Browse code

Umstellung von filter_input_general() auf filter_output_html()

Bernd Wurst authored on21/09/2019 17:07:48
Showing1 changed files
... ...
@@ -92,14 +92,14 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
92 92
     } elseif ($_REQUEST['salutation'] == 'Frau') {
93 93
         $c['salutation'] = 'Frau';
94 94
     }
95
-    $c['company'] = verify_input_general(maybe_null($_REQUEST['firma']));
96
-    $c['name'] = verify_input_general(maybe_null($_REQUEST['name']));
97
-    $c['address'] = verify_input_general(maybe_null($_REQUEST['adresse']));
98
-    $c['country'] = verify_input_general(maybe_null(strtoupper($_REQUEST['land'])));
99
-    $c['zip'] = verify_input_general(maybe_null($_REQUEST['plz']));
100
-    $c['city'] = verify_input_general(maybe_null($_REQUEST['ort']));
95
+    $c['company'] = filter_input_general(maybe_null($_REQUEST['firma']));
96
+    $c['name'] = filter_input_general(maybe_null($_REQUEST['name']));
97
+    $c['address'] = filter_input_general(maybe_null($_REQUEST['adresse']));
98
+    $c['country'] = filter_input_oneline(maybe_null(strtoupper($_REQUEST['land'])));
99
+    $c['zip'] = filter_input_oneline(maybe_null($_REQUEST['plz']));
100
+    $c['city'] = filter_input_oneline(maybe_null($_REQUEST['ort']));
101 101
     if ($new && isset($_REQUEST['email'])) {
102
-        $c['email'] = verify_input_general(maybe_null($_REQUEST['email']));
102
+        $c['email'] = filter_input_oneline(maybe_null($_REQUEST['email']));
103 103
         if (!check_emailaddr($c['email'])) {
104 104
             system_failure("Ungültige E-Mail-Adresse!");
105 105
         }
... ...
@@ -107,7 +107,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
107 107
 
108 108
 
109 109
     if (isset($_REQUEST['telefon']) && $_REQUEST['telefon'] != '') {
110
-        $num = format_number(verify_input_general($_REQUEST['telefon']), $_REQUEST['land']);
110
+        $num = format_number(filter_input_oneline($_REQUEST['telefon']), $_REQUEST['land']);
111 111
         if ($num) {
112 112
             $c['phone'] = $num;
113 113
         } else {
... ...
@@ -117,9 +117,13 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
117 117
         $c['phone'] = null;
118 118
     }
119 119
     if (isset($_REQUEST['mobile']) && $_REQUEST['mobile'] != '') {
120
-        $num = format_number(verify_input_general($_REQUEST['mobile']), $_REQUEST['land']);
120
+        $num = format_number(filter_input_oneline($_REQUEST['mobile']), $_REQUEST['land']);
121 121
         if ($num) {
122 122
             $c['mobile'] = $num;
123
+            if (! $c['phone']) {
124
+                // dupliziere die Mobiltelefonnummer als normale Nummer wegen der Nutzung als Domainhandles
125
+                $c['phone'] = $num;
126
+            }
123 127
         } else {
124 128
             system_failure('Die eingegebene Mobiltelefonnummer scheint nicht gültig zu sein!');
125 129
         }
... ...
@@ -127,7 +131,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
127 131
         $c['mobile'] = null;
128 132
     }
129 133
     if (isset($_REQUEST['telefax']) && $_REQUEST['telefax'] != '') {
130
-        $num = format_number(verify_input_general($_REQUEST['telefax']), $_REQUEST['land']);
134
+        $num = format_number(filter_input_oneline($_REQUEST['telefax']), $_REQUEST['land']);
131 135
         if ($num) {
132 136
             $c['fax'] = $num;
133 137
         } else {
... ...
@@ -188,9 +192,9 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
188 192
     $id = save_contact($c);
189 193
     $c['id'] = $id;
190 194
 
191
-    if (isset($_REQUEST['email']) && ($new || $c['email'] != $_REQUEST['email'])) {
195
+    if (isset($_REQUEST['email']) && check_emailaddr($_REQUEST['email']) && ($new || $c['email'] != $_REQUEST['email'])) {
192 196
         if (have_mailaddress($_REQUEST['email'])) {
193
-            save_emailaddress($c['id'], verify_input_general($_REQUEST['email']));
197
+            save_emailaddress($c['id'], $_REQUEST['email']);
194 198
         } else {
195 199
             send_emailchange_token($c['id'], $_REQUEST['email']);
196 200
         }
Browse code

Prüfe die Verwendbarkeit von PGP-Keys umgehend

Bernd Wurst authored on13/03/2019 10:44:34
Showing1 changed files
... ...
@@ -140,14 +140,20 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
140 140
 
141 141
     if (isset($_REQUEST['usepgp']) && $_REQUEST['usepgp'] == 'yes' && isset($_REQUEST['pgpid'])) {
142 142
         $pgpid = preg_replace('/[^0-9a-fA-F]/', '', $_REQUEST['pgpid']);
143
-        DEBUG('PGP-ID: '.$pgpid.' / Länge: '.strlen($pgpid));
144
-        if (strlen($pgpid) == 8 || strlen($pgpid) == 16 || strlen($pgpid) == 40) {
145
-            $c['pgp_id'] = $_REQUEST['pgpid'];
146
-            if (isset($_REQUEST['pgpkey']) && $_REQUEST['pgpkey']) {
147
-                $c['pgp_key'] = $_REQUEST['pgpkey'];
148
-            }
143
+        DEBUG('PGP-ID: '.$pgpid);
144
+        if (isset($_REQUEST['pgpkey']) && $_REQUEST['pgpkey']) {
145
+            DEBUG('Key angegeben, wird importiert');
146
+            $c['pgp_id'] = $pgpid;
147
+            import_pgp_key($_REQUEST['pgpkey']);
148
+            $c['pgp_key'] = $_REQUEST['pgpkey'];
149 149
         } else {
150
-            warning('Ihre PGP-ID wurde nicht übernommen, da sie syntaktisch falsch erscheint');
150
+            DEBUG('Kein Key, wird vom Keyserver geholt!');
151
+            $c['pgp_id'] = fetch_pgp_key($pgpid);
152
+        }
153
+        if (!test_pgp_key($c['pgp_id'])) {
154
+            $c['pgp_id'] = null;
155
+            $c['pgp_key'] = null;
156
+            warning('Ihr PGP-Key wurde nicht übernommen, da er nicht gültig zu sein scheint. Bitte geben Sie im Zweifel die vollständige Key-ID (Fingerprint) und einen Key in der ASCII-Form ein.');
151 157
         }
152 158
     } else {
153 159
         $c['pgp_id'] = null;
Browse code

