* encryption settings * * @author Magnus Rosenbaum <*****@*****.**> * @package Basisentscheid */ require "inc/common_http.php"; Login::access("member"); if (!GNUPG_SIGN_KEY) error(_("Signing and encryption of emails is not enabled.")); if ($action) { switch ($action) { case "save": action_required_parameters('fingerprint', 'key'); // save fingerprint $fingerprint = trim($_POST['fingerprint']); if ( $fingerprint != Login::$member->fingerprint ) { Login::$member->set_fingerprint($fingerprint); if ( Login::$member->update(['fingerprint']) ) { success(_("The PGP public key fingerprint has been saved.")); } } // import PGP public key if ($_POST['key']) { $gnupg = new_gnupg(); $import = $gnupg->import($_POST['key']); if (DEBUG) {
warning(_("Ballot assignment has already begun, so ballot applications are not allowed anymore.")); redirect("ballots.php?period=".$period->id); } $ballot = new Ballot; $ballot->period = $period->id; } $_SESSION['ngroup'] = $period->ngroup; if ($action) { switch ($action) { case "save": Login::access_action("member"); action_required_parameters('name', 'agents', 'opening_hour', 'opening_minute', 'ngroup'); if ($period->state=="ballot_preparation") { warning(_("Ballot preparation has already begun, so ballots can not be changed anymore.")); redirect("ballots.php?period=".$period->id); } $ballot->name = trim($_POST['name']); $ballot->agents = trim($_POST['agents']); $ballot->opening = sprintf("%02d:%02d:00", $_POST['opening_hour'], $_POST['opening_minute']); $ballot->ngroup = intval($_POST['ngroup']); if (!$ballot->name) { warning(_("The ballot name must not be empty.")); break; } if (!$ballot->agents) { warning(_("The ballot agents must not be empty.")); break;
/** * confirm mail address * * @author Magnus Rosenbaum <*****@*****.**> * @package Basisentscheid */ require "inc/common_http.php"; if (Login::$member) { if ($action) { if ($action!="confirm") error(_("Unknown action")); action_required_parameters('code'); action_confirm_mail($_POST['code']); } // link in confirmation request mail clicked if (isset($_GET['code'])) { action_confirm_mail($_GET['code']); } } html_head(_("Email address confirmation")); if (Login::$member) {
<? /** * * @author Magnus Rosenbaum <*****@*****.**> * @package Basisentscheid */ require "inc/common_http.php"; $ngroup = Ngroup::get(); if ($action) { Login::access_action("member"); action_required_parameters('area'); $area = new Area($_POST['area']); if (!$area->id) { warning("The requested area does not exist!"); redirect(); } switch ($action) { case "subscribe": $area->activate_participation(); redirect(); break; case "unsubscribe": $area->deactivate_participation(); redirect(); break; } warning(_("Unknown action"));
if (!$member) { warning(_("The code is invalid!")); } } else { $code = ""; $member = false; } $password = ""; if ($action) { switch ($action) { case "set_password": action_required_parameters('password', 'password2'); if (!$member) break; $password = trim($_POST['password']); $password2 = trim($_POST['password2']); if ( ! Login::check_password($password, $password2) ) break; $member->password = crypt($password); if ( ! $member->update(['password'], 'password_reset_code=NULL, password_reset_code_expiry=NULL') ) break; success(_("Password has been reset successfully. You can log in with the new password now:")); redirect("login.php"); break; default:
if (!$comment->id) { warning(_("This comment does not exist.")); redirect(); } if ( !$proposal->allowed_add_comments($comment->rubric) ) { warning(_("Adding or rating arguments is not allowed in this phase.")); redirect(); } if ( !$comment->delete_rating() ) redirect(); redirect("#comment".$comment->id); break; case "remove_comment": case "restore_comment": Login::access_action("admin"); action_required_parameters("id"); $comment = new Comment($_POST['id']); if (!$comment->id) { warning(_("This comment does not exist.")); redirect(); } $comment->removed = ($action=="remove_comment"); $comment->update(["removed"]); redirect("#comment".$comment->id); break; default: warning(_("Unknown action")); redirect(); } }
/** * member settings * * @author Magnus Rosenbaum <*****@*****.**> * @package Basisentscheid */ require "inc/common_http.php"; Login::access("member"); if ($action) { switch ($action) { case "save": action_required_parameters('username', 'password', 'password2', 'mail', 'profile'); $save_fields = array(); $success_msgs = array(); // save username $username = trim($_POST['username']); if ( $username != Login::$member->username and Login::check_username($username) ) { Login::$member->username = $username; $save_fields[] = "username"; $success_msgs[] = _("The new username has been saved."); } // save password $password = trim($_POST['password']); $password2 = trim($_POST['password2']);
if ($issue->state == 'finished') { error(_("The voting on this issue is already closed.")); } elseif ($issue->state != 'voting') { error(_("The issue is not in voting state.")); } $token = $issue->vote_token(); if (!$token) { error(_("You can not vote in this voting period, because you were not yet entitled when the voting started.")); } if ($action) { switch ($action) { case "submit": action_required_parameters('vote'); $issue->vote($token, $_POST['vote']); //redirect("proposals.php?ngroup=".$ngroup->id."&filter=voting"); redirect(); break; default: warning(_("Unknown action")); redirect(); } } html_head(_("Vote"), true); ?> <p><?php
