From f67816bea85c74d03186be9fe60b1f6af8be0c57 Mon Sep 17 00:00:00 2001
From: isaack <isaack0815@gmail.com>
Date: Sat, 2 Dec 2017 21:47:14 +0100
Subject: [PATCH] neue Funktion
---
CHANGELOG | 4 ++++
content/LKT_Rallysystem.php | 2 +-
index.php | 2 +-
install/index.php | 9 +++++++++
install/mysql.txt | 2 +-
lib/funktionen/konto/anmelden.php | 3 ++-
lib/session.lib.php | 5 +++--
7 files changed, 21 insertions(+), 6 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index b17c176..0356cad 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,5 +1,9 @@
# Was alles passiert
+## [0.0.2] - 02.12.2017
+### hinzugefügt
+- die Funktion pw_erstellen wurde hinzugefügt.
+
## [0.0.1] - 02.12.2017
### Upload
Die BETA Version von VMS-SUEE 2 wurde veröffentlicht.
diff --git a/content/LKT_Rallysystem.php b/content/LKT_Rallysystem.php
index 8b24de7..1d491d1 100644
--- a/content/LKT_Rallysystem.php
+++ b/content/LKT_Rallysystem.php
@@ -1,6 +1,6 @@
<?php
// Variabeln
-$rallyname = mysqli_real_escape_string($_GET['rally']);
+$rallyname = mysqli_real_escape_string($sql_open,$_GET['rally']);
$time = time();
// Ralleydaten auslesen
$rally = mysqli_fetch_array (db_query ('SELECT * FROM vms_rallydaten WHERE name = "' . $rallyname . '" LIMIT 1'));
diff --git a/index.php b/index.php
index 70dba26..06ba83b 100644
--- a/index.php
+++ b/index.php
@@ -150,7 +150,7 @@ $ts = strtotime($datetime);
</li>
<?php } ?>
<?php
- if(isset($_SESSION['admin']){
+ if(isset($_SESSION['admin'])){
if($_SESSION['admin'] == 1){
echo '<li><a href="'.$domain.'/adminforce/index.php\">Adminforce</a></li>';
}
diff --git a/install/index.php b/install/index.php
index a20d36f..edbd405 100644
--- a/install/index.php
+++ b/install/index.php
@@ -15,6 +15,9 @@ if(isset($_POST['datenbank_anlegen'])){
//Datenbank Prefix
$db_prefix = "'.$_POST['prefix'].'";
+ //Passwort zusatz
+ $pw_zusatz = '. create_code(5) .';
+
//Datenbankverbindung herstellen
$sql_open = @mysqli_connect($db_host, $db_user, $db_pass, $db_base) or die(\'Verbindung zum Mysql Server fehlgeschlagen! <br>Tipp: <a href="http://www.vms-tutorial.de/wiki//Lib/Functions">http://www.vms-tutorial.de/wiki//Lib/Functions</a>\');
$sql_base = @mysqli_select_db($sql_open,$db_base) or die("Keine oder falsche Datenbank gewählt! Tipp: <br><a href=\'http://www.vms-tutorial.de/wiki//Lib/Functions\'>http://www.vms-tutorial.de/wiki//Lib/Functions</a>");
@@ -50,6 +53,12 @@ if(isset($_POST['datenbank_anlegen'])){
}
}
+ function pw_erstellen($pw){
+ global $pw_zusatz;
+ $pw_er = hash("sha256",$pw.$pw_zusatz);
+ return $pw_er;
+ }
+
/**
* db_close()
*
diff --git a/install/mysql.txt b/install/mysql.txt
index 9ac2db2..6bd1bd4 100644
--- a/install/mysql.txt
+++ b/install/mysql.txt
@@ -194,7 +194,7 @@ CREATE TABLE IF NOT EXISTS `vms_interface` (
CREATE TABLE IF NOT EXISTS `vms_kontodaten` (
`uid` int(7) NOT NULL,
- `passwort` char(32) NOT NULL,
+ `passwort` char(100) NOT NULL,
`status` tinyint(1) NOT NULL DEFAULT '0',
`hinweis` longtext NOT NULL,
`kontostand` double(100,2) NOT NULL DEFAULT '0.00',
diff --git a/lib/funktionen/konto/anmelden.php b/lib/funktionen/konto/anmelden.php
index 25bb0e4..87b4963 100644
--- a/lib/funktionen/konto/anmelden.php
+++ b/lib/funktionen/konto/anmelden.php
@@ -46,7 +46,8 @@ if (!isset($ak)) $ak = "";
if($meldung['error'] != 1){
if ($_POST['newsletter'] == 0) $mailstatus = 0;
if ($_POST['newsletter'] == 1) $mailstatus = 1;
- db_query("INSERT INTO ".$db_prefix."_kontodaten (passwort,status) VALUES ('".md5($_POST['passwort_1'])."','0')");
+ $pw = pw_erstellen($_POST['passwort_1']);
+ db_query("INSERT INTO ".$db_prefix."_kontodaten (passwort,status) VALUES ('". $pw ."','0')");
$uid = mysqli_insert_id($sql_open);
if ($_SESSION['werber'] == $uid) $_SESSION['werber'] = 0;
diff --git a/lib/session.lib.php b/lib/session.lib.php
index 1a0d13b..455a9a1 100644
--- a/lib/session.lib.php
+++ b/lib/session.lib.php
@@ -32,11 +32,12 @@ if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $admin_id) {
// Login
if ($_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
$_POST['nickname'] = addslashes($_POST['nickname']);
-
+
+ $pw = pw_erstellen($_POST['passwort']);
$login_check = db_query("SELECT k.uid,k.passwort,k.status,k.hinweis FROM
" . $db_prefix . "_userdaten u
LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=u.uid
-WHERE u.nickname='" . $_POST['nickname'] . "' AND k.passwort='" . md5($_POST['passwort']) . "' LIMIT 1");
+WHERE u.nickname='" . $_POST['nickname'] . "' AND k.passwort='" . $pw . "' LIMIT 1");
if (mysqli_num_rows($login_check)) {
$login_check = mysqli_fetch_array($login_check);
--
GitLab