Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on 26/06/2018 13:58:19
Showing 230 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -37,111 +37,106 @@ DEBUG($_SERVER);
37 37
 
38 38
 $redirect = "";
39 39
 if (! isset($_SERVER['SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_CERT'])) {
40
-  $redirect = "REDIRECT_";
40
+    $redirect = "REDIRECT_";
41 41
 }
42 42
 
43
-if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto']))
44
-{
45
-  DEBUG('recording client-cert');
46
-  if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && 
43
+if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto'])) {
44
+    DEBUG('recording client-cert');
45
+    if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) &&
47 46
       isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) &&
48 47
       isset($_SERVER[$redirect.'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect.'SSL_CLIENT_V_END'])
49
-      )
50
-  {
51
-    $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT'];
52
-    $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
53
-    $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
54
-    $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'];
55
-    $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']);
56
-    $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d');
57
-    $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']);
58
-    $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d');
59
-    header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
60
-    die();
61
-  }
62
-  else
63
-  {
64
-    warning('Ihr Browser hat kein Client-Zertifikat gesendet');
65
-    header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
66
-    die();
67
-  }
68
-}
69
-elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
70
-  if (!isset($_SERVER[$redirect.'SSL_CLIENT_CERT'])) 
71
-    system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
48
+      ) {
49
+        $_SESSION['clientcert_cert'] = $_SERVER[$redirect.'SSL_CLIENT_CERT'];
50
+        $_SESSION['clientcert_dn'] = $_SERVER[$redirect.'SSL_CLIENT_S_DN'];
51
+        $_SESSION['clientcert_issuer'] = $_SERVER[$redirect.'SSL_CLIENT_I_DN'];
52
+        $_SESSION['clientcert_serial'] = $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'];
53
+        $vstart = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_START']);
54
+        $_SESSION['clientcert_valid_from'] = date_format($vstart, 'Y-m-d');
55
+        $vend = new DateTime($_SERVER[$redirect.'SSL_CLIENT_V_END']);
56
+        $_SESSION['clientcert_valid_until'] = date_format($vend, 'Y-m-d');
57
+        header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
58
+        die();
59
+    } else {
60
+        warning('Ihr Browser hat kein Client-Zertifikat gesendet');
61
+        header('Location: '.$prefix.$_REQUEST['backto'].encode_querystring(''));
62
+        die();
63
+    }
64
+} elseif (isset($_REQUEST['type']) && isset($_REQUEST['username'])) {
65
+    if (!isset($_SERVER[$redirect.'SSL_CLIENT_CERT'])) {
66
+        system_failure('Ihr Browser hat kein Client-Zertifikat gesendet');
67
+    }
72 68
 
73
-  $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
74
-  DEBUG($ret);
75
-  foreach ($ret as $account) {
76
-    DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/    /'.$account['username'].'/'.$_REQUEST['username'].'/    =>');
77
-    if (($account['type'] == urldecode($_REQUEST['type'])) && ($account['username'] == urldecode($_REQUEST['username']))) {
78
-      $uid = $account['username'];
79
-      $role = find_role($uid, '', True);
80
-      setup_session($role, $uid);
81
-      $destination = 'go/index/index';
82
-      if (check_path($account['startpage']))
83
-        $destination = $account['startpage'];
84
-      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
85
-        $destination = $_REQUEST['destination'];
86
-      header('Location: ../'.$destination);
87
-      die();
69
+    $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
70
+    DEBUG($ret);
71
+    foreach ($ret as $account) {
72
+        DEBUG('/'.$account['type'].'/'.$_REQUEST['type'].'/    /'.$account['username'].'/'.$_REQUEST['username'].'/    =>');
73
+        if (($account['type'] == urldecode($_REQUEST['type'])) && ($account['username'] == urldecode($_REQUEST['username']))) {
74
+            $uid = $account['username'];
75
+            $role = find_role($uid, '', true);
76
+            setup_session($role, $uid);
77
+            $destination = 'go/index/index';
78
+            if (check_path($account['startpage'])) {
79
+                $destination = $account['startpage'];
80
+            }
81
+            if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) {
82
+                $destination = $_REQUEST['destination'];
83
+            }
84
+            header('Location: ../'.$destination);
85
+            die();
86
+        }
88 87
     }
89
-  }
90
-  system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.');
91
-}
92
-elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') {
93
-  # User hat sich grade eingeloggt
94
-  header('Location: ../'.$destination);
95
-}
96
-else
97
-{
98
-  if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) && 
99
-      isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' && 
88
+    system_failure('Der angegebene Account kann mit diesem Client-Zertifikat nicht eingeloggt werden.');
89
+} elseif ($_SESSION['role'] != ROLE_ANONYMOUS && $_REQUEST['destination'] != '') {
90
+    # User hat sich grade eingeloggt
91
+    header('Location: ../'.$destination);
92
+} else {
93
+    if (isset($_SERVER[$redirect.'SSL_CLIENT_CERT']) &&
94
+      isset($_SERVER[$redirect.'SSL_CLIENT_S_DN']) && $_SERVER[$redirect.'SSL_CLIENT_S_DN'] != '' &&
100 95
       isset($_SERVER[$redirect.'SSL_CLIENT_I_DN']) && $_SERVER[$redirect.'SSL_CLIENT_I_DN'] != '' &&
101 96
       isset($_SERVER[$redirect.'SSL_CLIENT_M_SERIAL']) && $_SERVER[$redirect.'SSL_CLIENT_M_SERIAL'] != '') {
102
-    $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
103
-    if ($ret === NULL) {
104
-      login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.');
105
-    }
106
-    if (count($ret) == 1) {
107
-      $uid = $ret[0]['username'];
108
-      $role = find_role($uid, '', True);
109
-      setup_session($role, $uid);
110
-      DEBUG("Set Cookie!");
111
-      setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
112
-      $destination = 'go/index/index';
113
-      if (check_path($ret[0]['startpage']))
114
-        $destination = $ret[0]['startpage'];
115
-      if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination']))
116
-        $destination = $_REQUEST['destination'];
117
-      header('Location: ../'.$destination);
118
-      die();
119
-    }
120
-    output('<p>Ihr Browser hat ein gültiges SSL-Client-Zertifikat gesendet, mit dem Sie sich auf dieser Seite einloggen können. Allerdings haben Sie dieses Client-Zertifikat für mehrere Zugänge hinterlegt. Wählen Sie bitte den Zugang aus, mit dem Sie sich anmelden möchten.</p>
97
+        $ret = get_logins_by_cert($_SERVER[$redirect.'SSL_CLIENT_CERT']);
98
+        if ($ret === null) {
99
+            login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.');
100
+        }
101
+        if (count($ret) == 1) {
102
+            $uid = $ret[0]['username'];
103
+            $role = find_role($uid, '', true);
104
+            setup_session($role, $uid);
105
+            DEBUG("Set Cookie!");
106
+            setcookie('CLIENTCERT_AUTOLOGIN', '1', strtotime("+ 1 year"), '/', '', true, true);
107
+            $destination = 'go/index/index';
108
+            if (check_path($ret[0]['startpage'])) {
109
+                $destination = $ret[0]['startpage'];
110
+            }
111
+            if (isset($_REQUEST['destination']) && check_path($_REQUEST['destination'])) {
112
+                $destination = $_REQUEST['destination'];
113
+            }
114
+            header('Location: ../'.$destination);
115
+            die();
116
+        }
117
+        output('<p>Ihr Browser hat ein gültiges SSL-Client-Zertifikat gesendet, mit dem Sie sich auf dieser Seite einloggen können. Allerdings haben Sie dieses Client-Zertifikat für mehrere Zugänge hinterlegt. Wählen Sie bitte den Zugang aus, mit dem Sie sich anmelden möchten.</p>
121 118
       <ul>');
122
-    foreach ($ret as $account) {
123
-      $type = 'System-Account';
124
-      if ($account['type'] == 'email') {
125
-        $type = 'E-Mail-Konto';
126
-      }
127
-      elseif ($account['type'] == 'subuser') {
128
-        $type = 'Unter-Nutzer';
129
-      }
130
-      elseif ($account['type'] == 'customer') {
131
-        $type = 'Kundenaccount';
132
-      }
133
-      $destination = 'go/index/index';
134
-      if ($account['startpage'] && check_path($account['startpage']))
135
-        $destination = $account['startpage'];
136
-      output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
119
+        foreach ($ret as $account) {
120
+            $type = 'System-Account';
121
+            if ($account['type'] == 'email') {
122
+                $type = 'E-Mail-Konto';
123
+            } elseif ($account['type'] == 'subuser') {
124
+                $type = 'Unter-Nutzer';
125
+            } elseif ($account['type'] == 'customer') {
126
+                $type = 'Kundenaccount';
127
+            }
128
+            $destination = 'go/index/index';
129
+            if ($account['startpage'] && check_path($account['startpage'])) {
130
+                $destination = $account['startpage'];
131
+            }
132
+            output('<li>'.internal_link('', $type.': <strong>'.$account['username'].'</strong>', 'type='.$account['type'].'&username='.urlencode($account['username']).'&destination='.urlencode($destination)).'</li>');
133
+        }
134
+        output('</ul>');
135
+    } else {
136
+        warning('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.');
137
+        redirect('/');
138
+        die();
137 139
     }
138
-    output('</ul>');
139
-  } else {
140
-    warning('Ihr Browser hat kein Client-Zertifikat gesendet. Eventuell müssen Sie in den Einstellungen des Browsers diese Funktion einschalten.');
141
-    redirect('/');
142
-    die();
143
-  }
144 140
 }
145 141
 
146 142
 show_page('certlogin');
147
-?>
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -19,126 +19,127 @@ require_once('inc/error.php');
19 19
 require_once('inc/debug.php');
20 20
 
21 21
 
22
-class DB extends PDO {
23
-  function __construct() {
24
-    $dsn = "mysql:host=".config('db_host', true);
25
-    if (config('db_port', true)) {
26
-      $dsn .= ';port='.config('db_port', true);
27
-    }
28
-    if (config('db_socket', true)) {
29
-      $dsn = "mysql:unix_socket=".config('db_socket', true);
30
-    }
31
-    $username = config('db_user', true);
32
-    $password = config('db_pass', true);
33
-    parent::__construct($dsn, $username, $password, array(PDO::ATTR_TIMEOUT => "30"));
34
-  }
35
-
36
-
37
-  /*
38
-    Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen
39
-  */
40
-  function query($stmt, $params = NULL) {
41
-    if (is_array($params)) {
42
-      if (config("enable_debug")) {
43
-        foreach (array_values($params) as $p) {
44
-          if ($p === '') {
45
-            DEBUG("Potential bug, empty string found in database parameters");
46
-            warning("Potential bug, empty string found in database parameters");
47
-          }
22
+class DB extends PDO
23
+{
24
+    public function __construct()
25
+    {
26
+        $dsn = "mysql:host=".config('db_host', true);
27
+        if (config('db_port', true)) {
28
+            $dsn .= ';port='.config('db_port', true);
48 29
         }
49
-      }
50
-      $response = parent::prepare($stmt);
51
-      $response->execute($params);
52
-      return $response;
53
-    } else {
54
-      if (strtoupper(substr($stmt, 0, 6)) == "INSERT" ||
30
+        if (config('db_socket', true)) {
31
+            $dsn = "mysql:unix_socket=".config('db_socket', true);
32
+        }
33
+        $username = config('db_user', true);
34
+        $password = config('db_pass', true);
35
+        parent::__construct($dsn, $username, $password, array(PDO::ATTR_TIMEOUT => "30"));
36
+    }
37
+
38
+
39
+    /*
40
+      Wenn Parameter übergeben werden, werden Queries immer als Prepared statements übertragen
41
+    */
42
+    public function query($stmt, $params = null)
43
+    {
44
+        if (is_array($params)) {
45
+            if (config("enable_debug")) {
46
+                foreach (array_values($params) as $p) {
47
+                    if ($p === '') {
48
+                        DEBUG("Potential bug, empty string found in database parameters");
49
+                        warning("Potential bug, empty string found in database parameters");
50
+                    }
51
+                }
52
+            }
53
+            $response = parent::prepare($stmt);
54
+            $response->execute($params);
55
+            return $response;
56
+        } else {
57
+            if (strtoupper(substr($stmt, 0, 6)) == "INSERT" ||
55 58
           strtoupper(substr($stmt, 0, 7)) == "REPLACE" ||
56 59
           strpos(strtoupper($stmt), "WHERE") > 0) { // Das steht nie am Anfang
57
-        $backtrace = debug_backtrace();
58
-        $wherepart = substr(strtoupper($stmt), strpos(strtoupper($stmt), "WHERE"));
59
-        if ((strpos($wherepart, '"') > 0 || strpos($wherepart, "'") > 0) && config("enable_debug")) {
60
-          warning("Possibly unsafe SQL statement in {$backtrace[1]['file']} line {$backtrace[1]['line']}:\n$stmt");
60
+                $backtrace = debug_backtrace();
61
+                $wherepart = substr(strtoupper($stmt), strpos(strtoupper($stmt), "WHERE"));
62
+                if ((strpos($wherepart, '"') > 0 || strpos($wherepart, "'") > 0) && config("enable_debug")) {
63
+                    warning("Possibly unsafe SQL statement in {$backtrace[1]['file']} line {$backtrace[1]['line']}:\n$stmt");
64
+                }
65
+            }
66
+            return parent::query($stmt);
61 67
         }
62
-      }
63
-      return parent::query($stmt);
64 68
     }
65
-  }
66 69
 }
67 70
 
