[IMP] Set up the system with docker

.gitignore

@@ -3,6 +3,7 @@
 #########################################################################
 config/
 documentation/
+.env
 
 # These files are for development purposes only: #
 ##################################################

docker/.htaccess

@@ -0,0 +1 @@
+deny from all

docker/Dockerfile

@@ -0,0 +1,32 @@
+ARG PHP_VERSION=7.4
+
+FROM php:${PHP_VERSION}-apache
+
+RUN apt-get update && \
+  export DEBIAN_FRONTEND=noninteractive && \
+  apt-get install --no-install-recommends -yqq git locales-all && \
+  rm -rf /var/lib/apt/lists/*
+
+RUN docker-php-ext-configure gettext && \
+    docker-php-ext-configure calendar && \
+    docker-php-ext-configure pdo_mysql && \
+    docker-php-ext-install calendar gettext pdo_mysql
+
+ARG TAG
+
+RUN git clone https://github.com/MaMaKow/dienstplan-apotheke /var/www/html && \
+  if [ "$TAG" ]; then cd /var/www/html; git checkout ${TAG}; fi && \
+  chown -R www-data:www-data /var/www/html && \
+  ln -s /dev/stderr /var/www/html/error.log
+
+# TODO: Delete if in master. Apply the patch
+ADD rootfs/fixes.patch /fixes.patch
+RUN cd /var/www/html && git apply /fixes.patch
+
+# Allow a reverse proxy
+RUN echo "SetEnvIf x-forwarded-proto https HTTPS=on" > /etc/apache2/conf-enabled/reverse_proxy.conf
+
+COPY rootfs/entrypoint.sh /entrypoint.sh
+
+ENTRYPOINT ["/entrypoint.sh"]
+CMD ["apache2-foreground"]

docker/README.md

@@ -0,0 +1,10 @@
+
+Usage
+-----
+
+```
+# To be able to use the git keys of the current user
+$ bash setup.sh
+$ docker-compose build
+$ docker-compose up
+```

docker/docker-compose.yaml

@@ -0,0 +1,38 @@
+version: '3'
+
+services:
+  app:
+    build:
+      context: .
+      args:
+        # Use a specific tag/commit
+        # TAG: 0.14.0
+        # Configure the PHP version to use
+        PHP_VERSION: 7.4
+    depends_on:
+      - db
+    env_file:
+      - .env
+    image: pdr
+    logging:
+      driver: "json-file"
+      options:
+        max-size: "${LOG_SIZE:-1g}"
+        max-file: "${LOG_COUNT:-5}"
+    ports:
+      - ${HTTP_PORT:-127.0.0.1:8080}:80
+    restart: unless-stopped
+
+  db:
+    image: mysql:8.0
+    environment:
+      MYSQL_ROOT_PASSWORD: $MYSQL_ROOT_PASSWORD
+      MYSQL_DATABASE: $DB_NAME
+      MYSQL_PASSWORD: $DB_PASS
+      MYSQL_USER: $DB_USER
+    shm_size: 512mb
+    volumes:
+      - db:/var/lib/mysql:z
+
+volumes:
+  db:

