diff --git a/db/update.d/17_translations.php b/db/update.d/17_translations.php
new file mode 100644
index 00000000..962b6052
--- /dev/null
+++ b/db/update.d/17_translations.php
@@ -0,0 +1,59 @@
+diesen Link (bitte geheimhalten, im Notfall Deinen iCal-Key zurücksetzen):'),
+('inc_schicht_ical_text', 'EN', 'To subscribe the shifts shown in your calendar software, use this link (please keep secret, otherwise reset the ical key):'),
+('helpers', 'DE', 'Helfer'),
+('helpers', 'EN', 'helpers'),
+('helper', 'DE', 'Helfer'),
+('helper', 'EN', 'helper'),
+('needed', 'DE', 'gebraucht'),
+('needed', 'EN', 'needed'),
+('pub_myshifts_intro', 'DE', 'Hier sind Deine Schichten.
Versuche bitte 15 Minuten vor Schichtbeginn anwesend zu sein!
Du kannst Dich %d Stunden vor Schichtbeginn noch aus Schichten wieder austragen.'),
+('pub_myshifts_intro', 'EN', 'These are your shifts.
Please try to appear 15 minutes before your shift begins!
You can remove yourself from a shift up to %d hours before it starts.'),
+('pub_myshifts_goto_shifts', 'DE', 'Gehe zum Schichtplan um Dich für Schichten einzutragen.'),
+('pub_myshifts_goto_shifts', 'EN', 'Go to the shifts table to sign yourself up for some shifts.'),
+('pub_myshifts_signed_off', 'DE', 'Du wurdest aus der Schicht ausgetragen.'),
+('pub_myshifts_signed_off', 'EN', 'You have been signed off from the shift.'),
+('pub_myshifts_too_late', 'DE', 'Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. den Schichtkoordinator, ob er dich austragen kann.'),
+('pub_myshifts_too_late', 'EN', 'It\'s too late to sign yourself off the shift. If neccessary, as the dispatcher to do so.'),
+('sign_off', 'DE', 'austragen'),
+('sign_off', 'EN', 'sign off');");
+
+if(mysql_affected_rows() > 0)
+ $applied = true;
diff --git a/db/update.d/18_translations.php b/db/update.d/18_translations.php
new file mode 100644
index 00000000..995a2450
--- /dev/null
+++ b/db/update.d/18_translations.php
@@ -0,0 +1,17 @@
+ 0;
+
+// more translations
+$res = mysql_query("INSERT IGNORE INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
+('occupied', 'DE', 'belegt'),
+('occupied', 'EN', 'occupied'),
+('free', 'DE', 'frei'),
+('free', 'EN', 'free');");
+
+$applied |= mysql_affected_rows() > 0;
diff --git a/db/update.d/19_password_field.php b/db/update.d/19_password_field.php
new file mode 100644
index 00000000..85333f28
--- /dev/null
+++ b/db/update.d/19_password_field.php
@@ -0,0 +1,7 @@
+= 6) {
- if ($_REQUEST['password'] == $_REQUEST['password2']) {
- $password_hash = PassCrypt($_REQUEST['password']);
- } else {
+ if (isset ($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
+ if ($_REQUEST['password'] != $_REQUEST['password2']) {
$ok = false;
$msg .= error(Get_Text("makeuser_error_password1"), true);
}
@@ -112,9 +110,10 @@ function guest_register() {
"', `email`='" . sql_escape($mail) . "', `ICQ`='" . sql_escape($icq) . "', `jabber`='" . sql_escape($jabber) . "', `Size`='" . sql_escape($tshirt_size) .
