Browse code

Neues Jabber-Modul (noch nicht ganz fertig) und Formular-Framework

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@481 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on01/06/2007 16:53:03
Showing8 changed files
... ...
@@ -16,6 +16,9 @@ function random_string($nc, $a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUV
16 16
 
17 17
 function are_you_sure($query_string, $question)
18 18
 {
19
+  global $debugmode;
20
+  if ($debugmode)
21
+    $query_string = 'debug&'.$query_string;
19 22
   $token = random_string(20);
20 23
   $_SESSION['are_you_sure_token'] = $token;
21 24
   output("<form action=\"?{$query_string}\" method=\"post\">\n");
... ...
@@ -50,12 +53,11 @@ function generate_form_token($form_id)
50 53
   if ($sessid == "") 
51 54
   {
52 55
     DEBUG("Uh? Session not running? Wtf?");
53
-    return '';
56
+    system_failure("Internal error!");
54 57
   }
55 58
   if (! isset($_SESSION['session_token']))
56 59
     $_SESSION['session_token'] = random_string(10);
57
-  $session_token = $_SESSION['session_token'];
58
-  $formtoken = hash('sha256', $sessid.$form_id.$session_token);
60
+  $formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
59 61
   return '<input type="hidden" name="formtoken" value="'.$formtoken.'" />'."\n";
60 62
 }
61 63
 
... ...
@@ -67,14 +69,45 @@ function check_form_token($form_id)
67 69
   if ($sessid == "") 
68 70
   {
69 71
     DEBUG("Uh? Session not running? Wtf?");
70
-    return '';
72
+    system_failure("Internal error!");
71 73
   }
72 74
 
73
-  $session_token = $_SESSION['session_token'];
74
-  $correct_formtoken = hash('sha256', $sessid.$form_id.$session_token);
75
+  $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
75 76
 
76 77
   if (! ($formtoken == $correct_formtoken))
77 78
     system_failure("Possible cross-site-request-forgery!");
78 79
 }
79 80
 
81
+
82
+
83
+function internal_link($file, $label, $querystring = '')
84
+{
85
+  $debugstr = '';
86
+  global $debugmode;
87
+  if ($debugmode)
88
+    $debugstr = 'debug&amp;';
89
+  $querystring = str_replace('&', '&amp;', $querystring);
90
+
91
+  return "<a href=\"{$file}?{$debugstr}${querystring}\">{$label}</a>";
92
+}
93
+
94
+
95
+function html_form($form_id, $scriptname, $querystring, $content)
96
+{
97
+  $debugstr = '';
98
+  global $debugmode;
99
+  if ($debugmode)
100
+    $debugstr = 'debug&amp;';
101
+  $querystring = str_replace('&', '&amp;', $querystring);
102
+  $ret = '';
103
+  $ret .= '<form action="'.$scriptname.'?'.$debugstr.$querystring.'" method="post">'."\n";
104
+  $ret .= generate_form_token($form_id);
105
+  $ret .= $content;
106
+  $ret .= '</form>';
107
+  return $ret;  
108
+}
109
+
110
+
111
+
112
+
80 113
 ?>
... ...
@@ -54,6 +54,26 @@ function get_domain_name($domid)
54 54
 }
55 55
 
