From 18da65cb74262623719f291920f03ad6ae4a277c Mon Sep 17 00:00:00 2001
From: root
Date: Tue, 27 Oct 2015 10:58:11 +0100
Subject: Login via E-Mail works now.

---
 action.php               |  17 ++--
 bootstrap.php            |   1 +
 class/user.php           |  23 ++++-
 functions.php            |  62 ++++++------
 index.php                |   7 +-
 mail.php                 |  23 ++++-
 static/header.php        |  18 ++--
 static/mail_template.php | 256 +++++++++++++++++++++++++++++++++++++++++++++--
 8 files changed, 346 insertions(+), 61 deletions(-)

diff --git a/action.php b/action.php
index d291fe1..22b4cc4 100644
--- a/action.php
+++ b/action.php
@@ -27,7 +27,7 @@ switch($_GET["task"]){
 		} else 	if ( $user->login($_POST["name"], $_POST["password"]) ){
 			$goto = preg_replace("/;/", "&", $_GET["goto"]);
 			header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved");
-			header("Location: ".DOMAIN."?page=" . $goto);
+			header("Location: ".DOMAIN."?page=" . $goto . "&_new=1");
 			ob_clean();
 			exit;
 		} else {
@@ -385,17 +385,20 @@ JG Adlershof";
 		}
 		break;
 	case("genHash"):
+		/*
 		if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){
 			header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed");
 			ob_clean();
 			echo "Method not allowed";
 			exit;
 		}
+		 */
 		if ( ! $user->setHash($_REQUEST["name"], $c) ) {
-			print_login("password");
+			print_login("hash");
 		} else {
-			print_verify_by_email();
+			print_verify_by_email(htmlentities($_REQUEST["name"]));
 		}
+		break;
 
 
 	case("verify"):
@@ -406,16 +409,16 @@ JG Adlershof";
 			exit;
 		}
 		//lredirect( "login");
-		if ( ! isset($_REQUEST["name"]) || $_REQUEST["name"] == "" || ! isset($_REQUEST["hash"]) || $_REQUEST["hash"] == "" ){
+		if ( ! isset($_REQUEST["email"]) || $_REQUEST["email"] == "" || ! isset($_REQUEST["hash"]) || $_REQUEST["hash"] == "" ){
 			print_login("missing");
-		} else 	if ( $user->loginByEmail($_REQUEST["name"], $_REQUEST["hash"], $c) ){
+		} else 	if ( $user->loginByEmail($_REQUEST["email"], $_REQUEST["hash"], $c) ){
 			$goto = preg_replace("/;/", "&", $_GET["goto"]);
 			header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved");
-			header("Location: ".DOMAIN."?page=" . $goto);
+			header("Location: ".DOMAIN."?page=" . $goto . "&_new=1");
 			ob_clean();
 			exit;
 		} else {
-			print_login("password");
+			print_login("hash");
 		}
 		break;
 
diff --git a/bootstrap.php b/bootstrap.php
index 12c5caf..c41755a 100644
--- a/bootstrap.php
+++ b/bootstrap.php
@@ -62,6 +62,7 @@ if ( $_SERVER['HTTP_HOST'] != HOST){
 }
 
 require(ABSPATH . 'functions.php');
+require(ABSPATH . 'mail.php');
 require(ABSPATH . INCLASS . 'cache.php');
 require(ABSPATH . INCLASS . 'mysql.php');
 require(ABSPATH . INCLASS . 'user.php');
diff --git a/class/user.php b/class/user.php
index 6e4d594..9cecf43 100644
--- a/class/user.php
+++ b/class/user.php
@@ -106,6 +106,8 @@ class jg {
 		$_SESSION["userid"] = $this->getUserId();
 		$_SESSION["username"] = $this->username;
 
