diff options
| -rw-r--r-- | DB/db_rewrite.sql | 64 | ||||
| -rw-r--r-- | includes/pages/user_messages.php | 216 | ||||
| -rw-r--r-- | includes/sys_menu.php | 1 | ||||
| -rw-r--r-- | templates/user_messages.html | 50 | ||||
| -rw-r--r-- | txt/TODO | 5 | ||||
| -rw-r--r-- | www-ssl/css/base.css | 11 | ||||
| -rw-r--r-- | www-ssl/css/style6.css | 2 | ||||
| -rw-r--r-- | www-ssl/index.php | 11 | ||||
| -rw-r--r-- | www-ssl/nonpublic/einstellungen.php | 376 | ||||
| -rw-r--r-- | www-ssl/nonpublic/index.php | 77 |
10 files changed, 331 insertions, 482 deletions
diff --git a/DB/db_rewrite.sql b/DB/db_rewrite.sql index 71b968e7..d4811235 100644 --- a/DB/db_rewrite.sql +++ b/DB/db_rewrite.sql @@ -3,7 +3,7 @@ -- http://www.phpmyadmin.net -- -- Host: localhost --- Erstellungszeit: 02. Juni 2011 um 18:17 +-- Erstellungszeit: 02. Juni 2011 um 19:37 -- Server Version: 5.1.44 -- PHP-Version: 5.3.1 @@ -71,16 +71,17 @@ CREATE TABLE IF NOT EXISTS `Counter` ( -- INSERT INTO `Counter` (`URL`, `Anz`) VALUES -('news', 44), -('login', 12), -('logout', 5), -('start', 13), +('news', 73), +('login', 18), +('logout', 11), +('start', 23), ('faq', 4), ('credits', 3), ('register', 3), ('admin_rooms', 70), -('admin_angel_types', 68), -('user_settings', 109); +('admin_angel_types', 69), +('user_settings', 111), +('user_messages', 102); -- -------------------------------------------------------- @@ -124,7 +125,7 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` ( `privilege_id` int(11) NOT NULL, PRIMARY KEY (`id`), KEY `group_id` (`group_id`,`privilege_id`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ; -- -- Daten für Tabelle `GroupPrivileges` @@ -138,7 +139,8 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES (5, -1, 5), (6, -4, 6), (7, -4, 7), -(8, -2, 8); +(8, -2, 8), +(9, -2, 9); -- -------------------------------------------------------- @@ -170,18 +172,28 @@ INSERT INTO `Groups` (`Name`, `UID`) VALUES -- CREATE TABLE IF NOT EXISTS `Messages` ( - `Datum` datetime NOT NULL DEFAULT '0000-00-00 00:00:00', + `id` int(11) NOT NULL AUTO_INCREMENT, + `Datum` int(11) NOT NULL, `SUID` int(11) NOT NULL DEFAULT '0', `RUID` int(11) NOT NULL DEFAULT '0', `isRead` char(1) NOT NULL DEFAULT 'N', `Text` text NOT NULL, - PRIMARY KEY (`Datum`,`SUID`,`RUID`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='Fuers interen Communikationssystem'; + PRIMARY KEY (`id`), + KEY `Datum` (`Datum`), + KEY `SUID` (`SUID`), + KEY `RUID` (`RUID`) +) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='Fuers interen Communikationssystem' AUTO_INCREMENT=8 ; -- -- Daten für Tabelle `Messages` -- +INSERT INTO `Messages` (`id`, `Datum`, `SUID`, `RUID`, `isRead`, `Text`) VALUES +(2, 1307042342, 1, 147, 'Y', 'asdfasdfasdfasdf'), +(4, 1307042622, 1, 147, 'Y', 'asdfasdfasdf'), +(5, 1307042643, 1, 147, 'Y', 'foobar'), +(6, 1307042663, 1, 147, 'Y', 'foobar'), +(7, 1307042692, 147, 1, 'Y', 'foobar'); -- -------------------------------------------------------- @@ -197,19 +209,16 @@ CREATE TABLE IF NOT EXISTS `News` ( `UID` int(11) NOT NULL DEFAULT '0', `Treffen` tinyint(4) NOT NULL DEFAULT '0', PRIMARY KEY (`ID`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ; -- -- Daten für Tabelle `News` -- INSERT INTO `News` (`ID`, `Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES -(3, '2011-06-02 01:32:31', '', '', 0, 0), -(4, '2011-06-02 01:36:27', 'Darf ich News erstellen?', 'Darf ich.', 0, 0), -(5, '2011-06-02 01:36:35', 'Darf ich News erstellen?', 'asdfasdfasdf', 1, 0), -(6, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0), -(7, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0), -(8, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0); +(1, '2011-06-02 21:35:27', '', '', 1, 0), +(2, '2011-06-02 21:36:57', '', '', 1, 0), +(3, '2011-06-02 21:36:57', '', '', 1, 0); -- -------------------------------------------------------- @@ -244,7 +253,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` ( `desc` varchar(1024) NOT NULL, PRIMARY KEY (`id`), UNIQUE KEY `name` (`name`) -) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ; +) ENGINE=MyISAM DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ; -- -- Daten für Tabelle `Privileges` @@ -258,7 +267,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES (5, 'register', 'Einen neuen Engel registerieren'), (6, 'admin_rooms', 'Räume administrieren'), (7, 'admin_angel_types', 'Engel Typen administrieren'), -(8, 'user_settings', 'User profile settings'); +(8, 'user_settings', 'User profile settings'), +(9, 'user_messages', 'Writing and reading messages from user to user'); -- -------------------------------------------------------- @@ -800,8 +810,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('pub_einstellungen_Hometown', 'EN', 'hometown'), ('makeuser_error_Alter', 'DE', 'Fehler: Dein Alter muss eine Zahl oder leer sein'), ('makeuser_error_Alter', 'EN', 'error: your age must be a number or empty'), -('pub_menu_messages', 'DE', 'Nachrichten'), -('pub_menu_messages', 'EN', 'messages'), +('user_messages', 'DE', 'Nachrichten'), +('user_messages', 'EN', 'Messages'), ('pub_messages_Datum', 'DE', 'Datum'), ('pub_messages_Datum', 'EN', 'date'), ('pub_messages_Von', 'DE', 'Gesendet'), @@ -983,7 +993,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES ('login', 'DE', 'Login'), ('login', 'EN', 'Login'), ('credits', 'DE', 'Credits'), -('credits', 'EN', 'Credits'); +('credits', 'EN', 'Credits'), +('pub_messages_Neu', 'DE', 'Neu'), +('pub_messages_Neu', 'EN', 'New'); -- -------------------------------------------------------- @@ -1026,8 +1038,8 @@ CREATE TABLE IF NOT EXISTS `User` ( -- INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES -(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307038600, '0000-00-00 00:00:00', '', '', ''), -(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1306971362, '2011-06-02 00:55:09', '', '', ''); +(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307043433, '0000-00-00 00:00:00', '', '', ''), +(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', ''); -- -------------------------------------------------------- diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php new file mode 100644 index 00000000..e3e9a469 --- /dev/null +++ b/includes/pages/user_messages.php @@ -0,0 +1,216 @@ +<?php +function user_unread_messages() { + global $user; + + $new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID'])); + + if ($new_messages > 0) + return '<p class="notice"><a href="' . page_link_to("user_messages") . '">' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '</a></p><hr />'; + + return ""; +} + +function user_messages() { + global $user; + + if (!isset ($_REQUEST['action'])) { + $users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`"); + $to_select_data = array ( + "" => "Select receiver..." + ); + foreach ($users as $u) + $to_select_data[$u['UID']] = $u['Nick']; + $to_select = html_select_key('to', $to_select_data, ''); + + $messages_html = ""; + $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); + foreach ($messages as $message) { + $messages_html .= '<tr' . ($message['isRead'] == 'N' ? ' class="new_message"' : '') . '>'; + $messages_html .= '<td>' . ($message['isRead'] == 'N' ? '•' : '') . '</td>'; + $messages_html .= '<td>' . date("Y-m-d H:i", $message['Datum']) . '</td>'; + $messages_html .= '<td>' . UID2Nick($message['SUID']) . '</td>'; + $messages_html .= '<td>' . UID2Nick($message['RUID']) . '</td>'; + $messages_html .= '<td>' . str_replace("\n", '<br />', $message['Text']) . '</td>'; + $messages_html .= '<td>'; + if ($message['RUID'] == $user['UID']) { + if ($message['isRead'] == 'N') + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>'; + } else { + $messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>'; + } + $messages_html .