bernd commited on 2007-03-27 07:40:51
Zeige 34 geänderte Dateien mit 2112 Einfügungen und 0 Löschungen.
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@362 87cf0b9e-d624-0410-a070-f6ee81989793
... | ... |
@@ -0,0 +1,146 @@ |
1 |
+body { |
|
2 |
+ font-family: Verdana, Arial, Helvetica; |
|
3 |
+ font-size: 12px; |
|
4 |
+ color: #000000; |
|
5 |
+ background-color: #EFEFEF; |
|
6 |
+} |
|
7 |
+ |
|
8 |
+ |
|
9 |
+div.error { |
|
10 |
+ color: #FF0000; |
|
11 |
+ border: 2px solid #000000; |
|
12 |
+ background-color: #FFFFFF; |
|
13 |
+ margin: 10px; |
|
14 |
+ padding: 10px; |
|
15 |
+} |
|
16 |
+ |
|
17 |
+div.success { |
|
18 |
+ color: #282; |
|
19 |
+ border: 2px solid #282; |
|
20 |
+ background-color: #FFFFFF; |
|
21 |
+ margin: 5px; |
|
22 |
+ padding: 5px; |
|
23 |
+ font-weight: bold; |
|
24 |
+} |
|
25 |
+ |
|
26 |
+p.warning { |
|
27 |
+ padding: 4px; |
|
28 |
+ color: #000000; |
|
29 |
+ border: 1px solid #FF0000; |
|
30 |
+ background-color: #FFFFFF; |
|
31 |
+} |
|
32 |
+ |
|
33 |
+ |
|
34 |
+span.login_label { |
|
35 |
+ display: block; |
|
36 |
+ float: left; |
|
37 |
+ width: 130px; |
|
38 |
+} |
|
39 |
+ |
|
40 |
+input[type=text],input[type=password],textarea,select { |
|
41 |
+ border: 1px solid black; |
|
42 |
+ padding: 3px; |
|
43 |
+ } |
|
44 |
+ |
|
45 |
+input[type=text]:focus,input[type=password]:focus,textarea:focus { |
|
46 |
+ border: 1px solid red; |
|
47 |
+ background-color: #FFFFFF; |
|
48 |
+ } |
|
49 |
+ |
|
50 |
+ |
|
51 |
+ |
|
52 |
+ |
|
53 |
+ |
|
54 |
+div.menu { |
|
55 |
+ width: 190px; |
|
56 |
+ float: left; |
|
57 |
+ |
|
58 |
+} |
|
59 |
+ |
|
60 |
+ |
|
61 |
+a.menuitem { |
|
62 |
+ display: block; |
|
63 |
+ padding: 4px; |
|
64 |
+ margin: 3px; |
|
65 |
+ text-decoration: none; |
|
66 |
+ color: #000000; |
|
67 |
+} |
|
68 |
+ |
|
69 |
+a.active { |
|
70 |
+ padding: 3px; |
|
71 |
+ border: 1px solid #000000; |
|
72 |
+} |
|
73 |
+ |
|
74 |
+a.menuitem:hover { |
|
75 |
+ padding: 3px; |
|
76 |
+ border: 1px dotted #000000; |
|
77 |
+ text-decoration: none; |
|
78 |
+ color: #000000; |
|
79 |
+} |
|
80 |
+ |
|
81 |
+ |
|
82 |
+div#beta { |
|
83 |
+ clear: both; |
|
84 |
+ padding: 4px; |
|
85 |
+ color: #000000; |
|
86 |
+ border: 1px solid #FF0000; |
|
87 |
+ background-color: #FFFFFF; |
|
88 |
+ margin-bottom: 1em; |
|
89 |
+} |
|
90 |
+ |
|
91 |
+div#beta p { |
|
92 |
+ padding: 0; |
|
93 |
+ margin: 0; |
|
94 |
+ margin-top: 0.3em; |
|
95 |
+} |
|
96 |
+ |
|
97 |
+div#beta h3 { |
|
98 |
+ padding: 0; |
|
99 |
+ margin: 0; |
|
100 |
+} |
|
101 |
+ |
|
102 |
+ |
|
103 |
+div.content { |
|
104 |
+ margin-left: 200px; |
|
105 |
+ padding-left: 10px; |
|
106 |
+ border-left: 1px solid #000000; |
|
107 |
+} |
|
108 |
+ |
|
109 |
+ |
|
110 |
+div.foot { |
|
111 |
+ border-top: 2px dotted #000000; |
|
112 |
+ font-size: 90%; |
|
113 |
+} |
|
114 |
+ |
|
115 |
+ |
|
116 |
+h3 { |
|
117 |
+ border-bottom: 2px dotted #000000; |
|
118 |
+} |
|
119 |
+ |
|
120 |
+ |
|
121 |
+ul { |
|
122 |
+ margin-bottom: 10px; |
|
123 |
+} |
|
124 |
+ |
|
125 |
+table { |
|
126 |
+ border-collapse: collapse; |
|
127 |
+} |
|
128 |
+ |
|
129 |
+td { |
|
130 |
+ border: 1px solid black; |
|
131 |
+ padding: 0.5em; |
|
132 |
+} |
|
133 |
+ |
|
134 |
+th { |
|
135 |
+ padding: 0px 1em; |
|
136 |
+} |
|
137 |
+ |
|
138 |
+a { |
|
139 |
+ text-decoration: none; |
|
140 |
+ font-weight: bold; |
|
141 |
+ |
|
142 |
+} |
|
143 |
+ |
|
144 |
+a:hover { |
|
145 |
+ text-decoration: underline; |
|
146 |
+} |
... | ... |
@@ -0,0 +1,45 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/debug.php'); |
|
4 |
+$go = $_GET['go']; |
|
5 |
+ |
|
6 |
+/* |
|
7 |
+ sanitize $go |
|
8 |
+*/ |
|
9 |
+ |
|
10 |
+if (strstr($go, "..") or strstr($go, "./") or strstr($go, ":") or (! file_exists("modules/$go"))) |
|
11 |
+{ |
|
12 |
+ die("illegal command"); |
|
13 |
+} |
|
14 |
+ |
|
15 |
+ |
|
16 |
+/* |
|
17 |
+ contruct prefix |
|
18 |
+*/ |
|
19 |
+ |
|
20 |
+global $prefix; |
|
21 |
+$prefix = "../"; |
|
22 |
+$count = 0; |
|
23 |
+str_replace("/", "x", $go, $count); |
|
24 |
+ |
|
25 |
+$prefix = $prefix.str_repeat("../", $count); |
|
26 |
+ |
|
27 |
+ |
|
28 |
+require_once('session/start.php'); |
|
29 |
+ |
|
30 |
+$output = ""; |
|
31 |
+include("inc/base.php"); |
|
32 |
+/* setup module include path */ |
|
33 |
+ini_set('include_path',ini_get('include_path').':./modules/'.dirname($go).'/include:'); |
|
34 |
+ |
|
35 |
+/* Let the module work */ |
|
36 |
+include("modules/".$go); |
|
37 |
+ |
|
38 |
+$section = str_replace("/", "_", str_replace(".php", "", $go)); |
|
39 |
+ |
|
40 |
+include('inc/top.php'); |
|
41 |
+print $output; |
|
42 |
+include('inc/bottom.php'); |
|
43 |
+ |
|
44 |
+ |
|
45 |
+?> |
... | ... |
@@ -0,0 +1,45 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+function output($arg) |
|
4 |
+{ |
|
5 |
+ global $output; |
|
6 |
+ $output .= $arg; |
|
7 |
+} |
|
8 |
+ |
|
9 |
+ |
|
10 |
+function random_string($nc, $a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { |
|
11 |
+ $l=strlen($a)-1; $r=''; |
|
12 |
+ while($nc-->0) $r.=$a{mt_rand(0,$l)}; |
|
13 |
+ return $r; |
|
14 |
+ } |
|
15 |
+ |
|
16 |
+ |
|
17 |
+function are_you_sure($query_string, $question) |
|
18 |
+{ |
|
19 |
+ $token = random_string(20); |
|
20 |
+ $_SESSION['random_token'] = $token; |
|
21 |
+ output("<form action=\"?{$query_string}\" method=\"post\">\n"); |
|
22 |
+ output("<p class=\"confirmation\">{$question}<br />\n"); |
|
23 |
+ output("<input type=\"hidden\" name=\"random_token\" value=\"{$token}\" />\n"); |
|
24 |
+ output("<input type=\"submit\" name=\"really\" value=\"Ja\" />\n<input type=\"submit\" name=\"not_really\" value=\"Nein\" /></p>"); |
|
25 |
+} |
|
26 |
+ |
|
27 |
+ |
|
28 |
+function user_is_sure() |
|
29 |
+{ |
|
30 |
+ if (isset($_POST['really'])) |
|
31 |
+ { |
|
32 |
+ if ($_POST['random_token'] == $_SESSION['random_token']) |
|
33 |
+ return true; |
|
34 |
+ else |
|
35 |
+ system_failure("Possible Cross-site-request-forgery detected!"); |
|
36 |
+ } |
|
37 |
+ elseif (isset($_POST['not_really'])) |
|
38 |
+ return false; |
|
39 |
+ else |
|
40 |
+ return NULL; |
|
41 |
+} |
|
42 |
+ |
|
43 |
+ |
|
44 |
+ |
|
45 |
+?> |
... | ... |
@@ -0,0 +1,25 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+if (! defined ("BOTTOM_INCLUDED")) |
|
4 |
+{ |
|
5 |
+define("BOTTOM_INCLUDED", true); |
|
6 |
+?> |
|
7 |
+<div class="foot"> |
|
8 |
+<p>Sollten Sie auf dieser Administrations-Oberfläche ein Problem entdecken oder Hilfe benötigen, schreiben Sie bitte eine einfache eMail an <a href="mailto:root@schokokeks.org">root@schokokeks.org</a>.</p> |
|
9 |
+</div> |
|
10 |
+ |
|
11 |
+</div> |
|
12 |
+ |
|
13 |
+<?php |
|
14 |
+/*<div id="beta"> |
|
15 |
+ <h3>Bitte beachten Sie</h3> |
|
16 |
+ <p>Diese Web-Oberfläche ist im Probe-Betrieb. Es könnte sein, dass manche Funktionen fehlerhaft arbeiten und dabei Daten zerstört werden. Melden Sie bitte etwaige Fehler umgehend an die Administratoren!</p> |
|
17 |
+</div> |
|
18 |
+*/ |
|
19 |
+?> |
|
20 |
+</body> |
|
21 |
+</html> |
|
22 |
+ |
|
23 |
+<?php |
|
24 |
+} |
|
25 |
+?> |
... | ... |
@@ -0,0 +1,16 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/error.php'); |
|
4 |
+ |
|
5 |
+$config = array(); |
|
6 |
+ |
|
7 |
+require_once('config.php'); |
|
8 |
+ |
|
9 |
+ |
|
10 |
+if (!@mysql_connect($config['db_host'], $config['db_user'], $config['db_pass'])) |
|
11 |
+ system_failure('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.'); |
|
12 |
+ |
|
13 |
+if (!@mysql_query('SET NAMES utf8')) |
|
14 |
+ system_failure('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!'); |
|
15 |
+ |
|
16 |
+?> |
... | ... |
@@ -0,0 +1,122 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+function system_failure($reason) |
|
4 |
+{ |
|
5 |
+ include('inc/top.php'); |
|
6 |
+ echo '<div class="error"> |
|
7 |
+ <h3>Fehler</h3> |
|
8 |
+ <p>Es ist ein Fehler aufgetreten: '.$reason.'</p> |
|
9 |
+ </div>'; |
|
10 |
+ include('inc/bottom.php'); |
|
11 |
+ die(); |
|
12 |
+} |
|
13 |
+ |
|
14 |
+ |
|
15 |
+function input_error($reason) |
|
16 |
+{ |
|
17 |
+ global $input_error; |
|
18 |
+ if (!isset($input_error)) |
|
19 |
+ $input_error = array(); |
|
20 |
+ array_push($input_error, $reason); |
|
21 |
+} |
|
22 |
+ |
|
23 |
+function warning($msg) |
|
24 |
+{ |
|
25 |
+ global $warning; |
|
26 |
+ if (!isset($warning)) |
|
27 |
+ $warning = array(); |
|
28 |
+ array_push($warning, $msg); |
|
29 |
+} |
|
30 |
+ |
|
31 |
+function success_msg($msg) |
|
32 |
+{ |
|
33 |
+ global $success_msg; |
|
34 |
+ if (!isset($success_msg)) |
|
35 |
+ $success_msg = array(); |
|
36 |
+ array_push($success_msg, $msg); |
|
37 |
+} |
|
38 |
+ |
|
39 |
+ |
|
40 |
+function show_messages() |
|
41 |
+{ |
|
42 |
+ global $input_error; |
|
43 |
+ global $success_msg; |
|
44 |
+ global $warning; |
|
45 |
+ if (isset($input_error)) |
|
46 |
+ { |
|
47 |
+ echo '<div class="error"> |
|
48 |
+ <h3>Fehler</h3> |
|
49 |
+ <p>Folgende Fehler wurden festgestellt: </p> |
|
50 |
+ <ul> |
|
51 |
+ '; |
|
52 |
+ foreach ($input_error as $error) |
|
53 |
+ { |
|
54 |
+ echo '<li>'.$error."</li>\n"; |
|
55 |
+ } |
|
56 |
+ echo '</ul> |
|
57 |
+ </div>'; |
|
58 |
+ } |
|
59 |
+ if (isset($warning)) |
|
60 |
+ { |
|
61 |
+ echo '<div class="error"> |
|
62 |
+ <ul> |
|
63 |
+ '; |
|
64 |
+ foreach ($warning as $msg) |
|
65 |
+ { |
|
66 |
+ echo '<li>'.$msg."</li>\n"; |
|
67 |
+ } |
|
68 |
+ echo '</ul> |
|
69 |
+ </div>'; |
|
70 |
+ } |
|
71 |
+ if (isset($success_msg)) |
|
72 |
+ { |
|
73 |
+ echo '<div class="success"> |
|
74 |
+ <ul> |
|
75 |
+ '; |
|
76 |
+ foreach ($success_msg as $msg) |
