IsSMTP(); $mail->Host = SMTP_SERVER; $mail->From = "admin@oegor.univie.ac.at"; $mail->FromName = "OEGOR Administrator"; $mail->AddAddress($email); $mail->WordWrap = 72; $mail->Subject = "Your new OEGOR password"; $mail->Body = 'Find below your new OEGOR password.' . "\n\nPassword: $password\n"; if(!$mail->Send()) { $err = "Failed to send password via mail." . " Please try again later or contact the administrator."; return FALSE; } return TRUE; } function set_password($pwd, &$err) { if (!isset($_SESSION['oegorlogin'])) { $err = "You need to be logged in to change your password"; return FALSE; } $query_set_pwd = "UPDATE member SET member_password = '$pwd'" . " WHERE member_id = '" . $_SESSION['oegorlogin'] . "'"; if (!mysql_query($query_set_pwd)) { $err = "Your password couldn't be changed"; return FALSE; } return TRUE; } session_start(); // COOKIE Management $colorscheme = 3; $language = 1; $loggedin = 0; $admin = 0; // Login Try? $specialpage = 0; if (array_key_exists("specialpage", $_REQUEST)) { $specialpage = $_REQUEST["specialpage"]; } if (array_key_exists('oegorlogin', $_SESSION)) { $member_id = $_SESSION['oegorlogin']; $loggedin = $_SESSION['oegorlogin']; } $logintry_error = 0; if ($specialpage == 1) { $loginemail = $_REQUEST["loginemail"]; $loginpassword = ''; if (array_key_exists('loginpasswort', $_REQUEST)) { $loginpassword = trim($_REQUEST['loginpasswort']); } $sql = "SELECT member_id, member_password " . "FROM member WHERE member_email = '$loginemail'"; $errcode = "select/section"; $result = mysql_query($sql) or die ("Access to database failed Errorcode: #$errcode"); if (mysql_num_rows($result) == 1) { while($row = mysql_fetch_array($result)) { $member_password = $row["member_password"]; $member_id = $row["member_id"]; } if (strlen($loginpassword) == 0 || $member_password != $loginpassword) { $logintry_error = 2; } else { // Everything OK // setcookie("oegorlogin", $member_id); $_SESSION['oegorlogin'] = $member_id; $loggedin = $member_id; $member = get_member_data(); $_SESSION['member_name'] = $member['full_name']; $_SESSION['member_email'] = $member['email']; # fetch user's groups $query = "SELECT g.name FROM membership m JOIN groups g" . " ON m.group_id = g.id" . " WHERE m.member_id = $member_id"; $result = mysql_query($query); $groups = array(); if ($result) { while ($row = mysql_fetch_row($result)) { $groups[] = $row[0]; } mysql_free_result($result); } $_SESSION['groups'] = $groups; } } else { $logintry_error = 1; } } // Inital configuration & cookie management if (array_key_exists("oegorlanguage", $_REQUEST)) { $req_language = $_REQUEST['oegorlanguage']; if ($req_language > 0 && $req_language < 3) { $language = $req_language; } } if (array_key_exists("oegorcolor", $_REQUEST)) { $req_color = $_REQUEST['oegorcolor']; if ($req_color == 1 || $req_color == 3) { $colorscheme = $req_color; } } if (array_key_exists('oegorlogin', $_REQUEST) && $_REQUEST['oegorlogin'] > 0) { $loggedin = $_REQUEST['oegorlogin']; } $doaction = ''; if (array_key_exists('action', $_REQUEST)) { $doaction = $_REQUEST['action']; } if (strlen($doaction) > 0) { $doaction2 = explode(";", $doaction); for ($i=0; $i OeGOR 0) { #$sql_name = "SELECT member_name, member_prename, member_permission" # . " FROM member WHERE member_id = '$loggedin'"; $sql_admin = "SELECT * FROM membership ms JOIN groups g" . " ON ms.group_id = g.id WHERE ms.member_id = $loggedin" . " AND g.name = 'Vorstand'"; #$result = mysql_query($sql_name) # or die ("Cannot fetch member data from database."); #while($row = mysql_fetch_array($result)) #{ # $member_fullname = $row["member_prename"]." ".$row["member_name"]; # $member_permission = $row["member_permission"]; #} #mysql_free_result($result); $result = mysql_query($sql_admin); # or die ("Cannot fetch member permissions from database."); if ($result && mysql_num_rows($result) > 0) { $admin = 1; } mysql_free_result($result); } // Configuration $subpage = ""; $section = 0; $subsection = -1; $oegorpage = ''; if (array_key_exists('oegor', $_REQUEST)) { $oegorpage = $_REQUEST['oegor']; } $oegorpage2 = explode(";", $oegorpage); for ($i = 0; $i < count($oegorpage2); $i++) { $oegorpage3 = explode(",", $oegorpage2[$i]); if ($oegorpage3[0] == "section") { $section = $oegorpage3[1]; } if ($oegorpage3[0] == "language") { $language = $oegorpage3[1]; } if ($oegorpage3[0] == "subsection") { $subsection = $oegorpage3[1]; } } if (($section < 0) && ($section > 4)) { $section = 0; } if (($language < 1) && ($language > 2)) { $language = 1; } // Colorscheme if ($colorscheme == 1) { $colors = array( "336699", "666699", "669999", "669966", "999966" ); $colors_light = array( "336699", "666699", "669999", "669966", "999966" ); } if ($colorscheme == 2) { $colors = array( "336699", "666699", "669999", "669966", "999966" ); $colors_light = array( "6699cc", "9999cc", "99cccc", "99cc99", "cccc99" ); } if ($colorscheme == 3) { $colors = array( "336699", "336699", "336699", "336699", "336699" ); $colors_light = array( "6699cc", "6699cc", "6699cc", "6699cc", "6699cc" ); } if ($colorscheme == 4) { $colors = array( "666633", "666633", "666633", "666633", "666633" ); $colors_light = array( "999966", "999966", "999966", "999966", "999966" ); } // SECTION $section_color = $colors[$section]; $section_color_light = $colors_light[$section]; // LANGUAGE $sql = "SELECT section_id, section_title, section_editable FROM section WHERE language_id = '$language' ORDER BY section_order LIMIT 0,5"; $errcode = "select/section"; $result = mysql_query($sql) or die ("Access to database failed Errorcode: #$errcode"); $sections = array(); $sectionids = array(); $sectioned = array(); while($row = mysql_fetch_array($result)) { array_push($sections, $row["section_title"]); array_push($sectionids, $row["section_id"]); array_push($sectioned, $row["section_editable"]); } ?>

0) { echo ";border-left-width:0px"; } echo "\">"; ?>
Willkommen " . $_SESSION['member_name'] . "

"; } else { ?> Beim Login ist ein Fehler aufgetreten: Die eingegebene Emailadresse konnte in der Datenbank nicht gefunden werden!"; } if ($logintry_error == 2) { echo "Das eigegebene Passwort ist falsch!"; } ?>
 
Bitte wiederholen Sie den Loginvorgang. Sollte das Problem weiterhin bestehen, wenden Sie sich bitte an admin@oegor.univie.ac.at.
Ihre Email Adresse:
Ihr Passwort:
Administrator - Edit Content
 

 
Administrator - Change Content

Administrator - Edit Subsections
 
Deactivate Subsection

 
Administrator - Add Subsection
Subsection title:
Order:
Administrator - Add Subsections
 
$ss_title
', '$currentunixtime', '$member_id')"; $errcode = "select/subsection:" . __LINE__; $result = mysql_query($sql) or die ("Access to database failed Errorcode: #$errcode"); } // EDIT MENU - EDIT SUBSECTION if ($specialpage == 6) { $specialparameter = $_REQUEST["parameter"]; $subsectitle = $_REQUEST["subsectitle"]; $subsecorder = $_REQUEST["subsecorder"]; ?> Administrator - Edit Subsection
 
Administrator - Deactivate Subsection
 
Mitglieder - Registrieren
\n"; $loginemail = $_REQUEST["loginemail"]; $error = NULL; if (reset_password($loginemail, $error)) { echo "Ihr neues Passwort wurde erfolgreich an folgende"; echo " Email-Adresse versandt: $loginemail\n"; } else { echo "Leider ist bei der Bearbeitung Ihrer Anfrage ein"; echo " Fehler aufgretreten:
"; echo "$error\n"; } } // login if ($specialpage == 10) { include('login.php'); } // group mail if ($specialpage == 11) { include('mail.php'); } if ($specialpage == 12) { include('change_pwd.php'); } if ($specialpage == 13) { $new_pwd = $_REQUEST["password"]; $error = NULL; if (set_password($new_pwd, $error)) { echo "Ihr Passwort wurde erfolgreich geändert"; } else { echo "Leider ist bei der Bearbeitung Ihrer Anfrage ein"; echo " Fehler aufgretreten:
"; echo "$error\n"; } } // NORMALER CONTENT if ($specialpage == 0) { if ($subsection < 0) { // member's area include($loggedin == 0 ? 'login.php' : 'change_pwd.php'); } else { // normal content $sql = "SELECT content_id, content_text" . " FROM content WHERE subsection_id = '$subsection'"; $errcode = "select/subsection:" . __LINE__; $result = mysql_query($sql) or die ("Access to database failed: #$errcode"); while($row = mysql_fetch_array($result)) { echo $row["content_text"]; $content_id = $row["content_id"]; } // edit menu if (($admin == 1) && ($sectioned[$section] == 0)) { ?>