1e versie

2025-11-12 10:17:30 +01:00
commit 6b5f9abec7
10 changed files with 255 additions and 0 deletions
--- a/config/config.php
+++ b/config/config.php
@@ -0,0 +1,26 @@
+<?php
+return [
+    'ldap' => [
+        'server' => 'ldap://jouw-ldap-server.local',
+        'base_dn' => 'dc=voorbeeld,dc=nl',
+        'user_dn' => 'ou=users,dc=voorbeeld,dc=nl'
+    ],
+
+    'db' => [
+        'host' => 'localhost',
+        'name' => 'lootjesapp',
+        'user' => 'lootjes',
+        'pass' => 'lootjesIsGek12#'
+    ],
+
+    // deelnemerslijst (alleen gebruikt bij initialisatie)
+    'deelnemers' => [
+        'monica',
+        'thomas',
+        'emmy',
+        'jozefien'
+    ],
+
+    'admin_users' => ['thomas'] // LDAP-gebruikersnaam van beheerder
+];
+
--- a/includes/db.php
+++ b/includes/db.php
@@ -0,0 +1,14 @@
+<?php
+$config = require __DIR__ . '/../config/config.php';
+
+try {
+    $pdo = new PDO(
+        "mysql:host={$config['db']['host']};dbname={$config['db']['name']};charset=utf8mb4",
+        $config['db']['user'],
+        $config['db']['pass'],
+        [PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION]
+    );
+} catch (PDOException $e) {
+    die("Databaseverbinding mislukt: " . $e->getMessage());
+}
+
--- a/includes/functions.php
+++ b/includes/functions.php
@@ -0,0 +1,44 @@
+<?php
+function startNieuweRonde($pdo)
+{
+    $config = require __DIR__ . '/../config/config.php';
+    $deelnemers = $config['deelnemers'];
+    $getrokken = [];
+
+    $targets = $deelnemers;
+    shuffle($targets);
+
+    // Zorg dat niemand zichzelf krijgt
+    do {
+        shuffle($targets);
+    } while (array_intersect_assoc($deelnemers, $targets));
+
+    foreach ($deelnemers as $i => $trekker) {
+        $getrokken[$trekker] = $targets[$i];
+    }
+
+    // Oude ronde archiveren
+    $archiefBestand = __DIR__ . '/../data/archief/' . date('Ymd_His') . '_lootjes.json';
+    if (file_exists(__DIR__ . '/../data/lootjes.json')) {
+        rename(__DIR__ . '/../data/lootjes.json', $archiefBestand);
+    }
+
+    file_put_contents(__DIR__ . '/../data/lootjes.json', json_encode($getrokken, JSON_PRETTY_PRINT));
+    return $getrokken;
+}
+
+function getLootjeVoor($gebruiker)
+{
+    $path = __DIR__ . '/../data/lootjes.json';
+    if (!file_exists($path)) return null;
+
+    $lootjes = json_decode(file_get_contents($path), true);
+    return $lootjes[$gebruiker] ?? null;
+}
+
+function isAdmin($username)
+{
+    $config = require __DIR__ . '/../config/config.php';
+    return in_array($username, $config['admin_users']);
+}
+
--- a/includes/ldap.php
+++ b/includes/ldap.php
@@ -0,0 +1,23 @@
+<?php
+function ldap_authenticate($username, $password)
+{
+    $config = require __DIR__ . '/../config/config.php';
+    $ldapconn = ldap_connect($config['ldap']['server']);
+
+    if (!$ldapconn) {
+        return false;
+    }
+
+    ldap_set_option($ldapconn, LDAP_OPT_PROTOCOL_VERSION, 3);
+    ldap_set_option($ldapconn, LDAP_OPT_REFERRALS, 0);
+
+    $bind_dn = "uid={$username},{$config['ldap']['user_dn']}";
+
+    if (@ldap_bind($ldapconn, $bind_dn, $password)) {
+        ldap_unbind($ldapconn);
+        return true;
+    }
+
+    return false;
+}
+
--- a/public/admin.php
+++ b/public/admin.php
@@ -0,0 +1,31 @@
+<?php
+session_start();
+require_once __DIR__ . '/../includes/functions.php';
+require_once __DIR__ . '/../includes/db.php';
+
+if (!isset($_SESSION['user']) || !isAdmin($_SESSION['user'])) {
+    header('Location: dashboard.php');
+    exit;
+}
+
+$bericht = '';