|
77 |
+ { |
|
78 |
+ echo '<li>'.$msg."</li>\n"; |
|
79 |
+ } |
|
80 |
+ echo '</ul> |
|
81 |
+ </div>'; |
|
82 |
+ } |
|
83 |
+} |
|
84 |
+ |
|
85 |
+ |
|
86 |
+function require_role($roles) |
|
87 |
+{ |
|
88 |
+ if (! is_array($roles)) |
|
89 |
+ $roles = array($roles); |
|
90 |
+ $allow = false; |
|
91 |
+ foreach ($roles as $role) |
|
92 |
+ if ($role == $_SESSION['role']) |
|
93 |
+ $allow = true; |
|
94 |
+ if (! $allow) |
|
95 |
+ login_screen("Diese Seite können Sie mit Ihren aktuellen Zugriffsrechten nicht benutzen, bitte melden Sie sich mit den benötigten Zugriffsrechten an!"); |
|
96 |
+} |
|
97 |
+ |
|
98 |
+ |
|
99 |
+function login_screen($why) |
|
100 |
+{ |
|
101 |
+ $title = 'Login'; |
|
102 |
+ include('inc/top.php'); |
|
103 |
+ echo '<h3>Sie sind nicht am System angemeldet!</h3>'; |
|
104 |
+ if ($why != "") |
|
105 |
+ { |
|
106 |
+ echo '<p class="warning"><b>Fehler:</b> '.$why.'</p>'; |
|
107 |
+ } |
|
108 |
+ echo '<form action="" method="post"> |
|
109 |
+ <p><span class="login_label">Benutzer<sup>*</sup>:</span> <input type="text" name="username" size="30" /></p> |
|
110 |
+ <p><span class="login_label">Passwort:</span> <input type="password" name="password" size="30" /></p> |
|
111 |
+ <p><span class="login_label"> </span> <input type="submit" value="Anmelden" /></p> |
|
112 |
+ </form> |
|
113 |
+ <p><sup>*</sup> Sie können sich hier mit Ihrem System-Benutzernamen, Ihrer System-User-ID oder Ihrer Kundennummer anmelden. Je nach gewählten Daten erhalten Sie unterschiedliche Zugriffsrechte.</p> |
|
114 |
+ <p>Sofern Sie für Ihren Kundenaccount noch kein Passwort festgelegt haben oder Ihres vergessen haben, klicken Sie bitte <a href="new_password.php">hier</a></p> |
|
115 |
+ <p>Sollten Sie als Benutzer Ihr Passwort vergessen haben, wenden Sie sich bitte an den Inhaber des Kundenaccounts.</p>'; |
|
116 |
+ include('inc/bottom.php'); |
|
117 |
+ die(); |
|
118 |
+ |
|
119 |
+} |
|
120 |
+ |
|
121 |
+ |
|
122 |
+?> |
... | ... |
@@ -0,0 +1,128 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+if (! defined("TOP_INCLUDED")) |
|
4 |
+{ |
|
5 |
+ |
|
6 |
+define("TOP_INCLUDED", true); |
|
7 |
+ |
|
8 |
+require_once("config.php"); |
|
9 |
+global $config; |
|
10 |
+require_once("inc/error.php"); |
|
11 |
+global $prefix; |
|
12 |
+ |
|
13 |
+$menuitem = array(); |
|
14 |
+$weighted_menuitem = array(); |
|
15 |
+ |
|
16 |
+foreach ($config['modules'] as $module) |
|
17 |
+{ |
|
18 |
+ $menu = array(); |
|
19 |
+ include("modules/$module/menu.php"); |
|
20 |
+ // $menu["foo"]["file"] enthält den Link |
|
21 |
+ foreach (array_keys($menu) as $key) |
|
22 |
+ { |
|
23 |
+ $menu[$key]["file"] = $prefix."go/".$module."/".$menu[$key]["file"]; |
|
24 |
+ $weight = $menu[$key]["weight"]; |
|
25 |
+ if (array_key_exists($weight, $weighted_menuitem)) |
|
26 |
+ array_merge($weighted_menuitem[$weight], array($key => $menu[$key])); |
|
27 |
+ else |
|
28 |
+ $weighted_menuitem[$weight] = array($key => $menu[$key]); |
|
29 |
+ } |
|
30 |
+ $menuitem = array_merge($menuitem, $menu); |
|
31 |
+} |
|
32 |
+ |
|
33 |
+ksort($weighted_menuitem); |
|
34 |
+DEBUG(print_r($weighted_menuitem, true)); |
|
35 |
+ |
|
36 |
+ |
|
37 |
+ |
|
38 |
+/* |
|
39 |
+$menuitem["index"]["label"] = "Übersicht"; |
|
40 |
+$menuitem["index"]["file"] = "index.php"; |
|
41 |
+ |
|
42 |
+ |
|
43 |
+$menuitem["domains"]["label"] = "Domains"; |
|
44 |
+$menuitem["domains"]["file"] = "domains.php"; |
|
45 |
+ |
|
46 |
+ |
|
47 |
+$menuitem["mail"]["label"] = "E-Mail"; |
|
48 |
+$menuitem["mail"]["file"] = "mail.php"; |
|
49 |
+ |
|
50 |
+$menuitem["chpass"]["label"] = "Passwort ändern"; |
|
51 |
+$menuitem["chpass"]["file"] = "chpass.php"; |
|
52 |
+ |
|
53 |
+ |
|
54 |
+$menuitem["logout"]["label"] = "Abmelden"; |
|
55 |
+$menuitem["logout"]["file"] = "logout.php"; |
|
56 |
+ |
|
57 |
+*/ |
|
58 |
+ |
|
59 |
+ |
|
60 |
+?> |
|
61 |
+ |
|
62 |
+ |
|
63 |
+<?php echo '<?xml version="1.0" encoding="utf-8"?>'; ?> |
|
64 |
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" |
|
65 |
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> |
|
66 |
+ |
|
67 |
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de"> |
|
68 |
+<head> |
|
69 |
+ |
|
70 |
+<?php |
|
71 |
+if ($title != "") |
|
72 |
+ echo '<title>Administration - '.$title.'</title>'; |
|
73 |
+else |
|
74 |
+ echo '<title>Administration</title>'; |
|
75 |
+ |
|
76 |
+echo ' |
|
77 |
+<link rel="stylesheet" href="'.$prefix.'css/admin.css" type="text/css" media="screen" title="Normal" />' |
|
78 |
+?> |
|
79 |
+ |
|
80 |
+</head> |
|
81 |
+<body> |
|
82 |
+ |
|
83 |
+ |
|
84 |
+<div class="menu"> |
|
85 |
+<img src="<?php echo $prefix; ?>images/schokokeks.png" width="190" height="136" alt="schokokeks.org" /> |
|
86 |
+ |
|
87 |
+<?php |
|
88 |
+ |
|
89 |
+ foreach ($weighted_menuitem as $key => $menuitem) |
|
90 |
+ foreach ($menuitem as $key => $item) |
|
91 |
+ { |
|
92 |
+ if ($key == $section) |
|
93 |
+ { |
|
94 |
+ echo '<a href="'.$item['file'].'" class="menuitem active">'.$item['label'].'</a>'."\n"; |
|
95 |
+ if (isset($submenu[$key])) |
|
96 |
+ { |
|
97 |
+ echo "\n"; |
|
98 |
+ foreach ($submenu[$key] as $item) |
|
99 |
+ { |
|
100 |
+ if (basename($_SERVER['PHP_SELF']) == basename($item['file'])) |
|
101 |
+ echo '<a href="'.$item['file'].'" class="submenuitem subactive">'.$item['label'].'</a>'."\n"; |
|
102 |
+ else |
|
103 |
+ echo '<a href="'.$item['file'].'" class="submenuitem">'.$item['label'].'</a>'."\n"; |
|
104 |
+ } |
|
105 |
+ echo "\n"; |
|
106 |
+ } |
|
107 |
+ } |
|
108 |
+ else |
|
109 |
+ echo '<a href="'.$item['file'].'" class="menuitem">'.$item['label'].'</a>'."\n"; |
|
110 |
+ |
|
111 |
+ } |
|
112 |
+ |
|
113 |
+?> |
|
114 |
+ |
|
115 |
+</div> |
|
116 |
+ |
|
117 |
+<div class="content"> |
|
118 |
+ |
|
119 |
+<?php |
|
120 |
+show_messages(); |
|
121 |
+ |
|
122 |
+} |
|
123 |
+ |
|
124 |
+?> |
|
125 |
+ |
|
126 |
+ |
|
127 |
+ |
|
128 |
+ |
... | ... |
@@ -0,0 +1,42 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/debug.php'); |
|
4 |
+ |
|
5 |
+require_once('session/start.php'); |
|
6 |
+ |
|
7 |
+require_once('domains.php'); |
|
8 |
+ |
|
9 |
+require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER)); |
|
10 |
+ |
|
11 |
+switch ($_SESSION['role']) |
|
12 |
+{ |
|
13 |
+ case ROLE_SYSTEMUSER: |
|
14 |
+ $user_domains = get_domain_names($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']); |
|
15 |
+ $info = 'userinfo'; |
|
16 |
+ break; |
|
17 |
+ case ROLE_CUSTOMER: |
|
18 |
+ $user_domains = get_domain_names($_SESSION['customerinfo']['customerno']); |
|
19 |
+ break; |
|
20 |
+ default: |
|
21 |
+ $info = NULL; |
|
22 |
+ break; |
|
23 |
+} |
|
24 |
+ |
|
25 |
+$title = "Domainüberblick"; |
|
26 |
+ |
|
27 |
+output('<h3>Domains</h3> |
|
28 |
+<p>In Ihrem Account werden die folgenden Domains verwaltet:</p> |
|
29 |
+<table> |
|
30 |
+<tr><th>Domainname</th><th>Reg-Datum</th><th>Kündigungsdatum</th></tr> |
|
31 |
+'); |
|
32 |
+foreach ($user_domains as $domain) |
|
33 |
+{ |
|
34 |
+ $canc = $domain['cancel_date']; |
|
35 |
+ output(" <tr><td><a href=\"http://www.{$domain['domainname']}\">{$domain['domainname']}</a></td><td>{$domain['reg_date']}</td><td>{$canc}</td></tr>\n"); |
|
36 |
+} |
|
37 |
+output('</table>'); |
|
38 |
+output("<br />"); |
|
39 |
+ |
|
40 |
+ |
|
41 |
+ |
|
42 |
+?> |
... | ... |
@@ -0,0 +1,62 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/db_connect.php'); |
|
4 |
+require_once('inc/debug.php'); |
|
5 |
+ |
|
6 |
+function get_domain_names($customerno, $uid = NULL) |
|
7 |
+{ |
|
8 |
+ $customerno = (int) $customerno; |
|
9 |
+ $query = "SELECT id,CONCAT_WS('.', domainname, tld) AS domainname, registrierungsdatum, kuendigungsdatum FROM kundendaten.domains WHERE"; |
|
10 |
+ if ($uid !== NULL) |
|
11 |
+ { |
|
12 |
+ $uid = (int) $uid; |
|
13 |
+ $query .= " useraccount={$uid};"; |
|
14 |
+ } |
|
15 |
+ else |
|
16 |
+ { |
|
17 |
+ $query .= " kunde={$customerno};"; |
|
18 |
+ } |
|
19 |
+ DEBUG('Datenbank-Query (get_domain_names): '.$query."<br />\n"); |
|
20 |
+ |
|
21 |
+ $result = @mysql_query($query); |
|
22 |
+ if (@mysql_error()) |
|
23 |
+ system_failure('Die Domains zu Ihrem Account konnten nicht ermittelt werden. Bitte melden Sie diesen Fehler an einen Administrator. Die Fehlermeldung der Datenbank ist: '.mysql_error()); |
|
24 |
+ |
|
25 |
+ $domains = array(); |
|
26 |
+ DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n"); |
|
27 |
+ if (mysql_num_rows($result) > 0) |
|
28 |
+ while ($domain = mysql_fetch_object($result)) |
|
29 |
+ array_push($domains, array('id' => $domain->id, |
|
30 |
+ 'domainname' => $domain->domainname, |
|
31 |
+ 'reg_date' => $domain->registrierungsdatum, |
|
32 |
+ 'cancel_date' => $domain->kuendigungsdatum)); |
|
33 |
+ |
|
34 |
+ return $domains; |
|
35 |
+} |
|
36 |
+ |
|
37 |
+ |
|
38 |
+/* |
|
39 |
+function get_mail_virtualdomain($domain) |
|
40 |
+{ |
|
41 |
+ $config = array(); |
|
42 |
+ $lines = file('/home/webadmin/cache/virtualdomains'); |
|
43 |
+ foreach ($lines as $line) |
|
44 |
+ { |
|
45 |
+ $line = chop($line); |
|
46 |
+ $fields = explode(':', $line, 3); |
|
47 |
+ if ($fields[0] == $domain) |
|
48 |
+ array_push($config, array('subdomain' => '', |
|
49 |
+ 'user' => $fields[1], |
|
50 |
+ 'prefix' => $fields[2])); |
|
51 |
+ if (ereg('^.*\.'.$domain, $fields[0])) |
|
52 |
+ array_push($config, array('subdomain' => ereg_replace('^(.*)\.'.$domain, '\1', $fields[0]), |
|
53 |
+ 'user' => $fields[1], |
|
54 |
+ 'prefix' => $fields[2])); |
|
55 |
+ } |
|
56 |
+ return $config; |
|
57 |
+} |
|
58 |
+*/ |
|
59 |
+ |
|
60 |
+ |
|
61 |
+ |
|
62 |
+?> |
... | ... |
@@ -0,0 +1,216 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('session/start.php'); |
|
4 |
+ |
|
5 |
+require_once('domains.php'); |
|
6 |
+require_once('mailaccounts.php'); |
|
7 |
+ |
|
8 |
+require_role(ROLE_SYSTEMUSER); |
|
9 |
+ |
|
10 |
+$user = $_SESSION['userinfo']; |
|
11 |
+ |
|
12 |
+$param = ''; |
|
13 |
+if ($debugmode) |
|
14 |
+ $param="debug"; |
|
15 |
+ |
|
16 |
+$title = "E-Mail-Accounts"; |
|
17 |
+ |
|
18 |
+ |
|
19 |
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true))); |
|
20 |
+if (isset($_GET['action']) && $_GET['action'] == 'save') |
|
21 |
+{ |
|
22 |
+ if (isset($_GET['id'])) |
|
23 |
+ { |
|
24 |
+ $account = $_POST['user'].'@'.$_POST['domain']; |
|
25 |
+ if (isset($_POST['enabled']) && $_POST['enabled'] == 'true') |
|
26 |
+ $enabled = 'Y'; |
|
27 |
+ else |
|
28 |
+ $enabled = 'N'; |
|
29 |
+ $acc = array('id' => $_GET['id'], 'account' => $account, 'mailbox' => $_POST['mailbox'], 'enabled' => $enabled); |
|
30 |
+ if ($_POST['password'] != '') |
|
31 |
+ $acc['password'] = $_POST['password']; |
|
32 |
+ $error = check_valid($acc); |
|
33 |
+ if ($error != "") |
|
34 |
+ { |
|
35 |
+ input_error($error); |
|
36 |
+ $section = "mail"; |
|
37 |
+ $title = "E-Mail-Accounts"; |
|
38 |
+ output(""); |
|
39 |
+ } |
|
40 |
+ else |
|
41 |
+ { |
|
42 |
+ change_mailaccount($_GET['id'], $acc); |
|
43 |
+ if (! $debugmode) |
|
44 |
+ header('Location: accounts.php'); |
|
45 |
+ die(); |
|
46 |
+ } |
|
47 |
+ } |
|
48 |
+ elseif (isset($_POST['create'])) |
|
49 |
+ { |
|
50 |
+ $account = $_POST['user'].'@'.$_POST['domain']; |
|
51 |
+ if (isset($_POST['enabled']) && $_POST['enabled'] == 'true') |
|
52 |
+ $enabled = 'Y'; |
|
53 |
+ else |
|
54 |
+ $enabled = 'N'; |
|
55 |
+ $acc = array('account' => $account, 'mailbox' => $_POST['mailbox'], 'enabled' => $enabled); |
|
56 |
+ if ($_POST['password'] != '') |
|
57 |
+ $acc['password'] = $_POST['password']; |
|
58 |
+ $error = check_valid($acc); |
|
59 |
+ if ($error != "") |
|
60 |
+ { |
|
61 |
+ input_error($error); |
|
62 |
+ output(""); |
|
63 |
+ } |
|
64 |
+ else |
|
65 |
+ { |
|
66 |
+ create_mailaccount($acc); |
|
67 |
+ if (! $debugmode) |
|
68 |
+ header('Location: accounts.php'); |
|
69 |
+ die(); |
|
70 |
+ } |
|
71 |
+ } |
|
72 |
+} |
|
73 |
+elseif (isset($_GET['action']) && $_GET['action'] == 'create') |
|
74 |
+{ |
|
75 |
+ output('<h3>E-Mail-Account anlegen</h3> |
|
76 |
+<p>Hier können Sie ein neues POP3/IMAP-Konto anlegen.</p> |
|
77 |
+ <form action="accounts.php?action=save&'.$param.'" method="post"> |
|
78 |
+ <table style="margin-bottom: 1em;"> |
|
79 |
+ <tr><th>Einstellung:</th><th>Wert:</th><th> </th></tr> |
|
80 |
+ <tr> |
|
81 |
+ <td>Benutzername:</td> |
|
82 |
+ <td><input type="text" id="user" name="user" />@<select name="domain" size="1"> |
|
83 |
+ <option value="schokokeks.org">schokokeks.org</option> |
|
84 |
+ '); |
|
85 |
+ require_once('domains.php'); |
|
86 |
+ $domains = get_domain_names($user['customerno'], $user['uid']); |
|
87 |
+ if (count($domains) > 0) |
|
88 |
+ output('<option>----------------------------</option>'); |
|
89 |
+ foreach ($domains as $dom) |
|
90 |
+ output('<option value="'.$dom['domainname'].'">'.$dom['domainname'].'</option>'); |
|
91 |
+ output('</select></td> |
|
92 |
+ |
|
93 |
+ </tr> |
|
94 |
+ <tr> |
|
95 |
+ <td>Mailbox:</td> |
|
96 |
+ <td><input type="text" id="mailbox" name="mailbox" value="'.$user['homedir'].'/" /></td> |
|
97 |
+ </tr> |
|
98 |
+ <tr> |
|
99 |
+ <td>Passwort:</td> |
|
100 |
+ <td><input type="password" id="password" name="password" value="" /></td> |
|
101 |
+ </tr> |
|
102 |
+ <tr> |
|
103 |
+ <td>Account sofort aktivieren:</td> |
|
104 |
+ <td><input type="checkbox" id="enabled" name="enabled" value="true" /></td> |
|
105 |
+ </tr> |
|
106 |
+ </table> |
|
107 |
+ <p><input type="submit" name="create" value="Anlegen" /><br /> |
|
108 |
+ </form> |
|
109 |
+ '); |
|
110 |
+} |
|
111 |
+elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && $_GET['account'] != '') |
|
112 |
+{ |
|
113 |
+ if ($_POST['confirm'] == 'yes') |
|
114 |
+ { |
|
115 |
+ delete_mailaccount($_GET['account']); |
|
116 |
+ if (! $debugmode) |
|
117 |
+ header('Location: accounts.php'); |
|
118 |
+ die(); |
|
119 |
+ } |
|
120 |
+ else |
|
121 |
+ { |
|
122 |
+ output('<h3>E-Mail-Account löschen</h3> |
|
123 |
+ <p>Soll der folgende Account wirklich gelöscht werden?</p> |
|
124 |
+ '); |
|
125 |
+ $_GET['account'] = (int) $_GET['account']; |
|
126 |
+ $account = get_mailaccount($_GET['account']); |
|
127 |
+ $enabled = ($account['enabled'] ? 'Ja' : 'Nein'); |
|
128 |
+ output('<form action="accounts.php?action=delete&account='.$_GET['account'].'&'.$param.'" method="post"> |
|
129 |
+ <table style="margin-bottom: 1em;"> |
|
130 |
+ <tr><td>Benutzername:</td> |
|
131 |
+ <td>'.$account['account'].'</td> |
|
132 |
+ </tr> |
|
133 |
+ <tr><td>Mailbox:</td> |
|
134 |
+ <td>'.$account['mailbox'].'</td> |
|
135 |
+ </tr> |
|
136 |
+ <tr><td>Konto aktiv:</td> |
|
137 |
+ <td>'.$enabled.'</td> |
|
138 |
+ </table> |
|
139 |
+ <p><input type="hidden" name="confirm" value="yes" /> |
|
140 |
+ <input type="submit" value="Wirklich löschen" /> |
|
141 |
+ </p> |
|
142 |
+ </form> |
|
143 |
+ '); |
|
144 |
+ } |
|
145 |
+} |
|
146 |
+elseif (isset($_GET['edit'])) |
|
147 |
+{ |
|
148 |
+ output('<h3>E-Mail-Account bearbeiten</h3> |
|
149 |
+<p>Hier können Sie die Einstellungen des IMAP-Kontos bearbeiten.</p> |
|
150 |
+'); |
|
151 |
+ $_GET['edit'] = (int) $_GET['edit']; |
|
152 |
+ $account = get_mailaccount($_GET['edit']); |
|
153 |
+ list($username, $domain) = explode('@', $account['account'], 2); |
|
154 |
+ $enabled = ($account['enabled'] ? ' checked="checked"' : ''); |
|
155 |
+ output('<form action="accounts.php?action=save&id='.$_GET['edit'].'&'.$param.'" method="post"> |
|
156 |
+ <table style="margin-bottom: 1em;"> |
|
157 |
+ <tr><th>Einstellung:</th><th>alter Wert:</th><th>neuer Wert:</th><th> </th></tr> |
|
158 |
+ <tr><td>Benutzername:</td><td><input type="text" id="old_account" name="old_account" value="'.$account['account'].'" readonly="readonly" style="background-color: #C0C0C0;" /></td> |
|
159 |
+ <td><input type="text" id="user" name="user" value="'.$username.'" />@<select name="domain" id="domain" size="1"> |
|
160 |
+ <option value="schokokeks.org">schokokeks.org</option> |
|
161 |
+ '); |
|
162 |
+ require_once('domains.php'); |
|
163 |
+ $domains = get_domain_names($user['customerno'], $user['uid']); |
|
164 |
+ if (count($domains) > 0) |
|
165 |
+ output('<option>----------------------------</option>'); |
|
166 |
+ foreach ($domains as $dom) |
|
167 |
+ if ($domain == $dom['domainname']) |
|
168 |
+ output('<option value="'.$dom['domainname'].'" selected="selected">'.$dom['domainname'].'</option>'); |
|
169 |
+ else |
|
170 |
+ output('<option value="'.$dom['domainname'].'">'.$dom['domainname'].'</option>'); |
|
171 |
+ |
|
172 |
+ output('</select></td> |
|
173 |
+ <td><input type="button" onclick="document.getElementById(\'user\').value = \''.$username.'\' ; document.getElementById(\'domain\').value = \''.$domain.'\'" value="Zeile zurücksetzen" /></td></tr> |
|
174 |
+ <tr><td>Mailbox:</td><td><input type="text" id="old_mailbox" name="old_mailbox" value="'.$account['mailbox'].'" readonly="readonly" style="background-color: #C0C0C0;" /></td> |
|
175 |
+ <td><input type="text" id="mailbox" name="mailbox" value="'.$account['mailbox'].'" /></td> |
|
176 |
+ <td><input type="button" onclick="document.getElementById(\'mailbox\').value = document.getElementById(\'old_mailbox\').value" value="Zeile zurücksetzen" /></td></tr> |
|
177 |
+ <tr><td>Passwort:</td><td><i>nicht angezeigt</i></td> |
|
178 |
+ <td><input type="password" id="password" name="password" value="" /></td> |
|
179 |
+ <td><input type="button" onclick="document.getElementById(\'password\').value = \'\'" value="Zeile zurücksetzen" /></td></tr> |
|
180 |
+ <tr><td>Konto aktiv:</td> |
|
181 |
+ <td> </td> |
|
182 |
+ <td><input type="checkbox" id="enabled" name="enabled" value="true"'.$enabled.' /></td> |
|
183 |
+ <td> </td></tr> |
|
184 |
+ </table> |
|
185 |
+ <p><input type="submit" value="Änderungen speichern" /><br /> |
|
186 |
+ Hinweis: Das Passwort wird nur geändert, wenn Sie auf dieser Seite eines eingeben. Geben Sie keines an, wird das bisherige beibehalten!</p> |
|
187 |
+ </form> |
|
188 |
+ '); |
|
189 |
+ |
|
190 |
+} |
|
191 |
+else |
|
192 |
+{ |
|
193 |
+ output('<h3>E-Mail-Accounts</h3> |
|
194 |
+<p>Folgende POP3/IMAP-Konten sind eingerichtet:</p> |
|
195 |
+<table style="margin-bottom: 1em;"> |
|
196 |
+<tr><th>Benutzername:</th><th>Mailbox-Pfad:</th><th>aktiv</th><th> </th></tr> |
|
197 |
+'); |
|
198 |
+ |
|
199 |
+ foreach (mailaccounts($user['uid']) as $account) |
|
200 |
+ { |
|
201 |
+ $mailbox = $account['mailbox']; |
|
202 |
+ if (empty($mailbox)) |
|
203 |
+ $mailbox = '<i>nicht festgelegt</i>'; |
|
204 |
+ output('<tr> |
|
205 |
+ <td>'.$account['account'].'</td> |
|
206 |
+ <td>'.$mailbox.'</td> |
|
207 |
+ <td><b>'.($account['enabled'] ? 'Ja' : 'Nein').'</b></td> |
|
208 |
+ <td><a href="accounts.php?edit='.$account['id'].'">bearbeiten</a></td><td><a href="accounts.php?action=delete&account='.$account['id'].'">löschen</a></td></li>'); |
|
209 |
+ } |
|
210 |
+ output('</table> |
|
211 |
+<p><a href="accounts.php?action=create">Neuen Account anlegen</a></p> |
|
212 |
+ |
|
213 |
+'); |
|
214 |
+} |
|
215 |
+ |
|
216 |
+?> |
... | ... |
@@ -0,0 +1,198 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/debug.php'); |
|
4 |
+require_once('inc/db_connect.php'); |
|
5 |
+ |
|
6 |
+function mailaccounts($uid) |
|
7 |
+{ |
|
8 |
+ $uid = (int) $uid; |
|
9 |
+ $query = "SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid"; |
|
10 |
+ DEBUG("SQL-Query: {$query}"); |
|
11 |
+ $result = @mysql_query($query); |
|
12 |
+ if (mysql_error()) |
|
13 |
+ system_failure(mysql_error()); |
|
14 |
+ DEBUG("Found ".@mysql_num_rows($result)." rows!"); |
|
15 |
+ $accounts = array(); |
|
16 |
+ if (@mysql_num_rows($result) > 0) |
|
17 |
+ while ($acc = @mysql_fetch_object($result)) |
|
18 |
+ array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1))); |
|
19 |
+ return $accounts; |
|
20 |
+} |
|
21 |
+ |
|
22 |
+function get_mailaccount($id) |
|
23 |
+{ |
|
24 |
+ $uid = (int) $uid; |
|
25 |
+ $query = "SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id"; |
|
26 |
+ $result = mysql_query($query); |
|
27 |
+ DEBUG("Found ".mysql_num_rows($result)." rows!"); |
|
28 |
+ $acc = mysql_fetch_object($result); |
|
29 |
+ $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir, 'enabled' => ($acc->aktiv == 1)); |
|
30 |
+ DEBUG(print_r($ret, true)); |
|
31 |
+ return $ret; |
|
32 |
+} |
|
33 |
+ |
|
34 |
+/* |
|
35 |
+ FIXME: Hier auch die crypt-Funktion nehmen wie beim systemuser-Passwort |
|
36 |
+*/ |
|
37 |
+function encrypt_mail_password($pw) |
|
38 |
+{ |
|
39 |
+ DEBUG("unencrypted PW: ".$pw); |
|
40 |
+ $descriptorspec = array( |
|
41 |
+ 0 => array("pipe", "r"), |
|
42 |
+ 1 => array("pipe", "w") |
|
43 |
+ ); |
|
44 |
+ $process = proc_open("/usr/local/bin/exec/userdbpw -md5", $descriptorspec, $pipes); |
|
45 |
+ fwrite($pipes[0], $pw); |
|
46 |
+ fclose($pipes[0]); |
|
47 |
+ $encpw = fgets($pipes[1]); |
|
48 |
+ DEBUG("encrypted PW: ".$encpw); |
|
49 |
+ fclose($pipes[1]); |
|
50 |
+ proc_close($process); |
|
51 |
+ return chop($encpw); |
|
52 |
+ |
|
53 |
+} |
|
54 |
+ |
|
55 |
+function get_domain_id($domain) |
|
56 |
+{ |
|
57 |
+ $domain = mysql_real_escape_string($domain); |
|
58 |
+ $result = mysql_query("SELECT id FROM mail.v_domains WHERE domainname = '{$domain}';"); |
|
59 |
+ if (mysql_num_rows($result) == 0) |
|
60 |
+ return NULL; |
|
61 |
+ return mysql_fetch_object($result)->id; |
|
62 |
+} |
|
63 |
+ |
|
64 |
+ |
|
65 |
+function change_mailaccount($id, $arr) |
|
66 |
+{ |
|
67 |
+ $id = (int) $id; |
|
68 |
+ $conditions = array(); |
|
69 |
+ |
|
70 |
+ if (isset($arr['account'])) |
|
71 |
+ { |
|
72 |
+ list($local, $domain) = explode('@', $arr['account'], 2); |
|
73 |
+ $domainid = get_domain_id($domain); |
|
74 |
+ if ($domainid == NULL) |
|
75 |
+ $domainid='NULL'; |
|
76 |
+ array_push($conditions, "local='".mysql_real_escape_string($local)."', domain=$domainid"); |
|
77 |
+ } |
|
78 |
+ if (isset($arr['mailbox'])) |
|
79 |
+ if ($arr['mailbox'] == '') |
|
80 |
+ array_push($conditions, "`maildir`=NULL"); |
|
81 |
+ else |
|
82 |
+ array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'"); |
|
83 |
+ |
|
84 |
+ if (isset($arr['password'])) |
|
85 |
+ { |
|
86 |
+ $encpw = encrypt_mail_password($arr['password']); |
|
87 |
+ array_push($conditions, "`password`='$encpw'"); |
|
88 |
+ } |
|
89 |
+ |
|
90 |
+ if (isset($arr['enabled'])) |
|
91 |
+ array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0")); |
|
92 |
+ |
|
93 |
+ |
|
94 |
+ $query = "UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1"; |
|
95 |
+ DEBUG("Query: ".$query); |
|
96 |
+ |
|
97 |
+ mysql_query($query); |
|
98 |
+ if (mysql_error()) |
|
99 |
+ system_failure('Beim Ändern der Account-Daten ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
100 |
+ |
|
101 |
+} |
|
102 |
+ |
|
103 |
+function create_mailaccount($arr) |
|
104 |
+{ |
|
105 |
+ $values = array(); |
|
106 |
+ |
|
107 |
+ if (($arr['account']) == '') |
|
108 |
+ system_failure('empty account name!'); |
|
109 |
+ |
|
110 |
+ $values['uid'] = (int) $_SESSION['userinfo']['uid']; |
|
111 |
+ |
|
112 |
+ list($local, $domain) = explode('@', $arr['account'], 2); |
|
113 |
+ $domainid = get_domain_id($domain); |
|
114 |
+ if ($domainid == NULL) |
|
115 |
+ $domainid='NULL'; |
|
116 |
+ $values['local'] = "'".mysql_real_escape_string($local)."'"; |
|
117 |
+ $values['domain'] = $domainid; |
|
118 |
+ |
|
119 |
+ if (isset($arr['mailbox'])) |
|
120 |
+ if ($arr['mailbox'] == '') |
|
121 |
+ $values['maildir'] = 'NULL'; |
|
122 |
+ else |
|
123 |
+ $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'"; |
|
124 |
+ |
|
125 |
+ |
|
126 |
+ if (isset($arr['password'])) |
|
127 |
+ { |
|
128 |
+ $values['password'] = "'".encrypt_mail_password($arr['password'])."'"; |
|
129 |
+ } |
|
130 |
+ |
|
131 |
+ if (isset($arr['enabled'])) |
|
132 |
+ $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" ); |
|
133 |
+ |
|
134 |
+ |
|
135 |
+ $query = "INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")"; |
|
136 |
+ DEBUG("Query: ".$query); |
|
137 |
+ |
|
138 |
+ mysql_query($query); |
|
139 |
+ if (mysql_error()) |
|
140 |
+ system_failure('Beim Anlegen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
141 |
+ |
|
142 |
+} |
|
143 |
+ |
|
144 |
+ |
|
145 |
+function delete_mailaccount($id) |
|
146 |
+{ |
|
147 |
+ $id = (int) $id; |
|
148 |
+ $query = "DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1"; |
|
149 |
+ mysql_query($query); |
|
150 |
+ if (mysql_error()) |
|
151 |
+ system_failure('Beim Löschen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
152 |
+} |
|
153 |
+ |
|
154 |
+ |
|
155 |
+function check_valid($acc) |
|
156 |
+{ |
|
157 |
+ $user = $_SESSION['userinfo']; |
|
158 |
+ DEBUG("Account-data: ".print_r($acc, true)); |
|
159 |
+ DEBUG("User-data: ".print_r($user, true)); |
|
160 |
+ if ($acc['mailbox'] != '') |
|
161 |
+ { |
|
162 |
+ if (substr($acc['mailbox'], 0, strlen($user['homedir'])+1) != $user['homedir'].'/') |
|
163 |
+ return "Die Mailbox muss innerhalb des Home-Verzeichnisses liegen. Sie haben \"".$acc['mailbox']."\" als Mailbox angegeben, Ihre Home-Verzeichnis ist \"".$user['homedir']."/\"."; |
|
164 |
+ if (strstr($acc['mailbox'], '..') or ! preg_match('/^[a-z0-9.\/_-]*$/', $acc['mailbox'])) |
|
165 |
+ return "Sie verwenden ungültige Zeichen in Ihrem Mailbox-Pfad."; |
|
166 |
+ } |
|
167 |
+ |
|
168 |
+ if ($acc['account'] == '' || strpos($acc['account'], '@') == 0) |
|
169 |
+ return "Es wurde kein Benutzername angegeben!"; |
|
170 |
+ if (strpos($acc['account'], '@') === false) |
|
171 |
+ return "Es wurde kein Domain-Teil im Account-Name angegeben. Account-Namen müssen einen Domain-Teil enthalten. Im Zweifel versuchen Sie "@schokokeks.org"."; |
|
172 |
+ |
|
173 |
+ list($local, $domain) = explode('@', $acc['account'], 2); |
|
174 |
+ require_once('domains.php'); |
|
175 |
+ $tmpdomains = get_domain_names($user['customerno'], $user['uid']); |
|
176 |
+ $domains = array(); |
|
177 |
+ foreach ($tmpdomains as $dom) |
|
178 |
+ array_push($domains, $dom['domainname']); |
|
179 |
+ |
|
180 |
+ if (array_search($domain, $domains) === false) |
|
181 |
+ { |
|
182 |
+ if ($domain == "schokokeks.org") |
|
183 |
+ { |
|
184 |
+ if (substr($local, 0, strlen($user['username'])) != $user['username'] || ($acc['account'][strlen($user['username'])] != '-' && $acc['account'][strlen($user['username'])] != '@')) |
|
185 |
+ { |
|
186 |
+ return "Sie haben "@schokokeks.org" als Domain-Teil angegeben, aber der Benutzer-Teil beginnt nicht mit Ihrem Benutzername!"; |
|
187 |
+ } |
|
188 |
+ } |
|
189 |
+ else |
|
190 |
+ return "Der angegebene Domain-Teil (".htmlentities($domain, ENT_QUOTES, "UTF-8").") ist nicht für Ihren Account eingetragen. Sollte dies ein Fehler sein, wenden sie sich bitte an einen Administrator!"; |
|
191 |
+ } |
|
192 |
+ |
|
193 |
+ return ''; |
|
194 |
+} |
|
195 |
+ |
|
196 |
+ |
|
197 |
+ |
|
198 |
+?> |
... | ... |
@@ -0,0 +1,73 @@ |
1 |
+<?php |
|
2 |
+require_once('inc/debug.php'); |
|
3 |
+ |
|
4 |
+$title = "Passwort ändern"; |
|
5 |
+$error = ''; |
|
6 |
+ |
|
7 |
+require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER)); |
|
8 |
+ |
|
9 |
+ |
|
10 |
+if ($_POST['password1'] != '') |
|
11 |
+{ |
|
12 |
+ $result = NULL; |
|
13 |
+ switch ($_SESSION['role']) |
|
14 |
+ { |
|
15 |
+ case ROLE_SYSTEMUSER: |
|
16 |
+ $result = find_role($_SESSION['userinfo']['uid'], $_POST['old_password']); |
|
17 |
+ break; |
|
18 |
+ case ROLE_CUSTOMER: |
|
19 |
+ $result = find_role($_SESSION['customerinfo']['customerno'], $_POST['old_password']); |
|
20 |
+ break; |
|
21 |
+ } |
|
22 |
+ if ($result == NULL) |
|
23 |
+ input_error('Das bisherige Passwort ist nicht korrekt!'); |
|
24 |
+ elseif ($_POST['password2'] != $_POST['password1']) |
|
25 |
+ input_error('Die Bestätigung ist nicht identisch mit dem neuen Passwort!'); |
|
26 |
+ elseif ($_POST['password2'] == '') |
|
27 |
+ input_error('Sie müssen das neue Passwort zweimal eingeben!'); |
|
28 |
+ elseif ($_POST['old_password'] == '') |
|
29 |
+ input_error('Altes Passwort nicht angegeben!'); |
|
30 |
+ else |
|
31 |
+ { |
|
32 |
+ if ($result == ROLE_SYSTEMUSER) |
|
33 |
+ set_systemuser_password($_SESSION['userinfo']['uid'], $_POST['password1']); |
|
34 |
+ elseif ($result == ROLE_CUSTOMER) |
|
35 |
+ set_customer_password($_SESSION['customerinfo']['customerno'], $_POST['password1']); |
|
36 |
+ else |
|
37 |
+ system_failure("WTF?!"); |
|
38 |
+ |
|
39 |
+ if (! $debugmode) |
|
40 |
+ header('Location: index.php'); |
|
41 |
+ else |
|
42 |
+ output(''); |
|
43 |
+ } |
|
44 |
+} |
|
45 |
+ |
|
46 |
+ |
|
47 |
+ |
|
48 |
+if ($_SESSION['role'] == ROLE_SYSTEMUSER) |
|
49 |
+ warning('Beachten Sie: Wenn Sie hier Ihr Passwort ändern, betrifft dies auch Ihr Anmelde-Passwort am Server (SSH).'); |
|
50 |
+ |
|
51 |
+output('<h3>Passwort ändern</h3> |
|
52 |
+<p>Hier können Sie Ihr Passwort ändern.</p> |
|
53 |
+<form method="post" action="'.($debugmode ? '?debug' : '').'"> |
|
54 |
+<table> |
|
55 |
+ <tr> |
|
56 |
+ <td>bisheriges Passwort:</td> <td><input type="password" name="old_password" value="" /></td> |
|
57 |
+ </tr> |
|
58 |
+ <tr> |
|
59 |
+ <td>neues Passwort:</td> <td><input type="password" name="password1" value="" /></td> |
|
60 |
+ </tr> |
|
61 |
+ <tr> |
|
62 |
+ <td>Bestätigung:<br /><span style="font-size: 80%;">(nochmal neues Passwort)</span></td> |
|
63 |
+ <td><input type="password" name="password2" value="" /></td> |
|
64 |
+ </tr> |
|
65 |
+ <tr> |
|
66 |
+ <td> </td><td><input type="submit" value="Speichern" /></td> |
|
67 |
+ </tr> |
|
68 |
+</table> |
|
69 |
+</form> |
|
70 |
+ |
|
71 |
+'); |
|
72 |
+ |
|
73 |
+?> |
... | ... |
@@ -0,0 +1,53 @@ |
1 |
+<?php |
|
2 |
+require_once('newpass.php'); |
|
3 |
+require_once('session/checkuser.php'); |
|
4 |
+ |
|
5 |
+ |
|
6 |
+function send_customer_token($customerno) |
|
7 |
+{ |
|
8 |
+ $customerno = (int) $customerno; |
|
9 |
+ $token = get_customer_token($customerno); |
|
10 |
+ $customer = get_customer_info($customerno); |
|
11 |
+ $email = get_customer_email($customerno); |
|
12 |
+ $anrede = "Sehr geehrte Damen und Herren"; |
|
13 |
+ if ($customer['title'] == 'Herr') |
|
14 |
+ $anrede = "Sehr geehrter Herr {$customer['name']}"; |
|
15 |
+ elseif ($customer['title'] == 'Frau') |
|
16 |
+ $anrede = "Sehr geehrte Frau {$customer['name']}"; |
|
17 |
+ $msg = "{$anrede}, |
|
18 |
+ |
|
19 |
+Sie haben auf unserem Web-Administrations-Interface ein neues |
|
20 |
+Passwort für Ihren Kunden-Zugang angefordert. |
|
21 |
+Diese automatische Nachricht dient der Überprüfung Ihrer Identität. |
|
22 |
+ |
|
23 |
+Um sich ein neues Passwort setzen zu können, rufen Sie bitte den |
|
24 |
+folgenden Link auf: |
|
25 |
+ https://config.schokokeks.org/go/index/validate_token.php?customerno={$customer['customerno']}&token={$token} |
|
26 |
+ |
|
27 |
+Sollte Ihr E-Mail-Programm diesen Link nicht korrekt an den Browser |
|
28 |
+übertragen, rufen Sie bitte die Seite |
|
29 |
+ https://config.schokokeks.org/go/index/validate_token.php |
|
30 |
+auf und geben Sie die folgenden Daten ein: |
|
31 |
+ Kundennummer: {$customer['customerno']} |
|
32 |
+ Token: {$token} |
|
33 |
+ |
|
34 |
+Diese Prozedur müssen Sie bis spätestens 24 Stunden nach Erhalt |
|
35 |
+dieser Nachricht durchführen, sonst verliert das Token seine |
|
36 |
+Gültigkeit. |
|
37 |
+"; |
|
38 |
+ send_mail($email, "Passwortanforderung fuer Webinterface", $msg); |
|
39 |
+} |
|
40 |
+ |
|
41 |
+ |
|
42 |
+ |
|
43 |
+function send_mail($address, $subject, $body) |
|
44 |
+{ |
|
45 |
+ if (strstr($subject, "\n") !== false) |
|
46 |
+ die("Zeilenumbruch im subject!"); |
|
47 |
+ $header = "From: schokokeks.org Web Administration <noreply@schokokeks.org>\r\nReply-To: root@schokokeks.org\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit"; |
|
48 |
+ mail($address, $subject, $body, $header); |
|
49 |
+} |
|
50 |
+ |
|
51 |
+ |
|
52 |
+ |
|
53 |
+?> |
... | ... |
@@ -0,0 +1,75 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/db_connect.php'); |
|
4 |
+require_once('session/checkuser.php'); |
|
5 |
+ |
|
6 |
+function customer_has_email($customerno, $email) |
|
7 |
+{ |
|
8 |
+ $customerno = (int) $customerno; |
|
9 |
+ $email = mysql_real_escape_string($email); |
|
10 |
+ $query = "SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';"; |
|
11 |
+ $result = @mysql_query($query); |
|
12 |
+ if (mysql_error()) |
|
13 |
+ system_failure(mysql_error()); |
|
14 |
+ return (mysql_num_rows($result) > 0); |
|
15 |
+} |
|
16 |
+ |
|
17 |
+ |
|
18 |
+function validate_token($customerno, $token) |
|
19 |
+{ |
|
20 |
+ expire_tokens(); |
|
21 |
+ $customerno = (int) $customerno; |
|
22 |
+ $token = mysql_real_escape_string($token); |
|
23 |
+ $result = @mysql_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';"); |
|
24 |
+ if (mysql_error()) |
|
25 |
+ system_failure(mysql_error()); |
|
26 |
+ return (mysql_num_rows($result) > 0); |
|
27 |
+} |
|
28 |
+ |
|
29 |
+ |
|
30 |
+function expire_tokens() |
|
31 |
+{ |
|
32 |
+ $expire = "1 DAY"; |
|
33 |
+ @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};"); |
|
34 |
+} |
|
35 |
+ |
|
36 |
+function invalidate_customer_token($customerno) |
|
37 |
+{ |
|
38 |
+ $customerno = (int) $customerno; |
|
39 |
+ @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;"); |
|
40 |
+} |
|
41 |
+ |
|
42 |
+function create_token($customerno) |
|
43 |
+{ |
|
44 |
+ $customerno = (int) $customerno; |
|
45 |
+ expire_tokens(); |
|
46 |
+ $result = @mysql_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;"); |
|
47 |
+ if (mysql_num_rows($result) > 0) |
|
48 |
+ { |
|
49 |
+ $res = mysql_fetch_object($result)->token_create; |
|
50 |
+ input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen."); |
|
51 |
+ return false; |
|
52 |
+ } |
|
53 |
+ $token = random_string(10); |
|
54 |
+ $query = "UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;"; |
|
55 |
+ @mysql_query($query); |
|
56 |
+ if (mysql_error()) |
|
57 |
+ system_failure(mysql_error()); |
|
58 |
+ return true; |
|
59 |
+} |
|
60 |
+ |
|
61 |
+ |
|
62 |
+function get_customer_token($customerno) |
|
63 |
+{ |
|
64 |
+ $customerno = (int) $customerno; |
|
65 |
+ expire_tokens(); |
|
66 |
+ $result = @mysql_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;"); |
|
67 |
+ if (mysql_error()) |
|
68 |
+ system_failure(mysql_error()); |
|
69 |
+ if (mysql_num_rows($result) < 1) |
|
70 |
+ system_failure("Kann das Token nicht auslesen!"); |
|
71 |
+ return mysql_fetch_object($result)->token; |
|
72 |
+} |
|
73 |
+ |
|
74 |
+ |
|
75 |
+?> |
... | ... |
@@ -0,0 +1,34 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('session/start.php'); |
|
4 |
+ |
|
5 |
+ |
|
6 |
+ |
|
7 |
+ |
|
8 |
+//require_role(array(ROLE_CUSTOMER, ROLE_SYSTEMUSER)); |
|
9 |
+ |
|
10 |
+/*if ($user['realname'] == '') |
|
11 |
+ input_error('Ihr Name ist nicht im System gespeichert (siehe Stammdaten)!'); |
|
12 |
+if ($user['email'] == '') |
|
13 |
+ input_error('Im System ist keine alternative eMail-Adresse gespeichert (siehe Stammdaten)!'); |
|
14 |
+*/ |
|
15 |
+ |
|
16 |
+switch ($_SESSION['role']) |
|
17 |
+{ |
|
18 |
+case ROLE_ANONYMOUS: |
|
19 |
+ login_screen(''); |
|
20 |
+ break; |
|
21 |
+case ROLE_SYSTEMUSER: |
|
22 |
+ $role = "{$_SESSION['userinfo']['name']}, angemeldet als Benutzer"; |
|
23 |
+ break; |
|
24 |
+case ROLE_CUSTOMER: |
|
25 |
+ $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde"; |
|
26 |
+ break; |
|
27 |
+} |
|
28 |
+ |
|
29 |
+ |
|
30 |
+output('<h3>Administration</h3> |
|
31 |
+<p>Herzlich willkommen, '.$role.'.</p>'); |
|
32 |
+ |
|
33 |
+ |
|
34 |
+?> |
... | ... |
@@ -0,0 +1,25 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('session/start.php'); |
|
4 |
+ |
|
5 |
+require_once('inc/error.php'); |
|
6 |
+ |
|
7 |
+if (!session_destroy()) |
|
8 |
+{ |
|
9 |
+ system_failure('Die Sitzung konnte nicht geschlossen werden, eventuell ist die Wartezeit abgelaufen und die Sitzung wurde daher schon beendet.'); |
|
10 |
+} |
|
11 |
+unset($_SESSION['role']); |
|
12 |
+ |
|
13 |
+output(' |
|
14 |
+ |
|
15 |
+<h3>Abmeldung</h3> |
|
16 |
+ |
|
17 |
+<p>Sie wurden vom System abgemeldet.</p> |
|
18 |
+ |
|
19 |
+<p>Um sich neu anzumelden, klicken Sie bitte hier: <a href="index.php">Anmeldung</a>.</p> |
|
20 |
+ |
|
21 |
+'); |
|
22 |
+ |
|
23 |
+ |
|
24 |
+ |
|
25 |
+?> |
... | ... |
@@ -0,0 +1,17 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+$role = $_SESSION['role']; |
|
4 |
+ |
|
5 |
+switch ($role) |
|
6 |
+{ |
|
7 |
+ case ROLE_ANONYMOUS: |
|
8 |
+ $menu["index_login"] = array("label" => "Login", "file" => "index.php", "weight" => 0); |
|
9 |
+ break; |
|
10 |
+ default: |
|
11 |
+ $menu["index_logout"] = array("label" => "Logout", "file" => "logout.php", "weight" => 99); |
|
12 |
+ $menu["index_chpass"] = array("label" => "Passwort ändern", "file" => "chpass.php", "weight" => 98); |
|
13 |
+ $menu["index_index"] = array("label" => "Übersicht", "file" => "index.php", "weight" => 0); |
|
14 |
+ |
|
15 |
+} |
|
16 |
+ |
|
17 |
+?> |
... | ... |
@@ -0,0 +1,36 @@ |
1 |
+<?php |
|
2 |
+$title = "Passwort beantragen"; |
|
3 |
+ |
|
4 |
+//require_once('inc/error.php'); |
|
5 |
+//system_failure("Diese Funktion ist noch nicht fertiggestellt."); |
|
6 |
+ |
|
7 |
+if (isset($_POST['customerno'])) |
|
8 |
+{ |
|
9 |
+ require_once('newpass.php'); |
|
10 |
+ if (customer_has_email($_POST['customerno'], $_POST['email'])) |
|
11 |
+ { |
|
12 |
+ if (create_token($_POST['customerno'])) |
|
13 |
+ { |
|
14 |
+ require_once('mail.php'); |
|
15 |
+ send_customer_token($_POST['customerno']); |
|
16 |
+ success_msg('Die angegebenen Daten waren korrekt, Sie sollten umgehend eine E-Mail erhalten.'); |
|
17 |
+ } |
|
18 |
+ } |
|
19 |
+ else |
|
20 |
+ { |
|
21 |
+ input_error("Die eingegebenen Daten waren nicht korrekt. Sollten Sie nicht mehr wissen, welche E-Mail-Adresse Sie angegeben haben, wenden Sie sich bitte an einen Administrator."); |
|
22 |
+ } |
|
23 |
+} |
|
24 |
+ |
|
25 |
+output('<h3>Neues Passwort beantragen</h3> |
|
26 |
+<p>Sofern Sie bei Ihrer Anmeldung noch kein Passwort für Ihren Kundenaccount festgelegt hatten, können Sie hier ein neues Passwort festlegen. Sie müssen dafür Ihre Kundennummer und die bei der Anmeldung angegebene E-Mail-Adresse eingeben.</p> |
|
27 |
+<p>Nach dem Ausfüllen dieses Formulars erhalten Sie eine E-Mail mit einem Link, den Sie in Ihrem Browser öffnen müssen. Dort können Sie dann ein neues Passwort eingeben.</p> |
