diff --git a/includes/pages/admin_news.php b/includes/pages/admin_news.php index c0c127ba..ca1f81fc 100644 --- a/includes/pages/admin_news.php +++ b/includes/pages/admin_news.php @@ -30,7 +30,7 @@ function admin_news() { $news["Text"] . "\n"; $html .= " Engel" . UID2Nick($news["UID"]) . "\n"; - $html .= " Treffen" . html_select_key('eTreffen', array ( + $html .= " Treffen" . html_select_key('eTreffen', 'eTreffen', array ( '1' => "Ja", '0' => "Nein" ), $news['Treffen']) . "\n"; diff --git a/includes/pages/admin_shifts.php b/includes/pages/admin_shifts.php index 8ae183a6..c5dc28cd 100644 --- a/includes/pages/admin_shifts.php +++ b/includes/pages/admin_shifts.php @@ -244,7 +244,7 @@ function admin_shifts() { unset ($_SESSION['admin_shifts_types']); } - $room_select = html_select_key('rid', $room_array, $_REQUEST['rid']); + $room_select = html_select_key('rid', 'rid', $room_array, $_REQUEST['rid']); $angel_types = ""; foreach ($types as $type) { $angel_types .= template_render('../templates/admin_shifts_angel_types.html', array ( diff --git a/includes/pages/admin_user.php b/includes/pages/admin_user.php index 9cde0241..62f312ea 100644 --- a/includes/pages/admin_user.php +++ b/includes/pages/admin_user.php @@ -56,7 +56,7 @@ function admin_user() { "\n"; $html .= " Size" . - html_select_key('size', array ( + html_select_key('size', 'size', array ( 'S' => "S", 'M' => "M", 'L' => "L", diff --git a/includes/pages/guest_login.php b/includes/pages/guest_login.php index 33f5cf1f..a210a7ce 100644 --- a/includes/pages/guest_login.php +++ b/includes/pages/guest_login.php @@ -3,7 +3,9 @@ // Engel registrieren function guest_register() { - /* + global $tshirt_sizes, $enable_tshirt_size; + + $msg = ""; $nick = ""; $lastname = ""; $prename = ""; @@ -12,215 +14,121 @@ function guest_register() { $dect = ""; $mobile = ""; $mail = ""; + $icq = ""; + $jabber = ""; + $hometown = ""; + $comment = ""; + $tshirt_size = 'S'; + $password_hash = ""; + + if (isset ($_REQUEST['submit'])) { + $ok = true; + + if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 1) { + $nick = strip_request_item('nick'); + if (sql_num_query("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "' LIMIT 1") > 0) { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick3"), $nick), true); + } + } else { + $ok = false; + $msg .= error(sprintf(Get_Text("makeuser_error_nick1") . "%s" . Get_Text("makeuser_error_nick2"), strip_request_item('nick')), true); + } + + if (isset ($_REQUEST['mail']) && strlen(strip_request_item('mail')) > 0) { + $mail = strip_request_item('mail'); + if (!check_email($mail)) { + $ok = false; + $msg .= error(Get_Text("makeuser_error_mail"), true); + } + } else { + $ok = false; + $msg .= error("Please enter your e-mail.", true); + } + + if (isset ($_REQUEST['icq'])) + $icq = strip_request_item('icq'); + if (isset ($_REQUEST['jabber']) && strlen(strip_request_item('jabber')) > 0) { + $jabber = strip_request_item('jabber'); + if (!check_email($jabber)) { + $ok = false; + $msg .= error("Please check your jabber.", true); + } + } + + if (isset ($_REQUEST['tshirt_size']) && isset ($tshirt_sizes[$_REQUEST['tshirt_size']])) + $tshirt_size = $_REQUEST['tshirt_size']; + else { + $ok = false; + } + + if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= 6) { + if ($_REQUEST['password'] == $_REQUEST['password2']) { + $password_hash = PassCrypt($_REQUEST['password']); + } else { + $ok = false; + $msg .= error(Get_Text("makeuser_error_password1"), true); + } + } else { + $ok = false; + $msg .= error(Get_Text("makeuser_error_password2"), true); + } + + // Trivia + if (isset ($_REQUEST['lastname'])) + $lastname = strip_request_item('lastname'); + if (isset ($_REQUEST['prename'])) + $prename = strip_request_item('prename'); + if (isset ($_REQUEST['age']) && preg_match("/^[0-9]{0,4}$/", $_REQUEST['age'])) + $age = strip_request_item('age'); + if (isset ($_REQUEST['tel'])) + $tel = strip_request_item('tel'); + if (isset ($_REQUEST['dect'])) + $dect = strip_request_item('dect'); + if (isset ($_REQUEST['mobile'])) + $mobile = strip_request_item('mobile'); + if (isset ($_REQUEST['hometown'])) + $hometown = strip_request_item('hometown'); + if (isset ($_REQUEST['comment'])) + $comment = strip_request_item_nl('comment'); + + if ($ok) { + sql_query("INSERT INTO `User` SET `Nick`='" . sql_escape($nick) . "', `Vorname`='" . sql_escape($prename) . "', `Name`='" . sql_escape($lastname) . + "', `Alter`='" . sql_escape($age) . "', `Telefon`='" . sql_escape($tel) . "', `DECT`='" . sql_escape($dect) . "', `Handy`='" . sql_escape($mobile) . + "', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) . + "', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'"); + + // Assign user-group + sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2"); + + success(Get_Text("makeuser_writeOK4")); + redirect(page_link_to('login')); + } + } return page(array ( Get_Text("makeuser_text1"), + $msg, form(array ( form_text('nick', Get_Text("makeuser_Nickname") . "*", $nick), form_text('lastname', Get_Text("makeuser_Nachname"), $lastname), - form_text('lastname', Get_Text("makeuser_Vorname"), $lastname), + form_text('prename', Get_Text("makeuser_Vorname"), $prename), form_text('age', Get_Text("makeuser_Alter"), $age), form_text('tel', Get_Text("makeuser_Telefon"), $tel), form_text('dect', Get_Text("makeuser_DECT"), $tel), form_text('mobile', Get_Text("makeuser_Handy"), $mobile), form_text('mail', Get_Text("makeuser_E-Mail") . "*", $mail), + form_text('icq', "ICQ", $icq), + form_text('jabber', "Jabber", $jabber), + form_text('hometown', Get_Text("makeuser_Hometown"), $hometown), + $enable_tshirt_size ? form_select('tshirt_size', Get_Text("makeuser_T-Shirt"), $tshirt_sizes, $tshirt_size) : '', + form_textarea('comment', Get_Text("makeuser_text2"), $comment), + form_password('password', Get_Text("makeuser_Passwort")), + form_password('password2', Get_Text("makeuser_Passwort2")), info(Get_Text("makeuser_text3"), true), form_submit('submit', Get_Text("makeuser_Anmelden")) )) )); -*/ - global $SubscribeMailinglist, $enable_tshirt_size; - - $html = ""; - $success = "none"; - - if (isset ($_POST["send"])) { - $eNick = trim($_POST["Nick"]); - - if ($_POST["Alter"] == "") - $_POST["Alter"] = 23; - - // user vorhanden? - $Ergans = sql_select("SELECT UID FROM `User` WHERE `Nick`='" . sql_escape($_POST["Nick"]) . "'"); - - if (strlen($_POST["Nick"]) < 2) - $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick2"); - - elseif (count($Ergans) > 0) $error = Get_Text("makeuser_error_nick1") . $_POST["Nick"] . Get_Text("makeuser_error_nick3"); - - elseif (strlen($_POST["email"]) <= 6 && strstr($_POST["email"], "@") == FALSE && strstr($_POST["email"], ".") == false) $error = Get_Text("makeuser_error_mail"); - - elseif (!is_numeric($_POST["Alter"])) $error = Get_Text("makeuser_error_Alter"); - - elseif ($_POST["Passwort"] != $_POST["Passwort2"]) $error = Get_Text("makeuser_error_password1"); - - elseif (strlen($_POST["Passwort"]) < 6) $error = Get_Text("makeuser_error_password2"); - - else { - $_POST["Passwort"] = PassCrypt($_POST["Passwort"]); - unset ($_POST["Passwort2"]); - - $Erg = sql_query("INSERT INTO `User` (" . - "`Nick` , " . "`Name` , " . - "`Vorname`, " . "`Alter` , " . - "`Telefon`, " . "`DECT`, " . - "`Handy`, " . "`email`, " . - "`ICQ`, " . "`jabber`, " . - "`Size`, " . "`Passwort`, " . - "`Art` , " . "`kommentar`, " . - "`Hometown`," . "`CreateDate`, `Sprache` ) " . - "VALUES ( '" . sql_escape($_POST["Nick"]) . "', " . "'" . sql_escape($_POST["Name"]) . "', " . "'" . sql_escape($_POST["Vorname"]) . "', " . "'" . sql_escape($_POST["Alter"]) . "', " . "'" . sql_escape($_POST["Telefon"]) . "', " . "'" . sql_escape($_POST["DECT"]) . "', " . "'" . sql_escape($_POST["Handy"]) . "', " . "'" . sql_escape($_POST["email"]) . "', " . "'" . sql_escape($_POST["ICQ"]) . "', " . "'" . sql_escape($_POST["jabber"]) . "', " . "'" . sql_escape($_POST["Size"]) . "', " . "'" . sql_escape($_POST["Passwort"]) . "', " . "'" . sql_escape($_POST["Art"]) . "', " . "'" . sql_escape($_POST["kommentar"]) . "', " . "'" . sql_escape($_POST["Hometown"]) . "'," . "NOW(), '" . sql_escape($_SESSION["Sprache"]) . "')"); - - if ($Erg != 1) { - $html .= Get_Text("makeuser_error_write1") . "
\n"; - $error = sql_error(); - } else { - $html .= "