68 71
 
69
-/* FIXME 
72
+/* FIXME
70 73
    Das ist etwas unelegant. Soll nur übergangsweise verwendet werden bis alles auf prepared statements umgestellt ist
71 74
 */
72 75
 function db_escape_string($string)
73 76
 {
74
-  if (config("enable_debug")) {
75
-    $backtrace = debug_backtrace();
76
-    warning("call to db_escape_string() in {$backtrace[0]['file']} line {$backtrace[0]['line']}");
77
-  }
78
-  global $_db;
79
-  __ensure_connected();
80
-  $quoted = $_db->quote($string);
81
-  // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string()
82
-  $ret = substr($quoted, 1, -1);
83
-  return $ret;
77
+    if (config("enable_debug")) {
78
+        $backtrace = debug_backtrace();
79
+        warning("call to db_escape_string() in {$backtrace[0]['file']} line {$backtrace[0]['line']}");
80
+    }
81
+    global $_db;
82
+    __ensure_connected();
83
+    $quoted = $_db->quote($string);
84
+    // entferne die quotes, damit wird es drop-in-Kompatibel zu db_escape_string()
85
+    $ret = substr($quoted, 1, -1);
86
+    return $ret;
84 87
 }
85 88
 
86 89
 
87 90
 function db_insert_id()
88 91
 {
89
-  global $_db;
90
-  __ensure_connected();
91
-  return $_db->lastInsertId();
92
+    global $_db;
93
+    __ensure_connected();
94
+    return $_db->lastInsertId();
92 95
 }
93 96
 
94 97
 
95 98
 function __ensure_connected()
96 99
 {
97
-  /*
98
-    Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton
99
-    aber es hilft uns in unserem prozeduralen Kontext
100
-  */
101
-  global $_db;
102
-  if (! isset($_db)) {
103
-    try {
104
-      DEBUG("Neue Datenbankverbindung!");
105
-      $_db = new DB();
106
-      $_db->query("SET NAMES utf8mb4");
107
-      $_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
108
-      $_db->setAttribute(PDO::ATTR_AUTOCOMMIT, true);
109
-    } catch (PDOException $e) {
110
-      global $debugmode;
111
-      if ($debugmode) {
112
-        die("MySQL-Fehler: ".$e->getMessage());
113
-      } else {
114
-        die("Fehler bei der Datenbankverbindung!");
115
-      }
100
+    /*
101
+      Dieses Kontrukt ist vermultich noch schlimmer als ein normales singleton
102
+      aber es hilft uns in unserem prozeduralen Kontext
103
+    */
104
+    global $_db;
105
+    if (! isset($_db)) {
106
+        try {
107
+            DEBUG("Neue Datenbankverbindung!");
108
+            $_db = new DB();
109
+            $_db->query("SET NAMES utf8mb4");
110
+            $_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
111
+            $_db->setAttribute(PDO::ATTR_AUTOCOMMIT, true);
112
+        } catch (PDOException $e) {
113
+            global $debugmode;
114
+            if ($debugmode) {
115
+                die("MySQL-Fehler: ".$e->getMessage());
116
+            } else {
117
+                die("Fehler bei der Datenbankverbindung!");
118
+            }
119
+        }
116 120
     }
117
-  }
118 121
 }
119 122
 