= '</td></tr>'; + } + + return template_render('../templates/user_messages.html', array ( + 'link' => page_link_to("user_messages"), + 'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n", + 'messages' => $messages_html, + 'new_label' => Get_Text("pub_messages_Neu"), + 'date_label' => Get_Text("pub_messages_Datum"), + 'from_label' => Get_Text("pub_messages_Von"), + 'to_label' => Get_Text("pub_messages_An"), + 'text_label' => Get_Text("pub_messages_Text"), + 'date' => date("Y-m-d H:i"), + 'from' => $user['Nick'], + 'to_select' => $to_select, + 'submit_label' => Get_Text("save") + )); + } else { + switch ($_REQUEST['action']) { + case "read" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID."); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) { + sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_messages")); + } else + return error("No Message found."); + break; + + case "delete" : + if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id'])) + $id = $_REQUEST['id']; + else + return error("Incomplete call, missing Message ID."); + + $message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) { + sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1"); + header("Location: " . page_link_to("user_messages")); + } else + return error("No Message found."); + break; + + case "send" : + $text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text'])); + $to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to'])); + if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) { + sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'"); + header("Location: " . page_link_to("user_messages")); + } else { + return error(Get_Text("pub_messages_Send_Error")); + } + break; + } + return ""; + } + + if (!isset ($_GET["action"])) + $_GET["action"] = "start"; + + switch ($_GET["action"]) { + case "start" : + echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n"; + echo Get_Text("pub_messages_text1") . "<br /><br />\n"; + + //show exist Messages + $SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'"; + $erg = mysql_query($SQL, $con); + + echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n"; + echo "<tr>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n"; + echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n"; + echo "<td class=\"contenttopic\"></td>\n"; + echo "</tr>\n"; + + for ($i = 0; $i < mysql_num_rows($erg); $i++) { + echo "<tr class=\"content\">\n"; + echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n"; + echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n"; + echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n"; + echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n"; + echo "<td>"; + + if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) { + echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>"; + + if (mysql_result($erg, $i, "isRead") == "N") + echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>"; + } else { + if (mysql_result($erg, $i, "isRead") == "N") + echo Get_Text("pub_messages_NotRead"); + } + + echo "</td>\n"; + echo "</tr>\n"; + } + + // send Messeges + echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">"; + echo "<tr class=\"content\">\n"; + echo "<td></td>\n"; + echo "<td></td>\n"; + + // Listet alle Nicks auf + echo "<td><select name=\"RUID\">\n"; + + $usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`"; + $uErg = mysql_query($usql, $con); + $urowcount = mysql_num_rows($uErg); + + for ($k = 0; $k < $urowcount; $k++) { + echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n"; + } + + echo "</select></td>\n"; + echo "<td><textarea name=\"Text\" cols=\"30\" rows=\"10\"></textarea></td>\n"; + echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n"; + echo "</tr>\n"; + echo "</form>"; + + echo "</table>\n"; + break; + + case "SendMsg" : + echo Get_Text("pub_messages_Send1") . "...