git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@362 87cf0b9e-d624-0410-a070-f6ee81989793
0 | 13 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,146 @@ |
1 |
+body { |
|
2 |
+ font-family: Verdana, Arial, Helvetica; |
|
3 |
+ font-size: 12px; |
|
4 |
+ color: #000000; |
|
5 |
+ background-color: #EFEFEF; |
|
6 |
+} |
|
7 |
+ |
|
8 |
+ |
|
9 |
+div.error { |
|
10 |
+ color: #FF0000; |
|
11 |
+ border: 2px solid #000000; |
|
12 |
+ background-color: #FFFFFF; |
|
13 |
+ margin: 10px; |
|
14 |
+ padding: 10px; |
|
15 |
+} |
|
16 |
+ |
|
17 |
+div.success { |
|
18 |
+ color: #282; |
|
19 |
+ border: 2px solid #282; |
|
20 |
+ background-color: #FFFFFF; |
|
21 |
+ margin: 5px; |
|
22 |
+ padding: 5px; |
|
23 |
+ font-weight: bold; |
|
24 |
+} |
|
25 |
+ |
|
26 |
+p.warning { |
|
27 |
+ padding: 4px; |
|
28 |
+ color: #000000; |
|
29 |
+ border: 1px solid #FF0000; |
|
30 |
+ background-color: #FFFFFF; |
|
31 |
+} |
|
32 |
+ |
|
33 |
+ |
|
34 |
+span.login_label { |
|
35 |
+ display: block; |
|
36 |
+ float: left; |
|
37 |
+ width: 130px; |
|
38 |
+} |
|
39 |
+ |
|
40 |
+input[type=text],input[type=password],textarea,select { |
|
41 |
+ border: 1px solid black; |
|
42 |
+ padding: 3px; |
|
43 |
+ } |
|
44 |
+ |
|
45 |
+input[type=text]:focus,input[type=password]:focus,textarea:focus { |
|
46 |
+ border: 1px solid red; |
|
47 |
+ background-color: #FFFFFF; |
|
48 |
+ } |
|
49 |
+ |
|
50 |
+ |
|
51 |
+ |
|
52 |
+ |
|
53 |
+ |
|
54 |
+div.menu { |
|
55 |
+ width: 190px; |
|
56 |
+ float: left; |
|
57 |
+ |
|
58 |
+} |
|
59 |
+ |
|
60 |
+ |
|
61 |
+a.menuitem { |
|
62 |
+ display: block; |
|
63 |
+ padding: 4px; |
|
64 |
+ margin: 3px; |
|
65 |
+ text-decoration: none; |
|
66 |
+ color: #000000; |
|
67 |
+} |
|
68 |
+ |
|
69 |
+a.active { |
|
70 |
+ padding: 3px; |
|
71 |
+ border: 1px solid #000000; |
|
72 |
+} |
|
73 |
+ |
|
74 |
+a.menuitem:hover { |
|
75 |
+ padding: 3px; |
|
76 |
+ border: 1px dotted #000000; |
|
77 |
+ text-decoration: none; |
|
78 |
+ color: #000000; |
|
79 |
+} |
|
80 |
+ |
|
81 |
+ |
|
82 |
+div#beta { |
|
83 |
+ clear: both; |
|
84 |
+ padding: 4px; |
|
85 |
+ color: #000000; |
|
86 |
+ border: 1px solid #FF0000; |
|
87 |
+ background-color: #FFFFFF; |
|
88 |
+ margin-bottom: 1em; |
|
89 |
+} |
|
90 |
+ |
|
91 |
+div#beta p { |
|
92 |
+ padding: 0; |
|
93 |
+ margin: 0; |
|
94 |
+ margin-top: 0.3em; |
|
95 |
+} |
|
96 |
+ |
|
97 |
+div#beta h3 { |
|
98 |
+ padding: 0; |
|
99 |
+ margin: 0; |
|
100 |
+} |
|
101 |
+ |
|
102 |
+ |
|
103 |
+div.content { |
|
104 |
+ margin-left: 200px; |
|
105 |
+ padding-left: 10px; |
|
106 |
+ border-left: 1px solid #000000; |
|
107 |
+} |
|
108 |
+ |
|
109 |
+ |
|
110 |
+div.foot { |
|
111 |
+ border-top: 2px dotted #000000; |
|
112 |
+ font-size: 90%; |
|
113 |
+} |
|
114 |
+ |
|
115 |
+ |
|
116 |
+h3 { |
|
117 |
+ border-bottom: 2px dotted #000000; |
|
118 |
+} |
|
119 |
+ |
|
120 |
+ |
|
121 |
+ul { |
|
122 |
+ margin-bottom: 10px; |
|
123 |
+} |
|
124 |
+ |
|
125 |
+table { |
|
126 |
+ border-collapse: collapse; |
|
127 |
+} |
|
128 |
+ |
|
129 |
+td { |
|
130 |
+ border: 1px solid black; |
|
131 |
+ padding: 0.5em; |
|
132 |
+} |
|
133 |
+ |
|
134 |
+th { |
|
135 |
+ padding: 0px 1em; |
|
136 |
+} |
|
137 |
+ |
|
138 |
+a { |
|
139 |
+ text-decoration: none; |
|
140 |
+ font-weight: bold; |
|
141 |
+ |
|
142 |
+} |
|
143 |
+ |
|
144 |
+a:hover { |
|
145 |
+ text-decoration: underline; |
|
146 |
+} |
0 | 147 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,45 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/debug.php'); |
|
4 |
+$go = $_GET['go']; |
|
5 |
+ |
|
6 |
+/* |
|
7 |
+ sanitize $go |
|
8 |
+*/ |
|
9 |
+ |
|
10 |
+if (strstr($go, "..") or strstr($go, "./") or strstr($go, ":") or (! file_exists("modules/$go"))) |
|
11 |
+{ |
|
12 |
+ die("illegal command"); |
|
13 |
+} |
|
14 |
+ |
|
15 |
+ |
|
16 |
+/* |
|
17 |
+ contruct prefix |
|
18 |
+*/ |
|
19 |
+ |
|
20 |
+global $prefix; |
|
21 |
+$prefix = "../"; |
|
22 |
+$count = 0; |
|
23 |
+str_replace("/", "x", $go, $count); |
|
24 |
+ |
|
25 |
+$prefix = $prefix.str_repeat("../", $count); |
|
26 |
+ |
|
27 |
+ |
|
28 |
+require_once('session/start.php'); |
|
29 |
+ |
|
30 |
+$output = ""; |
|
31 |
+include("inc/base.php"); |
|
32 |
+/* setup module include path */ |
|
33 |
+ini_set('include_path',ini_get('include_path').':./modules/'.dirname($go).'/include:'); |
|
34 |
+ |
|
35 |
+/* Let the module work */ |
|
36 |
+include("modules/".$go); |
|
37 |
+ |
|
38 |
+$section = str_replace("/", "_", str_replace(".php", "", $go)); |
|
39 |
+ |
|
40 |
+include('inc/top.php'); |
|
41 |
+print $output; |
|
42 |
+include('inc/bottom.php'); |
|
43 |
+ |
|
44 |
+ |
|
45 |
+?> |
4 | 13 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,45 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+function output($arg) |
|
4 |
+{ |
|
5 |
+ global $output; |
|
6 |
+ $output .= $arg; |
|
7 |
+} |
|
8 |
+ |
|
9 |
+ |
|
10 |
+function random_string($nc, $a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') { |
|
11 |
+ $l=strlen($a)-1; $r=''; |
|
12 |
+ while($nc-->0) $r.=$a{mt_rand(0,$l)}; |
|
13 |
+ return $r; |
|
14 |
+ } |
|
15 |
+ |
|
16 |
+ |
|
17 |
+function are_you_sure($query_string, $question) |
|
18 |
+{ |
|
19 |
+ $token = random_string(20); |
|
20 |
+ $_SESSION['random_token'] = $token; |
|
21 |
+ output("<form action=\"?{$query_string}\" method=\"post\">\n"); |
|
22 |
+ output("<p class=\"confirmation\">{$question}<br />\n"); |
|
23 |
+ output("<input type=\"hidden\" name=\"random_token\" value=\"{$token}\" />\n"); |
|
24 |
+ output("<input type=\"submit\" name=\"really\" value=\"Ja\" />\n<input type=\"submit\" name=\"not_really\" value=\"Nein\" /></p>"); |
|
25 |
+} |
|
26 |
+ |
|
27 |
+ |
|
28 |
+function user_is_sure() |
|
29 |
+{ |
|
30 |
+ if (isset($_POST['really'])) |