120 123
 
121
-function db_query($stmt, $params = NULL)
124
+function db_query($stmt, $params = null)
122 125
 {
123
-  global $_db;
124
-  __ensure_connected();
125
-  $backtrace = debug_backtrace();
126
-  DEBUG($backtrace[0]['file'].':'.$backtrace[0]['line'].': '.htmlspecialchars($stmt));
127
-  if ($params) {
128
-    DEBUG($params);
129
-  }
130
-  try {
131
-    $result = $_db->query($stmt, $params);
132
-    DEBUG('=> '.$result->rowCount().' rows');
133
-  } catch (PDOException $e) {
134
-    global $debugmode;
135
-    if ($debugmode) {
136
-      system_failure("MySQL-Fehler: ".$e->getMessage()."\nQuery:\n".$stmt."\nParameters:\n".print_r($params, true));
137
-    } else {
138
-      system_failure("Datenbankfehler");
126
+    global $_db;
127
+    __ensure_connected();
128
+    $backtrace = debug_backtrace();
129
+    DEBUG($backtrace[0]['file'].':'.$backtrace[0]['line'].': '.htmlspecialchars($stmt));
130
+    if ($params) {
131
+        DEBUG($params);
132
+    }
133
+    try {
134
+        $result = $_db->query($stmt, $params);
135
+        DEBUG('=> '.$result->rowCount().' rows');
136
+    } catch (PDOException $e) {
137
+        global $debugmode;
138
+        if ($debugmode) {
139
+            system_failure("MySQL-Fehler: ".$e->getMessage()."\nQuery:\n".$stmt."\nParameters:\n".print_r($params, true));
140
+        } else {
141
+            system_failure("Datenbankfehler");
142
+        }
139 143
     }
140
-  }
141
-  return $result;
144
+    return $result;
142 145
 }
143
-
144
-
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -21,11 +21,10 @@ require_once('inc/debug.php');
21 21
 class Domain
22 22
 {
23 23
     protected $data = array();
24
-  function __construct($init = NULL)
25
-  {
26
-    $this->setup();
27
-    switch (gettype($init))
24
+    public function __construct($init = null)
28 25
     {
26
+        $this->setup();
27
+        switch (gettype($init)) {
29 28
       case 'string':
30 29
         $this->loadByName($init);
31 30
         break;
... ...
@@ -35,105 +34,112 @@ class Domain
35 34
       case 'NULL':
36 35
         break;
37 36
     }
38
-  }
39
-
40
-  function __set($key, $value)
41
-  {
42
-    if (array_key_exists($key, $this->data)) {
43
-      $this->data[$key] = $value;
44
-    } elseif (isset($this->$key)) {
45
-      $this->$key = $value;
46
-    } else {
47
-      $this->data[$key] = $value;
48 37
     }
49
-  }
50
-
51
-
52
-  function __get($key)
53
-  {
54
-    if (array_key_exists($key, $this->data))
55
-      return $this->data[$key];
56
-    elseif (isset($this->$key))
57
-      return $this->$key;
58
-    // else werfe fehler
59
-  }
60
-
61
-
62
-  function loadByID($id)
63
-  {
64
-      $res = db_query("SELECT * FROM kundendaten.domains WHERE id=?", array($id));
65
-      if ($res->rowCount() < 1)
66
-         return false;
67
-      $data = $res->fetch();
68
-      $this->parse($data);
69
-  }
70
-
71
-   function loadByName($name)
72
-  {
73
-      $raw = $name;
74
-      $utf8 = idn_to_utf8($raw, 0, INTL_IDNA_VARIANT_UTS46);
75
-      $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=? OR CONCAT_WS('.', domainname, tld)=?", array($raw, $utf8));
76
-      if ($res->rowCount() < 1)
77
-         return false;
78
-      $data = $res->fetch();
79
-      $this->parse($data);
80
-  }
81
-
82
-  function ensure_customerdomain()
83
-  {
84
-    if (! $this->is_customerdomain() )
85
-      system_failure('Diese Domain gehört nicht Ihrem Kundenaccount.');
86
-  }
87
-
88
-  function ensure_userdomain()
89
-  {
90
-    if (! $this->is_userdomain() )
91
-      system_failure('Diese Domain gehört nicht Ihrem Benutzeraccount.');
92
-  }
93
-
94
-  function is_customerdomain()
95
-  {
96
-    if (! isset($_SESSION['customerinfo']) )
97
-      return false;
98
-    $customerno = (int) $_SESSION['customerinfo']['customerno'];
99
-    return ($this->kunde == $customerno);
100
-  }
101
-
102
-  function is_userdomain()
103
-  {
104
-    if (! isset($_SESSION['userinfo']) )
105
-      return false;
106
-    $uid = (int) $_SESSION['userinfo']['uid'];
107
-    return ($this->useraccount == $uid);
108
-  }
109
-
110
-  function setup()
111
-  {
112
-    $fields = array();
113
-    $res = db_query("DESCRIBE kundendaten.domains");
114
-    while ($f = $res->fetch(PDO::FETCH_OBJ))
38
+
39
+    public function __set($key, $value)
40
+    {
41
+        if (array_key_exists($key, $this->data)) {
42
+            $this->data[$key] = $value;
43
+        } elseif (isset($this->$key)) {
44
+            $this->$key = $value;
45
+        } else {
46
+            $this->data[$key] = $value;
47
+        }
48
+    }
49
+
50
+
51
+    public function __get($key)
52
+    {
53
+        if (array_key_exists($key, $this->data)) {
54
+            return $this->data[$key];
55
+        } elseif (isset($this->$key)) {
56
+            return $this->$key;
57
+        }
58
+        // else werfe fehler
59
+    }
60
+
61
+
62
+    public function loadByID($id)
63
+    {
64
+        $res = db_query("SELECT * FROM kundendaten.domains WHERE id=?", array($id));
65
+        if ($res->rowCount() < 1) {
66
+            return false;
67
+        }
68
+        $data = $res->fetch();
69
+        $this->parse($data);
70
+    }
71
+
72
+    public function loadByName($name)
73
+    {
74
+        $raw = $name;
75
+        $utf8 = idn_to_utf8($raw, 0, INTL_IDNA_VARIANT_UTS46);
76
+        $res = db_query("SELECT * FROM kundendaten.domains WHERE CONCAT_WS('.', domainname, tld)=? OR CONCAT_WS('.', domainname, tld)=?", array($raw, $utf8));
77
+        if ($res->rowCount() < 1) {
78
+            return false;
79
+        }
80
+        $data = $res->fetch();
81
+        $this->parse($data);
82
+    }
83
+
84
+    public function ensure_customerdomain()
85
+    {
86
+        if (! $this->is_customerdomain()) {
87
+            system_failure('Diese Domain gehört nicht Ihrem Kundenaccount.');
88
+        }
89
+    }
90
+
91
+    public function ensure_userdomain()
92
+    {
93
+        if (! $this->is_userdomain()) {
94
+            system_failure('Diese Domain gehört nicht Ihrem Benutzeraccount.');
95
+        }
96
+    }
97
+
98
+    public function is_customerdomain()
115 99
     {
116
-      $fields[$f->Field] = $f->Default;
100
+        if (! isset($_SESSION['customerinfo'])) {
101
+            return false;
102
+        }
103
+        $customerno = (int) $_SESSION['customerinfo']['customerno'];
104
+        return ($this->kunde == $customerno);
117 105
     }
118
-    $this->data = $fields;
119
-    $this->data['id'] = NULL;
120
-  }
121 106
 
107
+    public function is_userdomain()
108
+    {
109
+        if (! isset($_SESSION['userinfo'])) {
110
+            return false;
111
+        }
112
+        $uid = (int) $_SESSION['userinfo']['uid'];
113
+        return ($this->useraccount == $uid);
114
+    }
115
+
116
+    public function setup()
117
+    {
118
+        $fields = array();
119
+        $res = db_query("DESCRIBE kundendaten.domains");
120
+        while ($f = $res->fetch(PDO::FETCH_OBJ)) {
121
+            $fields[$f->Field] = $f->Default;
122
+        }
123
+        $this->data = $fields;
124
+        $this->data['id'] = null;
125
+    }
122 126
 
