Rev 4 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 4 | Rev 8 | ||
|---|---|---|---|
| Line 224... | Line 224... | ||
| 224 | else |
224 | else |
| 225 | { |
225 | { |
| 226 | @session_unset(); |
226 | @session_unset(); |
| 227 | @session_destroy(); |
227 | @session_destroy(); |
| 228 | 228 | ||
| 229 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
229 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
| 230 | } |
230 | } |
| 231 | } |
231 | } |
| 232 | 232 | ||
| 233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
| 234 | if (db_num($res) > 0) |
234 | if (db_num($res) > 0) |
| Line 263... | Line 263... | ||
| 263 | else |
263 | else |
| 264 | { |
264 | { |
| 265 | @session_unset(); |
265 | @session_unset(); |
| 266 | @session_destroy(); |
266 | @session_destroy(); |
| 267 | 267 | ||
| 268 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
268 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
| 269 | } |
269 | } |
| 270 | } |
270 | } |
| 271 | 271 | ||
| 272 | if ($ib_user_type == '0') |
272 | if ($ib_user_type == '0') |
| 273 | { |
273 | { |
| Line 362... | Line 362... | ||
| 362 | else |
362 | else |
| 363 | { |
363 | { |
| 364 | @session_unset(); |
364 | @session_unset(); |
| 365 | @session_destroy(); |
365 | @session_destroy(); |
| 366 | 366 | ||
| 367 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
| 368 | } |
368 | } |
| 369 | } |
369 | } |
| 370 | else if ($_SESSION['ib_user_type'] == '1') |
370 | else if ($_SESSION['ib_user_type'] == '1') |
| 371 | { |
371 | { |
| 372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
| Line 393... | Line 393... | ||
| 393 | else |
393 | else |
| 394 | { |
394 | { |
| 395 | @session_unset(); |
395 | @session_unset(); |
| 396 | @session_destroy(); |
396 | @session_destroy(); |
| 397 | 397 | ||
| 398 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
| 399 | } |
399 | } |
| 400 | } |
400 | } |
| 401 | else if ($_SESSION['ib_user_type'] == '2') |
401 | else if ($_SESSION['ib_user_type'] == '2') |
| 402 | { |
402 | { |
| 403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |