Rev 4 | Go to most recent revision | Only display areas with differences | Regard whitespace | Details | Blame | Last modification | View Log | RSS feed
Rev 4 | Rev 8 | ||
---|---|---|---|
1 | <?php |
1 | <?php |
2 | 2 | ||
3 | if (!defined('IBLEGAL')) die('Kann nicht ohne Personal WebBase ausgeführt werden.'); |
3 | if (!defined('IBLEGAL')) die('Kann nicht ohne Personal WebBase ausgeführt werden.'); |
4 | 4 | ||
5 | /* if (!@is_writable('includes/session/')) |
5 | /* if (!@is_writable('includes/session/')) |
6 | { |
6 | { |
7 | die($header.'<h1>Fehler</h1>Das Verzeichnis includes/session/ muss schreibbar sein (CHMOD 777)!'.$footer); |
7 | die($header.'<h1>Fehler</h1>Das Verzeichnis includes/session/ muss schreibbar sein (CHMOD 777)!'.$footer); |
8 | } */ |
8 | } */ |
9 | 9 | ||
10 | //@ini_set('session.auto_start', 0); |
10 | //@ini_set('session.auto_start', 0); |
11 | @ini_set('session.cache_expire', 180); |
11 | @ini_set('session.cache_expire', 180); |
12 | @ini_set('session.use_trans_sid', 0); |
12 | @ini_set('session.use_trans_sid', 0); |
13 | @ini_set('session.use_cookies', 1); |
13 | @ini_set('session.use_cookies', 1); |
14 | @ini_set('session.use_only_cookies', 1); |
14 | @ini_set('session.use_only_cookies', 1); |
15 | if ($force_ssl) @ini_set('session.cookie_secure', 1); |
15 | if ($force_ssl) @ini_set('session.cookie_secure', 1); |
16 | @ini_set('session.cookie_lifetime', 0); |
16 | @ini_set('session.cookie_lifetime', 0); |
17 | @ini_set('session.gc_maxlifetime', 1440); |
17 | @ini_set('session.gc_maxlifetime', 1440); |
18 | @ini_set('session.bug_compat_42', 0); |
18 | @ini_set('session.bug_compat_42', 0); |
19 | @ini_set('session.bug_compat_warn', 1); |
19 | @ini_set('session.bug_compat_warn', 1); |
20 | if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') |
20 | if (version_compare(PHP_VERSION, '5.0.0', 'ge') && substr(PHP_OS, 0, 3) != 'WIN') |
21 | { |
21 | { |
22 | @ini_set('session.hash_function', 1); |
22 | @ini_set('session.hash_function', 1); |
23 | @ini_set('session.hash_bits_per_character', 6); |
23 | @ini_set('session.hash_bits_per_character', 6); |
24 | } |
24 | } |
25 | //@ini_set('session.save_handler', 'user'); // Auskommentiert. Geht mit aktuellen PHP Versionen nicht mehr, denn man muss session_set_save_handler() aufrufen (siehe https://bugs.php.net/bug.php?id=77384 ) |
25 | //@ini_set('session.save_handler', 'user'); // Auskommentiert. Geht mit aktuellen PHP Versionen nicht mehr, denn man muss session_set_save_handler() aufrufen (siehe https://bugs.php.net/bug.php?id=77384 ) |
26 | // @ini_set('session.save_path', 'includes/session/'); |
26 | // @ini_set('session.save_path', 'includes/session/'); |
27 | //@ini_set('arg_separator.output', '&'); |
27 | //@ini_set('arg_separator.output', '&'); |
28 | //@ini_set('url_rewriter.tags', 'a=href,area=href,frame=src,input=src,fieldset='); |
28 | //@ini_set('url_rewriter.tags', 'a=href,area=href,frame=src,input=src,fieldset='); |
29 | 29 | ||
30 | $ib_session_name = 'ironbase'; |
30 | $ib_session_name = 'ironbase'; |
31 | 31 | ||
32 | @session_unset(); |
32 | @session_unset(); |
33 | @session_destroy(); |
33 | @session_destroy(); |
34 | 34 | ||
35 | ib_newdatabasetable('sessions', $m2, 'SessionID', "varchar(255) NOT NULL", |
35 | ib_newdatabasetable('sessions', $m2, 'SessionID', "varchar(255) NOT NULL", |
36 | 'LastUpdated', "datetime NOT NULL", |
