diff options
| -rw-r--r-- | action.php | 17 | ||||
| -rw-r--r-- | bootstrap.php | 1 | ||||
| -rw-r--r-- | class/user.php | 23 | ||||
| -rw-r--r-- | functions.php | 62 | ||||
| -rw-r--r-- | index.php | 7 | ||||
| -rw-r--r-- | mail.php | 23 | ||||
| -rw-r--r-- | static/header.php | 18 | ||||
| -rw-r--r-- | static/mail_template.php | 256 |
8 files changed, 346 insertions, 61 deletions
@@ -27,7 +27,7 @@ switch($_GET["task"]){ } else if ( $user->login($_POST["name"], $_POST["password"]) ){ $goto = preg_replace("/;/", "&", $_GET["goto"]); header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); - header("Location: ".DOMAIN."?page=" . $goto); + header("Location: ".DOMAIN."?page=" . $goto . "&_new=1"); ob_clean(); exit; } else { @@ -385,17 +385,20 @@ JG Adlershof"; } break; case("genHash"): + /* if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } + */ if ( ! $user->setHash($_REQUEST["name"], $c) ) { - print_login("password"); + print_login("hash"); } else { - print_verify_by_email(); + print_verify_by_email(htmlentities($_REQUEST["name"])); } + break; case("verify"): @@ -406,16 +409,16 @@ JG Adlershof"; exit; } //lredirect( "login"); - if ( ! isset($_REQUEST["name"]) || $_REQUEST["name"] == "" || ! isset($_REQUEST["hash"]) || $_REQUEST["hash"] == "" ){ + if ( ! isset($_REQUEST["email"]) || $_REQUEST["email"] == "" || ! isset($_REQUEST["hash"]) || $_REQUEST["hash"] == "" ){ print_login("missing"); - } else if ( $user->loginByEmail($_REQUEST["name"], $_REQUEST["hash"], $c) ){ + } else if ( $user->loginByEmail($_REQUEST["email"], $_REQUEST["hash"], $c) ){ $goto = preg_replace("/;/", "&", $_GET["goto"]); header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); - header("Location: ".DOMAIN."?page=" . $goto); + header("Location: ".DOMAIN."?page=" . $goto . "&_new=1"); ob_clean(); exit; } else { - print_login("password"); + print_login("hash"); } break; diff --git a/bootstrap.php b/bootstrap.php index 12c5caf..c41755a 100644 --- a/bootstrap.php +++ b/bootstrap.php @@ -62,6 +62,7 @@ if ( $_SERVER['HTTP_HOST'] != HOST){ } require(ABSPATH . 'functions.php'); +require(ABSPATH . 'mail.php'); require(ABSPATH . INCLASS . 'cache.php'); require(ABSPATH . INCLASS . 'mysql.php'); require(ABSPATH . INCLASS . 'user.php'); diff --git a/class/user.php b/class/user.php index 6e4d594..9cecf43 100644 --- a/class/user.php +++ b/class/user.php @@ -106,6 +106,8 @@ class jg { $_SESSION["userid"] = $this->getUserId(); $_SESSION["username"] = $this->username; + $_SESSION["new_login"] = 1; + return true; } @@ -149,9 +151,20 @@ class jg { return true; } - public function loginByEmail($name, $hash, $redis) { - if( $redis->getValue(strtolower($name)) == $hash ) { - return $this->login($name, null, true); + public function loginByEmail($email, $hash, $redis) { + if( $redis->getValue(strtolower($email)) == $hash ) { + global $db; + $sql = $db->prepare("SELECT * FROM " . DBPREFIX . "member WHERE email=%s;", $email); + $db_db = $db->doQuery($sql); + if ( is_bool($db_db) ) + return false; + else + $this->query = $db_db->fetch_array(MYSQLI_ASSOC); + + $this->username = $this->getUser(); + + $redis->delete( strtolower($email) ); + return $this->login($this->username, null, true); } else { return false; } @@ -160,14 +173,14 @@ class jg { public function setHash($email, $redis) { global $db; - $sql = $db->prepare("SELECT * FROM " . DBPREFIX . "user WHERE email=%s;", $email); + $sql = $db->prepare("SELECT * FROM " . DBPREFIX . "member WHERE email=%s;", $email); $db_db = $db->doQuery($sql); if ( is_bool($db_db) ) return false; else $this->query = $db_db->fetch_array(MYSQLI_ASSOC); - if ( $this->getEmail == $email) { + if ( strtolower($this->getEmail()) == strtolower($email)) { // See here: https://stackoverflow.com/questions/19017694/one-line-php-random-string-generator?answertab=active#tab-top $hash = chr( mt_rand( 97 ,122 ) ) .substr( md5( time( ) ) ,1 ); $redis->setKey(strtolower($email), $hash, 86400); diff --git a/functions.php b/functions.php index 09118a4..ff82c56 100644 --- a/functions.php +++ b/functions.php @@ -63,15 +63,20 @@ if( isset($_GET["goto"]) && $_GET["goto"] != "" ) { } else if ( $option == "logout" ){ ?> <p style="color:red">Logout erfolgreich!</p> +<!--div class="alert alert-danger" role="alert"><strong>Logout erfolgreich!</strong></div--> <?php } else if ( $option == "password" ) { ?> <p style="color:red">Nutzer/Passwort falsch</p> <?php - } else if ( $option == "missing") { + } else if ( $option == "missing" ) { ?> <p style="color:red">Bitte fülle alle Felder aus!</p> <?php + } else if ( $option == "hash" ) { +?> +<p style="color:red">Deine E-Mail war falsch. Du scheinst kein Mitglied der JG zu sein.</p> +<?php } ?> </legend> @@ -111,6 +116,8 @@ if( isset($_GET["goto"]) && $_GET["goto"] != "" ) { </div> */ ?> +<p>Bitte gib deine E-Mail Adresse ein. Es wird dir daraufhin eine Mail mit einem Link zugestellt, der dich einloggt.</p> + <div class="form-group"> <label class="col-md-4 control-label" for="name">E-Mail</label> <div class="col-md-4"> @@ -1124,7 +1131,7 @@ function rrmdir($dir) { } } -function print_verify_by_email($option = false){ +function print_verify_by_email($email, $option = false){ if( isset($_GET["goto"]) && $_GET["goto"] != "" ) { $goto = htmlentities($_GET["goto"]); @@ -1137,47 +1144,42 @@ if( isset($_GET["goto"]) && $_GET["goto"] != "" ) { redirect("index"); } ?> -<!--form class="form-horizontal" method="POST" action="<?php echo DOMAIN; ?>?page=action&task=login&goto=<?php echo $goto; ?>"--> -<form class="form-horizontal" method="GET" action="<?php echo DOMAIN; ?>?page=action&task=genHash&goto=<?php echo $goto; ?>"> -<fieldset> +<h1>Junge Gemeinde Adlershof</h1><br> + </div> +<div class="row"> +<!--p>Es wurde eine E-Mail an <strong><?php echo $email; ?></strong> versandt. <br> +Bitte folge dem enthaltenen Link oder gebe den Authentifizierungscode in das unten stehende Feld ein:</p--> +<p>Es wurde dir eine E-Mail an <strong><?php echo $email; ?></strong> gesendet. +Bitte folge dem enthaltenen Link oder gebe den Code per Hand ein.</p> +</div> +<br> -<!-- Form Name --> -<legend><h1>Junge Gemeinde Adlershof</h1> -<?php - if ( ! $option ){ -?> -<p>Login required</p> -<?php - } else if ( $option == "logout" ){ -?> -<p style="color:red">Logout erfolgreich!</p> -<?php - } else if ( $option == "password" ) { -?> -<p style="color:red">Nutzer/Passwort falsch</p> -<?php - } else if ( $option == "missing") { -?> -<p style="color:red">Bitte fülle alle Felder aus!</p> -<?php - } -?> -</legend> +<form class="form-horizontal" method="GET" action="<?php echo DOMAIN; ?>?page=action&task=verify&email=<?php echo $email; ?>&goto=<?php echo $goto; ?>"> +<fieldset> +<!-- Text input--> <div class="form-group"> - <label class="col-md-4 control-label" for="name">Hash</label> + <label class="col-md-4 control-label" for="hash">Authentifizierung</label> <div class="col-md-4"> - <input id="name" name="name" placeholder="Deine E-Mail Adresse" class="form-control input-md" required="" type="text"> + <input id="hash" name="hash" placeholder="Der Authentifizierungscode wurde dir per E-Mail geschickt." class="form-control input-md" required="" type="text"> </div> </div> +<!