diff options
-rw-r--r-- | includes/UserCVS.php | 4 | ||||
-rw-r--r-- | includes/footer.php | 2 | ||||
-rw-r--r-- | includes/pages/guest_credits.php | 5 | ||||
-rw-r--r-- | includes/pages/guest_faq.php | 21 | ||||
-rw-r--r-- | includes/pages/guest_login.php | 250 | ||||
-rw-r--r-- | includes/pages/guest_start.php | 13 | ||||
-rw-r--r-- | includes/sys_auth.php | 47 | ||||
-rw-r--r-- | includes/sys_lang.php (renamed from includes/funktion_lang.php) | 1 | ||||
-rw-r--r-- | includes/sys_menu.php | 72 | ||||
-rw-r--r-- | includes/sys_mysql.php | 61 | ||||
-rw-r--r-- | includes/sys_page.php | 9 | ||||
-rw-r--r-- | includes/sys_template.php | 17 | ||||
-rw-r--r-- | templates/guest_credits.html | 12 | ||||
-rw-r--r-- | templates/guest_login_form.html | 22 | ||||
-rw-r--r-- | templates/layout.html | 42 | ||||
-rw-r--r-- | www-ssl/credits.php | 18 | ||||
-rw-r--r-- | www-ssl/css/base.css | 18 | ||||
-rw-r--r-- | www-ssl/index.php | 74 |
18 files changed, 656 insertions, 32 deletions
diff --git a/includes/UserCVS.php b/includes/UserCVS.php index 98a4fec7..b7fb412c 100644 --- a/includes/UserCVS.php +++ b/includes/UserCVS.php @@ -20,8 +20,8 @@ } // pagename ermitteln - $Page["Name"] = basename($_SERVER['PHP_SELF']); -// $Page["Name"] = str_replace($ENGEL_ROOT, '', $_SERVER['PHP_SELF']); +// $Page["Name"] = basename($_SERVER['PHP_SELF']); + $Page["Name"] = str_replace($ENGEL_ROOT, '', $_SERVER['PHP_SELF']); //recht fuer diese seite auslesen if(isset($_SESSION['CVS'][$Page["Name"]])) diff --git a/includes/footer.php b/includes/footer.php index 8e5b35b9..fdf00581 100644 --- a/includes/footer.php +++ b/includes/footer.php @@ -4,7 +4,7 @@ <footer> <p> - © copyleft | <a href="mailto:erzengel@lists.ccc.de">Kontakt</a> | <a href="<?php echo $ENGEL_ROOT; ?>credits.php">Credits</a><br /> + © copyleft | <a href="mailto:erzengel@lists.ccc.de">Contact</a> | <a href="<?php echo $ENGEL_ROOT; ?>credits.php">Credits</a><br /> This is hell. Temporarily. </p> </footer> diff --git a/includes/pages/guest_credits.php b/includes/pages/guest_credits.php new file mode 100644 index 00000000..89f68fde --- /dev/null +++ b/includes/pages/guest_credits.php @@ -0,0 +1,5 @@ +<?php +function guest_credits() { + return template_render('../templates/guest_credits.html', array ()); +} +?>
\ No newline at end of file diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php new file mode 100644 index 00000000..6b5eeeeb --- /dev/null +++ b/includes/pages/guest_faq.php @@ -0,0 +1,21 @@ +<?php +function guest_faq() { + $html = ""; + $faqs = sql_select("SELECT * FROM `FAQ`"); + foreach ($faqs as $faq) + if ($faq['Antwort'] != "") { + list ($frage_de, $frage_en) = explode('<br />', $faq['Frage']); + list ($antwort_de, $antwort_en) = explode('<br />', $faq['Antwort']); + $html .= "<dl>"; + if ($_SESSION['Sprache'] == "DE") { + $html .= "<dt>" . $frage_de . "</dt>"; + $html .= "<dd>" . $antwort_de . "</dd>"; + } else { + $html .= "<dt>" . $frage_en . "</dt>"; + $html .= "<dd>" . $antwort_en . "</dd>"; + } + $html .= "</dl>"; + } + return $html; +} +?> diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php new file mode 100644 index 00000000..76a473df --- /dev/null +++ b/includes/pages/guest_login.php @@ -0,0 +1,250 @@ +<?php + + +// Engel registrieren +function guest_register() { + $html = ""; + $success = "none"; + + if (isset ($_POST["send"])) { + $eNick = trim($_POST["Nick"]); + + if ($_POST["Alter"] == "") + $_POST["Alter"] = 23; + + // user vorhanden? + $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); + + if (strlen($_POST["Nick"]) < 2) + $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); + elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); + elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); + elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); + elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); + elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); + else { + $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); + unset ($_POST["Passwort2"]); + + $Erg = sql_query("INSERT INTO `User` (" . + "`Nick` , " . "`Name` , " . + "`Vorname`, " . "`Alter` , " . + "`Telefon`, " . "`DECT`, " . + "`Handy`, " . "`email`, " . + "`ICQ`, " . "`jabber`, " . + "`Size`, " . "`Passwort`, " . + "`Art` , " . "`kommentar`, " . + "`Hometown`," . "`CreateDate` ) " . + "VALUES ( " . + "'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . + "'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . + "'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . + "'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . + "'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . + "'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . + "'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . + "'" . $_POST["Hometown"] . "'," . "NOW())"); + + if ($Erg != 1) { + $html .= Get_Text("makeuser_error_write1") . "<br />\n"; + $error = sql_error(); + } else { + $html .= "<p class=\"success\">" . Get_Text("makeuser_writeOK") . "\n"; + + $SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='" . $_POST["Nick"] . "';"; + $Erg2 = mysql_query($SQL2, $con); + $Data = mysql_fetch_array($Erg2); + + $SQL3 = "INSERT INTO `UserCVS` (`UID`) VALUES ('" . $Data["UID"] . "');"; + $Erg3 = mysql_query($SQL3, $con); + + if ($Erg3 != 1) { + $html .= "<h1>" . Get_Text("makeuser_error_write2") . "<br />\n"; + $error = mysql_error($con); + } else { + $html .= Get_Text("makeuser_writeOK2") . "<br />\n"; + $html .= "<h1>" . Get_Text("makeuser_writeOK3") . "</h1>\n"; + } + + $html .= Get_Text("makeuser_writeOK4") . "</p><p></p>\n<br /><br />\n"; + $success = "any"; + + if (isset ($SubscribeMailinglist)) { + if ($_POST["subscribe-mailinglist"] == "") { + $headers = "From: " . $_POST["email"] . "\r\n" . + "X-Mailer: PHP/" . phpversion(); + mail($SubscribeMailinglist, "subject", "message", $headers); + } + } + } + } + + if (isset ($error)) + $html .= error($error); + } else { + // init vars + $_POST["Nick"] = ""; + $_POST["Name"] = ""; + $_POST["Vorname"] = ""; + $_POST["Alter"] = ""; + $_POST["Telefon"] = ""; + $_POST["DECT"] = ""; + $_POST["Handy"] = ""; + $_POST["email"] = ""; + $_POST["subscribe-mailinglist"] = ""; + $_POST["ICQ"] = ""; + $_POST["jabber"] = ""; + $_POST["Size"] = "L"; + $_POST["Art"] = ""; + $_POST["kommentar"] = ""; + $_POST["Hometown"] = ""; + } + + if ($success == "none") { + $html .= "<h1>" . Get_Text("makeuser_text0") . "</h1>\n"; + $html .= "<h2>" . Get_Text("makeuser_text1") . "</h2>\n"; + $html .= "<form action=\"\" method=\"post\">\n"; + $html .= "<table>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Nickname") . "*</td><td><input type=\"text\" size=\"40\" name=\"Nick\" value=\"" . $_POST["Nick"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Nachname") . "</td><td><input type=\"text\" size=\"40\" name=\"Name\" value=\"" . $_POST["Name"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Vorname") . "</td><td><input type=\"text\" size=\"40\" name=\"Vorname\" value=\"" . $_POST["Vorname"] . "\" /></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Alter") . "</td><td><input type=\"text\" size=\"40\" name=\"Alter\" value=\"" . $_POST["Alter"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Telefon") . "</td><td><input type=\"text\" size=\"40\" name=\"Telefon\" value=\"" . $_POST["Telefon"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_DECT") . "</td><td><input type=\"text\" size=\"40\" name=\"DECT\" value=\"" . $_POST["DECT"] . "\"></td><td>\n"; + $html .