Hanno Böck commited on 2025-08-27 14:57:13
Zeige 21 geänderte Dateien mit 94 Einfügungen und 94 Löschungen.
... | ... |
@@ -40,9 +40,9 @@ if (!isset($_SERVER['SSL_CLIENT_CERT']) && isset($_SERVER['REDIRECT_SSL_CLIENT_C |
40 | 40 |
|
41 | 41 |
if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($_REQUEST['backto']) && check_path($_REQUEST['backto'])) { |
42 | 42 |
DEBUG('recording client-cert'); |
43 |
- if (isset($_SERVER[$redirect . 'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect . 'SSL_CLIENT_S_DN']) && |
|
44 |
- isset($_SERVER[$redirect . 'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect . 'SSL_CLIENT_M_SERIAL']) && |
|
45 |
- isset($_SERVER[$redirect . 'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect . 'SSL_CLIENT_V_END']) |
|
43 |
+ if (isset($_SERVER[$redirect . 'SSL_CLIENT_CERT']) && isset($_SERVER[$redirect . 'SSL_CLIENT_S_DN']) |
|
44 |
+ && isset($_SERVER[$redirect . 'SSL_CLIENT_I_DN']) && isset($_SERVER[$redirect . 'SSL_CLIENT_M_SERIAL']) |
|
45 |
+ && isset($_SERVER[$redirect . 'SSL_CLIENT_V_START']) && isset($_SERVER[$redirect . 'SSL_CLIENT_V_END']) |
|
46 | 46 |
) { |
47 | 47 |
$_SESSION['clientcert_cert'] = $_SERVER[$redirect . 'SSL_CLIENT_CERT']; |
48 | 48 |
$_SESSION['clientcert_dn'] = $_SERVER[$redirect . 'SSL_CLIENT_S_DN']; |
... | ... |
@@ -88,10 +88,10 @@ if ($_SESSION['role'] != ROLE_ANONYMOUS && isset($_REQUEST['record']) && isset($ |
88 | 88 |
# User hat sich grade eingeloggt |
89 | 89 |
header('Location: ../' . ltrim($destination, '/')); |
90 | 90 |
} else { |
91 |
- if (isset($_SERVER[$redirect . 'SSL_CLIENT_CERT']) && |
|
92 |
- isset($_SERVER[$redirect . 'SSL_CLIENT_S_DN']) && $_SERVER[$redirect . 'SSL_CLIENT_S_DN'] != '' && |
|
93 |
- isset($_SERVER[$redirect . 'SSL_CLIENT_I_DN']) && $_SERVER[$redirect . 'SSL_CLIENT_I_DN'] != '' && |
|
94 |
- isset($_SERVER[$redirect . 'SSL_CLIENT_M_SERIAL']) && $_SERVER[$redirect . 'SSL_CLIENT_M_SERIAL'] != '') { |
|
91 |
+ if (isset($_SERVER[$redirect . 'SSL_CLIENT_CERT']) |
|
92 |
+ && isset($_SERVER[$redirect . 'SSL_CLIENT_S_DN']) && $_SERVER[$redirect . 'SSL_CLIENT_S_DN'] != '' |
|
93 |
+ && isset($_SERVER[$redirect . 'SSL_CLIENT_I_DN']) && $_SERVER[$redirect . 'SSL_CLIENT_I_DN'] != '' |
|
94 |
+ && isset($_SERVER[$redirect . 'SSL_CLIENT_M_SERIAL']) && $_SERVER[$redirect . 'SSL_CLIENT_M_SERIAL'] != '') { |
|
95 | 95 |
$ret = get_logins_by_cert($_SERVER[$redirect . 'SSL_CLIENT_CERT']); |
96 | 96 |
if ($ret === null) { |
97 | 97 |
login_screen('Ihr Browser hat ein Client-Zertifikat gesendet, dieses ist aber noch nicht für den Zugang hinterlegt. Melden Sie sich bitte per Benutzername und Passwort an.'); |
... | ... |
@@ -52,9 +52,9 @@ class DB extends PDO |
52 | 52 |
$response->execute($params); |
53 | 53 |
return $response; |
54 | 54 |
} else { |
55 |
- if (strtoupper(substr($stmt, 0, 6)) == "INSERT" || |
|
56 |
- strtoupper(substr($stmt, 0, 7)) == "REPLACE" || |
|
57 |
- strpos(strtoupper($stmt), "WHERE") > 0) { // Das steht nie am Anfang |
|
55 |
+ if (strtoupper(substr($stmt, 0, 6)) == "INSERT" |
|
56 |
+ || strtoupper(substr($stmt, 0, 7)) == "REPLACE" |
|
57 |
+ || strpos(strtoupper($stmt), "WHERE") > 0) { // Das steht nie am Anfang |
|
58 | 58 |
$backtrace = debug_backtrace(); |
59 | 59 |
$wherepart = substr(strtoupper($stmt), strpos(strtoupper($stmt), "WHERE")); |
60 | 60 |
if ((strpos($wherepart, '"') > 0 || strpos($wherepart, "'") > 0) && config("enable_debug")) { |
... | ... |
@@ -275,8 +275,8 @@ function are_you_sure($query_string, $question) |
275 | 275 |
function user_is_sure() |
276 | 276 |
{ |
277 | 277 |
if (isset($_POST['really'])) { |
278 |
- if (array_key_exists('random_token', $_POST) && |
|
279 |
- ($_POST['random_token'] == $_SESSION['are_you_sure_token'])) { |
|
278 |
