Browse code

remove whitespace in empty lines

Hanno authored on26/06/2018 23:36:40
Showing1 changed files
... ...
@@ -100,23 +100,23 @@ function invalidate_customer_token($customerno)
100 100
 {
101 101
     db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
102 102
 }
103
- 
103
+
104 104
 function invalidate_systemuser_token($uid)
105 105
 {
106 106
     db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
107 107
 }
108
- 
108
+
109 109
 function create_token($username)
110 110
 {
111 111
     expire_tokens();
112 112
     $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
113 113
     $uid = (int) $result->fetch()['uid'];
114
-  
114
+
115 115
     $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
116 116
     if ($result->rowCount() > 0) {
117 117
         system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
118 118
     }
119
-  
119
+
120 120
     $args = array(":uid" => $uid,
121 121
                 ":token" => random_string(16));
122 122
     db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -18,135 +18,134 @@ require_once('session/checkuser.php');
18 18
 
19 19
 function user_customer_match($cust, $user)
20 20
 {
21
-  $args = array(":cid" => $cust,
21
+    $args = array(":cid" => $cust,
22 22
                 ":user" => $user);
23
-  $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde=:cid AND username=:user AND kundenaccount=1", $args);
24
-  if ($result->rowCount() > 0)
25
-    return true;
26
-  return false;
23
+    $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde=:cid AND username=:user AND kundenaccount=1", $args);
24
+    if ($result->rowCount() > 0) {
25
+        return true;
26
+    }
27
+    return false;
27 28
 }
28 29
 
29
-function find_username($input) 
30
+function find_username($input)
30 31
 {
31
-  $args = array(":user" => $input);
32
-  $result = db_query("SELECT username FROM system.useraccounts WHERE username=:user AND kundenaccount=1", $args);
33
-  if ($result->rowCount() > 0)
34
-  {
35
-    $line = $result->fetch();
36
-    return $line['username'];
37
-  } else {
38
-    return false;
39
-  }
32
+    $args = array(":user" => $input);
33
+    $result = db_query("SELECT username FROM system.useraccounts WHERE username=:user AND kundenaccount=1", $args);
34
+    if ($result->rowCount() > 0) {
35
+        $line = $result->fetch();
36
+        return $line['username'];
37
+    } else {
38
+        return false;
39
+    }
40 40
 }
41 41
 
42 42
 function customer_has_email($customerno, $email)
43 43
 {
44
-  $args = array(":cid" => $customerno,
44
+    $args = array(":cid" => $customerno,
45 45
                 ":email" => $email);
46
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND (email=:email OR email_extern=:email OR email_rechnung=:email)", $args);
47
-  return ($result->rowCount() > 0);
46
+    $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND (email=:email OR email_extern=:email OR email_rechnung=:email)", $args);
47
+    return ($result->rowCount() > 0);
48 48
 }
49 49
 
50 50
 
51 51
 function validate_token($customerno, $token)
52 52
 {
53
-  expire_tokens();
54
-  $args = array(":cid" => $customerno,
53
+    expire_tokens();
54
+    $args = array(":cid" => $customerno,
55 55
                 ":token" => $token);
56
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND token=:token", $args);
57
-  return ($result->rowCount() > 0);
56
+    $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND token=:token", $args);
57
+    return ($result->rowCount() > 0);
58 58
 }
59 59
 
60 60
 
61
-function get_uid_for_token($token) 
61
+function get_uid_for_token($token)
62 62
 {
63
-  expire_tokens();
64
-  $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", array($token));
65
-  if ($result->rowCount() == 0) {
66
-    return NULL;
67
-  }
68
-  $data = $result->fetch();
69
-  return $data['uid'];  
63
+    expire_tokens();
64
+    $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", array($token));
65
+    if ($result->rowCount() == 0) {
66
+        return null;
67
+    }
68
+    $data = $result->fetch();
69
+    return $data['uid'];
70 70
 }
71 71
 
72
-function get_username_for_uid($uid) 
72
+function get_username_for_uid($uid)
73 73
 {
74
-  $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", array($uid));
75
-  if ($result->rowCount() != 1) {
76
-    system_failure("Unexpected number of users with this uid (!= 1)!");
77
-  }
78
-  $item = $result->fetch();
79
-  return $item['username'];
74
+    $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", array($uid));
75
+    if ($result->rowCount() != 1) {
76
+        system_failure("Unexpected number of users with this uid (!= 1)!");
77
+    }
78
+    $item = $result->fetch();
79
+    return $item['username'];
80 80
 }
81 81
 
82 82
 function validate_uid_token($uid, $token)
83 83
 {
84
-  expire_tokens();
85
-  $args = array(":uid" => $uid,
84
+    expire_tokens();
85
+    $args = array(":uid" => $uid,
86 86
                 ":token" => $token);
87
-  $result = db_query("SELECT NULL FROM system.usertoken WHERE uid=:uid AND token=:token", $args);
88
-  return ($result->rowCount() > 0);
87
+    $result = db_query("SELECT NULL FROM system.usertoken WHERE uid=:uid AND token=:token", $args);
88
+    return ($result->rowCount() > 0);
89 89
 }
90 90
 
91 91
 
92 92
 function expire_tokens()
93 93
 {
94
-  $expire = "1 DAY";
95
-  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
96
-  db_query("DELETE FROM system.usertoken WHERE expire < NOW();");
94
+    $expire = "1 DAY";
95
+    db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
96
+    db_query("DELETE FROM system.usertoken WHERE expire < NOW();");
97 97
 }
98 98
 
99 99
 function invalidate_customer_token($customerno)
100 100
 {
101
-  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
101
+    db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
102 102
 }
103 103
  
104 104
 function invalidate_systemuser_token($uid)
105 105
 {
106
-  db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
106
+    db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
107 107
 }
108 108
  
109 109
 function create_token($username)
110 110
 {
111
-  expire_tokens();
112
-  $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
113
-  $uid = (int) $result->fetch()['uid'];
111
+    expire_tokens();
112
+    $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
113
+    $uid = (int) $result->fetch()['uid'];
114 114
   
115
-  $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
116
-  if ($result->rowCount() > 0) {
117
-    system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
118
-  }
115
+    $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
116
+    if ($result->rowCount() > 0) {
117
+        system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
118
+    }
119 119
   
120
-  $args = array(":uid" => $uid,
120
+    $args = array(":uid" => $uid,
121 121
                 ":token" => random_string(16));
122
-  db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
123
-  return true;
122
+    db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
123
+    return true;
124 124
 }
125 125
 
126 126
 
127 127
 function emailaddress_for_user($username)
128 128
 {
129
-  $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
130
-  $data = $result->fetch();
131
-  return $data['email'];
129
+    $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
130
+    $data = $result->fetch();
131
+    return $data['email'];
132 132
 }
133 133
 
134 134
 
135 135
 function get_customer_token($customerno)
136 136
 {
137
-  expire_tokens();
138
-  $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", array($customerno));
139
-  if ($result->rowCount() < 1)
140
-    system_failure("Kann das Token nicht auslesen!");
141
-  return $result->fetch(PDO::FETCH_OBJ)->token;
137
+    expire_tokens();
138
+    $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", array($customerno));
139
+    if ($result->rowCount() < 1) {
140
+        system_failure("Kann das Token nicht auslesen!");
141
+    }
142
+    return $result->fetch(PDO::FETCH_OBJ)->token;
142 143
 }
143 144
 
144 145
 
145
-function get_user_token($username) 
146
+function get_user_token($username)
146 147
 {
147
-  $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", array($username));
148
-  $tmp = $result->fetch();
149
-  return $tmp['token'];
148
+    $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", array($username));
149
+    $tmp = $result->fetch();
150
+    return $tmp['token'];
150 151
 }
151
-
152
-?>
Browse code

Copyright year update

Bernd Wurst authored on13/01/2018 06:07:05
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2014 by schokokeks.org Hosting, namely
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Passwort-Reset-Funktion aktualisiert

Bernd Wurst authored on12/01/2017 12:17:32
Showing1 changed files
... ...
@@ -26,7 +26,18 @@ function user_customer_match($cust, $user)
26 26
   return false;
27 27
 }
28 28
 
29
-
29
+function find_username($input) 
30
+{
31
+  $args = array(":user" => $input);
32
+  $result = db_query("SELECT username FROM system.useraccounts WHERE username=:user AND kundenaccount=1", $args);
33
+  if ($result->rowCount() > 0)
34
+  {
35
+    $line = $result->fetch();
36
+    return $line['username'];
37
+  } else {
38
+    return false;
39
+  }
40
+}
30 41
 
31 42
 function customer_has_email($customerno, $email)
32 43
 {
... ...
@@ -108,7 +119,7 @@ function create_token($username)
108 119
   
109 120
   $args = array(":uid" => $uid,
110 121
                 ":token" => random_string(16));
111
-  db_query("INSERT INTO system.usertoken VALUES (:uid} NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
122
+  db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
112 123
   return true;
113 124
 }
114 125
 
Browse code

Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst

Bernd Wurst authored on08/02/2014 05:45:07
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2013 by schokokeks.org Hosting, namely
5
+Written 2008-2014 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Modul index auf prepared statements umgestellt

Bernd Wurst authored on06/02/2014 09:30:25
Showing1 changed files
... ...
@@ -18,9 +18,9 @@ require_once('session/checkuser.php');
18 18
 
19 19
 function user_customer_match($cust, $user)
20 20
 {
21
-  $customerno = (int) $cust;
22
-  $username = db_escape_string($user);
23
-  $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
21
+  $args = array(":cid" => $cust,
22
+                ":user" => $user);
23
+  $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde=:cid AND username=:user AND kundenaccount=1", $args);
24 24
   if ($result->rowCount() > 0)
25 25
     return true;
26 26
   return false;
... ...
@@ -30,9 +30,9 @@ function user_customer_match($cust, $user)
30 30
 
31 31
 function customer_has_email($customerno, $email)
32 32
 {
33
-  $customerno = (int) $customerno;
34
-  $email = db_escape_string($email);
35
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
33
+  $args = array(":cid" => $customerno,
34
+                ":email" => $email);
35
+  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND (email=:email OR email_extern=:email OR email_rechnung=:email)", $args);
36 36
   return ($result->rowCount() > 0);
37 37
 }
38 38
 
... ...
@@ -40,9 +40,9 @@ function customer_has_email($customerno, $email)
40 40
 function validate_token($customerno, $token)
41 41
 {
42 42
   expire_tokens();
43
-  $customerno = (int) $customerno;
44
-  $token = db_escape_string($token);
45
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
43
+  $args = array(":cid" => $customerno,
44
+                ":token" => $token);
45
+  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND token=:token", $args);
46 46
   return ($result->rowCount() > 0);
47 47
 }
48 48
 
... ...
@@ -50,8 +50,7 @@ function validate_token($customerno, $token)
50 50
 function get_uid_for_token($token) 
51 51
 {
52 52
   expire_tokens();
53
-  $token = db_escape_string($token);
54
-  $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
53
+  $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", array($token));
55 54
   if ($result->rowCount() == 0) {
56 55
     return NULL;
57 56
   }
... ...
@@ -61,8 +60,7 @@ function get_uid_for_token($token)
61 60
 
62 61
 function get_username_for_uid($uid) 
63 62
 {
64
-  $uid = (int) $uid;
65
-  $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
63
+  $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", array($uid));
66 64
   if ($result->rowCount() != 1) {
67 65
     system_failure("Unexpected number of users with this uid (!= 1)!");
68 66
   }
... ...
@@ -73,9 +71,9 @@ function get_username_for_uid($uid)
73 71
 function validate_uid_token($uid, $token)
74 72
 {
75 73
   expire_tokens();
76
-  $uid = (int) $uid;
77
-  $token = db_escape_string($token);
78
-  $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
74
+  $args = array(":uid" => $uid,
75
+                ":token" => $token);
76
+  $result = db_query("SELECT NULL FROM system.usertoken WHERE uid=:uid AND token=:token", $args);
79 77
   return ($result->rowCount() > 0);
80 78
 }
81 79
 
... ...
@@ -89,38 +87,35 @@ function expire_tokens()
89 87
 
90 88
 function invalidate_customer_token($customerno)
91 89
 {
92
-  $customerno = (int) $customerno;
93
-  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
90
+  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
94 91
 }
95 92
  
96 93
 function invalidate_systemuser_token($uid)
97 94
 {
98
-  $uid = (int) $uid;
99
-  db_query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;");
95
+  db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
100 96
 }
101 97
  
102 98
 function create_token($username)
103 99
 {
104
-  $username = db_escape_string($username);
105 100
   expire_tokens();
106
-  $result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
101
+  $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
107 102
   $uid = (int) $result->fetch()['uid'];
108 103
   
109
-  $result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
104
+  $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
110 105
   if ($result->rowCount() > 0) {
111 106
     system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
112 107
   }
113 108
   
114
-  $token = random_string(16);
115
-  db_query("INSERT INTO system.usertoken VALUES ({$uid}, NOW(), NOW() + INTERVAL 1 DAY, '{$token}')");
109
+  $args = array(":uid" => $uid,
110
+                ":token" => random_string(16));
111
+  db_query("INSERT INTO system.usertoken VALUES (:uid} NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
116 112
   return true;
117 113
 }
118 114
 
119 115
 
120 116
 function emailaddress_for_user($username)
121 117
 {
122
-  $username = db_escape_string($username);
123
-  $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
118
+  $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
124 119
   $data = $result->fetch();
125 120
   return $data['email'];
126 121
 }
... ...
@@ -128,9 +123,8 @@ function emailaddress_for_user($username)
128 123
 
129 124
 function get_customer_token($customerno)
130 125
 {
131
-  $customerno = (int) $customerno;
132 126
   expire_tokens();
133
-  $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
127
+  $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", array($customerno));
134 128
   if ($result->rowCount() < 1)
135 129
     system_failure("Kann das Token nicht auslesen!");
136 130
   return $result->fetch(PDO::FETCH_OBJ)->token;
... ...
@@ -139,8 +133,7 @@ function get_customer_token($customerno)
139 133
 
140 134
 function get_user_token($username) 
141 135
 {
142
-  $username = db_escape_string($username);
143
-  $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
136
+  $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", array($username));
144 137
   $tmp = $result->fetch();
145 138
   return $tmp['token'];
146 139
 }
Browse code

Umstellung auf PDO-Datenbankverbindung

Bernd Wurst authored on01/02/2014 18:38:23
Showing1 changed files
... ...
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15 15
 */
16 16
 
17
-require_once('inc/db_connect.php');
18 17
 require_once('session/checkuser.php');
19 18
 
20 19
 function user_customer_match($cust, $user)
21 20
 {
22 21
   $customerno = (int) $cust;
23
-  $username = mysql_real_escape_string($user);
22
+  $username = db_escape_string($user);
24 23
   $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
25
-  if (mysql_num_rows($result) > 0)
24
+  if ($result->rowCount() > 0)
26 25
     return true;
27 26
   return false;
28 27
 }
... ...
@@ -32,9 +31,9 @@ function user_customer_match($cust, $user)
32 31
 function customer_has_email($customerno, $email)
33 32
 {
34 33
   $customerno = (int) $customerno;
35
-  $email = mysql_real_escape_string($email);
34
+  $email = db_escape_string($email);
36 35
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
37
-  return (mysql_num_rows($result) > 0);
36
+  return ($result->rowCount() > 0);
38 37
 }
39 38
 
40 39
 
... ...
@@ -42,21 +41,21 @@ function validate_token($customerno, $token)
42 41
 {
43 42
   expire_tokens();
44 43
   $customerno = (int) $customerno;
45
-  $token = mysql_real_escape_string($token);
44
+  $token = db_escape_string($token);
46 45
   $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
47
-  return (mysql_num_rows($result) > 0);
46
+  return ($result->rowCount() > 0);
48 47
 }
49 48
 
50 49
 
51 50
 function get_uid_for_token($token) 
52 51
 {
53 52
   expire_tokens();
54
-  $token = mysql_real_escape_string($token);
53
+  $token = db_escape_string($token);
55 54
   $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
56
-  if (mysql_num_rows($result) == 0) {
55
+  if ($result->rowCount() == 0) {
57 56
     return NULL;
58 57
   }
59
-  $data = mysql_fetch_assoc($result);
58
+  $data = $result->fetch();
60 59
   return $data['uid'];  
61 60
 }
62 61
 
... ...
@@ -64,10 +63,10 @@ function get_username_for_uid($uid)
64 63
 {
65 64
   $uid = (int) $uid;
66 65
   $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
67
-  if (mysql_num_rows($result) != 1) {
66
+  if ($result->rowCount() != 1) {
68 67
     system_failure("Unexpected number of users with this uid (!= 1)!");
69 68
   }
70
-  $item = mysql_fetch_assoc($result);
69
+  $item = $result->fetch();
71 70
   return $item['username'];
72 71
 }
73 72
 
... ...
@@ -75,9 +74,9 @@ function validate_uid_token($uid, $token)
75 74
 {
76 75
   expire_tokens();
77 76
   $uid = (int) $uid;
78
-  $token = mysql_real_escape_string($token);
77
+  $token = db_escape_string($token);
79 78
   $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
80
-  return (mysql_num_rows($result) > 0);
79
+  return ($result->rowCount() > 0);
81 80
 }
82 81
 
83 82
 
... ...
@@ -102,13 +101,13 @@ function invalidate_systemuser_token($uid)
102 101
  
103 102
 function create_token($username)
104 103
 {
105
-  $username = mysql_real_escape_string($username);
104
+  $username = db_escape_string($username);
106 105
   expire_tokens();
107 106
   $result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
108
-  $uid = (int) mysql_fetch_assoc($result)['uid'];
107
+  $uid = (int) $result->fetch()['uid'];
109 108
   
110 109
   $result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
111
-  if (mysql_num_rows($result) > 0) {
110
+  if ($result->rowCount() > 0) {
112 111
     system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
113 112
   }
114 113
   
... ...
@@ -120,9 +119,9 @@ function create_token($username)
120 119
 
121 120
 function emailaddress_for_user($username)
122 121
 {
123
-  $username = mysql_real_escape_string($username);
122
+  $username = db_escape_string($username);
124 123
   $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
125
-  $data = mysql_fetch_assoc($result);
124
+  $data = $result->fetch();
126 125
   return $data['email'];
127 126
 }
128 127
 
... ...
@@ -132,17 +131,17 @@ function get_customer_token($customerno)
132 131
   $customerno = (int) $customerno;
133 132
   expire_tokens();
134 133
   $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
135
-  if (mysql_num_rows($result) < 1)
134
+  if ($result->rowCount() < 1)
136 135
     system_failure("Kann das Token nicht auslesen!");
137
-  return mysql_fetch_object($result)->token;
136
+  return $result->fetch(PDO::FETCH_OBJ)->token;
138 137
 }
139 138
 
140 139
 
141 140
 function get_user_token($username) 
142 141
 {
143
-  $username = mysql_real_escape_string($username);
142
+  $username = db_escape_string($username);
144 143
   $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
145
-  $tmp = mysql_fetch_assoc($result);
144
+  $tmp = $result->fetch();
146 145
   return $tmp['token'];
147 146
 }
148 147
 
Browse code

Ermögliche Kunden sich einen Password-Reset-Link zu senden

Bernd Wurst authored on15/01/2014 18:15:09
Showing1 changed files
... ...
@@ -17,6 +17,18 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
17 17
 require_once('inc/db_connect.php');
18 18
 require_once('session/checkuser.php');
19 19
 
20
+function user_customer_match($cust, $user)
21
+{
22
+  $customerno = (int) $cust;
23
+  $username = mysql_real_escape_string($user);
24
+  $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
25
+  if (mysql_num_rows($result) > 0)
26
+    return true;
27
+  return false;
28
+}
29
+
30
+
31
+
20 32
 function customer_has_email($customerno, $email)
21 33
 {
22 34
   $customerno = (int) $customerno;
... ...
@@ -88,23 +100,33 @@ function invalidate_systemuser_token($uid)
88 100
   db_query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;");
89 101
 }
90 102
  
91
-function create_token($customerno)
103
+function create_token($username)
92 104
 {
93
-  $customerno = (int) $customerno;
105
+  $username = mysql_real_escape_string($username);
94 106
   expire_tokens();
95
-  $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
96
-  if (mysql_num_rows($result) > 0)
97
-  {
98
-    $res = mysql_fetch_object($result)->token_create;
99
-    input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
100
-    return false;
107
+  $result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
108
+  $uid = (int) mysql_fetch_assoc($result)['uid'];
109
+  
110
+  $result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
111
+  if (mysql_num_rows($result) > 0) {
112
+    system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
101 113
   }
102
-  $token = random_string(10);
103
-  db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
114
+  
115
+  $token = random_string(16);
116
+  db_query("INSERT INTO system.usertoken VALUES ({$uid}, NOW(), NOW() + INTERVAL 1 DAY, '{$token}')");
104 117
   return true;
105 118
 }
106 119
 
107 120
 
121
+function emailaddress_for_user($username)
122
+{
123
+  $username = mysql_real_escape_string($username);
124
+  $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
125
+  $data = mysql_fetch_assoc($result);
126
+  return $data['email'];
127
+}
128
+
129
+
108 130
 function get_customer_token($customerno)
109 131
 {
110 132
   $customerno = (int) $customerno;
... ...
@@ -116,4 +138,12 @@ function get_customer_token($customerno)
116 138
 }
117 139
 
118 140
 
141
+function get_user_token($username) 
142
+{
143
+  $username = mysql_real_escape_string($username);
144
+  $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
145
+  $tmp = mysql_fetch_assoc($result);
146
+  return $tmp['token'];
147
+}
148
+
119 149
 ?>
Browse code

Zeige Username beim Password-Setzen / Prüfe hinterher auf problematische Zeichen, statt dem Benutzer anzuzeigen dass er de nicht verwenden soll

Bernd Wurst authored on02/03/2013 15:57:40
Showing1 changed files
... ...
@@ -48,6 +48,17 @@ function get_uid_for_token($token)
48 48
   return $data['uid'];  
49 49
 }
50 50
 
51
+function get_username_for_uid($uid) 
52
+{
53
+  $uid = (int) $uid;
54
+  $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
55
+  if (mysql_num_rows($result) != 1) {
56
+    system_failure("Unexpected number of users with this uid (!= 1)!");
57
+  }
58
+  $item = mysql_fetch_assoc($result);
59
+  return $item['username'];
60
+}
61
+
51 62
 function validate_uid_token($uid, $token)
52 63
 {
53 64
   expire_tokens();
Browse code

Erlaube Useraccount-Initialisierung mit Kurz-URL /initXYZ

Bernd Wurst authored on27/02/2013 15:07:09
Showing1 changed files
... ...
@@ -36,6 +36,18 @@ function validate_token($customerno, $token)
36 36
 }
37 37
 
38 38
 
39
+function get_uid_for_token($token) 
40
+{
41
+  expire_tokens();
42
+  $token = mysql_real_escape_string($token);
43
+  $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
44
+  if (mysql_num_rows($result) == 0) {
45
+    return NULL;
46
+  }
47
+  $data = mysql_fetch_assoc($result);
48
+  return $data['uid'];  
49
+}
50
+
39 51
 function validate_uid_token($uid, $token)
40 52
 {
41 53
   expire_tokens();
Browse code

Updated copyright notice (2012 => 2013)

Bernd Wurst authored on19/01/2013 10:49:50
Showing1 changed files
... ...
@@ -2,7 +2,7 @@
2 2
 /*
3 3
 This file belongs to the Webinterface of schokokeks.org Hosting
4 4
 
5
-Written 2008-2012 by schokokeks.org Hosting, namely
5
+Written 2008-2013 by schokokeks.org Hosting, namely
6 6
   Bernd Wurst <bernd@schokokeks.org>
7 7
   Hanno Böck <hanno@schokokeks.org>
8 8
 
Browse code

Added license tags for CC0, README and COPYING

Bernd Wurst authored on11/03/2012 15:40:04
Showing1 changed files
... ...
@@ -1,4 +1,18 @@
1 1
 <?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2012 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
2 16
 
3 17
 require_once('inc/db_connect.php');
4 18
 require_once('session/checkuser.php');

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1687 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on01/03/2010 15:05:21
Showing1 changed files
... ...
@@ -7,7 +7,7 @@ function customer_has_email($customerno, $email)
7 7
 {
8 8
   $customerno = (int) $customerno;
9 9
   $email = mysql_real_escape_string($email);
10
-  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
10
+  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
11 11
   return (mysql_num_rows($result) > 0);
12 12
 }
13 13
 
Browse code

Tabelle 'kundenkontakt' komplett entfernt

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1680 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on21/02/2010 08:26:39
Showing1 changed files
... ...
@@ -7,7 +7,7 @@ function customer_has_email($customerno, $email)
7 7
 {
8 8
   $customerno = (int) $customerno;
9 9
   $email = mysql_real_escape_string($email);
10
-  $result = db_query("SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';");
10
+  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
11 11
   return (mysql_num_rows($result) > 0);
12 12
 }
13 13
 
Browse code

one-time-URLs für systemuser

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1078 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on19/05/2008 17:59:56
Showing1 changed files
... ...
@@ -22,10 +22,21 @@ function validate_token($customerno, $token)
22 22
 }
23 23
 
24 24
 
25
+function validate_uid_token($uid, $token)
26
+{
27
+  expire_tokens();
28
+  $uid = (int) $uid;
29
+  $token = mysql_real_escape_string($token);
30
+  $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
31
+  return (mysql_num_rows($result) > 0);
32
+}
33
+
34
+
25 35
 function expire_tokens()
26 36
 {
27 37
   $expire = "1 DAY";
28 38
   db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
39
+  db_query("DELETE FROM system.usertoken WHERE expire < NOW();");
29 40
 }
30 41
 
31 42
 function invalidate_customer_token($customerno)
... ...
@@ -34,6 +45,12 @@ function invalidate_customer_token($customerno)
34 45
   db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
35 46
 }
36 47
  
48
+function invalidate_systemuser_token($uid)
49
+{
50
+  $uid = (int) $uid;
51
+  db_query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;");
52
+}
53
+ 
37 54
 function create_token($customerno)
38 55
 {
39 56
   $customerno = (int) $customerno;
Browse code

sql-abfragen abstrahiert

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@512 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on18/06/2007 08:19:16
Showing1 changed files
... ...
@@ -7,10 +7,7 @@ function customer_has_email($customerno, $email)
7 7
 {
8 8
   $customerno = (int) $customerno;
9 9
   $email = mysql_real_escape_string($email);
10
-  $query = "SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';";
11
-  $result = @mysql_query($query);
12
-  if (mysql_error())
13
-    system_failure(mysql_error());
10
+  $result = db_query("SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';");
14 11
   return (mysql_num_rows($result) > 0);
15 12
 }
16 13
 
... ...
@@ -20,9 +17,7 @@ function validate_token($customerno, $token)
20 17
   expire_tokens();
21 18
   $customerno = (int) $customerno;
22 19
   $token = mysql_real_escape_string($token);
23
-  $result = @mysql_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
24
-  if (mysql_error())
25
-    system_failure(mysql_error());
20
+  $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
26 21
   return (mysql_num_rows($result) > 0);
27 22
 }
28 23
 
... ...
@@ -30,20 +25,20 @@ function validate_token($customerno, $token)
30 25
 function expire_tokens()
31 26
 {
32 27
   $expire = "1 DAY";
33
-  @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
28
+  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
34 29
 }
35 30
 
36 31
 function invalidate_customer_token($customerno)
37 32
 {
38 33
   $customerno = (int) $customerno;
39
-  @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
34
+  db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
40 35
 }
41 36
  
42 37
 function create_token($customerno)
43 38
 {
44 39
   $customerno = (int) $customerno;
45 40
   expire_tokens();
46
-  $result = @mysql_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
41
+  $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
47 42
   if (mysql_num_rows($result) > 0)
48 43
   {
49 44
     $res = mysql_fetch_object($result)->token_create;
... ...
@@ -51,10 +46,7 @@ function create_token($customerno)
51 46
     return false;
52 47
   }
53 48
   $token = random_string(10);
54
-  $query = "UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;";
55
-  @mysql_query($query);
56
-  if (mysql_error())
57
-    system_failure(mysql_error());
49
+  db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
58 50
   return true;
59 51
 }
60 52
 
... ...
@@ -63,9 +55,7 @@ function get_customer_token($customerno)
63 55
 {
64 56
   $customerno = (int) $customerno;
65 57
   expire_tokens();
66
-  $result = @mysql_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
67
-  if (mysql_error())
68
-    system_failure(mysql_error());
58
+  $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
69 59
   if (mysql_num_rows($result) < 1)
70 60
     system_failure("Kann das Token nicht auslesen!");
71 61
   return mysql_fetch_object($result)->token;
Browse code

webinterface => /webinterface

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@362 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on27/03/2007 07:40:51
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,75 @@
1
+<?php
2
+
3
+require_once('inc/db_connect.php');
4
+require_once('session/checkuser.php');
5
+
6
+function customer_has_email($customerno, $email)
7
+{
8
+  $customerno = (int) $customerno;
9
+  $email = mysql_real_escape_string($email);
10
+  $query = "SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';";
11
+  $result = @mysql_query($query);
12
+  if (mysql_error())
13
+    system_failure(mysql_error());
14
+  return (mysql_num_rows($result) > 0);
15
+}
16
+
17
+
18
+function validate_token($customerno, $token)
19
+{
20
+  expire_tokens();
21
+  $customerno = (int) $customerno;
22
+  $token = mysql_real_escape_string($token);
23
+  $result = @mysql_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
24
+  if (mysql_error())
25
+    system_failure(mysql_error());
26
+  return (mysql_num_rows($result) > 0);
27
+}
28
+
29
+
30
+function expire_tokens()
31
+{
32
+  $expire = "1 DAY";
33
+  @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
34
+}
35
+
36
+function invalidate_customer_token($customerno)
37
+{
38
+  $customerno = (int) $customerno;
39
+  @mysql_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
40
+}
41
+ 
42
+function create_token($customerno)
43
+{
44
+  $customerno = (int) $customerno;
45
+  expire_tokens();
46
+  $result = @mysql_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
47
+  if (mysql_num_rows($result) > 0)
48
+  {
49
+    $res = mysql_fetch_object($result)->token_create;
50
+    input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
51
+    return false;
52
+  }
53
+  $token = random_string(10);
54
+  $query = "UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;";
55
+  @mysql_query($query);
56
+  if (mysql_error())
57
+    system_failure(mysql_error());
58
+  return true;
59
+}
60
+
61
+
62
+function get_customer_token($customerno)
63
+{
64
+  $customerno = (int) $customerno;
65
+  expire_tokens();
66
+  $result = @mysql_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
67
+  if (mysql_error())
68
+    system_failure(mysql_error());
69
+  if (mysql_num_rows($result) < 1)
70
+    system_failure("Kann das Token nicht auslesen!");
71
+  return mysql_fetch_object($result)->token;
72
+}
73
+
74
+
75
+?>