-
id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
- {?>
-
-
-
- active){
- echo '
'._("Deactivate user")."";
- }else{
- echo '
'._("Activate user")."";
- }
- ?>
+ }
+
+ if ($this->id == $_SESSION['user']) {
+ ?>
+
+
+ id != $_SESSION['user'] && $user->get_rank() <= 1 && ($user->get_rank() < $this->rank)) { ?>
+
-
- id;
$stmt = $mysqli->prepare("SELECT count(*) FROM users WHERE username LIKE ?");
- $stmt->bind_param("s",$_POST["username"]);
+ $stmt->bind_param("s", $_POST["username"]);
$stmt->execute();
- if ($stmt->num_rows > 0)
- {
+ if ($stmt->num_rows > 0) {
$message = _("This username is already taken.");
return;
}
$stmt->close();
- if ($_SESSION['user'] != $id && $user->get_rank()>0)
- {
+ if ($_SESSION['user'] != $id && $user->get_rank() > 0) {
$message = _("Cannot change username of other users!");
- }else{
+ } else {
$stmt = $mysqli->prepare("UPDATE users SET username = ? WHERE id=?");
- $stmt->bind_param("si",$_POST["username"],$id);
+ $stmt->bind_param("si", $_POST["username"], $id);
$stmt->execute();
$stmt->close();
- header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
+ header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
}
}
@@ -484,30 +460,28 @@ class User
public function change_name()
{
global $mysqli, $message, $user;
- if (strlen(trim($_POST['name']))==0) {
+ if (strlen(trim($_POST['name'])) == 0) {
$messages[] = _("Name");
}
- if(strlen(trim($_POST['surname']))==0) {
+ if (strlen(trim($_POST['surname'])) == 0) {
$messages[] = _("Surname");
}
- if (!empty($messages))
- {
- $message = "Please enter ".implode(", ", $messages);
+ if (!empty($messages)) {
+ $message = "Please enter " . implode(", ", $messages);
return;
}
$id = $this->id;
- if ($_SESSION['user'] != $id && $user->get_rank()>0)
- {
+ if ($_SESSION['user'] != $id && $user->get_rank() > 0) {
$message = _("Cannot change names of other users!");
- }else{
+ } else {
$stmt = $mysqli->prepare("UPDATE users SET `name` = ?, `surname` = ? WHERE id=?");
- $stmt->bind_param("ssi",$_POST["name"],$_POST["surname"],$id);
+ $stmt->bind_param("ssi", $_POST["name"], $_POST["surname"], $id);
$stmt->execute();
$stmt->close();
- header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
+ header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
}
}
@@ -521,18 +495,15 @@ class User
{
global $mysqli, $message;
$id = $this->id;
- if ($_POST['password']!=$_POST['password_repeat'])
- {
+ if ($_POST['password'] != $_POST['password_repeat']) {
$message = _("Passwords do not match!");
return;
}
- if (!$token)
- {
- if ($_SESSION['user']!=$id)
- {
+ if (!$token) {
+ if ($_SESSION['user'] != $id) {
$message = _("Cannot change password of other users!");
- }else{
+ } else {
$stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
@@ -541,35 +512,32 @@ class User
$salt = $result['salt'];
$pass = $_POST['old_password'];
- $hash = hash('sha256', $pass.$salt);
+ $hash = hash('sha256', $pass . $salt);
$stmt = $mysqli->prepare("SELECT count(*) as count FROM users WHERE id=? AND password_hash = ?");
$stmt->bind_param("is", $id, $hash);
$stmt->execute();
- if ($stmt->get_result()->fetch_assoc()['count'])
- {
+ if ($stmt->get_result()->fetch_assoc()['count']) {
$pass = $_POST['password'];
- $hash = hash('sha256', $pass.$salt);
+ $hash = hash('sha256', $pass . $salt);
$stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
$stmt->bind_param("si", $hash, $id);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'");
- $stmt->bind_param("d", $id);
- $stmt->execute();
+ $stmt->bind_param("d", $id);
+ $stmt->execute();
$stmt->get_result();
-
+
User::logout();
- }
- else{
+ } else {
$message = _("Wrong password!");
}
}
- }else{
- if (Token::validate($token, $id, "passwd"))
- {
+ } else {
+ if (Token::validate($token, $id, "passwd")) {
$stmt = $mysqli->prepare("SELECT password_salt as salt FROM users WHERE id=?");
$stmt->bind_param("i", $id);
$stmt->execute();
@@ -578,20 +546,18 @@ class User
$salt = $result['salt'];
$pass = $_POST['password'];
- $hash = hash('sha256', $pass.$salt);
+ $hash = hash('sha256', $pass . $salt);
$stmt = $mysqli->prepare("UPDATE users SET password_hash = ? WHERE id=?");
- $stmt->bind_param("si", $hash,$id);
+ $stmt->bind_param("si", $hash, $id);
$stmt->execute();
$stmt->close();
$stmt = $mysqli->prepare("DELETE FROM tokens WHERE user = ? AND data = 'remember'");
- $stmt->bind_param("d", $id);
- $stmt->execute();
- $stmt->get_result();
- }
- else
- {
+ $stmt->bind_param("d", $id);
+ $stmt->execute();
+ $stmt->get_result();
+ } else {
$message = _("Invalid token detected, please retry your request from start!");
}
Token::delete($token);
@@ -612,41 +578,41 @@ class User
$stmt->execute();
$query = $stmt->get_result();
- $id = $query->fetch_assoc()['id'];
+ $id = $query->fetch_assoc()['id'];
$time = strtotime('+1 day', time());
$token = Token::add($id, 'passwd', $time);
- $link = WEB_URL."/admin/?do=lost-password&id=$id&token=$token";
+ $link = WEB_URL . "/admin/?do=lost-password&id=$id&token=$token";
$to = $email;
$user = new User($id);
- $subject = _('Reset password') . ' - '.NAME;
- $msg = sprintf(_( "Hi %s!
Below you will find link to change your password. The link is valid for 24hrs. If you didn't request this, feel free to ignore it.
RESET PASSWORDIf the link doesn't work, copy & paste it into your browser:
%s"), $user->get_name(), $link, $link);
- $headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
- $headers .= "MIME-Version: 1.0 ".PHP_EOL;
- $headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
- $headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
+ $subject = _('Reset password') . ' - ' . NAME;
+ $msg = sprintf(_("Hi %s!
Below you will find link to change your password. The link is valid for 24hrs. If you didn't request this, feel free to ignore it.
RESET PASSWORDIf the link doesn't work, copy & paste it into your browser:
%s"), $user->get_name(), $link, $link);
+ $headers = "Content-Type: text/html; charset=utf-8 " . PHP_EOL;
+ $headers .= "MIME-Version: 1.0 " . PHP_EOL;
+ $headers .= "From: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
+ $headers .= "Reply-To: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
mail($to, $subject, $msg, $headers);
- }
+ }
/**
* Sends email with link for email change confirmation (security reasons), link is token protected and valid only once.
* @return void
*/
- public function email_link(){
+ public function email_link()
+ {
global $user, $mysqli;
-
+
$email = $_POST['email'];
$id = $this->id;
- if ($user->get_rank()<1 && $id!=$_SESSION['user'])
- {
+ if ($user->get_rank() < 1 && $id != $_SESSION['user']) {
$stmt = $mysqli->prepare("UPDATE users SET email = ? WHERE id=?");
$stmt->bind_param("sd", $email, $id);
$stmt->execute();
$stmt->get_result();
- header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
+ header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
return;
}
@@ -654,14 +620,14 @@ class User
$token = Token::add($id, 'email;$email', $time);
- $link = WEB_URL."/admin/?do=change-email&id=$id&token=$token";
+ $link = WEB_URL . "/admin/?do=change-email&id=$id&token=$token";
$to = $email;
- $subject = _('Email change').' - '.NAME;
- $msg = sprintf(_( "Hi %s!
Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it.
CHANGE EMAILIf the link doesn't work, copy & paste it into your browser:
%s"), $user->get_name(), $link, $link);
- $headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
- $headers .= "MIME-Version: 1.0 ".PHP_EOL;
- $headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
- $headers .= "Reply-To: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
+ $subject = _('Email change') . ' - ' . NAME;
+ $msg = sprintf(_("Hi %s!
Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it.
CHANGE EMAILIf the link doesn't work, copy & paste it into your browser:
%s"), $user->get_name(), $link, $link);
+ $headers = "Content-Type: text/html; charset=utf-8 " . PHP_EOL;
+ $headers .= "MIME-Version: 1.0 " . PHP_EOL;
+ $headers .= "From: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
+ $headers .= "Reply-To: " . MAILER_NAME . ' <' . MAILER_ADDRESS . '>' . PHP_EOL;
mail($to, $subject, $msg, $headers);
return _('Confirmation email sent!');
@@ -677,8 +643,7 @@ class User
$token = $_GET['token'];
$id = $_GET['id'];
- if (Token::validate($token, $id, "email;%"))
- {
+ if (Token::validate($token, $id, "email;%")) {
$data = explode(";", Token::get_data($token, $id));
$email = $data[1];
@@ -688,25 +653,22 @@ class User
$stmt->execute();
$stmt->get_result();
Token::delete($token);
- header("Location: ".WEB_URL."/admin/");
- }
- else
- {
+ header("Location: " . WEB_URL . "/admin/");
+ } else {
$message = _("Invalid token detected, please retry your request from start!");
}
Token::delete($token);
-
}
/**
* Logs current user out.
* @return void
*/
- public static function logout(){
+ public static function logout()
+ {
session_unset();
- if (isset($_COOKIE['token']))
- {
+ if (isset($_COOKIE['token'])) {
$token = $_COOKIE['token'];
Token::delete($token);
unset($_COOKIE['user']);
@@ -714,26 +676,25 @@ class User
setcookie('user', null, -1, '/');
setcookie('token', null, -1, '/');
}
- header("Location: ".WEB_URL."/admin");
+ header("Location: " . WEB_URL . "/admin");
}
/**
* Changes permissions of current user - only super admin can do this, so it checks permission first.
* @return void
*/
- public function change_permission(){
+ public function change_permission()
+ {
global $mysqli, $message, $user;
- if ($user->get_rank()==0)
- {
+ if ($user->get_rank() == 0) {
$permission = $_POST['permission'];
$id = $_GET['id'];
$stmt = $mysqli->prepare("UPDATE users SET permission=? WHERE id=?");
$stmt->bind_param("si", $permission, $id);
- $stmt->execute();
- header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
- }
- else{
+ $stmt->execute();
+ header("Location: " . WEB_URL . "/admin/?do=user&id=" . $id);
+ } else {
$message = _("You don't have permission to do that!");
}
}
-}
+}
diff --git a/create-server-config.php b/create-server-config.php
index c3130da..96a026a 100644
--- a/create-server-config.php
+++ b/create-server-config.php
@@ -20,4 +20,3 @@ fwrite($f, fread($f2, filesize("IISWebConfig")));
fclose($f);
fclose($f2);
}
-?>
diff --git a/css/main.css b/css/main.css
index 2909dfe..a825a60 100644
--- a/css/main.css
+++ b/css/main.css
@@ -183,9 +183,9 @@ a:focus {
}
article.card input {
-background: transparent;
-border: none;
-border-bottom: 1px white outset;
+ background: transparent;
+ border: none;
+ border-bottom: 1px white outset;
}
article.card textarea {
diff --git a/css/print.css b/css/print.css
index d688d07..1971e74 100644
--- a/css/print.css
+++ b/css/print.css
@@ -1,140 +1,137 @@
@import url(https://fonts.googleapis.com/css?family=Open+Sans:400);
@import url(https://fonts.googleapis.com/css?family=Fira+Sans:400,700);
-body {
- background: #ffffff;
- margin: 0;
- height: 100%;
- line-height: 24px;
- font-family: 'Open Sans', sans-serif;
+body {
+ background: #ffffff;
+ margin: 0;
+ height: 100%;
+ line-height: 24px;
+ font-family: "Open Sans", sans-serif;
}
-#status-container
-{
- border-radius: 0;
- border-top: 1px solid #e0e0e0;
- border-bottom: 1px solid #e0e0e0;
+#status-container {
+ border-radius: 0;
+ border-top: 1px solid #e0e0e0;
+ border-bottom: 1px solid #e0e0e0;
}
-#status-container .item:last-child
-{
- border: none;
+#status-container .item:last-child {
+ border: none;
}
-#status-container .item{
- border-bottom: 1px solid #e0e0e0;
+#status-container .item {
+ border-bottom: 1px solid #e0e0e0;
}
-#status-big
-{
- float: none;
- width: 100%;
- text-align: center;
- font-family: 'Fira Sans', sans-serif;
- font-size: 1.5em
+#status-big {
+ float: none;
+ width: 100%;
+ text-align: center;
+ font-family: "Fira Sans", sans-serif;
+ font-size: 1.5em;
}
-#wrapper{
- padding-left: 20%;
- padding-right: 20%;
+#wrapper {
+ padding-left: 20%;
+ padding-right: 20%;
}
-.service{
- float: left;
- box-sizing: border-box;
- width:60%;
- min-width: 200px;
- padding: 15px 35px;
- font-weight: bold;
- font-size: 1em;
- font-family: 'Fira Sans', sans-serif;
+.service {
+ float: left;
+ box-sizing: border-box;
+ width: 60%;
+ min-width: 200px;
+ padding: 15px 35px;
+ font-weight: bold;
+ font-size: 1em;
+ font-family: "Fira Sans", sans-serif;
}
-.status{
- float: left;
- box-sizing: border-box;
- width:40%;
- min-width: 150px;
- padding: 15px 35px;
- text-align: right;
- font-size: 0.8em;
- font-family: 'Fira Sans', sans-serif;
+.status {
+ float: left;
+ box-sizing: border-box;
+ width: 40%;
+ min-width: 150px;
+ padding: 15px 35px;
+ text-align: right;
+ font-size: 0.8em;
+ font-family: "Fira Sans", sans-serif;
}
-
-#status-container .status.success{
- color:#2fcc66!important;
- font-weight: bolder;
+#status-container .status.success {
+ color: #2fcc66 !important;
+ font-weight: bolder;
}
-#status-container .status.warning{
- color:#edaa16!important;
- font-weight: bolder;
+#status-container .status.warning {
+ color: #edaa16 !important;
+ font-weight: bolder;
}
-#status-container .status.danger{
- color:#e74c3c!important;
- font-weight: bolder;
+#status-container .status.danger {
+ color: #e74c3c !important;
+ font-weight: bolder;
}
-#status-container .status.primary{
- color:#3A72BD!important;
- font-weight: bolder;
+#status-container .status.primary {
+ color: #3a72bd !important;
+ font-weight: bolder;
}
-.panel-success{
- border-color:#2fcc66;
+.panel-success {
+ border-color: #2fcc66;
}
-#footerwrap{
- display: none
+#footerwrap {
+ display: none;
}
-.btn
-{
- display: none
+.btn {
+ display: none;
}
-h3{
- text-align: center;
+h3 {
+ text-align: center;
}
-.panel-heading.icon{
- width: 50px;
- float: left;
- border: none;
+.panel-heading.icon {
+ width: 50px;
+ float: left;
+ border: none;
}
-h2.panel-title{
- float: left;
+h2.panel-title {
+ float: left;
}
-.panel,.panel-heading,.panel-footer{
- border-width: 3px
+.panel,
+.panel-heading,
+.panel-footer {
+ border-width: 3px;
}
body .panel-danger,
.panel-danger > .panel-body,
.panel-danger > .panel-heading,
-.panel-danger > .panel-footer{
- border-color: #a94442
+.panel-danger > .panel-footer {
+ border-color: #a94442;
}
body .panel-success,
.panel-success > .panel-body,
.panel-success > .panel-heading,
-.panel-success > .panel-footer{
- border-color: #2fcc66
+.panel-success > .panel-footer {
+ border-color: #2fcc66;
}
body .panel-warning,
.panel-warning > .panel-body,
.panel-warning > .panel-heading,
-.panel-warning > .panel-footer{
- border-color: #edaa16
+.panel-warning > .panel-footer {
+ border-color: #edaa16;
}
body .panel-primary,
.panel-primary > .panel-body,
.panel-primary > .panel-heading,
-.panel-primary > .panel-footer{
- border-color: #337ab7
-}
\ No newline at end of file
+.panel-primary > .panel-footer {
+ border-color: #337ab7;
+}
diff --git a/email_subscriptions.php b/email_subscriptions.php
index 366c2be..a06a29d 100644
--- a/email_subscriptions.php
+++ b/email_subscriptions.php
@@ -8,11 +8,11 @@ require_once("classes/mailer.php");
//require_once("libs/php_idn/idna.php");
require_once("classes/db-class.php");
$db = new SSDB();
-define("NAME", $db->getSetting($mysqli,"name"));
-define("TITLE", $db->getSetting($mysqli,"title"));
-define("WEB_URL", $db->getSetting($mysqli,"url"));
-define("MAILER_NAME", $db->getSetting($mysqli,"mailer"));
-define("MAILER_ADDRESS", $db->getSetting($mysqli,"mailer_email"));
+define("NAME", $db->getSetting($mysqli, "name"));
+define("TITLE", $db->getSetting($mysqli, "title"));
+define("WEB_URL", $db->getSetting($mysqli, "url"));
+define("MAILER_NAME", $db->getSetting($mysqli, "mailer"));
+define("MAILER_ADDRESS", $db->getSetting($mysqli, "mailer_email"));
define("GOOGLE_RECAPTCHA", $db->getBooleanSetting($mysqli, "google_recaptcha"));
//define("", $db->getSettings($mysqli, ""));
define("GOOGLE_RECAPTCHA_SECRET", $db->getSetting($mysqli, "google_recaptcha_secret"));
@@ -37,20 +37,20 @@ $subscription = new Subscriptions();
$boolRegistered = false;
-if ( isset($_GET['new']) ) {
+if (isset($_GET['new'])) {
// Form validation for subscribers signing up
$message = "";
- Template :: render_header(_("Email Subscription"));
+ Template::render_header(_("Email Subscription"));
if (isset($_POST['emailaddress'])) {
- if (0 == strlen(trim($_POST['emailaddress']))){
+ if (0 == strlen(trim($_POST['emailaddress']))) {
$messages[] = _("Email address");
}
// Perform DNS domain validation on
- if ( ! $mailer->verify_domain($_POST['emailaddress']) ) {
+ if (!$mailer->verify_domain($_POST['emailaddress'])) {
$messages[] = _("Domain does not apper to be a valid email domain. (Check MX record)");
}
@@ -63,7 +63,7 @@ if ( isset($_GET['new']) ) {
'response' => $_POST["g-recaptcha-response"]
);
$options = array(
- 'http' => array (
+ 'http' => array(
'header' => 'Content-Type: application/x-www-form-urlencoded\r\n',
'method' => 'POST',
'content' => http_build_query($data)
@@ -73,19 +73,17 @@ if ( isset($_GET['new']) ) {
$verify = file_get_contents($url, false, $context);
$captcha_success = json_decode($verify);
- if ( $captcha_success->success==false ) {
+ if ($captcha_success->success == false) {
$messages[] = _("reChaptcha validation failed");
}
}
