diff options
| author | root | 2014-09-25 10:26:56 +0200 |
|---|---|---|
| committer | root | 2014-09-25 10:26:56 +0200 |
| commit | 2036626b560f22efd59673187a2de3b1319fcf8a (patch) | |
| tree | 5180be078e3758b6fe3c37834cf6074c148394d1 | |
| parent | 7ea240aef9b75758d05cb5212ef7c99b47b4180b (diff) | |
| download | jungegemeinde-2036626b560f22efd59673187a2de3b1319fcf8a.tar.gz | |
version 4.0
| -rw-r--r-- | bootstrap/action.php | 184 | ||||
| -rw-r--r-- | bootstrap/bootstrap.php | 15 | ||||
| -rw-r--r-- | bootstrap/class/cache.php | 69 | ||||
| -rw-r--r-- | bootstrap/class/user.php | 38 | ||||
| -rw-r--r-- | bootstrap/config.php | 3 | ||||
| -rw-r--r-- | bootstrap/functions.php | 382 | ||||
| -rw-r--r-- | bootstrap/index.php | 63 | ||||
| -rw-r--r-- | bootstrap/robots.txt | 2 | ||||
| -rwxr-xr-x | bootstrap/static/footer.php | 1 | ||||
| -rw-r--r-- | bootstrap/static/header.php | 32 | ||||
| -rw-r--r-- | bootstrap/static/kitten-praying.jpg | bin | 0 -> 326589 bytes | |||
| -rw-r--r-- | bootstrap/static/kitten-prays-small.jpg | bin | 0 -> 51758 bytes | |||
| -rw-r--r-- | bootstrap/static/kitten-prays.jpg | bin | 0 -> 496315 bytes | |||
| -rw-r--r-- | bootstrap/static/kitten.jpg | bin | 0 -> 66462 bytes | |||
| -rw-r--r-- | bootstrap/static/style.min.css | 1 |
15 files changed, 710 insertions, 80 deletions
diff --git a/bootstrap/action.php b/bootstrap/action.php index 533ef0a..a52d471 100644 --- a/bootstrap/action.php +++ b/bootstrap/action.php @@ -1,51 +1,102 @@ <?php - if ( ! isset($_GET["page"]) || $_GET["page"] != "action" ){ header($_SERVER["SERVER_PROTOCOL"] . " 404 Not Found"); + ob_clean(); exit; } if ( ! isset($_GET["task"]) || $_GET["task"] == "" ){ header($_SERVER["SERVER_PROTOCOL"] . "400 Wrong Request"); header("Location: /?page=index"); + ob_clean(); + exit; } switch($_GET["task"]){ case("login"): if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); echo "Method not allowed"; exit; } if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["password"]) || $_POST["password"] == "" ){ - failure("not enough information", "400 Bad Request"); - } - if ( $jg->login($_POST["name"], $_POST["password"]) ){ - header($_SERVER["SERVER_PROTCOL"] . " 302 Moved"); + print_login("missing"); + } else if ( $user->login($_POST["name"], $_POST["password"]) ){ + header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); header("Location: /?page=" . $_GET["goto"]); + ob_clean(); exit; + } else { + print_login("password"); } break; - case("update"): + case("register"): if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); echo "Method not allowed"; exit; } - if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){ + if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["password"]) || $_POST["password"] == "" || ! isset($_POST["confirm"]) || $_POST["confirm"] == "" || ! isset($_POST["key"])){ + print_login("missing"); + } + else if ( $_POST["key"] != INVITEKEY ){ + print_login("key"); + } + else if ( $_POST["password"] != $_POST["confirm"]){ + print_login("password"); + } else { + if ( ! isset($_POST["email"]) || $_POST["email"] == "" ){ + $email = "null"; + $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX . "user WHERE name = %s LIMIT 1;", $_POST["name"]); + } + else { + $email = $_POST["email"]; + $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX . "user WHERE name = %s OR email = %s LIMIT 1", $_POST["name"], $_POST["email"]); + } + $check_db = $db->doQuery($sql); + $check_ar = $check_db->fetch_array(MYSQLI_NUM); + if ( $check_ar[0] == 1) { + print_login("double"); + } else { + if ( ! $user->register($_POST["name"], $_POST["password"], $email)) + print_login("database"); + else { + header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); + header("Location: /?page=" . $_GET["goto"]); + ob_clean(); + exit; + } + } + } + break; + + case("update"): + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + ob_clean(); + echo "Method not allowed"; exit; } - $sql = $db->prepare("UPDATE " . DBPREFIX . "member SET name = %s AND adresse = %s AND telefonnummer = %s AND handynummer = %s AND email = %s AND geburtstag = %s WHERE id = %d;", - $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"], $_GET["id"] - ); - if ( ! $sql ) - exit; - if ( $result = $db->doQuery($sql) ){ - header($_SERVER["SERVER_PROTCOL"] . " 302 Moved"); - header("Location: /?page=" . $_GET["goto"]); + if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){ + print_list("update"); + } else { + $sql = $db->prepare("UPDATE " . DBPREFIX . "member SET name = %s, adresse = %s, telefonnummer = %s, handynummer = %s, email = %s, geburtstag = %s WHERE member_id = %d;", + $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"], $_GET["id"] + ); + if ( ! $sql ){ + ob_clean(); + echo "SQL preparation failed."; + exit; + } + if ( $result = $db->doQuery($sql) ){ + header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); + header("Location: /?page=" . $_GET["goto"]); + $c->flush(); + } } - exit; break; case("add"): @@ -54,14 +105,107 @@ switch($_GET["task"]){ echo "Method not allowed"; exit; } - $sql = $db->prepare("INSERT INTO " . DBPREFIX . "member (id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES (NULL, %s, %s, %s, %s, %s, %s);", + $sql = $db->prepare("INSERT INTO " . DBPREFIX . "member (member_id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES (NULL, %s, %s, %s, %s, %s, %s);", $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"] ); - if ( ! $sql ) + if ( ! $sql ){ + echo "SQL preparation failed."; exit; + } if ( $result = $db->doQuery($sql) ){ - header($_SERVER["SERVER_PROTCOL"] . " 302 Moved"); + header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); header("Location: /?page=" . $_GET["goto"]); + $c->flush($_GET["_flush"]); + } + break; + case("account"): + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + echo "Method not allowed"; + exit; + } + if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["confirm"]) || $_POST["confirm"] == ""){ + print_account("info"); + } else if ( ! isset($_POST["email"]) ){ + $_POST["email"] = ""; + } else if ( ! password_verify($_POST["confirm"] . PEPPER , $user->getPassword()) ) { + print_account("password"); + } else { + $sql = false; + $check_ar[0] = 0; + if ( $_POST["name"] != $_SESSION["username"]){ + + if ( isset($_POST["email"]) && $_POST["email"] != "" && $_POST["email"] != $user->getEmail() ) + $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX ."user WHERE name = %s OR email = %s ;", $_POST["name"], $_POST["email"]); + else + $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX ."user WHERE name = %s ;", $_POST["name"]); + + } else if ( isset($_POST["email"]) && $_POST["email"] != "" && $_POST["email"] != $user->getEmail() ){ + $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX ."user WHERE email = %s ;", $_POST["email"]); + + } else if ( $_POST["password"] == "" ){ + redirect("account"); + } + + if ( $sql ){ + $check_db = $db->doQuery($sql); + $check_ar = $check_db->fetch_array(MYSQLI_NUM); + } + + if ( $check_ar[0] == 1){ + print_account("double"); + } else { + if ( $_POST["password"] != $_POST["confirm"] && $_POST["password"] != "" ){ + $sql = $db->prepare("UPDATE " . DBPREFIX . "user SET name = %s, password = %s, email = %s WHERE id = %d;", $_POST["name"] , password_hash($_POST["password"]. PEPPER, PASSWORD_DEFAULT), $_POST["email"], $_SESSION["userid"]); + } else + $sql = $db->prepare("UPDATE " . DBPREFIX . "user SET name = %s, email = %s WHERE id = %d;", $_POST["name"], $_POST["email"], $_SESSION["userid"]); + if ( ! $db->doQuery($sql) ){ + + echo $sql; + print_account("database"); + } else + $_SESSION["username"] = $_POST["name"]; + redirect("account&success=1"); + } } - exit; + break; + case("recover"): + if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ + header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); + echo "Method not allowed"; + exit; + } + $sql = $db->prepare("SELECT 1, name FROM " . DBPREFIX . "user WHERE email = %s ;", $_POST["email"]); + $result_db = $db->doQuery($sql); + $result_ar = $result_db->fetch_array(MYSQLI_NUM); + if ( $result_ar[0] == 1){ + + $arr = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "_", "-"); + $password = ""; + $l = count($arr) -1 ; + for ($i=0;$i<10;$i++){ + $r = mt_rand(0, $l); + $password.=$arr[$r]; + } + + $hash = password_hash($password . PEPPER, PASSWORD_DEFAULT); + $sql = $db->prepare("UPDATE " . DBPREFIX . "user SET password = %s WHERE email = %s ;", $hash, $_POST["email"]); + if ( ! $db->doQuery($sql) ) + redirect("recover&track=0"); + + $body = +"Hello, +someone requested a new password for '".$result_ar[1]."' on https://jungegemeinde.iamfabulous.de. +The new password is '". $password ."'. Remember to change it immediately at https://jungegemeinde.iamfabulous.de/?page=account after successfull login. + +Kindly regards, +JG Adlershof"; + + // header injection + mail($_POST["email"], "JG: Passwort Reset", $body, "From: JG Adlershof <noreply@jungegemeinde.iamfabulous.de>\r\n" ); + redirect("recover&track=1"); + } else { + redirect("recover&track=0"); + } + break; } diff --git a/bootstrap/bootstrap.php b/bootstrap/bootstrap.php index 36c298e..aab8bbe 100644 --- a/bootstrap/bootstrap.php +++ b/bootstrap/bootstrap.php @@ -30,12 +30,14 @@ if ( ! defined('INCLASS') ) define('INCLASS', 'class/'); # redis access -# if ( ! defined('USE_REDIS') ) -# define('USE_REDIS', false); -# if ( ! defined('REDIS_CONNECT') ) -# define('REDIS_CONNECT', '/var/run/redis/redis.sock'); -# if ( ! defined('REDIS_DBNAME') ) -# define('REDIS_DBNAME', 1); + if ( ! defined('USE_REDIS') ) + define('USE_REDIS', true); + if ( ! defined('REDIS_CONNECT') ) + define('REDIS_CONNECT', '/var/run/redis/redis.sock'); + if ( ! defined('REDIS_DB') ) + define('REDIS_DB', 2); + if ( ! defined('CACHEPREFIX') ) + define('CACHEPREFIX', 'jg_'); # redirects to correct host if ( $_SERVER['HTTP_HOST'] != HOST){ @@ -45,6 +47,7 @@ if ( $_SERVER['HTTP_HOST'] != HOST){ } require(ABSPATH . 'functions.php'); +require(ABSPATH . INCLASS . 'cache.php'); require(ABSPATH . INCLASS . 'mysql.php'); require(ABSPATH . INCLASS . 'user.php'); diff --git a/bootstrap/class/cache.php b/bootstrap/class/cache.php new file mode 100644 index 0000000..8005484 --- /dev/null +++ b/bootstrap/class/cache.php @@ -0,0 +1,69 @@ +<?php + +class cache { + public $token = ""; + + private $db; + + public function __construct($rconnect, $rdb){ + $this->db = new Redis(); + + try { + $this->db->connect($rconnect); + } catch (Exception $e) { + return $e->getMessage(); + } + try { + $this->db->ping(); + } catch (Exception $e) { + return $e->getMessage(); + } + try { + $this->db->select($rdb); + } catch (Exception $e) { + return $e->getMessage(); + } + } + + public function check(){ + try { + return $this->db->ping(); + } catch (Exception $e) { + return $e->getMessage(); + } + } + + public function setKey($key, $value, $ttl = null){ + $this->db->set($key, $value, $ttl); + } + + public function getValue($key){ + return $this->db->get($key); + } + + public function getToken($data, $append = ""){ + $this->token = CACHEPREFIX . $append . md5(strtolower($data)); + return $this->token; + } + + public function exists($key){ + return $this->db->exists($key); + } + + public function delete($key){ + return $this->db->delete($key); + } + + public function del($key){ + return $this->db->delete($key); + } + + public function flush($token = null){ + if ( is_null($token) ) + return $this->db->flushDB(); + else + return $this->db->delete($token); + } +} + + diff --git a/bootstrap/class/user.php b/bootstrap/class/user.php index edbcaa6..969d734 100644 --- a/bootstrap/class/user.php +++ b/bootstrap/class/user.php @@ -9,8 +9,6 @@ class jg { private $query = false; public function __construct($name = null){ - if ( is_null($name) ) - return; $this->username = $name; @@ -24,10 +22,10 @@ class jg { # get's everything from the database private function _setQuery(){ - global $vfsdb; + global $db; - $sql = $vfsdv->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username); - $db_db = $vfsdb->doQuery($sql); + $sql = $db->prepare("SELECT * FROM " . DBPREFIX . "user WHERE name=%s;", $this->username); + $db_db = $db->doQuery($sql); if ( is_bool($db_db) ) $this->query = false; else @@ -54,7 +52,10 @@ class jg { } public function getEmail(){ - return $this->query['email']; + if ( $this->query['email'] == "null" ) + return ""; + else + return $this->query['email']; } public function getRegister(){ @@ -88,9 +89,11 @@ class jg { # set login to true $this->login = true; + $this->username=$user; + # start a session if needed if ( session_status() != PHP_SESSION_ACTIVE ) { - session_name(VFS_SESSION); + session_name(SESSION); session_start(); } @@ -99,6 +102,7 @@ class jg { # assign userid to the session variable $_SESSION["userid"] = $this->getUserId(); + $_SESSION["username"] = $this->username; return true; } @@ -120,21 +124,15 @@ class jg { } public function register($name, $password, $email){ - global $vfsdb; + global $db; - $password = $password . PEPPER; - $hash = password_hash($password, PASSWORD_DEFAULT); + $hash = password_hash($password . PEPPER, PASSWORD_DEFAULT); - $sql = $vfsdb->prepare(" - INSERT INTO " . DBPREFIX . "user VALUES ( - NULL, - name = %s, - password = %s, - email = %s, - register = %d - );", $name, $hash, $email, time() ); + $sql = $db->prepare(" + INSERT INTO " . DBPREFIX . "user (id, name, password, email, register) VALUES (NULL, %s, %s, %s, %d);", $name, $hash, $email, time() + ); - if ( ! $vfsdb->doQuery($sql) ) + if ( ! $db->doQuery($sql) ) return false; # the user is successfull registered, thus already logged in @@ -144,7 +142,7 @@ class jg { $this->_setPepper(); $this->_setQuery(); - $this->login($password); + $this->login($name, $password); return true; } diff --git a/bootstrap/config.php b/bootstrap/config.php index e39fb57..585f34a 100644 --- a/bootstrap/config.php +++ b/bootstrap/config.php @@ -28,3 +28,6 @@ define('PEPPER', 'somelongstringhere'); ### hostname # define('HOST', 'jungegemeinde.iamfabulous.de'); # define('DOMAIN', 'https://jungegemeinde.iamfabulous.de'); + +#define('INVITEKEY', 'fadfhaoshfasodfhioadsfhadsofhpf'); +define('INVITEKEY', 'p'); diff --git a/bootstrap/functions.php b/bootstrap/functions.php index 60408a2..3e937d2 100644 --- a/bootstrap/functions.php +++ b/bootstrap/functions.php @@ -1,5 +1,18 @@ <?php +function lredirect($goto){ + global $user; + if ( $user->isLoggedIn() != 1){ + redirect("login&goto=".$goto); + } +} + +function redirect($goto){ + header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); + header("Location: /?page=".$goto); + ob_clean(); + exit; +} function failure($reason, $httpcode, $ajax = true, $heading = NULL){ # send header with $httpcode @@ -23,31 +36,56 @@ function failure($reason, $httpcode, $ajax = true, $heading = NULL){ exit; } -function print_login(){ +function print_login($option = false){ if(isset($_GET["goto"]) && $_GET["goto"] != "") - $goto = $_GET["goto"]; + $goto = htmlentities($_GET["goto"]); else $goto = "index"; + + global $user; + if ( $user->isLoggedIn() ){ + redirect("index"); + } ?> <form class="form-horizontal" method="POST" action="/?page=action&task=login&goto=<?php echo $goto; ?>"> <fieldset> <!-- Form Name --> -<legend><h1>Junge Gemeinde Adlershof</h1><p>Login required</p></legend> +<legend><h1>Junge Gemeinde Adlershof</h1> +<?php + if ( ! $option ){ +?> +<p>Login required</p> +<?php + } else if ( $option == "logout" ){ +?> +<p style="color:red">Logout erfolgreich!</p> +<?php + } else if ( $option == "password" ) { +?> +<p style="color:red">Nutzer/Passwort falsch</p> +<?php + } else if ( $option == "missing") { +?> +<p style="color:red">Bitte fülle alle Felder aus!</p> +<?php + } +?> +</legend> <!-- Text input--> <div class="form-group"> - <label class="col-md-4 control-label" for="name">Username*:</label> - <div class="col-md-5"> - <input id="name" name="name" placeholder="Put your username here." class="form-control input-md" required="" type="text"> + <label class="col-md-4 control-label" for="name">Username*</label> + <div class="col-md-4"> + <input id="name" name="name" placeholder="Name (Pflicht)" class="form-control input-md" required="" type="text"> </div> </div> <!-- Password input--> <div class="form-group"> - <label class="col-md-4 control-label" for="password">Password*:</label> - <div class="col-md-5"> - <input id="password" name="password" placeholder="Put your password here." class="form-control input-md" required="" type="password"> + <label class="col-md-4 control-label" for="password">Password*</label> + <div class="col-md-4"> + <input id="password" name="password" placeholder="Passwort (Pflicht)" class="form-control input-md" required="" type="password"> </div> </div> @@ -61,28 +99,60 @@ else </fieldset> </form> +<br> +<p><strong>Mit * markierte Felder sind Pflichtfelder.</strong></p> +</div> +<div class="row"> +<a href="/?page=recover" title="Recover your password">[Passwort vergessen?]</a> </div> <?php } +function print_logout(){ + global $user; + $user->logout(); + print_login("logout"); +} + function print_index(){ ?> <h1>Junge Gemeinde Adlershof</h1> + <br> </div> <div class="row"> + <img src="/static/kitten-prays-small.jpg" alt="praing kitten" class="img-responsive"> + </div> + <br> + <div class="row"> + <p>Wir sind die Junge Gemeinde in Adlershof.</p> + <p>Wir treffen uns immer Donnerstags um 19:30 Uhr in der Remise Arndtstraße 12a.</p> + <p>Am besten sind wir über unsere <span id="mail"><strong>Aktiviere JavaScript um die E-Mail Adresse zu sehen!</strong></span> erreichbar.</p> </div> <?php } -function print_list(){ +function print_list($option = false){ + lredirect("liste"); global $db; $result = $db->doQuery("SELECT * FROM " . DBPREFIX . "member;"); ?> <h1>Adress Liste</h1> +<?php + if ( $option == "update"){ +?> +<h4 style="color:red;">Es existiert kein Mitglied mit dieser ID</h4> + <br> +<?php + } else if ( $option == false ) { +?> <br> +<?php + } +?> </div> <div class="row"> + <div class="table-responsive"> <table width='60%' class='table table-striped'> <thead> <tr> @@ -109,17 +179,13 @@ function print_list(){ <td>".htmlentities($row['email'])."</td> <td>".htmlentities($row['geburtstag'])."</td> <td><a href='/?page=update&id=".htmlentities($row['member_id'])."'><input type='checkbox' name='change' value='true'></a></td> - <tr>"; + </tr>"; $count++; } ?> - <?php /* - <tr><td align='center'><a href=\"/liste/".$row[0]."\">".$count."</a></td><td align='left'><a href=\"/liste/".$row[0]."\">".$row[1]."</a></td><td align='left'> - <a href=\"/liste/".$row[0]."\">".$row[2]."</a></td><td align='left'><a href=\"/liste/".$row[0]."\">".$row[3]."</a></td><td align='left'><a href=\"/liste/".$row[0]."\">".$row[4]."</a></td><td align='left'><a href=\"/liste/".$row[0]."\">".$row[5]."</a></td><td align='left'><a href=\"/liste/".$row[0]."\">".$row[6]."</a></td><td align='center'><a href=\"/liste/".$row[0]."\"><input type='checkbox' name='change' value='true'</td></a><tr> - */ - ?> </tbody> </table> + </div> <form method="POST" action="/?page=add"> <button id="singlebutton" class="btn btn-info" type="submit">Füge jemanden hinzu</button> </form> @@ -130,20 +196,22 @@ function print_list(){ } function print_update_list($id){ + lredirect("liste"); global $db; $sql = $db->prepare("SELECT * FROM " . DBPREFIX . "member WHERE member_id = %d", $id); $result = $db->doQuery($sql); if(!$result){ - echo "Fail!"; + print_list("update"); exit; } - while ( $row = $result->fetch_array(MYSQLI_ASSOC) ){ + if ( $row = $result->fetch_array(MYSQLI_ASSOC) ){ ?> <h1>Änderung für <?php echo htmlentities($row['name']); ?></h1> </div> <div class="row"> - <form method='POST' action='/?page=action&task=update&id=<?php echo htmlentities($row['memberid']); ?>&goto=liste'> + <form method='POST' action='/?page=action&task=update&id=<?php echo htmlentities($row['member_id']); ?>&goto=liste'> + <div class="table-responsive"> <table class='table'> <thead> <tr> @@ -173,19 +241,24 @@ function print_update_list($id){ </tr> </tbody> </table> + </div> <button id="singlebutton" name="singlebutton" class="btn btn-info" type="submit">Ändere!</button> </form> </div> <?php + } else { + print_list("update"); } } function print_add_entry_to_list(){ + lredirect("liste"); ?> <h1>Füge die Daten hinzu</h1> </div> <div class="row"> - <form method='POST' action='/?page=action&task=add&goto=liste'> + <form method='POST' action='/?page=action&task=add&goto=liste&_flush=<?php echo $c->token; ?>'> + <div class="table-responsive"> <table class='table'> <thead> <tr> @@ -215,6 +288,7 @@ function print_add_entry_to_list(){ </tr> </tbody> </table> + </div> <button id="singlebutton" name="singlebutton" class="btn btn-info" type="submit">Hinzufügen!</button> </form> </div> @@ -222,6 +296,7 @@ function print_add_entry_to_list(){ } function _add_entry(){ + lredirect("liste"); global $db; $sql = $db->prepare("INSERT INTO " . DPREFIX . "member (id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES (NULL. %s, %s, %s, %s, %s, %s);", $_POST['name'], $_POST['adresse'], $_POST['telefonnummer'], $_POST['handynummer'], $_POST['email'], $_POST['geburtstag']); @@ -232,7 +307,272 @@ function _add_entry(){ } function print_404(){ - header($_SERVER['HTTP_PROTOCOL'] . ' 404 Not Found'); + header($_SERVER['SERVER_PROTOCOL'] . ' 404 Not Found'); +?> +<h1>404 - Not Found</h1> +<br> +<h4>The requested page (<?php echo htmlentities($_SERVER['REQUEST_URI']); ?>) wasn't found on this server.</h4> +</div> +<?php +} + +function print_register($option = false){ + global $user; + if ( $user->isLoggedIn() ){ + redirect("index"); + } +?> + +<form class="form-horizontal" method='POST' action='/?page=action&task=register&goto=account'> +<fieldset> + +<!-- Form Name --> +<legend><h1>Junge Gemeinde Adlershof</h1> +<?php + if ( $option == false ){ +?> +<p>Register</p> +<?php + } else if ( $option == "password") { +?> +<p style="color:red;">Passwörter stimmen nicht überein!</p> +<?php + } else if ( $option == "missing") { +?> +<p style="color:red;">Bitte fülle alle mit '*' markierten Felder aus!</p> +<?php + } else if ( $option == "key") { +?> +<p style="color:red;">Registrierung verweigert!</p> +<?php + } else if ( $option == "double") { ?> +<p style="color:red;">Nutzer/E-Mail gibt es schon!</p> <?php + } else if ( $option == "double") { +?> +<p style="color:red;">Interner Fehler!</p> +<?php + } +?> +</legend> + +<!-- Text input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="name">Name*</label> + <div class="col-md-4"> + <input id="name" name="name" placeholder="Name (Pflicht)" class="form-control input-md" required="" type="text"> + + </div> +</div> + +<!-- Password input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="password">Passwort*</label> + <div class="col-md-4"> + <input id="password" name="password" placeholder="Passwort (Pflicht)" class="form-control input-md" required="" type="password"> + + </div> +</div> + +<!-- Password input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="confirm">Bestätige Passwort*</label> + <div class="col-md-4"> + <input id="confirm" name="confirm" placeholder="Passwort (Pflicht)" class="form-control input-md" required="" type="password"> + + </div> +</div> + +<!-- Text input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="email">E-Mail</label> + <div class="col-md-4"> + <input id="email" name="email" placeholder="E-Mail" class="form-control input-md" type="text"> + <span class="help-block">Deine E-Mail wird gebraucht, wenn du dein Passwort vergessen hast.</span> + </div> +</div> + +<!-- Text input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="key">Key*</label> + <div class="col-md-4"> + <input id="key" name="key" placeholder="Schlüssel (Pflicht)" class="form-control input-md" required="" type="text"> + <span class="help-block">Du solltest den Schlüssel in einer Mail bekommen haben.</span> + </div> +</div> + +<!-- Button --> +<div class="form-group"> + <label class="col-md-4 control-label" for="submit"></label> + <div class="col-md-4"> + <button id="submit" name="submit" class="btn btn-info">Registrieren</button> + </div> +</div> + +</fieldset> +</form> +<br> +<p><strong>Mit * markierte Felder sind Pflichtfelder.</strong></p> +</div> +<?php +} + +function print_account($option = false){ + lredirect("accout"); + global $user; +?> +<form class="form-horizontal" method="POST" action="/?page=action&task=account&goto=account"> +<fieldset> + +<!-- Form Name --> +<legend> +<h1><?php echo htmlentities($_SESSION["username"]);?></h1> +<?php + if ( $option == false && ! isset($_GET["success"]) && $_GET["success"] != 1){ +?> +<p>Ändere deine Daten</p> +<?php + } else if ( $option == "info" ){ +?> +<p style="color:red;">Bitte fülle alle notwendigen Felder aus!</p> +<?php + } else if ( $option == "password" ){ +?> +<p style="color:red;">Dein Passwort stimmt nicht!</p> +<?php + } else if ( $option == "double" ){ +?> +<p style="color:red;">Nutzer/E-Mail schon vergeben!</p> +<?php + } else if ( $option == "database" ){ +?> +<p style="color:red;">Interner Fehler!</p> +<?php + } else if ( $option == "success" || $_GET["success"] == 1 ){ +?> +<p style="color:green;">Erfolgreich aktualisiert!</p> +<?php + } +?> +</legend> + +<!-- Text input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="name">Name*</label> + <div class="col-md-4"> + <input id="name" name="name" placeholder="Neuer Name" class="form-control input-md" type="text" value="<?php echo $_SESSION["username"];?>" required=""> + <span class="help-block">Wechsle deinen Namen hier.</span> + </div> +</div> + +<!-- Password input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="passwordinput">Neues Passwort</label> + <div class="col-md-4"> + <input id="passwordinput" name="password" placeholder="Neues Passwort" class="form-control input-md" type="password"> + <span class="help-block">Ändere dein Passwort. Lass das Feld leer, wenn du es nicht ändern möchtest.</span> + </div> +</div> + +<!-- Text input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="textinput">E-Mail</label> + <div class="col-md-4"> + <input id="textinput" name="email" placeholder="E-Mail" class="form-control input-md" type="text" value="<?php echo $user->getEmail(); ?>"> + <span class="help-block">Ändere deine E-Mail Adresse.</span> + </div> +</div> + +<!-- Password input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="confirm">Passwort*</label> + <div class="col-md-4"> + <input id="confirm" name="confirm" placeholder="Bestätige mit deinem alten Passwort." class="form-control input-md" required="" type="password"> + <span class="help-block">Bestätige die Angaben mit deinem gültigen Passwort.