GitList
Browse code

webinterface => /webinterface

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@362 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on 27/03/2007 07:40:51
Showing 34 changed files
.htaccess
History View file @ defbfa5
1 1 
new file mode 100644
... ... 
@@ -0,0 +1,12 @@
1 
+<Files config.php >
2 
+  Order allow,deny
3 
+  Deny from all
4 
+</Files>
5 
+
6 
+RewriteEngine On
7 
+RewriteRule ^go/(.*)$  dispatch.php?go=$1&%{QUERY_STRING}
8 
+
9 
+
10 
+#Order deny,allow
11 
+#Allow from 2001:8d8:81:1310:1:1:2:42
12 
+#Deny from all
css/admin.css
History View file @ defbfa5
0 13 
new file mode 100644
... ... 
@@ -0,0 +1,146 @@
1 
+body {
2 
+        font-family: Verdana, Arial, Helvetica;
3 
+        font-size: 12px;
4 
+        color: #000000;
5 
+        background-color: #EFEFEF;
6 
+}
7 
+
8 
+
9 
+div.error {
10 
+        color: #FF0000;
11 
+        border: 2px solid #000000;
12 
+        background-color: #FFFFFF;
13 
+        margin: 10px;
14 
+        padding: 10px;
15 
+}
16 
+
17 
+div.success {
18 
+        color: #282;
19 
+        border: 2px solid #282;
20 
+        background-color: #FFFFFF;
21 
+        margin: 5px;
22 
+        padding: 5px;
23 
+        font-weight: bold;
24 
+}
25 
+
26 
+p.warning {
27 
+        padding: 4px;
28 
+        color: #000000;
29 
+        border: 1px solid #FF0000;
30 
+        background-color: #FFFFFF;
31 
+}
32 
+
33 
+
34 
+span.login_label {
35 
+        display: block;
36 
+        float: left;
37 
+        width: 130px;
38 
+}
39 
+
40 
+input[type=text],input[type=password],textarea,select {
41 
+        border: 1px solid black;
42 
+        padding: 3px;
43 
+        }
44 
+
45 
+input[type=text]:focus,input[type=password]:focus,textarea:focus {
46 
+        border: 1px solid red;
47 
+        background-color: #FFFFFF;
48 
+        }
49 
+
50 
+
51 
+
52 
+
53 
+
54 
+div.menu {
55 
+        width: 190px;
56 
+        float: left;
57 
+
58 
+}
59 
+
60 
+
61 
+a.menuitem {
62 
+        display: block;
63 
+        padding: 4px;
64 
+        margin: 3px;
65 
+        text-decoration: none;
66 
+        color: #000000;
67 
+}
68 
+
69 
+a.active {
70 
+        padding: 3px;
71 
+        border: 1px solid #000000;
72 
+}
73 
+
74 
+a.menuitem:hover {
75 
+        padding: 3px;
76 
+        border: 1px dotted #000000;
77 
+        text-decoration: none;
78 
+        color: #000000;
79 
+}
80 
+
81 
+
82 
+div#beta {
83 
+  clear: both;
84 
+        padding: 4px;
85 
+        color: #000000;
86 
+        border: 1px solid #FF0000;
87 
+        background-color: #FFFFFF;
88 
+        margin-bottom: 1em;
89 
+}
90 
+
91 
+div#beta p {
92 
+  padding: 0;
93 
+  margin: 0;
94 
+  margin-top: 0.3em;
95 
+}
96 
+
97 
+div#beta h3 {
98 
+  padding: 0;
99 
+  margin: 0;
100 
+}
101 
+
102 
+
103 
+div.content {
104 
+        margin-left: 200px;
105 
+        padding-left: 10px;
106 
+        border-left: 1px solid #000000;
107 
+}
108 
+
109 
+
110 
+div.foot {
111 
+        border-top: 2px dotted #000000;
112 
+        font-size: 90%;
113 
+}
114 
+
115 
+
116 
+h3 {
117 
+        border-bottom: 2px dotted #000000;
118 
+}
119 
+
120 
+
121 
+ul {
122 
+        margin-bottom: 10px;
123 
+}
124 
+
125 
+table {
126 
+        border-collapse: collapse;
127 
+}
128 
+
129 
+td {
130 
+        border: 1px solid black;
131 
+        padding: 0.5em;
132 
+}
133 
+
134 
+th {
135 
+  padding: 0px 1em;
136 
+}
137 
+
138 
+a {
139 
+  text-decoration: none;
140 
+  font-weight: bold;
141 
+
142 
+}
143 
+
144 
+a:hover {
145 
+  text-decoration: underline;
146 
+}
dispatch.php
History View file @ defbfa5
0 147 
new file mode 100644
... ... 
@@ -0,0 +1,45 @@
1 
+<?php
2 
+
3 
+require_once('inc/debug.php');
4 
+$go = $_GET['go'];
5 
+
6 
+/*
7 
+ sanitize $go
8 
+*/
9 
+
10 
+if (strstr($go, "..") or strstr($go, "./") or strstr($go, ":") or (! file_exists("modules/$go")))
11 
+{
12 
+  die("illegal command");
13 
+}
14 
+
15 
+
16 
+/*
17 
+ contruct prefix
18 
+*/
19 
+
20 
+global $prefix;
21 
+$prefix = "../";
22 
+$count = 0;
23 
+str_replace("/", "x", $go, $count);
24 
+
25 
+$prefix = $prefix.str_repeat("../", $count);
26 
+
27 
+
28 
+require_once('session/start.php');
29 
+
30 
+$output = "";
31 
+include("inc/base.php");
32 
+/* setup module include path */
33 
+ini_set('include_path',ini_get('include_path').':./modules/'.dirname($go).'/include:');
34 
+
35 
+/* Let the module work */
36 
+include("modules/".$go);
37 
+
38 
+$section = str_replace("/", "_", str_replace(".php", "", $go));
39 
+
40 
+include('inc/top.php');
41 
+print $output;
42 
+include('inc/bottom.php');
43 
+
44 
+
45 
+?>
error.html
History View file @ defbfa5
0 46 
new file mode 100644
... ... 
@@ -0,0 +1,8 @@
1 
+<html>
2 
+<head>
3 
+<title>Ausser Betrieb</title>
4 
+</head>
5 
+<body>
6 
+<p>Diese Seite steht im Moment nicht zur Verfügung, kommt aber bald wieder.</p>
7 
+</body>
8 
+</html>
images/delete.png
History View file @ defbfa5
0 9 
new file mode 100644
1 10 
Binary files /dev/null and b/images/delete.png differ
images/schokokeks.png
History View file @ defbfa5
2 11 
new file mode 100644
3 12 
Binary files /dev/null and b/images/schokokeks.png differ
inc/base.php
History View file @ defbfa5
4 13 
new file mode 100644
... ... 
