function gbook_input()
{
global $_site, $gb_name, $gb_mail, $gb_icq, $gb_text, $gb_homepage, $REMOTE_ADDR, $input;
$error = '';
if ($input == 'true') {
if ($gb_name == '') {
$error .= "<li class=\"error\">Es wurde kein Name angegeben.</li>\r\n";
}
if ($gb_text == '') {
$error .= "<li class=\"error\">Es wurde kein Nachrichtentext eingegeben.</li>\r\n";
}
if ($gb_mail != '') {
if (!isEMailAddress($gb_mail)) {
$error .= "<li class=\"error\">Die Email-Adresse ist ungültig.</li>\r\n";
}
}
if ($gb_icq != '') {
if (!isIcqNumber($gb_icq)) {
$error .= "<li class=\"error\">Die Icq-Nummer ist ungültig.</li>\n";
} else {
$gb_icq = str_replace('-', '', $gb_icq);
}
}
if ($gb_homepage == 'http://') {
$gb_homepage = '';
}
}
if ($error == '' && $input == 'true') {
$sql = "INSERT INTO " . DB_PREFIX . "guestbook (name, ip, date, message, mail, icq, homepage, host)\r\n\t\t\t\tVALUES ('{$gb_name}', '{$REMOTE_ADDR}', '" . mktime() . "', '{$gb_text}', '{$gb_mail}', '{$gb_icq}', '{$gb_homepage}', '" . gethostbyaddr($REMOTE_ADDR) . "')";
db_result($sql);
$gb_name = '';
$gb_mail = '';
$gb_icq = '';
$gb_homepage = 'http://';
$gb_text = '';
}
if ($gb_homepage == '') {
$gb_homepage = 'http://';
}
if ($error != '') {
$error = "Folgende Fehler sind aufgetreten:\r\n\t<ul>" . $error . "</ul>";
}
$text = "<div class=\"gbook\">\r\n\t<div class=\"error\">" . $error . "</div>\r\n\t<form method=\"post\" action=\"index.php?site=" . $_site . "\">\r\n\t\t<input type=\"hidden\" name=\"input\" value=\"true\" />\r\n\t\t<table class=\"gbook\">\r\n\t\t\t<tr>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<label>Name:</label>\r\n\t\t\t\t</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<input type=\"text\" name=\"gb_name\" value=\"" . $gb_name . "\" />\r\n\t\t\t\t</td>\r\n\t\t\t</tr>\t\r\n\t\t\t<tr>\r\n\t\t\t\t\t<td>\r\n\t\t\t\t\t<label>Email:</label>\r\n\t\t\t\t</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<input type=\"text\" name=\"gb_mail\" value=\"" . $gb_mail . "\" />\r\n\t\t\t\t</td>\r\n\t\t\t</tr>\r\n\t\t\t<tr>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<label>ICQ:</label>\r\n\t\t\t\t</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<input type=\"text\" name=\"gb_icq\" value=\"" . $gb_icq . "\" />\r\n\t\t\t\t</td>\r\n\t\t\t</tr>\r\n\t\t\t<tr>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<label>Homepage:</label>\r\n\t\t\t\t</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<input type=\"text\" name=\"gb_homepage\" value=\"" . $gb_homepage . "\" />\r\n\t\t\t\t</td>\r\n\t\t\t</tr>\r\n\t\t\t<tr>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<label>Nachricht:</label>\r\n\t\t\t\t</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<textarea name=\"gb_text\">" . $gb_text . "</textarea>\r\n\t\t\t\t</td>\r\n\t\t\t</tr>\r\n\t\t\t<tr>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<input type=\"reset\" value=\"Zurücksetzen\" class=\"button\" />\r\n\t\t\t\t</td>\r\n\t\t\t\t<td>\r\n\t\t\t\t\t<input class=\"button\" type=\"submit\" value=\"Eintragen\" />\r\n\t\t\t\t/td>\r\n\t\t\t</tr>\r\n\t\t</table>\r\n\t</form>\r\n</div>";
return $text;
}
/**
*
* string page_users()
* returns the user-admin-page where you can add, change and delete users
*
*/
function page_users()
{
global $_GET, $_POST, $PHP_SELF, $admin_lang, $actual_user_id, $actual_user_passwd_md5, $actual_user_online_id, $actual_user_online_id, $_SERVER, $user;
$out = "";
if (isset($_GET['action']) || isset($_POST['action'])) {
if (isset($_GET['action'])) {
$action = $_GET['action'];
} else {
$action = $_POST['action'];
}
$user_id = GetPostOrGet('user_id', 0);
$user_name = GetPostOrGet('user_name', '');
$user_showname = GetPostOrGet('user_showname', '');
$user_email = GetPostOrGet('user_email', '');
$user_icq = GetPostOrGet('user_icq', '');
$user_admin = GetPostOrGet('user_admin', '');
$user_password = GetPostOrGet('user_password', '');
$user_password_confirm = GetPostOrGet('user_password_confirm', '');
if ($action == "add") {
if ($user_name == "" || $user_showname == "" || $user_password == "" || $user_password != $user_password_confirm) {
$action = "add-error";
} elseif ($user_email != "" && !isEMailAddress($user_email)) {
$action = "add-error";
} elseif ($user_icq != "" && !isIcqNumber($user_icq)) {
$action = "add-error";
} else {
if ($user_admin == "on") {
$user_admin = "y";
} else {
$user_admin = "n";
}
$user_icq = str_replace("-", "", $user_icq);
$user_password = md5($user_password);
$sql = "INSERT INTO " . DB_PREFIX . "users\r\n\t\t\t\t\t\t(user_showname, user_name, user_password, user_registerdate, user_admin, user_icq, user_email)\r\n\t\t\t\t\t\tVALUES ('{$user_showname}', '{$user_name}', '{$user_password}', '" . mktime() . "', '{$user_admin}', '{$user_icq}', '{$user_email}')";
db_result($sql);
}
} elseif ($action == "save") {
if ($user_name == "" || $user_showname == "" || $user_password != $user_password_confirm) {
$action = "save-error";
} elseif ($user_email != "" && !isEMailAddress($user_email)) {
$action = "save-error";
} elseif ($user_icq != "" && !isIcqNumber($user_icq)) {
$action = "save-error";
} else {
if ($user_password != "") {
$user_password = "******" . md5($user_password) . "'";
}
if ($user_admin == "on") {
$user_admin = "user_admin= 'y', ";
} else {
$user_admin = "user_admin= 'n', ";
}
$user_icq = str_replace("-", "", $user_icq);
if ($user_id == $user->ID) {
if ($user_password_confirm != "") {
$actual_user_passwd_md5 = md5($user_password_confirm);
}
$actual_user_name = $user_name;
setcookie("CMS_user_cookie", $actual_user_online_id . "|" . $actual_user_name . "|" . $actual_user_passwd_md5, time() + 14400);
}
$sql = "UPDATE " . DB_PREFIX . "users\r\n\t\t\t\t\tSET user_showname='{$user_showname}', user_name='{$user_name}', user_email='{$user_email}', {$user_admin} user_icq='{$user_icq}'{$user_password}\r\n\t\t\t\t\tWHERE user_id={$user_id}";
db_result($sql);
}
} elseif ($action == "delete") {
if (isset($_GET['sure']) || isset($_POST['sure'])) {
if (isset($_GET['sure'])) {
$sure = $_GET['sure'];
} else {
$sure = $_POST['sure'];
}
if ($sure == 1 && $user_id != $user->ID) {
$sql = "SELECT *\r\n\t\t\t\t\t\t\tFROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\t\tWHERE user_id={$user_id}";
$result = db_result($sql);
$user_data = mysql_fetch_object($result);
$sql = "DELETE FROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\t\tWHERE user_id={$user_id}";
db_result($sql);
$out .= "Der Benutzer "" . $user_data->user_showname . "" ist nun unwiederuflich gelöscht worden!<br />";
}
} else {
$sql = "SELECT *\r\n\t\t\t\t\t\tFROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\tWHERE user_id={$user_id}";
$result = db_result($sql);
$user = mysql_fetch_object($result);
$out .= "Den Benutzer "" . $user->user_showname . "" unwiederruflich löschen?<br />\r\n\t\t\t\t<a href=\"admin.php?page=users&action=delete&user_id=" . $user_id . "&sure=1\" title=\"Wirklich Löschen\" class=\"button\">" . $admin_lang['yes'] . "</a>\r\n\t\t\t\t<a href=\"admin.php?page=users\" title=\"Nicht Löschen\" class=\"button\">" . $admin_lang['no'] . "</a>";
return $out;
}
}
if ($action == "edit" || $action == "new" || $action == "add-error" || $action == "save-error") {
if ($user_id != 0 || $action == "new" || $action == "add-error" || $action == "save-error") {
if ($user_id != 0) {
$sql = "SELECT *\r\n\t\t\t\t\t\t\tFROM " . DB_PREFIX . "users\r\n\t\t\t\t\t\t\tWHERE user_id={$user_id}";
$user_result = db_result($sql);
if (($user = mysql_fetch_object($user_result)) || $action == "new") {
if ($action != "save-error") {
$user_showname = $user->user_showname;
$user_name = $user->user_name;
$user_email = $user->user_email;
$user_icq = $user->user_icq;
$user_admin = $user->user_admin;