36 | 'LastUpdated', "datetime NOT NULL", |
37 | 'DataValue', "text"); |
37 | 'DataValue', "text"); |
38 | 38 | ||
39 | if (function_exists('set_searchable')) set_searchable($m2, 'sessions', 0); |
39 | if (function_exists('set_searchable')) set_searchable($m2, 'sessions', 0); |
40 | 40 | ||
41 | my_add_key($mysql_zugangsdaten['praefix'].'sessions', 'SessionID', false, 'SessionID'); |
41 | my_add_key($mysql_zugangsdaten['praefix'].'sessions', 'SessionID', false, 'SessionID'); |
42 | 42 | ||
43 | if (!function_exists('sessao_open')) |
43 | if (!function_exists('sessao_open')) |
44 | { |
44 | { |
45 | function sessao_open($aSavaPath, $aSessionName) |
45 | function sessao_open($aSavaPath, $aSessionName) |
46 | { |
46 | { |
47 | sessao_gc( ini_get('session.gc_maxlifetime') ); |
47 | sessao_gc( ini_get('session.gc_maxlifetime') ); |
48 | return True; |
48 | return True; |
49 | } |
49 | } |
50 | } |
50 | } |
51 | 51 | ||
52 | if (!function_exists('sessao_close')) |
52 | if (!function_exists('sessao_close')) |
53 | { |
53 | { |
54 | function sessao_close() |
54 | function sessao_close() |
55 | { |
55 | { |
56 | return True; |
56 | return True; |
57 | } |
57 | } |
58 | } |
58 | } |
59 | 59 | ||
60 | if (!function_exists('sessao_read')) |
60 | if (!function_exists('sessao_read')) |
61 | { |
61 | { |
62 | function sessao_read( $aKey ) |
62 | function sessao_read( $aKey ) |
63 | { |
63 | { |
64 | global $mysql_zugangsdaten; |
64 | global $mysql_zugangsdaten; |
65 | 65 | ||
66 | $busca = db_query("SELECT `DataValue` FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".db_simple_escape($aKey)."'"); |
66 | $busca = db_query("SELECT `DataValue` FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".db_simple_escape($aKey)."'"); |
67 | if (db_num($busca) == 0) |
67 | if (db_num($busca) == 0) |
68 | { |
68 | { |
69 | db_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."sessions` (`SessionID`, `LastUpdated`, `DataValue`) VALUES ('".db_simple_escape($aKey)."', NOW(), '')"); |
69 | db_query("INSERT INTO `".$mysql_zugangsdaten['praefix']."sessions` (`SessionID`, `LastUpdated`, `DataValue`) VALUES ('".db_simple_escape($aKey)."', NOW(), '')"); |
70 | return ''; |
70 | return ''; |
71 | } |
71 | } |
72 | else |
72 | else |
73 | { |
73 | { |
74 | $r = db_fetch($busca); |
74 | $r = db_fetch($busca); |
75 | return md5_decrypt($r['DataValue'], $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort']); |
75 | return md5_decrypt($r['DataValue'], $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort']); |
76 | } |
76 | } |
77 | } |
77 | } |
78 | } |
78 | } |
79 | 79 | ||
80 | if (!function_exists('sessao_write')) |
80 | if (!function_exists('sessao_write')) |
81 | { |
81 | { |
82 | function sessao_write( $aKey, $aVal ) |
82 | function sessao_write( $aKey, $aVal ) |
83 | { |
83 | { |
84 | global $mysql_zugangsdaten; |
84 | global $mysql_zugangsdaten; |
85 | 85 | ||
86 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."sessions` SET `DataValue` = '".md5_encrypt($aVal, $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort'])."', `LastUpdated` = NOW() WHERE `SessionID` = '".db_simple_escape($aKey)."'"); |
86 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."sessions` SET `DataValue` = '".md5_encrypt($aVal, $mysql_zugangsdaten['username'].':'.$mysql_zugangsdaten['passwort'])."', `LastUpdated` = NOW() WHERE `SessionID` = '".db_simple_escape($aKey)."'"); |
