From 83b8ec179947cb29955a10d948b429a0b9842a53 Mon Sep 17 00:00:00 2001
From: Jonathan Flueren <jonathan.flueren@tu-dortmund.de>
Date: Wed, 16 Aug 2023 16:46:54 +0200
Subject: [PATCH] Move messages to php sessions

---
 website/index.php | 188 ++++++++++++++++++++++++----------------------
 1 file changed, 100 insertions(+), 88 deletions(-)

diff --git a/website/index.php b/website/index.php
index 4a101ed..88520af 100644
--- a/website/index.php
+++ b/website/index.php
@@ -1,11 +1,12 @@
 <?php
+session_start();
 
 define('IDENTITIES_FILE', 'identities.json');
 define('PRESENT_FILE', 'present.json');
 
-$page_title = 'CZI Presence Detector';
-$name_pattern = "^([ a-zA-Z'\-]){1,30}$";
-$mac_pattern = "^([0-9A-Fa-f]{2}[:-s]){5}([0-9A-Fa-f]{2})$";
+define('NAME_PATTERN', "^([ a-zA-Z'\-]){1,30}$");
+define('MAC_PATTERN', "^([0-9A-Fa-f]{2}[:-s]){5}([0-9A-Fa-f]{2})$");
+define('PAGE_TITLE', 'CZI Presence Detector');
 
 $present = json_decode(file_get_contents(PRESENT_FILE), true);
 
@@ -14,141 +15,151 @@ $datetime = new DateTime("now", new DateTimeZone($tz));
 $datetime->setTimestamp($present["timestamp"]);
 
 
-function hash_mac($mac) {
+function hash_mac($mac)
+{
   $normalized_mac = str_replace('-', ':', strtolower($mac));
   $hashed_mac = hash('sha256', $normalized_mac);
   return $hashed_mac;
 }
 
-function add_identity($name, $mac) {
+function add_identity($name, $mac)
+{
   if (
-    preg_match('/' . $name_pattern . '/', $name) != 1 ||
-    preg_match('/' . $mac_pattern . '/', $mac) != 1
-   ) {
-     http_response_code(400);
-     die("Bad data");
-   }
- 
-   $hashed_mac = hash_mac($mac);
- 
-   $identities = json_decode(file_get_contents(IDENTITIES_FILE), true);
- 
-   $url = strtok($_SERVER['REQUEST_URI'], '?');
+    preg_match('/' . NAME_PATTERN . '/', $name) != 1 ||
+    preg_match('/' . MAC_PATTERN . '/', $mac) != 1
+  ) {
+    http_response_code(400);
+    die("Bad data");
+  }
 
-   foreach ($identities as $identity) {
-     if ($identity['name'] == $name) {
-       header("Location: " . $url . "?dup_name", true, 303);
-       exit();
-     }
-     if ($identity['mac_hash'] == $hashed_mac) {
-       header("Location: " . $url . "?dup_mac", true, 303);
-       exit();
-     }
-   }
-   
-   array_push($identities, array("name" => $name, "mac_hash" => $hashed_mac));
-   file_put_contents(IDENTITIES_FILE, json_encode($identities));
- 
-   header("Location: " . $url . "?succ", true, 303);
-   exit();
+  $hashed_mac = hash_mac($mac);
+
+  $identities = json_decode(file_get_contents(IDENTITIES_FILE), true);
+
+  $url = strtok($_SERVER['REQUEST_URI'], '?');
+
+  foreach ($identities as $identity) {
+    if ($identity['name'] == $name) {
+      $_SESSION['form_success'] = false;
+      $_SESSION['form_success_message'] = 'Name already in use, please choose a different one.';
+      header("Location: " . $url, true, 303);
+      exit();
+    }
+    if ($identity['mac_hash'] == $hashed_mac) {
+      $_SESSION['form_success'] = false;
+      $_SESSION['form_success_message'] = 'MAC already set up, please remove it first to change name.';
+      header("Location: " . $url, true, 303);
+      exit();
+    }
+  }
+
+  array_push($identities, array("name" => $name, "mac_hash" => $hashed_mac));
+  file_put_contents(IDENTITIES_FILE, json_encode($identities));
+
+  $_SESSION['form_success'] = true;
+  $_SESSION['form_success_message'] = 'Identity successfully saved.';
+  header("Location: " . $url, true, 303);
+  exit();
 }
 
