webinterface.git

Neues Jabber-Modul (noch nicht ganz fertig) und Formular-Framework
Parent 74a5d99
bernd

bernd commited on 2007-06-01 16:53:03
Zeige 8 geänderte Dateien mit 299 Einfügungen und 6 Löschungen. 

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@481 87cf0b9e-d624-0410-a070-f6ee81989793
inc/base.php
Zeige Datei @ dcee94d
... ... 
@@ -16,6 +16,9 @@ function random_string($nc, $a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV
16 16
17 17 
 function are_you_sure($query_string, $question)
18 18 
 {
19 
+  global $debugmode;
20 
+  if ($debugmode)
21 
+    $query_string = 'debug&'.$query_string;
19 22 
   $token = random_string(20);
20 23 
   $_SESSION['are_you_sure_token'] = $token;
21 24 
   output("<form action=\"?{$query_string}\" method=\"post\">\n");
... ... 
@@ -50,12 +53,11 @@ function generate_form_token($form_id)
50 53 
   if ($sessid == "")
51 54 
   {
52 55 
     DEBUG("Uh? Session not running? Wtf?");
53 
-    return '';
56 
+    system_failure("Internal error!");
54 57 
   }
55 58 
   if (! isset($_SESSION['session_token']))
56 59 
     $_SESSION['session_token'] = random_string(10);
57 
-  $session_token = $_SESSION['session_token'];
58 
-  $formtoken = hash('sha256', $sessid.$form_id.$session_token);
60 
+  $formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
59 61 
   return '<input type="hidden" name="formtoken" value="'.$formtoken.'" />'."\n";
60 62 
 }
61 63
... ... 
@@ -67,14 +69,45 @@ function check_form_token($form_id)
67 69 
   if ($sessid == "")
68 70 
   {
69 71 
     DEBUG("Uh? Session not running? Wtf?");
70 
-    return '';
72 
+    system_failure("Internal error!");
71 73 
   }
72 74
73 
-  $session_token = $_SESSION['session_token'];
74 
-  $correct_formtoken = hash('sha256', $sessid.$form_id.$session_token);
75 
+  $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
75 76
76 77 
   if (! ($formtoken == $correct_formtoken))
77 78 
     system_failure("Possible cross-site-request-forgery!");
78 79 
 }
79 80
81 
+
82 
+
83 
+function internal_link($file, $label, $querystring = '')
84 
+{
85 
+  $debugstr = '';
86 
+  global $debugmode;
87 
+  if ($debugmode)
88 
+    $debugstr = 'debug&amp;';
89 
+  $querystring = str_replace('&', '&amp;', $querystring);
90 
+
91 
+  return "<a href=\"{$file}?{$debugstr}${querystring}\">{$label}</a>";
92 
+}
93 
+
94 
+
95 
+function html_form($form_id, $scriptname, $querystring, $content)
96 
+{
97 
+  $debugstr = '';
98 
+  global $debugmode;
99 
+  if ($debugmode)
100 
+    $debugstr = 'debug&amp;';
101 
+  $querystring = str_replace('&', '&amp;', $querystring);
102 
+  $ret = '';
103 
+  $ret .= '<form action="'.$scriptname.'?'.$debugstr.$querystring.'" method="post">'."\n";
104 
+  $ret .= generate_form_token($form_id);
105 
+  $ret .= $content;
106 
+  $ret .= '</form>';
107 
+  return $ret;
108 
+}
109 
+
110 
+
111 
+
112 
+
80 113 
 ?>
modules/domains/include/domains.php
Zeige Datei @ dcee94d
... ... 
@@ -54,6 +54,26 @@ function get_domain_name($domid)
54 54 
 }
55 55
56 56
57 
+function get_jabberable_domains()
58 
+{
59 
+  require_role(ROLE_CUSTOMER);
60 
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
61 
+  $query = "SELECT id, CONCAT_WS('.', domainname, tld) AS name FROM kundendaten.domains WHERE jabber=1 AND kunde={$customerno}";
62 
+  DEBUG($query);
63 
+  $result = mysql_query($query);
64 
+
65 
+  $domains = array(array('id' => 0, 'name' => 'schokokeks.org'));
66 
+  if (mysql_num_rows($result) > 0)
67 
+    while ($domain = mysql_fetch_object($result))
68 
+      array_push($domains, array('id' => $domain->id,
69 
+                                'name' => $domain->name));
70 
+
71 
+  return $domains;
72 
+
73 
+}
74 
+
75 
+
76 
+
57 77 
 /*
58 78 
 function get_mail_virtualdomain($domain)
59 79 
 {
modules/jabber/accounts.php
Zeige Datei @ dcee94d
... ... 
