$fn");
}
class CLogin {
var $fehler;
var $msgsta;
var $modus;
var $aufruf;
var $loginadresse;
var $registeradresse;
var $link_doinvite;
var $aktivadresse;
var $doregisteradresse;
var $doaktivadresse;
var $loginname;
var $loginpass;
var $fehler;
var $msgsta;
var $nickname;
var $key;
var $lastvisitdate;
var $lastvisittime;
var $refname = false;
var $refid = false;
var $invitelink;
function CLogin() {
if (!isset($_GET['mode'])) {
$this->modus = "overview";
}
else {
$this->modus = $_GET['mode'];
}
if (defined("USERID"))
if (!in_array($this->modus, array("invite", "doinvite"))) $this->modus = "logout";
$this->aufruf = $_SERVER["SCRIPT_NAME"] . "?fp=" . $_GET['fp'] . "&content=" . $_GET['content'];
switch ($this->modus) {
case "overview":
$this->loginadresse = $this->aufruf . "&mode=login";
$this->registeradresse = $this->aufruf . "&mode=registrieren";
$this->aktivadresse = $this->aufruf . "&mode=aktivieren";
break;
case "login":
$this->loginname = $_POST['nickname'];
$this->loginpass = $_POST['password'];
$this->Login();
break;
case "registrieren":
$this->doregisteradresse = $this->aufruf . "&mode=doregistrieren";
$this->GetRef();
break;
case "aktivieren":
$this->doaktivadresse = $this->aufruf . "&mode=doaktivieren";
$this->registeradresse = $this->aufruf . "&mode=registrieren";
break;
case "logout":
$this->Logout();
break;
case "doregistrieren":
$this->GetRef();
$this->Registrieren();
break;
case "doaktivieren":
$this->Aktivieren();
break;
case "invite":
if (!defined("USERID")) return false;
$this->invitelink = "http://".$_SERVER['HTTP_HOST'] . $_SERVER["SCRIPT_NAME"] . "?refid=" . USERID;
$this->link_doinvite = $this->aufruf . "&mode=doinvite";
break;
case "doinvite":
$this->invitelink = "http://".$_SERVER['HTTP_HOST'] . $_SERVER["SCRIPT_NAME"] . "?refid=" . USERID;
$this->Invite();
break;
}
}
function Invite() {
if (!defined("USERID")) {
$this->fehler = true;
$this->msgsta = ONLYREGISTEREDUSERS;
return false;
}
if (!isset($_POST['empfname']) || trim($_POST['empfname']) == "")
$empfname = false;
else
$empfname = $_POST['empfname'];
$email = $_POST['email'];
if ($empfname) $email = "$empfname <$email>";
$userid = USERID;
$DB = new DB;
$query = "SELECT nickname, email FROM ".DBTABLEPRETEXT."mitglieder WHERE userid='$userid';";
$res = $DB->query($query);
$fetch = mysql_fetch_array($res);
$nickname = $fetch['nickname'];
$sendermail = $fetch['email'];
$path = MAILPATH;
$mail = file($path."werbung.htm");
$text = implode("", $mail);
$text = str_replace("{link}", $this->invitelink, $text);
$text = str_replace("{empfname}",$empfname, $text);
$text = str_replace("{nickname}", $nickname, $text);
$start = -1;
$ende = -1;
for ($i = 0; $i < strlen($text) - 8; $i ++) {
$t = "";
if ($start < 0) {
for ($j = 0; $j < 7; $j++) $t .= $text[$i + $j];
if (strtolower($t)=="")
$start = $i + $j;
} else if ($ende < 0) {
for ($j = 0; $j < 8; $j++) $t .= $text[$i + $j];
if (strtolower($t)=="")
$ende = $i - 1;
}
}
$betreff = "";
if ($start != -1 && $ende != -1)
for ($i = $start; $i <= $ende; $i++) $betreff .= $text[$i];
/* Um eine HTML-Mail zu senden, können Sie den den "Content-type"-Header.