= "<!--a href=\"https://21c3.ccc.de/wiki/index.php/POC\"><img src=\"./pic/external.png\" alt=\"external: \">DECT</a--></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Handy") . "</td><td><input type=\"text\" size=\"40\" name=\"Handy\" value=\"" . $_POST["Handy"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_E-Mail") . "*</td><td><input type=\"text\" size=\"40\" name=\"email\" value=\"" . $_POST["email"] . "\"></td></tr>\n"; + + if (isset ($SubscribeMailinglist)) + $html .= "<tr><td>" . Get_Text("makeuser_subscribe-mailinglist") . "</td><td><input type=\"checkbox\" name=\"subscribe-mailinglist\" value=\"" . $_POST["subscribe-mailinglist"] . "\">($SubscribeMailinglist)</td></tr>\n"; + + $html .= "<tr><td>ICQ</td><td><input type=\"text\" size=\"40\" name=\"ICQ\" value=\"" . $_POST["ICQ"] . "\"></td></tr>\n"; + $html .= "<tr><td>jabber</td><td><input type=\"text\" size=\"40\" name=\"jabber\" value=\"" . $_POST["jabber"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_T-Shirt") . " Grösse*</td><td align=\"left\">\n"; + $html .= "<select name=\"Size\">\n"; + $html .= "<option value=\"S\""; + if ($_POST["Size"] == "S") + $html .= " selected"; + $html .= ">S</option>\n"; + $html .= "<option value=\"M\""; + if ($_POST["Size"] == "M") + $html .= " selected"; + $html .= ">M</option>\n"; + $html .= "<option value=\"L\""; + if ($_POST["Size"] == "L") + $html .= " selected"; + $html .= ">L</option>\n"; + $html .= "<option value=\"XL\""; + if ($_POST["Size"] == "XL") + $html .= " selected"; + $html .= ">XL</option>\n"; + $html .= "<option value=\"2XL\""; + if ($_POST["Size"] == "2XL") + $html .= " selected"; + $html .= ">2XL</option>\n"; + $html .= "<option value=\"3XL\""; + if ($_POST["Size"] == "3XL") + $html .= " selected"; + $html .= ">3XL</option>\n"; + $html .= "<option value=\"4XL\""; + if ($_POST["Size"] == "4XL") + $html .= " selected"; + $html .= ">4XL</option>\n"; + $html .= "<option value=\"5XL\""; + if ($_POST["Size"] == "5XL") + $html .= " selected"; + $html .= ">5XL</option>\n"; + $html .= "<option value=\"S-G\""; + if ($_POST["Size"] == "S-G") + $html .= " selected"; + $html .= ">S Girl</option>\n"; + $html .= "<option value=\"M-G\""; + if ($_POST["Size"] == "M-G") + $html .= " selected"; + $html .= ">M Girl</option>\n"; + $html .= "<option value=\"L-G\""; + if ($_POST["Size"] == "L-G") + $html .= " selected"; + $html .= ">L Girl</option>\n"; + $html .= "<option value=\"XL-G\""; + if ($_POST["Size"] == "XL-G") + $html .= " selected"; + $html .= ">XL Girl</option>\n"; + $html .= "</select>\n"; + $html .= "</td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Engelart") . "</td><td align=\"left\">\n"; + $html .= "<select name=\"Art\">\n"; + + $engel_types = sql_select("SELECT * FROM `EngelType` ORDER BY `NAME`"); + foreach ($engel_types as $engel_type) { + $Name = $engel_type['Name'] . Get_Text("inc_schicht_engel"); + $html .= "<option value=\"" . $Name . "\""; + + if ($_POST["Art"] == $Name) + $html .= " selected"; + + $html .= ">$Name</option>\n"; + } + + $html .= "</select>\n"; + $html .= "</td>\n"; + $html .= "</tr>\n"; + $html .= "<tr>\n"; + $html .= "<td>" . Get_Text("makeuser_text2") . "</td>\n"; + $html .= "<td><textarea rows=\"5\" cols=\"40\" name=\"kommentar\">" . $_POST["kommentar"] . "</textarea></td>\n"; + $html .