123 127
 
124
-  function parse($data)
125
-  {
126
-    DEBUG($data);
127
-    foreach (array_keys($this->data) as $key)
128
-      if (array_key_exists($key, $data))
129
-        $this->data[$key] = $data[$key];
130
-    $this->data['fqdn'] = $data['domainname'].'.'.$data['tld'];
131
-    $this->data['punycode'] = idn_to_ascii($this->data['fqdn'], 0, INTL_IDNA_VARIANT_UTS46);
132
-    $this->data['is_idn'] = ($this->data['fqdn'] != $this->data['punycode']);
133
-    $this->data['reg_date'] = $data['registrierungsdatum'];
134
-    $this->data['cancel_date'] = $data['kuendigungsdatum'];
135
-  }
136 128
 
129
+    public function parse($data)
130
+    {
131
+        DEBUG($data);
132
+        foreach (array_keys($this->data) as $key) {
133
+            if (array_key_exists($key, $data)) {
134
+                $this->data[$key] = $data[$key];
135
+            }
136
+        }
137
+        $this->data['fqdn'] = $data['domainname'].'.'.$data['tld'];
138
+        $this->data['punycode'] = idn_to_ascii($this->data['fqdn'], 0, INTL_IDNA_VARIANT_UTS46);
139
+        $this->data['is_idn'] = ($this->data['fqdn'] != $this->data['punycode']);
140
+        $this->data['reg_date'] = $data['registrierungsdatum'];
141
+        $this->data['cancel_date'] = $data['kuendigungsdatum'];
142
+    }
137 143
 }
138 144
 
139 145
 
... ...
@@ -142,48 +148,45 @@ class Domain
142 148
 
143 149
 
144 150
 
145
-function get_domain_list($customerno, $uid = NULL)
151
+function get_domain_list($customerno, $uid = null)
146 152
 {
147
-  $customerno = (int) $customerno;
148
-  $query = "SELECT id FROM kundendaten.domains WHERE";
149
-  if ($uid !== NULL)
150
-  {
151
-    $uid = (int) $uid;
152
-    $query .= " useraccount={$uid}";
153
-  }
154
-  else
155
-  {
156
-    $query .= " kunde={$customerno}";
157
-  }
158
-  $query .= " ORDER BY domainname,tld";
159
-  $result = db_query($query, array()); // FIXME Übergebe leeren array um die Warnung zu unterdrücken
160
-  $domains = array();
161
-  DEBUG('Result set is '.$result->rowCount()." rows.<br />\n");
162
-  if ($result->rowCount() > 0)
163
-    while ($domain = $result->fetch(PDO::FETCH_OBJ))
164
-      array_push($domains, new Domain((int) $domain->id));
165
-  DEBUG($domains);
166
-	return $domains;	
153
+    $customerno = (int) $customerno;
154
+    $query = "SELECT id FROM kundendaten.domains WHERE";
155
+    if ($uid !== null) {
156
+        $uid = (int) $uid;
157
+        $query .= " useraccount={$uid}";
158
+    } else {
159
+        $query .= " kunde={$customerno}";
160
+    }
161
+    $query .= " ORDER BY domainname,tld";
162
+    $result = db_query($query, array()); // FIXME Übergebe leeren array um die Warnung zu unterdrücken
163
+    $domains = array();
164
+    DEBUG('Result set is '.$result->rowCount()." rows.<br />\n");
165
+    if ($result->rowCount() > 0) {
166
+        while ($domain = $result->fetch(PDO::FETCH_OBJ)) {
167
+            array_push($domains, new Domain((int) $domain->id));
168
+        }
169
+    }
170
+    DEBUG($domains);
171
+    return $domains;
167 172
 }
168 173
 
169 174
 
170 175
 
171 176
 function get_jabberable_domains()
172 177
 {
173
-  require_role(ROLE_CUSTOMER);
174
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
175
-
176
-  $domains = get_domain_list($customerno);
177
-  DEBUG($domains);
178
-  $result = array( new Domain() );
179
-  $result[0]->id = 0;
180
-  $result[0]->fqdn = config('masterdomain');
181
-  foreach ($domains as $dom)
182
-  {
183
-    if ($dom->jabber)
184
-      $result[] = $dom;
185
-  }
186
-  return $result;
178
+    require_role(ROLE_CUSTOMER);
179
+    $customerno = (int) $_SESSION['customerinfo']['customerno'];
187 180
 
181
+    $domains = get_domain_list($customerno);
182
+    DEBUG($domains);
183
+    $result = array( new Domain() );
184
+    $result[0]->id = 0;
185
+    $result[0]->fqdn = config('masterdomain');
186
+    foreach ($domains as $dom) {
187
+        if ($dom->jabber) {
188
+            $result[] = $dom;
189
+        }
190
+    }
191
+    return $result;
188 192
 }
189
-
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -40,6 +40,4 @@ $config['session_name'] = 'CONFIG_SCHOKOKEKS_ORG';
40 40
 $config['theme'] = 'default';
41 41
 $config['jquery_ui_path'] = '/external/jquery';
42 42
 
43
-ini_set('display_errors','On');
44
-
45
-?>
43
+ini_set('display_errors', 'On');
... ...
@@ -9,7 +9,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
9 9
 
10 10
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
11 11
 
12
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
13 13
 https://creativecommons.org/publicdomain/zero/1.0/
14 14
 
15 15
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -28,21 +28,19 @@ $go = $_GET['go'];
28 28
 */
29 29
 
30 30
 // filenames can end with .php
31
-if ( substr( $go, strlen( $go ) - 4 ) == '.php' ) {
32
-  $go = substr( $go, 0, strlen($go) - 4);
31
+if (substr($go, strlen($go) - 4) == '.php') {
32
+    $go = substr($go, 0, strlen($go) - 4);
33 33
 }
34 34
 
35 35
 DEBUG($go);
36 36
 
37
-if (strstr($go, "..") or strstr($go, "./") or strstr($go, ":") or (! file_exists("modules/$go.php")) or (! is_file("modules/$go.php")))
38
-{
39
-  die("illegal command");
37
+if (strstr($go, "..") or strstr($go, "./") or strstr($go, ":") or (! file_exists("modules/$go.php")) or (! is_file("modules/$go.php"))) {
38
+    die("illegal command");
40 39
 }
41 40
 list($module, $page) = explode('/', $go, 2);
42 41
 $page = str_replace('/', '-', $page);
43
-if (! in_array($module, config('modules')))
44
-{
45
-  die("inactive module");
42
+if (! in_array($module, config('modules'))) {
43
+    die("inactive module");
46 44
 }
47 45
 
48 46
 
... ...
@@ -64,7 +62,7 @@ $output = "";
64 62
 $html_header = "";
65 63
 require_once("inc/base.php");
66 64
 /* setup module include path */
67
-ini_set('include_path',ini_get('include_path').':./modules/'.$module.'/include:');
65
+ini_set('include_path', ini_get('include_path').':./modules/'.$module.'/include:');
68 66
 
69 67
 /* Look where we are (but let the module override) */
70 68
 $section = str_replace("/", "_", $go);
... ...
@@ -72,12 +70,9 @@ $section = str_replace("/", "_", $go);
72 70
 /* Let the module work */
73 71
 include("modules/".$go.".php");
74 72
 
75
-if ($output)
76
-{
77
-  if (!isset($title)) {
78
-    $title = '';
79
-  }
80
-  show_page($module, $page);
73
+if ($output) {
74
+    if (!isset($title)) {
75
+        $title = '';
76
+    }
77
+    show_page($module, $page);
81 78
 }
82
-
83
-?>
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -16,7 +16,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 require_once('inc/debug.php');
18 18
 
19
-function api_request($method, $input_data) 
19
+function api_request($method, $input_data)
20 20
 {
21 21
     $url = config('http.net-apiurl').'domain/v1/json/'.$method;
22 22
     $input_data['authToken'] = config('http.net-apikey');
... ...
@@ -28,9 +28,9 @@ function api_request($method, $input_data)
28 28
     curl_setopt($curl, CURLOPT_POST, 1);
29 29
     curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
30 30
     curl_setopt($curl, CURLOPT_POSTFIELDS, $json);
31
-    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json')); 
31
+    curl_setopt($curl, CURLOPT_HTTPHEADER, array('Content-Type: application/json'));
32 32
     $result = curl_exec($curl);
33
-    if ($result === FALSE) {
33
+    if ($result === false) {
34 34
         system_failure("API-Anfrage kaputt");
35 35
     }
36 36
     DEBUG('==============================');
... ...
@@ -39,4 +39,3 @@ function api_request($method, $input_data)
39 39
     DEBUG($output_data);
40 40
     return $output_data;
41 41
 }
42
-
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -19,57 +19,59 @@ require_once('inc/debug.php');
19 19
 
20 20
 function config($key, $localonly = false)
21 21
 {
22
-  global $config;
23
-
24
-  if ($key == "modules") {
25
-    // Stelle sicher, dass das "index"-Modul immer aktiv ist!
26
-    if (! in_array("index", $config['modules'])) {
27
-      $config['modules'][] = "index";
28
-    }
29
-    // Stelle sicher, dass das "about"-Modul immer aktiv ist!
30
-    if (! in_array("about", $config['modules'])) {
31
-      $config['modules'][] = "about";
22
+    global $config;
23
+
24
+    if ($key == "modules") {
25
+        // Stelle sicher, dass das "index"-Modul immer aktiv ist!
26
+        if (! in_array("index", $config['modules'])) {
27
+            $config['modules'][] = "index";
28
+        }
29
+        // Stelle sicher, dass das "about"-Modul immer aktiv ist!
30
+        if (! in_array("about", $config['modules'])) {
31
+            $config['modules'][] = "about";
32
+        }
32 33
     }
33
-  }
34 34
 
35
-  if ($key == 'modules' && isset($_SESSION['restrict_modules']))
36
-  {
37
-    $modules = array();
38
-    foreach ($config['modules'] as $mod)
39
-    {
40
-      if (in_array($mod, $_SESSION['restrict_modules']))
41
-        $modules[] = $mod;
35
+    if ($key == 'modules' && isset($_SESSION['restrict_modules'])) {
36
+        $modules = array();
37
+        foreach ($config['modules'] as $mod) {
38
+            if (in_array($mod, $_SESSION['restrict_modules'])) {
39
+                $modules[] = $mod;
40
+            }
41
+        }
42
+        return $modules;
42 43
     }
43
-    return $modules;
44
-  }
45 44
 
46
-  if (array_key_exists($key, $config))
47
-    return $config[$key];
45
+    if (array_key_exists($key, $config)) {
46
+        return $config[$key];
47
+    }
48 48
   
49
-  if ($localonly) {
50
-    return NULL;
51
-  }  
49
+    if ($localonly) {
50
+        return null;
51
+    }
52 52
 
53
-  /* read configuration from database */
54
-  $result = db_query( "SELECT `key`, value FROM misc.config" );
53
+    /* read configuration from database */
54
+    $result = db_query("SELECT `key`, value FROM misc.config");
55 55
   
56
-  while( $object = $result->fetch() ) {
57
-    if (!array_key_exists($object['key'], $config)) {
58
-	    $config[$object['key']]=$object['value'];
59
-    }
60
-  }
61
-  // Sonst wird das Passwort des webadmin-Users mit ausgegeben
62
-  $debug_config = $config;
63
-  unset($debug_config['db_pass']);
64
-  DEBUG($debug_config);
65
-  if (array_key_exists($key, $config))
66
-    return $config[$key];
67
-  else
68
-    logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
69
-    return NULL;
56
+    while ($object = $result->fetch()) {
57
+        if (!array_key_exists($object['key'], $config)) {
58
+            $config[$object['key']]=$object['value'];
59
+        }
60
+    }
61
+    // Sonst wird das Passwort des webadmin-Users mit ausgegeben
62
+    $debug_config = $config;
63
+    unset($debug_config['db_pass']);
64
+    DEBUG($debug_config);
65
+    if (array_key_exists($key, $config)) {
66
+        return $config[$key];
67
+    } else {
68
+        logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
69
+    }
70
+    return null;
70 71
 }
71 72
 
72
-function have_role($role) {
73
+function have_role($role)
74
+{
73 75
     $have = $_SESSION['role'] & $role;
74 76
     if ($have) {
75 77
         DEBUG("Current user has role ".$role);
... ...
@@ -79,76 +81,81 @@ function have_role($role) {
79 81
     return $have;
80 82
 }
81 83
 