87 | return True; |
87 | return True; |
88 | } |
88 | } |
89 | } |
89 | } |
90 | 90 | ||
91 | if (!function_exists('sessao_destroy')) |
91 | if (!function_exists('sessao_destroy')) |
92 | { |
92 | { |
93 | function sessao_destroy( $aKey ) |
93 | function sessao_destroy( $aKey ) |
94 | { |
94 | { |
95 | global $mysql_zugangsdaten; |
95 | global $mysql_zugangsdaten; |
96 | 96 | ||
97 | db_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".db_simple_escape($aKey)."'"); |
97 | db_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE `SessionID` = '".db_simple_escape($aKey)."'"); |
98 | if (db_affected_rows() > 0) |
98 | if (db_affected_rows() > 0) |
99 | db_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
99 | db_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
100 | return True; |
100 | return True; |
101 | } |
101 | } |
102 | } |
102 | } |
103 | 103 | ||
104 | if (!function_exists('sessao_gc')) |
104 | if (!function_exists('sessao_gc')) |
105 | { |
105 | { |
106 | function sessao_gc( $aMaxLifeTime ) |
106 | function sessao_gc( $aMaxLifeTime ) |
107 | { |
107 | { |
108 | global $mysql_zugangsdaten; |
108 | global $mysql_zugangsdaten; |
109 | 109 | ||
110 | db_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`LastUpdated`) > ".db_simple_escape($aMaxLifeTime)); |
110 | db_query("DELETE FROM `".$mysql_zugangsdaten['praefix']."sessions` WHERE UNIX_TIMESTAMP(NOW()) - UNIX_TIMESTAMP(`LastUpdated`) > ".db_simple_escape($aMaxLifeTime)); |
111 | if (db_affected_rows() > 0) |
111 | if (db_affected_rows() > 0) |
112 | db_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
112 | db_query("OPTIMIZE TABLE `".$mysql_zugangsdaten['praefix']."sessions`"); |
113 | return True; |
113 | return True; |
114 | } |
114 | } |
115 | } |
115 | } |
116 | 116 | ||
117 | @session_set_save_handler("sessao_open", "sessao_close", "sessao_read", "sessao_write", "sessao_destroy", "sessao_gc"); |
117 | @session_set_save_handler("sessao_open", "sessao_close", "sessao_read", "sessao_write", "sessao_destroy", "sessao_gc"); |
118 | 118 | ||
119 | @session_name($ib_session_name); |
119 | @session_name($ib_session_name); |
120 | @session_start(); |
120 | @session_start(); |
121 | 121 | ||
122 | if (version_compare(PHP_VERSION, '5.1.2', 'lt') && isset($_COOKIE[$ib_session_name]) && eregi("\r|\n", $_COOKIE[$ib_session_name])) |
122 | if (version_compare(PHP_VERSION, '5.1.2', 'lt') && isset($_COOKIE[$ib_session_name]) && eregi("\r|\n", $_COOKIE[$ib_session_name])) |
123 | { |
123 | { |
124 | die('Angriff'); |
124 | die('Angriff'); |
125 | } |
125 | } |
126 | 126 | ||
127 | /* if (!preg_match("/^[0-9a-z]*$/i", session_id())) |
127 | /* if (!preg_match("/^[0-9a-z]*$/i", session_id())) |
128 | { |
128 | { |
129 | die($header.'Fehler! Die Session-ID ist ungültig.'.$footer); |
129 | die($header.'Fehler! Die Session-ID ist ungültig.'.$footer); |
130 | } */ |
130 | } */ |
131 | 131 | ||
132 | /* |
132 | /* |
133 | 133 | ||
134 | Ich gebe es auf! Ich sitze seit 5 Tagen ununterbrochen daran, |
134 | Ich gebe es auf! Ich sitze seit 5 Tagen ununterbrochen daran, |
135 | session_regenerate_id auf allen 4 Testsystemen zum Laufen zu |
135 | session_regenerate_id auf allen 4 Testsystemen zum Laufen zu |
136 | bekommen, doch andauernd gehen die Session-Informationen verloren! |
136 | bekommen, doch andauernd gehen die Session-Informationen verloren! |
