Skip to content
Snippets Groups Projects
Find file Normal view History Permalink
session.lib.php 4.97 KiB
Newer Older
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
1 2 3 4 5 
<?php
/*
Datei : session.lib.php
Änderungen in dieser Datei nur dann vornehmen wenn Sie wissen was Sie tun!
*/
Joel Kuder's avatar
-> Remove short tags (<?= and <? )  
Joel Kuder committed
6 
session_start();
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
7 8 9 10 11 12 13 14 15 16 17 18 
// Variabeln definieren
if (!isset($_SESSION['login'])) $_SESSION['login'] = "";
if (!isset($_SESSION['werber'])) $_SESSION['werber'] = "0";
if (!isset($_SESSION['uid'])) $_SESSION['uid'] = "0";
if (!isset($_POST['nickname'])) $_POST['nickname'] = "";
if (!isset($_POST['passwort'])) $_POST['passwort'] = "";
if (!isset($_POST['checkid'])) $_POST['checkid'] = "";
if (!isset($_POST['autologin'])) $_POST['autologin'] = "";
if (!isset($_GET['logout'])) $_GET['logout'] = "";
if (!isset($_GET['ref'])) $_GET['ref'] = "0";

if ($_SESSION['werber'] == "0") $_SESSION['werber'] = (int)$_GET['ref'];
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
19
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
20 
// Seiteneinstellungen laden...
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
21 
$pageconfig = sql::$db->prepare ("SELECT * FROM `" . _VMS_ . "_seitenkonfig` LIMIT 1")->fetch();
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
22
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
23 
if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $system['admin_id']) {
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
24 25 26 27 28 29 
    setCookie('uid', '', time() - 86400 * 30);
    setCookie('passwort', '', time() - 86400 * 30);
    setCookie('autologin', '', time() - 86400 * 30);
    $_SESSION['uid'] = "";
    $_SESSION['passwort'] = "";
    $_SESSION['login'] = "";
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
30 
    header ("location: " . $system['domain'] . "/wartung.php");
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
31 32 
    die();
}
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
33
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
34 35 36 37 
// Login
if ($_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
    $_POST['nickname'] = addslashes($_POST['nickname']);
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
38 39 40 41 
    $sql = sql::$db->prepare ("SELECT `k`.`uid`, `k`.`passwort`, `k`.`status`, `k`.`hinweis` FROM `" . _VMS_ . "_userdaten` AS  `u` LEFT JOIN `" . _VMS_ . "_kontodaten`  AS `k` ON `k`.`uid` = `u`.`uid` WHERE `u`.`nickname` = ? AND `k`.`passwort` = ? LIMIT 1");
    $sql -> execute(array($_POST['nickname'], md5($_POST['passwort'])));
    if ($sql -> rowCount()) {
        $login_check = $sql -> fetch();
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
42 43 44 45 46 47 48 49 50 
        // Wenn User noch nicht freigeschaltet!
        if ($login_check['status'] == 0) {
            $_SESSION['uid'] = "";
            $_SESSION['passwort'] = "";
            $_SESSION['login'] = "";
            $_GET['content'] = '/error/kein_zutritt';
        }
        // Wenn beim User alles O.K. ist!
        if ($login_check['status'] == 1) {
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
51 52 
            sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten` SET `login_ip` = ? , `loginzeit` = ? WHERE `uid` = ? and `passwort` = ? LIMIT 1")
                -> execute( array( $system['ip'], time(), $login_check['uid'], md5($_POST['passwort'])));
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
53 54 55 56 57 58 59 60 
            if ($_POST['autologin'] == 'true') {
                setCookie('uid', $login_check['uid'], time() + 86400 * 30);
                setCookie('passwort', $login_check['passwort'], time() + 86400 * 30);
                setCookie('autologin', 'true', time() + 86400 * 30);
            }
            $_SESSION['uid'] = $login_check['uid'];
            $_SESSION['passwort'] = $login_check['passwort'];
            $_SESSION['login'] = "true";
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
61 
            header ("location: " . $system['domain']);
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 
            die();
        }
        // Wenn User gesperrt wurde!
        if ($login_check['status'] == 2) {
            $_SESSION['uid'] = "";
            $_SESSION['passwort'] = "";
            $_SESSION['login'] = "";
            $_GET['content'] = '/error/user_gesperrt';
        }
        // Wenn es den User garnicht giebt
    } else {
        $_GET['content'] = '/error/kein_zutritt';
    }
} else {
    if ($_POST['checkid'] == 'Login') $_GET['content'] = '/error/kein_zutritt';
}
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
78
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
79 80 81 82 83 
// Autologin
if ($_SESSION['login'] != 'true' && isset($_COOKIE['autologin']) && isset($_COOKIE['uid']) && isset($_COOKIE['passwort'])) {
    $_COOKIE['uid'] = (int)$_COOKIE['uid'];
    $_COOKIE['passwort'] = addslashes ($_COOKIE['passwort']);
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
84 85 86 87 
    $sql = sql::$db->prepare ("SELECT `uid`,`passwort`,`status`,`hinweis` FROM `" . _VMS_ . "_kontodaten` WHERE `uid` = ? and `passwort` = ? LIMIT 1");
    $sql -> execute( array( $_COOKIE['uid'], $_COOKIE['passwort']));
    if ($sql -> rowCount()) {
        $login_check = $sql -> fetch();
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
88 
        if ($login_check['status'] == 1) {
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
89 90 
            sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten` SET `login_ip` = ? , `loginzeit` = ? WHERE `uid` = ? and `passwort` = ? LIMIT 1")
                -> execute( array( $system['ip'], time(), $login_check['uid'], md5($_COOKIE['passwort'])));
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
91 92 93 94 95 96 
            $_SESSION['uid'] = $login_check['uid'];
            $_SESSION['passwort'] = $login_check['passwort'];
            $_SESSION['login'] = "true";
        }
    }
}
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
97
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
98 99 100 101 102 103 104 105 
// Logout
if ($_GET['logout'] == 'true') {
    setCookie('uid', '', time() - 86400 * 30);
    setCookie('passwort', '', time() - 86400 * 30);
    setCookie('autologin', '', time() - 86400 * 30);
    $_SESSION['uid'] = "";
    $_SESSION['passwort'] = "";
    $_SESSION['login'] = "";
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
106 
    header ("location: " . $system['domain']);
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
107 108 109 
    die();
}
if (isset ($_SESSION['uid']) && isset ($_SESSION['passwort']) && !empty ($_SESSION['uid']) && !empty ($_SESSION['passwort'])) {
Joel Kuder's avatar
Integrate PDO system files  
Joel Kuder committed
110 111 
    sql::$db->prepare ("UPDATE `" . _VMS_ . "_kontodaten` SET `last_active` = ? WHERE `uid` = ? AND `passwort` = ? LIMIT 1")
        -> execute( array( time(), $_SESSION['uid'], $_SESSION['passwort']));
Joel Kuder's avatar
INIT VMSone 2.5.0 Beta
Joel Kuder committed
112 113 114 
}

?>