Rev 4 | Go to most recent revision | Show entire file | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 4 | Rev 8 | ||
---|---|---|---|
Line 224... | Line 224... | ||
224 | else |
224 | else |
225 | { |
225 | { |
226 | @session_unset(); |
226 | @session_unset(); |
227 | @session_destroy(); |
227 | @session_destroy(); |
228 | 228 | ||
229 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
229 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
230 | } |
230 | } |
231 | } |
231 | } |
232 | 232 | ||
233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
234 | if (db_num($res) > 0) |
234 | if (db_num($res) > 0) |
Line 263... | Line 263... | ||
263 | else |
263 | else |
264 | { |
264 | { |
265 | @session_unset(); |
265 | @session_unset(); |
266 | @session_destroy(); |
266 | @session_destroy(); |
267 | 267 | ||
268 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
268 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
269 | } |
269 | } |
270 | } |
270 | } |
271 | 271 | ||
272 | if ($ib_user_type == '0') |
272 | if ($ib_user_type == '0') |
273 | { |
273 | { |
Line 362... | Line 362... | ||
362 | else |
362 | else |
363 | { |
363 | { |
364 | @session_unset(); |
364 | @session_unset(); |
365 | @session_destroy(); |
365 | @session_destroy(); |
366 | 366 | ||
367 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
368 | } |
368 | } |
369 | } |
369 | } |
370 | else if ($_SESSION['ib_user_type'] == '1') |
370 | else if ($_SESSION['ib_user_type'] == '1') |
371 | { |
371 | { |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
Line 393... | Line 393... | ||
393 | else |
393 | else |
394 | { |
394 | { |
395 | @session_unset(); |
395 | @session_unset(); |
396 | @session_destroy(); |
396 | @session_destroy(); |
397 | 397 | ||
398 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
399 | } |
399 | } |
400 | } |
400 | } |
401 | else if ($_SESSION['ib_user_type'] == '2') |
401 | else if ($_SESSION['ib_user_type'] == '2') |
402 | { |
402 | { |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |