<?php
session_start();
/*
# Fuer debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
#echo __LINE__."<br>";
*/

include_once 'classes/lg-on_Smarty.class.php';
$smarty = new lgon_Smarty();
require_once("config.inc.php");
require_once("func_rollenrechte.php");
$templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
require_once "language/german.inc.php";


$sid = session_id();
$datum=date("Y-m-d H:i:s");
$result_1 = $db->query( "INSERT INTO historie (vaid, datum, session_id, art, art_id) VALUES ('$user_vaid;', '$datum', '$sid', 'P', '')" );


// Rechteüberprüfung
$db = dbconnect();
if ($user_admin == ""){ require("index.php"); exit;} //Wenn man nicht angemeldet ist, darf man nicht auf die Seite
if(!rore($user_admin,'a_profil','RE')){require("lib/rechte.php");exit;}
// Rechteüberprüfung ende

if(isset($_GET['action'])){
  $action = $_GET['action'];
}else{
  $action = '';
}

if($action == ''){
   $db = dbconnect();

   $result = $db->query( "SELECT nachname, vorname, mail FROM admin where user=\"$user_admin\"" );
   $row = $result->fetch_array();
   
   $smarty->assign('profil_name', "$row[vorname] $row[nachname]");
   $smarty->assign('profil_mail', "$row[mail]");
   
   $result1 = $db->query( "SELECT prid, wgd, bibellink, kal_bettag, kal_erntedank, querverweis, lesung, kategorie, export_header FROM profil WHERE user=\"$user_admin\"" );
   $row1 = $result1->fetch_array();
   $smarty->assign('profil_prid', "$row1[prid]");
   
   if($row1['wgd'] == "0"){
     $smarty->assign('profil_wgd0_chk', "checked");
   }
    
   if($row1['wgd'] == "1"){
     $smarty->assign('profil_wgd1_chk', "checked");
   }
   
   if($row1['bibellink'] == "lokal"){
     $smarty->assign('profil_link_lokal_chk', "checked");
   }
   
   if($row1['bibellink'] == "bibleserver"){
     $smarty->assign('profil_link_bibleserver_chk', "checked");
   }
   
   if($row1['kal_bettag'] == "0"){
     $smarty->assign('profil_bettag0_chk', "checked");
   }
   
   if($row1['kal_bettag'] == "1"){
     $smarty->assign('profil_bettag1_chk', "checked");
   }
   
   if($row1['kal_erntedank'] == "0"){
     $smarty->assign('profil_erntedank0_chk', "checked");
   }
   
   if($row1['kal_erntedank'] == "1"){
     $smarty->assign('profil_erntedank1_chk', "checked");
   }
   
   if($row1['querverweis'] == "none"){
     $smarty->assign('profil_querver_none_chk', "checked");
   }
   
   if($row1['querverweis'] == "block"){
     $smarty->assign('profil_querver_block_chk', "checked");
   }

   if($row1['lesung'] == "none"){
     $smarty->assign('profil_lesung_none_chk', "checked");
   }
   
   if($row1['lesung'] == "block"){
     $smarty->assign('profil_lesung_block_chk', "checked");
   }
   
   if(rore($user_admin,'a_outlook','RE')){
     $smarty->assign('profil_outlook_exists', "1");
     $smarty->assign('profil_outlook_kategorie', "$row1[kategorie]");
     if($row1['export_header'] == "utf8"){
       $smarty->assign('profil_outlook_header_utf8', "checked");
     }
     if($row1['export_header'] == "latin"){
       $smarty->assign('profil_outlook_header_latin', "checked");
     }
   }

