diff options
| author | Philip Häusler <msquare@notrademark.de> | 2012-12-12 22:11:46 +0100 |
|---|---|---|
| committer | Philip Häusler <msquare@notrademark.de> | 2012-12-12 22:11:46 +0100 |
| commit | 518f8d0d586280de05d5b21417a9d61a94dd1c01 (patch) | |
| tree | f5dbbc05f7ad6490dfe9586a5f3d4304ab537204 | |
| parent | 572a986e480c5273742720f888010950a15be029 (diff) | |
| parent | db95fe6485f13c0041bbafbb0004b171cd9122e7 (diff) | |
Merge branch 'master' of https://vcs.wybt.net/engelsystem/git
| -rw-r--r-- | db/update.d/17_translations.php | 59 | ||||
| -rw-r--r-- | db/update.d/18_translations.php | 17 | ||||
| -rw-r--r-- | db/update.d/19_password_field.php | 7 | ||||
| -rw-r--r-- | includes/pages/admin_user.php | 2 | ||||
| -rw-r--r-- | includes/pages/guest_login.php | 11 | ||||
| -rw-r--r-- | includes/pages/user_myshifts.php | 21 | ||||
| -rw-r--r-- | includes/pages/user_settings.php | 30 | ||||
| -rw-r--r-- | includes/pages/user_shifts.php | 45 | ||||
| -rw-r--r-- | includes/sys_auth.php | 50 | ||||
| -rw-r--r-- | install/default-conf/config.php | 15 | ||||
| -rw-r--r-- | templates/user_myshifts.html | 11 | ||||
| -rw-r--r-- | templates/user_shifts.html | 11 |
12 files changed, 191 insertions, 88 deletions
diff --git a/db/update.d/17_translations.php b/db/update.d/17_translations.php new file mode 100644 index 00000000..962b6052 --- /dev/null +++ b/db/update.d/17_translations.php @@ -0,0 +1,59 @@ +<?php +// there have been some new translations added. +// For each of them, check if we already got it and create it if not +// We can conviniently do this with "INSERT IGNORE" and a UNIQUE key: + +$res = sql_select("SHOW INDEX FROM `Sprache` WHERE `Key_name` = 'TextID'"); +if($res[0]['Non_unique'] != 0) { + sql_query("ALTER TABLE `Sprache` DROP INDEX `TextID`, ADD UNIQUE (`TextID`, `Sprache`)"); + $applied = true; +} + +$res = mysql_query("INSERT IGNORE INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES +('no_access_text', 'DE', 'Du hast keinen Zugriff auf diese Seite. Vermutlich muss du dich erst anmelden/registrieren!'), +('no_access_text', 'EN', 'You don't have permission to view this page. You probably have to sign in or register in order to gain access!'), +('no_access_title', 'DE', 'Kein Zugriff'), +('no_access_title', 'EN', 'No Access'), +('rooms', 'DE', 'Räume'), +('rooms', 'EN', 'rooms'), +('days', 'DE', 'Tage'), +('days', 'EN', 'days'), +('tasks', 'DE', 'Aufgaben'), +('tasks', 'EN', 'tasks'), +('occupancy', 'DE', 'Belegung'), +('occupancy' ,'EN', 'occupancy'), +('all', 'DE', 'alle'), +('all', 'EN', 'all'), +('none', 'DE', 'keine'), +('none', 'EN', 'none'), +('entries', 'DE', 'Einträge'), +('entries', 'EN', 'entries'), +('time', 'DE', 'Zeit'), +('time', 'EN', 'time'), +('room', 'DE', 'Raum'), +('room' ,'EN', 'room'), +('to_filter', 'DE', 'filtern'), +('to_filter', 'EN', 'filter'), +('pub_schichtplan_tasks_notice', 'DE', 'Die hier angezeigten Aufgaben werden durch die Präferenzen in deinen Einstellungen beeinflusst!'), +('pub_schichtplan_tasks_notice', 'EN', 'The tasks shown here are influenced by the preferences you defined in your settings!'), +('inc_schicht_ical_text', 'DE', 'Zum Abonnieren der angezeigten Schichten in deiner Kalender-Software benutze <a href=\"%s\">diesen Link</a> (bitte geheimhalten, im Notfall Deinen <a href=\"%s\">iCal-Key zurücksetzen</a>):'), +('inc_schicht_ical_text', 'EN', 'To subscribe the shifts shown in your calendar software, use <a href=\"%s\">this link</a> (please keep secret, otherwise <a href=\"%s\">reset the ical key</a>):'), +('helpers', 'DE', 'Helfer'), +('helpers', 'EN', 'helpers'), +('helper', 'DE', 'Helfer'), +('helper', 'EN', 'helper'), +('needed', 'DE', 'gebraucht'), +('needed', 'EN', 'needed'), +('pub_myshifts_intro', 'DE', 'Hier sind Deine Schichten.<br/>Versuche bitte <b>15 Minuten</b> vor Schichtbeginn anwesend zu sein!<br/>Du kannst Dich %d Stunden vor Schichtbeginn noch aus Schichten wieder austragen.'), +('pub_myshifts_intro', 'EN', 'These are your shifts.<br/>Please try to appear <b>15 minutes</b> before your shift begins!