function user_atom() { global $ical_shifts, $user, $DISPLAY_NEWS; if (isset($_REQUEST['key']) && preg_match("/^[0-9a-f]{32}\$/", $_REQUEST['key'])) { $key = $_REQUEST['key']; } else { die("Missing key."); } $user = User_by_api_key($key); if ($user === false) { die("Unable to find user."); } if ($user == null) { die("Key invalid."); } if (!in_array('atom', privileges_for_user($user['UID']))) { die("No privilege for atom."); } $news = sql_select("SELECT * FROM `News` " . (empty($_REQUEST['meetings']) ? '' : 'WHERE `Treffen` = 1 ') . "ORDER BY `ID` DESC LIMIT " . sql_escape($DISPLAY_NEWS)); header('Content-Type: application/atom+xml; charset=utf-8'); $html = '<?xml version="1.0" encoding="utf-8"?> <feed xmlns="http://www.w3.org/2005/Atom"> <title>Engelsystem</title> <id>' . $_SERVER['HTTP_HOST'] . htmlspecialchars(preg_replace('#[&?]key=[a-f0-9]{32}#', '', $_SERVER['REQUEST_URI'])) . '</id> <updated>' . date('Y-m-d\\TH:i:sP', $news[0]['Datum']) . "</updated>\n"; foreach ($news as $news_entry) { $html .= " <entry>\n <title>" . htmlspecialchars($news_entry['Betreff']) . "</title>\n <link href=\"" . page_link_to_absolute("news_comments&nid=") . "{$news_entry['ID']}\"/>\n <id>" . preg_replace('#^https?://#', '', page_link_to_absolute("news")) . "-{$news_entry['ID']}</id>\n <updated>" . date('Y-m-d\\TH:i:sP', $news_entry['Datum']) . "</updated>\n <summary type=\"html\">" . htmlspecialchars($news_entry['Text']) . "</summary>\n </entry>\n"; } $html .= "</feed>"; header("Content-Length: " . strlen($html)); echo $html; die; }
function make_user_shifts_export_link($page, $key) { $link = "&start_day=" . $_SESSION['user_shifts']['start_day']; $link = "&start_time=" . $_SESSION['user_shifts']['start_time']; $link = "&end_day=" . $_SESSION['user_shifts']['end_day']; $link = "&end_time=" . $_SESSION['user_shifts']['end_time']; foreach ($_SESSION['user_shifts']['rooms'] as $room) { $link .= '&rooms[]=' . $room; } foreach ($_SESSION['user_shifts']['types'] as $type) { $link .= '&types[]=' . $type; } foreach ($_SESSION['user_shifts']['filled'] as $filled) { $link .= '&filled[]=' . $filled; } return page_link_to_absolute($page) . $link . '&export=user_shifts&key=' . $key; }
function user_send_verification_email($mail, $confirmationToken) { $confirmationTokenUrl = page_link_to_absolute('user_activate_account') . '&token=' . $confirmationToken; engelsystem_email($mail, _('Please confirm your eMail-address'), sprintf(_('Hello %1$s! Thanks for signing up at Engelsystem. Please confirm your eMail-address by clicking the following link: %2$s'), $mail, $confirmationTokenUrl)); }
function guest_register() { global $default_theme, $genders; $msg = ""; $nick = ""; $lastname = ""; $prename = ""; $age = ""; $tel = ""; $mobile = ""; $mail = ""; $email_shiftinfo = false; $hometown = ""; $comment = ""; $password_hash = ""; $selected_angel_types = array(); $gender = "none"; $angel_types_source = sql_select("SELECT * FROM `AngelTypes` ORDER BY `name`"); $angel_types = array(); foreach ($angel_types_source as $angel_type) { $angel_types[$angel_type['id']] = $angel_type['name'] . ($angel_type['restricted'] ? " (restricted)" : ""); if (!$angel_type['restricted']) { $selected_angel_types[] = $angel_type['id']; } } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 1) { $nick = User_validate_Nick($_REQUEST['nick']); if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { $ok = false; $msg .= error(sprintf(_("Your nick "%s" already exists."), $nick), true); } } else { $ok = false; $msg .= error(sprintf(_("Your nick "%s" is too short (min. 2 characters)."), User_validate_Nick($_REQUEST['nick'])), true); } if (isset($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { $mail = strip_request_item('mail'); if (!check_email($mail)) { $ok = false; $msg .= error(_("E-mail address is not correct."), true); } } else { $ok = false; $msg .= error(_("Please enter your e-mail."), true); } if (isset($_REQUEST['email_shiftinfo'])) { $email_shiftinfo = true; } if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; $msg .= error(_("Your passwords don't match."), true); } } else { $ok = false; $msg .