user messages

DB/db_rewrite.sql

@@ -3,7 +3,7 @@
 -- http://www.phpmyadmin.net
 --
 -- Host: localhost
--- Erstellungszeit: 02. Juni 2011 um 18:17
+-- Erstellungszeit: 02. Juni 2011 um 19:37
 -- Server Version: 5.1.44
 -- PHP-Version: 5.3.1
 
@@ -71,16 +71,17 @@ CREATE TABLE IF NOT EXISTS `Counter` (
 --
 
 INSERT INTO `Counter` (`URL`, `Anz`) VALUES
-('news', 44),
+('news', 73),
-('login', 12),
+('login', 18),
-('logout', 5),
+('logout', 11),
-('start', 13),
+('start', 23),
 ('faq', 4),
 ('credits', 3),
 ('register', 3),
 ('admin_rooms', 70),
-('admin_angel_types', 68),
+('admin_angel_types', 69),
-('user_settings', 109);
+('user_settings', 111),
+('user_messages', 102);
 
 -- --------------------------------------------------------
 
@@ -124,7 +125,7 @@ CREATE TABLE IF NOT EXISTS `GroupPrivileges` (
   `privilege_id` int(11) NOT NULL,
   PRIMARY KEY (`id`),
   KEY `group_id` (`group_id`,`privilege_id`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
 
 --
 -- Daten für Tabelle `GroupPrivileges`
@@ -138,7 +139,8 @@ INSERT INTO `GroupPrivileges` (`id`, `group_id`, `privilege_id`) VALUES
 (5, -1, 5),
 (6, -4, 6),
 (7, -4, 7),
-(8, -2, 8);
+(8, -2, 8),
+(9, -2, 9);
 
 -- --------------------------------------------------------
 
@@ -170,18 +172,28 @@ INSERT INTO `Groups` (`Name`, `UID`) VALUES
 --
 
 CREATE TABLE IF NOT EXISTS `Messages` (
-  `Datum` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  `id` int(11) NOT NULL AUTO_INCREMENT,
+  `Datum` int(11) NOT NULL,
   `SUID` int(11) NOT NULL DEFAULT '0',
   `RUID` int(11) NOT NULL DEFAULT '0',
   `isRead` char(1) NOT NULL DEFAULT 'N',
   `Text` text NOT NULL,
-  PRIMARY KEY (`Datum`,`SUID`,`RUID`)
+  PRIMARY KEY (`id`),
-) ENGINE=MyISAM DEFAULT CHARSET=utf8 COMMENT='Fuers interen Communikationssystem';
+  KEY `Datum` (`Datum`),
+  KEY `SUID` (`SUID`),
+  KEY `RUID` (`RUID`)
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 COMMENT='Fuers interen Communikationssystem' AUTO_INCREMENT=8 ;
 
 --
 -- Daten für Tabelle `Messages`
 --
 
+INSERT INTO `Messages` (`id`, `Datum`, `SUID`, `RUID`, `isRead`, `Text`) VALUES
+(2, 1307042342, 1, 147, 'Y', 'asdfasdfasdfasdf'),
+(4, 1307042622, 1, 147, 'Y', 'asdfasdfasdf'),
+(5, 1307042643, 1, 147, 'Y', 'foobar'),
+(6, 1307042663, 1, 147, 'Y', 'foobar'),
+(7, 1307042692, 147, 1, 'Y', 'foobar');
 
 -- --------------------------------------------------------
 
@@ -197,19 +209,16 @@ CREATE TABLE IF NOT EXISTS `News` (
   `UID` int(11) NOT NULL DEFAULT '0',
   `Treffen` tinyint(4) NOT NULL DEFAULT '0',
   PRIMARY KEY (`ID`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=4 ;
 
 --
 -- Daten für Tabelle `News`
 --
 
 INSERT INTO `News` (`ID`, `Datum`, `Betreff`, `Text`, `UID`, `Treffen`) VALUES
-(3, '2011-06-02 01:32:31', '', '', 0, 0),
+(1, '2011-06-02 21:35:27', '', '', 1, 0),
-(4, '2011-06-02 01:36:27', 'Darf ich News erstellen?', 'Darf ich.', 0, 0),
+(2, '2011-06-02 21:36:57', '', '', 1, 0),
-(5, '2011-06-02 01:36:35', 'Darf ich News erstellen?', 'asdfasdfasdf', 1, 0),
+(3, '2011-06-02 21:36:57', '', '', 1, 0);
-(6, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0),
-(7, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0),
-(8, '2011-06-02 01:38:59', '"''>', '"''>\r\n', 1, 0);
 
 -- --------------------------------------------------------
 
@@ -244,7 +253,7 @@ CREATE TABLE IF NOT EXISTS `Privileges` (
   `desc` varchar(1024) NOT NULL,
   PRIMARY KEY (`id`),
   UNIQUE KEY `name` (`name`)
-) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=9 ;
+) ENGINE=MyISAM  DEFAULT CHARSET=utf8 AUTO_INCREMENT=10 ;
 
 --
 -- Daten für Tabelle `Privileges`
@@ -258,7 +267,8 @@ INSERT INTO `Privileges` (`id`, `name`, `desc`) VALUES
 (5, 'register', 'Einen neuen Engel registerieren'),
 (6, 'admin_rooms', 'Räume administrieren'),
 (7, 'admin_angel_types', 'Engel Typen administrieren'),
-(8, 'user_settings', 'User profile settings');
+(8, 'user_settings', 'User profile settings'),
+(9, 'user_messages', 'Writing and reading messages from user to user');
 
