Example #1
0
 function User($name, $age, $username, $password)
 {
     $this->clean_input(set_name($name));
     $this->clean_input(set_age($age));
     $this->clean_input(set_username($username));
     $this->clean_input(set_password($password));
 }
Example #2
0
function guest_register()
{
    global $tshirt_sizes, $enable_tshirt_size, $default_theme;
    $msg = "";
    $nick = "";
    $lastname = "";
    $prename = "";
    $age = "";
    $tel = "";
    $dect = "";
    $mobile = "";
    $mail = "";
    $email_shiftinfo = false;
    $jabber = "";
    $hometown = "";
    $comment = "";
    $tshirt_size = '';
    $password_hash = "";
    $selected_angel_types = array();
    $planned_arrival_date = null;
    $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
    $angel_types = array();
    foreach ($angel_types_source as $angel_type) {
        $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
        if (!$angel_type['restricted']) {
            $selected_angel_types[] = $angel_type['id'];
        }
    }
    if (isset($_REQUEST['submit'])) {
        $ok = true;
        if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
            $nick = User_validate_Nick($_REQUEST['nick']);
            if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
                $ok = false;
                $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true);
            }
        } else {
            $ok = false;
            $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true);
        }
        if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
            $mail = strip_request_item('mail');
            if (!check_email($mail)) {
                $ok = false;
                $msg .= error(_("E-mail address is not correct."), true);
            }
        } else {
            $ok = false;
            $msg .= error(_("Please enter your e-mail."), true);
        }
        if (isset($_REQUEST['email_shiftinfo'])) {
            $email_shiftinfo = true;
        }
        if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
            $jabber = strip_request_item('jabber');
            if (!check_email($jabber)) {
                $ok = false;
                $msg .= error(_("Please check your jabber account information."), true);
            }
        }
        if ($enable_tshirt_size) {
            if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']]) && $_REQUEST['tshirt_size'] != '') {
                $tshirt_size = $_REQUEST['tshirt_size'];
            } else {
                $ok = false;
                $msg .= error(_("Please select your shirt size."), true);
            }
        }
        if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
            if ($_REQUEST['password'] != $_REQUEST['password2']) {
                $ok = false;
                $msg .= error(_("Your passwords don't match."), true);
            }
        } else {
            $ok = false;
            $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true);
        }
        if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) {
            $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp();
        } else {
            $ok = false;
            $msg .= error(_("Please enter your planned date of arrival."), true);
        }
        $selected_angel_types = array();
        foreach ($angel_types as $angel_type_id => $angel_type_name) {
            if (isset($_REQUEST['angel_types_' . $angel_type_id])) {
                $selected_angel_types[] = $angel_type_id;
            }
        }
        // Trivia
        if (isset($_REQUEST['lastname'])) {
            $lastname = strip_request_item('lastname');
        }
        if (isset($_REQUEST['prename'])) {
            $prename = strip_request_item('prename');
        }
        if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
            $age = strip_request_item('age');
        }
        if (isset($_REQUEST['tel'])) {
            $tel = strip_request_item('tel');
        }
        if (isset($_REQUEST['dect'])) {
            $dect = strip_request_item('dect');
        }
        if (isset($_REQUEST['mobile'])) {
            $mobile = strip_request_item('mobile');
        }
        if (isset($_REQUEST['hometown'])) {
            $hometown = strip_request_item('hometown');
        }
        if (isset($_REQUEST['comment'])) {
            $comment = strip_request_item_nl('comment');
        }
        if ($ok) {
            sql_query("\n          INSERT INTO `User` SET \n          `color`='" . sql_escape($default_theme) . "', \n          `Nick`='" . sql_escape($nick) . "', \n          `Vorname`='" . sql_escape($prename) . "', \n          `Name`='" . sql_escape($lastname) . "', \n          `Alter`='" . sql_escape($age) . "', \n          `Telefon`='" . sql_escape($tel) . "', \n          `DECT`='" . sql_escape($dect) . "', \n          `Handy`='" . sql_escape($mobile) . "', \n          `email`='" . sql_escape($mail) . "', \n          `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n          `jabber`='" . sql_escape($jabber) . "',\n          `Size`='" . sql_escape($tshirt_size) . "', \n          `Passwort`='" . sql_escape($password_hash) . "', \n          `kommentar`='" . sql_escape($comment) . "', \n          `Hometown`='" . sql_escape($hometown) . "', \n          `CreateDate`=NOW(), \n          `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n          `arrival_date`=NULL,\n          `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "'");
            // Assign user-group and set password
            $user_id = sql_id();
            sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2");
            set_password($user_id, $_REQUEST['password']);
            // Assign angel-types
            $user_angel_types_info = array();
            foreach ($selected_angel_types as $selected_angel_type_id) {
                sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'");
                $user_angel_types_info[] = $angel_types[$selected_angel_type_id];
            }
            engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info));
            success(_("Angel registration successful!"));
            redirect('?');
        }
    }
    return page_with_title(register_title(), array(_("By completing this form you're registering as a Chaos-Angel. This script will create you an account in the angel task sheduler."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo))))), div('row', array(div('col-sm-6', array(form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()))), div('col-sm-6', array($enable_tshirt_size ? form_select('tshirt_size', _("Shirt size") . ' ' . entry_required(), $tshirt_sizes, $tshirt_size) : '')))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))), form_checkboxes('angel_types', _("What do you want to do?") . sprintf(" (<a href=\"%s\">%s</a>)", page_link_to('angeltypes') . '&action=about', _("Description of job types")), $angel_types, $selected_angel_types), form_info("", _("Restricted angel types need will be confirmed later by an archangel. You can change your selection in the options section.")))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('dect', _("DECT"), $dect))), div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), form_text('jabber', _("Jabber"), $jabber), div('row', array(div('col-sm-6', array(form_text('prename', _("First name"), $prename))), div('col-sm-6', array(form_text('lastname', _("Last name"), $lastname))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-9', array(form_text('hometown', _("Hometown"), $hometown))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register"))))));