<br/>You can remove yourself from a shift up to %d hours before it starts.'), +('pub_myshifts_goto_shifts', 'DE', 'Gehe zum <a href=\"%s\">Schichtplan</a> um Dich für Schichten einzutragen.'), +('pub_myshifts_goto_shifts', 'EN', 'Go to the <a href=\"%s\">shifts table</a> to sign yourself up for some shifts.'), +('pub_myshifts_signed_off', 'DE', 'Du wurdest aus der Schicht ausgetragen.'), +('pub_myshifts_signed_off', 'EN', 'You have been signed off from the shift.'), +('pub_myshifts_too_late', 'DE', 'Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. den Schichtkoordinator, ob er dich austragen kann.'), +('pub_myshifts_too_late', 'EN', 'It\'s too late to sign yourself off the shift. If neccessary, as the dispatcher to do so.'), +('sign_off', 'DE', 'austragen'), +('sign_off', 'EN', 'sign off');"); + +if(mysql_affected_rows() > 0) + $applied = true; diff --git a/db/update.d/18_translations.php b/db/update.d/18_translations.php new file mode 100644 index 00000000..995a2450 --- /dev/null +++ b/db/update.d/18_translations.php @@ -0,0 +1,17 @@ +<?php +// one translation pair added last commit was faulty (contained a closing : +// even though it should have been a .), we fix it now +mysql_query("UPDATE `Sprache` +SET `Text` = CONCAT(SUBSTR(`Text`, 1, CHAR_LENGTH(`Text`)-1), '.') +WHERE `TextID` = 'inc_schicht_ical_text' AND `Text` LIKE '%:';"); + +$applied = mysql_affected_rows() > 0; + +// more translations +$res = mysql_query("INSERT IGNORE INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES +('occupied', 'DE', 'belegt'), +('occupied', 'EN', 'occupied'), +('free', 'DE', 'frei'), +('free', 'EN', 'free');"); + +$applied |= mysql_affected_rows() > 0; diff --git a/db/update.d/19_password_field.php b/db/update.d/19_password_field.php new file mode 100644 index 00000000..85333f28 --- /dev/null +++ b/db/update.d/19_password_field.php @@ -0,0 +1,7 @@ +<?php +// make the Passwort column in the User table longer to store more advanced hashes with salts +$res = sql_select("DESCRIBE `User` `Passwort`"); +if ($res[0]['Type'] == 'varchar(40)') { + sql_query("ALTER TABLE `User` CHANGE `Passwort` `Passwort` VARCHAR(128) NULL"); + $applied = true; +} diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 3c26062b..d9f5d749 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -240,7 +240,7 @@ function admin_user() { case 'change_pw' : if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) { - sql_query("UPDATE `User` SET `Passwort`='" . sql_escape(PassCrypt($_REQUEST['new_pw'])) . "' WHERE `UID`=" . sql_escape($id) . " LIMIT 1"); + set_password($id, $_REQUEST['new_pw']); $html .= success("Passwort neu gesetzt.", true); } else { $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true); diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index c75327de..db479388 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -71,10 +71,8 @@ function guest_register() { } } - if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= 6) { - if ($_REQUEST['password'] == $_REQUEST['password2']) { - $password_hash = PassCrypt($_REQUEST['password']); - } else { + if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { + if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; $msg .= error(Get_Text("makeuser_error_password1"), true); } @@ -112,9 +110,10 @@ function guest_register() { "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . "', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'"); - // Assign user-group + // Assign user-group and set password $user_id = sql_id(); sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($user_id) . ", `group_id`=-2"); + set_password($user_id, $_REQUEST['password']); // Assign angel-types foreach ($selected_angel_types as $selected_angel_type_id) @@ -176,7 +175,7 @@ function guest_login() { if (count($login_user) > 0) { $login_user = $login_user[0]; if (isset ($_REQUEST['password'])) { - if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) { + if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) { $ok = false; $msg .= error(Get_Text("pub_index_pass_no_ok"), true); } diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php index a4de1c1b..390b3b01 100644 --- a/includes/pages/user_myshifts.php +++ b/includes/pages/user_myshifts.php @@ -58,9 +58,9 @@ function user_myshifts() { $shift = $shift[0]; if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) { sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); - $msg .