 -- --------------------------------------------------------
 
@@ -800,8 +810,8 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('pub_einstellungen_Hometown', 'EN', 'hometown'),
 ('makeuser_error_Alter', 'DE', 'Fehler: Dein Alter muss eine Zahl oder leer sein'),
 ('makeuser_error_Alter', 'EN', 'error: your age must be a number or empty'),
-('pub_menu_messages', 'DE', 'Nachrichten'),
+('user_messages', 'DE', 'Nachrichten'),
-('pub_menu_messages', 'EN', 'messages'),
+('user_messages', 'EN', 'Messages'),
 ('pub_messages_Datum', 'DE', 'Datum'),
 ('pub_messages_Datum', 'EN', 'date'),
 ('pub_messages_Von', 'DE', 'Gesendet'),
@@ -983,7 +993,9 @@ INSERT INTO `Sprache` (`TextID`, `Sprache`, `Text`) VALUES
 ('login', 'DE', 'Login'),
 ('login', 'EN', 'Login'),
 ('credits', 'DE', 'Credits'),
-('credits', 'EN', 'Credits');
+('credits', 'EN', 'Credits'),
+('pub_messages_Neu', 'DE', 'Neu'),
+('pub_messages_Neu', 'EN', 'New');
 
 -- --------------------------------------------------------
 
@@ -1026,8 +1038,8 @@ CREATE TABLE IF NOT EXISTS `User` (
 --
 
 INSERT INTO `User` (`UID`, `Nick`, `Name`, `Vorname`, `Alter`, `Telefon`, `DECT`, `Handy`, `email`, `ICQ`, `jabber`, `Size`, `Passwort`, `Gekommen`, `Aktiv`, `Tshirt`, `color`, `Sprache`, `Avatar`, `Menu`, `lastLogIn`, `CreateDate`, `Art`, `kommentar`, `Hometown`) VALUES
-(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307038600, '0000-00-00 00:00:00', '', '', ''),
+(1, 'admin', '', '', 0, '', '', '', '', '', '', 'L', '21232f297a57a5a743894a0e4a801fc3', 0, 0, 0, 10, 'DE', 115, 'L', 1307043433, '0000-00-00 00:00:00', '', '', ''),
-(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1306971362, '2011-06-02 00:55:09', '', '', '');
+(147, 'msquare', '', '', 23, '', '', '', 'msquare@notrademark.de', '', '', 'L', 'e10adc3949ba59abbe56e057f20f883e', 0, 0, 0, 6, 'EN', 0, 'L', 1307042703, '2011-06-02 00:55:09', '', '', '');
 