|
31 |
+ { |
|
32 |
+ if ($_POST['random_token'] == $_SESSION['random_token']) |
|
33 |
+ return true; |
|
34 |
+ else |
|
35 |
+ system_failure("Possible Cross-site-request-forgery detected!"); |
|
36 |
+ } |
|
37 |
+ elseif (isset($_POST['not_really'])) |
|
38 |
+ return false; |
|
39 |
+ else |
|
40 |
+ return NULL; |
|
41 |
+} |
|
42 |
+ |
|
43 |
+ |
|
44 |
+ |
|
45 |
+?> |
0 | 46 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,25 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+if (! defined ("BOTTOM_INCLUDED")) |
|
4 |
+{ |
|
5 |
+define("BOTTOM_INCLUDED", true); |
|
6 |
+?> |
|
7 |
+<div class="foot"> |
|
8 |
+<p>Sollten Sie auf dieser Administrations-Oberfläche ein Problem entdecken oder Hilfe benötigen, schreiben Sie bitte eine einfache eMail an <a href="mailto:root@schokokeks.org">root@schokokeks.org</a>.</p> |
|
9 |
+</div> |
|
10 |
+ |
|
11 |
+</div> |
|
12 |
+ |
|
13 |
+<?php |
|
14 |
+/*<div id="beta"> |
|
15 |
+ <h3>Bitte beachten Sie</h3> |
|
16 |
+ <p>Diese Web-Oberfläche ist im Probe-Betrieb. Es könnte sein, dass manche Funktionen fehlerhaft arbeiten und dabei Daten zerstört werden. Melden Sie bitte etwaige Fehler umgehend an die Administratoren!</p> |
|
17 |
+</div> |
|
18 |
+*/ |
|
19 |
+?> |
|
20 |
+</body> |
|
21 |
+</html> |
|
22 |
+ |
|
23 |
+<?php |
|
24 |
+} |
|
25 |
+?> |
0 | 26 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,16 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/error.php'); |
|
4 |
+ |
|
5 |
+$config = array(); |
|
6 |
+ |
|
7 |
+require_once('config.php'); |
|
8 |
+ |
|
9 |
+ |
|
10 |
+if (!@mysql_connect($config['db_host'], $config['db_user'], $config['db_pass'])) |
|
11 |
+ system_failure('Konnte nicht zur Datenbank verbinden. Wenn dieser Fehler wiederholt auftritt, beachrichtigen Sie bitte den Administrator.'); |
|
12 |
+ |
|
13 |
+if (!@mysql_query('SET NAMES utf8')) |
|
14 |
+ system_failure('Fehler bei der Auswahl der Zeichencodierung. Bitte melden Sie diesen Fehler einem Administrator!'); |
|
15 |
+ |
|
16 |
+?> |
0 | 15 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,122 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+function system_failure($reason) |
|
4 |
+{ |
|
5 |
+ include('inc/top.php'); |
|
6 |
+ echo '<div class="error"> |
|
7 |
+ <h3>Fehler</h3> |
|
8 |
+ <p>Es ist ein Fehler aufgetreten: '.$reason.'</p> |
|
9 |
+ </div>'; |
|
10 |
+ include('inc/bottom.php'); |
|
11 |
+ die(); |
|
12 |
+} |
|
13 |
+ |
|
14 |
+ |
|
15 |
+function input_error($reason) |
|
16 |
+{ |
|
17 |
+ global $input_error; |
|
18 |
+ if (!isset($input_error)) |
|
19 |
+ $input_error = array(); |
|
20 |
+ array_push($input_error, $reason); |
|
21 |
+} |
|
22 |
+ |
|
23 |
+function warning($msg) |
|
24 |
+{ |
|
25 |
+ global $warning; |
|
26 |
+ if (!isset($warning)) |
|
27 |
+ $warning = array(); |
|
28 |
+ array_push($warning, $msg); |
|
29 |
+} |
|
30 |
+ |
|
31 |
+function success_msg($msg) |
|
32 |
+{ |
|
33 |
+ global $success_msg; |
|
34 |
+ if (!isset($success_msg)) |
|
35 |
+ $success_msg = array(); |
|
36 |
+ array_push($success_msg, $msg); |
|
37 |
+} |
|
38 |
+ |
|
39 |
+ |
|
40 |
+function show_messages() |
|
41 |
+{ |
|
42 |
+ global $input_error; |
|
43 |
+ global $success_msg; |
|
44 |
+ global $warning; |
|
45 |
+ if (isset($input_error)) |
|
46 |
+ { |
|
47 |
+ echo '<div class="error"> |
|
48 |
+ <h3>Fehler</h3> |
|
49 |
+ <p>Folgende Fehler wurden festgestellt: </p> |
|
50 |
+ <ul> |
|
51 |
+ '; |
|
52 |
+ foreach ($input_error as $error) |
|
53 |
+ { |
|
54 |
+ echo '<li>'.$error."</li>\n"; |
|
55 |
+ } |
|
56 |
+ echo '</ul> |
|
57 |
+ </div>'; |
|
58 |
+ } |
|
59 |
+ if (isset($warning)) |
|
60 |
+ { |
|
61 |
+ echo '<div class="error"> |
|
62 |
+ <ul> |
|
63 |
+ '; |
|
64 |
+ foreach ($warning as $msg) |
|
65 |
+ { |
|
66 |
+ echo '<li>'.$msg."</li>\n"; |
|
67 |
+ } |
|
68 |
+ echo '</ul> |
|
69 |
+ </div>'; |
|
70 |
+ } |
|
71 |
+ if (isset($success_msg)) |
|
72 |
+ { |
|
73 |
+ echo '<div class="success"> |
|
74 |
+ <ul> |
|
75 |
+ '; |
|
76 |
+ foreach ($success_msg as $msg) |
|
77 |
+ { |
|
78 |
+ echo '<li>'.$msg."</li>\n"; |
|
79 |
+ } |
|
80 |
+ echo '</ul> |
|
81 |
+ </div>'; |
|
82 |
+ } |
|
83 |
+} |
|
84 |
+ |
|
85 |
+ |
|
86 |
+function require_role($roles) |
|
87 |
+{ |
|
88 |
+ if (! is_array($roles)) |
|
89 |
+ $roles = array($roles); |
|
90 |
+ $allow = false; |
|
91 |
+ foreach ($roles as $role) |
|
92 |
+ if ($role == $_SESSION['role']) |
|
93 |
+ $allow = true; |
|
94 |
+ if (! $allow) |
|
95 |
+ login_screen("Diese Seite können Sie mit Ihren aktuellen Zugriffsrechten nicht benutzen, bitte melden Sie sich mit den benötigten Zugriffsrechten an!"); |
|
96 |
+} |
|
97 |
+ |
|
98 |
+ |
|
99 |
+function login_screen($why) |
|
100 |
+{ |
|
101 |
+ $title = 'Login'; |
|
102 |
+ include('inc/top.php'); |
|
103 |
+ echo '<h3>Sie sind nicht am System angemeldet!</h3>'; |
|
104 |
+ if ($why != "") |
|
105 |
+ { |
|
106 |
+ echo '<p class="warning"><b>Fehler:</b> '.$why.'</p>'; |
|
107 |
+ } |
|
108 |
+ echo '<form action="" method="post"> |
|
109 |
+ <p><span class="login_label">Benutzer<sup>*</sup>:</span> <input type="text" name="username" size="30" /></p> |
|
110 |
+ <p><span class="login_label">Passwort:</span> <input type="password" name="password" size="30" /></p> |
|
111 |
+ <p><span class="login_label"> </span> <input type="submit" value="Anmelden" /></p> |
|
112 |
+ </form> |
|
113 |
+ <p><sup>*</sup> Sie können sich hier mit Ihrem System-Benutzernamen, Ihrer System-User-ID oder Ihrer Kundennummer anmelden. Je nach gewählten Daten erhalten Sie unterschiedliche Zugriffsrechte.</p> |
|
114 |
+ <p>Sofern Sie für Ihren Kundenaccount noch kein Passwort festgelegt haben oder Ihres vergessen haben, klicken Sie bitte <a href="new_password.php">hier</a></p> |
|
115 |