|
28 |
+<form action="" method="post"> |
|
29 |
+<p><span class="login_label">Kundennummer:</span> <input type="text" name="customerno" size="30" /></p> |
|
30 |
+<p><span class="login_label">E-Mail-Adresse:</span> <input type="text" name="email" size="30" /></p> |
|
31 |
+<p><span class="login_label"> </span> <input type="submit" value="Passwort anfordern" /> |
|
32 |
+</form>'); |
|
33 |
+ |
|
34 |
+ |
|
35 |
+ |
|
36 |
+?> |
... | ... |
@@ -0,0 +1,63 @@ |
1 |
+<?php |
|
2 |
+$title = "Passwort beantragen"; |
|
3 |
+ |
|
4 |
+$show = 'token'; |
|
5 |
+ |
|
6 |
+if (isset($_REQUEST['customerno']) and isset($_REQUEST['token'])) |
|
7 |
+{ |
|
8 |
+ $customerno = (int) $_REQUEST['customerno']; |
|
9 |
+ $token = $_REQUEST['token']; |
|
10 |
+ |
|
11 |
+ require_once('newpass.php'); |
|
12 |
+ if (validate_token($customerno, $token)) |
|
13 |
+ { |
|
14 |
+ $show = 'password'; |
|
15 |
+ if (isset($_POST['password'])) |
|
16 |
+ { |
|
17 |
+ if ($_POST['password'] != $_POST['password2']) |
|
18 |
+ input_error("Die beiden Passwort-Eingaben stimmen nicht überein."); |
|
19 |
+ elseif ($_POST['password'] == '') |
|
20 |
+ input_error("Es kann kein leeres Passwort gesetzt werden"); |
|
21 |
+ else |
|
22 |
+ { |
|
23 |
+ require_once('session/checkuser.php'); |
|
24 |
+ set_customer_password($customerno, $_POST['password']); |
|
25 |
+ success_msg('Das Passwort wurde gesetzt!'); |
|
26 |
+ invalidate_customer_token($customerno); |
|
27 |
+ output('<h3>Passwort gesetzt</h3> |
|
28 |
+ <p>Ihr neues Passwort wurde gesetzt, bitte melden Sie sich jetzt <a href="index.php">auf der Startseite</a> an.</p>'); |
|
29 |
+ $show = NULL; |
|
30 |
+ } |
|
31 |
+ } |
|
32 |
+ } |
|
33 |
+ else |
|
34 |
+ { |
|
35 |
+ input_error("Das eingegebene Token war nicht korrekt. Bitte benutzen Sie die Kopieren & Einfügen-Operation!"); |
|
36 |
+ } |
|
37 |
+} |
|
38 |
+ |
|
39 |
+if ($show == 'password') |
|
40 |
+{ |
|
41 |
+ output('<h3>Neues Passwort setzen</h3> |
|
42 |
+ <p>Bitte legen Sie jetzt Ihr neues Kunden-Passwort fest.</p> |
|
43 |
+ <form action="" method="post"> |
|
44 |
+ <input type="hidden" name="customerno" value="'.$customerno.'" /> |
|
45 |
+ <input type="hidden" name="token" value="'.$token.'" /> |
|
46 |
+ <p><span class="login_label">Neues Passwort:</span> <input type="password" name="password" size="30" /></p> |
|
47 |
+ <p><span class="login_label">Bestätigung:</span> <input type="password" name="password2" size="30" /></p> |
|
48 |
+ <p><span class="login_label"> </span> <input type="submit" value="Passwort setzen" /> |
|
49 |
+ </form>'); |
|
50 |
+} |
|
51 |
+elseif ($show == 'token') |
|
52 |
+{ |
|
53 |
+ output('<h3>Neues Passwort setzen</h3> |
|
54 |
+ <p>Bitte geben Sie Ihre Kundennummer und das per E-Mail zugeschickte Token ein. Alternativ können sie den Link aus der E-Mail direkt aufrufen.</p> |
|
55 |
+ <form action="" method="post"> |
|
56 |
+ <p><span class="login_label">Kundennummer:</span> <input type="text" name="customerno" size="30" /></p> |
|
57 |
+ <p><span class="login_label">Token:</span> <input type="text" name="token" size="30" /></p> |
|
58 |
+ <p><span class="login_label"> </span> <input type="submit" value="Überprüfen" /> |
|
59 |
+ </form>'); |
|
60 |
+} |
|
61 |
+ |
|
62 |
+ |
|
63 |
+?> |
... | ... |
@@ -0,0 +1,164 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('session/start.php'); |
|
4 |
+require_role(array(ROLE_SYSTEMUSER)); |
|
5 |
+ |
|
6 |
+global $prefix; |
|
7 |
+ |
|
8 |
+require_once('mysql.php'); |
|
9 |
+ |
|
10 |
+$output_something = true; |
|
11 |
+ |
|
12 |
+ |
|
13 |
+if (isset($_GET['action'])) |
|
14 |
+ switch ($_GET['action']) |
|
15 |
+ { |
|
16 |
+ case 'delete_db': |
|
17 |
+ $sure = user_is_sure(); |
|
18 |
+ if ($sure === NULL) |
|
19 |
+ { |
|
20 |
+ are_you_sure("action=delete_db&db={$_GET['db']}", "Möchten Sie die Datenbank »{$_GET['db']}« wirklich löschen?"); |
|
21 |
+ $output_something = false; |
|
22 |
+ } |
|
23 |
+ elseif ($sure === true) |
|
24 |
+ { |
|
25 |
+ delete_mysql_database($_GET['db']); |
|
26 |
+ header("Location: ?"); |
|
27 |
+ $output_something = false; |
|
28 |
+ } |
|
29 |
+ elseif ($sure === false) |
|
30 |
+ { |
|
31 |
+ header("Location: ?"); |
|
32 |
+ $output_something = false; |
|
33 |
+ } |
|
34 |
+ break; |
|
35 |
+ case 'delete_user': |
|
36 |
+ $sure = user_is_sure(); |
|
37 |
+ if ($sure === NULL) |
|
38 |
+ { |
|
39 |
+ are_you_sure("action=delete_user&user={$_GET['user']}", "Möchten Sie den Benutzer »{$_GET['user']}« wirklich löschen?"); |
|
40 |
+ $output_something = false; |
|
41 |
+ } |
|
42 |
+ elseif ($sure === true) |
|
43 |
+ { |
|
44 |
+ delete_mysql_account($_GET['user']); |
|
45 |
+ header("Location: ?"); |
|
46 |
+ $output_something = false; |
|
47 |
+ } |
|
48 |
+ elseif ($sure === false) |
|
49 |
+ { |
|
50 |
+ header("Location: ?"); |
|
51 |
+ $output_something = false; |
|
52 |
+ } |
|
53 |
+ break; |
|
54 |
+ case 'change_pw': |
|
55 |
+ set_mysql_password($_POST['mysql_username'], $_POST['mysql_password']); |
|
56 |
+ header("Location: ?"); |
|
57 |
+ $output_something = false; |
|
58 |
+ break; |
|
59 |
+ default: |
|
60 |
+ system_failure("Diese Funktion scheint noch nicht eingebaut zu sein!"); |
|
61 |
+ } |
|
62 |
+ |
|
63 |
+ |
|
64 |
+$dbs = get_mysql_databases($_SESSION['userinfo']['uid']); |
|
65 |
+$users = get_mysql_accounts($_SESSION['userinfo']['uid']); |
|
66 |
+ |
|
67 |
+if (isset($_POST['access'])) |
|
68 |
+{ |
|
69 |
+ /* Eine neue Datenbank */ |
|
70 |
+ if ($_POST['new_db'] != '') |
|
71 |
+ { |
|
72 |
+ create_mysql_database($_POST['new_db']); |
|
73 |
+ if (isset($_POST['access']['new'])) |
|
74 |
+ { |
|
75 |
+ $_POST['access'][$_POST['new_db']] = array(); |
|
76 |
+ foreach ($users as $user) |
|
77 |
+ if (in_array($user, $_POST['access']['new'])) |
|
78 |
+ array_push($_POST['access'][$_POST['new_db']], $user); |
|
79 |
+ if (($_POST['new_user'] != '') and (in_array('new', $_POST['access']['new']))) |
|
80 |
+ array_push($_POST['access'][$_POST['new_db']], $_POST['new_user']); |
|
81 |
+ } |
|
82 |
+ } |
|
83 |
+ |
|
84 |
+ /* Ein neuer Account soll angelegt werden */ |
|
85 |
+ if ($_POST['new_user'] != '') |
|
86 |
+ { |
|
87 |
+ create_mysql_account($_POST['new_user']); |
|
88 |
+ foreach ($dbs as $db) |
|
89 |
+ if (isset($_POST['access'][$db]) and (in_array('new', $_POST['access'][$db]))) |
|
90 |
+ array_push($_POST['access'][$db], $_POST['new_user']); |
|
91 |
+ } |
|
92 |
+ |
|
93 |
+ if (($_POST['new_user'] != '') or ($_POST['new_db'] != '')) |
|
94 |
+ { |
|
95 |
+ $dbs = get_mysql_databases($_SESSION['userinfo']['uid']); |
|
96 |
+ $users = get_mysql_accounts($_SESSION['userinfo']['uid']); |
|
97 |
+ } |
|
98 |
+ |
|
99 |
+ foreach ($dbs as $db) |
|
100 |
+ foreach ($users as $user) |
|
101 |
+ if (! isset($_POST['access'][$db])) |
|
102 |
+ set_mysql_access($db, $user, false); |
|
103 |
+ else |
|
104 |
+ set_mysql_access($db, $user, in_array($user, $_POST['access'][$db])); |
|
105 |
+ $mysql_access = NULL; |
|
106 |
+} |
|
107 |
+ |
|
108 |
+if ($output_something) |
|
109 |
+{ |
|
110 |
+ |
|
111 |
+ output('<h3>MySQL-Datenbanken</h3> |
|
112 |
+ <p>Hier können Sie Ihre MySQL-Datenbanken verwalten. Die Einstellungen werden mit einer leichten Verzögerung (maximal 1 Minute) in das System übertragen. Bitte beachten Sie, dass neue Zugänge also nicht umgehend funktionieren.</p> |
|
113 |
+ <p><strong>Hinweis:</strong> In dieser Matrix sehen Sie links die Datenbanken und oben die Benutzer, die Sie eingerichtet haben. |
|
114 |
+ In die leeren Eingabefelder können Sie den Namen eines neuen Benutzers bzw. einer neuen Datenbank eintragen. Sofern Sie noch keine Datenbank(en) oder Benutzer eingerichtet haben, erscheinen nur die Eingabefelder. Vergessen Sie nicht, nach der Erstellung eines neuen Benutzerkontos dem betreffenden Benutzer ein Passwort zu setzen (s. unten auf dieser Seite). Der Name von Datenbanken und Benutzern muss mit dem Namen des System-Benutzeraccounts übereinstimmen oder mit diesem und einem Nachfolgenden Unterstrich beginnen. Z.B. kann der System-Benutzer <em>bernd</em> die MySQL-Accounts <em>bernd</em> und <em>bernd_2</em> erzeugen.</p>'); |
|
115 |
+ |
|
116 |
+ output('<form action="'.($debugmode ? '?debug': '').'" method="post"> |
|
117 |
+ <table> |
|
118 |
+ <tr><th> </th><th style="background-color: #729bb3; color: #fff;padding: 0.2em;" colspan="'.(count($users)+1).'">Benutzerkonten</th></tr> |
|
119 |
+ <tr><th style="background-color: #729bb3; color: #fff;padding: 0.2em; text-align: left;">Datenbanken</th>'); |
|
120 |
+ |
|
121 |
+ foreach ($users as $user) |
|
122 |
+ output("<th>{$user}<br /><a href=\"?".($debugmode ? 'debug&': '')."action=delete_user&user={$user}\"><img src=\"{$prefix}images/delete.png\" title=\"Benutzer »{$user}« löschen\" alt=\"löschen\" /></a></th>"); |
|
123 |
+ output('<th><input type="text" name="new_user" size="10" value="" /></th>'); |
|
124 |
+ output("</tr>\n"); |
|
125 |
+ |
|
126 |
+ array_push($users, "new"); |
|
127 |
+ |
|
128 |
+ foreach($dbs as $db) |
|
129 |
+ { |
|
130 |
+ output("<tr><td style=\"border: 0px; font-weight: bold; text-align: right;\">{$db} <a href=\"?".($debugmode ? 'debug&': '')."action=delete_db&db={$db}\"><img src=\"{$prefix}images/delete.png\" title=\"Datenbank »{$db}« löschen\" alt=\"löschen\" /></a></td>"); |
|
131 |
+ foreach ($users as $user) |
|
132 |
+ output('<td style="text-align: center;"><input type="checkbox" id="'.$db.'_'.$user.'" name="access['.$db.'][]" value="'.$user.'" '.(get_mysql_access($db, $user) ? 'checked="checked" ' : '')." /></td>"); |