@@ -0,0 +1,45 @@
1 
+<?php
2 
+
3 
+function output($arg)
4 
+{
5 
+  global $output;
6 
+  $output .= $arg;
7 
+}
8 
+
9 
+
10 
+function random_string($nc, $a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') {
11 
+    $l=strlen($a)-1; $r='';
12 
+    while($nc-->0) $r.=$a{mt_rand(0,$l)};
13 
+    return $r;
14 
+ }
15 
+
16 
+
17 
+function are_you_sure($query_string, $question)
18 
+{
19 
+  $token = random_string(20);
20 
+  $_SESSION['random_token'] = $token;
21 
+  output("<form action=\"?{$query_string}\" method=\"post\">\n");
22 
+  output("<p class=\"confirmation\">{$question}<br />\n");
23 
+  output("<input type=\"hidden\" name=\"random_token\" value=\"{$token}\" />\n");
24 
+  output("<input type=\"submit\" name=\"really\" value=\"Ja\" />\n<input type=\"submit\" name=\"not_really\" value=\"Nein\" /></p>");
25 
+}
26 
+
27 
+
28 
+function user_is_sure()
29 
+{
30 
+  if (isset($_POST['really']))
31 
+  {
32 
+    if ($_POST['random_token'] == $_SESSION['random_token'])
33 
+      return true;
34 
+    else
35 
+      system_failure("Possible Cross-site-request-forgery detected!");
36 
+  }
37 
+  elseif (isset($_POST['not_really']))
38 
+    return false;
39 
+  else
40 
+    return NULL;
41 
+}
42 
+
43 
+
44 
+
45 
+?>
inc/bottom.php
History View file @ defbfa5
0 46 
new file mode 100644
... ... 
@@ -0,0 +1,25 @@
1 
+<?php
2 
+
3 
+if (! defined ("BOTTOM_INCLUDED"))
4 
+{
5 
+define("BOTTOM_INCLUDED", true);
6 
+?>
7 
+<div class="foot">
8 
+<p>Sollten Sie auf dieser Administrations-Oberfl&auml;che ein Problem entdecken oder Hilfe ben&ouml;tigen, schreiben Sie bitte eine einfache eMail an <a href="mailto:root@schokokeks.org">root@schokokeks.org</a>.</p>
9 
+</div>
10 
+
11 
+</div>
12 
+
13 
+<?php
14 
+/*<div id="beta">
15 
+  <h3>Bitte beachten Sie</h3>
16 
+  <p>Diese Web-Oberfl&auml;che ist im Probe-Betrieb. Es k&ouml;nnte sein, dass manche Funktionen fehlerhaft arbeiten und dabei Daten zerst&ouml;rt werden. Melden Sie bitte etwaige Fehler umgehend an die Administratoren!</p>
17 
+</div>
18 
+*/
19 
+?>
20 
+</body>
21 
+</html>
22 
+
23 
+<?php
24 
+}
25 
+?>
inc/db_connect.php
History View file @ defbfa5
0 26 
new file mode 100644
... ... 
@@ -0,0 +1,16 @@
1 
+<?php
2 
+
3 
+require_once('inc/error.php');
4 
+
5 
+$config = array();
6 
+
7 
+require_once('config.php');
8 
+
9 
+
10 
+if (!@mysql_connect($config['db_host'], $config['db_user'], $config['db_pass']))
11 
+	system_failure('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.');
12 
+
13 
+if (!@mysql_query('SET NAMES utf8'))
14 
+	system_failure('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!');
15 
+
16 
+?>
inc/debug.php
History View file @ defbfa5
0 17 
new file mode 100644
... ... 
@@ -0,0 +1,14 @@
1 
+<?php
2 
+
3 
+$debugmode = false;
4 
+if (isset($_GET['debug']))
5 
+	$debugmode = true;
6 
+
7 
+function DEBUG($str)
8 
+{
9 
+	global $debugmode;
10 
+	if ($debugmode)
11 
+		echo $str."<br />\n";
12 
+}
13 
+
14 
+?>
inc/error.php
History View file @ defbfa5
0 15 
new file mode 100644
... ... 
@@ -0,0 +1,122 @@
1 
+<?php
2 
+
3 
+function system_failure($reason)
4 
+{
5 
+        include('inc/top.php');
6 
+        echo '<div class="error">
7 
+        <h3>Fehler</h3>
8 
+        <p>Es ist ein Fehler aufgetreten: '.$reason.'</p>
9 
+        </div>';
10 
+        include('inc/bottom.php');
11 
+        die();
12 
+}
13 
+
14 
+
15 
+function input_error($reason)
16 
+{
17 
+  global $input_error;
18 
+  if (!isset($input_error))
19 
+    $input_error = array();
20 
+  array_push($input_error, $reason);
21 
+}
22 
+
23 
+function warning($msg)
24 
+{
25 
+  global $warning;
26 
+  if (!isset($warning))
27 
+    $warning = array();
28 
+  array_push($warning, $msg);
29 
+}
30 
+
31 
+function success_msg($msg)
32 
+{
33 
+  global $success_msg;
34 
+  if (!isset($success_msg))
35 
+    $success_msg = array();
36 
+  array_push($success_msg, $msg);
37 
+}
38 
+
39 
+
40 
+function show_messages()
41 
+{
42 
+  global $input_error;
43 
+  global $success_msg;
44 
+  global $warning;
45 
+  if (isset($input_error))
46 
+  {
47 
+    echo '<div class="error">
48 
+    <h3>Fehler</h3>
49 
+    <p>Folgende Fehler wurden festgestellt: </p>
50 
+    <ul>
51 
+    ';
52 
+    foreach ($input_error as $error)
53 
+    {
54 
+      echo '<li>'.$error."</li>\n";
55 
+    }
56 
+    echo '</ul>
57 
+    </div>';
58 
+  }
59 
+  if (isset($warning))
60 
+  {
61 
+    echo '<div class="error">
62 
+    <ul>
63 
+    ';
64 
+    foreach ($warning as $msg)
65 
+    {
66 
+      echo '<li>'.$msg."</li>\n";
67 
+    }
68 
+    echo '</ul>
69 
+    </div>';
70 
+  }
71 
+  if (isset($success_msg))
72 
+  {
73 
+    echo '<div class="success">
74 
+    <ul>
75 
+    ';
76 
+    foreach ($success_msg as $msg)
77 
+    {
78 
+      echo '<li>'.$msg."</li>\n";
79 
+    }
80 
+    echo '</ul>
81 
+    </div>';
82 
+  }
83 
+}
84 
+
85 
+
86 
+function require_role($roles)
87 
+{
88 
+  if (! is_array($roles))
89 
+    $roles = array($roles);
90 
+  $allow = false;
91 
+  foreach ($roles as $role)
92 
+    if ($role == $_SESSION['role'])
93 
+      $allow = true;
94 
+  if (! $allow)
95 
+    login_screen("Diese Seite können Sie mit Ihren aktuellen Zugriffsrechten nicht benutzen, bitte melden Sie sich mit den benötigten Zugriffsrechten an!");
96 
+}
97 
+
98 
+
99 
+function login_screen($why)
100 
+{
101 
+        $title = 'Login';
102 
+        include('inc/top.php');
103 
+        echo '<h3>Sie sind nicht am System angemeldet!</h3>';
104 
+        if ($why != "")
105 
+        {
106 
+                echo '<p class="warning"><b>Fehler:</b> '.$why.'</p>';
107 
+        }
108 
+        echo '<form action="" method="post">
109 
+        <p><span class="login_label">Benutzer<sup>*</sup>:</span> <input type="text" name="username" size="30" /></p>
110 
+        <p><span class="login_label">Passwort:</span> <input type="password" name="password" size="30" /></p>
111 
+        <p><span class="login_label">&nbsp;</span> <input type="submit" value="Anmelden" /></p>
112 
+        </form>
113 
+        <p><sup>*</sup> Sie können sich hier mit Ihrem System-Benutzernamen, Ihrer System-User-ID oder Ihrer Kundennummer anmelden. Je nach gewählten Daten erhalten Sie unterschiedliche Zugriffsrechte.</p>
114 
+        <p>Sofern Sie für Ihren Kundenaccount noch kein Passwort festgelegt haben oder Ihres vergessen haben, klicken Sie bitte <a href="new_password.php">hier</a></p>
115 
+        <p>Sollten Sie als Benutzer Ihr Passwort vergessen haben, wenden Sie sich bitte an den Inhaber des Kundenaccounts.</p>';
116 
+        include('inc/bottom.php');
117 
+        die();
118 
+
119 
+}
120 
+
121 
+
122 
+?>
inc/top.php
History View file @ defbfa5
0 123 
new file mode 100644
... ... 
