28667e96bdcc072a7485ff50021f54f555c59ea3
bernd webinterface => /webinterface

bernd authored 17 years ago

1) <?php
Bernd Wurst Added license tags for CC0,...

Bernd Wurst authored 12 years ago

2) /*
3) This file belongs to the Webinterface of schokokeks.org Hosting
4) 
Hanno Böck Change license from CC0 to...

Hanno Böck authored 2 years ago

5) Written by schokokeks.org Hosting, namely
Bernd Wurst Added license tags for CC0,...

Bernd Wurst authored 12 years ago

6)   Bernd Wurst <bernd@schokokeks.org>
7)   Hanno Böck <hanno@schokokeks.org>
8) 
Hanno Böck Change license from CC0 to...

Hanno Böck authored 2 years ago

9) This code is published under a 0BSD license.
Bernd Wurst Added license tags for CC0,...

Bernd Wurst authored 12 years ago

10) 
11) Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
12) */
bernd webinterface => /webinterface

bernd authored 17 years ago

13) 
bernd XSS/CSRF-Bugs behoben

bernd authored 17 years ago

14) require_once("inc/security.php");
15) 
bernd webinterface => /webinterface

bernd authored 17 years ago

16) function system_failure($reason)
17) {
Hanno Böck Allows calling system_failu...

Hanno Böck authored 4 years ago

18)     if (!isset($_SESSION['role'])) {
19)         $_SESSION['role'] = ROLE_ANONYMOUS;
20)     }
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

21)     input_error($reason);
22)     show_page();
23)     die();
bernd webinterface => /webinterface

bernd authored 17 years ago

24) }
25) 
26) 
27) function input_error($reason)
28) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

29)     global $input_error;
30)     if (!isset($input_error)) {
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

31)         $input_error = [];
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

32)     }
33)     array_push($input_error, $reason);
bernd webinterface => /webinterface

bernd authored 17 years ago

34) }
35) 
36) function warning($msg)
37) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

38)     if (!isset($_SESSION['warning'])) {
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

39)         $_SESSION['warning'] = [];
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

40)     }
41)     array_push($_SESSION['warning'], $msg);
42)     $backtrace = debug_backtrace();
43)     DEBUG('WARNING:<br>'.$backtrace[0]['file'].':'.$backtrace[0]['line'].': '.$msg);
bernd webinterface => /webinterface

bernd authored 17 years ago

44) }
45) 
46) function success_msg($msg)
47) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

48)     if (!isset($_SESSION['success_msg'])) {
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

49)         $_SESSION['success_msg'] = [];
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

50)     }
51)     array_push($_SESSION['success_msg'], $msg);
bernd webinterface => /webinterface

bernd authored 17 years ago

52) }
53) 
54) 
bernd Erste Version des vmail-Modul

bernd authored 17 years ago

55) function we_have_an_error()
56) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

57)     global $input_error;
bernd Erste Version des vmail-Modul

bernd authored 17 years ago

58) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

59)     if (isset($input_error)) {
60)         return (count($input_error) > 0);
61)     } else {
62)         return 0;
63)     }
bernd Erste Version des vmail-Modul

bernd authored 17 years ago

64) }
65) 
66) 
bernd Umstellung auf Theme-Suppor...

bernd authored 14 years ago

67) function get_messages()
bernd webinterface => /webinterface

bernd authored 17 years ago

68) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

69)     $messages = '';
70)     global $input_error;
71)     if (isset($input_error)) {
72)         $messages .= '<div class="error">
bernd webinterface => /webinterface

bernd authored 17 years ago

73)     <h3>Fehler</h3>
74)     <p>Folgende Fehler wurden festgestellt: </p>
75)     <ul>
76)     ';
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

77)         foreach ($input_error as $error) {
Bernd Wurst accept integer parameters i...

Bernd Wurst authored 5 years ago

78)             $messages .= '<li>'.nl2br(filter_output_html($error))."</li>\n";
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

79)         }
80)         $messages .= '</ul>
bernd webinterface => /webinterface

bernd authored 17 years ago

81)     </div>';
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

82)     }
83)     if (isset($_SESSION['warning'])) {
Bernd Wurst Warnungen nicht wie Fehler...

