From a3be0289286c43d8656052217457d9162261ba90 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Thu, 2 Jun 2011 00:48:29 +0200 Subject: rewrite --- includes/sys_auth.php | 47 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 47 insertions(+) create mode 100644 includes/sys_auth.php (limited to 'includes/sys_auth.php') diff --git a/includes/sys_auth.php b/includes/sys_auth.php new file mode 100644 index 00000000..1c15122e --- /dev/null +++ b/includes/sys_auth.php @@ -0,0 +1,47 @@ + 0) { + // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten + list ($user) = $user; + sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;"); + } else + unset ($_SESSION['uid']); + } + + load_privileges(); +} + +function load_privileges() { + global $privileges, $user; + + $privileges = array (); + if (isset ($user)) { + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user['UID']) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + } else { + $guest_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=-1;"); + foreach ($guest_privs as $guest_priv) + $privileges[] = $guest_priv['name']; + } +} + +function PassCrypt($passwort) { + global $crypt_system; + + switch ($crypt_system) { + case "crypt" : + return "{crypt}" . crypt($passwort, "77"); + case "md5" : + return md5($passwort); + } +} +?> \ No newline at end of file -- cgit v1.2.3-54-g00ecf From 06497b3a5387f30ea140562cc71e371b2ec1e131 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Thu, 2 Jun 2011 01:18:08 +0200 Subject: cleanup --- includes/footer.php | 18 ---- includes/funktion_activeUser.php | 34 ------- includes/funktion_faq.php | 10 -- includes/funktion_flag.php | 9 -- includes/header_start.php | 40 -------- includes/login_eingabefeld.php | 17 ---- includes/pages/guest_faq.php | 9 ++ includes/secure.php | 25 ----- includes/sys_auth.php | 8 ++ www-ssl/css/style.css.old | 53 ---------- www-ssl/css/style.css.old2 | 69 ------------- www-ssl/css/style1.css.old | 79 --------------- www-ssl/faq.php | 31 ------ www-ssl/logout.php | 15 --- www-ssl/makeuser.php | 214 --------------------------------------- 15 files changed, 17 insertions(+), 614 deletions(-) delete mode 100644 includes/footer.php delete mode 100644 includes/funktion_activeUser.php delete mode 100644 includes/funktion_faq.php delete mode 100644 includes/funktion_flag.php delete mode 100644 includes/header_start.php delete mode 100644 includes/login_eingabefeld.php delete mode 100644 includes/secure.php delete mode 100644 www-ssl/css/style.css.old delete mode 100644 www-ssl/css/style.css.old2 delete mode 100644 www-ssl/css/style1.css.old delete mode 100644 www-ssl/faq.php delete mode 100644 www-ssl/logout.php delete mode 100644 www-ssl/makeuser.php (limited to 'includes/sys_auth.php') diff --git a/includes/footer.php b/includes/footer.php deleted file mode 100644 index fdf00581..00000000 --- a/includes/footer.php +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - - diff --git a/includes/funktion_activeUser.php b/includes/funktion_activeUser.php deleted file mode 100644 index 631ec2d1..00000000 --- a/includes/funktion_activeUser.php +++ /dev/null @@ -1,34 +0,0 @@ -Engel online"; - -$SQL = "SELECT UID, Nick, lastLogIn " . -"FROM User " . -"WHERE (`lastLogIn` > '" . (time() - 60 * 60) . "' AND NOT (UID=" . $_SESSION['UID'] . ")) " . -"ORDER BY lastLogIn DESC;"; - -$Erg = mysql_query($SQL, $con); - -echo ""; -?> diff --git a/includes/funktion_faq.php b/includes/funktion_faq.php deleted file mode 100644 index e9f09e7c..00000000 --- a/includes/funktion_faq.php +++ /dev/null @@ -1,10 +0,0 @@ - diff --git a/includes/funktion_flag.php b/includes/funktion_flag.php deleted file mode 100644 index 6b4e2f06..00000000 --- a/includes/funktion_flag.php +++ /dev/null @@ -1,9 +0,0 @@ - 0) - $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage="; -else - $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage="; - -echo '