" . Get_Text("makeuser_writeOK") . "\n"; - - // Assign user-group - sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape(sql_id()) . ", `group_id`=-2"); - - $html .= Get_Text("makeuser_writeOK2") . "
\n"; - $html .= "

" . Get_Text("makeuser_writeOK3") . "

\n"; - - $html .= Get_Text("makeuser_writeOK4") . "

\n

\n"; - $success = "any"; - - if (isset ($SubscribeMailinglist)) { - if ($_POST["subscribe-mailinglist"] == "") { - $headers = "From: " . $_POST["email"] . "\r\n" . - "X-Mailer: PHP/" . phpversion(); - mail($SubscribeMailinglist, "subject", "message", $headers); - } - } - } - } - - if (isset ($error)) - $html .= error($error, true); - } else { - // init vars - $_POST["Nick"] = ""; - $_POST["Name"] = ""; - $_POST["Vorname"] = ""; - $_POST["Alter"] = ""; - $_POST["Telefon"] = ""; - $_POST["DECT"] = ""; - $_POST["Handy"] = ""; - $_POST["email"] = ""; - $_POST["subscribe-mailinglist"] = ""; - $_POST["ICQ"] = ""; - $_POST["jabber"] = ""; - $_POST["Size"] = "L"; - $_POST["Art"] = ""; - $_POST["kommentar"] = ""; - $_POST["Hometown"] = ""; - } - - if ($success == "none") { - $html .= "

" . Get_Text("makeuser_text0") . "

\n"; - $html .= "

" . Get_Text("makeuser_text1") . "

\n"; - $html .= "
\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - - if (isset ($SubscribeMailinglist)) - $html .= "\n"; - - $html .= "\n"; - $html .= "\n"; - if ($enable_tshirt_size) { - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "\n"; - $html .= "
" . Get_Text("makeuser_Nickname") . "*
" . Get_Text("makeuser_Nachname") . "
" . Get_Text("makeuser_Vorname") . "
" . Get_Text("makeuser_Alter") . "
" . Get_Text("makeuser_Telefon") . "
" . Get_Text("makeuser_DECT") . "\n"; - $html .= "
" . Get_Text("makeuser_Handy") . "
" . Get_Text("makeuser_E-Mail") . "*
" . Get_Text("makeuser_subscribe-mailinglist") . "($SubscribeMailinglist)
ICQ
jabber
" . Get_Text("makeuser_T-Shirt") . " Grösse*\n"; - $html .= "\n"; - $html .= "
" . Get_Text("makeuser_Hometown") . "
" . Get_Text("makeuser_Passwort") . "*
" . Get_Text("makeuser_Passwort2") . "*
 