82
-function get_server_by_id($id) {
83
-  $id = (int) $id;
84
-  $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
85
-  $ret = $result->fetch();
86
-  return $ret['hostname'];
84
+function get_server_by_id($id)
85
+{
86
+    $id = (int) $id;
87
+    $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
88
+    $ret = $result->fetch();
89
+    return $ret['hostname'];
87 90
 }
88 91
 
89 92
 
90 93
 function redirect($target)
91 94
 {
92
-  global $debugmode;
93
-  if ($target == '') {
94
-      $target = $_SERVER['REQUEST_URI'];
95
-  }
96
-  if (! $debugmode) {
97
-    header("Location: {$target}");
98
-  } else {
99
-      if (strpos($target, '?') === false) {
100
-        print 'REDIRECT: '.internal_link($target, $target);
101
-      } else {
102
-          list($file, $qs) = explode('?', $target, 2);
103
-          print 'REDIRECT: '.internal_link($file, $target, $qs);
104
-      }
105
-  }
106
-  die();
95
+    global $debugmode;
96
+    if ($target == '') {
97
+        $target = $_SERVER['REQUEST_URI'];
98
+    }
99
+    if (! $debugmode) {
100
+        header("Location: {$target}");
101
+    } else {
102
+        if (strpos($target, '?') === false) {
103
+            print 'REDIRECT: '.internal_link($target, $target);
104
+        } else {
105
+            list($file, $qs) = explode('?', $target, 2);
106
+            print 'REDIRECT: '.internal_link($file, $target, $qs);
107
+        }
108
+    }
109
+    die();
107 110
 }
108 111
 
109 112
 
110 113
 function my_server_id()
111 114
 {
112
-  $uid = (int) $_SESSION['userinfo']['uid'];
113
-  $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
114
-  $r = $result->fetch();
115
-  DEBUG($r);
116
-  return $r['server'];
115
+    $uid = (int) $_SESSION['userinfo']['uid'];
116
+    $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
117
+    $r = $result->fetch();
118
+    DEBUG($r);
119
+    return $r['server'];
117 120
 }
118 121
 
119 122
 
120 123
 function additional_servers()
121 124
 {
122
-  $uid = (int) $_SESSION['userinfo']['uid'];
123
-  $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
124
-  $servers = array();
125
-  while ($s = $result->fetch())
126
-    $servers[] = $s['server'];
127
-  DEBUG($servers);
128
-  return $servers;
125
+    $uid = (int) $_SESSION['userinfo']['uid'];
126
+    $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
127
+    $servers = array();
128
+    while ($s = $result->fetch()) {
129
+        $servers[] = $s['server'];
130
+    }
131
+    DEBUG($servers);
132
+    return $servers;
129 133
 }
130 134
 
131 135
 
132 136
 function server_names()
133 137
 {
134
-  $result = db_query("SELECT id, hostname FROM system.servers");
135
-  $servers = array();
136
-  while ($s = $result->fetch())
137
-    $servers[$s['id']] = $s['hostname'];
138
-  DEBUG($servers);
139
-  return $servers;
138
+    $result = db_query("SELECT id, hostname FROM system.servers");
139
+    $servers = array();
140
+    while ($s = $result->fetch()) {
141
+        $servers[$s['id']] = $s['hostname'];
142
+    }
143
+    DEBUG($servers);
144
+    return $servers;
140 145
 }
141 146
 
142 147
 
143 148
 function maybe_null($value)
144 149
 {
145
-  if (! $value)
146
-    return NULL;
150
+    if (! $value) {
151
+        return null;
152
+    }
147 153
 
148
-  if (strlen( (string) $value ) > 0)
149
-    return (string) $value;
150
-  else
151
-    return NULL;
154
+    if (strlen((string) $value) > 0) {
155
+        return (string) $value;
156
+    } else {
157
+        return null;
158
+    }
152 159
 }
153 160
 
154 161
 
... ...
@@ -158,51 +165,52 @@ function maybe_null($value)
158 165
 
159 166
 function logger($severity, $scriptname, $scope, $message)
160 167
 {
161
-  if (config('logging') < $severity) {
162
-    DEBUG("NOT LOGGING $scriptname:$scope:$message");
163
-    return;
164
-  }
165
-
166
-  DEBUG("LOGGING $scriptname:$scope:$message");
167
-  $user = NULL;
168
-  if (array_key_exists("role", $_SESSION)) {
169
-    if ($_SESSION['role'] & ROLE_SYSTEMUSER)
170
-      $user = $_SESSION['userinfo']['username'];
171
-    elseif ($_SESSION['role'] & ROLE_CUSTOMER)
172
-      $user = $_SESSION['customerinfo']['customerno'];
173
-  }
174
-
175
-  $args = array(":user" => $user,
168
+    if (config('logging') < $severity) {
169
+        DEBUG("NOT LOGGING $scriptname:$scope:$message");
170
+        return;
171
+    }
172
+
173
+    DEBUG("LOGGING $scriptname:$scope:$message");
174
+    $user = null;
175
+    if (array_key_exists("role", $_SESSION)) {
176
+        if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
177
+            $user = $_SESSION['userinfo']['username'];
178
+        } elseif ($_SESSION['role'] & ROLE_CUSTOMER) {
179
+            $user = $_SESSION['customerinfo']['customerno'];
180
+        }
181
+    }
182
+
183
+    $args = array(":user" => $user,
176 184
                 ":remote" => $_SERVER['REMOTE_ADDR'],
177 185
                 ":scriptname" => $scriptname,
178 186
                 ":scope" => $scope,
179 187
                 ":message" => $message);
180 188
 
181
-  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
189
+    db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
182 190
 }
183 191
 
184 192
 function html_header($arg)
185 193
 {
186
-  global $html_header;
187
-  $html_header .= $arg;
194
+    global $html_header;
195
+    $html_header .= $arg;
188 196
 }
189 197
 
190 198
 function title($arg)
191 199
 {
192
-  global $title;
193
-  $title = $arg;
200
+    global $title;
201
+    $title = $arg;
194 202
 }
195 203
 
196 204
 function headline($arg)
197 205
 {
198
-  global $headline;
199
-  $headline = $arg;
206
+    global $headline;
207
+    $headline = $arg;
200 208
 }
201 209
 
