<?php
require_once 'runtime.php';
require_once 'lib/core/helper.class.php';
require_once 'lib/core/register.class.php';
require_once 'lib/core/user_old.class.php';
$register = new register();
if (empty($_POST['email'])) {
$smarty->assign('message', Message::getMessage());
$smarty->display("header.tpl.html");
$smarty->display("resend_activation_mail.tpl.html");
$smarty->display("footer.tpl.html");
} else {
$user = User_old::getUserByEmail($_POST['email']);
if ($user) {
if ($user['activated'] != "0") {
if (empty($user['openid'])) {
$new_password = Helper::randomPassword(8);
$register->setNewPassword($new_password, $user['id']);
}
$register->sendRegistrationEmail($user['email'], $user['nickname'], $new_password, $user['activated'], strtotime($user['create_date']), $user['openid']);
header('Location: ./login.php');
} else {
$message[] = array("Der Benutzer mit der Emailadresse {$_POST['email']} wurde bereits freigeschaltet!", 2);
Message::setMessage($message);
header('Location: ./login.php');
}
} else {
$message[] = array("Der Benutzer mit der Emailadresse {$_POST['email']} existiert nicht!", 2);
Message::setMessage($message);
header('Location: ./login.php');
$smarty->assign('community_slogan', $GLOBALS['community_slogan']);
/**
* Auto Login
*/
if ($GLOBALS['installed']) {
//if the user is not logged in and the remember me cookie is set
if (!isset($_SESSION['user_id']) and !empty($_COOKIE["remember_me"])) {
require_once ROOT_DIR . '/lib/core/user_old.class.php';
require_once ROOT_DIR . '/lib/core/UserRememberMeList.class.php';
require_once ROOT_DIR . '/lib/extern/phpass/PasswordHash.php';
//get user_id and password from remember_me cookie
$remember_me_cookie = explode(",", $_COOKIE["remember_me"]);
$user_id = $remember_me_cookie[0];
$password = $remember_me_cookie[1];
//check if the user exists
$user_data = User_old::getUserById($user_id);
if (!empty($user_data)) {
//get the remember_mes of the user from the database
$user_remember_me_list = new UserRememberMeList($user_id, "create_date", "desc");
$user_remember_me_list = $user_remember_me_list->getUserRememberMeList();
//check if any remember me matches the password stored in the cookie
$phpass = new PasswordHash(8, false);
foreach ($user_remember_me_list as $user_remember_me) {
if ($phpass->CheckPassword($password, $user_remember_me->getPassword())) {
//if a remember me matches, then login and set a new random password on the remember me
//store the session-id to the database
$stmt = DB::getInstance()->prepare("UPDATE users SET session_id = ? WHERE id = ?");
$stmt->execute(array(session_id(), $user_data['id']));
//store the
$_SESSION['user_id'] = $user_data['id'];
//generate long random password
/**
* Sets a new password for a user that forgot his password and requested a new password by mail
* @author Clemens John <*****@*****.**>
* @param $new_password_hash the hash of the new password. This hash was sent to the user
* by mail previously and the user sets this hash by clicking on
* the link in the email
* @param $old_password_hash the hash of the old password. This hash was sent to the user
* by mail previously and is used to check if the user is permitted to
* set this user a new password
* @param $user_id id of the user that wants to set a new password
* @return boolean true if the password was changed successfull
*/
public function setNewPassword($new_password_hash, $old_password_hash, $user_id)
{
$user_data = User_old::getUserByID($user_id);
if ($old_password_hash == $user_data['password']) {
$stmt = DB::getInstance()->prepare("UPDATE users SET password = ? WHERE id = ?");
$stmt->execute(array($new_password_hash, $user_id));
if ($stmt->rowCount()) {
$message[] = array("Dem Benutzer {$user_data['nickname']} wurde ein neues Passwort gesetzt", 1);