- if ( isset($messages) ) {
+ if (isset($messages)) {
$message = _("Please check
");
$message .= implode("
", $messages);
}
-
}
- if(isset($_POST['emailaddress']) && empty($message))
- {
+ if (isset($_POST['emailaddress']) && empty($message)) {
// Check if email is already registered
$boolUserExist = false;
@@ -93,23 +91,21 @@ if ( isset($_GET['new']) ) {
$subscriber->typeID = 2; // Email
$boolUserExist = $subscriber->check_userid_exist();
- $url = WEB_URL."/index.php?do=manage&token=".$subscriber->token;
+ $url = WEB_URL . "/index.php?do=manage&token=" . $subscriber->token;
- if ( ! $boolUserExist ) {
+ if (!$boolUserExist) {
// Create a new subscriber as it does not exist
$subscriber->add($subscriber->typeID, $_POST['emailaddress']);
- $url = WEB_URL."/index.php?do=manage&token=".$subscriber->token; // Needed again after adding subscriber since token did not exist before add
- $msg = sprintf(_("Thank you for registering to receive status updates via email. Click on the following link to confirm and manage your subcription:
%s. New subscriptions must be confirmed within 2 hours"), $url, NAME .' - ' . _("Validate subscription"));
-
+ $url = WEB_URL . "/index.php?do=manage&token=" . $subscriber->token; // Needed again after adding subscriber since token did not exist before add
+ $msg = sprintf(_("Thank you for registering to receive status updates via email. Click on the following link to confirm and manage your subcription:
%s. New subscriptions must be confirmed within 2 hours"), $url, NAME . ' - ' . _("Validate subscription"));
} else {
- if ( ! $subscriber->active ) {
+ if (!$subscriber->active) {
// Subscriber is registered, but has not been activated yet...
- $msg = sprintf(_("Thank you for registering to receive status updates via email. Click on the following link to confirm and manage your subcription:
%s. New subscriptions must be confirmed within 2 hours"), $url, NAME .' - ' . _("Validate subscription"));
+ $msg = sprintf(_("Thank you for registering to receive status updates via email. Click on the following link to confirm and manage your subcription:
%s. New subscriptions must be confirmed within 2 hours"), $url, NAME . ' - ' . _("Validate subscription"));
$subscriber->activate($subscriber->id);
-
} else {
// subscriber is registered and active
- $msg = sprintf(_("Click on the following link to update your existing subscription:
%s"), $url, NAME .' - ' . _("Manage subscription"));
+ $msg = sprintf(_("Click on the following link to update your existing subscription:
%s"), $url, NAME . ' - ' . _("Manage subscription"));
$subscriber->update($subscriber->id);
}
}
@@ -119,90 +115,87 @@ if ( isset($_GET['new']) ) {
$constellation->render_success($header, $message, true, WEB_URL, _('Go back'));
// Send email about new registration
- $subject = _('Email subscription registered').' - '.NAME;
+ $subject = _('Email subscription registered') . ' - ' . NAME;
$mailer->send_mail($_POST['emailaddress'], $subject, $msg);
$boolRegistered = true;
}
// Add a new email subscriber - display form
- if ( isset($_GET['new']) && (! $boolRegistered) ) {
+ if (isset($_GET['new']) && (!$boolRegistered)) {
if (!empty($message)) {
- echo '
'.$message.'
';
+ echo '
' . $message . '
';
}
$strPostedEmail = (isset($_POST['emailaddress'])) ? $_POST['emailaddress'] : "";
- ?>
+?>
-