Пример #1
0
function profile_main()
{
    $model = new CTForm("PasswortChangeForm", "prooveOldPassword");
    if ($_SESSION["user"]->password != null) {
        $model->setHeader(t("change.password"), t("to.change.password.complete.following.fields"));
        $model->addField("password", "", "PASSWORD", t("old.password"));
        $model->addButton(t("change.password"), "ok");
    } else {
        $model->setHeader(t("welcome"), t("to.login.later.set.own.password"));
        $model->addButton(t("set.password"), "ok");
    }
    $model->addField("newpassword1", "", "PASSWORD", t("new.password"));
    $model->addField("newpassword2", "", "PASSWORD", t("repeat.new.password"));
    return $model->render();
}
Пример #2
0
function simulate_main()
{
    if (isset($_SESSION["simulate"])) {
        $user = churchcore_getPersonById($_SESSION["simulate"]);
        $user->auth = getUserAuthorization($user->id);
        $_SESSION["user"] = $user;
        unset($_SESSION["simulate"]);
        if (isset($_SESSION["back"])) {
            header("Location: ?q=" . $_SESSION["back"]);
            unset($_SESSION["back"]);
        } else {
            header("Location: ?q=" . $_GET["link"]);
        }
    }
    if (isset($_GET["id"])) {
        $res = churchcore_getPersonById($_GET["id"]);
        if ($res != false) {
            _simulateUser($res);
            header("Location: ?q=" . $_GET["location"]);
            return "";
        }
    }
    $model = new CTForm("SimulateUserForm", "prooveEmail");
    $model->setHeader("Benutzer simulieren", t("simulate.information.text") . " " . t("please.enter.valid.email") . ":");
    $model->addField("email", "", "EMAIL", "EMail");
    $model->addButton("Simulieren", "ok");
    return $model->render();
}
Пример #3
0
function _home__memberlist_getSettingFields()
{
    global $config;
    $model = new CTForm("AdminForm", "home__memberlist_saveSettings");
    $model->setHeader("Einstellungen für die Mitgliederliste", "Der Administrator kann hier Einstellung vornehmen.");
    $model->addField("churchdb_memberlist_status", "", "INPUT_REQUIRED", "Kommaseparierte Liste mit Status-Ids für Mitgliederliste");
    $model->fields["churchdb_memberlist_status"]->setValue($config["churchdb_memberlist_status"]);
    $model->addField("churchdb_memberlist_station", "", "INPUT_REQUIRED", "Kommaseparierte Liste mit Station-Ids für Mitgliederliste");
    $model->fields["churchdb_memberlist_station"]->setValue($config["churchdb_memberlist_station"]);
    $model->addField("memberlist_telefonprivat", "", "CHECKBOX", "Anzeige der privaten Telefonnummer");
    $model->fields["memberlist_telefonprivat"]->setValue(isset($config["memberlist_telefonprivat"]) ? $config["memberlist_telefonprivat"] : true);
    $model->addField("memberlist_telefongeschaeftlich", "", "CHECKBOX", "Anzeige der geschäftlichen Telefonnummer");
    $model->fields["memberlist_telefongeschaeftlich"]->setValue(isset($config["memberlist_telefongeschaeftlich"]) ? $config["memberlist_telefongeschaeftlich"] : true);
    $model->addField("memberlist_telefonhandy", "", "CHECKBOX", "Anzeige der Mobil-Telefonnumer");
    $model->fields["memberlist_telefonhandy"]->setValue(isset($config["memberlist_telefonhandy"]) ? $config["memberlist_telefonhandy"] : true);
    $model->addField("memberlist_fax", "", "CHECKBOX", "Anzeige der FAX-Nummer");
    $model->fields["memberlist_fax"]->setValue(isset($config["memberlist_fax"]) ? $config["memberlist_fax"] : true);
    $model->addField("memberlist_email", "", "CHECKBOX", "Anzeige der EMail-Adresse");
    $model->fields["memberlist_email"]->setValue(isset($config["memberlist_email"]) ? $config["memberlist_email"] : true);
    $model->addField("memberlist_birthday_full", "", "CHECKBOX", "Anzeige des gesamten Geburtsdatums (inkl. Geburtsjahr)");
    $model->fields["memberlist_birthday_full"]->setValue(isset($config["memberlist_birthday_full"]) ? $config["memberlist_birthday_full"] : false);
    return $model;
}
Пример #4
0
function _home__memberlist_getSettingFields()
{
    global $config;
    $form = new CTForm("AdminForm", "home__memberlist_saveSettings");
    $form->setHeader(t('preferences.for.memberlist'), t('admin.could.change.preferences.here'));
    // TODO: use checkboxes with status texts
    $form->addField("churchdb_memberlist_status", "", "INPUT_REQUIRED", t('xxx.ids.for.birthdaylist.comma.separated', t('status')))->setValue(getConf("churchdb_memberlist_status"));
    // TODO: use checkboxes with status texts
    $form->addField("churchdb_memberlist_station", "", "INPUT_REQUIRED", t('xxx.ids.for.birthdaylist.comma.separated', t('station')))->setValue(getConf("churchdb_memberlist_station"));
    $form->addField("memberlist_telefonprivat", "", "CHECKBOX", t('show.fon.number'))->setValue(getConf("memberlist_telefonprivat", true));
    $form->addField("memberlist_telefongeschaeftlich", "", "CHECKBOX", t('show.business.fon.number'))->setValue(getConf("memberlist_telefongeschaeftlich", true));
    $form->addField("memberlist_telefonhandy", "", "CHECKBOX", t('show.mobile.number'))->setValue(getConf("memberlist_telefonhandy", true));
    $form->addField("memberlist_fax", "", "CHECKBOX", t('show.fax.number'))->setValue(getConf("memberlist_fax", true));
    $form->addField("memberlist_email", "", "CHECKBOX", t('show.email'))->setValue(getConf("memberlist_email", true));
    $form->addField("memberlist_birthday_full", "", "CHECKBOX", t('show.complete.birthday.including.year'))->setValue(getConf("memberlist_birthday_full", false));
    return $form;
}
Пример #5
0
function login_main()
{
    global $q, $config;
    $txt = "";
    if (isset($config["admin_message"]) && $config["admin_message"] != "") {
        addErrorMessage($config["admin_message"]);
    }
    if (isset($_GET["message"]) && $_GET["message"] != "") {
        addInfoMessage($_GET["message"]);
    }
    // Sicherstellen, dass keiner eingelogt ist!
    if (!userLoggedIn()) {
        if (isset($config["login_message"])) {
            addInfoMessage($config["login_message"], true);
        }
        $model = new CTForm("LoginForm", "prooveLogin", "Login");
        $model->setHeader(t("login.headline"), t("please.fill.following.fields"));
        $model->addField("email", "", "INPUT_REQUIRED", t("email.or.username"), true);
        $model->addField("password", "", "PASSWORD", t("password"));
        if (!isset($config["show_remember_me"]) || $config["show_remember_me"] == 1) {
            $model->addField("rememberMe", "", "CHECKBOX", t("remember.me"));
        }
        $model->addButton(t("login"), "ok");
        if (isset($_GET["newpwd"])) {
            $res = db_query("select count(*) c from {cdb_person} where email='" . $_GET["email"] . "' and archiv_yn=0")->fetch();
            if ($_GET["email"] == "" || $res->c == 0) {
                $txt .= '<div class="alert alert-error"><p>Bitte ein g&uuml;ltige EMail-Adresse angeben, 
          an die das neue Passwort gesendet werden kann! 
          Diese Adresse muss im System schon eingerichtet sein.
          <p>Falls die E-Mail-Adresse schon eingerichtet sein sollte, 
          wende Dich bitte an <a href="' . variable_get("site_mail") . '">' . variable_get("site_mail") . '</a>.</div>';
            } else {
                $newpwd = random_string(8);
                $scrambled_password = scramble_password($newpwd);
                db_query("update {cdb_person} set password='******' where email='" . $_GET["email"] . "'");
                $content = "<h3>Hallo!</h3><p>Ein neues Passwort wurde f&uuml;r die E-Mail-Adresse <i>" . $_GET["email"] . "</i> angefordert: {$newpwd}";
                churchcore_systemmail($_GET["email"], "[" . variable_get('site_name') . "] Neues Passwort", $content, true, 1);
                churchcore_sendMails(1);
                $txt .= '<div class="alert alert-info">Hinweis: Ein neues Passwort wurde nun an <i>' . $_GET["email"] . '</i> gesendet.</div>';
                ct_log("Neues Passwort angefordert " . $_GET["email"], 2, "-1", "login");
            }
        } else {
            if (isset($_POST["email"]) && isset($_POST["password"]) && isset($_POST["directtool"])) {
                include_once CHURCHCORE . "/churchcore_db.php";
                $sql = "select * from {cdb_person} where email=:email and active_yn=1 and archiv_yn=0";
                $res = db_query($sql, array(":email" => $_POST["email"]))->fetch();
                if ($res == false) {
                    drupal_json_output(jsend()->fail("Unbekannte E-Mail-Adresse"));
                } else {
                    if (user_check_password($_POST["password"], $res)) {
                        login_user($res);
                        ct_log("Login durch Direct-Tool " . $_POST["directtool"] . " mit " . $_POST["email"], 2, "-1", "login");
                        drupal_json_output(jsend()->success());
                    } else {
                        drupal_json_output(jsend()->fail("Falsches Passwort"));
                    }
                }
                return;
            } else {
                if (isset($_GET["loginstr"]) && $_GET["loginstr"] != "" && isset($_GET["id"])) {
                    // L�sche alte cc_loginurrls die �lter sind als 14 tage
                    db_query("delete from {cc_loginstr} where DATEDIFF( current_date, create_date ) > 13");
                    $sql = "select * from {cc_loginstr} where loginstr=:loginstr and person_id=:id";
                    $res = db_query($sql, array(":loginstr" => $_GET["loginstr"], ":id" => $_GET["id"]))->fetch();
                    if ($res == false) {
                        $txt .= '<div class="alert alert-info">Fehler: Der verwendete Login-Link ist nicht mehr aktuell und kann deshalb nicht mehr verwendet werden. Bitte mit E-Mail-Adresse und Passwort anmelden!</div>';
                    } else {
                        // Nehme den LoginStr heraus, damit er nicht mi�braucht werden kann.
                        $sql = "delete from {cc_loginstr} where loginstr=:loginstr and person_id=:id";
                        $res = db_query($sql, array(":loginstr" => $_GET["loginstr"], ":id" => $_GET["id"]));
                        ct_log("Login User " . $_GET["id"] . " erfolgreich mit loginstr ", 2, "-1", "login");
                        $res = churchcore_getPersonById($_GET["id"]);
                        login_user($res);
                    }
                }
            }
        }
        $txt .= $model->render();
        $txt .= '<script>jQuery("#newpwd").click(function(k,a) {
         if (confirm("' . t('want.to.receive.new.password') . '")) {
           window.location.href="?newpwd=true&email="+jQuery("#LoginForm_email").val()+"&q=' . $q . '";
            }
          });</script>';
    } else {
        // Wenn man sich ummelden m�chte und zur Familie geh�rt (also gleiche E-Mail-Adresse)
        if (isset($_GET["family_id"])) {
            if (isset($_SESSION["family"][$_GET["family_id"]])) {
                //logout_current_user();
                login_user($_SESSION["family"][$_GET["family_id"]]);
                $txt .= '<div class="alert alert-info">Ummelden erfolgreich! Du arbeitest nun mit der Berechtigung von ' . $_SESSION["user"]->vorname . ' ' . $_SESSION["user"]->name . '.</div>';
            } else {
                $txt .= '<div class="alert alert-info">Ummelden zu Id:' . $_GET["family_id"] . ' hat nicht funktioniert, Session ist leer!</div>';
            }
        } else {
            $txt .= '<div class="alert alert-info"><i>Hinweis:</i> Du bist angemeldet als ' . $_SESSION["user"]->vorname . ', weiter geht es <a href="?q=home">hier</a>!</div>';
        }
    }
    return $txt;
}
Пример #6
0
/**
 * main function for login
 * @return string
 */
function login_main()
{
    global $q, $config, $user;
    $txt = "";
    if ($t = getConf("admin_message")) {
        addErrorMessage($t);
    }
    if ($t = getVar("message")) {
        addInfoMessage($t);
    }
    // Sicherstellen, dass keiner eingelogt ist!
    if (!userLoggedIn()) {
        if ($t = getVar("login_message")) {
            addInfoMessage($t, true);
        }
        $form = new CTForm("LoginForm", "validateLogin", "Login");
        $form->setHeader(t("login.headline"), t("please.fill.following.fields"));
        $form->addField("email", "", "INPUT_REQUIRED", t("email.or.username"), true);
        if (getVar("email")) {
            $form->fields["email"]->setValue(getVar("email"));
        }
        $form->addField("password", "", "PASSWORD", t("password"));
        // TODO: when is this false?
