Rev 9 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 9 | Rev 11 | ||
|---|---|---|---|
| Line 191... | Line 191... | ||
| 191 | 191 | ||
| 192 | if (isset($_POST['login_process']) && ($_POST['login_process'] == '1')) |
192 | if (isset($_POST['login_process']) && ($_POST['login_process'] == '1')) |
| 193 | { |
193 | { |
| 194 | if ($ib_user_type == 2) |
194 | if ($ib_user_type == 2) |
| 195 | { |
195 | { |
| 196 | if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) |
196 | if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
| 197 | { |
197 | { |
| 198 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
198 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
| 199 | } |
199 | } |
| 200 | else |
200 | else |
| 201 | { |
201 | { |
| Line 228... | Line 228... | ||
| 228 | 228 | ||
| 229 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
229 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
| 230 | } |
230 | } |
| 231 | } |
231 | } |
| 232 | 232 | ||
| 233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); // TODO: use sha3 hash, salted and peppered |
| 234 | if (db_num($res) > 0) |
234 | if (db_num($res) > 0) |
| 235 | { |
235 | { |
| 236 | $row = db_fetch($res); |
236 | $row = db_fetch($res); |
| 237 | foreach ($row as $key => $value) |
237 | foreach ($row as $key => $value) |
| 238 | $benutzer[$key] = $value; |
238 | $benutzer[$key] = $value; |
| Line 271... | Line 271... | ||
| 271 | 271 | ||
| 272 | if ($ib_user_type == '0') |
272 | if ($ib_user_type == '0') |
| 273 | { |
273 | { |
| 274 | if ($konfiguration['main_gastzugang']['enable_gast']) |
274 | if ($konfiguration['main_gastzugang']['enable_gast']) |
| 275 | { |
275 | { |
| 276 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
276 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
| 277 | if (db_num($res) > 0) |
277 | if (db_num($res) > 0) |
| 278 | { |
278 | { |
| 279 | $row = db_fetch($res); |
279 | $row = db_fetch($res); |
| 280 | foreach ($row as $key => $value) |
280 | foreach ($row as $key => $value) |
| 281 | $benutzer[$key] = $value; |
281 | $benutzer[$key] = $value; |
| Line 328... | Line 328... | ||
| 328 | { |
328 | { |
| 329 | if ($_SESSION['ib_user_type'] == '0') |
329 | if ($_SESSION['ib_user_type'] == '0') |
| 330 | { |
330 | { |
| 331 | if ($konfiguration['main_gastzugang']['enable_gast']) |
331 | if ($konfiguration['main_gastzugang']['enable_gast']) |
| 332 | { |
332 | { |
| 333 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
333 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
| 334 | if (db_num($res) > 0) |
334 | if (db_num($res) > 0) |
| 335 | { |
335 | { |
| 336 | $row = db_fetch($res); |
336 | $row = db_fetch($res); |
| 337 | foreach ($row as $key => $value) |
337 | foreach ($row as $key => $value) |
| 338 | $benutzer[$key] = $value; |
338 | $benutzer[$key] = $value; |
| Line 367... | Line 367... | ||
| 367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
| 368 | } |
368 | } |
| 369 | } |
369 | } |
| 370 | else if ($_SESSION['ib_user_type'] == '1') |
370 | else if ($_SESSION['ib_user_type'] == '1') |
| 371 | { |
371 | { |
| 372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
| 373 | if (db_num($res) > 0) |
373 | if (db_num($res) > 0) |
| 374 | { |
374 | { |
| 375 | $row = db_fetch($res); |
375 | $row = db_fetch($res); |
| 376 | foreach ($row as $key => $value) |
376 | foreach ($row as $key => $value) |
| 377 | $benutzer[$key] = $value; |
377 | $benutzer[$key] = $value; |
| Line 398... | Line 398... | ||
| 398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
| 399 | } |
399 | } |
| 400 | } |
400 | } |
| 401 | else if ($_SESSION['ib_user_type'] == '2') |
401 | else if ($_SESSION['ib_user_type'] == '2') |
| 402 | { |
402 | { |
| 403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
| 404 | { |
404 | { |
| 405 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
405 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
| 406 | } |
406 | } |
| 407 | else |
407 | else |
| 408 | { |
408 | { |