 -- --------------------------------------------------------
 

includes/pages/user_messages.php

@@ -0,0 +1,216 @@
+<?php
+function user_unread_messages() {
+	global $user;
+
+	$new_messages = sql_num_query("SELECT * FROM `Messages` WHERE isRead='N' AND `RUID`=" . sql_escape($user['UID']));
+
+	if ($new_messages > 0)
+		return '<p class="notice"><a href="' . page_link_to("user_messages") . '">' . Get_Text("pub_messages_new1") . " " . $new_messages . " " . Get_Text("pub_messages_new2") . '</a></p><hr />';
+
+	return "";
+}
+
+function user_messages() {
+	global $user;
+
+	if (!isset ($_REQUEST['action'])) {
+		$users = sql_select("SELECT * FROM `User` WHERE NOT `UID`=" . sql_escape($user['UID']) . " ORDER BY `Nick`");
+		$to_select_data = array (
+			"" => "Select receiver..."
+		);
+		foreach ($users as $u)
+			$to_select_data[$u['UID']] = $u['Nick'];
+		$to_select = html_select_key('to', $to_select_data, '');
+
+		$messages_html = "";
+		$messages = sql_select("SELECT * FROM `Messages` WHERE `SUID`=" . sql_escape($user['UID']) . " OR `RUID`=" . sql_escape($user['UID']) . " ORDER BY `isRead`,`Datum` DESC");
+		foreach ($messages as $message) {
+			$messages_html .= '<tr' . ($message['isRead'] == 'N' ? ' class="new_message"' : '') . '>';
+			$messages_html .= '<td>' . ($message['isRead'] == 'N' ? '•' : '') . '</td>';
+			$messages_html .= '<td>' . date("Y-m-d H:i", $message['Datum']) . '</td>';
+			$messages_html .= '<td>' . UID2Nick($message['SUID']) . '</td>';
+			$messages_html .= '<td>' . UID2Nick($message['RUID']) . '</td>';
+			$messages_html .= '<td>' . str_replace("\n", '<br />', $message['Text']) . '</td>';
+			$messages_html .= '<td>';
+			if ($message['RUID'] == $user['UID']) {
+				if ($message['isRead'] == 'N')
+					$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=read&id=' . $message['id'] . '">' . Get_Text("pub_messages_MarkRead") . '</a>';
+			} else {
+				$messages_html .= '<a href="' . page_link_to("user_messages") . '&action=delete&id=' . $message['id'] . '">' . Get_Text("pub_messages_DelMsg") . '</a>';
+			}
+			$messages_html .= '</td></tr>';
+		}
+
+		return template_render('../templates/user_messages.html', array (
+			'link' => page_link_to("user_messages"),
+			'greeting' => Get_Text("Hello") . $user['Nick'] . ", <br />\n" . Get_Text("pub_messages_text1") . "<br /><br />\n",
+			'messages' => $messages_html,
+			'new_label' => Get_Text("pub_messages_Neu"),
+			'date_label' => Get_Text("pub_messages_Datum"),
+			'from_label' => Get_Text("pub_messages_Von"),
+			'to_label' => Get_Text("pub_messages_An"),
+			'text_label' => Get_Text("pub_messages_Text"),
+			'date' => date("Y-m-d H:i"),
+			'from' => $user['Nick'],
+			'to_select' => $to_select,
+			'submit_label' => Get_Text("save")
+		));
+	} else {
+		switch ($_REQUEST['action']) {
+			case "read" :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Message ID.");
+
+				$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+				if (count($message) > 0 && $message[0]['RUID'] == $user['UID']) {
+					sql_query("UPDATE `Messages` SET `isRead`='Y' WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("user_messages"));
+				} else
+					return error("No Message found.");
+				break;
+
+			case "delete" :
+				if (isset ($_REQUEST['id']) && preg_match("/^[0-9]{1,11}$/", $_REQUEST['id']))
+					$id = $_REQUEST['id'];
+				else
+					return error("Incomplete call, missing Message ID.");
+
+				$message = sql_select("SELECT * FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+				if (count($message) > 0 && $message[0]['SUID'] == $user['UID']) {
+					sql_query("DELETE FROM `Messages` WHERE `id`=" . sql_escape($id) . " LIMIT 1");
+					header("Location: " . page_link_to("user_messages"));
+				} else
+					return error("No Message found.");
+				break;
+
+			case "send" :
+				$text = preg_replace("/([^\p{L}\p{P}\p{Z}\p{N}\n]{1,})/ui", '', strip_tags($_REQUEST['text']));
+				$to = preg_replace("/([^0-9]{1,})/ui", '', strip_tags($_REQUEST['to']));
+				if ($text != "" && is_numeric($to) && sql_num_query("SELECT * FROM `User` WHERE `UID`=" . sql_escape($to) . " AND NOT `UID`=" . sql_escape($user['UID']) . " LIMIT 1") > 0) {
+					sql_query("INSERT INTO `Messages` SET `Datum`=" . sql_escape(time()) . ", `SUID`=" . sql_escape($user['UID']) . ", `RUID`=" . sql_escape($to) . ", `Text`='" . sql_escape($text) . "'");
+					header("Location: " . page_link_to("user_messages"));
+				} else {
+					return error(Get_Text("pub_messages_Send_Error"));
+				}
+				break;
+		}
+		return "";
+	}
+
+	if (!isset ($_GET["action"]))
+		$_GET["action"] = "start";
+
+	switch ($_GET["action"]) {
+		case "start" :
+			echo Get_Text("Hello") . $_SESSION['Nick'] . ", <br />\n";
+			echo Get_Text("pub_messages_text1") . "<br /><br />\n";
+
+			//show exist Messages
+			$SQL = "SELECT * FROM `Messages` WHERE `SUID`='" . $_SESSION["UID"] . "' OR `RUID`='" . $_SESSION["UID"] . "'";
+			$erg = mysql_query($SQL, $con);
+
+			echo "<table border=\"0\" class=\"border\" cellpadding=\"2\" cellspacing=\"1\">\n";
+			echo "<tr>\n";
+			echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Datum") . "</b></td>\n";
+			echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Von") . "</b></td>\n";
+			echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_An") . "</b></td>\n";
+			echo "<td class=\"contenttopic\"><b>" . Get_Text("pub_messages_Text") . "</b></td>\n";
+			echo "<td class=\"contenttopic\"></td>\n";
+			echo "</tr>\n";
+
+			for ($i = 0; $i < mysql_num_rows($erg); $i++) {
+				echo "<tr class=\"content\">\n";
+				echo "<td>" . mysql_result($erg, $i, "Datum") . "</td>\n";
+				echo "<td>" . UID2Nick(mysql_result($erg, $i, "SUID")) . "</td>\n";
+				echo "<td>" . UID2Nick(mysql_result($erg, $i, "RUID")) . "</td>\n";
+				echo "<td>" . mysql_result($erg, $i, "Text") . "</td>\n";
+				echo "<td>";
+
+				if (mysql_result($erg, $i, "RUID") == $_SESSION["UID"]) {
+					echo "<a href=\"?action=DelMsg&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_DelMsg") . "</a>";
+
+					if (mysql_result($erg, $i, "isRead") == "N")
+						echo "<a href=\"?action=MarkRead&Datum=" . mysql_result($erg, $i, "Datum") . "\">" . Get_Text("pub_messages_MarkRead") . "</a>";
+				} else {
+					if (mysql_result($erg, $i, "isRead") == "N")
+						echo Get_Text("pub_messages_NotRead");
+				}
+
+				echo "</td>\n";
+				echo "</tr>\n";
+			}
+
+			// send Messeges
+			echo "<form action=\"" . $_SERVER['SCRIPT_NAME'] . "?action=SendMsg\" method=\"POST\">";
+			echo "<tr class=\"content\">\n";
+			echo "<td></td>\n";
+			echo "<td></td>\n";
+
+			// Listet alle Nicks auf
+			echo "<td><select name=\"RUID\">\n";
+
+			$usql = "SELECT * FROM `User` WHERE (`UID`!='" . $_SESSION["UID"] . "') ORDER BY `Nick`";
+			$uErg = mysql_query($usql, $con);
+			$urowcount = mysql_num_rows($uErg);
+
+			for ($k = 0; $k < $urowcount; $k++) {
+				echo "<option value=\"" . mysql_result($uErg, $k, "UID") . "\">" . mysql_result($uErg, $k, "Nick") . "</option>\n";
+			}
+
+			echo "</select></td>\n";
+			echo "<td><textarea name=\"Text\"  cols=\"30\" rows=\"10\"></textarea></td>\n";
+			echo "<td><input type=\"submit\" value=\"" . Get_Text("save") . "\"></td>\n";
+			echo "</tr>\n";
+			echo "</form>";
+
+			echo "</table>\n";
+			break;
+
+		case "SendMsg" :
+			echo Get_Text("pub_messages_Send1") . "...<br />\n";
+
+			$SQL = "INSERT INTO `Messages` ( `Datum` , `SUID` , `RUID` , `Text` ) VALUES (" .
+			"'" . gmdate("Y-m-j H:i:s", time()) . "', " .
+			"'" . $_SESSION["UID"] . "', " .
+			"'" . $_POST["RUID"] . "', " .
+			"'" . $_POST["Text"] . "');";
+
+			$Erg = mysql_query($SQL, $con);
+
+			if ($Erg == 1)
+				echo Get_Text("pub_messages_Send_OK") . "\n";
+			else
+				echo Get_Text("pub_messages_Send_Error") . "...\n(" . mysql_error($con) . ")";
+			break;
+
+		case "MarkRead" :
+			$SQL = "UPDATE `Messages` SET `isRead` = 'Y' " .
+			"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID`='" . $_SESSION["UID"] . "' " .
+			"LIMIT 1 ;";
+			$Erg = mysql_query($SQL, $con);
+
+			if ($Erg == 1)
+				echo Get_Text("pub_messages_MarkRead_OK") . "\n";
+			else
+				echo Get_Text("pub_messages_MarkRead_KO") . "...\n(" . mysql_error($con) . ")";
+			break;
+
+		case "DelMsg" :
+			$SQL = "DELETE FROM `Messages` " .
+			"WHERE `Datum` = '" . $_GET["Datum"] . "' AND `RUID` ='" . $_SESSION["UID"] . "' " .
+			"LIMIT 1;";
+			$Erg = mysql_query($SQL, $con);
+
+			if ($Erg == 1)
+				echo Get_Text("pub_messages_DelMsg_OK") . "\n";
+			else
+				echo Get_Text("pub_messages_DelMsg_KO") . "...\n(" . mysql_error($con) . ")";
+			break;
+
+		default :
+			echo Get_Text("pub_messages_NoCommand");
+	}
+}
+?>

