From a3be0289286c43d8656052217457d9162261ba90 Mon Sep 17 00:00:00 2001 From: Philip Häusler Date: Thu, 2 Jun 2011 00:48:29 +0200 Subject: rewrite --- includes/UserCVS.php | 4 +- includes/footer.php | 2 +- includes/funktion_lang.php | 27 ----- includes/pages/guest_credits.php | 5 + includes/pages/guest_faq.php | 21 ++++ includes/pages/guest_login.php | 250 +++++++++++++++++++++++++++++++++++++++ includes/pages/guest_start.php | 13 ++ includes/sys_auth.php | 47 ++++++++ includes/sys_lang.php | 26 ++++ includes/sys_menu.php | 72 +++++++++++ includes/sys_mysql.php | 61 ++++++++++ includes/sys_page.php | 9 ++ includes/sys_template.php | 17 +++ 13 files changed, 524 insertions(+), 30 deletions(-) delete mode 100644 includes/funktion_lang.php create mode 100644 includes/pages/guest_credits.php create mode 100644 includes/pages/guest_faq.php create mode 100644 includes/pages/guest_login.php create mode 100644 includes/pages/guest_start.php create mode 100644 includes/sys_auth.php create mode 100644 includes/sys_lang.php create mode 100644 includes/sys_menu.php create mode 100644 includes/sys_mysql.php create mode 100644 includes/sys_page.php create mode 100644 includes/sys_template.php (limited to 'includes') diff --git a/includes/UserCVS.php b/includes/UserCVS.php index 98a4fec7..b7fb412c 100644 --- a/includes/UserCVS.php +++ b/includes/UserCVS.php @@ -20,8 +20,8 @@ } // pagename ermitteln - $Page["Name"] = basename($_SERVER['PHP_SELF']); -// $Page["Name"] = str_replace($ENGEL_ROOT, '', $_SERVER['PHP_SELF']); +// $Page["Name"] = basename($_SERVER['PHP_SELF']); + $Page["Name"] = str_replace($ENGEL_ROOT, '', $_SERVER['PHP_SELF']); //recht fuer diese seite auslesen if(isset($_SESSION['CVS'][$Page["Name"]])) diff --git a/includes/footer.php b/includes/footer.php index 8e5b35b9..fdf00581 100644 --- a/includes/footer.php +++ b/includes/footer.php @@ -4,7 +4,7 @@ diff --git a/includes/funktion_lang.php b/includes/funktion_lang.php deleted file mode 100644 index 3e26ea33..00000000 --- a/includes/funktion_lang.php +++ /dev/null @@ -1,27 +0,0 @@ - diff --git a/includes/pages/guest_credits.php b/includes/pages/guest_credits.php new file mode 100644 index 00000000..89f68fde --- /dev/null +++ b/includes/pages/guest_credits.php @@ -0,0 +1,5 @@ + \ No newline at end of file diff --git a/includes/pages/guest_faq.php b/includes/pages/guest_faq.php new file mode 100644 index 00000000..6b5eeeeb --- /dev/null +++ b/includes/pages/guest_faq.php @@ -0,0 +1,21 @@ +', $faq['Frage']); + list ($antwort_de, $antwort_en) = explode('
', $faq['Antwort']); + $html .= "
"; + if ($_SESSION['Sprache'] == "DE") { + $html .= "
" . $frage_de . "
"; + $html .= "
" . $antwort_de . "
"; + } else { + $html .= "
" . $frage_en . "
"; + $html .= "
" . $antwort_en . "
"; + } + $html .= "
"; + } + return $html; +} +?> diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php new file mode 100644 index 00000000..76a473df --- /dev/null +++ b/includes/pages/guest_login.php @@ -0,0 +1,250 @@ + 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); + elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); + elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); + elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); + elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); + else { + $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); + unset ($_POST["Passwort2"]); + + $Erg = sql_query("INSERT INTO `User` (" . + "`Nick` , " . "`Name` , " . + "`Vorname`, " . "`Alter` , " . + "`Telefon`, " . "`DECT`, " . + "`Handy`, " . "`email`, " . + "`ICQ`, " . "`jabber`, " . + "`Size`, " . "`Passwort`, " . + "`Art` , " . "`kommentar`, " . + "`Hometown`," . "`CreateDate` ) " . + "VALUES ( " . + "'" . $_POST["Nick"] . "', " . "'" . $_POST["Name"] . "', " . + "'" . $_POST["Vorname"] . "', " . "'" . $_POST["Alter"] . "', " . + "'" . $_POST["Telefon"] . "', " . "'" . $_POST["DECT"] . "', " . + "'" . $_POST["Handy"] . "', " . "'" . $_POST["email"] . "', " . + "'" . $_POST["ICQ"] . "', " . "'" . $_POST["jabber"] . "', " . + "'" . $_POST["Size"] . "', " . "'" . $_POST["Passwort"] . "', " . + "'" . $_POST["Art"] . "', " . "'" . $_POST["kommentar"] . "', " . + "'" . $_POST["Hometown"] . "'," . "NOW())"); + + if ($Erg != 1) { + $html .= Get_Text("makeuser_error_write1") . "
\n"; + $error = sql_error(); + } else { + $html .= "