|
133 |
+ output("</tr>\n"); |
|
134 |
+ } |
|
135 |
+ |
|
136 |
+ output(' |
|
137 |
+ <tr><td style="border: 0px; font-weight: bold; text-align: right;"><input type="text" name="new_db" size="15" value="" /></td>'); |
|
138 |
+ foreach ($users as $user) |
|
139 |
+ output('<td style="text-align: center;"><input type="checkbox" id="new_'.$user.'" name="access[new][]" value="'.$user.'" /></td>'); |
|
140 |
+ output('</tr>'); |
|
141 |
+ output('</table> |
|
142 |
+ <br /> |
|
143 |
+ <input type="submit" value="Speichern" /> |
|
144 |
+ </form> |
|
145 |
+ <br />'); |
|
146 |
+ |
|
147 |
+ $users = get_mysql_accounts($_SESSION['userinfo']['uid']); |
|
148 |
+ |
|
149 |
+ output('<h4>Passwort ändern</h4> |
|
150 |
+ <p>Hier können Sie das Passwort eines MySQL-Benutzeraccounts ändern bzw. neu setzen</p> |
|
151 |
+ |
|
152 |
+ <p> |
|
153 |
+ <form action="?action=change_pw'.($debugmode ? '&debug': '').'" method="post"> |
|
154 |
+ <label for="username">Benutzername:</label> <select name="mysql_username" id="username" height="1"> |
|
155 |
+ '); |
|
156 |
+ foreach ($users as $user) |
|
157 |
+ output("<option value=\"{$user}\">{$user}</option>\n"); |
|
158 |
+ output('</select> |
|
159 |
+ <label for="password">Passwort:</label> <input type="password" name="mysql_password" id="password" /> <input type="submit" value="Setzen" /></form></p>'); |
|
160 |
+ |
|
161 |
+} |
|
162 |
+ |
|
163 |
+ |
|
164 |
+?> |
... | ... |
@@ -0,0 +1,153 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+function get_mysql_accounts($UID) |
|
4 |
+{ |
|
5 |
+ $UID = (int) $UID; |
|
6 |
+ $result = mysql_query("SELECT username FROM misc.mysql_accounts WHERE useraccount=$UID"); |
|
7 |
+ if (mysql_num_rows($result) == 0) |
|
8 |
+ return array(); |
|
9 |
+ $list = array(); |
|
10 |
+ while ($item = mysql_fetch_object($result)) |
|
11 |
+ { |
|
12 |
+ array_push($list, $item->username); |
|
13 |
+ } |
|
14 |
+ return $list; |
|
15 |
+} |
|
16 |
+ |
|
17 |
+function get_mysql_databases($UID) |
|
18 |
+{ |
|
19 |
+ $UID = (int) $UID; |
|
20 |
+ $result = mysql_query("SELECT name FROM misc.mysql_database WHERE useraccount=$UID"); |
|
21 |
+ if (mysql_num_rows($result) == 0) |
|
22 |
+ return array(); |
|
23 |
+ $list = array(); |
|
24 |
+ while ($item = mysql_fetch_object($result)) |
|
25 |
+ { |
|
26 |
+ array_push($list, $item->name); |
|
27 |
+ } |
|
28 |
+ return $list; |
|
29 |
+} |
|
30 |
+ |
|
31 |
+ |
|
32 |
+function get_mysql_access($db, $account) |
|
33 |
+{ |
|
34 |
+ $uid = $_SESSION['userinfo']['uid']; |
|
35 |
+ global $mysql_access; |
|
36 |
+ if (!is_array($mysql_access)) |
|
37 |
+ { |
|
38 |
+ $mysql_access = array(); |
|
39 |
+ $result = mysql_query("SELECT db.name AS db, acc.username AS user FROM misc.mysql_access AS access LEFT JOIN misc.mysql_database AS db ON (db.id=access.database) LEFT JOIN misc.mysql_accounts AS acc ON (acc.id = access.user) WHERE acc.useraccount={$uid} OR db.useraccount={$uid};"); |
|
40 |
+ if (mysql_num_rows($result) == 0) |
|
41 |
+ return false; |
|
42 |
+ while ($line = mysql_fetch_object($result)) |
|
43 |
+ $mysql_access[$line->db][$line->user] = true; |
|
44 |
+ } |
|
45 |
+ return (array_key_exists($db, $mysql_access) && array_key_exists($account, $mysql_access[$db])); |
|
46 |
+} |
|
47 |
+ |
|
48 |
+ |
|
49 |
+function set_mysql_access($db, $account, $status) |
|
50 |
+{ |
|
51 |
+ $uid = $_SESSION['userinfo']['uid']; |
|
52 |
+ $db = mysql_real_escape_string($db); |
|
53 |
+ $account = mysql_real_escape_string($account); |
|
54 |
+ $query = ''; |
|
55 |
+ if ($status) |
|
56 |
+ { |
|
57 |
+ if (get_mysql_access($db, $account)) |
|
58 |
+ return NULL; |
|
59 |
+ $query = "INSERT INTO misc.mysql_access (`database`,user) VALUES ((SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1), (SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid}));"; |
|
60 |
+ } |
|
61 |
+ else |
|
62 |
+ { |
|
63 |
+ if (! get_mysql_access($db, $account)) |
|
64 |
+ return NULL; |
|
65 |
+ $query = "DELETE FROM misc.mysql_access WHERE `database`=(SELECT id FROM misc.mysql_database WHERE name='{$db}' AND useraccount={$uid} LIMIT 1) AND user=(SELECT id FROM misc.mysql_accounts WHERE username='{$account}' AND useraccount={$uid});"; |
|
66 |
+ } |
|
67 |
+ DEBUG($query); |
|
68 |
+ mysql_query($query); |
|
69 |
+ if (mysql_error()) |
|
70 |
+ system_failure(mysql_error()); |
|
71 |
+} |
|
72 |
+ |
|
73 |
+ |
|
74 |
+function create_mysql_account($username) |
|
75 |
+{ |
|
76 |
+ if (! validate_mysql_dbname($username)) |
|
77 |
+ { |
|
78 |
+ input_error("Der eingegebene Benutzername entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein."); |
|
79 |
+ return NULL; |
|
80 |
+ } |
|
81 |
+ $uid = $_SESSION['userinfo']['uid']; |
|
82 |
+ $username = mysql_real_escape_string($username); |
|
83 |
+ mysql_query("INSERT INTO misc.mysql_accounts (username, password, useraccount) VALUES ('$username', '!', $uid);"); |
|
84 |
+ if (mysql_error()) |
|
85 |
+ system_failure(mysql_error()); |
|
86 |
+} |
|
87 |
+ |
|
88 |
+ |
|
89 |
+function delete_mysql_account($username) |
|
90 |
+{ |
|
91 |
+ $username = mysql_real_escape_string($username); |
|
92 |
+ $uid = $_SESSION['userinfo']['uid']; |
|
93 |
+ mysql_query("DELETE FROM misc.mysql_accounts WHERE username='{$username}' AND useraccount='{$uid}' LIMIT 1;"); |
|
94 |
+ if (mysql_error()) |
|
95 |
+ system_failure(mysql_error()); |
|
96 |
+} |
|
97 |
+ |
|
98 |
+ |
|
99 |
+function create_mysql_database($dbname) |
|
100 |
+{ |
|
101 |
+ if (! validate_mysql_dbname($dbname)) |
|
102 |
+ { |
|
103 |
+ input_error("Der eingegebene Datenbankname entspricht leider nicht der Konvention. Bitte tragen Sie einen passenden Namen ein."); |
|
104 |
+ return NULL; |
|
105 |
+ } |
|
106 |
+ $dbname = mysql_real_escape_string($dbname); |
|
107 |
+ $uid = $_SESSION['userinfo']['uid']; |
|
108 |
+ mysql_query("INSERT INTO misc.mysql_database (name, useraccount) VALUES ('$dbname', $uid);"); |
|
109 |
+ if (mysql_error()) |
|
110 |
+ system_failure(mysql_error()); |
|
111 |
+} |
|
112 |
+ |
|
113 |
+ |
|
114 |
+function delete_mysql_database($dbname) |
|
115 |
+{ |
|
116 |
+ $dbname = mysql_real_escape_string($dbname); |
|
117 |
+ $uid = $_SESSION['userinfo']['uid']; |
|
118 |
+ mysql_query("DELETE FROM misc.mysql_database WHERE name='{$dbname}' AND useraccount='{$uid}' LIMIT 1;"); |
|
119 |
+ if (mysql_error()) |
|
120 |
+ system_failure(mysql_error()); |
|
121 |
+} |
|
122 |
+ |
|
123 |
+ |
|
124 |
+function validate_mysql_username($username) |
|
125 |
+{ |
|
126 |
+ $sys_username = $_SESSION['userinfo']['username']; |
|
127 |
+ return preg_match("/^{$sys_username}(_[a-zA-Z0-9_-]+)?$/", $username); |
|
128 |
+} |
|
129 |
+ |
|
130 |
+ |
|
131 |
+function validate_mysql_dbname($dbname) |
|
132 |
+{ |
|
133 |
+ // Funktioniert! ;-) |
|
134 |
+ return validate_mysql_username($dbname); |
|
135 |
+} |
|
136 |
+ |
|
137 |
+ |
|
138 |
+ |
|
139 |
+function set_mysql_password($username, $password) |
|
140 |
+{ |
|
141 |
+ $username = mysql_real_escape_string($username); |
|
142 |
+ $password = mysql_real_escape_string($password); |
|
143 |
+ $uid = $_SESSION['userinfo']['uid']; |
|
144 |
+ $query = "UPDATE misc.mysql_accounts SET password=PASSWORD('$password') WHERE username='$username' AND useraccount=$uid;"; |
|
145 |
+ DEBUG($query); |
|
146 |
+ mysql_query($query); |
|
147 |
+ if (mysql_error()) |
|
148 |
+ system_failure(mysql_error()); |
|
149 |
+ |
|
150 |
+} |
|
151 |
+ |
|
152 |
+ |
|
153 |
+?> |
... | ... |
@@ -0,0 +1,167 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/debug.php'); |
|
4 |
+require_once('inc/error.php'); |
|
5 |
+ |
|
6 |
+require_once('inc/db_connect.php'); |
|
7 |
+ |
|
8 |
+define('ROLE_ANONYMOUS', 0); |
|
9 |
+define('ROLE_DOMAINADMIN', 1); |
|
10 |
+define('ROLE_SYSTEMUSER', 2); |
|
11 |
+define('ROLE_CUSTOMER', 3); |
|
12 |
+define('ROLE_SYSADMIN', 4); |
|
13 |
+ |
|
14 |
+ |
|
15 |
+// Gibt die Rolle aus, wenn das Passwort stimmt |
|
16 |
+ |
|
17 |
+function find_role($login, $password) |
|
18 |
+{ |
|
19 |
+ $login = mysql_real_escape_string($login); |
|
20 |
+ // Domain-Admin? <not implemented> |
|
21 |
+ // System-User? |
|
22 |
+ $uid = (int) $login; |
|
23 |
+ if ($uid == 0) |
|
24 |
+ $uid = 'NULL'; |
|
25 |
+ $result = @mysql_query("SELECT passwort AS password FROM system.v_useraccounts LEFT JOIN system.passwoerter USING (uid) WHERE uid={$uid} OR username='{$login}' LIMIT 1;"); |
|
26 |
+ if (mysql_error()) |
|
27 |
+ system_failure(mysql_error()); |
|
28 |
+ if (@mysql_num_rows($result) > 0) |
|
29 |
+ { |
|
30 |
+ $db_password = mysql_fetch_object($result)->password; |
|
31 |
+ $hash = crypt($password, $db_password); |
|
32 |
+ if ($hash == $db_password) |
|
33 |
+ return ROLE_SYSTEMUSER; |
|
34 |
+ } |
|
35 |
+ |
|
36 |
+ // Customer? |
|
37 |
+ $customerno = (int) $login; |
|
38 |
+ $pass = sha1($password); |
|
39 |
+ $result = @mysql_query("SELECT passwort AS password FROM kundendaten.kunden WHERE status=0 AND id={$customerno} AND passwort='{$pass}';"); |
|
40 |
+ if (mysql_error()) |
|
41 |
+ system_failure(mysql_error()); |
|
42 |
+ if (@mysql_num_rows($result) > 0) |
|
43 |
+ { |
|
44 |
+ return ROLE_CUSTOMER; |
|
45 |
+ } |
|
46 |
+ |
|
47 |
+ // Nothing? |
|
48 |
+ return NULL; |
|
49 |
+} |
|
50 |
+ |
|
51 |
+ |
|
52 |
+function get_customer_info($customerno) |
|
53 |
+{ |
|
54 |
+ $ret = array(); |
|
55 |
+ $customerno = (int) $customerno; |
|
56 |
+ $query = "SELECT id, anrede, firma, CONCAT_WS(' ', vorname, nachname) AS name FROM kundendaten.kunden WHERE id={$customerno} LIMIT 1;"; |
|
57 |
