//Kontrolle ob Formular erlaubt aufgerufen wurde
if (!isset($_POST['link'])) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
if (!isset($_SESSION['accountsId'])) {
header('Location: ' . $_POST['link']);
$_SESSION['reglog'] = "noAccess";
exit;
}
if (isset($_REQUEST['Send'])) {
$title = filterfunktion($_REQUEST["title"]);
$reason = filterfunktion($_REQUEST["reason"]);
$message = filterfunktion($_REQUEST["message"]);
$mailMe = $_REQUEST["mailMe"];
$eMail = filterfunktion($_REQUEST["eMail"]);
echo $mailMe;
//TODO E-Mail ändern
$Absender = "*****@*****.**";
//TODO aktivieren
//mail($eMail, $reason . ": " . $title, $message, "FROM: $Absender");
header('Location: ' . $_SERVER['HTTP_REFERER']);
$_SESSION['reglog'] = "contactOk";
} else {
$offerer = $_POST['offerer'];
$startCountry = $_POST['startCountry'];
$destinationCountry = $_POST['destinationCountry'];
$eMail = $_POST['eMail'];
$link = $_POST['link'];
}
?>
<table style="width: 100%">
<tr align="left">
<th>Name</th>
<th>Startland</th>
<th>Startort</th>
<th>Zielland</th>
<th>Zielort</th>
<th>Verfügbar ab</th>
<th>Produkt</th>
<th>Kontakt</th>
<th>Deaktivieren</th>
<th>Löschen</th>
</tr>
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST["idDeliver"])) {
$offerID = filterfunktion($_POST["idDeliver"]);
if ($offerID != "") {
try {
if (isset($_POST["delete"])) {
deleteDeliverOffer($offerID, $accountID);
}
if (isset($_POST["deactivate"])) {
deliverDeactivate($offerID, $accountID);
}
//TO DO leere.php ersetzen mit Auflistung der eingegebenen Daten
//header('Location: leere.php');
} catch (Exception $e) {
echo "Fehler beim Datenbankzugriff. Bitte dem Administrator Bescheid geben.";
}
}
}
include $root . "/helping_supplies/template/head.php";
include $root . "/helping_supplies/template/header.php";
//Kein Login wenn User bereits eingeloggt ist
if (isset($_SESSION['accountsId'])) {
echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">";
exit;
}
//define variables and set to empty values
$ErrCounter = 0;
$ErrMessage = "";
if (isset($_REQUEST['Send'])) {
//define variables and set to empty values
$usernameErr = $passwordErr = "";
require_once $root . "/helping_supplies/includes/functions.php";
$username = filterfunktion($_REQUEST["lName"]);
$passwordIN = filterfunktion($_REQUEST["password"]);
//Get Data from User
require_once $root . "/helping_supplies/includes/dbConnect.php";
$sql = "SELECT ID,passwort,activation,active FROM `accounts` Where username='******'";
$db_erg = mysqli_query($db_link, $sql);
$count = 0;
while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) {
$passwordDB = $zeile['passwort'];
$accountsId = $zeile['ID'];
$accountsActivation = $zeile['activation'];
$accountsActive = $zeile['active'];
$count++;
}
if ($count == 1) {
if (password_verify($passwordIN, $passwordDB)) {
if ($accountsActive) {
<?php
$product;
$postOK = true;
if ($_SERVER["REQUEST_METHOD"] == "POST") {
//STARTCOUNTRY---------------------------------
if ($_POST["startCountry"] == "") {
$startCErr = "Bitte Land auswählen oder eigenes Land eingeben";
$postOK = false;
}
$startCountry = filterfunktion($_POST["startCountry"]);
/*
//PRODUCTS---------------------------------
if(empty($_POST["productChoice"])){
$productErr = "Bitte mind. ein Produkt auswählen";
$postOK = false;
}
else
$products = $_POST["productChoice"];
*/
/*if($postOK){
try{