" . Get_Text("makeuser_writeOK") . "\n"; + + $SQL2 = "SELECT `UID` FROM `User` WHERE `Nick`='" . $_POST["Nick"] . "';"; + $Erg2 = mysql_query($SQL2, $con); + $Data = mysql_fetch_array($Erg2); + + $SQL3 = "INSERT INTO `UserCVS` (`UID`) VALUES ('" . $Data["UID"] . "');"; + $Erg3 = mysql_query($SQL3, $con); + + if ($Erg3 != 1) { + $html .= "

" . Get_Text("makeuser_error_write2") . "
\n"; + $error = mysql_error($con); + } else { + $html .= Get_Text("makeuser_writeOK2") . "
\n"; + $html .= "

" . Get_Text("makeuser_writeOK3") . "

\n"; + } + + $html .= Get_Text("makeuser_writeOK4") . "

\n

\n"; + $success = "any"; + + if (isset ($SubscribeMailinglist)) { + if ($_POST["subscribe-mailinglist"] == "") { + $headers = "From: " . $_POST["email"] . "\r\n" . + "X-Mailer: PHP/" . phpversion(); + mail($SubscribeMailinglist, "subject", "message", $headers); + } + } + } + } + + if (isset ($error)) + $html .= error($error); + } else { + // init vars + $_POST["Nick"] = ""; + $_POST["Name"] = ""; + $_POST["Vorname"] = ""; + $_POST["Alter"] = ""; + $_POST["Telefon"] = ""; + $_POST["DECT"] = ""; + $_POST["Handy"] = ""; + $_POST["email"] = ""; + $_POST["subscribe-mailinglist"] = ""; + $_POST["ICQ"] = ""; + $_POST["jabber"] = ""; + $_POST["Size"] = "L"; + $_POST["Art"] = ""; + $_POST["kommentar"] = ""; + $_POST["Hometown"] = ""; + } + + if ($success == "none") { + $html .= "

" . Get_Text("makeuser_text0") . "

\n"; + $html .= "

" . Get_Text("makeuser_text1") . "

\n"; + $html .= "
\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + + if (isset ($SubscribeMailinglist)) + $html .= "\n"; + + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "\n"; + $html .= "
" . Get_Text("makeuser_Nickname") . "*
" . Get_Text("makeuser_Nachname") . "
" . Get_Text("makeuser_Vorname") . "
" . Get_Text("makeuser_Alter") . "
" . Get_Text("makeuser_Telefon") . "
" . Get_Text("makeuser_DECT") . "\n"; + $html .= "
" . Get_Text("makeuser_Handy") . "
" . Get_Text("makeuser_E-Mail") . "*
" . Get_Text("makeuser_subscribe-mailinglist") . "($SubscribeMailinglist)
ICQ
jabber
" . Get_Text("makeuser_T-Shirt") . " Grösse*\n"; + $html .= "\n"; + $html .= "
" . Get_Text("makeuser_Hometown") . "
" . Get_Text("makeuser_Passwort") . "*
" . Get_Text("makeuser_Passwort2") . "*
 