+ if (array_key_exists('random_token', $_POST) |
|
279 |
+ && ($_POST['random_token'] == $_SESSION['are_you_sure_token'])) { |
|
280 | 280 |
return true; |
281 | 281 |
} else { |
282 | 282 |
system_failure("Possible Cross-site-request-forgery detected!"); |
... | ... |
@@ -91,8 +91,8 @@ function register_domain($domainname, $uid) |
91 | 91 |
":useraccount" => $useraccount, |
92 | 92 |
":basename" => $data['basename'], |
93 | 93 |
":tld" => $data['tld'], ]; |
94 |
- db_query("INSERT INTO kundendaten.domains (kunde, useraccount, domainname, tld, billing, registrierungsdatum, dns,webserver, mail) VALUES " . |
|
95 |
- "(:cid, :useraccount, :basename, :tld, 'regular', NULL, 1, 1, 'auto') ", $args); |
|
94 |
+ db_query("INSERT INTO kundendaten.domains (kunde, useraccount, domainname, tld, billing, registrierungsdatum, dns,webserver, mail) VALUES " |
|
95 |
+ . "(:cid, :useraccount, :basename, :tld, 'regular', NULL, 1, 1, 'auto') ", $args); |
|
96 | 96 |
$domid = db_insert_id(); |
97 | 97 |
/*if ($data['setup']) { |
98 | 98 |
$args = array(":cid" => $cid, ":setup" => $data['setup'], ":text" => 'Einmalige Setup-Gebühren für Domain "'.$data['domainname'].'"'); |
... | ... |
@@ -77,8 +77,8 @@ function create_dyndns_account($handle, $password_http, $sshkey) |
77 | 77 |
} |
78 | 78 |
|
79 | 79 |
db_query( |
80 |
- "INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES " . |
|
81 |
- "(:uid, :handle, :pwhash, :sshkey)", |
|
80 |
+ "INSERT INTO dns.dyndns (uid, handle, password, sshkey) VALUES " |
|
81 |
+ . "(:uid, :handle, :pwhash, :sshkey)", |
|
82 | 82 |
[":uid" => $uid, ":handle" => $handle, ":pwhash" => $pwhash, ":sshkey" => $sshkey] |
83 | 83 |
); |
84 | 84 |
$dyndns_id = db_insert_id(); |
... | ... |
@@ -185,9 +185,9 @@ if ($is_current_customer && config('http.net-apikey') && $dom->provider == 'teri |
185 | 185 |
if (!update_possible($dom->id)) { |
186 | 186 |
warning("Diese Domain verwendet eine unübliche Endung. Daher kann der Inhaber nicht auf diesem Weg verändert werden. Bitte kontaktieren Sie den Support."); |
187 | 187 |
} else { |
188 |
- if ($_SESSION['domains_detail_admin_c'] == $dom->admin_c && |
|
189 |
- $_SESSION['domains_detail_owner'] != $dom->owner && |
|
190 |
- (!isset($_SESSION['domains_detail_detach']) || $_SESSION['domains_detail_detach'] == 0)) { |
|
188 |
+ if ($_SESSION['domains_detail_admin_c'] == $dom->admin_c |
|
189 |
+ && $_SESSION['domains_detail_owner'] != $dom->owner |
|
190 |
+ && (!isset($_SESSION['domains_detail_detach']) || $_SESSION['domains_detail_detach'] == 0)) { |
|
191 | 191 |
// Wenn der Owner geändert wurde, der Admin aber nicht und das detach-Flag |
192 | 192 |
// nicht gesetzt ist, dann wird der Admin gleich dem Owner gesetzt |
193 | 193 |
$_SESSION['domains_detail_admin_c'] = $_SESSION['domains_detail_owner']; |
... | ... |
@@ -19,14 +19,14 @@ require_once("domainapi.php"); |
19 | 19 |
require_role(ROLE_CUSTOMER); |
20 | 20 |
check_form_token('domains_domainreg'); |
21 | 21 |
|
22 |
-if (!(isset($_SESSION['domains_domainreg_owner']) && $_SESSION['domains_domainreg_owner']) || |
|
23 |
- !(isset($_SESSION['domains_domainreg_admin_c']) && $_SESSION['domains_domainreg_admin_c']) || |
|
24 |
- !(isset($_SESSION['domains_domainreg_domainname']) && $_SESSION['domains_domainreg_domainname'])) { |
|
22 |
+if (!(isset($_SESSION['domains_domainreg_owner']) && $_SESSION['domains_domainreg_owner']) |
|
23 |
+ || !(isset($_SESSION['domains_domainreg_admin_c']) && $_SESSION['domains_domainreg_admin_c']) |
|
24 |
+ || !(isset($_SESSION['domains_domainreg_domainname']) && $_SESSION['domains_domainreg_domainname'])) { |
|
25 | 25 |
system_failure("Fehler im Programmablauf!"); |
26 | 26 |
} |
27 | 27 |
|
28 |
-if (!(isset($_REQUEST['domain']) && $_REQUEST['domain']) || |
|
29 |
- $_REQUEST['domain'] != $_SESSION['domains_domainreg_domainname']) { |
|
28 |
+if (!(isset($_REQUEST['domain']) && $_REQUEST['domain']) |
|
29 |
+ || $_REQUEST['domain'] != $_SESSION['domains_domainreg_domainname']) { |
|
30 | 30 |
system_failure("Fehler im Programmablauf!"); |
31 | 31 |
} |
32 | 32 |
// Validierung der Domain entfällt hier, weil wir nur bestehende Domain aus der Datenbank laden. Bei ungültiger Eingabe wird kein Treffer gefunden. |
... | ... |
@@ -127,9 +127,9 @@ $startdate = $ar['valid_from']; |
127 | 127 |
if (!$startdate || $startdate <= date('Y-m-d')) { |
128 | 128 |
$startdate = date('Y-m-d', time() + 1 * 24 * 60 * 60); |
129 | 129 |
} |
130 |
-$form .= "<p><input type=\"radio\" name=\"ar_valid_from\" value=\"now\" id=\"ar_valid_from_now\"{$valid_from_now_checked}> <label for=\"ar_valid_from_now\">Ab sofort</label><br>" . |
|
131 |
- "<input type=\"radio\" name=\"ar_valid_from\" value=\"date\" id=\"ar_valid_from_date\"{$valid_from_future_checked}> <label for=\"ar_valid_from_date\">Erst ab dem </label>" . |
|
132 |
- "<input type=\"date\" value=\"$startdate\" id=\"ar_startdate\" name=\"ar_startdate\" min=\"" . date('Y-m-d') . "\" max=\"" . date('Y-m-d', time() + 60 * 24 * 60 * 60) . "\"></p>"; |
|
130 |
+$form .= "<p><input type=\"radio\" name=\"ar_valid_from\" value=\"now\" id=\"ar_valid_from_now\"{$valid_from_now_checked}> <label for=\"ar_valid_from_now\">Ab sofort</label><br>" |
|
131 |
+ . "<input type=\"radio\" name=\"ar_valid_from\" value=\"date\" id=\"ar_valid_from_date\"{$valid_from_future_checked}> <label for=\"ar_valid_from_date\">Erst ab dem </label>" |
|
132 |
+ . "<input type=\"date\" value=\"$startdate\" id=\"ar_startdate\" name=\"ar_startdate\" min=\"" . date('Y-m-d') . "\" max=\"" . date('Y-m-d', time() + 60 * 24 * 60 * 60) . "\"></p>"; |
|
133 | 133 |
|
134 | 134 |
$enddate = $ar['valid_until']; |
135 | 135 |
if (!$enddate) { |
... | ... |
@@ -142,8 +142,8 @@ if ($ar['valid_from'] > date('Y-m-d')) { |
142 | 142 |
$max_end = $max_end->format('Y-m-d'); |
143 | 143 |
} |
144 | 144 |
$form .= "<h4>Deaktivierung</h4>"; |
145 |
-$form .= "<p><label for=\"ar_enddate\">Keine Antworten mehr versenden ab dem </label>" . |
|
146 |
- "<input type=\"date\" value=\"$enddate\" id=\"ar_enddate\" name=\"ar_enddate\" min=\"" . date('Y-m-d') . "\" max=\"" . $max_end . "\"><br>"; |
|
145 |
+$form .= "<p><label for=\"ar_enddate\">Keine Antworten mehr versenden ab dem </label>" |
|
146 |
+ . "<input type=\"date\" value=\"$enddate\" id=\"ar_enddate\" name=\"ar_enddate\" min=\"" . date('Y-m-d') . "\" max=\"" . $max_end . "\"><br>"; |
|
147 | 147 |
if (!$accountlogin && ($id != 0)) { |
148 | 148 |
$form .= "<small>(Automatische Antworten sind nur befristet erlaubt. Wenn Sie diese Adresse dauerhaft stilllegen möchten, können Sie dies am Ende dieser Seite tun.)</small></p>"; |
149 | 149 |
} |
... | ... |
@@ -151,21 +151,21 @@ if (!$accountlogin && ($id != 0)) { |
151 | 151 |
$subject = filter_output_html($ar['subject']); |
152 | 152 |
$ar_subject_default_checked = ($subject == null) ? ' checked="checked"' : ''; |
153 | 153 |
$ar_subject_custom_checked = ($subject) ? ' checked="checked"' : ''; |
154 |
-$form .= "<h4>Betreffzeile der automatischen Antwort</h4>" . |
|
155 |
- "<p><input type=\"radio\" name=\"ar_subject\" value=\"default\" id=\"ar_subject_default\"{$ar_subject_default_checked}> " . |
|
156 |
- "<label for=\"ar_subject_default\">Automatisch (Re: <em><Betreff der Originalnachricht></em>)</label><br>" . |
|
157 |
- "<input type=\"radio\" name=\"ar_subject\" value=\"custom\" id=\"ar_subject_custom\"{$ar_subject_custom_checked}> " . |
|
158 |
- "<label for=\"ar_subject_custom\">Anderer Betreff:</label> <input type=\"text\" name=\"ar_subject_value\" id=\"ar_subject_value\" value=\"{$subject}\"></p>"; |
