diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php
index c0c127ba..ca1f81fc 100644
--- a/includes/pages/admin_news.php
+++ b/includes/pages/admin_news.php
@@ -30,7 +30,7 @@ function admin_news() {
$news["Text"] . "\n";
$html .= "
Size | " .
- html_select_key('size', array (
+ html_select_key('size', 'size', array (
'S' => "S",
'M' => "M",
'L' => "L",
diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php
index 33f5cf1f..a210a7ce 100644
--- a/includes/pages/guest_login.php
+++ b/includes/pages/guest_login.php
@@ -3,7 +3,9 @@
// Engel registrieren
function guest_register() {
- /*
+ global $tshirt_sizes, $enable_tshirt_size;
+
+ $msg = "";
$nick = "";
$lastname = "";
$prename = "";
@@ -12,215 +14,121 @@ function guest_register() {
$dect = "";
$mobile = "";
$mail = "";
+ $icq = "";
+ $jabber = "";
+ $hometown = "";
+ $comment = "";
+ $tshirt_size = 'S';
+ $password_hash = "";
+
+ if (isset ($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) {
+ $nick = strip_request_item('nick');
+ if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) {
+ $ok = false;
+ $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true);
+ }
+
+ if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) {
+ $mail = strip_request_item('mail');
+ if (!check_email($mail)) {
+ $ok = false;
+ $msg .= error(Get_Text("makeuser_error_mail"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error("Please enter your e-mail.", true);
+ }
+
+ if (isset ($_REQUEST['icq']))
+ $icq = strip_request_item('icq');
+ if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) {
+ $jabber = strip_request_item('jabber');
+ if (!check_email($jabber)) {
+ $ok = false;
+ $msg .= error("Please check your jabber.", true);
+ }
+ }
+
+ if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']]))
+ $tshirt_size = $_REQUEST['tshirt_size'];
+ else {
+ $ok = false;
+ }
+
+ if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= 6) {
+ if ($_REQUEST['password'] == $_REQUEST['password2']) {
+ $password_hash = PassCrypt($_REQUEST['password']);
+ } else {
+ $ok = false;
+ $msg .= error(Get_Text("makeuser_error_password1"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error(Get_Text("makeuser_error_password2"), true);
+ }
+
+ // Trivia
+ if (isset ($_REQUEST['lastname']))
+ $lastname = strip_request_item('lastname');
+ if (isset ($_REQUEST['prename']))
+ $prename = strip_request_item('prename');
+ if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age']))
+ $age = strip_request_item('age');
+ if (isset ($_REQUEST['tel']))
+ $tel = strip_request_item('tel');
+ if (isset ($_REQUEST['dect']))
+ $dect = strip_request_item('dect');
+ if (isset ($_REQUEST['mobile']))
+ $mobile = strip_request_item('mobile');
+ if (isset ($_REQUEST['hometown']))
+ $hometown = strip_request_item('hometown');
+ if (isset ($_REQUEST['comment']))
+ $comment = strip_request_item_nl('comment');
+
+ if ($ok) {
+ sql_query("INSERT INTO `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) .
+ "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) .
+ "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
+ "', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'");
+
+ // Assign user-group
+ sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2");
+
+ success(Get_Text("makeuser_writeOK4"));
+ redirect(page_link_to('login'));
+ }
+ }
return page(array (
Get_Text("makeuser_text1"),
+ $msg,
form(array (
form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick),
form_text('lastname', Get_Text("makeuser_Nachname"), $lastname),
- form_text('lastname', Get_Text("makeuser_Vorname"), $lastname),
+ form_text('prename', Get_Text("makeuser_Vorname"), $prename),
form_text('age', Get_Text("makeuser_Alter"), $age),
form_text('tel', Get_Text("makeuser_Telefon"), $tel),
form_text('dect', Get_Text("makeuser_DECT"), $tel),
form_text('mobile', Get_Text("makeuser_Handy"), $mobile),
form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail),
+ form_text('icq', "ICQ", $icq),
+ form_text('jabber', "Jabber", $jabber),
+ form_text('hometown', Get_Text("makeuser_Hometown"), $hometown),
+ $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '',
+ form_textarea('comment', Get_Text("makeuser_text2"), $comment),
+ form_password('password', Get_Text("makeuser_Passwort")),
+ form_password('password2', Get_Text("makeuser_Passwort2")),
info(Get_Text("makeuser_text3"), true),
form_submit('submit', Get_Text("makeuser_Anmelden"))
))
));
-*/
- global $SubscribeMailinglist, $enable_tshirt_size;
-
- $html = "";
- $success = "none";
-
- if (isset ($_POST["send"])) {
- $eNick = trim($_POST["Nick"]);
-
- if ($_POST["Alter"] == "")
- $_POST["Alter"] = 23;
-
- // user vorhanden?
- $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'");
-
- if (strlen($_POST["Nick"]) < 2)
- $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2");
-
- elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3");
-
- elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail");
-
- elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter");
-
- elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1");
-
- elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2");
-
- else {
- $_POST["Passwort"] = PassCrypt($_POST["Passwort"]);
- unset ($_POST["Passwort2"]);
-
- $Erg = sql_query("INSERT INTO `User` (" .