@@ -0,0 +1,30 @@
1 
+<?php
2 
+
3 
+require_once('session/start.php');
4 
+
5 
+require_once('domains.php');
6 
+require_once('jabberaccounts.php');
7 
+
8 
+require_role(ROLE_CUSTOMER);
9 
+
10 
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true)));
11 
+
12 
+$jabberaccounts = get_jabber_accounts();
13 
+
14 
+output("<h3>Jabber-Accounts</h3>
15 
+
16 
+
17 
+<table>
18 
+");
19 
+
20 
+foreach ($jabberaccounts as $acc)
21 
+{
22 
+  $domain = get_domain_name($acc['domain']);
23 
+  output("<tr><td>{$acc['local']}@$domain</td><td>".internal_link('chpass.php', 'Passwort ändern', 'account='.$acc['id'])."&nbsp;&nbsp;&nbsp;".internal_link('save.php', 'Löschen', 'action=delete&account='.$acc['id']).'</td></tr>');
24 
+}
25 
+
26 
+output('</table>
27 
+
28 
+<p><a href="new_account.php">Neues Jabber-Konto anlegen</a></p>');
29 
+
30 
+?>
modules/jabber/include/domains.php
Zeige Datei @ dcee94d
... ... 
@@ -0,0 +1 @@
1 
+../../domains/include/domains.php
0 2 
\ No newline at end of file
modules/jabber/include/jabberaccounts.php
Zeige Datei @ dcee94d
... ... 
@@ -0,0 +1,83 @@
1 
+<?php
2 
+
3 
+require_once("inc/debug.php");
4 
+require_once("inc/db_connect.php");
5 
+
6 
+
7 
+
8 
+function get_jabber_accounts() {
9 
+  require_role(ROLE_CUSTOMER);
10 
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
11 
+  $query = "SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;";
12 
+  DEBUG($query);
13 
+  $result = mysql_query($query);
14 
+  $accounts = array();
15 
+  if (@mysql_num_rows($result) > 0)
16 
+    while ($acc = @mysql_fetch_object($result))
17 
+      array_push($accounts, array('id'=> $acc->id, 'created' => $acc->created, 'local' => $acc->local, 'domain' => $acc->domain));
18 
+  return $accounts;
19 
+}
20 
+
21 
+
22 
+
23 
+function get_jabberaccount_details($id)
24 
+{
25 
+  require_role(ROLE_CUSTOMER);
26 
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
27 
+
28 
+  $id = (int) $id;
29 
+
30 
+  $query = "SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1";
31 
+  DEBUG($query);
32 
+  $result = mysql_query($query);
33 
+  if (mysql_num_rows($result) != 1)
34 
+    system_failure("Invalid account");
35 
+  $data = mysql_fetch_assoc($result);
36 
+  $data['domain'] = get_domain_name($data['domain']);
37 
+  return $data;
38 
+}
39 
+
40 
+
41 
+
42 
+function create_jabber_account($local, $domain, $password)
43 
+{
44 
+  require_role(ROLE_CUSTOMER);
45 
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
46 
+
47 
+  $local = mysql_real_escape_string($local);
48 
+  $domain = (int) $domain;
49 
+  $password = mysql_real_escape_string($password);
50 
+
51 
+  if ($domain > 0)
52 
+  {
53 
+    $query = "SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};";
54 
+    DEBUG($query);
55 
+    $result = mysql_query($query);
56 
+    if (mysql_num_rows($result) == 0)
57 
+    {
58 
+      system_failure("Invalid domain!");
59 
+    }
60 
+  }
61 
+
62 
+  if ($domain == 0)
63 
+    $domain = 'NULL';
64 
+
65 
+  $query = "INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');";
66 
+  DEBUG($query);
67 
+  mysql_query($query);
68 
+}
69 
+
70 
+
71 
+function delete_jabber_account($id)
72 
+{
73 
+  require_role(ROLE_CUSTOMER);
74 
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
75 
+
76 
+  $id = (int) $id;
77 
+
78 
+  $query = "UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1";
79 
+  DEBUG($query);
80 
+  mysql_query($query);
81 
+}
82 
+
83 
+?>
modules/jabber/menu.php
Zeige Datei @ dcee94d
... ... 