-- Button --> <div class="form-group"> <label class="col-md-4 control-label" for="submit"></label> <div class="col-md-4"> - <button id="submit" name="submit" class="btn btn-info"><span class="glyphicon glyphicon-log-in"></span> Lass mich rein</button> + <button id="submit" name="submit" class="btn btn-info"><span class="glyphicon glyphicon-log-in"></span> Lass mich rein!</button> </div> </div> +<input name="page" value="action" type="hidden"> +<input name="task" value="verify" type="hidden"> +<input name="email" value="<?php echo $email; ?>" type="hidden"> +<input name="goto" value="<?php echo $goto; ?>" type="hidden"> + +</fieldset> +</form> <?php @@ -14,7 +14,7 @@ if ( isset($_SESSION["loggedin"]) && $_SESSION["loggedin"]){ $a = "0_"; } -if ( ! $c->bypassCache && $_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["REDIRECT_STATUS"] == 200 ) { +if ( ! $c->bypassCache && $_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["REDIRECT_STATUS"] == 200 && $_SESSION["new_login"] != 1) { $token = $c->getToken($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]. $_SERVER["QUERY_STRING"], $a); if ( $c->existsPageCache($token)){ header("X-Cache: Hit"); @@ -66,7 +66,12 @@ require_once 'static/header.php'; <div class="container"> <div class="text-center"> <div class="row"> + <?php if ($user->login && $_SESSION['new_login'] == 1) { +?> + <div class="alert alert-success" role="alert"><strong>Du bist erfolgreich eingeloggt!</strong></div> <?php + $_SESSION['new_login'] = 0; + } switch($_GET["page"]){ case("index"): print_index(); @@ -9,13 +9,14 @@ function getInstance() { //// 0 = off (for production use) //// 1 = client messages //// 2 = client and server messages - $mail->SMTPDebug = 2; + $mail->SMTPDebug = 0; ////Ask for HTML-friendly debug output $mail->Debugoutput = 'html'; ////Set the hostname of the mail server $mail->Host = "mx.iamfabulous.de"; + $mail->SMTPSecure = 'tls'; ////Set the SMTP port number - likely to be 25, 465 or 587 - $mail->Port = 587; + $mail->Port = 25; ////Whether to use SMTP authentication $mail->SMTPAuth = false; ////Set who the message is to be sent from @@ -30,7 +31,21 @@ function sendMailWithHash($email, $name, $hash) { $mail = getInstance(); $mail->addAddress($email); $mail->Subject = 'JG Login'; - $mail->msgHTML(file_get_contents('static/mail_template.php')); - return $mail->sent(); + ob_start(); + include('static/mail_template.php'); + $content = ob_get_clean(); + + $mail->msgHTML( $content ); +/* +'Hallo ' . htmlentities($name) . ', <br> +<br> +um dich auf der Website der JG einzuloggen bitte folge <a href="https://jungegemeinde.iamfabulous.de/?page=action&task=verify&email=' . htmlentities($email) . '&hash=' . $hash . '&goto='.htmlentities($_GET['goto']) . '" title="Einloggen">diesen Link</a>. +<br> +Viele Gr' . htmlentities(üß) . 'e, <br> +<br> +JG Adlershof '); + */ + + return $mail->send(); } diff --git a/static/header.php b/static/header.php index a3a712f..868ce8c 100644 --- a/static/header.php +++ b/static/header.php @@ -35,7 +35,7 @@ <a href="#" title="Much fancy, many amazing, wow" onclick="loadFancy();"><span class="glyphicon glyphicon-flag"></span> Fancy Mode</a> </li> <li class="dropdown"> - <?php + <?php /* if ( $user->isLoggedIn() ) { $_name = $user->username; $_title = "Ändere dein Profil"; @@ -43,26 +43,28 @@ $_name = "Mitglied"; $_title = "Einloggen, registrieren, Profil"; } + */ ?> - <a href="<?php echo DOMAIN; ?>?page=account" title="<?php echo $_title; ?>"><span class="glyphicon glyphicon-user"></span> <?php echo $_name; ?> <span class="caret"></span></a> - <ul class="dropdown-menu" role="menu"> + <!