aschwarz/survey
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Passwort zurücksetzen

Browse Source
This commit is contained in:
aschwarz 2023-03-30 10:46:40 +02:00
parent a117369842
commit d193769a51
9 changed files with 590 additions and 12 deletions

142
controller/admin_login.php

@ -11,10 +11,10 @@ if ($function == 'logout') {
$identifier = $_COOKIE['identifier'];
$securitytoken = $_COOKIE['securitytoken'];
$token_neu = sha1($securitytoken);
$update = $db->query("DELETE FROM jumi_securitytokens
WHERE securitytoken ='$token_neu'
AND identifier = '$identifier'
");
$sql1 = $db->query("DELETE FROM jumi_securitytokens
WHERE securitytoken ='$token_neu'
AND identifier = '$identifier'
");
}
//Cookies entfernen
session_destroy();
@ -117,7 +117,7 @@ if ($function == 'login') {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Ihr Benutzeraccount ist inaktiv.</div>|***|error';
exit;
}else if (md5($password) != $row['passwort'] or $row['mail'] == ''){ //verschlüsseltes Passwort überprüfen
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte prüfen Sie Ihre Zugangsdaten</div>|***|error';
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte pr&uuml;fen Sie Ihre Zugangsdaten</div>|***|error';
exit;
}else{
$uid = $row['uid'];
@ -150,5 +150,137 @@ if ($function == 'login') {
}
}
if ($function == 'passwortvergessen') {
$mail = $_POST['email'];
$result_pw = $db->query("SELECT uid, aktiv, vorname, nachname, mail FROM jumi_admin WHERE UPPER(mail)=UPPER('$mail')");
$row_pw = $result_pw->fetch_array();
if(!isset($_POST['email']) || empty($_POST['email'])) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Bitte geben Sie eine E-Mail-Adresse ein.</div>|***|error';
exit;
} elseif($row_pw['aktiv'] == '0') {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer ist inaktiv. Melden Sie sich beim Administrator.</div>|***|error';
exit;
}elseif ($row_pw['mail'] == ''){
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer wurde nicht im System gefunden.</div>|***|error';
exit;
}else{
$passwortcode = random_string();
$pwcode_sha1 = sha1($passwortcode);
$uid = $row_pw['uid'];
$vorname = $row_pw['vorname'];
$nachname = $row_pw['nachname'];
# Benutzer auf allen Geräten abmelden
$sql1 = $db->query("DELETE FROM jumi_securitytokens
WHERE uid = '$uid'
");
#
$sql1 = $db->query("UPDATE jumi_admin
SET passwortcode = '$pwcode_sha1'
, passwortcode_time = NOW()
WHERE uid = '$uid'
");
$empfaenger = "$mail";
$betreff = "Passwort vergessen - JU & MI Portal";
$url_passwortcode = 'http://admin.ju-and-mi.de/passwortzuruecksetzen.php?uid='.$row_pw['uid'].'&code='.$passwortcode;
$text = "
<html>
<head>
<title>Passwort vergessen - JU & MI Portal</title>
</head>
<body>
<font face='Arial' size='2'>
Guten Tag $vorname $nachname!<br><br>
für den Account im JU & MI Portal wurde ein neues Passwort angefordert.<br>
Um ein neues Passwort zu vergeben, rufen Sie innerhalb der nächsten 24 Stunden die folgende Website auf:
<br>
<br>
$url_passwortcode<br>
<br>
Sollte Ihnen das Passwort wieder eingefallen sein oder Sie diese nicht angefordert haben, ignorieren Sie bitte diese E-Mail.
</body>
</html>";
$result_absender = $db->query("SELECT wert FROM jumi_parameter WHERE pid = 1");
$row_absender = $result_absender->fetch_array();
if ($row_absender['wert'] == '') {
$absender = 'info@ju-and-mi.de';
} else {
$absender = $row_absender['wert'];
}
$headers = "MIME-Version: 1.0\n";
$headers .= "Content-type: text/html; charset=utf-8\n";
$headers .= "From: Info JU & MI <$absender>\n";
$return = @mail($empfaenger, $betreff, $text, $headers);
if (!$return) { // Abfrage ob Mailversand funktioniert hat
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es konnte <b>keine Mail</b> verschickt werden!<br>Wenden Sie sich an den Administrator.</div>|***|success';
exit;
} else {
echo '<div class="alert alert-success"><i class="fa fa-fw fa-thumbs-up"></i> Eine Mail wurde Ihnen zugestellt.<br><b>Checken Sie auch den Spam Ordner!</b></div>|***|success';
exit;
}
}
}
if ($function == 'resetpasswort') {
$password_new1 = $_POST['password_new1'];
$password_new2 = $_POST['password_new2'];
$uid = $_POST['uid'];
$code = $_POST['code'];
$result = $db->query("SELECT uid, vorname, nachname, mail, aktiv, passwortcode, passwortcode_time FROM jumi_admin WHERE uid=$uid");
$row = $result->fetch_array();
#Fehlercheck
if(!isset($uid) || !isset($code)) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Leider wurde beim Aufruf dieser Website kein Code zum Zur&uuml;cksetzen des Passworts &uuml;bermittelt!</div>|***|error';
exit;
}elseif ($row === null || $row['passwortcode'] === null ) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es wurde kein passender Benutzer gefunden!</div>|***|error';
exit;
}elseif($row['aktiv'] == '0') {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Benutzer ist inaktiv. Melden Sie sich beim Administrator.</div>|***|error';
exit;
}elseif($row['passwortcode_time'] === null || strtotime($row['passwortcode_time']) < (time()-24*3600) ) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der Code ist leider abgelaufen. Setzen Sie das Passwort erneut zur&uuml;ck!</div>|***|error';
exit;
}elseif(sha1($code) != $row['passwortcode']) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Der &uuml;bergebene Code war ung&uuml;ltig.<br>Stellen Sie sicher, dass Sie den genauen Link in der URL aufrufen.</div>|***|error';
exit;
}elseif ($password_new1 != $password_new2) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das neue Passwort stimmt nicht mit der Wiederholung &uuml;berein!</div>|***|error';
exit;
}elseif (strlen($password_new1) < 8) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Das neue Passwort muss mindestens 8 Zeichen haben!</div>|***|error';
exit;
}else{
$password_md5 = md5($password_new1);
$update = $db->query("UPDATE jumi_admin
SET passwort ='$password_md5'
,passwortcode = NULL
,passwortcode_time = NULL
WHERE uid=$uid
");
if (!$update) {
echo '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Es liegt ein Fehler in der Datenbank vor!</div>|***|error';
exit;
}else{
echo '<div class="alert alert-success"><i class="fa fa-fw fa-thumbs-up"></i> Das Passwort wurde geändert!</div>|***|success';
exit;
}
}
}
?>

21
dashboard/passwortvergessen.php Normal file

@ -0,0 +1,21 @@
<?php
## INDEX gegen DB
if(!isset($_SESSION)) { session_start(); }
include_once '../classes/TestProjektSmarty.class_subdir.php';
#require_once("../config.inc.php");
require_once("../config/datenbankanbindung.php");
$smarty = new SmartyAdmin();
$templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
require_once "../language/german.inc.php";
# https://www.php-einfach.de/experte/php-codebeispiele/loginscript/passwort-vergessen/
$action = $_GET['action'];
if($action == ''){
}
$smarty->assign('action', "$action");
$smarty->display("modern/dashboard/$templatename");
?>

39
dashboard/passwortzuruecksetzen.php Normal file

@ -0,0 +1,39 @@
<?php
if (!isset($_SESSION)) {
session_start();
}
/*
# Fuer debugging
error_reporting(E_ALL);
ini_set('display_errors', 1);
#echo __LINE__."<br>";
*/
include_once '../classes/TestProjektSmarty.class_subdir.php';
#require_once("../config.inc.php");
require_once("../config/datenbankanbindung.php");
$smarty = new SmartyAdmin();
$templatename = substr(basename($_SERVER['PHP_SELF']),0,-3)."html";
require_once "../language/german.inc.php";
$action = $_GET['action'];
if($action == ''){
$uid = $_GET['uid'];
$code = $_GET['code'];
$smarty->assign('uid', "$uid");
$smarty->assign('code', "$code");
if(!isset($_GET['uid']) || !isset($_GET['code'])) {
$smarty->assign('error', 1);
$smarty->assign('error_text', '<div class="alert alert-danger"><i class="fa fa-fw fa-thumbs-down"></i> Leider wurde beim Aufruf dieser Website kein Code zum Zurücksetzen des Passworts &uuml;bermittelt!</b></div>');
}
# Token: b9b48563d251d9e52bd1352545747e30
# SHA Token: 76eafa7873f2331794036360414bff2473b66fa6
# localhost/survey/dashboard/passwortzuruecksetzen.php?uid=1&code=b9b48563d251d9e52bd1352545747e30
}
$smarty->assign('action', "$action");
$smarty->display("modern/dashboard/$templatename");
?>

63
js/components/admin_login.js

@ -40,4 +40,67 @@ function login(){
console.log(xhr);
}
});
}
function passwortvergessen(){
var email = document.getElementById("mail_pwvergessen").value;
$.ajax({
type: 'POST',
url: '../controller/admin_login.php',
data: {
'function': 'passwortvergessen',
'email': email
},
success: function(result) { //we got the response
if(result!=''){
var a = result.split('|***|');
if(a[1]=="success"){
document.getElementById("mail_pwvergessen").value ="";
}
$('#msg').show().delay(10000).fadeOut(500);
$('#msg').html(a[0]);
}
},
error: function(xhr, status, exception) {
console.log(xhr);
}
});
}
function resetpasswort(){
var password_new1 = document.getElementById("password_new1").value;
var password_new2 = document.getElementById("password_new2").value;
var code = document.getElementById("code").value;
var uid = document.getElementById("uid").value;
$.ajax({
type: 'POST',
url: '../controller/admin_login.php',
data: {
'function': 'resetpasswort',
'password_new1': password_new1,
'password_new2': password_new2,
'code': code,
'uid': uid
},
success: function(result) { //we got the response
if(result!=''){
var a = result.split('|***|');
if(a[1]=="success"){
document.getElementById("password_new1").value ="";
document.getElementById("password_new2").value ="";
$(document).ajaxStop(function(){
setTimeout(() => { window.location = "login.php"; }, 1000);
});
}
$('#msg').show().delay(10000).fadeOut(500);
$('#msg').html(a[0]);
}
},
error: function(xhr, status, exception) {
console.log(xhr);
}
});
}

22
sql/passwortcode.sql Normal file

@ -0,0 +1,22 @@
ALTER TABLE `jumi_admin` ADD `passwortcode` VARCHAR(255) NULL DEFAULT NULL AFTER `passwort`, ADD `passwortcode_time` TIMESTAMP NULL DEFAULT NULL AFTER `passwortcode`;
ALTER TABLE `jumi_admin` CHANGE `passwortcode` `passwortcode` VARCHAR(255) CHARACTER SET utf8 COLLATE utf8_unicode_ci NULL DEFAULT NULL COMMENT 'Passwort vergessen', CHANGE `passwortcode_time` `passwortcode_time` TIMESTAMP NULL DEFAULT NULL COMMENT 'Passwort vergessen';
https://forum.chip.de/discussion/663654/firefox-dazu-zwingen-seite-komplett-neu-zu-laden
1. Öffnen Sie Firefox.
2. Geben Sie in der Adresszeile "about:config" ein und klicken Sie auf die "Go"-Schaltfläche.
3. Suchen Sie über die Filter-Zeile nach "cache".
4. Markieren Sie die Zeile "browser.cache.check_doc_frequency".
5. Klicken Sie diese doppelt an oder wählen Sie im Kontextenü der Zeile "Bearbeiten".
6. Setzen Sie den Standardwert "3" auf "1".
7. Bestätigen Sie mit "OK".
Folgende Werte stehen zur Verfügung:
Wert Bedeutung
0 einmal pro Sitzung
1 jedes Mal
2 nie
3 automatisch oder wenn erforderlich

16
templates/modern/dashboard/login.html

@ -73,19 +73,21 @@ $(document).ready(function(){
-->
<div class="d-flex align-items-center justify-content-between mt-4 mb-0">
<!--<a class="small" href="password.html">Forgot Password?</a>-->
<label><input type="checkbox" name="angemeldet_bleiben" id="angemeldet_bleiben" value="1"> Angemeldet bleiben
<button type="button" class="btn btn-info btn-sm" data-bs-toggle="popover" data-bs-html="true" data-bs-trigger="hover"
<label><input type="checkbox" name="angemeldet_bleiben" id="angemeldet_bleiben" value="1">
<a type="button" class="link-secondary" data-bs-toggle="popover" data-bs-html="true" data-bs-trigger="hover"
title="Angemeldet bleiben"
data-bs-content="Durch das Markieren dieses Feldes wird beim n&auml;chsten Besuch die Anmeldemaske nicht erscheinen.<br>
<b>Die Anwendung speichert lokal Cookies in Ihrem Browser.</b><br>
Sobald Sie in der Anwendung einen Logout machen, werden die Cookies gel&ouml;scht und ein Login ist wieder erforderlich.">
<i class="fas fa fa-info"></i>
</button>
</label><br>
Angemeldet bleiben
</a>
</label>
&nbsp;
<input type='submit' class="btn btn-primary" onclick="login();" name='senden' value="Login">
</div>
<a class="link-secondary" href="passwortvergessen.php">Passwort vergessen</a>
</div>
</div>
<input type='submit' class="btn btn-primary" onclick="login();" name='senden' value="Login">
<div class="card-footer text-center py-3">
<!--<div class="small"><a href="register.html">Need an account? Sign up!</a></div>-->
</div>

