aschwarz/survey
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Kennwortwechsel Benutzer anlegen

Browse Source
This commit is contained in:
aschwarz
2023-03-24 13:38:03 +01:00
parent aba1af22ea
commit 9083662df8
26 changed files with 2231 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
controller/admin_changepwd.php Normal file
View File

@ -0,0 +1,40 @@
<?php
require_once("../config.inc.php");
$function = $_POST['function'];
if ($function == 'changepwd') {
$password = md5($_POST['password']);
$password_new1 = $_POST['password_new1'];
$password_new2 = $_POST['password_new2'];
$result = $db->query("SELECT count(*) Anz FROM jumi_admin WHERE uid=$uid AND passwort = '$password'");
$row = $result->fetch_array();
#Fehlercheck
if ($row['Anz'] == "0") {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das alte Passwort ist nicht korrekt!</div>|***|error';
exit;
}elseif ($password_new1 != $password_new2) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das neue Passwort stimmt nicht mit der Wiederholung &uuml;berein!</div>|***|error';
exit;
}elseif (strlen($password_new1) < 8) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das neue Passwort muss mindestens 8 Zeichen haben!</div>|***|error';
exit;
}else{
$password_md5 = md5($password_new1);
$update = $db->query("UPDATE jumi_admin
SET passwort ='$password_md5'
WHERE uid=$uid
");
if (!$update) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es liegt ein Fehler in der Datenbank vor!</div>|***|error';
exit;
}else{
echo '<div class="alert alert-success"><i class="fa fa-fw fa-thumbs-up"></i> Das Passwort wurde geändert!</div>|***|success';
exit;
}
}
}
?>

161
controller/admin_create_user.php Normal file
View File

@ -0,0 +1,161 @@
<?php
require_once("../config.inc.php");
$function = $_POST['function'];
if ($function == 'checkuser') {
$mail = $_POST['mail'];
if (filter_var($mail, FILTER_VALIDATE_EMAIL)) {
$mail = $_POST['mail'];
$result = $db->query("SELECT count(*) Anz FROM jumi_admin WHERE mail = '$mail'");
$row = $result->fetch_array();
if ($row['Anz'] == "0") {
echo '<div class="alert alert-success"><i class="fa fa-fw fa-thumbs-up"></i> User ist im System nicht vorhanden!</div>';
} else {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> User ist im System bereits vorhanden!</div>';
}
#}else{
# echo ""
}
}
#echo "Funktion: $function";
if ($function == 'usersave') {
require_once("func_genPwd.php");
$vorname = trim($_POST['vorname']);
$nachname = trim($_POST['nachname']);
$mail = trim($_POST['mail']);
$rollen = $_POST['rollen'];
$result = $db->query("SELECT count(*) Anz FROM jumi_admin WHERE mail = '$mail'");
$row = $result->fetch_array();
#Fehlercheck
if ($row['Anz'] != "0") {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> User ist im System bereits vorhanden!</div>|***|error';
}
if ($rollen == '' or $vorname == '' or $nachname == '' or $mail == '') {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es müssen alle Felder ausgefüllt werden!</div>|***|error';
exit;
}
if (!filter_var($mail, FILTER_VALIDATE_EMAIL)) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Geben Sie eine gültige Mailadresse ein!</div>|***|error';
exit;
}
$error = 0;
$password = generateStrongPassword();
$password_md5 = md5($password);
$sql1 = $db->query("INSERT INTO jumi_admin ( vorname
, nachname
, mail
, passwort
)
VALUES
( '$vorname'
, '$nachname'
, '$mail'
, '$password_md5'
)
");
$uid = $db->insert_id;
if (!$sql1) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es gab ein Fehler in der Datenbank: Insert User</div>|***|error';
exit;
$error++;
}
for ($i = 0; $i < sizeof($rollen); $i++) {
$sql2 = $db->query("INSERT INTO jumi_admin_rollen_user_zuord ( rid
, uid
)
VALUES
( '$rollen[$i]'
, '$uid'
)
");
}
if (!$sql2) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es gab ein Fehler in der Datenbank: Insert Rollenzuordnung</div>|***|error';
exit;
$error++;
}
if ($error == 0) {
$empfaenger = "$mail";
$betreff = "Anmeldung JU & MI Portal";
$text = "
<html>
<head>
<title>Anmeldung JU & MI Portal</title>
</head>
<body>
<font face='Arial' size='2'>
Guten Tag $vorname $nachname!<br><br>
Sie wurden im JU & MI Portal registriert!<br>
Nachfolgend finden Sie Ihre Zugangsdaten:
<br>
<br>
<table>
<tr>
<td valign='top'>
<font face='Arial' size='2'>
Benutzerkennung:
</font>
</td>
<td valign='top'>
<font face='Arial' size='2'>
<b>$mail</b>
</font>
</td>
</tr>
<tr>
<td valign='top'>
<font face='Arial' size='2'>
Passwort:
</font>
</td>
<td valign='top'>
<font face='Arial' size='2'>
<b>$password</b>
</font>
</td>
</tr>
</table>
<br>
Bitte beachten Sie, dass das Passwort zwischen Gro&szlig;- und<br>
Kleinschreibung unterscheidet.
<p>
&Auml;ndern Sie bitte zu Ihrer eigenen Sicherheit das<br>
Passwort nach dem ersten Login unter dem Benutzericon in der Kopfleiste.
<p>
Vielen Dank
</body>
</html>";
$result_absender = $db->query("SELECT wert FROM jumi_parameter WHERE pid = 1");
$row_absender = $result_absender->fetch_array();
if ($row_absender['wert'] == '') {
$absender = 'info@ju-and-mi.de';
} else {
$absender = $row_absender['wert'];
}
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=utf-8\n";
$headers .= "From: Info JU & MI <$absender>\n";
$return = @mail($empfaenger, $betreff, $text, $headers);
if ($return) { // Abfrage ob Mailversand funktioniert hat
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> BenutzerIn wurde angelegt. Es konnte allerdings <b>keine Mail</b> verschickt werden!</div>|***|success';
exit;
} else {
echo '<div class="alert alert-success"><i class="fa fa-fw fa-thumbs-up"></i> BenutzerIn wurde angelegt. Eine Mail mit den Zugangsdaten wurde zugestellt.</div>|***|success';
exit;
}
}
}
?>