}
}
}
$out .= "\t\t\t<form action=\"" . $_SERVER['PHP_SELF'] . "\" method=\"post\">\r\n\t\t\t\t<input type=\"hidden\" name=\"page\" value=\"users\"/>\r\n";
if ($action == "new" || $action == "add-error") {
$out .= "\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"add\"/>\r\n";
} else {
$out .= "\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"save\"/>\r\n\t\t\t\t<input type=\"hidden\" name=\"user_id\" value=\"" . $user_id . "\"/>\r\n";
}
$out .= "\t\t\t\t<fieldset><legend>Benutzer</legend>\r\n\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Anzeigename:</strong>";
if ($action == "add-error" || $action == "save-error" && $user_showname == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Der Anzeigename darf nicht leer sein.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Der Name wird immer angezeigt, wenn der Benutzer z.B. einen News-Eintrag geschrieben hat.(Notwendig)</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"text\" name=\"user_showname\" value=\"" . $user_showname . "\" />\r\n\t\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Nick:</strong>\r\n";
if ($action == "add-error" || $action == "save-error" && $user_name == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Der Nick muss angegeben werden.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Mit dem Nick kann sich der Benutzer einloggen, so muss er nicht seinen unter Umständen komplizierten Namen,der angezeigt wird, eingeben muss. (Notwendig)</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"text\" name=\"user_name\" value=\"" . $user_name . "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>E-Mail:</strong>\r\n";
if ($action == "add-error" || $action == "save-error" && $user_email != "" && !isEMailAddress($user_email)) {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Die Angegebene E-Mail-Adresse ist ungültig.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Über die Egl-Mail-Adresse wird der Benutzer kontaktiert. Sie ist also notwendig.</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"text\" name=\"user_email\" value=\"" . $user_email . "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>ICQ:</strong>\r\n";
if (($action == "add-error" || $action == "save-error") && ($user_icq != "" && !isIcqNumber($user_icq))) {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Die Angegebene ICQ-Nummer ist ungültig.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Die ICQ Nummer kann angegben werden, ist aber nicht dirngend notwendig.</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"text\" name=\"user_icq\" value=\"" . $user_icq . "\" maxlength=\"12\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Passwort:</strong>\r\n";
if (($action == "add-error" || $action == "save-error") && $user_password != "" && $user_password_confirm != "" && $user_password != $user_password_confirm) {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Das Passwort und seine Wiederholung sind ungleich</span>\r\n";
$user_password = "";
$user_password_confirm = "rep-wrong";
} elseif ($action == "add-error" && $user_password == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Das Passwort fehlt.</span>\r\n";
$user_password_confirm = "";
} elseif ($action == "save-error" && $user_password_confirm != "" && $user_password == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Das Passwort fehlt obwohl die Wiederholung angegeben war.</span>\r\n";
$user_password_confirm = "";
}
if ($action == "add-error" && $user_password_confirm == "" && $user_password != "") {
$user_password = "";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Mit diesem Passwort kann sich der Benutzer in die geschätzten Bereiche einloggen. (";
if ($action == "save-error" || $action == "edit") {
$out .= "Wenn beide Felder für das Passwort leer gelassen werden, wird das Passwort nicht verändert.";
