//Kontrolle ob Formular erlaubt aufgerufen wurde if (!isset($_POST['link'])) { header('Location: ' . $_SERVER['HTTP_REFERER']); exit; } if (!isset($_SESSION['accountsId'])) { header('Location: ' . $_POST['link']); $_SESSION['reglog'] = "noAccess"; exit; } if (isset($_REQUEST['Send'])) { $title = filterfunktion($_REQUEST["title"]); $reason = filterfunktion($_REQUEST["reason"]); $message = filterfunktion($_REQUEST["message"]); $mailMe = $_REQUEST["mailMe"]; $eMail = filterfunktion($_REQUEST["eMail"]); echo $mailMe; //TODO E-Mail ändern $Absender = "*****@*****.**"; //TODO aktivieren //mail($eMail, $reason . ": " . $title, $message, "FROM: $Absender"); header('Location: ' . $_SERVER['HTTP_REFERER']); $_SESSION['reglog'] = "contactOk"; } else { $offerer = $_POST['offerer']; $startCountry = $_POST['startCountry']; $destinationCountry = $_POST['destinationCountry']; $eMail = $_POST['eMail']; $link = $_POST['link']; } ?>
<table style="width: 100%"> <tr align="left"> <th>Name</th> <th>Startland</th> <th>Startort</th> <th>Zielland</th> <th>Zielort</th> <th>Verfügbar ab</th> <th>Produkt</th> <th>Kontakt</th> <th>Deaktivieren</th> <th>Löschen</th> </tr> <?php if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["idDeliver"])) { $offerID = filterfunktion($_POST["idDeliver"]); if ($offerID != "") { try { if (isset($_POST["delete"])) { deleteDeliverOffer($offerID, $accountID); } if (isset($_POST["deactivate"])) { deliverDeactivate($offerID, $accountID); } //TO DO leere.php ersetzen mit Auflistung der eingegebenen Daten //header('Location: leere.php'); } catch (Exception $e) { echo "Fehler beim Datenbankzugriff. Bitte dem Administrator Bescheid geben."; } } }
include $root . "/helping_supplies/template/head.php"; include $root . "/helping_supplies/template/header.php"; //Kein Login wenn User bereits eingeloggt ist if (isset($_SESSION['accountsId'])) { echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">"; exit; } //define variables and set to empty values $ErrCounter = 0; $ErrMessage = ""; if (isset($_REQUEST['Send'])) { //define variables and set to empty values $usernameErr = $passwordErr = ""; require_once $root . "/helping_supplies/includes/functions.php"; $username = filterfunktion($_REQUEST["lName"]); $passwordIN = filterfunktion($_REQUEST["password"]); //Get Data from User require_once $root . "/helping_supplies/includes/dbConnect.php"; $sql = "SELECT ID,passwort,activation,active FROM `accounts` Where username='******'"; $db_erg = mysqli_query($db_link, $sql); $count = 0; while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) { $passwordDB = $zeile['passwort']; $accountsId = $zeile['ID']; $accountsActivation = $zeile['activation']; $accountsActive = $zeile['active']; $count++; } if ($count == 1) { if (password_verify($passwordIN, $passwordDB)) { if ($accountsActive) {
<?php $product; $postOK = true; if ($_SERVER["REQUEST_METHOD"] == "POST") { //STARTCOUNTRY--------------------------------- if ($_POST["startCountry"] == "") { $startCErr = "Bitte Land auswählen oder eigenes Land eingeben"; $postOK = false; } $startCountry = filterfunktion($_POST["startCountry"]); /* //PRODUCTS--------------------------------- if(empty($_POST["productChoice"])){ $productErr = "Bitte mind. ein Produkt auswählen"; $postOK = false; } else $products = $_POST["productChoice"]; */ /*if($postOK){ try{ create_Offer($table, $name, $contact, $eMail, $startCountry, $startVillage, $destCountry, $destVillage, reformDate($startDate), reformDate($endDate), $products); //TO DO leere.php ersetzen mit Auflistung der eingegebenen Daten header('Location: leere.php'); } catch(Exception $e){ echo "Fehler beim Datenbankzugriff. Bitte dem Administrator Bescheid geben."; }