}
Example #3
0
function user_settings()
{
    global $enable_tshirt_size, $tshirt_sizes, $themes, $locales;
    global $user;
    $msg = "";
    $nick = $user['Nick'];
    $lastname = $user['Name'];
    $prename = $user['Vorname'];
    $age = $user['Alter'];
    $tel = $user['Telefon'];
    $dect = $user['DECT'];
    $mobile = $user['Handy'];
    $mail = $user['email'];
    $email_shiftinfo = $user['email_shiftinfo'];
    $jabber = $user['jabber'];
    $hometown = $user['Hometown'];
    $tshirt_size = $user['Size'];
    $password_hash = "";
    $selected_theme = $user['color'];
    $selected_language = $user['Sprache'];
    $planned_arrival_date = $user['planned_arrival_date'];
    $planned_departure_date = $user['planned_departure_date'];
    if (isset($_REQUEST['submit'])) {
        $ok = true;
        if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
            $mail = strip_request_item('mail');
            if (!check_email($mail)) {
                $ok = false;
                $msg .= error(_("E-mail address is not correct."), true);
            }
        } else {
            $ok = false;
            $msg .= error(_("Please enter your e-mail."), true);
        }
        $email_shiftinfo = isset($_REQUEST['email_shiftinfo']);
        if (isset($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
            $jabber = strip_request_item('jabber');
            if (!check_email($jabber)) {
                $ok = false;
                $msg .= error(_("Please check your jabber account information."), true);
            }
        }
        if (isset($_REQUEST['tshirt_size']) && isset($tshirt_sizes[$_REQUEST['tshirt_size']])) {
            $tshirt_size = $_REQUEST['tshirt_size'];
        } elseif ($enable_tshirt_size) {
            $ok = false;
        }
        if (isset($_REQUEST['planned_arrival_date']) && DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))) {
            $planned_arrival_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_arrival_date']))->getTimestamp();
        } else {
            $ok = false;
            $msg .= error(_("Please enter your planned date of arrival."), true);
        }
        if (isset($_REQUEST['planned_departure_date']) && $_REQUEST['planned_departure_date'] != '') {
            if (DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))) {
                $planned_departure_date = DateTime::createFromFormat("Y-m-d", trim($_REQUEST['planned_departure_date']))->getTimestamp();
            } else {
                $ok = false;
                $msg .= error(_("Please enter your planned date of departure."), true);
            }
        } else {
            $planned_departure_date = null;
        }
        // Trivia
        if (isset($_REQUEST['lastname'])) {
            $lastname = strip_request_item('lastname');
        }
        if (isset($_REQUEST['prename'])) {
            $prename = strip_request_item('prename');
        }
        if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
            $age = strip_request_item('age');
        }
        if (isset($_REQUEST['tel'])) {
            $tel = strip_request_item('tel');
        }
        if (isset($_REQUEST['dect'])) {
            $dect = strip_request_item('dect');
        }
        if (isset($_REQUEST['mobile'])) {
            $mobile = strip_request_item('mobile');
        }
        if (isset($_REQUEST['hometown'])) {
            $hometown = strip_request_item('hometown');
        }
        if ($ok) {
            sql_query("\n          UPDATE `User` SET\n          `Nick`='" . sql_escape($nick) . "',\n          `Vorname`='" . sql_escape($prename) . "',\n          `Name`='" . sql_escape($lastname) . "',\n          `Alter`='" . sql_escape($age) . "',\n          `Telefon`='" . sql_escape($tel) . "',\n          `DECT`='" . sql_escape($dect) . "',\n          `Handy`='" . sql_escape($mobile) . "',\n          `email`='" . sql_escape($mail) . "',\n          `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ",\n          `jabber`='" . sql_escape($jabber) . "',\n          `Size`='" . sql_escape($tshirt_size) . "',\n          `Hometown`='" . sql_escape($hometown) . "',\n          `planned_arrival_date`='" . sql_escape($planned_arrival_date) . "',\n          `planned_departure_date`=" . sql_null($planned_departure_date) . "\n          WHERE `UID`='" . sql_escape($user['UID']) . "'");
            success(_("Settings saved."));
            redirect(page_link_to('user_settings'));
        }
    } elseif (isset($_REQUEST['submit_password'])) {
        $ok = true;
        if (!isset($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID'])) {
            $msg .= error(_("-> not OK. Please try again."), true);
        } elseif (strlen($_REQUEST['new_password']) < MIN_PASSWORD_LENGTH) {
            $msg .= error(_("Your password is to short (please use at least 6 characters)."), true);
        } elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2']) {
            $msg .= error(_("Your passwords don't match."), true);
        } elseif (set_password($user['UID'], $_REQUEST['new_password'])) {
            success(_("Password saved."));
        } else {
            error(_("Failed setting password."));
        }
        redirect(page_link_to('user_settings'));
    } elseif (isset($_REQUEST['submit_theme'])) {
        $ok = true;
        if (isset($_REQUEST['theme']) && isset($themes[$_REQUEST['theme']])) {
            $selected_theme = $_REQUEST['theme'];
        } else {
            $ok = false;
        }
        if ($ok) {
            sql_query("UPDATE `User` SET `color`='" . sql_escape($selected_theme) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'");
            success(_("Theme changed."));
            redirect(page_link_to('user_settings'));
        }
    } elseif (isset($_REQUEST['submit_language'])) {
        $ok = true;
        if (isset($_REQUEST['language']) && isset($locales[$_REQUEST['language']])) {
            $selected_language = $_REQUEST['language'];
        } else {
            $ok = false;
        }
        if ($ok) {
            sql_query("UPDATE `User` SET `Sprache`='" . sql_escape($selected_language) . "' WHERE `UID`='" . sql_escape($user['UID']) . "'");
            $_SESSION['locale'] = $selected_language;
            success("Language changed.");
            redirect(page_link_to('user_settings'));
        }
    }
