aboutsummaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
Diffstat (limited to 'www')
-rw-r--r--www/failure.php75
-rwxr-xr-xwww/functions/func_login.php19
-rwxr-xr-xwww/functions/func_user.php6
-rwxr-xr-xwww/index.php11
-rw-r--r--www/insert.php2
-rw-r--r--www/liste.php8
-rw-r--r--www/print_index.php5
-rw-r--r--www/update.php2
8 files changed, 107 insertions, 21 deletions
diff --git a/www/failure.php b/www/failure.php
new file mode 100644
index 0000000..976e414
--- /dev/null
+++ b/www/failure.php
@@ -0,0 +1,75 @@
+<?php
+session_start();
+$db = new SQLite3("../database/sqlite.db");
+include("include.php");
+if(!empty($_GET)){
+ switch($_GET["e"]){
+ case("401"):
+ $message = "Access forbidden";
+ break;
+
+ case("403"):
+ $message = "Access forbidden";
+ break;
+
+ case("404"):
+ $message = "404 - File Not Found";
+ break;
+
+ case("500"):
+ $message = "Server fault.";
+ break;
+
+ case("502"):
+ $message = "Bad Gateway";
+ break;
+
+ case("504"):
+ $message = "Someone other is too slow. I can't wait forever.";
+ break;
+
+ default:
+ $message = "200 / Everything is okay.";
+ break;
+ }
+} else {
+ header("Refresh: 0; https://".$_SERVER["HTTP_HOST"]."/");
+ exit;
+ $message = "200 / Everything is okay.";
+}
+
+?><!doctype html>
+<html>
+<head>
+ <title>Failure :: Junge Gemeinde Adlershof</title>
+ <meta http-equiv='Content-type' content='text/html; charset=utf-8' />
+ <link rel='stylesheet' type='text/css' href='/static/hyperstyle.css' />
+ <link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'>
+</head>
+<?php include("static/head.php"); ?>
+
+<br><br>
+<div id='content_container' align='center'>
+ <div class='kleineschrift'><div class='ueberschrift'><b><p style='text-decoration:underline;'><?php echo $message; ?></p></b></div></div>
+
+<br><br>
+ <p style='font-size:14px'>Upps, it seems to be something went wrong, sorry.</p>
+ <p style='font-size:14px'>Have a random quote to bridge the time. Try to reload the site or check for typos in the URL.</p>
+<?php
+ $rows = $db->query("SELECT count(*) as count FROM sprueche;");
+ $row = $rows->fetchArray();
+ $numRows = $row["count"];
+
+ $zufall = mt_rand(1,$numRows);
+ $ergebnis = $db->query("SELECT * FROM sprueche where id=$zufall;");
+?>
+ <br>
+ <div id='container' align='center'>
+ <br><br><br>
+ <b>Zitat Nummer #<?php echo $zufall; ?></b><br><br><div id='bgcolor'>
+<?php
+ while($row=$ergebnis->fetchArray()){
+ echo $row["spruch"];
+ }
+?></div>
+</div>
diff --git a/www/functions/func_login.php b/www/functions/func_login.php
index 63c7e61..ccd99db 100755
--- a/www/functions/func_login.php
+++ b/www/functions/func_login.php
@@ -28,7 +28,7 @@ function login($db){
}
}
- if (!password_verify($password, $real_password)) {
+ if (password_verify($password, $real_password)) {
$log_in = true;
}
}
@@ -38,6 +38,7 @@ function login($db){
return LOGIN_PASSWORD;
}
+
$id = user_id($db, $username);
$banned_db = $db->query("SELECT 1 FROM banned_user WHERE user=".$id);
$banned_ar = $banned_db->fetchArray(SQLITE3_NUM);
@@ -93,7 +94,7 @@ function brutforce_protection($db){
} else {
if($db->exec("
BEGIN TRANSACTION;
- INSERT INTO banned_user (id, login_attemps, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", ".$db->escapeString($remote_ip).", '".SQLite3::escapeString($session_id)."', '".$time."');
+ INSERT INTO banned_user (id, login_attempts, ip, session_id, time) VALUES (NULL, ".$_SESSION["login_attempts"].", '".$db->escapeString($remote_ip)."', '".SQLite3::escapeString($session_id)."', '".$time."');
COMMIT;
")){
return true;
@@ -111,14 +112,18 @@ function check_if_banned($db){
$check_ar = $check_db->fetchArray(SQLITE3_NUM);
$log_at = $check_ar[1];
- $_SESSION["login_attempts"] = $log_at;
+ if($log_at){
+ $_SESSION["login_attempts"] = $log_at;
+ }
$accepted_time = $_SERVER["REQUEST_TIME"] - 21600; // == 6h
$db->exec("DELETE FROM banned_user WHERE time<'".$accepted_time."'");
- if($log_at == 0 && ($check_ar[0] < $accepted_time)){
- return false; // not longer banned
- } else {
- return true; // still banned
+ if($log_at <= 0){
+ if($check_ar[0] >= $accepted_time){
+ return true; // still banned
+ }
}
+
+ return false; // not longer banned
}
diff --git a/www/functions/func_user.php b/www/functions/func_user.php
index d9e202d..8efd104 100755
--- a/www/functions/func_user.php
+++ b/www/functions/func_user.php
@@ -290,7 +290,11 @@ function user_id($db, $user){
}
$owner = $owner_ar[0];
- return $owner;
+ if($owner != ""){
+ return $owner;
+ } else {
+ return false;
+ }
}
function change_username($db, $oldname, $newname){
diff --git a/www/index.php b/www/index.php
index a8dc53f..b6dce19 100755
--- a/www/index.php
+++ b/www/index.php
