Browse code

fix codingstyle

Hanno Böck authored on02/05/2020 12:01:35
Showing1 changed files
... ...
@@ -142,7 +142,7 @@ function delete_jabber_account($id)
142 142
     logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
143 143
 }
144 144
 
145
-function domains_without_accounts() 
145
+function domains_without_accounts()
146 146
 {
147 147
     $domains = get_domain_list((int) $_SESSION['customerinfo']['customerno']);
148 148
     $accounts = get_jabber_accounts();
... ...
@@ -165,7 +165,7 @@ function domains_without_accounts()
165 165
 }
166 166
 
167 167
 
168
-function delete_jabber_domain($id) 
168
+function delete_jabber_domain($id)
169 169
 {
170 170
     $d = new Domain((int) $id);
171 171
     $d->ensure_customerdomain();
Browse code

implemented deletion of unused jabber domains

Bernd Wurst authored on01/05/2020 08:34:04
Showing1 changed files
... ...
@@ -142,6 +142,45 @@ function delete_jabber_account($id)
142 142
     logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
143 143
 }
144 144
 
145
+function domains_without_accounts() 
146
+{
147
+    $domains = get_domain_list((int) $_SESSION['customerinfo']['customerno']);
148
+    $accounts = get_jabber_accounts();
149
+    $obsolete_domains = array();
150
+    foreach ($domains as $d) {
151
+        if ($d->jabber != 1) {
152
+            continue;
153
+        }
154
+        $found = false;
155
+        foreach ($accounts as $a) {
156
+            if ($a['domain'] == $d->id) {
157
+                $found = true;
158
+            }
159
+        }
160
+        if (! $found) {
161
+            $obsolete_domains[] = $d;
162
+        }
163
+    }
164
+    return $obsolete_domains;
165
+}
166
+
167
+
168
+function delete_jabber_domain($id) 
169
+{
170
+    $d = new Domain((int) $id);
171
+    $d->ensure_customerdomain();
172
+    $obsolete_domains = domains_without_accounts();
173
+    $found = false;
174
+    foreach ($obsolete_domains as $od) {
175
+        if ($od->id == $d->id) {
176
+            $found = true;
177
+        }
178
+    }
179
+    if (! $found) {
180
+        system_failure('Diese Domain ist nicht unbenutzt.');
181
+    }
182
+    db_query("UPDATE kundendaten.domains SET jabber=0 WHERE jabber=1 AND id=?", array($d->id));
183
+}
145 184
 
146 185
 function new_jabber_domain($id)
147 186
 {
Browse code

add password strength check for jabber accounts

Bernd Wurst authored on10/04/2019 09:10:10
Showing1 changed files
... ...
@@ -74,9 +74,12 @@ function create_jabber_account($local, $domain, $password)
74 74
     $data = array(":customerno" => $_SESSION['customerinfo']['customerno'],
75 75
                 ":local" => filter_input_username(strtolower($local)),
76 76
                 ":domain" => $domain);
77
-    if (! valid_jabber_password($password)) {
78
-        input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
79
-        return;
77
+    if (!valid_jabber_password($password)) {
78
+        system_failure('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
79
+    }
80
+    $check = strong_password($password);
81
+    if ($check !== true) {
82
+        system_failure('Das Passwort ist nicht sicher genug.');
80 83
     }
81 84
     $data[':password'] = $password;
82 85
 
... ...
@@ -111,9 +114,12 @@ function create_jabber_account($local, $domain, $password)
111 114
 function change_jabber_password($id, $password)
112 115
 {
113 116
     require_role(ROLE_CUSTOMER);
114
-    if (! valid_jabber_password($password)) {
115
-        input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
116
-        return;
117
+    if (!valid_jabber_password($password)) {
118
+        system_failure('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
119
+    }
120
+    $check = strong_password($password);
121
+    if ($check !== true) {
122
+        system_failure('Das Passwort ist nicht sicher genug.');
117 123
     }
118 124
     $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
119 125
                 ":id" => $id,
Browse code

Jabber-accounts immer lowercase

Bernd Wurst authored on02/07/2018 19:40:16
Showing1 changed files
... ...
@@ -72,7 +72,7 @@ function create_jabber_account($local, $domain, $password)
72 72
 {
73 73
     require_role(ROLE_CUSTOMER);
74 74
     $data = array(":customerno" => $_SESSION['customerinfo']['customerno'],
75
-                ":local" => filter_input_username($local),
75
+                ":local" => filter_input_username(strtolower($local)),
76 76
                 ":domain" => $domain);
77 77
     if (! valid_jabber_password($password)) {
78 78
         input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
Browse code

remove whitespace in empty lines

Hanno authored on26/06/2018 23:36:40
Showing1 changed files
... ...
@@ -79,7 +79,7 @@ function create_jabber_account($local, $domain, $password)
79 79
         return;
80 80
     }
81 81
     $data[':password'] = $password;
82
-  
82
+
83 83
     if ($domain > 0) {
84 84
         $args = array(":domain" => $data[":domain"], ":customerno" => $data[":customerno"]);
85 85
         $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde=:customerno AND jabber=1 AND id=:domain", $args);
... ...
@@ -118,7 +118,7 @@ function change_jabber_password($id, $password)
118 118
     $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
119 119
                 ":id" => $id,
120 120
                 ":password" => $password);
121
-  
121
+
122 122
     db_query("UPDATE jabber.accounts SET password=:password WHERE customerno=:customerno AND id=:id", $args);
123 123
     logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
124 124
 }
... ...
@@ -128,7 +128,7 @@ function change_jabber_password($id, $password)
128 128
 function delete_jabber_account($id)
129 129
 {
130 130
     require_role(ROLE_CUSTOMER);
131
-  
131
+
132 132
     $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
133 133
                 ":id" => $id);
134 134
 
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -19,133 +19,127 @@ require_once("inc/security.php");
19 19
 