-function remove_identity($mac) {
-  if (preg_match('/' . $mac_pattern . '/', $mac) != 1) {
-     http_response_code(400);
-     die("Bad data");
-   }
+function remove_identity($mac)
+{
+  if (preg_match('/' . MAC_PATTERN . '/', $mac) != 1) {
+    http_response_code(400);
+    die("Bad data");
+  }
 
-   $hashed_mac = hash_mac($mac);
+  $hashed_mac = hash_mac($mac);
 
-   $identities = json_decode(file_get_contents(IDENTITIES_FILE), true);
+  $identities = json_decode(file_get_contents(IDENTITIES_FILE), true);
 
-   $new_identities = array();
+  $new_identities = array();
 
-   foreach ($identities as $identity) {
+  foreach ($identities as $identity) {
     if ($identity['mac_hash'] != $hashed_mac) {
       array_push($new_identities, $identity);
     }
 
-   file_put_contents(IDENTITIES_FILE, json_encode($new_identities));
+    file_put_contents(IDENTITIES_FILE, json_encode($new_identities));
 
-   header("Location: " . strtok($_SERVER['REQUEST_URI'], '?'), true, 303);
-   exit();
+    $_SESSION['form_success'] = true;
+    $_SESSION['form_success_message'] = 'Identity successfully removed.';
+    header("Location: " . strtok($_SERVER['REQUEST_URI'], '?'), true, 303);
+    exit();
   }
 }
 
 if ($_SERVER['REQUEST_METHOD'] == "POST") {
   if (
-    isset($_POST['name']) && 
+    isset($_POST['name']) &&
     isset($_POST['mac'])
   ) {
     add_identity($_POST['name'], $_POST['mac']);
-  } 
-  else if (isset($_POST['remove-mac'])) {
+  } else if (isset($_POST['remove-mac'])) {
     remove_identity($_POST['remove-mac']);
   }
 }
 ?>
 
