Browse code

set admin address as sender for messages / use company name if defined

Bernd Wurst authored on17/06/2021 15:58:21
Showing1 changed files
... ...
@@ -479,7 +479,7 @@ function send_mail($address, $subject, $body)
479 479
     if (strstr($subject, "\n") !== false) {
480 480
         die("Zeilenumbruch im subject!");
481 481
     }
482
-    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
482
+    $header = "From: ".config('company_name')." Web Administration <".config('adminmail').">\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
483 483
     $subject = mb_encode_mimeheader($subject, "utf-8", "Q");
484 484
     $body = quoted_printable_encode($body);
485 485
     mail($address, $subject, $body, $header);
Browse code

Use mb_encode_mimeheader instead of quoted_printable_encode to ensure properly encoded subjects, add custom mail header

Hanno Böck authored on24/05/2020 09:46:55
Showing1 changed files
... ...
@@ -479,8 +479,8 @@ function send_mail($address, $subject, $body)
479 479
     if (strstr($subject, "\n") !== false) {
480 480
         die("Zeilenumbruch im subject!");
481 481
     }
482
-    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable";
483
-    $subject = "=?UTF-8?Q?".quoted_printable_encode($subject)."?=";
482
+    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable\r\nX-schokokeks-org-message: webinterface";
483
+    $subject = mb_encode_mimeheader($subject, "utf-8", "Q");
484 484
     $body = quoted_printable_encode($body);
485 485
     mail($address, $subject, $body, $header);
486 486
 }
Browse code

fix encoding mail headers and body as quoted printable

Bernd Wurst authored on20/10/2019 12:02:54
Showing1 changed files
... ...
@@ -479,7 +479,9 @@ function send_mail($address, $subject, $body)
479 479
     if (strstr($subject, "\n") !== false) {
480 480
         die("Zeilenumbruch im subject!");
481 481
     }
482
-    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit";
482
+    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: quoted-printable";
483
+    $subject = "=?UTF-8?Q?".quoted_printable_encode($subject)."?=";
484
+    $body = quoted_printable_encode($body);
483 485
     mail($address, $subject, $body, $header);
484 486
 }
485 487
 
Browse code

Funktion send_mail() global verfügbar gemacht.

Bernd Wurst authored on15/10/2019 09:51:58
Showing1 changed files
... ...
@@ -473,6 +473,16 @@ function get_modules_info()
473 473
     return $modconfig;
474 474
 }
475 475
 
476
+
477
+function send_mail($address, $subject, $body)
478
+{
479
+    if (strstr($subject, "\n") !== false) {
480
+        die("Zeilenumbruch im subject!");
481
+    }
482
+    $header = "From: ".config('company_name')." Web Administration <noreply@".config('masterdomain').">\r\nReply-To: ".config('adminmail')."\r\nCc: ".config('adminmail')."\r\nContent-Type: text/plain; charset=\"utf-8\"\r\nContent-Transfer-Encoding: 8bit";
483
+    mail($address, $subject, $body, $header);
484
+}
485
+
476 486
 function handle_exception($e)
477 487
 {
478 488
     if (config('enable_debug')) {
Browse code

accept integer parameters in filter_*() and use filter_output_html() in html_* functions

Bernd Wurst authored on14/10/2019 11:50:19
Showing1 changed files
... ...
@@ -422,8 +422,8 @@ function html_select($name, $options, $default='', $free='')
422 422
         if ($default == $key) {
423 423
             $selected = ' selected="selected" ';
424 424
         }
425
-        $key = filter_input_general($key);
426
-        $value = filter_input_general($value);
425
+        $key = filter_output_html($key);
426
+        $value = filter_output_html($value);
427 427
         $ret .= "  <option value=\"{$key}\"{$selected}>{$value}</option>\n";
428 428
     }
429 429
     $ret .= '</select>';
Browse code

disable brute force check when logging is disabled

Bernd Wurst authored on11/04/2019 17:16:39
Showing1 changed files
... ...
@@ -191,6 +191,10 @@ function logger($severity, $scriptname, $scope, $message)
191 191
 
192 192
 function count_failed_logins()
193 193
 {
194
+    if (config('logging') < LOG_WARNING) {
195
+        DEBUG("logging is disabled, no brute force check possible");
196
+        return;
197
+    }
194 198
     $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
195 199
     $data = $result->fetch();
196 200
     DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
Browse code

print stack trace with exception

Bernd Wurst authored on10/04/2019 20:58:00
Showing1 changed files
... ...
@@ -472,8 +472,10 @@ function get_modules_info()
472 472
 function handle_exception($e)
473 473
 {
474 474
     if (config('enable_debug')) {
475
-        print_r($e->getMessage());
476
-        print_r(serialize($_POST));
475
+        print_r($e->getMessage()."<br>");
476
+        debug_print_backtrace();
477
+        echo("<br>");
478
+        print_r(serialize($_POST)."<br>");
477 479
         print_r(serialize($_SERVER));
478 480
     } else {
479 481
         $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER);
Browse code

fix codingstyle

Hanno authored on10/04/2019 08:52:30
Showing1 changed files
... ...
@@ -189,7 +189,8 @@ function logger($severity, $scriptname, $scope, $message)
189 189
     db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
190 190
 }
191 191
 
192
-function count_failed_logins() {
192
+function count_failed_logins()
193
+{
193 194
     $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
194 195
     $data = $result->fetch();
195 196
     DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
Browse code

send exception via mail only in non-debug-environments

Bernd Wurst authored on10/04/2019 08:13:58
Showing1 changed files
... ...
@@ -470,6 +470,12 @@ function get_modules_info()
470 470
 
471 471
 function handle_exception($e)
472 472
 {
473
-    $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER);
474
-    mail(config("adminmail"), "Exception on configinterface", $msg);
473
+    if (config('enable_debug')) {
474
+        print_r($e->getMessage());
475
+        print_r(serialize($_POST));
476
+        print_r(serialize($_SERVER));
477
+    } else {
478
+        $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER);
479
+        mail(config("adminmail"), "Exception on configinterface", $msg);
480
+    }
475 481
 }
Browse code

add brute force protection to login

Bernd Wurst authored on10/04/2019 07:56:36
Showing1 changed files
... ...
@@ -189,6 +189,13 @@ function logger($severity, $scriptname, $scope, $message)
189 189
     db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
190 190
 }
191 191
 
192
+function count_failed_logins() {
193
+    $result = db_query("SELECT count(*) AS num FROM misc.scriptlog WHERE user IS NULL AND scriptname='session/start' AND scope='login' AND message LIKE 'wrong user data%' AND remote=:remote AND `timestamp` > NOW() - INTERVAL 10 MINUTE", array(":remote" => $_SERVER['REMOTE_ADDR']));
194
+    $data = $result->fetch();
195
+    DEBUG('seen '.$data['num'].' failed logins from this address within 10 minutes');
196
+    return $data['num'];
197
+}
198
+
192 199
 function html_header($arg)
193 200
 {
194 201
     global $html_header;
Browse code

Default exception handler with warning mail to admin

Hanno authored on05/01/2019 17:16:27
Showing1 changed files
... ...
@@ -460,3 +460,9 @@ function get_modules_info()
460 460
     }
461 461
     return $modconfig;
462 462
 }
463
+
464
+function handle_exception($e)
465
+{
466
+    $msg = "Exception caught:\n".$e->getMessage()."\n".serialize($_POST)."\n".serialize($_SERVER);
467
+    mail(config("adminmail"), "Exception on configinterface", $msg);
468
+}
Browse code