56 56
 
57
+function get_jabberable_domains()
58
+{
59
+  require_role(ROLE_CUSTOMER);
60
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
61
+  $query = "SELECT id, CONCAT_WS('.', domainname, tld) AS name FROM kundendaten.domains WHERE jabber=1 AND kunde={$customerno}";
62
+  DEBUG($query);
63
+  $result = mysql_query($query);
64
+  
65
+  $domains = array(array('id' => 0, 'name' => 'schokokeks.org'));
66
+  if (mysql_num_rows($result) > 0)
67
+    while ($domain = mysql_fetch_object($result))
68
+      array_push($domains, array('id' => $domain->id,
69
+                                'name' => $domain->name));
70
+
71
+  return $domains;
72
+
73
+}
74
+
75
+
76
+
57 77
 /*
58 78
 function get_mail_virtualdomain($domain)
59 79
 {
60 80
new file mode 100644
... ...
@@ -0,0 +1,30 @@
1
+<?php
2
+
3
+require_once('session/start.php');
4
+
5
+require_once('domains.php');
6
+require_once('jabberaccounts.php');
7
+
8
+require_role(ROLE_CUSTOMER);
9
+
10
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true)));
11
+
12
+$jabberaccounts = get_jabber_accounts();
13
+
14
+output("<h3>Jabber-Accounts</h3>
15
+
16
+
17
+<table>
18
+");
19
+
20
+foreach ($jabberaccounts as $acc)
21
+{
22
+  $domain = get_domain_name($acc['domain']);
23
+  output("<tr><td>{$acc['local']}@$domain</td><td>".internal_link('chpass.php', 'Passwort ändern', 'account='.$acc['id'])."&nbsp;&nbsp;&nbsp;".internal_link('save.php', 'Löschen', 'action=delete&account='.$acc['id']).'</td></tr>');
24
+}
25
+
26
+output('</table>
27
+
28
+<p><a href="new_account.php">Neues Jabber-Konto anlegen</a></p>');
29
+
30
+?>
0 31
new file mode 120000
... ...
@@ -0,0 +1 @@
1
+../../domains/include/domains.php
0 2
\ No newline at end of file
1 3
new file mode 100644
... ...
@@ -0,0 +1,83 @@
1
+<?php
2
+
3
+require_once("inc/debug.php");
4
+require_once("inc/db_connect.php");
5
+
6
+
7
+
8
+function get_jabber_accounts() {
9
+  require_role(ROLE_CUSTOMER);
10
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
11
+  $query = "SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;";
12
+  DEBUG($query);
13
+  $result = mysql_query($query);
14
+  $accounts = array();
15
+  if (@mysql_num_rows($result) > 0)
16
+    while ($acc = @mysql_fetch_object($result))
17
+      array_push($accounts, array('id'=> $acc->id, 'created' => $acc->created, 'local' => $acc->local, 'domain' => $acc->domain));
18
+  return $accounts;
19
+}
20
+
21
+
22
+
23
+function get_jabberaccount_details($id)
24
+{
25
+  require_role(ROLE_CUSTOMER);
26
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
27
+
28
+  $id = (int) $id;
29
+
30
+  $query = "SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1";
31
+  DEBUG($query);
32
+  $result = mysql_query($query);
33
+  if (mysql_num_rows($result) != 1)
34
+    system_failure("Invalid account");
35
+  $data = mysql_fetch_assoc($result);
36
+  $data['domain'] = get_domain_name($data['domain']);
37
+  return $data;
38
+}
39
+
40
+
41
+
42
+function create_jabber_account($local, $domain, $password)
43
+{
44
+  require_role(ROLE_CUSTOMER);
45
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
46
+
47
+  $local = mysql_real_escape_string($local);
48
+  $domain = (int) $domain;
49
+  $password = mysql_real_escape_string($password);
50
+  
51
+  if ($domain > 0)
52
+  {
53
+    $query = "SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};";
54
+    DEBUG($query);
55
+    $result = mysql_query($query);
56
+    if (mysql_num_rows($result) == 0)
57
+    {
58
+      system_failure("Invalid domain!");
59
+    }
60
+  }
61
+
62
+  if ($domain == 0)
63
+    $domain = 'NULL';
64
+
65
+  $query = "INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');";
66
+  DEBUG($query);
67
+  mysql_query($query);
68
+}
69
+
70
+
71
+function delete_jabber_account($id)
72
+{
73
+  require_role(ROLE_CUSTOMER);
74
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
75
+
76
+  $id = (int) $id;
77
+
78
+  $query = "UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1";
79
+  DEBUG($query);
80
+  mysql_query($query);
81
+}
82
+
83
+?>
0 84
new file mode 100644
... ...
@@ -0,0 +1,12 @@
1
+<?php
2
+
3
+$role = $_SESSION['role'];
4
+
5
+switch ($role)
6
+{
7
+  case ROLE_CUSTOMER:
8
+    $menu["jabber_accounts"] = array("label" => "Jabber", "file" => "accounts.php", "weight" => 10);
9
+    
10
+}
11
+
12
+?>
0 13
new file mode 100644
... ...
@@ -0,0 +1,39 @@
1
+<?php
2
+
3
+require_once('session/start.php');
4
+
5
+require_once('domains.php');
6
+require_once('jabberaccounts.php');
7
+
8
+require_role(ROLE_CUSTOMER);
9
+
10
+$title = "Neues Jabber-Konto erstellen";
11
+
12
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true)));
13
+
14
+$jabberdomains = get_jabberable_domains();
15
+
16
+$options = '';
17
+foreach ($jabberdomains as $dom)
18
+{
19
+  $options .= '<option value="'.$dom['id'].'">'.$dom['name'].'</option>'."\n";
20
+}
21
+
22
+
23
+output("<h3>Neuen Jabber-Account erstellen</h3>");
24
+
25
+output('<p>Erstellen Sie hier ein neues Jabber-Konto.</p>
26
+
27
+'.html_form('jabber_new_account', 'save.php', 'action=new', '
28
+<table>
29
+<tr><td>Account-Name:</td><td><input type="text" name="local" value="" />&nbsp;&nbsp;&nbsp;<select name="domain" size="1">
30
+'.$options.'
31
+</select></td></tr>
32
+<tr><td>Passwort:</td><td><input type="password" name="password" value="" /></td></tr>
33
+</table>
34
+<br />
35
+<input type="submit" name="submit" value="Anlegen" />
36
+'));
37
+
38
+
39
+?>
0 40
new file mode 100644
... ...
@@ -0,0 +1,75 @@
1
+<?php
2
+
3
+require_once('session/start.php');
4
+
5
+require_once('domains.php');
6
+require_once('jabberaccounts.php');
7
+
8
+require_role(ROLE_CUSTOMER);
9
+
10
+require_once("inc/debug.php");
11
+global $debugmode;
12
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true)));
13
+
14
+if ($_GET['action'] == 'new')
15
+{
16
+  check_form_token('jabber_new_account');
17
+  if ($_POST['local'] == '' ||
18
+      $_POST['domain'] == '' ||
19
+      $_POST['password'] == '')
20
+  {
21
+    input_error('Sie müssen alle Felder ausfüllen!');
22
+  }
23
+  else
24
+  {
25
+    create_jabber_account($_POST['local'], $_POST['domain'], $_POST['password']);
26
+    if (! $debugmode)
27
+      header('Location: accounts.php');
28
+  }
29
+}
30
+elseif ($_GET['action'] == 'chpass')
31
+{
32
+  check_form_token('jabber_chpass');
33
+  if ($_POST['newpass'] == '' ||
34
+      $_POST['newpass2'] == '' ||
35
+      $_POST['newpass'] != $_POST['newpass2'] ||
36
+      $_POST['accountid'] == '')
37
+  {
38
+    input_error('Bitte zweimal ein neues Passwort eingeben!');
39
+  }
40
+  else
41
+  {
42
+    change_jabber_password($_POST['accountid'], $_POST['newpass']);
43
+    if (! $debugmode)
44
+      header('Location: accounts.php');
45
+  }
46
+}
47
+elseif ($_GET['action'] == 'delete')
48
+{
49
+  $account = get_jabberaccount_details($_GET['account']);
50
+  $account_string = $account['local'].'@'.$account['domain'];
51
+  $sure = user_is_sure();
52
+  if ($sure === NULL)
53
+  {
54
+    are_you_sure("action=delete&amp;account={$_GET['account']}", "Möchten Sie den Account »{$account_string}« wirklich löschen?");
55
+  }
56
+  elseif ($sure === true)
57
+  {
58
+    delete_jabber_account($account['id']);
59
+    if (! $debugmode)
60
+      header("Location: accounts.php");
61
+  }
62
+  elseif ($sure === false)
63
+  {
64
+    if (! $debugmode)
65
+      header("Location: accounts.php");
66
+  }
67
+
68
+}
69
+else
70
+  system_failure("Unimplemented action");
71
+
72
+output('');
73
+
74
+
75
+?>