= success("Du wurdest aus der Schicht ausgetragen.", true); + $msg .= success(Get_Text("pub_myshifts_signed_off"), true); } else - $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.", true); + $msg .= error(Get_Text("pub_myshifts_too_late"), true); } else redirect(page_link_to('user_myshifts')); } @@ -78,24 +78,25 @@ function user_myshifts() { $html .= '<td>' . $shift['name'] . '</td>'; $html .= '<td>' . $shift['Comment'] . '</td>'; $html .= '<td>'; - $html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">bearbeiten</a>'; + $html .= '<a href="' . page_link_to('user_myshifts') . '&edit=' . $shift['id'] . '">' . Get_Text('edit') . '</a>'; if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 60) - $html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">austragen</a>'; + $html .= ' | <a href="' . page_link_to('user_myshifts') . '&cancel=' . $shift['id'] . '">' . Get_Text('sign_off') . '</a>'; $html .= '</td>'; $html .= '</tr>'; } if ($html == "") - $html = '<tr><td>Keine...</td><td></td><td></td><td></td><td></td><td>Gehe zum <a href="' . page_link_to('user_shifts') . '">Schichtplan</a> um Dich für Schichten einzutragen.</td></tr>'; + $html = '<tr><td>' . ucfirst(Get_Text('none')) . '...</td><td></td><td></td><td></td><td></td><td>' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . '</td></tr>'; if ($shifts_user['ical_key'] == "") user_reset_ical_key($shifts_user); return msg().template_render('../templates/user_myshifts.html', array ( - 'h' => $LETZTES_AUSTRAGEN, + 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN), 'shifts' => $html, 'msg' => $msg, - 'ical_link' => page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], - 'reset_link' => page_link_to('user_myshifts') . '&reset' - )); + 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), + page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'], + page_link_to('user_myshifts') . '&reset'), +)); } -?>
\ No newline at end of file +?> diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 5ea4af27..cfeb38cf 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -114,29 +114,17 @@ function user_settings() { elseif (isset ($_REQUEST['submit_password'])) { $ok = true; - if (!isset ($_REQUEST['password']) || $user['Passwort'] != PassCrypt($_REQUEST['password'])) { - $ok = false; + if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) $msg .= error(Get_Text(30), true); - } - - if (isset ($_REQUEST['new_password']) && strlen($_REQUEST['new_password']) >= 6) { - if ($_REQUEST['new_password'] == $_REQUEST['new_password2']) { - $password_hash = PassCrypt($_REQUEST['new_password']); - } else { - $ok = false; - $msg .= error(Get_Text("makeuser_error_password1"), true); - } - } else { - $ok = false; - $msg .= error(Get_Text("makeuser_error_password2"), true); - } - - if ($ok) { - sql_query("UPDATE `User` SET `Passwort`='" . sql_escape($password_hash) . "' WHERE `UID`=" . sql_escape($user['UID'])); - + elseif (strlen($_REQUEST['new_password']) <= MIN_PASSWORD_LENGTH) + $msg .= error(Get_Text("makeuser_error_password2")); + elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) + $msg .= error(Get_Text("makeuser_error_password1"), true); + elseif(set_password($user['UID'], $_REQUEST['new_password'])) success("Password saved."); - redirect(page_link_to('user_settings')); - } + else + error("Failed setting password."); + redirect(page_link_to('user_settings')); } elseif (isset ($_REQUEST['submit_theme'])) { $ok = true; diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index c144733d..785fc8ab 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -268,14 +268,16 @@ function view_user_shifts() { $types = sql_select("SELECT `id`, `name` FROM `AngelTypes`"); else $types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL)"); + if (empty($types)) + $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0"); $filled = array ( array ( 'id' => '1', - 'name' => 'Volle' + 'name' => Get_Text('occupied') ), array ( 'id' => '0', - 'name' => 'Freie' + 'name' => Get_Text('free') ) ); @@ -347,9 +349,10 @@ function view_user_shifts() { $query .= "`shift_id` = " . sql_escape($shift['SID']); else $query .= "`room_id` = " . sql_escape($shift['RID']); - $query .