+		$_SESSION["new_login"] = 1;
+
 		return true;
 	}
 
@@ -149,9 +151,20 @@ class jg {
 		return true;
 	}
 
-	public function loginByEmail($name, $hash, $redis) {
-		if( $redis->getValue(strtolower($name)) == $hash ) {
-			return $this->login($name, null, true);
+	public function loginByEmail($email, $hash, $redis) {
+		if( $redis->getValue(strtolower($email)) == $hash ) {
+			global $db;
+			$sql = $db->prepare("SELECT * FROM " . DBPREFIX . "member WHERE email=%s;", $email);
+			$db_db = $db->doQuery($sql);
+			if ( is_bool($db_db) )
+				return false;
+			else
+				$this->query = $db_db->fetch_array(MYSQLI_ASSOC);
+
+			$this->username = $this->getUser();
+
+			$redis->delete( strtolower($email) );
+			return $this->login($this->username, null, true);
 		} else {
 			return false;
 		}
@@ -160,14 +173,14 @@ class jg {
 	public function setHash($email, $redis) {
 		global $db;
 
-		$sql = $db->prepare("SELECT * FROM " . DBPREFIX . "user WHERE email=%s;", $email);
+		$sql = $db->prepare("SELECT * FROM " . DBPREFIX . "member WHERE email=%s;", $email);
 		$db_db = $db->doQuery($sql);
 		if ( is_bool($db_db) )
 			return false;
 		else
 			$this->query = $db_db->fetch_array(MYSQLI_ASSOC);
 
-		if ( $this->getEmail == $email) {
+		if ( strtolower($this->getEmail()) == strtolower($email)) {
 			// See here: https://stackoverflow.com/questions/19017694/one-line-php-random-string-generator?answertab=active#tab-top
 			$hash = chr( mt_rand( 97 ,122 ) ) .substr( md5( time( ) ) ,1 );
 			$redis->setKey(strtolower($email), $hash, 86400);
diff --git a/functions.php b/functions.php
index 09118a4..ff82c56 100644
--- a/functions.php
+++ b/functions.php
@@ -63,14 +63,19 @@ if( isset($_GET["goto"]) && $_GET["goto"] != "" ) {
 	} else if ( $option == "logout" ){
 ?>
 <p style="color:red">Logout erfolgreich!</p>
+<!--div class="alert alert-danger" role="alert"><strong>Logout erfolgreich!</strong></div-->
 <?php
 	} else if ( $option == "password" ) {
 ?>
 <p style="color:red">Nutzer/Passwort falsch</p>
 <?php
-	} else if ( $option == "missing") {
+	} else if ( $option == "missing" ) {
 ?>
 <p style="color:red">Bitte fülle alle Felder aus!</p>
+<?php
+	} else if ( $option == "hash" ) {
+?>
+<p style="color:red">Deine E-Mail war falsch. Du scheinst kein Mitglied der JG zu sein.</p>
 <?php
 	}
 ?>
@@ -111,6 +116,8 @@ if( isset($_GET["goto"]) && $_GET["goto"] != "" ) {
 </div>
  */ ?>
 
+<p>Bitte gib deine E-Mail Adresse ein. Es wird dir daraufhin eine Mail mit einem Link zugestellt, der dich einloggt.</p>
+
 <div class="form-group">
   <label class="col-md-4 control-label" for="name">E-Mail</label>  
   <div class="col-md-4">
@@ -1124,7 +1131,7 @@ function rrmdir($dir) {
 	} 
 }
 
-function print_verify_by_email($option = false){
+function print_verify_by_email($email, $option = false){
 if( isset($_GET["goto"]) && $_GET["goto"] != "" ) {
 	$goto = htmlentities($_GET["goto"]);
 
@@ -1137,47 +1144,42 @@ if( isset($_GET["goto"]) && $_GET["goto"] != "" ) {
 		redirect("index");
 	}
 ?>
-<!--form class="form-horizontal" method="POST" action="<?php echo DOMAIN; ?>?page=action&task=login&goto=<?php echo $goto; ?>"-->
-<form class="form-horizontal" method="GET" action="<?php echo DOMAIN; ?>?page=action&task=genHash&goto=<?php echo $goto; ?>">
-<fieldset>
+<h1>Junge Gemeinde Adlershof</h1><br> 
+	</div> 
+<div class="row">
+<!--p>Es wurde eine E-Mail an <strong><?php echo $email; ?></strong> versandt. <br>
+Bitte folge dem enthaltenen Link oder gebe den Authentifizierungscode in das unten stehende Feld ein:</p-->
+<p>Es wurde dir eine E-Mail an <strong><?php echo $email; ?></strong> gesendet.
+Bitte folge dem enthaltenen Link oder gebe den Code per Hand ein.</p>
+</div>
+<br>
 
