */
 		$st = $this->pdo->prepare("DELETE FROM `Professeur` WHERE `idProfesseur` = :id");
 
 		/* (2) Return the execution status */
-		return $st->execute([ ':id' => $id ]);
+		$success =  $st->execute([ ':id' => $id ]);
+
+		if($success){
+			//delete the association
+			$st = $this->pdo->prepare("DELETE FROM meta_vhost.linkedDep WHERE casUser_casLogin = :casLogin AND departement_iddepartement = :idDep");
+			$st->execute([
+				"casLogin" => $prof[0]["casLogin"],
+				"idDep" => $_SESSION['CurrentDepartementId']
+			]);
+		}
+
+		return $success;
 
 	}
 

From 2a9e1e1474cc7c1e3e6d97e4b7abbeeb0333863e Mon Sep 17 00:00:00 2001
From: Unknown <mascaro.lucas@yahoo.fr>
Date: Thu, 15 Mar 2018 12:02:28 +0100
Subject: [PATCH 2/2] Implemented department database switch

---
 build/api/core/AuthSystemDefault.php       |  4 ++
 build/api/module/departementController.php | 45 ++++++++++++++++++++++
 config/modules.json                        |  8 ++++
 3 files changed, 57 insertions(+)
 create mode 100644 build/api/module/departementController.php

diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php
index 58b9ece..1a2ceac 100644
--- a/build/api/core/AuthSystemDefault.php
+++ b/build/api/core/AuthSystemDefault.php
@@ -38,6 +38,7 @@
 				/* (2) Get professor with this login */
 				$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);
 				if(is_array($deps)){
+					$_SESSION["AvailableDepartment"] = $deps;
 					$_SESSION['CurrentDatabase'] = $deps[0]["dbName"];
 					$_SESSION['CurrentDepartementId'] = $deps[0]["idDep"];
 
@@ -48,6 +49,9 @@
 					/* (3) If found -> store useful information */
 					if( is_array($by_login) && isset($by_login['idProfesseur']) && isset($by_login['admin']) ){
 
+						//security
+						session_regenerate_id();
+
 						$_SESSION['CAS']['admin'] = (bool) $by_login['admin'];
 						$_SESSION['CAS']['id']    = (int)  $by_login['idProfesseur'];
 						$_SESSION["isLogged"] 	  = true;
diff --git a/build/api/module/departementController.php b/build/api/module/departementController.php
new file mode 100644
index 0000000..d312128
--- /dev/null
+++ b/build/api/module/departementController.php
@@ -0,0 +1,45 @@
+<?php
+/**
+ * Created by PhpStorm.
+ * User: lucas
+ * Date: 15/03/18
+ * Time: 11:47
+ */
+
+namespace api\module;
+
+
+use database\core\Repo;
+use database\repo\professor;
+
+class departementController
+{
+
+	public function put($args){
+
+		$department = 0;
+
+		extract($args);
+
+		/** @var professor $prof_repo */
+		$prof_repo = Repo::getRepo('professor');
+
+		$deps = $prof_repo->getLinkedDepartment($_SESSION['CAS']['login']);
+
+		if(is_array($deps)){
+			foreach ($deps as $dep){
+				if($dep["idDep"] == $department){
+					$_SESSION["AvailableDepartment"] = $deps;
+					$_SESSION['CurrentDatabase'] = $dep["dbName"];
+					$_SESSION['CurrentDepartementId'] = $dep["idDep"];
+
+					return ["success" => true];
+				}
+			}
+		}
+
+		return ["success" => false];
+
+	}
+
+}
\ No newline at end of file
diff --git a/config/modules.json b/config/modules.json
index 103e37c..ec622c8 100644
--- a/config/modules.json
+++ b/config/modules.json
@@ -72,6 +72,14 @@
 	},
 
 	"departement":{
+
+		"PUT":{
+			"des": "Switch the user on another department database",
+			"per": [],
+			"par": {
+				"department": {"des": "Department id",	"typ": "id"}
+			}
+		},
 		"errors":{
 			"GET": {
 				"des": "Get the list of incoherence of the department",