} elseif ($action == "add-error" || $action == "new") {
$out .= "Notwendig";
}
$out .= ")</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"password\" name=\"user_password\" value=\"" . "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Passwort wiederholen:</strong>\r\n";
if (($action == "add-error" || $action == "save-error") && $user_password == "" && $user_password_confirm == "rep-wrong") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Das Passwort und seine Wiederholung sind ungleich</span>\r\n";
$user_password = "";
$user_password_confirm = "";
} elseif ($action == "add-error" && $user_password_confirm == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Die Wiederholung des Passwortes fehlt.</span>\r\n";
} elseif ($action == "save-error" && $user_password != "" && $user_password_confirm == "") {
$out .= "\t\t\t\t\t\t\t<span class=\"error\">Die Wiederholung des Passwortes fehlt.</span>\r\n";
}
$out .= "\t\t\t\t\t\t\t<span class=\"info\">Durch eine Wiederholung wird sichergestellt, dass man sich bei der Eingabe nicht vertippt hat.";
if ($action == "add-error" || $action == "add") {
$out .= "(Notwendig)";
}
$out .= "</span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"password\" name=\"user_password_confirm\" value=\"" . "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t<label><strong>Administrator:</strong>\r\n\t\t\t\t\t\t\t<span class=\"info\">Ist ein Benutzer Administrator so hat er keinerlei Einschränkungen in seinem Handeln. <strong>Nur auswählen wenn es wirklich Notwendig ist.</strong></span>\r\n\t\t\t\t\t\t</label>\r\n\t\t\t\t\t\t\t<input type=\"checkbox\" name=\"user_admin\"";
if ($user_admin == "y" || $user_admin == "on") {
$out .= " checked=\"true\"";
}
$out .= "/>\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t\t\t<div class=\"row\">\r\n\t\t\t\t\t\t\t<input type=\"submit\" class=\"button\" value=\"";
if ($action == "new") {
$out .= $admin_lang['create'];
} else {
$out .= $admin_lang['save'];
}
$out .= "\" />\r\n\t\t\t\t\t\t</div>\r\n\t\t\t\t</fieldset>\r\n\t\t\t</form>";
return $out;
}
}
}
$out .= "\t\t\t<table class=\"text_table full_width\">\r\n\t\t\t\t<tr>\r\n\t\t\t\t\t<th>" . $admin_lang['name'] . "</th>\r\n\t\t\t\t\t<th>Kürzel</th>\r\n\t\t\t\t\t<th>Email</th>\r\n\t\t\t\t\t<th>Admin</th>\r\n\t\t\t\t\t<th>Aktionen</th>\r\n\t\t\t\t</tr>\r\n";
$users_result = db_result("SELECT * FROM " . DB_PREFIX . "users");
while ($user_db = mysql_fetch_object($users_result)) {
$out .= "\t\t\t\t<tr>\r\n\t\t\t\t\t<td>{$user_db->user_showname}</td>\r\n\t\t\t\t\t<td>{$user_db->user_name}</td>\r\n\t\t\t\t\t<td>{$user_db->user_email}</td>\r\n\t\t\t\t\t<td>";
if ($user_db->user_admin == 'y') {
$out .= $admin_lang['yes'];
} else {
$out .= $admin_lang['no'];
}
$out .= "</td>\r\n\t\t\t\t\t<td><a href=\"" . $PHP_SELF . "?page=users&action=edit&user_id=" . $user_db->user_id . "\" ><img src=\"./img/edit.png\" height=\"16\" width=\"16\" alt=\"" . $admin_lang['edit'] . "\" title=\"" . $admin_lang['edit'] . "\"/></a>";
if ($user->ID == $user_db->user_id) {
$out .= " ";
} else {
$out .= "<a href=\"" . $PHP_SELF . "?page=users&action=delete&user_id=" . $user_db->user_id . "\" ><img src=\"./img/del.png\" height=\"16\" width=\"16\" alt=\"" . $admin_lang['delete'] . "\" title=\"" . $admin_lang['delete'] . "\"/></a>";
}
$out .= "</td>\r\n\t\t\t\t</tr>\r\n";
}
//<tr><td colspan="7"><a href="<?php echo $PHP_SELF."?newuser=y"; " />Neuen User hinzufügen</a></td></tr>
$out .= "\t\t\t</table>\r\n\t\t\t<a href=\"" . $PHP_SELF . "?page=users&action=new\" title=\"Einen neuen Benutzer erstellen\" class=\"button\">Neuen Benutzer erstellen</a>";
//( if(!isset($pw)) { $pw = "1"; } if(!isset($pwwdh)) { $pwwdh= "1"; } if($pw!=$pwwdh) { echo "<h3>Die Wiederhohlung des Passwortes ist fehlerhaft...<br>Aus diesem Grund wurde der Eintrag nicht gespeichert.</h3>"; }