    return page_with_title(settings_title(), array($msg, msg(), div('row', array(div('col-md-6', array(form(array(form_info('', _("Here you can change your user details.")), form_info(entry_required() . ' = ' . _("Entry required!")), form_text('nick', _("Nick"), $nick, true), form_text('lastname', _("Last name"), $lastname), form_text('prename', _("First name"), $prename), form_date('planned_arrival_date', _("Planned date of arrival") . ' ' . entry_required(), $planned_arrival_date, time()), form_date('planned_departure_date', _("Planned date of departure"), $planned_departure_date, time()), form_text('age', _("Age"), $age), form_text('tel', _("Phone"), $tel), form_text('dect', _("DECT"), $dect), form_text('mobile', _("Mobile"), $mobile), form_text('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $email_shiftinfo), form_text('jabber', _("Jabber"), $jabber), form_text('hometown', _("Hometown"), $hometown), $enable_tshirt_size ? form_select('tshirt_size', _("Shirt size"), $tshirt_sizes, $tshirt_size) : '', form_info('', _('Please visit the angeltypes page to manage your angeltypes.')), form_submit('submit', _("Save")))))), div('col-md-6', array(form(array(form_info(_("Here you can change your password.")), form_password('password', _("Old password:"******"New password:"******"Password confirmation:")), form_submit('submit_password', _("Save")))), form(array(form_info(_("Here you can choose your color settings:")), form_select('theme', _("Color settings:"), $themes, $selected_theme), form_submit('submit_theme', _("Save")))), form(array(form_info(_("Here you can choose your language:")), form_select('language', _("Language:"), $locales, $selected_language), form_submit('submit_language', _("Save"))))))))));
}
/**
 * User password recovery.
 * (By email)
 */
function user_password_recovery_controller()
{
    if (isset($_REQUEST['token'])) {
        $user_source = User_by_password_recovery_token($_REQUEST['token']);
        if ($user_source === false) {
            engelsystem_error("Unable to load user.");
        }
        if ($user_source == null) {
            error(_("Token is not correct."));
            redirect(page_link_to('login'));
        }
        if (isset($_REQUEST['submit'])) {
            $ok = true;
            if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
                if ($_REQUEST['password'] != $_REQUEST['password2']) {
                    $ok = false;
                    error(_("Your passwords don't match."));
                }
            } else {
                $ok = false;
                error(_("Your password is to short (please use at least 6 characters)."));
            }
            if ($ok) {
                $result = set_password($user_source['UID'], $_REQUEST['password']);
                if ($result === false) {
                    engelsystem_error(_("Password could not be updated."));
                }
                success(_("Password saved."));
                redirect(page_link_to('login'));
            }
        }
        return User_password_set_view();
    } else {
        if (isset($_REQUEST['submit'])) {
            $ok = true;
            if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
                $email = strip_request_item('email');
                if (check_email($email)) {
                    $user_source = User_by_email($email);
                    if ($user_source === false) {
                        engelsystem_error("Unable to load user.");
                    }
                    if ($user_source == null) {
                        $ok = false;
                        error(_("E-mail address is not correct."));
                    }
                } else {
                    $ok = false;
                    error(_("E-mail address is not correct."));
                }
            } else {
                $ok = false;
                error(_("Please enter your e-mail."));
            }
            if ($ok) {
                $token = User_generate_password_recovery_token($user_source);
                if ($token === false) {
                    engelsystem_error("Unable to generate password recovery token.");
                }
                $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
                if ($result === false) {
                    engelsystem_error("Unable to send password recovery email.");
                }
                success(_("We sent an email containing your password recovery link."));
                redirect(page_link_to('login'));
            }
        }
        return User_password_recovery_view();
    }
}
Example #5
0
function admin_user()
{
    global $user, $privileges, $tshirt_sizes, $privileges;
    $html = '';
    if (!isset($_REQUEST['id'])) {
        redirect(users_link());
    }
    $id = $_REQUEST['id'];
    if (!isset($_REQUEST['action'])) {
        $user_source = User($id);
        if ($user_source === false) {
            engelsystem_error('Unable to load user.');
        }
        if ($user_source == null) {
            error(_('This user does not exist.'));
            redirect(users_link());
        }
        $html .= "Hallo,<br />" . "hier kannst du den Eintrag &auml;ndern. Unter dem Punkt 'Gekommen' " . "wird der Engel als anwesend markiert, ein Ja bei Aktiv bedeutet, " . "dass der Engel aktiv war und damit ein Anspruch auf ein T-Shirt hat. " . "Wenn T-Shirt ein 'Ja' enth&auml;lt, bedeutet dies, dass der Engel " . "bereits sein T-Shirt erhalten hat.<br /><br />\n";
        $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save&id={$id}\" method=\"post\">\n";
        $html .= "<table border=\"0\">\n";
        $html .= "<input type=\"hidden\" name=\"Type\" value=\"Normal\">\n";
        $SQL = "SELECT * FROM `User` WHERE `UID`='" . sql_escape($id) . "'";
        list($user_source) = sql_select($SQL);
        $html .= "<tr><td>\n";
        $html .= "<table>\n";
        $html .= "  <tr><td>Nick</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eNick\" value=\"" . $user_source['Nick'] . "\"></td></tr>\n";
        $html .= "  <tr><td>lastLogIn</td><td>" . date("Y-m-d H:i", $user_source['lastLogIn']) . "</td></tr>\n";
        $html .= "  <tr><td>Name</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eName\" value=\"" . $user_source['Name'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Vorname</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eVorname\" value=\"" . $user_source['Vorname'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Alter</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"5\" name=\"eAlter\" value=\"" . $user_source['Alter'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Telefon</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eTelefon\" value=\"" . $user_source['Telefon'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Handy</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eHandy\" value=\"" . $user_source['Handy'] . "\"></td></tr>\n";
        $html .= "  <tr><td>DECT</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"4\" name=\"eDECT\" value=\"" . $user_source['DECT'] . "\"></td></tr>\n";
        $html .= "  <tr><td>email</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"eemail\" value=\"" . $user_source['email'] . "\"></td></tr>\n";
        $html .= "  <tr><td>" . form_checkbox('email_shiftinfo', _("Please send me an email if my shifts change"), $user_source['email_shiftinfo']) . "</td></tr>\n";
        $html .= "  <tr><td>jabber</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"ejabber\" value=\"" . $user_source['jabber'] . "\"></td></tr>\n";
        $html .= "  <tr><td>Size</td><td>" . html_select_key('size', 'eSize', $tshirt_sizes, $user_source['Size']) . "</td></tr>\n";
        $options = array('1' => "Yes", '0' => "No");
        // Gekommen?
        $html .= "  <tr><td>Gekommen</td><td>\n";
        $html .= html_options('eGekommen', $options, $user_source['Gekommen']) . "</td></tr>\n";
        // Aktiv?
        $html .= "  <tr><td>Aktiv</td><td>\n";
        $html .= html_options('eAktiv', $options, $user_source['Aktiv']) . "</td></tr>\n";
        // Aktiv erzwingen
        if (in_array('admin_active', $privileges)) {
            $html .= "  <tr><td>" . _("Force active") . "</td><td>\n";
            $html .= html_options('force_active', $options, $user_source['force_active']) . "</td></tr>\n";
        }
        // T-Shirt bekommen?
        $html .= "  <tr><td>T-Shirt</td><td>\n";
        $html .= html_options('eTshirt', $options, $user_source['Tshirt']) . "</td></tr>\n";
        $html .= "  <tr><td>Hometown</td><td>" . "<input class=\"form-control\" type=\"text\" size=\"40\" name=\"Hometown\" value=\"" . $user_source['Hometown'] . "\"></td></tr>\n";
        $html .= "</table>\n</td><td valign=\"top\"></td></tr>";
        $html .= "</td></tr>\n";
        $html .= "</table>\n<br />\n";
        $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n";
        $html .= "</form>";
        $html .= "<hr />";
        $html .= form_info('', _('Please visit the angeltypes page or the users profile to manage users angeltypes.'));
        $html .= "Hier kannst Du das Passwort dieses Engels neu setzen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=change_pw&id={$id}\" method=\"post\">\n";
        $html .= "<br /><table>\n";
        $html .= "  <tr><td width=\"30%\">Passwort </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw\" value=\"\"></td></tr>\n";
        $html .= "  <tr><td width=\"30%\">Wiederholung </td><td>" . "<input class=\"form-control\" type=\"password\" size=\"40\" name=\"new_pw2\" value=\"\"></td></tr>\n";
        $html .= "</table>";
        $html .= "<div class=\"form-group\"><input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\"></div>\n";
        $html .= "</form>";
        $html .= "<hr />";
        $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id` LIMIT 1");
        if (count($my_highest_group) > 0) {
            $my_highest_group = $my_highest_group[0]['group_id'];
        }
        $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id` LIMIT 1");
        if (count($his_highest_group) > 0) {
            $his_highest_group = $his_highest_group[0]['group_id'];
        }
        if ($id != $user['UID'] && $my_highest_group <= $his_highest_group) {
            $html .= "Hier kannst Du die Benutzergruppen des Engels festlegen:<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=save_groups&id=" . $id . "\" method=\"post\">\n";
            $html .= '<table>';
            $groups = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group) . "' ORDER BY `Groups`.`Name`");
            foreach ($groups as $group) {
                $html .= '<tr><td><input type="checkbox" name="groups[]" value="' . $group['UID'] . '"' . ($group['group_id'] != "" ? ' checked="checked"' : '') . ' /></td><td>' . $group['Name'] . '</td></tr>';
            }
            $html .= '</table>';
            $html .= "<input class=\"btn btn-primary\" type=\"submit\" value=\"Speichern\">\n";
            $html .= "</form>";
            $html .= "<hr />";
        }
        $html .= "<form class=\"admin-user-form\" action=\"" . page_link_to("admin_user") . "&action=delete&id=" . $id . "\" method=\"post\">\n";
        $html .= "<tr><td><input class=\"btn btn-primary\" type=\"submit\" value=\"Löschen\"></td></tr>\n";
        $html .= "</form>";
        $html .= "<hr />";
    } else {
        switch ($_REQUEST['action']) {
            case 'save_groups':
                if ($id != $user['UID']) {
                    $my_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($user['UID']) . "' ORDER BY `group_id`");
                    $his_highest_group = sql_select("SELECT * FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "' ORDER BY `group_id`");
                    if (count($my_highest_group) > 0 && (count($his_highest_group) == 0 || $my_highest_group[0]['group_id'] <= $his_highest_group[0]['group_id'])) {
                        $groups_source = sql_select("SELECT * FROM `Groups` LEFT OUTER JOIN `UserGroups` ON (`UserGroups`.`group_id` = `Groups`.`UID` AND `UserGroups`.`uid` = '" . sql_escape($id) . "') WHERE `Groups`.`UID` >= '" . sql_escape($my_highest_group[0]['group_id']) . "' ORDER BY `Groups`.`Name`");
                        $groups = array();
                        $grouplist = array();
                        foreach ($groups_source as $group) {
                            $groups[$group['UID']] = $group;
                            $grouplist[] = $group['UID'];
                        }
                        if (!is_array($_REQUEST['groups'])) {
                            $_REQUEST['groups'] = array();
                        }
                        sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
                        $user_groups_info = array();
                        foreach ($_REQUEST['groups'] as $group) {
                            if (in_array($group, $grouplist)) {
                                sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($id) . "', `group_id`='" . sql_escape($group) . "'");
                                $user_groups_info[] = $groups[$group]['Name'];
                            }
                        }
                        $user_source = User($id);
                        engelsystem_log("Set groups of " . User_Nick_render($user_source) . " to: " . join(", ", $user_groups_info));
                        $html .= success("Benutzergruppen gespeichert.", true);
                    } else {