setzen */
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-type: text/html; charset=iso-8859-1\r\n";
/* zusätzliche Header */
$headers .= "From: $nickname <$sendermail>\r\n";
/* Verschicken der Mail */
if (!@mail($email, $betreff, $text, $headers)) {
$this->fehler = true;
$this->msgsta = SMTPERROR;
return false;
}
}
function GetRef() {
$DB = new DB;
if (!(isset($_GET['refid']) || isset($_GET['refname']) || isset($_POST['refid']) || isset($_POST['refname']))) return false;
if (isset($_GET['refid'])) $this->refid = $_GET['refid'];
else if (isset($_POST['refid'])) $this->refid = $_POST['refid'];
else if (isset($_GET['refname'])) $this->refname = $_GET['refname'];
else if (isset($_POST['refname'])) $this->refname = $_POST['refname'];
$refid = $this->refid;
$refname = $this->refname;
$DB = new DB;
if ($refid) {
$query = "SELECT userid, nickname FROM ".DBTABLEPRETEXT."mitglieder WHERE userid='$refid';";
} else {
$query = "SELECT userid, nickname FROM ".DBTABLEPRETEXT."mitglieder WHERE nickname='$refname';";
}
$res = $DB->query($query);
if ($res) $fetch = mysql_fetch_array($res);
if (!$res || mysql_affected_rows() == 0) {
$this->refid = false;
$this->refname = false;
return false;
}
$this->refid = $fetch['userid'];
$this->refname = $fetch['nickname'];
return true;
}
function generatekey() {
$zeichen = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
$key = "";
for ($i = 0; $i < 10; $i++) {
$key .= $zeichen[rand(0,strlen($zeichen)-1)];
}
return $key;
}
function Registrieren() {
function berechnealter($birthday) {
$datum = split("-", $birthday);
if (count($datum) != 3) return false;
$jahr = $datum[0];
$monat = $datum[1];
$tag = $datum[2];
$aktuell = time();
$jahra = date("Y", $aktuell);
$monata = date("m", $aktuell);
$taga = date("d", $aktuell);
if ($jahr < 1900 || $jahr > $jahra)
return false;
$ok = false;
if (($monat == 1 ||$monat == 3 ||$monat == 5 ||$monat == 7 ||$monat == 8 ||$monat == 10 ||$monat == 12) && ($tag >= 1 && $tag <= 31))
$ok = true;
if (($monat == 4 ||$monat == 6 ||$monat == 9 ||$monat == 11) && ($tag >= 1 && $tag <= 30))
$ok = true;
if (($monat == 2) && ($tag >= 1 && $tag <= 29))
$ok = true;
if (!$ok) return false;
if ($monat < $monata || ($monat == $monata && $taga >= $tag))
$alter = $jahra - $jahr;
else
$alter = $jahra - $jahr - 1;
return $alter;
}
$DB = new DB;
$nickname = $_POST['editNickname'];
$err = checkstring($nickname);
if ($err) {
$this->fehler = true;
$this->msgsta = str_replace("{zeichen}", ERLAUBTEZEICHEN, REG_UNGUELTIGERNICKNAME);
$this->msgsta .= "
[zurück]";
return false;
}
$this->nickname = $nickname;
$passwort = crypt($_POST['editPasswort'],'hg');
$vorname = $_POST['editVorname'];
$nachname = $_POST['editNachname'];
$email = $_POST['editEmail'];
$aktiv = "0";
$geschlecht = $_POST['geschlecht'];
$geburtstag = $_POST['jahr']."-".$_POST['monat']."-".$_POST['tag'];
$alter = berechnealter($geburtstag);
if ($alter < MINDESTALTER || $alter > 99) {
$this->fehler = true;
$this->msgsta = str_replace("{minage}", MINDESTALTER, REG_TOOYOUNG);
return false;
}
$DB = new DB;
$query = "SELECT userid FROM ".DBTABLEPRETEXT."mitglieder WHERE nickname='$nickname';";
$res = $DB->query($query);
if (mysql_affected_rows() != 0 || !$res) {
$this->fehler = true;
$this->msgsta = REG_USERNAMEFAIL;
return false;
}
$emailok = eregi("^[a-z0-9]+([-_\.]?[a-z0-9])+@[a-z0-9]+([-_\.]?[a-z0-9])+\.[a-z]{2,4}", $email);
if (!$emailok || $email == "") {
$this->fehler = true;
$this->msgsta = REG_EMAILFAIL;
return false;
}
$query = "SELECT email FROM ".DBTABLEPRETEXT."mitglieder WHERE email='$email';";
$res = $DB->query($query);
if (mysql_affected_rows() > 0) {
$this->fehler = true;
$this->msgsta = REG_EMAILINUSE;
return false;
}
$anmeldedatum = time ();
$query = "INSERT INTO ".DBTABLEPRETEXT."mitglieder (nickname, email, Vorname, Nachname, passwort, geschlecht, geburtstag, aktiv, anmeldedatum) ".
