feat(attendance): enforce captcha validation before check-in

- require a successful captcha challenge before recording the day’s attendance
- preserve the original attendance summary layout after a successful check-in

Signed-off-by: Qi HU <github@spcsky.com>

lang/chs/lang_attendance.php

@@ -13,4 +13,5 @@ $lang_attendance = array
     'retroactive_event_text' => '补',
     'retroactive_confirm_tip' => '确定要补签: ',
     'retroactive_description' => '点击白色背景的圆点进行补签。你目前拥有补签卡 <b>%d</b> 张。',
+    'attend_button' => '立即签到',
 );

lang/cht/lang_attendance.php

@@ -13,4 +13,5 @@ $lang_attendance = array
     'retroactive_event_text' => '補',
     'retroactive_confirm_tip' => '確定要補簽: ',
     'retroactive_description' => '點擊白色背景的圓點進行補簽。你目前擁有補簽卡 <b>%d</b> 張。',
+    'attend_button' => '立即簽到',
 );

lang/en/lang_attendance.php

@@ -13,4 +13,5 @@ $lang_attendance = array
     'retroactive_event_text' => 'Re',
     'retroactive_confirm_tip' => 'Confirm to attend: ',
     'retroactive_description' => 'Click on the dot on the white background to do attend. You currently have a attendance card <b>%d</b>.',
+    'attend_button' => 'Check in now',
 );

public/attendance.php

@@ -4,33 +4,6 @@ dbconn();
 require get_langfile_path();
 loggedinorreturn();
 parked();
-//$desk = new Attendance($CURUSER['id']);
-//
-//if($result = $desk->attend($attendance_initial_bonus, $attendance_step_bonus, $attendance_max_bonus, $attendance_continuous_bonus)){
-//	list($count, $cdays, $points) = $result;
-//	stdhead($lang_attendance['title']);
-//	begin_main_frame();
-//	begin_frame($lang_attendance['success']);
-//	printf('<p>'.$lang_attendance['attend_info'].'</p>', $count, $cdays, $points);
-//	end_frame();
-//	echo '<ul>';
-//	printf('<li>'.$lang_attendance['initial'].'</li>', $attendance_initial_bonus);
-//	printf('<li>'.$lang_attendance['steps'].'</li>', $attendance_step_bonus, $attendance_max_bonus);
-//	echo '<li><ol>';
-//	foreach($attendance_continuous_bonus as $day => $value){
-//		printf('<li>'.$lang_attendance['continuous'].'</li>', $day, $value);
-//	}
-//	echo '</ol></li>';
-//	echo '</ul>';
-//	end_main_frame();
-//	stdfoot();
-//}else{
-//	stderr($lang_attendance['sorry'], $lang_attendance['already_attended']);
-//}
-
-\Nexus\Nexus::css('vendor/fullcalendar-5.10.2/main.min.css', 'header', true);
-\Nexus\Nexus::js('vendor/fullcalendar-5.10.2/main.min.js', 'footer', true);
-
 $lang = get_langfolder_cookie();
 $localesMap = [
     'en' => 'en-us',
@@ -38,15 +11,69 @@ $localesMap = [
     'cht' => 'zh-tw',
 ];
 $localeJs = $localesMap[$lang] ?? 'en-us';
+
+\Nexus\Nexus::css('vendor/fullcalendar-5.10.2/main.min.css', 'header', true);
+\Nexus\Nexus::js('vendor/fullcalendar-5.10.2/main.min.js', 'footer', true);
 \Nexus\Nexus::js("vendor/fullcalendar-5.10.2/locales/{$localeJs}.js", 'footer', true);
 
