<?php

#error_reporting(E_ALL);
/*
  # Fuer debugging
  error_reporting(E_ALL);
  ini_set('display_errors', 1);
  #echo __LINE__."<br>";
 */
session_start();

include_once 'classes/TestProjektSmarty.class.php';
$smarty = new Smarty();
require_once("config.inc.php");
$template = "standard";
$templatename = substr(basename($_SERVER['PHP_SELF']), 0, -3) . "html";
require_once "language/german.inc.php";


if (isset($_GET['action'])) {
  $action = $_GET['action'];
} else {
  $action = '';
}

if ($action == '') {
  
}


if ($action == 'anmeld') {
  #$db = dbconnect();

  $result = $db->query("SELECT vaid, user, passwort FROM prog_admin WHERE inaktiv != 'J' AND UPPER(user)=UPPER('$_POST[user]')");
  $row = $result->fetch_array();

  // Leere Textfelder
  if (empty($_POST['user']) or empty($_POST['passwort'])) {
    $smarty->assign('index_noinput', '1');
  }
  // Benutzer nicht im System
  elseif (strtoupper($_POST['user']) != strtoupper($row['user'])) {
    $smarty->assign('index_nouser', '1');
  }
  // Passwort falsch
  elseif (md5($_POST['passwort']) != $row['passwort']) {  //verschl�sseltes Passwort �berpr�fen
    # Cookies werden bereits gesetzt, falls sich jemand ein passwort zusenden l�sst.
    setcookie("user_admin", "");
    setcookie("user_admin", $row['user']);
    setcookie("user_userid", "");
    setcookie("user_userid", $row['vaid']);
    $smarty->assign('index_passwrong', '1');
    // Passwortwechsel notwendig
  } else {
    #$db = dbconnect();
    $datum = date("Y-m-d H:i:s");
    $ip = getenv("REMOTE_ADDR");
    $agent = getenv("HTTP_USER_AGENT");
    $user_admin = $row['user'];
#    $url = "https://anonymouse.org/cgi-bin/anon-www_de.cgi/https://www.whois-api.com/?$ip";
#    $xml = @simplexml_load_file($url);
#    $isp = $xml->isp;
#    $host = gethostbyaddr($ip);
#    $organisation = $xml->organization;
#    $url=file_get_contents("https://anonymouse.org/cgi-bin/anon-www_de.cgi/https://whatismyipaddress.com/ip/$ip");
#    preg_match_all('/<th>(.*?)<\/th><td>(.*?)<\/td>/s',$url,$output,PREG_SET_ORDER);
#    $isp=$output[4][2];
     $isp="";
#    $host=$output[2][2];
     $host="";
#    $organisation=$output[5][2];
    $organisation="";
    setcookie("user_admin", "");
    setcookie("user_admin", $user_admin);
    $user_userid = $row['vaid'];
    setcookie("user_userid", "");
    setcookie("user_userid", $user_userid);
    $sid = session_id();
    $result_1 = $db->query("INSERT INTO prog_userlog_admin (Datum, IP, user_agent, isp, organisation, host, uid, session_id) VALUES ('$datum', '$ip', '$agent', '$isp', '$organisation', '$host', '$user_userid', '$sid')");
    $smarty->assign('index_login', '1');
  }
}

if ($action == 'pass_gen') {
  $uid1 = $_COOKIE["user_admin"];

  $pool = "qwertzupasdfghkyxcvbnm";
  $pool .= "23456789";
  $pool .= "WERTZUPLKJHGFDSAYXCVBNM";

  srand((double) microtime() * 1000000);
  for ($index = 0; $index < 7; $index++) {
    $pass_word .= substr($pool, (rand() % (strlen($pool))), 1);
  }

  $new_pw_md5 = md5($pass_word);

  #$db = dbconnect();
  $result = $db->query("SELECT distinct DATE_ADD(NOW(), INTERVAL 1 MONTH) exp_date
                          FROM prog_admin
                         WHERE user ='$uid1'
                       ");
  $row = $result->fetch_array();

  $sql = $db->query("UPDATE prog_admin SET passwort='$new_pw_md5', pw_expire='$row[exp_date]' WHERE user='$uid1'");


  $result2 = $db->query("SELECT user, vorname, nachname, mail FROM prog_admin WHERE user='$uid1'");
  $row2 = $result2->fetch_array();

  $empfaenger = "$row2[mail]";
  $betreff = "Prognosetool: Passwort zurückgesetzt";
  $text = "
     <html>
     <head>
     <title>Passwort zur&uuml;ckgesetzt</title>
     </head>
     <body>
     <font face='Arial' size='2'>
     Guten Tag $row2[vorname] $row2[nachname]!<br><br>
     Sie haben Ihr Passwort im Prognosetool zur&uuml;ckgesetzt!<br>
     Nachfolgend finden Sie Ihre neuen Zugangsdaten:
     <br>
     <br>
     <table>
     <tr>
        <td valign='top'>
          <font face='Arial' size='2'>
            Benutzerkennung:
          </font>
        </td>
        <td valign='top'>
          <font face='Arial' size='2'>
            <b>$row2[user]</b>
          </font>
        </td>
     </tr>
     <tr>
        <td valign='top'>
          <font face='Arial' size='2'>
            Passwort:
          </font>
        </td>
        <td valign='top'>
          <font face='Arial' size='2'>
            <b>$pass_word</b>
          </font>
        </td>
     </tr>
     </table>
     <br>
     Bitte beachten Sie, dass zwischen Gro&szlig;- und<br>
     Kleinschreibung unterschieden wird.
     <p>
     Diese Mail wurde automatisch generiert!<br>
     Antworten Sie daher nicht auf diese Mail<br>
     <br>
     Vielen Dank
     </body>
     </html>";


  $headers = "MIME-Version: 1.0\n";
  $headers .= "Content-type: text/html; charset=iso-8859-1\n";
  $headers .= "From: Prognosetool <$row2[mail]>\n";

  $return = @mail($empfaenger, $betreff, $text, $headers);

  if ($return) {
    $smarty->assign('index_mailpass', '1');
    $mailadresse = $row2['mail'];
    $smarty->assign('index_mailadr', "$mailadresse");
  } else {
    $smarty->assign('index_nomailpass', "1");
  }
}
$smarty->assign('action', "$action");
$smarty->display("$template/$templatename");
?>