WebSVN – personal-webbase – Blame – /trunk/modules/main_login/autostart_2.inc.php

Rev	Author	Line No.	Line
3	daniel-mar	1	<?php
		2
		3	if (!defined('IBLEGAL')) die('Kann nicht ohne Personal WebBase ausgeführt werden.');
		4
		5	/* if (!@is_writable('includes/session/'))
		6	{
		7	die($header.'<h1>Fehler</h1>Das Verzeichnis includes/session/ muss schreibbar sein (CHMOD 777)!'.$footer);
		8	} */
		9
		10	//@ini_set('session.auto_start', 0);
		11	@ini_set('session.cache_expire', 180);
		12	@ini_set('session.use_trans_sid', 0);
		13	@ini_set('session.use_cookies', 1);
		14	@ini_set('session.use_only_cookies', 1);
		15	if ($force_ssl) @ini_set('session.cookie_secure', 1);
		16	@ini_set('session.cookie_lifetime', 0);
		17	@ini_set('session.gc_maxlifetime', 1440);
		18	@ini_set('session.bug_compat_42', 0);
		19	@ini_set('session.bug_compat_warn', 1);
		20	if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN')
		21	{
		22	@ini_set('session.hash_function', 1);
		23	@ini_set('session.hash_bits_per_character', 6);
		24	}
		25	//@ini_set('session.save_handler', 'user'); // Auskommentiert. Geht mit aktuellen PHP Versionen nicht mehr, denn man muss session_set_save_handler() aufrufen (siehe https://bugs.php.net/bug.php?id=77384 )
		26	// @ini_set('session.save_path', 'includes/session/');
		27	//@ini_set('arg_separator.output', '&');
		28	//@ini_set('url_rewriter.tags', 'a=href,area=href,frame=src,input=src,fieldset=');
		29
		30	$ib_session_name = 'ironbase';
		31
		32	@session_unset();
		33	@session_destroy();
		34
		35	ib_newdatabasetable('sessions', $m2, 'SessionID', "varchar(255) NOT NULL",
		36	'LastUpdated', "datetime NOT NULL",
		37	'DataValue', "text");
		38
		39	if (function_exists('set_searchable')) set_searchable($m2, 'sessions', 0);
		40
		41	my_add_key($mysql_zugangsdaten['praefix'].'sessions', 'SessionID', false, 'SessionID');
		42
		43	if (!function_exists('sessao_open'))
		44	{
		45	function sessao_open($aSavaPath, $aSessionName)
		46	{
		47	sessao_gc( ini_get('session.gc_maxlifetime') );
		48	return True;
		49	}
		50	}
		51
		52	if (!function_exists('sessao_close'))
		53	{
		54	function sessao_close()
		55	{
		56	return True;
		57	}
		58	}
		59
		60	if (!function_exists('sessao_read'))
		61	{
		62	function sessao_read( $aKey )
		63	{
		64	global $mysql_zugangsdaten;
		65
		66	$busca = db_query("SELECT `DataValue` FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".db_simple_escape($aKey)."'");
		67	if (db_num($busca) == 0)
		68	{
		69	db_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."sessions` (`SessionID`, `LastUpdated`, `DataValue`) VALUES ('".db_simple_escape($aKey)."', NOW(), '')");
		70	return '';
		71	}
		72	else
		73	{
		74	$r = db_fetch($busca);
		75	return md5_decrypt($r['DataValue'], $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort']);
		76	}
		77	}
		78	}
		79
		80	if (!function_exists('sessao_write'))
		81	{
		82	function sessao_write( $aKey, $aVal )
		83	{
		84	global $mysql_zugangsdaten;
		85
		86	db_query("UPDATE `".$mysql_zugangsdaten['praefix']."sessions` SET `DataValue` = '".md5_encrypt($aVal, $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort'])."', `LastUpdated` = NOW() WHERE `SessionID` = '".db_simple_escape($aKey)."'");
		87	return True;
		88	}
		89	}
		90
		91	if (!function_exists('sessao_destroy'))
		92	{
		93	function sessao_destroy( $aKey )
		94	{
		95	global $mysql_zugangsdaten;
		96
		97	db_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".db_simple_escape($aKey)."'");
		98	if (db_affected_rows() > 0)
		99	db_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`");
		100	return True;
		101	}
		102	}
		103
		104	if (!function_exists('sessao_gc'))
		105	{
		106	function sessao_gc( $aMaxLifeTime )
		107	{
		108	global $mysql_zugangsdaten;
		109
		110	db_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`LastUpdated`) > ".db_simple_escape($aMaxLifeTime));
		111	if (db_affected_rows() > 0)
		112	db_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`");
		113	return True;
		114	}
		115	}
		116
		117	@session_set_save_handler("sessao_open", "sessao_close", "sessao_read", "sessao_write", "sessao_destroy", "sessao_gc");
		118
		119	@session_name($ib_session_name);
		120	@session_start();
		121
		122	if (version_compare(PHP_VERSION, '5.1.2', 'lt') && isset($_COOKIE[$ib_session_name]) && eregi("\r\|\n", $_COOKIE[$ib_session_name]))
		123	{
		124	die('Angriff');
		125	}
		126
		127	/* if (!preg_match("/^[0-9a-z]*$/i", session_id()))
		128	{
		129	die($header.'Fehler! Die Session-ID ist ungültig.'.$footer);
		130	} */
		131
		132	/*
		133
		134	Ich gebe es auf! Ich sitze seit 5 Tagen ununterbrochen daran,
		135	session_regenerate_id auf allen 4 Testsystemen zum Laufen zu
		136	bekommen, doch andauernd gehen die Session-Informationen verloren!