Message::setMessage($message);
return true;
} else {
$message[] = array("Dem Benutzer {$user_data['nickname']} konnte keine neues Passwort gesetzt werden.", 2);
Message::setMessage($message);
return false;
}
} else {
$message[] = array("Der übergebene Passwordhash des Benutzers {$user_data['nickname']} stimmt nicht mit dem gespeicherten Hash überein.", 2);
$message[] = array("Es wurde kein neues Passwort gesetzt.", 2);
Message::setMessage($message);
return false;
}
}
public function exportUserListAsvCard30()
{
$userlist = User_old::getUserList();
foreach ($userlist as $user) {
$vcardlist .= "BEGIN:VCARD\n";
$vcardlist .= "NICKNAME:{$user['nickname']}\n";
$vcardlist .= "EMAIL:{$user['email']}\n";
if (!empty($user['vorname']) and !empty($user['nachname'])) {
$vcardlist .= "FN:{$user['vorname']} {$user['nachname']}\n";
$vcardlist .= "N:{$user['nachname']};{$user['vorname']};;;\n";
}
$vcardlist .= "VERSION:3.0\n";
$vcardlist .= "END:VCARD\n\n";
}
return $vcardlist;
}
}
} elseif (isset($_POST['openid_identifier']) or isset($_GET['openid_mode'])) {
$status = "";
if (!empty($_POST['openid_identifier'])) {
//login initiation
$consumer = new Zend_OpenId_Consumer();
if (!$consumer->login($_POST['openid_identifier'], "login.php?section=login_send&remember=" . $_POST['remember'])) {
$status = "OpenID Login fehlgeschlagen.";
}
} else {
if (isset($_GET['openid_mode'])) {
//login result from openid server
if ($_GET['openid_mode'] == "id_res") {
$consumer = new Zend_OpenId_Consumer();
if ($consumer->verify($_GET, $id)) {
$user_data = User_old::getUserByOpenID($id);
if (empty($user_data)) {
$messages[] = array("Mit dieser Open-ID ist kein gültiger Benutzer verknüpft.", 2);
Message::setMessage($messages);
header('Location: login.php');
die;
}
} else {
$messages[] = array("Diese Identität ist nicht gültig.", 2);
Message::setMessage($messages);
header('Location: login.php');
die;
}
} else {
if ($_GET['openid_mode'] == "cancel") {
$messages[] = array("Der Loginprozess wurde abgebrochen.", 2);
$smarty->assign('message', Message::getMessage());
if ($_GET['section'] == "edit") {
//Only owner and Root can access this site.
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
$smarty->assign('user', User_old::getUserByID($_GET['user_id']));
$smarty->assign('is_root', Permission::checkPermission(PERM_ROOT, $_SESSION['user_id']));
$smarty->assign('permissions', User_old::getRolesByUserID($_GET['user_id']));
$smarty->display("header.tpl.html");
$smarty->display("user_edit.tpl.html");
$smarty->display("footer.tpl.html");
} else {
Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']);
}
} elseif ($_GET['section'] == "insert_edit") {
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
if (User_old::userInsertEdit($_GET['user_id'], $_POST['changepassword'], $_POST['permission'], $_POST['oldpassword'], $_POST['newpassword'], $_POST['newpasswordchk'], $_POST['openid'], $_POST['vorname'], $_POST['nachname'], $_POST['strasse'], $_POST['plz'], $_POST['ort'], $_POST['telefon'], $_POST['email'], $_POST['jabber'], $_POST['icq'], $_POST['website'], $_POST['about'], $_POST['notification_method'])) {
header('Location: user.php?user_id=' . $_GET['user_id']);
} else {
header('Location: user_edit.php?section=edit&user_id=' . $_GET['user_id']);
}
} else {
Permission::denyAccess(PERM_ROOT, (int) $_GET['user_id']);
}
} elseif ($_GET['section'] == "delete") {
if (permission::checkIfUserIsOwnerOrPermitted(PERM_ROOT, (int) $_GET['user_id'])) {
if ($_POST['delete'] == "true") {
//fetch user data
$user = new User((int) $_GET['user_id']);
$user->fetch();
//logout user if the logged in user is the user to be deleted
if ($_GET['user_id'] == $_SESSION['user_id']) {
