bypassCache = true; switch($_GET["task"]){ case("login"): if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["password"]) || $_POST["password"] == "" ){ print_login("missing"); } else if ( $user->login($_POST["name"], $_POST["password"]) ){ $goto = preg_replace("/;/", "&", $_GET["goto"]); header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); header("Location: ".DOMAIN."?page=" . $goto); ob_clean(); exit; } else { print_login("password"); } break; case("register"): if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["password"]) || $_POST["password"] == "" || ! isset($_POST["confirm"]) || $_POST["confirm"] == "" || ! isset($_POST["key"])){ print_login("missing"); } else if ( $_POST["key"] != INVITEKEY ){ print_login("key"); } else if ( $_POST["password"] != $_POST["confirm"]){ print_login("password"); } else { if ( ! isset($_POST["email"]) || $_POST["email"] == "" ){ $email = "null"; $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX . "user WHERE name = %s LIMIT 1;", $_POST["name"]); } else { $email = $_POST["email"]; $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX . "user WHERE name = %s OR email = %s LIMIT 1", $_POST["name"], $_POST["email"]); } $check_db = $db->doQuery($sql); $check_ar = $check_db->fetch_array(MYSQLI_NUM); if ( $check_ar[0] == 1) { print_login("double"); } else { if ( ! $user->register($_POST["name"], $_POST["password"], $email)) print_login("database"); else { header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); header("Location: ".DOMAIN."?page=" . $_GET["goto"]); ob_clean(); exit; } } } break; case("update"): lredirect("liste"); if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){ print_list("update"); } else { $sql = $db->prepare("UPDATE " . DBPREFIX . "member SET name = %s, adresse = %s, telefonnummer = %s, handynummer = %s, email = %s, geburtstag = %s WHERE member_id = %d;", $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"], $_GET["id"] ); if ( ! $sql ){ ob_clean(); echo "SQL preparation failed."; exit; } if ( $result = $db->doQuery($sql) ){ header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); header("Location: ".DOMAIN."?page=" . $_GET["goto"]); $c->flush(); } } break; case("add"): lredirect("liste"); if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } $sql = $db->prepare("INSERT INTO " . DBPREFIX . "member (member_id, name, adresse, telefonnummer, handynummer, email, geburtstag) VALUES (NULL, %s, %s, %s, %s, %s, %s);", $_POST["name"], $_POST["adresse"], $_POST["telefonnummer"], $_POST["handynummer"], $_POST["email"], $_POST["geburtstag"] ); if ( ! $sql ){ echo "SQL preparation failed."; exit; } if ( $result = $db->doQuery($sql) ){ header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); header("Location: ".DOMAIN."?page=" . $_GET["goto"]); $c->flush(); } break; case("delete"): lredirect("liste"); if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } if ( ! isset($_GET["id"]) || $_GET["id"] == 0 || $_GET["id"] == "" ){ print_list("update"); } else { $sql = $db->prepare("DELETE FROM " . DBPREFIX . "member WHERE member_id = %d;", $_GET["id"]); if ( ! $sql ){ ob_clean(); echo "SQL preparation failed."; exit; } if ( $result = $db->doQuery($sql) ){ header($_SERVER["SERVER_PROTOCOL"] . " 302 Moved"); header("Location: ".DOMAIN."