+if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['nieuwe_ronde'])) {
+    $lootjes = startNieuweRonde($pdo);
+    $bericht = 'Nieuwe ronde gestart!';
+}
+?>
+<!DOCTYPE html>
+<html>
+<head><title>Beheer</title></head>
+<body>
+<h2>Beheerpagina</h2>
+<?php if ($bericht): ?><p style="color:green"><?= htmlspecialchars($bericht) ?></p><?php endif; ?>
+
+<form method="post">
+    <button type="submit" name="nieuwe_ronde">Start nieuwe lootjes-ronde</button>
+</form>
+
+<p><a href="dashboard.php">Terug</a></p>
+</body>
+</html>
+
--- a/public/dashboard.php
+++ b/public/dashboard.php
@@ -0,0 +1,34 @@
+<?php
+session_start();
+require_once __DIR__ . '/../includes/functions.php';
+
+if (!isset($_SESSION['user'])) {
+    header('Location: login.php');
+    exit;
+}
+
+$gebruiker = $_SESSION['user'];
+$lootje = getLootjeVoor($gebruiker);
+?>
+<!DOCTYPE html>
+<html>
+<head><title>Dashboard</title></head>
+<body>
+<h2>Welkom, <?= htmlspecialchars($gebruiker) ?></h2>
+
+<?php if ($lootje): ?>
+    <p>Je hebt getrokken: <strong><?= htmlspecialchars($lootje) ?></strong></p>
+<?php else: ?>
+    <p>Er is nog geen ronde gestart.</p>
+<?php endif; ?>
+
+<p><a href="wishlist.php">Mijn verlanglijstje</a></p>
+
+<?php if (isAdmin($gebruiker)): ?>
+    <p><a href="admin.php">Beheerpagina</a></p>
+<?php endif; ?>
+
+<p><a href="logout.php">Uitloggen</a></p>
+</body>
+</html>
+
--- a/public/index.php
+++ b/public/index.php
@@ -0,0 +1,10 @@
+<?php
+session_start();
+
+if (isset($_SESSION['user'])) {
+    header('Location: dashboard.php');
+    exit;
+}
+header('Location: login.php');
+exit;
+
--- a/public/login.php
+++ b/public/login.php
@@ -0,0 +1,33 @@
+<?php
+session_start();
+require_once __DIR__ . '/../includes/ldap.php';
+
+$error = '';
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $user = $_POST['username'] ?? '';
+    $pass = $_POST['password'] ?? '';
+
+    if (ldap_authenticate($user, $pass)) {
+        $_SESSION['user'] = $user;
+        header('Location: dashboard.php');
+        exit;
+    } else {
+        $error = 'Ongeldige login.';
+    }
+}
+?>
+<!DOCTYPE html>
+<html>
+<head><title>Login</title></head>
+<body>
+<h2>Login</h2>
+<form method="post">
+    <label>Gebruikersnaam: <input type="text" name="username"></label><br>
+    <label>Wachtwoord: <input type="password" name="password"></label><br>
+    <button type="submit">Aanmelden</button>
+</form>
+<p style="color:red"><?= htmlspecialchars($error) ?></p>
+</body>
+</html>
+
--- a/public/logout.php
+++ b/public/logout.php
@@ -0,0 +1,6 @@
+<?php
+session_start();
+session_destroy();
+header('Location: login.php');
+exit;
+
--- a/public/wishlist.php
+++ b/public/wishlist.php
@@ -0,0 +1,34 @@
+<?php
+session_start();
+require_once __DIR__ . '/../includes/db.php';
+
+if (!isset($_SESSION['user'])) {
+    header('Location: login.php');
+    exit;
+}
+
+$gebruiker = $_SESSION['user'];
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    $wensen = $_POST['wensen'] ?? '';
+    $stmt = $pdo->prepare("REPLACE INTO wishlists (user, wensen) VALUES (?, ?)");
+    $stmt->execute([$gebruiker, $wensen]);
+}
+
+$stmt = $pdo->prepare("SELECT wensen FROM wishlists WHERE user = ?");
+$stmt->execute([$gebruiker]);
+$wensen = $stmt->fetchColumn();
+?>
+<!DOCTYPE html>
+<html>
+<head><title>Verlanglijstje</title></head>
+<body>
+<h2>Mijn verlanglijstje</h2>
+<form method="post">
+    <textarea name="wensen" rows="8" cols="40"><?= htmlspecialchars($wensen ?? '') ?></textarea><br>
+    <button type="submit">Opslaan</button>
+</form>
+<p><a href="dashboard.php">Terug</a></p>
+</body>
+</html>
+