<br />\n"; + + $SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" . + "'" . gmdate("Y-m-j H:i:s", time()) . "', " . + "'" . $_SESSION["UID"] . "', " . + "'" . $_POST["RUID"] . "', " . + "'" . $_POST["Text"] . "');"; + + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_Send_OK") . "\n"; + else + echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")"; + break; + + case "MarkRead" : + $SQL = "UPDATE `Messages` SET `isRead` = 'Y' " . + "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " . + "LIMIT 1 ;"; + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_MarkRead_OK") . "\n"; + else + echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")"; + break; + + case "DelMsg" : + $SQL = "DELETE FROM `Messages` " . + "WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " . + "LIMIT 1;"; + $Erg = mysql_query($SQL, $con); + + if ($Erg == 1) + echo Get_Text("pub_messages_DelMsg_OK") . "\n"; + else + echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")"; + break; + + default : + echo Get_Text("pub_messages_NoCommand"); + } +} +?> diff --git a/includes/sys_menu.php b/includes/sys_menu.php index da9d5666..822d558f 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -22,6 +22,7 @@ function make_navigation() { // Engel Navigation $menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array ( "news", + "user_messages", "user_settings" )); diff --git a/templates/user_messages.html b/templates/user_messages.html new file mode 100644 index 00000000..b7bb26fb --- /dev/null +++ b/templates/user_messages.html @@ -0,0 +1,50 @@ +%greeting% +<form action="%link%&action=send" method="post"> + <table> + <thead> + <tr> + <th> + %new_label% + </th> + <th> + %date_label% + </th> + <th> + %from_label% + </th> + <th> + %to_label% + </th> + <th> + %text_label% + </th> + <th> + + </th> + </tr> + </thead> + <tbody> + %messages% + <tr> + <td> + + </td> + <td> + %date% + </td> + <td> + %from% + </td> + <td> + %to_select% + </td> + <td> + <textarea name="text"></textarea> + </td> + <td> + <input type="submit" name="submit" value="%submit_label%" /> + </td> + </tr> + </tbody> + </table> +</form>
\ No newline at end of file @@ -1,6 +1,9 @@ * MD5-Passwörter mit Salt speichern * Passwort-Mindestanforderungen stellen - * Avatare + * User-Avatare + * user_messages schön machen + * Formulare weg von Tabellen + * user_news lässt sich nicht bedienen (POST ohne redirects...) * schichten ueber monatsgrenzen einbaue im moment werden die tage nur diff --git a/www-ssl/css/base.css b/www-ssl/css/base.css index 5731fec0..bfe050a5 100644 --- a/www-ssl/css/base.css +++ b/www-ssl/css/base.css @@ -128,3 +128,14 @@ td, th { .success { color: #090; } + +.notice { + background: #f0f0f0; + border: 2px solid #888; + margin: 10px; + padding: 10px; +} + +.new_message { + font-weight: bold; +} diff --git a/www-ssl/css/style6.css b/www-ssl/css/style6.css index 2272f598..8dc008e7 100644 --- a/www-ssl/css/style6.css +++ b/www-ssl/css/style6.css @@ -71,6 +71,6 @@ h4.menu { font-size : 6pt; } -h4, h1 { +h4, h1, th { background: #333E47; } diff --git a/www-ssl/index.php b/www-ssl/index.php index 6b2e267b..48aea75c 100644 --- a/www-ssl/index.php +++ b/www-ssl/index.php @@ -13,6 +13,8 @@ require_once ('includes/sys_user.php'); require_once ('config/config.php'); require_once ('config/config_db.php'); +require_once ('includes/pages/user_messages.php'); + session_start(); sql_connect($config['host'], $config['user'], $config['pw'], $config['db']); @@ -20,7 +22,7 @@ sql_connect($config['host'], $config['user'], $config['pw'], $config['db']); load_auth(); // Gewünschte Seite/Funktion -$p = "start"; +$p = isset ($user) ? "news" : "start"; if (isset ($_REQUEST['p'])) $p = $_REQUEST['p']; @@ -33,6 +35,9 @@ if (in_array($p, $privileges)) { require_once ('includes/pages/user_news.php'); $content = user_news(); } + elseif ($p == "user_messages") { + $content = user_messages(); + } elseif ($p == "user_settings") { require_once ('includes/pages/user_settings.php'); $content = user_settings(); @@ -79,6 +84,10 @@ elseif ($p == "faq") { } } +// Hinweis für ungelesene Nachrichten +if (isset ($user) && $p != "user_messages") + $content = user_unread_messages() . $content; + echo template_render('../templates/layout.html', array ( 'theme' => isset ($user) ? $user['color'] : $default_theme, 'title' => $title, diff --git a/www-ssl/nonpublic/einstellungen.php b/www-ssl/nonpublic/einstellungen.php deleted file mode 100644 index 713425bb..00000000 --- a/www-ssl/nonpublic/einstellungen.php +++ /dev/null @@ -1,376 +0,0 @@ -<?php -require_once ('../bootstrap.php'); - -$title = "Himmel"; -$header = "Deine persönlichen Einstellungen"; -include "includes/header.php"; -include "includes/crypt.php"; - -if (!isset ($_POST["action"])) { - echo Get_Text("Hallo") . $_SESSION['Nick'] . ",<br />\n\n"; - Print_Text(13); -?