@@ -0,0 +1,128 @@
1 
+<?php
2 
+
3 
+if (! defined("TOP_INCLUDED"))
4 
+{
5 
+
6 
+define("TOP_INCLUDED", true);
7 
+
8 
+require_once("config.php");
9 
+global $config;
10 
+require_once("inc/error.php");
11 
+global $prefix;
12 
+
13 
+$menuitem = array();
14 
+$weighted_menuitem = array();
15 
+
16 
+foreach ($config['modules'] as $module)
17 
+{
18 
+  $menu = array();
19 
+  include("modules/$module/menu.php");
20 
+  // $menu["foo"]["file"] enthält den Link
21 
+  foreach (array_keys($menu) as $key)
22 
+  {
23 
+    $menu[$key]["file"] = $prefix."go/".$module."/".$menu[$key]["file"];
24 
+    $weight = $menu[$key]["weight"];
25 
+    if (array_key_exists($weight, $weighted_menuitem))
26 
+      array_merge($weighted_menuitem[$weight], array($key => $menu[$key]));
27 
+    else
28 
+      $weighted_menuitem[$weight] = array($key => $menu[$key]);
29 
+  }
30 
+  $menuitem = array_merge($menuitem, $menu);
31 
+}
32 
+
33 
+ksort($weighted_menuitem);
34 
+DEBUG(print_r($weighted_menuitem, true));
35 
+
36 
+
37 
+
38 
+/*
39 
+$menuitem["index"]["label"] = "&Uuml;bersicht";
40 
+$menuitem["index"]["file"] = "index.php";
41 
+
42 
+
43 
+$menuitem["domains"]["label"] = "Domains";
44 
+$menuitem["domains"]["file"] = "domains.php";
45 
+
46 
+
47 
+$menuitem["mail"]["label"] = "E-Mail";
48 
+$menuitem["mail"]["file"] = "mail.php";
49 
+
50 
+$menuitem["chpass"]["label"] = "Passwort &auml;ndern";
51 
+$menuitem["chpass"]["file"] = "chpass.php";
52 
+
53 
+
54 
+$menuitem["logout"]["label"] = "Abmelden";
55 
+$menuitem["logout"]["file"] = "logout.php";
56 
+
57 
+*/
58 
+
59 
+
60 
+?>
61 
+
62 
+
63 
+<?php echo '<?xml version="1.0" encoding="utf-8"?>'; ?>
64 
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
65 
+    "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
66 
+
67 
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de">
68 
+<head>
69 
+
70 
+<?php
71 
+if ($title != "")
72 
+        echo '<title>Administration - '.$title.'</title>';
73 
+else
74 
+        echo '<title>Administration</title>';
75 
+
76 
+echo '
77 
+<link rel="stylesheet" href="'.$prefix.'css/admin.css" type="text/css" media="screen" title="Normal" />'
78 
+?>
79 
+
80 
+</head>
81 
+<body>
82 
+
83 
+
84 
+<div class="menu">
85 
+<img src="<?php echo $prefix; ?>images/schokokeks.png" width="190" height="136" alt="schokokeks.org" />
86 
+
87 
+<?php
88 
+
89 
+  foreach ($weighted_menuitem as $key => $menuitem)
90 
+        foreach ($menuitem as $key => $item)
91 
+        {
92 
+                if ($key == $section)
93 
+                {
94 
+                        echo '<a href="'.$item['file'].'" class="menuitem active">'.$item['label'].'</a>'."\n";
95 
+                        if (isset($submenu[$key]))
96 
+                        {
97 
+                                echo "\n";
98 
+                                foreach ($submenu[$key] as $item)
99 
+                                {
100 
+                                        if (basename($_SERVER['PHP_SELF']) == basename($item['file']))
101 
+                                                echo '<a href="'.$item['file'].'" class="submenuitem subactive">'.$item['label'].'</a>'."\n";
102 
+                                        else
103 
+                                                echo '<a href="'.$item['file'].'" class="submenuitem">'.$item['label'].'</a>'."\n";
104 
+                                }
105 
+                                echo "\n";
106 
+                        }
107 
+                }
108 
+                else
109 
+                        echo '<a href="'.$item['file'].'" class="menuitem">'.$item['label'].'</a>'."\n";
110 
+
111 
+        }
112 
+
113 
+?>
114 
+
115 
+</div>
116 
+
117 
+<div class="content">
118 
+
119 
+<?php
120 
+show_messages();
121 
+
122 
+}
123 
+
124 
+?>
125 
+
126 
+
127 
+
128 
+
index.php
History View file @ defbfa5
0 129 
new file mode 100644
... ... 
@@ -0,0 +1,5 @@
1 
+<?php
2 
+
3 
+header("Location: go/index/index.php");
4 
+?>
5 
+
modules/domains/domains.php
History View file @ defbfa5
0 6 
new file mode 100644
... ... 