"', `Passwort`='" . sql_escape($password_hash) . "', `kommentar`='" . sql_escape($comment) . "', `Hometown`='" . sql_escape($hometown) . "', `CreateDate`=NOW(), `Sprache`='" . sql_escape($_SESSION["Sprache"]) . "'");
- // Assign user-group
+ // Assign user-group and set password
$user_id = sql_id();
sql_query("INSERT INTO `UserGroups` SET `uid`=" . sql_escape($user_id) . ", `group_id`=-2");
+ set_password($user_id, $_REQUEST['password']);
// Assign angel-types
foreach ($selected_angel_types as $selected_angel_type_id)
@@ -176,7 +175,7 @@ function guest_login() {
if (count($login_user) > 0) {
$login_user = $login_user[0];
if (isset ($_REQUEST['password'])) {
- if ($login_user['Passwort'] != PassCrypt($_REQUEST['password'])) {
+ if (!verify_password($_REQUEST['password'], $login_user['Passwort'], $login_user['UID'])) {
$ok = false;
$msg .= error(Get_Text("pub_index_pass_no_ok"), true);
}
diff --git a/includes/pages/user_myshifts.php b/includes/pages/user_myshifts.php
index a4de1c1b..390b3b01 100644
--- a/includes/pages/user_myshifts.php
+++ b/includes/pages/user_myshifts.php
@@ -58,9 +58,9 @@ function user_myshifts() {
$shift = $shift[0];
if (($shift['start'] - time() < $LETZTES_AUSTRAGEN * 60) || in_array('user_shifts_admin', $privileges)) {
sql_query("DELETE FROM `ShiftEntry` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
- $msg .= success("Du wurdest aus der Schicht ausgetragen.", true);
+ $msg .= success(Get_Text("pub_myshifts_signed_off"), true);
} else
- $msg .= error("Es ist zu spät um sich aus der Schicht auszutragen. Frage ggf. einen Orga.", true);
+ $msg .= error(Get_Text("pub_myshifts_too_late"), true);
} else
redirect(page_link_to('user_myshifts'));
}
@@ -78,24 +78,25 @@ function user_myshifts() {
$html .= '
' . $shift['name'] . ' | ';
$html .= '' . $shift['Comment'] . ' | ';
$html .= '';
- $html .= 'bearbeiten';
+ $html .= '' . Get_Text('edit') . '';
if ($shift['start'] - time() > $LETZTES_AUSTRAGEN * 60)
- $html .= ' | austragen';
+ $html .= ' | ' . Get_Text('sign_off') . '';
$html .= ' | ';
$html .= '';
}
if ($html == "")
- $html = 'Keine... | | | | | Gehe zum Schichtplan um Dich für Schichten einzutragen. |
';
+ $html = '' . ucfirst(Get_Text('none')) . '... | | | | | ' . sprintf(Get_Text('pub_myshifts_goto_shifts'), page_link_to('user_shifts')) . ' |
';
if ($shifts_user['ical_key'] == "")
user_reset_ical_key($shifts_user);
return msg().template_render('../templates/user_myshifts.html', array (
- 'h' => $LETZTES_AUSTRAGEN,
+ 'intro' => sprintf(Get_Text('pub_myshifts_intro'), $LETZTES_AUSTRAGEN),
'shifts' => $html,
'msg' => $msg,
- 'ical_link' => page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
- 'reset_link' => page_link_to('user_myshifts') . '&reset'
- ));
+ 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'),
+ page_link_to_absolute('ical') . '&key=' . $shifts_user['ical_key'],
+ page_link_to('user_myshifts') . '&reset'),
+));
}
-?>
\ No newline at end of file
+?>
diff --git a/includes/pages/user_settings.php b/includes/pages/user_settings.php
index 5ea4af27..cfeb38cf 100644
--- a/includes/pages/user_settings.php
+++ b/includes/pages/user_settings.php
@@ -114,29 +114,17 @@ function user_settings() {
elseif (isset ($_REQUEST['submit_password'])) {
$ok = true;
- if (!isset ($_REQUEST['password']) || $user['Passwort'] != PassCrypt($_REQUEST['password'])) {
- $ok = false;