= "</tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Hometown") . "</td><td><input type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $_POST["Hometown"] . "\"></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Passwort") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort\"/></td></tr>\n"; + $html .= "<tr><td>" . Get_Text("makeuser_Passwort2") . "*</td><td><input type=\"password\" size=\"40\" name=\"Passwort2\"/></td></tr>\n"; + $html .= "<tr><td> </td><td><input type=\"submit\" name=\"send\" value=\"" . Get_Text("makeuser_Anmelden") . "\"/></td></tr>\n"; + $html .= "</table>\n"; + $html .= "</form>\n"; + $html .= Get_Text("makeuser_text3"); + } + return $html; +} + +function guest_logout() { + unset ($_SESSION['uid']); + header("Location: " . page_link_to("start")); +} + +function guest_login() { + global $user; + unset ($_SESSION['uid']); + + $html = ""; + if (isset ($_REQUEST['login_submit'])) { + $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'"); + + if (count($login_user) == 1) { // Check, ob User angemeldet wird... + $login_user = $login_user[0]; + if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok... + $_SESSION['uid'] = $login_user['UID']; + $_SESSION['Sprache'] = $login_user['Sprache']; + header("Location: " . page_link_to("news")); + } else { // Passwort nicht ok... + $ErrorText = "pub_index_pass_no_ok"; + } // Ende Passwort-Check + } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung + if ($user_anz == 0) + $ErrorText = "pub_index_User_unset"; + else + $ErrorText = "pub_index_User_more_as_one"; + } // Ende Check, ob User angemeldet wurde} + } + if (isset ($ErrorText)) + $html .= error(Get_Text($ErrorText)); + $html .= guest_login_form(); + return $html; +} + +function guest_login_form() { + return template_render("../templates/guest_login_form.html", array ( + 'link' => page_link_to("login"), + 'nick' => Get_Text("index_lang_nick"), + 'pass' => Get_Text("index_lang_pass"), + 'send' => Get_Text("index_lang_send") + )); +} +?>
\ No newline at end of file diff --git a/includes/pages/guest_start.php b/includes/pages/guest_start.php new file mode 100644 index 00000000..286511f2 --- /dev/null +++ b/includes/pages/guest_start.php @@ -0,0 +1,13 @@ +<?php +function guest_start() { + require_once ('includes/pages/guest_login.php'); + $html = "<p>" . Get_Text("index_text1") . "</p>\n"; + $html .= "<p>" . Get_Text("index_text2") . "</p>\n"; + $html .= "<p>" . Get_Text("index_text3") . "</p>\n"; + + $html .= guest_login_form(); + + $html .= "<h6>" . Get_Text("index_text4") . "</h6>"; + return $html; +} +?>
\ No newline at end of file diff --git a/includes/sys_auth.php b/includes/sys_auth.php new file mode 100644 index 00000000..1c15122e --- /dev/null +++ b/includes/sys_auth.php @@ -0,0 +1,47 @@ +<?php + + +// Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien +function load_auth() { + global $user; + + $user = null; + if (isset ($_SESSION['uid'])) { + $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1"); + if (count($user) > 0) { + // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten + list ($user) = $user; + sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;"); + } else + unset ($_SESSION['uid']); + } + + load_privileges(); +} + +function load_privileges() { + global $privileges, $user; + + $privileges = array (); + if (isset ($user)) { + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user['UID']) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + } else { + $guest_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=-1;"); + foreach ($guest_privs as $guest_priv) + $privileges[] = $guest_priv['name']; + } +} + +function PassCrypt($passwort) { + global $crypt_system; + + switch ($crypt_system) { + case "crypt" : + return "{crypt}" . crypt($passwort, "77"); + case "md5" : + return md5($passwort); + } +} +?>