		137	Ich denke, dass die untenstehende L�sung genug ausreicht.
		138
		139	$ary = explode('/', $_SERVER['PHP_SELF']);
		140	if ($ary[count($ary)-1] == 'modulseite.php')
		141	{
		142	// @session_regenerate_id(true);
		143
		144	@session_start();
		145	$old_sessid = @session_id();
		146	@session_regenerate_id();
		147	$new_sessid = @session_id();
		148	@session_id($old_sessid);
		149	@session_destroy();
		150
		151	$old_session = $_SESSION;
		152	@session_id($new_sessid);
		153	@session_start();
		154	$_SESSION = $old_session;
		155	}
		156
		157	*/
		158
		159	$usedns = TRUE;
		160
		161	$useragent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : '';
		162	$host = fetchip();
		163
		164	if ($usedns) // <- war im Originalen $global['dns']... was soll das sein?!
		165	$dns = @gethostbyaddr($host);
		166	else
		167	$dns = $host;
		168
		169	if ((isset($_SESSION['session_secured'])) && ($_SESSION['session_secured']))
		170	{
		171	if (
		172	(($_SESSION['host'] != $host) && !$usedns)
		173	\|\| ($_SESSION['dns'] != $dns)
		174	\|\| ($_SESSION['useragent'] != $useragent)
		175	) {
		176	session_regenerate_id();
		177	session_unset();
		178	}
		179	} else {
		180	$_SESSION['host'] = $host;
		181	$_SESSION['dns'] = $dns;
		182	$_SESSION['useragent'] = $useragent;
		183	$_SESSION['session_secured'] = 1;
		184	}
		185
		186	// -----------------------------------------------------------------------------------------------------
		187
		188	$gesperrt = $header.'<h1>Fehler</h1>Sie wurden als Benutzer von Personal WebBase gesperrt. Bitte wenden Sie sich an den Serveradministrator.<br><br><a href="index.php">Zurück zum Webinterface</a>'.$footer;
		189
		190	if (!isset($ib_user_type)) $ib_user_type = -1;
		191
		192	if (isset($_POST['login_process']) && ($_POST['login_process'] == '1'))
		193	{
		194	if ($ib_user_type == 2)
		195	{
		196	if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd'])
		197	{
		198	if (!headers_sent()) header('location: index.php?prv_modul=main_administration');
		199	}
		200	else
		201	{
		202	$_SESSION['last_login'] = $konfiguration['main_administration']['last_login'];
		203	$_SESSION['last_login_ip'] = $konfiguration['main_administration']['last_login_ip'];
		204
		205	$res = db_query("SELECT NOW()");
		206	$row = db_fetch($res);
		207
		208	ib_change_config('last_login', $row[0], 'main_administration');
		209	ib_change_config('last_login_ip', $_SERVER['REMOTE_ADDR'], 'main_administration');
		210
		211	$_SESSION['ib_user_type'] = $ib_user_type;
		212	$_SESSION['ib_user_passwort'] = $ib_user_passwort;
		213	}
		214	}
		215
		216	if ($ib_user_type == '1')
		217	{
		218	if (($ib_user_username == $konfiguration['main_gastzugang']['gast_username']) && ($ib_user_passwort == $konfiguration['main_gastzugang']['gast_passwort']))
		219	{
		220	if ($konfiguration['main_gastzugang']['enable_gast'])
		221	{
		222	$ib_user_type = '0';
		223	}
		224	else
		225	{
		226	@session_unset();
		227	@session_destroy();
		228
8	daniel-mar	229	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
3	daniel-mar	230	}
		231	}
		232
		233	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'");
		234	if (db_num($res) > 0)
		235	{
		236	$row = db_fetch($res);
		237	foreach ($row as $key => $value)
		238	$benutzer[$key] = $value;
		239
		240	if ($benutzer['gesperrt'] == '1')
		241	{
		242	@session_unset();
		243	@session_destroy();
		244
		245	die($gesperrt);
		246	}
		247	else
		248	{
		249	$rs = db_query("SELECT NOW()");
		250	$rw = db_fetch($rs);
		251
		252	$_SESSION['last_login'] = $benutzer['last_login'];
		253	$_SESSION['last_login_ip'] = $benutzer['last_login_ip'];
		254	db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($ib_user_username)."'");
		255	$benutzer['last_login'] = $rw[0];
		256	$benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR'];
		257
		258	$_SESSION['ib_user_type'] = $ib_user_type;
		259	$_SESSION['ib_user_username'] = $ib_user_username;
		260	$_SESSION['ib_user_passwort'] = $ib_user_passwort;
		261	}
		262	}
		263	else
		264	{
		265	@session_unset();
		266	@session_destroy();
		267
8	daniel-mar	268	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
3	daniel-mar	269	}
		270	}
		271
		272	if ($ib_user_type == '0')
		273	{
		274	if ($konfiguration['main_gastzugang']['enable_gast'])
		275	{
		276	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'");
		277	if (db_num($res) > 0)
		278	{
		279	$row = db_fetch($res);
		280	foreach ($row as $key => $value)
		281	$benutzer[$key] = $value;
		282
		283	if ($benutzer['gesperrt'] == '1')
		284	{
		285	@session_unset();
		286	@session_destroy();
		287
		288	die($gesperrt);
		289	}
		290	else
		291	{
		292	$rs = db_query("SELECT NOW()");
		293	$rw = db_fetch($rs);
		294
		295	$_SESSION['last_login'] = $benutzer['last_login'];
		296	$_SESSION['last_login_ip'] = $benutzer['last_login_ip'];
		297	db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."'");
		298	$benutzer['last_login'] = $rw[0];
		299	$benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR'];
		300
		301	$_SESSION['ib_user_type'] = $ib_user_type;
		302	}
		303	}
		304	else
		305	{
		306	@session_unset();
		307	@session_destroy();
		308
		309	if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang');
		310	}
		311	}
		312	else
		313	{
		314	@session_unset();
		315	@session_destroy();
		316
		317	if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang');
		318	}
		319	}
		320	}
		321	else
		322	{
		323	if ((!isset($_SESSION['ib_user_type'])) \|\| (($_SESSION['ib_user_type'] != '0') && ($_SESSION['ib_user_type'] != '1') && ($_SESSION['ib_user_type'] != '2')))
		324	{
		325	$ib_user_type = -1;
		326	}
		327	else
		328	{
		329	if ($_SESSION['ib_user_type'] == '0')
		330	{
		331	if ($konfiguration['main_gastzugang']['enable_gast'])
		332	{
		333	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'");
		334	if (db_num($res) > 0)
		335	{
		336	$row = db_fetch($res);
		337	foreach ($row as $key => $value)
		338	$benutzer[$key] = $value;
		339
		340	if ($benutzer['gesperrt'] == '1')
		341	{
		342	@session_unset();
		343	@session_destroy();
		344
		345	die($gesperrt);
		346	}
		347	else
		348	{
		349	$ib_user_type = $_SESSION['ib_user_type'];
		350	$ib_user_username = $konfiguration['main_gastzugang']['gast_username'];
		351	$ib_user_passwort = $konfiguration['main_gastzugang']['gast_passwort'];
		352	}
		353	}
		354	else
		355	{
		356	@session_unset();
		357	@session_destroy();
		358
		359	if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang');
		360	}
		361	}
		362	else
		363	{
		364	@session_unset();
		365	@session_destroy();
		366
8	daniel-mar	367	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
3	daniel-mar	368	}
		369	}
		370	else if ($_SESSION['ib_user_type'] == '1')
		371	{
		372	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'");
		373	if (db_num($res) > 0)
		374	{
		375	$row = db_fetch($res);
		376	foreach ($row as $key => $value)
		377	$benutzer[$key] = $value;
		378
		379	if ($benutzer['gesperrt'] == '1')
		380	{
		381	@session_unset();
		382	@session_destroy();
		383
		384	die($gesperrt);
		385	}
		386	else
		387	{
		388	$ib_user_type = $_SESSION['ib_user_type'];
		389	$ib_user_username = $_SESSION['ib_user_username'];
		390	$ib_user_passwort = $_SESSION['ib_user_passwort'];
		391	}
		392	}
		393	else
		394	{
		395	@session_unset();
		396	@session_destroy();
		397
8	daniel-mar	398	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
3	daniel-mar	399	}
		400	}
		401	else if ($_SESSION['ib_user_type'] == '2')
		402	{
		403	if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd'])
		404	{
		405	if (!headers_sent()) header('location: index.php?prv_modul=main_administration');
		406	}
		407	else
		408	{
		409	$ib_user_type = $_SESSION['ib_user_type'];
		410	$ib_user_passwort = $_SESSION['ib_user_passwort'];
		411	}
		412	}
		413	}
		414	}
		415
		416	?>

Subversion Repositories personal-webbase

personal-webbase/trunk/modules/main_login/autostart_2.inc.php – Rev 8