Warnung wg. undefined index vermeiden wenn kein form_token gesetzt ist

Hanno Böck authored on07/08/2018 20:28:46
Showing1 changed files
... ...
@@ -292,7 +292,7 @@ function generate_form_token($form_id)
292 292
 
293 293
 function check_form_token($form_id, $formtoken = null)
294 294
 {
295
-    if ($formtoken == null) {
295
+    if ($formtoken == null && isset($_REQUEST['formtoken'])) {
296 296
         $formtoken = $_REQUEST['formtoken'];
297 297
     }
298 298
     $sessid = session_id();
Browse code

avoid undefined index

Hanno authored on29/07/2018 09:09:05
Showing1 changed files
... ...
@@ -260,7 +260,8 @@ function are_you_sure($query_string, $question)
260 260
 function user_is_sure()
261 261
 {
262 262
     if (isset($_POST['really'])) {
263
-        if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) {
263
+        if (array_key_exists('random_token', $_POST) &&
264
+            ($_POST['random_token'] == $_SESSION['are_you_sure_token'])) {
264 265
             return true;
265 266
         } else {
266 267
             system_failure("Possible Cross-site-request-forgery detected!");
Browse code

Erzeuge Session-Token, falls es noch nicht existiert.

Bernd Wurst authored on20/07/2018 11:37:15
Showing1 changed files
... ...
@@ -300,6 +300,9 @@ function check_form_token($form_id, $formtoken = null)
300 300
         system_failure("Internal error! (Session not running)");
301 301
     }
302 302
 
303
+    if (! isset($_SESSION['session_token'])) {
304
+        $_SESSION['session_token'] = random_string(10);
305
+    }
303 306
     $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
304 307
 
305 308
     if (! ($formtoken == $correct_formtoken)) {
Browse code

remove whitespace in empty lines

Hanno authored on26/06/2018 23:36:40
Showing1 changed files
... ...
@@ -45,14 +45,14 @@ function config($key, $localonly = false)
45 45
     if (array_key_exists($key, $config)) {
46 46
         return $config[$key];
47 47
     }
48
-  
48
+
49 49
     if ($localonly) {
50 50
         return null;
51 51
     }
52 52
 
53 53
     /* read configuration from database */
54 54
     $result = db_query("SELECT `key`, value FROM misc.config");
55
-  
55
+
56 56
     while ($object = $result->fetch()) {
57 57
         if (!array_key_exists($object['key'], $config)) {
58 58
             $config[$object['key']]=$object['value'];
... ...
@@ -433,7 +433,7 @@ function html_datepicker($nameprefix, $timestamp)
433 433
                        $current_year+2 => $current_year+2,
434 434
                        $current_year+3 => $current_year+3,
435 435
                        $current_year+4 => $current_year+4);
436
-              
436
+
437 437
     $selected_day = date('d', $timestamp);
438 438
     $selected_month = date('m', $timestamp);
439 439
     $selected_year = date('Y', $timestamp);
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -19,57 +19,59 @@ require_once('inc/debug.php');
19 19
 
20 20
 function config($key, $localonly = false)
21 21
 {
22
-  global $config;
23
-
24
-  if ($key == "modules") {
25
-    // Stelle sicher, dass das "index"-Modul immer aktiv ist!
26
-    if (! in_array("index", $config['modules'])) {
27
-      $config['modules'][] = "index";
28
-    }
29
-    // Stelle sicher, dass das "about"-Modul immer aktiv ist!
30
-    if (! in_array("about", $config['modules'])) {
31
-      $config['modules'][] = "about";
22
+    global $config;
23
+
24
+    if ($key == "modules") {
25
+        // Stelle sicher, dass das "index"-Modul immer aktiv ist!
26
+        if (! in_array("index", $config['modules'])) {
27
+            $config['modules'][] = "index";
28
+        }
29
+        // Stelle sicher, dass das "about"-Modul immer aktiv ist!
30
+        if (! in_array("about", $config['modules'])) {
31
+            $config['modules'][] = "about";
32
+        }
32 33
     }
33
-  }
34 34
 
35
-  if ($key == 'modules' && isset($_SESSION['restrict_modules']))
36
-  {
37
-    $modules = array();
38
-    foreach ($config['modules'] as $mod)
39
-    {
40
-      if (in_array($mod, $_SESSION['restrict_modules']))
41
-        $modules[] = $mod;
35
+    if ($key == 'modules' && isset($_SESSION['restrict_modules'])) {
36
+        $modules = array();
37
+        foreach ($config['modules'] as $mod) {
38
+            if (in_array($mod, $_SESSION['restrict_modules'])) {
39
+                $modules[] = $mod;
40
+            }
41
+        }
42
+        return $modules;
42 43
     }
43
-    return $modules;
44
-  }
45 44
 
46
-  if (array_key_exists($key, $config))
47
-    return $config[$key];
45
+    if (array_key_exists($key, $config)) {
46
+        return $config[$key];
47
+    }
48 48
   
49
-  if ($localonly) {
50
-    return NULL;
51
-  }  
49
+    if ($localonly) {
50
+        return null;
51
+    }
52 52
 
53
-  /* read configuration from database */
54
-  $result = db_query( "SELECT `key`, value FROM misc.config" );
53
+    /* read configuration from database */
54
+    $result = db_query("SELECT `key`, value FROM misc.config");
55 55
   
56
-  while( $object = $result->fetch() ) {
57
-    if (!array_key_exists($object['key'], $config)) {
58
-	    $config[$object['key']]=$object['value'];
59
-    }
60
-  }
61
-  // Sonst wird das Passwort des webadmin-Users mit ausgegeben
62
-  $debug_config = $config;
63
-  unset($debug_config['db_pass']);
64
-  DEBUG($debug_config);
65
-  if (array_key_exists($key, $config))
66
-    return $config[$key];
67
-  else
68
-    logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
69
-    return NULL;
56
+    while ($object = $result->fetch()) {
57
+        if (!array_key_exists($object['key'], $config)) {
58
+            $config[$object['key']]=$object['value'];
59
+        }
60
+    }
61
+    // Sonst wird das Passwort des webadmin-Users mit ausgegeben
62
+    $debug_config = $config;
63
+    unset($debug_config['db_pass']);
64
+    DEBUG($debug_config);
65
+    if (array_key_exists($key, $config)) {
66
+        return $config[$key];
67
+    } else {
68
+        logger(LOG_ERR, "inc/base", "config", "Request to read nonexistant config option »{$key}«.");
69
+    }
70
+    return null;
70 71
 }
71 72
 
72
-function have_role($role) {
73
+function have_role($role)
74
+{
73 75
     $have = $_SESSION['role'] & $role;
74 76
     if ($have) {
75 77
         DEBUG("Current user has role ".$role);
... ...
@@ -79,76 +81,81 @@ function have_role($role) {
79 81
     return $have;
80 82
 }
81 83
 
82
-function get_server_by_id($id) {
83
-  $id = (int) $id;
84
-  $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
85
-  $ret = $result->fetch();
86
-  return $ret['hostname'];
84
+function get_server_by_id($id)
85
+{
86
+    $id = (int) $id;
87
+    $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
88
+    $ret = $result->fetch();
89
+    return $ret['hostname'];
87 90
 }
88 91
 
89 92
 
90 93
 function redirect($target)
91 94
 {
92
-  global $debugmode;
93
-  if ($target == '') {
94
-      $target = $_SERVER['REQUEST_URI'];
95
-  }
96
-  if (! $debugmode) {
97
-    header("Location: {$target}");
98
-  } else {
99
-      if (strpos($target, '?') === false) {
100
-        print 'REDIRECT: '.internal_link($target, $target);
101
-      } else {
102
-          list($file, $qs) = explode('?', $target, 2);
103
-          print 'REDIRECT: '.internal_link($file, $target, $qs);
104
-      }
105
-  }
106
-  die();
95
+    global $debugmode;
96
+    if ($target == '') {
97
+        $target = $_SERVER['REQUEST_URI'];
98
+    }
99
+    if (! $debugmode) {
100
+        header("Location: {$target}");
101
+    } else {
102
+        if (strpos($target, '?') === false) {
103
+            print 'REDIRECT: '.internal_link($target, $target);
104
+        } else {
105
+            list($file, $qs) = explode('?', $target, 2);
106
+            print 'REDIRECT: '.internal_link($file, $target, $qs);
107
+        }
108
+    }
109
+    die();
107 110
 }
108 111
 
109 112
 
110 113
 function my_server_id()
111 114
 {
112
-  $uid = (int) $_SESSION['userinfo']['uid'];
113
-  $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
114
-  $r = $result->fetch();
115
-  DEBUG($r);
116
-  return $r['server'];
115
+    $uid = (int) $_SESSION['userinfo']['uid'];
116
+    $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
117
+    $r = $result->fetch();
118
+    DEBUG($r);
119
+    return $r['server'];
117 120
 }
118 121
 
119 122
 
120 123
 function additional_servers()
121 124
 {
122
-  $uid = (int) $_SESSION['userinfo']['uid'];
123
-  $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
124
-  $servers = array();
125
-  while ($s = $result->fetch())
126
-    $servers[] = $s['server'];
127
-  DEBUG($servers);
128
-  return $servers;
125
+    $uid = (int) $_SESSION['userinfo']['uid'];
126
+    $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
127
+    $servers = array();
128
+    while ($s = $result->fetch()) {
129
+        $servers[] = $s['server'];
130
+    }
131
+    DEBUG($servers);
132
+    return $servers;
129 133
 }
130 134
 
131 135
 
132 136
 function server_names()
133 137
 {
134
-  $result = db_query("SELECT id, hostname FROM system.servers");
135
-  $servers = array();
136
-  while ($s = $result->fetch())
137
-    $servers[$s['id']] = $s['hostname'];
138
-  DEBUG($servers);
139
-  return $servers;
138
+    $result = db_query("SELECT id, hostname FROM system.servers");
139
+    $servers = array();
140
+    while ($s = $result->fetch()) {
141
+        $servers[$s['id']] = $s['hostname'];
142
+    }
143
+    DEBUG($servers);
144
+    return $servers;
140 145
 }
141 146
 
142 147
 
143 148
 function maybe_null($value)
144 149
 {
145
-  if (! $value)
146
-    return NULL;
150
+    if (! $value) {
151
+        return null;
152
+    }
147 153
 
148
-  if (strlen( (string) $value ) > 0)
149
-    return (string) $value;
150
-  else
151
-    return NULL;
154
+    if (strlen((string) $value) > 0) {
155
+        return (string) $value;
156
+    } else {
157
+        return null;
158
+    }
152 159
 }
153 160
 
154 161
 
... ...
@@ -158,51 +165,52 @@ function maybe_null($value)
158 165
 
159 166
 function logger($severity, $scriptname, $scope, $message)
160 167
 {
161
-  if (config('logging') < $severity) {
162
-    DEBUG("NOT LOGGING $scriptname:$scope:$message");
163
-    return;
164
-  }
165
-
166
-  DEBUG("LOGGING $scriptname:$scope:$message");
167
-  $user = NULL;
168
-  if (array_key_exists("role", $_SESSION)) {
169
-    if ($_SESSION['role'] & ROLE_SYSTEMUSER)
170
-      $user = $_SESSION['userinfo']['username'];
171
-    elseif ($_SESSION['role'] & ROLE_CUSTOMER)
172
-      $user = $_SESSION['customerinfo']['customerno'];
173
-  }
174
-
175
-  $args = array(":user" => $user,
168
+    if (config('logging') < $severity) {
169
+        DEBUG("NOT LOGGING $scriptname:$scope:$message");
170
+        return;
171
+    }
172
+
173
+    DEBUG("LOGGING $scriptname:$scope:$message");
174
+    $user = null;
175
+    if (array_key_exists("role", $_SESSION)) {
176
+        if ($_SESSION['role'] & ROLE_SYSTEMUSER) {
177
+            $user = $_SESSION['userinfo']['username'];
178
+        } elseif ($_SESSION['role'] & ROLE_CUSTOMER) {
179
+            $user = $_SESSION['customerinfo']['customerno'];
180
+        }
181
+    }
182
+
183
+    $args = array(":user" => $user,
176 184
                 ":remote" => $_SERVER['REMOTE_ADDR'],
177 185
                 ":scriptname" => $scriptname,
178 186
                 ":scope" => $scope,
179 187
                 ":message" => $message);
180 188
 
181
-  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
189
+    db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
182 190
 }
183 191
 
184 192
 function html_header($arg)
185 193
 {
186
-  global $html_header;
187
-  $html_header .= $arg;
194
+    global $html_header;
195
+    $html_header .= $arg;
188 196
 }
189 197
 
190 198
 function title($arg)
191 199
 {
192
-  global $title;
193
-  $title = $arg;
200
+    global $title;
201
+    $title = $arg;
194 202
 }
195 203
 
196 204
 function headline($arg)
197 205
 {
198
-  global $headline;
199
-  $headline = $arg;
206
+    global $headline;
207
+    $headline = $arg;
200 208
 }
201 209
 
202 210
 function output($arg)
203 211
 {
204
-  global $output;
205
-  $output .= $arg;
212
+    global $output;
213
+    $output .= $arg;
206 214
 }
207 215
 
208 216
 function footnote($explaination)
... ...
@@ -213,7 +221,7 @@ function footnote($explaination)
213 221
     }
214 222
     $fnid = array_search($explaination, $footnotes);
215 223
     DEBUG($footnotes);
216
-    if ($fnid === FALSE) {
224
+    if ($fnid === false) {
217 225
         DEBUG("Footnote »{$explaination}« is not in footnotes!");
218 226
         $footnotes[] = $explaination;
219 227
     }
... ...
@@ -221,20 +229,20 @@ function footnote($explaination)
221 229
     return str_repeat('*', ($fnid+1));
222 230
 }
223 231
 
224
-function random_string($len) 
232
+function random_string($len)
225 233
 {
226
-  $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
227
-  return substr($s, 0, $len);
234
+    $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
235
+    return substr($s, 0, $len);
228 236
 }
229 237
 
230 238
 
231 239
 function are_you_sure($query_string, $question)
232 240
 {
233
-  $query_string = encode_querystring($query_string);
234
-  $token = random_string(20);
235
-  $_SESSION['are_you_sure_token'] = $token;
236
-  title('Sicherheitsabfrage');
237
-  output("
241
+    $query_string = encode_querystring($query_string);
242
+    $token = random_string(20);
243
+    $_SESSION['are_you_sure_token'] = $token;
244
+    title('Sicherheitsabfrage');
245
+    output("
238 246
     <form action=\"{$query_string}\" method=\"post\">
239 247
     <div class=\"confirmation\">
240 248
       <div class=\"question\">{$question}</div>
... ...
@@ -245,68 +253,68 @@ function are_you_sure($query_string, $question)
245 253
         <input type=\"submit\" name=\"not_really\" value=\"Nein\" />
246 254
       </p>
247 255
     </div>");
248
-  output("</form>\n");
256
+    output("</form>\n");
249 257
 }
250 258
 
251 259
 
252 260
 function user_is_sure()
253 261
 {
254
-  if (isset($_POST['really']))
255
-  {
256
-    if ($_POST['random_token'] == $_SESSION['are_you_sure_token'])
257
-      return true;
258
-    else
259
-      system_failure("Possible Cross-site-request-forgery detected!");
260
-  }
261
-  elseif (isset($_POST['not_really']))
262
-    return false;
263
-  else
264
-    return NULL;
262
+    if (isset($_POST['really'])) {
263
+        if ($_POST['random_token'] == $_SESSION['are_you_sure_token']) {
264
+            return true;
265
+        } else {
266
+            system_failure("Possible Cross-site-request-forgery detected!");
267
+        }
268
+    } elseif (isset($_POST['not_really'])) {
269
+        return false;
270
+    } else {
271
+        return null;
272
+    }
265 273
 }
266 274
 
267 275
 
268 276
 
269 277
 function generate_form_token($form_id)
270 278
 {
271
-  require_once("inc/debug.php");
272
-  $sessid = session_id();
273
-  if ($sessid == "") 
274
-  {
275
-    DEBUG("Uh? Session not running? Wtf?");
276
-    system_failure("Internal error!");
277
-  }
278
-  if (! isset($_SESSION['session_token'])) {
279
-    $_SESSION['session_token'] = random_string(10);
280
-  }
281
-  return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
279
+    require_once("inc/debug.php");
280
+    $sessid = session_id();
281
+    if ($sessid == "") {
282
+        DEBUG("Uh? Session not running? Wtf?");
283
+        system_failure("Internal error!");
284
+    }
285
+    if (! isset($_SESSION['session_token'])) {
286
+        $_SESSION['session_token'] = random_string(10);
287
+    }
288
+    return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
282 289
 }
283 290
 
284 291
 
285
-function check_form_token($form_id, $formtoken = NULL)
292
+function check_form_token($form_id, $formtoken = null)
286 293
 {
287
-  if ($formtoken == NULL)
288
-    $formtoken = $_REQUEST['formtoken'];
289
-  $sessid = session_id();
290
-  if ($sessid == "") 
291
-  {
292
-    DEBUG("Uh? Session not running? Wtf?");
293
-    system_failure("Internal error! (Session not running)");
294
-  }
295
-
296
-  $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
297
-
298
-  if (! ($formtoken == $correct_formtoken))
299
-    system_failure("Possible cross-site-request-forgery!");
294
+    if ($formtoken == null) {
295
+        $formtoken = $_REQUEST['formtoken'];
296
+    }
297
+    $sessid = session_id();
298
+    if ($sessid == "") {
299
+        DEBUG("Uh? Session not running? Wtf?");
300
+        system_failure("Internal error! (Session not running)");
301
+    }
302
+
303
+    $correct_formtoken = hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
304
+
305
+    if (! ($formtoken == $correct_formtoken)) {
306
+        system_failure("Possible cross-site-request-forgery!");
307
+    }
300 308
 }
301 309
 
302 310
 
303 311
 function have_module($modname)
304 312
 {
305
-  return in_array($modname, config('modules'));
313
+    return in_array($modname, config('modules'));
306 314
 }
307 315
 
308 316
 
309
-function use_module($modname) 
317
+function use_module($modname)
310 318
 {
311 319
     global $prefix, $needed_modules;
312 320
     if (! isset($needed_modules)) {
... ...
@@ -320,35 +328,37 @@ function use_module($modname)
320 328
         system_failure("Soll nicht verfügbares Modul laden!");
321 329
     }
322 330
     /* setup module include path */
323
-    ini_set('include_path',ini_get('include_path').':./modules/'.$modname.'/include:');
331
+    ini_set('include_path', ini_get('include_path').':./modules/'.$modname.'/include:');
324 332
     $style = 'modules/'.$modname.'/style.css';
325 333
     if (file_exists($style)) {
326 334
         html_header('<link rel="stylesheet" href="'.$prefix.$style.'" type="text/css" />'."\n");
327 335
     }
328
-
329 336
 }
330 337
 
331 338
 
332 339
 function encode_querystring($querystring)
333 340
 {
334
-  global $debugmode;
335
-  if ($debugmode)
336
-    $querystring = 'debug&'.$querystring;
337
-  $query = explode('&', $querystring);
338
-  $new_query = array();
339
-  foreach ($query AS $item)
340
-    if ($item != '')
341
-    {
342
-      $split = explode('=', $item, 2);
343
-      if (count($split) == 1)
344
-        $new_query[] = $split[0];
345
-      else
346
-        $new_query[] = $split[0].'='.urlencode($split[1]);
347
-    }
348
-  $querystring = implode('&amp;', $new_query);
349
-  if ($querystring)
350
-    $querystring = '?'.$querystring;
351
-  return $querystring;
341
+    global $debugmode;
342
+    if ($debugmode) {
343
+        $querystring = 'debug&'.$querystring;
344
+    }
345
+    $query = explode('&', $querystring);
346
+    $new_query = array();
347
+    foreach ($query as $item) {
348
+        if ($item != '') {
349
+            $split = explode('=', $item, 2);
350
+            if (count($split) == 1) {
351
+                $new_query[] = $split[0];
352
+            } else {
353
+                $new_query[] = $split[0].'='.urlencode($split[1]);
354
+            }
355
+        }
356
+    }
357
+    $querystring = implode('&amp;', $new_query);
358
+    if ($querystring) {
359
+        $querystring = '?'.$querystring;
360
+    }
361
+    return $querystring;
352 362
 }
353 363
 
354 364
 
... ...
@@ -360,94 +370,89 @@ function beta_notice()
360 370
 
361 371
 function addnew($file, $label, $querystring = '', $attribs = '')
362 372
 {
363
-  output('<p class="addnew">'.internal_link($file, $label, $querystring, $attribs).'</p>');
373
+    output('<p class="addnew">'.internal_link($file, $label, $querystring, $attribs).'</p>');
364 374
 }
365 375
 
366 376
 
367 377
 function internal_link($file, $label, $querystring = '', $attribs = '')
368 378
 {
369
-  global $prefix;
370
-  if (strpos($file, '/') === 0)
371
-  {
372
-    $file = $prefix.substr($file, 1);
373
-  }
374
-  $querystring = encode_querystring($querystring);
375
-  return "<a href=\"{$file}{$querystring}\" {$attribs} >{$label}</a>";
379
+    global $prefix;
380
+    if (strpos($file, '/') === 0) {
381
+        $file = $prefix.substr($file, 1);
382
+    }
383
+    $querystring = encode_querystring($querystring);
384
+    return "<a href=\"{$file}{$querystring}\" {$attribs} >{$label}</a>";
376 385
 }
377 386
 