                        $html .= error("Du kannst keine Engel mit mehr Rechten bearbeiten.", true);
                    }
                } else {
                    $html .= error("Du kannst Deine eigenen Rechte nicht bearbeiten.", true);
                }
                break;
            case 'delete':
                if ($user['UID'] != $id) {
                    $user_source = sql_select("SELECT `Nick`, `UID` FROM `User` WHERE `UID` = '" . sql_escape($id) . "' LIMIT 1");
                    sql_query("DELETE FROM `User` WHERE `UID`='" . sql_escape($id) . "' LIMIT 1");
                    sql_query("DELETE FROM `UserGroups` WHERE `uid`='" . sql_escape($id) . "'");
                    engelsystem_log("Deleted user " . User_Nick_render($user_source));
                    $html .= success("Benutzer gelöscht!", true);
                } else {
                    $html .= error("Du kannst Dich nicht selber löschen!", true);
                }
                break;
            case 'save':
                $force_active = $user['force_active'];
                if (in_array('admin_active', $privileges)) {
                    $force_active = $_REQUEST['force_active'];
                }
                $SQL = "UPDATE `User` SET \n              `Nick` = '" . sql_escape($_POST["eNick"]) . "', \n              `Name` = '" . sql_escape($_POST["eName"]) . "', \n              `Vorname` = '" . sql_escape($_POST["eVorname"]) . "', \n              `Telefon` = '" . sql_escape($_POST["eTelefon"]) . "', \n              `Handy` = '" . sql_escape($_POST["eHandy"]) . "', \n              `Alter` = '" . sql_escape($_POST["eAlter"]) . "', \n              `DECT` = '" . sql_escape($_POST["eDECT"]) . "', \n              `email` = '" . sql_escape($_POST["eemail"]) . "', \n              `email_shiftinfo` = " . sql_bool(isset($_REQUEST['email_shiftinfo'])) . ", \n              `jabber` = '" . sql_escape($_POST["ejabber"]) . "', \n              `Size` = '" . sql_escape($_POST["eSize"]) . "', \n              `Gekommen`= '" . sql_escape($_POST["eGekommen"]) . "', \n              `Aktiv`= '" . sql_escape($_POST["eAktiv"]) . "', \n              `force_active`= " . sql_escape($force_active) . ", \n              `Tshirt` = '" . sql_escape($_POST["eTshirt"]) . "', \n              `Hometown` = '" . sql_escape($_POST["Hometown"]) . "' \n              WHERE `UID` = '" . sql_escape($id) . "' \n              LIMIT 1";
                sql_query($SQL);
                engelsystem_log("Updated user: "******"eNick"] . ", " . $_POST["eSize"] . ", available: " . $_POST["eGekommen"] . ", active: " . $_POST["eAktiv"] . ", tshirt: " . $_POST["eTshirt"]);
                $html .= success("Änderung wurde gespeichert...\n", true);
                break;
            case 'change_pw':
                if ($_REQUEST['new_pw'] != "" && $_REQUEST['new_pw'] == $_REQUEST['new_pw2']) {
                    set_password($id, $_REQUEST['new_pw']);
                    $user_source = User($id);
                    engelsystem_log("Set new password for " . User_Nick_render($user_source));
                    $html .= success("Passwort neu gesetzt.", true);
                } else {
                    $html .= error("Die Eingaben müssen übereinstimmen und dürfen nicht leer sein!", true);
                }
                break;
        }
    }
    return page_with_title(_('Edit user'), array($html));
}
Example #6
0
/** Renders an error message and a login form
* @param string plain text
* @return null exits
*/
function auth_error($error)
{
    global $adminer, $has_token;
    $error = h($error);
    $session_name = session_name();
    if (isset($_GET["username"])) {
        header("HTTP/1.1 403 Forbidden");
        // 401 requires sending WWW-Authenticate header
        if (($_COOKIE[$session_name] || $_GET[$session_name]) && !$has_token) {
            $error = lang('Session expired, please login again.');
        } else {
            add_invalid_login();
            $password = get_password();
            if ($password !== null) {
                if ($password === false) {
                    $error .= '<br>' . lang('Master password expired. <a href="https://www.adminer.org/en/extension/" target="_blank">Implement</a> %s method to make it permanent.', '<code>permanentLogin()</code>');
                }
                set_password(DRIVER, SERVER, $_GET["username"], null);
            }
            unset_permanent();
        }
    }
    if (!$_COOKIE[$session_name] && $_GET[$session_name] && ini_bool("session.use_only_cookies")) {
        $error = lang('Session support must be enabled.');
    }
    $params = session_get_cookie_params();
    cookie("adminer_key", $_COOKIE["adminer_key"] ? $_COOKIE["adminer_key"] : rand_string(), $params["lifetime"]);
    page_header(lang('Login'), $error, null);
    echo "<form action='' method='post'>\n";
    $adminer->loginForm();
    echo "<div>";
    hidden_fields($_POST, array("auth"));
    // expired session
    echo "</div>\n";
    echo "</form>\n";
    page_footer("auth");
    exit;
}
Example #7
0
function guest_register()
{
    global $default_theme, $genders;
    $msg = "";
    $nick = "";
    $lastname = "";
    $prename = "";
    $age = "";
    $tel = "";
    $mobile = "";
    $mail = "";
    $email_shiftinfo = false;
    $hometown = "";
    $comment = "";
    $password_hash = "";
    $selected_angel_types = array();
    $gender = "none";
    $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`");
    $angel_types = array();
    foreach ($angel_types_source as $angel_type) {
        $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : "");
        if (!$angel_type['restricted']) {
            $selected_angel_types[] = $angel_type['id'];
        }
    }
    if (isset($_REQUEST['submit'])) {