-<!-- Form Name -->
-<legend><h1>Junge Gemeinde Adlershof</h1>
-<?php
-	if ( ! $option ){
-?>
-<p>Login required</p>
-<?php
-	} else if ( $option == "logout" ){
-?>
-<p style="color:red">Logout erfolgreich!</p>
-<?php
-	} else if ( $option == "password" ) {
-?>
-<p style="color:red">Nutzer/Passwort falsch</p>
-<?php
-	} else if ( $option == "missing") {
-?>
-<p style="color:red">Bitte fülle alle Felder aus!</p>
-<?php
-	}
-?>
-</legend>
+<form class="form-horizontal" method="GET" action="<?php echo DOMAIN; ?>?page=action&task=verify&email=<?php echo $email; ?>&goto=<?php echo $goto; ?>">
+<fieldset>
 
+<!-- Text input-->
 <div class="form-group">
-  <label class="col-md-4 control-label" for="name">Hash</label>  
+  <label class="col-md-4 control-label" for="hash">Authentifizierung</label>  
   <div class="col-md-4">
-  <input id="name" name="name" placeholder="Deine E-Mail Adresse" class="form-control input-md" required="" type="text">
+  <input id="hash" name="hash" placeholder="Der Authentifizierungscode wurde dir per E-Mail geschickt." class="form-control input-md" required="" type="text">
   </div>
 </div>
 
+<!-- Button -->
 <div class="form-group">
   <label class="col-md-4 control-label" for="submit"></label>
   <div class="col-md-4">
-    <button id="submit" name="submit" class="btn btn-info"><span class="glyphicon glyphicon-log-in"></span> Lass mich rein</button>
+    <button id="submit" name="submit" class="btn btn-info"><span class="glyphicon glyphicon-log-in"></span> Lass mich rein!</button>
   </div>
 </div>
 
+<input name="page" value="action" type="hidden">
+<input name="task" value="verify" type="hidden">
+<input name="email" value="<?php echo $email; ?>" type="hidden">
+<input name="goto" value="<?php echo $goto; ?>" type="hidden">
+
+</fieldset>
+</form>
 
 
 <?php
diff --git a/index.php b/index.php
index b0d80fd..7f1515a 100644
--- a/index.php
+++ b/index.php
@@ -14,7 +14,7 @@ if ( isset($_SESSION["loggedin"]) && $_SESSION["loggedin"]){
 	$a = "0_";
 }
 
-if ( ! $c->bypassCache && $_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["REDIRECT_STATUS"] == 200 ) {
+if ( ! $c->bypassCache && $_SERVER["REQUEST_METHOD"] == "GET" && $_SERVER["REDIRECT_STATUS"] == 200 && $_SESSION["new_login"] != 1) {
 	$token = $c->getToken($_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"]. $_SERVER["QUERY_STRING"], $a);
 	if ( $c->existsPageCache($token)){
 		header("X-Cache: Hit");
@@ -66,7 +66,12 @@ require_once 'static/header.php';
 <div class="container">
 	<div class="text-center">
 		<div class="row">
+		<?php if ($user->login && $_SESSION['new_login'] == 1) {
+?>
+			<div class="alert alert-success" role="alert"><strong>Du bist erfolgreich eingeloggt!</strong></div>
 <?php
+			$_SESSION['new_login'] = 0;
+		}
 		switch($_GET["page"]){
 			case("index"):
 				print_index();
diff --git a/mail.php b/mail.php
index ad0eb81..e8294bd 100644
--- a/mail.php
+++ b/mail.php
@@ -9,13 +9,14 @@ function getInstance() {
 	//// 0 = off (for production use)
 	//// 1 = client messages
 	//// 2 = client and server messages
-	$mail->SMTPDebug = 2;
+	$mail->SMTPDebug = 0;
 	////Ask for HTML-friendly debug output
 	$mail->Debugoutput = 'html';
 	////Set the hostname of the mail server
 	$mail->Host = "mx.iamfabulous.de";
+	$mail->SMTPSecure = 'tls';
 	////Set the SMTP port number - likely to be 25, 465 or 587
-	$mail->Port = 587;
+	$mail->Port = 25;
 	////Whether to use SMTP authentication
 	$mail->SMTPAuth = false;
 	////Set who the message is to be sent from
@@ -30,7 +31,21 @@ function sendMailWithHash($email, $name, $hash) {
 	$mail = getInstance();
 	$mail->addAddress($email);
 	$mail->Subject = 'JG Login';
-	$mail->msgHTML(file_get_contents('static/mail_template.php'));
 