</span> + </div> +</div> + +<!-- Button --> +<div class="form-group"> + <label class="col-md-4 control-label" for="submit"></label> + <div class="col-md-4"> + <button id="submit" name="submit" class="btn btn-primary">Ändere!</button> + </div> +</div> + +</fieldset> +</form> +<br> +<p><strong>Mit * markierte Felder sind Pflichtfelder.</strong></p> + </div> +<?php +} + +function print_recover($option = false){ +?> +<form class="form-horizontal" method='POST' action='/?page=action&task=recover'> +<fieldset> + +<!-- Form Name --> +<legend><h1>Junge Gemeinde Adlershof</h1> +<?php + if(isset($_GET["track"])){ + if ($_GET["track"] == 1) { +?> +<p style="color:green;">Passwort zugeschickt!</p> +<?php + } else { +?> +<p style="color:red;">Fehler! Passwort konnte nicht geändert werden.</p> +<?php + } + } else { +?> +<p>Passwort wiederherstellen</p> +<?php + } +?> +</legend> + +<!-- Text input--> +<div class="form-group"> + <label class="col-md-4 control-label" for="email">E-Mail*</label> + <div class="col-md-4"> + <input id="email" name="email" placeholder="Deine hinterlegte E-Mail Adresse." class="form-control input-md" required="" type="text"> + <span class="help-block">Wenn deine E-Mail gespeichert ist, wird dir das neue Passwort automatisch zugestellt.</span> + </div> +</div> + +<!-- Button --> +<div class="form-group"> + <label class="col-md-4 control-label" for="submit"></label> + <div class="col-md-4"> + <button id="submit" name="submit" class="btn btn-primary">Recover!</button> + </div> +</div> + +</fieldset> +</form> + +</div> +<?php +} + +function minify($buffer){ + $search = array( + '/\>[^\S ]+/s', // strip whitespaces after tags, except space + '/[^\S ]+\</s', // strip whitespaces before tags, except space + '/(\s)+/s' // shorten multiple whitespace sequences + ); + + $replace = array( + '>', + '<', + '\\1' + ); + + $buffer = preg_replace($search, $replace, $buffer); + + return $buffer; } diff --git a/bootstrap/index.php b/bootstrap/index.php index 32b4a97..21cbda7 100644 --- a/bootstrap/index.php +++ b/bootstrap/index.php @@ -1,22 +1,52 @@ <?php -ob_start(); -# if we kann redirect user mit the ?goto variable +# if we kann redirect user with the ?goto variable $redirect = true; require_once( dirname(__FILE__) . '/bootstrap.php'); +ob_start('minify'); +session_name(SESSION); +session_start(); + +$c = new cache(REDIS_CONNECT, REDIS_DB); + +if ( isset($_SESSION["loggedin"]) && $_SESSION["loggedin"]){ + $a = "1_"; +} else { + $a = "0_"; +} + +if ( $_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["REDIRECT_STATUS"] == 200 && strpos($_SERVER["QUERY_STRING"], "account") === false ) { + $token = $c->getToken($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]. $_SERVER["QUERY_STRING"], $a); + if ( $c->exists($token)){ + header("X-Cache: Hit"); + echo $c->getValue($token); + ob_end_flush(); + exit; + } +} else { + header("X-Cache: Miss "); +} $db = new db(); -$user = new jg(); +if ( ! isset($_SESSION["username"])) + $u = null; +else + $u = $_SESSION["username"]; + +$user = new jg($u); ?> <!doctype html> <html> <head> <meta charset="utf-8"> <link rel="stylesheet" href="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/css/bootstrap.min.css"> - <link rel ="stylesheet" href="/static/style.css"> - <style>.dl-horizontal dt{white-space: normal;} .btn-info{background-color:#3083D6;}</style> + <?php + //<link rel ="stylesheet" href="/static/style.css"> + + echo "<style>" . file_get_contents('static/style.min.css');?> + .dl-horizontal dt{white-space: normal;} .btn-info{background-color:#3083D6;} .img-responsive{margin: 0 auto;} @-moz-document url-prefix() { fieldset { display: table-cell; } }</style> <title>Junge Gemeinde Adlershof</title> <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'> <meta name="viewport" content="width=device-width, initial-scale=1.0"> @@ -29,6 +59,8 @@ require_once 'static/header.php'; <div class="text-center"> <div class="row"> <?php + if( ! isset($_GET["page"])) + $_GET["page"] = ""; if($_GET["page"] == "" || $_GET["page"] == "index") print_index(); @@ -37,24 +69,36 @@ require_once 'static/header.php'; case("login"): print_login(); break; + case("logout"): + print_logout(); + break; case("liste"): print_list(); break; - + case("register"): + print_register(); + break; case("update"): print_update_list($_GET['id']); break; case("add"): print_add_entry_to_list(); break; + case("account"): + print_account(); + break; case("404"): print_404(); break; case("action"): require_once 'action.php'; break; + case("recover"). + print_recover(); + break; default: print_index(); + break; } } @@ -69,3 +113,10 @@ if ( isset($_GET['goto']) && $_GET['goto'] != "" && $redirect ){ </div> <?php require_once 'static/footer.php'; + +$html = ob_get_contents(); + +if ( $_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["REDIRECT_STATUS"] == 200 && strpos($_SERVER["QUERY_STRING"], "account") === false ) { + $c->setKey($token, $html, 3600); +} +ob_end_flush(); diff --git a/bootstrap/robots.txt b/bootstrap/robots.txt new file mode 100644 index 0000000..1f53798 --- /dev/null +++ b/bootstrap/robots.txt @@ -0,0 +1,2 @@ +User-agent: * +Disallow: / diff --git a/bootstrap/static/footer.php b/bootstrap/static/footer.php index 4a14ac7..2c6a6cf 100755 --- a/bootstrap/static/footer.php +++ b/bootstrap/static/footer.php @@ -3,6 +3,7 @@ <p> Copyright 2014 <a id="copyright-text" href="//www.moehm.org/" target="_blank">Maximilian Möhring</a></p> </div> </div> + <script type='text/javascript'>var a = new Array('s.de','iamfabulou','nde@lists.','jungegemei');document.getElementById('mail').innerHTML="<a href='mailto:"+a[3]+a[2]+a[1]+a[0]+"'>E-Mail Adresse</a>";</script> <script src="//code.jquery.com/jquery-1.10.1.min.js" defer></script> <script src="//maxcdn.bootstrapcdn.com/bootstrap/3.2.0/js/bootstrap.min.js" defer></script> <?php //<script src='/boring.js' defer></script> ?> diff --git a/bootstrap/static/header.php b/bootstrap/static/header.php index a7a5042..d20ddf9 100644 --- a/bootstrap/static/header.php +++ b/bootstrap/static/header.php @@ -7,20 +7,38 @@ <span class="icon-bar"></span> <span class="icon-bar"></span> </button> - <a class="navbar-brand" href="/?page=index">Home</a> + <a class="navbar-brand" href="/?page=index" title="Startseite">Home</a> </div> <div class="collapse navbar-collapse" id="navbarCollapse"> - <ul class="nav navbar-nav"> + <ul class="nav navbar-nav navbar-left"> <li> - <a href="/?page=liste" >Adressliste</a> + <a href="/?page=liste" title="Liste aller JG-Mitglieder">Adressliste</a> </li> <li> - <a href="https://lists.iamfabulous.de/mailman/listinfo/jungegemeinde" >E-Mail Verteiler</a> - </li> - <li> - <a href="/?page=logout" >Logout</a> + <a href="https://lists.iamfabulous.de/mailman/listinfo/jungegemeinde" target="_blank" title="JG E-Mail Verteiler">E-Mail Verteiler</a> </li> </ul> + <ul class="nav navbar-nav navbar-right"> + <li> + <?php + if ( $user->isLoggedIn() ) { + ?> + <a href="/?page=account" title="Manage deinen Account">Account</a> + </li> + <li> + <a href="/?page=logout" title="Beende die Session">Logout</a> + <?php + } else { + ?> + <a href="/?page=register&goto=index" title="Registriere dich für unbeschränkten Zugang">Register</a> + </li> + <li> + <a href="/?page=login&goto=index" title="Login">Login</a> + <?php + } + ?> + </li> + </ul> </div> </div> </nav> diff --git a/bootstrap/static/kitten-praying.jpg b/bootstrap/static/kitten-praying.jpg Binary files differnew file mode 100644 index 0000000..7f291e0 --- /dev/null +++ b/bootstrap/static/kitten-praying.jpg diff --git a/bootstrap/static/kitten-prays-small.jpg b/bootstrap/static/kitten-prays-small.jpg Binary files differnew file mode 100644 index 0000000..5734aea --- /dev/null +++ b/bootstrap/static/kitten-prays-small.jpg diff --git a/bootstrap/static/kitten-prays.jpg b/bootstrap/static/kitten-prays.jpg Binary files differnew file mode 100644 index 0000000..3eb6ede --- /dev/null +++ b/bootstrap/static/kitten-prays.jpg diff --git a/bootstrap/static/kitten.jpg b/bootstrap/static/kitten.jpg Binary files differnew file mode 100644 index 0000000..376c195 --- /dev/null +++ b/bootstrap/static/kitten.jpg diff --git a/bootstrap/static/style.min.css b/bootstrap/static/style.min.css new file mode 100644 index 0000000..dc54b0f --- /dev/null +++ b/bootstrap/static/style.min.css @@ -0,0 +1 @@ +html{position:relative;min-height:100%}body{margin-bottom:60px}a{color:#3083D6}.navbar-default{border-color:#3083D6;background:#3083D6}.navbar-default .navbar-brand{color:#fff}.navbar-default .navbar-nav>li>a{color:#fff}.footer{border-color:#3083D6;background:#3083D6;color:#fff;position:absolute;bottom:0;width:100%}#copyright-text{color:#fff}.noscript{background-color:red;color:#fff}.table-center{margin:0 auto!important;float:none!important}.disabled{color:#5E5E5E;text-decoration:line-through} |
