" . $title . "\n"; $o .= registerUser(); } // Handling of forgotten password page } elseif($pageName == html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['forgot_password']))) { if(!in_array($plugin_tx[$plugin]['forgot_password'], $h)) { $title = $plugin_tx[$plugin]['forgot_password']; $o .= "

" . $title . "

\n"; $o .= registerForgotPassword(); } // Handling of user preferences page } elseif($pageName == html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['user_prefs']))) { if(!in_array($plugin_tx[$plugin]['user_prefs'], $h)) { $title = $plugin_tx[$plugin]['user_prefs']; $o .= "

" . $title . "

\n"; $o .= registerUserPrefs(); } } elseif($pageName == html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['loggin_error']))) { if(!in_array($plugin_tx[$plugin]['loggin_error'], $h)) { $title = $plugin_tx[$plugin]['loggin_error']; $o .= "

" . $title . "

\n"; $o .= $plugin_tx[$plugin]['loggin_error_text']; } } elseif($pageName == html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['access_error']))) { if(!in_array($plugin_tx[$plugin]['access_error'], $h)) { $title = $plugin_tx[$plugin]['access_error']; $o .= "

" . $title . "

\n"; $o .= $plugin_tx[$plugin]['access_error_text']; } } } // Handle administrator mode ==================================================== if(!($adm) && isset($_GET['action']) && $_GET['action'] == "admin_mode" && isset($_SESSION['username'],$_SESSION['fullname'], $_SESSION['email'], $_SESSION['accessgroups'], $_SESSION['sessionnr']) && $_SESSION['sessionnr'] == session_id() && in_array($plugin_cf[$plugin]['group_administrator'], $_SESSION['accessgroups'])===true) { setcookie('status','adm'); setcookie('passwd',$cf['security']['password']); $adm=true; $edit=true; writelog(date("Y-m-d H:i:s")." from ".sv('REMOTE_ADDR')." logged_in\n"); } // Handling of login/logout ===================================================== $isSession = session('sessionnr') == session_id() && isset($_SESSION['username'], $_SESSION['fullname'], $_SESSION['email'], $_SESSION['accessgroups'], $_SESSION['sessionnr']); if(eregi("true",$plugin_cf[$plugin]['remember_user']) && isset($_COOKIE['username'], $_COOKIE['password']) && !$isSession) $function = "registerlogin"; if(!$isSession && $function == "registerlogin") registerLogin(); if($isSession && $function == "registerlogout") registerLogout(); if(!($edit&&$adm) && eregi("true",$plugin_cf[$plugin]['hide_pages'])) { if(isset($_SESSION['accessgroups'])) registerRemoveHiddenPages($_SESSION['accessgroups']); else registerRemoveHiddenPages(array()); } /**************************************************************************** * Function Definitions * ****************************************************************************/ /* * Login as user */ function registerLogin() { global $_SESSION, $_POST, $_COOKIE, $pth, $plugin_cf, $plugin_tx, $h, $sn; $plugin = basename(dirname(__FILE__),"/"); $secret = "LoginSecretWord"; $rememberPeriod = 24*60*60*100; $logFile = $pth['folder']['plugins'] . $plugin . '/logfile/logfile.txt'; if(session('sessionnr') == session_id() && isset($_SESSION['username'], $_SESSION['fullname'], $_SESSION['email'], $_SESSION['accessgroups'], $_SESSION['sessionnr'])) die("A session is already active. You cannot login on top of it!"); $username = htmlspecialchars(isset($_POST['username']) ? $_POST['username'] : ""); $password = htmlspecialchars(isset($_POST['password']) ? $_POST['password'] : ""); $remember = htmlspecialchars(isset($_POST['remember']) ? $_POST['remember'] : ""); // encrypt password if configured that way if(eregi("true", $plugin_cf[$plugin]['encrypt_password'])) $password = crypt($password, $password); // set username and password in case cookies are set if(isset($_COOKIE['username'], $_COOKIE['password'])){ $username = $_COOKIE['username']; $passwordHash = $_COOKIE['password']; } else $passwordHash = md5($secret.$password); // read user file in CSV format separated by colons $userArray = registerReadUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile']); // search user in CSV data $entry = registerSearchUserArray($userArray, 'username', $username); // check password and set session variables if($entry && $entry['username'] == $username && $passwordHash == md5($secret.$entry['password'])) { // Login Success ------------------------------------------------------------ // set cookies if requested by user if(isset($_POST['remember'])){ setcookie("username", $username, time() + $rememberPeriod, "/"); setcookie("password", $passwordHash, time() + $rememberPeriod, "/"); } $_SESSION['sessionnr'] = session_id(); $_SESSION['username'] = $entry['username']; $_SESSION['fullname'] = $entry['name']; $_SESSION['accessgroups'] = $entry['accessgroups']; $_SESSION['email'] = $entry['email']; // write line to log-file if(eregi("true",$plugin_cf[$plugin]['logfile'])){ $logfile = fopen($pth['folder']['plugins'].$plugin.'/logfile/logfile.txt', 'a'); fwrite($logfile, date("Y-m-d H:i:s") . " $username logged in\n"); fclose($logfile); } // go to login page if exists or go to page where you came from $pageTitle = preg_replace("/ /", "_", $plugin_tx[$plugin]['loggedin']); if(in_array($plugin_tx[$plugin]['loggedin'], $h)) header('Location: ' . $sn . '?' . $pageTitle); else header('Location: ' . sv('REQUEST_URI')); exit; } else { // Login Error -------------------------------------------------------------- // clear cookies if(isset($_COOKIE['username'], $_COOKIE['password'])){ setcookie("username", "", time() - $rememberPeriod, "/"); setcookie("password", "", time() - $rememberPeriod, "/"); } // write line to log-file if(eregi("true",$plugin_cf[$plugin]['logfile'])){ $logfile = fopen($logFile, 'a'); fwrite($logfile, date("Y-m-d H:i:s") . " $username wrong password\n"); fclose($logfile); } // go to login error page if exists or to default page otherwise $errorTitle = html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['loggin_error'])); header('Location: ' . $sn . '?' . $errorTitle); exit; } } /* * Logout user */ function registerLogout() { global $_SESSION, $_COOKIE, $plugin_cf, $plugin_tx, $sn, $h, $pth; $plugin = basename(dirname(__FILE__),"/"); $rememberPeriod = 24*60*60*100; $logFile = $pth['folder']['plugins'] . $plugin . '/logfile/logfile.txt'; $username = session('username'); // clear all session variables $_SESSION = array(); // end session session_destroy(); // clear cookies if(isset($_COOKIE['username'], $_COOKIE['password'])){ setcookie("username", "", time() - $rememberPeriod, "/"); setcookie("password", "", time() - $rememberPeriod, "/"); } // write line to log-file if(eregi("true",$plugin_cf[$plugin]['logfile'])){ $logfile = fopen($logFile, 'a'); fwrite($logfile, date("Y-m-d H:i:s") . " $username logged out\n"); fclose($logfile); } // go to logout page if exists or go to page where you came from if(in_array($plugin_tx[$plugin]['loggedout'], $h)) header('Location: '.$sn.'?'. $pageTitle); else header('Location: ' . $sn); exit; } /* * Remove access restricted pages. Supported are multiple groups per page and * multiple user groups. */ function registerRemoveHiddenPages($userGroups) { global $cl, $c, $cf; $function = "access"; for($i = 0; $i < $cl; $i++) { // find #CMSimple scripting tag if(preg_match("/".$cf['scripting']['regexp']."/is",$c[$i])) { $plugindata = preg_replace(array("'&(quot|#34);'i","'&(apos|#39);'i","'\"'i"),array("'","'","'"),$c[$i]); // check if access function is contained in scripting tag if(strpos($plugindata, "$function(") !== false) { $arguments = strip_tags(stristr($plugindata, "$function(")); // extract single argument in quotes $arguments = preg_replace("/$function\w*\(\w*['\"]([A-Za-z0-9_,-]+)['\"]\w*\)\w*;(.*)/is", '$1', $arguments); // remove spaces etc. $arguments = preg_replace("/[ \t\r\n]*/", '', $arguments); // convert arguments to list $groupNames = explode(",", $arguments); unset($_SESSION['page']); // find page group in user's groups $intersection = array_intersect($groupNames, $userGroups); if(count($intersection)==0) { $c[$i] = '#CMSimple hide#'; } } } } $c = array_values($c); $cl = count($c); } /* * Access function to be called from inside CMSimple scripting tag. */ function access($groupString) { global $_SESSION, $plugin_tx; $plugin = basename(dirname(__FILE__),"/"); // remove spaces etc. $groupString = preg_replace("/[ \t\r\n]*/", '', $groupString); $groupNames = explode(",", $groupString); $o = ""; if(!isset($_SESSION['username'], $_SESSION['fullname'], $_SESSION['email'], $_SESSION['accessgroups'], $_SESSION['sessionnr']) || $_SESSION['sessionnr'] != session_id() || count(array_intersect($groupNames, $_SESSION['accessgroups']))==0) { // go to access error page $pageTitle = html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['access_error'])); header('Location: '.$sn.'?'. $pageTitle); exit; } return $o; } /* * Get a session variable */ function session($s){ global $_SESSION; if(isset($_SESSION[$s])) return $_SESSION[$s]; else return''; } /* * Activate user in user CSV file. */ function registerActivateUser($user, $captcha) { GLOBAL $plugin_tx,$plugin_cf,$pth; $plugin = basename(dirname(__FILE__),"/"); $ERROR = ""; $o = ""; // read user file in CSV format separated by colons $userArray = registerReadUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile']); // check if user or other user for same email address exists $entry = registerSearchUserArray($userArray, 'username', $user); if($entry === false) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_username_notfound'] . $user . "