//include userContrule include $root . "/helping_supplies/includes/userControl.php"; //Kontrolle ob Formular erlaubt aufgerufen wurde if (!isset($_POST['link'])) { header('Location: ' . $_SERVER['HTTP_REFERER']); exit; } if (!isset($_SESSION['accountsId'])) { header('Location: ' . $_POST['link']); $_SESSION['reglog'] = "noAccess"; exit; } $title = filterfunktion($_POST["title"]); $reason = filterfunktion($_POST["reason"]); $message = filterfunktion($_POST["message"]); $eMail = filterfunktion($_POST["eMail"]); //eMail des Users aus DB holen require_once $root . "/helping_supplies/includes/dbConnect.php"; $sql = "SELECT email FROM `accounts` WHERE ID = '" . $_SESSION['accountsId'] . "'"; $db_erg = mysqli_query($db_link, $sql); while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) { $Absender = $zeile['email']; } //TODO aktivieren //mail($eMail, $reason . ": " . $title, $message, "FROM: $Absender"); //Mail an eigene eMail if (isset($_POST["mailMe"])) { $eMail = $Absender; //TODO E-Mail ändern $Absender = "*****@*****.**"; //TODO aktivieren
<?php $root = $_SERVER['DOCUMENT_ROOT']; //include head and header include $root . "/helping_supplies/template/head.php"; include $root . "/helping_supplies/template/header.php"; require_once $root . "/helping_supplies/includes/gMaps.php"; if (!isset($_REQUEST['id']) or !isset($_REQUEST['typ'])) { echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">"; exit; } else { //id und typ vorhanden require_once $root . "/helping_supplies/includes/functions.php"; $_REQUEST['id'] = filterfunktion($_REQUEST['id']); $_REQUEST['typ'] = filterfunktion($_REQUEST['typ']); } //typ korrekt? if ($_REQUEST['typ'] == "orga" or $_REQUEST['typ'] == "deliver") { $status = True; } else { echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">"; exit; } //Daten des Angebots aus DB holen require_once $root . "/helping_supplies/includes/dbConnect.php"; if ($_REQUEST['typ'] == "orga") { $sql = "SELECT * FROM organisation_offer WHERE ID = '" . $_REQUEST['id'] . "'"; } else { $sql = "SELECT * FROM deliverer_offer WHERE ID = '" . $_REQUEST['id'] . "'"; } $db_erg = mysqli_query($db_link, $sql);
$endDateErr = "Bitte Datum eingeben"; $postOK = false; } else { if (validateDate($_POST["endDate"])) { $endDate = (new DateTime($_POST["endDate"]))->format('d.m.Y'); } else { $endDateErr = "Bitte gültiges Datum eingeben (tt.mm.yyyy)"; $postOK = false; $endDate = filterfunktion($_POST["endDate"]); } } //DATECHECK-------------------------------- /*if(strtotime(date('d.m.Y')) > strtotime(date($startDate))){ $startDateErr = "Datum muss heute oder in der Zukunft sein."; $postOK = false; } else */ if (strtotime(date($endDate)) < strtotime(date($startDate))) { $endDateErr = "Datum muss Startdatum oder danach sein"; $postOK = false; } //PRODUCTS--------------------------------- if (empty($_POST["productChoice"])) { $productErr = "Bitte mind. ein Produkt auswählen"; $postOK = false; } else { $products = $_POST["productChoice"]; } //TEXT--------------------------------- $text = filterfunktion($_POST["text"]); }