        $ok = true;
        if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) {
            $nick = User_validate_Nick($_REQUEST['nick']);
            if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
                $ok = false;
                $msg .= error(sprintf(_("Your nick &quot;%s&quot; already exists."), $nick), true);
            }
        } else {
            $ok = false;
            $msg .= error(sprintf(_("Your nick &quot;%s&quot; is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true);
        }
        if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
            $mail = strip_request_item('mail');
            if (!check_email($mail)) {
                $ok = false;
                $msg .= error(_("E-mail address is not correct."), true);
            }
        } else {
            $ok = false;
            $msg .= error(_("Please enter your e-mail."), true);
        }
        if (isset($_REQUEST['email_shiftinfo'])) {
            $email_shiftinfo = true;
        }
        if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
            if ($_REQUEST['password'] != $_REQUEST['password2']) {
                $ok = false;
                $msg .= error(_("Your passwords don't match."), true);
            }
        } else {
            $ok = false;
            $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true);
        }
        $selected_angel_types = array();
        foreach ($angel_types as $angel_type_id => $angel_type_name) {
            if (isset($_REQUEST['angel_types_' . $angel_type_id])) {
                $selected_angel_types[] = $angel_type_id;
            }
        }
        // Trivia
        if (isset($_REQUEST['lastname'])) {
            $lastname = strip_request_item('lastname');
        }
        if (isset($_REQUEST['prename'])) {
            $prename = strip_request_item('prename');
        }
        if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) {
            $age = strip_request_item('age');
        }
        if (isset($_REQUEST['tel'])) {
            $tel = strip_request_item('tel');
        }
        if (isset($_REQUEST['mobile'])) {
            $mobile = strip_request_item('mobile');
        }
        if (isset($_REQUEST['hometown'])) {
            $hometown = strip_request_item('hometown');
        }
        if (isset($_REQUEST['comment'])) {
            $comment = strip_request_item_nl('comment');
        }
        if (isset($_REQUEST['gender']) && array_key_exists($_REQUEST['gender'], $genders)) {
            $gender = $_REQUEST['gender'];
        }
        if ($ok) {
            $confirmationToken = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM));
            $confirmationTokenUrl = page_link_to_absolute('user_activate_account') . '&token=' . $confirmationToken;
            sql_query("\n          INSERT INTO `User` SET \n          `color`='" . sql_escape($default_theme) . "', \n          `Nick`='" . sql_escape($nick) . "', \n          `Vorname`='" . sql_escape($prename) . "', \n          `Name`='" . sql_escape($lastname) . "', \n          `Alter`='" . sql_escape($age) . "', \n          `gender`='" . sql_escape($gender) . "',\n          `Telefon`='" . sql_escape($tel) . "', \n          `Handy`='" . sql_escape($mobile) . "', \n          `email`='" . sql_escape($mail) . "', \n          `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n          `Passwort`='" . sql_escape($password_hash) . "', \n          `kommentar`='" . sql_escape($comment) . "', \n          `Hometown`='" . sql_escape($hometown) . "', \n          `CreateDate`=NOW(), \n          `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n          `arrival_date`=NULL,\n          `planned_arrival_date`= 0,\n          `mailaddress_verification_token` = '" . sql_escape($confirmationToken) . "',\n          `user_account_approved` = 0");
            // Assign user-group and set password
            $user_id = sql_id();
            sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2");
            set_password($user_id, $_REQUEST['password']);
            // Assign angel-types
            $user_angel_types_info = array();
            foreach ($selected_angel_types as $selected_angel_type_id) {
                sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'");
                $user_angel_types_info[] = $angel_types[$selected_angel_type_id];
            }
            engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info));
            engelsystem_email($mail, _('Please confirm your eMail-address'), sprintf(_('Hello %1$s! Thanks for signing up at Engelsystem. Please confirm your eMail-address by clicking the following link: %2$s'), $mail, $confirmationTokenUrl));
            success(_("Angel registration successful! Please click the confirmation link in the eMail we sent you to activate your account."));
            redirect('?');
        }
    }
    return page_with_title(register_title(), array(_("By completing this form you're registering as an helper. Please enter a username/nick of your choice, your e-mail adress and your full name. Only your nick will be shown to other users."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please keep me informed by e-mail, e.g. if my shifts change"), $email_shiftinfo))), div('col-sm-4', array(form_text('prename', _("First name") . ' ' . entry_required(), $prename))), div('col-sm-4', array(form_text('lastname', _("Last name") . ' ' . entry_required(), $lastname))))), div('row', array(div('col-sm-6', array()), div('col-sm-6', array()))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-6', array(form_text('comment', _("Additional Information(Language / Profession)"), $comment))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register"))))));