  • \n"; else { if(!isset($entry['status']) || $entry['status'] == "") $ERROR .= "
  • " . $plugin_tx[$plugin]['err_status_empty'] . "
  • \n"; $status = md5_decrypt($captcha, $plugin_cf[$plugin]['captcha_crypt']); if($status != $entry['status']) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_status_invalid'] . "($status<>" . $entry['status'] . ")
  • \n"; } if($ERROR != "") $o .= '' . $plugin_tx[$plugin]['error'] . "\n" . "\n"; else { $entry['status'] = "activated"; $entry['accessgroups'] = array($plugin_cf[$plugin]['group_activated']); $userArray = registerReplaceUserEntry($userArray, $entry); registerWriteUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'],$userArray); $o .= "" . $plugin_tx[$plugin]['activated'] . "\n"; } return $o; } /* * Read a group csv file into an array. */ function registerReadGroups($filename) { GLOBAL $plugin_cf; $plugin = basename(dirname(__FILE__),"/"); $groupArray = array(); if(is_file($filename)){ $fp = fopen($filename, "r"); while (!feof($fp)) { $line = fgets($fp, 4096); if($line != "" && !strpos($line, "//")) { list($groupname,$dummy) = split( "[:\n]", $line); // line must not start with '//' and all fields must be set if(strpos($groupname, "//") === false && $groupname != "") { $entry = array( 'groupname' => $groupname ); $groupArray[] = $entry; } } } } fclose($fp); return $groupArray; } /* * Write an array into a group csv file. */ function registerWriteGroups($filename, $array) { GLOBAL $plugin_cf; $plugin = basename(dirname(__FILE__),"/"); // remove old backup if(is_file($filename . ".bak")) unlink($filename . ".bak"); // create new backup $permissions = false; $owner = false; $group = false; if(is_file($filename)) { $owner = fileowner($filename); $group = filegroup($filename); $permissions = fileperms($filename); rename($filename, $filename . ".bak"); } $fp = fopen($filename, "w"); if($fp === false) return false; // write comment line to file $line = "// Register Plugin Group Definitions\n" . "// Line Format:\n" . "// groupname\n"; if(!fwrite($fp, $line)) { fclose($fp); return false; } foreach($array as $entry) { $groupname = $entry['groupname']; $line = "$groupname\n"; if(!fwrite($fp, $line)) { fclose($fp); return false; } } fclose($fp); // change owner, group and permissions of new file to same as backup file if($owner !== false) $chown = chown($filename, $owner); if($group !== false) $chgrp = chgrp($filename, $group); if($permissions !== false) $chmod = chmod($filename, $permissions); return true; } /* * Read a csv file into an array. */ function registerReadUsers($filename) { GLOBAL $plugin_cf; $plugin = basename(dirname(__FILE__),"/"); $userArray = array(); if(is_file($filename)){ $fp = fopen($filename, "r"); while (!feof($fp)) { $line = fgets($fp, 4096); if($line != "" && strpos($line, '//')=== false) { list($username,$password,$accessgroups,$name,$email,$status,$dummy) = split( "[:\n]", $line); // line must not start with '//' and all fields must be set if($username != "" && $password != "" && $accessgroups != "" && $name != "" && $email != "" && $status != "") { $entry = array( 'username' => $username, 'password' => $password, 'accessgroups' => explode(',', $accessgroups), 'name' => $name, 'email' => $email, 'status' => $status); $userArray[] = $entry; } } } } fclose($fp); return $userArray; } /* * Write an array into a csv file. */ function registerWriteUsers($filename, $array) { GLOBAL $plugin_cf; $plugin = basename(dirname(__FILE__),"/"); // remove old backup if(is_file($filename . ".bak")) unlink($filename . ".bak"); // create new backup $permissions = false; $owner = false; $group = false; if(is_file($filename)) { $owner = fileowner($filename); $group = filegroup($filename); $permissions = fileperms($filename); rename($filename, $filename . ".bak"); } $fp = fopen($filename, "w"); if($fp === false) return false; // write comment line to file $line = "// Register Plugin user Definitions\n" . "// Line Format:\n" . "// login:password:accessgroup1,accessgroup2,...:fullname:email:status\n"; if(!fwrite($fp, $line)) { fclose($fp); return false; } foreach($array as $entry) { $username = $entry['username']; $password = $entry['password']; $accessgroups = implode(',', $entry['accessgroups']); $fullname = $entry['name']; $email = $entry['email']; $status = $entry['status']; $line = "$username:$password:$accessgroups:$fullname:$email:$status\n"; if(!fwrite($fp, $line)) { fclose($fp); return false; } } fclose($fp); // change owner, group and permissions of new file to same as backup file if($owner !