WebSVN – personal-webbase – Diff – /trunk/modules/main_login/autostart/2.inc.php



<?php
 
if (!defined('WBLEGAL')) die('Kann nicht ohne Personal WebBase ausgef&uuml;hrt werden.');
 
/* if (!@is_writable('includes/session/'))
{
  die($header.'<h1>Fehler</h1>Das Verzeichnis includes/session/ muss schreibbar sein (CHMOD 777)!'.$footer);
} */

 
// -----------------------------------------------------------------------------------------------------
 
$gesperrt = $header.'<h1>Fehler</h1>Sie wurden als Benutzer von Personal WebBase gesperrt. Bitte wenden Sie sich an den Serveradministrator.<br><br><a href="index.php">Zur&uuml;ck zum Webinterface</a>'.$footer;
 
if (!isset($wb_user_type)) $wb_user_type = -1;
 
if (isset($_POST['login_process']) && ($_POST['login_process'] == '1'))
{
  if ($wb_user_type == 2)
  {
    if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered
    {
      if (!headers_sent()) header('location: index.php?prv_modul=main_administration');
    }

      $row = db_fetch($res);
 
      ib_change_config('last_login', $row[0], 'main_administration');
      ib_change_config('last_login_ip', $_SERVER['REMOTE_ADDR'], 'main_administration');
 
      $_SESSION['wb_user_type'] = $wb_user_type;
      $_SESSION['ib_user_passwort'] = $ib_user_passwort;
    }
  }
 
  if ($wb_user_type == '1')
  {
    if (($ib_user_username == $konfiguration['main_gastzugang']['gast_username']) && ($ib_user_passwort == $konfiguration['main_gastzugang']['gast_passwort']))
    {
      if ($konfiguration['main_gastzugang']['enable_gast'])
      {
        $wb_user_type = '0';
      }
      else
      {
        @session_unset();
        @session_destroy();

        $_SESSION['last_login_ip'] = $benutzer['last_login_ip'];
        db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($ib_user_username)."'");
        $benutzer['last_login'] = $rw[0];
        $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR'];
 
        $_SESSION['wb_user_type'] = $wb_user_type;
        $_SESSION['ib_user_username'] = $ib_user_username;
        $_SESSION['ib_user_passwort'] = $ib_user_passwort;
      }
    }
    else

 
      if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
    }
  }
 
  if ($wb_user_type == '0')
  {
    if ($konfiguration['main_gastzugang']['enable_gast'])
    {
      $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered
      if (db_num($res) > 0)

          $_SESSION['last_login_ip'] = $benutzer['last_login_ip'];
          db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."'");
          $benutzer['last_login'] = $rw[0];
          $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR'];
 
          $_SESSION['wb_user_type'] = $wb_user_type;
        }
      }
      else
      {
        @session_unset();

    }
  }
}
else
{
  if ((!isset($_SESSION['wb_user_type'])) || (($_SESSION['wb_user_type'] != '0') && ($_SESSION['wb_user_type'] != '1') && ($_SESSION['wb_user_type'] != '2')))
  {
    $wb_user_type = -1;
  }
  else
  {
    if ($_SESSION['wb_user_type'] == '0')
    {
      if ($konfiguration['main_gastzugang']['enable_gast'])
      {
        $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered
        if (db_num($res) > 0)

 
            die($gesperrt);
          }
          else
          {
            $wb_user_type = $_SESSION['wb_user_type'];
            $ib_user_username = $konfiguration['main_gastzugang']['gast_username'];
            $ib_user_passwort = $konfiguration['main_gastzugang']['gast_passwort'];
          }
        }
        else

        @session_destroy();
 
        if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
      }
    }
    else if ($_SESSION['wb_user_type'] == '1')
    {
      $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); // TODO: use sha3 hash, salted and peppered
      if (db_num($res) > 0)
      {
        $row = db_fetch($res);

 
          die($gesperrt);
        }
        else
        {
          $wb_user_type = $_SESSION['wb_user_type'];
          $ib_user_username = $_SESSION['ib_user_username'];
          $ib_user_passwort = $_SESSION['ib_user_passwort'];
        }
      }
      else

        @session_destroy();
 
        if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
      }
    }
    else if ($_SESSION['wb_user_type'] == '2')
    {
      if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered
      {
        if (!headers_sent()) header('location: index.php?prv_modul=main_administration');
      }
      else
      {
        $wb_user_type = $_SESSION['wb_user_type'];
        $ib_user_passwort = $_SESSION['ib_user_passwort'];
      }
    }
  }
}