+ $result = @mysql_query($query); |
|
58 |
+ if (mysql_error()) |
|
59 |
+ system_failure(mysql_error()); |
|
60 |
+ if (@mysql_num_rows($result) == 0) |
|
61 |
+ system_failure("Konnte Kundendaten nicht auslesen!"); |
|
62 |
+ $data = mysql_fetch_object($result); |
|
63 |
+ |
|
64 |
+ $ret['customerno'] = $data->id; |
|
65 |
+ $ret['title'] = $data->anrede; |
|
66 |
+ $ret['company'] = $data->firma; |
|
67 |
+ $ret['name'] = $data->name; |
|
68 |
+ |
|
69 |
+ return $ret; |
|
70 |
+} |
|
71 |
+ |
|
72 |
+ |
|
73 |
+function get_customer_email($customerno) |
|
74 |
+{ |
|
75 |
+ $customerno = (int) $customerno; |
|
76 |
+ $query = "SELECT wert FROM kundendaten.kundenkontakt WHERE kundennr={$customerno} AND typ='email' LIMIT 1;"; |
|
77 |
+ $result = @mysql_query($query); |
|
78 |
+ if (mysql_error()) |
|
79 |
+ system_failure(mysql_error()); |
|
80 |
+ if (@mysql_num_rows($result) == 0) |
|
81 |
+ system_failure("Konnte keine E-Mail-Adresse finden!"); |
|
82 |
+ return mysql_fetch_object($result)->wert; |
|
83 |
+} |
|
84 |
+ |
|
85 |
+ |
|
86 |
+ |
|
87 |
+function get_user_info($username) |
|
88 |
+{ |
|
89 |
+ $username = mysql_real_escape_string($username); |
|
90 |
+ $query = "SELECT kunde AS customerno, username, uid, homedir, name |
|
91 |
+ FROM system.v_useraccounts WHERE username='{$username}' OR uid='{$username}' LIMIT 1"; |
|
92 |
+ $result = @mysql_query($query); |
|
93 |
+ if (mysql_error()) |
|
94 |
+ system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
95 |
+ if (mysql_num_rows($result) < 1) |
|
96 |
+ system_failure('Das Auslesen Ihrer Benutzerdaten ist fehlgeschlagen. Bitte melden Sie dies einem Administrator'); |
|
97 |
+ $val = @mysql_fetch_object($result); |
|
98 |
+ return array( |
|
99 |
+ 'username' => $val->username, |
|
100 |
+ 'customerno' => $val->customerno, |
|
101 |
+ 'uid' => $val->uid, |
|
102 |
+ 'homedir' => $val->homedir, |
|
103 |
+ 'name' => $val->name, |
|
104 |
+ ); |
|
105 |
+} |
|
106 |
+ |
|
107 |
+function set_customer_password($customerno, $newpass) |
|
108 |
+{ |
|
109 |
+ $customerno = (int) $customerno; |
|
110 |
+ $newpass = sha1($newpass); |
|
111 |
+ $query = "UPDATE kundendaten.kunden SET passwort='$newpass' WHERE id='".$customerno."' LIMIT 1"; |
|
112 |
+ @mysql_query($query); |
|
113 |
+ if (mysql_error()) |
|
114 |
+ system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
115 |
+ |
|
116 |
+} |
|
117 |
+ |
|
118 |
+ |
|
119 |
+function set_systemuser_password($uid, $newpass) |
|
120 |
+{ |
|
121 |
+ $uid = (int) $uid; |
|
122 |
+ require_once('inc/base.php'); |
|
123 |
+ $salt = random_string(8); |
|
124 |
+ $newpass = crypt($newpass, "\$1\${$salt}\$"); |
|
125 |
+ $query = "UPDATE system.passwoerter SET passwort='$newpass' WHERE uid='".$uid."' LIMIT 1"; |
|
126 |
+ @mysql_query($query); |
|
127 |
+ if (mysql_error()) |
|
128 |
+ system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
129 |
+} |
|
130 |
+ |
|
131 |
+ |
|
132 |
+/* |
|
133 |
+function save_userdata($arr) |
|
134 |
+{ |
|
135 |
+ global $user; |
|
136 |
+ |
|
137 |
+ $rules = array(); |
|
138 |
+ |
|
139 |
+ if (isset($arr['email'])) { |
|
140 |
+ if (!preg_match('/[a-zA-Z0-9=+._%@-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}/', $arr['email'])) { |
|
141 |
+ input_error('Ihre eMail-Adresse enthält Syntax-Fehler!'); |
|
142 |
+ return false; |
|
143 |
+ } |
|
144 |
+ array_push($rules, "`email`='".$arr['email']."'"); |
|
145 |
+ } |
|
146 |
+ |
|
147 |
+ if (isset($arr['emergency_email'])) { |
|
148 |
+ if ($arr['emergency_email'] == '') { |
|
149 |
+ warning("Sie können zwar Ihre Notfall-eMail-Adresse löschen, allerdings werden Sie dann bei Störungen <strong>nicht</strong> mehr benachrichtigt!"); |
|
150 |
+ } |
|
151 |
+ elseif (!preg_match('/[a-zA-Z0-9=+._%@-]+@[a-zA-Z0-9.-]+\.[a-z]{2,6}/', $arr['emergency_email'])) { |
|
152 |
+ input_error('Ihre eMail-Adresse enthält Syntax-Fehler!'); |
|
153 |
+ return false; |
|
154 |
+ } |
|
155 |
+ array_push($rules, "`emergency_email`='".$arr['emergency_email']."'"); |
|
156 |
+ } |
|
157 |
+ |
|
158 |
+ $query = "UPDATE customers SET ".implode(',', $rules)." WHERE id='".$user['customerno']."'"; |
|
159 |
+ mysql_query($query); |
|
160 |
+ if (mysql_error()) |
|
161 |
+ system_failure('Beim Datenbankzugriff ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
162 |
+ return true; |
|
163 |
+} |
|
164 |
+ |
|
165 |
+*/ |
|
166 |
+ |
|
167 |
+?> |
... | ... |
@@ -0,0 +1,58 @@ |
1 |
+<?php |
|
2 |
+/* |
|
3 |
+ |
|
4 |
+ Session-Start-Script wird vom dispatcher eingebunden |
|
5 |
+ |
|
6 |
+*/ |
|
7 |
+ |
|
8 |
+require_once('session/checkuser.php'); |
|
9 |
+require_once('inc/error.php'); |
|
10 |
+require_once('inc/debug.php'); |
|
11 |
+ |
|
12 |
+if (!session_start()) |
|
13 |
+ system_failure('Die Sitzung konnte nicht gestartet werden, bitte benachrichtigen Sie den Administrator!'); |
|
14 |
+ |
|
15 |
+ |
|
16 |
+DEBUG("<pre>POST-DATA: ".htmlentities(print_r($_POST, true))."\nSESSION_DATA: ".htmlentities(print_r($_SESSION, true))."</pre>"); |
|
17 |
+ |
|
18 |
+if (isset($_POST['username']) && isset($_POST['password'])) |
|
19 |
+{ |
|
20 |
+ $role = find_role($_POST['username'], $_POST['password']); |
|
21 |
+ if ($role === NULL) |
|
22 |
+ { |
|
23 |
+ $_SESSION['role'] = ROLE_ANONYMOUS; |
|
24 |
+ login_screen('Ihre Anmeldung konnte nicht durchgeführt werden. Vermutlich haben Sie falsche Zugangsdaten eingegeben.'); |
|
25 |
+ } |
|
26 |
+ else |
|
27 |
+ { |
|
28 |
+ session_regenerate_id(); |
|
29 |
+ $_SESSION['role'] = $role; |
|
30 |
+ |
|
31 |
+ switch ($role) |
|
32 |
+ { |
|
33 |
+ case ROLE_SYSTEMUSER: |
|
34 |
+ $info = get_user_info($_POST['username']); |
|
35 |
+ $_SESSION['userinfo'] = $info; |
|
36 |
+ break; |
|
37 |
+ case ROLE_CUSTOMER: |
|
38 |
+ $info = get_customer_info($_POST['username']); |
|
39 |
+ $_SESSION['customerinfo'] = $info; |
|
40 |
+ break; |
|
41 |
+ } |
|
42 |
+ } |
|
43 |
+ unset($_POST['username']); |
|
44 |
+ unset($_POST['password']); |
|
45 |
+} |
|
46 |
+ |
|
47 |
+elseif (isset($_SESSION['role'])) |
|
48 |
+{ |
|
49 |
+ /* User ist eingeloggt (aber vielleicht als ROLE_ANONYMOUS!) */ |
|
50 |
+} |
|
51 |
+ |
|
52 |
+else |
|
53 |
+{ |
|
54 |
+ $_SESSION['role'] = ROLE_ANONYMOUS; |
|
55 |
+} |
|
56 |
+// Wenn wir hier sind, ist der Benutzer eingeloggt. Möglicherweise nur als ANONYMOUS |
|
57 |
+ |
|
58 |
+?> |
... | ... |
@@ -0,0 +1,71 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('session/start.php'); |
|
4 |
+/* |
|
5 |
+require_once('inc/announcement.php'); |
|
6 |
+ |
|
7 |
+ |
|
8 |
+if (isset($_POST['submit'])) |
|
9 |
+{ |
|
10 |
+ if (save_announcement_tags()) |
|
11 |
+ header("Location: userdata.php"); |
|
12 |
+} |
|
13 |
+ #if (save_userdata(array('email' => $_POST['email'], 'emergency_email' => $_POST['emergency_email']))) |
|
14 |
+ # header("Location: userdata.php"); |
|
15 |
+*/ |
|
16 |
+$section = "userdata"; |
|
17 |
+$title = "Benutzer-Stammdaten"; |
|
18 |
+include('inc/top.php'); |
|
19 |
+ |
|
20 |
+echo '<h3>Benutzer-Stammdaten</h3> |
|
21 |
+<p>Diese Seite ist momentan leider nicht verfügbar. Sollten Sie Änderungen an Ihren hinterlegten E-Mail-Adressen wünschen, teilen Sie uns das bitte per E-Mail mit.</p>'; |
|
22 |
+ |
|
23 |
+echo '<h3>Stammdaten</h3> |
|
24 |
+<p>Folgende Daten sind momentan bei uns hinterlegt:</p> |
|
25 |
+<table> |
|
26 |
+<tr><td>Benutzername:</td><td>'.$user['username'].'</td></tr> |
|
27 |
+<tr><td>Vollständiger Name:</td><td>'.$user['realname'].'</td></tr> |
|
28 |
+<tr><td>E-Mail-Adresse:</td><td>'.$user['email'].'</td></tr> |
|
29 |
+<tr><td>Notfall E-Mail-Adresse:</td><td>'.$user['emergency_email'].'</td></tr> |
|
30 |
+</table> |
|
31 |
+'; |
|
32 |
+/* |
|
33 |
+echo '<h3>Benachrichtigungen</h3> |
|
34 |
+<p>Hier können Sie festlegen, welche Nachrichten Sie von uns erhalten möchten. Bis auf schwerwiegende Nachrichten die alle Benutzer betreffen, versehen wir unsere Mitteilungen immer mit einer Angabe, welche Benutzergruppe die Nachrichten erhalten soll. Hier können Sie festlegen, welche Nachrichten Sie bekommen möchten.</p> |
|
35 |
+<p>Mit dem Schwellenwert können Sie festlegen, ab welcher Relevanz Sie Informationen erhalten möchten. So können Sie festlegen, ob Sie z.B. auch bei einem routinemäßigen Software-Update benachrichtigt werden oder nur wenn es nötig ist, dass Sie selbst handeln.</p> |
|
36 |
+'; |
|
37 |
+echo '<form method="post"> |
|
38 |
+<table> |
|
39 |
+<tr><th> </th><th>Beschreibung</th><th>Schwellenwert</th></tr> |
|
40 |
+'; |
|
41 |
+$tags = get_all_tags(); |
|
42 |
+$usertags = get_customer_tags($user['customerno']); |
|
43 |
+foreach ($tags as $tag) |
|
44 |
+{ |
|
45 |
+ echo '<tr><td><input type="checkbox" name="tag[]" value="'.$tag['name'].'"'; |
|
46 |
+ if (in_array($tag['name'], array_keys($usertags))) |
|
47 |
+ echo ' checked="checked"'; |
|
48 |
+ echo ' /></td><td>'.$tag['desc'].'</td><td><select name="verbosity_'.$tag['name'].'">'; |
|
49 |
+ if (!isset($usertags[$tag['name']])) |
|
50 |
+ $usertags[$tag['name']] = 1; |
|
51 |
+ for ($verb = 0; $verb < 4; $verb++) |
|
52 |
+ { |
|
53 |
+ echo '<option value="'.$verb.'"'; |
|
54 |
+ if ($verb == $usertags[$tag['name']]) |
|
55 |
+ echo ' selected="selected"'; |
|
56 |
+ echo '>'.$tag['verb'.$verb].'</option> |
|
57 |
+'; |
|
58 |
+ } |
|
59 |
+ echo '</select></td></tr> |
|
60 |
+'; |
|
61 |
+} |
|
62 |
+echo '</table> |
|
63 |
+<p><input type="submit" name="submit" value="Änderungen speichern" /></p> |
|
64 |
+</form>'; |
|
65 |
+*/ |
|
66 |
+ |
|
67 |
+include('inc/bottom.php'); |
|
68 |
+ |
|
69 |
+ |
|
70 |
+ |
|
71 |
+?> |
|
0 | 72 |