continue = FAIL => Session-Zwangslogout, Abbruchmeldung und Schlußverarbeitung + Prüfung auf gültigen Loginstatus, inkl. Timeout = OK => continue = FAIL => Authentifizierungsformular, Abbruchmeldung und Schlußverarbeitung + Prüfung auf Wartungsstatus = OK => continue = FAIL => Abbruchmeldung und Schlußverarbeitung + Login = OK => continue = FAIL => Authentifizierungsformular, Abbruchmeldung und Schlußverarbeitung + Verarbeitung der Submit-Aktionen (POST), Anzeige der einzelnen Orga-Formulare */ /* known bugs / todo - Script rennt in einen Loop-of-Death, wenn man auf einen Button klickt, während die Seite (z.B. wegen dem Fahrplan-Editor) noch nicht fertig aufgebaut war -> Session hängt sich auf. Dieses Problem taucht auf webtest.hamburg.ccc.de auf, ist aber lokal (auf Rainers Notebook) nicht reproduzierbar. -> php-Version oder "nur" Config-Problem? (deadlock-timeout?) */ // this script needs following additional server modules for PHP // - Database: (e.g. pgsql) // write HTTP header (anti-cache) header('Expires: Sun, 31 Dec 1989 23:59:59 GMT'); header('Last-Modified: ' . gmdate('D, d M Y H:i:s') . ' GMT'); header('Cache-Control: no-store, no-cache, must-revalidate'); header('Cache-Control: post-check=0, pre-check=0'); header('Pragma: no-cache'); // recall session session_cache_limiter('nocache'); session_cache_expire(1); session_start(); //deactivate automatic use of addslashes set_magic_quotes_runtime(0); // include library files // ja genau, die ist hier jetzt auch direkt aus dem htdocs abrufbar; // ist aber egal, denn da steht nix kritisches drin und die Seite ist auch rein passiv require( "clsdb.php" ); // define general server constants define( "SERVER_SITE_MAINTENANCE", false ); // maintenance state, set to TRUE to lock this page temporarily define( "SERVER_LOCALHOST_IP", "127.0.0.1" ); // localhost IP, which does not need authentication define( "SERVER_PROTOCOL_HTTPS", "HTTPS" ); // HTTPS protocol name // define server file constants define( "SERVER_FILE_TEMPLATE", "template.shtml" ); // template file define( "SERVER_FILE_WORKSHOPS", "workshops.shtml" ); // workshops file define( "SERVER_FILE_FAHRPLAN", "fahrplan.shtml" ); // fahrplan file define( "SERVER_FILE_HEADER", "ssi_site_header.html" ); // SSI file for site header define( "SERVER_FILE_INTRO", "ssi_site_intro.html" ); // SSI file for site intro define( "SERVER_FILE_EXTRO", "ssi_site_extro.html" ); // SSI file for site extro define( "SERVER_FILE_AUTOGEN", "ssi_site_autogen.html" ); // SSI file for site autogeneration warning define( "SERVER_FILE_ANMELDUNGSLISTE", "anmeldung-data/anmeldung.csv" ); // path and file for registered participants // define server file constants define( "ORGA_DAYS_BREAKFAST", 3 ); // path and file for registered participants // define display constants define( "DISPLAY_TEXT_NONE", " " ); define( "DISPLAY_VALUE_SEPARATOR", chr(9)); // define auth constants define( "AUTH_TIMEOUT_MINUTES", 20 ); // idle timeout for login session define( "AUTH_SERVER_PASS", "?!?!BunnY2007!?!" ); // login password, [todo:] should be outsourced to an external, secured data file // define constants for database data define( "DB_ID_NONE", 0 ); define( "DB_ID_NEW", -1 ); $dbsmain = new clsdb; // define constants for database access // define db type as supported type $dbsmain->setdbtype( clsdb::DB_TYPE_MYSQL ); $dbsmain->setdbhost( 'localhost' ); $dbsmain->setdbport( 3306 ); $dbsmain->setdbname( 'eh2007' ); $dbsmain->setdbuser( 'eh2007' ); $dbsmain->setdbpass( 'Osterhase2007' ); // init references to $_SESSION variables ($sxxx) $sbolauthloggedin = & $_SESSION['bolauthloginok']; $sintauthprevtime = & $_SESSION['intauthprevtime']; // init session variables if ( !isset($sbolauthloggedin) ) $sbolauthloggedin = false; if ( !isset($sintauthprevtime) ) $sintauthprevtime = time(); // init references to $_POST variables ($pxxx) $pstrauth = & $_POST['txtauth']; $pbollogin = & $_POST['cmdlogin']; $pbollogout = & $_POST['cmdlogout']; $pbolshowanmeldungen = & $_POST['cmdshowanmeldungen']; $pbolshowkassenliste = & $_POST['cmdshowkassenliste']; $pbolmakeworkshops = & $_POST['cmdmakeworkshops']; $pbolmakefahrplan = & $_POST['cmdmakefahrplan']; $pbolrunsql = & $_POST['cmdrunsql']; $pbolwsupdate = & $_POST['cmdwsupdate']; $pbolsdactivate = & $_POST['cmdsdactivate']; $pbolsdupdate = & $_POST['cmdsdupdate']; $plstschedule = & $_POST['cboschedule']; $pintwsid = & $_POST['txtwsid']; if ( !isset( $pintwsid ) ) { $pintwsid = & $_POST['cboworkshop']; } $pstrwsname = & $_POST['txtwsname']; $pstrwsspeakers = & $_POST['txtwsspeakers']; $pintwsduration = & $_POST['txtwsduration']; $pstrwscontent = & $_POST['txtwscontent']; $pstrwscomment = & $_POST['txtwscomment']; //$pstrsql = & $_POST['txtsql']; $pstrsql = stripslashes( & $_POST['txtsql'] ); // init post variables (only for mandatory variables, ignore variables submitted by special forms!) if ( !isset($pstrauth) ) $pstrauth = ''; if ( !isset($pintwsid) ) $pintwsid = constant("DB_ID_NONE"); if ( !isset($pstrwsname) ) $pstrwsname = ''; if ( !isset($pstrwsspeakers) ) $pstrwsspeakers = ''; if ( !isset($pintwsduration) ) $pintwsduration = 0; if ( !isset($pstrwscontent) ) $pstrwscontent = ''; if ( !isset($pstrwscomment) ) $pstrwscomment = ''; if ( !isset($pstrsql) ) $pstrsql = ''; if ( !isset($plstschedule) ) $plstschedule = array(); // init instance variables $intnow = time(); $strmsg = ''; // (status/error/etc.) message to user $bolauthabort = false; // auth check will be aborted: show authentication page $bolauthlogoutnow = false; // user will be logged out $strdbfields = array(); $strdbsql = ''; $strdbsql2 = ''; $strdbrow = ''; $strweekdayname = array (1 => 'Sonntag', 2 => 'Montag', 3 => 'Dienstag', 4 => 'Mittwoch', 5 => 'Donnerstag', 6 => 'Freitag', 7 => 'Samstag'); $strvalue = ''; $intindex = 0; $intcolrotate = 1; $strinput = ''; $stroutput = ''; $intfileid = 0; $intcount = 0; $strauth = ''; $bollogin = false; $bollogout = false; $bolshowanmeldungen = false; $bolshowkassenliste = false; $bolmakefahrplan = false; $bolmakeworkshops = false; $bolrunsql = false; $bolwsupdate = false; $bolsdactivate = false; $bolsdupdate = false; $strtablehead = ''; $intcolrot = 0; $intsdyear = 0; $intsdmonth = 0; $intsdday = 0; $intsdhour = 0; $strroname = ''; $boleof = false; $strworkshoplist = ''; $intwsid = constant("DB_ID_NONE"); $strwsname = ''; $strwsspeakers = ''; $intwsduration = 0; $strwscontent = ''; $strwscomment = ''; $strsql= ''; $strdbfields = ''; $lstschedule = array(); $strscheduleindex = ''; $intscheduleindex = constant("DB_ID_NONE"); $intschedulevalue = constant("DB_ID_NONE"); $bolok = false; // action feedback, triggers confirmation if true or warning if false // function library function addmsg ($straddmsg) { // adds $straddmsg to $strmsg global $strmsg; if ( $straddmsg != '' ) { $strmsg = $strmsg . '
  • ' . $straddmsg . '
  • '; } } function showmsg () { // shows messages in $strmsg if available global $strmsg, $bolok; if ( $strmsg != '' ) { echo'

    Feedback

    '; $strmsg = ''; $bolok = false; } } function selectws ( $intwsid ) { // selects workshop with $intwsid of $strworkshoplist global $strworkshoplist; return str_replace( '