Rev 11	Rev 14
Line 1...	Line 1...
1	<?php	1	<?php
2		2
3	if (!defined('IBLEGAL')) die('Kann nicht ohne Personal WebBase ausgeführt werden.');	3	if (!defined('WBLEGAL')) die('Kann nicht ohne Personal WebBase ausgeführt werden.');
4		4
5	/* if (!@is_writable('includes/session/'))	5	/* if (!@is_writable('includes/session/'))
6	{	6	{
7	die($header.'<h1>Fehler</h1>Das Verzeichnis includes/session/ muss schreibbar sein (CHMOD 777)!'.$footer);	7	die($header.'<h1>Fehler</h1>Das Verzeichnis includes/session/ muss schreibbar sein (CHMOD 777)!'.$footer);
8	} */	8	} */
Line 185...	Line 185...
185		185
186	// -----------------------------------------------------------------------------------------------------	186	// -----------------------------------------------------------------------------------------------------
187		187
188	$gesperrt = $header.'<h1>Fehler</h1>Sie wurden als Benutzer von Personal WebBase gesperrt. Bitte wenden Sie sich an den Serveradministrator.<br><br><a href="index.php">Zurück zum Webinterface</a>'.$footer;	188	$gesperrt = $header.'<h1>Fehler</h1>Sie wurden als Benutzer von Personal WebBase gesperrt. Bitte wenden Sie sich an den Serveradministrator.<br><br><a href="index.php">Zurück zum Webinterface</a>'.$footer;
189		189
190	if (!isset($ib_user_type)) $ib_user_type = -1;	190	if (!isset($wb_user_type)) $wb_user_type = -1;
191		191
192	if (isset($_POST['login_process']) && ($_POST['login_process'] == '1'))	192	if (isset($_POST['login_process']) && ($_POST['login_process'] == '1'))
193	{	193	{
194	if ($ib_user_type == 2)	194	if ($wb_user_type == 2)
195	{	195	{
196	if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered	196	if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered
197	{	197	{
198	if (!headers_sent()) header('location: index.php?prv_modul=main_administration');	198	if (!headers_sent()) header('location: index.php?prv_modul=main_administration');
199	}	199	}
Line 206...	Line 206...
206	$row = db_fetch($res);	206	$row = db_fetch($res);
207		207
208	ib_change_config('last_login', $row[0], 'main_administration');	208	ib_change_config('last_login', $row[0], 'main_administration');
209	ib_change_config('last_login_ip', $_SERVER['REMOTE_ADDR'], 'main_administration');	209	ib_change_config('last_login_ip', $_SERVER['REMOTE_ADDR'], 'main_administration');
210		210
211	$_SESSION['ib_user_type'] = $ib_user_type;	211	$_SESSION['wb_user_type'] = $wb_user_type;
212	$_SESSION['ib_user_passwort'] = $ib_user_passwort;	212	$_SESSION['ib_user_passwort'] = $ib_user_passwort;
213	}	213	}
214	}	214	}
215		215
216	if ($ib_user_type == '1')	216	if ($wb_user_type == '1')
217	{	217	{
218	if (($ib_user_username == $konfiguration['main_gastzugang']['gast_username']) && ($ib_user_passwort == $konfiguration['main_gastzugang']['gast_passwort']))	218	if (($ib_user_username == $konfiguration['main_gastzugang']['gast_username']) && ($ib_user_passwort == $konfiguration['main_gastzugang']['gast_passwort']))
219	{	219	{
220	if ($konfiguration['main_gastzugang']['enable_gast'])	220	if ($konfiguration['main_gastzugang']['enable_gast'])
221	{	221	{
222	$ib_user_type = '0';	222	$wb_user_type = '0';
223	}	223	}
224	else	224	else
225	{	225	{
226	@session_unset();	226	@session_unset();
227	@session_destroy();	227	@session_destroy();
Line 253...	Line 253...
253	$_SESSION['last_login_ip'] = $benutzer['last_login_ip'];	253	$_SESSION['last_login_ip'] = $benutzer['last_login_ip'];
254	db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($ib_user_username)."'");	254	db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($ib_user_username)."'");
255	$benutzer['last_login'] = $rw[0];	255	$benutzer['last_login'] = $rw[0];
256	$benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR'];	256	$benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR'];
257		257
258	$_SESSION['ib_user_type'] = $ib_user_type;	258	$_SESSION['wb_user_type'] = $wb_user_type;
259	$_SESSION['ib_user_username'] = $ib_user_username;	259	$_SESSION['ib_user_username'] = $ib_user_username;
260	$_SESSION['ib_user_passwort'] = $ib_user_passwort;	260	$_SESSION['ib_user_passwort'] = $ib_user_passwort;
261	}	261	}
262	}	262	}
263	else	263	else
Line 267...	Line 267...
267		267
268	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));	268	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
269	}	269	}
270	}	270	}
271		271
272	if ($ib_user_type == '0')	272	if ($wb_user_type == '0')
273	{	273	{
274	if ($konfiguration['main_gastzugang']['enable_gast'])	274	if ($konfiguration['main_gastzugang']['enable_gast'])
275	{	275	{
