summaryrefslogtreecommitdiff
path: root/includes/pages/guest_login.php
blob: afcc2cf5fe5d152584a90026ce88800f7d77706d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
<?php


// Engel registrieren
function guest_register() {
	global $tshirt_sizes, $enable_tshirt_size;

	$msg = "";
	$nick = "";
	$lastname = "";
	$prename = "";
	$age = 23;
	$tel = "";
	$dect = "";
	$mobile = "";
	$mail = "";
	$icq = "";
	$jabber = "";
	$hometown = "";
	$comment = "";
	$tshirt_size = 'S';
	$password_hash = "";
	$selected_angel_types = array ();

	$angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
	$angel_types = array ();
	foreach ($angel_types_source as $angel_type)
		$angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");

	if (isset ($_REQUEST['submit'])) {
		$ok = true;

		if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) {
			$nick = strip_request_item('nick');
			if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
				$ok = false;
				$msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true);
			}
		} else {
			$ok = false;
			$msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true);
		}

		if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
			$mail = strip_request_item('mail');
			if (!check_email($mail)) {
				$ok = false;
				$msg .= error(Get_Text("makeuser_error_mail"), true);
			}
		} else {
			$ok = false;
			$msg .= error("Please enter your e-mail.", true);
		}

		if (isset ($_REQUEST['icq']))
			$icq = strip_request_item('icq');
		if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
			$jabber = strip_request_item('jabber');
			if (!check_email($jabber)) {
				$ok = false;
				$msg .= error("Please check your jabber.", true);
			}
		}

		if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']]))
			$tshirt_size = $_REQUEST['tshirt_size'];
		else {
			$ok = false;
		}

		if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= 6) {
			if ($_REQUEST['password'] == $_REQUEST['password2']) {
				$password_hash = PassCrypt($_REQUEST['password']);
			} else {
				$ok = false;
				$msg .= error(Get_Text("makeuser_error_password1"), true);
			}
		} else {
			$ok = false;
			$msg .= error(Get_Text("makeuser_error_password2"), true);
		}

		// Trivia
		if (isset ($_REQUEST['lastname']))
			$lastname = strip_request_item('lastname');
		if (isset ($_REQUEST['prename']))
			$prename = strip_request_item('prename');
		if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age']))
			$age = strip_request_item('age');
		if (isset ($_REQUEST['tel']))
			$tel = strip_request_item('tel');
		if (isset ($_REQUEST['dect']))
			$dect = strip_request_item('dect');
		if (isset ($_REQUEST['mobile']))
			$mobile = strip_request_item('mobile');
		if (isset ($_REQUEST['hometown']))
			$hometown = strip_request_item('hometown');
		if (isset ($_REQUEST['comment']))
			$comment = strip_request_item_nl('comment');

		if ($ok) {
			sql_query("INSERT INTO `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) .
			"', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) .
			"', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
			"', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'");

			// Assign user-group
			sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2");

			success(Get_Text("makeuser_writeOK4"));
			redirect(page_link_to('login'));
		}
	}

	return page(array (
		Get_Text("makeuser_text1"),
		$msg,
		form(array (
			form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick),
			form_text('lastname', Get_Text("makeuser_Nachname"), $lastname),
			form_text('prename', Get_Text("makeuser_Vorname"), $prename),
			form_text('age', Get_Text("makeuser_Alter"), $age),
			form_text('tel', Get_Text("makeuser_Telefon"), $tel),
			form_text('dect', Get_Text("makeuser_DECT"), $tel),
			form_text('mobile', Get_Text("makeuser_Handy"), $mobile),
			form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail),
			form_text('icq', "ICQ", $icq),
			form_text('jabber', "Jabber", $jabber),
			form_text('hometown', Get_Text("makeuser_Hometown"), $hometown),
			$enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '',
			form_textarea('comment', Get_Text("makeuser_text2"), $comment),
			form_password('password', Get_Text("makeuser_Passwort")),
			form_password('password2', Get_Text("makeuser_Passwort2")),
			info(Get_Text("makeuser_text3"), true),
			form_submit('submit', Get_Text("makeuser_Anmelden"))
		))
	));
}

function guest_logout() {
	unset ($_SESSION['uid']);
	header("Location: " . page_link_to("start"));
}

function guest_login() {
	global $user;

	$msg = "";
	$nick = "";

	unset ($_SESSION['uid']);

	if (isset ($_REQUEST['submit'])) {
		$ok = true;

		if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) {
			$nick = strip_request_item('nick');
			$login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
			if (count($login_user) > 0) {
				$login_user = $login_user[0];
				if (isset ($_REQUEST['password'])) {
					if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) {
						$ok = false;
						$msg .= error(Get_Text("pub_index_pass_no_ok"), true);
					}
				} else {
					$ok = false;
					$msg .= error("Please enter a password.", true);
				}
			} else {
				$ok = false;
				$msg .= error(Get_Text("pub_index_User_unset"), true);
			}
		} else {
			$ok = false;
			$msg .= error("Please enter a nickname.", true);
		}

		if ($ok) {
			$_SESSION['uid'] = $login_user['UID'];
			$_SESSION['Sprache'] = $login_user['Sprache'];
			redirect(page_link_to('news'));
		}
	}

	return page(array (
		Get_Text("index_text1") . " " . Get_Text("index_text2") . " " . Get_Text("index_text3"),
		$msg,
		msg(),
		form(array (
			form_text('nick', Get_Text("index_lang_nick"), $nick),
			form_password('password', Get_Text("index_lang_pass")),
			form_submit('submit', Get_Text("index_lang_send"))
		)),
		info(Get_Text("index_text4"), true)
	));
}
?>