doLogin();
}
if($todo == "logout") {
$TPL->doLogout();
}
//FALLBACK, WENN DOCH SCHON EINGELOGT
$abt = $todo = '';
}
elseif($abt == "registrieren") {
if($_SESSION['B2B_SESS']['KD_ID'] > 0) $TPL->setRedirect("Sie sind bereits registriert!",G_WEBROOT."meine_daten/");
$params['COUNTRIES'] = $countries;
$params['ANREDEN'] = $anreden;
if($todo == "enter") {
include_once("userdata.php");
}
if($todo == "start" || $todo == "") {
$frags['CONTENT'] = "register_start.tpl";
$params['Buttontext'] = "Anmelden";
}
}
elseif($abt == "meine_daten") {
$TPL->checkLogin();
$params['COUNTRIES'] = $countries;
$params['ANREDEN'] = $anreden;
if($todo == "enter") {
include_once("userdata.php");
}
if($todo == "start" || $todo == "") {
$frags['CONTENT'] = "register_start.tpl";
$AAA->getKundenDaten();
$params['Buttontext'] = "Daten ändern";
}
}
elseif($abt == "passwort_vergessen") {
if($todo == "changePWD") {
include_once("AUTH/class.npcrypt.php");
/***
* User kommt zum ersten Mal hier an und uebergibt Temp PWD und Emailadresse
* aus seiner Loginmail
*/
if($_REQUEST['usrmail'] != '' && $_REQUEST['temp_pwd'] != '') {
$usrmail = sanitizeDB($_REQUEST['usrmail']);
$temp_pwd = sanitizeDB($_REQUEST['temp_pwd']);
$get = $conn->single("select KD_ID, KD_VORNAME, KD_NACHNAME from KUNDEN
where KD_EMAIL='" . $usrmail . "' and KD_STATUS=3
and KD_TEMP_PWD='" . $temp_pwd . "'");
if((int)$get['KD_ID'] < 1) {
$TPL->setRedirect("Unbekannte Emailadresse oder falsches Passwort",G_WEBROOT,3);
exit;
}
$_SESSION['TEMPLOGIN'] = array('KD_ID'=>$get['KD_ID'],
'KD_VORNAME' => $get['KD_VORNAME'],
'KD_NACHNAME' => $get['KD_NACHNAME'],
'KD_EMAIL'=>$usrmail,
'TEMP_PWD' => $temp_pwd);
}
/**
* User war schonmal hier, entweder er will nochmal oder er vergibt sich gerade ein neues Passwort
*/
if(is_array($_SESSION['TEMPLOGIN'])) {
/** Neues Passwort setzen! */
if($_REQUEST['USR_PASS'] != "") {
$pass1 = sanitizeDB(utf8_decode($_REQUEST['USR_PASS']));
$pass2 = sanitizeDB(utf8_decode($_REQUEST['USR_PASS2']));
if(strlen($pass1) < 8) $msg .= "Das Passwort muss mindestens 8 Zeichen lang sein!
";
if(!preg_match("/[a-z]/i",$pass1) || !preg_match("/\d/",$pass1) ) $msg .= "Das Passwort muss aus Buchstaben und Zahlen bestehen!