20 20
 require_once('class/domain.php');
21 21
 
22
-function get_jabber_accounts() {
23
-  require_role(ROLE_CUSTOMER);
24
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
25
-  $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno=? AND `delete`=0", array($customerno));
26
-  $accounts = array();
27
-  if (@$result->rowCount() > 0)
28
-    while ($acc = @$result->fetch())
29
-      array_push($accounts, $acc);
30
-  return $accounts;
22
+function get_jabber_accounts()
23
+{
24
+    require_role(ROLE_CUSTOMER);
25
+    $customerno = (int) $_SESSION['customerinfo']['customerno'];
26
+    $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno=? AND `delete`=0", array($customerno));
27
+    $accounts = array();
28
+    if (@$result->rowCount() > 0) {
29
+        while ($acc = @$result->fetch()) {
30
+            array_push($accounts, $acc);
31
+        }
32
+    }
33
+    return $accounts;
31 34
 }
32 35
 
33 36
 
34 37
 
35 38
 function get_jabberaccount_details($id)
36 39
 {
37
-  require_role(ROLE_CUSTOMER);
38
-  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
40
+    require_role(ROLE_CUSTOMER);
41
+    $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
39 42
                 ":id" => $id);
40 43
 
41
-  $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno=:customerno AND id=:id", $args);
42
-  if ($result->rowCount() != 1)
43
-    system_failure("Invalid account");
44
-  $data = $result->fetch();
45
-  if ($data['domain'] == NULL)
46
-    $data['domain'] = config('masterdomain');
47
-  else
48
-  {
49
-    $dom = new Domain((int) $data['domain']);
50
-    $dom->ensure_customerdomain();
51
-    $data['domain'] = $dom->fqdn;
52
-  }
53
-  return $data;
44
+    $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno=:customerno AND id=:id", $args);
45
+    if ($result->rowCount() != 1) {
46
+        system_failure("Invalid account");
47
+    }
48
+    $data = $result->fetch();
49
+    if ($data['domain'] == null) {
50
+        $data['domain'] = config('masterdomain');
51
+    } else {
52
+        $dom = new Domain((int) $data['domain']);
53
+        $dom->ensure_customerdomain();
54
+        $data['domain'] = $dom->fqdn;
55
+    }
56
+    return $data;
54 57
 }
55 58
 
56 59
 
57 60
 function valid_jabber_password($pass)
58 61
 {
59
-  // Hier könnten erweiterte Checks stehen wenn nötig.
60
-  /*$foo = ereg_replace('["\']', '', $pass);
61
-  DEBUG("\$foo = {$foo} / \$pass = {$pass}");
62
-  return ($foo == $pass);
63
-  */
64
-  return true;
62
+    // Hier könnten erweiterte Checks stehen wenn nötig.
63
+    /*$foo = ereg_replace('["\']', '', $pass);
64
+    DEBUG("\$foo = {$foo} / \$pass = {$pass}");
65
+    return ($foo == $pass);
66
+    */
67
+    return true;
65 68
 }
66 69
 
67 70
 
68 71
 function create_jabber_account($local, $domain, $password)
69 72
 {
70
-  require_role(ROLE_CUSTOMER);
71
-  $data = array(":customerno" => $_SESSION['customerinfo']['customerno'],
73
+    require_role(ROLE_CUSTOMER);
74
+    $data = array(":customerno" => $_SESSION['customerinfo']['customerno'],
72 75
                 ":local" => filter_input_username($local),
73 76
                 ":domain" => $domain);
74
-  if (! valid_jabber_password($password))
75
-  {
76
-    input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
77
-    return;
78
-  }
79
-  $data[':password'] = $password;
77
+    if (! valid_jabber_password($password)) {
78
+        input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
79
+        return;
80
+    }
81
+    $data[':password'] = $password;
80 82
   
81
-  if ($domain > 0)
82
-  {
83
-    $args = array(":domain" => $data[":domain"], ":customerno" => $data[":customerno"]);
84
-    $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde=:customerno AND jabber=1 AND id=:domain", $args);
85
-    if ($result->rowCount() == 0)
86
-    {
87
-      logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
88
-      system_failure("Invalid domain!");
83
+    if ($domain > 0) {
84
+        $args = array(":domain" => $data[":domain"], ":customerno" => $data[":customerno"]);
85
+        $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde=:customerno AND jabber=1 AND id=:domain", $args);
86
+        if ($result->rowCount() == 0) {
87
+            logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
88
+            system_failure("Invalid domain!");
89
+        }
90
+    }
91
+
92
+    $args = array(":domain" => $data[":domain"], ":local" => $data[":local"]);
93
+    $domainquery = "domain=:domain";
94
+    if ($domain == 0) {
95
+        unset($args[":domain"]);
96
+        $data[":domain"] = null;
97
+        $domainquery = 'domain IS NULL';
98
+    }
99
+    $result = db_query("SELECT id FROM jabber.accounts WHERE local=:local AND {$domainquery}", $args);
100
+    if ($result->rowCount() > 0) {
101
+        logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
102
+        system_failure("Diesen Account gibt es bereits!");
89 103
     }
90
-  }
91
-
92
-  $args = array(":domain" => $data[":domain"], ":local" => $data[":local"]);
93
-  $domainquery = "domain=:domain";
94
-  if ($domain == 0)
95
-  {
96
-    unset($args[":domain"]);
97
-    $data[":domain"] = NULL;
98
-    $domainquery = 'domain IS NULL'; 
99
-  }
100
-  $result = db_query("SELECT id FROM jabber.accounts WHERE local=:local AND {$domainquery}", $args);
101
-  if ($result->rowCount() > 0)
102
-  {
103
-    logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
104
-    system_failure("Diesen Account gibt es bereits!");
105
-  }
106
-
107
-  db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES (:customerno, :local, :domain, :password);", $data);
108
-  logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«");
104
+
105
+    db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES (:customerno, :local, :domain, :password);", $data);
106
+    logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«");
109 107
 }
110 108
 
