doLogin(); } if($todo == "logout") { $TPL->doLogout(); } //FALLBACK, WENN DOCH SCHON EINGELOGT $abt = $todo = ''; } elseif($abt == "registrieren") { if($_SESSION['B2B_SESS']['KD_ID'] > 0) $TPL->setRedirect("Sie sind bereits registriert!",G_WEBROOT."meine_daten/"); $params['COUNTRIES'] = $countries; $params['ANREDEN'] = $anreden; if($todo == "enter") { include_once("userdata.php"); } if($todo == "start" || $todo == "") { $frags['CONTENT'] = "register_start.tpl"; $params['Buttontext'] = "Anmelden"; } } elseif($abt == "meine_daten") { $TPL->checkLogin(); $params['COUNTRIES'] = $countries; $params['ANREDEN'] = $anreden; if($todo == "enter") { include_once("userdata.php"); } if($todo == "start" || $todo == "") { $frags['CONTENT'] = "register_start.tpl"; $AAA->getKundenDaten(); $params['Buttontext'] = "Daten ändern"; } } elseif($abt == "passwort_vergessen") { if($todo == "changePWD") { include_once("AUTH/class.npcrypt.php"); /*** * User kommt zum ersten Mal hier an und uebergibt Temp PWD und Emailadresse * aus seiner Loginmail */ if($_REQUEST['usrmail'] != '' && $_REQUEST['temp_pwd'] != '') { $usrmail = sanitizeDB($_REQUEST['usrmail']); $temp_pwd = sanitizeDB($_REQUEST['temp_pwd']); $get = $conn->single("select KD_ID, KD_VORNAME, KD_NACHNAME from KUNDEN where KD_EMAIL='" . $usrmail . "' and KD_STATUS=3 and KD_TEMP_PWD='" . $temp_pwd . "'"); if((int)$get['KD_ID'] < 1) { $TPL->setRedirect("Unbekannte Emailadresse oder falsches Passwort",G_WEBROOT,3); exit; } $_SESSION['TEMPLOGIN'] = array('KD_ID'=>$get['KD_ID'], 'KD_VORNAME' => $get['KD_VORNAME'], 'KD_NACHNAME' => $get['KD_NACHNAME'], 'KD_EMAIL'=>$usrmail, 'TEMP_PWD' => $temp_pwd); } /** * User war schonmal hier, entweder er will nochmal oder er vergibt sich gerade ein neues Passwort */ if(is_array($_SESSION['TEMPLOGIN'])) { /** Neues Passwort setzen! */ if($_REQUEST['USR_PASS'] != "") { $pass1 = sanitizeDB(utf8_decode($_REQUEST['USR_PASS'])); $pass2 = sanitizeDB(utf8_decode($_REQUEST['USR_PASS2'])); if(strlen($pass1) < 8) $msg .= "Das Passwort muss mindestens 8 Zeichen lang sein!
"; if(!preg_match("/[a-z]/i",$pass1) || !preg_match("/\d/",$pass1) ) $msg .= "Das Passwort muss aus Buchstaben und Zahlen bestehen!