-	return $mail->sent();
+	ob_start();
+	include('static/mail_template.php');
+	$content = ob_get_clean();
+
+	$mail->msgHTML( $content );
+/*
+'Hallo ' . htmlentities($name) . ', <br>
+<br>
+um dich auf der Website der JG einzuloggen bitte folge <a href="https://jungegemeinde.iamfabulous.de/?page=action&task=verify&email=' . htmlentities($email) . '&hash=' . $hash . '&goto='.htmlentities($_GET['goto']) . '" title="Einloggen">diesen Link</a>.
+<br>
+Viele Gr' . htmlentities(üß) . 'e, <br>
+<br>
+JG Adlershof ');
+ */
+
+	return $mail->send();
 }
diff --git a/static/header.php b/static/header.php
index a3a712f..868ce8c 100644
--- a/static/header.php
+++ b/static/header.php
@@ -35,7 +35,7 @@
 						<a href="#" title="Much fancy, many amazing, wow" onclick="loadFancy();"><span class="glyphicon glyphicon-flag"></span> Fancy Mode</a>
 					</li>
 					<li class="dropdown">	
-						<?php
+						<?php /*
 						if ( $user->isLoggedIn() ) {
 							$_name = $user->username;
 							$_title = "Ändere dein Profil";
@@ -43,26 +43,28 @@
 							$_name = "Mitglied";
 							$_title = "Einloggen, registrieren, Profil";
 						}
+						*/
 						?>
-                                                <a href="<?php echo DOMAIN; ?>?page=account" title="<?php echo $_title; ?>"><span class="glyphicon glyphicon-user"></span> <?php echo $_name; ?> <span class="caret"></span></a>
-						<ul class="dropdown-menu" role="menu">
+                                                <!--a href="<?php echo DOMAIN; ?>?page=account" title="<?php echo $_title; ?>"><span class="glyphicon glyphicon-user"></span> <?php echo $_name; ?> <span class="caret"></span></a-->
+						<!--ul class="dropdown-menu" role="menu"-->
 							<li>
 						<?php
 						if ( $user->isLoggedIn() ) {
 						?>
-                                                	<a href="<?php echo DOMAIN; ?>?page=account" title="Ändere dein Passwort"><span class="glyphicon glyphicon-user"></span> Profil</a>
+							<a href="<?php echo DOMAIN; ?>?page=logout" title="Beende die Session"><span class="glyphicon glyphicon-off"></span> Logout</a>
+                                                	<!--a href="<?php echo DOMAIN; ?>?page=account" title="Ändere dein Passwort"><span class="glyphicon glyphicon-user"></span> Profil</a>
 							</li>
 							<li class="divider"></li>
 							<li>
-							<a href="<?php echo DOMAIN; ?>?page=logout" title="Beende die Session"><span class="glyphicon glyphicon-off"></span> Logout</a>
+							<a href="<?php echo DOMAIN; ?>?page=logout" title="Beende die Session"><span class="glyphicon glyphicon-off"></span> Logout</a-->
 						<?php
 						} else  {
 						?>
-                                               		<a href="<?php echo DOMAIN; ?>?page=register&goto=index" title="Registriere dich für unbeschränkten Zugang"><span class="glyphicon glyphicon-share-alt"></span> Register</a>
+                                               		<a href="<?php echo DOMAIN; ?>?page=login&goto=index" title="Login"><span class="glyphicon glyphicon-share-alt"></span> Login</a>
 							</li>
-							<li class="divider"></li>
+							<!--li class="divider"></li>
 							<li>