111 109
 
112 110
 
113 111
 function change_jabber_password($id, $password)
114 112
 {
115
-  require_role(ROLE_CUSTOMER);
116
-  if (! valid_jabber_password($password))
117
-  {
118
-    input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
119
-    return;
120
-  }
121
-  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
113
+    require_role(ROLE_CUSTOMER);
114
+    if (! valid_jabber_password($password)) {
115
+        input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
116
+        return;
117
+    }
118
+    $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
122 119
                 ":id" => $id,
123 120
                 ":password" => $password);
124 121
   
125
-  db_query("UPDATE jabber.accounts SET password=:password WHERE customerno=:customerno AND id=:id", $args);
126
-  logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
122
+    db_query("UPDATE jabber.accounts SET password=:password WHERE customerno=:customerno AND id=:id", $args);
123
+    logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
127 124
 }
128 125
 
129 126
 
130 127
 
131 128
 function delete_jabber_account($id)
132 129
 {
133
-  require_role(ROLE_CUSTOMER);
130
+    require_role(ROLE_CUSTOMER);
134 131
   
135
-  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
132
+    $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
136 133
                 ":id" => $id);
137 134
 
138
-  db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno=:customerno AND id=:id", $args);
139
-  logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
135
+    db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno=:customerno AND id=:id", $args);
136
+    logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
140 137
 }
141 138
 
142 139
 
143 140
 function new_jabber_domain($id)
144 141
 {
145
-  $d = new Domain( (int) $id );
146
-  $d->ensure_customerdomain();
147
-  db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id=?", array($d->id));
142
+    $d = new Domain((int) $id);
143
+    $d->ensure_customerdomain();
144
+    db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id=?", array($d->id));
148 145
 }
149
-
150
-
151
-?>
Browse code

Copyright year update

Bernd Wurst authored on13/01/2018 06:07:05
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on08/02/2014 05:45:07
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Weitere Umstellungen auf prepared statements

Bernd Wurst authored on03/02/2014 20:49:24
Showing1 changed files
... ...
@@ -22,7 +22,7 @@ require_once('class/domain.php');
22 22
 function get_jabber_accounts() {
23 23
   require_role(ROLE_CUSTOMER);
24 24
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
25
-  $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
25
+  $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno=? AND `delete`=0", array($customerno));
26 26
   $accounts = array();
27 27
   if (@$result->rowCount() > 0)
28 28
     while ($acc = @$result->fetch())
... ...
@@ -35,11 +35,10 @@ function get_jabber_accounts() {
35 35
 function get_jabberaccount_details($id)
36 36
 {
37 37
   require_role(ROLE_CUSTOMER);
38
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
39
-
40
-  $id = (int) $id;
38
+  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
39
+                ":id" => $id);
41 40
 
42
-  $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
41
+  $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno=:customerno AND id=:id", $args);
43 42
   if ($result->rowCount() != 1)
44 43
     system_failure("Invalid account");
45 44
   $data = $result->fetch();
... ...
@@ -69,20 +68,20 @@ function valid_jabber_password($pass)
69 68
 function create_jabber_account($local, $domain, $password)
70 69
 {
71 70
   require_role(ROLE_CUSTOMER);
72
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
73
-
74
-  $local = db_escape_string( filter_input_username($local) );
75
-  $domain = (int) $domain;
71
+  $data = array(":customerno" => $_SESSION['customerinfo']['customerno'],
72
+                ":local" => filter_input_username($local),
73
+                ":domain" => $domain);
76 74
   if (! valid_jabber_password($password))
77 75
   {
78 76
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
79 77
     return;
80 78
   }
81
-  $password = db_escape_string( $password );
79
+  $data[':password'] = $password;
82 80
   
83 81
   if ($domain > 0)
84 82
   {
85
-    $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
83
+    $args = array(":domain" => $data[":domain"], ":customerno" => $data[":customerno"]);
84
+    $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde=:customerno AND jabber=1 AND id=:domain", $args);
86 85
     if ($result->rowCount() == 0)
87 86
     {
88 87
       logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
... ...
@@ -90,20 +89,22 @@ function create_jabber_account($local, $domain, $password)
90 89
     }
91 90
   }
92 91
 
93
-  $domainquery = "domain={$domain}";
92
+  $args = array(":domain" => $data[":domain"], ":local" => $data[":local"]);
93
+  $domainquery = "domain=:domain";
94 94
   if ($domain == 0)
95 95
   {
96
-    $domain = 'NULL';
96
+    unset($args[":domain"]);
97
+    $data[":domain"] = NULL;
97 98
     $domainquery = 'domain IS NULL'; 
98 99
   }
99
-  $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
100
+  $result = db_query("SELECT id FROM jabber.accounts WHERE local=:local AND {$domainquery}", $args);
100 101
   if ($result->rowCount() > 0)
101 102
   {
102 103
     logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
103 104
     system_failure("Diesen Account gibt es bereits!");
104 105
   }
105 106
 
106
-  db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
107
+  db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES (:customerno, :local, :domain, :password);", $data);
107 108
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«");
108 109
 }
109 110
 
... ...
@@ -112,16 +113,16 @@ function create_jabber_account($local, $domain, $password)
112 113
 function change_jabber_password($id, $password)
113 114
 {
114 115
   require_role(ROLE_CUSTOMER);
115
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
116
-  $id = (int) $id;
117 116
   if (! valid_jabber_password($password))
118 117
   {
119 118
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
120 119
     return;
121 120
   }
122
-  $password = db_escape_string( $password );
121
+  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
122
+                ":id" => $id,
123
+                ":password" => $password);
123 124
   
124
-  db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
125
+  db_query("UPDATE jabber.accounts SET password=:password WHERE customerno=:customerno AND id=:id", $args);
125 126
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
126 127
 }
127 128
 
... ...
@@ -130,11 +131,11 @@ function change_jabber_password($id, $password)
130 131
 function delete_jabber_account($id)
131 132
 {
132 133
   require_role(ROLE_CUSTOMER);
133
-  $customerno = (int) $_SESSION['customerinfo']['customerno'];
134
-
135
-  $id = (int) $id;
134
+  
135
+  $args = array(":customerno" => $_SESSION['customerinfo']['customerno'],
136
+                ":id" => $id);
136 137
 