- "`Nick` , " . "`Name` , " .
- "`Vorname`, " . "`Alter` , " .
- "`Telefon`, " . "`DECT`, " .
- "`Handy`, " . "`email`, " .
- "`ICQ`, " . "`jabber`, " .
- "`Size`, " . "`Passwort`, " .
- "`Art` , " . "`kommentar`, " .
- "`Hometown`," . "`CreateDate`, `Sprache` ) " .
- "VALUES ( '" . sql_escape($_POST["Nick"]) . "', " . "'" . sql_escape($_POST["Name"]) . "', " . "'" . sql_escape($_POST["Vorname"]) . "', " . "'" . sql_escape($_POST["Alter"]) . "', " . "'" . sql_escape($_POST["Telefon"]) . "', " . "'" . sql_escape($_POST["DECT"]) . "', " . "'" . sql_escape($_POST["Handy"]) . "', " . "'" . sql_escape($_POST["email"]) . "', " . "'" . sql_escape($_POST["ICQ"]) . "', " . "'" . sql_escape($_POST["jabber"]) . "', " . "'" . sql_escape($_POST["Size"]) . "', " . "'" . sql_escape($_POST["Passwort"]) . "', " . "'" . sql_escape($_POST["Art"]) . "', " . "'" . sql_escape($_POST["kommentar"]) . "', " . "'" . sql_escape($_POST["Hometown"]) . "'," . "NOW(), '" . sql_escape($_SESSION["Sprache"]) . "')");
-
- if ($Erg != 1) {
- $html .= Get_Text("makeuser_error_write1") . " \n";
- $error = sql_error();
- } else {
- $html .= "" . Get_Text("makeuser_writeOK") . "\n";
-
- // Assign user-group
- sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2");
-
- $html .= Get_Text("makeuser_writeOK2") . " \n";
- $html .= " " . Get_Text("makeuser_writeOK3") . "\n";
-
- $html .= Get_Text("makeuser_writeOK4") . "\n
\n";
- $success = "any";
-
- if (isset ($SubscribeMailinglist)) {
- if ($_POST["subscribe-mailinglist"] == "") {
- $headers = "From: " . $_POST["email"] . "\r\n" .
- "X-Mailer: PHP/" . phpversion();
- mail($SubscribeMailinglist, "subject", "message", $headers);
- }
- }
- }
- }
-
- if (isset ($error))
- $html .= error($error, true);
- } else {
- // init vars
- $_POST["Nick"] = "";
- $_POST["Name"] = "";
- $_POST["Vorname"] = "";
- $_POST["Alter"] = "";
- $_POST["Telefon"] = "";
- $_POST["DECT"] = "";
- $_POST["Handy"] = "";
- $_POST["email"] = "";
- $_POST["subscribe-mailinglist"] = "";
- $_POST["ICQ"] = "";
- $_POST["jabber"] = "";
- $_POST["Size"] = "L";
- $_POST["Art"] = "";
- $_POST["kommentar"] = "";
- $_POST["Hometown"] = "";
- }
-
- if ($success == "none") {
- $html .= "" . Get_Text("makeuser_text0") . "\n";
- $html .= "" . Get_Text("makeuser_text1") . "\n";
- $html .= "\n";
- $html .= Get_Text("makeuser_text3");
- }
- return $html;
}
function guest_logout() {
@@ -230,44 +138,55 @@ function guest_logout() {
function guest_login() {
global $user;
+
+ $msg = "";
+ $nick = "";
+
unset ($_SESSION['uid']);
- $html = "";
- if (isset ($_REQUEST['login_submit'])) {
- $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'");
+ if (isset ($_REQUEST['submit'])) {
+ $ok = true;
+
+ if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) {
+ $nick = strip_request_item('nick');
+ $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'");
+ if (count($login_user) > 0) {
+ $login_user = $login_user[0];
+ if (isset ($_REQUEST['password'])) {
+ if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) {
+ $ok = false;
+ $msg .= error(Get_Text("pub_index_pass_no_ok"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error("Please enter a password.", true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error(Get_Text("pub_index_User_unset"), true);
+ }
+ } else {
+ $ok = false;
+ $msg .= error("Please enter a nickname.", true);
+ }
- if (count($login_user) == 1) { // Check, ob User angemeldet wird...
- $login_user = $login_user[0];
- if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok...
- $_SESSION['uid'] = $login_user['UID'];
- $_SESSION['Sprache'] = $login_user['Sprache'];
- header("Location: " . page_link_to("news"));
- } else { // Passwort nicht ok...