+ if (!isset ($_REQUEST['password']) || !verify_password($_REQUEST['password'], $user['Passwort'], $user['UID']))
$msg .= error(Get_Text(30), true);
- }
-
- if (isset ($_REQUEST['new_password']) && strlen($_REQUEST['new_password']) >= 6) {
- if ($_REQUEST['new_password'] == $_REQUEST['new_password2']) {
- $password_hash = PassCrypt($_REQUEST['new_password']);
- } else {
- $ok = false;
- $msg .= error(Get_Text("makeuser_error_password1"), true);
- }
- } else {
- $ok = false;
- $msg .= error(Get_Text("makeuser_error_password2"), true);
- }
-
- if ($ok) {
- sql_query("UPDATE `User` SET `Passwort`='" . sql_escape($password_hash) . "' WHERE `UID`=" . sql_escape($user['UID']));
-
+ elseif (strlen($_REQUEST['new_password']) <= MIN_PASSWORD_LENGTH)
+ $msg .= error(Get_Text("makeuser_error_password2"));
+ elseif ($_REQUEST['new_password'] != $_REQUEST['new_password2'])
+ $msg .= error(Get_Text("makeuser_error_password1"), true);
+ elseif(set_password($user['UID'], $_REQUEST['new_password']))
success("Password saved.");
- redirect(page_link_to('user_settings'));
- }
+ else
+ error("Failed setting password.");
+ redirect(page_link_to('user_settings'));
}
elseif (isset ($_REQUEST['submit_theme'])) {
$ok = true;
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index c144733d..785fc8ab 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -268,14 +268,16 @@ function view_user_shifts() {
$types = sql_select("SELECT `id`, `name` FROM `AngelTypes`");
else
$types = sql_select("SELECT `AngelTypes`.`id`, `AngelTypes`.`name` FROM `UserAngelTypes` JOIN `AngelTypes` ON (`UserAngelTypes`.`angeltype_id` = `AngelTypes`.`id`) WHERE `UserAngelTypes`.`user_id` = " . sql_escape($user['UID']) . " AND (`AngelTypes`.`restricted` = 0 OR NOT `UserAngelTypes`.`confirm_user_id` IS NULL)");
+ if (empty($types))
+ $types = sql_select("SELECT `id`, `name` FROM `AngelTypes` WHERE `restricted` = 0");
$filled = array (
array (
'id' => '1',
- 'name' => 'Volle'
+ 'name' => Get_Text('occupied')
),
array (
'id' => '0',
- 'name' => 'Freie'
+ 'name' => Get_Text('free')
)
);
@@ -347,9 +349,10 @@ function view_user_shifts() {
$query .= "`shift_id` = " . sql_escape($shift['SID']);
else
$query .= "`room_id` = " . sql_escape($shift['RID']);
- $query .= " AND `count` > 0
- AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ")
- ORDER BY `AngelTypes`.`name`";
+ $query .= " AND `count` > 0 ";
+ if (!empty($_SESSION['user_shifts']['types']))
+ $query .= "AND `angel_type_id` IN (" . implode(',', $_SESSION['user_shifts']['types']) . ") ";
+ $query .= "ORDER BY `AngelTypes`.`name`";
$angeltypes = sql_select($query);
if (count($angeltypes) > 0) {
@@ -363,12 +366,15 @@ function view_user_shifts() {
else
$entry_list[] = $entry['Nick'];
}
+ // do we need more angles of this type?
if ($angeltype['count'] - count($entries) > 0) {
- if ((time() < $shift['end'] && !$my_shift) || in_array('user_shifts_admin', $privileges)) {
- $entry_list[] = '' . ($angeltype['count'] - count($entries)) . ' Helfer' . ($angeltype['count'] - count($entries) != 1 ? '' : '') . ' gebraucht »';
- } else {
- $entry_list[] = ($angeltype['count'] - count($entries)) . ' Helfer gebraucht';
- }
+ $inner_text = ($angeltype['count'] - count($entries)) . ' ' . Get_Text($angeltype['count'] - count($entries) == 1 ? 'helper' : 'helpers') . ' ' . Get_Text('needed');
+ // is the shift still running or alternatively is the user shift admin?