378 387
 
379 388
 function html_form($form_id, $scriptname, $querystring, $content)
380 389
 {
381
-  $querystring = encode_querystring($querystring);
382
-  $ret = '';
383
-  $ret .= '<form id="'.$form_id.'" action="'.$scriptname.$querystring.'" method="post">'."\n";
384
-  $ret .= '<p style="display: none;"><input type="hidden" name="formtoken" value="'.generate_form_token($form_id).'" /></p>'."\n";
385
-  $ret .= $content;
386
-  $ret .= '</form>';
387
-  return $ret;  
390
+    $querystring = encode_querystring($querystring);
391
+    $ret = '';
392
+    $ret .= '<form id="'.$form_id.'" action="'.$scriptname.$querystring.'" method="post">'."\n";
393
+    $ret .= '<p style="display: none;"><input type="hidden" name="formtoken" value="'.generate_form_token($form_id).'" /></p>'."\n";
394
+    $ret .= $content;
395
+    $ret .= '</form>';
396
+    return $ret;
388 397
 }
389 398
 
390 399
 
391 400
 function html_select($name, $options, $default='', $free='')
392 401
 {
393
-  require_once('inc/security.php');
394
-  $ret = "<select name=\"{$name}\" id=\"{$name}\" size=\"1\" {$free} >\n";
395
-  foreach ($options as $key => $value)
396
-  {
397
-    $selected = '';
398
-    if ($default == $key)
399
-      $selected = ' selected="selected" ';
400
-    $key = filter_input_general($key);
401
-    $value = filter_input_general($value);
402
-    $ret .= "  <option value=\"{$key}\"{$selected}>{$value}</option>\n";
403
-  }
404
-  $ret .= '</select>';
405
-  return $ret;
402
+    require_once('inc/security.php');
403
+    $ret = "<select name=\"{$name}\" id=\"{$name}\" size=\"1\" {$free} >\n";
404
+    foreach ($options as $key => $value) {
405
+        $selected = '';
406
+        if ($default == $key) {
407
+            $selected = ' selected="selected" ';
408
+        }
409
+        $key = filter_input_general($key);
410
+        $value = filter_input_general($value);
411
+        $ret .= "  <option value=\"{$key}\"{$selected}>{$value}</option>\n";
412
+    }
413
+    $ret .= '</select>';
414
+    return $ret;
406 415
 }
407 416
 
408 417
 
409 418
 function html_datepicker($nameprefix, $timestamp)
410 419
 {
411
-  $valid_days = array( 1 =>  1,  2 =>  2,  3 =>  3,  4 =>  4,  5 =>  5,
420
+    $valid_days = array( 1 =>  1,  2 =>  2,  3 =>  3,  4 =>  4,  5 =>  5,
412 421
                        6 =>  6,  7 =>  7,  8 =>  8,  9 =>  9, 10 => 10,
413 422
                       11 => 11, 12 => 12, 13 => 13, 14 => 14, 15 => 15,
414 423
                       16 => 16, 17 => 17, 18 => 18, 19 => 19, 20 => 20,
415 424
                       21 => 21, 22 => 22, 23 => 23, 24 => 24, 25 => 25,
416 425
                       26 => 26, 27 => 27, 28 => 28, 29 => 29, 30 => 30,
417 426
                       31 => 31);
418
-  $valid_months = array( 1 =>  1,  2 =>  2,  3 =>  3,  4 =>  4,  5 =>  5,
427
+    $valid_months = array( 1 =>  1,  2 =>  2,  3 =>  3,  4 =>  4,  5 =>  5,
419 428
                          6 =>  6,  7 =>  7,  8 =>  8,  9 =>  9, 10 => 10,
420 429
                         11 => 11, 12 => 12);
421
-  $current_year = (int) date('Y');
422
-  $valid_years = array($current_year => $current_year, 
430
+    $current_year = (int) date('Y');
431
+    $valid_years = array($current_year => $current_year,
423 432
                        $current_year+1 => $current_year+1,
424 433
                        $current_year+2 => $current_year+2,
425 434
                        $current_year+3 => $current_year+3,
426 435
                        $current_year+4 => $current_year+4);
427 436
               
428
-  $selected_day = date('d', $timestamp);
429
-  $selected_month = date('m', $timestamp);
430
-  $selected_year = date('Y', $timestamp);
431
-  $ret = '';
432
-  $ret .= html_select($nameprefix.'_day', $valid_days, $selected_day, 'style="text-align: right;"').". ";
433
-  $ret .= html_select($nameprefix.'_month', $valid_months, $selected_month, 'style="text-align: right;"').". ";
434
-  $ret .= html_select($nameprefix.'_year', $valid_years, $selected_year);
435
-  return $ret;
437
+    $selected_day = date('d', $timestamp);
438
+    $selected_month = date('m', $timestamp);
439
+    $selected_year = date('Y', $timestamp);
440
+    $ret = '';
441
+    $ret .= html_select($nameprefix.'_day', $valid_days, $selected_day, 'style="text-align: right;"').". ";
442
+    $ret .= html_select($nameprefix.'_month', $valid_months, $selected_month, 'style="text-align: right;"').". ";
443
+    $ret .= html_select($nameprefix.'_year', $valid_years, $selected_year);
444
+    return $ret;
436 445
 }
437 446
 
438
-function get_modules_info() 
447
+function get_modules_info()
439 448
 {
440
-  $modules = config('modules');
441
-  $modconfig = array();
442
-  foreach ($modules AS $name) {
443
-    $modconfig[$name] = NULL;
444
-    if (file_exists('modules/'.$name.'/module.info')) {
445
-      $modconfig[$name] = parse_ini_file('modules/'.$name.'/module.info');
446
-    }
447
-  }
448
-  return $modconfig;
449
+    $modules = config('modules');
450
+    $modconfig = array();
451
+    foreach ($modules as $name) {
452
+        $modconfig[$name] = null;
453
+        if (file_exists('modules/'.$name.'/module.info')) {
454
+            $modconfig[$name] = parse_ini_file('modules/'.$name.'/module.info');
455
+        }
456
+    }
457
+    return $modconfig;
449 458
 }
450
-
451
-
452
-
453
-?>
Browse code

Fix PHP warning when array index for role does not exist

Hanno authored on21/06/2018 17:18:31
Showing1 changed files
... ...
@@ -165,11 +165,13 @@ function logger($severity, $scriptname, $scope, $message)
165 165
 
166 166
   DEBUG("LOGGING $scriptname:$scope:$message");
167 167
   $user = NULL;
168
-  if ($_SESSION['role'] & ROLE_SYSTEMUSER)
169
-    $user = $_SESSION['userinfo']['username'];
170
-  elseif ($_SESSION['role'] & ROLE_CUSTOMER)
171
-    $user = $_SESSION['customerinfo']['customerno'];
172
-  
168
+  if (array_key_exists("role", $_SESSION)) {
169
+    if ($_SESSION['role'] & ROLE_SYSTEMUSER)
170
+      $user = $_SESSION['userinfo']['username'];
171
+    elseif ($_SESSION['role'] & ROLE_CUSTOMER)
172
+      $user = $_SESSION['customerinfo']['customerno'];
173
+  }
174
+
173 175
   $args = array(":user" => $user,
174 176
                 ":remote" => $_SERVER['REMOTE_ADDR'],
175 177
                 ":scriptname" => $scriptname,
Browse code

Zuverlässigeres Logging bei API-Aktionen

Bernd Wurst authored on17/02/2018 17:04:40
Showing1 changed files
... ...
@@ -158,9 +158,12 @@ function maybe_null($value)
158 158
 