Ermögliche das Speichern der Anrede für Kontakte

Bernd Wurst authored on29/12/2018 13:43:24
Showing1 changed files
... ...
@@ -86,6 +86,12 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
86 86
         }
87 87
     }
88 88
 
89
+    $c['salutation'] = null;
90
+    if ($_REQUEST['salutation'] == 'Herr') {
91
+        $c['salutation'] = 'Herr';
92
+    } elseif ($_REQUEST['salutation'] == 'Frau') {
93
+        $c['salutation'] = 'Frau';
94
+    }
89 95
     $c['company'] = verify_input_general(maybe_null($_REQUEST['firma']));
90 96
     $c['name'] = verify_input_general(maybe_null($_REQUEST['name']));
91 97
     $c['address'] = verify_input_general(maybe_null($_REQUEST['adresse']));
Browse code

remove whitespace in empty lines

Hanno authored on26/06/2018 23:36:40
Showing1 changed files
... ...
@@ -31,7 +31,7 @@ if (isset($_REQUEST['back'])) {
31 31
 
32 32
 if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
33 33
     $contact = get_contact($_REQUEST['id']);
34
-    
34
+
35 35
     $contact_string = display_contact($contact);
36 36
 
37 37
     $sure = user_is_sure();
... ...
@@ -98,7 +98,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
98 98
             system_failure("Ungültige E-Mail-Adresse!");
99 99
         }
100 100
     }
101
-        
101
+
102 102
 
103 103
     if (isset($_REQUEST['telefon']) && $_REQUEST['telefon'] != '') {
104 104
         $num = format_number(verify_input_general($_REQUEST['telefon']), $_REQUEST['land']);
... ...
@@ -131,7 +131,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
131 131
         $c['fax'] = null;
132 132
     }
133 133
 
134
-    
134
+
135 135
     if (isset($_REQUEST['usepgp']) && $_REQUEST['usepgp'] == 'yes' && isset($_REQUEST['pgpid'])) {
136 136
         $pgpid = preg_replace('/[^0-9a-fA-F]/', '', $_REQUEST['pgpid']);
137 137
         DEBUG('PGP-ID: '.$pgpid.' / Länge: '.strlen($pgpid));
Browse code

Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/

Hanno authored on26/06/2018 13:58:19
Showing1 changed files
... ...
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely
8 8
 
9 9
 To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10 10
 
11
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see
12 12
 http://creativecommons.org/publicdomain/zero/1.0/
13 13
 
14 14
 Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
... ...
@@ -35,30 +35,25 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
35 35
     $contact_string = display_contact($contact);
36 36
 
37 37
     $sure = user_is_sure();
38
-    if ($sure === NULL)
39
-    {
40
-       are_you_sure("action=delete&id={$contact['id']}&back=".urlencode($back), "Möchten Sie diese Adresse wirklich löschen? {$contact_string}");
41
-    }
42
-    elseif ($sure === true)
43
-    {
44
-       delete_contact($contact['id']);
45
-       if (! $debugmode)
46
-           header("Location: ".$back);
47
-    }
48
-    elseif ($sure === false)
49
-    {
50
-        if (! $debugmode)
38
+    if ($sure === null) {
39
+        are_you_sure("action=delete&id={$contact['id']}&back=".urlencode($back), "Möchten Sie diese Adresse wirklich löschen? {$contact_string}");
40
+    } elseif ($sure === true) {
41
+        delete_contact($contact['id']);
42
+        if (! $debugmode) {
51 43
             header("Location: ".$back);
44
+        }
45
+    } elseif ($sure === false) {
46
+        if (! $debugmode) {
47
+            header("Location: ".$back);
48
+        }
52 49
     }
53
-
54
-
55 50
 } else {
56 51
     check_form_token('contacts_edit');
57 52
 
58
-    $new = False;
53
+    $new = false;
59 54
     if ($_REQUEST['id'] == 'new') {
60 55
         title("Adresse anlegen");
61
-        $new = True;
56
+        $new = true;
62 57
     } else {
63 58
         title("Adresse bearbeiten");
64 59
     }
... ...
@@ -78,7 +73,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
78 73
         $_REQUEST['land'] = $c['country'];
79 74
     }
80 75
 
81
-    if ($c['nic_handle'] != NULL) {
76
+    if ($c['nic_handle'] != null) {
82 77
         if ($c['name'] != $_REQUEST['name'] || $c['company'] != $_REQUEST['firma'] || $c['country'] != $_REQUEST['land']) {
83 78
             system_failure('Name/Firma/Land kann bei diesem Kontakt nicht geändert werden.');
84 79
         }
... ...
@@ -113,7 +108,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
113 108
             system_failure('Die eingegebene Telefonnummer scheint nicht gültig zu sein!');
114 109
         }
115 110
     } else {
116
-        $c['phone'] = NULL;
111
+        $c['phone'] = null;
117 112
     }
118 113
     if (isset($_REQUEST['mobile']) && $_REQUEST['mobile'] != '') {
119 114
         $num = format_number(verify_input_general($_REQUEST['mobile']), $_REQUEST['land']);
... ...
@@ -123,7 +118,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
123 118
             system_failure('Die eingegebene Mobiltelefonnummer scheint nicht gültig zu sein!');
124 119
         }
125 120
     } else {
126
-        $c['mobile'] = NULL;
121
+        $c['mobile'] = null;
127 122
     }
128 123
     if (isset($_REQUEST['telefax']) && $_REQUEST['telefax'] != '') {
129 124
         $num = format_number(verify_input_general($_REQUEST['telefax']), $_REQUEST['land']);
... ...
@@ -133,7 +128,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
133 128
             system_failure('Die eingegebene Faxnummer scheint nicht gültig zu sein!');
134 129
         }
135 130
     } else {
136
-        $c['fax'] = NULL;
131
+        $c['fax'] = null;
137 132
     }
138 133
 
139 134
     
... ...
@@ -149,8 +144,8 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
149 144
             warning('Ihre PGP-ID wurde nicht übernommen, da sie syntaktisch falsch erscheint');
150 145
         }
151 146
     } else {
152
-        $c['pgp_id'] = NULL;
153
-        $c['pgp_key'] = NULL;
147
+        $c['pgp_id'] = null;
148
+        $c['pgp_key'] = null;
154 149
     }
155 150
 
156 151
 
... ...
@@ -174,8 +169,8 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
174 169
     }
175 170
 
176 171
     // Zuerst Kontakt speichern und wenn eine Änderung der E-Mail gewünscht war,
177
-    // dann hinterher das Token erzeugen und senden. Weil wir für das Token die 
178
-    // Contact-ID brauchen und die bekommen wir bei einer Neueintragung erst nach 
172
+    // dann hinterher das Token erzeugen und senden. Weil wir für das Token die
173
+    // Contact-ID brauchen und die bekommen wir bei einer Neueintragung erst nach
179 174
     // dem Speichern.
180 175
 
181 176
     $id = save_contact($c);
Browse code

möglicherweise undefinierte Variablen abgefangen

Bernd Wurst authored on26/06/2018 13:48:00
Showing1 changed files
... ...
@@ -97,7 +97,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
97 97
     $c['country'] = verify_input_general(maybe_null(strtoupper($_REQUEST['land'])));
98 98
     $c['zip'] = verify_input_general(maybe_null($_REQUEST['plz']));
99 99
     $c['city'] = verify_input_general(maybe_null($_REQUEST['ort']));
100
-    if ($new) {
100
+    if ($new && isset($_REQUEST['email'])) {
101 101
         $c['email'] = verify_input_general(maybe_null($_REQUEST['email']));
102 102
         if (!check_emailaddr($c['email'])) {
103 103
             system_failure("Ungültige E-Mail-Adresse!");
... ...
@@ -105,7 +105,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
105 105
     }
106 106
         
107 107
 
108
-    if ($_REQUEST['telefon']) {
108
+    if (isset($_REQUEST['telefon']) && $_REQUEST['telefon'] != '') {
109 109
         $num = format_number(verify_input_general($_REQUEST['telefon']), $_REQUEST['land']);
110 110
         if ($num) {
111 111
             $c['phone'] = $num;
... ...
@@ -115,7 +115,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
115 115
     } else {
116 116
         $c['phone'] = NULL;
117 117
     }
118
-    if ($_REQUEST['mobile']) {
118
+    if (isset($_REQUEST['mobile']) && $_REQUEST['mobile'] != '') {
119 119
         $num = format_number(verify_input_general($_REQUEST['mobile']), $_REQUEST['land']);
120 120
         if ($num) {
121 121
             $c['mobile'] = $num;
... ...
@@ -125,7 +125,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
125 125
     } else {
126 126
         $c['mobile'] = NULL;
127 127
     }
128
-    if ($_REQUEST['telefax']) {
128
+    if (isset($_REQUEST['telefax']) && $_REQUEST['telefax'] != '') {
129 129
         $num = format_number(verify_input_general($_REQUEST['telefax']), $_REQUEST['land']);
130 130
         if ($num) {
131 131
             $c['fax'] = $num;
... ...
@@ -161,14 +161,14 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
161 161
             warning('Zur Verwendung als Domaininhaber fehlen noch Angaben.');
162 162
             redirect('edit?id='.$_REQUEST['id'].'&back='.$_REQUEST['back'].'&domainholder=1');
163 163
         }
164
-        if (!have_mailaddress($_REQUEST['email'])) {
164
+        if (isset($_REQUEST['email']) && !have_mailaddress($_REQUEST['email'])) {
165 165
             warning("Die neu angelegte Adresse kann erst dann als Domaininhaber genutzt werden, wenn die E-Mail-Adresse bestätigt wurde.");
166 166
         }
167 167
     }
168 168
 
169 169
     $domains = domainlist_by_contact($c);
170 170
     if ($domains) {
171
-        if ($c['email'] != $_REQUEST['email'] && !(isset($_REQUEST['designated']) && $_REQUEST['designated'] == 'yes')) {
171
+        if (isset($_REQUEST['email']) && $c['email'] != $_REQUEST['email'] && !(isset($_REQUEST['designated']) && $_REQUEST['designated'] == 'yes')) {
172 172
             system_failure("Sie müssen die explizite Zustimmung des Domaininhabers bestätigen um diese Änderungen zu speichern.");
173 173
         }
174 174
     }
... ...
@@ -181,7 +181,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
181 181
     $id = save_contact($c);
182 182
     $c['id'] = $id;
183 183
 
184
-    if ($new || $c['email'] != $_REQUEST['email']) {
184
+    if (isset($_REQUEST['email']) && ($new || $c['email'] != $_REQUEST['email'])) {
185 185
         if (have_mailaddress($_REQUEST['email'])) {
186 186
             save_emailaddress($c['id'], verify_input_general($_REQUEST['email']));
187 187
         } else {
Browse code

Suche PGP-Key nur wenn der User PGP einschaltet

Bernd Wurst authored on03/03/2018 06:28:42
Showing1 changed files
... ...
@@ -137,7 +137,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
137 137
     }
138 138
 
139 139
     
140
-    if (isset($_REQUEST['pgpid'])) {
140
+    if (isset($_REQUEST['usepgp']) && $_REQUEST['usepgp'] == 'yes' && isset($_REQUEST['pgpid'])) {
141 141
         $pgpid = preg_replace('/[^0-9a-fA-F]/', '', $_REQUEST['pgpid']);
142 142
         DEBUG('PGP-ID: '.$pgpid.' / Länge: '.strlen($pgpid));
143 143
         if (strlen($pgpid) == 8 || strlen($pgpid) == 16 || strlen($pgpid) == 40) {
... ...
@@ -148,6 +148,9 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
148 148
         } else {
149 149
             warning('Ihre PGP-ID wurde nicht übernommen, da sie syntaktisch falsch erscheint');
150 150
         }
151
+    } else {
152
+        $c['pgp_id'] = NULL;
153
+        $c['pgp_key'] = NULL;
151 154
     }
152 155
 
153 156
 
... ...
@@ -191,6 +194,5 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
191 194
     }
192 195
 
193 196
 
194
-    if (! $debugmode)
195
-        header("Location: ".$back);
197
+    redirect($back);
196 198
 }
Browse code

Ermögliche das Setzen des PGP-Keys beim Editieren der Adresse

Bernd Wurst authored on02/03/2018 18:26:24
Showing1 changed files
... ...
@@ -136,7 +136,19 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
136 136
         $c['fax'] = NULL;
137 137
     }
138 138
 
139
-    // FIXME: PGP-ID/Key fehlen
139
+    
140
+    if (isset($_REQUEST['pgpid'])) {
141
+        $pgpid = preg_replace('/[^0-9a-fA-F]/', '', $_REQUEST['pgpid']);
142
+        DEBUG('PGP-ID: '.$pgpid.' / Länge: '.strlen($pgpid));
143
+        if (strlen($pgpid) == 8 || strlen($pgpid) == 16 || strlen($pgpid) == 40) {
144
+            $c['pgp_id'] = $_REQUEST['pgpid'];
145
+            if (isset($_REQUEST['pgpkey']) && $_REQUEST['pgpkey']) {
146
+                $c['pgp_key'] = $_REQUEST['pgpkey'];
147
+            }
148
+        } else {
149
+            warning('Ihre PGP-ID wurde nicht übernommen, da sie syntaktisch falsch erscheint');
150
+        }
151
+    }
140 152
 