"; if($pass1 != $pass2) $msg .= "Die Passwörter stimmen nicht überein"; if($msg == '') { $new_pwd = NPCrypt::owEncode($pass1); $set = $conn->update("update KUNDEN set KD_PASSWD='" . $new_pwd . "', KD_TEMP_PWD='' where KD_ID=" . $_SESSION['TEMPLOGIN']['KD_ID']); #Update der Userhistory, ohne das PW anzuzeigen $TPL->doLogin($_SESSION['TEMPLOGIN']['KD_EMAIL'], $pass1); exit; } } $params['ERRMSG'] = $msg; $params['USR_ID'] = $_SESSION['TEMPLOGIN']['USR_FIRSTNAME']; $params['USR_FIRSTNAME'] = $_SESSION['TEMPLOGIN']['USR_FIRSTNAME']; $params['USR_LASTNAME'] = $_SESSION['TEMPLOGIN']['USR_LASTNAME']; $params['NEWPASSWORD'] = 1; $params['MSG'] = "OK"; $frags['CONTENT'] = "lostpassword.tpl"; $TPL->showPage($frame, $frags,$params); exit; } else { $TPL->setRedirect("Kein Zugang",G_WEBROOT,2); } } else { if(!$_REQUEST['email']) { $frags['CONTENT'] = "lostpassword.tpl"; } else { include_once("AUTH/class.npcrypt.php"); $usrmail = sanitizeDB($_REQUEST['email']); $get = $conn->single("select KD_ID, KD_VORNAME, KD_NACHNAME from KUNDEN where KD_EMAIL='" . $usrmail . "' and KD_STATUS=3"); if((int)$get['KD_ID'] < 1) { $TPL->setRedirect("Unbekannte Emailadresse",G_WEBROOT,3); } $params['KD_VORNAME'] = $get['KD_VORNAME']; $params['KD_NACHNAME'] = $get['KD_NACHNAME']; $temppwd = NPCrypt::owEncode($usrmail.time()); $set = $conn->update("update KUNDEN set KD_TEMP_PWD='" . $temppwd . "' where KD_ID=".(int)$get['KD_ID']); $params['usrmail'] = $usrmail; $params['passwd'] = $temppwd; $TPL->assign($params); $mail = $TPL->fetch("lostpassword_mail.tpl"); @mail($usrmail,"Ihr Login fuer sparbon.de",$mail,"From:".G_SUPPORTMAIL); $TPL->setRedirect("Sie erhalten in Kürze eine Email mit Ihrem Login!",G_WEBROOT,3); exit; } } } //if($_REQUEST['todo'] == "newpassword") { // } //elseif($abt == "passwort_vergessen") { // $frags['CONTENT'] = "lostpassword.tpl"; // if($todo == 'setConfirm') { // $params['email'] = sanitizeDB($_REQUEST['email']); // $ENT = new Smarty_B2Bon; // $ret = $ENT->newPasswordConfirm($params['email']); // if($ret != 'OK') { // $params['ERRMSG'] = $ret; // } // else $params['CMSG'] = $ret; // } // elseif($_REQUEST['email'] != '' && $_REQUEST['ReqId'] != '') { // $params['email'] = sanitizeDB($_REQUEST['email']); // $params['ReqId'] = sanitizeDB($_REQUEST['ReqId']); // $ENT = new Smarty_B2Bon; // $ret = $ENT->sendNewPassword($params['email'], $params['ReqId']); // if($ret != 'OK') { // $params['ERRMSG'] = $ret; // } // else $params['MSG'] = $ret; // } // } elseif($abt == "filialen") { $TPL->checkLogin(); $params['COUNTRIES'] = $countries; include_once("filialen.php"); } elseif($abt == "bons") { $TPL->checkLogin(); $params['COUNTRIES'] = $countries; include_once("bons.php"); } elseif($abt == "buchung") { $TPL->checkLogin(); $params['active'] = "buchung"; $ll = range(1, 24); foreach($ll as $la) $params['LAUFZEITEN'][$la] = $la; if($todo == "enter" || $todo == "list" || $todo == "delete") { include_once("buchung.php"); } elseif($todo = "start" or $todo == "") { $frags['CONTENT'] = "buchung_new.tpl"; } } elseif($abt == "statistik") { $params['active'] = "stats"; include_once("stats.php"); $TPL->checkLogin(); } if($abt == '' and $todo == '') { $params['active'] = "start"; $frags['CONTENT'] = "start.tpl"; } elseif($abt=='so_gehts') { $params['active'] = "so_gehts"; $frags['CONTENT'] = "so_gehts.tpl"; } elseif($abt=='impressum') { $frags['CONTENT'] = "impressum.tpl"; } elseif($abt=='agb') { $frags['CONTENT'] = "agb.tpl"; } elseif($abt=='datenschutz') { $frags['CONTENT'] = "datenschutz.tpl"; } #echo "
";
#print $_REQUEST['abt']."\n";
#echo $_SERVER['REDIRECT_URL']."
#".$_SERVER['REDIRECT_QUERY_STRING']."
#".$_SERVER['SCRIPT_FILENAME'];
#echo "
"; $params['abt'] = $abt; $params['todo'] = $todo; //echo "

$abt und $todo

\n"; $TPL->showPage($frame,$frags,$params); ?>