}
Example #8
0
File: admin.php Project: philum/cms
function admin()
{
    $qb = ses('qb');
    $qda = ses('qda');
    $qdu = ses('qdu');
    $USE = ses('USE');
    $auth = ses('auth');
    $admin = $_GET['admin'] ? $_SESSION['admin'] = $_GET['admin'] : $_SESSION['admin'];
    if ($_GET['set']) {
        $_SESSION['set'] = $_GET['set'];
    }
    if ($USE != "") {
        $hubname = rse("hub", $qdu . ' WHERE name="' . $qb . '"');
        if (!$hubname) {
            $hubname = $qb;
        }
        list($autologok, $userhub) = sql('name,hub', 'qdu', 'r', 'ip="' . hostname() . '"');
    }
    $rep = "params";
    //verif_user
    if ($USE != $qb && $USE != "" && $userhub) {
        $hub = lka('/' . $USE, $USE);
    } elseif ($USE != $qb && $USE != "" && $autologok != $USE && $autologok) {
        $alert .= lkc('txtx', '/?log=on', 'autolog') . ' ';
    } elseif ($USE == $qb && !$userhub && prmb(11) >= 4) {
        $alert .= lkc("txtred", "/?log=create_hub", "create_hub!");
    } elseif ($USE == "") {
        $reta = lkc('txtx', htac('module') . 'Home', $qb) . br() . br() . loged($USE, $_SESSION['iq'], "", 7) . br();
    }
    //admin_menu
    $aff = adminauthes();
    if ($admin == "=") {
        $_SESSION['set'] = $_GET['set'] = $USE ? "Global" : "User";
    }
    //defaults
    if ($aff[$_GET['set']]) {
        $admin = key($aff[$_GET['set']]);
    }
    $_SESSION['admin'] = $admin;
    $goto = '/?admin=' . $admin;
    //if(!$userhub){unset($aff['User']['mail']); unset($aff['User']['password']);}
    //auto_select_category
    foreach ($aff as $k => $v) {
        if ($v[$admin]) {
            $_SESSION['set'] = $k;
            $curauth = $v[$admin];
        }
        $raf = array_merge_b($raf, array_keys($v));
    }
    if ($curauth === false) {
        $curauth = 7;
    }
    //login
    if ($USE) {
        $w .= lkc('popw', htac('module') . 'Home', pictxt('home', $hubname)) . ' ';
        $w .= btn("popbt", pictxt('user', $USE . ' ' . asciinb($auth)) . ' (' . nameofauthes($auth) . ')');
    }
    //fastmenu
    $fmn = array('console', 'params', 'restrictions', 'apps', 'css', 'finder', 'templates', 'connectors', 'plugin', 'msql', 'tools', 'pictos', 'stats', 'update');
    foreach ($raf as $v) {
        if (in_array($v, $fmn)) {
            $tit .= lkc(active($admin, $v), htac('admin') . $v, pictit(mimes_types($v), $v)) . ' ';
        }
    }
    $reta .= divc('right', $w . $alert);
    $tit .= lkc('txtit', htac('admin') . $admin, $admin) . ' ';
    if ($admin != "=") {
        $reta .= div('', $tit);
    }
    if ($auth >= 7 && $admin == 'update') {
        $ret = adm_update();
    }
    if ($auth >= $curauth && $curauth) {
        switch ($admin) {
            //global
            case 'console':
                $ret = adm_console($auth);
                break;
            case 'apps':
                require_once 'adminx.php';
                $ret = adm_apps($_GET['set'], '', $_GET['dig']);
                break;
            case 'messages':
                if ($qb == $USE or $auth >= $curauth) {
                    $ret = adm_messages();
                } else {
                    $ret = contact(nms(84), 'txtcadr');
                }
                break;
            case 'hubs':
                $ret = adm_hubs($auth);
                break;
            case 'nodes':
                $ret = adm_nodes($auth, $goto);
                break;
            case 'stats':
                list($p, $o) = explode('/', $_GET['set']);
                $ret = plugin('stats', $p, $o);
                break;
            case 'newsletter':
                $ret = adm_newsletter($_GET['send']);
                break;
            case 'disk':
                $ret = plugin('disk', '', '');
                break;
            case 'share':
                $ret = plugin('share', '', '');
                break;
            case 'tickets':
                $ret = plugin('tickets', '', '');
                break;
            case 'faq':
                $r = msql_read('system', 'program_faq', '');
                $ret = nl2br(stripslashes(make_divtable($r, 1)));
                break;
        }
        //articles
        if ($_SESSION['set'] == 'Articles') {
            switch ($admin) {
                case 'create':
                    $ret = f_inp('', '');
                    break;
                case 'categories':
                    $ret = catarts();
                    break;
                case 'trackbacks':
                    req('mod,art');
                    $ret = trkarts('');
                    break;
                default:
                    $ret = adminarts();
                    break;
            }
        }
        switch ($admin) {
            case 'chat':
                require_once 'art.php';
                $ret = output_trk(read_idy('microchat', 'DESC'));
                break;
            case 'shop':
                $ret = helps('shop_class');
                break;
            case 'book':
                $ret = lkc('txtblc', '/plug/book.php', 'book');
                break;
        }
        //configs
        switch ($admin) {
            case 'restrictions':
                $ret = adm_restrictions();
                break;
            case 'params':
                $ret = adm_params($curauth, rep);
                break;
            case 'avatar':
                if ($USE) {
                    $ret = adm_avatar(0);
                }
                break;
            case 'mail':
                if ($_POST['amail']) {
                    if ($USE == $qb) {
                        $_SESSION['qbin']['adminmail'] = $_POST['amail'];
                    }
                    update('qdu', 'mail', $_POST['amail'], 'name', $USE);
