1e versie

2025-11-12 10:17:30 +01:00
commit 6b5f9abec7
10 changed files with 255 additions and 0 deletions
--- a/config/config.php
+++ b/config/config.php
@@ -0,0 +1,26 @@
 <?php
 return [
    'ldap' => [
        'server' => 'ldap://jouw-ldap-server.local',
        'base_dn' => 'dc=voorbeeld,dc=nl',
        'user_dn' => 'ou=users,dc=voorbeeld,dc=nl'
    ],
    'db' => [
        'host' => 'localhost',
        'name' => 'lootjesapp',
        'user' => 'lootjes',
        'pass' => 'lootjesIsGek12#'
    ],
    // deelnemerslijst (alleen gebruikt bij initialisatie)
    'deelnemers' => [
        'monica',
        'thomas',
        'emmy',
        'jozefien'
    ],
    'admin_users' => ['thomas'] // LDAP-gebruikersnaam van beheerder
 ];
--- a/includes/db.php
+++ b/includes/db.php
@@ -0,0 +1,14 @@
 <?php
 $config = require __DIR__ . '/../config/config.php';
 try {
    $pdo = new PDO(
        "mysql:host={$config['db']['host']};dbname={$config['db']['name']};charset=utf8mb4",
        $config['db']['user'],
        $config['db']['pass'],
        [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
    );
 } catch (PDOException $e) {
    die("Databaseverbinding mislukt: " . $e->getMessage());
 }
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -0,0 +1,44 @@
 <?php
 function startNieuweRonde($pdo)
 {
    $config = require __DIR__ . '/../config/config.php';
    $deelnemers = $config['deelnemers'];
    $getrokken = [];
    $targets = $deelnemers;
    shuffle($targets);
    // Zorg dat niemand zichzelf krijgt
    do {
        shuffle($targets);
    } while (array_intersect_assoc($deelnemers, $targets));
    foreach ($deelnemers as $i => $trekker) {
        $getrokken[$trekker] = $targets[$i];
    }
    // Oude ronde archiveren
    $archiefBestand = __DIR__ . '/../data/archief/' . date('Ymd_His') . '_lootjes.json';
    if (file_exists(__DIR__ . '/../data/lootjes.json')) {
        rename(__DIR__ . '/../data/lootjes.json', $archiefBestand);
    }
    file_put_contents(__DIR__ . '/../data/lootjes.json', json_encode($getrokken, JSON_PRETTY_PRINT));
    return $getrokken;
 }
 function getLootjeVoor($gebruiker)
 {
    $path = __DIR__ . '/../data/lootjes.json';
    if (!file_exists($path)) return null;
    $lootjes = json_decode(file_get_contents($path), true);
    return $lootjes[$gebruiker] ?? null;
 }
 function isAdmin($username)
 {
    $config = require __DIR__ . '/../config/config.php';
    return in_array($username, $config['admin_users']);
 }
--- a/includes/ldap.php
+++ b/includes/ldap.php
@@ -0,0 +1,23 @@
 <?php
 function ldap_authenticate($username, $password)
 {
    $config = require __DIR__ . '/../config/config.php';
    $ldapconn = ldap_connect($config['ldap']['server']);
    if (!$ldapconn) {
        return false;
    }
    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
    $bind_dn = "uid={$username},{$config['ldap']['user_dn']}";
    if (@ldap_bind($ldapconn, $bind_dn, $password)) {
        ldap_unbind($ldapconn);
        return true;
    }
    return false;
 }
--- a/public/admin.php
+++ b/public/admin.php
@@ -0,0 +1,31 @@
 <?php
 session_start();
 require_once __DIR__ . '/../includes/functions.php';
 require_once __DIR__ . '/../includes/db.php';
 if (!isset($_SESSION['user']) || !isAdmin($_SESSION['user'])) {
    header('Location: dashboard.php');
    exit;
 }
 $bericht = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['nieuwe_ronde'])) {