96
templates/modern/dashboard/passwortvergessen.html Normal file

@ -0,0 +1,96 @@
{if $action == ''}
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<title>JU & MI Passwort vergessen</title>
<link href="css/styles.css" rel="stylesheet" />
<script src="js/all.js" crossorigin="anonymous"></script>
<script src="../jquery/jquery-3.4.1.min.js"></script>
<link href="../bootstrap/node_modules/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
<script src="../bootstrap/node_modules/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
<script src="../js/lottie_bodymovin/lottie.min.js"></script>
<style type="text/css">
.lottie-container {
justify-content: center;
top: 40px;
left: 0;
right: 0;
bottom: 20px;
height: 180px;
pointer-events: none;
}
</style>
</head>
<body>
<div id="navtop"></div>
{literal}
<script>
$(function() {
$("#mail_pwvergessen").focus();
});
$(function(){
$("#footer").load("footer.php");
});
</script>
{/literal}
<div id="layoutAuthentication">
<div id="layoutAuthentication_content">
<main>
<!--Anwendung-->
<script src="../js/components/admin_login.js"></script>
<div class="lottie-container" id="lottie-container"></div>
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-5">
<div class="card shadow-lg border-0 rounded-lg mt-5">
<div class="card-header">
<h3 class="text-center font-weight-light my-4">Passwort vergessen</h3>
</div>
<div class="card-body">
<div class="form-floating mb-3">
<input class="form-control" name="mail_pwvergessen" id="mail_pwvergessen" type="email" onkeydown="keysave(this)" placeholder="Mailadresse" />
<label for="inputEmail">Mailadresse</label>
</div>
</div>
<input type='submit' class="btn btn-primary" onclick="passwortvergessen();" name='senden' value="Neues Passwort">
</div>
<div id="msg"></div>
</div>
</div>
</div>
<div class="lottie-container" id="lottie-container"></div>
<script type="text/javascript">
var item = bodymovin.loadAnimation({
wrapper: document.getElementById('lottie-container'),
animType: 'svg',
loop: true,
autoplay: true,
path: '../media/data.json'
});
</script>
</main>
{literal}
<script type="text/javascript">
function keysave(ele) {
if(event.key === 'Enter') {
passwortvergessen();
}
}
</script>
{/literal}
</div>
<div id="layoutAuthentication_footer">
<!-- footer -->
<div id="footer"></div>
</div>
</div>
</body>
</html>
{/if}

111
templates/modern/dashboard/passwortzuruecksetzen.html Normal file

@ -0,0 +1,111 @@
{if $action == ''}
<!DOCTYPE html>
<html lang="de">
<head>
<title>JU & MI Passwort</title>
<link rel="stylesheet" href="../jquery/jquery-ui.css">
<link rel="stylesheet" href="../jquery/jquery.timepicker.min.css">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link href="../bootstrap/node_modules/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
<script src="../bootstrap/node_modules/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
<!-- nochmals bootstrap.css mit Erweiterungen vom Dashboard -->
<link href="css/styles.css" rel="stylesheet" />
<!-- icons in nav-->
<script src="js/all.js" crossorigin="anonymous"></script>
<script src="../jquery/jquery-3.4.1.min.js"></script>
<link rel="stylesheet" href="../bootstrap/node_modules/bootstrap-icons/font/bootstrap-icons.css">
<script src="../js/lottie_bodymovin/lottie.min.js"></script>
<style type="text/css">
.lottie-container {
justify-content: center;
top: 40px;
left: 0;
right: 0;
bottom: 20px;
height: 180px;
pointer-events: none;
}
</style>
</head>
<body>
<div id="navtop"></div>
{literal}
<script>
$(function() {
$("#password_new1").focus();
});
$(function(){
$("#footer").load("footer.php");
});
</script>
{/literal}
<div id="layoutAuthentication">
<div id="layoutAuthentication_content">
<main>
<!--Anwendung-->
<script src="../js/components/admin_login.js"></script>
<div class="lottie-container" id="lottie-container"></div>
<div class="container">
<div class="row justify-content-center">
<div class="col-lg-5">
<div class="card shadow-lg border-0 rounded-lg mt-5">
<div class="card-header">
<h3 class="text-center font-weight-light my-4">Passwort vergeben</h3>
</div>
<div class="card-body">
<div class="row">
<div class="row mt-0 mt-sm-4 mb-0 mb-sm-4">
<div class="col-12 col-md-6">Neues Passwort:</div>
<div class="col-12 col-md-6">
<input type="password" id="password_new1" class="form-control rounded-right" required onkeydown="keysave(this)">
<input type="hidden" id="code" value="{$code}">
<input type="hidden" id="uid" value="{$uid}">
</div>
</div>
<div class="row mt-0 mt-sm-4 mb-0 mb-sm-4">
<div class="col-12 col-md-6">Passwortwiederholung:</div>
<div class="col-12 col-md-6">
<input type="password" id="password_new2" class="form-control rounded-right" required onkeydown="keysave(this)">
</div>
</div>
</div>
</div>
<input type='submit' class="btn btn-primary" onclick="resetpasswort();" name='senden' value="Neues Passwort">
</div>
<div id="msg"></div>
{if $error == 1}
<div id="msg1">{$error_text}</div>
{/if}
</div>
</div>
</div>
<div class="lottie-container" id="lottie-container"></div>
<script type="text/javascript">
var item = bodymovin.loadAnimation({
wrapper: document.getElementById('lottie-container'),
animType: 'svg',
loop: true,
autoplay: true,
path: '../media/data.json'
});
</script>
</main>
{literal}
<script type="text/javascript">
function keysave(ele) {
if(event.key === 'Enter') {
resetpasswort();
}
}
</script>
{/literal}
</div>
<div id="layoutAuthentication_footer">
<!-- footer -->
<div id="footer"></div>
</div>
</div>
</body>
</html>
{/if}

92
templates/modern/dashboard/startseite.html# Normal file

@ -0,0 +1,92 @@
<!DOCTYPE html>
<html lang="en">
<head>
<title>JU & MI Startseite</title>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" />
<meta name="description" content="" />
<meta name="author" content="" />
<link href="../bootstrap/node_modules/bootstrap/dist/css/bootstrap.min.css" rel="stylesheet">
<!-- nochmals bootstrap.css mit Erweiterungen vom Dashboard -->
<link href="css/styles.css" rel="stylesheet" />
<!-- icons in nav-->
<script src="js/all.js" crossorigin="anonymous"></script>
<script src="../jquery/jquery-3.4.1.min.js"></script>
</head>
<body class="sb-nav-fixed">
<div id="navtop"></div>
{literal}
<script>
$(function(){
// im Navbar muss der toggle in der Callbackfunktion definiert werden. Sonst findet jquery getelementbyID nicht
$("#navtop").load('navtop.php', null, function(){$.getScript('js/scripts.js');});
$("#navleft").load("nav.php");
$("#footer").load("footer.php");
});
</script>
{/literal}
<div id="layoutSidenav">
<!-- Navigation left -->
<div id="navleft"></div>
<div id="layoutSidenav_content">
<main>
<div class="container-fluid">
<div class="card">
<div class="card-header">
<i class="fas fa-user me-1"></i>
Herzlich willkommen {$startseite_name}
</div>
<div class="card-body">
<p class="card-text">Herzlich willkommen zur Administration von Jugendchor & Miteinander.<br><br>
</p>
<!--
<div class="row">
<div class="col-xl-3 col-md-6">
<div class="card bg-primary text-white mb-4">
<div class="card-body">Primary Card</div>
</div>
</div>
<div class="col-xl-3 col-md-6">
<div class="card bg-warning text-white mb-4">
<div class="card-body">Warning Card</div>
<div class="card-footer d-flex align-items-center justify-content-between">
<a class="small text-white stretched-link" href="#">View Details</a>
<div class="small text-white"><i class="fas fa-angle-right"></i></div>
</div>
</div>
</div>
<div class="col-xl-3 col-md-6">
<div class="card bg-success text-white mb-4">
<div class="card-body">Success Card</div>
<div class="card-footer d-flex align-items-center justify-content-between">
<a class="small text-white stretched-link" href="#">View Details</a>
<div class="small text-white"><i class="fas fa-angle-right"></i></div>
</div>
</div>
</div>
<div class="col-xl-3 col-md-6">
<div class="card bg-danger text-white mb-4">
<div class="card-body">Danger Card</div>
<div class="card-footer d-flex align-items-center justify-content-between">
<a class="small text-white stretched-link" href="#">View Details</a>
<div class="small text-white"><i class="fas fa-angle-right"></i></div>
</div>
</div>
</div>
</div>
-->
</div>
</div>
</div>
</main>
<!-- footer -->
<div id="footer"></div>
</div>
</div>
<script src="../bootstrap/node_modules/bootstrap/dist/js/bootstrap.bundle.min.js"></script>
</body>
</html>