+ if ((time() < $shift['end'] && !$my_shift) || in_array('user_shifts_admin', $privileges))
+ $entry_list[] = '' . $inner_text . ' »';
+ else
+ $entry_list[] = $inner_text;
+ unset($inner_text);
$is_free = true;
}
@@ -391,13 +397,16 @@ function view_user_shifts() {
user_reset_ical_key($user);
return msg() . template_render('../templates/user_shifts.html', array (
- 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", "Räume"),
- 'day_select' => make_select($days, $_SESSION['user_shifts']['days'], "days", "Tage"),
- 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", "Aufgaben"),
- 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", "Besetzung"),
+ 'room_select' => make_select($rooms, $_SESSION['user_shifts']['rooms'], "rooms", ucfirst(Get_Text("rooms"))),
+ 'day_select' => make_select($days, $_SESSION['user_shifts']['days'], "days", ucfirst(Get_Text("days"))),
+ 'type_select' => make_select($types, $_SESSION['user_shifts']['types'], "types", ucfirst(Get_Text("tasks")) . '1'),
+ 'filled_select' => make_select($filled, $_SESSION['user_shifts']['filled'], "filled", ucfirst(Get_Text("occupancy"))),
+ 'task_notice' => '1' . Get_Text("pub_schichtplan_tasks_notice"),
'shifts_table' => $shifts_table,
- 'ical_link' => make_user_shifts_ical_link($user['ical_key']),
- 'reset_link' => page_link_to('user_myshifts') . '&reset'
+ 'ical_text' => sprintf(Get_Text('inc_schicht_ical_text'), make_user_shifts_ical_link($user['ical_key']), page_link_to('user_myshifts') . '&reset'),
+ 'header1' => ucfirst(Get_Text("time")) . "/" . ucfirst(Get_Text("room")),
+ 'header2' => ucfirst(Get_Text("entries")),
+ 'filter' => ucfirst(Get_Text("to_filter")),
));
}
@@ -430,8 +439,8 @@ function make_select($items, $selected, $name, $title = null) {
$html .= implode("\n", $html_items);
$html .= '' . "\n";
$html .= buttons(array (
- button("javascript: check_all('selection_" . $name . "')", "Alle", ""),
- button("javascript: uncheck_all('selection_" . $name . "')", "Keine", "")
+ button("javascript: check_all('selection_" . $name . "')", Get_Text("all"), ""),
+ button("javascript: uncheck_all('selection_" . $name . "')", Get_Text("none"), "")
));
$html .= '' . "\n";
return $html;
diff --git a/includes/sys_auth.php b/includes/sys_auth.php
index e1869029..68cf17e4 100644
--- a/includes/sys_auth.php
+++ b/includes/sys_auth.php
@@ -28,15 +28,40 @@ function load_auth() {
$privileges = isset ($user) ? privileges_for_user($user['UID']) : privileges_for_group(-1);
}
-function PassCrypt($passwort) {
- global $crypt_system;
-
- switch ($crypt_system) {
- case "crypt" :
- return "{crypt}" . crypt($passwort, "77");
- case "md5" :
- return md5($passwort);
+// generate a salt (random string) of arbitrary length suitable for the use with crypt()
+function generate_salt($length = 16) {
+ $alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+ $salt = "";
+ for ($i = 0; $i < $length; $i++) {
+ $salt .= $alphabet[rand(0, strlen($alphabet)-1)];
}
+ return $salt;
+}
+
+// set the password of a user
+function set_password($uid, $password) {
+ $res = sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt(16) . '$')) . "' WHERE `UID` = " . intval($uid) . " LIMIT 1");
+ return $res && (mysql_affected_rows() > 0);
+}
+
+// verify a password given a precomputed salt.