\n"; - $html .= "
\n"; - $html .= Get_Text("makeuser_text3"); - } - return $html; } function guest_logout() { @@ -230,44 +138,55 @@ function guest_logout() { function guest_login() { global $user; + + $msg = ""; + $nick = ""; + unset ($_SESSION['uid']); - $html = ""; - if (isset ($_REQUEST['login_submit'])) { - $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($_REQUEST["user"]) . "'"); + if (isset ($_REQUEST['submit'])) { + $ok = true; + + if (isset ($_REQUEST['nick']) && strlen(strip_request_item('nick')) > 0) { + $nick = strip_request_item('nick'); + $login_user = sql_select("SELECT * FROM `User` WHERE `Nick`='" . sql_escape($nick) . "'"); + if (count($login_user) > 0) { + $login_user = $login_user[0]; + if (isset ($_REQUEST['password'])) { + if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) { + $ok = false; + $msg .= error(Get_Text("pub_index_pass_no_ok"), true); + } + } else { + $ok = false; + $msg .= error("Please enter a password.", true); + } + } else { + $ok = false; + $msg .= error(Get_Text("pub_index_User_unset"), true); + } + } else { + $ok = false; + $msg .= error("Please enter a nickname.", true); + } - if (count($login_user) == 1) { // Check, ob User angemeldet wird... - $login_user = $login_user[0]; - if ($login_user["Passwort"] == PassCrypt($_REQUEST["password"])) { // Passwort ok... - $_SESSION['uid'] = $login_user['UID']; - $_SESSION['Sprache'] = $login_user['Sprache']; - header("Location: " . page_link_to("news")); - } else { // Passwort nicht ok... - $ErrorText = "pub_index_pass_no_ok"; - } // Ende Passwort-Check - } else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung - if ($user_anz == 0) - $ErrorText = "pub_index_User_unset"; - else - $ErrorText = "pub_index_User_more_as_one"; - } // Ende Check, ob User angemeldet wurde} + if ($ok) { + $_SESSION['uid'] = $login_user['UID']; + $_SESSION['Sprache'] = $login_user['Sprache']; + redirect(page_link_to('news')); + } } - if (isset ($ErrorText)) - $html .= error(Get_Text($ErrorText), true); - $html .= guest_login_form(); - return $html; -} -function guest_login_form() { - return template_render("../templates/guest_login_form.html", array ( - 'link' => page_link_to("login"), - 'nick' => Get_Text("index_lang_nick"), - 'pass' => Get_Text("index_lang_pass"), - 'send' => Get_Text("index_lang_send"), - 'text1' => Get_Text("index_text1"), - 'text2' => Get_Text("index_text2"), - 'text3' => Get_Text("index_text3"), - 'text4' => Get_Text("index_text4") + return page(array ( + Get_Text("index_text1") . " " . Get_Text("index_text2") . " " . Get_Text("index_text3"), + $msg, + msg(), + form(array ( + form_text('nick', Get_Text("index_lang_nick"), $nick), + form_password('password', Get_Text("index_lang_pass")), + form_submit('submit', Get_Text("index_lang_send")) + )), + info(Get_Text("index_text4"), true) )); } ?> diff --git a/includes/pages/user_messages.php b/includes/pages/user_messages.php index 78d16554..1d490843 100644 --- a/includes/pages/user_messages.php +++ b/includes/pages/user_messages.php @@ -25,7 +25,7 @@ function user_messages() { foreach ($users as $u) $to_select_data[$u['UID']] = $u['Nick']; - $to_select = html_select_key('to', $to_select_data, ''); + $to_select = html_select_key('to', 'to', $to_select_data, ''); $messages_html = ""; $messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC"); diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php index 1b14a0bb..09afcd46 100644 --- a/includes/pages/user_settings.php +++ b/includes/pages/user_settings.php @@ -7,7 +7,7 @@ function user_settings() { if ($enable_tshirt_size) $tshirt_html = template_render('../templates/user_settings_tshirt.html', array ( 'label_size' => Get_Text("makeuser_T-Shirt"), - 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', array ( + 'size_select' => ($user['Tshirt'] == 0) ? html_select_key('size', 'size', array ( 'S' => "S", 'M' => "M", 'L' => "L", @@ -57,7 +57,7 @@ function user_settings() { 'new_pw2_label' => Get_Text(17), 'text_theme' => Get_Text(18), 'theme_label' => Get_Text(19), - 'theme_select' => html_select_key('theme', array ( + 'theme_select' => html_select_key('theme', 