141 153
 
142 154
     if (isset($_REQUEST['domainholder']) && $_REQUEST['domainholder'] == 1) {
Browse code

Frage die Zustimmung des Domaininhabers ab, wenn bei einem entsprechenden Handle die E-Mail-Adresse geändert wird und nutze dann designatedAgent in der API

Bernd Wurst authored on30/01/2018 18:32:15
Showing1 changed files
... ...
@@ -151,6 +151,13 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
151 151
         }
152 152
     }
153 153
 
154
+    $domains = domainlist_by_contact($c);
155
+    if ($domains) {
156
+        if ($c['email'] != $_REQUEST['email'] && !(isset($_REQUEST['designated']) && $_REQUEST['designated'] == 'yes')) {
157
+            system_failure("Sie müssen die explizite Zustimmung des Domaininhabers bestätigen um diese Änderungen zu speichern.");
158
+        }
159
+    }
160
+
154 161
     // Zuerst Kontakt speichern und wenn eine Änderung der E-Mail gewünscht war,
155 162
     // dann hinterher das Token erzeugen und senden. Weil wir für das Token die 
156 163
     // Contact-ID brauchen und die bekommen wir bei einer Neueintragung erst nach 
Browse code

Zeige eine Warnung an, dass der Domaininhaber ohne E-Mail-Bestätigung nicht verwendet werden kann

Bernd Wurst authored on24/01/2018 16:48:53
Showing1 changed files
... ...
@@ -146,6 +146,9 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
146 146
             warning('Zur Verwendung als Domaininhaber fehlen noch Angaben.');
147 147
             redirect('edit?id='.$_REQUEST['id'].'&back='.$_REQUEST['back'].'&domainholder=1');
148 148
         }
149
+        if (!have_mailaddress($_REQUEST['email'])) {
150
+            warning("Die neu angelegte Adresse kann erst dann als Domaininhaber genutzt werden, wenn die E-Mail-Adresse bestätigt wurde.");
151
+        }
149 152
     }
150 153
 
151 154
     // Zuerst Kontakt speichern und wenn eine Änderung der E-Mail gewünscht war,
Browse code

Ermögliche das Erstellen einer neuen Adresse beim Ändern des Domaininhabers

Bernd Wurst authored on23/01/2018 16:14:34
Showing1 changed files
... ...
@@ -97,7 +97,12 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
97 97
     $c['country'] = verify_input_general(maybe_null(strtoupper($_REQUEST['land'])));
98 98
     $c['zip'] = verify_input_general(maybe_null($_REQUEST['plz']));
99 99
     $c['city'] = verify_input_general(maybe_null($_REQUEST['ort']));
100
-
100
+    if ($new) {
101
+        $c['email'] = verify_input_general(maybe_null($_REQUEST['email']));
102
+        if (!check_emailaddr($c['email'])) {
103
+            system_failure("Ungültige E-Mail-Adresse!");
104
+        }
105
+    }
101 106
         
102 107
 
103 108
     if ($_REQUEST['telefon']) {
... ...
@@ -133,6 +138,16 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
133 138
 
134 139
     // FIXME: PGP-ID/Key fehlen
135 140
 
141
+
142
+    if (isset($_REQUEST['domainholder']) && $_REQUEST['domainholder'] == 1) {
143
+        if (!possible_domainholder($c)) {
144
+            DEBUG("Kein möglicher Domaininhaber:");
145
+            DEBUG($c);
146
+            warning('Zur Verwendung als Domaininhaber fehlen noch Angaben.');
147
+            redirect('edit?id='.$_REQUEST['id'].'&back='.$_REQUEST['back'].'&domainholder=1');
148
+        }
149
+    }
150
+
136 151
     // Zuerst Kontakt speichern und wenn eine Änderung der E-Mail gewünscht war,
137 152
     // dann hinterher das Token erzeugen und senden. Weil wir für das Token die 
138 153
     // Contact-ID brauchen und die bekommen wir bei einer Neueintragung erst nach 
... ...
@@ -141,7 +156,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
141 156
     $id = save_contact($c);
142 157
     $c['id'] = $id;
143 158
 
144
-    if ($c['email'] != $_REQUEST['email']) {
159
+    if ($new || $c['email'] != $_REQUEST['email']) {
145 160
         if (have_mailaddress($_REQUEST['email'])) {
146 161
             save_emailaddress($c['id'], verify_input_general($_REQUEST['email']));
147 162
         } else {
Browse code

Ermögliche das Ändern eines Kontakts aus den Domaininfos heraus

Bernd Wurst authored on20/01/2018 15:36:39
Showing1 changed files
... ...
@@ -24,6 +24,11 @@ require_once('session/start.php');
24 24
 require_role(array(ROLE_CUSTOMER));
25 25
 $section = 'contacts_list';
26 26
 
27
+$back = 'list';
28
+if (isset($_REQUEST['back'])) {
29
+    $back = urldecode($_REQUEST['back']);
30
+}
31
+
27 32
 if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
28 33
     $contact = get_contact($_REQUEST['id']);
29 34
     
... ...
@@ -32,18 +37,18 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
32 37
     $sure = user_is_sure();
33 38
     if ($sure === NULL)
34 39
     {
35
-       are_you_sure("action=delete&id={$contact['id']}", "Möchten Sie diese Adresse wirklich löschen? {$contact_string}");
40
+       are_you_sure("action=delete&id={$contact['id']}&back=".urlencode($back), "Möchten Sie diese Adresse wirklich löschen? {$contact_string}");
36 41
     }
37 42
     elseif ($sure === true)
38 43
     {
39 44
        delete_contact($contact['id']);
40 45
        if (! $debugmode)
41
-           header("Location: list");
46
+           header("Location: ".$back);
42 47
     }
43 48
     elseif ($sure === false)
44 49
     {
45 50
         if (! $debugmode)
46
-            header("Location: list");
51
+            header("Location: ".$back);
47 52
     }
48 53
 
49 54
 
... ...
@@ -150,5 +155,5 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
150 155
 
151 156
 
152 157
     if (! $debugmode)
153
-        header("Location: list");
158
+        header("Location: ".$back);
154 159
 }
Browse code