 <html>
-  <head>
-    <title><?php echo $page_title; ?></title>
-    <meta charset="UTF-8">
-    <meta name="viewport" content="width=device-width, initial-scale=1.0">
-    <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-4bw+/aepP/YC94hEpVNVgiZdgIC5+VKNBQNGCHeKRQN+PtmoHDEXuppvnDJzQIu9" crossorigin="anonymous">
-    <script src="bootstrap/js/bootstrap.bundle.min.js" integrity="sha384-HwwvtgBNo3bZJJLYd8oVXjrBZt8cqVSpeBNS5n7C8IVInixGAoxmnlMuBnhbgrkm" crossorigin="anonymous"></script>
-  </head>
-  <body>
+
+<head>
+  <title><?php echo PAGE_TITLE; ?></title>
+  <meta charset="UTF-8">
+  <meta name="viewport" content="width=device-width, initial-scale=1.0">
+  <link href="bootstrap/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-4bw+/aepP/YC94hEpVNVgiZdgIC5+VKNBQNGCHeKRQN+PtmoHDEXuppvnDJzQIu9" crossorigin="anonymous">
+  <script src="bootstrap/js/bootstrap.bundle.min.js" integrity="sha384-HwwvtgBNo3bZJJLYd8oVXjrBZt8cqVSpeBNS5n7C8IVInixGAoxmnlMuBnhbgrkm" crossorigin="anonymous"></script>
+</head>
+
+<body>
   <nav class="navbar navbar-light bg-light justify-content-between" style="padding: 0">
-      <span class="navbar-brand mb-0 h1" style="padding-left: 1rem"><?php echo $page_title; ?></span>
-    </nav>
+    <span class="navbar-brand mb-0 h1" style="padding-left: 1rem"><?php echo PAGE_TITLE; ?></span>
+  </nav>
   <div id="content" style="padding: 2rem;">
     <h2>Jetzt gerade im CZI <small>(letztes Update von <?php echo $datetime->format('H:i:s d.m.Y'); ?>)</small></h2><br>
     <table class="table">
       <thead>
         <tr>
           <th>Name</th>
-	    </tr>
+        </tr>
       </thead>
-      <?php       
-       foreach ($present["names"] as $name) {
+      <?php
+      foreach ($present["names"] as $name) {
       ?>
-      <tr>
-        <td><?php echo $name; ?></td>
-      </tr>
-      <?php	
-        }
+        <tr>
+          <td><?php echo $name; ?></td>
+        </tr>
+      <?php
+      }
       ?>
     </table>
     <br><br>
     <?php
-    if ($_SERVER['QUERY_STRING'] == 'dup_name') {
-      ?>
-    <div class="alert alert-danger" role="alert">
-      Name already in use, please choose a different one.
-    </div>
+    if (isset($_SESSION['form_success'])) {
+      if ($_SESSION['form_success'] === false) {
+    ?>
+        <div class="alert alert-danger" role="alert">
+          <?php echo $_SESSION['form_success_message']; ?>
+        </div>
       <?php
-    } else if ($_SERVER['QUERY_STRING'] == 'dup_mac') {
+      } else if ($_SESSION['form_success'] === true) {
       ?>
-    <div class="alert alert-danger" role="alert">
-      MAC already set up, please remove it first to change name.
-    </div>
-      <?php
-    } else if ($_SERVER['QUERY_STRING'] == 'succ') {
-      ?>
-    <div class="alert alert-success" role="alert">
-      Identity successfully saved.
-    </div>
-      <?php
-    }?>
-    <div class="row justify-content-start">
+        <div class="alert alert-success" role="alert">
+          <?php echo $_SESSION['form_success_message']; ?>
+        </div>
+    <?php
+      }
+      unset($_SESSION['form_success']);
+      unset($_SESSION['form_success_message']);
+    } ?>
+    <div class="row justify-content-start row-cols-sm-1 row-cols-md-2 row-cols-lg-3 row-cols-xl-4">
       <div class="col col-md-4">
         <div class="card" style="max-width: 30rem;">
           <div class="card-body">
             <h5 class="card-title">Neues Gerät tracken</h5>
             <form method="POST">
-              <input class="form-control" type="text" name="name" pattern="<?php print($name_pattern); ?>" placeholder="Gebe hier deinen Namen ein" value="" /><br>
-              <input class="form-control" type="text" name="mac" pattern="<?php print($mac_pattern); ?>" placeholder="Gebe hier die MAC-Adresse des zu trackenden Gerätes ein" value="" /><br>
+              <input class="form-control" type="text" name="name" pattern="<?php echo NAME_PATTERN; ?>" placeholder="Name des zu trackenden Geräts" value="" /><br>
+              <input class="form-control" type="text" name="mac" pattern="<?php echo MAC_PATTERN; ?>" placeholder="MAC-Adresse des zu trackenden Geräts" value="" /><br>
               <button class="btn btn-primary" type="submit">Speichern</button>
             </form>
           </div>
@@ -159,7 +170,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
           <div class="card-body">
             <h5 class="card-title">Gerät entfernen</h5>
             <form method="POST">
-              <input class="form-control" type="text" name="remove-mac" pattern="<?php print($mac_pattern); ?>" placeholder="Gebe hier die MAC-Adresse des zu löschenden Gerätes ein" value="" /><br>
+              <input class="form-control" type="text" name="remove-mac" pattern="<?php echo MAC_PATTERN; ?>" placeholder="MAC-Adresse des zu löschenden Geräts" value="" /><br>
               <button class="btn btn-primary" type="submit">Entfernen</button>
             </form>
           </div>
@@ -167,5 +178,6 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
       </div>
     </div>
   </div>
-  </body>
+</body>
+
 </html>
\ No newline at end of file