includes/sys_menu.php

@@ -22,6 +22,7 @@ function make_navigation() {
 	// Engel Navigation
 	$menu .= make_navigation_for(Get_Text('inc_schicht_engel'), array (
 		"news",
+		"user_messages",
 		"user_settings"
 	));
 

templates/user_messages.html

@@ -0,0 +1,50 @@
+%greeting%
+<form action="%link%&action=send" method="post">
+    <table>
+        <thead>
+            <tr>
+                <th>
+                    %new_label%
+                </th>
+                <th>
+                    %date_label%
+                </th>
+                <th>
+                    %from_label%
+                </th>
+                <th>
+                    %to_label%
+                </th>
+                <th>
+                    %text_label%
+                </th>
+                <th>
+                    &nbsp;
+                </th>
+            </tr>
+        </thead>
+        <tbody>
+            %messages%
+            <tr>
+                <td>
+                    &nbsp;
+                </td>
+                <td>
+                    %date%
+                </td>
+                <td>
+                    %from%
+                </td>
+                <td>
+                    %to_select%
+                </td>
+                <td>
+                    <textarea name="text"></textarea>
+                </td>
+                <td>
+                    <input type="submit" name="submit" value="%submit_label%" />
+                </td>
+            </tr>
+        </tbody>
+    </table>
+</form>

txt/TODO

@@ -1,6 +1,9 @@
  * MD5-Passwörter mit Salt speichern
  * Passwort-Mindestanforderungen stellen
- * Avatare
+ * User-Avatare
+ * user_messages schön machen
+ * Formulare weg von Tabellen
+ * user_news lässt sich nicht bedienen (POST ohne redirects...)
 
 
 * schichten ueber monatsgrenzen einbaue im moment werden die tage nur 

www-ssl/css/base.css

@@ -128,3 +128,14 @@ td, th {
 .success {
 	color: #090;
 }
+
+.notice {
+	background: #f0f0f0;
+	border: 2px solid #888;
+	margin: 10px;
+	padding: 10px;
+}
+
+.new_message {
+	font-weight: bold;
+}

www-ssl/css/style6.css

@@ -71,6 +71,6 @@ h4.menu {
 	font-size : 6pt;
 }
 
-h4, h1 {
+h4, h1, th {
 	background: #333E47;
 }

www-ssl/index.php

@@ -13,6 +13,8 @@ require_once ('includes/sys_user.php');
 require_once ('config/config.php');
 require_once ('config/config_db.php');
 
+require_once ('includes/pages/user_messages.php');
+
 session_start();
 
 sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);
@@ -20,7 +22,7 @@ sql_connect($config['host'], $config['user'], $config['pw'], $config['db']);
 load_auth();
 
 // Gewünschte Seite/Funktion
-$p = "start";
+$p = isset ($user) ? "news" : "start";
 if (isset ($_REQUEST['p']))
 	$p = $_REQUEST['p'];
 