+ <p>Sollten Sie als Benutzer Ihr Passwort vergessen haben, wenden Sie sich bitte an den Inhaber des Kundenaccounts.</p>'; |
|
116 |
+ include('inc/bottom.php'); |
|
117 |
+ die(); |
|
118 |
+ |
|
119 |
+} |
|
120 |
+ |
|
121 |
+ |
|
122 |
+?> |
0 | 123 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,128 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+if (! defined("TOP_INCLUDED")) |
|
4 |
+{ |
|
5 |
+ |
|
6 |
+define("TOP_INCLUDED", true); |
|
7 |
+ |
|
8 |
+require_once("config.php"); |
|
9 |
+global $config; |
|
10 |
+require_once("inc/error.php"); |
|
11 |
+global $prefix; |
|
12 |
+ |
|
13 |
+$menuitem = array(); |
|
14 |
+$weighted_menuitem = array(); |
|
15 |
+ |
|
16 |
+foreach ($config['modules'] as $module) |
|
17 |
+{ |
|
18 |
+ $menu = array(); |
|
19 |
+ include("modules/$module/menu.php"); |
|
20 |
+ // $menu["foo"]["file"] enthält den Link |
|
21 |
+ foreach (array_keys($menu) as $key) |
|
22 |
+ { |
|
23 |
+ $menu[$key]["file"] = $prefix."go/".$module."/".$menu[$key]["file"]; |
|
24 |
+ $weight = $menu[$key]["weight"]; |
|
25 |
+ if (array_key_exists($weight, $weighted_menuitem)) |
|
26 |
+ array_merge($weighted_menuitem[$weight], array($key => $menu[$key])); |
|
27 |
+ else |
|
28 |
+ $weighted_menuitem[$weight] = array($key => $menu[$key]); |
|
29 |
+ } |
|
30 |
+ $menuitem = array_merge($menuitem, $menu); |
|
31 |
+} |
|
32 |
+ |
|
33 |
+ksort($weighted_menuitem); |
|
34 |
+DEBUG(print_r($weighted_menuitem, true)); |
|
35 |
+ |
|
36 |
+ |
|
37 |
+ |
|
38 |
+/* |
|
39 |
+$menuitem["index"]["label"] = "Übersicht"; |
|
40 |
+$menuitem["index"]["file"] = "index.php"; |
|
41 |
+ |
|
42 |
+ |
|
43 |
+$menuitem["domains"]["label"] = "Domains"; |
|
44 |
+$menuitem["domains"]["file"] = "domains.php"; |
|
45 |
+ |
|
46 |
+ |
|
47 |
+$menuitem["mail"]["label"] = "E-Mail"; |
|
48 |
+$menuitem["mail"]["file"] = "mail.php"; |
|
49 |
+ |
|
50 |
+$menuitem["chpass"]["label"] = "Passwort ändern"; |
|
51 |
+$menuitem["chpass"]["file"] = "chpass.php"; |
|
52 |
+ |
|
53 |
+ |
|
54 |
+$menuitem["logout"]["label"] = "Abmelden"; |
|
55 |
+$menuitem["logout"]["file"] = "logout.php"; |
|
56 |
+ |
|
57 |
+*/ |
|
58 |
+ |
|
59 |
+ |
|
60 |
+?> |
|
61 |
+ |
|
62 |
+ |
|
63 |
+<?php echo '<?xml version="1.0" encoding="utf-8"?>'; ?> |
|
64 |
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" |
|
65 |
+ "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd"> |
|
66 |
+ |
|
67 |
+<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de"> |
|
68 |
+<head> |
|
69 |
+ |
|
70 |
+<?php |
|
71 |
+if ($title != "") |
|
72 |
+ echo '<title>Administration - '.$title.'</title>'; |
|
73 |
+else |
|
74 |
+ echo '<title>Administration</title>'; |
|
75 |
+ |
|
76 |
+echo ' |
|
77 |
+<link rel="stylesheet" href="'.$prefix.'css/admin.css" type="text/css" media="screen" title="Normal" />' |
|
78 |
+?> |
|
79 |
+ |
|
80 |
+</head> |
|
81 |
+<body> |
|
82 |
+ |
|
83 |
+ |
|
84 |
+<div class="menu"> |
|
85 |
+<img src="<?php echo $prefix; ?>images/schokokeks.png" width="190" height="136" alt="schokokeks.org" /> |
|
86 |
+ |
|
87 |
+<?php |
|
88 |
+ |
|
89 |
+ foreach ($weighted_menuitem as $key => $menuitem) |
|
90 |
+ foreach ($menuitem as $key => $item) |
|
91 |
+ { |
|
92 |
+ if ($key == $section) |
|
93 |
+ { |
|
94 |
+ echo '<a href="'.$item['file'].'" class="menuitem active">'.$item['label'].'</a>'."\n"; |
|
95 |
+ if (isset($submenu[$key])) |
|
96 |
+ { |
|
97 |
+ echo "\n"; |
|
98 |
+ foreach ($submenu[$key] as $item) |
|
99 |
+ { |
|
100 |
+ if (basename($_SERVER['PHP_SELF']) == basename($item['file'])) |
|
101 |
+ echo '<a href="'.$item['file'].'" class="submenuitem subactive">'.$item['label'].'</a>'."\n"; |
|
102 |
+ else |
|
103 |
+ echo '<a href="'.$item['file'].'" class="submenuitem">'.$item['label'].'</a>'."\n"; |
|
104 |
+ } |
|
105 |
+ echo "\n"; |
|
106 |
+ } |
|
107 |
+ } |
|
108 |
+ else |
|
109 |
+ echo '<a href="'.$item['file'].'" class="menuitem">'.$item['label'].'</a>'."\n"; |
|
110 |
+ |
|
111 |
+ } |
|
112 |
+ |
|
113 |
+?> |
|
114 |
+ |
|
115 |
+</div> |
|
116 |
+ |
|
117 |
+<div class="content"> |
|
118 |
+ |
|
119 |
+<?php |
|
120 |
+show_messages(); |
|
121 |
+ |
|
122 |
+} |
|
123 |
+ |
|
124 |
+?> |
|
125 |
+ |
|
126 |
+ |
|
127 |
+ |
|
128 |
+ |
0 | 6 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,42 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/debug.php'); |
|
4 |
+ |
|
5 |
+require_once('session/start.php'); |
|
6 |
+ |
|
7 |
+require_once('domains.php'); |
|
8 |
+ |
|
9 |
+require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER)); |
|
10 |
+ |
|
11 |
+switch ($_SESSION['role']) |
|
12 |
+{ |
|
13 |
+ case ROLE_SYSTEMUSER: |
|
14 |
+ $user_domains = get_domain_names($_SESSION['userinfo']['customerno'], $_SESSION['userinfo']['uid']); |
|
15 |
+ $info = 'userinfo'; |
|
16 |
+ break; |
|
17 |
+ case ROLE_CUSTOMER: |
|
18 |
+ $user_domains = get_domain_names($_SESSION['customerinfo']['customerno']); |
|
19 |
+ break; |
|
20 |
+ default: |
|
21 |
+ $info = NULL; |
|
22 |
+ break; |
|
23 |
+} |
|
24 |
+ |
|
25 |
+$title = "Domainüberblick"; |
|
26 |
+ |
|
27 |
+output('<h3>Domains</h3> |
|
28 |
+<p>In Ihrem Account werden die folgenden Domains verwaltet:</p> |
|
29 |
+<table> |
|
30 |
+<tr><th>Domainname</th><th>Reg-Datum</th><th>Kündigungsdatum</th></tr> |
|
31 |
+'); |
|
32 |
+foreach ($user_domains as $domain) |
|
33 |
+{ |
|
34 |
+ $canc = $domain['cancel_date']; |
|
35 |
+ output(" <tr><td><a href=\"http://www.{$domain['domainname']}\">{$domain['domainname']}</a></td><td>{$domain['reg_date']}</td><td>{$canc}</td></tr>\n"); |
|
36 |
+} |
|
37 |
+output('</table>'); |
|
38 |
+output("<br />"); |
|
39 |
+ |
|
40 |
+ |
|
41 |
+ |
|
42 |
+?> |
0 | 43 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,62 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/db_connect.php'); |
|
4 |