@@ -0,0 +1,42 @@
1 
+<?php
2 
+
3 
+require_once('inc/debug.php');
4 
+
5 
+require_once('session/start.php');
6 
+
7 
+require_once('domains.php');
8 
+
9 
+require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER));
10 
+
11 
+switch ($_SESSION['role'])
12 
+{
13 
+  case ROLE_SYSTEMUSER:
14 
+    $user_domains = get_domain_names($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']);
15 
+    $info = 'userinfo';
16 
+    break;
17 
+  case ROLE_CUSTOMER:
18 
+    $user_domains = get_domain_names($_SESSION['customerinfo']['customerno']);
19 
+    break;
20 
+  default:
21 
+    $info = NULL;
22 
+    break;
23 
+}
24 
+
25 
+$title = "Domainüberblick";
26 
+
27 
+output('<h3>Domains</h3>
28 
+<p>In Ihrem Account werden die folgenden Domains verwaltet:</p>
29 
+<table>
30 
+<tr><th>Domainname</th><th>Reg-Datum</th><th>Kündigungsdatum</th></tr>
31 
+');
32 
+foreach ($user_domains as $domain)
33 
+{
34 
+  $canc = $domain['cancel_date'];
35 
+  output("  <tr><td><a href=\"http://www.{$domain['domainname']}\">{$domain['domainname']}</a></td><td>{$domain['reg_date']}</td><td>{$canc}</td></tr>\n");
36 
+}
37 
+output('</table>');
38 
+output("<br />");
39 
+
40 
+
41 
+
42 
+?>
modules/domains/include/domains.php
History View file @ defbfa5
0 43 
new file mode 100644
... ... 
@@ -0,0 +1,62 @@
1 
+<?php
2 
+
3 
+require_once('inc/db_connect.php');
4 
+require_once('inc/debug.php');
5 
+
6 
+function get_domain_names($customerno, $uid = NULL)
7 
+{
8 
+  $customerno = (int) $customerno;
9 
+  $query = "SELECT id,CONCAT_WS('.', domainname, tld) AS domainname, registrierungsdatum, kuendigungsdatum FROM kundendaten.domains WHERE";
10 
+  if ($uid !== NULL)
11 
+  {
12 
+    $uid = (int) $uid;
13 
+    $query .= " useraccount={$uid};";
14 
+  }
15 
+  else
16 
+  {
17 
+    $query .= " kunde={$customerno};";
18 
+  }
19 
+  DEBUG('Datenbank-Query (get_domain_names): '.$query."<br />\n");
20 
+
21 
+  $result = @mysql_query($query);
22 
+  if (@mysql_error())
23 
+    system_failure('Die Domains zu Ihrem Account konnten nicht ermittelt werden. Bitte melden Sie diesen Fehler an einen Administrator. Die Fehlermeldung der Datenbank ist: '.mysql_error());
24 
+
25 
+  $domains = array();
26 
+  DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n");
27 
+  if (mysql_num_rows($result) > 0)
28 
+    while ($domain = mysql_fetch_object($result))
29 
+      array_push($domains, array('id' => $domain->id,
30 
+                              'domainname'  => $domain->domainname,
31 
+                              'reg_date' => $domain->registrierungsdatum,
32 
+                              'cancel_date' => $domain->kuendigungsdatum));
33 
+
34 
+	return $domains;
35 
+}
36 
+
37 
+
38 
+/*
39 
+function get_mail_virtualdomain($domain)
40 
+{
41 
+	$config = array();
42 
+	$lines = file('/home/webadmin/cache/virtualdomains');
43 
+	foreach ($lines as $line)
44 
+	{
45 
+		$line = chop($line);
46 
+		$fields = explode(':', $line, 3);
47 
+		if ($fields[0] == $domain)
48 
+			array_push($config, array('subdomain' => '',
49 
+						'user' => $fields[1],
50 
+						'prefix' => $fields[2]));
51 
+		if (ereg('^.*\.'.$domain, $fields[0]))
52 
+			array_push($config, array('subdomain' => ereg_replace('^(.*)\.'.$domain, '\1', $fields[0]),
53 
+						'user' => $fields[1],
54 
+						'prefix' => $fields[2]));
55 
+	}
56 
+	return $config;
57 
+}
58 
+*/
59 
+
60 
+
61 
+
62 
+?>
modules/domains/menu.php
History View file @ defbfa5
0 63 
new file mode 100644
... ... 
@@ -0,0 +1,14 @@
1 
+<?php
2 
+
3 
+$role = $_SESSION['role'];
4 
+
5 
+switch ($role)
6 
+{
7 
+  case ROLE_ANONYMOUS:
8 
+    break;
9 
+  default:
10 
+    $menu["domains_domains"] = array("label" => "Domains", "file" => "domains.php", "weight" => 1);
11 
+
12 
+}
13 
+
14 
+?>
modules/imap/accounts.php
History View file @ defbfa5
0 15 
new file mode 100644
... ... 
@@ -0,0 +1,216 @@
1 
+<?php
2 
+
3 
+require_once('session/start.php');
4 
+
5 
+require_once('domains.php');
6 
+require_once('mailaccounts.php');
7 
+
8 
+require_role(ROLE_SYSTEMUSER);
9 
+
10 
+$user = $_SESSION['userinfo'];
11 
+
12 
+$param = '';
13 
+if ($debugmode)
14 
+        $param="debug";
15 
+
16 
+$title = "E-Mail-Accounts";
17 
+
18 
+
19 
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true)));
20 
+if (isset($_GET['action']) && $_GET['action'] == 'save')
21 
+{
22 
+  if (isset($_GET['id']))
23 
+  {
24 
+    $account = $_POST['user'].'@'.$_POST['domain'];
25 
+    if (isset($_POST['enabled']) && $_POST['enabled'] == 'true')
26 
+      $enabled = 'Y';
27 
+    else
28 
+      $enabled = 'N';
29 
+    $acc = array('id' => $_GET['id'], 'account' => $account, 'mailbox' => $_POST['mailbox'], 'enabled' => $enabled);
30 
+    if ($_POST['password'] != '')
31 
+      $acc['password'] = $_POST['password'];
32 
+    $error = check_valid($acc);
33 
+    if ($error != "")
34 
+    {
35 
+      input_error($error);
36 
+      $section = "mail";
37 
+      $title = "E-Mail-Accounts";
38 
+      output("");
39 
+    }
40 
+    else
41 
+    {
42 
+      change_mailaccount($_GET['id'], $acc);
43 
+      if (! $debugmode)
44 
+        header('Location: accounts.php');
45 
+      die();
46 
+    }
47 
+  }
48 
+  elseif (isset($_POST['create']))
49 
+  {
50 
+    $account = $_POST['user'].'@'.$_POST['domain'];
51 
+    if (isset($_POST['enabled']) && $_POST['enabled'] == 'true')
52 
+      $enabled = 'Y';
53 
+    else
54 
+      $enabled = 'N';
55 
+    $acc = array('account' => $account, 'mailbox' => $_POST['mailbox'], 'enabled' => $enabled);
56 
+    if ($_POST['password'] != '')
57 
+      $acc['password'] = $_POST['password'];
58 
+    $error = check_valid($acc);
59 
+    if ($error != "")
60 
+    {
61 
+      input_error($error);
62 
+      output("");
63 
+    }
64 
+    else
65 
+    {
66 
+      create_mailaccount($acc);
67 
+      if (! $debugmode)
68 
+        header('Location: accounts.php');
69 
+      die();
70 
+    }
71 
+  }
72 
+}
73 
+elseif (isset($_GET['action']) && $_GET['action'] == 'create')
74 
+{
75 
+  output('<h3>E-Mail-Account anlegen</h3>
76 
+<p>Hier k&ouml;nnen Sie ein neues POP3/IMAP-Konto anlegen.</p>
77 
+  <form action="accounts.php?action=save&'.$param.'" method="post">
78 
+  <table style="margin-bottom: 1em;">
79 
+  <tr><th>Einstellung:</th><th>Wert:</th><th>&nbsp;</th></tr>
80 
+  <tr>
81 
+    <td>Benutzername:</td>
82 
+    <td><input type="text" id="user" name="user" />@<select name="domain" size="1">
83 
+    <option value="schokokeks.org">schokokeks.org</option>