\ No newline at end of file diff --git a/includes/funktion_lang.php b/includes/sys_lang.php index 3e26ea33..833d00b8 100644 --- a/includes/funktion_lang.php +++ b/includes/sys_lang.php @@ -16,7 +16,6 @@ function Get_Text($TextID, $NoError = false) { return (@ mysql_result($Erg, 0, "Text")); elseif ($NoError && !$debug) return ""; else { - array_push($error_messages, "Get_Text, '$TextID' found " . mysql_num_rows($Erg) . "x in Sprache Database Table for Language (" . $_SESSION['Sprache'] . ")\n"); return "Error Data, '$TextID' found " . mysql_num_rows($Erg) . "x"; } } diff --git a/includes/sys_menu.php b/includes/sys_menu.php new file mode 100644 index 00000000..8c993d1b --- /dev/null +++ b/includes/sys_menu.php @@ -0,0 +1,72 @@ +<?php +function page_link_to($page) { + return '?p=' . $page; +} + +function make_navigation() { + global $p; + global $privileges; + $menu_items = $privileges; + $menu_items[] = "faq"; + + $menu = '<nav class="container"><h4>' . Get_Text('/') . '</h4><ul class="content">'; + foreach ($menu_items as $item) + $menu .= '<li' . ($item == $p ? ' class="selected"' : '') . '><a href="' . page_link_to($item) . '">' . Get_Text($item) . '</a></li>'; + $menu .= '</ul></nav>'; + return $menu; +} + +function make_menu() { + return make_navigation() . make_onlineusers() . make_langselect(); +} + +function make_onlineusers() { + global $privileges, $user; + $html = '<nav class="container"><h4>Engel online</h4>'; + + $query = "SELECT UID, Nick, lastLogIn " . "FROM User " . "WHERE (`lastLogIn` > '" . (time() - 60 * 60) . "') " . "ORDER BY lastLogIn DESC"; + $users = sql_select($query); + + if (count($users) > 0) { + $html .= "<ul class=\"content\">"; + + foreach ($users as $online_user) { + if (isset ($user) && $online_user['UID'] == $user['UID']) + continue; + + $html .= "<li>"; + + if (isset ($user)) + $html .= DisplayAvatar($online_user['UID']); + + // Show Admin Page + if (in_array("admin_user_edit", $privileges)) { + $html .= '<a href="admin/userChangeNormal.php?enterUID=' . $online_user['UID'] . '&Type=Normal">' . $online_user['Nick'] . '</a>'; + } else { + $html .= $online_user['Nick']; + } + $last_action = time() - $online_user['lastLogIn']; + + $html .= " " . date("i:s", $last_action); + $html .= "</li>\n"; + } + + $html .= "</ul>"; + } else { + $html .= '<p class="content">Nobody...</p>'; + } + $html .= '</nav>'; + return $html; +} + +function make_langselect() { + if (strpos($_SERVER["REQUEST_URI"], "?") > 0) + $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage="; + else + $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage="; + + $html = '<p class="content"><a class="sprache" href="' . $URL . 'DE"><img src="pic/flag/de.png" alt="DE" title="Deutsch"></a>'; + $html .= '<a class="sprache" href="' . $URL . 'EN"><img src="pic/flag/en.png" alt="EN" title="English"></a></p>'; + return '<nav class="container"><h4>' . Get_Text("Sprache") . '</h4>' . $html . '</nav>'; +} +?>
\ No newline at end of file diff --git a/includes/sys_mysql.php b/includes/sys_mysql.php new file mode 100644 index 00000000..c076be7c --- /dev/null +++ b/includes/sys_mysql.php @@ -0,0 +1,61 @@ +<?php +function sql_connect($host, $user, $pw, $db) { + global $con; + global $host; + + @ $con = mysql_connect($host, $user, $pw); + + if ($con == null) + die("no mysql-connection"); + + if (!mysql_select_db($db, $con)) + die("mysql db-selection failed"); + + mysql_query("SET CHARACTER SET utf8;", $con); + mysql_query("SET NAMES 'utf8'", $con); +} + +// Do select query +function sql_select($query) { + global $con; + $start = microtime(true); + if ($result = mysql_query($query, $con)) { + $data = array (); + while ($line = mysql_fetch_assoc($result)) { + array_push($data, $line); + } + return $data; + } else { + die('MySQL-query error: ' . $query . ", " . mysql_error($con)); + } +} + +// Execute a query +function sql_query($query) { + global $con; + $start = microtime(true); + if ($result = mysql_query($query, $con)) { + return $result; + } else { + die('MySQL-query error: ' . $query . ", " . mysql_error($con)); + } +} + +function sql_id() { + global $con; + return mysql_insert_id($con); +} + +function sql_escape($query) { + return mysql_real_escape_string($query); +} + +function sql_num_query($query) { + return mysql_num_rows(sql_query($query)); +} + +function sql_error() { + global $con; + return mysql_error($con); +} +?> diff --git a/includes/sys_page.php b/includes/sys_page.php new file mode 100644 index 00000000..ab8b05e2 --- /dev/null +++ b/includes/sys_page.php @@ -0,0 +1,9 @@ +<?php +function error($msg) { + return '<p class="error">' . $msg . '</p>'; +} + +function success($msg) { + return '<p class="success">' . $msg . '</p>'; +} +?>
\ No newline at end of file diff --git a/includes/sys_template.php b/includes/sys_template.php new file mode 100644 index 00000000..ab613c07 --- /dev/null +++ b/includes/sys_template.php @@ -0,0 +1,17 @@ +<?php + + +// Load and render template +function template_render($file, $data) { + if (file_exists($file)) { + $template = file_get_contents($file); + if (is_array($data)) + foreach ($data as $name => $content) { + $template = str_replace("%" . $name . "%", $content, $template); + } + return $template; + } else { + die('Cannot find template file «' . $file . '».'); + } +} +?>
\ No newline at end of file diff --git a/templates/guest_credits.html b/templates/guest_credits.html new file mode 100644 index 00000000..a248d431 --- /dev/null +++ b/templates/guest_credits.html @@ -0,0 +1,12 @@ +<h2>The angelsystem has been (re)done by:</h2> +<ul> + <li> + ? + </li> + <li> + helios + </li> + <li> + msquare + </li> +</ul> diff --git a/templates/guest_login_form.html b/templates/guest_login_form.html new file mode 100644 index 00000000..c0cef263 --- /dev/null +++ b/templates/guest_login_form.html @@ -0,0 +1,22 @@ +<form action="%link%" method="post"> + <table> + <tr> + <td align="right"> + %nick% + </td> + <td> + <input type="text" name="user" size="23" /> + </td> + </tr> + <tr> + <td align="right"> + %pass% + </td> + <td> + <input type="password" name="password" size="23"> + </td> + </tr> + </table> + <br/> + <input type="submit" name="login_submit" value="%send%"> +</form>
\ No newline at end of file diff --git a/templates/layout.html b/templates/layout.html new file mode 100644 index 00000000..0eb67e5b --- /dev/null +++ b/templates/layout.html @@ -0,0 +1,42 @@ +<!DOCTYPE html> +<html> + <head> + <title>%title% - Engelsystem</title> + <meta charset="UTF-8" /> + <meta http-equiv="content-type" content="text/html;charset=utf-8" /> + <meta name="content-style-type" content="text/css" /> + <meta name="keywords" content="Engel, Himmelsverwaltung" /> + <meta http-equiv="Content-Style-Type" content="text/css" /> + <meta http-equiv="expires" content="0" /> + <meta name="robots" content="index" /> + <meta name="revisit-after" content="1 days" /> + <script type="text/javascript" src="css/grossbild.js"> + </script> + <link rel="stylesheet" type="text/css" href="css/base.css" /> + <link rel="stylesheet" type="text/css" href="css/style%theme%.css" /> + </head> + <body class="background"> + <header> + <a href="?" id="logo"></a> + </header> + <div id="body"> + <div