return $out;
}
/**
* @param string MailTo The reciever of the mail
*/
function _sendMail($MailTo)
{
$mailFromName = GetPostOrGet('contact_mail_from_name');
$mailFrom = GetPostOrGet('contact_mail_from');
$message = GetPostOrGet('contact_message');
$action = GetPostOrGet('action');
$antispam = GetPostOrGet('contact_important_name');
$mailError = '';
if ($antispam != '') {
$mailError = $this->_Translation->GetTranslation('please_leave_the_important_name_field_empty');
}
// no email
if ($mailFrom == '') {
$mailError = $this->_Translation->GetTranslation('the_email_address_must_be_indicated');
} else {
if (!isEMailAddress($mailFrom)) {
$mailError = $this->_Translation->GetTranslation('this_is_a_invalid_email_address');
}
}
$check = false;
if ($action != '') {
$check = true;
}
$template = $this->_mailForm($mailFromName, $mailFrom, $message, $check);
if ($template == '') {
// who is the 'real' sender
$from = $this->_Config->Get('administrator_emailaddress', 'administrator@comacms');
// the information about the sender
$fromInfo = $mailFromName . ' <' . $mailFrom . '>';
// the title of the message
$title = sprintf($this->_Translation->GetTranslation('new_email_from_a_visitor_of_%homepage%'), $this->_Config->Get('pagename', 'homepage'));
//generate the message
$messageContent = sprintf($this->_Translation->GetTranslation('contact_message_%from%_%message'), $fromInfo, $message);
$output = "</p><fieldset><legend>" . $this->_Translation->GetTranslation('contact') . "</legend>";
// try to send the email
if ($mailError != '') {
$output .= $mailError;
} else {
if (sendmail($MailTo, $from, $title, $messageContent)) {
$output .= $this->_Translation->GetTranslation('your_message_was_sent_succesdfully');
} else {
// TODO: try to give some hints what to do
$output .= $this->_Translation->GetTranslation('an_error_occured_on_sending_this_message');
}
}
$output .= '</fieldset><p>';
return $output;
} else {
// otherwise show the mailform to make it possible to correct the input
return $template;
}
}
/**
* @param string MailTo The reciever of the mail
*/
function _sendMail($MailTo)
{
$mailFromName = GetPostOrGet('contact_mail_from_name');
$mailFrom = GetPostOrGet('contact_mail_from');
$message = GetPostOrGet('contact_message');
$mailError = '';
// no email
if ($mailFrom == '') {
$mailError = $this->_Lang['the_email_address_must_be_indicated'];
} else {
if (!isEMailAddress($mailFrom)) {
$mailError = $this->_Lang['this_is_a_invalid_email_address'];
}
}
$nameError = '';
// empty name
if ($mailFromName == '') {
$nameError = $this->_Lang['the_name_must_be_indicated'];
}
$messageError = '';
// empty message
if ($message == '') {
$messageError = $this->_Lang['please_enter_your_message'];
}
// if no errors occured
if ($nameError == '' && $mailError == '' && $messageError == '') {
// who is the 'real' sender
$from = $this->_Config->Get('administrator_emailaddress', 'administrator@comacms');
// the information about the sender
$fromInfo = $mailFromName . ' <' . $mailFrom . '>';
// the title of the message
$title = sprintf($this->_Lang['new_email_from_a_visitor_of_%homepage%'], $this->_Config->Get('pagename', 'homepage'));
//generate the message
$messageContent = sprintf($this->_Lang['contact_message_%from%_%message'], $fromInfo, $message);
$output = "</p><fieldset><legend>{$this->_Lang['contact']}</legend>";
// try to send the email
if (sendmail($MailTo, $from, $title, $messageContent)) {
$output .= $this->_Lang['your_message_was_sent_succesdfully'];
} else {
// TODO: try to give some hints what to do
$output .= $this->_Lang['an_error_occured_on_sending_this_message'];
}
$output .= '</fieldset><p>';
return $output;
} else {
// otherwise show the mailform to make it possible to correct the input
return $this->_mailForm($mailFromName, $mailFrom, $message, $mailError, $nameError, $messageError);
}
}