+require_once('inc/debug.php'); |
|
5 |
+ |
|
6 |
+function get_domain_names($customerno, $uid = NULL) |
|
7 |
+{ |
|
8 |
+ $customerno = (int) $customerno; |
|
9 |
+ $query = "SELECT id,CONCAT_WS('.', domainname, tld) AS domainname, registrierungsdatum, kuendigungsdatum FROM kundendaten.domains WHERE"; |
|
10 |
+ if ($uid !== NULL) |
|
11 |
+ { |
|
12 |
+ $uid = (int) $uid; |
|
13 |
+ $query .= " useraccount={$uid};"; |
|
14 |
+ } |
|
15 |
+ else |
|
16 |
+ { |
|
17 |
+ $query .= " kunde={$customerno};"; |
|
18 |
+ } |
|
19 |
+ DEBUG('Datenbank-Query (get_domain_names): '.$query."<br />\n"); |
|
20 |
+ |
|
21 |
+ $result = @mysql_query($query); |
|
22 |
+ if (@mysql_error()) |
|
23 |
+ system_failure('Die Domains zu Ihrem Account konnten nicht ermittelt werden. Bitte melden Sie diesen Fehler an einen Administrator. Die Fehlermeldung der Datenbank ist: '.mysql_error()); |
|
24 |
+ |
|
25 |
+ $domains = array(); |
|
26 |
+ DEBUG('Result set is '.mysql_num_rows($result)." rows.<br />\n"); |
|
27 |
+ if (mysql_num_rows($result) > 0) |
|
28 |
+ while ($domain = mysql_fetch_object($result)) |
|
29 |
+ array_push($domains, array('id' => $domain->id, |
|
30 |
+ 'domainname' => $domain->domainname, |
|
31 |
+ 'reg_date' => $domain->registrierungsdatum, |
|
32 |
+ 'cancel_date' => $domain->kuendigungsdatum)); |
|
33 |
+ |
|
34 |
+ return $domains; |
|
35 |
+} |
|
36 |
+ |
|
37 |
+ |
|
38 |
+/* |
|
39 |
+function get_mail_virtualdomain($domain) |
|
40 |
+{ |
|
41 |
+ $config = array(); |
|
42 |
+ $lines = file('/home/webadmin/cache/virtualdomains'); |
|
43 |
+ foreach ($lines as $line) |
|
44 |
+ { |
|
45 |
+ $line = chop($line); |
|
46 |
+ $fields = explode(':', $line, 3); |
|
47 |
+ if ($fields[0] == $domain) |
|
48 |
+ array_push($config, array('subdomain' => '', |
|
49 |
+ 'user' => $fields[1], |
|
50 |
+ 'prefix' => $fields[2])); |
|
51 |
+ if (ereg('^.*\.'.$domain, $fields[0])) |
|
52 |
+ array_push($config, array('subdomain' => ereg_replace('^(.*)\.'.$domain, '\1', $fields[0]), |
|
53 |
+ 'user' => $fields[1], |
|
54 |
+ 'prefix' => $fields[2])); |
|
55 |
+ } |
|
56 |
+ return $config; |
|
57 |
+} |
|
58 |
+*/ |
|
59 |
+ |
|
60 |
+ |
|
61 |
+ |
|
62 |
+?> |
0 | 15 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,216 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('session/start.php'); |
|
4 |
+ |
|
5 |
+require_once('domains.php'); |
|
6 |
+require_once('mailaccounts.php'); |
|
7 |
+ |
|
8 |
+require_role(ROLE_SYSTEMUSER); |
|
9 |
+ |
|
10 |
+$user = $_SESSION['userinfo']; |
|
11 |
+ |
|
12 |
+$param = ''; |
|
13 |
+if ($debugmode) |
|
14 |
+ $param="debug"; |
|
15 |
+ |
|
16 |
+$title = "E-Mail-Accounts"; |
|
17 |
+ |
|
18 |
+ |
|
19 |
+DEBUG("GET: ".htmlentities(print_r($_GET, true))." / POST: ".htmlentities(print_r($_POST, true))); |
|
20 |
+if (isset($_GET['action']) && $_GET['action'] == 'save') |
|
21 |
+{ |
|
22 |
+ if (isset($_GET['id'])) |
|
23 |
+ { |
|
24 |
+ $account = $_POST['user'].'@'.$_POST['domain']; |
|
25 |
+ if (isset($_POST['enabled']) && $_POST['enabled'] == 'true') |
|
26 |
+ $enabled = 'Y'; |
|
27 |
+ else |
|
28 |
+ $enabled = 'N'; |
|
29 |
+ $acc = array('id' => $_GET['id'], 'account' => $account, 'mailbox' => $_POST['mailbox'], 'enabled' => $enabled); |
|
30 |
+ if ($_POST['password'] != '') |
|
31 |
+ $acc['password'] = $_POST['password']; |
|
32 |
+ $error = check_valid($acc); |
|
33 |
+ if ($error != "") |
|
34 |
+ { |
|
35 |
+ input_error($error); |
|
36 |
+ $section = "mail"; |
|
37 |
+ $title = "E-Mail-Accounts"; |
|
38 |
+ output(""); |
|
39 |
+ } |
|
40 |
+ else |
|
41 |
+ { |
|
42 |
+ change_mailaccount($_GET['id'], $acc); |
|
43 |
+ if (! $debugmode) |
|
44 |
+ header('Location: accounts.php'); |
|
45 |
+ die(); |
|
46 |
+ } |
|
47 |
+ } |
|
48 |
+ elseif (isset($_POST['create'])) |
|
49 |
+ { |
|
50 |
+ $account = $_POST['user'].'@'.$_POST['domain']; |
|
51 |
+ if (isset($_POST['enabled']) && $_POST['enabled'] == 'true') |
|
52 |
+ $enabled = 'Y'; |
|
53 |
+ else |
|
54 |
+ $enabled = 'N'; |
|
55 |
+ $acc = array('account' => $account, 'mailbox' => $_POST['mailbox'], 'enabled' => $enabled); |
|
56 |
+ if ($_POST['password'] != '') |
|
57 |
+ $acc['password'] = $_POST['password']; |
|
58 |
+ $error = check_valid($acc); |
|
59 |
+ if ($error != "") |
|
60 |
+ { |
|
61 |
+ input_error($error); |
|
62 |
+ output(""); |
|
63 |
+ } |
|
64 |
+ else |
|
65 |
+ { |
|
66 |
+ create_mailaccount($acc); |
|
67 |
+ if (! $debugmode) |
|
68 |
+ header('Location: accounts.php'); |
|
69 |
+ die(); |
|
70 |
+ } |
|
71 |
+ } |
|
72 |
+} |
|
73 |
+elseif (isset($_GET['action']) && $_GET['action'] == 'create') |
|
74 |
+{ |
|
75 |
+ output('<h3>E-Mail-Account anlegen</h3> |
|
76 |
+<p>Hier können Sie ein neues POP3/IMAP-Konto anlegen.</p> |
|
77 |
+ <form action="accounts.php?action=save&'.$param.'" method="post"> |
|
78 |
+ <table style="margin-bottom: 1em;"> |
|
79 |
+ <tr><th>Einstellung:</th><th>Wert:</th><th> </th></tr> |
|
80 |
+ <tr> |
|
81 |
+ <td>Benutzername:</td> |
|
82 |
+ <td><input type="text" id="user" name="user" />@<select name="domain" size="1"> |
|
83 |
+ <option value="schokokeks.org">schokokeks.org</option> |
|
84 |
+ '); |
|
85 |
+ require_once('domains.php'); |
|
86 |
+ $domains = get_domain_names($user['customerno'], $user['uid']); |
|
87 |
+ if (count($domains) > 0) |
|
88 |
+ output('<option>----------------------------</option>'); |
|
89 |
+ foreach ($domains as $dom) |
|
90 |
+ output('<option value="'.$dom['domainname'].'">'.$dom['domainname'].'</option>'); |
|
91 |
+ output('</select></td> |
|
92 |
+ |
|
93 |
+ </tr> |
|
94 |
+ <tr> |
|
95 |
+ <td>Mailbox:</td> |
|
96 |
+ <td><input type="text" id="mailbox" name="mailbox" value="'.$user['homedir'].'/" /></td> |
|
97 |
+ </tr> |
|
98 |
+ <tr> |
|
99 |
+ <td>Passwort:</td> |
|
100 |