= error(sprintf(_("Your password is too short (please use at least %s characters)."), MIN_PASSWORD_LENGTH), true); } $selected_angel_types = array(); foreach ($angel_types as $angel_type_id => $angel_type_name) { if (isset($_REQUEST['angel_types_' . $angel_type_id])) { $selected_angel_types[] = $angel_type_id; } } // Trivia if (isset($_REQUEST['lastname'])) { $lastname = strip_request_item('lastname'); } if (isset($_REQUEST['prename'])) { $prename = strip_request_item('prename'); } if (isset($_REQUEST['age']) && preg_match("/^[0-9]{0,4}\$/", $_REQUEST['age'])) { $age = strip_request_item('age'); } if (isset($_REQUEST['tel'])) { $tel = strip_request_item('tel'); } if (isset($_REQUEST['mobile'])) { $mobile = strip_request_item('mobile'); } if (isset($_REQUEST['hometown'])) { $hometown = strip_request_item('hometown'); } if (isset($_REQUEST['comment'])) { $comment = strip_request_item_nl('comment'); } if (isset($_REQUEST['gender']) && array_key_exists($_REQUEST['gender'], $genders)) { $gender = $_REQUEST['gender']; } if ($ok) { $confirmationToken = bin2hex(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)); $confirmationTokenUrl = page_link_to_absolute('user_activate_account') . '&token=' . $confirmationToken; sql_query("\n INSERT INTO `User` SET \n `color`='" . sql_escape($default_theme) . "', \n `Nick`='" . sql_escape($nick) . "', \n `Vorname`='" . sql_escape($prename) . "', \n `Name`='" . sql_escape($lastname) . "', \n `Alter`='" . sql_escape($age) . "', \n `gender`='" . sql_escape($gender) . "',\n `Telefon`='" . sql_escape($tel) . "', \n `Handy`='" . sql_escape($mobile) . "', \n `email`='" . sql_escape($mail) . "', \n `email_shiftinfo`=" . sql_bool($email_shiftinfo) . ", \n `Passwort`='" . sql_escape($password_hash) . "', \n `kommentar`='" . sql_escape($comment) . "', \n `Hometown`='" . sql_escape($hometown) . "', \n `CreateDate`=NOW(), \n `Sprache`='" . sql_escape($_SESSION["locale"]) . "',\n `arrival_date`=NULL,\n `planned_arrival_date`= 0,\n `mailaddress_verification_token` = '" . sql_escape($confirmationToken) . "',\n `user_account_approved` = 0"); // Assign user-group and set password $user_id = sql_id(); sql_query("INSERT INTO `UserGroups` SET `uid`='" . sql_escape($user_id) . "', `group_id`=-2"); set_password($user_id, $_REQUEST['password']); // Assign angel-types $user_angel_types_info = array(); foreach ($selected_angel_types as $selected_angel_type_id) { sql_query("INSERT INTO `UserAngelTypes` SET `user_id`='" . sql_escape($user_id) . "', `angeltype_id`='" . sql_escape($selected_angel_type_id) . "'"); $user_angel_types_info[] = $angel_types[$selected_angel_type_id]; } engelsystem_log("User " . $nick . " signed up as: " . join(", ", $user_angel_types_info)); engelsystem_email($mail, _('Please confirm your eMail-address'), sprintf(_('Hello %1$s! Thanks for signing up at Engelsystem. Please confirm your eMail-address by clicking the following link: %2$s'), $mail, $confirmationTokenUrl)); success(_("Angel registration successful! Please click the confirmation link in the eMail we sent you to activate your account.")); redirect('?'); } } return page_with_title(register_title(), array(_("By completing this form you're registering as an helper. Please enter a username/nick of your choice, your e-mail adress and your full name. Only your nick will be shown to other users."), $msg, msg(), form(array(div('row', array(div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('nick', _("Nick") . ' ' . entry_required(), $nick))), div('col-sm-8', array(form_email('mail', _("E-Mail") . ' ' . entry_required(), $mail), form_checkbox('email_shiftinfo', _("Please keep me informed by e-mail, e.g. if my shifts change"), $email_shiftinfo))), div('col-sm-4', array(form_text('prename', _("First name") . ' ' . entry_required(), $prename))), div('col-sm-4', array(form_text('lastname', _("Last name") . ' ' . entry_required(), $lastname))))), div('row', array(div('col-sm-6', array()), div('col-sm-6', array()))), div('row', array(div('col-sm-6', array(form_password('password', _("Password") . ' ' . entry_required()))), div('col-sm-6', array(form_password('password2', _("Confirm password") . ' ' . entry_required()))))))), div('col-md-6', array(div('row', array(div('col-sm-4', array(form_text('mobile', _("Mobile"), $mobile))), div('col-sm-4', array(form_text('tel', _("Phone"), $tel))))), div('row', array(div('col-sm-3', array(form_text('age', _("Age"), $age))), div('col-sm-6', array(form_text('comment', _("Additional Information(Language / Profession)"), $comment))))), form_info(entry_required() . ' = ' . _("Entry required!")))))), form_submit('submit', _("Register")))))); }