?page=liste"); $c->flush(); exit; } else { print_update('update'); exit; } } break; case("account"): lredirect("liste"); if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["confirm"]) || $_POST["confirm"] == ""){ print_account("info"); } else if ( ! isset($_POST["email"]) ){ $_POST["email"] = ""; } else if ( ! password_verify($_POST["confirm"] . PEPPER , $user->getPassword()) ) { print_account("password"); } else { $sql = false; $check_ar[0] = 0; if ( $_POST["name"] != $_SESSION["username"]){ if ( isset($_POST["email"]) && $_POST["email"] != "" && $_POST["email"] != $user->getEmail() ) $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX ."user WHERE name = %s OR email = %s ;", $_POST["name"], $_POST["email"]); else $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX ."user WHERE name = %s ;", $_POST["name"]); } else if ( isset($_POST["email"]) && $_POST["email"] != "" && $_POST["email"] != $user->getEmail() ){ $sql = $db->prepare("SELECT 1 FROM " . DBPREFIX ."user WHERE email = %s ;", $_POST["email"]); } else if ( $_POST["password"] == "" ){ redirect("account"); } if ( $sql ){ $check_db = $db->doQuery($sql); $check_ar = $check_db->fetch_array(MYSQLI_NUM); } if ( $check_ar[0] == 1){ print_account("double"); } else { if ( $_POST["password"] != $_POST["confirm"] && $_POST["password"] != "" ){ $sql = $db->prepare("UPDATE " . DBPREFIX . "user SET name = %s, password = %s, email = %s WHERE id = %d;", $_POST["name"] , password_hash($_POST["password"]. PEPPER, PASSWORD_DEFAULT), $_POST["email"], $_SESSION["userid"]); } else $sql = $db->prepare("UPDATE " . DBPREFIX . "user SET name = %s, email = %s WHERE id = %d;", $_POST["name"], $_POST["email"], $_SESSION["userid"]); if ( ! $db->doQuery($sql) ){ echo $sql; print_account("database"); } else $_SESSION["username"] = $_POST["name"]; redirect("account&success=1"); } } break; case("recover"): if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } $sql = $db->prepare("SELECT 1, name FROM " . DBPREFIX . "user WHERE email = %s ;", $_POST["email"]); $result_db = $db->doQuery($sql); $result_ar = $result_db->fetch_array(MYSQLI_NUM); if ( $result_ar[0] == 1){ $arr = array("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k", "l", "m", "n", "o", "p", "q", "r", "s", "t", "u", "v", "w", "x", "y", "z", "A", "B", "C", "D", "E", "F", "G", "H", "I", "J", "K", "L", "M", "N", "O", "P", "Q", "R", "S", "T", "U", "V", "W", "X", "Y", "Z", "0", "1", "2", "3", "4", "5", "6", "7", "8", "9", "_", "-"); $password = ""; $l = count($arr) -1 ; for ($i=0;$i<10;$i++){ $r = mt_rand(0, $l); $password.=$arr[$r]; } $hash = password_hash($password . PEPPER, PASSWORD_DEFAULT); $sql = $db->prepare("UPDATE " . DBPREFIX . "user SET password = %s WHERE email = %s ;", $hash, $_POST["email"]); if ( ! $db->doQuery($sql) ) redirect("recover&track=0"); $body = "Hello, someone requested a new password for '".$result_ar[1]."' on https://jungegemeinde.iamfabulous.de. The new password is '". $password ."'. Remember to change it immediately at ".DOMAIN."?page=account after successfull login. Kindly regards, JG Adlershof"; // header injection mail($_POST["email"], "JG: Passwort Reset", $body, "From: JG Adlershof \r\n" ); redirect("recover&track=1"); } else { redirect("recover&track=0"); } break; case("download"): if( ! isset($_GET["type"]) || $_GET["type"] == "" || $_GET["type"] == "plain" ){ $content = "Adressliste der JG \n"; $content .= "# | Name | Adresse | Telefon | Handy | E-Mail | Geburtstag\n"; $type = "plain"; $suffix = ".txt"; } else { $content = "Adressliste der JG \n"; $type = "csv"; $suffix = ".csv"; } lredirect("download;type=".$type); if ( $c->exists(CACHEPREFIX . "adressliste".$suffix) ){ $content = $c->getValue(CACHEPREFIX . "adressliste".$suffix); } else { $res = $db->doQuery("SELECT * FROM " . DBPREFIX . "member;"); $content .= "\n"; $count = 1; while ($row = $res->fetch_array() ){ if ( $type == "plain" ){ $content .