diff options
Diffstat (limited to 'includes')
| -rw-r--r-- | includes/controller/rooms_controller.php | 8 | ||||
| -rw-r--r-- | includes/controller/users_controller.php | 5 | ||||
| -rw-r--r-- | includes/helper/email_helper.php | 3 | ||||
| -rw-r--r-- | includes/helper/internationalization_helper.php | 8 | ||||
| -rw-r--r-- | includes/model/Room_model.php | 2 | ||||
| -rw-r--r-- | includes/model/UserDriverLicenses_model.php | 2 | ||||
| -rw-r--r-- | includes/pages/guest_login.php | 6 | ||||
| -rw-r--r-- | includes/pages/user_settings.php | 3 | ||||
| -rw-r--r-- | includes/sys_auth.php | 10 | ||||
| -rw-r--r-- | includes/sys_menu.php | 12 | ||||
| -rw-r--r-- | includes/view/AngelTypes_view.php | 4 | ||||
| -rw-r--r-- | includes/view/UserDriverLicenses_view.php | 4 |
12 files changed, 42 insertions, 25 deletions
diff --git a/includes/controller/rooms_controller.php b/includes/controller/rooms_controller.php index a79034fb..bba38bb5 100644 --- a/includes/controller/rooms_controller.php +++ b/includes/controller/rooms_controller.php @@ -16,8 +16,14 @@ function room_controller() { if (! in_array('view_rooms', $privileges)) { redirect(page_link_to()); } - + + $room = load_room(); + + if($room['show'] != 'Y' && !in_array('admin_rooms', $privileges)) { + redirect(page_link_to()); + } + $all_shifts = Shifts_by_room($room); $days = []; foreach ($all_shifts as $shift) { diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index 64f725de..3825af7c 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -211,6 +211,7 @@ function users_list_controller() { * Second step of password recovery: set a new password using the token link from email */ function user_password_recovery_set_new_controller() { + global $min_password_length; $user_source = User_by_password_recovery_token($_REQUEST['token']); if ($user_source == null) { error(_("Token is not correct.")); @@ -219,8 +220,8 @@ function user_password_recovery_set_new_controller() { if (isset($_REQUEST['submit'])) { $valid = true; - - if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { + + if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $valid = false; error(_("Your passwords don't match.")); diff --git a/includes/helper/email_helper.php b/includes/helper/email_helper.php index 0ef4326a..462b5641 100644 --- a/includes/helper/email_helper.php +++ b/includes/helper/email_helper.php @@ -16,7 +16,8 @@ function engelsystem_email_to_user($recipient_user, $title, $message, $not_if_it } function engelsystem_email($address, $title, $message) { - $result = mail($address, $title, $message, "Content-Type: text/plain; charset=UTF-8\r\nFrom: Engelsystem <noreply@engelsystem.de>"); + global $no_reply_email; + $result = mail($address, $title, $message, sprintf("Content-Type: text/plain; charset=UTF-8\r\nFrom: Engelsystem <%s>", $no_reply_email)); if ($result === false) { engelsystem_error('Unable to send email.'); } diff --git a/includes/helper/internationalization_helper.php b/includes/helper/internationalization_helper.php index 7127bdee..a537ef3d 100644 --- a/includes/helper/internationalization_helper.php +++ b/includes/helper/internationalization_helper.php @@ -25,15 +25,15 @@ function locale_short() { */ function gettext_init() { global $locales, $default_locale; - - if (isset($_REQUEST['set_locale']) && in_array($_REQUEST['set_locale'], array_keys($locales))) { + + if (isset($_REQUEST['set_locale']) && isset($locales[$_REQUEST['set_locale']])) { $_SESSION['locale'] = $_REQUEST['set_locale']; } elseif (! isset($_SESSION['locale'])) { $_SESSION['locale'] = $default_locale; } - + gettext_locale(); - bindtextdomain('default', __DIR__ . '../../locale'); + bindtextdomain('default', realpath(__DIR__ . '/../../locale')); bind_textdomain_codeset('default', 'UTF-8'); textdomain('default'); } diff --git a/includes/model/Room_model.php b/includes/model/Room_model.php index 6b6e269e..14935de0 100644 --- a/includes/model/Room_model.php +++ b/includes/model/Room_model.php @@ -46,7 +46,7 @@ function Room_create($name, $from_frab, $public) { * @param $room_id RID */ function Room($room_id) { - $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "' AND `show` = 'Y'"); + $room_source = sql_select("SELECT * FROM `Room` WHERE `RID`='" . sql_escape($room_id) . "'"); if ($room_source === false) { return false; diff --git a/includes/model/UserDriverLicenses_model.php b/includes/model/UserDriverLicenses_model.php index 6caa3589..afc44575 100644 --- a/includes/model/UserDriverLicenses_model.php +++ b/includes/model/UserDriverLicenses_model.php @@ -24,7 +24,7 @@ function UserDriverLicense_new() { * @return boolean */ function UserDriverLicense_valid($user_driver_license) { - return $user_driver_license['has_car'] || $user_driver_license['has_license_car'] || $user_driver_license['has_license_3_5t_transporter'] || $user_driver_license['has_license_7_5t_truck'] || $user_driver_license['has_license_12_5t_truck'] || $user_driver_license['has_license_forklift']; + return $user_driver_license['has_license_car'] || $user_driver_license['has_license_3_5t_transporter'] || $user_driver_license['has_license_7_5t_truck'] || $user_driver_license['has_license_12_5t_truck'] || $user_driver_license['has_license_forklift']; } /** diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index a4934be3..54abe5ca 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -14,7 +14,7 @@ function logout_title() { // Engel registrieren function guest_register() { - global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user; + global $tshirt_sizes, $enable_tshirt_size, $default_theme, $user, $min_password_length; $event_config = EventConfig(); @@ -96,14 +96,14 @@ function guest_register() { } } - if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { + if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= $min_password_length) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $valid = false; $msg .