    $lootjes = startNieuweRonde($pdo);
    $bericht = 'Nieuwe ronde gestart!';
 }
 ?>
 <!DOCTYPE html>
 <html>
 <head><title>Beheer</title></head>
 <body>
 <h2>Beheerpagina</h2>
 <?php if ($bericht): ?><p style="color:green"><?= htmlspecialchars($bericht) ?></p><?php endif; ?>
 <form method="post">
    <button type="submit" name="nieuwe_ronde">Start nieuwe lootjes-ronde</button>
 </form>
 <p><a href="dashboard.php">Terug</a></p>
 </body>
 </html>
--- a/public/dashboard.php
+++ b/public/dashboard.php
@@ -0,0 +1,34 @@
 <?php
 session_start();
 require_once __DIR__ . '/../includes/functions.php';
 if (!isset($_SESSION['user'])) {
    header('Location: login.php');
    exit;
 }
 $gebruiker = $_SESSION['user'];
 $lootje = getLootjeVoor($gebruiker);
 ?>
 <!DOCTYPE html>
 <html>
 <head><title>Dashboard</title></head>
 <body>
 <h2>Welkom, <?= htmlspecialchars($gebruiker) ?></h2>
 <?php if ($lootje): ?>
    <p>Je hebt getrokken: <strong><?= htmlspecialchars($lootje) ?></strong></p>
 <?php else: ?>
    <p>Er is nog geen ronde gestart.</p>
 <?php endif; ?>
 <p><a href="wishlist.php">Mijn verlanglijstje</a></p>
 <?php if (isAdmin($gebruiker)): ?>
    <p><a href="admin.php">Beheerpagina</a></p>
 <?php endif; ?>
 <p><a href="logout.php">Uitloggen</a></p>
 </body>
 </html>
--- a/public/index.php
+++ b/public/index.php
@@ -0,0 +1,10 @@
 <?php
 session_start();
 if (isset($_SESSION['user'])) {
    header('Location: dashboard.php');
    exit;
 }
 header('Location: login.php');
 exit;
--- a/public/login.php
+++ b/public/login.php
@@ -0,0 +1,33 @@
 <?php
 session_start();
 require_once __DIR__ . '/../includes/ldap.php';
 $error = '';
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $user = $_POST['username'] ?? '';
    $pass = $_POST['password'] ?? '';
    if (ldap_authenticate($user, $pass)) {
        $_SESSION['user'] = $user;
        header('Location: dashboard.php');
        exit;
    } else {
        $error = 'Ongeldige login.';
    }
 }
 ?>
 <!DOCTYPE html>
 <html>
 <head><title>Login</title></head>
 <body>
 <h2>Login</h2>
 <form method="post">
    <label>Gebruikersnaam: <input type="text" name="username"></label><br>
    <label>Wachtwoord: <input type="password" name="password"></label><br>
    <button type="submit">Aanmelden</button>
 </form>
 <p style="color:red"><?= htmlspecialchars($error) ?></p>
 </body>
 </html>
--- a/public/logout.php
+++ b/public/logout.php
@@ -0,0 +1,6 @@
 <?php
 session_start();
 session_destroy();
 header('Location: login.php');
 exit;
--- a/public/wishlist.php
+++ b/public/wishlist.php
@@ -0,0 +1,34 @@
 <?php
 session_start();
 require_once __DIR__ . '/../includes/db.php';
 if (!isset($_SESSION['user'])) {
    header('Location: login.php');
    exit;
 }
 $gebruiker = $_SESSION['user'];
 if ($_SERVER['REQUEST_METHOD'] === 'POST') {
    $wensen = $_POST['wensen'] ?? '';
    $stmt = $pdo->prepare("REPLACE INTO wishlists (user, wensen) VALUES (?, ?)");
    $stmt->execute([$gebruiker, $wensen]);
 }
 $stmt = $pdo->prepare("SELECT wensen FROM wishlists WHERE user = ?");
 $stmt->execute([$gebruiker]);
 $wensen = $stmt->fetchColumn();
 ?>
 <!DOCTYPE html>
 <html>
 <head><title>Verlanglijstje</title></head>
 <body>
 <h2>Mijn verlanglijstje</h2>
 <form method="post">
    <textarea name="wensen" rows="8" cols="40"><?= htmlspecialchars($wensen ?? '') ?></textarea><br>
    <button type="submit">Opslaan</button>
 </form>
 <p><a href="dashboard.php">Terug</a></p>
 </body>
 </html>