\n"; + $html .= "
\n"; + $html .= Get_Text("makeuser_text3"); + } + return $html; +} + +function guest_logout() { + unset ($_SESSION['uid']); + header("Location: " . page_link_to("start")); +} + +function guest_login() { + global $user; + unset ($_SESSION['uid']); + + $html = ""; + if (isset ($_REQUEST['login_submit'])) { + $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'"); + + if (count($login_user) == 1) { // Check, ob User angemeldet wird... + $login_user = $login_user[0]; + if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok... + $_SESSION['uid'] = $login_user['UID']; + $_SESSION['Sprache'] = $login_user['Sprache']; + header("Location: " . page_link_to("news")); + } else { // Passwort nicht ok... + $ErrorText = "pub_index_pass_no_ok"; + } // Ende Passwort-Check + } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung + if ($user_anz == 0) + $ErrorText = "pub_index_User_unset"; + else + $ErrorText = "pub_index_User_more_as_one"; + } // Ende Check, ob User angemeldet wurde} + } + if (isset ($ErrorText)) + $html .= error(Get_Text($ErrorText)); + $html .= guest_login_form(); + return $html; +} + +function guest_login_form() { + return template_render("../templates/guest_login_form.html", array ( + 'link' => page_link_to("login"), + 'nick' => Get_Text("index_lang_nick"), + 'pass' => Get_Text("index_lang_pass"), + 'send' => Get_Text("index_lang_send") + )); +} +?> \ No newline at end of file diff --git a/includes/pages/guest_start.php b/includes/pages/guest_start.php new file mode 100644 index 00000000..286511f2 --- /dev/null +++ b/includes/pages/guest_start.php @@ -0,0 +1,13 @@ +" . Get_Text("index_text1") . "

\n"; + $html .= "

" . Get_Text("index_text2") . "

\n"; + $html .= "

" . Get_Text("index_text3") . "

\n"; + + $html .= guest_login_form(); + + $html .= "
" . Get_Text("index_text4") . "
"; + return $html; +} +?> \ No newline at end of file diff --git a/includes/sys_auth.php b/includes/sys_auth.php new file mode 100644 index 00000000..1c15122e --- /dev/null +++ b/includes/sys_auth.php @@ -0,0 +1,47 @@ + 0) { + // User ist eingeloggt, Datensatz zur Verfügung stellen und Timestamp updaten + list ($user) = $user; + sql_query("UPDATE `User` SET " . "`lastLogIn` = '" . time() . "'" . " WHERE `UID` = '" . $_SESSION['uid'] . "' LIMIT 1;"); + } else + unset ($_SESSION['uid']); + } + + load_privileges(); +} + +function load_privileges() { + global $privileges, $user; + + $privileges = array (); + if (isset ($user)) { + $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($user['UID']) . ";"); + foreach ($user_privs as $user_priv) + $privileges[] = $user_priv['name']; + } else { + $guest_privs = sql_select("SELECT * FROM `GroupPrivileges` JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `group_id`=-1;"); + foreach ($guest_privs as $guest_priv) + $privileges[] = $guest_priv['name']; + } +} + +function PassCrypt($passwort) { + global $crypt_system; + + switch ($crypt_system) { + case "crypt" : + return "{crypt}" . crypt($passwort, "77"); + case "md5" : + return md5($passwort); + } +} +?> \ No newline at end of file diff --git a/includes/sys_lang.php b/includes/sys_lang.php new file mode 100644 index 00000000..833d00b8 --- /dev/null +++ b/includes/sys_lang.php @@ -0,0 +1,26 @@ + diff --git a/includes/sys_menu.php b/includes/sys_menu.php new file mode 100644 index 00000000..8c993d1b --- /dev/null +++ b/includes/sys_menu.php @@ -0,0 +1,72 @@ +

' . Get_Text('/') . '

'; + return $menu; +} + +function make_menu() { + return make_navigation() . make_onlineusers() . make_langselect(); +} + +function make_onlineusers() { + global $privileges, $user; + $html = ''; + return $html; +} + +function make_langselect() { + if (strpos($_SERVER["REQUEST_URI"], "?") > 0) + $URL = $_SERVER["REQUEST_URI"] . "&SetLanguage="; + else + $URL = $_SERVER["REQUEST_URI"] . "?SetLanguage="; + + $html = '

DE'; + $html .= 'EN

'; + return ''; +} +?> \ No newline at end of file diff --git a/includes/sys_mysql.php b/includes/sys_mysql.php new file mode 100644 index 00000000..c076be7c --- /dev/null +++ b/includes/sys_mysql.php @@ -0,0 +1,61 @@ + diff --git a/includes/sys_page.php b/includes/sys_page.php new file mode 100644 index 00000000..ab8b05e2 --- /dev/null +++ b/includes/sys_page.php @@ -0,0 +1,9 @@ +' . $msg . '

'; +} + +function success($msg) { + return '

' . $msg . '

'; +} +?> \ No newline at end of file diff --git a/includes/sys_template.php b/includes/sys_template.php new file mode 100644 index 00000000..ab613c07 --- /dev/null +++ b/includes/sys_template.php @@ -0,0 +1,17 @@ + $content) { + $template = str_replace("%" . $name . "%", $content, $template); + } + return $template; + } else { + die('Cannot find template file «' . $file . '».'); + } +} +?> \ No newline at end of file -- cgit v1.2.3-54-g00ecf