"VALUES ('$nickname','$email','$vorname','$nachname','$passwort','$geschlecht','$geburtstag','$aktiv','$anmeldedatum');";
$res = $DB->query($query);
if (!$res) {
$this->fehler = true;
$this->msgsta = DBERROR;
return false;
}
$query = "SELECT userid FROM ".DBTABLEPRETEXT."mitglieder WHERE nickname='$nickname';";
$res = $DB->query($query);
$fetch = mysql_fetch_array($res);
$userid = $fetch['userid'];
$key = $this->generatekey();
$refid = $this->refid;
$query = "INSERT INTO ".DBTABLEPRETEXT."aktivierung (userid, aktivierungsschluessel, refid) VALUES ('$userid','$key', '$refid');";
$res = $DB->query($query);
if (!$res) {
$this->fehler = true;
$this->msgsta = DBERROR;
return false;
}
$query = "INSERT INTO ".DBTABLEPRETEXT."sec_usergruppe (userid, groupid) VALUES ('$userid', ".GROUP_MEMBER.");";
$res = $DB->query($query);
if (!$res) {
$this->fehler = true;
$this->msgsta = DBERROR;
return false;
}
$message = str_replace("{key}", $key, REG_WELCOMEMAIL);
if (!@mail($email, REG_MAILSUBJECT, $message))
echo "
".SMTPERROR."
";
}
function Aktivieren() {
$this->nickname = $_POST['editNickname'];
$this->key = $_POST['editKey'];
if ($this->nickname == "" || $this->key == "") {
$this->fehler = true;
$this->msgsta = REG_NODATA;
return false;
}
$DB = new DB;
$nickname = $this->nickname;
$query = "SELECT userid FROM ".DBTABLEPRETEXT."mitglieder WHERE nickname='$nickname';";
$res = $DB->query($query);
$fetch = mysql_fetch_array($res);
$userid = $fetch['userid'];
$key = $this->key;
$query = "SELECT * FROM ".DBTABLEPRETEXT."aktivierung WHERE userid='$userid' AND lower(aktivierungsschluessel)=lower('$key');";
$res = $DB->query($query);
if (!$res || mysql_affected_rows() == 0) {
$this->fehler = true;
$this->msgsta = REG_NOTACTIVATED;
return false;
}
$refid = false;
$fetch = mysql_fetch_array($res);
if ($fetch['refid'] >= 1) $refid = $fetch['refid'];
$query = "DELETE FROM ".DBTABLEPRETEXT."aktivierung WHERE userid='$userid';"; // AND aktivierungsschluessel='$key'
$res = $DB->query($query);
if (!$res) {
$fehler = true;
$msgsta = REG_KEYERROR;
return false;
}
$nickname = $this->nickname;
$query = "SELECT userid FROM ".DBTABLEPRETEXT."mitglieder WHERE nickname='$nickname';";
$res = $DB->query($query);
$fetch = mysql_fetch_array($res);
$userid = $fetch['userid'];
$query = "UPDATE ".DBTABLEPRETEXT."mitglieder SET aktiv=1 WHERE userid='$userid';";
$res = $DB->query($query);
if (!$res) {
$fehler = true;
$msgsta = REG_USERERROR;
return false;
}
$query = "SELECT refpunkte FROM ".DBTABLEPRETEXT."mitglieder WHERE userid='$refid';";
$res = $DB->query($query);
$fetch = mysql_fetch_array($res);
$refpunkte = $fetch['refpunkte'] + REG_INVITEPUNKTE;
$query = "UPDATE ".DBTABLEPRETEXT."mitglieder SET refpunkte='$refpunkte' WHERE userid='$refid';";
$res = $DB->query($query);
$fehler = false;
}
function Logout() {
$DB = new DB;
if (defined("USERID")) {
$userid = USERID;
$query = "SELECT nickname FROM ".DBTABLEPRETEXT."mitglieder WHERE userid='$userid';";