> -<hr width="100%"> -<?php Print_Text("pub_einstellungen_Text_UserData"); ?> -<form action="./einstellungen.php" method="post"> - <input type="hidden" name="action" value="setUserData"> - <table> - <tr> - <td><?php Print_Text("pub_einstellungen_Nick"); ?></td> - <td><input type="text" name="eNick" size="23" value="<?php echo $_SESSION["Nick"]; ?>"></td> - </tr> - - <tr> - <td><?php Print_Text("pub_einstellungen_Name"); ?></td> - <td><input type="text" name="eName" size="23" value="<?php echo $_SESSION['Name']; ?>"></td> - </tr> - - <tr> - <td><?php Print_Text("pub_einstellungen_Vorname"); ?></td> - <td><input type="text" name="eVorname" size="23" value="<?php echo $_SESSION['Vorname']; ?>"></td> - </tr> - - <tr> - <td><?php Print_Text("pub_einstellungen_Alter"); ?></td> - <td><input type="text" name="eAlter" size="3" value="<?php echo $_SESSION['Alter']; ?>"></td> - </tr> - - <tr> - <td><?php Print_Text("pub_einstellungen_Telefon"); ?></td> - <td><input type="text" name="eTelefon" size="40" value="<?php echo $_SESSION['Telefon']; ?>"></td> - </tr> - - <tr> - <td><?php Print_Text("pub_einstellungen_Handy"); ?></td> - <td><input type="text" name="eHandy" size="40" value="<?php echo $_SESSION['Handy']; ?>"></td> - </tr> - - <tr> - <td><?php Print_Text("pub_einstellungen_DECT"); ?></td> - <td><input type="text" name="eDECT" size="4" value="<?php echo $_SESSION['DECT']; ?>"></td> - </tr> - - <tr> - <td><?php Print_Text("pub_einstellungen_email"); ?></td> - <td><input type="text" name="eemail" size="40" value="<?php echo $_SESSION['email']; ?>"></td> - </tr> - - <tr> - <td>ICQ</td> - <td><input type="text" name="eICQ" size="40" value="<?php echo $_SESSION['ICQ']; ?>"></td> - </tr> - - <tr> - <td>jabber</td> - <td><input type="text" name="ejabber" size="40" value="<?php echo $_SESSION['jabber']; ?>"></td> - </tr> - - <tr> - <td><?php Print_Text("pub_einstellungen_Hometown"); ?></td> - <td><input type="text" name="Hometown" size="40" value="<?php echo $_SESSION['Hometown']; ?>"></td> - </tr> - -<?php - - - if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") { -?> - <tr> - <td><?php Print_Text("makeuser_T-Shirt"); ?></td> - <td><select name="Sizeid"> - <option <?php if($_SESSION['Size'] == 'S') { echo "selected"; } ?> value="S">S</option> - <option <?php if($_SESSION['Size'] == 'M') { echo "selected"; } ?> value="M">M</option> - <option <?php if($_SESSION['Size'] == 'L') { echo "selected"; } ?> value="L">L</option> - <option <?php if($_SESSION['Size'] == 'XL') { echo "selected"; } ?> value="XL">XL</option> - <option <?php if($_SESSION['Size'] == 'XXL') { echo "selected"; } ?> value="XXL">XXL</option> - <option <?php if($_SESSION['Size'] == 'XXXL') { echo "selected"; } ?> value="XXXL">XXXL</option> - </select></td> - </tr> -<?php - - - } -?> - </table> - <input type="submit" value="<?php Print_Text("save"); ?>"> -</form> -<br /> - -<hr width="100%"> -<?php Print_Text(14); ?> -<form action="./einstellungen.php" method="post"> - <input type="hidden" name="action" value="set"> - <table> - <tr><td><?php Print_Text(15); ?></td><td><input type="password" name="old" size="20"></td></tr> - <tr><td><?php Print_Text(16); ?></td><td><input type="password" name="new1" size="20"></td></tr> - <tr><td><?php Print_Text(17); ?></td><td><input type="password" name="new2" size="20"></td></tr> - </table> - <input type="submit" value="<?php Print_Text("save"); ?>"> -</form> -<br /> - -<hr width="100%"> -<br /> -<?php Print_Text(18); ?> -<form action="./einstellungen.php" method="post"> - <input type="hidden" name="action" value="colour"> - <table> - <tr> - <td><?php Print_Text(19); ?></td> - <td> - <select name="colourid"> - <option <?php if($_SESSION['color'] == 1) { echo "selected"; } ?