create_Offer($table, $name, $contact, $eMail, $startCountry, $startVillage, $destCountry, $destVillage, reformDate($startDate), reformDate($endDate), $products);
//TO DO leere.php ersetzen mit Auflistung der eingegebenen Daten
header('Location: leere.php');
}
catch(Exception $e){
echo "Fehler beim Datenbankzugriff. Bitte dem Administrator Bescheid geben.";
}
//include userContrule
include $root . "/helping_supplies/includes/userControl.php";
//Kontrolle ob Formular erlaubt aufgerufen wurde
if (!isset($_POST['link'])) {
header('Location: ' . $_SERVER['HTTP_REFERER']);
exit;
}
if (!isset($_SESSION['accountsId'])) {
header('Location: ' . $_POST['link']);
$_SESSION['reglog'] = "noAccess";
exit;
}
$title = filterfunktion($_POST["title"]);
$reason = filterfunktion($_POST["reason"]);
$message = filterfunktion($_POST["message"]);
$eMail = filterfunktion($_POST["eMail"]);
//eMail des Users aus DB holen
require_once $root . "/helping_supplies/includes/dbConnect.php";
$sql = "SELECT email FROM `accounts` WHERE ID = '" . $_SESSION['accountsId'] . "'";
$db_erg = mysqli_query($db_link, $sql);
while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) {
$Absender = $zeile['email'];
}
//TODO aktivieren
//mail($eMail, $reason . ": " . $title, $message, "FROM: $Absender");
//Mail an eigene eMail
if (isset($_POST["mailMe"])) {
$eMail = $Absender;
//TODO E-Mail ändern
$Absender = "*****@*****.**";
//TODO aktivieren
<?php
$root = $_SERVER['DOCUMENT_ROOT'];
//include head and header
include $root . "/helping_supplies/template/head.php";
include $root . "/helping_supplies/template/header.php";
require_once $root . "/helping_supplies/includes/gMaps.php";
if (!isset($_REQUEST['id']) or !isset($_REQUEST['typ'])) {
echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">";
exit;
} else {
//id und typ vorhanden
require_once $root . "/helping_supplies/includes/functions.php";
$_REQUEST['id'] = filterfunktion($_REQUEST['id']);
$_REQUEST['typ'] = filterfunktion($_REQUEST['typ']);
}
//typ korrekt?
if ($_REQUEST['typ'] == "orga" or $_REQUEST['typ'] == "deliver") {
$status = True;
} else {
echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">";
exit;
}
//Daten des Angebots aus DB holen
require_once $root . "/helping_supplies/includes/dbConnect.php";
if ($_REQUEST['typ'] == "orga") {
$sql = "SELECT * FROM organisation_offer WHERE ID = '" . $_REQUEST['id'] . "'";
} else {
$sql = "SELECT * FROM deliverer_offer WHERE ID = '" . $_REQUEST['id'] . "'";
}
$db_erg = mysqli_query($db_link, $sql);
$endDateErr = "Bitte Datum eingeben";
$postOK = false;
} else {
if (validateDate($_POST["endDate"])) {
$endDate = (new DateTime($_POST["endDate"]))->format('d.m.Y');
} else {
$endDateErr = "Bitte gültiges Datum eingeben (tt.mm.yyyy)";
$postOK = false;
$endDate = filterfunktion($_POST["endDate"]);
}
}
//DATECHECK--------------------------------
/*if(strtotime(date('d.m.Y')) > strtotime(date($startDate))){
$startDateErr = "Datum muss heute oder in der Zukunft sein.";
$postOK = false;
}
else */
if (strtotime(date($endDate)) < strtotime(date($startDate))) {
$endDateErr = "Datum muss Startdatum oder danach sein";
$postOK = false;
}
//PRODUCTS---------------------------------
if (empty($_POST["productChoice"])) {
$productErr = "Bitte mind. ein Produkt auswählen";
$postOK = false;
} else {
$products = $_POST["productChoice"];
}
//TEXT---------------------------------
$text = filterfunktion($_POST["text"]);
}
<?php
if (!isset($_REQUEST['ID']) or !isset($_REQUEST['Aktivierungscode'])) {
echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">";
exit;
}
$root = $_SERVER['DOCUMENT_ROOT'];
if ($_REQUEST['ID'] && $_REQUEST['Aktivierungscode']) {
require_once $root . "/helping_supplies/includes/dbConnect.php";
$db_link = mysqli_connect(MYSQL_HOST, MYSQL_BENUTZER, MYSQL_KENNWORT, MYSQL_DATENBANK);
require_once $root . "/helping_supplies/includes/functions.php";
$_REQUEST['ID'] = filterfunktion($_REQUEST['ID']);
$_REQUEST['Aktivierungscode'] = filterfunktion($_REQUEST['Aktivierungscode']);
$sql = "SELECT ID FROM accounts WHERE ID = '" . $_REQUEST['ID'] . "' AND activation = '" . $_REQUEST['Aktivierungscode'] . "'";
$db_erg = mysqli_query($db_link, $sql);
$count = 0;
while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) {
$ID = $zeile['ID'];
$count++;
}
if ($count == 1) {
//Account aktivieren
$sql = "UPDATE `accounts` SET `active`=TRUE WHERE ID= '" . $_REQUEST['ID'] . "'";
mysqli_query($db_link, $sql);
$_SESSION['reglog'] = "reg-akti";
echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">";
} elseif ($count == 0) {
$_SESSION['reglog'] = "reg-false";
echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">";
}
}
}
require_once $root . "/helping_supplies/includes/dbConnect.php";
$sql = "SELECT username,name FROM accounts";
$db_erg = mysqli_query($db_link, $sql);
while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) {
if ($zeile['username'] == $username) {
$usernameErr = "Login Name bereits vergeben";
$ErrCounter++;
}
if ($zeile['name'] == $name) {
$nameErr = "Name bereits vergeben";
$ErrCounter++;
}
}
if ($ErrCounter == 0) {
$Aktivierungscode = filterfunktion(zufallsstring(15));
//mysql_query($db_link, "INSERT INTO `accounts` (`ID`, `username`, `passwort`, `email`, `name`, `website`, `activation`, `active`) VALUES (NULL, '" . $username . "', '" . $password . "', '" . $eMail . "', '" . $name . "', NULL, '" . $Aktivierungscode . "', 'FALSE')");
$sql = "INSERT INTO `accounts` (`ID`, `username`, `passwort`, `email`, `name`, `website`, `activation`, `active`) VALUES (NULL, '" . $username . "', '" . $password . "', '" . $eMail . "', '" . $name . "', NULL, '" . $Aktivierungscode . "', 'FALSE')";
mysqli_query($db_link, $sql);
$sql = "SELECT MAX(`ID`) FROM `accounts`";
$db_erg = mysqli_query($db_link, $sql);
while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) {
$ID = $zeile['MAX(`ID`)'];
}
//TODO aktivieren
//mail($_REQUEST['EMail'], "Registrierung abschließen", "Hallo,\n\num die Registrierung abzuschließen, klicken Sie bitte auf den folgenden Link:\n\nhttp://www.ihre-domain.de/regestration/reg-aktivieren.php?ID=" . $ID . "&Aktivierungscode=" . $Aktivierungscode . "", "FROM: $Absender");
//echo "Hallo,\n\num die Registrierung abzuschließen, klicken Sie bitte auf den folgenden Link:\n\nhttp://www.ihre-domain.de/registration/reg-aktivieren.php?ID=" . $ID . "&Aktivierungscode=" . $Aktivierungscode . "";
$_SESSION['reglog'] = "reg";
echo "<meta http-equiv=\"refresh\" content=\"0; URL=/helping_supplies/index.php\">";
}
}
$entries = getDBEntryCount($statement);
$statement .= setLimit($startAt, $rowsPerPage);
echo "Angebot gültig zwischen " . $input1 . " und " . $input2;
} else {
$statement = filterNone();
$statement .= " GROUP BY id ";
$entries = getDBEntryCount($statement);
$statement .= setLimit($startAt, $rowsPerPage);
echo "Kein Filter gesetzt";