159 159
 function logger($severity, $scriptname, $scope, $message)
160 160
 {
161
-  if (config('logging') <= $severity)
161
+  if (config('logging') < $severity) {
162
+    DEBUG("NOT LOGGING $scriptname:$scope:$message");
162 163
     return;
164
+  }
163 165
 
166
+  DEBUG("LOGGING $scriptname:$scope:$message");
164 167
   $user = NULL;
165 168
   if ($_SESSION['role'] & ROLE_SYSTEMUSER)
166 169
     $user = $_SESSION['userinfo']['username'];
Browse code

Domain-Nutzung mit Deeplinks zu den Einstellungen

Bernd Wurst authored on14/02/2018 18:27:02
Showing1 changed files
... ...
@@ -375,7 +375,7 @@ function html_form($form_id, $scriptname, $querystring, $content)
375 375
 {
376 376
   $querystring = encode_querystring($querystring);
377 377
   $ret = '';
378
-  $ret .= '<form action="'.$scriptname.$querystring.'" method="post">'."\n";
378
+  $ret .= '<form id="'.$form_id.'" action="'.$scriptname.$querystring.'" method="post">'."\n";
379 379
   $ret .= '<p style="display: none;"><input type="hidden" name="formtoken" value="'.generate_form_token($form_id).'" /></p>'."\n";
380 380
   $ret .= $content;
381 381
   $ret .= '</form>';
Browse code

Beta-Hinweis eingefügt

Bernd Wurst authored on14/02/2018 06:13:47
Showing1 changed files
... ...
@@ -347,6 +347,12 @@ function encode_querystring($querystring)
347 347
 }
348 348
 
349 349
 
350
+function beta_notice()
351
+{
352
+    output('<div class="beta"><h4>Achtung: Testbetrieb</h4><p>Diese Funktion ist im Testbetrieb. Bei Fehlfunktionen, Unklarheiten oder Verbesserungsvorschlägen bitten wir um kurze Nachricht an <a href="mailto:root@schokokeks.org">root@schokokeks.org</a></p></div>');
353
+}
354
+
355
+
350 356
 function addnew($file, $label, $querystring = '', $attribs = '')
351 357
 {
352 358
   output('<p class="addnew">'.internal_link($file, $label, $querystring, $attribs).'</p>');
Browse code

Blende Aktionen aus, wenn die Rechte nicht reichen oder wenn die Domain-API nicht verfügbar ist

Bernd Wurst authored on09/02/2018 05:16:15
Showing1 changed files
... ...
@@ -69,6 +69,16 @@ function config($key, $localonly = false)
69 69
     return NULL;
70 70
 }
71 71
 
72
+function have_role($role) {
73
+    $have = $_SESSION['role'] & $role;
74
+    if ($have) {
75
+        DEBUG("Current user has role ".$role);
76
+    } else {
77
+        DEBUG("Current user does not have role ".$role);
78
+    }
79
+    return $have;
80
+}
81
+
72 82
 function get_server_by_id($id) {
73 83
   $id = (int) $id;
74 84
   $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
Browse code

Session aufräumen, Weiterleitungs-Ziel darf nicht leer sein, Status der DOmain abfragen

Bernd Wurst authored on08/02/2018 15:21:23
Showing1 changed files
... ...
@@ -80,12 +80,12 @@ function get_server_by_id($id) {
80 80
 function redirect($target)
81 81
 {
82 82
   global $debugmode;
83
+  if ($target == '') {
84
+      $target = $_SERVER['REQUEST_URI'];
85
+  }
83 86
   if (! $debugmode) {
84 87
     header("Location: {$target}");
85 88
   } else {
86
-      if ($target == '') {
87
-          $target = $_SERVER['REQUEST_URI'];
88
-      }
89 89
       if (strpos($target, '?') === false) {
90 90
         print 'REDIRECT: '.internal_link($target, $target);
91 91
       } else {
Browse code

Lasse die API bestimmen was bei einer Domain die Endung ist und ob der Domainname gültig ist

Bernd Wurst authored on05/02/2018 09:04:50
Showing1 changed files
... ...
@@ -83,6 +83,9 @@ function redirect($target)
83 83
   if (! $debugmode) {
84 84
     header("Location: {$target}");
85 85
   } else {
86
+      if ($target == '') {
87
+          $target = $_SERVER['REQUEST_URI'];
88
+      }
86 89
       if (strpos($target, '?') === false) {
87 90
         print 'REDIRECT: '.internal_link($target, $target);
88 91
       } else {
Browse code

Erste Vorbereitungen für Domainregistrierung

Bernd Wurst authored on02/02/2018 05:25:41
Showing1 changed files
... ...
@@ -80,8 +80,16 @@ function get_server_by_id($id) {
80 80
 function redirect($target)
81 81
 {
82 82
   global $debugmode;
83
-  if (! $debugmode)
83
+  if (! $debugmode) {
84 84
     header("Location: {$target}");
85
+  } else {
86
+      if (strpos($target, '?') === false) {
87
+        print 'REDIRECT: '.internal_link($target, $target);
88
+      } else {
89
+          list($file, $qs) = explode('?', $target, 2);
90
+          print 'REDIRECT: '.internal_link($file, $target, $qs);
91
+      }
92
+  }
85 93
   die();
86 94
 }
87 95
 
... ...
@@ -308,7 +316,6 @@ function encode_querystring($querystring)
308 316
   global $debugmode;
309 317
   if ($debugmode)
310 318
     $querystring = 'debug&'.$querystring;
311
-  DEBUG($querystring);
312 319
   $query = explode('&', $querystring);
313 320
   $new_query = array();
314 321
   foreach ($query AS $item)
... ...
@@ -323,7 +330,6 @@ function encode_querystring($querystring)
323 330
   $querystring = implode('&amp;', $new_query);
324 331
   if ($querystring)
325 332
     $querystring = '?'.$querystring;
326
-  DEBUG($querystring);
327 333
   return $querystring;
328 334
 }
329 335
 
Browse code

Aktualisiere Domain- und Inhaberdaten beim Aufrufen der update-Seite

Bernd Wurst authored on23/01/2018 15:18:38
Showing1 changed files
... ...
@@ -282,7 +282,14 @@ function have_module($modname)
282 282
 
283 283
 function use_module($modname) 
284 284
 {
285
-    global $prefix;
285
+    global $prefix, $needed_modules;
286
+    if (! isset($needed_modules)) {
287
+        $needed_modules = array();
288
+    }
289
+    if (in_array($modname, $needed_modules)) {
290
+        return;
291
+    }
292
+    $needed_modules[] = $modname;
286 293
     if (! have_module($modname)) {
287 294
         system_failure("Soll nicht verfügbares Modul laden!");
288 295
     }
Browse code

Rudimentäre Adressauswahl/Domainupdate-UI

Bernd Wurst authored on23/01/2018 13:20:36
Showing1 changed files
... ...
@@ -280,6 +280,22 @@ function have_module($modname)
280 280
 }
281 281
 
282 282
 
283
+function use_module($modname) 
284
+{
285
+    global $prefix;
286
+    if (! have_module($modname)) {
287
+        system_failure("Soll nicht verfügbares Modul laden!");
288
+    }
289
+    /* setup module include path */
290
+    ini_set('include_path',ini_get('include_path').':./modules/'.$modname.'/include:');
291
+    $style = 'modules/'.$modname.'/style.css';
292
+    if (file_exists($style)) {
293
+        html_header('<link rel="stylesheet" href="'.$prefix.$style.'" type="text/css" />'."\n");
294
+    }
295
+
296
+}
297
+
298
+
283 299
 function encode_querystring($querystring)
284 300
 {
285 301
   global $debugmode;
Browse code