137 | Ich denke, dass die untenstehende Lösung genug ausreicht. |
137 | Ich denke, dass die untenstehende Lösung genug ausreicht. |
138 | 138 | ||
139 | $ary = explode('/', $_SERVER['PHP_SELF']); |
139 | $ary = explode('/', $_SERVER['PHP_SELF']); |
140 | if ($ary[count($ary)-1] == 'modulseite.php') |
140 | if ($ary[count($ary)-1] == 'modulseite.php') |
141 | { |
141 | { |
142 | // @session_regenerate_id(true); |
142 | // @session_regenerate_id(true); |
143 | 143 | ||
144 | @session_start(); |
144 | @session_start(); |
145 | $old_sessid = @session_id(); |
145 | $old_sessid = @session_id(); |
146 | @session_regenerate_id(); |
146 | @session_regenerate_id(); |
147 | $new_sessid = @session_id(); |
147 | $new_sessid = @session_id(); |
148 | @session_id($old_sessid); |
148 | @session_id($old_sessid); |
149 | @session_destroy(); |
149 | @session_destroy(); |
150 | 150 | ||
151 | $old_session = $_SESSION; |
151 | $old_session = $_SESSION; |
152 | @session_id($new_sessid); |
152 | @session_id($new_sessid); |
153 | @session_start(); |
153 | @session_start(); |
154 | $_SESSION = $old_session; |
154 | $_SESSION = $old_session; |
155 | } |
155 | } |
156 | 156 | ||
157 | */ |
157 | */ |
158 | 158 | ||
159 | $usedns = TRUE; |
159 | $usedns = TRUE; |
160 | 160 | ||
161 | $useragent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; |
161 | $useragent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : ''; |
162 | $host = fetchip(); |
162 | $host = fetchip(); |
163 | 163 | ||
164 | if ($usedns) // <- war im Originalen $global['dns']... was soll das sein?! |
164 | if ($usedns) // <- war im Originalen $global['dns']... was soll das sein?! |
165 | $dns = @gethostbyaddr($host); |
165 | $dns = @gethostbyaddr($host); |
166 | else |
166 | else |
167 | $dns = $host; |
167 | $dns = $host; |
168 | 168 | ||
169 | if ((isset($_SESSION['session_secured'])) && ($_SESSION['session_secured'])) |
169 | if ((isset($_SESSION['session_secured'])) && ($_SESSION['session_secured'])) |
170 | { |
170 | { |
171 | if ( |
171 | if ( |
172 | (($_SESSION['host'] != $host) && !$usedns) |
172 | (($_SESSION['host'] != $host) && !$usedns) |
173 | || ($_SESSION['dns'] != $dns) |
173 | || ($_SESSION['dns'] != $dns) |
174 | || ($_SESSION['useragent'] != $useragent) |
174 | || ($_SESSION['useragent'] != $useragent) |
175 | ) { |
175 | ) { |
176 | session_regenerate_id(); |
176 | session_regenerate_id(); |
177 | session_unset(); |
177 | session_unset(); |
178 | } |
178 | } |
179 | } else { |
179 | } else { |
180 | $_SESSION['host'] = $host; |
180 | $_SESSION['host'] = $host; |
181 | $_SESSION['dns'] = $dns; |
181 | $_SESSION['dns'] = $dns; |
182 | $_SESSION['useragent'] = $useragent; |
182 | $_SESSION['useragent'] = $useragent; |
183 | $_SESSION['session_secured'] = 1; |
183 | $_SESSION['session_secured'] = 1; |
184 | } |
184 | } |
185 | 185 | ||
186 | // ----------------------------------------------------------------------------------------------------- |
186 | // ----------------------------------------------------------------------------------------------------- |
187 | 187 | ||
188 | $gesperrt = $header.'<h1>Fehler</h1>Sie wurden als Benutzer von Personal WebBase gesperrt. Bitte wenden Sie sich an den Serveradministrator.<br><br><a href="index.php">Zurück zum Webinterface</a>'.$footer; |
188 | $gesperrt = $header.'<h1>Fehler</h1>Sie wurden als Benutzer von Personal WebBase gesperrt. Bitte wenden Sie sich an den Serveradministrator.<br><br><a href="index.php">Zurück zum Webinterface</a>'.$footer; |
189 | 189 | ||
190 | if (!isset($ib_user_type)) $ib_user_type = -1; |
190 | if (!isset($ib_user_type)) $ib_user_type = -1; |
191 | 191 | ||
192 | if (isset($_POST['login_process']) && ($_POST['login_process'] == '1')) |
192 | if (isset($_POST['login_process']) && ($_POST['login_process'] == '1')) |
193 | { |
193 | { |
194 | if ($ib_user_type == 2) |
194 | if ($ib_user_type == 2) |
195 | { |
195 | { |
196 | if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) |
196 | if (md5($ib_user_passwort) != $konfiguration['main_administration']['admin_pwd']) |
197 | { |
197 | { |
198 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
198 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
199 | } |
199 | } |
200 | else |
200 | else |
201 | { |
201 | { |
202 | $_SESSION['last_login'] = $konfiguration['main_administration']['last_login']; |
202 | $_SESSION['last_login'] = $konfiguration['main_administration']['last_login']; |
203 | $_SESSION['last_login_ip'] = $konfiguration['main_administration']['last_login_ip']; |
203 | $_SESSION['last_login_ip'] = $konfiguration['main_administration']['last_login_ip']; |
204 | 204 | ||
205 | $res = db_query("SELECT NOW()"); |
205 | $res = db_query("SELECT NOW()"); |
206 | $row = db_fetch($res); |
206 | $row = db_fetch($res); |
207 | 207 | ||
208 | ib_change_config('last_login', $row[0], 'main_administration'); |
208 | ib_change_config('last_login', $row[0], 'main_administration'); |
209 | ib_change_config('last_login_ip', $_SERVER['REMOTE_ADDR'], 'main_administration'); |
209 | ib_change_config('last_login_ip', $_SERVER['REMOTE_ADDR'], 'main_administration'); |
210 | 210 | ||
211 | $_SESSION['ib_user_type'] = $ib_user_type; |
211 | $_SESSION['ib_user_type'] = $ib_user_type; |
212 | $_SESSION['ib_user_passwort'] = $ib_user_passwort; |
212 | $_SESSION['ib_user_passwort'] = $ib_user_passwort; |
213 | } |
213 | } |
214 | } |
214 | } |
215 | 215 | ||
216 | if ($ib_user_type == '1') |
216 | if ($ib_user_type == '1') |
217 | { |
217 | { |
218 | if (($ib_user_username == $konfiguration['main_gastzugang']['gast_username']) && ($ib_user_passwort == $konfiguration['main_gastzugang']['gast_passwort'])) |
218 | if (($ib_user_username == $konfiguration['main_gastzugang']['gast_username']) && ($ib_user_passwort == $konfiguration['main_gastzugang']['gast_passwort'])) |
219 | { |
219 | { |
220 | if ($konfiguration['main_gastzugang']['enable_gast']) |
220 | if ($konfiguration['main_gastzugang']['enable_gast']) |
221 | { |
221 | { |
222 | $ib_user_type = '0'; |
222 | $ib_user_type = '0'; |
223 | } |
223 | } |
224 | else |
224 | else |
225 | { |
225 | { |
226 | @session_unset(); |
226 | @session_unset(); |
227 | @session_destroy(); |
227 | @session_destroy(); |
228 | 228 | ||
229 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
229 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
230 | } |
230 | } |
231 | } |
231 | } |
232 | 232 | ||
233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
233 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($ib_user_username)."' AND `passwort` = '".md5($ib_user_passwort)."'"); |
234 | if (db_num($res) > 0) |
234 | if (db_num($res) > 0) |
235 | { |
235 | { |
236 | $row = db_fetch($res); |
236 | $row = db_fetch($res); |
237 | foreach ($row as $key => $value) |
237 | foreach ($row as $key => $value) |
238 | $benutzer[$key] = $value; |
238 | $benutzer[$key] = $value; |
239 | 239 | ||
240 | if ($benutzer['gesperrt'] == '1') |
240 | if ($benutzer['gesperrt'] == '1') |
241 | { |
241 | { |
242 | @session_unset(); |
242 | @session_unset(); |
243 | @session_destroy(); |
243 | @session_destroy(); |
244 | 244 | ||
245 | die($gesperrt); |
245 | die($gesperrt); |
246 | } |
246 | } |
247 | else |
247 | else |
248 | { |
248 | { |
249 | $rs = db_query("SELECT NOW()"); |
249 | $rs = db_query("SELECT NOW()"); |
250 | $rw = db_fetch($rs); |
250 | $rw = db_fetch($rs); |
251 | 251 | ||
252 | $_SESSION['last_login'] = $benutzer['last_login']; |
252 | $_SESSION['last_login'] = $benutzer['last_login']; |
253 | $_SESSION['last_login_ip'] = $benutzer['last_login_ip']; |
253 | $_SESSION['last_login_ip'] = $benutzer['last_login_ip']; |
254 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($ib_user_username)."'"); |
254 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($ib_user_username)."'"); |
255 | $benutzer['last_login'] = $rw[0]; |
255 | $benutzer['last_login'] = $rw[0]; |
256 | $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR']; |
256 | $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR']; |
257 | 257 | ||
258 | $_SESSION['ib_user_type'] = $ib_user_type; |
258 | $_SESSION['ib_user_type'] = $ib_user_type; |
259 | $_SESSION['ib_user_username'] = $ib_user_username; |
259 | $_SESSION['ib_user_username'] = $ib_user_username; |
260 | $_SESSION['ib_user_passwort'] = $ib_user_passwort; |
260 | $_SESSION['ib_user_passwort'] = $ib_user_passwort; |
261 | } |
261 | } |
262 | } |
262 | } |
263 | else |
263 | else |
264 | { |
264 | { |
265 | @session_unset(); |
265 | @session_unset(); |
266 | @session_destroy(); |
266 | @session_destroy(); |
267 | 267 | ||
268 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
268 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
269 | } |
269 | } |
270 | } |
270 | } |
271 | 271 | ||
272 | if ($ib_user_type == '0') |
272 | if ($ib_user_type == '0') |
273 | { |
273 | { |
274 | if ($konfiguration['main_gastzugang']['enable_gast']) |
274 | if ($konfiguration['main_gastzugang']['enable_gast']) |
275 | { |
275 | { |
276 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
276 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
277 | if (db_num($res) > 0) |
277 | if (db_num($res) > 0) |
278 | { |
278 | { |
279 | $row = db_fetch($res); |
279 | $row = db_fetch($res); |
280 | foreach ($row as $key => $value) |
280 | foreach ($row as $key => $value) |
281 | $benutzer[$key] = $value; |
281 | $benutzer[$key] = $value; |
282 | 282 | ||
283 | if ($benutzer['gesperrt'] == '1') |
283 | if ($benutzer['gesperrt'] == '1') |
284 | { |
284 | { |
285 | @session_unset(); |
285 | @session_unset(); |
286 | @session_destroy(); |
286 | @session_destroy(); |
287 | 287 | ||
288 | die($gesperrt); |
288 | die($gesperrt); |
289 | } |
289 | } |
290 | else |
290 | else |
291 | { |
291 | { |
292 | $rs = db_query("SELECT NOW()"); |
292 | $rs = db_query("SELECT NOW()"); |
293 | $rw = db_fetch($rs); |
293 | $rw = db_fetch($rs); |
294 | 294 | ||
295 | $_SESSION['last_login'] = $benutzer['last_login']; |
295 | $_SESSION['last_login'] = $benutzer['last_login']; |
296 | $_SESSION['last_login_ip'] = $benutzer['last_login_ip']; |
296 | $_SESSION['last_login_ip'] = $benutzer['last_login_ip']; |
297 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."'"); |