|
154 |
+$form .= "<h4>Betreffzeile der automatischen Antwort</h4>" |
|
155 |
+ . "<p><input type=\"radio\" name=\"ar_subject\" value=\"default\" id=\"ar_subject_default\"{$ar_subject_default_checked}> " |
|
156 |
+ . "<label for=\"ar_subject_default\">Automatisch (Re: <em><Betreff der Originalnachricht></em>)</label><br>" |
|
157 |
+ . "<input type=\"radio\" name=\"ar_subject\" value=\"custom\" id=\"ar_subject_custom\"{$ar_subject_custom_checked}> " |
|
158 |
+ . "<label for=\"ar_subject_custom\">Anderer Betreff:</label> <input type=\"text\" name=\"ar_subject_value\" id=\"ar_subject_value\" value=\"{$subject}\"></p>"; |
|
159 | 159 |
|
160 | 160 |
$message = filter_output_html($ar['message']); |
161 |
-$form .= "<h4>Inhalt der automatischen Antwort</h4>" . |
|
162 |
- "<p><textarea cols=\"80\" rows=\"10\" name=\"ar_message\" id=\"ar_message\">{$message}</textarea></p>"; |
|
161 |
+$form .= "<h4>Inhalt der automatischen Antwort</h4>" |
|
162 |
+ . "<p><textarea cols=\"80\" rows=\"10\" name=\"ar_message\" id=\"ar_message\">{$message}</textarea></p>"; |
|
163 | 163 |
$quote = $ar['quote']; |
164 | 164 |
if (!$quote) { |
165 | 165 |
$quote = 'none'; |
166 | 166 |
} |
167 |
-$form .= "<p><label for=\"ar_quote\">Originalnachricht des Absenders </label>" . |
|
168 |
- html_select('ar_quote', ["none" => 'nicht in Antwort einschließen', |
|
167 |
+$form .= "<p><label for=\"ar_quote\">Originalnachricht des Absenders </label>" |
|
168 |
+ . html_select('ar_quote', ["none" => 'nicht in Antwort einschließen', |
|
169 | 169 |
"teaser" => 'anreißen (erste 10 Zeilen)', |
170 | 170 |
"inline" => 'zitieren (max. 50 Zeilen)', ], $quote) . "</p>"; |
171 | 171 |
//"attach" => 'vollständig als Anhang beifügen'), $quote)."</p>"; |
... | ... |
@@ -174,10 +174,10 @@ $form .= "<p><label for=\"ar_quote\">Originalnachricht des Absenders </label>" . |
174 | 174 |
$ar_from_default_checked = ($ar['fromname'] == null) ? ' checked="checked"' : ''; |
175 | 175 |
$ar_from_custom_checked = ($ar['fromname'] != null) ? ' checked="checked"' : ''; |
176 | 176 |
$fromname = filter_output_html($ar['fromname']); |
177 |
-$form .= "<h4>Absender der automatischen Antwort</h4>" . |
|
178 |
- "<p><input type=\"radio\" name=\"ar_from\" value=\"default\" id=\"ar_from_default\"{$ar_from_default_checked}> <label for=\"ar_from_default\">Nur E-Mail-Adresse</label><br>" . |
|
179 |
- "<input type=\"radio\" name=\"ar_from\" value=\"custom\" id=\"ar_from_custom\"{$ar_from_custom_checked}> <label for=\"ar_from_custom\">Mit Name: </label> " . |
|
180 |
- "<input type=\"text\" name=\"ar_fromname\" id=\"ar_fromname\" value=\"{$fromname}\"></p>"; |
|
177 |
+$form .= "<h4>Absender der automatischen Antwort</h4>" |
|
178 |
+ . "<p><input type=\"radio\" name=\"ar_from\" value=\"default\" id=\"ar_from_default\"{$ar_from_default_checked}> <label for=\"ar_from_default\">Nur E-Mail-Adresse</label><br>" |
|
179 |
+ . "<input type=\"radio\" name=\"ar_from\" value=\"custom\" id=\"ar_from_custom\"{$ar_from_custom_checked}> <label for=\"ar_from_custom\">Mit Name: </label> " |
|
180 |
+ . "<input type=\"text\" name=\"ar_fromname\" id=\"ar_fromname\" value=\"{$fromname}\"></p>"; |
|
181 | 181 |
|
182 | 182 |
|
183 | 183 |
|
... | ... |
@@ -36,8 +36,8 @@ if (!function_exists("user_has_dotcourier_domain")) { |
36 | 36 |
return false; |
37 | 37 |
} |
38 | 38 |
$uid = (int) $_SESSION['userinfo']['uid']; |
39 |
- $result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user=:uid or c.uid=:uid UNION " . |
|
40 |
- "SELECT 1 FROM mail.v_domains AS d WHERE d.user=:uid AND d.mail != 'none' AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains)", [":uid" => $uid]); |
|
39 |