Funktion maybe_null() umdefiniert

Bernd Wurst authored on13/01/2018 13:25:14
Showing1 changed files
... ...
@@ -119,21 +119,15 @@ function server_names()
119 119
 }
120 120
 
121 121
 
122
-// FIXME
123
-// Diese Funktion funktioniert nicht für preprared statements
124 122
 function maybe_null($value)
125 123
 {
126
-  if (config("enable_debug")) {
127
-    $backtrace = debug_backtrace();
128
-    warning("call to maybe_null() in {$backtrace[1]['file']} line {$backtrace[1]['line']}");
129
-  }
130
-  if ($value == NULL)
131
-    return 'NULL';
124
+  if (! $value)
125
+    return NULL;
132 126
 
133 127
   if (strlen( (string) $value ) > 0)
134
-    return "'".db_escape_string($value)."'";
128
+    return (string) $value;
135 129
   else
136
-    return 'NULL';
130
+    return NULL;
137 131
 }
138 132
 
139 133
 
Browse code

Bugfix für Fußnoten

Bernd Wurst authored on13/01/2018 07:13:24
Showing1 changed files
... ...
@@ -192,7 +192,9 @@ function footnote($explaination)
192 192
         $footnotes = array();
193 193
     }
194 194
     $fnid = array_search($explaination, $footnotes);
195
-    if (!$fnid) {
195
+    DEBUG($footnotes);
196
+    if ($fnid === FALSE) {
197
+        DEBUG("Footnote »{$explaination}« is not in footnotes!");
196 198
         $footnotes[] = $explaination;
197 199
     }
198 200
     $fnid = array_search($explaination, $footnotes);
Browse code

Copyright year update

Bernd Wurst authored on13/01/2018 06:07:05
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Funktion für Fußnoten eingebaut (Theme-Änderung nötig!)

Bernd Wurst authored on12/01/2018 11:47:35
Showing1 changed files
... ...
@@ -185,6 +185,19 @@ function output($arg)
185 185
   $output .= $arg;
186 186
 }
187 187
 
188
+function footnote($explaination)
189
+{
190
+    global $footnotes;
191
+    if (!isset($footnotes) || !is_array($footnotes)) {
192
+        $footnotes = array();
193
+    }
194
+    $fnid = array_search($explaination, $footnotes);
195
+    if (!$fnid) {
196
+        $footnotes[] = $explaination;
197
+    }
198
+    $fnid = array_search($explaination, $footnotes);
199
+    return str_repeat('*', ($fnid+1));
200
+}
188 201
 
189 202
 function random_string($len) 
190 203
 {
Browse code

random_string korrigiert, so dass keine kritischen Zeichen in dem String sein können

Bernd Wurst authored on10/02/2017 16:57:25
Showing1 changed files
... ...
@@ -186,11 +186,10 @@ function output($arg)
186 186
 }
187 187
 
188 188
 
189
-function random_string($num) 
189
+function random_string($len) 
190 190
 {
191
-    // Durch base64 wird der String länger, daher geben wir nur einen Substring zurück.
192
-    $data = base64_encode(random_bytes($num));
193
-    return substr($data, 0, $num);
191
+  $s = str_replace('+', '.', base64_encode(random_bytes(ceil($len*3/4))));
192
+  return substr($s, 0, $len);
194 193
 }
195 194
 
196 195
 
Browse code

random_string() verwendet und vereinfacht

Bernd Wurst authored on10/02/2017 12:29:36
Showing1 changed files
... ...
@@ -186,11 +186,12 @@ function output($arg)
186 186
 }
187 187
 
188 188
 
189
-function random_string($nc, $a='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789') {
190
-    $l=strlen($a)-1; $r='';
191
-    while($nc-->0) $r.=$a{mt_rand(0,$l)};
192
-    return $r;
193
- }
189
+function random_string($num) 
190
+{
191
+    // Durch base64 wird der String länger, daher geben wir nur einen Substring zurück.
192
+    $data = base64_encode(random_bytes($num));
193
+    return substr($data, 0, $num);
194
+}
194 195
 
195 196
 
196 197
 function are_you_sure($query_string, $question)
... ...
@@ -240,8 +241,9 @@ function generate_form_token($form_id)
240 241
     DEBUG("Uh? Session not running? Wtf?");
241 242
     system_failure("Internal error!");
242 243
   }
243
-  if (! isset($_SESSION['session_token']))
244
+  if (! isset($_SESSION['session_token'])) {
244 245
     $_SESSION['session_token'] = random_string(10);
246
+  }
245 247
   return hash('sha256', $sessid.$form_id.$_SESSION['session_token']);
246 248
 }
247 249
 
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on08/02/2014 05:45:07
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
... ...
@@ -21,6 +21,17 @@ function config($key, $localonly = false)
21 21
 {
22 22
   global $config;
23 23
 
24
+  if ($key == "modules") {
25
+    // Stelle sicher, dass das "index"-Modul immer aktiv ist!
26
+    if (! in_array("index", $config['modules'])) {
27
+      $config['modules'][] = "index";
28
+    }
29
+    // Stelle sicher, dass das "about"-Modul immer aktiv ist!
30
+    if (! in_array("about", $config['modules'])) {
31
+      $config['modules'][] = "about";
32
+    }
33
+  }
34
+
24 35
   if ($key == 'modules' && isset($_SESSION['restrict_modules']))
25 36
   {
26 37
     $modules = array();
Browse code

* Weitere Module auf prepared-statements umgestellt * Warnung beim Aufruf von db_escape_string() und maybe_null() hinzugefügt

Bernd Wurst authored on03/02/2014 16:57:44
Showing1 changed files
... ...
@@ -112,6 +112,10 @@ function server_names()
112 112
 // Diese Funktion funktioniert nicht für preprared statements
113 113
 function maybe_null($value)
114 114
 {
115
+  if (config("enable_debug")) {
116
+    $backtrace = debug_backtrace();
117
+    warning("call to maybe_null() in {$backtrace[1]['file']} line {$backtrace[1]['line']}");
118
+  }
115 119
   if ($value == NULL)
116 120
     return 'NULL';
117 121
 
... ...
@@ -131,19 +135,19 @@ function logger($severity, $scriptname, $scope, $message)
131 135
   if (config('logging') <= $severity)
132 136
     return;
133 137
 
134
-  $user = 'NULL';
138
+  $user = NULL;
135 139
   if ($_SESSION['role'] & ROLE_SYSTEMUSER)
136
-    $user = "'{$_SESSION['userinfo']['username']}'";
140
+    $user = $_SESSION['userinfo']['username'];
137 141
   elseif ($_SESSION['role'] & ROLE_CUSTOMER)
138
-    $user = "'{$_SESSION['customerinfo']['customerno']}'";
142
+    $user = $_SESSION['customerinfo']['customerno'];
139 143
   
140
-  $remote = db_escape_string($_SERVER['REMOTE_ADDR']);
141
-
142
-  $scriptname = db_escape_string($scriptname);
143
-  $scope = db_escape_string($scope);
144
-  $message = db_escape_string($message);
144
+  $args = array(":user" => $user,
145
+                ":remote" => $_SERVER['REMOTE_ADDR'],
146
+                ":scriptname" => $scriptname,
147
+                ":scope" => $scope,
148
+                ":message" => $message);
145 149
 