/** * actions * * @param string $action */ public function action($action) { // page called without action if (!$action) return; switch ($action) { case "delete": if (!$this->enable_delete_single) { error("Action not allowed"); } action_required_parameters('id'); $this->delete($_POST['id']); redirect(); case "duplicate": if (!$this->enable_duplicate) { error("Action not allowed"); } action_required_parameters('id'); $this->duplicate($_POST['id']); redirect(); case "moveup": case "movedown": case "movefirst": case "movelast": action_required_parameters('id'); $this->action_manualorder($action, $_POST['id']); redirect(); case "editsubmit": if ($this->id) { // update existing record if (!$this->enable_edit) { error("Action not allowed"); } $this->object = new $this->classname($this->id); if (!$this->object->id) { warning("The record to be updated does not exist!"); return; } $columns = $this->convert_input($this->object, $_POST); if ($columns===false) return; if ( $this->object->update($columns) ) { success(_("The changes have been saved.")); } $this->redirect_to_list(); } // insert new record if (!$this->enable_insert) { error("Action not allowed"); } $this->object = new $this->classname; $columns = $this->convert_input($this->object, $_POST); if ($columns===false) return; foreach ($this->global_where as $key => $value) { $this->object->$key = $value; $columns[] = $key; } if ( $this->object->create($columns) ) { success($this->msg_strtr($this->msg_record_saved, array('id'=>$this->object->id))); if ($this->object->id and method_exists($this, "after_create") ) { $this->after_create($this->object); } } $this->redirect_to_list(); } // actions on the list page /////////////////// // handle action from multiple submit buttons if (is_array($action)) { // get $action_name from the $_POST['action'] array // example: // $_POST => Array ( // ['action'] => Array ( // ['delete_checked'] => 'delete checked' // ) // ) if (count($action) != 1) { error("Parameter with invalid value"); } foreach ( $action as $action_name => $dummy ) {} /** @noinspection PhpUndefinedVariableInspection */ switch ($action_name) { case "delete_checked": if (!$this->enable_delete_checked) { error("Action not allowed"); } if (isset($_POST["delete"]) and is_array($_POST["delete"])) { foreach ( $_POST["delete"] as $id ) { $this->delete($id); } } redirect(); case "apply_directedit": if (!$this->enable_edit) { error("Action not allowed"); } action_required_parameters('directedit_key'); if (!is_array($_POST['directedit_key'])) { error("Parameter has wrong type"); } if (!count($_POST['directedit_key'])) { redirect(); } $saved = 0; $failed = 0; foreach ( $_POST['directedit_key'] as $id => $columnarray ) { if ( !is_array($columnarray) or !count($columnarray) ) continue; $object = new $this->classname($id); /** @var Relation $object */ if (!$object->id) { warning(_("One of the records to be updated does not exist!")); continue; } $save_columns = array(); foreach ( $columnarray as $colname => $key_value ) { $save_columns[] = $colname; } $msg_prefix = $this->msg_record." ".$object->id.": "; $columns = $this->convert_input($object, @$_POST['directedit'][$object->id], $save_columns, $msg_prefix); if ($columns===false) { // save the rejected object to fill the direct edit form fields again $this->directedit_objects[$object->id] = $object; $failed++; continue; } if ($object->update($save_columns)) $saved++; else $failed++; } if ($saved) { if ($failed) { success($this->msg_remaining_records_saved); } else { success(_("The changes have been saved.")); } } redirect(); } } warning(_("Unknown action")); redirect(); }
* Request an email with a link to reset the password * * @author Magnus Rosenbaum <*****@*****.**> * @package Basisentscheid */ require "inc/common_http.php"; Login::logout(); if ($action) { switch ($action) { case "request_password_reset": action_required_parameters('username'); if (!$_POST['username']) break; $sql = "SELECT * FROM member WHERE username="******" AND ( password_reset_code IS NULL OR password_reset_code_expiry < now() )"; $result = DB::query($sql); if ( $member = DB::fetch_object($result, "Member") ) { if (!$member->mail) { warning(sprintf(_("Sorry, but there is no confirmed email address for this account. Please contact %s!"), MAIL_SUPPORT), true); break; } $member->password_reset_code = Login::generate_token(24);
/** * used by proposals.php and proposal.php */ function action_proposal_select_period() { Login::access_action("admin"); action_required_parameters('issue', 'period'); $issue = new Issue($_POST['issue']); if (!$issue) { warning("The requested issue does not exist!"); redirect(); } $period = new Period($_POST['period']); if (!$period) { warning("The selected period does not exist!"); redirect(); } $available =& $issue->available_periods(); if (!isset($available[$period->id])) { warning("The selected period is not available for the issue!"); redirect(); } $issue->period = $period->id; $issue->update(["period"]); redirect("#issue".$issue->id); }
} $period->select_postal(); redirect(); break; case "unselect": Login::access_action("entitled", $_SESSION['ngroup']); if ($period->state=="ballot_preparation") { warning(_("In ballot preparation phase it is not allowed anymore to change the ballot choice.")); redirect(); } $period->unselect_ballot(); redirect(); break; case "save_approved": Login::access_action("admin"); action_required_parameters('approved_id'); if ($period->state!="ballot_application") { warning(_("In the current phase of the period it is not allowed anymore to approve ballots.")); redirect(); } $period->save_approved_ballots(); redirect(); break; default: warning(_("Unknown action")); redirect(); } } html_head( sprintf(_("Ballots for <a%s>voting period %d</a>"), ' href="periods.php?ngroup='.$_SESSION['ngroup'].'&hl='.$period->id.'"', $period->id), true );