+ <td><input type="password" id="password" name="password" value="" /></td> |
|
101 |
+ </tr> |
|
102 |
+ <tr> |
|
103 |
+ <td>Account sofort aktivieren:</td> |
|
104 |
+ <td><input type="checkbox" id="enabled" name="enabled" value="true" /></td> |
|
105 |
+ </tr> |
|
106 |
+ </table> |
|
107 |
+ <p><input type="submit" name="create" value="Anlegen" /><br /> |
|
108 |
+ </form> |
|
109 |
+ '); |
|
110 |
+} |
|
111 |
+elseif (isset($_GET['action']) && $_GET['action'] == 'delete' && $_GET['account'] != '') |
|
112 |
+{ |
|
113 |
+ if ($_POST['confirm'] == 'yes') |
|
114 |
+ { |
|
115 |
+ delete_mailaccount($_GET['account']); |
|
116 |
+ if (! $debugmode) |
|
117 |
+ header('Location: accounts.php'); |
|
118 |
+ die(); |
|
119 |
+ } |
|
120 |
+ else |
|
121 |
+ { |
|
122 |
+ output('<h3>E-Mail-Account löschen</h3> |
|
123 |
+ <p>Soll der folgende Account wirklich gelöscht werden?</p> |
|
124 |
+ '); |
|
125 |
+ $_GET['account'] = (int) $_GET['account']; |
|
126 |
+ $account = get_mailaccount($_GET['account']); |
|
127 |
+ $enabled = ($account['enabled'] ? 'Ja' : 'Nein'); |
|
128 |
+ output('<form action="accounts.php?action=delete&account='.$_GET['account'].'&'.$param.'" method="post"> |
|
129 |
+ <table style="margin-bottom: 1em;"> |
|
130 |
+ <tr><td>Benutzername:</td> |
|
131 |
+ <td>'.$account['account'].'</td> |
|
132 |
+ </tr> |
|
133 |
+ <tr><td>Mailbox:</td> |
|
134 |
+ <td>'.$account['mailbox'].'</td> |
|
135 |
+ </tr> |
|
136 |
+ <tr><td>Konto aktiv:</td> |
|
137 |
+ <td>'.$enabled.'</td> |
|
138 |
+ </table> |
|
139 |
+ <p><input type="hidden" name="confirm" value="yes" /> |
|
140 |
+ <input type="submit" value="Wirklich löschen" /> |
|
141 |
+ </p> |
|
142 |
+ </form> |
|
143 |
+ '); |
|
144 |
+ } |
|
145 |
+} |
|
146 |
+elseif (isset($_GET['edit'])) |
|
147 |
+{ |
|
148 |
+ output('<h3>E-Mail-Account bearbeiten</h3> |
|
149 |
+<p>Hier können Sie die Einstellungen des IMAP-Kontos bearbeiten.</p> |
|
150 |
+'); |
|
151 |
+ $_GET['edit'] = (int) $_GET['edit']; |
|
152 |
+ $account = get_mailaccount($_GET['edit']); |
|
153 |
+ list($username, $domain) = explode('@', $account['account'], 2); |
|
154 |
+ $enabled = ($account['enabled'] ? ' checked="checked"' : ''); |
|
155 |
+ output('<form action="accounts.php?action=save&id='.$_GET['edit'].'&'.$param.'" method="post"> |
|
156 |
+ <table style="margin-bottom: 1em;"> |
|
157 |
+ <tr><th>Einstellung:</th><th>alter Wert:</th><th>neuer Wert:</th><th> </th></tr> |
|
158 |
+ <tr><td>Benutzername:</td><td><input type="text" id="old_account" name="old_account" value="'.$account['account'].'" readonly="readonly" style="background-color: #C0C0C0;" /></td> |
|
159 |
+ <td><input type="text" id="user" name="user" value="'.$username.'" />@<select name="domain" id="domain" size="1"> |
|
160 |
+ <option value="schokokeks.org">schokokeks.org</option> |
|
161 |
+ '); |
|
162 |
+ require_once('domains.php'); |
|
163 |
+ $domains = get_domain_names($user['customerno'], $user['uid']); |
|
164 |
+ if (count($domains) > 0) |
|
165 |
+ output('<option>----------------------------</option>'); |
|
166 |
+ foreach ($domains as $dom) |
|
167 |
+ if ($domain == $dom['domainname']) |
|
168 |
+ output('<option value="'.$dom['domainname'].'" selected="selected">'.$dom['domainname'].'</option>'); |
|
169 |
+ else |
|
170 |
+ output('<option value="'.$dom['domainname'].'">'.$dom['domainname'].'</option>'); |
|
171 |
+ |
|
172 |
+ output('</select></td> |
|
173 |
+ <td><input type="button" onclick="document.getElementById(\'user\').value = \''.$username.'\' ; document.getElementById(\'domain\').value = \''.$domain.'\'" value="Zeile zurücksetzen" /></td></tr> |
|
174 |
+ <tr><td>Mailbox:</td><td><input type="text" id="old_mailbox" name="old_mailbox" value="'.$account['mailbox'].'" readonly="readonly" style="background-color: #C0C0C0;" /></td> |
|
175 |
+ <td><input type="text" id="mailbox" name="mailbox" value="'.$account['mailbox'].'" /></td> |
|
176 |
+ <td><input type="button" onclick="document.getElementById(\'mailbox\').value = document.getElementById(\'old_mailbox\').value" value="Zeile zurücksetzen" /></td></tr> |
|
177 |
+ <tr><td>Passwort:</td><td><i>nicht angezeigt</i></td> |
|
178 |
+ <td><input type="password" id="password" name="password" value="" /></td> |
|
179 |
+ <td><input type="button" onclick="document.getElementById(\'password\').value = \'\'" value="Zeile zurücksetzen" /></td></tr> |
|
180 |
+ <tr><td>Konto aktiv:</td> |
|
181 |
+ <td> </td> |
|
182 |
+ <td><input type="checkbox" id="enabled" name="enabled" value="true"'.$enabled.' /></td> |
|
183 |
+ <td> </td></tr> |
|
184 |
+ </table> |
|
185 |
+ <p><input type="submit" value="Änderungen speichern" /><br /> |
|
186 |
+ Hinweis: Das Passwort wird nur geändert, wenn Sie auf dieser Seite eines eingeben. Geben Sie keines an, wird das bisherige beibehalten!</p> |
|
187 |
+ </form> |
|
188 |
+ '); |
|
189 |
+ |
|
190 |
+} |
|
191 |
+else |
|
192 |
+{ |
|
193 |
+ output('<h3>E-Mail-Accounts</h3> |
|
194 |
+<p>Folgende POP3/IMAP-Konten sind eingerichtet:</p> |
|
195 |
+<table style="margin-bottom: 1em;"> |
|
196 |
+<tr><th>Benutzername:</th><th>Mailbox-Pfad:</th><th>aktiv</th><th> </th></tr> |
|
197 |
+'); |
|
198 |
+ |
|
199 |
+ foreach (mailaccounts($user['uid']) as $account) |
|
200 |
+ { |
|
201 |
+ $mailbox = $account['mailbox']; |
|
202 |
+ if (empty($mailbox)) |
|
203 |
+ $mailbox = '<i>nicht festgelegt</i>'; |
|
204 |
+ output('<tr> |
|
205 |
+ <td>'.$account['account'].'</td> |
|
206 |
+ <td>'.$mailbox.'</td> |
|
207 |
+ <td><b>'.($account['enabled'] ? 'Ja' : 'Nein').'</b></td> |
|
208 |
+ <td><a href="accounts.php?edit='.$account['id'].'">bearbeiten</a></td><td><a href="accounts.php?action=delete&account='.$account['id'].'">löschen</a></td></li>'); |
|
209 |
+ } |
|
210 |
+ output('</table> |
|
211 |