-							<a href="<?php echo DOMAIN; ?>?page=login&goto=index" title="Login"><span class="glyphicon glyphicon-log-in"></span> Login</a>
+							<a href="<?php echo DOMAIN; ?>?page=login&goto=index" title="Login"><span class="glyphicon glyphicon-log-in"></span> Login</a-->
 						<?php
 						}
 						?>
diff --git a/static/mail_template.php b/static/mail_template.php
index 5907ce7..87b216b 100644
--- a/static/mail_template.php
+++ b/static/mail_template.php
@@ -1,6 +1,250 @@
-Hallo <?php echo $name; ?>, <br>
-<br>
-um dich auf der Website der JG einzuloggen bitte folge <a href="https://jungegemeinde.iamfabulous.de/?page=verify&name=<?php echo $email; ?>&hash=<?php echo $hash?>" title="Einloggen">diesen Link</a>.
-<br>
-Viele Grüße, <br>
-JG Adlershof
+<!doctype html>
+<html>
+<head>
+<meta name="viewport" content="width=device-width">
+<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
+<title>Junge Gemeinde Adlershof | Login</title>
+<style>
+/* -------------------------------------
+    GLOBAL
+------------------------------------- */
+* {
+  font-family: "Helvetica Neue", "Helvetica", Helvetica, Arial, sans-serif;
+  font-size: 100%;
+  line-height: 1.6em;
+  margin: 0;
+  padding: 0;
+}
+
+img {
+  max-width: 600px;
+  width: 100%;
+}
+
+body {
+  -webkit-font-smoothing: antialiased;
+  height: 100%;
+  -webkit-text-size-adjust: none;
+  width: 100% !important;
+}
+
+
+/* -------------------------------------
+    ELEMENTS
+------------------------------------- */
+a {
+  color: #3083D6;
+}
+
+.btn-primary {
+  Margin-bottom: 10px;
+  width: auto !important;
+}
+
+.btn-primary td {
+  background-color: #3083D6; 
+  border-radius: 25px;
+  font-family: "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif; 
+  font-size: 14px; 
+  text-align: center;
+  vertical-align: top; 
+}
+
+.btn-primary td a {
+  background-color: #3083D6;
+  border: solid 1px #3083D6;
+  border-radius: 25px;
+  border-width: 10px 20px;
+  display: inline-block;
+  color: #ffffff;
+  cursor: pointer;
+  font-weight: bold;
+  line-height: 2;
+  text-decoration: none;
+}
+
+.last {
+  margin-bottom: 0;
+}
+
+.first {
+  margin-top: 0;
+}
+
+.padding {
+  padding: 10px 0;
+}
+
+
+/* -------------------------------------
+    BODY
+------------------------------------- */
+table.body-wrap {
+  padding: 20px;
+  width: 100%;
+}
+
+table.body-wrap .container {
+  border: 1px solid #f0f0f0;
+}
+
+
+/* -------------------------------------
+    FOOTER
+------------------------------------- */
+table.footer-wrap {
+  clear: both !important;
+  width: 100%;  
+}
+
+.footer-wrap .container p {
+  color: #666666;
+  font-size: 12px;
+  
+}
+
+table.footer-wrap a {
+  color: #999999;
+}
+
+
+/* -------------------------------------
+    TYPOGRAPHY
+------------------------------------- */
+h1, 
+h2, 
+h3 {
+  color: #111111;
+  font-family: "Helvetica Neue", Helvetica, Arial, "Lucida Grande", sans-serif;
+  font-weight: 200;
+  line-height: 1.2em;
+  margin: 40px 0 10px;
+}
+
+h1 {
+  font-size: 36px;
+}
+h2 {
+  font-size: 28px;
+}
+h3 {
+  font-size: 22px;
+}
+
+p, 
+ul, 
+ol {
+  font-size: 14px;
+  font-weight: normal;
+  margin-bottom: 10px;
+}
+
+ul li, 
+ol li {
