function logout_main()
{
logout_current_user();
// When called per tool (api), then offer a JSEND-answer
if (isset($_POST['directtool'])) {
include_once CHURCHCORE . '/churchcore_db.php';
drupal_json_output(jsend()->success());
} else {
header("Location: ?q=" . getConf("site_startpage", "home"));
}
}
/**
* Invalidates API token
* @param Request $request
* @return mixed
*/
public function logout(Request $request)
{
JWTAuth::parseToken()->invalidate();
return jsend()->success()->message('Successfully logged out')->get();
}
/**
* Call function and returns JSON result
*
* @return string
*/
function call()
{
$params = isset($_GET["func"]) ? $_GET : $_POST;
if (!isset($params["func"])) {
return jsend()->error("Parameter func nicht definiert!");
}
try {
if (method_exists($this->module, $params["func"])) {
return jsend()->success($this->module->{$params}["func"]($params));
}
if (!isset($this->funcs[$params["func"]])) {
return jsend()->error("Func " . $params["func"] . " wurde nicht als Function definiert!");
}
$func = $this->funcs[$params["func"]];
if ($func["auth"] != null) {
// Split auth string for OR-Combinations
$allowed = false;
foreach (explode('||', $func["auth"]) as $val) {
if (user_access(trim($val), $func["module"])) {
$allowed = true;
}
}
if (!$allowed) {
throw new CTNoPermission($func["auth"], $func["module"]);
}
}
return jsend()->success(call_user_func($this->getFunctionName($func["name"]), $params));
} catch (CTFail $e) {
return jsend()->fail($e);
} catch (CTNoPermission $e) {
return jsend()->fail($e);
} catch (Exception $e) {
return jsend()->error($e);
}
}
/**
* Sends an activation mail to the user
* @param $user
* @return mixed
* @internal param Request $request
*/
public function sendActivationMail($user)
{
# Generate random token
$token = str_random(50);
# Upsert the token into the database
$activation = DB::table('email_activations')->where(['email' => $user->email])->first();
if (empty($activation)) {
DB::table('email_activations')->insert(['email' => $user->email, 'token' => $token, 'created_at' => Carbon::now()]);
} else {
DB::table('email_activations')->where('email', '=', $user->email)->update(['token' => $token, 'created_at' => Carbon::now()]);
}
# Send user a mail with this token
Mail::send('easyauth.emails.activation', ['user' => $user, 'token' => $token], function ($message) use($user) {
$message->from(config('easyauth.email.sender_email'), config('easyauth.email.sender_name'));
$message->to($user->email);
$message->subject(config('easyauth.email.email_activation_subject'));
});
return jsend()->success()->message('You have been registered, an activation link has been sent to your E-Mail.')->get();
}
/**
* view external map (ajax)
*/
function externmapview__ajax()
{
global $user;
$func = $_GET["func"];
if ($func == 'loadMasterData') {
$res["home_lat"] = variable_get('churchdb_home_lat', '53.568537');
$res["home_lng"] = variable_get('churchdb_home_lng', '10.03656');
$res["districts"] = churchcore_getTableData("cdb_distrikt", "bezeichnung");
$res["groups"] = getExternalGroupData();
$res["modulespath"] = CHURCHDB;
$res["user_pid"] = $user->id;
$res["vorname"] = $user->vorname;
$res = jsend()->success($res);
} else {
if ($func == 'addPersonGroupRelation') {
include_once CHURCHDB . '/churchdb_ajax.php';
$res = churchdb_addPersonGroupRelation($user->id, $_GET["g_id"], -2, null, null, null, t("request.by.external.mapview"));
sendConfirmationMail($user->email, $user->vorname, $_GET["g_id"]);
$res = jsend()->success($res);
} else {
if ($func == 'editPersonGroupRelation') {
include_once CHURCHDB . '/churchdb_ajax.php';
$res = _churchdb_editPersonGroupRelation($user->id, $_GET["g_id"], -2, null, "null", t("request.changed.by.external.mapview"));
sendConfirmationMail($user->email, $user->vorname, $_GET["g_id"]);
$res = jsend()->success($res);
} else {
if ($func == 'sendEMail') {
$db = db_query('select * from {cdb_person} where upper(email) like upper(:email) and upper(vorname) like upper(:vorname) and upper(name) like upper(:name)', array(':email' => $_GET["E-Mail-Adresse"], ':vorname' => $_GET["Vorname"], ':name' => $_GET["Nachname"]))->fetch();
$txt = "";
if ($db != false) {
include_once CHURCHDB . '/churchdb_ajax.php';
churchdb_addPersonGroupRelation($db->id, $_GET["g_id"], -2, null, null, null, t("request.by.external.mapview") . ": " . $_GET["Kommentar"]);
sendConfirmationMail($_GET["E-Mail-Adresse"], $_GET["Vorname"], $_GET["g_id"]);
$txt = t("person.found.and.request.sent");
} else {
$res = db_query("select vorname, p.id id, g.bezeichnung from {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp, \n {cdb_person} p, {cdb_gruppe} g\n where gpg.gemeindeperson_id=gp.id and gp.person_id=p.id and g.id=:gruppe_id \n and gpg.gruppe_id=g.id and status_no>=1 and status_no!=4", array(":gruppe_id" => $_GET["g_id"]));
$rec = array();
foreach ($res as $p) {
$rec[] = $p->vorname;
$content = "<h4>" . t('request.to.group', $p->bezeichnung) . "<h4/>";
$content .= "<ul><li>" . t('surname') . ": " . $_GET["Vorname"];
$content .= "<li>" . t('name') . ": " . $_GET["Nachname"];
$content .= "<li>" . t('email') . ": " . $_GET["E-Mail-Adresse"];
$content .= "<li>" . t('phone') . ": " . $_GET["Telefon"];
$content .= "<li>" . t('comment') . ": " . $_GET["Kommentar"];
$content .= "</ul>";
$res = churchcore_sendEMailToPersonIds($p->id, "[" . variable_get('site_name', 'ChurchTools') . "] " . t('form.request.to.group', $p->bezeichnung), $content, variable_get('site_mail'), true, true);
}
if (count($rec) == 0) {
$txt = t("could.not.find.group.leader.please.try.other.ways");
} else {
$txt = t("email.send.to", implode($rec, ", "));
sendConfirmationMail($_GET["E-Mail-Adresse"], $_GET["Vorname"], $_GET["g_id"]);
}
}
$res = jsend()->success($txt);
} else {
$res = jsend()->fail(t("unknown.call", $func));
}
}
}
}
drupal_json_output($res);
}
/**
* calls churchservice => churchservice_main or churchservice/ajax => churchservice_ajax
*
* @param $q - Complete request URL inkl. suburl e.g. churchservice/ajax
*
* TODO: should completely rewritten, using some classes
*/
function churchtools_processRequest($_q)
{
global $mapping, $config, $q;
$content = "";
// include mapped file
if (isset($mapping[$_q])) {
include_once SYSTEM . "/" . $mapping[$_q];
$param = "main";
if (strpos($_q, "/") > 0) {
$param = "_" . substr($_q, strpos($_q, "/") + 1, 99);
$_q = substr($_q, 0, strpos($_q, "/"));
}
if (!user_access("view", $_q) && !in_array($_q, $mapping["page_with_noauth"]) && $_q != "login" && !in_array($_q, isset($config["page_with_noauth"]) ? $config["page_with_noauth"] : array())) {
if (!userLoggedIn()) {
// only show login
if (strrpos($q, "ajax") === false) {
$q = "login";
return churchtools_processRequest("login");
} else {
drupal_json_output(jsend()->error("Session expired!"));
die;
}
} else {
$name = $_q;
if (isset($config[$_q . "_name"])) {
$name = $config[$_q . "_name"];
}
addInfoMessage(t("no.permission.for", $name));
return "";
}
}
// does the main work?
$content .= call_user_func($_q . "_" . $param);
if ($content == null) {
die;
}
} else {
addErrorMessage(t("mapping.not.found", "<i>{$_q}</i>"));
}
return $content;
}
/**
* main function for login
* @return string
*/
function login_main()
{
global $q, $config, $user;
$txt = "";
if ($t = getConf("admin_message")) {
addErrorMessage($t);
}
if ($t = getVar("message")) {
addInfoMessage($t);
}
// Sicherstellen, dass keiner eingelogt ist!
if (!userLoggedIn()) {
if ($t = getVar("login_message")) {
addInfoMessage($t, true);
}
$form = new CTForm("LoginForm", "validateLogin", "Login");
$form->setHeader(t("login.headline"), t("please.fill.following.fields"));
$form->addField("email", "", "INPUT_REQUIRED", t("email.or.username"), true);
if (getVar("email")) {
$form->fields["email"]->setValue(getVar("email"));
}
$form->addField("password", "", "PASSWORD", t("password"));
// TODO: when is this false?
if (getConf("show_remember_me", 1) == 1) {
$form->addField("rememberMe", "", "CHECKBOX", t("remember.me"));
}
$form->addButton(t("login"), "ok");
// access through externale tools through GET and additional direct
// POST so no GET is used , so it is not visible in the URL
if (getVar("email", false, $_POST) && getVar("password", false, $_POST) && getVar("directtool", false, $_POST)) {
include_once CHURCHCORE . "/churchcore_db.php";
$email = getVar("email", false, $_POST);
$password = getVar("password", false, $_POST);
$directTool = getVar("directtool", false, $_POST);
$res = db_query("SELECT * FROM {cdb_person}\n WHERE email=:email AND active_yn=1 AND archiv_yn=0", array(":email" => $email))->fetch();
if (!$res) {
drupal_json_output(jsend()->fail(t('email.unknown')));
} else {
if (user_check_password($password, $res)) {
login_user($res, null, false);
ct_log("Login by Direct-Tool {$directTool} with {$email}", 2, "-1", "login");
drupal_json_output(jsend()->success());
} else {
drupal_json_output(jsend()->fail(t('wrong.password')));
}
}
return;
} else {
if (($loginstr = getVar("loginstr")) && ($id = getVar('id'))) {
// delete login strings older then 14 days
db_query("DELETE FROM {cc_loginstr}\n WHERE DATEDIFF( current_date, create_date ) > 13");
$res = db_query("SELECT * FROM {cc_loginstr}\n WHERE loginstr=:loginstr AND person_id=:id", array(":loginstr" => $loginstr, ":id" => $id))->fetch();
if (!$res) {
$txt .= '<div class="alert alert-info">' . t('login.string.too.old') . '</div>';
} else {
// delete current loginKey to prevent misuse
$res = db_query("DELETE FROM {cc_loginstr}\n WHERE loginstr=:loginstr AND person_id=:id", array(":loginstr" => $loginstr, ":id" => $id));
ct_log("Login User {$id} erfolgreich mit loginstr ", 2, "-1", "login");
$res = churchcore_getPersonById($id);
login_user($res);
}
}
}
$txt .= $form->render();
$txt .= '<script>jQuery("#newpwd").click(function(k,a) {
if (confirm("' . t('want.to.receive.new.password') . '")) {
window.location.href="?q=login/newpwd&email="+jQuery("#LoginForm_email").val();
}
});</script>';
} else {
// switch to another family user (same email)
if ($familyId = getVar("family_id")) {
if (isset($_SESSION["family"][$familyId])) {
// logout_current_user();
login_user($_SESSION["family"][$familyId]);
$txt .= '<div class="alert alert-info">' . t('user.succesfully.changed.now.you.work.with.permissions.of.x', $_SESSION["user"]->vorname . ' ' . $_SESSION["user"]->name) . '</div>';
} else {
$txt .= "<div class='alert alert-info'>" . t('user.change.to.familyX.failed.session.is.empty', $familyId) . "</div>";
}
} else {
if (getVar("directtool", false, $_POST)) {
drupal_json_output(jsend()->success("Already logged in"));
} else {
$txt .= '<div class="alert alert-info">' . t('you.are.logged.in.as.x.click.y.to.continue', $_SESSION["user"]->vorname, '<a href="?q=home">' . t('home') . '</a>') . '</div>';
}
}
}
return $txt;
}
function login_main()
{
global $q, $config;
$txt = "";
if (isset($config["admin_message"]) && $config["admin_message"] != "") {
addErrorMessage($config["admin_message"]);
}
if (isset($_GET["message"]) && $_GET["message"] != "") {
addInfoMessage($_GET["message"]);
}
// Sicherstellen, dass keiner eingelogt ist!
if (!userLoggedIn()) {
if (isset($config["login_message"])) {
addInfoMessage($config["login_message"], true);
}
$model = new CTForm("LoginForm", "prooveLogin", "Login");
$model->setHeader(t("login.headline"), t("please.fill.following.fields"));
$model->addField("email", "", "INPUT_REQUIRED", t("email.or.username"), true);
$model->addField("password", "", "PASSWORD", t("password"));
if (!isset($config["show_remember_me"]) || $config["show_remember_me"] == 1) {
$model->addField("rememberMe", "", "CHECKBOX", t("remember.me"));
}
$model->addButton(t("login"), "ok");
if (isset($_GET["newpwd"])) {
$res = db_query("select count(*) c from {cdb_person} where email='" . $_GET["email"] . "' and archiv_yn=0")->fetch();
if ($_GET["email"] == "" || $res->c == 0) {
$txt .= '<div class="alert alert-error"><p>Bitte ein gültige EMail-Adresse angeben,
an die das neue Passwort gesendet werden kann!
Diese Adresse muss im System schon eingerichtet sein.
<p>Falls die E-Mail-Adresse schon eingerichtet sein sollte,
wende Dich bitte an <a href="' . variable_get("site_mail") . '">' . variable_get("site_mail") . '</a>.</div>';
} else {
$newpwd = random_string(8);
$scrambled_password = scramble_password($newpwd);
db_query("update {cdb_person} set password='******' where email='" . $_GET["email"] . "'");
$content = "<h3>Hallo!</h3><p>Ein neues Passwort wurde für die E-Mail-Adresse <i>" . $_GET["email"] . "</i> angefordert: {$newpwd}";
churchcore_systemmail($_GET["email"], "[" . variable_get('site_name') . "] Neues Passwort", $content, true, 1);
churchcore_sendMails(1);
$txt .= '<div class="alert alert-info">Hinweis: Ein neues Passwort wurde nun an <i>' . $_GET["email"] . '</i> gesendet.</div>';
ct_log("Neues Passwort angefordert " . $_GET["email"], 2, "-1", "login");
}
} else {
if (isset($_POST["email"]) && isset($_POST["password"]) && isset($_POST["directtool"])) {
include_once CHURCHCORE . "/churchcore_db.php";
$sql = "select * from {cdb_person} where email=:email and active_yn=1 and archiv_yn=0";
$res = db_query($sql, array(":email" => $_POST["email"]))->fetch();
if ($res == false) {
drupal_json_output(jsend()->fail("Unbekannte E-Mail-Adresse"));
} else {
if (user_check_password($_POST["password"], $res)) {
login_user($res);
ct_log("Login durch Direct-Tool " . $_POST["directtool"] . " mit " . $_POST["email"], 2, "-1", "login");
drupal_json_output(jsend()->success());
} else {
drupal_json_output(jsend()->fail("Falsches Passwort"));
}
}
return;
} else {
if (isset($_GET["loginstr"]) && $_GET["loginstr"] != "" && isset($_GET["id"])) {
// L�sche alte cc_loginurrls die �lter sind als 14 tage
db_query("delete from {cc_loginstr} where DATEDIFF( current_date, create_date ) > 13");
$sql = "select * from {cc_loginstr} where loginstr=:loginstr and person_id=:id";
$res = db_query($sql, array(":loginstr" => $_GET["loginstr"], ":id" => $_GET["id"]))->fetch();
if ($res == false) {
$txt .= '<div class="alert alert-info">Fehler: Der verwendete Login-Link ist nicht mehr aktuell und kann deshalb nicht mehr verwendet werden. Bitte mit E-Mail-Adresse und Passwort anmelden!</div>';
} else {
// Nehme den LoginStr heraus, damit er nicht mi�braucht werden kann.
$sql = "delete from {cc_loginstr} where loginstr=:loginstr and person_id=:id";
$res = db_query($sql, array(":loginstr" => $_GET["loginstr"], ":id" => $_GET["id"]));
ct_log("Login User " . $_GET["id"] . " erfolgreich mit loginstr ", 2, "-1", "login");
$res = churchcore_getPersonById($_GET["id"]);
login_user($res);
}
}
}
}
$txt .= $model->render();
$txt .= '<script>jQuery("#newpwd").click(function(k,a) {
if (confirm("' . t('want.to.receive.new.password') . '")) {
window.location.href="?newpwd=true&email="+jQuery("#LoginForm_email").val()+"&q=' . $q . '";
}
});</script>';
} else {
// Wenn man sich ummelden m�chte und zur Familie geh�rt (also gleiche E-Mail-Adresse)
if (isset($_GET["family_id"])) {
if (isset($_SESSION["family"][$_GET["family_id"]])) {
//logout_current_user();
login_user($_SESSION["family"][$_GET["family_id"]]);
$txt .= '<div class="alert alert-info">Ummelden erfolgreich! Du arbeitest nun mit der Berechtigung von ' . $_SESSION["user"]->vorname . ' ' . $_SESSION["user"]->name . '.</div>';
} else {
$txt .= '<div class="alert alert-info">Ummelden zu Id:' . $_GET["family_id"] . ' hat nicht funktioniert, Session ist leer!</div>';
}
} else {
$txt .= '<div class="alert alert-info"><i>Hinweis:</i> Du bist angemeldet als ' . $_SESSION["user"]->vorname . ', weiter geht es <a href="?q=home">hier</a>!</div>';
}
}
return $txt;
}
/**
* For footer e-mail function
*/
function about__ajax()
{
global $config, $user;
$params = $_POST;
if ($params["func"] == "sendEmailToAdmin") {
if (getConf("mail_enabled")) {
$recipients = explode(",", getConf("admin_mail", $config["site_mail"]));
foreach ($recipients as $recipient) {
churchcore_mail("{$user->vorname} {$user->name} <{$user->email}>", trim($recipient), $params["subject"], $params["text"], true, true, 0);
}
$res = jsend()->success();
} else {
$res = jsend()->fail("EMails sind deaktivert!");
}
} else {
if ($params["func"] == "amILoggedIn") {
if ($user == null) {
$res = jsend()->success(false);
} else {
$res = jsend()->success($user->id != -1);
}
} else {
$res = jsend()->error("Unkown call: " . $params["func"]);
}
}
drupal_json_output($res);
}
/**
* @expectedException InvalidArgumentException
*/
public function testInvalidBuilderException()
{
$this->app['config']->set('jsend.builder', '');
jsend()->get();
}
public function changePassword(Request $request)
{
$this->validate($request, ['password' => 'required|confirmed|min:6']);
# Check if the user is not logged in using a provider
$user = Auth::user();
if (!empty($user->provider)) {
return jsend()->error()->message('E-Mail has been registered using ' . $user->provider)->get();
}
$user->password(bcrypt($request->input('password')));
$user->save();
return jsend()->success()->message('Password changed successfully')->get();
}
function about__ajax()
{
global $config, $user;
$params = $_POST;
if ($params["func"] == "sendEmailToAdmin") {
churchcore_systemmail(variable_get("admin_mail", $config["site_mail"]), $params["subject"], $params["text"], true, 1);
$res = jsend()->success();
} else {
if ($params["func"] == "amILoggedIn") {
if ($user == null) {
$res = jsend()->success(false);
} else {
$res = jsend()->success($user->id != -1);
}
} else {