@@ -33,6 +35,9 @@ if (in_array($p, $privileges)) {
 		require_once ('includes/pages/user_news.php');
 		$content = user_news();
 	}
+	elseif ($p == "user_messages") {
+		$content = user_messages();
+	}
 	elseif ($p == "user_settings") {
 		require_once ('includes/pages/user_settings.php');
 		$content = user_settings();
@@ -79,6 +84,10 @@ elseif ($p == "faq") {
 	}
 }
 
+// Hinweis für ungelesene Nachrichten
+if (isset ($user) && $p != "user_messages")
+	$content = user_unread_messages() . $content;
+
 echo template_render('../templates/layout.html', array (
 	'theme' => isset ($user) ? $user['color'] : $default_theme,
 	'title' => $title,

www-ssl/nonpublic/einstellungen.php

@@ -1,376 +0,0 @@
-<?php
-require_once ('../bootstrap.php');
-
-$title = "Himmel";
-$header = "Deine pers&ouml;nlichen Einstellungen";
-include "includes/header.php";
-include "includes/crypt.php";
-
-if (!isset ($_POST["action"])) {
-	echo Get_Text("Hallo") . $_SESSION['Nick'] . ",<br />\n\n";
-	Print_Text(13);
-?>
-<hr width="100%">
-<?php Print_Text("pub_einstellungen_Text_UserData"); ?>
-<form action="./einstellungen.php" method="post">
-  <input type="hidden" name="action" value="setUserData">
-  <table>
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Nick"); ?></td>
-      <td><input type="text" name="eNick" size="23" value="<?php echo $_SESSION["Nick"]; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Name"); ?></td>
-      <td><input type="text" name="eName" size="23" value="<?php echo $_SESSION['Name']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Vorname"); ?></td>
-      <td><input type="text" name="eVorname" size="23" value="<?php echo $_SESSION['Vorname']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Alter"); ?></td>
-      <td><input type="text" name="eAlter" size="3" value="<?php echo $_SESSION['Alter']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Telefon"); ?></td>
-      <td><input type="text" name="eTelefon" size="40" value="<?php echo $_SESSION['Telefon']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Handy"); ?></td>
-      <td><input type="text" name="eHandy" size="40" value="<?php echo $_SESSION['Handy']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_DECT"); ?></td>
-      <td><input type="text" name="eDECT" size="4" value="<?php echo $_SESSION['DECT']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_email"); ?></td>
-      <td><input type="text" name="eemail" size="40" value="<?php echo $_SESSION['email']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td>ICQ</td>
-      <td><input type="text" name="eICQ" size="40" value="<?php echo $_SESSION['ICQ']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td>jabber</td>
-      <td><input type="text" name="ejabber" size="40" value="<?php echo $_SESSION['jabber']; ?>"></td>
-    </tr>
-
-    <tr>
-      <td><?php Print_Text("pub_einstellungen_Hometown"); ?></td>
-      <td><input type="text" name="Hometown" size="40" value="<?php echo $_SESSION['Hometown']; ?>"></td>
-    </tr>
-
-<?php
-
-
-	if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
-?>
-    <tr>
-      <td><?php Print_Text("makeuser_T-Shirt"); ?></td>
-      <td><select name="Sizeid">
-        <option <?php if($_SESSION['Size'] == 'S') { echo "selected"; } ?> value="S">S</option>
-        <option <?php if($_SESSION['Size'] == 'M') { echo "selected"; } ?> value="M">M</option>
-        <option <?php if($_SESSION['Size'] == 'L') { echo "selected"; } ?> value="L">L</option>
-        <option <?php if($_SESSION['Size'] == 'XL') { echo "selected"; } ?> value="XL">XL</option>
-        <option <?php if($_SESSION['Size'] == 'XXL') { echo "selected"; } ?> value="XXL">XXL</option>
-        <option <?php if($_SESSION['Size'] == 'XXXL') { echo "selected"; } ?> value="XXXL">XXXL</option>
-      </select></td>
-    </tr>
-<?php
-
-
-	}
-?>
-  </table>
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-<br />
-
-<hr width="100%">
-<?php Print_Text(14); ?>
-<form action="./einstellungen.php" method="post">
-  <input type="hidden" name="action" value="set">
-  <table>
-    <tr><td><?php Print_Text(15); ?></td><td><input type="password" name="old" size="20"></td></tr>
-    <tr><td><?php Print_Text(16); ?></td><td><input type="password" name="new1" size="20"></td></tr>
-    <tr><td><?php Print_Text(17); ?></td><td><input type="password" name="new2" size="20"></td></tr>
-  </table>
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-<br />
-
-<hr width="100%">
-<br />
-<?php Print_Text(18); ?>
-<form action="./einstellungen.php" method="post">
-  <input type="hidden" name="action" value="colour">
-  <table>
-     <tr>
-       <td><?php Print_Text(19); ?></td>
-       <td>
-         <select name="colourid">
-           <option <?php if($_SESSION['color'] == 1) { echo "selected"; } ?> value="1">Standard-Style</option>
-           <option <?php if($_SESSION['color'] == 2) { echo "selected"; } ?> value="2">Rot/Gelber Style</option>
-           <option <?php if($_SESSION['color'] == 3) { echo "selected"; } ?> value="3">Club-Mate Style</option>