<?php if (!isset($_REQUEST['ID']) or !isset($_REQUEST['Aktivierungscode'])) { echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">"; exit; } $root = $_SERVER['DOCUMENT_ROOT']; if ($_REQUEST['ID'] && $_REQUEST['Aktivierungscode']) { require_once $root . "/helping_supplies/includes/dbConnect.php"; $db_link = mysqli_connect(MYSQL_HOST, MYSQL_BENUTZER, MYSQL_KENNWORT, MYSQL_DATENBANK); require_once $root . "/helping_supplies/includes/functions.php"; $_REQUEST['ID'] = filterfunktion($_REQUEST['ID']); $_REQUEST['Aktivierungscode'] = filterfunktion($_REQUEST['Aktivierungscode']); $sql = "SELECT ID FROM accounts WHERE ID = '" . $_REQUEST['ID'] . "' AND activation = '" . $_REQUEST['Aktivierungscode'] . "'"; $db_erg = mysqli_query($db_link, $sql); $count = 0; while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) { $ID = $zeile['ID']; $count++; } if ($count == 1) { //Account aktivieren $sql = "UPDATE `accounts` SET `active`=TRUE WHERE ID= '" . $_REQUEST['ID'] . "'"; mysqli_query($db_link, $sql); $_SESSION['reglog'] = "reg-akti"; echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">"; } elseif ($count == 0) { $_SESSION['reglog'] = "reg-false"; echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">"; } }
} require_once $root . "/helping_supplies/includes/dbConnect.php"; $sql = "SELECT username,name FROM accounts"; $db_erg = mysqli_query($db_link, $sql); while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) { if ($zeile['username'] == $username) { $usernameErr = "Login Name bereits vergeben"; $ErrCounter++; } if ($zeile['name'] == $name) { $nameErr = "Name bereits vergeben"; $ErrCounter++; } } if ($ErrCounter == 0) { $Aktivierungscode = filterfunktion(zufallsstring(15)); //mysql_query($db_link, "INSERT INTO `accounts` (`ID`, `username`, `passwort`, `email`, `name`, `website`, `activation`, `active`) VALUES (NULL, '" . $username . "', '" . $password . "', '" . $eMail . "', '" . $name . "', NULL, '" . $Aktivierungscode . "', 'FALSE')"); $sql = "INSERT INTO `accounts` (`ID`, `username`, `passwort`, `email`, `name`, `website`, `activation`, `active`) VALUES (NULL, '" . $username . "', '" . $password . "', '" . $eMail . "', '" . $name . "', NULL, '" . $Aktivierungscode . "', 'FALSE')"; mysqli_query($db_link, $sql); $sql = "SELECT MAX(`ID`) FROM `accounts`"; $db_erg = mysqli_query($db_link, $sql); while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) { $ID = $zeile['MAX(`ID`)']; } //TODO aktivieren //mail($_REQUEST['EMail'], "Registrierung abschließen", "Hallo,\n\num die Registrierung abzuschließen, klicken Sie bitte auf den folgenden Link:\n\nhttp://www.ihre-domain.de/regestration/reg-aktivieren.php?ID=" . $ID . "&Aktivierungscode=" . $Aktivierungscode . "", "FROM: $Absender"); //echo "Hallo,\n\num die Registrierung abzuschließen, klicken Sie bitte auf den folgenden Link:\n\nhttp://www.ihre-domain.de/registration/reg-aktivieren.php?ID=" . $ID . "&Aktivierungscode=" . $Aktivierungscode . ""; $_SESSION['reglog'] = "reg"; echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">"; } }