= " AND `count` > 0 - AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") - ORDER BY `AngelTypes`.`name`"; + $query .= " AND `count` > 0 "; + if (!empty($_SESSION['user_shifts']['types'])) + $query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") "; + $query .= "ORDER BY `AngelTypes`.`name`"; $angeltypes = sql_select($query); if (count($angeltypes) > 0) { @@ -363,12 +366,15 @@ function view_user_shifts() { else $entry_list[] = $entry['Nick']; } + // do we need more angles of this type? if ($angeltype['count'] - count($entries) > 0) { - if ((time() < $shift['end'] && !$my_shift) || in_array('user_shifts_admin', $privileges)) { - $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . ($angeltype['count'] - count($entries)) . ' Helfer' . ($angeltype['count'] - count($entries) != 1 ? '' : '') . ' gebraucht »</a>'; - } else { - $entry_list[] = ($angeltype['count'] - count($entries)) . ' Helfer gebraucht'; - } + $inner_text = ($angeltype['count'] - count($entries)) . ' ' . Get_Text($angeltype['count'] - count($entries) == 1 ? 'helper' : 'helpers') . ' ' . Get_Text('needed'); + // is the shift still running or alternatively is the user shift admin? + if ((time() < $shift['end'] && !$my_shift) || in_array('user_shifts_admin', $privileges)) + $entry_list[] = '<a href="' . page_link_to('user_shifts') . '&shift_id=' . $shift['SID'] . '&type_id=' . $angeltype['id'] . '">' . $inner_text . ' »</a>'; + else + $entry_list[] = $inner_text; + unset($inner_text); $is_free = true; } @@ -391,13 +397,16 @@ function view_user_shifts() { user_reset_ical_key($user); return msg() . template_render('../templates/user_shifts.html', array ( - 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", "Räume"), - 'day_select' => make_select($days, $_SESSION['user_shifts']['days'], "days", "Tage"), - 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", "Aufgaben"), - 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", "Besetzung"), + 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", ucfirst(Get_Text("rooms"))), + 'day_select' => make_select($days, $_SESSION['user_shifts']['days'], "days", ucfirst(Get_Text("days"))), + 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", ucfirst(Get_Text("tasks")) . '<sup>1</sup>'), + 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", ucfirst(Get_Text("occupancy"))), + 'task_notice' => '<sup>1</sup>' . Get_Text("pub_schichtplan_tasks_notice"), 'shifts_table' => $shifts_table, - 'ical_link' => make_user_shifts_ical_link($user['ical_key']), - 'reset_link' => page_link_to('user_myshifts') . '&reset' + 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), make_user_shifts_ical_link($user['ical_key']), page_link_to('user_myshifts') . '&reset'), + 'header1' => ucfirst(Get_Text("time")) . "/" . ucfirst(Get_Text("room")), + 'header2' => ucfirst(Get_Text("entries")), + 'filter' => ucfirst(Get_Text("to_filter")), )); } @@ -430,8 +439,8 @@ function make_select($items, $selected, $name, $title = null) { $html .= implode("\n", $html_items); $html .= '</ul>' . "\n"; $html .= buttons(array ( - button("javascript: check_all('selection_" . $name . "')", "Alle", ""), - button("javascript: uncheck_all('selection_" . $name . "')", "Keine", "") + button("javascript: check_all('selection_" . $name . "')", Get_Text("all"), ""), + button("javascript: uncheck_all('selection_" . $name . "')", Get_Text("none"), "") )); $html .= '</div>' . "\n"; return $html; diff --git a/includes/sys_auth.php b/includes/sys_auth.php index e1869029..68cf17e4 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -28,15 +28,40 @@ function load_auth() { $privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1); } -function PassCrypt($passwort) { - global $crypt_system; - - switch ($crypt_system) { - case "crypt" : - return "{crypt}" . crypt($passwort, "77"); - case "md5" : - return md5($passwort); +// generate a salt (random string) of arbitrary length suitable for the use with crypt() +function generate_salt($length = 16) { + $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; + $salt = ""; + for ($i = 0; $i < $length; $i++) { + $salt .