                }
                $ml = rse('mail', $qdu . ' WHERE name = "' . $USE . '"');
                if ($ml) {
                    $valu = input2('text', 'amail', $ml . '" size="35" maxlength="50') . ' ' . input2('submit', 'Submit', 'modif_mail', '');
                }
                $ret = form($goto, $valu);
                break;
            case 'password':
                $ret = set_password($USE);
                break;
            case 'banner':
                $ret = set_ban();
                break;
            case 'descript':
                $ret = editbrain($admin);
                break;
            case 'google':
                $ret = editbrain($admin);
                break;
            case 'members':
                $ret = adm_members_a($auth, $goto);
                break;
            case 'authes':
                $titles = array('fonction', 'auth');
                if (auth(6)) {
                    $ret = msqlink('system', 'admin_authes') . br();
                }
                foreach ($aff as $k => $v) {
                    $datas = '';
                    arsort($v);
                    foreach ($v as $ka => $va) {
                        $datas[$ka] = array($va);
                    }
                    $outre[$k] = make_tables($titles, $datas, 'txtblc', '');
                }
                $ret .= make_tabs($outre, 'at');
                break;
        }
        //constructors
        switch ($admin) {
            case 'css':
                $ret = adm_editcss();
                break;
            case 'fonts':
                $ret = edit_fonts();
                break;
            case 'connectors':
                $ret = data_brain('connectors') . br() . br();
                $ret .= lkc('txtblc', $goto . '&help==', 'connectors_infos') . br();
                if ($_GET['help']) {
                    $ret .= conn_help() . br();
                }
                break;
            case 'modules':
                $ret = data_brain('modules') . br() . br() . adm_mod_hlp($goto);
                break;
            case 'templates':
                $ret = data_brain('template');
                break;
            case 'plugin':
                $ret = adm_plugin();
                break;
            case 'msql':
                $ret = adm_msql();
                break;
            case 'dev':
                $ret = plugin('dev', '', '');
                break;
            case 'editags':
                req('meta');
                $ret = admin_tags(get('set'));
                break;
            case 'finder':
                $ret = call_finder($qb, 'disk');
                break;
            case 'backup':
                $ret = adm_backup($qb, $auth, $goto, $rep);
                break;
            case 'update_notes':
                $ret .= adm_update_notes('', 1);
                break;
            case 'plug':
                $ret .= adm_edit_plug();
                break;
        }
        if ($admin && !$ret && $auth >= $curauth) {
            //editbrain
            $ret = plugin($admin, $_GET['p'], $_GET['o']);
        }
    } else {
        switch ($admin) {
            case 'members':
                $ret = adm_members_b();
                break;
        }
    }
    #render
    if ($_SESSION['admin'] && !$_GET['callj']) {
        $head = $reta . br();
    } else {
        $head = bal('h2', lka('/admin/' . $_SESSION['admin'], $_SESSION['admin'])) . br();
    }
    return $head . $ret;
}
Example #9
0
    if (is_password_set()) {
        echo '{"status":false,"command":"' . $command . '","debug":"The password is already configured, login to change it."}';
    }
    if (set_password($args['password1'])) {
        // proceed to next step, nothing here really...
    } else {
        echo '{"status":false,"command":"' . $command . '","debug":""}';
        exit;
    }
    if (create_session()) {
        echo '{"status":true,"command":"create_password","debug":""}';
    } else {
        echo '{"status":false,"command":"' . $command . '","debug":""}';
    }
} elseif (isset($args['password1']) && !strcmp($args['password1'], $args['password2']) && !strcmp($command, "change_password")) {
    if (set_password($args['password1'])) {
        echo '{"status":true,"command":"' . $command . '","debug":""}';
    } else {
        echo '{"status":false,"command":"' . $command . '","debug":""}';
    }
} elseif (!strcmp($command, "rename")) {
    if (get_magic_quotes_gpc()) {
        $_POST['artist'] = stripslashes($_POST['artist']);
        $_POST['title'] = stripslashes($_POST['title']);
    }
    if (rename_song($args['song_key'], $_POST['artist'], $_POST['title'])) {
        echo '{"status":true,"command":"' . $command . '","debug":"","args":{"song_key":"' . $args['song_key'] . '","artist":"' . escape_for_json($_POST['artist']) . '","title":"' . escape_for_json($_POST['title']) . '"}}';
    } else {
        echo '{"status":false,"command":"' . $command . '","debug":""}';
    }
} elseif (!strcmp($command, "reorder")) {
$include_error = false;
$result = array();
if (!isset($_POST["function"])) {
    $result['error'] = 'Missing function';
    die(json_encode($result));
}
if (!verifiy_hash()) {
    $result['error'] = 'Decode error';
    die(json_encode($result));
}
switch ($_POST["function"]) {
    case "login":
        $result = login();
        break;
    case "set_password":
        $result = set_password();
        break;
        /*    
          case "get_member_details":
            $result = get_member_details();
            break;
        */
    /*    
      case "get_member_details":
        $result = get_member_details();
        break;
    */
    default:
        $result['error'] = 'Unknown function';
        break;
}