202 210
 function output($arg)
203 211
 {
204
-  global $output;
205
-  $output .= $arg;
212
+    global $output;
213
+    $output .= $arg;
206 214
 }
207 215
 
208 216
 function footnote($explaination)
... ...
@@ -213,7 +221,7 @@ function footnote($explaination)
213 221
     }
214 222
     $fnid = array_search($explaination, $footnotes);
215 223
     DEBUG($footnotes);
216
-    if ($fnid === FALSE) {
224
+    if ($fnid === false) {
217 225
         DEBUG("Footnote »{$explaination}« is not in footnotes!");
218 226
         $footnotes[] = $explaination;
219 227
     }
... ...
@@ -221,20 +229,20 @@ function footnote($explaination)
221 229
     return str_repeat('*', ($fnid+1));
222 230
 }
223 231
 
224
-function random_string($len) 
232
+function random_string($len)
225 233
 {
226
-  $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
227
-  return substr($s, 0, $len);
234
+    $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
235
+    return substr($s, 0, $len);
228 236
 }
229 237
 
230 238
 
231 239
 function are_you_sure($query_string, $question)
232 240
 {
233
-  $query_string = encode_querystring($query_string);
234
-  $token = random_string(20);
235
-  $_SESSION['are_you_sure_token'] = $token;
236
-  title('Sicherheitsabfrage');
237
-  output("
241
+    $query_string = encode_querystring($query_string);
242
+    $token = random_string(20);
243
+    $_SESSION['are_you_sure_token'] = $token;
244
+    title('Sicherheitsabfrage');
245
+    output("
238 246
     <form action=\"{$query_string}\" method=\"post\">
239 247
     <div class=\"confirmation\">
240 248
       <div class=\"question\">{$question}</div>
... ...
@@ -245,68 +253,68 @@ function are_you_sure($query_string, $question)
245 253
         <input type=\"submit\" name=\"not_really\" value=\"Nein\" />
246 254
       </p>
247 255
     </div>");
248
-  output("</form>\n");
256
+    output("</form>\n");
249 257
 }
250 258
 
251 259
 
252 260
 function user_is_sure()
253 261
 {
254
-  if (isset($_POST['really']))
255
-  {
256
-    if ($_POST['random_token'] == $_SESSION['are_you_sure_token'])
257
-      return true;
258
-    else
259
-      system_failure("Possible Cross-site-request-forgery detected!");
260
-  }
261
-  elseif (isset($_POST['not_really']))
262
-    return false;
263
-  else
264
-    return NULL;
262
+    if (isset($_POST['really'])) {
263
+        if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) {
264
+            return true;
265
+        } else {
266
+            system_failure("Possible Cross-site-request-forgery detected!");
267
+        }
268
+    } elseif (isset($_POST['not_really'])) {
269
+        return false;
270
+    } else {
271
+        return null;
272
+    }
265 273
 }
266 274
 
267 275
 
268 276
 
269 277
 function generate_form_token($form_id)
270 278
 {
271
-  require_once("inc/debug.php");
272
-  $sessid = session_id();
273
-  if ($sessid == "") 
274
-  {
275
-    DEBUG("Uh? Session not running? Wtf?");
276
-    system_failure("Internal error!");
277
-  }
278
-  if (! isset($_SESSION['session_token'])) {
279
-    $_SESSION['session_token'] = random_string(10);
280
-  }
281
-  return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
279
+    require_once("inc/debug.php");
280
+    $sessid = session_id();
281
+    if ($sessid == "") {
282
+        DEBUG("Uh? Session not running? Wtf?");
283
+        system_failure("Internal error!");
284
+    }
285
+    if (! isset($_SESSION['session_token'])) {
286
+        $_SESSION['session_token'] = random_string(10);
287
+    }
288
+    return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
282 289
 }
283 290
 
284 291
 
285
-function check_form_token($form_id, $formtoken = NULL)
292
+function check_form_token($form_id, $formtoken = null)
286 293
 {
287
-  if ($formtoken == NULL)
288
-    $formtoken = $_REQUEST['formtoken'];
289
-  $sessid = session_id();
290
-  if ($sessid == "") 
291
-  {
292
-    DEBUG("Uh? Session not running? Wtf?");
293
-    system_failure("Internal error! (Session not running)");
294
-  }
295
-
296
-  $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
297
-
298
-  if (! ($formtoken == $correct_formtoken))
299
-    system_failure("Possible cross-site-request-forgery!");
294
+    if ($formtoken == null) {
295
+        $formtoken = $_REQUEST['formtoken'];
296
+    }
297
+    $sessid = session_id();
298
+    if ($sessid == "") {
299
+        DEBUG("Uh? Session not running? Wtf?");
300
+        system_failure("Internal error! (Session not running)");
301
+    }
302
+
303
+    $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
304
+
305
+    if (! ($formtoken == $correct_formtoken)) {
306
+        system_failure("Possible cross-site-request-forgery!");
307
+    }
300 308
 }
301 309
 
302 310
 
303 311
 function have_module($modname)
304 312
 {
305
-  return in_array($modname, config('modules'));
313
+    return in_array($modname, config('modules'));
306 314
 }
307 315
 
308 316
 
309
-function use_module($modname) 
317
+function use_module($modname)
310 318
 {
311 319
     global $prefix, $needed_modules;
312 320
     if (! isset($needed_modules)) {
... ...
@@ -320,35 +328,37 @@ function use_module($modname)
320 328
         system_failure("Soll nicht verfügbares Modul laden!");
321 329
     }
322 330
     /* setup module include path */
323
-    ini_set('include_path',ini_get('include_path').':./modules/'.$modname.'/include:');
331
+    ini_set('include_path', ini_get('include_path').':./modules/'.$modname.'/include:');
324 332
     $style = 'modules/'.$modname.'/style.css';
325 333
     if (file_exists($style)) {
326 334
         html_header('<link rel="stylesheet" href="'.$prefix.$style.'" type="text/css" />'."\n");
327 335
     }
328
-
329 336
 }
330 337
 
331 338
 
332 339
 function encode_querystring($querystring)
333 340
 {
334
-  global $debugmode;
335
-  if ($debugmode)
336
-    $querystring = 'debug&'.$querystring;
337
-  $query = explode('&', $querystring);
338
-  $new_query = array();
339
-  foreach ($query AS $item)
340
-    if ($item != '')
341
-    {