@@ -0,0 +1,12 @@
1 
+<?php
2 
+
3 
+$role = $_SESSION['role'];
4 
+
5 
+switch ($role)
6 
+{
7 
+  case ROLE_CUSTOMER:
8 
+    $menu["jabber_accounts"] = array("label" => "Jabber", "file" => "accounts.php", "weight" => 10);
9 
+
10 
+}
11 
+
12 
+?>
modules/jabber/new_account.php
Zeige Datei @ dcee94d
... ... 
@@ -0,0 +1,39 @@
1 
+<?php
2 
+
3 
+require_once('session/start.php');
4 
+
5 
+require_once('domains.php');
6 
+require_once('jabberaccounts.php');
7 
+
8 
+require_role(ROLE_CUSTOMER);
9 
+
10 
+$title = "Neues Jabber-Konto erstellen";
11 
+
12 
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true)));
13 
+
14 
+$jabberdomains = get_jabberable_domains();
15 
+
16 
+$options = '';
17 
+foreach ($jabberdomains as $dom)
18 
+{
19 
+  $options .= '<option value="'.$dom['id'].'">'.$dom['name'].'</option>'."\n";
20 
+}
21 
+
22 
+
23 
+output("<h3>Neuen Jabber-Account erstellen</h3>");
24 
+
25 
+output('<p>Erstellen Sie hier ein neues Jabber-Konto.</p>
26 
+
27 
+'.html_form('jabber_new_account', 'save.php', 'action=new', '
28 
+<table>
29 
+<tr><td>Account-Name:</td><td><input type="text" name="local" value="" />&nbsp;&nbsp;&nbsp;<select name="domain" size="1">
30 
+'.$options.'
31 
+</select></td></tr>
32 
+<tr><td>Passwort:</td><td><input type="password" name="password" value="" /></td></tr>
33 
+</table>
34 
+<br />
35 
+<input type="submit" name="submit" value="Anlegen" />
36 
+'));
37 
+
38 
+
39 
+?>
modules/jabber/save.php
Zeige Datei @ dcee94d
... ... 
@@ -0,0 +1,75 @@
1 
+<?php
2 
+
3 
+require_once('session/start.php');
4 
+
5 
+require_once('domains.php');
6 
+require_once('jabberaccounts.php');
7 
+
8 
+require_role(ROLE_CUSTOMER);
9 
+
10 
+require_once("inc/debug.php");
11 
+global $debugmode;
12 
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true)));
13 
+
14 
+if ($_GET['action'] == 'new')
15 
+{
16 
+  check_form_token('jabber_new_account');
17 
+  if ($_POST['local'] == '' ||
18 
+      $_POST['domain'] == '' ||
19 
+      $_POST['password'] == '')
20 
+  {
21 
+    input_error('Sie müssen alle Felder ausfüllen!');
22 
+  }
23 
+  else
24 
+  {
25 
+    create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']);
26 
+    if (! $debugmode)
27 
+      header('Location: accounts.php');
28 
+  }
29 
+}
30 
+elseif ($_GET['action'] == 'chpass')
31 
+{
32 
+  check_form_token('jabber_chpass');
33 
+  if ($_POST['newpass'] == '' ||
34 
+      $_POST['newpass2'] == '' ||
35 
+      $_POST['newpass'] != $_POST['newpass2'] ||
36 
+      $_POST['accountid'] == '')
37 
+  {
38 
+    input_error('Bitte zweimal ein neues Passwort eingeben!');
39 
+  }
40 
+  else
41 
+  {
42 
+    change_jabber_password($_POST['accountid'], $_POST['newpass']);
43 
+    if (! $debugmode)
44 
+      header('Location: accounts.php');
45 
+  }
46 
+}
47 
+elseif ($_GET['action'] == 'delete')
48 
+{
49 
+  $account = get_jabberaccount_details($_GET['account']);
50 
+  $account_string = $account['local'].'@'.$account['domain'];
51 
+  $sure = user_is_sure();
52 
+  if ($sure === NULL)
53 
+  {
54 
+    are_you_sure("action=delete&amp;account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?");
55 
+  }
56 
+  elseif ($sure === true)
57 
+  {
58 
+    delete_jabber_account($account['id']);
59 
+    if (! $debugmode)
60 
+      header("Location: accounts.php");
61 
+  }
62 
+  elseif ($sure === false)
63 
+  {
64 
+    if (! $debugmode)
65 
+      header("Location: accounts.php");
66 
+  }
67 
+
68 
+}
69 
+else
70 
+  system_failure("Unimplemented action");
71 
+
72 
+output('');
73 
+
74 
+
75 
+?>
0 76