Rev 9 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 9 | Rev 11 | ||
---|---|---|---|
Line 191... | Line 191... | ||
191 | 191 | ||
192 | if (isset($_POST['login_process']) && ($_POST['login_process'] == '1')) |
192 | if (isset($_POST['login_process']) && ($_POST['login_process'] == '1')) |
193 | { |
193 | { |
194 | if ($ib_user_type == 2) |
194 | if ($ib_user_type == 2) |
195 | { |
195 | { |
196 | if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) |
196 | if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
197 | { |
197 | { |
198 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
198 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
199 | } |
199 | } |
200 | else |
200 | else |
201 | { |
201 | { |
Line 228... | Line 228... | ||
228 | 228 | ||
229 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
229 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
230 | } |
230 | } |
231 | } |
231 | } |
232 | 232 | ||
233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); // TODO: use sha3 hash, salted and peppered |
234 | if (db_num($res) > 0) |
234 | if (db_num($res) > 0) |
235 | { |
235 | { |
236 | $row = db_fetch($res); |
236 | $row = db_fetch($res); |
237 | foreach ($row as $key => $value) |
237 | foreach ($row as $key => $value) |
238 | $benutzer[$key] = $value; |
238 | $benutzer[$key] = $value; |
Line 271... | Line 271... | ||
271 | 271 | ||
272 | if ($ib_user_type == '0') |
272 | if ($ib_user_type == '0') |
273 | { |
273 | { |
274 | if ($konfiguration['main_gastzugang']['enable_gast']) |
274 | if ($konfiguration['main_gastzugang']['enable_gast']) |
275 | { |
275 | { |
276 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
276 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
277 | if (db_num($res) > 0) |
277 | if (db_num($res) > 0) |
278 | { |
278 | { |
279 | $row = db_fetch($res); |
279 | $row = db_fetch($res); |
280 | foreach ($row as $key => $value) |
280 | foreach ($row as $key => $value) |
281 | $benutzer[$key] = $value; |
281 | $benutzer[$key] = $value; |
Line 328... | Line 328... | ||
328 | { |
328 | { |
329 | if ($_SESSION['ib_user_type'] == '0') |
329 | if ($_SESSION['ib_user_type'] == '0') |
330 | { |
330 | { |
331 | if ($konfiguration['main_gastzugang']['enable_gast']) |
331 | if ($konfiguration['main_gastzugang']['enable_gast']) |
332 | { |
332 | { |
333 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
333 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
334 | if (db_num($res) > 0) |
334 | if (db_num($res) > 0) |
335 | { |
335 | { |
336 | $row = db_fetch($res); |
336 | $row = db_fetch($res); |
337 | foreach ($row as $key => $value) |
337 | foreach ($row as $key => $value) |
338 | $benutzer[$key] = $value; |
338 | $benutzer[$key] = $value; |
Line 367... | Line 367... | ||
367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
368 | } |
368 | } |
369 | } |
369 | } |
370 | else if ($_SESSION['ib_user_type'] == '1') |
370 | else if ($_SESSION['ib_user_type'] == '1') |
371 | { |
371 | { |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
373 | if (db_num($res) > 0) |
373 | if (db_num($res) > 0) |
374 | { |
374 | { |
375 | $row = db_fetch($res); |
375 | $row = db_fetch($res); |
376 | foreach ($row as $key => $value) |
376 | foreach ($row as $key => $value) |
377 | $benutzer[$key] = $value; |
377 | $benutzer[$key] = $value; |
Line 398... | Line 398... | ||
398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
399 | } |
399 | } |
400 | } |
400 | } |
401 | else if ($_SESSION['ib_user_type'] == '2') |
401 | else if ($_SESSION['ib_user_type'] == '2') |
402 | { |
402 | { |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
404 | { |
404 | { |
405 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
405 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
406 | } |
406 | } |
407 | else |
407 | else |
408 | { |
408 | { |