== false) $chown = chown($filename, $owner); if($group !== false) $chgrp = chgrp($filename, $group); if($permissions !== false) $chmod = chmod($filename, $permissions); return true; } /* * Add new user to array. */ function registerAddUser($array, $username, $password, $accessgroups, $name, $email, $status) { $entry = array( 'username' => $username, 'password' => $password, 'accessgroups' => $accessgroups, 'name' => $name, 'email' => $email, 'status' => $status); $array[] = $entry; return $array; } /* * Search array of user entries for key and value. * Arguments: * $array array of user entries * $key key in user entry to look for * $value value to match user entry key * * Returns: * false in case of no value found * $entry found user entry */ function registerSearchUserArray($array, $key, $value) { foreach($array as $entry) { if(isset($entry[$key]) && $entry[$key] == $value) return $entry; } return false; } /* * Replace user entry in array. * Arguments: * $array array of user entries * $newentry user entry to replace * * Returns: * $newarray updated array */ function registerReplaceUserEntry($array, $newentry) { $newarray = array(); $username = $newentry['username']; foreach($array as $entry) { if(isset($entry['username']) && $entry['username'] == $username) $newarray[] = $newentry; else $newarray[] = $entry; } return $newarray; } /* * Delete user entry in array. * Arguments: * $array array of user entries * $username username for which entry should get removed in array * * Returns: * $newarray updated array */ function registerDeleteUserEntry($array, $username) { $newarray = array(); foreach($array as $entry) { if(isset($entry['username']) && $entry['username'] != $username) $newarray[] = $entry; } return $newarray; } /* * Check entry for completeness. */ function registerCheckEntry($name, $username, $password1, $password2, $email) { GLOBAL $plugin_tx,$plugin_cf; $plugin = basename(dirname(__FILE__),"/"); $ERROR = ""; // check for empty or illegal/wrong fields if($name == "" || !preg_match("/^\S+( \S+)+$/", $name)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_name'] . "
  • \n"; if($username == "") $ERROR .= "
  • " . $plugin_tx[$plugin]['err_username'] . "
  • \n"; elseif(!preg_match("/^[A-Za-z0-9_]+$/", $username)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_username_illegal'] . "
  • \n"; if($password1 == "") $ERROR .= "
  • " . $plugin_tx[$plugin]['err_password'] . "
  • \n"; elseif(!preg_match("/^[A-Za-z0-9_]+$/", $password1)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_password_illegal'] . "
  • \n"; if($password2 == "" || $password1 != $password2) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_password2'] . "
  • \n"; if($email == "") $ERROR .= "
  • " . $plugin_tx[$plugin]['err_email'] . "
  • \n"; elseif (!preg_match("/^[^\s()<>@,;:\"\/\[\]?=]+@\w[\w-]*(\.\w[\w-]*)*\.[a-z]{2,}$/i",$email)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_email_invalid'] . "
  • \n"; return $ERROR; } /* * Check entry for contained colons. */ function registerCheckColons($name, $username, $password1, $email) { GLOBAL $plugin_tx,$plugin_cf; $plugin = basename(dirname(__FILE__),"/"); $ERROR = ""; if(strpos($name, ":") !== false) $ERROR .= "
  • " . $plugin_tx[$plugin]['name'] . " " . $plugin_tx[$plugin]['err_colon'] . "
  • \n"; if(strpos($username, ":") !== false) $ERROR .= "
  • " . $plugin_tx[$plugin]['username'] . " " . $plugin_tx[$plugin]['err_colon'] . "
  • \n"; if(strpos($password1, ":") !== false) $ERROR .= "
  • " . $plugin_tx[$plugin]['password'] . " " . $plugin_tx[$plugin]['err_colon'] . "
  • \n"; if(strpos($email, ":") !== false) $ERROR .= "
  • " . $plugin_tx[$plugin]['email'] . " " . $plugin_tx[$plugin]['err_colon'] . "
  • \n"; return $ERROR; } /* * Create HTML registration form. */ function registerForm($code, $name, $username, $password1, $password2, $email) { GLOBAL $plugin_tx, $plugin_cf; $plugin = basename(dirname(__FILE__),"/"); $o = '
    ' . "\n". "
    \n" . "" . $plugin_tx[$plugin]['register'] . "\n" . '' . "\n" . '' . "\n". '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". " \n" . '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". " \n" . '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". " \n" . '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". '' . "\n"; if($plugin_cf[$plugin]['captcha_mode'] != "none") { $o .= '' . "\n". ' ' . "\n". ' ' . "\n". ' ' . "\n". '' . "\n"; } $o .= '' . "\n". ' ' . "\n". '
    ' . $plugin_tx[$plugin]['name'] . '
    ' . $plugin_tx[$plugin]['username'] . '
    ' . $plugin_tx[$plugin]['password'] . '