   $result1 = $db->query( "SELECT hintergrund, fontsize
                             FROM stylesheet
                            WHERE user = '$user_admin'" );
   $row1 = $result1->fetch_array();
   
   if($row1['hintergrund'] =='#6487DC'){
     $smarty->assign('profil_background_6487DC', "selected");
   }
   
   if($row1['hintergrund'] =='#000000'){
     $smarty->assign('profil_background_000000', "selected");
   }
   
   if($row1['hintergrund'] =='#FF0000'){
     $smarty->assign('profil_background_FF0000', "selected");
   }
   
   if($row1['hintergrund'] =='#FFFF00'){
     $smarty->assign('profil_background_FFFF00', "selected");
   }
   
   if($row1['hintergrund'] =='#00FF00'){
     $smarty->assign('profil_background_00FF00', "selected");
   }
   
   if($row1['hintergrund'] =='#00FFFF'){
     $smarty->assign('profil_background_00FFFF', "selected");
   }
   
   if($row1['hintergrund'] =='#FF00FF'){
     $smarty->assign('profil_background_FF00FF', "selected");
   }
   
   
   if($row1['fontsize'] =='7'){
     $smarty->assign('profil_fontsize7', "selected");
   }
   
   if($row1['fontsize'] =='9'){
     $smarty->assign('profil_fontsize9', "selected");
   }
   
   if($row1['fontsize'] =='11'){
     $smarty->assign('profil_fontsize11', "selected");
   }
   
   if($row1['fontsize'] =='13'){
     $smarty->assign('profil_fontsize13', "selected");
   }
   
}


if($action == 'wechsel'){

  function checkmail($email){
   $regex = '/^[^0-9][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+)*[@][a-zA-Z0-9_]+([.][a-zA-Z0-9_]+|\-[a-zA-Z0-9_]+)*[.][a-zA-Z]{2,4}$/';  
   if (preg_match($regex, $email)) {
      $i="1";
    }else {
      $i="0";
    }
  return $i;
  }
  
  
  #if(checkmail($_POST['mail']) == '0'){
  if (!filter_var($_POST['mail'], FILTER_VALIDATE_EMAIL)) {
    $smarty->assign('profil_chkmail', "1");
    $fehler = TRUE;
  }
  elseif (!empty($_POST['pw_alt'])){

    if (empty($_POST['pw_neu'])  or empty($_POST['pw_wied'])){
      $smarty->assign('profil_switch_noinput', "1");
      $fehler = TRUE;
    }else{

      $pw_alt = $_POST['pw_alt'];
      $pw_neu=$_POST['pw_neu'];
      $pw_wied=$_POST['pw_wied'];       
      
      $db = dbconnect();
      $result = $db->query( "SELECT passwort FROM admin WHERE user=\"$user_admin\"" );
      $row = $result->fetch_array();

      $pw_md5_neu = md5($pw_neu); // passwort md-5 codieren

      $result2 = $db->query( "SELECT 1 
                               FROM passwd_log
                              WHERE USER = '$user_admin'
                                AND passwort = '$pw_md5_neu'
                              ORDER BY datum DESC
                              LIMIT 0 , 7
                            " );
      $row2 = $result2->fetch_array();

      $result3 = $db->query( "SELECT 1
	                        FROM admin
	                       WHERE user = '$user_admin'
	                         AND DATE_ADD( DATE_SUB( pw_expire, INTERVAL 1 MONTH ) , INTERVAL 2 DAY) <= now( )
	                     " );
      $row3 = $result3->fetch_array();

      $result4 = $db->query( "SELECT DATE_FORMAT(DATE_ADD( DATE_SUB( pw_expire, INTERVAL 1 MONTH ) , INTERVAL 2 DAY ), '%d.%m.%Y, %H:%i Uhr') aend_datum
	                        FROM admin
	                       WHERE user = '$user_admin'
	                        " );
      $row4 = $result4->fetch_array();

      if (md5($pw_alt) != $row['passwort']){
        $smarty->assign('profil_switch_invalid', "1");
        $fehler = TRUE;
      }
      elseif ($pw_neu != $pw_wied){
        $smarty->assign('profil_switch_uneven', "1");
        $fehler = TRUE;
      }
      elseif (strlen($pw_neu) < 6){
        $smarty->assign('profil_switch_strlen', "1");
        $fehler = TRUE;
      }
      elseif ($pw_neu == $user_admin){
        $smarty->assign('profil_switch_evenusername', "1");
        $fehler = TRUE;
      }     
      elseif ($row2[0] == 1 or $pw_neu == $row['passwort'] or $pw_neu == $pw_alt){
        $smarty->assign('profil_switch_repeat', "1");
        $fehler = TRUE;
      }
      elseif ($row3[0] != 1){
        $smarty->assign('profil_noswitch', "1");
        $smarty->assign('profil_noswitch_date', "$row4[aend_datum]");
        $fehler = TRUE;
      }else{
       