+ $result = db_query("select 1 from mail.custom_mappings as c left join mail.v_domains as d on (d.id=c.domain) where d.user=:uid or c.uid=:uid UNION " |
|
40 |
+ . "SELECT 1 FROM mail.v_domains AS d WHERE d.user=:uid AND d.mail != 'none' AND d.id != ALL(SELECT domain FROM mail.virtual_mail_domains)", [":uid" => $uid]); |
|
41 | 41 |
$ret = ($result->rowCount() > 0); |
42 | 42 |
if ($ret) { |
43 | 43 |
DEBUG("User {$uid} has dotcourier-domains"); |
... | ... |
@@ -368,8 +368,8 @@ function save_vmail_account($account) |
368 | 368 |
input_error("Die Absenderadresse sieht ungültig aus. Es wird Ihre E-Mail-Adresse benutzt!"); |
369 | 369 |
$ar['fromaddr'] = null; |
370 | 370 |
} |
371 |
- $query = "REPLACE INTO mail.vmail_autoresponder (account, valid_from, valid_until, fromname, fromaddr, subject, message, quote) " . |
|
372 |
- "VALUES (:id, :valid_from, :valid_until, :fromname, :fromaddr, :subject, :message, :quote)"; |
|
371 |
+ $query = "REPLACE INTO mail.vmail_autoresponder (account, valid_from, valid_until, fromname, fromaddr, subject, message, quote) " |
|
372 |
+ . "VALUES (:id, :valid_from, :valid_until, :fromname, :fromaddr, :subject, :message, :quote)"; |
|
373 | 373 |
$args = [":id" => $id, |
374 | 374 |
":valid_from" => $ar['valid_from'], |
375 | 375 |
":valid_until" => $ar['valid_until'], |
... | ... |
@@ -41,8 +41,8 @@ title("E-Mail-Adresse stilllegen"); |
41 | 41 |
output('<p>Mit dieser Funktion können Sie eine E-Mail-Adresse stilllegen (so werden keine Nachrichten für diese Adresse angenommen) und dabei dem Absender einen eigenen, hier festgelegten Fehlertext zukommen lassen. Diese Methode hat nicht die Probleme, die ein klassische Autoresponder verursacht, da keine Antwort-E-Mails versendet werden. Der Absender erhält von seinem Mail-Server eine Fehlermeldung mit dem entsprechenden Text.</p> |
42 | 42 |
<p><strong>Wichtig:</strong> Dieses Verfahren funktioniert nur, wenn die E-Mails wirklich nicht angenommen werden (Annahme wird verweigert), somit sind keine Weiterleitung und keine Speicherung möglich. Sie können aber natürlich im Text auf eine andere E-Mail-Adresse hinweisen.</p>'); |
43 | 43 |
|
44 |
-$form = "<h4>Text der Fehlermeldung</h4>" . |
|
45 |
- "<p><textarea cols=\"80\" rows=\"10\" name=\"smtpreply\" id=\"smtpreply\">" . filter_output_html($account['smtpreply']) . "</textarea></p>"; |
|
44 |
+$form = "<h4>Text der Fehlermeldung</h4>" |
|
45 |
+ . "<p><textarea cols=\"80\" rows=\"10\" name=\"smtpreply\" id=\"smtpreply\">" . filter_output_html($account['smtpreply']) . "</textarea></p>"; |
|
46 | 46 |
|
47 | 47 |
$form .= '<p><input id="submit" type="submit" value="Speichern">    '; |
48 | 48 |
if ($suspended) { |
... | ... |
@@ -99,9 +99,9 @@ Subdomains können grundsätzlich nur durch Administratoren eingerichtet und ver |
99 | 99 |
$accounts_on_domain = $sorted_by_domains[$dom['id']]; |
100 | 100 |
|
101 | 101 |
foreach ($accounts_on_domain as $this_account) { |
102 |
- if ($filter && |
|
103 |
- (strpos($dom['domainname'], $filter) === false && |
|
104 |
- strpos($this_account['local'], $filter) === false)) { |
|
102 |
+ if ($filter |
|
103 |
+ && (strpos($dom['domainname'], $filter) === false |
|
104 |
+ && strpos($this_account['local'], $filter) === false)) { |
|
105 | 105 |
continue; |
106 | 106 |
} |
107 | 107 |
$acc = get_account_details($this_account['id']); |
... | ... |
@@ -49,8 +49,8 @@ function delete_from_whitelist($id) |
49 | 49 |
function valid_entry($local, $domain) |
50 | 50 |
{ |
51 | 51 |
if ($domain == 'schokokeks.org') { |
52 |
- if (($local != $_SESSION['userinfo']['username']) && |
|
53 |
- (strpos($local, $_SESSION['userinfo']['username'] . '-') !== 0)) { |
|
52 |
+ if (($local != $_SESSION['userinfo']['username']) |
|
53 |
+ && (strpos($local, $_SESSION['userinfo']['username'] . '-') !== 0)) { |