= $count . " | " . $row["name"] . " | " . $row["adresse"] . " | " . $row["telefonnummer"] . " | " . $row["handynummer"] . " | " . $row["email"] . " | " . $row["geburtstag"] . "\n"; } else { $content .= $count; for ( $i=1;$i<7;$i++){ $content .= ';' . $row[$i]; } $content .= "\n"; } $count++; } $c->setKey(CACHEPREFIX . "adressliste".$suffix, $content); } ob_clean(); header("Content-Type: text/".$type."; Charset=UTF-8"); header("Content-Disposition: attachment; filename=\"JG Adressliste ".date("j.n.Y", time()).$suffix."\""); echo $content; ob_end_flush(); exit; break; case("gallery"): lredirect("foto"); if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } if ( ! isset($_POST["name"]) || $_POST["name"] == "" ){ //print_gallery("name"); redirect("foto"); } if ( ! isset($_POST["desc"]) ){ $_POST["desc"] = ""; } $sql = $db->prepare("INSERT INTO " . DBPREFIX . "gallery (id, name, description, owner, restricted, time) VALUES (NULL, %s, %s, %d, %d, %d);", $_POST["name"], $_POST["desc"], $user->getUserId(), 0, time() ); if ( $db->doQuery($sql) ){ $c->flush2(); redirect("foto"); } else { redirect("foto"); //print_gallery("database"); } break; case("editGallery"): if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } if ( ! isset($_GET["gallery"]) || $_GET["gallery"] == "" ){ $_GET["gallery"] = 0; } lredirect( "gallery;gallery=".htmlentities($_GET["gallery"]).";edit=1" ); if ( ! isset($_POST["name"]) || $_POST["name"] == "" || ! isset($_POST["desc"]) || $_POST["desc"] == "" || $_GET["gallery"] == 0 ){ redirect("foto"); } $sql = $db->prepare("UPDATE " . DBPREFIX . "gallery SET name = %s, description = %s WHERE id = %d;", $_POST["name"], $_POST["desc"], $_GET["gallery"]); if ( $db->doQuery($sql) ){ $c->flush2(); redirect( "gallery&gallery=" . htmlentities($_GET["gallery"]) ); } else { redirect("foto"); } break; case("deleteGallery"): if ( $_SERVER['REQUEST_METHOD'] != 'POST' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } lredirect( "gallery;gallery=".htmlentities($_GET["gallery"]) ); if ( ! isset($_GET["gallery"]) || $_GET["gallery"] == "" ){ redirect( "gallery;gallery=".htmlentities($_SESSION["gallery"]) ); } rrmdir( IMAGE_PATH . $_GET["gallery"] ); $sql = $db->prepare("DELETE FROM " . DBPREFIX . "gallery WHERE id = %d;", $_GET["gallery"]); if ( $db->doQuery($sql) ) $c->flush2(); redirect("foto"); break; case("downloadGallery"): if ( $_SERVER['REQUEST_METHOD'] != 'GET' ){ header($_SERVER["SERVER_PROTOCOL"] . " 405 Method Not Allowed"); ob_clean(); echo "Method not allowed"; exit; } lredirect( "gallery;gallery=".htmlentities($_GET["gallery"]) ); if ( ! isset($_GET["gallery"]) || $_GET["gallery"] == "" || ! preg_match("/^[0-9]+$/", $_GET["gallery"]) ){ redirect( "gallery;gallery=".htmlentities($_SESSION["gallery"]) ); } $zname = '/tmp/jg_fotoalbum.zip'; $zip = new ZipArchive(); if ( $zip->open($zname, ZipArchive::CREATE) == TRUE ){ $images = array_diff( scandir(IMAGE_PATH . $_GET["gallery"].'/'), array('..', '.') ); foreach( $images as $image){ if ( is_file(IMAGE_PATH . $_GET["gallery"] . '/' . $image) ){ //$zip->addFile($image, basename($image)); $zip->addFile(IMAGE_PATH . $_GET["gallery"] . '/' . $image, $image); } } $zip->close(); ob_end_clean(); $name = $c->get2(CACHEPREFIX . $_GET["gallery"]); header("Content-Type: application/zip"); header("Content-Length: " . filesize($zname)); header("Content-Disposition: attachment; filename=\"".$name.".zip\""); readfile($zname); unlink($zname); exit; } else { redirect("gallery&gallery=".$_GET["gallery"]); } break; default: print_404(); break; }