-           <option <?php if($_SESSION['color'] == 5) { echo "selected"; } ?> value="5">Debian Style</option>
-           <option <?php if($_SESSION['color'] == 6) { echo "selected"; } ?> value="6">c-base Style</option>
-           <option <?php if($_SESSION['color'] == 7) { echo "selected"; } ?> value="7">Blau/Gelber Style </option>
-           <option <?php if($_SESSION['color'] == 8) { echo "selected"; } ?> value="8">Pastel Style</option>
-           <option <?php if($_SESSION['color'] == 4) { echo "selected"; } ?> value="4">Test Style</option>
-           <option <?php if($_SESSION['color'] == 9) { echo "selected"; } ?> value="9">Test Style 21c3 </option>
-           <option <?php if($_SESSION['color'] == 10) { echo "selected"; } ?> value="10">msquare (cccamp2011)</option>
-         </select>
-       </td>
-     </tr>
-     <tr>
-       <td>Menu</td>
-       <td><input type="radio" name="eMenu" value="L"<?php if($_SESSION['Menu'] == 'L') echo " checked"; ?>>L
-           <input type="radio" name="eMenu" value="R"<?php if($_SESSION['Menu'] == 'R') echo " checked"; ?>>R
-       </td>
-     </tr>
-  </table>
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-<br />
-<hr width="100%">
-<br />
-<?php Print_Text(20); ?>
-<form action="./einstellungen.php" method="post">
-  <input type="hidden" name="action" value="sprache" />
-  <table>
-  <tr>
-    <td><?php Print_Text(21); ?></td>
-    <td>
-      <select name="language">
-        <option value="DE" <?php if($_SESSION['Sprache'] == 'DE') { echo "selected"; } ?>>Deutsch</option>
-        <option value="EN" <?php if($_SESSION['Sprache'] == 'EN') { echo "selected"; } ?>>English</option>
-<?php
-
-
-	/*       <option value="NL" <?php if($_SESSION['Sprache'] == 'NL') { echo "selected"; } ?>>Dutch</option>  */
-?>
-      </select>
-    </td></tr>
-  </table>
-  <input type="submit" value="<?php Print_Text("save"); ?>">
-</form>
-
-<?php
-
-
-	if (get_cfg_var("file_uploads")) {
-		echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
-		echo Get_Text('pub_einstellungen_PictureUpload') . "<br />";
-		echo "<form action=\"./einstellungen.php\" method=\"post\" enctype=\"multipart/form-data\">\n";
-		echo "<input type=\"hidden\" name=\"action\" value=\"sendPicture\">\n";
-		echo "<input name=\"file\" type=\"file\" size=\"50\" maxlength=\"" . get_cfg_var("post_max_size") . "\">\n";
-		echo "(max " . get_cfg_var("post_max_size") . "Byte)<br />\n";
-		echo "<input type=\"submit\" value=\"" . Get_Text("upload"), "\">\n";
-		echo "</form>\n";
-	}
-
-	switch (GetPicturShow($_SESSION['UID'])) {
-		case 'Y' :
-			echo Get_Text('pub_einstellungen_PictureShow') . "<br />";
-			echo displayPictur($_SESSION['UID'], 0);
-			echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
-			echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
-			echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
-			echo "</form>\n";
-			break;
-		case 'N' :
-			echo Get_Text('pub_einstellungen_PictureNoShow') . "<br />";
-			echo displayPictur($_SESSION['UID'], 0);
-			echo "<form action=\"./einstellungen.php\" method=\"post\">\n";
-			echo "<input type=\"hidden\" name=\"action\" value=\"delPicture\">\n";
-			echo "<input type=\"submit\" value=\"" . Get_Text("delete"), "\">\n";
-			echo "</form>\n";
-			echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
-		case '' :
-			echo "<br />\n<hr width=\"100%\">\n<br />\n\n";
-			echo Get_Text(22) . "<br />";
-			echo "\n<form action=\"./einstellungen.php\" method=\"post\">\n";
-			echo "<input type=\"hidden\" name=\"action\" value=\"avatar\">\n";
-			echo "<table>\n";
-			echo "<tr>\n<td>" . Get_Text(23) . "<br /></td>\n</tr>\n";
-			echo "<tr>\n";
-			echo "<td>\n";
-			echo "<select name=\"eAvatar\" onChange=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value  + '.gif'\" onKeyup=\"document.avatar.src = '" . $url . $ENGEL_ROOT . "pic/avatar/avatar' + this.value  + '.gif'\">\n";
-
-			for ($i = 1; file_exists("../pic/avatar/avatar" . $i . ".gif"); $i++)
-				echo "<option value=\"" . $i . "\"" . ($_SESSION['Avatar'] == $i ? " selected" : "") . ">avatar" . $i . "</option>\n";
-
-			echo "</select>&nbsp;&nbsp;\n";
-			echo "<img src=\"" . $url . $ENGEL_ROOT . "pic/avatar/avatar" . $_SESSION['Avatar'] . ".gif\" name=\"avatar\" border=\"0\" align=\"top\">\n";
-			echo "</td>\n</tr>\n";
-			echo "</table>\n";
-			echo "<input type=\"submit\" value=\"" . Get_Text("save") . "\">\n";
-			echo "</form>\n";
-			break;
-	} //CASE
-
-} else {
-	switch ($_POST["action"]) {
-		case 'set' :
-			if ($_POST["new1"] == $_POST["new2"]) {
-				Print_Text(25);
-				$sql = "SELECT * FROM `User` WHERE `UID`='" . $_SESSION['UID'] . "'";
-				$Erg = mysql_query($sql, $con);
-
-				if (PassCrypt($_POST["old"]) == mysql_result($Erg, 0, "Passwort")) {
-					Print_Text(26);
-					Print_Text(27);
-					$usql = "UPDATE `User` SET `Passwort`='" . PassCrypt($_POST["new1"]) . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-					$Erg = mysql_query($usql, $con);