|
54 | 54 |
system_failure('Diese E-Mail-Adresse gehört Ihnen nicht!'); |
55 | 55 |
} |
56 | 56 |
return true; |
... | ... |
@@ -79,6 +79,6 @@ function new_whitelist_entry($local, $domain, $minutes) |
79 | 79 |
$args[':minutes'] = $minutes; |
80 | 80 |
$expire = "NOW() + INTERVAL :minutes MINUTE"; |
81 | 81 |
} |
82 |
- db_query("INSERT INTO mail.greylisting_manual_whitelist (local,domain,date,expire,uid) VALUES " . |
|
83 |
- "(:local, :domain, NOW(), {$expire}, :uid)", $args); |
|
82 |
+ db_query("INSERT INTO mail.greylisting_manual_whitelist (local,domain,date,expire,uid) VALUES " |
|
83 |
+ . "(:local, :domain, NOW(), {$expire}, :uid)", $args); |
|
84 | 84 |
} |
... | ... |
@@ -64,8 +64,8 @@ if (isset($_REQUEST['token'])) { |
64 | 64 |
if ($show == 'password') { |
65 | 65 |
$username = get_username_for_uid($uid); |
66 | 66 |
title("Neues Passwort setzen"); |
67 |
- output('<p>Bitte legen Sie jetzt Ihr neues Passwort fest.</p>' . |
|
68 |
- html_form('initialize_useraccount', '', '', '<p style="display: none"><input type="hidden" name="uid" value="' . $uid . '"> |
|
67 |
+ output('<p>Bitte legen Sie jetzt Ihr neues Passwort fest.</p>' |
|
68 |
+ . html_form('initialize_useraccount', '', '', '<p style="display: none"><input type="hidden" name="uid" value="' . $uid . '"> |
|
69 | 69 |
<input type="hidden" name="token" value="' . $token . '"><input type="hidden" name="agb" value="1"></p> |
70 | 70 |
<p><span class="login_label">Ihr Benutzername:</span> <strong>' . $username . '</strong></p> |
71 | 71 |
<p><span class="login_label">Neues Passwort:</span> <input type="password" name="password" size="30" autocomplete="new-password"></p> |
... | ... |
@@ -74,8 +74,8 @@ if ($show == 'password') { |
74 | 74 |
')); |
75 | 75 |
} elseif ($show == 'agb') { |
76 | 76 |
title("Bestätigung unserer AGB"); |
77 |
- output('<p>Die Nutzung unseres Angebots ist an unsere <a href="https://schokokeks.org/agb">Allgemeinen Geschäftsbedingungen</a> gebunden. Bitte lesen Sie diese Bedingungen und bestätigen Sie Ihr Einverständnis. Sollten Sie diese Bedingungen nicht akzeptieren, setzen Sie sich bitte mit uns in Verbindung.</p>' . |
|
78 |
- html_form('initialize_useraccount_agb', '', '', '<p style="display: none"><input type="hidden" name="uid" value="' . $uid . '"> |
|
77 |
+ output('<p>Die Nutzung unseres Angebots ist an unsere <a href="https://schokokeks.org/agb">Allgemeinen Geschäftsbedingungen</a> gebunden. Bitte lesen Sie diese Bedingungen und bestätigen Sie Ihr Einverständnis. Sollten Sie diese Bedingungen nicht akzeptieren, setzen Sie sich bitte mit uns in Verbindung.</p>' |
|
78 |
+ . html_form('initialize_useraccount_agb', '', '', '<p style="display: none"><input type="hidden" name="uid" value="' . $uid . '"> |
|
79 | 79 |
<input type="hidden" name="token" value="' . $token . '"></p> |
80 | 80 |
<p><span class="login_label"> </span><input type="checkbox" name="agb" value="1"> Ja, ich akzeptiere die AGB.<p> |
81 | 81 |
<p><span class="login_label"> </span> <input type="submit" value="Weiter"></p> |
... | ... |
@@ -329,12 +329,12 @@ function save_more_storage($items, $storage) |
329 | 329 |
} |
330 | 330 |
$data['kunde'] = $cid; |
331 | 331 |
$data['notizen'] = 'Bestellt via Webinterface'; |
332 |
- if (!isset($data['anzahl']) || |
|
333 |
- !isset($data['beschreibung']) || |
|
334 |
- !isset($data['datum']) || |
|
335 |
- !array_key_exists('kuendigungsdatum', $data) || |
|
336 |
- !isset($data['betrag']) || |
|
337 |
- !isset($data['monate'])) { |
|
332 |
+ if (!isset($data['anzahl']) |
|
333 |
+ || !isset($data['beschreibung']) |
|
334 |
+ || !isset($data['datum']) |
|
335 |
+ || !array_key_exists('kuendigungsdatum', $data) |
|
336 |
+ || !isset($data['betrag']) |
|
337 |
+ || !isset($data['monate'])) { |