docker/fixes.patch

@@ -0,0 +1,83 @@
+diff --git a/src/php/classes/class.install.php b/src/php/classes/class.install.php
+index c40e460..2b19f67 100644
+--- a/src/php/classes/class.install.php
++++ b/src/php/classes/class.install.php
+@@ -292,14 +292,22 @@ class install {
+          * This means, that only existing employes can have an account to login.
+          * It follows, that we have to create an employee first, before we can create a user:
+          */
+-        $statement = $this->pdo->prepare("INSERT INTO `employees` (`id`, `last_name`) VALUES (:employee_id, :last_name);");
+-        $statement->execute(array(
++        $statement = $this->pdo->prepare(
++            "INSERT INTO `employees` (`id`, `last_name`, `first_name`, `profession`) VALUES (:employee_id, :last_name, :firs
+t_name, :profession);"
++        );
++        $res = $statement->execute(array(
+             'employee_id' => $this->Config["admin"]["employee_id"],
+-            'last_name' => $this->Config["admin"]["last_name"]
++            'last_name' => $this->Config["admin"]["last_name"],
++            'first_name' => $this->Config["admin"]["user_name"],
++            'profession' => 'PI',
+         ));
++
++        $GLOBALS['config'] = $this->Config;
+         $user = new user($this->Config["admin"]["employee_id"]);
+-        if ($user->exists()) {
++        var_dump($user, $user->exists());
++        if (!$user->exists()) {
+             $user_creation_result = $user->create_new($this->Config["admin"]["employee_id"], $this->Config["admin"]["user_name"], $pas
+sword_hash, $this->Config["admin"]["email"], 'active');
++            var_dump($user_creation_result);
+             if (!$user_creation_result) {
+                 /*
+                  * We were not able to create the administrative user.
+@@ -497,7 +505,6 @@ class install {
+         foreach (user_dialog::$Messages as $Message) {
+             $this->Error_message[] = $Message['text'];
+         }
+-        unset(user_dialog::$Messages);
+         return $test_htaccess->all_folders_are_secure;
+     }
+
+diff --git a/src/php/classes/class.sessions.php b/src/php/classes/class.sessions.php
+index a4c9ded..0c58337 100644
+--- a/src/php/classes/class.sessions.php
++++ b/src/php/classes/class.sessions.php
+@@ -250,7 +250,7 @@ class sessions {
+             /*
+              * Register failed_login_attempts
+              */
+-            $user->register_failed_login_attempt();
++            if ($user) $user->register_failed_login_attempt();
+             $errorMessage .= "<p>Benutzername oder Passwort war ungültig</p>\n";
+             $user_dialog->add_message($errorMessage, E_USER_ERROR, TRUE);
+             return $errorMessage;
+diff --git a/src/php/classes/class.user.php b/src/php/classes/class.user.php
+index 8996f76..2c81396 100644
+--- a/src/php/classes/class.user.php
++++ b/src/php/classes/class.user.php
+@@ -207,10 +207,10 @@ class user {
+      * @return boolean
+      */
+     public function create_new($employee_id, $user_name, $password_hash, $email, $status) {
+-        $statement = $this->pdo->prepare("INSERT INTO"
++        $sql_query = "INSERT INTO"
+                 . " users (user_name, employee_id, password, email, status)"
+-                . " VALUES (:user_name, :employee_id, :password, :email, :status)");
+-        $result = $statement->execute(array(
++                . " VALUES (:user_name, :employee_id, :password, :email, :status)";
++        $result = database_wrapper::instance()->run($sql_query, array(
+             'user_name' => $user_name,
+             'employee_id' => $employee_id,
+             'password' => $password_hash,
+@@ -293,8 +293,8 @@ class user {
+      * @todo should this be static? Is it working?
+      */
+     public function exists() {
+-        $statement = $this->pdo->prepare("SELECT `employee_id` FROM `users` WHERE `employee_id` = :employee_id");
+-        $result = $statement->execute(array('employee_id' => $this->employee_id));
++        $sql_query = "SELECT `employee_id` FROM `users` WHERE `employee_id` = :employee_id";
++        $result = database_wrapper::instance()->run($sql_query, array('employee_id' => $this->employee_id));
+         while ($row = $result->fetch(PDO::FETCH_OBJ)) {
+             return TRUE;
+         }

docker/rootfs/entrypoint.sh

@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+
+#set -e
+
+if [ ! "$DB_PASS" ]; then
+  echo "No database password"
+  exit 1
+fi
+
+exec "$@"