    ' . $plugin_tx[$plugin]['password2'] . '
    ' . $plugin_tx[$plugin]['email'] . '
    ' . $plugin_tx[$plugin]['code'] . '' . getCaptchaHtml("register_captcha", $code, (int)$plugin_cf[$plugin]['captcha_image_width'], (int)$plugin_cf[$plugin]['captcha_image_height'], $plugin_cf[$plugin]['captcha_crypt'], $plugin_cf[$plugin]['captcha_mode']) . '
    ' . "\n" . "
    \n"; return $o; } /* * Function to create and handle register form (Top Level Function). * */ function registerUser() { GLOBAL $plugin_tx,$plugin_cf,$pth, $sn; $plugin = basename(dirname(__FILE__),"/"); // In case user is logged in, no registration page is shown if(session('sessionnr') == session_id() && isset($_SESSION['username'], $_SESSION['fullname'], $_SESSION['email'], $_SESSION['accessgroups'], $_SESSION['sessionnr'])) { header('Location: ' . $sn); exit; } checkGD(); $ERROR = ""; $o = ""; // Get form data if available $action = isset($_POST['action']) ? $_POST['action'] : ""; $name = htmlspecialchars(isset($_POST['name']) ? $_POST['name'] : ""); $username = htmlspecialchars(isset($_POST['username']) ? $_POST['username'] : ""); $password1 = htmlspecialchars(isset($_POST['password1']) ? $_POST['password1'] : ""); $password2 = htmlspecialchars(isset($_POST['password2']) ? $_POST['password2'] : ""); $email = htmlspecialchars(isset($_POST['email']) ? $_POST['email'] : ""); $captcha = isset($_POST['captcha']) ? $_POST['captcha'] : ""; $validate = isset($_POST['validate']) ? $_POST['validate'] : ""; $REMOTE_ADDR = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""; // Form Handling if(isset($_POST['action']) && $action == "register_user") { $ERROR .= registerCheckEntry($name, $username, $password1, $password2, $email); if($plugin_cf[$plugin]['captcha_mode'] != "none") { if($plugin_cf[$plugin]['captcha_mode'] == "image") $code = md5_decrypt($captcha, $plugin_cf[$plugin]['captcha_crypt']); elseif($plugin_cf[$plugin]['captcha_mode'] == "formula") eval('$code=' . md5_decrypt($captcha, $plugin_cf[$plugin]['captcha_crypt']) . ";"); if($validate == "" || strtolower($validate) != $code) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_validation'] . "
  • "; } // check for colons in fields $ERROR .= registerCheckColons($name, $username, $password1, $email); // read user file in CSV format separated by colons $userArray = registerReadUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile']); // check if user or other user for same email address exists if(registerSearchUserArray($userArray, 'username', $username) !== false) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_username_exists'] . "
  • \n"; if(registerSearchUserArray($userArray, 'email', $email) !== false) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_email_exists'] . "
  • \n"; // generate another captcha code for the user activation email $status = generateRandomCode((int)$plugin_cf[$plugin]['captcha_chars']); if(eregi("true", $plugin_cf[$plugin]['encrypt_password'])) $userArray = registerAddUser($userArray, $username, crypt($password1, $password1), array($plugin_cf[$plugin]['group_default']), $name, $email, $status); else $userArray = registerAddUser($userArray, $username, $password1, array($plugin_cf[$plugin]['group_default']), $name, $email, $status); // write CSV file if no errors occurred so far if($ERROR=="" && !registerWriteUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'], $userArray)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_cannot_write_csv'] . " (" . $pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'] . ")" . "
  • \n"; if($ERROR != "") $o .= '' . $plugin_tx[$plugin]['error'] . "\n" . "\n"; else { // prepare email content for registration activation $content = $plugin_tx[$plugin]['emailtext1'] . "\n\n" . " " . $plugin_tx[$plugin]['name'] . ": $name \n" . " " . $plugin_tx[$plugin]['username'] . ": $username \n" . " " . $plugin_tx[$plugin]['password'] . ": $password1 \n" . " " . $plugin_tx[$plugin]['email'] . ": $email \n" . " " . $plugin_tx[$plugin]['fromip'] . ": $REMOTE_ADDR \n\n" . $plugin_tx[$plugin]['emailtext2'] . "\n\n" . "http://" . $_SERVER['SERVER_NAME'] . sv('REQUEST_URI') . "&" . "action=registerActivateUser&username=$username&captcha=" . md5_encrypt($status, $plugin_cf[$plugin]['captcha_crypt']); // send activation email mail( $email, $plugin_tx[$plugin]['emailsubject'] . " " . $_SERVER['SERVER_NAME'], $content, 'From: ' . $plugin_cf[$plugin]['senderemail'] . "\r\n" . 'Bcc: ' . $plugin_cf[$plugin]['senderemail'] ); $o .= "" . $plugin_tx[$plugin]['registered'] . ""; return $o; } } elseif(isset($_GET['action']) && $_GET['action'] == 'registerActivateUser' && isset($_GET['username']) && isset($_GET['captcha'])) { $o .