Update directory to have better security and also hide suites

benthemonkey · Oct 13, 2017 · ccfb94b · ccfb94b
1 parent a11f31e
commit ccfb94b
Show file tree

Hide file tree

Showing 4 changed files with 56 additions and 36 deletions.
diff --git a/ajax/PointsCenter.php b/ajax/PointsCenter.php
@@ -22,7 +22,7 @@ public function __construct()
 
     private static function initializeConnection()
     {
-        require_once __DIR__ . "/datastoreVars.php";
+        require __DIR__ . "/datastoreVars.php";
         if (is_null(self::$dbConn)) {
             $dsn = $DB_TYPE . ":host=" . $DB_HOST . ";dbname=" . $DB_NAME;
             try {
@@ -195,10 +195,17 @@ public function updateQuarterInfo($name, $value)
         return true;
     }
 
-    public function getDirectory()
+    public function getDirectory($password)
     {
+        require __DIR__ . "/datastoreVars.php";
+
+        $extraColumns = "";
+        if (isset($DIRECTORY_PASSWORD) && $password == $DIRECTORY_PASSWORD) {
+            $extraColumns = ",suite,photo";
+        }
+
         return self::fetchAllQuery(
-            "SELECT first_name,last_name,year,major,suite,photo
+            "SELECT first_name,last_name,year,major$extraColumns
                 FROM slivkans
                 LEFT JOIN suites ON slivkans.nu_email=suites.nu_email AND suites.qtr=:qtr
                 WHERE qtr_joined <= :qtr AND (qtr_final IS NULL OR qtr_final >= :qtr)

diff --git a/ajax/datastoreVars.template.php b/ajax/datastoreVars.template.php
@@ -4,3 +4,5 @@
 $DB_NAME = "slivka";
 $DB_USER = "root";
 $DB_PASS = "root";
+
+$DIRECTORY_PASSWORD = "password";
diff --git a/ajax/getDirectory.php b/ajax/getDirectory.php
@@ -2,6 +2,6 @@
 header('Content-type: text/html; charset=utf-8');
 require_once "./PointsCenter.php";
 $points_center = new \Slivka\PointsCenter();
-$directory = $points_center->getDirectory();
+$directory = $points_center->getDirectory($_POST['password']);
 
 echo json_encode($directory);
diff --git a/js/directory.js b/js/directory.js
@@ -3,49 +3,60 @@
 jQuery(function() {
     'use strict';
 
-    var init = function() {
-        $.getJSON('/points/ajax/getDirectory.php', function(data) {
-            var i;
-            var path = 'http://slivka.northwestern.edu/points/img/slivkans/';
-
-            for (i = 0; i < data.length; i++) {
-                data[i][5] = [
-                    '<img class="directoryphoto" src="', path, data[i][5], '"',
-                    'title="', data[i][0], ' ', data[i][1], '"',
-                    'style="height: 100px; display: none;" />'
-                ].join('');
+    var dataTable = null;
+
+    var displayDirectory = function(data) {
+        var i;
+        var path = 'http://slivka.northwestern.edu/points/img/slivkans/';
+        var hasCorrectPassword = data[0].length === 6;
+
+        for (i = 0; i < data.length; i++) {
+            if (!hasCorrectPassword) {
+                data[i].push('-', 'missing.jpg');
             }
 
-            $('#directory').dataTable( {
+            data[i][5] = [
+                '<img class="directoryphoto" src="', path, data[i][5], '"',
+                'title="', data[i][0], ' ', data[i][1], '"',
+                'style="height: 100px; display: none;" />'
+            ].join('');
+        }
+
+        if (!dataTable) {
+            // eslint-disable-next-line new-cap
+            dataTable = $('#directory').DataTable( {
                 data: data,
                 columns: [
-                { title: 'First Name' },
-                { title: 'Last Name' },
-                { title: 'Year' },
-                { title: 'Major' },
-                { title: 'Suite' },
-                { title: 'Photo', orderable: false }
+                    { title: 'First Name' },
+                    { title: 'Last Name' },
+                    { title: 'Year' },
+                    { title: 'Major' },
+                    { title: 'Suite' },
+                    { title: 'Photo', orderable: false }
                 ],
                 order: [[0, 'asc']],
                 paging: false
             });
+        } else {
+            dataTable.clear();
+            dataTable.rows.add(data);
+            dataTable.draw();
+        }
 
-            // directory password
-            // This is a very insecure measure, mostly so the photos
-            // aren't displayed by default and you have to know javascript to display them
-            $('#submitdirectorypass').click(function() {
-                if ('discoverslivka' === $('#directorypass').val()) {
-                    $('.directoryphoto').show();
+        if (hasCorrectPassword) {
+            $('.directoryphoto').show();
+        }
+    };
 
-                    // dumb but works: saving password in localstorage
-                    localStorage.directorypass = 'discoverslivka';
-                }
-            });
+    var init = function() {
+        $.getJSON('/points/ajax/getDirectory.php', displayDirectory);
 
-            if (localStorage.directorypass) {
-                $('#directorypass').val(localStorage.directorypass);
-                $('#submitdirectorypass').click();
-            }
+        // directory password
+        $('#directorypass').submit(function() {
+            var password = $('#directorypass input').val();
+
+            $.post('/points/ajax/getDirectory.php', { password: password }, displayDirectory, 'json');
+            return false;
         });
     };