- $ErrorText = "pub_index_pass_no_ok";
- } // Ende Passwort-Check
- } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung
- if ($user_anz == 0)
- $ErrorText = "pub_index_User_unset";
- else
- $ErrorText = "pub_index_User_more_as_one";
- } // Ende Check, ob User angemeldet wurde}
+ if ($ok) {
+ $_SESSION['uid'] = $login_user['UID'];
+ $_SESSION['Sprache'] = $login_user['Sprache'];
+ redirect(page_link_to('news'));
+ }
}
- if (isset ($ErrorText))
- $html .= error(Get_Text($ErrorText), true);
- $html .= guest_login_form();
- return $html;
-}
-function guest_login_form() {
- return template_render("../templates/guest_login_form.html", array (
- 'link' => page_link_to("login"),
- 'nick' => Get_Text("index_lang_nick"),
- 'pass' => Get_Text("index_lang_pass"),
- 'send' => Get_Text("index_lang_send"),
- 'text1' => Get_Text("index_text1"),
- 'text2' => Get_Text("index_text2"),
- 'text3' => Get_Text("index_text3"),
- 'text4' => Get_Text("index_text4")
+ return page(array (
+ Get_Text("index_text1") . " " . Get_Text("index_text2") . " " . Get_Text("index_text3"),
+ $msg,
+ msg(),
+ form(array (
+ form_text('nick', Get_Text("index_lang_nick"), $nick),
+ form_password('password', Get_Text("index_lang_pass")),
+ form_submit('submit', Get_Text("index_lang_send"))
+ )),
+ info(Get_Text("index_text4"), true)
));
}
?>
diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php
index 78d16554..1d490843 100644
--- a/includes/pages/user_messages.php
+++ b/includes/pages/user_messages.php
@@ -25,7 +25,7 @@ function user_messages() {
foreach ($users as $u)
$to_select_data[$u['UID']] = $u['Nick'];
- $to_select = html_select_key('to', $to_select_data, '');
+ $to_select = html_select_key('to', 'to', $to_select_data, '');
$messages_html = "";
$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index 1b14a0bb..09afcd46 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -7,7 +7,7 @@ function user_settings() {
if ($enable_tshirt_size)
$tshirt_html = template_render('../templates/user_settings_tshirt.html', array (
'label_size' => Get_Text("makeuser_T-Shirt"),
- 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array (
+ 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', 'size', array (
'S' => "S",
'M' => "M",
'L' => "L",
@@ -57,7 +57,7 @@ function user_settings() {
'new_pw2_label' => Get_Text(17),
'text_theme' => Get_Text(18),
'theme_label' => Get_Text(19),
- 'theme_select' => html_select_key('theme', array (
+ 'theme_select' => html_select_key('theme', 'theme', array (
"1" => "Standard-Style",
"2" => "ot/Gelber Style",
"3" => "Club-Mate Style",
@@ -67,11 +67,11 @@ function user_settings() {
"8" => "Pastel Style",
"4" => "Test Style",
"9" => "Test Style 21c3",
- "10" => "msquare (cccamp2011)"
+ "10" => "msquare (28C3)"
), $user['color']),
'text_language' => Get_Text(20),
'language_label' => Get_Text(21),
- 'language_select' => html_select_key('language', array (
+ 'language_select' => html_select_key('language', 'language', array (
'DE' => "Deutsch",
'EN' => "English"
), $user['Sprache'])
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 15eecbf1..49078c05 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -100,7 +100,7 @@ function user_shifts() {
}
}
- $room_select = html_select_key('rid', $room_array, $rid);
+ $room_select = html_select_key('rid', 'rid', $room_array, $rid);
$angel_types = "";
foreach ($types as $type) {
$angel_types .= template_render('../templates/admin_shifts_angel_types.html', array (
@@ -196,7 +196,7 @@ function user_shifts() {
$users_select = array ();
foreach ($users as $usr)
$users_select[$usr['UID']] = $usr['Nick'];
- $user_text = html_select_key('user_id', $users_select, $user['UID']);
+ $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']);
} else
$user_text = $user['Nick'];
diff --git a/includes/sys_page.php b/includes/sys_page.php
index 54bbd953..c423155f 100644
--- a/includes/sys_page.php
+++ b/includes/sys_page.php
@@ -39,6 +39,13 @@ function strip_item($item) {
return preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item));
}
+/**
+ * Überprüft eine E-Mail-Adresse.
+ */
+function check_email($email) {
+ return (bool) preg_match("#^([a-zA-Z0-9_\-])+(\.([a-zA-Z0-9_\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email);
+}
+
/**
* Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher
*/
diff --git a/includes/sys_template.php b/includes/sys_template.php
index 4af22500..0a42d9ac 100644
--- a/includes/sys_template.php
+++ b/includes/sys_template.php
@@ -48,6 +48,14 @@ function form_text($name, $label, $value, $disabled = false) {
return form_element($label, '', 'form_' . $name);
}
+/**
+ * Rendert ein Formular-Passwortfeld
+ */
+function form_password($name, $label, $disabled = false) {
+ $disabled = $disabled ? ' disabled="disabled"' : '';
+ return form_element($label, '', 'form_' . $name);
+}
+
/**
* Rendert ein Formular-Textfeld
*/
@@ -168,13 +176,15 @@ function html_options($name, $options, $selected = "") {
return $html;
}
-function html_select_key($name, $rows, $selected) {
- $html = ' |