= $alphabet[rand(0, strlen($alphabet)-1)]; } + return $salt; +} + +// set the password of a user +function set_password($uid, $password) { + $res = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1"); + return $res && (mysql_affected_rows() > 0); +} + +// verify a password given a precomputed salt. +// if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically +function verify_password($password, $salt, $uid = false) { + $correct = false; + if (substr($salt, 0, 1) == '$') // new-style crypt() + $correct = crypt($password, $salt) == $salt; + elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore + $correct = crypt($password, '77') == $salt; + elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore + $correct = md5($password) == $salt; + + if($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) { + // this password is stored in another format than we want it to be. + // let's update it! + // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash + sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); + } + return $correct; } // JSON Authorisierungs-Schnittstelle @@ -50,11 +75,12 @@ function json_auth_service() { $SourceOuth = $_REQUEST['so']; if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) { - $sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'"; - $Erg = sql_query($sql); + $sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'"; + $Erg = sql_select($sql); - if (mysql_num_rows($Erg) == 1) { - if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) { + if (count($Erg) == 1) { + $Erg = $Erg[0]; + if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) { $UID = mysql_result($Erg, 0, "UID"); $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";"); diff --git a/install/default-conf/config.php b/install/default-conf/config.php index 44833167..d27d809a 100644 --- a/install/default-conf/config.php +++ b/install/default-conf/config.php @@ -17,11 +17,16 @@ $DISPLAY_NEWS = 6; // Anzahl Stunden bis zum Austragen eigener Schichten $LETZTES_AUSTRAGEN=3; -//Setzt den zu verwendenden Crypto algorismis -// mp5 oder crypt -// achtung crypt schaltet password ändern ab -$crypt_system="md5"; -//$crypt_system="crypt"; +// Setzt den zu verwendenden Crypto-Algorismus (entsprechend der Dokumentation von crypt()). +// Falls ein Benutzerpasswort in einem anderen Format gespeichert ist, +// wird es bei der ersten Benutzung des Klartext-Passworts in das neue Format +// konvertiert. +//define('CRYPT_ALG', '$1'); // MD5 +//define('CRYPT_ALG', '$2y$13'); // Blowfish +//define('CRYPT_ALG', '$5$rounds=5000'); // SHA-256 +define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512 + +define('MIN_PASSWORD_LENGTH', 8); // Wenn Engel beim Registrieren oder in ihrem Profil eine T-Shirt Größe angeben sollen, auf true setzen: $enable_tshirt_size = false; diff --git a/templates/user_myshifts.html b/templates/user_myshifts.html index 97f66601..43e97b03 100644 --- a/templates/user_myshifts.html +++ b/templates/user_myshifts.html @@ -1,10 +1,5 @@ <p> - Hier sind Deine Schichten. - <br/> - Versuche bitte <b>15 Minuten</b> - vor Schichtbeginn anwesend zu sein! - <br/> - Du kannst Dich %h% Stunden vor Schichtbeginn noch aus Schichten wieder austragen. +%intro% </p> %msg% <table> @@ -37,7 +32,5 @@ <hr /> <h2>iCal Export</h2> <p> - Zum abonnieren in Deiner Kalender-Software benutze folgenden öffentlichen Link (daher bitte geheimhalten, im Notfall Deinen <a href="%reset_link%">Key zurücksetzen</a>): - <br/> - <a href="%ical_link%">%ical_link%</a> + %ical_text% </p> diff --git a/templates/user_shifts.html b/templates/user_shifts.html index f3c973b4..b035d23b 100644 --- a/templates/user_shifts.html +++ b/templates/user_shifts.html @@ -5,7 +5,8 @@ %type_select% %day_select% %filled_select% -<input class="button" type="submit" style="width: 100%;" value="Filtern"> +<div>%task_notice%</div> +<input class="button" type="submit" style="width: 100%;" value="%filter%"> </fieldset> </form> @@ -13,10 +14,10 @@ <thead> <tr> <th> - Zeit/Raum + %header1% </th> <th> - Einträge + %header2% </th> </tr> </thead> @@ -26,7 +27,5 @@ </table> <h2>iCal Export</h2> <p> - Zum abonnieren in Deiner Kalender-Software benutze folgenden öffentlichen Link (daher bitte geheimhalten, im Notfall Deinen <a href="%reset_link%">Key zurücksetzen</a>): - <br/> - <a href="%ical_link%">%ical_link%</a> + %ical_text% </p> |