137
-  db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
138
+  db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno=:customerno AND id=:id", $args);
138 139
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
139 140
 }
140 141
 
... ...
@@ -143,7 +144,7 @@ function new_jabber_domain($id)
143 144
 {
144 145
   $d = new Domain( (int) $id );
145 146
   $d->ensure_customerdomain();
146
-  db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id={$d->id} LIMIT 1");
147
+  db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id=?", array($d->id));
147 148
 }
148 149
 
149 150
 
Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on01/02/2014 18:38:23
Showing1 changed files
... ...
@@ -15,7 +15,6 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once("inc/debug.php");
18
-require_once("inc/db_connect.php");
19 18
 require_once("inc/security.php");
20 19
 
21 20
 require_once('class/domain.php');
... ...
@@ -25,8 +24,8 @@ function get_jabber_accounts() {
25 24
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
26 25
   $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
27 26
   $accounts = array();
28
-  if (@mysql_num_rows($result) > 0)
29
-    while ($acc = @mysql_fetch_assoc($result))
27
+  if (@$result->rowCount() > 0)
28
+    while ($acc = @$result->fetch())
30 29
       array_push($accounts, $acc);
31 30
   return $accounts;
32 31
 }
... ...
@@ -41,9 +40,9 @@ function get_jabberaccount_details($id)
41 40
   $id = (int) $id;
42 41
 
43 42
   $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
44
-  if (mysql_num_rows($result) != 1)
43
+  if ($result->rowCount() != 1)
45 44
     system_failure("Invalid account");
46
-  $data = mysql_fetch_assoc($result);
45
+  $data = $result->fetch();
47 46
   if ($data['domain'] == NULL)
48 47
     $data['domain'] = config('masterdomain');
49 48
   else
... ...
@@ -72,19 +71,19 @@ function create_jabber_account($local, $domain, $password)
72 71
   require_role(ROLE_CUSTOMER);
73 72
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
74 73
 
75
-  $local = mysql_real_escape_string( filter_input_username($local) );
74
+  $local = db_escape_string( filter_input_username($local) );
76 75
   $domain = (int) $domain;
77 76
   if (! valid_jabber_password($password))
78 77
   {
79 78
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
80 79
     return;
81 80
   }
82
-  $password = mysql_real_escape_string( $password );
81
+  $password = db_escape_string( $password );
83 82
   
84 83
   if ($domain > 0)
85 84
   {
86 85
     $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
87
-    if (mysql_num_rows($result) == 0)
86
+    if ($result->rowCount() == 0)
88 87
     {
89 88
       logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
90 89
       system_failure("Invalid domain!");
... ...
@@ -98,7 +97,7 @@ function create_jabber_account($local, $domain, $password)
98 97
     $domainquery = 'domain IS NULL'; 
99 98
   }
100 99
   $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
101
-  if (mysql_num_rows($result) > 0)
100
+  if ($result->rowCount() > 0)
102 101
   {
103 102
     logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
104 103
     system_failure("Diesen Account gibt es bereits!");
... ...
@@ -120,7 +119,7 @@ function change_jabber_password($id, $password)
120 119
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
121 120
     return;
122 121
   }
123
-  $password = mysql_real_escape_string( $password );
122
+  $password = db_escape_string( $password );
124 123
   
125 124
   db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
126 125
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
Browse code

Updated copyright notice (2012 => 2013)

Bernd Wurst authored on19/01/2013 10:49:50
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2012 by schokokeks.org Hosting, namely
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Added license tags for CC0, README and COPYING

Bernd Wurst authored on11/03/2012 15:40:04
Showing1 changed files
... ...
@@ -1,4 +1,18 @@
1 1
 <?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
2 16
 
3 17
 require_once("inc/debug.php");
4 18
 require_once("inc/db_connect.php");
Browse code

Zeige letzte Aktivität bei Jabber-Accounts. Und zeige Warnung wenn Account noch nicht aktiv ist

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2177 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on08/02/2012 14:07:19
Showing1 changed files
... ...
@@ -9,11 +9,11 @@ require_once('class/domain.php');
9 9
 function get_jabber_accounts() {
10 10
   require_role(ROLE_CUSTOMER);
11 11
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
12
-  $result = db_query("SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
12
+  $result = db_query("SELECT id, `create`, created, lastactivity, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
13 13
   $accounts = array();
14 14
   if (@mysql_num_rows($result) > 0)
15
-    while ($acc = @mysql_fetch_object($result))
16
-      array_push($accounts, array('id'=> $acc->id, 'created' => $acc->created, 'local' => $acc->local, 'domain' => $acc->domain));
15
+    while ($acc = @mysql_fetch_assoc($result))
16
+      array_push($accounts, $acc);
17 17
   return $accounts;
18 18
 }
19 19
 
Browse code

Neue Jabber-Domains selbst eintragen.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1486 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on01/10/2009 03:32:52
Showing1 changed files
... ...
@@ -125,4 +125,13 @@ function delete_jabber_account($id)
125 125
   logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
126 126
 }
127 127
 
128
+
129
+function new_jabber_domain($id)
130
+{
131
+  $d = new Domain( (int) $id );
132
+  $d->ensure_customerdomain();
133
+  db_query("UPDATE kundendaten.domains SET jabber=2 WHERE jabber=0 AND id={$d->id} LIMIT 1");
134
+}
135
+
136
+
128 137
 ?>
Browse code

Logger mit Logleveln

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1466 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on14/09/2009 13:31:08
Showing1 changed files
... ...
@@ -72,7 +72,7 @@ function create_jabber_account($local, $domain, $password)
72 72
     $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
73 73
     if (mysql_num_rows($result) == 0)
74 74
     {
75
-      logger("modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
75
+      logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
76 76
       system_failure("Invalid domain!");
77 77
     }
78 78
   }
... ...
@@ -86,12 +86,12 @@ function create_jabber_account($local, $domain, $password)
86 86
   $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
87 87
   if (mysql_num_rows($result) > 0)
88 88
   {
89
-    logger("modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
89
+    logger(LOG_WARNING, "modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
90 90
     system_failure("Diesen Account gibt es bereits!");
91 91
   }
92 92
 