+$rep = new \App\Repositories\AttendanceRepository();
+
+if ($_SERVER['REQUEST_METHOD'] === 'POST') {
+    if ($iv == "yes") {
+        check_code($_POST['imagehash'] ?? null, $_POST['imagestring'] ?? null, 'attendance.php');
+    }
+    $attendance = $rep->attend($CURUSER['id']);
+    if (!$attendance->is_updated) {
+        stderr($lang_attendance['sorry'], $lang_attendance['already_attended']);
+    }
+} else {
+    $attendance = $rep->getAttendance($CURUSER['id']);
+    if (!$attendance) {
+        $attendance = new \App\Models\Attendance([
+            'uid' => $CURUSER['id'],
+            'points' => 0,
+            'days' => 0,
+            'total_days' => 0,
+        ]);
+        $attendance->added = null;
+    }
+}
+
 $today = \Carbon\Carbon::today();
 $tomorrow = \Carbon\Carbon::tomorrow();
 $end = $today->clone()->endOfMonth();
 $start = $today->clone()->subMonth(2);
-$rep = new \App\Repositories\AttendanceRepository();
+
-$attendance = $rep->attend($CURUSER['id']);
+$hasAttendedToday = $attendance->added && $attendance->added->isSameDay($today);
-$logs = $attendance->logs()->where('date', '>=', $start->format('Y-m-d'))->get()->keyBy('date');
+stdhead($lang_attendance['title']);
+begin_main_frame();
+
+if ($hasAttendedToday) {
+    $todayDate = $today->format('Y-m-d');
+    $baseQuery = \App\Models\AttendanceLog::query()->where('date', $todayDate);
+    $todayCounts = $baseQuery->count();
+    $myLog = (clone $baseQuery)->where('uid', $CURUSER['id'])->first(['id']);
+    $myRanking = 0;
+    if ($myLog) {
+        $myRanking = (clone $baseQuery)->where('id', '<=', $myLog->id)->count();
+    }
+
+    $count = $attendance->total_days;
+    $cdays = $attendance->days;
+    $points = $attendance->points;
+
+    $headerLeft = sprintf($lang_attendance['attend_info'] . $lang_attendance['retroactive_description'], $count, $cdays, $points, $CURUSER['attendance_card']);
+    $headerRight = nexus_trans('attendance.ranking', ['ranking' => $myRanking, 'counts' => $todayCounts]);
+
+    begin_frame($lang_attendance['success']);
+    printf('<p>%s<span style="float:right">%s</span></p>', $headerLeft, $headerRight);
+    end_frame();
+
+    $logs = \App\Models\AttendanceLog::query()
+        ->where('uid', $CURUSER['id'])
+        ->where('date', '>=', $start->format('Y-m-d'))
+        ->get()
+        ->keyBy('date');
     $interval = new \DateInterval('P1D');
     $period = new \DatePeriod($start, $interval, $end);
 
@@ -72,6 +99,7 @@ foreach ($period as $value) {
             $events[] = array_merge($eventBase, ['groupId' => 'to_do', 'display' => 'list-item']);
         }
     }
+
     $eventStr = json_encode($events);
     $validRangeStr = json_encode(['start' => $start->format('Y-m-d'), 'end' => $end->clone()->addDays(1)->format('Y-m-d')]);
 
@@ -114,18 +142,6 @@ EOP;
 
     \Nexus\Nexus::js($js, 'footer', false);
 
-if (1) {
-    $count = $attendance->total_days;
-    $cdays = $attendance->days;
-    $points = $attendance->points;
-
-    stdhead($lang_attendance['title']);
-    begin_main_frame();
-    begin_frame($lang_attendance['success']);
-    $headerLeft = sprintf($lang_attendance['attend_info'].$lang_attendance['retroactive_description'], $count, $cdays, $points, $CURUSER['attendance_card']);
-    $headerRight = nexus_trans('attendance.ranking', ['ranking' => $attendance->my_ranking, 'counts' => $attendance->today_counts]);
-    printf('<p>%s<span style="float:right">%s</span></p>', $headerLeft, $headerRight);
-    end_frame();
     echo '<div style="display: flex;justify-content: center;padding: 20px 0"><div id="calendar" style="width: 60%"></div></div>';
     echo '<ul>';
     printf('<li>'.$lang_attendance['initial'].'</li>', $attendance_initial_bonus);
@@ -136,9 +152,22 @@ if (1) {
     }
     echo '</ol></li>';
     echo '</ul>';
+} else {
+    $buttonLabel = $lang_attendance['attend_button'] ?? 'Check in';
+    begin_frame($lang_attendance['title']);
+    echo '<table width="100%" border="1" cellspacing="0" cellpadding="10"><tbody>';
+    echo '<tr><td class="text">';
+    echo '<div style="margin-top: 20px; text-align: center;">';
+    echo '<form method="post" action="attendance.php" style="display: inline-block;">';
+    echo '<table border="0" cellpadding="5">';
+    show_image_code();
+    echo '<tr><td class="toolbox" colspan="2" align="center"><input type="submit" value="' . htmlspecialchars($buttonLabel, ENT_QUOTES, 'UTF-8') . '" class="btn" /></td></tr>';
+    echo '</table>';
+    echo '</form>';
+    echo '</div>';
+    echo '</td></tr>';
+    echo '</tbody></table>';
+    end_frame();
+}
 end_main_frame();
 stdfoot();
-
-} else {
-    stderr($lang_attendance['sorry'], $lang_attendance['already_attended']);
-}