DE'; -echo 'EN

'; -?> diff --git a/includes/header_start.php b/includes/header_start.php deleted file mode 100644 index 4795cee3..00000000 --- a/includes/header_start.php +++ /dev/null @@ -1,40 +0,0 @@ - 0)) { - echo "" . $SystemDisableMessage . ""; - echo "" . $SystemDisableMessage . "\n"; - die(); -} - -if (!isset ($_SESSION)) - session_start(); - -include "secure.php"; - -if (!isset ($_SESSION['IP'])) - $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; - -if (isset ($_SESSION['UID']) && ($_SESSION['IP'] <> $_SERVER['REMOTE_ADDR'])) { - session_destroy(); - header("Location: " . $url . $ENGEL_ROOT); -} - -include "UserCVS.php"; - -// update LASTlogin -if (isset ($_SESSION['UID'])) { - $SQLlastLogIn = "UPDATE `User` SET " . - "`lastLogIn` = '" . time() . "'" . - " WHERE `UID` = '" . $_SESSION['UID'] . "' LIMIT 1;"; - mysql_query($SQLlastLogIn, $con); -} -?> diff --git a/includes/login_eingabefeld.php b/includes/login_eingabefeld.php deleted file mode 100644 index 9e10271d..00000000 --- a/includes/login_eingabefeld.php +++ /dev/null @@ -1,17 +0,0 @@ - - -
- - - - - - - - - -
-
"> -
diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php index 6b5eeeeb..48e75d16 100644 --- a/includes/pages/guest_faq.php +++ b/includes/pages/guest_faq.php @@ -18,4 +18,13 @@ function guest_faq() { } return $html; } + +function noAnswer() { + global $con; + + $SQL = "SELECT UID FROM Questions WHERE `AID`='0'"; + $Res = mysql_query($SQL, $con); + + return mysql_num_rows($Res); +} ?> diff --git a/includes/secure.php b/includes/secure.php deleted file mode 100644 index 1d1a9e46..00000000 --- a/includes/secure.php +++ /dev/null @@ -1,25 +0,0 @@ -\n"; - - foreach ($_GET as $k => $v) { - $v = htmlentities($v, ENT_QUOTES); - preg_replace('/([\'"`\'])/', '', $v); - $_GET[$k] = $v; - - if($debug) - echo "GET $k=\"$v\"
"; - } - - foreach ($_POST as $k => $v) { - $v = htmlentities($v, ENT_QUOTES); - preg_replace('/([\'"`\'])/', '', $v); - $_POST[$k] = $v; - - if($debug) - echo "POST $k=\"$v\"
"; - } - - if($debug) - echo "secure.php END
\n"; -?> diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 1c15122e..68e336b0 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -5,6 +5,14 @@ function load_auth() { global $user; + if (!isset ($_SESSION['IP'])) + $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; + + if ($_SESSION['IP'] != $_SERVER['REMOTE_ADDR']) { + session_destroy(); + header("Location: " . link_to_page($start)); + } + $user = null; if (isset ($_SESSION['uid'])) { $user = sql_select("SELECT * FROM `User` WHERE `UID`=" . sql_escape($_SESSION['uid']) . " LIMIT 1"); diff --git a/www-ssl/css/style.css.old b/www-ssl/css/style.css.old deleted file mode 100644 index 254fb1b7..00000000 --- a/www-ssl/css/style.css.old +++ /dev/null @@ -1,53 +0,0 @@ -H1 { - font-family : Helvetica,Arial,Verdana; - font-size : 25pt; -} -H4 { - font-family : Arial,Verdana; -} -A { - font-family : Arial; - font-size : small; - text-decoration : none; - color : #0000a0; -} -A:Visited { - font-family : Arial; - font-size : small; - color : #0000a0; - text-decoration : none; -} - A:Active { - text-decoration : none; - font-family : Arial; - font-size : small; -} -A:Hover { - font-family : Arial; - font-size : small; - color : #0000a0; - text-decoration : underline; - font-weight : bold; -} -B { - font-weight : bold; - font-family : Arial; - font-size : small; -} - -TD { - font-size : small; - font-family : Arial; - padding-left : 1cm; -} - -BODY { - font-size : small; - font-family : Arial; - background-color : #f3b115; - color : navy; -} -a.title { - color:#ffa000; -} - diff --git a/www-ssl/css/style.css.old2 b/www-ssl/css/style.css.old2 deleted file mode 100644 index 9f7c0c90..00000000 --- a/www-ssl/css/style.css.old2 +++ /dev/null @@ -1,69 +0,0 @@ -H1 { - font-family : Helvetica,Arial,Verdana; - font-size : 25pt; -} - -H4 { - font-family : Arial,Verdana; -} - -A { - font-family : Arial; - font-size : small; - text-decoration : none; - color : #778899; -} - -A:Visited { - font-family : Arial; - font-size : small; - color : #778899; - text-decoration : none; -} - -A:Active { - text-decoration : none; - font-family : Arial; - font-size : small; -} - -A:Hover { - font-family : Arial; - font-size : small; - color : #778899; - text-decoration : underline; - font-weight : bold; -} - -B { - font-weight : bold; - font-family : Arial; - font-size : small; -} - -TD { - font-size : small; - font-family : Arial; -} - -BODY { - font-size : small; - font-family : Arial; - background-color : #f3b115; - color : navy; -} - - -a.title { -color:#ffa000; -} - - -p.question { - font-weight: bold; -} - -p.answer { - margin-left: 30px; - margin-right: 30px; -} diff --git a/www-ssl/css/style1.css.old b/www-ssl/css/style1.css.old deleted file mode 100644 index 4a597f35..00000000 --- a/www-ssl/css/style1.css.old +++ /dev/null @@ -1,79 +0,0 @@ - -body { - font-family: Arial; - background-color: #3e9fef; - color: #000000; - font-size: small -} - -a { - text-decoration: none; - color: #304930 -} - -td { - font-size: small -} - -a:active, a:hover { - font-weight: bold -} - -li { - font-size: small -} - -.content { - background-color: #bdd9ef; - color: #000000 -} - -.contenttopic { - font-weight: bold; - font-size: small; - color: #fe961e; - background-color: #157cc1 -} - -.border { - background-color: #050509 -} - -.menu { - background-color: #bdd9ef; - color: #000022; - font-size: small -} -h4.menu { - font-weight: bold; - font-size: small; - color: #3e9fef -} - -.linkbox { - background-color: #ffffff -} - -.linkboxtitle { - font-weight: bold; - background-color: #000000; - color: #bdd9ef -} - -.question { - font-weight: bold; - font-size: 9pt -} - -.engeltreffen { - font-weight: bold; - font-size: 9pt; - color: #ff0000; -} - -.answer { - font-size: 9pt; -} -.comment { - font-size : 6pt; -} diff --git a/www-ssl/faq.php b/www-ssl/faq.php deleted file mode 100644 index 8a7b3ede..00000000 --- a/www-ssl/faq.php +++ /dev/null @@ -1,31 +0,0 @@ -', mysql_result($Erg, $n, "Frage")); - list ($antwort_de, $antwort_en) = split('
', mysql_result($Erg, $n, "Antwort")); - echo "
"; - if ($_SESSION['Sprache'] == "DE") { - echo "
" . $frage_de . "
"; - echo "
" . $antwort_de . "
"; - } else { - echo "
" . $frage_en . "
"; - echo "
" . $antwort_en . "
"; - } - echo "
"; - } -} - -include "includes/footer.php"; -?> diff --git a/www-ssl/logout.php b/www-ssl/logout.php deleted file mode 100644 index 12b284f9..00000000 --- a/www-ssl/logout.php +++ /dev/null @@ -1,15 +0,0 @@ - diff --git a/www-ssl/makeuser.php b/www-ssl/makeuser.php deleted file mode 100644 index a67f4bd5..00000000 --- a/www-ssl/makeuser.php +++ /dev/null @@ -1,214 +0,0 @@ - 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); - elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); - elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); - elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); - elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); - else { - $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); - unset ($_POST["Passwort2"]); - - $SQL = "INSERT INTO `User` (" . - "`Nick` , " . "`Name` , " . - "`Vorname`, " . "`Alter` , " . - "`Telefon`, " . "`DECT`, " . - "`Handy`, " . "`email`, " . - "`ICQ`, " . "`jabber`, " . - "`Size`, " . "`Passwort`, " . - "`Art` , " . "`kommentar`, " . - "`Hometown`," . "`CreateDate` ) " . - "VALUES ( " . - "'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . - "'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . - "'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . - "'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . - "'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . - "'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . - "'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . - "'" . $_POST["Hometown"] . "'," . "NOW());"; - $Erg = mysql_query($SQL, $con); - - if ($Erg != 1) { - echo Get_Text("makeuser_error_write1") . "
\n"; - $error = mysql_error($con); - } else { - echo "