84 
+    ');
85 
+    require_once('domains.php');
86 
+    $domains = get_domain_names($user['customerno'], $user['uid']);
87 
+    if (count($domains) > 0)
88 
+      output('<option>----------------------------</option>');
89 
+    foreach ($domains as $dom)
90 
+      output('<option value="'.$dom['domainname'].'">'.$dom['domainname'].'</option>');
91 
+    output('</select></td>
92 
+
93 
+  </tr>
94 
+  <tr>
95 
+    <td>Mailbox:</td>
96 
+    <td><input type="text" id="mailbox" name="mailbox" value="'.$user['homedir'].'/" /></td>
97 
+  </tr>
98 
+  <tr>
99 
+    <td>Passwort:</td>
100 
+    <td><input type="password" id="password" name="password" value="" /></td>
101 
+  </tr>
102 
+  <tr>
103 
+    <td>Account sofort aktivieren:</td>
104 
+    <td><input type="checkbox" id="enabled" name="enabled" value="true" /></td>
105 
+  </tr>
106 
+  </table>
107 
+  <p><input type="submit" name="create" value="Anlegen" /><br />
108 
+  </form>
109 
+  ');
110 
+}
111 
+elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && $_GET['account'] != '')
112 
+{
113 
+  if ($_POST['confirm'] == 'yes')
114 
+  {
115 
+    delete_mailaccount($_GET['account']);
116 
+    if (! $debugmode)
117 
+      header('Location: accounts.php');
118 
+    die();
119 
+  }
120 
+  else
121 
+  {
122 
+    output('<h3>E-Mail-Account l&ouml;schen</h3>
123 
+    <p>Soll der folgende Account wirklich gel&ouml;scht werden?</p>
124 
+    ');
125 
+    $_GET['account'] = (int) $_GET['account'];
126 
+    $account = get_mailaccount($_GET['account']);
127 
+    $enabled = ($account['enabled'] ? 'Ja' : 'Nein');
128 
+    output('<form action="accounts.php?action=delete&amp;account='.$_GET['account'].'&amp;'.$param.'" method="post">
129 
+    <table style="margin-bottom: 1em;">
130 
+    <tr><td>Benutzername:</td>
131 
+      <td>'.$account['account'].'</td>
132 
+    </tr>
133 
+    <tr><td>Mailbox:</td>
134 
+      <td>'.$account['mailbox'].'</td>
135 
+    </tr>
136 
+    <tr><td>Konto aktiv:</td>
137 
+      <td>'.$enabled.'</td>
138 
+  </table>
139 
+  <p><input type="hidden" name="confirm" value="yes" />
140 
+    <input type="submit" value="Wirklich l&ouml;schen" />
141 
+  </p>
142 
+  </form>
143 
+  ');
144 
+  }
145 
+}
146 
+elseif (isset($_GET['edit']))
147 
+{
148 
+  output('<h3>E-Mail-Account bearbeiten</h3>
149 
+<p>Hier k&ouml;nnen Sie die Einstellungen des IMAP-Kontos bearbeiten.</p>
150 
+');
151 
+  $_GET['edit'] = (int) $_GET['edit'];
152 
+  $account = get_mailaccount($_GET['edit']);
153 
+  list($username, $domain) = explode('@', $account['account'], 2);
154 
+  $enabled = ($account['enabled'] ? ' checked="checked"' : '');
155 
+  output('<form action="accounts.php?action=save&amp;id='.$_GET['edit'].'&amp;'.$param.'" method="post">
156 
+  <table style="margin-bottom: 1em;">
157 
+  <tr><th>Einstellung:</th><th>alter Wert:</th><th>neuer Wert:</th><th>&nbsp;</th></tr>
158 
+  <tr><td>Benutzername:</td><td><input type="text" id="old_account" name="old_account" value="'.$account['account'].'" readonly="readonly" style="background-color: #C0C0C0;" /></td>
159 
+          <td><input type="text" id="user" name="user" value="'.$username.'" />@<select name="domain" id="domain" size="1">
160 
+    <option value="schokokeks.org">schokokeks.org</option>
161 
+    ');
162 
+    require_once('domains.php');
163 
+    $domains = get_domain_names($user['customerno'], $user['uid']);
164 
+    if (count($domains) > 0)
165 
+      output('<option>----------------------------</option>');
166 
+    foreach ($domains as $dom)
167 
+      if ($domain == $dom['domainname'])
168 
+        output('<option value="'.$dom['domainname'].'" selected="selected">'.$dom['domainname'].'</option>');
169 
+      else
170 
+        output('<option value="'.$dom['domainname'].'">'.$dom['domainname'].'</option>');
171 
+
172 
+    output('</select></td>
173 
+          <td><input type="button" onclick="document.getElementById(\'user\').value = \''.$username.'\' ; document.getElementById(\'domain\').value = \''.$domain.'\'" value="Zeile zur&uuml;cksetzen" /></td></tr>
174 
+  <tr><td>Mailbox:</td><td><input type="text" id="old_mailbox" name="old_mailbox" value="'.$account['mailbox'].'" readonly="readonly" style="background-color: #C0C0C0;" /></td>
175 
+          <td><input type="text" id="mailbox" name="mailbox" value="'.$account['mailbox'].'" /></td>
176 
+          <td><input type="button" onclick="document.getElementById(\'mailbox\').value = document.getElementById(\'old_mailbox\').value" value="Zeile zur&uuml;cksetzen" /></td></tr>
177 
+  <tr><td>Passwort:</td><td><i>nicht angezeigt</i></td>
178 
+          <td><input type="password" id="password" name="password" value="" /></td>
179 
+          <td><input type="button" onclick="document.getElementById(\'password\').value = \'\'" value="Zeile zur&uuml;cksetzen" /></td></tr>
180 
+  <tr><td>Konto aktiv:</td>
181 
+    <td>&nbsp;</td>
182 
+    <td><input type="checkbox" id="enabled" name="enabled" value="true"'.$enabled.' /></td>
183 
+    <td>&nbsp;</td></tr>
184 
+  </table>
185 
+  <p><input type="submit" value="&Auml;nderungen speichern" /><br />
186 
+  Hinweis: Das Passwort wird nur ge&auml;ndert, wenn Sie auf dieser Seite eines eingeben. Geben Sie keines an, wird das bisherige beibehalten!</p>
187 
+  </form>
188 
+  ');
189 
+
190 
+}
191 
+else
192 
+{
193 
+  output('<h3>E-Mail-Accounts</h3>
194 
+<p>Folgende POP3/IMAP-Konten sind eingerichtet:</p>
195 
+<table style="margin-bottom: 1em;">
196 
+<tr><th>Benutzername:</th><th>Mailbox-Pfad:</th><th>aktiv</th><th>&nbsp;</th></tr>
197 
+');
198 
+
199 
+        foreach (mailaccounts($user['uid']) as $account)
200 
+        {
201 
+                $mailbox = $account['mailbox'];
202 
+                if (empty($mailbox))
203 
+                        $mailbox = '<i>nicht festgelegt</i>';
204 
+                output('<tr>
205 
+            <td>'.$account['account'].'</td>
206 
+            <td>'.$mailbox.'</td>
207 
+            <td><b>'.($account['enabled'] ? 'Ja' : 'Nein').'</b></td>
208 
+            <td><a href="accounts.php?edit='.$account['id'].'">bearbeiten</a></td><td><a href="accounts.php?action=delete&amp;account='.$account['id'].'">l&ouml;schen</a></td></li>');
209 
+        }
210 
+        output('</table>
211 
+<p><a href="accounts.php?action=create">Neuen Account anlegen</a></p>
212 
+
213 
+');
214 
+}
215 
+
216 
+?>
modules/imap/include/domains.php
History View file @ defbfa5
0 217 
new file mode 120000
... ... 