93 93
   db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
94
-  logger("modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«");
94
+  logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«");
95 95
 }
96 96
 
97 97
 
... ...
@@ -109,7 +109,7 @@ function change_jabber_password($id, $password)
109 109
   $password = mysql_real_escape_string( $password );
110 110
   
111 111
   db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
112
-  logger("modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
112
+  logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
113 113
 }
114 114
 
115 115
 
... ...
@@ -122,7 +122,7 @@ function delete_jabber_account($id)
122 122
   $id = (int) $id;
123 123
 
124 124
   db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
125
-  logger("modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
125
+  logger(LOG_INFO, "modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
126 126
 }
127 127
 
128 128
 ?>
Browse code

Prüfe, ob Domain wirklich die eigene ist.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1385 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on02/06/2009 11:30:05
Showing1 changed files
... ...
@@ -35,6 +35,7 @@ function get_jabberaccount_details($id)
35 35
   else
36 36
   {
37 37
     $dom = new Domain((int) $data['domain']);
38
+    $dom->ensure_customerdomain();
38 39
     $data['domain'] = $dom->fqdn;
39 40
   }
40 41
   return $data;
Browse code

Mehr config-optionen und config via Wrapper-Funktion benutzen

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1376 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on23/05/2009 15:24:52
Showing1 changed files
... ...
@@ -31,7 +31,7 @@ function get_jabberaccount_details($id)
31 31
     system_failure("Invalid account");
32 32
   $data = mysql_fetch_assoc($result);
33 33
   if ($data['domain'] == NULL)
34
-    $data['domain'] = 'schokokeks.org';
34
+    $data['domain'] = config('masterdomain');
35 35
   else
36 36
   {
37 37
     $dom = new Domain((int) $data['domain']);
Browse code

eliminate .php extensions for URLs

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1128 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on08/08/2008 19:32:32
Showing1 changed files
... ...
@@ -71,7 +71,7 @@ function create_jabber_account($local, $domain, $password)
71 71
     $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
72 72
     if (mysql_num_rows($result) == 0)
73 73
     {
74
-      logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create account for invalid domain »{$domain}«");
74
+      logger("modules/jabber/include/jabberaccounts", "jabber", "attempt to create account for invalid domain »{$domain}«");
75 75
       system_failure("Invalid domain!");
76 76
     }
77 77
   }
... ...
@@ -85,12 +85,12 @@ function create_jabber_account($local, $domain, $password)
85 85
   $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
86 86
   if (mysql_num_rows($result) > 0)
87 87
   {
88
-    logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
88
+    logger("modules/jabber/include/jabberaccounts", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
89 89
     system_failure("Diesen Account gibt es bereits!");
90 90
   }
91 91
 
92 92
   db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
93
-  logger("modules/jabber/include/jabberaccounts.php", "jabber", "created account »{$local}@{$domain}«");
93
+  logger("modules/jabber/include/jabberaccounts", "jabber", "created account »{$local}@{$domain}«");
94 94
 }
95 95
 
96 96
 
... ...
@@ -108,7 +108,7 @@ function change_jabber_password($id, $password)
108 108
   $password = mysql_real_escape_string( $password );
109 109
   
110 110
   db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
111
-  logger("modules/jabber/include/jabberaccounts.php", "jabber", "changed password for account  »{$id}«");
111
+  logger("modules/jabber/include/jabberaccounts", "jabber", "changed password for account  »{$id}«");
112 112
 }
113 113
 
114 114
 
... ...
@@ -121,7 +121,7 @@ function delete_jabber_account($id)
121 121
   $id = (int) $id;
122 122
 
123 123
   db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
124
-  logger("modules/jabber/include/jabberaccounts.php", "jabber", "deleted account »{$id}«");
124
+  logger("modules/jabber/include/jabberaccounts", "jabber", "deleted account »{$id}«");
125 125
 }
126 126
 
127 127
 ?>
Browse code

stripslashes und erlaube Anführungszeichen im Passwort

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@788 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/11/2007 16:36:04
Showing1 changed files
... ...
@@ -44,9 +44,11 @@ function get_jabberaccount_details($id)
44 44
 function valid_jabber_password($pass)
45 45
 {
46 46
   // Hier könnten erweiterte Checks stehen wenn nötig.
47
-  $foo = ereg_replace('["\']', '', $pass);
47
+  /*$foo = ereg_replace('["\']', '', $pass);
48 48
   DEBUG("\$foo = {$foo} / \$pass = {$pass}");
49 49
   return ($foo == $pass);
50
+  */
51
+  return true;
50 52
 }
51 53
 
52 54
 
Browse code

Bei falschen Daten auch abbrechen

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@786 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/11/2007 16:21:32
Showing1 changed files
... ...
@@ -58,7 +58,10 @@ function create_jabber_account($local, $domain, $password)
58 58
   $local = mysql_real_escape_string( filter_input_username($local) );
59 59
   $domain = (int) $domain;
60 60
   if (! valid_jabber_password($password))
61
+  {
61 62
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
63
+    return;
64
+  }
62 65
   $password = mysql_real_escape_string( $password );
63 66
   
64 67
   if ($domain > 0)
... ...
@@ -96,7 +99,10 @@ function change_jabber_password($id, $password)
96 99
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
97 100
   $id = (int) $id;
98 101
   if (! valid_jabber_password($password))
102
+  {
99 103
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
104
+    return;
105
+  }
100 106
   $password = mysql_real_escape_string( $password );
101 107
   
102 108
   db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
Browse code

Anführungszeichen filtern

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@784 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/11/2007 16:16:18
Showing1 changed files
... ...
@@ -44,7 +44,9 @@ function get_jabberaccount_details($id)
44 44
 function valid_jabber_password($pass)
45 45
 {
46 46
   // Hier könnten erweiterte Checks stehen wenn nötig.
47
-  return true;
47
+  $foo = ereg_replace('["\']', '', $pass);
48
+  DEBUG("\$foo = {$foo} / \$pass = {$pass}");
49
+  return ($foo == $pass);
48 50
 }
49 51
 
50 52
 
Browse code

htmlspecialchars ist nicht gut für jabber-passwort

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@783 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/11/2007 16:08:19
Showing1 changed files
... ...
@@ -43,8 +43,8 @@ function get_jabberaccount_details($id)
43 43
 
44 44
 function valid_jabber_password($pass)
45 45
 {
46
-  $new = filter_input_general($pass);
47
-  return ($new == $pass);
46
+  // Hier könnten erweiterte Checks stehen wenn nötig.
47
+  return true;
48 48
 }
49 49
 
50 50
 
... ...
@@ -57,7 +57,7 @@ function create_jabber_account($local, $domain, $password)
57 57
   $domain = (int) $domain;
58 58
   if (! valid_jabber_password($password))
59 59
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
60
-  $password = mysql_real_escape_string( filter_input_general( $password ) );
60
+  $password = mysql_real_escape_string( $password );
61 61
   
62 62
   if ($domain > 0)
63 63
   {
... ...
@@ -95,7 +95,7 @@ function change_jabber_password($id, $password)
95 95
   $id = (int) $id;
96 96
   if (! valid_jabber_password($password))
97 97
     input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
98
-  $password = mysql_real_escape_string( filter_input_general( $password ) );
98
+  $password = mysql_real_escape_string( $password );
99 99
   
100 100
   db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
101 101
   logger("modules/jabber/include/jabberaccounts.php", "jabber", "changed password for account  »{$id}«");
Browse code

erlaube Jabber-Passwörter mit Sonderzeichen und gib Fehlermeldung wenn ein Fehler auftritt

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@781 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/11/2007 16:04:25
Showing1 changed files
... ...
@@ -41,6 +41,12 @@ function get_jabberaccount_details($id)
41 41
 }
42 42
 
43 43
 
44
+function valid_jabber_password($pass)
45
+{
46
+  $new = filter_input_general($pass);
47
+  return ($new == $pass);
48
+}
49
+
44 50
 
45 51
 function create_jabber_account($local, $domain, $password)
46 52
 {
... ...
@@ -49,7 +55,9 @@ function create_jabber_account($local, $domain, $password)
49 55
 
50 56
   $local = mysql_real_escape_string( filter_input_username($local) );
51 57
   $domain = (int) $domain;
52
-  $password = mysql_real_escape_string( filter_shell( $password ) );
58
+  if (! valid_jabber_password($password))
59
+    input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
60
+  $password = mysql_real_escape_string( filter_input_general( $password ) );
53 61
   
54 62
   if ($domain > 0)
55 63
   {
... ...
@@ -80,14 +88,16 @@ function create_jabber_account($local, $domain, $password)
80 88
 
81 89
 
82 90
 
83
-function change_jabber_password($id, $newpass)
91
+function change_jabber_password($id, $password)
84 92
 {
85 93
   require_role(ROLE_CUSTOMER);
86 94
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
87 95
   $id = (int) $id;
88
-  $newpass = mysql_real_escape_string( filter_shell( $newpass ) );
96
+  if (! valid_jabber_password($password))
97
+    input_error('Das Passwort enthält Zeichen, die aufgrund technischer Beschränkungen momentan nicht benutzt werden können.');
98
+  $password = mysql_real_escape_string( filter_input_general( $password ) );
89 99
   
90
-  db_query("UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
100
+  db_query("UPDATE jabber.accounts SET password='{$password}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
91 101
   logger("modules/jabber/include/jabberaccounts.php", "jabber", "changed password for account  »{$id}«");
92 102
 }
93 103
 
Browse code

Parse Error, hatte ich gar nicht bemerkt...

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@560 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on28/07/2007 17:20:15
Showing1 changed files
... ...
@@ -4,6 +4,7 @@ require_once("inc/debug.php");
4 4
 require_once("inc/db_connect.php");
5 5
 require_once("inc/security.php");
6 6
 
7
+require_once('class/domain.php');
7 8
 
8 9
 function get_jabber_accounts() {
9 10
   require_role(ROLE_CUSTOMER);
... ...
@@ -29,7 +30,13 @@ function get_jabberaccount_details($id)
29 30
   if (mysql_num_rows($result) != 1)
30 31
     system_failure("Invalid account");
31 32
   $data = mysql_fetch_assoc($result);
32
-  $data['domain'] = get_domain_name($data['domain']);
33
+  if ($data['domain'] == NULL)
34
+    $data['domain'] = 'schokokeks.org';
35
+  else
36
+  {
37
+    $dom = new Domain((int) $data['domain']);
38
+    $data['domain'] = $dom->fqdn;
39
+  }
33 40
   return $data;
34 41
 }
35 42
 
Browse code

sql-abfragen abstrahiert

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@512 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on18/06/2007 08:19:16
Showing1 changed files
... ...
@@ -8,9 +8,7 @@ require_once("inc/security.php");
8 8
 function get_jabber_accounts() {
9 9
   require_role(ROLE_CUSTOMER);
10 10
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
11
-  $query = "SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;";
12
-  DEBUG($query);
13
-  $result = mysql_query($query);
11
+  $result = db_query("SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;");
14 12
   $accounts = array();
15 13
   if (@mysql_num_rows($result) > 0)
16 14
     while ($acc = @mysql_fetch_object($result))
... ...
@@ -27,9 +25,7 @@ function get_jabberaccount_details($id)
27 25
 
28 26
   $id = (int) $id;
29 27
 
30
-  $query = "SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1";
31
-  DEBUG($query);
32
-  $result = mysql_query($query);
28
+  $result = db_query("SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1");
33 29
   if (mysql_num_rows($result) != 1)
34 30
     system_failure("Invalid account");
35 31
   $data = mysql_fetch_assoc($result);
... ...
@@ -50,9 +46,7 @@ function create_jabber_account($local, $domain, $password)
50 46
   
51 47
   if ($domain > 0)
52 48
   {
53
-    $query = "SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};";
54
-    DEBUG($query);
55
-    $result = mysql_query($query);
49
+    $result = db_query("SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};");
56 50
     if (mysql_num_rows($result) == 0)
57 51
     {
58 52
       logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create account for invalid domain »{$domain}«");
... ...
@@ -66,18 +60,14 @@ function create_jabber_account($local, $domain, $password)
66 60
     $domain = 'NULL';
67 61
     $domainquery = 'domain IS NULL'; 
68 62
   }
69
-  $query = "SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}";
70
-  DEBUG($query);
71
-  $result = mysql_query($query);
63
+  $result = db_query("SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}");
72 64
   if (mysql_num_rows($result) > 0)
73 65
   {
74 66
     logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
75 67
     system_failure("Diesen Account gibt es bereits!");
76 68
   }
77 69
 
78
-  $query = "INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');";
79
-  DEBUG($query);
80
-  mysql_query($query);
70
+  db_query("INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');");
81 71
   logger("modules/jabber/include/jabberaccounts.php", "jabber", "created account »{$local}@{$domain}«");
82 72
 }
83 73
 
... ...
@@ -90,9 +80,7 @@ function change_jabber_password($id, $newpass)
90 80
   $id = (int) $id;
91 81
   $newpass = mysql_real_escape_string( filter_shell( $newpass ) );
92 82
   
93
-  $query = "UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1";
94
-  DEBUG($query);
95
-  mysql_query($query);
83
+  db_query("UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1");
96 84
   logger("modules/jabber/include/jabberaccounts.php", "jabber", "changed password for account  »{$id}«");
97 85
 }
98 86
 
... ...
@@ -105,9 +93,7 @@ function delete_jabber_account($id)
105 93
 
106 94
   $id = (int) $id;
107 95
 
108
-  $query = "UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1";
109
-  DEBUG($query);
110
-  mysql_query($query);
96
+  db_query("UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1");
111 97
   logger("modules/jabber/include/jabberaccounts.php", "jabber", "deleted account »{$id}«");
112 98
 }
113 99
 
Browse code

Logging in allen Modulen

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@510 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on18/06/2007 07:32:07
Showing1 changed files
... ...
@@ -55,6 +55,7 @@ function create_jabber_account($local, $domain, $password)
55 55
     $result = mysql_query($query);
56 56
     if (mysql_num_rows($result) == 0)
57 57
     {
58
+      logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create account for invalid domain »{$domain}«");
58 59
       system_failure("Invalid domain!");
59 60
     }
60 61
   }
... ...
@@ -70,12 +71,14 @@ function create_jabber_account($local, $domain, $password)
70 71
   $result = mysql_query($query);
71 72
   if (mysql_num_rows($result) > 0)
72 73
   {
74
+    logger("modules/jabber/include/jabberaccounts.php", "jabber", "attempt to create already existing account »{$local}@{$domain}«");
73 75
     system_failure("Diesen Account gibt es bereits!");
74 76
   }
75 77
 
76 78
   $query = "INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');";
77 79
   DEBUG($query);
78 80
   mysql_query($query);
81
+  logger("modules/jabber/include/jabberaccounts.php", "jabber", "created account »{$local}@{$domain}«");
79 82
 }
80 83
 
81 84
 
... ...
@@ -90,6 +93,7 @@ function change_jabber_password($id, $newpass)
90 93
   $query = "UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1";
91 94
   DEBUG($query);
92 95
   mysql_query($query);
96
+  logger("modules/jabber/include/jabberaccounts.php", "jabber", "changed password for account  »{$id}«");
93 97
 }
94 98
 
95 99
 
... ...
@@ -104,6 +108,7 @@ function delete_jabber_account($id)
104 108
   $query = "UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1";
105 109
   DEBUG($query);
106 110
   mysql_query($query);
111
+  logger("modules/jabber/include/jabberaccounts.php", "jabber", "deleted account »{$id}«");
107 112
 }
108 113
 
109 114
 ?>
Browse code

Diverse shell-kritische zeichen raus

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@505 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/06/2007 14:33:33
Showing1 changed files
... ...
@@ -46,7 +46,7 @@ function create_jabber_account($local, $domain, $password)
46 46
 
47 47
   $local = mysql_real_escape_string( filter_input_username($local) );
48 48
   $domain = (int) $domain;
49
-  $password = mysql_real_escape_string( filter_quotes( $password ) );
49
+  $password = mysql_real_escape_string( filter_shell( $password ) );
50 50
   
51 51
   if ($domain > 0)
52 52
   {
... ...
@@ -85,7 +85,7 @@ function change_jabber_password($id, $newpass)
85 85
   require_role(ROLE_CUSTOMER);
86 86
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
87 87
   $id = (int) $id;
88
-  $newpass = mysql_real_escape_string( filter_quotes( $newpass ) );
88
+  $newpass = mysql_real_escape_string( filter_shell( $newpass ) );
89 89
   
90 90
   $query = "UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1";
91 91
   DEBUG($query);
Browse code

Im Passwort dürfen auch keine bösen Zeichen sein

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@502 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/06/2007 14:24:24
Showing1 changed files
... ...
@@ -46,7 +46,7 @@ function create_jabber_account($local, $domain, $password)
46 46
 
47 47
   $local = mysql_real_escape_string( filter_input_username($local) );
48 48
   $domain = (int) $domain;
49
-  $password = mysql_real_escape_string($password);
49
+  $password = mysql_real_escape_string( filter_quotes( $password ) );
50 50
   
51 51
   if ($domain > 0)
52 52
   {
... ...
@@ -85,7 +85,7 @@ function change_jabber_password($id, $newpass)
85 85
   require_role(ROLE_CUSTOMER);
86 86
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
87 87
   $id = (int) $id;
88
-  $newpass = mysql_real_escape_string($newpass);
88
+  $newpass = mysql_real_escape_string( filter_quotes( $newpass ) );
89 89
   
90 90
   $query = "UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1";
91 91
   DEBUG($query);
Browse code

input-filtering

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@500 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on16/06/2007 14:10:56
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 
3 3
 require_once("inc/debug.php");
4 4
 require_once("inc/db_connect.php");
5
-
5
+require_once("inc/security.php");
6 6
 