= error(_("Your passwords don't match."), true); } } else { $valid = false; - $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); + $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), $min_password_length), true); } if (isset($_REQUEST['planned_arrival_date'])) { diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index a147b437..e776320f 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -88,9 +88,10 @@ function user_settings_main($user_source, $enable_tshirt_size, $tshirt_sizes) { * The user */ function user_settings_password($user_source) { + global $min_password_length; if (! isset($_REQUEST['password']) || ! verify_password($_REQUEST['password'], $user_source['Passwort'], $user_source['UID'])) { error(_("-> not OK. Please try again.")); - } elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) { + } elseif (strlen($_REQUEST['new_password']) < $min_password_length) { error(_("Your password is to short (please use at least 6 characters).")); } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) { error(_("Your passwords don't match.")); diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 135e49e3..7a1dd4b7 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -39,7 +39,8 @@ function generate_salt($length = 16) { * set the password of a user */ function set_password($uid, $password) { - $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1"); + global $crypt_alg; + $result = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt(16) . '$')) . "', `password_recovery_token`=NULL WHERE `UID` = " . intval($uid) . " LIMIT 1"); if ($result === false) { engelsystem_error('Unable to update password.'); } @@ -51,6 +52,7 @@ function set_password($uid, $password) { * if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically */ function verify_password($password, $salt, $uid = false) { + global $crypt_alg; $correct = false; if (substr($salt, 0, 1) == '$') { // new-style crypt() $correct = crypt($password, $salt) == $salt; @@ -59,12 +61,12 @@ function verify_password($password, $salt, $uid = false) { } elseif (strlen($salt) == 32) { // old-style md5 without salt - not used anymore $correct = md5($password) == $salt; } - - if ($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) { + + if ($correct && substr($salt, 0, strlen($crypt_alg)) != $crypt_alg && $uid) { // this password is stored in another format than we want it to be. // let's update it! // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash - sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); + sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, $crypt_alg . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1"); } return $correct; } diff --git a/includes/sys_menu.php b/includes/sys_menu.php index e1a6a12e..cb90fb7b 100644 --- a/includes/sys_menu.php +++ b/includes/sys_menu.php @@ -154,8 +154,10 @@ function make_room_navigation($menu) { if (! in_array('view_rooms', $privileges)) { return $menu; } - - $rooms = Rooms(); + + //get a list of all rooms + $rooms = Rooms(true); + $room_menu = []; if (in_array('admin_rooms', $privileges)) { $room_menu[] = toolbar_item_link(page_link_to('admin_rooms'), 'list', _("Manage rooms")); @@ -164,7 +166,11 @@ function make_room_navigation($menu) { $room_menu[] = toolbar_item_divider(); } foreach ($rooms as $room) { - $room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']); + if($room['show'] == 'Y' || // room is public + ($room['show'] != 'Y' && in_array('admin_rooms', $privileges)) // room is not public, but user can admin_rooms + ) { + $room_menu[] = toolbar_item_link(room_link($room), 'map-marker', $room['Name']); + } } if (count($room_menu > 0)) { $menu[] = toolbar_dropdown('map-marker', _("Rooms"), $room_menu); diff --git a/includes/view/AngelTypes_view.php b/includes/view/AngelTypes_view.php index 7b20b7dd..592f8d6b 100644 --- a/includes/view/AngelTypes_view.php +++ b/includes/view/AngelTypes_view.php @@ -124,9 +124,9 @@ function AngelType_view_members($angeltype, $members, $admin_user_angeltypes, $a $members_unconfirmed = []; foreach ($members as $member) { $member['Nick'] = User_Nick_render($member); - + if ($angeltype['requires_driver_license']) { - $member['wants_to_drive'] = glyph_bool($member['user_id']); + $member['wants_to_drive'] = glyph_bool($member['wants_to_drive']); $member['has_car'] = glyph_bool($member['has_car']); $member['has_license_car'] = glyph_bool($member['has_license_car']); $member['has_license_3_5t_transporter'] = glyph_bool($member['has_license_3_5t_transporter']); diff --git a/includes/view/UserDriverLicenses_view.php b/includes/view/UserDriverLicenses_view.php index 5a3effeb..3c0eaf8d 100644 --- a/includes/view/UserDriverLicenses_view.php +++ b/includes/view/UserDriverLicenses_view.php @@ -19,10 +19,10 @@ function UserDriverLicense_edit_view($user_source, $wants_to_drive, $user_driver msg(), form([ form_info(_("Privacy"), _("Your driving license information is only visible for supporters and admins.")), - form_checkbox('wants_to_drive', _("I am willing to operate cars for the PL"), $wants_to_drive), + form_checkbox('wants_to_drive', _("I am willing to drive a car for the event"), $wants_to_drive), div('panel panel-default', [ div('panel-body', [ - form_checkbox('has_car', _("I have my own car with me and am willing to use it for the PL (You'll get reimbursed for fuel)"), $user_driver_license['has_car']), + form_checkbox('has_car', _("I have my own car with me and am willing to use it for the event (You'll get reimbursed for fuel)"), $user_driver_license['has_car']), heading(_("Driver license"), 3), form_checkbox('has_license_car', _("Car"), $user_driver_license['has_license_car']), form_checkbox('has_license_3_5t_transporter', _("Transporter 3,5t"), $user_driver_license['has_license_3_5t_transporter']), |