" . Get_Text("makeuser_writeOK") . "\n"; - - $SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='" . $_POST["Nick"] . "';"; - $Erg2 = mysql_query($SQL2, $con); - $Data = mysql_fetch_array($Erg2); - - $SQL3 = "INSERT INTO `UserCVS` (`UID`) VALUES ('" . $Data["UID"] . "');"; - $Erg3 = mysql_query($SQL3, $con); - - if ($Erg3 != 1) { - echo "

" . Get_Text("makeuser_error_write2") . "
\n"; - $error = mysql_error($con); - } else { - echo Get_Text("makeuser_writeOK2") . "
\n"; - echo "

" . Get_Text("makeuser_writeOK3") . "

\n"; - } - - echo Get_Text("makeuser_writeOK4") . "

\n

\n"; - $success = "any"; - - if (isset ($SubscribeMailinglist)) { - if ($_POST["subscribe-mailinglist"] == "") { - $headers = "From: " . $_POST["email"] . "\r\n" . - "X-Mailer: PHP/" . phpversion(); - mail($SubscribeMailinglist, "subject", "message", $headers); - } - } - } - } - - if (isset ($error)) - echo "

\n" . $error . "\n

\n\n"; -} else { - // init vars - $_POST["Nick"] = ""; - $_POST["Name"] = ""; - $_POST["Vorname"] = ""; - $_POST["Alter"] = ""; - $_POST["Telefon"] = ""; - $_POST["DECT"] = ""; - $_POST["Handy"] = ""; - $_POST["email"] = ""; - $_POST["subscribe-mailinglist"] = ""; - $_POST["ICQ"] = ""; - $_POST["jabber"] = ""; - $_POST["Size"] = "L"; - $_POST["Art"] = ""; - $_POST["kommentar"] = ""; - $_POST["Hometown"] = ""; -} - -if ($success == "none") { - echo "

" . Get_Text("makeuser_text0") . "

\n"; - echo "

" . Get_Text("makeuser_text1") . "

\n"; - echo "
\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - - if (isset ($SubscribeMailinglist)) - echo "\n"; - - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "\n"; - echo "
" . Get_Text("makeuser_Nickname") . "*
" . Get_Text("makeuser_Nachname") . "
" . Get_Text("makeuser_Vorname") . "
" . Get_Text("makeuser_Alter") . "
" . Get_Text("makeuser_Telefon") . "
" . Get_Text("makeuser_DECT") . "\n"; - echo "
" . Get_Text("makeuser_Handy") . "
" . Get_Text("makeuser_E-Mail") . "*
" . Get_Text("makeuser_subscribe-mailinglist") . "($SubscribeMailinglist)
ICQ
jabber
" . Get_Text("makeuser_T-Shirt") . " Grösse*\n"; - echo "\n"; - echo "
" . Get_Text("makeuser_Engelart") . "\n"; - echo "\n"; - echo "
" . Get_Text("makeuser_text2") . "
" . Get_Text("makeuser_Hometown") . "
" . Get_Text("makeuser_Passwort") . "*
" . Get_Text("makeuser_Passwort2") . "*
 