        if (getConf("show_remember_me", 1) == 1) {
            $form->addField("rememberMe", "", "CHECKBOX", t("remember.me"));
        }
        $form->addButton(t("login"), "ok");
        // access through externale tools through GET and additional direct
        // POST so no GET is used , so it is not visible in the URL
        if (getVar("email", false, $_POST) && getVar("password", false, $_POST) && getVar("directtool", false, $_POST)) {
            include_once CHURCHCORE . "/churchcore_db.php";
            $email = getVar("email", false, $_POST);
            $password = getVar("password", false, $_POST);
            $directTool = getVar("directtool", false, $_POST);
            $res = db_query("SELECT * FROM {cdb_person}\n                       WHERE email=:email AND active_yn=1 AND archiv_yn=0", array(":email" => $email))->fetch();
            if (!$res) {
                drupal_json_output(jsend()->fail(t('email.unknown')));
            } else {
                if (user_check_password($password, $res)) {
                    login_user($res, null, false);
                    ct_log("Login by Direct-Tool {$directTool} with {$email}", 2, "-1", "login");
                    drupal_json_output(jsend()->success());
                } else {
                    drupal_json_output(jsend()->fail(t('wrong.password')));
                }
            }
            return;
        } else {
            if (($loginstr = getVar("loginstr")) && ($id = getVar('id'))) {
                // delete login strings older then 14 days
                db_query("DELETE FROM {cc_loginstr}\n                WHERE DATEDIFF( current_date, create_date ) > 13");
                $res = db_query("SELECT * FROM {cc_loginstr}\n                       WHERE loginstr=:loginstr AND person_id=:id", array(":loginstr" => $loginstr, ":id" => $id))->fetch();
                if (!$res) {
                    $txt .= '<div class="alert alert-info">' . t('login.string.too.old') . '</div>';
                } else {
                    // delete current loginKey to prevent misuse
                    $res = db_query("DELETE FROM {cc_loginstr}\n                         WHERE loginstr=:loginstr AND person_id=:id", array(":loginstr" => $loginstr, ":id" => $id));
                    ct_log("Login User {$id} erfolgreich mit loginstr ", 2, "-1", "login");
                    $res = churchcore_getPersonById($id);
                    login_user($res);
                }
            }
        }
        $txt .= $form->render();
        $txt .= '<script>jQuery("#newpwd").click(function(k,a) {
         if (confirm("' . t('want.to.receive.new.password') . '")) {
           window.location.href="?q=login/newpwd&email="+jQuery("#LoginForm_email").val();
            }
          });</script>';
    } else {
        // switch to another family user (same email)
        if ($familyId = getVar("family_id")) {
            if (isset($_SESSION["family"][$familyId])) {
                // logout_current_user();
                login_user($_SESSION["family"][$familyId]);
                $txt .= '<div class="alert alert-info">' . t('user.succesfully.changed.now.you.work.with.permissions.of.x', $_SESSION["user"]->vorname . ' ' . $_SESSION["user"]->name) . '</div>';
            } else {
                $txt .= "<div class='alert alert-info'>" . t('user.change.to.familyX.failed.session.is.empty', $familyId) . "</div>";
            }
        } else {
            if (getVar("directtool", false, $_POST)) {
                drupal_json_output(jsend()->success("Already logged in"));
            } else {
                $txt .= '<div class="alert alert-info">' . t('you.are.logged.in.as.x.click.y.to.continue', $_SESSION["user"]->vorname, '<a href="?q=home">' . t('home') . '</a>') . '</div>';
            }
        }
    }
    return $txt;
}
Пример #7
0
function churchwiki__create()
{
    $model = new CTForm("EditHtml", "editHtml");
    $model->setHeader("Editieren eines Hilfeeintrages", "Hier kann die Hilfe editiert werden.");
    $model->addField("doc_id", "", "INPUT_REQUIRED", "Doc-Id");
    $model->addField("text", "", "TEXTAREA", "Text");
    if (isset($_GET["doc"])) {
        $model->fields["doc_id"]->setValue($_GET["doc"]);
        $res = db_query("select text from {cc_wiki} where doc_id=:doc_id", array(":doc_id" => $_GET["doc"]))->fetch();
        if ($res) {
            $res->text = preg_replace('/\\\\/', "", $res->text);
            $model->fields["text"]->setValue($res->text);
        }
    }
    $model->addButton("Speichern", "ok");
    return $model->render();
}
Пример #8
0
/**
 *
 * @return string
 */
function churchwiki__create()
{
    $form = new CTForm("EditHtml", "editHtml");
    // TODO: help entry or better wiki entry?
    $form->setHeader(t('edit.help.entry'), t('edit.help.entry.subtitle'));
    $form->addField("doc_id", "", "INPUT_REQUIRED", "Doc-Id");
    $form->addField("text", "", "TEXTAREA", "Text");
    if ($doc = urldecode(getVar("doc"))) {
        $form->fields["doc_id"]->setValue($doc);
        $res = db_query("SELECT text FROM {cc_wiki}\n                     WHERE doc_id=:doc_id", array(":doc_id" => $doc))->fetch();
        if ($res) {
            $res->text = preg_replace('/\\\\/', "", $res->text);
            $form->fields["text"]->setValue($res->text);
        }
    }
    $form->addButton(t('save'), t('ok'));
    return $form->render();
}