> value="1">Standard-Style</option> - <option <?php if($_SESSION['color'] == 2) { echo "selected"; } ?> value="2">Rot/Gelber Style</option> - <option <?php if($_SESSION['color'] == 3) { echo "selected"; } ?> value="3">Club-Mate Style</option> - <option <?php if($_SESSION['color'] == 5) { echo "selected"; } ?> value="5">Debian Style</option> - <option <?php if($_SESSION['color'] == 6) { echo "selected"; } ?> value="6">c-base Style</option> - <option <?php if($_SESSION['color'] == 7) { echo "selected"; } ?> value="7">Blau/Gelber Style </option> - <option <?php if($_SESSION['color'] == 8) { echo "selected"; } ?> value="8">Pastel Style</option> - <option <?php if($_SESSION['color'] == 4) { echo "selected"; } ?> value="4">Test Style</option> - <option <?php if($_SESSION['color'] == 9) { echo "selected"; } ?> value="9">Test Style 21c3 </option> - <option <?php if($_SESSION['color'] == 10) { echo "selected"; } ?> value="10">msquare (cccamp2011)</option> - </select> - </td> - </tr> - <tr> - <td>Menu</td> - <td><input type="radio" name="eMenu" value="L"<?php if($_SESSION['Menu'] == 'L') echo " checked"; ?>>L - <input type="radio" name="eMenu" value="R"<?php if($_SESSION['Menu'] == 'R') echo " checked"; ?>>R - </td> - </tr> - </table> - <input type="submit" value="<?php Print_Text("save"); ?>"> -</form> -<br /> -<hr width="100%"> -<br /> -<?php Print_Text(20); ?> -<form action="./einstellungen.php" method="post"> - <input type="hidden" name="action" value="sprache" /> - <table> - <tr> - <td><?php Print_Text(21); ?></td> - <td> - <select name="language"> - <option value="DE" <?php if($_SESSION['Sprache'] == 'DE') { echo "selected"; } ?>>Deutsch</option> - <option value="EN" <?php if($_SESSION['Sprache'] == 'EN') { echo "selected"; } ?>>English</option> -<?php - - - /* <option value="NL" <?php if($_SESSION['Sprache'] == 'NL') { echo "selected"; } ?>>Dutch</option> */ -?> - </select> - </td></tr> - </table> - <input type="submit" value="<?php Print_Text("save"); ?>"> -</form> - -<?php - - - if (get_cfg_var("file_uploads")) { - echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; - echo Get_Text('pub_einstellungen_PictureUpload') . "<br />"; - echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n"; - echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n"; - echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n"; - echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n"; - echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n"; - echo "</form>\n"; - } - - switch (GetPicturShow($_SESSION['UID'])) { - case 'Y' : - echo Get_Text('pub_einstellungen_PictureShow') . "<br />"; - echo displayPictur($_SESSION['UID'], 0); - echo "<form action=\"./einstellungen.php\" method=\"post\">\n"; - echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n"; - echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n"; - echo "</form>\n"; - break; - case 'N' : - echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />"; - echo displayPictur($_SESSION['UID'], 0); - echo "<form action=\"./einstellungen.php\" method=\"post\">\n"; - echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n"; - echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n"; - echo "</form>\n"; - echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; - case '' : - echo "<br />\n<hr width=\"100%\">\n<br />\n\n"; - echo Get_Text(22) . "<br />"; - echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n"; - echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n"; - echo "<table>\n"; - echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n"; - echo "<tr>\n"; - echo "<td>\n"; - echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value + '.gif'\">\n"; - - for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++) - echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n"; - - echo "</select> \n"; - echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n"; - echo "</td>\n</tr>\n"; - echo "</table>\n"; - echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n"; - echo "</form>\n"; - break; - } //CASE - -} else { - switch ($_POST["action"]) { - case 'set' : - if ($_POST["new1"] == $_POST["new2"]) { - Print_Text(25); - $sql = "SELECT * FROM `User` WHERE `UID`='" . $_SESSION['UID'] . "'"; - $Erg = mysql_query($sql, $con); - - if (PassCrypt($_POST["old"]) == mysql_result($Erg, 0, "Passwort")) { - Print_Text(26); - Print_Text(27); - $usql = "UPDATE `User` SET `Passwort`='" . PassCrypt($_POST["new1"]) . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; - $Erg = mysql_query($usql, $con); - - if ($Erg == 1) { - Print_Text(28); - } else { - Print_Text(29); - } - } else { - Print_Text(30); - } - } else { - Print_Text(31); - } - break; - - case 'colour' : - - $chsql = "UPDATE `User` SET " . - "`color`= '" . $_POST["colourid"] . "', " . - "`Menu`= '" . $_POST["eMenu"] . "' " . - "WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; - $Erg = mysql_query($chsql, $con); - echo mysql_error($con); - $_SESSION['color'] = $_POST["colourid"]; - $_SESSION['Menu'] = $_POST["eMenu"]; - if ($Erg == 1) { - Print_Text(32); - } else { - Print_Text(29); - } - break; - - case 'sprache' : - - $chsql = "UPDATE `User` SET `Sprache` = '" . $_POST["language"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; - $Erg = mysql_query($chsql, $con); - $_SESSION['Sprache'] = $_POST["language"]; - if ($Erg == 1) { - Print_Text(33); - } else { - Print_Text(29); - } - break; - - case 'avatar' : - $chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; - $Erg = mysql_query($chsql, $con); - $_SESSION['Avatar'] = $_POST["eAvatar"]; - if ($Erg == 1) - Print_Text(34); - else - Print_Text(29); - break; - - case 'setUserData' : - if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") { - $chsql = "UPDATE `User` SET " . - "`Nick`='" . $_POST["eNick"] . "', `Name`='" . $_POST["eName"] . "', " . - "`Vorname`='" . $_POST["eVorname"] . "', `Alter`='" . $_POST["eAlter"] . "', " . - "`Telefon`='" . $_POST["eTelefon"] . "', `Handy`='" . $_POST["eHandy"] . "', " . - "`DECT`='" . $_POST["eDECT"] . "', `email`='" . $_POST["eemail"] . "', " . - "`ICQ`='" . $_POST["eICQ"] . "', `jabber`='" . $_POST["ejabber"] . "', " . - "`Hometown`='" . $_POST["Hometown"] . "', `Size`='" . $_POST["Sizeid"] . "' " . - "WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1;"; - } else { - $chsql = "UPDATE `User` SET " . - "`Nick`='" . $_POST["eNick"] . "', `Name`='" . $_POST["eName"] . "', " . - "`Vorname`='" . $_POST["eVorname"] . "', `Alter`='" . $_POST["eAlter"] . "', " . - "`Telefon`='" . $_POST["eTelefon"] . "', `Handy`='" . $_POST["eHandy"] . "', " . - "`DECT`='" . $_POST["eDECT"] . "', `email`='" . $_POST["eemail"] . "', " . - "`ICQ`='" . $_POST["eICQ"] . "', `jabber`='" . $_POST["ejabber"] . "', " . - "`Hometown`='" . $_POST["Hometown"] . "' " . - "WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1;"; - } - $Erg = mysql_query($chsql, $con); - - if ($Erg == 1) { - $_SESSION['Nick'] = $_POST["eNick"]; - $_SESSION['Name'] = $_POST["eName"]; - $_SESSION['Vorname'] = $_POST["eVorname"]; - $_SESSION['Alter'] = $_POST["eAlter"]; - $_SESSION['Telefon'] = $_POST["eTelefon"]; - $_SESSION['Handy'] = $_POST["eHandy"]; - $_SESSION['DECT'] = $_POST["eDECT"]; - $_SESSION['email'] = $_POST["eemail"]; - $_SESSION['ICQ'] = $_POST["eICQ"]; - $_SESSION['jabber'] = $_POST["ejabber"]; - $_SESSION['Hometown'] = $_POST["Hometown"]; - if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") { - $_SESSION['Size'] = $_POST["Sizeid"]; - } else - if ($_SESSION['Size'] != $_POST["Sizeid"]) { - array_push($error_messages, "einstellungen.php, change t-shirt size not allowed\n"); - } - - Print_Text("pub_einstellungen_UserDateSaved"); - } else { - Print_Text(29); - echo mysql_error($con); - } - break; - - case 'sendPicture' : - if ($_FILES["file"]["size"] > 0) { - if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) { - $data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"]))); - - if (GetPicturShow($_SESSION['UID']) == "") - $SQL = "INSERT INTO `UserPicture` " . - "( `UID`,`Bild`, `ContentType`, `show`) " . - "VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')"; - else - $SQL = "UPDATE `UserPicture` SET " . - "`Bild`='$data', " . - "`ContentType`='" . $_FILES["file"]["type"] . "', " . - "`show`='N' " . - "WHERE `UID`='" . $_SESSION['UID'] . "'"; - - $res = mysql_query($SQL, $con); - if ($res) - Print_Text("pub_einstellungen_send_OK"); - else - Print_Text("pub_einstellungen_send_KO"); - - echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>"; - } else - Print_Text("pub_einstellungen_send_KO"); - } else - Print_Text("pub_einstellungen_send_KO"); - break; - - case 'delPicture' : - $chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1"; - $Erg = mysql_query($chsql, $con); - if ($Erg == 1) - Print_Text("pub_einstellungen_del_OK"); - else - Print_Text("pub_einstellungen_del_KO"); - Break; - } -} -include ("includes/footer.php"); -?> diff --git a/www-ssl/nonpublic/index.php b/www-ssl/nonpublic/index.php deleted file mode 100644 index b53f8088..00000000 --- a/www-ssl/nonpublic/index.php +++ /dev/null @@ -1,77 +0,0 @@ -<?PHP -include ('../bootstrap.php'); - -$title = "Index"; -$header = "Index"; - -include ("config/config_db.php"); -include ("includes/crypt.php"); - -session_start(); // alte Session - falls vorhanden - wiederherstellen... - -function LoginOK() { - include ("config/config.php"); - header("HTTP/1.1 302 Moved Temporarily"); - header("Location: " . $url . $ENGEL_ROOT . "nonpublic/news.php"); -} - -if (!IsSet ($_POST["user"])) { // User ist bereits angemeldet... normaler Inhalt... - LoginOK(); -} else { // User ist noch nicht angemeldet - $sql = "SELECT * FROM `User` WHERE `Nick`='" . $_POST["user"] . "'"; - $userstring = mysql_query($sql, $con); - - // anzahl zeilen - $user_anz = mysql_num_rows($userstring); - - if ($user_anz == 1) { // Check, ob User angemeldet wird... - if (mysql_result($userstring, 0, "Passwort") == PassCrypt($_POST["password"])) { // Passwort ok... - // Session wird eingeleitet und Session-Variablen gesetzt.. - // session_start(); - session_name("Himmel"); - $_SESSION['UID'] = mysql_result($userstring, 0, "UID"); - $_SESSION['Nick'] = mysql_result($userstring, 0, "Nick"); - $_SESSION['Name'] = mysql_result($userstring, 0, "Name"); - $_SESSION['Vorname'] = mysql_result($userstring, 0, "Vorname"); - $_SESSION['Alter'] = mysql_result($userstring, 0, "Alter"); - $_SESSION['Telefon'] = mysql_result($userstring, 0, "Telefon"); - $_SESSION['Handy'] = mysql_result($userstring, 0, "Handy"); - $_SESSION['DECT'] = mysql_result($userstring, 0, "DECT"); - $_SESSION['email'] = mysql_result($userstring, 0, "email"); - $_SESSION['ICQ'] = mysql_result($userstring, 0, "ICQ"); - $_SESSION['jabber'] = mysql_result($userstring, 0, "jabber"); - $_SESSION['Size'] = mysql_result($userstring, 0, "Size"); - $_SESSION['Gekommen'] = mysql_result($userstring, 0, "Gekommen"); - $_SESSION['Aktiv'] = mysql_result($userstring, 0, "Aktiv"); - $_SESSION['Tshirt'] = mysql_result($userstring, 0, "Tshirt"); - $_SESSION['Menu'] = mysql_result($userstring, 0, "Menu"); - $_SESSION['color'] = mysql_result($userstring, 0, "color"); - $_SESSION['Avatar'] = mysql_result($userstring, 0, "Avatar"); - $_SESSION['Sprache'] = mysql_result($userstring, 0, "Sprache"); - $_SESSION['Hometown'] = mysql_result($userstring, 0, "Hometown"); - $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; - - // CVS import Data - $SQL = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_SESSION['UID'] . "'"; - $Erg_CVS = mysql_query($SQL, $con); - $_SESSION['CVS'] = mysql_fetch_array($Erg_CVS); - - LoginOK(); - } else { // Passwort nicht ok... - $ErrorText = "pub_index_pass_no_ok"; - } // Ende Passwort-Check - } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung - if ($user_anz == 0) - $ErrorText = "pub_index_User_unset"; - else - $ErrorText = "pub_index_User_more_as_one"; - } // Ende Check, ob User angemeldet wurde -} -include ("includes/header.php"); -if (isset ($ErrorText)) - echo "<h2>" . Get_Text($ErrorText) . "</h2><br />\n"; -include ("includes/login_eingabefeld.php"); -include ("includes/footer.php"); -?> - - |