146
-  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES ('{$remote}', {$user}, '{$scriptname}', '{$scope}', '{$message}');");
150
+  db_query("INSERT INTO misc.scriptlog (remote, user,scriptname,scope,message) VALUES (:remote, :user, :scriptname, :scope, :message)", $args);
147 151
 }
148 152
 
149 153
 function html_header($arg)
Browse code

Weitere Prepared-Statement-Umstellungen

Bernd Wurst authored on02/02/2014 17:44:30
Showing1 changed files
... ...
@@ -60,7 +60,7 @@ function config($key, $localonly = false)
60 60
 
61 61
 function get_server_by_id($id) {
62 62
   $id = (int) $id;
63
-  $result = db_query("SELECT hostname FROM system.servers WHERE id='{$id}'");
63
+  $result = db_query("SELECT hostname FROM system.servers WHERE id=?", array($id));
64 64
   $ret = $result->fetch();
65 65
   return $ret['hostname'];
66 66
 }
Browse code

Einige Statements auf Prepared-statements umgestellt

Bernd Wurst authored on02/02/2014 16:31:00
Showing1 changed files
... ...
@@ -78,7 +78,7 @@ function redirect($target)
78 78
 function my_server_id()
79 79
 {
80 80
   $uid = (int) $_SESSION['userinfo']['uid'];
81
-  $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
81
+  $result = db_query("SELECT server FROM system.useraccounts WHERE uid=?", array($uid));
82 82
   $r = $result->fetch();
83 83
   DEBUG($r);
84 84
   return $r['server'];
... ...
@@ -88,7 +88,7 @@ function my_server_id()
88 88
 function additional_servers()
89 89
 {
90 90
   $uid = (int) $_SESSION['userinfo']['uid'];
91
-  $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}");
91
+  $result = db_query("SELECT server FROM system.user_server WHERE uid=?", array($uid));
92 92
   $servers = array();
93 93
   while ($s = $result->fetch())
94 94
     $servers[] = $s['server'];
Browse code

Ermögliche Socket-Angabe für Datenbankverbindung

schokokeks.org web services authored on02/02/2014 05:46:02
Showing1 changed files
... ...
@@ -17,7 +17,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 require_once('class/database.php');
18 18
 require_once('inc/debug.php');
19 19
 
20
-function config($key)
20
+function config($key, $localonly = false)
21 21
 {
22 22
   global $config;
23 23
 
... ...
@@ -35,6 +35,10 @@ function config($key)
35 35
   if (array_key_exists($key, $config))
36 36
     return $config[$key];
37 37
   
38
+  if ($localonly) {
39
+    return NULL;
40
+  }  
41
+
38 42
   /* read configuration from database */
39 43
   $result = db_query( "SELECT `key`, value FROM misc.config" );
40 44
   
Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on01/02/2014 18:38:23
Showing1 changed files
... ...
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
17
+require_once('class/database.php');
18 18
 require_once('inc/debug.php');
19 19
 
20 20
 function config($key)
... ...
@@ -36,9 +36,9 @@ function config($key)
36 36
     return $config[$key];
37 37
   
38 38
   /* read configuration from database */
39
-  $options = db_query( "SELECT `key`, value FROM misc.config" );
39
+  $result = db_query( "SELECT `key`, value FROM misc.config" );
40 40
   
41
-  while( $object = mysql_fetch_assoc( $options ) ) {
41
+  while( $object = $result->fetch() ) {
42 42
     if (!array_key_exists($object['key'], $config)) {
43 43
 	    $config[$object['key']]=$object['value'];
44 44
     }
... ...
@@ -56,8 +56,9 @@ function config($key)
56 56
 
57 57
 function get_server_by_id($id) {
58 58
   $id = (int) $id;
59
-  $result = mysql_fetch_assoc(db_query("SELECT hostname FROM system.servers WHERE id='{$id}'"));
60
-  return $result['hostname'];
59
+  $result = db_query("SELECT hostname FROM system.servers WHERE id='{$id}'");
60
+  $ret = $result->fetch();
61
+  return $ret['hostname'];
61 62
 }
62 63
 
63 64
 
... ...
@@ -74,7 +75,7 @@ function my_server_id()
74 75
 {
75 76
   $uid = (int) $_SESSION['userinfo']['uid'];
76 77
   $result = db_query("SELECT server FROM system.useraccounts WHERE uid={$uid}");
77
-  $r = mysql_fetch_assoc($result);
78
+  $r = $result->fetch();
78 79
   DEBUG($r);
79 80
   return $r['server'];
80 81
 }
... ...
@@ -85,7 +86,7 @@ function additional_servers()
85 86
   $uid = (int) $_SESSION['userinfo']['uid'];
86 87
   $result = db_query("SELECT server FROM system.user_server WHERE uid={$uid}");
87 88
   $servers = array();
88
-  while ($s = mysql_fetch_assoc($result))
89
+  while ($s = $result->fetch())
89 90
     $servers[] = $s['server'];
90 91
   DEBUG($servers);
91 92
   return $servers;
... ...
@@ -96,43 +97,27 @@ function server_names()
96 97
 {
97 98
   $result = db_query("SELECT id, hostname FROM system.servers");
98 99
   $servers = array();
99
-  while ($s = mysql_fetch_assoc($result))
100
+  while ($s = $result->fetch())
100 101
     $servers[$s['id']] = $s['hostname'];
101 102
   DEBUG($servers);
102 103
   return $servers;
103 104
 }
104 105
 
105 106
 
106
-function db_query($query)
107
-{
108
-  DEBUG($query);
109
-  $result = @mysql_query($query);
110
-  if (mysql_error())
111
-  {
112
-    $error = mysql_error();
113
-    logger(LOG_ERR, "inc/base", "dberror", "mysql error: {$error}");
114
-    system_failure('Interner Datenbankfehler: »'.iconv('ISO-8859-1', 'UTF-8', $error).'«.');
115
-  }
116
-  $count = @mysql_num_rows($result);
117
-  if (! $count)
118
-    $count = 'no';
119
-  DEBUG("=> {$count} rows");
120
-  return $result; 
121
-}
122
-
123
-
124
-
107
+// FIXME
108
+// Diese Funktion funktioniert nicht für preprared statements
125 109
 function maybe_null($value)
126 110
 {
127 111
   if ($value == NULL)
128 112
     return 'NULL';
129 113
 
130 114
   if (strlen( (string) $value ) > 0)
131
-    return "'".mysql_real_escape_string($value)."'";
115
+    return "'".db_escape_string($value)."'";
132 116
   else
133 117
     return 'NULL';
134 118
 }
135 119
 
120
+
136 121
 #define('LOG_ERR', 3);
137 122
 #define('LOG_WARNING', 4);
138 123
 #define('LOG_INFO', 6);
... ...
@@ -148,11 +133,11 @@ function logger($severity, $scriptname, $scope, $message)
148 133
   elseif ($_SESSION['role'] & ROLE_CUSTOMER)
149 134
     $user = "'{$_SESSION['customerinfo']['customerno']}'";
150 135
   
151
-  $remote = mysql_real_escape_string($_SERVER['REMOTE_ADDR']);
136
+  $remote = db_escape_string($_SERVER['REMOTE_ADDR']);
152 137
 
153
-  $scriptname = mysql_real_escape_string($scriptname);
154
-  $scope = mysql_real_escape_string($scope);
155
-  $message = mysql_real_escape_string($message);
138
+  $scriptname = db_escape_string($scriptname);