$res = jsend()->error("Unkown call: " . $params["func"]);
}
}
drupal_json_output($res);
}
/**
* view external map (ajax)
*/
function externmapview__ajax()
{
global $user;
$func = getVar("func");
$groupId = getVar("g_id");
$surname = getVar("Vorname");
$name = getVar("Nachname");
$groupId = getVar("g_id");
$email = getVar("E-Mail-Adresse");
$fon = getVar("Telefon");
$comment = getVar("Kommentar");
if ($func == 'loadMasterData') {
$res["home_lat"] = getConf('churchdb_home_lat', '53.568537');
$res["home_lng"] = getConf('churchdb_home_lng', '10.03656');
$res["districts"] = churchcore_getTableData("cdb_distrikt", "bezeichnung");
$res["groups"] = getExternalGroupData();
$res["modulespath"] = CHURCHDB;
$res["user_pid"] = $user->id;
$res["vorname"] = $user->vorname;
$res = jsend()->success($res);
} else {
if ($func == 'addPersonGroupRelation') {
include_once CHURCHDB . '/churchdb_ajax.php';
$res = churchdb_addPersonGroupRelation($user->id, $groupId, -2, null, null, null, t("request.by.external.mapview"));
sendConfirmationMail($user->email, $user->vorname, $groupId);
$res = jsend()->success($res);
} else {
if ($func == 'editPersonGroupRelation') {
include_once CHURCHDB . '/churchdb_ajax.php';
$res = _churchdb_editPersonGroupRelation($user->id, $groupId, -2, null, "null", t("request.changed.by.external.mapview"));
sendConfirmationMail($user->email, $user->vorname, $groupId);
$res = jsend()->success($res);
} else {
if ($func == 'sendEMail') {
$db = db_query('SELECT * FROM {cdb_person}
WHERE UPPER(email) LIKE UPPER(:email) AND UPPER(vorname) LIKE UPPER(:vorname) AND UPPER(name) LIKE UPPER(:name)', array(':email' => $email, ':vorname' => $surname, ':name' => $name))->fetch();
$txt = "";
if ($db) {
include_once CHURCHDB . '/churchdb_ajax.php';
churchdb_addPersonGroupRelation($db->id, $groupId, -2, null, null, null, t("request.by.external.mapview") . ": {$comment}");
sendConfirmationMail($email, $surname, $groupId);
$txt = t("person.found.and.request.sent");
} else {
$res = db_query("SELECT vorname, p.id id, g.bezeichnung\n FROM {cdb_gemeindeperson_gruppe} gpg, {cdb_gemeindeperson} gp, {cdb_person} p, {cdb_gruppe} g\n WHERE gpg.gemeindeperson_id = gp.id AND gp.person_id = p.id AND g.id = :gruppe_id\n AND gpg.gruppe_id = g.id AND email!='' AND gpg.status_no BETWEEN 1 AND 3 ", array(":gruppe_id" => $groupId));
$rec = array();
foreach ($res as $p) {
$rec[] = $p->vorname;
$data = array('title' => t('request.to.group', $p->bezeichnung), 'request' => array('surname' => $surname, 'name' => $name, 'email' => $email, 'phone' => $fon, 'comment' => $comment));
$lang = getUserLanguage($p->id);
$content = getTemplateContent('email/groupRequest', 'churchdb', $data, null, $lang);
$res = churchcore_sendEMailToPersonIDs($p->id, "[" . getConf('site_name') . "] " . t2($lang, 'form.request.to.group', $p->bezeichnung), $content, getConf('site_mail'), true, true);
}
if (!count($rec)) {
$txt = t("could.not.find.group.leader.please.try.other.ways");
} else {
$txt = t2($lang, "email.send.to", implode($rec, ", "));
sendConfirmationMail($email, $surname, $groupId);
}
}
$res = jsend()->success($txt);
} else {
$res = jsend()->fail(t("unknown.call", $func));
}
}
}
}
drupal_json_output($res);
}