}
} else {
if ($_POST["filter"] == "filterName") {
if (isset($_GET["in1"])) {
$input1 = $_GET["in1"];
} else {
$input1 = filterfunktion($_POST["filterInputName"]);
}
if (preg_match("/^[a-zA-Z ]*\$/", $input1)) {
$statement = filterName($input1);
$statement .= " GROUP BY id ";
$entries = getDBEntryCount($statement);
$statement .= setLimit($startAt, $rowsPerPage);
echo "Name beinhaltet \"" . $input1 . "\"";
} else {
$statement = filterNone();
$statement .= " GROUP BY id ";
$entries = getDBEntryCount($statement);
$statement .= setLimit($startAt, $rowsPerPage);
echo "Kein Filter gesetzt";
}
}
//include head
include $root . "/helping_supplies/template/head.php";
if (!isset($_SESSION['accountsId'])) {
header('Location: ' . $_POST['link']);
$_SESSION['reglog'] = "noAccess";
exit;
}
//define variables and set to empty values
$oldPasswordErr = $passwordErr = "";
//Daten des Angebots aus DB holen
require_once $root . "/helping_supplies/includes/dbConnect.php";
if (isset($_REQUEST['Send'])) {
$ErrCounter = 0;
$oldPassword = filterfunktion($_REQUEST["oldPassword"]);
$password = filterfunktion($_REQUEST["password"]);
$password2 = filterfunktion($_REQUEST["password2"]);
if ($password == $password2) {
$password = password_hash($password, PASSWORD_BCRYPT);
} else {
$passwordErr = "Passwörter stimmen nicht überein";
$ErrCounter++;
}
if ($ErrCounter == 0) {
$sql = "UPDATE `accounts` SET `passwort` = '" . $password . "' WHERE `ID` = " . $_SESSION['accountsId'] . ";";
mysqli_query($db_link, $sql);
$_SESSION['reglog'] = "PWAktualisiert";
}
}
//include header für Infobox
include $root . "/helping_supplies/template/header.php";
?>
<?php
$root = $_SERVER['DOCUMENT_ROOT'];
//include userContrule
include $root . "/helping_supplies/includes/userControl.php";
$title = filterfunktion($_POST["title"]);
$reason = filterfunktion($_POST["reason"]);
$message = filterfunktion($_POST["message"]);
$Absender = filterfunktion($_POST["Absender"]);
//TODO E-Mail ändern
$eMail = "*****@*****.**";
//TODO aktivieren
//mail($eMail, $reason . ": " . $title, $message, "FROM: $Absender");
//Mail an eigene eMail
if (isset($_POST["mailMe"])) {
//TODO aktivieren
//mail($Absender, $reason . ": " . $title, "KOPIE IHRER NACHRICHT<br>" . $message, "FROM: $eMail");
}
$_SESSION['reglog'] = "contactOk";
header('Location: /helping_supplies/index.php');
$_SESSION['reglog'] = "noAccess";
exit;
}
//define variables and set to empty values
$usernameErr = $nameErr = $eMailErr = $websiteErr = "";
//Daten des Angebots aus DB holen
require_once $root . "/helping_supplies/includes/dbConnect.php";
if (isset($_REQUEST['Send'])) {
$ErrCounter = 0;
$username = filterfunktion($_REQUEST["lName"]);
$name = filterfunktion($_REQUEST["name"]);
$eMail = filterfunktion($_REQUEST["eMail"]);
$oldUsername = filterfunktion($_REQUEST["oldUsername"]);
$oldName = filterfunktion($_REQUEST["oldName"]);
$oldEMail = filterfunktion($_REQUEST["oldEMail"]);
$website = filterfunktion($_REQUEST["website"]);
if (!check_email($eMail)) {
$eMailErr = "Üngültige E-Mail";
$ErrCounter++;
}
$sql = "SELECT username,name,email FROM accounts";
$db_erg = mysqli_query($db_link, $sql);
while ($zeile = mysqli_fetch_array($db_erg, MYSQL_ASSOC)) {
if ($zeile['username'] == $username) {
if ($username != $oldUsername) {
$usernameErr = "Login Name bereits vergeben";
$ErrCounter++;
}
}
if ($zeile['name'] == $name) {
if ($name != $oldName) {