276	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered	276	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered
277	if (db_num($res) > 0)	277	if (db_num($res) > 0)
Line 296...	Line 296...
296	$_SESSION['last_login_ip'] = $benutzer['last_login_ip'];	296	$_SESSION['last_login_ip'] = $benutzer['last_login_ip'];
297	db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."'");	297	db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."'");
298	$benutzer['last_login'] = $rw[0];	298	$benutzer['last_login'] = $rw[0];
299	$benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR'];	299	$benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR'];
300		300
301	$_SESSION['ib_user_type'] = $ib_user_type;	301	$_SESSION['wb_user_type'] = $wb_user_type;
302	}	302	}
303	}	303	}
304	else	304	else
305	{	305	{
306	@session_unset();	306	@session_unset();
Line 318...	Line 318...
318	}	318	}
319	}	319	}
320	}	320	}
321	else	321	else
322	{	322	{
323	if ((!isset($_SESSION['ib_user_type'])) \|\| (($_SESSION['ib_user_type'] != '0') && ($_SESSION['ib_user_type'] != '1') && ($_SESSION['ib_user_type'] != '2')))	323	if ((!isset($_SESSION['wb_user_type'])) \|\| (($_SESSION['wb_user_type'] != '0') && ($_SESSION['wb_user_type'] != '1') && ($_SESSION['wb_user_type'] != '2')))
324	{	324	{
325	$ib_user_type = -1;	325	$wb_user_type = -1;
326	}	326	}
327	else	327	else
328	{	328	{
329	if ($_SESSION['ib_user_type'] == '0')	329	if ($_SESSION['wb_user_type'] == '0')
330	{	330	{
331	if ($konfiguration['main_gastzugang']['enable_gast'])	331	if ($konfiguration['main_gastzugang']['enable_gast'])
332	{	332	{
333	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered	333	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); // TODO: use sha3 hash, salted and peppered
334	if (db_num($res) > 0)	334	if (db_num($res) > 0)
Line 344...	Line 344...
344		344
345	die($gesperrt);	345	die($gesperrt);
346	}	346	}
347	else	347	else
348	{	348	{
349	$ib_user_type = $_SESSION['ib_user_type'];	349	$wb_user_type = $_SESSION['wb_user_type'];
350	$ib_user_username = $konfiguration['main_gastzugang']['gast_username'];	350	$ib_user_username = $konfiguration['main_gastzugang']['gast_username'];
351	$ib_user_passwort = $konfiguration['main_gastzugang']['gast_passwort'];	351	$ib_user_passwort = $konfiguration['main_gastzugang']['gast_passwort'];
352	}	352	}
353	}	353	}
354	else	354	else
Line 365...	Line 365...
365	@session_destroy();	365	@session_destroy();
366		366
367	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));	367	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
368	}	368	}
369	}	369	}
370	else if ($_SESSION['ib_user_type'] == '1')	370	else if ($_SESSION['wb_user_type'] == '1')
371	{	371	{
372	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); // TODO: use sha3 hash, salted and peppered	372	$res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); // TODO: use sha3 hash, salted and peppered
373	if (db_num($res) > 0)	373	if (db_num($res) > 0)
374	{	374	{
375	$row = db_fetch($res);	375	$row = db_fetch($res);
Line 383...	Line 383...
383		383
384	die($gesperrt);	384	die($gesperrt);
385	}	385	}
386	else	386	else
387	{	387	{
388	$ib_user_type = $_SESSION['ib_user_type'];	388	$wb_user_type = $_SESSION['wb_user_type'];
389	$ib_user_username = $_SESSION['ib_user_username'];	389	$ib_user_username = $_SESSION['ib_user_username'];
390	$ib_user_passwort = $_SESSION['ib_user_passwort'];	390	$ib_user_passwort = $_SESSION['ib_user_passwort'];
391	}	391	}
392	}	392	}
393	else	393	else
Line 396...	Line 396...
396	@session_destroy();	396	@session_destroy();
397		397
398	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));	398	if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2));
399	}	399	}
400	}	400	}
401	else if ($_SESSION['ib_user_type'] == '2')	401	else if ($_SESSION['wb_user_type'] == '2')
402	{	402	{
403	if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered	403	if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) // TODO: use sha3 hash, salted and peppered
404	{	404	{
405	if (!headers_sent()) header('location: index.php?prv_modul=main_administration');	405	if (!headers_sent()) header('location: index.php?prv_modul=main_administration');
406	}	406	}
407	else	407	else
408	{	408	{
409	$ib_user_type = $_SESSION['ib_user_type'];	409	$wb_user_type = $_SESSION['wb_user_type'];
410	$ib_user_passwort = $_SESSION['ib_user_passwort'];	410	$ib_user_passwort = $_SESSION['ib_user_passwort'];
411	}	411	}
412	}	412	}
413	}	413	}
414	}	414	}

Subversion Repositories personal-webbase

personal-webbase/trunk/modules/main_login/autostart/2.inc.php – Rev 11 → 14