|
338 | 338 |
DEBUG($data); |
339 | 339 |
input_error("Ungültige Daten"); |
340 | 340 |
return; |
... | ... |
@@ -345,8 +345,8 @@ function save_more_storage($items, $storage) |
345 | 345 |
$param[':' . $k] = $v; |
346 | 346 |
} |
347 | 347 |
|
348 |
- $queries[] = ["INSERT INTO kundendaten.leistungen (kunde,periodisch,beschreibung,datum,kuendigungsdatum,betrag,brutto,monate,anzahl,notizen) VALUES " . |
|
349 |
- "(:kunde,1,:beschreibung,:datum,:kuendigungsdatum,:betrag,:brutto,:monate,:anzahl,:notizen)", $param, ]; |
|
348 |
+ $queries[] = ["INSERT INTO kundendaten.leistungen (kunde,periodisch,beschreibung,datum,kuendigungsdatum,betrag,brutto,monate,anzahl,notizen) VALUES " |
|
349 |
+ . "(:kunde,1,:beschreibung,:datum,:kuendigungsdatum,:betrag,:brutto,:monate,:anzahl,:notizen)", $param, ]; |
|
350 | 350 |
} |
351 | 351 |
|
352 | 352 |
if (count($queries) < 2) { |
... | ... |
@@ -26,8 +26,8 @@ title('Zusätzlichen Speicherplatz buchen'); |
26 | 26 |
check_form_token('more_storage'); |
27 | 27 |
|
28 | 28 |
$valid = false; |
29 |
-if (isset($_POST['more_storage_handle']) && isset($_SESSION['more_storage_handle']) && |
|
30 |
- $_POST['more_storage_handle'] == $_SESSION['more_storage_handle']) { |
|
29 |
+if (isset($_POST['more_storage_handle']) && isset($_SESSION['more_storage_handle']) |
|
30 |
+ && $_POST['more_storage_handle'] == $_SESSION['more_storage_handle']) { |
|
31 | 31 |
$valid = true; |
32 | 32 |
} |
33 | 33 |
if (!$valid) { |
... | ... |
@@ -26,9 +26,9 @@ global $debugmode; |
26 | 26 |
|
27 | 27 |
if ($_GET['action'] == 'new') { |
28 | 28 |
check_form_token('jabber_new_account'); |
29 |
- if (filter_input_username($_POST['local']) == '' || |
|
30 |
- $_POST['domain'] == '' || |
|
31 |
- $_POST['password'] == '') { |
|
29 |
+ if (filter_input_username($_POST['local']) == '' |
|
30 |
+ || $_POST['domain'] == '' |
|
31 |
+ || $_POST['password'] == '') { |
|
32 | 32 |
input_error('Sie müssen alle Felder ausfüllen!'); |
33 | 33 |
} else { |
34 | 34 |
create_jabber_account($_POST['local'], $_POST['domain'], stripslashes($_POST['password'])); |
... | ... |
@@ -39,10 +39,10 @@ if ($_GET['action'] == 'new') { |
39 | 39 |
} elseif ($_GET['action'] == 'chpass') { |
40 | 40 |
check_form_token('jabber_chpass'); |
41 | 41 |
get_jabberaccount_details($_POST['accountid']); |
42 |
- if ($_POST['newpass'] == '' || |
|
43 |
- $_POST['newpass2'] == '' || |
|
44 |
- $_POST['newpass'] != $_POST['newpass2'] || |
|
45 |
- $_POST['accountid'] == '') { |
|
42 |
+ if ($_POST['newpass'] == '' |
|
43 |
+ || $_POST['newpass2'] == '' |
|
44 |
+ || $_POST['newpass'] != $_POST['newpass2'] |
|
45 |
+ || $_POST['accountid'] == '') { |
|
46 | 46 |
input_error('Bitte zweimal ein neues Passwort eingeben!'); |
47 | 47 |
} else { |
48 | 48 |
change_jabber_password($_POST['accountid'], stripslashes($_POST['newpass'])); |
... | ... |
@@ -22,8 +22,8 @@ function save_passkey($data, $handle = null) |
22 | 22 |
":handle" => $handle, |
23 | 23 |
":uid" => $_SESSION['userinfo']['uid'], |
24 | 24 |
]; |
25 |
- db_query("INSERT INTO system.systemuser_passkey (uid, handle, rpId, credentialId, credentialPublicKey) VALUES " . |
|
26 |
- "(:uid, :handle, :rpId, :credentialId, :credentialPublicKey)", $args); |
|
25 |
+ db_query("INSERT INTO system.systemuser_passkey (uid, handle, rpId, credentialId, credentialPublicKey) VALUES " |
|
26 |
+ . "(:uid, :handle, :rpId, :credentialId, :credentialPublicKey)", $args); |
|
27 | 27 |
} |
28 | 28 |
|
29 | 29 |
function get_passkey($id) |
... | ... |
@@ -55,14 +55,14 @@ function find_customers($string) |
55 | 55 |
{ |
56 | 56 |
$args = [":string" => '%' . chop($string) . '%', ":number" => $string]; |
57 | 57 |
$return = []; |
58 |
- $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE " . |
|
59 |
- "firma LIKE :string OR firma2 LIKE :string OR " . |
|
60 |
- "nachname LIKE :string OR vorname LIKE :string OR " . |
|
61 |
- "adresse LIKE :string OR adresse2 LIKE :string OR " . |
|
62 |
- "ort LIKE :string OR pgp_id LIKE :string OR " . |
|
63 |
- "notizen LIKE :string OR email_rechnung LIKE :string OR " . |
|
64 |
- "email LIKE :string OR email_extern LIKE :string OR u.name LIKE :string OR " . |
|
65 |
- "u.username LIKE :string OR k.id=:number OR u.uid=:number", $args); |
|
58 |
+ $result = db_query("SELECT k.id FROM kundendaten.kunden AS k LEFT JOIN system.useraccounts AS u ON (k.id=u.kunde) WHERE " |
|
59 |
+ . "firma LIKE :string OR firma2 LIKE :string OR " |
|
60 |
+ . "nachname LIKE :string OR vorname LIKE :string OR " |
|
61 |
+ . "adresse LIKE :string OR adresse2 LIKE :string OR " |
|
62 |
+ . "ort LIKE :string OR pgp_id LIKE :string OR " |
|
63 |
+ . "notizen LIKE :string OR email_rechnung LIKE :string OR " |
|
64 |
+ . "email LIKE :string OR email_extern LIKE :string OR u.name LIKE :string OR " |
|
65 |
+ . "u.username LIKE :string OR k.id=:number OR u.uid=:number", $args); |
|
66 | 66 |
while ($entry = $result->fetch()) { |
67 | 67 |
$return[] = $entry['id']; |
68 | 68 |
} |
... | ... |
@@ -84,8 +84,8 @@ function find_users_for_customer($id) |
84 | 84 |
{ |
85 | 85 |
$id = (int) $id; |
86 | 86 |
$return = []; |
87 |
- $result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE " . |
|
88 |
- "kunde=?", [$id]); |
|
87 |
+ $result = db_query("SELECT uid, username, name FROM system.useraccounts WHERE " |
|
88 |
+ . "kunde=?", [$id]); |
|
89 | 89 |
while ($entry = $result->fetch()) { |
90 | 90 |
$return[] = $entry; |
91 | 91 |
} |
... | ... |
@@ -41,8 +41,8 @@ if ($_GET['action'] == 'new') { |
41 | 41 |
//if (! strong_password($_POST['newpass'])) |
42 | 42 |
// input_error('Das Passwort ist zu einfach'); |
43 | 43 |
//else |
44 |
- if ($_POST['newpass1'] == '' || |
|
45 |
- $_POST['newpass1'] != $_POST['newpass2']) { |
|
44 |
+ if ($_POST['newpass1'] == '' |
|
45 |
+ || $_POST['newpass1'] != $_POST['newpass2']) { |
|
46 | 46 |
input_error('Bitte zweimal ein neues Passwort eingeben!'); |
47 | 47 |
$error = true; |
48 | 48 |
} else { |
... | ... |
@@ -475,8 +475,8 @@ function save_vhost($vhost) |
475 | 475 |
$autoipv6 = $vhost['autoipv6']; |
476 | 476 |
} |
477 | 477 |
|
478 |
- if (!($vhost['ssl'] == 'forward' || $vhost['ssl'] == 'http' || |
|
479 |
- $vhost['ssl'] == 'https')) { |
|
478 |
+ if (!($vhost['ssl'] == 'forward' || $vhost['ssl'] == 'http' |
|
479 |
+ || $vhost['ssl'] == 'https')) { |
|
480 | 480 |
$vhost['ssl'] = null; |
481 | 481 |
} |
482 | 482 |
|
... | ... |
@@ -503,8 +503,8 @@ function save_vhost($vhost) |
503 | 503 |
$args[":user"] = $_SESSION['userinfo']['uid']; |
504 | 504 |
unset($args[":id"]); |
505 | 505 |
logger(LOG_INFO, 'modules/vhosts/include/vhosts', 'vhosts', 'Creating vhost ' . $vhost['hostname'] . '.' . $vhost['domain'] . ''); |
506 |
- $result = db_query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, hsts, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options) VALUES " . |
|
507 |
- "(:user, :hostname, :domain, :docroot, :php, :cgi, :ssl, :hsts, :suexec_user, :server, :logtype, :errorlog, :cert, :ipv4, :autoipv6, :options)", $args, true); |
|
506 |
+ $result = db_query("INSERT INTO vhosts.vhost (user, hostname, domain, docroot, php, cgi, `ssl`, hsts, `suexec_user`, `server`, logtype, errorlog, certid, ipv4, autoipv6, options) VALUES " |
|
507 |
+ . "(:user, :hostname, :domain, :docroot, :php, :cgi, :ssl, :hsts, :suexec_user, :server, :logtype, :errorlog, :cert, :ipv4, :autoipv6, :options)", $args, true); |
|
508 | 508 |
$id = db_insert_id(); |
509 | 509 |
} |
510 | 510 |
$oldvhost = get_vhost_details($id); |
511 | 511 |