id="menu"> + %menu% + </div> + <div id="content" class="container"> + <h1>%title%</h1> + <article class="content"> + %content% + </article> + </div> + </div> + <footer> + <p> + © copyleft | <a href="mailto:erzengel@lists.ccc.de">Contact</a> + | <a href="?p=credits">Credits</a> + <br/> + This is hell. Temporarily. + </p> + </footer> + </body> +</html> diff --git a/www-ssl/credits.php b/www-ssl/credits.php deleted file mode 100644 index bbfa747d..00000000 --- a/www-ssl/credits.php +++ /dev/null @@ -1,18 +0,0 @@ -<?php -require_once ('bootstrap.php'); - -$title = "Credits"; -$header = "Credits"; -include "includes/header.php"; -?> -<h1>The angelsystem has been (re)done by:</h1> -<ul> - <li>?</li> - <li>helios</li> - <li>msquare</li> -</ul> -<?php - - -include "includes/footer.php"; -?> diff --git a/www-ssl/css/base.css b/www-ssl/css/base.css index 6c0bc298..808fb512 100644 --- a/www-ssl/css/base.css +++ b/www-ssl/css/base.css @@ -81,8 +81,16 @@ nav { padding: 10px; } +p { + padding: 0 0 10px 0; +} + +#menu p { + padding: 4px; +} + a.sprache img { - margin: 5px; + margin-right: 5px; } .background { @@ -96,3 +104,11 @@ a.sprache img { .content { background: #fff; } + +.error { + color: #f00; +} + +.success { + color: #090; +} diff --git a/www-ssl/index.php b/www-ssl/index.php index cdec1559..5126981c 100644 --- a/www-ssl/index.php +++ b/www-ssl/index.php @@ -1,17 +1,73 @@ <?php require_once ('bootstrap.php'); +require_once ('includes/sys_auth.php'); +require_once ('includes/sys_lang.php'); +require_once ('includes/sys_menu.php'); +require_once ('includes/sys_mysql.php'); +require_once ('includes/sys_page.php'); +require_once ('includes/sys_template.php'); -$title = "Start"; -$header = "Start"; -include "includes/header.php"; +require_once ('config/config.php'); +require_once ('config/config_db.php'); -echo "<p>" . Get_Text("index_text1") . "</p>\n"; -echo "<p>" . Get_Text("index_text2") . "</p>\n"; -echo "<p>" . Get_Text("index_text3") . "</p>\n"; +session_start(); -include "includes/login_eingabefeld.php"; +sql_connect($config['host'], $config['user'], $config['pw'], $config['db']); -echo "<h6>" . Get_Text("index_text4") . "</h6>"; +load_auth(); -include "includes/footer.php"; +// Gewünschte Seite/Funktion +$p = "start"; +if (isset ($_REQUEST['p'])) + $p = $_REQUEST['p']; + +$title = Get_Text($p); +$content = ""; + +// Recht dafür vorhanden? +if (in_array($p, $privileges)) { + if ($p == "news") { + //require_once ('includes/pages/user_news.php'); + $content = "news"; + } + elseif ($p == "login") { + require_once ('includes/pages/guest_login.php'); + $content = guest_login(); + } + elseif ($p == "register") { + require_once ('includes/pages/guest_login.php'); + $content = guest_register(); + } + elseif ($p == "logout") { + require_once ('includes/pages/guest_login.php'); + $content = guest_logout(); + } else { + require_once ('includes/pages/guest_start.php'); + $content = guest_start(); + } +} +elseif ($p == "credits") { + require_once ('includes/pages/guest_credits.php'); + $content = guest_credits(); +} +elseif ($p == "faq") { + require_once ('includes/pages/guest_faq.php'); + $content = guest_faq(); +} else { + // Wenn schon eingeloggt, keine-Berechtigung-Seite anzeigen + if (isset ($user)) { + $title = Get_Text("no_access_title"); + $content = Get_Text("no_access_text"); + } else { + // Sonst zur Loginseite leiten + header("Location: " . page_link_to("login")); + } +} + +echo template_render('../templates/layout.html', array ( + 'theme' => isset ($user) ? $user['color'] : $default_theme, + 'title' => $title, + 'menu' => make_menu(), + 'content' => $content +)); ?> |