7 7
 
8 8
 function get_jabber_accounts() {
... ...
@@ -44,7 +44,7 @@ function create_jabber_account($local, $domain, $password)
44 44
   require_role(ROLE_CUSTOMER);
45 45
   $customerno = (int) $_SESSION['customerinfo']['customerno'];
46 46
 
47
-  $local = mysql_real_escape_string($local);
47
+  $local = mysql_real_escape_string( filter_input_username($local) );
48 48
   $domain = (int) $domain;
49 49
   $password = mysql_real_escape_string($password);
50 50
   
Browse code

Ich hasse PHP

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@485 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on02/06/2007 12:50:28
Showing1 changed files
... ...
@@ -61,8 +61,10 @@ function create_jabber_account($local, $domain, $password)
61 61
 
62 62
   $domainquery = "domain={$domain}";
63 63
   if ($domain == 0)
64
+  {
64 65
     $domain = 'NULL';
65 66
     $domainquery = 'domain IS NULL'; 
67
+  }
66 68
   $query = "SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}";
67 69
   DEBUG($query);
68 70
   $result = mysql_query($query);
Browse code

Duplikate-Problem gefixed. Passwort ändern.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@484 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on02/06/2007 09:51:00
Showing1 changed files
... ...
@@ -59,8 +59,17 @@ function create_jabber_account($local, $domain, $password)
59 59
     }
60 60
   }
61 61
 
62
+  $domainquery = "domain={$domain}";
62 63
   if ($domain == 0)
63 64
     $domain = 'NULL';
65
+    $domainquery = 'domain IS NULL'; 
66
+  $query = "SELECT id FROM jabber.accounts WHERE local='{$local}' AND {$domainquery}";
67
+  DEBUG($query);
68
+  $result = mysql_query($query);
69
+  if (mysql_num_rows($result) > 0)
70
+  {
71
+    system_failure("Diesen Account gibt es bereits!");
72
+  }
64 73
 
65 74
   $query = "INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');";
66 75
   DEBUG($query);
Browse code

Jabber-Passwort ändern

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@482 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on01/06/2007 17:07:05
Showing1 changed files
... ...
@@ -68,6 +68,21 @@ function create_jabber_account($local, $domain, $password)
68 68
 }
69 69
 
70 70
 
71
+
72
+function change_jabber_password($id, $newpass)
73
+{
74
+  require_role(ROLE_CUSTOMER);
75
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
76
+  $id = (int) $id;
77
+  $newpass = mysql_real_escape_string($newpass);
78
+  
79
+  $query = "UPDATE jabber.accounts SET password='{$newpass}' WHERE customerno={$customerno} AND id={$id} LIMIT 1";
80
+  DEBUG($query);
81
+  mysql_query($query);
82
+}
83
+
84
+
85
+
71 86
 function delete_jabber_account($id)
72 87
 {
73 88
   require_role(ROLE_CUSTOMER);
Browse code

Neues Jabber-Modul (noch nicht ganz fertig) und Formular-Framework

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@481 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on01/06/2007 16:53:03
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,83 @@
1
+<?php
2
+
3
+require_once("inc/debug.php");
4
+require_once("inc/db_connect.php");
5
+
6
+
7
+
8
+function get_jabber_accounts() {
9
+  require_role(ROLE_CUSTOMER);
10
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
11
+  $query = "SELECT id, created, local, domain FROM jabber.accounts WHERE customerno='$customerno' AND `delete`=0;";
12
+  DEBUG($query);
13
+  $result = mysql_query($query);
14
+  $accounts = array();
15
+  if (@mysql_num_rows($result) > 0)
16
+    while ($acc = @mysql_fetch_object($result))
17
+      array_push($accounts, array('id'=> $acc->id, 'created' => $acc->created, 'local' => $acc->local, 'domain' => $acc->domain));
18
+  return $accounts;
19
+}
20
+
21
+
22
+
23
+function get_jabberaccount_details($id)
24
+{
25
+  require_role(ROLE_CUSTOMER);
26
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
27
+
28
+  $id = (int) $id;
29
+
30
+  $query = "SELECT id, local, domain FROM jabber.accounts WHERE customerno={$customerno} AND id={$id} LIMIT 1";
31
+  DEBUG($query);
32
+  $result = mysql_query($query);
33
+  if (mysql_num_rows($result) != 1)
34
+    system_failure("Invalid account");
35
+  $data = mysql_fetch_assoc($result);
36
+  $data['domain'] = get_domain_name($data['domain']);
37
+  return $data;
38
+}
39
+
40
+
41
+
42
+function create_jabber_account($local, $domain, $password)
43
+{
44
+  require_role(ROLE_CUSTOMER);
45
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
46
+
47
+  $local = mysql_real_escape_string($local);
48
+  $domain = (int) $domain;
49
+  $password = mysql_real_escape_string($password);
50
+  
51
+  if ($domain > 0)
52
+  {
53
+    $query = "SELECT id FROM kundendaten.domains WHERE kunde={$customerno} AND jabber=1 AND id={$domain};";
54
+    DEBUG($query);
55
+    $result = mysql_query($query);
56
+    if (mysql_num_rows($result) == 0)
57
+    {
58
+      system_failure("Invalid domain!");
59
+    }
60
+  }
61
+
62
+  if ($domain == 0)
63
+    $domain = 'NULL';
64
+
65
+  $query = "INSERT INTO jabber.accounts (customerno,local,domain,password) VALUES ({$customerno}, '{$local}', {$domain}, '{$password}');";
66
+  DEBUG($query);
67
+  mysql_query($query);
68
+}
69
+
70
+
71
+function delete_jabber_account($id)
72
+{
73
+  require_role(ROLE_CUSTOMER);
74
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
75
+
76
+  $id = (int) $id;
77
+
78
+  $query = "UPDATE jabber.accounts SET `delete`=1 WHERE customerno={$customerno} AND id={$id} LIMIT 1";
79
+  DEBUG($query);
80
+  mysql_query($query);
81
+}
82
+
83
+?>