        $datum=date("Y-m-d H:i:s");
        $sql = $db->query( "INSERT INTO passwd_log (user, passwort, datum) VALUES ('$user_admin', '$row[passwort]', '$datum') ");

        $query1 = "SELECT pwid
                     FROM passwd_log
                    WHERE USER = '$user_admin'
                    ORDER BY datum DESC
                    LIMIT 7 , 100
                   ";
        $result1 = $db->query( $query1);


        // For each result that we got from the Database
        while ($row1 = $result1->fetch_array()){
	     $sql1 = $db->query( "DELETE FROM passwd_log WHERE user = '$user_admin' AND pwid='$row1[pwid]'" );
	}
	  
      $result = $db->query( "SELECT distinct DATE_ADD(NOW(), INTERVAL 1 MONTH) exp_date
	                       FROM admin
	                      WHERE user ='$user_admin'
	                    " );
      $row = $result->fetch_array();
#echo "UPDATE admin SET passwort='$pw_md5_neu', pw_expire='$row[exp_date]' WHERE user='$user_admin'";
      $sql1 = $db->query( "UPDATE admin SET passwort='$pw_md5_neu', pw_expire='$row[exp_date]' WHERE user='$user_admin'" );
#exit;
      
      } // Ende wenn alle Passwortkriterien erfüllt sind.
    } // Ende wenn Passwort neu/wied nicht leer ist
  } // Ende Wenn Mail stimmt und Passwort nicht leer ist bzw alle PW-Eingaben stimmen
  
  if(!isset($fehler)){
    
    $result2 = $db->query( "SELECT wgd, kal_bettag FROM profil WHERE user='$user_admin'" );
    $row2 = $result2->fetch_array();
    
    if($row2['wgd'] != $_POST['wgd']){  // Bei WochenGDänderung den linken Frame refreshen
      echo "<script language=\"javascript\">
               top.frames[1].location.href = \"menuframe.php\";
             </script>";
    }
    
    if($row2['kal_bettag'] != $_POST['kal_bettag'] AND $_POST['wgd'] == 1){  // Bei Buß-und Bettag den linken Frame refreshen wenn man eine Donnerstagsgemeinde ist, da Bettag immer mittwochs ist
      echo "<script language=\"javascript\">
               top.frames[1].location.href = \"menuframe.php\";
             </script>";
    }
    
    $db = dbconnect();
    $sql1 = $db->query( "UPDATE admin SET mail='$_POST[mail]' WHERE user='$user_admin'" );
    $sql2 = $db->query( "UPDATE profil SET wgd='$_POST[wgd]'
                                         , kategorie='$_POST[kategorie]'
                                         , export_header='$_POST[outlookheader]'
                                         , kal_bettag='$_POST[kal_bettag]'
                                         , kal_erntedank='$_POST[kal_erntedank]'
                                         , querverweis='$_POST[verweis]'
                                         , lesung='$_POST[lesung]'
                                         , bibellink ='$_POST[bibellink]'
                                  WHERE user='$user_admin'" );
    
    $css = ".farbe { background-color:$_POST[hintergrund];}
            .td2 {font-family:verdana, arial;font-size:$_POST[fontsize]pt;line-height:150%;text-align:justify}";
    
    
    $sql3 = $db->query( "DELETE FROM stylesheet WHERE user='$user_admin'" );
    $sql4 = $db->query( "INSERT INTO stylesheet (user, css, hintergrund, fontsize) VALUES ('$user_admin', '$css', '$_POST[hintergrund]', '$_POST[fontsize]')" );

    if($sql1 AND $sql2 AND $sql3 AND $sql4){
      $smarty->assign('profil_success', "1");
    }else{
      $smarty->assign('profil_success', "2");
    }
  }   
}


$smarty->assign('action', "$action");
$smarty->display("$template/$templatename");
?>