";
if($pass1 != $pass2) $msg .= "Die Passwörter stimmen nicht überein";
if($msg == '') {
$new_pwd = NPCrypt::owEncode($pass1);
$set = $conn->update("update KUNDEN set KD_PASSWD='" . $new_pwd . "', KD_TEMP_PWD=''
where KD_ID=" . $_SESSION['TEMPLOGIN']['KD_ID']);
#Update der Userhistory, ohne das PW anzuzeigen
$TPL->doLogin($_SESSION['TEMPLOGIN']['KD_EMAIL'], $pass1);
exit;
}
}
$params['ERRMSG'] = $msg;
$params['USR_ID'] = $_SESSION['TEMPLOGIN']['USR_FIRSTNAME'];
$params['USR_FIRSTNAME'] = $_SESSION['TEMPLOGIN']['USR_FIRSTNAME'];
$params['USR_LASTNAME'] = $_SESSION['TEMPLOGIN']['USR_LASTNAME'];
$params['NEWPASSWORD'] = 1;
$params['MSG'] = "OK";
$frags['CONTENT'] = "lostpassword.tpl";
$TPL->showPage($frame, $frags,$params);
exit;
}
else {
$TPL->setRedirect("Kein Zugang",G_WEBROOT,2);
}
}
else {
if(!$_REQUEST['email']) {
$frags['CONTENT'] = "lostpassword.tpl";
}
else {
include_once("AUTH/class.npcrypt.php");
$usrmail = sanitizeDB($_REQUEST['email']);
$get = $conn->single("select KD_ID, KD_VORNAME, KD_NACHNAME from KUNDEN where
KD_EMAIL='" . $usrmail . "' and KD_STATUS=3");
if((int)$get['KD_ID'] < 1) {
$TPL->setRedirect("Unbekannte Emailadresse",G_WEBROOT,3);
}
$params['KD_VORNAME'] = $get['KD_VORNAME'];
$params['KD_NACHNAME'] = $get['KD_NACHNAME'];
$temppwd = NPCrypt::owEncode($usrmail.time());
$set = $conn->update("update KUNDEN set KD_TEMP_PWD='" . $temppwd . "' where KD_ID=".(int)$get['KD_ID']);
$params['usrmail'] = $usrmail;
$params['passwd'] = $temppwd;
$TPL->assign($params);
$mail = $TPL->fetch("lostpassword_mail.tpl");
@mail($usrmail,"Ihr Login fuer sparbon.de",$mail,"From:".G_SUPPORTMAIL);
$TPL->setRedirect("Sie erhalten in Kürze eine Email mit Ihrem Login!",G_WEBROOT,3);
exit;
}
}
}
//if($_REQUEST['todo'] == "newpassword") {
// }
//elseif($abt == "passwort_vergessen") {
// $frags['CONTENT'] = "lostpassword.tpl";
// if($todo == 'setConfirm') {
// $params['email'] = sanitizeDB($_REQUEST['email']);
// $ENT = new Smarty_B2Bon;
// $ret = $ENT->newPasswordConfirm($params['email']);
// if($ret != 'OK') {
// $params['ERRMSG'] = $ret;
// }
// else $params['CMSG'] = $ret;
// }
// elseif($_REQUEST['email'] != '' && $_REQUEST['ReqId'] != '') {
// $params['email'] = sanitizeDB($_REQUEST['email']);
// $params['ReqId'] = sanitizeDB($_REQUEST['ReqId']);
// $ENT = new Smarty_B2Bon;
// $ret = $ENT->sendNewPassword($params['email'], $params['ReqId']);
// if($ret != 'OK') {
// $params['ERRMSG'] = $ret;
// }
// else $params['MSG'] = $ret;
// }
// }
elseif($abt == "filialen") {
$TPL->checkLogin();
$params['COUNTRIES'] = $countries;
include_once("filialen.php");
}
elseif($abt == "bons") {
$TPL->checkLogin();
$params['COUNTRIES'] = $countries;
include_once("bons.php");
}
elseif($abt == "buchung") {
$TPL->checkLogin();
$params['active'] = "buchung";
$ll = range(1, 24);
foreach($ll as $la) $params['LAUFZEITEN'][$la] = $la;
if($todo == "enter" || $todo == "list" || $todo == "delete") {
include_once("buchung.php");
}
elseif($todo = "start" or $todo == "") {
$frags['CONTENT'] = "buchung_new.tpl";
}
}
elseif($abt == "statistik") {
$params['active'] = "stats";
include_once("stats.php");
$TPL->checkLogin();
}
if($abt == '' and $todo == '') {
$params['active'] = "start";
$frags['CONTENT'] = "start.tpl";
}
elseif($abt=='so_gehts') {
$params['active'] = "so_gehts";
$frags['CONTENT'] = "so_gehts.tpl";
}
elseif($abt=='impressum') {
$frags['CONTENT'] = "impressum.tpl";
}
elseif($abt=='agb') {
$frags['CONTENT'] = "agb.tpl";
}
elseif($abt=='datenschutz') {
$frags['CONTENT'] = "datenschutz.tpl";
}
#echo "";
#print $_REQUEST['abt']."\n";
#echo $_SERVER['REDIRECT_URL']."
#".$_SERVER['REDIRECT_QUERY_STRING']."
#".$_SERVER['SCRIPT_FILENAME'];
#echo "
";
$params['abt'] = $abt;
$params['todo'] = $todo;
//echo "$abt und $todo
\n";
$TPL->showPage($frame,$frags,$params);
?>