From 12734da8826299ffd24c0a15f6dbf205892d7221 Mon Sep 17 00:00:00 2001
From: root
Date: Mon, 14 Apr 2014 08:35:13 +0200
Subject: Pushed to v3

---
 www/index.php | 212 +++++++++++++++++++++++++++++++++++++++++++++-------------
 1 file changed, 166 insertions(+), 46 deletions(-)
 mode change 100644 => 100755 www/index.php

(limited to 'www/index.php')

diff --git a/www/index.php b/www/index.php
old mode 100644
new mode 100755
index 88a7fa6..a8dc53f
--- a/www/index.php
+++ b/www/index.php
@@ -1,51 +1,171 @@
-<?php include('auth.php'); 
+<?php
+session_start();
 
-/* Copyright Maximilian Möhring, 2013
-Licensed under the GPL. Read LICENSE for more Information.*/
+if(!isset($_SESSION["login"])){
+	$_SESSION["login"] = false;
+}
 
-include("header.php");
-?>
+require_once("include.php");		// handles all the stuff that needs to be included
 
-<div id='content_container' align='center'>
-	<br>
-	<div class='kleineschrift'>
-		<div class='ueberschrift'><p>JUNGE GEMEINDE ADLERSHOF</p>
-		</div>
-	</div>
-<?php
-if($_SESSION["username"] == "jg-adlershof"){
-$name = "Gast";
-} else {
-$name = $_SESSION["username"];
+if(!isset($_SESSION["login_attempts"])){
+	$_SESSION["login_attempts"] = 6;
 }
-	echo "
-<br>
-<div class='kleineschrift'>
-<div style='width:800px;' class='katze' id='behaelter' align='center'>
-	Hallo $name.<br> Willkommen auf der Webpage für die Junge Gemeinde in Adlershof. Für einen persönlichen Zugang, und um alle Features zu nutzen, registriere dich doch <a 
-style='text-decoration:underline;color:blue;' href='register.php'>hier</a>. Wenn du Probleme bei der Navigation hast, dann schau unter <a style='text-decoration: underline;color:blue;' 
-href='help.php'>Hilfe</a> nach.	<br>
-	Für Anregungen und Kritik bin ich immer zu haben. Schick mir einfach ne Mail oder sags mir nächsten Donnerstag. ;)
-	<br><bR>
-	PS: Du kannst dich nach einer Registrierung auch mit deinem Username einloggen.
-</div>
-</div>
-";
-?>
-
-<br><br>
-<div class='katze' align='center'><pre>
-            ,/|         _.--''^``-...___.._.,; 
-          /, \'.     _-'          ,--,,,--'''  
-         { \    `_-''       '    /}            
-            `;;'             ;   ; ;           
-      ._.--''     ._,,, _..'  .;.'             
-      (,_....----'''     (,..--''              
-</pre></div>
-
-
-</div>
-</div>
-</body>
-</html>
 
+if(check_if_banned($db)){
+	echo "You are banned. ;_;";
+	exit;
+} 
+
+if(empty($_GET)){
+	print_index($db);
+} else {
+	switch($_GET["task"]){
+			case("login"):
+				if($_SESSION["login"]){
+					header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/");
+					exit;
+				}
+
+				if($_SERVER['REQUEST_METHOD'] == 'POST'){
+					$var = login($db);
+					if($var == LOGIN_SUCCESSFULL){
+						$_SESSION["login_attempts"] = 6;
+						header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/");
+					} elseif ($var == LOGIN_PASSWORD){
+						brutforce_protection($db);
+						print_login($var);
+
+					} else {
+						print_login($var);
+					}
+				} else {
+					print_login(constant("EMPTY"));
+				}
+				break;
+
+			case("logout"):
+				if(!$_SESSION["login"]){
+					print_login(constant("EMPTY"));
+					exit;
+				}
+
+				$var = logout();
+				if($var == LOGOUT_SUCCESSFULL){
+					print_login($var);
+				} else {
+					header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/httperror.php?e=500");
+				}
+				break;
+
+			case("register"):
+//				if($_SESSION["login"]){
+//					header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/");
+//					exit;
+//				}
+
+				if($_SERVER['REQUEST_METHOD'] == 'POST'){
+					$var = register($db);
+					if($var == REGISTER_SUCCESSFULL){
+						print_index($db);
+					} else {
+						print_register($var);
+					}
+				} else {
+					print_register(constant("EMPTY"));
+				}
+				break;
+
+			case("password_recover"):
+				if($_SERVER['REQUEST_METHOD'] == 'POST'){
+					$var = recover_password($db);	//TODO: Print error message
+					if($var == RECOVER_PROHIBITED || $var = RECOVER_EMAIL){
+						brutforce_protection($db);
+						print_recover_password($var);
+					}
+				} else {
+					print_recover_password("");
+				}
+				break;
+
+			case("liste"):
+				print_list($db);
+				break;
+
+			case("quote"):
+				print_quote($db);
+				break;
+
+			case("new_member"):
+				if($_SERVER["REQUEST_METHOD"] == "POST"){
+					if(!insert_db($db)){
+						echo "Database error. Please send me a <a href'mailto:max-moehring@web.de?subject=database error'>mail</a>";
+						exit;
+					} else {
+						header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste");
+					}
+				} else {
+					print_insert();
+				}
+				break;
+
+			case("update"):
+				if($_SERVER["REQUEST_METHOD"] == "POST"){
+					$var = update_db($db);
+					if($var){
+						header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste");
+					} else {
+						echo "Database error. Please send me a <a href'mailto:max-moehring@web.de?subject=database error'>mail</a>";
+						exit;
+					}
+				} else {
+					header("Refresh: 0; ".$scheme.$_SERVER["HTTP_HOST"]."/liste");
+				}
+
+				break;
+
+			case("account"):
+				$var = "";
+
+				if($_SERVER["REQUEST_METHOD"] == "POST"){
+					if($_GET["change"] == "password"){
+						if(validate_password($db, $_SESSION["username"], $_POST["oldpswd"])){
+							$var=change_password($db, $_POST["pswd"], $_POST["2ndpswd"]);
+						} else {
+							$var = "password";
+						}
+							
+					} elseif($_GET["change"] == "user"){
+						if(validate_password($db, $_SESSION["username"], $_POST["pswd"])){
+							$var = change_email($db, $_SESSION["username"], $_POST["email"]);
+							if($var != CH_MAIL_EXISTS && $var != DATABASE){
+								$eb = true;
+								$var = change_username($db, $_SESSION["username"], $_POST["name"]);	
+								if($eb && $var == CH_USERNAME_EXISTS){
+									$var = CH_EMAIL_SUCCESS;
+								}
+							}
+						} else {
+							$var = "password";
+						}
+						/*if($var != CH_USERNAME_EXISTS && $var != DATABASE){
+							$var="success";
+						}*/
+					}
+				}
+
+				account($db, $var);
+				break;
+
+			case("services"):
+				print_services();
+				break;
+
+			default:
+				echo "404";
+				//get_404($_GET["task"], $_GET["task"]); 	//TODO: Commit EMPTY constant
+				break;
+		}
+}
+include("piwik.php");
+echo "</body>";
+echo "</html>";
-- 
cgit v1.2.3