'theme', array ( "1" => "Standard-Style", "2" => "ot/Gelber Style", "3" => "Club-Mate Style", @@ -67,11 +67,11 @@ function user_settings() { "8" => "Pastel Style", "4" => "Test Style", "9" => "Test Style 21c3", - "10" => "msquare (cccamp2011)" + "10" => "msquare (28C3)" ), $user['color']), 'text_language' => Get_Text(20), 'language_label' => Get_Text(21), - 'language_select' => html_select_key('language', array ( + 'language_select' => html_select_key('language', 'language', array ( 'DE' => "Deutsch", 'EN' => "English" ), $user['Sprache']) diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 15eecbf1..49078c05 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -100,7 +100,7 @@ function user_shifts() { } } - $room_select = html_select_key('rid', $room_array, $rid); + $room_select = html_select_key('rid', 'rid', $room_array, $rid); $angel_types = ""; foreach ($types as $type) { $angel_types .= template_render('../templates/admin_shifts_angel_types.html', array ( @@ -196,7 +196,7 @@ function user_shifts() { $users_select = array (); foreach ($users as $usr) $users_select[$usr['UID']] = $usr['Nick']; - $user_text = html_select_key('user_id', $users_select, $user['UID']); + $user_text = html_select_key('user_id', 'user_id', $users_select, $user['UID']); } else $user_text = $user['Nick']; diff --git a/includes/sys_page.php b/includes/sys_page.php index 54bbd953..c423155f 100644 --- a/includes/sys_page.php +++ b/includes/sys_page.php @@ -39,6 +39,13 @@ function strip_item($item) { return preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}+]{1,})/ui", '', strip_tags($item)); } +/** + * Überprüft eine E-Mail-Adresse. + */ +function check_email($email) { + return (bool) preg_match("#^([a-zA-Z0-9_\-])+(\.([a-zA-Z0-9_\-])+)*@((\[(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5])))\.(((([0-1])?([0-9])?[0-9])|(2[0-4][0-9])|(2[0-5][0-5]))\]))|((([\p{L}0-9])+(([\-])+([\p{L}0-9])+)*\.)+([\p{L}])+(([\-])+([\p{L}0-9])+)*))$#u", $email); +} + /** * Gibt zwischengespeicherte Fehlermeldungen zurück und löscht den Zwischenspeicher */ diff --git a/includes/sys_template.php b/includes/sys_template.php index 4af22500..0a42d9ac 100644 --- a/includes/sys_template.php +++ b/includes/sys_template.php @@ -48,6 +48,14 @@ function form_text($name, $label, $value, $disabled = false) { return form_element($label, '', 'form_' . $name); } +/** + * Rendert ein Formular-Passwortfeld + */ +function form_password($name, $label, $disabled = false) { + $disabled = $disabled ? ' disabled="disabled"' : ''; + return form_element($label, '', 'form_' . $name); +} + /** * Rendert ein Formular-Textfeld */ @@ -168,13 +176,15 @@ function html_options($name, $options, $selected = "") { return $html; } -function html_select_key($name, $rows, $selected) { - $html = ''; + foreach ($rows as $key => $row) { + if (($key == $selected) || ($row == $selected)) { $html .= ''; - else + } else { $html .= ''; + } + } $html .= ''; return $html; } diff --git a/includes/sys_user.php b/includes/sys_user.php index c44fbc85..ccf5da6c 100644 --- a/includes/sys_user.php +++ b/includes/sys_user.php @@ -1,4 +1,24 @@ "S", + 'M' => "M", + 'L' => "L", + 'XL' => "XL", + '2XL' => "2XL", + '3XL' => "3XL", + '4XL' => "4XL", + '5XL' => "5XL", + 'S-G' => "S Girl", + 'M-G' => "M Girl", + 'L-G' => "L Girl", + 'XL-G' => "XL Girl" +); + function UID2Nick($UID) { if ($UID > 0) $SQL = "SELECT Nick FROM `User` WHERE UID='" . sql_escape($UID) . "'"; diff --git a/public/css/base.css b/public/css/base.css index f4ba946c..b00ce3af 100644 --- a/public/css/base.css +++ b/public/css/base.css @@ -316,7 +316,7 @@ tr:hover .hidden { margin-left: 250px; } -.form input[type="text"], .form textarea { +.form input[type="text"], .form input[type="password"], .form textarea { background: #fff; border: 1px solid #888; color: inherit; diff --git a/templates/guest_login_form.html b/templates/guest_login_form.html deleted file mode 100644 index ded06636..00000000 --- a/templates/guest_login_form.html +++ /dev/null @@ -1,34 +0,0 @@ -

- %text1% -

-

- %text2% -

-

- %text3% -

-
- - - - - - - - - -
- %nick% - - -
- %pass% - - -
-
- -
-

- %text4% -