= registerActivateUser($_GET['username'], $_GET['captcha']); return $o; } // Form Creation if($captcha == "" || md5_decrypt($captcha, $plugin_cf[$plugin]['captcha_crypt']) == "") { if($plugin_cf[$plugin]['captcha_mode'] == "image") $code = generateRandomCode((int)$plugin_cf[$plugin]['captcha_chars']); else if($plugin_cf[$plugin]['captcha_mode'] == "formula") $code = generateCaptchaFormula((int)$plugin_cf[$plugin]['captcha_chars']); else $code = ""; } else $code = md5_decrypt($captcha, $plugin_cf[$plugin]['captcha_crypt']); $o .= registerForm($code, $name, $username, $password1, $password2, $email); return $o; } /* * Create form to request reminder email for user/password. */ function registerForgotForm($email) { GLOBAL $plugin_tx,$plugin_cf; $plugin = basename(dirname(__FILE__),"/"); $o = "
    \n" . "" . $plugin_tx[$plugin]['forgot_password'] . "\n" . '' . "\n" . '' . '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". ' ' . "\n". '
    ' . $plugin_tx[$plugin]['email'] . '
    ' . "\n"; return $o; } /* * Function to create and handle forgotten password form (Top Level Function) */ function registerForgotPassword() { GLOBAL $plugin_tx,$plugin_cf,$pth,$sn; $plugin = basename(dirname(__FILE__),"/"); // In case user is logged in, no registration page is shown if(session('sessionnr') == session_id() && isset($_SESSION['username'], $_SESSION['fullname'], $_SESSION['email'], $_SESSION['accessgroups'], $_SESSION['sessionnr'])) { header('Location: ' . $sn); exit; } checkGD(); $ERROR = ""; $o = "

    " . $plugin_tx[$plugin]['reminderexplanation'] . "

    \n"; // Get form data if available $action = isset($_POST['action']) ? $_POST['action'] : ""; $email = htmlspecialchars(isset($_POST['email']) ? $_POST['email'] : ""); // Form Handling if(isset($_POST['action']) && $action == "forgotten_password") { if($email == "") $ERROR .= "
  • " . $plugin_tx[$plugin]['err_email'] . "
  • \n"; elseif (!preg_match("/^[^\s()<>@,;:\"\/\[\]?=]+@\w[\w-]*(\.\w[\w-]*)*\.[a-z]{2,}$/i",$email)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_email_invalid'] . "
  • \n"; // read user file in CSV format separated by colons $userArray = registerReadUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile']); // search user for email $user = registerSearchUserArray($userArray, 'email', $email); if(!$user) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_email_does_not_exist'] . "
  • \n"; // in case of encrypted password a new random password will be generated // and its value be written back to the CSV file if($ERROR=="" && eregi("true", $plugin_cf[$plugin]['encrypt_password'])) { $password = generateRandomCode(8); $user['password'] = crypt($password, $password); $userArray = registerReplaceUserEntry($userArray, $user); if(!registerWriteUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'], $userArray)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_cannot_write_csv'] . " (" . $pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'] . ")" . "
  • \n"; } else $password = $user['password']; if($ERROR != "") $o .= '' . $plugin_tx[$plugin]['error'] . "\n" . "\n"; else { // prepare email content for user data email $content = $plugin_tx[$plugin]['emailtext1'] . "\n\n" . " " . $plugin_tx[$plugin]['name'] . ": " . $user['name'] . "\n" . " " . $plugin_tx[$plugin]['username'] . ": " . $user['username'] . "\n" . " " . $plugin_tx[$plugin]['password'] . ": " . $password . "\n" . " " . $plugin_tx[$plugin]['email'] . ": " . $user['email'] . "\n"; // send reminder email mail( $email, $plugin_tx[$plugin]['reminderemailsubject'] . " " . $_SERVER['SERVER_NAME'], $content, 'From: ' . $plugin_cf[$plugin]['senderemail'] . "\r\n" . 'Bcc: ' . $plugin_cf[$plugin]['senderemail'] ); $o .= "" . $plugin_tx[$plugin]['remindersent'] . ""; return $o; } } // Form Creation $o .= registerForgotForm($email); return $o; } /* * Create HTML user preferences form. */ function registerUserPrefsForm($name, $email) { GLOBAL $plugin_tx,$plugin_cf; $plugin = basename(dirname(__FILE__),"/"); $o = "

    " . $plugin_tx[$plugin]['changeexplanation'] . "

    \n"; $o .= "
    \n" . "" . $plugin_tx[$plugin]['user_prefs'] . "\n" . '' . "\n" . '' . '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". " \n" . '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". " \n" . '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". " \n" . '' . "\n". '' . "\n". ' ' . "\n". ' ' . "\n". '' . "\n". '' . "\n". " \n" . "\n" . "
    ' . $plugin_tx[$plugin]['name'] . '
    ' . $plugin_tx[$plugin]['oldpassword'] . '
    ' . $plugin_tx[$plugin]['password'] . '
    ' . $plugin_tx[$plugin]['password2'] . '
    ' . $plugin_tx[$plugin]['email'] . '
