, * Andreas Oesterreicher and * Rudolf Hangl < rudolf.hangl@technikum-wien.at > * Gerald Simane-Sequens < gerald.simane-sequens@technikum-wien.at > * */ require_once('../config/cis.config.inc.php'); require_once('../config/global.config.inc.php'); require_once('../include/functions.inc.php'); require_once('../include/sprache.class.php'); require_once('../include/phrasen.class.php'); require_once('../include/mail.class.php'); require_once('../include/student.class.php'); $redirectPasswordChange=false; if(defined('CIS_CHECK_PASSWORD_CHANGE') && CIS_CHECK_PASSWORD_CHANGE==true) { require_once('../addons/ldap/vilesci/ldap.class.php'); $user = get_uid(); $password = $_SERVER['PHP_AUTH_PW']; $ldap = new ldap(); $ldap->connect(); $userdn = $ldap->GetUserDN($user); $ldap = new ldap(); if($ldap->connect(LDAP_SERVER, LDAP_PORT, $userdn, $password)) { $lastchange = $ldap->getEntry($user,'shadowLastChange'); if(isset($lastchange[0]) && isset($lastchange[0]['shadowlastchange']) && isset($lastchange[0]['shadowlastchange'][0])) { $shadowlastchange = $lastchange[0]['shadowlastchange'][0]; } else $shadowlastchange = 0; // get unix timestamp 1 year ago $dt = new DateTime(); $dt1year = $dt->sub(new DateInterval('P12M')); $ux1year = $dt1year->format('U'); if($shadowlastchange <= $ux1year) $redirectPasswordChange = true; else $redirectPasswordChange = false; } else die('Bind Failed'.$ldap->errormsg); } /** * Prueft die URL damit keine boesen URLS uebergeben werden koennen * @param $param */ function validURLCheck($param) { if (strstr($param,':') || strstr($param,'//')) { // Der APP_ROOT muss in der URL vorkommen, sonfern es kein relativer Pfad ist // HTTPS und HTTP if(mb_strpos($param, APP_ROOT)!==0 && mb_strpos(mb_str_replace("http://","https://", $param), APP_ROOT)!==0 && mb_strpos(mb_str_replace("https://","http://", $param), APP_ROOT)!==0 && $param != 'about:blank') { $text="Dies ist eine automatische Mail.\nEs wurde eine mögliche XSS Attacke durchgefuehrt:\n"; $text.="\nFolgende URL wurde versucht aufzurufen: \n".$_SERVER['SERVER_NAME'].$_SERVER['REQUEST_URI']; $text.="\n\nIP des Aufrufers: ".$_SERVER['REMOTE_ADDR']; $text.="\n\nUserAgent: ".$_SERVER['HTTP_USER_AGENT']; $text.="\n\nAuffälliger Value: $param"; $mail = new mail(MAIL_ADMIN, 'no-reply@'.DOMAIN, 'Versuchte XSS Attacke', $text); $mail->send(); die('Invalid URL detected'); } } } ob_start(); if(isset($_GET['sprache'])) { $sprache = new sprache(); if($sprache->load($_GET['sprache'])) { setSprache($_GET['sprache']); } else setSprache(DEFAULT_LANGUAGE); } if(isset($_GET['content_id'])) { $id = $_GET['content_id']; if(!is_numeric($id)) $id=''; } else $id = ''; if(isset($_GET['menu'])) { $menu = $_GET['menu']; validURLCheck($menu); } else $menu = 'menu.php?content_id='.$id; $user = get_uid(); $student = new student(); if($student->load($user)) { $studiengang_kz=$student->studiengang_kz; $semester=$student->semester; $verband=$student->verband; } else { $studiengang_kz=''; $semester=''; $verband=''; } if(isset($_GET['content'])) { $content = $_GET['content']; validURLCheck($content); } else { if($studiengang_kz=='' && $semester=='' && $verband=='' ) $content = '../cms/news.php'; else if ($semester=='0' && $verband=='I') $content = '../cms/news.php?studiengang_kz=10006&semester=0'; else $content = '../cms/news.php?studiengang_kz='.$studiengang_kz.'&semester='.$semester.''; } if($redirectPasswordChange) $content = '../cis/private/profile/change_password.php?requiredtochange=true'; $sprache = getSprache(); $p = new phrasen($sprache); $db = new basis_db(); ?>

t('lvplan/lvPlan'); ?>  | getAll(true); foreach($sprache->result as $row) { echo '   '.$row->sprache.''; }?>