$res = $DB->query($query);
$fetch = mysql_fetch_array($res);
$this->nickname = $fetch['nickname'];
}
setcookie ("casaauth[user]", "", -time());
setcookie ("casaauth[pass]", "", -time());
}
function Login() {
$this->loginpass = crypt($this->loginpass, 'hg');
$nickname = $this->loginname;
$password = $this->loginpass;
$DB = new DB;
$query = "SELECT userid, nickname, design, aktiv FROM ".DBTABLEPRETEXT."mitglieder WHERE nickname=\"$nickname\" AND passwort=\"$password\" LIMIT 1;";
$res = $DB->query($query);
if (!$res || mysql_affected_rows() == 0) {
$this->fehler = true;
$this->msgsta = LGN_FAIL;
return false;
}
$fetch = mysql_fetch_array($res);
// Überprüfen ob der Account aktiv ist
if ($fetch['aktiv'] != "1") {
$this->fehler = true;
$this->msgsta = LGN_NOTACTIVE;
return false;
}
$nickname = $fetch['nickname'];
$userid = $fetch['userid'];
// Überprüfen ob der User gesperrt ist
$q = "SELECT userid FROM ".DBTABLEPRETEXT."banneduserids WHERE userid='$userid';";
$r = $DB->query($q);
if (mysql_affected_rows() > 0) {
// User ist gesperrt
$this->fehler = true;
$this->msgsta = LGN_LOCKED;
return false;
}
$this->fehler = false;
setcookie ("casaauth[user]", $nickname, time()+60*60*24*30);
setcookie ("casaauth[pass]", $password, time()+60*60*24*30);
if ($fetch['design'] != "") {
setcookie ("design".$userid, $fetch['design'], time()+60*60*24*30);
$designfile = $fetch['design'];
}
/*$login = LOGINSTR;
$query = "SELECT MAX(timestamp) AS zeit FROM ".DBTABLEPRETEXT."aktionen WHERE userid='$userid' AND aktion LIKE '$login' LIMIT 1;";
$res = $DB->query($query);
$fetch = mysql_fetch_array($res);
if ($fetch['zeit'] == 0 || $fetch['zeit'] == "") $fetch['zeit'] = time();
$this->lastvisitdate = date("d.m.Y", $fetch['zeit']);
$this->lastvisittime = date("H:i:s", $fetch['zeit']);*/
$query = "SELECT timestamp FROM ".DBTABLEPRETEXT."loginliste WHERE userid='$userid' ORDER BY timestamp DESC LIMIT 1;";
$res = $DB->query($query);
if ($res) $fetch = mysql_fetch_array($res);
if (!($res && mysql_affected_rows() > 0 && (isset($fetch['timestamp']) && $fetch['timestamp'] > 0))) {
$fetch['timestamp'] = time();
}
$this->lastvisitdate = date("d.m.Y", $fetch['timestamp']);
$this->lastvisittime = date("H:i:s", $fetch['timestamp']);
$this->nickname = $nickname;
/*$uhrzeit = date("H:i:s", time());*/
$timestamp = time();
$datum = date("Y-m-d", $timestamp);
$query = "INSERT INTO ".DBTABLEPRETEXT."loginliste (userid, timestamp, datum) VALUES ('$userid','$timestamp','$datum');";
$res = $DB->query($query);
define("USERID", $userid);
$Protokoll = new CAktionen;
}
function Show() {
if ($this->fehler) {
?>
modus) {
case "overview":
?>
fehler) {
echo $this->msgsta;
}
else {
?>
nickname, LGN_WELCOMENICK); ?>!
lastvisitdate, str_replace("{time}", $this->lastvisittime, LGN_LASTVISIT)); ?>
|
fehler) {
?>
msgsta; ?>
nickname, ARG_HELLONICK); ?>
|
|
fehler) {
?>
msgsta; ?>
nickname, AAC_HELLONICK); ?>!
|
invitelink, str_replace("{punkte}", REG_INVITEPUNKTE, INV_INTRO)); ?>