@@ -5,12 +5,12 @@ if(!isset($_SESSION["login"])){
$_SESSION["login"] = false;
}
-require_once("include.php"); // handles all the stuff that needs to be included
-
if(!isset($_SESSION["login_attempts"])){
$_SESSION["login_attempts"] = 6;
}
+require_once("include.php"); // handles all the stuff that needs to be included
+
if(check_if_banned($db)){
echo "You are banned. ;_;";
exit;
@@ -101,7 +101,7 @@ if(empty($_GET)){
echo "Database error. Please send me a <a href'mailto:max-moehring@web.de?subject=database error'>mail</a>";
exit;
} else {
- header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste");
+ print_list($db);
}
} else {
print_insert();
@@ -112,13 +112,14 @@ if(empty($_GET)){
if($_SERVER["REQUEST_METHOD"] == "POST"){
$var = update_db($db);
if($var){
- header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste");
+ print_list($db);
} else {
+ echo $var."<br>";
echo "Database error. Please send me a <a href'mailto:max-moehring@web.de?subject=database error'>mail</a>";
exit;
}
} else {
- header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste");
+ print_list($db);
}
break;
diff --git a/www/insert.php b/www/insert.php
index c0b30e5..4a17042 100644
--- a/www/insert.php
+++ b/www/insert.php
@@ -35,7 +35,7 @@ echo "
</div>
</div>
<br><a2>Trage einfach die Daten von unserem neuen Mitglied ein: </a2><br>
- <form method='post' action='/new_member' >
+ <form method='post' action='/liste/new_member' >
<table>
<tr>
<td align='right'><a2>Name: <input type='text' name='name' ></a2> </td>
diff --git a/www/liste.php b/www/liste.php
index 2ff3490..1df43ce 100644
--- a/www/liste.php
+++ b/www/liste.php
@@ -67,7 +67,7 @@ function hide_elements()
}
-echo "
+ echo "
</tbody>
</table>
@@ -78,7 +78,7 @@ Wenn du deine Adresse <b>ändern</b> möchtest, dann drücke einfach auf deinen
</div>
<br><br>
-";
+ ";
} else {
$id = $_GET["id"];
@@ -86,10 +86,10 @@ Wenn du deine Adresse <b>ändern</b> möchtest, dann drücke einfach auf deinen
$ergebnis = $db->query("SELECT * FROM jg where id=$safe_id;");
while($row=$ergebnis->fetchArray()){
echo "<br><a2>Trage einfach die neuen Daten von $row[name] ein: </a2><br>
- <form method='post' action='/update' ><table><tr>";
+ <form method='post' action='/liste/updated' ><table><tr>";
echo "<td align='right'><a2>Name: <input type='text' name='name' value='$row[name]'></a2> </td>
<td align='right'><a2>Adresse: <input type='text' name='adresse' value='$row[adresse]'> </a2></td>
- <td align='right'><a2>Telefon: <input type='text' name='telefonnummer' value='$row[telefonnummer]'></a2> </td></tr>
+ <td align='right'><a2>Telefon: <input type='text' name='telefonnummer' value='$row[telefonnummer]' ></a2> </td></tr>
<tr align='right'><td><a2>Handy: <input type='text' name='handynummer' value='$row[handynummer]'></a2> </td>
<td align='right'><a2>E-Mail: <input type='text' name='email' value='$row[email]'></a2> </td>
<td align='right'><a2>Geburtstag: <input type='text' name='geburtstag' value='$row[geburtstag]'></a2> </td></tr>
diff --git a/www/print_index.php b/www/print_index.php
index 9a8e96d..3f848b6 100644
--- a/www/print_index.php
+++ b/www/print_index.php
@@ -24,7 +24,7 @@ function print_index(){
<div style='width:800px;' class='katze' id='behaelter' align='center'>
Hallo ".$name.".<br> Willkommen auf der Webpage für die Junge Gemeinde in Adlershof. Für einen persönlichen Zugang, und um alle Features zu nutzen, registriere dich doch <a
style='text-decoration:underline;color:blue;' href='/register'>hier</a>. Wenn du Probleme bei der Navigation hast, dann schau unter <a style='text-decoration: underline;color:blue;'
-href='/help'>Hilfe</a> nach. <br>
+href='/help'>Hilfe</a>* nach. <br>
Für Anregungen und Kritik bin ich immer zu haben. Schick mir einfach ne Mail oder sags mir nächsten Donnerstag. ;)
<br><bR>
PS: Du kannst dich nach einer Registrierung auch mit deinem Username einloggen.
@@ -41,7 +41,8 @@ href='/help'>Hilfe</a> nach. <br>
(,_....----''' (,..--''
</pre></div>
-
+<br>
+<p style='font-size:11px'>*Hilfe noch nich implementiert. Dokumentation schreiben ist nicht so mein Ding. :)</p>
</div>
</div>
";
diff --git a/www/update.php b/www/update.php
index 04df988..67a92a1 100644
--- a/www/update.php
+++ b/www/update.php
@@ -10,7 +10,7 @@ function update_db($db){
$email = SQLite3::escapeString($_POST["email"]);
$bday = SQLite3::escapeString($_POST["geburtstag"]);
- if(!preg_match("/^[0-9]+$/", $id) || !preg_match("/[0-9]+$/", $telefonnummer) || !preg_match("/^.+@.+$/", $email)){
+ if((!empty($id) && !preg_match("/^[0-9]+$/", $id)) || (!empty($telefonnummer) && !preg_match("/^[0-9]+$/", $telefonnummer) )|| (!empty($email) && !preg_match("/^.+@.+$/", $email))){
return false;
}