\n"; - echo "
\n"; - Print_Text("makeuser_text3"); -} - -include "includes/footer.php"; -?> -- cgit v1.2.3-54-g00ecf From 554bd796dc7aed67b6810e2ae3f30ba66bf263e3 Mon Sep 17 00:00:00 2001 From: Daniel Friesel Date: Fri, 3 Jun 2011 11:24:22 +0200 Subject: includes/sys_auth: Add sql_escape, just to be safe --- includes/sys_auth.php | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) (limited to 'includes/sys_auth.php') diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 68e336b0..009be2d8 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -19,7 +19,10 @@ function load_auth() { if (count($user) > 0) { // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten list ($user) = $user; - sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;"); + sql_query("UPDATE `User` SET " + . "`lastLogIn` = '" . time() . "'" + . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;" + ); } else unset ($_SESSION['uid']); } @@ -52,4 +55,4 @@ function PassCrypt($passwort) { return md5($passwort); } } -?> \ No newline at end of file +?> -- cgit v1.2.3-54-g00ecf From 225398d87d56257e63f03504fb1a0452a8d9ae02 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Fri, 3 Jun 2011 15:30:17 +0200 Subject: json auth service complete --- includes/sys_auth.php | 79 ++++++++++++++++++++++++++++++++++------------ www-ssl/index.php | 10 ++++-- www-ssl/nonpublic/auth.php | 45 +++----------------------- 3 files changed, 70 insertions(+), 64 deletions(-) (limited to 'includes/sys_auth.php') diff --git a/includes/sys_auth.php b/includes/sys_auth.php index 009be2d8..15c5591a 100644 --- a/includes/sys_auth.php +++ b/includes/sys_auth.php @@ -3,7 +3,7 @@ // Testet ob ein User eingeloggt ist und lädt die entsprechenden Privilegien function load_auth() { - global $user; + global $user, $privileges; if (!isset ($_SESSION['IP'])) $_SESSION['IP'] = $_SERVER['REMOTE_ADDR']; @@ -19,30 +19,12 @@ function load_auth() { if (count($user) > 0) { // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten list ($user) = $user; - sql_query("UPDATE `User` SET " - . "`lastLogIn` = '" . time() . "'" - . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;" - ); + sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . sql_escape($_SESSION['uid']) . "' LIMIT 1;"); } else unset ($_SESSION['uid']); } - load_privileges(); -} - -function load_privileges() { - global $privileges, $user; - - $privileges = array (); - if (isset ($user)) { - $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user['UID']) . ";"); - foreach ($user_privs as $user_priv) - $privileges[] = $user_priv['name']; - } else { - $guest_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=-1;"); - foreach ($guest_privs as $guest_priv) - $privileges[] = $guest_priv['name']; - } + $privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1); } function PassCrypt($passwort) { @@ -55,4 +37,59 @@ function PassCrypt($passwort) { return md5($passwort); } } + +// JSON Authorisierungs-Schnittstelle +function json_auth_service() { + global $CurrentExternAuthPass; + + header("Content-Type: application/json"); + + $User = $_REQUEST['user']; + $Pass = $_REQUEST['pw']; + $SourceOuth = $_REQUEST['so']; + + if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) { + $sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'"; + $Erg = sql_query($sql); + + if (mysql_num_rows($Erg) == 1) { + if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) { + $UID = mysql_result($Erg, 0, "UID"); + + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + + $msg = array ( + 'status' => 'success', + 'rights' => $privileges + ); + echo json_encode($msg); + die(); + } + } + } + + echo json_encode(array ( + 'status' => 'failed', + 'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=&pw=&so=, POST is possible too" + )); + die(); +} + +function privileges_for_user($user_id) { + $privileges = array (); + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user_id) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + return $privileges; +} + +function privileges_for_group($group_id) { + $privileges = array (); + $groups_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=" . sql_escape($group_id)); + foreach ($groups_privs as $guest_priv) + $privileges[] = $guest_priv['name']; + return $privileges; +} ?> diff --git a/www-ssl/index.php b/www-ssl/index.php index 7c65abb2..214ec54a 100644 --- a/www-ssl/index.php +++ b/www-ssl/index.php @@ -22,6 +22,10 @@ sql_connect($config['host'], $config['user'], $config['pw'], $config['db']); load_auth(); +// JSON Authorisierung gewünscht? +if (isset ($_REQUEST['auth'])) + json_auth_service(); + // Gewünschte Seite/Funktion $p = isset ($user) ? "news" : "start"; if (isset ($_REQUEST['p'])) @@ -89,15 +93,15 @@ if (in_array($p, $privileges)) { elseif ($p == "admin_groups") { require_once ('includes/pages/admin_groups.php'); $content = admin_groups(); - } + } elseif ($p == "admin_faq") { require_once ('includes/pages/admin_faq.php'); $content = admin_faq(); - } + } elseif ($p == "admin_language") { require_once ('includes/pages/admin_language.php'); $content = admin_language(); - } + } elseif ($p == "admin_log") { require_once ('includes/pages/admin_log.php'); $content = admin_log(); diff --git a/www-ssl/nonpublic/auth.php b/www-ssl/nonpublic/auth.php index 7d58988c..143ea8c8 100644 --- a/www-ssl/nonpublic/auth.php +++ b/www-ssl/nonpublic/auth.php @@ -1,43 +1,8 @@ 'success', - 'rights' => $CVS - ); - echo json_encode($msg); - } else - echo json_encode(array ( - 'status' => 'failed' - )); - } else - echo json_encode(array ( - 'status' => 'failed' - )); -} else - echo json_encode(array ( - 'status' => 'failed' - )); +// Bleibt erstmal, damit Benutzer, die die Schnittstelle nutzen mitkriegen, dass diese Umgezogen ist +echo json_encode(array ( + 'status' => 'failed', + 'error' => "JSON Service moved to https://engelsystem.de/?auth&user=&pw=&so=" +)); ?> -- cgit v1.2.3-54-g00ecf