Browse code
Change license from CC0 to 0BSD, all contributors agreed
Hanno Böck authored on 20/08/2022 09:22:23
Showing 1 changed files
| ... | ... |
@@ -2,14 +2,11 @@ |
| 2 | 2 |
/* |
| 3 | 3 |
This file belongs to the Webinterface of schokokeks.org Hosting |
| 4 | 4 |
|
| 5 |
-Written 2008-2018 by schokokeks.org Hosting, namely |
|
| 5 |
+Written by schokokeks.org Hosting, namely |
|
| 6 | 6 |
Bernd Wurst <bernd@schokokeks.org> |
| 7 | 7 |
Hanno Böck <hanno@schokokeks.org> |
| 8 | 8 |
|
| 9 |
-To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
| 10 |
- |
|
| 11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 12 |
-http://creativecommons.org/publicdomain/zero/1.0/ |
|
| 9 |
+This code is published under a 0BSD license. |
|
| 13 | 10 |
|
| 14 | 11 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 12 |
*/ |
Browse code
Codingstyle PSR12 + array syntax
Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
| ... | ... |
@@ -18,8 +18,8 @@ require_once('session/checkuser.php');
|
| 18 | 18 |
|
| 19 | 19 |
function user_customer_match($cust, $user) |
| 20 | 20 |
{
|
| 21 |
- $args = array(":cid" => $cust,
|
|
| 22 |
- ":user" => $user); |
|
| 21 |
+ $args = [":cid" => $cust, |
|
| 22 |
+ ":user" => $user, ]; |
|
| 23 | 23 |
$result = db_query("SELECT uid FROM system.useraccounts WHERE kunde=:cid AND username=:user AND kundenaccount=1", $args);
|
| 24 | 24 |
if ($result->rowCount() > 0) {
|
| 25 | 25 |
return true; |
| ... | ... |
@@ -29,7 +29,7 @@ function user_customer_match($cust, $user) |
| 29 | 29 |
|
| 30 | 30 |
function find_username($input) |
| 31 | 31 |
{
|
| 32 |
- $args = array(":user" => $input);
|
|
| 32 |
+ $args = [":user" => $input]; |
|
| 33 | 33 |
$result = db_query("SELECT username FROM system.useraccounts WHERE username=:user AND kundenaccount=1", $args);
|
| 34 | 34 |
if ($result->rowCount() > 0) {
|
| 35 | 35 |
$line = $result->fetch(); |
| ... | ... |
@@ -41,8 +41,8 @@ function find_username($input) |
| 41 | 41 |
|
| 42 | 42 |
function customer_has_email($customerno, $email) |
| 43 | 43 |
{
|
| 44 |
- $args = array(":cid" => $customerno,
|
|
| 45 |
- ":email" => $email); |
|
| 44 |
+ $args = [":cid" => $customerno, |
|
| 45 |
+ ":email" => $email, ]; |
|
| 46 | 46 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND (email=:email OR email_extern=:email OR email_rechnung=:email)", $args);
|
| 47 | 47 |
return ($result->rowCount() > 0); |
| 48 | 48 |
} |
| ... | ... |
@@ -51,8 +51,8 @@ function customer_has_email($customerno, $email) |
| 51 | 51 |
function validate_token($customerno, $token) |
| 52 | 52 |
{
|
| 53 | 53 |
expire_tokens(); |
| 54 |
- $args = array(":cid" => $customerno,
|
|
| 55 |
- ":token" => $token); |
|
| 54 |
+ $args = [":cid" => $customerno, |
|
| 55 |
+ ":token" => $token, ]; |
|
| 56 | 56 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND token=:token", $args);
|
| 57 | 57 |
return ($result->rowCount() > 0); |
| 58 | 58 |
} |
| ... | ... |
@@ -61,7 +61,7 @@ function validate_token($customerno, $token) |
| 61 | 61 |
function get_uid_for_token($token) |
| 62 | 62 |
{
|
| 63 | 63 |
expire_tokens(); |
| 64 |
- $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", array($token));
|
|
| 64 |
+ $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", [$token]);
|
|
| 65 | 65 |
if ($result->rowCount() == 0) {
|
| 66 | 66 |
return null; |
| 67 | 67 |
} |
| ... | ... |
@@ -71,7 +71,7 @@ function get_uid_for_token($token) |
| 71 | 71 |
|
| 72 | 72 |
function get_username_for_uid($uid) |
| 73 | 73 |
{
|
| 74 |
- $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", array($uid));
|
|
| 74 |
+ $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", [$uid]);
|
|
| 75 | 75 |
if ($result->rowCount() != 1) {
|
| 76 | 76 |
system_failure("Unexpected number of users with this uid (!= 1)!");
|
| 77 | 77 |
} |
| ... | ... |
@@ -82,8 +82,8 @@ function get_username_for_uid($uid) |
| 82 | 82 |
function validate_uid_token($uid, $token) |
| 83 | 83 |
{
|
| 84 | 84 |
expire_tokens(); |
| 85 |
- $args = array(":uid" => $uid,
|
|
| 86 |
- ":token" => $token); |
|
| 85 |
+ $args = [":uid" => $uid, |
|
| 86 |
+ ":token" => $token, ]; |
|
| 87 | 87 |
$result = db_query("SELECT NULL FROM system.usertoken WHERE uid=:uid AND token=:token", $args);
|
| 88 | 88 |
return ($result->rowCount() > 0); |
| 89 | 89 |
} |
| ... | ... |
@@ -98,27 +98,27 @@ function expire_tokens() |
| 98 | 98 |
|
| 99 | 99 |
function invalidate_customer_token($customerno) |
| 100 | 100 |
{
|
| 101 |
- db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
|
|
| 101 |
+ db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", [$customerno]);
|
|
| 102 | 102 |
} |
| 103 | 103 |
|
| 104 | 104 |
function invalidate_systemuser_token($uid) |
| 105 | 105 |
{
|
| 106 |
- db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
|
|
| 106 |
+ db_query("DELETE FROM system.usertoken WHERE uid=?", [$uid]);
|
|
| 107 | 107 |
} |
| 108 | 108 |
|
| 109 | 109 |
function create_token($username) |
| 110 | 110 |
{
|
| 111 | 111 |
expire_tokens(); |
| 112 |
- $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
|
|
| 112 |
+ $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", [$username]);
|
|
| 113 | 113 |
$uid = (int) $result->fetch()['uid']; |
| 114 | 114 |
|
| 115 |
- $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
|
|
| 115 |
+ $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", [$uid]);
|
|
| 116 | 116 |
if ($result->rowCount() > 0) {
|
| 117 | 117 |
system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
|
| 118 | 118 |
} |
| 119 | 119 |
|
| 120 |
- $args = array(":uid" => $uid,
|
|
| 121 |
- ":token" => random_string(16)); |
|
| 120 |
+ $args = [":uid" => $uid, |
|
| 121 |
+ ":token" => random_string(16), ]; |
|
| 122 | 122 |
db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
|
| 123 | 123 |
return true; |
| 124 | 124 |
} |
| ... | ... |
@@ -126,7 +126,7 @@ function create_token($username) |
| 126 | 126 |
|
| 127 | 127 |
function emailaddress_for_user($username) |
| 128 | 128 |
{
|
| 129 |
- $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
|
|
| 129 |
+ $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", [$username]);
|
|
| 130 | 130 |
$data = $result->fetch(); |
| 131 | 131 |
return $data['email']; |
| 132 | 132 |
} |
| ... | ... |
@@ -135,7 +135,7 @@ function emailaddress_for_user($username) |
| 135 | 135 |
function get_customer_token($customerno) |
| 136 | 136 |
{
|
| 137 | 137 |
expire_tokens(); |
| 138 |
- $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", array($customerno));
|
|
| 138 |
+ $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", [$customerno]);
|
|
| 139 | 139 |
if ($result->rowCount() < 1) {
|
| 140 | 140 |
system_failure("Kann das Token nicht auslesen!");
|
| 141 | 141 |
} |
| ... | ... |
@@ -145,7 +145,7 @@ function get_customer_token($customerno) |
| 145 | 145 |
|
| 146 | 146 |
function get_user_token($username) |
| 147 | 147 |
{
|
| 148 |
- $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", array($username));
|
|
| 148 |
+ $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", [$username]);
|
|
| 149 | 149 |
$tmp = $result->fetch(); |
| 150 | 150 |
return $tmp['token']; |
| 151 | 151 |
} |
Browse code
remove whitespace in empty lines
Hanno authored on 26/06/2018 23:36:40
Showing 1 changed files
| ... | ... |
@@ -100,23 +100,23 @@ function invalidate_customer_token($customerno) |
| 100 | 100 |
{
|
| 101 | 101 |
db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
|
| 102 | 102 |
} |
| 103 |
- |
|
| 103 |
+ |
|
| 104 | 104 |
function invalidate_systemuser_token($uid) |
| 105 | 105 |
{
|
| 106 | 106 |
db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
|
| 107 | 107 |
} |
| 108 |
- |
|
| 108 |
+ |
|
| 109 | 109 |
function create_token($username) |
| 110 | 110 |
{
|
| 111 | 111 |
expire_tokens(); |
| 112 | 112 |
$result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
|
| 113 | 113 |
$uid = (int) $result->fetch()['uid']; |
| 114 |
- |
|
| 114 |
+ |
|
| 115 | 115 |
$result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
|
| 116 | 116 |
if ($result->rowCount() > 0) {
|
| 117 | 117 |
system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
|
| 118 | 118 |
} |
| 119 |
- |
|
| 119 |
+ |
|
| 120 | 120 |
$args = array(":uid" => $uid,
|
| 121 | 121 |
":token" => random_string(16)); |
| 122 | 122 |
db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
|
Browse code
Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/
Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
| ... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
| 8 | 8 |
|
| 9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
| 10 | 10 |
|
| 11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
| 13 | 13 |
|
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| ... | ... |
@@ -18,135 +18,134 @@ require_once('session/checkuser.php');
|
| 18 | 18 |
|
| 19 | 19 |
function user_customer_match($cust, $user) |
| 20 | 20 |
{
|
| 21 |
- $args = array(":cid" => $cust,
|
|
| 21 |
+ $args = array(":cid" => $cust,
|
|
| 22 | 22 |
":user" => $user); |
| 23 |
- $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde=:cid AND username=:user AND kundenaccount=1", $args);
|
|
| 24 |
- if ($result->rowCount() > 0) |
|
| 25 |
- return true; |
|
| 26 |
- return false; |
|
| 23 |
+ $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde=:cid AND username=:user AND kundenaccount=1", $args);
|
|
| 24 |
+ if ($result->rowCount() > 0) {
|
|
| 25 |
+ return true; |
|
| 26 |
+ } |
|
| 27 |
+ return false; |
|
| 27 | 28 |
} |
| 28 | 29 |
|
| 29 |
-function find_username($input) |
|
| 30 |
+function find_username($input) |
|
| 30 | 31 |
{
|
| 31 |
- $args = array(":user" => $input);
|
|
| 32 |
- $result = db_query("SELECT username FROM system.useraccounts WHERE username=:user AND kundenaccount=1", $args);
|
|
| 33 |
- if ($result->rowCount() > 0) |
|
| 34 |
- {
|
|
| 35 |
- $line = $result->fetch(); |
|
| 36 |
- return $line['username']; |
|
| 37 |
- } else {
|
|
| 38 |
- return false; |
|
| 39 |
- } |
|
| 32 |
+ $args = array(":user" => $input);
|
|
| 33 |
+ $result = db_query("SELECT username FROM system.useraccounts WHERE username=:user AND kundenaccount=1", $args);
|
|
| 34 |
+ if ($result->rowCount() > 0) {
|
|
| 35 |
+ $line = $result->fetch(); |
|
| 36 |
+ return $line['username']; |
|
| 37 |
+ } else {
|
|
| 38 |
+ return false; |
|
| 39 |
+ } |
|
| 40 | 40 |
} |
| 41 | 41 |
|
| 42 | 42 |
function customer_has_email($customerno, $email) |
| 43 | 43 |
{
|
| 44 |
- $args = array(":cid" => $customerno,
|
|
| 44 |
+ $args = array(":cid" => $customerno,
|
|
| 45 | 45 |
":email" => $email); |
| 46 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND (email=:email OR email_extern=:email OR email_rechnung=:email)", $args);
|
|
| 47 |
- return ($result->rowCount() > 0); |
|
| 46 |
+ $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND (email=:email OR email_extern=:email OR email_rechnung=:email)", $args);
|
|
| 47 |
+ return ($result->rowCount() > 0); |
|
| 48 | 48 |
} |
| 49 | 49 |
|
| 50 | 50 |
|
| 51 | 51 |
function validate_token($customerno, $token) |
| 52 | 52 |
{
|
| 53 |
- expire_tokens(); |
|
| 54 |
- $args = array(":cid" => $customerno,
|
|
| 53 |
+ expire_tokens(); |
|
| 54 |
+ $args = array(":cid" => $customerno,
|
|
| 55 | 55 |
":token" => $token); |
| 56 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND token=:token", $args);
|
|
| 57 |
- return ($result->rowCount() > 0); |
|
| 56 |
+ $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND token=:token", $args);
|
|
| 57 |
+ return ($result->rowCount() > 0); |
|
| 58 | 58 |
} |
| 59 | 59 |
|
| 60 | 60 |
|
| 61 |
-function get_uid_for_token($token) |
|
| 61 |
+function get_uid_for_token($token) |
|
| 62 | 62 |
{
|
| 63 |
- expire_tokens(); |
|
| 64 |
- $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", array($token));
|
|
| 65 |
- if ($result->rowCount() == 0) {
|
|
| 66 |
- return NULL; |
|
| 67 |
- } |
|
| 68 |
- $data = $result->fetch(); |
|
| 69 |
- return $data['uid']; |
|
| 63 |
+ expire_tokens(); |
|
| 64 |
+ $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", array($token));
|
|
| 65 |
+ if ($result->rowCount() == 0) {
|
|
| 66 |
+ return null; |
|
| 67 |
+ } |
|
| 68 |
+ $data = $result->fetch(); |
|
| 69 |
+ return $data['uid']; |
|
| 70 | 70 |
} |
| 71 | 71 |
|
| 72 |
-function get_username_for_uid($uid) |
|
| 72 |
+function get_username_for_uid($uid) |
|
| 73 | 73 |
{
|
| 74 |
- $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", array($uid));
|
|
| 75 |
- if ($result->rowCount() != 1) {
|
|
| 76 |
- system_failure("Unexpected number of users with this uid (!= 1)!");
|
|
| 77 |
- } |
|
| 78 |
- $item = $result->fetch(); |
|
| 79 |
- return $item['username']; |
|
| 74 |
+ $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", array($uid));
|
|
| 75 |
+ if ($result->rowCount() != 1) {
|
|
| 76 |
+ system_failure("Unexpected number of users with this uid (!= 1)!");
|
|
| 77 |
+ } |
|
| 78 |
+ $item = $result->fetch(); |
|
| 79 |
+ return $item['username']; |
|
| 80 | 80 |
} |
| 81 | 81 |
|
| 82 | 82 |
function validate_uid_token($uid, $token) |
| 83 | 83 |
{
|
| 84 |
- expire_tokens(); |
|
| 85 |
- $args = array(":uid" => $uid,
|
|
| 84 |
+ expire_tokens(); |
|
| 85 |
+ $args = array(":uid" => $uid,
|
|
| 86 | 86 |
":token" => $token); |
| 87 |
- $result = db_query("SELECT NULL FROM system.usertoken WHERE uid=:uid AND token=:token", $args);
|
|
| 88 |
- return ($result->rowCount() > 0); |
|
| 87 |
+ $result = db_query("SELECT NULL FROM system.usertoken WHERE uid=:uid AND token=:token", $args);
|
|
| 88 |
+ return ($result->rowCount() > 0); |
|
| 89 | 89 |
} |
| 90 | 90 |
|
| 91 | 91 |
|
| 92 | 92 |
function expire_tokens() |
| 93 | 93 |
{
|
| 94 |
- $expire = "1 DAY"; |
|
| 95 |
- db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
|
|
| 96 |
- db_query("DELETE FROM system.usertoken WHERE expire < NOW();");
|
|
| 94 |
+ $expire = "1 DAY"; |
|
| 95 |
+ db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
|
|
| 96 |
+ db_query("DELETE FROM system.usertoken WHERE expire < NOW();");
|
|
| 97 | 97 |
} |
| 98 | 98 |
|
| 99 | 99 |
function invalidate_customer_token($customerno) |
| 100 | 100 |
{
|
| 101 |
- db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
|
|
| 101 |
+ db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
|
|
| 102 | 102 |
} |
| 103 | 103 |
|
| 104 | 104 |
function invalidate_systemuser_token($uid) |
| 105 | 105 |
{
|
| 106 |
- db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
|
|
| 106 |
+ db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
|
|
| 107 | 107 |
} |
| 108 | 108 |
|
| 109 | 109 |
function create_token($username) |
| 110 | 110 |
{
|
| 111 |
- expire_tokens(); |
|
| 112 |
- $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
|
|
| 113 |
- $uid = (int) $result->fetch()['uid']; |
|
| 111 |
+ expire_tokens(); |
|
| 112 |
+ $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
|
|
| 113 |
+ $uid = (int) $result->fetch()['uid']; |
|
| 114 | 114 |
|
| 115 |
- $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
|
|
| 116 |
- if ($result->rowCount() > 0) {
|
|
| 117 |
- system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
|
|
| 118 |
- } |
|
| 115 |
+ $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
|
|
| 116 |
+ if ($result->rowCount() > 0) {
|
|
| 117 |
+ system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
|
|
| 118 |
+ } |
|
| 119 | 119 |
|
| 120 |
- $args = array(":uid" => $uid,
|
|
| 120 |
+ $args = array(":uid" => $uid,
|
|
| 121 | 121 |
":token" => random_string(16)); |
| 122 |
- db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
|
|
| 123 |
- return true; |
|
| 122 |
+ db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
|
|
| 123 |
+ return true; |
|
| 124 | 124 |
} |
| 125 | 125 |
|
| 126 | 126 |
|
| 127 | 127 |
function emailaddress_for_user($username) |
| 128 | 128 |
{
|
| 129 |
- $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
|
|
| 130 |
- $data = $result->fetch(); |
|
| 131 |
- return $data['email']; |
|
| 129 |
+ $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
|
|
| 130 |
+ $data = $result->fetch(); |
|
| 131 |
+ return $data['email']; |
|
| 132 | 132 |
} |
| 133 | 133 |
|
| 134 | 134 |
|
| 135 | 135 |
function get_customer_token($customerno) |
| 136 | 136 |
{
|
| 137 |
- expire_tokens(); |
|
| 138 |
- $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", array($customerno));
|
|
| 139 |
- if ($result->rowCount() < 1) |
|
| 140 |
- system_failure("Kann das Token nicht auslesen!");
|
|
| 141 |
- return $result->fetch(PDO::FETCH_OBJ)->token; |
|
| 137 |
+ expire_tokens(); |
|
| 138 |
+ $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", array($customerno));
|
|
| 139 |
+ if ($result->rowCount() < 1) {
|
|
| 140 |
+ system_failure("Kann das Token nicht auslesen!");
|
|
| 141 |
+ } |
|
| 142 |
+ return $result->fetch(PDO::FETCH_OBJ)->token; |
|
| 142 | 143 |
} |
| 143 | 144 |
|
| 144 | 145 |
|
| 145 |
-function get_user_token($username) |
|
| 146 |
+function get_user_token($username) |
|
| 146 | 147 |
{
|
| 147 |
- $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", array($username));
|
|
| 148 |
- $tmp = $result->fetch(); |
|
| 149 |
- return $tmp['token']; |
|
| 148 |
+ $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", array($username));
|
|
| 149 |
+ $tmp = $result->fetch(); |
|
| 150 |
+ return $tmp['token']; |
|
| 150 | 151 |
} |
| 151 |
- |
|
| 152 |
-?> |
Browse code
Copyright year update
Bernd Wurst authored on 13/01/2018 06:07:05
Showing 1 changed files
Browse code
Passwort-Reset-Funktion aktualisiert
Bernd Wurst authored on 12/01/2017 12:17:32
Showing 1 changed files
| ... | ... |
@@ -26,7 +26,18 @@ function user_customer_match($cust, $user) |
| 26 | 26 |
return false; |
| 27 | 27 |
} |
| 28 | 28 |
|
| 29 |
- |
|
| 29 |
+function find_username($input) |
|
| 30 |
+{
|
|
| 31 |
+ $args = array(":user" => $input);
|
|
| 32 |
+ $result = db_query("SELECT username FROM system.useraccounts WHERE username=:user AND kundenaccount=1", $args);
|
|
| 33 |
+ if ($result->rowCount() > 0) |
|
| 34 |
+ {
|
|
| 35 |
+ $line = $result->fetch(); |
|
| 36 |
+ return $line['username']; |
|
| 37 |
+ } else {
|
|
| 38 |
+ return false; |
|
| 39 |
+ } |
|
| 40 |
+} |
|
| 30 | 41 |
|
| 31 | 42 |
function customer_has_email($customerno, $email) |
| 32 | 43 |
{
|
| ... | ... |
@@ -108,7 +119,7 @@ function create_token($username) |
| 108 | 119 |
|
| 109 | 120 |
$args = array(":uid" => $uid,
|
| 110 | 121 |
":token" => random_string(16)); |
| 111 |
- db_query("INSERT INTO system.usertoken VALUES (:uid} NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
|
|
| 122 |
+ db_query("INSERT INTO system.usertoken VALUES (:uid, NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
|
|
| 112 | 123 |
return true; |
| 113 | 124 |
} |
| 114 | 125 |
|
Browse code
Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst
Bernd Wurst authored on 08/02/2014 05:45:07
Showing 1 changed files
Browse code
Modul index auf prepared statements umgestellt
Bernd Wurst authored on 06/02/2014 09:30:25
Showing 1 changed files
| ... | ... |
@@ -18,9 +18,9 @@ require_once('session/checkuser.php');
|
| 18 | 18 |
|
| 19 | 19 |
function user_customer_match($cust, $user) |
| 20 | 20 |
{
|
| 21 |
- $customerno = (int) $cust; |
|
| 22 |
- $username = db_escape_string($user); |
|
| 23 |
- $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
|
|
| 21 |
+ $args = array(":cid" => $cust,
|
|
| 22 |
+ ":user" => $user); |
|
| 23 |
+ $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde=:cid AND username=:user AND kundenaccount=1", $args);
|
|
| 24 | 24 |
if ($result->rowCount() > 0) |
| 25 | 25 |
return true; |
| 26 | 26 |
return false; |
| ... | ... |
@@ -30,9 +30,9 @@ function user_customer_match($cust, $user) |
| 30 | 30 |
|
| 31 | 31 |
function customer_has_email($customerno, $email) |
| 32 | 32 |
{
|
| 33 |
- $customerno = (int) $customerno; |
|
| 34 |
- $email = db_escape_string($email); |
|
| 35 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
|
|
| 33 |
+ $args = array(":cid" => $customerno,
|
|
| 34 |
+ ":email" => $email); |
|
| 35 |
+ $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND (email=:email OR email_extern=:email OR email_rechnung=:email)", $args);
|
|
| 36 | 36 |
return ($result->rowCount() > 0); |
| 37 | 37 |
} |
| 38 | 38 |
|
| ... | ... |
@@ -40,9 +40,9 @@ function customer_has_email($customerno, $email) |
| 40 | 40 |
function validate_token($customerno, $token) |
| 41 | 41 |
{
|
| 42 | 42 |
expire_tokens(); |
| 43 |
- $customerno = (int) $customerno; |
|
| 44 |
- $token = db_escape_string($token); |
|
| 45 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
|
|
| 43 |
+ $args = array(":cid" => $customerno,
|
|
| 44 |
+ ":token" => $token); |
|
| 45 |
+ $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=:cid AND token=:token", $args);
|
|
| 46 | 46 |
return ($result->rowCount() > 0); |
| 47 | 47 |
} |
| 48 | 48 |
|
| ... | ... |
@@ -50,8 +50,7 @@ function validate_token($customerno, $token) |
| 50 | 50 |
function get_uid_for_token($token) |
| 51 | 51 |
{
|
| 52 | 52 |
expire_tokens(); |
| 53 |
- $token = db_escape_string($token); |
|
| 54 |
- $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
|
|
| 53 |
+ $result = db_query("SELECT uid FROM system.usertoken WHERE token=?", array($token));
|
|
| 55 | 54 |
if ($result->rowCount() == 0) {
|
| 56 | 55 |
return NULL; |
| 57 | 56 |
} |
| ... | ... |
@@ -61,8 +60,7 @@ function get_uid_for_token($token) |
| 61 | 60 |
|
| 62 | 61 |
function get_username_for_uid($uid) |
| 63 | 62 |
{
|
| 64 |
- $uid = (int) $uid; |
|
| 65 |
- $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
|
|
| 63 |
+ $result = db_query("SELECT username FROM system.useraccounts WHERE uid=?", array($uid));
|
|
| 66 | 64 |
if ($result->rowCount() != 1) {
|
| 67 | 65 |
system_failure("Unexpected number of users with this uid (!= 1)!");
|
| 68 | 66 |
} |
| ... | ... |
@@ -73,9 +71,9 @@ function get_username_for_uid($uid) |
| 73 | 71 |
function validate_uid_token($uid, $token) |
| 74 | 72 |
{
|
| 75 | 73 |
expire_tokens(); |
| 76 |
- $uid = (int) $uid; |
|
| 77 |
- $token = db_escape_string($token); |
|
| 78 |
- $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
|
|
| 74 |
+ $args = array(":uid" => $uid,
|
|
| 75 |
+ ":token" => $token); |
|
| 76 |
+ $result = db_query("SELECT NULL FROM system.usertoken WHERE uid=:uid AND token=:token", $args);
|
|
| 79 | 77 |
return ($result->rowCount() > 0); |
| 80 | 78 |
} |
| 81 | 79 |
|
| ... | ... |
@@ -89,38 +87,35 @@ function expire_tokens() |
| 89 | 87 |
|
| 90 | 88 |
function invalidate_customer_token($customerno) |
| 91 | 89 |
{
|
| 92 |
- $customerno = (int) $customerno; |
|
| 93 |
- db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
|
|
| 90 |
+ db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id=?", array($customerno));
|
|
| 94 | 91 |
} |
| 95 | 92 |
|
| 96 | 93 |
function invalidate_systemuser_token($uid) |
| 97 | 94 |
{
|
| 98 |
- $uid = (int) $uid; |
|
| 99 |
- db_query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;");
|
|
| 95 |
+ db_query("DELETE FROM system.usertoken WHERE uid=?", array($uid));
|
|
| 100 | 96 |
} |
| 101 | 97 |
|
| 102 | 98 |
function create_token($username) |
| 103 | 99 |
{
|
| 104 |
- $username = db_escape_string($username); |
|
| 105 | 100 |
expire_tokens(); |
| 106 |
- $result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
|
|
| 101 |
+ $result = db_query("SELECT uid FROM system.useraccounts WHERE username=?", array($username));
|
|
| 107 | 102 |
$uid = (int) $result->fetch()['uid']; |
| 108 | 103 |
|
| 109 |
- $result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
|
|
| 104 |
+ $result = db_query("SELECT created FROM system.usertoken WHERE uid=?", array($uid));
|
|
| 110 | 105 |
if ($result->rowCount() > 0) {
|
| 111 | 106 |
system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
|
| 112 | 107 |
} |
| 113 | 108 |
|
| 114 |
- $token = random_string(16); |
|
| 115 |
- db_query("INSERT INTO system.usertoken VALUES ({$uid}, NOW(), NOW() + INTERVAL 1 DAY, '{$token}')");
|
|
| 109 |
+ $args = array(":uid" => $uid,
|
|
| 110 |
+ ":token" => random_string(16)); |
|
| 111 |
+ db_query("INSERT INTO system.usertoken VALUES (:uid} NOW(), NOW() + INTERVAL 1 DAY, :token)", $args);
|
|
| 116 | 112 |
return true; |
| 117 | 113 |
} |
| 118 | 114 |
|
| 119 | 115 |
|
| 120 | 116 |
function emailaddress_for_user($username) |
| 121 | 117 |
{
|
| 122 |
- $username = db_escape_string($username); |
|
| 123 |
- $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
|
|
| 118 |
+ $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username=?", array($username));
|
|
| 124 | 119 |
$data = $result->fetch(); |
| 125 | 120 |
return $data['email']; |
| 126 | 121 |
} |
| ... | ... |
@@ -128,9 +123,8 @@ function emailaddress_for_user($username) |
| 128 | 123 |
|
| 129 | 124 |
function get_customer_token($customerno) |
| 130 | 125 |
{
|
| 131 |
- $customerno = (int) $customerno; |
|
| 132 | 126 |
expire_tokens(); |
| 133 |
- $result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
|
|
| 127 |
+ $result = db_query("SELECT token FROM kundendaten.kunden WHERE id=? AND token IS NOT NULL", array($customerno));
|
|
| 134 | 128 |
if ($result->rowCount() < 1) |
| 135 | 129 |
system_failure("Kann das Token nicht auslesen!");
|
| 136 | 130 |
return $result->fetch(PDO::FETCH_OBJ)->token; |
| ... | ... |
@@ -139,8 +133,7 @@ function get_customer_token($customerno) |
| 139 | 133 |
|
| 140 | 134 |
function get_user_token($username) |
| 141 | 135 |
{
|
| 142 |
- $username = db_escape_string($username); |
|
| 143 |
- $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
|
|
| 136 |
+ $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username=?", array($username));
|
|
| 144 | 137 |
$tmp = $result->fetch(); |
| 145 | 138 |
return $tmp['token']; |
| 146 | 139 |
} |
Browse code
Umstellung auf PDO-Datenbankverbindung
Bernd Wurst authored on 01/02/2014 18:38:23
Showing 1 changed files
| ... | ... |
@@ -14,15 +14,14 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_once('inc/db_connect.php');
|
|
| 18 | 17 |
require_once('session/checkuser.php');
|
| 19 | 18 |
|
| 20 | 19 |
function user_customer_match($cust, $user) |
| 21 | 20 |
{
|
| 22 | 21 |
$customerno = (int) $cust; |
| 23 |
- $username = mysql_real_escape_string($user); |
|
| 22 |
+ $username = db_escape_string($user); |
|
| 24 | 23 |
$result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
|
| 25 |
- if (mysql_num_rows($result) > 0) |
|
| 24 |
+ if ($result->rowCount() > 0) |
|
| 26 | 25 |
return true; |
| 27 | 26 |
return false; |
| 28 | 27 |
} |
| ... | ... |
@@ -32,9 +31,9 @@ function user_customer_match($cust, $user) |
| 32 | 31 |
function customer_has_email($customerno, $email) |
| 33 | 32 |
{
|
| 34 | 33 |
$customerno = (int) $customerno; |
| 35 |
- $email = mysql_real_escape_string($email); |
|
| 34 |
+ $email = db_escape_string($email); |
|
| 36 | 35 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
|
| 37 |
- return (mysql_num_rows($result) > 0); |
|
| 36 |
+ return ($result->rowCount() > 0); |
|
| 38 | 37 |
} |
| 39 | 38 |
|
| 40 | 39 |
|
| ... | ... |
@@ -42,21 +41,21 @@ function validate_token($customerno, $token) |
| 42 | 41 |
{
|
| 43 | 42 |
expire_tokens(); |
| 44 | 43 |
$customerno = (int) $customerno; |
| 45 |
- $token = mysql_real_escape_string($token); |
|
| 44 |
+ $token = db_escape_string($token); |
|
| 46 | 45 |
$result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id={$customerno} AND token='{$token}';");
|
| 47 |
- return (mysql_num_rows($result) > 0); |
|
| 46 |
+ return ($result->rowCount() > 0); |
|
| 48 | 47 |
} |
| 49 | 48 |
|
| 50 | 49 |
|
| 51 | 50 |
function get_uid_for_token($token) |
| 52 | 51 |
{
|
| 53 | 52 |
expire_tokens(); |
| 54 |
- $token = mysql_real_escape_string($token); |
|
| 53 |
+ $token = db_escape_string($token); |
|
| 55 | 54 |
$result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
|
| 56 |
- if (mysql_num_rows($result) == 0) {
|
|
| 55 |
+ if ($result->rowCount() == 0) {
|
|
| 57 | 56 |
return NULL; |
| 58 | 57 |
} |
| 59 |
- $data = mysql_fetch_assoc($result); |
|
| 58 |
+ $data = $result->fetch(); |
|
| 60 | 59 |
return $data['uid']; |
| 61 | 60 |
} |
| 62 | 61 |
|
| ... | ... |
@@ -64,10 +63,10 @@ function get_username_for_uid($uid) |
| 64 | 63 |
{
|
| 65 | 64 |
$uid = (int) $uid; |
| 66 | 65 |
$result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
|
| 67 |
- if (mysql_num_rows($result) != 1) {
|
|
| 66 |
+ if ($result->rowCount() != 1) {
|
|
| 68 | 67 |
system_failure("Unexpected number of users with this uid (!= 1)!");
|
| 69 | 68 |
} |
| 70 |
- $item = mysql_fetch_assoc($result); |
|
| 69 |
+ $item = $result->fetch(); |
|
| 71 | 70 |
return $item['username']; |
| 72 | 71 |
} |
| 73 | 72 |
|
| ... | ... |
@@ -75,9 +74,9 @@ function validate_uid_token($uid, $token) |
| 75 | 74 |
{
|
| 76 | 75 |
expire_tokens(); |
| 77 | 76 |
$uid = (int) $uid; |
| 78 |
- $token = mysql_real_escape_string($token); |
|
| 77 |
+ $token = db_escape_string($token); |
|
| 79 | 78 |
$result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
|
| 80 |
- return (mysql_num_rows($result) > 0); |
|
| 79 |
+ return ($result->rowCount() > 0); |
|
| 81 | 80 |
} |
| 82 | 81 |
|
| 83 | 82 |
|
| ... | ... |
@@ -102,13 +101,13 @@ function invalidate_systemuser_token($uid) |
| 102 | 101 |
|
| 103 | 102 |
function create_token($username) |
| 104 | 103 |
{
|
| 105 |
- $username = mysql_real_escape_string($username); |
|
| 104 |
+ $username = db_escape_string($username); |
|
| 106 | 105 |
expire_tokens(); |
| 107 | 106 |
$result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
|
| 108 |
- $uid = (int) mysql_fetch_assoc($result)['uid']; |
|
| 107 |
+ $uid = (int) $result->fetch()['uid']; |
|
| 109 | 108 |
|
| 110 | 109 |
$result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
|
| 111 |
- if (mysql_num_rows($result) > 0) {
|
|
| 110 |
+ if ($result->rowCount() > 0) {
|
|
| 112 | 111 |
system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
|
| 113 | 112 |
} |
| 114 | 113 |
|
| ... | ... |
@@ -120,9 +119,9 @@ function create_token($username) |
| 120 | 119 |
|
| 121 | 120 |
function emailaddress_for_user($username) |
| 122 | 121 |
{
|
| 123 |
- $username = mysql_real_escape_string($username); |
|
| 122 |
+ $username = db_escape_string($username); |
|
| 124 | 123 |
$result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
|
| 125 |
- $data = mysql_fetch_assoc($result); |
|
| 124 |
+ $data = $result->fetch(); |
|
| 126 | 125 |
return $data['email']; |
| 127 | 126 |
} |
| 128 | 127 |
|
| ... | ... |
@@ -132,17 +131,17 @@ function get_customer_token($customerno) |
| 132 | 131 |
$customerno = (int) $customerno; |
| 133 | 132 |
expire_tokens(); |
| 134 | 133 |
$result = db_query("SELECT token FROM kundendaten.kunden WHERE id={$customerno} AND token IS NOT NULL;");
|
| 135 |
- if (mysql_num_rows($result) < 1) |
|
| 134 |
+ if ($result->rowCount() < 1) |
|
| 136 | 135 |
system_failure("Kann das Token nicht auslesen!");
|
| 137 |
- return mysql_fetch_object($result)->token; |
|
| 136 |
+ return $result->fetch(PDO::FETCH_OBJ)->token; |
|
| 138 | 137 |
} |
| 139 | 138 |
|
| 140 | 139 |
|
| 141 | 140 |
function get_user_token($username) |
| 142 | 141 |
{
|
| 143 |
- $username = mysql_real_escape_string($username); |
|
| 142 |
+ $username = db_escape_string($username); |
|
| 144 | 143 |
$result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
|
| 145 |
- $tmp = mysql_fetch_assoc($result); |
|
| 144 |
+ $tmp = $result->fetch(); |
|
| 146 | 145 |
return $tmp['token']; |
| 147 | 146 |
} |
| 148 | 147 |
|
Browse code
Ermögliche Kunden sich einen Password-Reset-Link zu senden
Bernd Wurst authored on 15/01/2014 18:15:09
Showing 1 changed files
| ... | ... |
@@ -17,6 +17,18 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r |
| 17 | 17 |
require_once('inc/db_connect.php');
|
| 18 | 18 |
require_once('session/checkuser.php');
|
| 19 | 19 |
|
| 20 |
+function user_customer_match($cust, $user) |
|
| 21 |
+{
|
|
| 22 |
+ $customerno = (int) $cust; |
|
| 23 |
+ $username = mysql_real_escape_string($user); |
|
| 24 |
+ $result = db_query("SELECT uid FROM system.useraccounts WHERE kunde={$customerno} AND username='{$username}' AND kundenaccount=1;");
|
|
| 25 |
+ if (mysql_num_rows($result) > 0) |
|
| 26 |
+ return true; |
|
| 27 |
+ return false; |
|
| 28 |
+} |
|
| 29 |
+ |
|
| 30 |
+ |
|
| 31 |
+ |
|
| 20 | 32 |
function customer_has_email($customerno, $email) |
| 21 | 33 |
{
|
| 22 | 34 |
$customerno = (int) $customerno; |
| ... | ... |
@@ -88,23 +100,33 @@ function invalidate_systemuser_token($uid) |
| 88 | 100 |
db_query("DELETE FROM system.usertoken WHERE uid={$uid} LIMIT 1;");
|
| 89 | 101 |
} |
| 90 | 102 |
|
| 91 |
-function create_token($customerno) |
|
| 103 |
+function create_token($username) |
|
| 92 | 104 |
{
|
| 93 |
- $customerno = (int) $customerno; |
|
| 105 |
+ $username = mysql_real_escape_string($username); |
|
| 94 | 106 |
expire_tokens(); |
| 95 |
- $result = db_query("SELECT token_create FROM kundendaten.kunden WHERE id={$customerno} AND token_create IS NOT NULL;");
|
|
| 96 |
- if (mysql_num_rows($result) > 0) |
|
| 97 |
- {
|
|
| 98 |
- $res = mysql_fetch_object($result)->token_create; |
|
| 99 |
- input_error("Sie haben diese Funktion kürzlich erst benutzt, an Ihre E-Mail-Adresse wurde bereits am {$res} eine Nachricht verschickt. Sie können diese Funktion erst nach Ablauf von 24 Stunden erneut benutzen.");
|
|
| 100 |
- return false; |
|
| 107 |
+ $result = db_query("SELECT uid FROM system.useraccounts WHERE username='{$username}'");
|
|
| 108 |
+ $uid = (int) mysql_fetch_assoc($result)['uid']; |
|
| 109 |
+ |
|
| 110 |
+ $result = db_query("SELECT created FROM system.usertoken WHERE uid={$uid}");
|
|
| 111 |
+ if (mysql_num_rows($result) > 0) {
|
|
| 112 |
+ system_failure("Für Ihr Benutzerkonto ist bereits eine Passwort-Erinnerung versendet worden. Bitte wenden Sie sich an den Support wenn Sie diese nicht erhalten haben.");
|
|
| 101 | 113 |
} |
| 102 |
- $token = random_string(10); |
|
| 103 |
- db_query("UPDATE kundendaten.kunden SET token='{$token}', token_create=now() WHERE id={$customerno} LIMIT 1;");
|
|
| 114 |
+ |
|
| 115 |
+ $token = random_string(16); |
|
| 116 |
+ db_query("INSERT INTO system.usertoken VALUES ({$uid}, NOW(), NOW() + INTERVAL 1 DAY, '{$token}')");
|
|
| 104 | 117 |
return true; |
| 105 | 118 |
} |
| 106 | 119 |
|
| 107 | 120 |
|
| 121 |
+function emailaddress_for_user($username) |
|
| 122 |
+{
|
|
| 123 |
+ $username = mysql_real_escape_string($username); |
|
| 124 |
+ $result = db_query("SELECT k.email FROM kundendaten.kunden AS k INNER JOIN system.useraccounts AS u ON (u.kunde=k.id) WHERE u.username='{$username}'");
|
|
| 125 |
+ $data = mysql_fetch_assoc($result); |
|
| 126 |
+ return $data['email']; |
|
| 127 |
+} |
|
| 128 |
+ |
|
| 129 |
+ |
|
| 108 | 130 |
function get_customer_token($customerno) |
| 109 | 131 |
{
|
| 110 | 132 |
$customerno = (int) $customerno; |
| ... | ... |
@@ -116,4 +138,12 @@ function get_customer_token($customerno) |
| 116 | 138 |
} |
| 117 | 139 |
|
| 118 | 140 |
|
| 141 |
+function get_user_token($username) |
|
| 142 |
+{
|
|
| 143 |
+ $username = mysql_real_escape_string($username); |
|
| 144 |
+ $result = db_query("SELECT token FROM system.usertoken AS t INNER JOIN system.useraccounts AS u USING (uid) WHERE username='{$username}'");
|
|
| 145 |
+ $tmp = mysql_fetch_assoc($result); |
|
| 146 |
+ return $tmp['token']; |
|
| 147 |
+} |
|
| 148 |
+ |
|
| 119 | 149 |
?> |
Browse code
Zeige Username beim Password-Setzen / Prüfe hinterher auf problematische Zeichen, statt dem Benutzer anzuzeigen dass er de nicht verwenden soll
Bernd Wurst authored on 02/03/2013 15:57:40
Showing 1 changed files
| ... | ... |
@@ -48,6 +48,17 @@ function get_uid_for_token($token) |
| 48 | 48 |
return $data['uid']; |
| 49 | 49 |
} |
| 50 | 50 |
|
| 51 |
+function get_username_for_uid($uid) |
|
| 52 |
+{
|
|
| 53 |
+ $uid = (int) $uid; |
|
| 54 |
+ $result = db_query("SELECT username FROM system.useraccounts WHERE uid={$uid}");
|
|
| 55 |
+ if (mysql_num_rows($result) != 1) {
|
|
| 56 |
+ system_failure("Unexpected number of users with this uid (!= 1)!");
|
|
| 57 |
+ } |
|
| 58 |
+ $item = mysql_fetch_assoc($result); |
|
| 59 |
+ return $item['username']; |
|
| 60 |
+} |
|
| 61 |
+ |
|
| 51 | 62 |
function validate_uid_token($uid, $token) |
| 52 | 63 |
{
|
| 53 | 64 |
expire_tokens(); |
Browse code
Erlaube Useraccount-Initialisierung mit Kurz-URL /initXYZ
Bernd Wurst authored on 27/02/2013 15:07:09
Showing 1 changed files
| ... | ... |
@@ -36,6 +36,18 @@ function validate_token($customerno, $token) |
| 36 | 36 |
} |
| 37 | 37 |
|
| 38 | 38 |
|
| 39 |
+function get_uid_for_token($token) |
|
| 40 |
+{
|
|
| 41 |
+ expire_tokens(); |
|
| 42 |
+ $token = mysql_real_escape_string($token); |
|
| 43 |
+ $result = db_query("SELECT uid FROM system.usertoken WHERE token='{$token}';");
|
|
| 44 |
+ if (mysql_num_rows($result) == 0) {
|
|
| 45 |
+ return NULL; |
|
| 46 |
+ } |
|
| 47 |
+ $data = mysql_fetch_assoc($result); |
|
| 48 |
+ return $data['uid']; |
|
| 49 |
+} |
|
| 50 |
+ |
|
| 39 | 51 |
function validate_uid_token($uid, $token) |
| 40 | 52 |
{
|
| 41 | 53 |
expire_tokens(); |
Browse code
Updated copyright notice (2012 => 2013)
Bernd Wurst authored on 19/01/2013 10:49:50
Showing 1 changed files
Browse code
Added license tags for CC0, README and COPYING
Bernd Wurst authored on 11/03/2012 15:40:04
Showing 1 changed files
| ... | ... |
@@ -1,4 +1,18 @@ |
| 1 | 1 |
<?php |
| 2 |
+/* |
|
| 3 |
+This file belongs to the Webinterface of schokokeks.org Hosting |
|
| 4 |
+ |
|
| 5 |
+Written 2008-2012 by schokokeks.org Hosting, namely |
|
| 6 |
+ Bernd Wurst <bernd@schokokeks.org> |
|
| 7 |
+ Hanno Böck <hanno@schokokeks.org> |
|
| 8 |
+ |
|
| 9 |
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
| 10 |
+ |
|
| 11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 12 |
+http://creativecommons.org/publicdomain/zero/1.0/ |
|
| 13 |
+ |
|
| 14 |
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
| 15 |
+*/ |
|
| 2 | 16 |
|
| 3 | 17 |
require_once('inc/db_connect.php');
|
| 4 | 18 |
require_once('session/checkuser.php');
|
Browse code
Typo
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1687 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 01/03/2010 15:05:21
Showing 1 changed files
| ... | ... |
@@ -7,7 +7,7 @@ function customer_has_email($customerno, $email) |
| 7 | 7 |
{
|
| 8 | 8 |
$customerno = (int) $customerno; |
| 9 | 9 |
$email = mysql_real_escape_string($email); |
| 10 |
- $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
|
|
| 10 |
+ $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='{$email}' OR email_extern='{$email}' OR email_rechnung='{$email}');");
|
|
| 11 | 11 |
return (mysql_num_rows($result) > 0); |
| 12 | 12 |
} |
| 13 | 13 |
|
Browse code
Tabelle 'kundenkontakt' komplett entfernt
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1680 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 21/02/2010 08:26:39
Showing 1 changed files
| ... | ... |
@@ -7,7 +7,7 @@ function customer_has_email($customerno, $email) |
| 7 | 7 |
{
|
| 8 | 8 |
$customerno = (int) $customerno; |
| 9 | 9 |
$email = mysql_real_escape_string($email); |
| 10 |
- $result = db_query("SELECT NULL FROM kundendaten.kundenkontakt WHERE kundennr=".$customerno." AND wert='".$email."';");
|
|
| 10 |
+ $result = db_query("SELECT NULL FROM kundendaten.kunden WHERE id=".$customerno." AND (email='".$email."' OR email_extern='{$email}' OR email_rechnung='{$email'}');");
|
|
| 11 | 11 |
return (mysql_num_rows($result) > 0); |
| 12 | 12 |
} |
| 13 | 13 |
|
Browse code
one-time-URLs für systemuser
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@1078 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 19/05/2008 17:59:56
Showing 1 changed files
| ... | ... |
@@ -22,10 +22,21 @@ function validate_token($customerno, $token) |
| 22 | 22 |
} |
| 23 | 23 |
|
| 24 | 24 |
|
| 25 |
+function validate_uid_token($uid, $token) |
|
| 26 |
+{
|
|
| 27 |
+ expire_tokens(); |
|
| 28 |
+ $uid = (int) $uid; |
|
| 29 |
+ $token = mysql_real_escape_string($token); |
|
| 30 |
+ $result = db_query("SELECT NULL FROM system.usertoken WHERE uid={$uid} AND token='{$token}';");
|
|
| 31 |
+ return (mysql_num_rows($result) > 0); |
|
| 32 |
+} |
|
| 33 |
+ |
|
| 34 |
+ |
|
| 25 | 35 |
function expire_tokens() |
| 26 | 36 |
{
|
| 27 | 37 |
$expire = "1 DAY"; |
| 28 | 38 |
db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE token_create < NOW() - INTERVAL {$expire};");
|
| 39 |
+ db_query("DELETE FROM system.usertoken WHERE expire < NOW();");
|
|
| 29 | 40 |
} |
| 30 | 41 |
|
| 31 | 42 |
function invalidate_customer_token($customerno) |
| ... | ... |
@@ -34,6 +45,12 @@ function invalidate_customer_token($customerno) |
| 34 | 45 |
db_query("UPDATE kundendaten.kunden SET token=NULL, token_create=NULL WHERE id={$customerno} LIMIT 1;");
|