-
-					if ($Erg == 1) {
-						Print_Text(28);
-					} else {
-						Print_Text(29);
-					}
-				} else {
-					Print_Text(30);
-				}
-			} else {
-				Print_Text(31);
-			}
-			break;
-
-		case 'colour' :
-
-			$chsql = "UPDATE `User` SET " .
-			"`color`= '" . $_POST["colourid"] . "', " .
-			"`Menu`= '" . $_POST["eMenu"] . "' " .
-			"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-			$Erg = mysql_query($chsql, $con);
-			echo mysql_error($con);
-			$_SESSION['color'] = $_POST["colourid"];
-			$_SESSION['Menu'] = $_POST["eMenu"];
-			if ($Erg == 1) {
-				Print_Text(32);
-			} else {
-				Print_Text(29);
-			}
-			break;
-
-		case 'sprache' :
-
-			$chsql = "UPDATE `User` SET `Sprache` = '" . $_POST["language"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-			$Erg = mysql_query($chsql, $con);
-			$_SESSION['Sprache'] = $_POST["language"];
-			if ($Erg == 1) {
-				Print_Text(33);
-			} else {
-				Print_Text(29);
-			}
-			break;
-
-		case 'avatar' :
-			$chsql = "UPDATE `User` SET `Avatar`='" . $_POST["eAvatar"] . "' WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-			$Erg = mysql_query($chsql, $con);
-			$_SESSION['Avatar'] = $_POST["eAvatar"];
-			if ($Erg == 1)
-				Print_Text(34);
-			else
-				Print_Text(29);
-			break;
-
-		case 'setUserData' :
-			if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
-				$chsql = "UPDATE `User` SET " .
-				"`Nick`='" . $_POST["eNick"] . "', `Name`='" . $_POST["eName"] . "', " .
-				"`Vorname`='" . $_POST["eVorname"] . "', `Alter`='" . $_POST["eAlter"] . "', " .
-				"`Telefon`='" . $_POST["eTelefon"] . "', `Handy`='" . $_POST["eHandy"] . "', " .
-				"`DECT`='" . $_POST["eDECT"] . "', `email`='" . $_POST["eemail"] . "', " .
-				"`ICQ`='" . $_POST["eICQ"] . "', `jabber`='" . $_POST["ejabber"] . "', " .
-				"`Hometown`='" . $_POST["Hometown"] . "', `Size`='" . $_POST["Sizeid"] . "' " .
-				"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1;";
-			} else {
-				$chsql = "UPDATE `User` SET " .
-				"`Nick`='" . $_POST["eNick"] . "', `Name`='" . $_POST["eName"] . "', " .
-				"`Vorname`='" . $_POST["eVorname"] . "', `Alter`='" . $_POST["eAlter"] . "', " .
-				"`Telefon`='" . $_POST["eTelefon"] . "', `Handy`='" . $_POST["eHandy"] . "', " .
-				"`DECT`='" . $_POST["eDECT"] . "', `email`='" . $_POST["eemail"] . "', " .
-				"`ICQ`='" . $_POST["eICQ"] . "', `jabber`='" . $_POST["ejabber"] . "', " .
-				"`Hometown`='" . $_POST["Hometown"] . "' " .
-				"WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1;";
-			}
-			$Erg = mysql_query($chsql, $con);
-
-			if ($Erg == 1) {
-				$_SESSION['Nick'] = $_POST["eNick"];
-				$_SESSION['Name'] = $_POST["eName"];
-				$_SESSION['Vorname'] = $_POST["eVorname"];
-				$_SESSION['Alter'] = $_POST["eAlter"];
-				$_SESSION['Telefon'] = $_POST["eTelefon"];
-				$_SESSION['Handy'] = $_POST["eHandy"];
-				$_SESSION['DECT'] = $_POST["eDECT"];
-				$_SESSION['email'] = $_POST["eemail"];
-				$_SESSION['ICQ'] = $_POST["eICQ"];
-				$_SESSION['jabber'] = $_POST["ejabber"];
-				$_SESSION['Hometown'] = $_POST["Hometown"];
-				if ($_SESSION['CVS']["Change T_Shirt Size"] == "Y") {
-					$_SESSION['Size'] = $_POST["Sizeid"];
-				} else
-					if ($_SESSION['Size'] != $_POST["Sizeid"]) {
-						array_push($error_messages, "einstellungen.php, change t-shirt size not allowed\n");
-					}
-
-				Print_Text("pub_einstellungen_UserDateSaved");
-			} else {
-				Print_Text(29);
-				echo mysql_error($con);
-			}
-			break;
-
-		case 'sendPicture' :
-			if ($_FILES["file"]["size"] > 0) {
-				if (($_FILES["file"]["type"] == "image/jpeg") || ($_FILES["file"]["type"] == "image/png") || ($_FILES["file"]["type"] == "image/gif")) {
-					$data = addslashes(fread(fopen($_FILES["file"]["tmp_name"], "r"), filesize($_FILES["file"]["tmp_name"])));
-
-					if (GetPicturShow($_SESSION['UID']) == "")
-						$SQL = "INSERT INTO `UserPicture` " .
-						"( `UID`,`Bild`, `ContentType`, `show`) " .
-						"VALUES ('" . $_SESSION['UID'] . "', '$data', '" . $_FILES["file"]["type"] . "', 'N')";
-					else
-						$SQL = "UPDATE `UserPicture` SET " .
-						"`Bild`='$data', " .
-						"`ContentType`='" . $_FILES["file"]["type"] . "', " .
-						"`show`='N' " .
-						"WHERE `UID`='" . $_SESSION['UID'] . "'";
-
-					$res = mysql_query($SQL, $con);
-					if ($res)
-						Print_Text("pub_einstellungen_send_OK");
-					else
-						Print_Text("pub_einstellungen_send_KO");
-
-					echo "<h6>('" . $_FILES["file"]["name"] . "', MIME-Type: " . $_FILES["file"]["type"] . ", " . $_FILES["file"]["size"] . " Byte)</h6>";
-				} else
-					Print_Text("pub_einstellungen_send_KO");
-			} else
-				Print_Text("pub_einstellungen_send_KO");
-			break;
-
-		case 'delPicture' :
-			$chsql = "DELETE FROM `UserPicture` WHERE `UID`='" . $_SESSION['UID'] . "' LIMIT 1";
-			$Erg = mysql_query($chsql, $con);
-			if ($Erg == 1)
-				Print_Text("pub_einstellungen_del_OK");
-			else
-				Print_Text("pub_einstellungen_del_KO");
-			Break;
-	}
-}
-include ("includes/footer.php");
-?>

www-ssl/nonpublic/index.php

@@ -1,77 +0,0 @@
-<?PHP
-include ('../bootstrap.php');
-
-$title = "Index";
-$header = "Index";
-
-include ("config/config_db.php");
-include ("includes/crypt.php");
-
-session_start(); // alte Session - falls vorhanden - wiederherstellen...
-
-function LoginOK() {
-	include ("config/config.php");
-	header("HTTP/1.1 302 Moved Temporarily");
-	header("Location: " . $url . $ENGEL_ROOT . "nonpublic/news.php");
-}
-
-if (!IsSet ($_POST["user"])) { // User ist bereits angemeldet... normaler Inhalt...
-	LoginOK();
-} else { // User ist noch nicht angemeldet 
-	$sql = "SELECT * FROM `User` WHERE `Nick`='" . $_POST["user"] . "'";
-	$userstring = mysql_query($sql, $con);
-
-	// anzahl zeilen
-	$user_anz = mysql_num_rows($userstring);
-
-	if ($user_anz == 1) { // Check, ob User angemeldet wird...
-		if (mysql_result($userstring, 0, "Passwort") == PassCrypt($_POST["password"])) { // Passwort ok...
-			// Session wird eingeleitet und Session-Variablen gesetzt..
-			//  session_start();
-			session_name("Himmel");
-			$_SESSION['UID'] = mysql_result($userstring, 0, "UID");
-			$_SESSION['Nick'] = mysql_result($userstring, 0, "Nick");
-			$_SESSION['Name'] = mysql_result($userstring, 0, "Name");
-			$_SESSION['Vorname'] = mysql_result($userstring, 0, "Vorname");
-			$_SESSION['Alter'] = mysql_result($userstring, 0, "Alter");
-			$_SESSION['Telefon'] = mysql_result($userstring, 0, "Telefon");
-			$_SESSION['Handy'] = mysql_result($userstring, 0, "Handy");
-			$_SESSION['DECT'] = mysql_result($userstring, 0, "DECT");
-			$_SESSION['email'] = mysql_result($userstring, 0, "email");
-			$_SESSION['ICQ'] = mysql_result($userstring, 0, "ICQ");
-			$_SESSION['jabber'] = mysql_result($userstring, 0, "jabber");
-			$_SESSION['Size'] = mysql_result($userstring, 0, "Size");
-			$_SESSION['Gekommen'] = mysql_result($userstring, 0, "Gekommen");
-			$_SESSION['Aktiv'] = mysql_result($userstring, 0, "Aktiv");
-			$_SESSION['Tshirt'] = mysql_result($userstring, 0, "Tshirt");
-			$_SESSION['Menu'] = mysql_result($userstring, 0, "Menu");
-			$_SESSION['color'] = mysql_result($userstring, 0, "color");
-			$_SESSION['Avatar'] = mysql_result($userstring, 0, "Avatar");
-			$_SESSION['Sprache'] = mysql_result($userstring, 0, "Sprache");
-			$_SESSION['Hometown'] = mysql_result($userstring, 0, "Hometown");
-			$_SESSION['IP'] = $_SERVER['REMOTE_ADDR'];
-
-			// CVS import Data
-			$SQL = "SELECT * FROM `UserCVS` WHERE `UID`='" . $_SESSION['UID'] . "'";
-			$Erg_CVS = mysql_query($SQL, $con);
-			$_SESSION['CVS'] = mysql_fetch_array($Erg_CVS);
-
-			LoginOK();
-		} else { // Passwort nicht ok...
-			$ErrorText = "pub_index_pass_no_ok";
-		} // Ende Passwort-Check
-	} else { // Anzahl der User in User-Tabelle <> 1 --> keine Anmeldung
-		if ($user_anz == 0)
-			$ErrorText = "pub_index_User_unset";
-		else
-			$ErrorText = "pub_index_User_more_as_one";
-	} // Ende Check, ob User angemeldet wurde
-}
-include ("includes/header.php");
-if (isset ($ErrorText))
-	echo "<h2>" . Get_Text($ErrorText) . "</h2><br />\n";
-include ("includes/login_eingabefeld.php");
-include ("includes/footer.php");
-?>
-
-