+<p><a href="accounts.php?action=create">Neuen Account anlegen</a></p> |
|
212 |
+ |
|
213 |
+'); |
|
214 |
+} |
|
215 |
+ |
|
216 |
+?> |
1 | 3 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,198 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/debug.php'); |
|
4 |
+require_once('inc/db_connect.php'); |
|
5 |
+ |
|
6 |
+function mailaccounts($uid) |
|
7 |
+{ |
|
8 |
+ $uid = (int) $uid; |
|
9 |
+ $query = "SELECT m.id,concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.uid=$uid"; |
|
10 |
+ DEBUG("SQL-Query: {$query}"); |
|
11 |
+ $result = @mysql_query($query); |
|
12 |
+ if (mysql_error()) |
|
13 |
+ system_failure(mysql_error()); |
|
14 |
+ DEBUG("Found ".@mysql_num_rows($result)." rows!"); |
|
15 |
+ $accounts = array(); |
|
16 |
+ if (@mysql_num_rows($result) > 0) |
|
17 |
+ while ($acc = @mysql_fetch_object($result)) |
|
18 |
+ array_push($accounts, array('id'=> $acc->id, 'account' => $acc->account, 'mailbox' => $acc->maildir, 'cryptpass' => $acc->cryptpass, 'enabled' => ($acc->aktiv == 1))); |
|
19 |
+ return $accounts; |
|
20 |
+} |
|
21 |
+ |
|
22 |
+function get_mailaccount($id) |
|
23 |
+{ |
|
24 |
+ $uid = (int) $uid; |
|
25 |
+ $query = "SELECT concat_ws('@',`m`.`local`,if(isnull(`m`.`domain`),_utf8'schokokeks.org',`d`.`domainname`)) AS `account`, `m`.`password` AS `cryptpass`,`m`.`maildir` AS `maildir`,aktiv from (`mail`.`mailaccounts` `m` left join `mail`.`v_domains` `d` on((`d`.`id` = `m`.`domain`))) WHERE m.id=$id"; |
|
26 |
+ $result = mysql_query($query); |
|
27 |
+ DEBUG("Found ".mysql_num_rows($result)." rows!"); |
|
28 |
+ $acc = mysql_fetch_object($result); |
|
29 |
+ $ret = array('account' => $acc->account, 'mailbox' => $acc->maildir, 'enabled' => ($acc->aktiv == 1)); |
|
30 |
+ DEBUG(print_r($ret, true)); |
|
31 |
+ return $ret; |
|
32 |
+} |
|
33 |
+ |
|
34 |
+/* |
|
35 |
+ FIXME: Hier auch die crypt-Funktion nehmen wie beim systemuser-Passwort |
|
36 |
+*/ |
|
37 |
+function encrypt_mail_password($pw) |
|
38 |
+{ |
|
39 |
+ DEBUG("unencrypted PW: ".$pw); |
|
40 |
+ $descriptorspec = array( |
|
41 |
+ 0 => array("pipe", "r"), |
|
42 |
+ 1 => array("pipe", "w") |
|
43 |
+ ); |
|
44 |
+ $process = proc_open("/usr/local/bin/exec/userdbpw -md5", $descriptorspec, $pipes); |
|
45 |
+ fwrite($pipes[0], $pw); |
|
46 |
+ fclose($pipes[0]); |
|
47 |
+ $encpw = fgets($pipes[1]); |
|
48 |
+ DEBUG("encrypted PW: ".$encpw); |
|
49 |
+ fclose($pipes[1]); |
|
50 |
+ proc_close($process); |
|
51 |
+ return chop($encpw); |
|
52 |
+ |
|
53 |
+} |
|
54 |
+ |
|
55 |
+function get_domain_id($domain) |
|
56 |
+{ |
|
57 |
+ $domain = mysql_real_escape_string($domain); |
|
58 |
+ $result = mysql_query("SELECT id FROM mail.v_domains WHERE domainname = '{$domain}';"); |
|
59 |
+ if (mysql_num_rows($result) == 0) |
|
60 |
+ return NULL; |
|
61 |
+ return mysql_fetch_object($result)->id; |
|
62 |
+} |
|
63 |
+ |
|
64 |
+ |
|
65 |
+function change_mailaccount($id, $arr) |
|
66 |
+{ |
|
67 |
+ $id = (int) $id; |
|
68 |
+ $conditions = array(); |
|
69 |
+ |
|
70 |
+ if (isset($arr['account'])) |
|
71 |
+ { |
|
72 |
+ list($local, $domain) = explode('@', $arr['account'], 2); |
|
73 |
+ $domainid = get_domain_id($domain); |
|
74 |
+ if ($domainid == NULL) |
|
75 |
+ $domainid='NULL'; |
|
76 |
+ array_push($conditions, "local='".mysql_real_escape_string($local)."', domain=$domainid"); |
|
77 |
+ } |
|
78 |
+ if (isset($arr['mailbox'])) |
|
79 |
+ if ($arr['mailbox'] == '') |
|
80 |
+ array_push($conditions, "`maildir`=NULL"); |
|
81 |
+ else |
|
82 |
+ array_push($conditions, "`maildir`='".mysql_real_escape_string($arr['mailbox'])."'"); |
|
83 |
+ |
|
84 |
+ if (isset($arr['password'])) |
|
85 |
+ { |
|
86 |
+ $encpw = encrypt_mail_password($arr['password']); |
|
87 |
+ array_push($conditions, "`password`='$encpw'"); |
|
88 |
+ } |
|
89 |
+ |
|
90 |
+ if (isset($arr['enabled'])) |
|
91 |
+ array_push($conditions, "`aktiv`=".($arr['enabled'] == 'Y' ? "1" : "0")); |
|
92 |
+ |
|
93 |
+ |
|
94 |
+ $query = "UPDATE mail.mailaccounts SET ".implode(",", $conditions)." WHERE id='$id' LIMIT 1"; |
|
95 |
+ DEBUG("Query: ".$query); |
|
96 |
+ |
|
97 |
+ mysql_query($query); |
|
98 |
+ if (mysql_error()) |
|
99 |
+ system_failure('Beim Ändern der Account-Daten ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
100 |
+ |
|
101 |
+} |
|
102 |
+ |
|
103 |
+function create_mailaccount($arr) |
|
104 |
+{ |
|
105 |
+ $values = array(); |
|
106 |
+ |
|
107 |
+ if (($arr['account']) == '') |
|
108 |
+ system_failure('empty account name!'); |
|
109 |
+ |
|
110 |
+ $values['uid'] = (int) $_SESSION['userinfo']['uid']; |
|
111 |
+ |
|
112 |
+ list($local, $domain) = explode('@', $arr['account'], 2); |
|
113 |
+ $domainid = get_domain_id($domain); |
|
114 |
+ if ($domainid == NULL) |
|
115 |
+ $domainid='NULL'; |
|
116 |
+ $values['local'] = "'".mysql_real_escape_string($local)."'"; |
|
117 |
+ $values['domain'] = $domainid; |
|
118 |
+ |
|
119 |
+ if (isset($arr['mailbox'])) |
|
120 |
+ if ($arr['mailbox'] == '') |
|
121 |
+ $values['maildir'] = 'NULL'; |
|
122 |
+ else |
|
123 |
+ $values['maildir']= "'".mysql_real_escape_string($arr['mailbox'])."'"; |
|
124 |
+ |
|
125 |
+ |
|
126 |
+ if (isset($arr['password'])) |
|
127 |
+ { |
|
128 |
+ $values['password'] = "'".encrypt_mail_password($arr['password'])."'"; |
|
129 |
+ } |
|
130 |
+ |
|
131 |
+ if (isset($arr['enabled'])) |
|
132 |
+ $values['aktiv'] = ($arr['enabled'] == 'Y' ? "1" : "0" ); |
|
133 |
+ |
|
134 |
+ |
|
135 |
+ $query = "INSERT INTO mail.mailaccounts (".implode(',', array_keys($values)).") VALUES (".implode(",", array_values($values)).")"; |
|
136 |
+ DEBUG("Query: ".$query); |
|
137 |
+ |
|
138 |
+ mysql_query($query); |
|
139 |
+ if (mysql_error()) |
|
140 |
+ system_failure('Beim Anlegen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
141 |
+ |
|
142 |
+} |
|
143 |
+ |
