Rev 11 | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 11 | Rev 14 | ||
---|---|---|---|
Line 1... | Line 1... | ||
1 | <?php |
1 | <?php |
2 | 2 | ||
3 | if (!defined('IBLEGAL')) die('Kann nicht ohne Personal WebBase ausgeführt werden.'); |
3 | if (!defined('WBLEGAL')) die('Kann nicht ohne Personal WebBase ausgeführt werden.'); |
4 | 4 | ||
5 | /* if (!@is_writable('includes/session/')) |
5 | /* if (!@is_writable('includes/session/')) |
6 | { |
6 | { |
7 | die($header.'<h1>Fehler</h1>Das Verzeichnis includes/session/ muss schreibbar sein (CHMOD 777)!'.$footer); |
7 | die($header.'<h1>Fehler</h1>Das Verzeichnis includes/session/ muss schreibbar sein (CHMOD 777)!'.$footer); |
8 | } */ |
8 | } */ |
Line 185... | Line 185... | ||
185 | 185 | ||
186 | // ----------------------------------------------------------------------------------------------------- |
186 | // ----------------------------------------------------------------------------------------------------- |
187 | 187 | ||
188 | $gesperrt = $header.'<h1>Fehler</h1>Sie wurden als Benutzer von Personal WebBase gesperrt. Bitte wenden Sie sich an den Serveradministrator.<br><br><a href="index.php">Zurück zum Webinterface</a>'.$footer; |
188 | $gesperrt = $header.'<h1>Fehler</h1>Sie wurden als Benutzer von Personal WebBase gesperrt. Bitte wenden Sie sich an den Serveradministrator.<br><br><a href="index.php">Zurück zum Webinterface</a>'.$footer; |
189 | 189 | ||
190 | if (!isset($ib_user_type)) $ib_user_type = -1; |
190 | if (!isset($wb_user_type)) $wb_user_type = -1; |
191 | 191 | ||
192 | if (isset($_POST['login_process']) && ($_POST['login_process'] == '1')) |
192 | if (isset($_POST['login_process']) && ($_POST['login_process'] == '1')) |
193 | { |
193 | { |
194 | if ($ib_user_type == 2) |
194 | if ($wb_user_type == 2) |
195 | { |
195 | { |
196 | if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
196 | if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
197 | { |
197 | { |
198 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
198 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
199 | } |
199 | } |
Line 206... | Line 206... | ||
206 | $row = db_fetch($res); |
206 | $row = db_fetch($res); |
207 | 207 | ||
208 | ib_change_config('last_login', $row[0], 'main_administration'); |
208 | ib_change_config('last_login', $row[0], 'main_administration'); |
209 | ib_change_config('last_login_ip', $_SERVER['REMOTE_ADDR'], 'main_administration'); |
209 | ib_change_config('last_login_ip', $_SERVER['REMOTE_ADDR'], 'main_administration'); |
210 | 210 | ||
211 | $_SESSION['ib_user_type'] = $ib_user_type; |
211 | $_SESSION['wb_user_type'] = $wb_user_type; |
212 | $_SESSION['ib_user_passwort'] = $ib_user_passwort; |
212 | $_SESSION['ib_user_passwort'] = $ib_user_passwort; |
213 | } |
213 | } |
214 | } |
214 | } |
215 | 215 | ||
216 | if ($ib_user_type == '1') |
216 | if ($wb_user_type == '1') |
217 | { |
217 | { |
218 | if (($ib_user_username == $konfiguration['main_gastzugang']['gast_username']) && ($ib_user_passwort == $konfiguration['main_gastzugang']['gast_passwort'])) |
218 | if (($ib_user_username == $konfiguration['main_gastzugang']['gast_username']) && ($ib_user_passwort == $konfiguration['main_gastzugang']['gast_passwort'])) |
219 | { |
219 | { |
220 | if ($konfiguration['main_gastzugang']['enable_gast']) |
220 | if ($konfiguration['main_gastzugang']['enable_gast']) |
221 | { |
221 | { |
222 | $ib_user_type = '0'; |
222 | $wb_user_type = '0'; |
223 | } |
223 | } |
224 | else |
224 | else |
225 | { |
225 | { |
226 | @session_unset(); |
226 | @session_unset(); |
227 | @session_destroy(); |
227 | @session_destroy(); |
Line 253... | Line 253... | ||
253 | $_SESSION['last_login_ip'] = $benutzer['last_login_ip']; |
253 | $_SESSION['last_login_ip'] = $benutzer['last_login_ip']; |
254 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($ib_user_username)."'"); |
254 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($ib_user_username)."'"); |
255 | $benutzer['last_login'] = $rw[0]; |
255 | $benutzer['last_login'] = $rw[0]; |
256 | $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR']; |
256 | $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR']; |
257 | 257 | ||
258 | $_SESSION['ib_user_type'] = $ib_user_type; |
258 | $_SESSION['wb_user_type'] = $wb_user_type; |
259 | $_SESSION['ib_user_username'] = $ib_user_username; |
259 | $_SESSION['ib_user_username'] = $ib_user_username; |
260 | $_SESSION['ib_user_passwort'] = $ib_user_passwort; |
260 | $_SESSION['ib_user_passwort'] = $ib_user_passwort; |
261 | } |
261 | } |
262 | } |
262 | } |
263 | else |
263 | else |
Line 267... | Line 267... | ||
267 | 267 | ||
268 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
268 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
269 | } |
269 | } |
270 | } |
270 | } |
271 | 271 | ||
272 | if ($ib_user_type == '0') |