/** * User password recovery. * (By email) */ function user_password_recovery_controller() { if (isset($_REQUEST['token'])) { $user_source = User_by_password_recovery_token($_REQUEST['token']); if ($user_source === false) { engelsystem_error("Unable to load user."); } if ($user_source == null) { error(_("Token is not correct.")); redirect(page_link_to('login')); } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; error(_("Your passwords don't match.")); } } else { $ok = false; error(_("Your password is to short (please use at least 6 characters).")); } if ($ok) { $result = set_password($user_source['UID'], $_REQUEST['password']); if ($result === false) { engelsystem_error(_("Password could not be updated.")); } success(_("Password saved.")); redirect(page_link_to('login')); } } return User_password_set_view(); } else { if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) { $email = strip_request_item('email'); if (check_email($email)) { $user_source = User_by_email($email); if ($user_source === false) { engelsystem_error("Unable to load user."); } if ($user_source == null) { $ok = false; error(_("E-mail address is not correct.")); } } else { $ok = false; error(_("E-mail address is not correct.")); } } else { $ok = false; error(_("Please enter your e-mail.")); } if ($ok) { $token = User_generate_password_recovery_token($user_source); if ($token === false) { engelsystem_error("Unable to generate password recovery token."); } $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token)); if ($result === false) { engelsystem_error("Unable to send password recovery email."); } success(_("We sent an email containing your password recovery link.")); redirect(page_link_to('login')); } } return User_password_recovery_view(); } }
function guest_login() { global $user, $privileges; $nick = ""; // unset($_SESSION['uid']); if (isset($user) && isset($_SESSION['uid'])) { //assume that a safe loggedin redirect(page_link_to('dashboard')); } if (isset($_REQUEST['submit'])) { $ok = true; if (isset($_REQUEST['nick']) && strlen(User_validate_Nick($_REQUEST['nick'])) > 0) { $nick = User_validate_Nick($_REQUEST['nick']); $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'"); if (count($login_user) > 0) { $login_user = $login_user[0]; if (isset($_REQUEST['password'])) { if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) { $ok = false; error(_("Your password is incorrect. Please try it again.")); } else { //password is okay, check confirmaiton if ($login_user['user_account_approved'] !== '1') { $ok = false; error(_("Your account is not confirmed yet. Please click the link in the mail we sent you. To resend your verification E-Mail click ") . "<a href=\"" . page_link_to_absolute('user_resend_verification_token') . '&uid=' . $login_user['UID'] . "\">" . _("here") . "</a>." . _("If you didn't get an eMail, ask a dispatcher.")); } } } else { $ok = false; error(_("Please enter a password.")); } } else { $ok = false; error(_("No user was found with that Nickname. Please try again. If you are still having problems, ask an Dispatcher.")); } } else { $ok = false; error(_("Please enter a nickname.")); } if ($ok) { $_SESSION['uid'] = $login_user['UID']; $_SESSION['locale'] = $login_user['Sprache']; redirect(page_link_to('shifts')); } } if (in_array('register', $privileges)) { $register_hint = join('', array('<p>' . _("Please sign up, if you want to help us!") . '</p>', buttons(array(button(page_link_to('register'), register_title() . ' »'))))); } else { $register_hint = join('', array(error(_('Registration is disabled.'), true))); } return page_with_title(login_title(), array(msg(), '<div class="row"><div class="col-md-6">', form(array(form_text('nick', _("Nick"), $nick), form_password('password', _("Password")), form_submit('submit', _("Login")), buttons(array(button(page_link_to('user_password_recovery'), _("I forgot my password")), button(page_link_to('user_resend_verification_token'), _("Request E-Mail verification token")))), info(_("Please note: You have to activate cookies!"), true))), '</div></div>')); }
function user_send_verification_email($mail, $confirmationToken) { global $customization; $confirmationTokenUrl = page_link_to_absolute('user_activate_account') . '&token=' . $confirmationToken; $signature = $customization['instance_name']; $mailText = _('Hello %1$s! Thanks for signing up at Engelsystem. Please confirm your eMail-address by clicking the following link: %2$s %3$s'); engelsystem_email($mail, _('Please confirm your eMail-address'), sprintf($mailText, $mail, $confirmationTokenUrl, $signature)); }