|
144 |
+ |
|
145 |
+function delete_mailaccount($id) |
|
146 |
+{ |
|
147 |
+ $id = (int) $id; |
|
148 |
+ $query = "DELETE FROM mail.mailaccounts WHERE id=".$id." LIMIT 1"; |
|
149 |
+ mysql_query($query); |
|
150 |
+ if (mysql_error()) |
|
151 |
+ system_failure('Beim Löschen des Kontos ist ein Fehler aufgetreten. Sollte dies wiederholt vorkommen, senden Sie bitte die Fehlermeldung ('.mysql_error().') an einen Administrator.'); |
|
152 |
+} |
|
153 |
+ |
|
154 |
+ |
|
155 |
+function check_valid($acc) |
|
156 |
+{ |
|
157 |
+ $user = $_SESSION['userinfo']; |
|
158 |
+ DEBUG("Account-data: ".print_r($acc, true)); |
|
159 |
+ DEBUG("User-data: ".print_r($user, true)); |
|
160 |
+ if ($acc['mailbox'] != '') |
|
161 |
+ { |
|
162 |
+ if (substr($acc['mailbox'], 0, strlen($user['homedir'])+1) != $user['homedir'].'/') |
|
163 |
+ return "Die Mailbox muss innerhalb des Home-Verzeichnisses liegen. Sie haben \"".$acc['mailbox']."\" als Mailbox angegeben, Ihre Home-Verzeichnis ist \"".$user['homedir']."/\"."; |
|
164 |
+ if (strstr($acc['mailbox'], '..') or ! preg_match('/^[a-z0-9.\/_-]*$/', $acc['mailbox'])) |
|
165 |
+ return "Sie verwenden ungültige Zeichen in Ihrem Mailbox-Pfad."; |
|
166 |
+ } |
|
167 |
+ |
|
168 |
+ if ($acc['account'] == '' || strpos($acc['account'], '@') == 0) |
|
169 |
+ return "Es wurde kein Benutzername angegeben!"; |
|
170 |
+ if (strpos($acc['account'], '@') === false) |
|
171 |
+ return "Es wurde kein Domain-Teil im Account-Name angegeben. Account-Namen müssen einen Domain-Teil enthalten. Im Zweifel versuchen Sie "@schokokeks.org"."; |
|
172 |
+ |
|
173 |
+ list($local, $domain) = explode('@', $acc['account'], 2); |
|
174 |
+ require_once('domains.php'); |
|
175 |
+ $tmpdomains = get_domain_names($user['customerno'], $user['uid']); |
|
176 |
+ $domains = array(); |
|
177 |
+ foreach ($tmpdomains as $dom) |
|
178 |
+ array_push($domains, $dom['domainname']); |
|
179 |
+ |
|
180 |
+ if (array_search($domain, $domains) === false) |
|
181 |
+ { |
|
182 |
+ if ($domain == "schokokeks.org") |
|
183 |
+ { |
|
184 |
+ if (substr($local, 0, strlen($user['username'])) != $user['username'] || ($acc['account'][strlen($user['username'])] != '-' && $acc['account'][strlen($user['username'])] != '@')) |
|
185 |
+ { |
|
186 |
+ return "Sie haben "@schokokeks.org" als Domain-Teil angegeben, aber der Benutzer-Teil beginnt nicht mit Ihrem Benutzername!"; |
|
187 |
+ } |
|
188 |
+ } |
|
189 |
+ else |
|
190 |
+ return "Der angegebene Domain-Teil (".htmlentities($domain, ENT_QUOTES, "UTF-8").") ist nicht für Ihren Account eingetragen. Sollte dies ein Fehler sein, wenden sie sich bitte an einen Administrator!"; |
|
191 |
+ } |
|
192 |
+ |
|
193 |
+ return ''; |
|
194 |
+} |
|
195 |
+ |
|
196 |
+ |
|
197 |
+ |
|
198 |
+?> |
0 | 13 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,73 @@ |
1 |
+<?php |
|
2 |
+require_once('inc/debug.php'); |
|
3 |
+ |
|
4 |
+$title = "Passwort ändern"; |
|
5 |
+$error = ''; |
|
6 |
+ |
|
7 |
+require_role(array(ROLE_SYSTEMUSER, ROLE_CUSTOMER)); |
|
8 |
+ |
|
9 |
+ |
|
10 |
+if ($_POST['password1'] != '') |
|
11 |
+{ |
|
12 |
+ $result = NULL; |
|
13 |
+ switch ($_SESSION['role']) |
|
14 |
+ { |
|
15 |
+ case ROLE_SYSTEMUSER: |
|
16 |
+ $result = find_role($_SESSION['userinfo']['uid'], $_POST['old_password']); |
|
17 |
+ break; |
|
18 |
+ case ROLE_CUSTOMER: |
|
19 |
+ $result = find_role($_SESSION['customerinfo']['customerno'], $_POST['old_password']); |
|
20 |
+ break; |
|
21 |
+ } |
|
22 |
+ if ($result == NULL) |
|
23 |
+ input_error('Das bisherige Passwort ist nicht korrekt!'); |
|
24 |
+ elseif ($_POST['password2'] != $_POST['password1']) |
|
25 |
+ input_error('Die Bestätigung ist nicht identisch mit dem neuen Passwort!'); |
|
26 |
+ elseif ($_POST['password2'] == '') |
|
27 |
+ input_error('Sie müssen das neue Passwort zweimal eingeben!'); |
|
28 |
+ elseif ($_POST['old_password'] == '') |
|
29 |
+ input_error('Altes Passwort nicht angegeben!'); |
|
30 |
+ else |
|
31 |
+ { |
|
32 |
+ if ($result == ROLE_SYSTEMUSER) |
|
33 |
+ set_systemuser_password($_SESSION['userinfo']['uid'], $_POST['password1']); |
|
34 |
+ elseif ($result == ROLE_CUSTOMER) |
|
35 |
+ set_customer_password($_SESSION['customerinfo']['customerno'], $_POST['password1']); |
|
36 |
+ else |
|
37 |
+ system_failure("WTF?!"); |
|
38 |
+ |
|
39 |
+ if (! $debugmode) |
|
40 |
+ header('Location: index.php'); |
|
41 |
+ else |
|
42 |
+ output(''); |
|
43 |
+ } |
|
44 |
+} |
|
45 |
+ |
|
46 |
+ |
|
47 |
+ |
|
48 |
+if ($_SESSION['role'] == ROLE_SYSTEMUSER) |
|
49 |
+ warning('Beachten Sie: Wenn Sie hier Ihr Passwort ändern, betrifft dies auch Ihr Anmelde-Passwort am Server (SSH).'); |
|
50 |
+ |
|
51 |
+output('<h3>Passwort ändern</h3> |
|
52 |
+<p>Hier können Sie Ihr Passwort ändern.</p> |
|
53 |
+<form method="post" action="'.($debugmode ? '?debug' : '').'"> |
|
54 |
+<table> |
|
55 |
+ <tr> |
|
56 |
+ <td>bisheriges Passwort:</td> <td><input type="password" name="old_password" value="" /></td> |
|
57 |
+ </tr> |
|
58 |
+ <tr> |
|
59 |
+ <td>neues Passwort:</td> <td><input type="password" name="password1" value="" /></td> |
|
60 |
+ </tr> |
|
61 |
+ <tr> |
|
62 |
+ <td>Bestätigung:<br /><span style="font-size: 80%;">(nochmal neues Passwort)</span></td> |
|
63 |
+ <td><input type="password" name="password2" value="" /></td> |
|
64 |
+ </tr> |
|
65 |
+ <tr> |
|
66 |
+ <td> </td><td><input type="submit" value="Speichern" /></td> |
|
67 |
+ </tr> |
|
68 |
+</table> |
|
69 |
+</form> |
|
70 |
+ |
|
71 |
+'); |
|
72 |
+ |
|
73 |
+?> |
0 | 74 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,53 @@ |
1 |
+<?php |
|
2 |
+require_once('newpass.php'); |
|
3 |
+require_once('session/checkuser.php'); |
|
4 |
+ |
|
5 |
+ |
|
6 |
+function send_customer_token($customerno) |
|
7 |
+{ |
|
8 |