Abstrahieren der Anzeigefunktion, Style-Änderungen, Verweigere das Löschen des Namens aus dem Kundenkontakt

Bernd Wurst authored on20/01/2018 14:04:44
Showing1 changed files
... ...
@@ -27,18 +27,7 @@ $section = 'contacts_list';
27 27
 if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
28 28
     $contact = get_contact($_REQUEST['id']);
29 29
     
30
-    $adresse = nl2br("\n".filter_input_general($contact['address'])."\n".filter_input_general($contact['country']).'-'.filter_input_general($contact['zip']).' '.filter_input_general($contact['city']));
31
-    if (! $contact['city']) {
32
-        $adresse = '';
33
-    }
34
-    $name = filter_input_general($contact['name']);
35
-    if ($contact['company']) {
36
-        $name = filter_input_general($contact['company'])."<br />".filter_input_general($contact['name']);
37
-    }
38
-    $email = implode("<br>\n", array_filter(array($contact['email'], $contact['phone'], $contact['fax'], $contact['mobile'])));
39
- 
40
-    $contact_string = "<div class=\"contact\" id=\"contact-{$contact['id']}\"><p class=\"contact-id\">#{$contact['id']}</p><p class=\"contact-address\"><strong>$name</strong>$adresse</p><p class=\"contact-contact\">$email</p></div>";
41
-    
30
+    $contact_string = display_contact($contact);
42 31
 
43 32
     $sure = user_is_sure();
44 33
     if ($sure === NULL)
... ...
@@ -90,6 +79,12 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
90 79
         }
91 80
     }
92 81
 
82
+    $kundenkontakte = get_kundenkontakte();
83
+    if ($c['id'] == $kundenkontakte['kunde']) {
84
+        if (!$_REQUEST['name'] && !$_REQUEST['firma']) {
85
+            system_failure('Beim Inhaber darf nicht Firmenname und Name leer sein.');
86
+        }
87
+    }
93 88
 
94 89
     $c['company'] = verify_input_general(maybe_null($_REQUEST['firma']));
95 90
     $c['name'] = verify_input_general(maybe_null($_REQUEST['name']));
Browse code

Security

Bernd Wurst authored on20/01/2018 12:09:53
Showing1 changed files
... ...
@@ -27,13 +27,13 @@ $section = 'contacts_list';
27 27
 if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
28 28
     $contact = get_contact($_REQUEST['id']);
29 29
     
30
-    $adresse = nl2br("\n".$contact['address']."\n".$contact['country'].'-'.$contact['zip'].' '.$contact['city']);
30
+    $adresse = nl2br("\n".filter_input_general($contact['address'])."\n".filter_input_general($contact['country']).'-'.filter_input_general($contact['zip']).' '.filter_input_general($contact['city']));
31 31
     if (! $contact['city']) {
32 32
         $adresse = '';
33 33
     }
34
-    $name = $contact['name'];
34
+    $name = filter_input_general($contact['name']);
35 35
     if ($contact['company']) {
36
-        $name = $contact['company']."<br />".$contact['name'];
36
+        $name = filter_input_general($contact['company'])."<br />".filter_input_general($contact['name']);
37 37
     }
38 38
     $email = implode("<br>\n", array_filter(array($contact['email'], $contact['phone'], $contact['fax'], $contact['mobile'])));
39 39
  
... ...
@@ -91,17 +91,17 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
91 91
     }
92 92
 
93 93
 
94
-    $c['company'] = maybe_null($_REQUEST['firma']);
95
-    $c['name'] = maybe_null($_REQUEST['name']);
96
-    $c['address'] = maybe_null($_REQUEST['adresse']);
97
-    $c['country'] = maybe_null(strtoupper($_REQUEST['land']));
98
-    $c['zip'] = maybe_null($_REQUEST['plz']);
99
-    $c['city'] = maybe_null($_REQUEST['ort']);
94
+    $c['company'] = verify_input_general(maybe_null($_REQUEST['firma']));
95
+    $c['name'] = verify_input_general(maybe_null($_REQUEST['name']));
96
+    $c['address'] = verify_input_general(maybe_null($_REQUEST['adresse']));
97
+    $c['country'] = verify_input_general(maybe_null(strtoupper($_REQUEST['land'])));
98
+    $c['zip'] = verify_input_general(maybe_null($_REQUEST['plz']));
99
+    $c['city'] = verify_input_general(maybe_null($_REQUEST['ort']));
100 100
 
101 101
         
102 102
 
103 103
     if ($_REQUEST['telefon']) {
104
-        $num = format_number($_REQUEST['telefon'], $_REQUEST['land']);
104
+        $num = format_number(verify_input_general($_REQUEST['telefon']), $_REQUEST['land']);
105 105
         if ($num) {
106 106
             $c['phone'] = $num;
107 107
         } else {
... ...
@@ -111,7 +111,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
111 111
         $c['phone'] = NULL;
112 112
     }
113 113
     if ($_REQUEST['mobile']) {
114
-        $num = format_number($_REQUEST['mobile'], $_REQUEST['land']);
114
+        $num = format_number(verify_input_general($_REQUEST['mobile']), $_REQUEST['land']);
115 115
         if ($num) {
116 116
             $c['mobile'] = $num;
117 117
         } else {
... ...
@@ -121,7 +121,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
121 121
         $c['mobile'] = NULL;
122 122
     }
123 123
     if ($_REQUEST['telefax']) {
124
-        $num = format_number($_REQUEST['telefax'], $_REQUEST['land']);
124
+        $num = format_number(verify_input_general($_REQUEST['telefax']), $_REQUEST['land']);
125 125
         if ($num) {
126 126
             $c['fax'] = $num;
127 127
         } else {
... ...
@@ -143,7 +143,7 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
143 143
 
144 144
     if ($c['email'] != $_REQUEST['email']) {
145 145
         if (have_mailaddress($_REQUEST['email'])) {
146
-            save_emailaddress($c['id'], $_REQUEST['email']);
146
+            save_emailaddress($c['id'], verify_input_general($_REQUEST['email']));
147 147
         } else {
148 148
             send_emailchange_token($c['id'], $_REQUEST['email']);
149 149
         }
Browse code

Neue Darstellung der Kontakte Ermögliche das Löschen unbenutzter Kontakte

Bernd Wurst authored on19/01/2018 20:47:11
Showing1 changed files
... ...
@@ -24,100 +24,136 @@ require_once('session/start.php');
24 24
 require_role(array(ROLE_CUSTOMER));
25 25
 $section = 'contacts_list';
26 26
 
27
-check_form_token('contacts_edit');
27
+if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'delete') {
28
+    $contact = get_contact($_REQUEST['id']);
29
+    
30
+    $adresse = nl2br("\n".$contact['address']."\n".$contact['country'].'-'.$contact['zip'].' '.$contact['city']);
31
+    if (! $contact['city']) {
32
+        $adresse = '';
33
+    }
34
+    $name = $contact['name'];
35
+    if ($contact['company']) {
36
+        $name = $contact['company']."<br />".$contact['name'];
37
+    }
38
+    $email = implode("<br>\n", array_filter(array($contact['email'], $contact['phone'], $contact['fax'], $contact['mobile'])));
39
+ 
40
+    $contact_string = "<div class=\"contact\" id=\"contact-{$contact['id']}\"><p class=\"contact-id\">#{$contact['id']}</p><p class=\"contact-address\"><strong>$name</strong>$adresse</p><p class=\"contact-contact\">$email</p></div>";
41
+    
42
+
43
+    $sure = user_is_sure();
44
+    if ($sure === NULL)
45
+    {
46
+       are_you_sure("action=delete&id={$contact['id']}", "Möchten Sie diese Adresse wirklich löschen? {$contact_string}");
47
+    }
48
+    elseif ($sure === true)
49
+    {
50
+       delete_contact($contact['id']);
51
+       if (! $debugmode)
52
+           header("Location: list");
53
+    }
54
+    elseif ($sure === false)
55
+    {
56
+        if (! $debugmode)
57
+            header("Location: list");
58
+    }
59
+
28 60
 
29
-$new = False;
30
-if ($_REQUEST['id'] == 'new') {
31
-    title("Adresse anlegen");
32
-    $new = True;
33 61
 } else {
34
-    title("Adresse bearbeiten");
35
-}
62
+    check_form_token('contacts_edit');
36 63
 
37
-$c = new_contact();
38
-if (! $new) {
39
-    $c = get_contact($_REQUEST['id']);
40
-}
64
+    $new = False;
65
+    if ($_REQUEST['id'] == 'new') {
66
+        title("Adresse anlegen");
67
+        $new = True;
68
+    } else {
69
+        title("Adresse bearbeiten");
70
+    }
41 71
 
42
-if (!isset($_REQUEST['firma'])) {
43
-    $_REQUEST['firma'] = $c['company'];
44
-}
45
-if (!isset($_REQUEST['name'])) {
46
-    $_REQUEST['name'] = $c['name'];
47
-}
48
-if (!isset($_REQUEST['land'])) {
49
-    $_REQUEST['land'] = $c['country'];
50
-}
72
+    $c = new_contact();
73
+    if (! $new) {
74
+        $c = get_contact($_REQUEST['id']);
75
+    }
51 76
 
52
-if ($c['nic_handle'] != NULL) {
53
-    if ($c['name'] != $_REQUEST['name'] || $c['company'] != $_REQUEST['firma'] || $c['country'] != $_REQUEST['land']) {
54
-        system_failure('Name/Firma/Land kann bei diesem Kontakt nicht geändert werden.');
77
+    if (!isset($_REQUEST['firma'])) {
78
+        $_REQUEST['firma'] = $c['company'];
79
+    }
80
+    if (!isset($_REQUEST['name'])) {
81
+        $_REQUEST['name'] = $c['name'];
82
+    }
83
+    if (!isset($_REQUEST['land'])) {
84
+        $_REQUEST['land'] = $c['country'];
55 85
     }
56
-}
57 86
 
87
+    if ($c['nic_handle'] != NULL) {
88
+        if ($c['name'] != $_REQUEST['name'] || $c['company'] != $_REQUEST['firma'] || $c['country'] != $_REQUEST['land']) {
89
+            system_failure('Name/Firma/Land kann bei diesem Kontakt nicht geändert werden.');
90
+        }
91
+    }
58 92
 
59
-$c['company'] = maybe_null($_REQUEST['firma']);
60
-$c['name'] = maybe_null($_REQUEST['name']);
61
-$c['address'] = maybe_null($_REQUEST['adresse']);
62
-$c['country'] = maybe_null(strtoupper($_REQUEST['land']));
63
-$c['zip'] = maybe_null($_REQUEST['plz']);
64
-$c['city'] = maybe_null($_REQUEST['ort']);
65 93
 
66
-    
94
+    $c['company'] = maybe_null($_REQUEST['firma']);
95
+    $c['name'] = maybe_null($_REQUEST['name']);
96
+    $c['address'] = maybe_null($_REQUEST['adresse']);
97
+    $c['country'] = maybe_null(strtoupper($_REQUEST['land']));
98
+    $c['zip'] = maybe_null($_REQUEST['plz']);
99
+    $c['city'] = maybe_null($_REQUEST['ort']);
67 100
 
68
-if ($_REQUEST['telefon']) {
69
-    $num = format_number($_REQUEST['telefon'], $_REQUEST['land']);
70
-    if ($num) {
71
-        $c['phone'] = $num;
101
+        
102
+
103
+    if ($_REQUEST['telefon']) {
104
+        $num = format_number($_REQUEST['telefon'], $_REQUEST['land']);
105
+        if ($num) {
106
+            $c['phone'] = $num;
107
+        } else {
108
+            system_failure('Die eingegebene Telefonnummer scheint nicht gültig zu sein!');
109
+        }
72 110
     } else {
73
-        system_failure('Die eingegebene Telefonnummer scheint nicht gültig zu sein!');
111
+        $c['phone'] = NULL;
74 112
     }
75
-} else {
76
-    $c['phone'] = NULL;
77
-}
78
-if ($_REQUEST['mobile']) {
79
-    $num = format_number($_REQUEST['mobile'], $_REQUEST['land']);
80
-    if ($num) {
81
-        $c['mobile'] = $num;
113
+    if ($_REQUEST['mobile']) {
114
+        $num = format_number($_REQUEST['mobile'], $_REQUEST['land']);
115
+        if ($num) {
116
+            $c['mobile'] = $num;
117
+        } else {
118
+            system_failure('Die eingegebene Mobiltelefonnummer scheint nicht gültig zu sein!');
119
+        }
82 120
     } else {
83
-        system_failure('Die eingegebene Mobiltelefonnummer scheint nicht gültig zu sein!');
121
+        $c['mobile'] = NULL;
84 122
     }
85
-} else {
86
-    $c['mobile'] = NULL;
87
-}
88
-if ($_REQUEST['telefax']) {
89
-    $num = format_number($_REQUEST['telefax'], $_REQUEST['land']);
90
-    if ($num) {
91
-        $c['fax'] = $num;
123
+    if ($_REQUEST['telefax']) {
124
+        $num = format_number($_REQUEST['telefax'], $_REQUEST['land']);
125
+        if ($num) {
126
+            $c['fax'] = $num;
127
+        } else {
128
+            system_failure('Die eingegebene Faxnummer scheint nicht gültig zu sein!');
129
+        }
92 130
     } else {
93
-        system_failure('Die eingegebene Faxnummer scheint nicht gültig zu sein!');
131
+        $c['fax'] = NULL;
94 132
     }
95
-} else {
96
-    $c['fax'] = NULL;
97
-}
98 133
 
