diff options
Diffstat (limited to 'www/index.php')
| -rwxr-xr-x[-rw-r--r--] | www/index.php | 212 |
1 files changed, 166 insertions, 46 deletions
diff --git a/www/index.php b/www/index.php index 88a7fa6..a8dc53f 100644..100755 --- a/www/index.php +++ b/www/index.php @@ -1,51 +1,171 @@ -<?php include('auth.php'); +<?php +session_start(); -/* Copyright Maximilian Möhring, 2013 -Licensed under the GPL. Read LICENSE for more Information.*/ +if(!isset($_SESSION["login"])){ + $_SESSION["login"] = false; +} -include("header.php"); -?> +require_once("include.php"); // handles all the stuff that needs to be included -<div id='content_container' align='center'> - <br> - <div class='kleineschrift'> - <div class='ueberschrift'><p>JUNGE GEMEINDE ADLERSHOF</p> - </div> - </div> -<?php -if($_SESSION["username"] == "jg-adlershof"){ -$name = "Gast"; -} else { -$name = $_SESSION["username"]; +if(!isset($_SESSION["login_attempts"])){ + $_SESSION["login_attempts"] = 6; } - echo " -<br> -<div class='kleineschrift'> -<div style='width:800px;' class='katze' id='behaelter' align='center'> - Hallo $name.<br> Willkommen auf der Webpage für die Junge Gemeinde in Adlershof. Für einen persönlichen Zugang, und um alle Features zu nutzen, registriere dich doch <a -style='text-decoration:underline;color:blue;' href='register.php'>hier</a>. Wenn du Probleme bei der Navigation hast, dann schau unter <a style='text-decoration: underline;color:blue;' -href='help.php'>Hilfe</a> nach. <br> - Für Anregungen und Kritik bin ich immer zu haben. Schick mir einfach ne Mail oder sags mir nächsten Donnerstag. ;) - <br><bR> - PS: Du kannst dich nach einer Registrierung auch mit deinem Username einloggen. -</div> -</div> -"; -?> - -<br><br> -<div class='katze' align='center'><pre> - ,/| _.--''^``-...___.._.,; - /, \'. _-' ,--,,,--''' - { \ `_-'' ' /} - `;;' ; ; ; - ._.--'' ._,,, _..' .;.' - (,_....----''' (,..--'' -</pre></div> - - -</div> -</div> -</body> -</html> +if(check_if_banned($db)){ + echo "You are banned. ;_;"; + exit; +} + +if(empty($_GET)){ + print_index($db); +} else { + switch($_GET["task"]){ + case("login"): + if($_SESSION["login"]){ + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/"); + exit; + } + + if($_SERVER['REQUEST_METHOD'] == 'POST'){ + $var = login($db); + if($var == LOGIN_SUCCESSFULL){ + $_SESSION["login_attempts"] = 6; + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/"); + } elseif ($var == LOGIN_PASSWORD){ + brutforce_protection($db); + print_login($var); + + } else { + print_login($var); + } + } else { + print_login(constant("EMPTY")); + } + break; + + case("logout"): + if(!$_SESSION["login"]){ + print_login(constant("EMPTY")); + exit; + } + + $var = logout(); + if($var == LOGOUT_SUCCESSFULL){ + print_login($var); + } else { + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/httperror.php?e=500"); + } + break; + + case("register"): +// if($_SESSION["login"]){ +// header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/"); +// exit; +// } + + if($_SERVER['REQUEST_METHOD'] == 'POST'){ + $var = register($db); + if($var == REGISTER_SUCCESSFULL){ + print_index($db); + } else { + print_register($var); + } + } else { + print_register(constant("EMPTY")); + } + break; + + case("password_recover"): + if($_SERVER['REQUEST_METHOD'] == 'POST'){ + $var = recover_password($db); //TODO: Print error message + if($var == RECOVER_PROHIBITED || $var = RECOVER_EMAIL){ + brutforce_protection($db); + print_recover_password($var); + } + } else { + print_recover_password(""); + } + break; + + case("liste"): + print_list($db); + break; + + case("quote"): + print_quote($db); + break; + + case("new_member"): + if($_SERVER["REQUEST_METHOD"] == "POST"){ + if(!insert_db($db)){ + echo "Database error. Please send me a <a href'mailto:max-moehring@web.de?subject=database error'>mail</a>"; + exit; + } else { + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste"); + } + } else { + print_insert(); + } + break; + + case("update"): + if($_SERVER["REQUEST_METHOD"] == "POST"){ + $var = update_db($db); + if($var){ + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste"); + } else { + echo "Database error. Please send me a <a href'mailto:max-moehring@web.de?subject=database error'>mail</a>"; + exit; + } + } else { + header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste"); + } + + break; + + case("account"): + $var = ""; + + if($_SERVER["REQUEST_METHOD"] == "POST"){ + if($_GET["change"] == "password"){ + if(validate_password($db, $_SESSION["username"], $_POST["oldpswd"])){ + $var=change_password($db, $_POST["pswd"], $_POST["2ndpswd"]); + } else { + $var = "password"; + } + + } elseif($_GET["change"] == "user"){ + if(validate_password($db, $_SESSION["username"], $_POST["pswd"])){ + $var = change_email($db, $_SESSION["username"], $_POST["email"]); + if($var != CH_MAIL_EXISTS && $var != DATABASE){ + $eb = true; + $var = change_username($db, $_SESSION["username"], $_POST["name"]); + if($eb && $var == CH_USERNAME_EXISTS){ + $var = CH_EMAIL_SUCCESS; + } + } + } else { + $var = "password"; + } + /*if($var != CH_USERNAME_EXISTS && $var != DATABASE){ + $var="success"; + }*/ + } + } + + account($db, $var); + break; + + case("services"): + print_services(); + break; + + default: + echo "404"; + //get_404($_GET["task"], $_GET["task"]); //TODO: Commit EMPTY constant + break; + } +} +include("piwik.php"); +echo "</body>"; +echo "</html>"; |