+ $customerno = (int) $customerno; |
|
9 |
+ $token = get_customer_token($customerno); |
|
10 |
+ $customer = get_customer_info($customerno); |
|
11 |
+ $email = get_customer_email($customerno); |
|
12 |
+ $anrede = "Sehr geehrte Damen und Herren"; |
|
13 |
+ if ($customer['title'] == 'Herr') |
|
14 |
+ $anrede = "Sehr geehrter Herr {$customer['name']}"; |
|
15 |
+ elseif ($customer['title'] == 'Frau') |
|
16 |
+ $anrede = "Sehr geehrte Frau {$customer['name']}"; |
|
17 |
+ $msg = "{$anrede}, |
|
18 |
+ |
|
19 |
+Sie haben auf unserem Web-Administrations-Interface ein neues |
|
20 |
+Passwort für Ihren Kunden-Zugang angefordert. |
|
21 |
+Diese automatische Nachricht dient der Überprüfung Ihrer Identität. |
|
22 |
+ |
|
23 |
+Um sich ein neues Passwort setzen zu können, rufen Sie bitte den |
|
24 |
+folgenden Link auf: |
|
25 |
+ https://config.schokokeks.org/go/index/validate_token.php?customerno={$customer['customerno']}&token={$token} |
|
26 |
+ |
|
27 |
+Sollte Ihr E-Mail-Programm diesen Link nicht korrekt an den Browser |
|
28 |
+übertragen, rufen Sie bitte die Seite |
|
29 |
+ https://config.schokokeks.org/go/index/validate_token.php |
|
30 |
+auf und geben Sie die folgenden Daten ein: |
|
31 |
+ Kundennummer: {$customer['customerno']} |
|
32 |
+ Token: {$token} |
|
33 |
+ |
|
34 |
+Diese Prozedur müssen Sie bis spätestens 24 Stunden nach Erhalt |
|
35 |
+dieser Nachricht durchführen, sonst verliert das Token seine |
|
36 |
+Gültigkeit. |
|
37 |
+"; |
|
38 |
+ send_mail($email, "Passwortanforderung fuer Webinterface", $msg); |
|
39 |
+} |
|
40 |
+ |
|
41 |
+ |
|
42 |
+ |
|
43 |
+function send_mail($address, $subject, $body) |
|
44 |
+{ |
|
45 |
+ if (strstr($subject, "\n") !== false) |
|
46 |
+ die("Zeilenumbruch im subject!"); |
|
47 |
+ $header = "From: schokokeks.org Web Administration <noreply@schokokeks.org>\r\nReply-To: root@schokokeks.org\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit"; |
|
48 |
+ mail($address, $subject, $body, $header); |
|
49 |
+} |
|
50 |
+ |
|
51 |
+ |
|
52 |
+ |
|
53 |
+?> |
0 | 54 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,75 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('inc/db_connect.php'); |
|
4 |
+require_once('session/checkuser.php'); |
|
5 |
+ |
|
6 |
+function customer_has_email($customerno, $email) |
|
7 |
+{ |
|
8 |
+ $customerno = (int) $customerno; |
|
9 |
+ $email = mysql_real_escape_string($email); |
|
10 |
+ $query = "SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';"; |
|
11 |
+ $result = @mysql_query($query); |
|
12 |
+ if (mysql_error()) |
|
13 |
+ system_failure(mysql_error()); |
|
14 |
+ return (mysql_num_rows($result) > 0); |
|
15 |
+} |
|
16 |
+ |
|
17 |
+ |
|
18 |
+function validate_token($customerno, $token) |
|
19 |
+{ |
|
20 |
+ expire_tokens(); |
|
21 |
+ $customerno = (int) $customerno; |
|
22 |
+ $token = mysql_real_escape_string($token); |
|
23 |
+ $result = @mysql_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';"); |
|
24 |
+ if (mysql_error()) |
|
25 |
+ system_failure(mysql_error()); |
|
26 |
+ return (mysql_num_rows($result) > 0); |
|
27 |
+} |
|
28 |
+ |
|
29 |
+ |
|
30 |
+function expire_tokens() |
|
31 |
+{ |
|
32 |
+ $expire = "1 DAY"; |
|
33 |
+ @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};"); |
|
34 |
+} |
|
35 |
+ |
|
36 |
+function invalidate_customer_token($customerno) |
|
37 |
+{ |
|
38 |
+ $customerno = (int) $customerno; |
|
39 |
+ @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;"); |
|
40 |
+} |
|
41 |
+ |
|
42 |
+function create_token($customerno) |
|
43 |
+{ |
|
44 |
+ $customerno = (int) $customerno; |
|
45 |
+ expire_tokens(); |
|
46 |
+ $result = @mysql_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;"); |
|
47 |
+ if (mysql_num_rows($result) > 0) |
|
48 |
+ { |
|
49 |
+ $res = mysql_fetch_object($result)->token_create; |
|
50 |
+ input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen."); |
|
51 |
+ return false; |
|
52 |
+ } |
|
53 |
+ $token = random_string(10); |
|
54 |
+ $query = "UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;"; |
|
55 |
+ @mysql_query($query); |
|
56 |
+ if (mysql_error()) |
|
57 |
+ system_failure(mysql_error()); |
|
58 |
+ return true; |
|
59 |
+} |
|
60 |
+ |
|
61 |
+ |
|
62 |
+function get_customer_token($customerno) |
|
63 |
+{ |
|
64 |
+ $customerno = (int) $customerno; |
|
65 |
+ expire_tokens(); |
|
66 |
+ $result = @mysql_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;"); |
|
67 |
+ if (mysql_error()) |
|
68 |
+ system_failure(mysql_error()); |
|
69 |
+ if (mysql_num_rows($result) < 1) |
|
70 |
+ system_failure("Kann das Token nicht auslesen!"); |
|
71 |
+ return mysql_fetch_object($result)->token; |
|
72 |
+} |
|
73 |
+ |
|
74 |
+ |
|
75 |
+?> |
0 | 76 |
new file mode 100644 |
... | ... |
@@ -0,0 +1,34 @@ |
1 |
+<?php |
|
2 |
+ |
|
3 |
+require_once('session/start.php'); |
|
4 |
+ |
|
5 |
+ |
|
6 |
+ |
|
7 |
+ |
|
8 |
+//require_role(array(ROLE_CUSTOMER, ROLE_SYSTEMUSER)); |
|
9 |
+ |
|
10 |
+/*if ($user['realname'] == '') |
|
11 |
+ input_error('Ihr Name ist nicht im System gespeichert (siehe Stammdaten)!'); |
|
12 |
+if ($user['email'] == '') |
|
13 |
+ input_error('Im System ist keine alternative eMail-Adresse gespeichert (siehe Stammdaten)!'); |
|
14 |
+*/ |
|
15 |
+ |
|
16 |
+switch ($_SESSION['role']) |
|
17 |
+{ |
|
18 |
+case ROLE_ANONYMOUS: |
|
19 |
+ login_screen(''); |
|
20 |
+ break; |
|
21 |
+case ROLE_SYSTEMUSER: |
|
22 |
+ $role = "{$_SESSION['userinfo']['name']}, angemeldet als Benutzer"; |
|
23 |
+ break; |
|
24 |
+case ROLE_CUSTOMER: |
|
25 |
+ $role = "{$_SESSION['customerinfo']['name']}, angemeldet als Kunde"; |
|
26 |
+ break; |
|
27 |
+} |
|
28 |
+ |
|
29 |
+ |
|
30 |
+output('<h3>Administration</h3> |
|
31 |
+<p>Herzlich willkommen, '.$role.'.</p>'); |
|
32 |
+ |
|
33 |
+ |
|
34 |
+?> |