99
-// FIXME: PGP-ID/Key fehlen
134
+    // FIXME: PGP-ID/Key fehlen
100 135
 
101
-// Zuerst Kontakt speichern und wenn eine Änderung der E-Mail gewünscht war,
102
-// dann hinterher das Token erzeugen und senden. Weil wir für das Token die 
103
-// Contact-ID brauchen und die bekommen wir bei einer Neueintragung erst nach 
104
-// dem Speichern.
136
+    // Zuerst Kontakt speichern und wenn eine Änderung der E-Mail gewünscht war,
137
+    // dann hinterher das Token erzeugen und senden. Weil wir für das Token die 
138
+    // Contact-ID brauchen und die bekommen wir bei einer Neueintragung erst nach 
139
+    // dem Speichern.
105 140
 
106
-$id = save_contact($c);
107
-$c['id'] = $id;
141
+    $id = save_contact($c);
142
+    $c['id'] = $id;
108 143
 
109
-if ($c['email'] != $_REQUEST['email']) {
110
-    if (have_mailaddress($_REQUEST['email'])) {
111
-        save_emailaddress($c['id'], $_REQUEST['email']);
112
-    } else {
113
-        send_emailchange_token($c['id'], $_REQUEST['email']);
144
+    if ($c['email'] != $_REQUEST['email']) {
145
+        if (have_mailaddress($_REQUEST['email'])) {
146
+            save_emailaddress($c['id'], $_REQUEST['email']);
147
+        } else {
148
+            send_emailchange_token($c['id'], $_REQUEST['email']);
149
+        }
150
+    }
151
+    if ($c['nic_id']) {
152
+        $c = get_contact($c['id']);
153
+        upload_contact($c);
114 154
     }
115
-}
116
-if ($c['nic_id']) {
117
-    $c = get_contact($c['id']);
118
-    upload_contact($c);
119
-}
120 155
 
121 156
 
122
-if (! $debugmode)
123
-    header("Location: list");
157
+    if (! $debugmode)
158
+        header("Location: list");
159
+}
Browse code

API-Funktionen um Kontakte hochzuladen NIC-Handles werden automatisch bei Änderungen hochgeladen

Bernd Wurst authored on17/01/2018 15:46:21
Showing1 changed files
... ...
@@ -39,8 +39,18 @@ if (! $new) {
39 39
     $c = get_contact($_REQUEST['id']);
40 40
 }
41 41
 
42
+if (!isset($_REQUEST['firma'])) {
43
+    $_REQUEST['firma'] = $c['company'];
44
+}
45
+if (!isset($_REQUEST['name'])) {
46
+    $_REQUEST['name'] = $c['name'];
47
+}
48
+if (!isset($_REQUEST['land'])) {
49
+    $_REQUEST['land'] = $c['country'];
50
+}
51
+
42 52
 if ($c['nic_handle'] != NULL) {
43
-    if (c['name'] != $_REQUEST['name'] || $c['company'] != $_REQUEST['firma'] || $c['country'] != $_REQUEST['land']) {
53
+    if ($c['name'] != $_REQUEST['name'] || $c['company'] != $_REQUEST['firma'] || $c['country'] != $_REQUEST['land']) {
44 54
         system_failure('Name/Firma/Land kann bei diesem Kontakt nicht geändert werden.');
45 55
     }
46 56
 }
... ...
@@ -103,6 +113,10 @@ if ($c['email'] != $_REQUEST['email']) {
103 113
         send_emailchange_token($c['id'], $_REQUEST['email']);
104 114
     }
105 115
 }
116
+if ($c['nic_id']) {
117
+    $c = get_contact($c['id']);
118
+    upload_contact($c);
119
+}
106 120
 
107 121
 
108 122
 if (! $debugmode)
Browse code

Nummercheck ausgelagert und für alle Rufnummern

Bernd Wurst authored on16/01/2018 17:03:45
Showing1 changed files
... ...
@@ -15,8 +15,8 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
15 15
 */
16 16
 
17 17
 require_once('contacts.php');
18
+require_once('numbers.php');
18 19
 require_once('inc/debug.php');
19
-require_once('vendor/autoload.php');
20 20
 
21 21
 require_once('session/start.php');
22 22
 
... ...
@@ -54,25 +54,37 @@ $c['zip'] = maybe_null($_REQUEST['plz']);
54 54
 $c['city'] = maybe_null($_REQUEST['ort']);
55 55
 
56 56
     
57
+
57 58
 if ($_REQUEST['telefon']) {
58
-    $phoneNumberUtil = \libphonenumber\PhoneNumberUtil::getInstance();
59
-    try {
60
-        $phoneNumber = $phoneNumberUtil->parse($_REQUEST['telefon'], $_REQUEST['land'], null, true);
61
-    } catch (Exception $e) {
62
-        system_failure('Die eingegebene Telefonnummer scheint nicht gültig zu sein!');
63
-    }
64
-    if ($phoneNumberUtil->isValidNumber($phoneNumber)) {
65
-        $c['phone'] = $phoneNumberUtil->format($phoneNumber, 1);
59
+    $num = format_number($_REQUEST['telefon'], $_REQUEST['land']);
60
+    if ($num) {
61
+        $c['phone'] = $num;
66 62
     } else {
67 63
         system_failure('Die eingegebene Telefonnummer scheint nicht gültig zu sein!');
68
-        $c['phone'] = NULL;
69 64
     }
70 65
 } else {
71 66
     $c['phone'] = NULL;
72 67
 }
73
-//$c['phone'] = maybe_null($_REQUEST['telefon']);
74
-$c['mobile'] = maybe_null($_REQUEST['mobile']);
75
-$c['fax'] = maybe_null($_REQUEST['telefax']);
68
+if ($_REQUEST['mobile']) {
69
+    $num = format_number($_REQUEST['mobile'], $_REQUEST['land']);
70
+    if ($num) {
71
+        $c['mobile'] = $num;
72
+    } else {
73
+        system_failure('Die eingegebene Mobiltelefonnummer scheint nicht gültig zu sein!');
74
+    }
75
+} else {
76
+    $c['mobile'] = NULL;
77
+}
78
+if ($_REQUEST['telefax']) {
79
+    $num = format_number($_REQUEST['telefax'], $_REQUEST['land']);
80
+    if ($num) {
81
+        $c['fax'] = $num;
82
+    } else {
83
+        system_failure('Die eingegebene Faxnummer scheint nicht gültig zu sein!');
84
+    }
85
+} else {
86
+    $c['fax'] = NULL;
87
+}
76 88
 