$entries = getDBEntryCount($statement); $statement .= setLimit($startAt, $rowsPerPage); echo "Angebot gültig zwischen " . $input1 . " und " . $input2; } else { $statement = filterNone(); $statement .= " GROUP BY id "; $entries = getDBEntryCount($statement); $statement .= setLimit($startAt, $rowsPerPage); echo "Kein Filter gesetzt"; } } else { if ($_POST["filter"] == "filterName") { if (isset($_GET["in1"])) { $input1 = $_GET["in1"]; } else { $input1 = filterfunktion($_POST["filterInputName"]); } if (preg_match("/^[a-zA-Z ]*\$/", $input1)) { $statement = filterName($input1); $statement .= " GROUP BY id "; $entries = getDBEntryCount($statement); $statement .= setLimit($startAt, $rowsPerPage); echo "Name beinhaltet \"" . $input1 . "\""; } else { $statement = filterNone(); $statement .= " GROUP BY id "; $entries = getDBEntryCount($statement); $statement .= setLimit($startAt, $rowsPerPage); echo "Kein Filter gesetzt"; } }
//include head include $root . "/helping_supplies/template/head.php"; if (!isset($_SESSION['accountsId'])) { header('Location: ' . $_POST['link']); $_SESSION['reglog'] = "noAccess"; exit; } //define variables and set to empty values $oldPasswordErr = $passwordErr = ""; //Daten des Angebots aus DB holen require_once $root . "/helping_supplies/includes/dbConnect.php"; if (isset($_REQUEST['Send'])) { $ErrCounter = 0; $oldPassword = filterfunktion($_REQUEST["oldPassword"]); $password = filterfunktion($_REQUEST["password"]); $password2 = filterfunktion($_REQUEST["password2"]); if ($password == $password2) { $password = password_hash($password, PASSWORD_BCRYPT); } else { $passwordErr = "Passwörter stimmen nicht überein"; $ErrCounter++; } if ($ErrCounter == 0) { $sql = "UPDATE `accounts` SET `passwort` = '" . $password . "' WHERE `ID` = " . $_SESSION['accountsId'] . ";"; mysqli_query($db_link, $sql); $_SESSION['reglog'] = "PWAktualisiert"; } } //include header für Infobox include $root . "/helping_supplies/template/header.php"; ?>
<?php $root = $_SERVER['DOCUMENT_ROOT']; //include userContrule include $root . "/helping_supplies/includes/userControl.php"; $title = filterfunktion($_POST["title"]); $reason = filterfunktion($_POST["reason"]); $message = filterfunktion($_POST["message"]); $Absender = filterfunktion($_POST["Absender"]); //TODO E-Mail ändern $eMail = "*****@*****.**"; //TODO aktivieren //mail($eMail, $reason . ": " . $title, $message, "FROM: $Absender"); //Mail an eigene eMail if (isset($_POST["mailMe"])) { //TODO aktivieren //mail($Absender, $reason . ": " . $title, "KOPIE IHRER NACHRICHT<br>" . $message, "FROM: $eMail"); } $_SESSION['reglog'] = "contactOk"; header('Location: /helping_supplies/index.php');
$_SESSION['reglog'] = "noAccess"; exit; } //define variables and set to empty values $usernameErr = $nameErr = $eMailErr = $websiteErr = ""; //Daten des Angebots aus DB holen require_once $root . "/helping_supplies/includes/dbConnect.php"; if (isset($_REQUEST['Send'])) { $ErrCounter = 0; $username = filterfunktion($_REQUEST["lName"]); $name = filterfunktion($_REQUEST["name"]); $eMail = filterfunktion($_REQUEST["eMail"]); $oldUsername = filterfunktion($_REQUEST["oldUsername"]); $oldName = filterfunktion($_REQUEST["oldName"]); $oldEMail = filterfunktion($_REQUEST["oldEMail"]); $website = filterfunktion($_REQUEST["website"]); if (!check_email($eMail)) { $eMailErr = "Üngültige E-Mail"; $ErrCounter++; } $sql = "SELECT username,name,email FROM accounts"; $db_erg = mysqli_query($db_link, $sql); while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) { if ($zeile['username'] == $username) { if ($username != $oldUsername) { $usernameErr = "Login Name bereits vergeben"; $ErrCounter++; } } if ($zeile['name'] == $name) { if ($name != $oldName) {