Bernd Wurst authored 5 years ago

84)         $messages .= '<div class="warning">
bernd webinterface => /webinterface

bernd authored 17 years ago

85)     <ul>
86)     ';
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

87)         foreach ($_SESSION['warning'] as $msg) {
Bernd Wurst accept integer parameters i...

Bernd Wurst authored 5 years ago

88)             $messages .= '<li>'.nl2br(filter_output_html($msg))."</li>\n";
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

89)         }
90)         $messages .= '</ul>
bernd webinterface => /webinterface

bernd authored 17 years ago

91)     </div>';
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

92)         unset($_SESSION['warning']);
93)     }
94)     if (isset($_SESSION['success_msg'])) {
95)         $messages .= '<div class="success">
bernd webinterface => /webinterface

bernd authored 17 years ago

96)     <ul>
97)     ';
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

98)         foreach ($_SESSION['success_msg'] as $msg) {
Bernd Wurst accept integer parameters i...

Bernd Wurst authored 5 years ago

99)             $messages .= '<li>'.nl2br(filter_output_html($msg))."</li>\n";
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

100)         }
101)         $messages .= '</ul>
bernd webinterface => /webinterface

bernd authored 17 years ago

102)     </div>';
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

103)         unset($_SESSION['success_msg']);
104)     }
105)     return $messages;
bernd webinterface => /webinterface

bernd authored 17 years ago

106) }
107) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

108) function show_messages()
bernd Umstellung auf Theme-Suppor...

bernd authored 14 years ago

109) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

110)     echo get_messages();
bernd Umstellung auf Theme-Suppor...

bernd authored 14 years ago

111) }
bernd webinterface => /webinterface

bernd authored 17 years ago

112) 
113) function require_role($roles)
114) {
Hanno Böck Fix not operator (!) spaces

Hanno Böck authored 1 year ago

115)     if (!is_array($roles)) {
Hanno Böck Codingstyle PSR12 + array s...

Hanno Böck authored 3 years ago

116)         $roles = [$roles];
Bernd Wurst Blende Aktionen aus, wenn d...

Bernd Wurst authored 6 years ago

117)     }
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

118)     $allow = false;
119)     foreach ($roles as $role) {
120)         if ($role & $_SESSION['role']) {
121)             $allow = true;
122)         }
123)     }
Hanno Böck Fix not operator (!) spaces

Hanno Böck authored 1 year ago

124)     if (!$allow) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

125)         if ($_SESSION['role'] == ROLE_ANONYMOUS) {
126)             login_screen();
127)         } else {
128)             $backtrace = debug_backtrace();
129)             DEBUG($backtrace[0]['file'].':'.$backtrace[0]['line'].': Current user does not have any of the required roles: '.implode(",", $roles));
130)             login_screen("Diese Seite können Sie mit Ihren aktuellen Zugriffsrechten nicht benutzen, bitte melden Sie sich mit den benötigten Zugriffsrechten an!");
131)         }
Bernd Wurst Blende Aktionen aus, wenn d...

Bernd Wurst authored 6 years ago

132)     }
bernd webinterface => /webinterface

bernd authored 17 years ago

133) }
134) 
135) 
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

136) function login_screen($why = null)
bernd webinterface => /webinterface

bernd authored 17 years ago

137) {
Bernd Wurst add brute force protection...

Bernd Wurst authored 5 years ago

138)     $failed = count_failed_logins();
139)     if ($failed > 5) {
140)         global $title;
141)         $title = '';
142)         system_failure("Zu viele fehlgeschlagenen Login-Versuche! Bitte warten Sie einige Minuten bis zum nächsten Versuch!");
143)     }
Hanno Böck Fix not operator (!) spaces

Hanno Böck authored 1 year ago

144)     if (!$why) {
Hanno Fix coding style with php-c...

Hanno authored 6 years ago

145)         if (isset($_COOKIE['CLIENTCERT_AUTOLOGIN']) && $_COOKIE['CLIENTCERT_AUTOLOGIN'] == '1') {
146)             redirect("/certlogin/index.php?destination=".urlencode($_SERVER['REQUEST_URI']));
147)         }
148)     }
149)     require_once('inc/theme.php');
150)     if ($why) {
151)         warning($why);
152)     }
153)     show_page('login');
154)     die();