+  margin-left: 5px;
+  list-style-position: inside;
+}
+
+/* ---------------------------------------------------
+    RESPONSIVENESS
+------------------------------------------------------ */
+
+/* Set a max-width, and make it display as block so it will automatically stretch to that width, but will also shrink down on a phone or something */
+.container {
+  clear: both !important;
+  display: block !important;
+  Margin: 0 auto !important;
+  max-width: 600px !important;
+}
+
+/* Set the padding on the td rather than the div for Outlook compatibility */
+.body-wrap .container {
+  padding: 20px;
+}
+
+/* This should also be a block element, so that it will fill 100% of the .container */
+.content {
+  display: block;
+  margin: 0 auto;
+  max-width: 600px;
+}
+
+/* Let's make sure tables in the content area are 100% wide */
+.content table {
+  width: 100%;
+}
+
+</style>
+</head>
+
+<body bgcolor="#f6f6f6">
+
+<!-- body -->
+<table class="body-wrap" bgcolor="#f6f6f6">
+  <tr>
+    <td></td>
+    <td class="container" bgcolor="#FFFFFF">
+
+      <!-- content -->
+      <div class="content">
+      <table>
+        <tr>
+          <td>
+ 	    <h1>JG Adlershof</h1>
+	    <p>Hallo <strong><?php echo htmlentities($name); ?></strong>,</p>
+            <p>um dich auf der Website der Jungen Gemeinde einzuloggen, folge bitte diesem Link:</p>
+            <!-- button -->
+            <table class="btn-primary" cellpadding="0" cellspacing="0" border="0">
+              <tr>
+                <td>
+			<a href="https://jungegemeinde.iamfabulous.de/?page=action&task=verify&email=<?php echo htmlentities($email); ?>&hash=<?php echo $hash; ?>&goto=<?php echo htmlentities($_GET['goto']); ?>" title="Einloggen">Hier klicken um zur Website der Jungen Gemeinde zu kommen</a>
+                </td>
+              </tr>
+            </table>
+            <!-- /button -->
+	    <p>Der Link verf&auml;llt innerhalb 24h.</p>
+	    <p>Sollte der Link nicht funktionieren, dein Authentifizierungscode lautet <strong><?php echo $hash; ?></strong>.</p>
+            <!--p>Wenn du diese E-Mail nicht erwartet hast, bitte ignoriere sie.</p-->
+	    <p>Viele Gr<?php echo htmlentities("üß"); ?>, <br>
+	    JG Adlershof</p>
+            <p><a href="https://jungegemeinde.iamfabulous.de/" title="Website der JG">Website der JG</a></p>
+            <p><a href="https://lists.iamfabulous.de/mailman/private/jungegemeinde" title="Archiv der Mailing Liste">Archiv der Mailing Liste</a></p>
+          </td>
+        </tr>
+      </table>
+      </div>
+      <!-- /content -->
+      
+    </td>
+    <td></td>
+  </tr>
+</table>
+<!-- /body -->
+
+<!-- footer -->
+<table class="footer-wrap">
+  <tr>
+    <td></td>
+    <td class="container">
+      
+      <!-- content -->
+      <div class="content">
+        <table>
+          <tr>
+            <td align="center">
+              <p><a href="https://www.iamfabulous.de/">Maximilian M&ouml;hring</a>
+              </p>
+            </td>
+          </tr>
+        </table>
+      </div>
+      <!-- /content -->
+      
+    </td>
+    <td></td>
+  </tr>
+</table>
+<!-- /footer -->
+
+</body>
+</html>
-- 
cgit v1.2.3