    \n" . " \n" . " \n" . "
    \n"; return $o; } /* * Function to create and handle user preferences form (Top Level Function). * */ function registerUserPrefs() { GLOBAL $plugin_tx,$plugin_cf,$pth,$_SESSION; $plugin = basename(dirname(__FILE__),"/"); $ERROR = ""; $o = ""; if(!isset($_SESSION['username'],$_SESSION['fullname'],$_SESSION['email'],$_SESSION['sessionnr']) || session('sessionnr') != session_id()) { return $plugin_tx[$plugin]['access_error_text']; } // Get form data if available $action = isset($_POST['action']) ? $_POST['action'] : ""; $oldpassword = htmlspecialchars(isset($_POST['oldpassword']) ? $_POST['oldpassword'] : ""); $name = htmlspecialchars(isset($_POST['name']) ? $_POST['name'] : ""); $password1 = htmlspecialchars(isset($_POST['password1']) ? $_POST['password1'] : ""); $password2 = htmlspecialchars(isset($_POST['password2']) ? $_POST['password2'] : ""); $email = htmlspecialchars(isset($_POST['email']) ? $_POST['email'] : ""); $REMOTE_ADDR = isset($_SERVER['REMOTE_ADDR']) ? $_SERVER['REMOTE_ADDR'] : ""; // set user name from session $username = isset($_SESSION['username']) ? $_SESSION['username'] : ""; // read user file in CSV format separated by colons $userArray = registerReadUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile']); // search user in CSV data $entry = registerSearchUserArray($userArray, 'username', $username); if($entry === false) die($plugin_tx[$plugin]['err_username_does_not_exist'] . " ('" . $username . "')"); // Test if user is locked if ($entry['status'] == "locked") { $o .= "" . $plugin_tx[$plugin]['user_locked'] . ": $username.\n"; return $o; } // Form Handling - Change User ================================================ if($username!="" && isset($_POST['submit']) && $action == "edit_user_prefs") { // check that old password got entered correctly if(!eregi("true", $plugin_cf[$plugin]['encrypt_password']) && $oldpassword != $entry['password']) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_old_password_wrong'] . "
  • \n"; elseif(eregi("true", $plugin_cf[$plugin]['encrypt_password']) && crypt($oldpassword, $oldpassword) != $entry['password']) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_old_password_wrong'] . "
  • \n"; if($password1 == "" && $password2 == "") { $password1 = $oldpassword; $password2 = $oldpassword; } if($email == "") $email = $entry['email']; if($name == "") $name = $entry['name']; $ERROR .= registerCheckEntry($name, $username, $password1, $password2, $email); // check for colons in fields $ERROR .= registerCheckColons($name, $username, $password1, $email); $oldemail = $entry['email']; // read user entry, update it and write it back to CSV file if($ERROR=="") { if(eregi("true", $plugin_cf[$plugin]['encrypt_password'])) $entry['password'] = crypt($password1, $password1); else $entry['password'] = $password1; $entry['email'] = $email; $entry['name'] = $name; $userArray = registerReplaceUserEntry($userArray, $entry); // write CSV file if no errors occurred so far if(!registerWriteUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'], $userArray)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_cannot_write_csv'] . " (" . $pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'] . ")" . "
  • \n"; } if($ERROR != "") $o .= '' . $plugin_tx[$plugin]['error'] . "\n" . "\n"; else { // update session variables $_SESSION['email'] = $email; $_SESSION['fullname'] = $name; // prepare email for user information about updates $content = $plugin_tx[$plugin]['emailprefsupdated'] . "\n\n" . " " . $plugin_tx[$plugin]['name'] . ": $name \n" . " " . $plugin_tx[$plugin]['username'] . ": $username \n" . " " . $plugin_tx[$plugin]['password'] . ": $password1 \n" . " " . $plugin_tx[$plugin]['email'] . ": $email \n" . " " . $plugin_tx[$plugin]['fromip'] . ": $REMOTE_ADDR\n"; // send update email mail( $email, $plugin_tx[$plugin]['prefsemailsubject'] . " " . $_SERVER['SERVER_NAME'], $content, 'From: ' . $plugin_cf[$plugin]['senderemail'] . "\r\n" . 'Cc: ' . $oldemail . "\r\n" . 'Bcc: ' . $plugin_cf[$plugin]['senderemail'] ); $o .= "" . $plugin_tx[$plugin]['prefsupdated'] . ""; return $o; } } elseif($username!="" && isset($_POST['delete']) && $action == "edit_user_prefs") { // Form Handling - Delete User ================================================ // check that old password got entered correctly if(!eregi("true", $plugin_cf[$plugin]['encrypt_password']) && $oldpassword != $entry['password']) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_old_password_wrong'] . "
  • \n"; elseif(eregi("true", $plugin_cf[$plugin]['encrypt_password']) && crypt($oldpassword, $oldpassword) != $entry['password']) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_old_password_wrong'] . "