--a href="<?php echo DOMAIN; ?>?page=account" title="<?php echo $_title; ?>"><span class="glyphicon glyphicon-user"></span> <?php echo $_name; ?> <span class="caret"></span></a--> + <!--ul class="dropdown-menu" role="menu"--> <li> <?php if ( $user->isLoggedIn() ) { ?> - <a href="<?php echo DOMAIN; ?>?page=account" title="Ändere dein Passwort"><span class="glyphicon glyphicon-user"></span> Profil</a> + <a href="<?php echo DOMAIN; ?>?page=logout" title="Beende die Session"><span class="glyphicon glyphicon-off"></span> Logout</a> + <!--a href="<?php echo DOMAIN; ?>?page=account" title="Ändere dein Passwort"><span class="glyphicon glyphicon-user"></span> Profil</a> </li> <li class="divider"></li> <li> - <a href="<?php echo DOMAIN; ?>?page=logout" title="Beende die Session"><span class="glyphicon glyphicon-off"></span> Logout</a> + <a href="<?php echo DOMAIN; ?>?page=logout" title="Beende die Session"><span class="glyphicon glyphicon-off"></span> Logout</a--> <?php } else { ?> - <a href="<?php echo DOMAIN; ?>?page=register&goto=index" title="Registriere dich für unbeschränkten Zugang"><span class="glyphicon glyphicon-share-alt"></span> Register</a> + <a href="<?php echo DOMAIN; ?>?page=login&goto=index" title="Login"><span class="glyphicon glyphicon-share-alt"></span> Login</a> </li> - <li class="divider"></li> + <!--li class="divider"></li> <li> - <a href="<?php echo DOMAIN; ?>?page=login&goto=index" title="Login"><span class="glyphicon glyphicon-log-in"></span> Login</a> + <a href="<?php echo DOMAIN; ?>?page=login&goto=index" title="Login"><span class="glyphicon glyphicon-log-in"></span> Login</a--> <?php } ?> diff --git a/static/mail_template.php b/static/mail_template.php index 5907ce7..87b216b 100644 --- a/static/mail_template.php +++ b/static/mail_template.php @@ -1,6 +1,250 @@ -Hallo <?php echo $name; ?>, <br> -<br> -um dich auf der Website der JG einzuloggen bitte folge <a href="https://jungegemeinde.iamfabulous.de/?page=verify&name=<?php echo $email; ?>&hash=<?php echo $hash?>" title="Einloggen">diesen Link</a>. -<br> -Viele Grüße, <br> -JG Adlershof +<!doctype html> +<html> +<head> +<meta name="viewport" content="width=device-width"> +<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> +<title>Junge Gemeinde Adlershof | Login</title> +<style> +/* ------------------------------------- + GLOBAL +------------------------------------- */ +* { + font-family: "Helvetica Neue", "Helvetica", Helvetica, Arial, sans-serif; + font-size: 100%; + line-height: 1.6em; + margin: 0; + padding: 0; +} + +img { + max-width: 600px; + width: 100%; +} + +body { + -webkit-font-smoothing: antialiased; + height: 100%; + -webkit-text-size-adjust: none; + width: 100% !important; +} + + +/* ------------------------------------- + ELEMENTS +------------------------------------- */ +a { + color: #3083D6; +} + +.btn-primary { + Margin-bottom: 10px; + width: auto !important; +} + +.btn-primary td { + background-color: #3083D6; + border-radius: 25px; + font-family: "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif; + font-size: 14px; + text-align: center; + vertical-align: top; +} + +.btn-primary td a { + background-color: #3083D6; + border: solid 1px #3083D6; + border-radius: 25px; + border-width: 10px 20px; + display: inline-block; + color: #ffffff; + cursor: pointer; + font-weight: bold; + line-height: 2; + text-decoration: none; +} + +.last { + margin-bottom: 0; +} + +.first { + margin-top: 0; +} + +.padding { + padding: 10px 0; +} + + +/* ------------------------------------- + BODY +------------------------------------- */ +table.body-wrap { + padding: 20px; + width: 100%; +} + +table.body-wrap .container { + border: 1px solid #f0f0f0; +} + + +/* ------------------------------------- + FOOTER +------------------------------------- */ +table.footer-wrap { + clear: both !important; + width: 100%; +} + +.footer-wrap .container p { + color: #666666; + font-size: 12px; + +} + +table.footer-wrap a { + color: #999999; +} + + +/* ------------------------------------- + TYPOGRAPHY +------------------------------------- */ +h1, +h2, +h3 { + color: #111111; + font-family: "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif; + font-weight: 200; + line-height: 1.2em; + margin: 40px 0 10px; +} + +h1 { + font-size: 36px; +} +h2 { + font-size: 28px; +} +h3 { + font-size: 22px; +} + +p, +ul, +ol { + font-size: 14px; + font-weight: normal; + margin-bottom: 10px; +} + +ul li, +ol li { + margin-left: 5px; + list-style-position: inside; +} + +/* --------------------------------------------------- + RESPONSIVENESS +------------------------------------------------------ */ + +/* Set a max-width, and make it display as block so it will automatically stretch to that width, but will also shrink down on a phone or something */ +.container { + clear: both !important; + display: block !important; + Margin: 0 auto !important; + max-width: 600px !important; +} + +/* Set the padding on the td rather than the div for Outlook compatibility */ +.body-wrap .container { + padding: 20px; +} + +/* This should also be a block element, so that it will fill 100% of the .container */ +.content { + display: block; + margin: 0 auto; + max-width: 600px; +} + +/* Let's make sure tables in the content area are 100% wide */ +.content table { + width: 100%; +} + +</style> +</head> + +<body bgcolor="#f6f6f6"> + +<!-- body --> +<table class="body-wrap" bgcolor="#f6f6f6"> + <tr> + <td></td> + <td class="container" bgcolor="#FFFFFF"> + + <!-- content --> + <div class="content"> + <table> + <tr> + <td> + <h1>JG Adlershof</h1> + <p>Hallo <strong><?php echo htmlentities($name); ?></strong>,</p> + <p>um dich auf der Website der Jungen Gemeinde einzuloggen, folge bitte diesem Link:</p> + <!-- button --> + <table class="btn-primary" cellpadding="0" cellspacing="0" border="0"> + <tr> + <td> + <a href="https://jungegemeinde.iamfabulous.de/?page=action&task=verify&email=<?php echo htmlentities($email); ?>&hash=<?php echo $hash; ?>&goto=<?php echo htmlentities($_GET['goto']); ?>" title="Einloggen">Hier klicken um zur Website der Jungen Gemeinde zu kommen</a> + </td> + </tr> + </table> + <!-- /button --> + <p>Der Link verfällt innerhalb 24h.</p> + <p>Sollte der Link nicht funktionieren, dein Authentifizierungscode lautet <strong><?php echo $hash; ?></strong>.</p> + <!--p>Wenn du diese E-Mail nicht erwartet hast, bitte ignoriere sie.</p--> + <p>Viele Gr<?php echo htmlentities("üß"); ?>, <br> + JG Adlershof</p> + <p><a href="https://jungegemeinde.iamfabulous.de/" title="Website der JG">Website der JG</a></p> + <p><a href="https://lists.iamfabulous.de/mailman/private/jungegemeinde" title="Archiv der Mailing Liste">Archiv der Mailing Liste</a></p> + </td> + </tr> + </table> + </div> + <!-- /content --> + + </td> + <td></td> + </tr> +</table> +<!-- /body --> + +<!-- footer --> +<table class="footer-wrap"> + <tr> + <td></td> + <td class="container"> + + <!-- content --> + <div class="content"> + <table> + <tr> + <td align="center"> + <p><a href="https://www.iamfabulous.de/">Maximilian Möhring</a> + </p> + </td> + </tr> + </table> + </div> + <!-- /content --> + + </td> + <td></td> + </tr> +</table> +<!-- /footer --> + +</body> +</html> |