+// if $uid is given and $salt is an old-style salt (plain md5), we convert it automatically
+function verify_password($password, $salt, $uid = false) {
+ $correct = false;
+ if (substr($salt, 0, 1) == '$') // new-style crypt()
+ $correct = crypt($password, $salt) == $salt;
+ elseif (substr($salt, 0, 7) == '{crypt}') // old-style crypt() with DES and static salt - not used anymore
+ $correct = crypt($password, '77') == $salt;
+ elseif (strlen($salt) == 32) // old-style md5 without salt - not used anymore
+ $correct = md5($password) == $salt;
+
+ if($correct && substr($salt, 0, strlen(CRYPT_ALG)) != CRYPT_ALG && $uid) {
+ // this password is stored in another format than we want it to be.
+ // let's update it!
+ // we duplicate the query from the above set_password() function to have the extra safety of checking the old hash
+ sql_query("UPDATE `User` SET `Passwort` = '" . sql_escape(crypt($password, CRYPT_ALG . '$' . generate_salt() . '$')) . "' WHERE `UID` = " . intval($uid) . " AND `Passwort` = '" . sql_escape($salt) . "' LIMIT 1");
+ }
+ return $correct;
}
// JSON Authorisierungs-Schnittstelle
@@ -50,11 +75,12 @@ function json_auth_service() {
$SourceOuth = $_REQUEST['so'];
if (isset ($CurrentExternAuthPass) && $SourceOuth == $CurrentExternAuthPass) {
- $sql = "SELECT * FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
- $Erg = sql_query($sql);
+ $sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
+ $Erg = sql_select($sql);
- if (mysql_num_rows($Erg) == 1) {
- if (mysql_result($Erg, 0, "Passwort") == PassCrypt($Pass)) {
+ if (count($Erg) == 1) {
+ $Erg = $Erg[0];
+ if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
$UID = mysql_result($Erg, 0, "UID");
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`=" . sql_escape($UID) . ";");
diff --git a/install/default-conf/config.php b/install/default-conf/config.php
index 44833167..d27d809a 100644
--- a/install/default-conf/config.php
+++ b/install/default-conf/config.php
@@ -17,11 +17,16 @@ $DISPLAY_NEWS = 6;
// Anzahl Stunden bis zum Austragen eigener Schichten
$LETZTES_AUSTRAGEN=3;
-//Setzt den zu verwendenden Crypto algorismis
-// mp5 oder crypt
-// achtung crypt schaltet password ändern ab
-$crypt_system="md5";
-//$crypt_system="crypt";
+// Setzt den zu verwendenden Crypto-Algorismus (entsprechend der Dokumentation von crypt()).
+// Falls ein Benutzerpasswort in einem anderen Format gespeichert ist,
+// wird es bei der ersten Benutzung des Klartext-Passworts in das neue Format
+// konvertiert.
+//define('CRYPT_ALG', '$1'); // MD5
+//define('CRYPT_ALG', '$2y$13'); // Blowfish
+//define('CRYPT_ALG', '$5$rounds=5000'); // SHA-256
+define('CRYPT_ALG', '$6$rounds=5000'); // SHA-512
+
+define('MIN_PASSWORD_LENGTH', 8);
// Wenn Engel beim Registrieren oder in ihrem Profil eine T-Shirt Größe angeben sollen, auf true setzen:
$enable_tshirt_size = false;
diff --git a/templates/user_myshifts.html b/templates/user_myshifts.html
index 97f66601..43e97b03 100644
--- a/templates/user_myshifts.html
+++ b/templates/user_myshifts.html
@@ -1,10 +1,5 @@
- Hier sind Deine Schichten.
-
- Versuche bitte 15 Minuten
- vor Schichtbeginn anwesend zu sein!
-
- Du kannst Dich %h% Stunden vor Schichtbeginn noch aus Schichten wieder austragen.
+%intro%
%msg%
iCal Export
- Zum abonnieren in Deiner Kalender-Software benutze folgenden öffentlichen Link (daher bitte geheimhalten, im Notfall Deinen Key zurücksetzen):
-
- %ical_link%
+ %ical_text%