297 | db_query("UPDATE `".$mysql_zugangsdaten['praefix']."users` SET `last_login` = '".$rw[0]."', `last_login_ip` = '".$_SERVER['REMOTE_ADDR']."' WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."'"); |
298 | $benutzer['last_login'] = $rw[0]; |
298 | $benutzer['last_login'] = $rw[0]; |
299 | $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR']; |
299 | $benutzer['last_login_ip'] = $_SERVER['REMOTE_ADDR']; |
300 | 300 | ||
301 | $_SESSION['ib_user_type'] = $ib_user_type; |
301 | $_SESSION['ib_user_type'] = $ib_user_type; |
302 | } |
302 | } |
303 | } |
303 | } |
304 | else |
304 | else |
305 | { |
305 | { |
306 | @session_unset(); |
306 | @session_unset(); |
307 | @session_destroy(); |
307 | @session_destroy(); |
308 | 308 | ||
309 | if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang'); |
309 | if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang'); |
310 | } |
310 | } |
311 | } |
311 | } |
312 | else |
312 | else |
313 | { |
313 | { |
314 | @session_unset(); |
314 | @session_unset(); |
315 | @session_destroy(); |
315 | @session_destroy(); |
316 | 316 | ||
317 | if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang'); |
317 | if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang'); |
318 | } |
318 | } |
319 | } |
319 | } |
320 | } |
320 | } |
321 | else |
321 | else |
322 | { |
322 | { |
323 | if ((!isset($_SESSION['ib_user_type'])) || (($_SESSION['ib_user_type'] != '0') && ($_SESSION['ib_user_type'] != '1') && ($_SESSION['ib_user_type'] != '2'))) |
323 | if ((!isset($_SESSION['ib_user_type'])) || (($_SESSION['ib_user_type'] != '0') && ($_SESSION['ib_user_type'] != '1') && ($_SESSION['ib_user_type'] != '2'))) |
324 | { |
324 | { |
325 | $ib_user_type = -1; |
325 | $ib_user_type = -1; |
326 | } |
326 | } |
327 | else |
327 | else |
328 | { |
328 | { |
329 | if ($_SESSION['ib_user_type'] == '0') |
329 | if ($_SESSION['ib_user_type'] == '0') |
330 | { |
330 | { |
331 | if ($konfiguration['main_gastzugang']['enable_gast']) |
331 | if ($konfiguration['main_gastzugang']['enable_gast']) |
332 | { |
332 | { |
333 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
333 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($konfiguration['main_gastzugang']['gast_username'])."' AND `passwort` = '".md5($konfiguration['main_gastzugang']['gast_passwort'])."'"); |
334 | if (db_num($res) > 0) |
334 | if (db_num($res) > 0) |
335 | { |
335 | { |
336 | $row = db_fetch($res); |
336 | $row = db_fetch($res); |
337 | foreach ($row as $key => $value) |
337 | foreach ($row as $key => $value) |
338 | $benutzer[$key] = $value; |
338 | $benutzer[$key] = $value; |
339 | 339 | ||
340 | if ($benutzer['gesperrt'] == '1') |
340 | if ($benutzer['gesperrt'] == '1') |
341 | { |
341 | { |
342 | @session_unset(); |
342 | @session_unset(); |
343 | @session_destroy(); |
343 | @session_destroy(); |
344 | 344 | ||
345 | die($gesperrt); |
345 | die($gesperrt); |
346 | } |
346 | } |
347 | else |
347 | else |
348 | { |
348 | { |
349 | $ib_user_type = $_SESSION['ib_user_type']; |
349 | $ib_user_type = $_SESSION['ib_user_type']; |
350 | $ib_user_username = $konfiguration['main_gastzugang']['gast_username']; |
350 | $ib_user_username = $konfiguration['main_gastzugang']['gast_username']; |
351 | $ib_user_passwort = $konfiguration['main_gastzugang']['gast_passwort']; |
351 | $ib_user_passwort = $konfiguration['main_gastzugang']['gast_passwort']; |