@@ -0,0 +1 @@
1 
+../../domains/include/domains.php
0 2 
\ No newline at end of file
modules/imap/include/mailaccounts.php
History View file @ defbfa5
1 3 
new file mode 100644
... ... 
@@ -0,0 +1,198 @@
1 
+<?php
2 
+
3 
+require_once('inc/debug.php');
4 
+require_once('inc/db_connect.php');
5 
+
6 
+function mailaccounts($uid)
7 
+{
8 
+  $uid = (int) $uid;
9 
+  $query = "SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid";
10 
+  DEBUG("SQL-Query: {$query}");
11 
+  $result = @mysql_query($query);
12 
+  if (mysql_error())
13 
+    system_failure(mysql_error());
14 
+  DEBUG("Found ".@mysql_num_rows($result)." rows!");
15 
+  $accounts = array();
16 
+  if (@mysql_num_rows($result) > 0)
17 
+    while ($acc = @mysql_fetch_object($result))
18 
+      array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1)));
19 
+  return $accounts;
20 
+}
21 
+
22 
+function get_mailaccount($id)
23 
+{
24 
+  $uid = (int) $uid;
25 
+  $query = "SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id";
26 
+  $result = mysql_query($query);
27 
+  DEBUG("Found ".mysql_num_rows($result)." rows!");
28 
+  $acc = mysql_fetch_object($result);
29 
+  $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir,  'enabled' => ($acc->aktiv == 1));
30 
+  DEBUG(print_r($ret, true));
31 
+  return $ret;
32 
+}
33 
+
34 
+/*
35 
+  FIXME: Hier auch die crypt-Funktion nehmen wie beim systemuser-Passwort
36 
+*/
37 
+function encrypt_mail_password($pw)
38 
+{
39 
+  DEBUG("unencrypted PW: ".$pw);
40 
+  $descriptorspec = array(
41 
+    0 => array("pipe", "r"),
42 
+    1 => array("pipe", "w")
43 
+    );
44 
+  $process = proc_open("/usr/local/bin/exec/userdbpw -md5", $descriptorspec, $pipes);
45 
+  fwrite($pipes[0], $pw);
46 
+  fclose($pipes[0]);
47 
+  $encpw = fgets($pipes[1]);
48 
+  DEBUG("encrypted PW: ".$encpw);
49 
+  fclose($pipes[1]);
50 
+  proc_close($process);
51 
+  return chop($encpw);
52 
+
53 
+}
54 
+
55 
+function get_domain_id($domain)
56 
+{
57 
+  $domain = mysql_real_escape_string($domain);
58 
+  $result = mysql_query("SELECT id FROM mail.v_domains WHERE domainname = '{$domain}';");
59 
+  if (mysql_num_rows($result) == 0)
60 
+    return NULL;
61 
+  return mysql_fetch_object($result)->id;
62 
+}
63 
+
64 
+
65 
+function change_mailaccount($id, $arr)
66 
+{
67 
+  $id = (int) $id;
68 
+  $conditions = array();
69 
+
70 
+  if (isset($arr['account']))
71 
+  {
72 
+    list($local, $domain) = explode('@', $arr['account'], 2);
73 
+    $domainid = get_domain_id($domain);
74 
+    if ($domainid == NULL)
75 
+      $domainid='NULL';
76 
+    array_push($conditions, "local='".mysql_real_escape_string($local)."', domain=$domainid");
77 
+  }
78 
+  if (isset($arr['mailbox']))
79 
+    if ($arr['mailbox'] == '')
80 
+      array_push($conditions, "`maildir`=NULL");
81 
+    else
82 
+      array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'");
83 
+
84 
+  if (isset($arr['password']))
85 
+  {
86 
+    $encpw = encrypt_mail_password($arr['password']);
87 
+    array_push($conditions, "`password`='$encpw'");
88 
+  }
89 
+
90 
+  if (isset($arr['enabled']))
91 
+    array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0"));
92 
+
93 
+
94 
+  $query = "UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1";
95 
+  DEBUG("Query: ".$query);
96 
+
97 
+  mysql_query($query);
98 
+  if (mysql_error())
99 
+    system_failure('Beim &Auml;ndern der Account-Daten ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
100 
+
101 
+}
102 
+
103 
+function create_mailaccount($arr)
104 
+{
105 
+  $values = array();
106 
+
107 
+  if (($arr['account']) == '')
108 
+    system_failure('empty account name!');
109 
+
110 
+  $values['uid'] = (int) $_SESSION['userinfo']['uid'];
111 
+
112 
+  list($local, $domain) = explode('@', $arr['account'], 2);
113 
+  $domainid = get_domain_id($domain);
114 
+  if ($domainid == NULL)
115 
+    $domainid='NULL';
116 
+  $values['local'] = "'".mysql_real_escape_string($local)."'";
117 
+  $values['domain'] = $domainid;
118 
+
119 
+  if (isset($arr['mailbox']))
120 
+    if ($arr['mailbox'] == '')
121 
+      $values['maildir'] = 'NULL';
122 
+    else
123 
+      $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'";
124 
+
125 
+
126 
+  if (isset($arr['password']))
127 
+  {
128 
+    $values['password'] = "'".encrypt_mail_password($arr['password'])."'";
129 
+  }
130 
+
131 
+  if (isset($arr['enabled']))
132 
+    $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" );
133 
+
134 
+
135 
+  $query = "INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")";
136 
+  DEBUG("Query: ".$query);
137 
+
138 
+  mysql_query($query);
139 
+  if (mysql_error())
140 
+    system_failure('Beim Anlegen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
141 
+
142 
+}
143 
+
144 
+
145 
+function delete_mailaccount($id)
146 
+{
147 
+  $id = (int) $id;
148 
+  $query = "DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1";
149 
+  mysql_query($query);
150 
+  if (mysql_error())
151 
+    system_failure('Beim L&ouml;schen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.');
152 
+}
153 
+
154 
+
155 
+function check_valid($acc)
156 
+{
157 
+  $user = $_SESSION['userinfo'];
158 
+  DEBUG("Account-data: ".print_r($acc, true));
159 
+  DEBUG("User-data: ".print_r($user, true));
160 
+  if ($acc['mailbox'] != '')
161 
+  {
162 
+    if (substr($acc['mailbox'], 0, strlen($user['homedir'])+1) != $user['homedir'].'/')
163 
+      return "Die Mailbox muss innerhalb des Home-Verzeichnisses liegen. Sie haben \"".$acc['mailbox']."\" als Mailbox angegeben, Ihre Home-Verzeichnis ist \"".$user['homedir']."/\".";
164 
+    if (strstr($acc['mailbox'], '..') or ! preg_match('/^[a-z0-9.\/_-]*$/', $acc['mailbox']))
165 
+      return "Sie verwenden ungültige Zeichen in Ihrem Mailbox-Pfad.";
166 
+  }
167 
+
168 
+  if ($acc['account'] == '' || strpos($acc['account'], '@') == 0)
169 
+    return "Es wurde kein Benutzername angegeben!";
170 
+  if (strpos($acc['account'], '@') === false)
171 
+    return "Es wurde kein Domain-Teil im Account-Name angegeben. Account-Namen m&uuml;ssen einen Domain-Teil enthalten. Im Zweifel versuchen Sie &quot;@schokokeks.org&quot;.";
172 
+
173 
+  list($local, $domain) = explode('@', $acc['account'], 2);
174 
+  require_once('domains.php');
175 
+  $tmpdomains = get_domain_names($user['customerno'], $user['uid']);
176 
+  $domains = array();
177 
+  foreach ($tmpdomains as $dom)
178 
+    array_push($domains, $dom['domainname']);
179 
+
180 
+  if (array_search($domain, $domains) === false)
181 
+  {
182 
+    if ($domain == "schokokeks.org")
183 
+    {
184 
+      if (substr($local, 0, strlen($user['username'])) != $user['username'] || ($acc['account'][strlen($user['username'])] != '-' && $acc['account'][strlen($user['username'])] != '@'))
185 
+      {
186 
+        return "Sie haben &quot;@schokokeks.org&quot; als Domain-Teil angegeben, aber der Benutzer-Teil beginnt nicht mit Ihrem Benutzername!";
187 
+      }
188 
+    }
189 
+    else
190 
+      return "Der angegebene Domain-Teil (".htmlentities($domain, ENT_QUOTES, "UTF-8").") ist nicht f&uuml;r Ihren Account eingetragen. Sollte dies ein Fehler sein, wenden sie sich bitte an einen Administrator!";
191 
+  }
192 
+
193 
+  return '';
194 
+}
195 
+
196 
+
197 
+
198 
+?>
modules/imap/menu.php
History View file @ defbfa5
0 199 
new file mode 100644
... ... 
@@ -0,0 +1,12 @@
1 
+<?php
2 
+
3 
+$role = $_SESSION['role'];
4 
+
5 
+switch ($role)
6 
+{
7 
+  case ROLE_SYSTEMUSER:
8 
+    $menu["imap_accounts"] = array("label" => "IMAP/POP3", "file" => "accounts.php", "weight" => 10);
9 
+
10 
+}
11 
+
12 
+?>
modules/index/chpass.php
History View file @ defbfa5
0 13 
new file mode 100644
... ... 
@@ -0,0 +1,73 @@
1 
+<?php
2 
+require_once('inc/debug.php');
3 
+
4 
+$title = "Passwort &auml;ndern";
5 
+$error = '';
6 
+
7 
+require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER));
8 
+
9 
+
10 
+if ($_POST['password1'] != '')
11 
+{
12 
+  $result = NULL;
13 
+  switch ($_SESSION['role'])
14 
+  {
15 
+    case ROLE_SYSTEMUSER:
16 
+      $result = find_role($_SESSION['userinfo']['uid'], $_POST['old_password']);
17 
+      break;
18 
+    case ROLE_CUSTOMER:
19 
+      $result = find_role($_SESSION['customerinfo']['customerno'], $_POST['old_password']);
20 
+      break;
21 
+  }
22 
+  if ($result == NULL)
23 
+    input_error('Das bisherige Passwort ist nicht korrekt!');
24 
+  elseif ($_POST['password2'] != $_POST['password1'])
25 
+    input_error('Die Best&auml;tigung ist nicht identisch mit dem neuen Passwort!');
26 
+  elseif ($_POST['password2'] == '')
27 
+    input_error('Sie m&uuml;ssen das neue Passwort zweimal eingeben!');
28 
+  elseif ($_POST['old_password'] == '')
29 
+    input_error('Altes Passwort nicht angegeben!');
30 
+  else
31 
+  {
32 
+    if ($result == ROLE_SYSTEMUSER)
33 
+      set_systemuser_password($_SESSION['userinfo']['uid'], $_POST['password1']);
34 
+    elseif ($result == ROLE_CUSTOMER)
35 
+      set_customer_password($_SESSION['customerinfo']['customerno'], $_POST['password1']);
36 
+    else
37 
+      system_failure("WTF?!");
38 
+
39 
+    if (! $debugmode)
40 
+      header('Location: index.php');
41 
+    else
42 
+      output('');
43 
+  }
44 
+}
45 
+
46 
+
47 
+
48 
+if ($_SESSION['role'] == ROLE_SYSTEMUSER)
49 
+  warning('Beachten Sie: Wenn Sie hier Ihr Passwort ändern, betrifft dies auch Ihr Anmelde-Passwort am Server (SSH).');
50 
+
51 
+output('<h3>Passwort &auml;ndern</h3>
52 
+<p>Hier k&ouml;nnen Sie Ihr Passwort &auml;ndern.</p>
53 
+<form method="post" action="'.($debugmode ? '?debug' : '').'">
54 
+<table>
55 
+  <tr>
56 
+    <td>bisheriges Passwort:</td>  <td><input type="password" name="old_password" value="" /></td>
57 
+  </tr>
58 
+  <tr>
59 
+    <td>neues Passwort:</td>       <td><input type="password" name="password1" value="" /></td>
60 
+  </tr>
61 
+  <tr>
62 
+    <td>Best&auml;tigung:<br /><span style="font-size: 80%;">(nochmal neues Passwort)</span></td>
63 
+                                   <td><input type="password" name="password2" value="" /></td>
64 
+  </tr>
65 
+  <tr>
66 
+    <td>&nbsp;</td><td><input type="submit" value="Speichern" /></td>
67 
+  </tr>
68 
+</table>
69 
+</form>
70 
+
71 
+');
72 
+
73 
+?>
modules/index/include/mail.php
History View file @ defbfa5
0 74 
new file mode 100644
... ... 
@@ -0,0 +1,53 @@
1 
+<?php
2 
+require_once('newpass.php');
3 
+require_once('session/checkuser.php');
4 
+
5 
+
6 
+function send_customer_token($customerno)
7 
+{
8 
+  $customerno = (int) $customerno;
9 
+  $token = get_customer_token($customerno);
10 
+  $customer = get_customer_info($customerno);
11 
+  $email = get_customer_email($customerno);
12 
+  $anrede = "Sehr geehrte Damen und Herren";
13 
+  if ($customer['title'] == 'Herr')
14 
+    $anrede = "Sehr geehrter Herr {$customer['name']}";
15 
+  elseif ($customer['title'] == 'Frau')
16 
+    $anrede = "Sehr geehrte Frau {$customer['name']}";
17 
+  $msg = "{$anrede},
18 
+
19 
+Sie haben auf unserem Web-Administrations-Interface ein neues
20 
+Passwort für Ihren Kunden-Zugang angefordert.
21 
+Diese automatische Nachricht dient der Überprüfung Ihrer Identität.
22 
+
23 
+Um sich ein neues Passwort setzen zu können, rufen Sie bitte den
24 
+folgenden Link auf:
25 
+ https://config.schokokeks.org/go/index/validate_token.php?customerno={$customer['customerno']}&token={$token}
26 
+
27 
+Sollte Ihr E-Mail-Programm diesen Link nicht korrekt an den Browser
28 
+übertragen, rufen Sie bitte die Seite
29 
+ https://config.schokokeks.org/go/index/validate_token.php
30 
+auf und geben Sie die folgenden Daten ein:
31 
+ Kundennummer: {$customer['customerno']}
32 
+ Token:        {$token}
33 
+
34 
+Diese Prozedur müssen Sie bis spätestens 24 Stunden nach Erhalt
35 
+dieser Nachricht durchführen, sonst verliert das Token seine
36 
+Gültigkeit.
37 
+";
38 
+  send_mail($email, "Passwortanforderung fuer Webinterface", $msg);
39 
+}
40 
+
41 
+
42 
+
43 
+function send_mail($address, $subject, $body)
44 
+{
45 
+  if (strstr($subject, "\n") !== false)
46 
+    die("Zeilenumbruch im subject!");
47 
+  $header = "From: schokokeks.org Web Administration <noreply@schokokeks.org>\r\nReply-To: root@schokokeks.org\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit";
48 
+  mail($address, $subject, $body, $header);
49 
+}
50 
+
51 
+
52 
+
53 
+?>
modules/index/include/newpass.php
History View file @ defbfa5
0 54 
new file mode 100644
... ... 
@@ -0,0 +1,75 @@
1 
+<?php
2 
+
3 
+require_once('inc/db_connect.php');
4 
+require_once('session/checkuser.php');
5 
+
6 
+function customer_has_email($customerno, $email)
7 
+{
8 
+  $customerno = (int) $customerno;
9 
+  $email = mysql_real_escape_string($email);
10 
+  $query = "SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';";
11 
+  $result = @mysql_query($query);
12 
+  if (mysql_error())
13 
+    system_failure(mysql_error());
14 
+  return (mysql_num_rows($result) > 0);
15 
+}
16 
+
17 
+
18 
+function validate_token($customerno, $token)
19 
+{
20 
+  expire_tokens();
21 
+  $customerno = (int) $customerno;
22 
+  $token = mysql_real_escape_string($token);
23 
+  $result = @mysql_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
24 
+  if (mysql_error())
25 
+    system_failure(mysql_error());
26 
+  return (mysql_num_rows($result) > 0);
27 
+}
28 
+
29 
+
30 
+function expire_tokens()
31 
+{
32 
+  $expire = "1 DAY";
33 
+  @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
34 
+}
35 
+
36 
+function invalidate_customer_token($customerno)
37 
+{
38 
+  $customerno = (int) $customerno;
39 
+  @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
40 
+}
41 
+
42 
+function create_token($customerno)
43 
+{
44 
+  $customerno = (int) $customerno;
45 
+  expire_tokens();
46 
+  $result = @mysql_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
47 
+  if (mysql_num_rows($result) > 0)
48 
+  {
49 
+    $res = mysql_fetch_object($result)->token_create;
50 
+    input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
51 
+    return false;
52 
+  }
53 
+  $token = random_string(10);
54 
+  $query = "UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;";
55 
+  @mysql_query($query);
56 
+  if (mysql_error())
57 
+    system_failure(mysql_error());
58 
+  return true;
59 
+}
60 
+
61 
+
62 
+function get_customer_token($customerno)
63 
+{
64 
+  $customerno = (int) $customerno;
65 
+  expire_tokens();
66 
+  $result = @mysql_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
67 
+  if (mysql_error())
68 
+    system_failure(mysql_error());
69 
+  if (mysql_num_rows($result) < 1)
70 
+    system_failure("Kann das Token nicht auslesen!");
71 
+  return mysql_fetch_object($result)->token;
72 
+}
73 
+
74 
+
75 
+?>
modules/index/index.php
History View file @ defbfa5
0 76 
new file mode 100644
... ... 
@@ -0,0 +1,34 @@
1 
+<?php
2 
+
3 
+require_once('session/start.php');
4 
+
5 
+
6 
+
7 
+
8 
+//require_role(array(ROLE_CUSTOMER, ROLE_SYSTEMUSER));
9 
+
10 
+/*if ($user['realname'] == '')
11 
+  input_error('Ihr Name ist nicht im System gespeichert (siehe Stammdaten)!');
12 
+if ($user['email'] == '')
13 
+  input_error('Im System ist keine alternative eMail-Adresse gespeichert (siehe Stammdaten)!');
14 
+*/
15 
+
16 
+switch ($_SESSION['role'])
17 
+{
18 
+case ROLE_ANONYMOUS:
19 
+  login_screen('');
20 
+  break;
21 
+case ROLE_SYSTEMUSER:
22 
+  $role = "{$_SESSION['userinfo']['name']}, angemeldet als Benutzer";
23 
+  break;
24 
+case ROLE_CUSTOMER:
25 
+  $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde";
26 
+  break;
27 
+}
28 
+
29 
+
30 
+output('<h3>Administration</h3>
31 
+<p>Herzlich willkommen, '.$role.'.</p>');
32 
+
33 
+
34 
+?>
modules/index/logout.php
History View file @ defbfa5
0