77 89
 // FIXME: PGP-ID/Key fehlen
78 90
 
Browse code

Prüfe Telefonnummer

Bernd Wurst authored on16/01/2018 16:42:03
Showing1 changed files
... ...
@@ -16,6 +16,7 @@ Nevertheless, in case you use a significant part of this code, we ask (but not r
16 16
 
17 17
 require_once('contacts.php');
18 18
 require_once('inc/debug.php');
19
+require_once('vendor/autoload.php');
19 20
 
20 21
 require_once('session/start.php');
21 22
 
... ...
@@ -51,7 +52,25 @@ $c['address'] = maybe_null($_REQUEST['adresse']);
51 52
 $c['country'] = maybe_null(strtoupper($_REQUEST['land']));
52 53
 $c['zip'] = maybe_null($_REQUEST['plz']);
53 54
 $c['city'] = maybe_null($_REQUEST['ort']);
54
-$c['phone'] = maybe_null($_REQUEST['telefon']);
55
+
56
+    
57
+if ($_REQUEST['telefon']) {
58
+    $phoneNumberUtil = \libphonenumber\PhoneNumberUtil::getInstance();
59
+    try {
60
+        $phoneNumber = $phoneNumberUtil->parse($_REQUEST['telefon'], $_REQUEST['land'], null, true);
61
+    } catch (Exception $e) {
62
+        system_failure('Die eingegebene Telefonnummer scheint nicht gültig zu sein!');
63
+    }
64
+    if ($phoneNumberUtil->isValidNumber($phoneNumber)) {
65
+        $c['phone'] = $phoneNumberUtil->format($phoneNumber, 1);
66
+    } else {
67
+        system_failure('Die eingegebene Telefonnummer scheint nicht gültig zu sein!');
68
+        $c['phone'] = NULL;
69
+    }
70
+} else {
71
+    $c['phone'] = NULL;
72
+}
73
+//$c['phone'] = maybe_null($_REQUEST['telefon']);
55 74
 $c['mobile'] = maybe_null($_REQUEST['mobile']);
56 75
 $c['fax'] = maybe_null($_REQUEST['telefax']);
57 76
 
Browse code

Speichern der Änderungen möglich

Bernd Wurst authored on14/01/2018 05:57:07
Showing1 changed files
... ...
@@ -57,17 +57,22 @@ $c['fax'] = maybe_null($_REQUEST['telefax']);
57 57
 
58 58
 // FIXME: PGP-ID/Key fehlen
59 59
 
60
+// Zuerst Kontakt speichern und wenn eine Änderung der E-Mail gewünscht war,
61
+// dann hinterher das Token erzeugen und senden. Weil wir für das Token die 
62
+// Contact-ID brauchen und die bekommen wir bei einer Neueintragung erst nach 
63
+// dem Speichern.
64
+
65
+$id = save_contact($c);
66
+$c['id'] = $id;
60 67
 
61 68
 if ($c['email'] != $_REQUEST['email']) {
62
-   
69
+    if (have_mailaddress($_REQUEST['email'])) {
70
+        save_emailaddress($c['id'], $_REQUEST['email']);
71
+    } else {
72
+        send_emailchange_token($c['id'], $_REQUEST['email']);
73
+    }
63 74
 }
64 75
 
65
-// e-mail-Adresse geändert?
66
-// -> token generieren / senden
67
-// ...
68
-// speichern
69
-
70
-
71
-
72
-
73 76
 
77
+if (! $debugmode)
78
+    header("Location: list");
Browse code

Speichern der Eingaben (unvollständig)

Bernd Wurst authored on13/01/2018 13:33:44
Showing1 changed files
1 1
new file mode 100644
... ...
@@ -0,0 +1,73 @@
1
+<?php
2
+/*
3
+This file belongs to the Webinterface of schokokeks.org Hosting
4
+
5
+Written 2008-2018 by schokokeks.org Hosting, namely
6
+  Bernd Wurst <bernd@schokokeks.org>
7
+  Hanno Böck <hanno@schokokeks.org>
8
+
9
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty.
10
+
11
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see 
12
+http://creativecommons.org/publicdomain/zero/1.0/
13
+
14
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code.
15
+*/
16
+
17
+require_once('contacts.php');
18
+require_once('inc/debug.php');
19
+
20
+require_once('session/start.php');
21
+
22
+
23
+require_role(array(ROLE_CUSTOMER));
24
+$section = 'contacts_list';
25
+
26
+check_form_token('contacts_edit');
27
+
28
+$new = False;
29
+if ($_REQUEST['id'] == 'new') {
30
+    title("Adresse anlegen");
31
+    $new = True;
32
+} else {
33
+    title("Adresse bearbeiten");
34
+}
35
+
36
+$c = new_contact();
37
+if (! $new) {
38
+    $c = get_contact($_REQUEST['id']);
39
+}
40
+
41
+if ($c['nic_handle'] != NULL) {
42
+    if (c['name'] != $_REQUEST['name'] || $c['company'] != $_REQUEST['firma'] || $c['country'] != $_REQUEST['land']) {
43
+        system_failure('Name/Firma/Land kann bei diesem Kontakt nicht geändert werden.');
44
+    }
45
+}
46
+
47
+
48
+$c['company'] = maybe_null($_REQUEST['firma']);
49
+$c['name'] = maybe_null($_REQUEST['name']);
50
+$c['address'] = maybe_null($_REQUEST['adresse']);
51
+$c['country'] = maybe_null(strtoupper($_REQUEST['land']));
52
+$c['zip'] = maybe_null($_REQUEST['plz']);
53
+$c['city'] = maybe_null($_REQUEST['ort']);
54
+$c['phone'] = maybe_null($_REQUEST['telefon']);
55
+$c['mobile'] = maybe_null($_REQUEST['mobile']);
56
+$c['fax'] = maybe_null($_REQUEST['telefax']);
57
+
58
+// FIXME: PGP-ID/Key fehlen
59
+
60
+
61
+if ($c['email'] != $_REQUEST['email']) {
62
+   
63
+}
64
+
65
+// e-mail-Adresse geändert?
66
+// -> token generieren / senden
67
+// ...
68
+// speichern
69
+
70
+
71
+
72
+
73
+