  • \n"; // read user entry, update it and write it back to CSV file if($ERROR=="") { $userArray = registerDeleteUserEntry($userArray, $username); if(!registerWriteUsers($pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'], $userArray)) $ERROR .= "
  • " . $plugin_tx[$plugin]['err_cannot_write_csv'] . " (" . $pth['folder']['base'] . $plugin_cf[$plugin]['usersfile'] . ")" . "
  • \n"; } // write CSV file if no errors occurred so far if($ERROR != "") $o .= '' . $plugin_tx[$plugin]['error'] . "\n" . "\n"; else { $rememberPeriod = 24*60*60*100; $logFile = $pth['folder']['plugins'] . $plugin . '/logfile/logfile.txt'; $username = session('username'); // clear all session variables $_SESSION = array(); // end session session_destroy(); // clear cookies if(isset($_COOKIE['username'], $_COOKIE['password'])){ setcookie("username", "", time() - $rememberPeriod, "/"); setcookie("password", "", time() - $rememberPeriod, "/"); } // write line to log-file if(eregi("true",$plugin_cf[$plugin]['logfile'])){ $logfile = fopen($logFile, 'a'); fwrite($logfile, date("Y-m-d H:i:s") . " $username deleted and logged out\n"); fclose($logfile); } $o .= "" . $plugin_tx[$plugin]['user_deleted'] . ": $username.\n"; return $o; } } else { $email = $entry['email']; $name = $entry['name']; } // Form Creation $o .= registerUserPrefsForm($name, $email); return $o; } /* * This function creates a link to the "Registration" page (Top Level Function). */ function registerloginform() { GLOBAL $plugin_cf, $plugin_tx, $pth, $sn, $su; $plugin = basename(dirname(__FILE__),"/"); $imageFolder = $pth['folder']['plugins'] . $plugin . "/images"; $o = ""; // If logged in show user preferences link, otherwise register and forgot // email links. if(!isset($_SESSION['username'],$_SESSION['sessionnr']) || session('sessionnr') != session_id()) { // Login Form including Forgot Password Link (image) $o .= "
    \n" . "\n" . "\n"; if($plugin_cf[$plugin]['login_layout'] == "horizontal") $o .= "\n" . " \n" . " \n"; else $o .= "\n" . "\n" . " \n"; // Forgot password link $o .= " \n"; $o .= "\n"; if($plugin_cf[$plugin]['login_layout'] == "horizontal") $o .= "\n" . " \n" . " \n" . " \n" . "\n"; else $o .= "\n" . " \n" . "\n" . "\n" . " \n" . " \n" . "\n"; // Remember Me if($plugin_cf[$plugin]['login_layout'] == "horizontal") $o .= "\n" . " \n" . " \n\n\n \n" . "\n"; $o .= "
    " . $plugin_tx[$plugin]['username'] . "" . "" . "
    " . $plugin_tx[$plugin]['username'] . "
    " . "" . "\n"; if(isset($su) && urldecode($su) != html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['forgot_password']))) $o .= " \n" . " \n" . " \n"; $o .= "
    " . $plugin_tx[$plugin]['password'] . "\n" . " \n" . " \n" . " \n" . "
    " . $plugin_tx[$plugin]['password'] . "
    \n" . " \n" . " \n" . " \n" . "
    \n"; else $o .= "
    \n"; if(eregi("true",$plugin_cf[$plugin]['remember_user'])) $o .= " " . $plugin_tx[$plugin]['remember_user'] . "  "; if($plugin_cf[$plugin]['login_layout'] != "horizontal") $o .= "
    \n"; // Register Link if(isset($su) && urldecode($su) != html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['register']))) $o .= "' . $plugin_tx[$plugin]['register'] . "\n"; $o .= "
    " . "
    "; } else { // Logout Link and Preferences Link $o .= "\n\n" . "\n" . " \n" . "\n"; if($plugin_cf[$plugin]['login_layout'] == "horizontal") $o .= "\n" . " \n" . " \n" . " \n" . "\n" . "\n" . " \n" . "\n" . "
    " . $_SESSION['fullname'] . "
    \n"; else $o .= "
    \n"; // User preferences link if(isset($su) && urldecode($su) == html_entity_decode(preg_replace("/ /", "_", $plugin_tx[$plugin]['user_prefs']))) $o .= $plugin_tx[$plugin]['user_prefs'] . "\n"; else $o .= " ' . "\"" " . $plugin_tx[$plugin]['user_prefs'] . "\n"; if($plugin_cf[$plugin]['login_layout'] == "horizontal") $o .= " \n"; else $o .= "
    \n"; $o .= " " . " " . $plugin_tx[$plugin]['logout'] . "\n" . "
    \n"; } return $o; } /* * This function outputs the full name of the current user (Top Level Function). */ function registeradminmodelink() { global $plugin_cf, $plugin_tx, $adm, $_SESSION, $sn, $su; $plugin = basename(dirname(__FILE__),"/"); $isSession = isset($_SESSION['username'], $_SESSION['fullname'], $_SESSION['email'], $_SESSION['accessgroups'], $_SESSION['sessionnr']) && $_SESSION['sessionnr'] == session_id(); $isAdmin = in_array($plugin_cf[$plugin]['group_administrator'], $_SESSION['accessgroups']); if((!isset($adm) || !$adm) && $isSession && $isAdmin) return "" . $plugin_tx[$plugin]['admin_mode'] . "\n"; else return ""; } ?> Vereinsgemeinschaft Harpersdorf - Willkommen
    Willkommen