51
controller/func_genPwd.php Normal file
View File

@ -0,0 +1,51 @@
<?PHP
// Generates a strong password of N length containing at least one lower case letter,
// one uppercase letter, one digit, and one special character. The remaining characters
// in the password are chosen at random from those four sets.
//
// The available characters in each set are user friendly - there are no ambiguous
// characters such as i, l, 1, o, 0, etc. This, coupled with the $add_dashes option,
// makes it much easier for users to manually type or speak their passwords.
//
// Note: the $add_dashes option will increase the length of the password by
// floor(sqrt(N)) characters.
function generateStrongPassword($length = 8, $add_dashes = false, $available_sets = 'luds')
{
$sets = array();
if(strpos($available_sets, 'l') !== false)
$sets[] = 'abcdefghjkmnpqrstuvwxyz';
if(strpos($available_sets, 'u') !== false)
$sets[] = 'ABCDEFGHJKMNPQRSTUVWXYZ';
if(strpos($available_sets, 'd') !== false)
$sets[] = '23456789';
if(strpos($available_sets, 's') !== false)
$sets[] = '!@#$%&*?';
$all = '';
$password = '';
foreach($sets as $set)
{
$password .= $set[array_rand(str_split($set))];
$all .= $set;
}
$all = str_split($all);
for($i = 0; $i < $length - count($sets); $i++)
$password .= $all[array_rand($all)];
$password = str_shuffle($password);
if(!$add_dashes)
return $password;
$dash_len = floor(sqrt($length));
$dash_str = '';
while(strlen($password) > $dash_len)
{
$dash_str .= substr($password, 0, $dash_len) . '-';
$password = substr($password, $dash_len);
}
$dash_str .= $password;
return $dash_str;
}