docker/rootfs/fixes.patch

@@ -0,0 +1,111 @@
+diff --git a/.gitignore b/.gitignore
+index a437b33..fb9a103 100644
+--- a/.gitignore
++++ b/.gitignore
+@@ -3,6 +3,7 @@
+ #########################################################################
+ config/
+ documentation/
++.env
+
+ # These files are for development purposes only: #
+ ##################################################
+diff --git a/src/php/classes/class.install.php b/src/php/classes/class.install.php
+index c40e460..69d55e8 100644
+--- a/src/php/classes/class.install.php
++++ b/src/php/classes/class.install.php
+@@ -292,18 +292,26 @@ class install {
+          * This means, that only existing employes can have an account to login.
+          * It follows, that we have to create an employee first, before we can create a user:
+          */
+-        $statement = $this->pdo->prepare("INSERT INTO `employees` (`id`, `last_name`) VALUES (:employee_id, :last_name);");
++        $statement = $this->pdo->prepare(
++            "INSERT INTO `employees` (`id`, `last_name`, `first_name`, `profession`) VALUES (:employee_id, :last_name, :first_name, :profession);"
++        );
+         $statement->execute(array(
+             'employee_id' => $this->Config["admin"]["employee_id"],
+-            'last_name' => $this->Config["admin"]["last_name"]
++            'last_name' => $this->Config["admin"]["last_name"],
++            'first_name' => $this->Config["admin"]["user_name"],
++            'profession' => 'PI',
+         ));
++
++        $original_config = $GLOBALS['config'] ?? NULL;
++        $GLOBALS['config'] = $this->Config;
+         $user = new user($this->Config["admin"]["employee_id"]);
+-        if ($user->exists()) {
++        if (!$user->exists()) {
+             $user_creation_result = $user->create_new($this->Config["admin"]["employee_id"], $this->Config["admin"]["user_name"], $password_hash, $this->Config["admin"]["email"], 'active');
+             if (!$user_creation_result) {
+                 /*
+                  * We were not able to create the administrative user.
+                  */
++                $GLOBALS['config'] = $original_config;
+                 $this->Error_message[] = gettext("Error while trying to create administrative user.");
+                 return FALSE;
+             }
+@@ -314,6 +322,9 @@ class install {
+              */
+             $this->Error_message[] = gettext("Administrative user already exists.");
+         }
++
++        $GLOBALS['config'] = $original_config;
++
+         /*
+          * Grant all privileges to the administrative user:
+          */
+@@ -497,7 +508,9 @@ class install {
+         foreach (user_dialog::$Messages as $Message) {
+             $this->Error_message[] = $Message['text'];
+         }
+-        unset(user_dialog::$Messages);
++
++        // BUG: Attempt to unset static property
++        // unset(user_dialog::$Messages);
+         return $test_htaccess->all_folders_are_secure;
+     }
+
+diff --git a/src/php/classes/class.sessions.php b/src/php/classes/class.sessions.php
+index a4c9ded..11a09fc 100644
+--- a/src/php/classes/class.sessions.php
++++ b/src/php/classes/class.sessions.php
+@@ -250,7 +250,9 @@ class sessions {
+             /*
+              * Register failed_login_attempts
+              */
+-            $user->register_failed_login_attempt();
++            if ($user) {
++                $user->register_failed_login_attempt();
++            }
+             $errorMessage .= "<p>Benutzername oder Passwort war ungültig</p>\n";
+             $user_dialog->add_message($errorMessage, E_USER_ERROR, TRUE);
+             return $errorMessage;
+diff --git a/src/php/classes/class.user.php b/src/php/classes/class.user.php
+index 8996f76..2c81396 100644
+--- a/src/php/classes/class.user.php
++++ b/src/php/classes/class.user.php
+@@ -207,10 +207,10 @@ class user {
+      * @return boolean
+      */
+     public function create_new($employee_id, $user_name, $password_hash, $email, $status) {
+-        $statement = $this->pdo->prepare("INSERT INTO"
++        $sql_query = "INSERT INTO"
+                 . " users (user_name, employee_id, password, email, status)"
+-                . " VALUES (:user_name, :employee_id, :password, :email, :status)");
+-        $result = $statement->execute(array(
++                . " VALUES (:user_name, :employee_id, :password, :email, :status)";
++        $result = database_wrapper::instance()->run($sql_query, array(
+             'user_name' => $user_name,
+             'employee_id' => $employee_id,
+             'password' => $password_hash,
+@@ -293,8 +293,8 @@ class user {
+      * @todo should this be static? Is it working?
+      */
+     public function exists() {
+-        $statement = $this->pdo->prepare("SELECT `employee_id` FROM `users` WHERE `employee_id` = :employee_id");
+-        $result = $statement->execute(array('employee_id' => $this->employee_id));
++        $sql_query = "SELECT `employee_id` FROM `users` WHERE `employee_id` = :employee_id";
++        $result = database_wrapper::instance()->run($sql_query, array('employee_id' => $this->employee_id));
+         while ($row = $result->fetch(PDO::FETCH_OBJ)) {
+             return TRUE;
+         }

docker/setup.sh

@@ -0,0 +1,9 @@
+#!/usr/bin/env bash
+if [ ! -f ".env" ]; then
+  cat > .env <<EOL
+DB_NAME=pdr
+DB_USER=pdr
+DB_PASS=$(cat /dev/urandom | tr -d -c "[:alnum:]" | head -c 25)
+MYSQL_ROOT_PASSWORD=$(cat /dev/urandom | tr -d -c "[:alnum:]" | head -c 25)
+EOL
+fi

src/php/classes/class.install.php

@@ -292,18 +292,26 @@ public function handle_user_input_administration() {
          * This means, that only existing employes can have an account to login.
          * It follows, that we have to create an employee first, before we can create a user:
          */
-        $statement = $this->pdo->prepare("INSERT INTO `employees` (`id`, `last_name`) VALUES (:employee_id, :last_name);");
+        $statement = $this->pdo->prepare(
+            "INSERT INTO `employees` (`id`, `last_name`, `first_name`, `profession`) VALUES (:employee_id, :last_name, :first_name, :profession);"
+        );
         $statement->execute(array(
             'employee_id' => $this->Config["admin"]["employee_id"],
-            'last_name' => $this->Config["admin"]["last_name"]
+            'last_name' => $this->Config["admin"]["last_name"],
+            'first_name' => $this->Config["admin"]["user_name"],
+            'profession' => 'PI',
         ));
+
+        $original_config = $GLOBALS['config'] ?? NULL;
+        $GLOBALS['config'] = $this->Config;
         $user = new user($this->Config["admin"]["employee_id"]);
-        if ($user->exists()) {
+        if (!$user->exists()) {
             $user_creation_result = $user->create_new($this->Config["admin"]["employee_id"], $this->Config["admin"]["user_name"], $password_hash, $this->Config["admin"]["email"], 'active');
             if (!$user_creation_result) {
                 /*
                  * We were not able to create the administrative user.
                  */
+                $GLOBALS['config'] = $original_config;
                 $this->Error_message[] = gettext("Error while trying to create administrative user.");
                 return FALSE;
             }
@@ -314,6 +322,9 @@ public function handle_user_input_administration() {
              */
             $this->Error_message[] = gettext("Administrative user already exists.");
         }
+
+        $GLOBALS['config'] = $original_config;
+
         /*
          * Grant all privileges to the administrative user:
          */
@@ -497,7 +508,9 @@ public function pdr_secret_directories_are_not_visible() {
         foreach (user_dialog::$Messages as $Message) {
             $this->Error_message[] = $Message['text'];
         }
-        unset(user_dialog::$Messages);
+
+        // BUG: Attempt to unset static property
+        // unset(user_dialog::$Messages);
         return $test_htaccess->all_folders_are_secure;
     }
 

src/php/classes/class.sessions.php

@@ -250,7 +250,9 @@ public function login($user_name = NULL, $user_password = NULL, $redirect = TRUE
             /*
              * Register failed_login_attempts
              */
-            $user->register_failed_login_attempt();
+            if ($user) {
+                $user->register_failed_login_attempt();
+            }
             $errorMessage .= "<p>Benutzername oder Passwort war ungültig</p>\n";
             $user_dialog->add_message($errorMessage, E_USER_ERROR, TRUE);
             return $errorMessage;

src/php/classes/class.user.php

@@ -207,10 +207,10 @@ public function set_receive_emails_opt_in($receive_emails_opt_in) {
      * @return boolean
      */
     public function create_new($employee_id, $user_name, $password_hash, $email, $status) {
-        $statement = $this->pdo->prepare("INSERT INTO"
+        $sql_query = "INSERT INTO"
                 . " users (user_name, employee_id, password, email, status)"
-                . " VALUES (:user_name, :employee_id, :password, :email, :status)");
-        $result = $statement->execute(array(
+                . " VALUES (:user_name, :employee_id, :password, :email, :status)";
+        $result = database_wrapper::instance()->run($sql_query, array(
             'user_name' => $user_name,
             'employee_id' => $employee_id,
             'password' => $password_hash,
@@ -293,8 +293,8 @@ private function set_status($new_status) {
      * @todo should this be static? Is it working?
      */
     public function exists() {
-        $statement = $this->pdo->prepare("SELECT `employee_id` FROM `users` WHERE `employee_id` = :employee_id");
-        $result = $statement->execute(array('employee_id' => $this->employee_id));
+        $sql_query = "SELECT `employee_id` FROM `users` WHERE `employee_id` = :employee_id";
+        $result = database_wrapper::instance()->run($sql_query, array('employee_id' => $this->employee_id));
         while ($row = $result->fetch(PDO::FETCH_OBJ)) {
             return TRUE;
         }