352 | } |
352 | } |
353 | } |
353 | } |
354 | else |
354 | else |
355 | { |
355 | { |
356 | @session_unset(); |
356 | @session_unset(); |
357 | @session_destroy(); |
357 | @session_destroy(); |
358 | 358 | ||
359 | if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang'); |
359 | if (!headers_sent()) header('location: index.php?prv_modul=main_gastzugang'); |
360 | } |
360 | } |
361 | } |
361 | } |
362 | else |
362 | else |
363 | { |
363 | { |
364 | @session_unset(); |
364 | @session_unset(); |
365 | @session_destroy(); |
365 | @session_destroy(); |
366 | 366 | ||
367 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
367 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
368 | } |
368 | } |
369 | } |
369 | } |
370 | else if ($_SESSION['ib_user_type'] == '1') |
370 | else if ($_SESSION['ib_user_type'] == '1') |
371 | { |
371 | { |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
372 | $res = db_query("SELECT * FROM `".$mysql_zugangsdaten['praefix']."users` WHERE `username` = '".db_escape($_SESSION['ib_user_username'])."' AND `passwort` = '".md5($_SESSION['ib_user_passwort'])."'"); |
373 | if (db_num($res) > 0) |
373 | if (db_num($res) > 0) |
374 | { |
374 | { |
375 | $row = db_fetch($res); |
375 | $row = db_fetch($res); |
376 | foreach ($row as $key => $value) |
376 | foreach ($row as $key => $value) |
377 | $benutzer[$key] = $value; |
377 | $benutzer[$key] = $value; |
378 | 378 | ||
379 | if ($benutzer['gesperrt'] == '1') |
379 | if ($benutzer['gesperrt'] == '1') |
380 | { |
380 | { |
381 | @session_unset(); |
381 | @session_unset(); |
382 | @session_destroy(); |
382 | @session_destroy(); |
383 | 383 | ||
384 | die($gesperrt); |
384 | die($gesperrt); |
385 | } |
385 | } |
386 | else |
386 | else |
387 | { |
387 | { |
388 | $ib_user_type = $_SESSION['ib_user_type']; |
388 | $ib_user_type = $_SESSION['ib_user_type']; |
389 | $ib_user_username = $_SESSION['ib_user_username']; |
389 | $ib_user_username = $_SESSION['ib_user_username']; |
390 | $ib_user_passwort = $_SESSION['ib_user_passwort']; |
390 | $ib_user_passwort = $_SESSION['ib_user_passwort']; |
391 | } |
391 | } |
392 | } |
392 | } |
393 | else |
393 | else |
394 | { |
394 | { |
395 | @session_unset(); |
395 | @session_unset(); |
396 | @session_destroy(); |
396 | @session_destroy(); |
397 | 397 | ||
398 | if (!headers_sent()) header('location: index.php?prv_modul='.$m2); |
398 | if (!headers_sent()) header('location: index.php?prv_modul='.urlencode($m2)); |
399 | } |
399 | } |
400 | } |
400 | } |
401 | else if ($_SESSION['ib_user_type'] == '2') |
401 | else if ($_SESSION['ib_user_type'] == '2') |
402 | { |
402 | { |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |
403 | if (md5($_SESSION['ib_user_passwort']) != $konfiguration['main_administration']['admin_pwd']) |
404 | { |
404 | { |
405 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
405 | if (!headers_sent()) header('location: index.php?prv_modul=main_administration'); |
406 | } |
406 | } |
407 | else |
407 | else |
408 | { |
408 | { |
409 | $ib_user_type = $_SESSION['ib_user_type']; |
409 | $ib_user_type = $_SESSION['ib_user_type']; |
410 | $ib_user_passwort = $_SESSION['ib_user_passwort']; |
410 | $ib_user_passwort = $_SESSION['ib_user_passwort']; |
411 | } |
411 | } |
412 | } |
412 | } |
413 | } |
413 | } |
414 | } |
414 | } |
415 | 415 | ||
416 | ?> |
416 | ?> |
417 | 417 |