272 | if ($wb_user_type == '0') |
273 | { |
273 | { |
274 | if ($konfiguration['main_gastzugang']['enable_gast']) |
274 | if ($konfiguration['main_gastzugang']['enable_gast']) |
275 | { |
275 | { |
276 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
276 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
277 | if (db_num($res) > 0) |
277 | if (db_num($res) > 0) |
Line 296... | Line 296... | ||
296 | $_SESSION['last_login_ip'] = $benutzer['last_login_ip']; |
296 | $_SESSION['last_login_ip'] = $benutzer['last_login_ip']; |
297 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."'"); |
297 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."'"); |
298 | $benutzer['last_login'] = $rw[0]; |
298 | $benutzer['last_login'] = $rw[0]; |
299 | $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR']; |
299 | $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR']; |
300 | 300 | ||
301 | $_SESSION['ib_user_type'] = $ib_user_type; |
301 | $_SESSION['wb_user_type'] = $wb_user_type; |
302 | } |
302 | } |
303 | } |
303 | } |
304 | else |
304 | else |
305 | { |
305 | { |
306 | @session_unset(); |
306 | @session_unset(); |
Line 318... | Line 318... | ||
318 | } |
318 | } |
319 | } |
319 | } |
320 | } |
320 | } |
321 | else |
321 | else |
322 | { |
322 | { |
323 | if ((!isset($_SESSION['ib_user_type'])) || (($_SESSION['ib_user_type'] != '0') && ($_SESSION['ib_user_type'] != '1') && ($_SESSION['ib_user_type'] != '2'))) |
323 | if ((!isset($_SESSION['wb_user_type'])) || (($_SESSION['wb_user_type'] != '0') && ($_SESSION['wb_user_type'] != '1') && ($_SESSION['wb_user_type'] != '2'))) |
324 | { |
324 | { |
325 | $ib_user_type = -1; |
325 | $wb_user_type = -1; |
326 | } |
326 | } |
327 | else |
327 | else |
328 | { |
328 | { |
329 | if ($_SESSION['ib_user_type'] == '0') |
329 | if ($_SESSION['wb_user_type'] == '0') |
330 | { |
330 | { |
331 | if ($konfiguration['main_gastzugang']['enable_gast']) |
331 | if ($konfiguration['main_gastzugang']['enable_gast']) |
332 | { |
332 | { |
333 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
333 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
334 | if (db_num($res) > 0) |
334 | if (db_num($res) > 0) |
Line 344... | Line 344... | ||
344 | 344 | ||
345 | die($gesperrt); |
345 | die($gesperrt); |
346 | } |
346 | } |
347 | else |
347 | else |
348 | { |
348 | { |
349 | $ib_user_type = $_SESSION['ib_user_type']; |
349 | $wb_user_type = $_SESSION['wb_user_type']; |
350 | $ib_user_username = $konfiguration['main_gastzugang']['gast_username']; |
350 | $ib_user_username = $konfiguration['main_gastzugang']['gast_username']; |
351 | $ib_user_passwort = $konfiguration['main_gastzugang']['gast_passwort']; |
351 | $ib_user_passwort = $konfiguration['main_gastzugang']['gast_passwort']; |
352 | } |
352 | } |
353 | } |
353 | } |
354 | else |
354 | else |
Line 365... | Line 365... | ||
365 | @session_destroy(); |
365 | @session_destroy(); |
366 | 366 | ||
367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
368 | } |
368 | } |
369 | } |
369 | } |
370 | else if ($_SESSION['ib_user_type'] == '1') |
370 | else if ($_SESSION['wb_user_type'] == '1') |
371 | { |
371 | { |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); // TODO: use sha3 hash, salted and peppered |
373 | if (db_num($res) > 0) |
373 | if (db_num($res) > 0) |
374 | { |
374 | { |
375 | $row = db_fetch($res); |
375 | $row = db_fetch($res); |
Line 383... | Line 383... | ||
383 | 383 | ||
384 | die($gesperrt); |
384 | die($gesperrt); |
385 | } |
385 | } |
386 | else |
386 | else |
387 | { |
387 | { |
388 | $ib_user_type = $_SESSION['ib_user_type']; |
388 | $wb_user_type = $_SESSION['wb_user_type']; |
389 | $ib_user_username = $_SESSION['ib_user_username']; |
389 | $ib_user_username = $_SESSION['ib_user_username']; |
390 | $ib_user_passwort = $_SESSION['ib_user_passwort']; |
390 | $ib_user_passwort = $_SESSION['ib_user_passwort']; |
391 | } |
391 | } |
392 | } |
392 | } |
393 | else |
393 | else |
Line 396... | Line 396... | ||
396 | @session_destroy(); |
396 | @session_destroy(); |
397 | 397 | ||
398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
399 | } |
399 | } |
400 | } |
400 | } |
401 | else if ($_SESSION['ib_user_type'] == '2') |
401 | else if ($_SESSION['wb_user_type'] == '2') |
402 | { |
402 | { |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered |
404 | { |
404 | { |
405 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
405 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
406 | } |
406 | } |
407 | else |
407 | else |
408 | { |
408 | { |
409 | $ib_user_type = $_SESSION['ib_user_type']; |
409 | $wb_user_type = $_SESSION['wb_user_type']; |
410 | $ib_user_passwort = $_SESSION['ib_user_passwort']; |
410 | $ib_user_passwort = $_SESSION['ib_user_passwort']; |
411 | } |
411 | } |
412 | } |
412 | } |
413 | } |
413 | } |
414 | } |
414 | } |