Skip to content
Snippets Groups Projects
Find file Normal view History Permalink
session.lib.php 5.23 KiB
Newer Older
Eric Laufer's avatar
1.1
Eric Laufer committed
1 
<?php
isaack's avatar
kleine bugs  
isaack committed
2 
/*G8UqVbtH
Eric Laufer's avatar
1.1
Eric Laufer committed
3 4 5 6 
Datei : session.lib.php
Änderungen in dieser Datei nur dann vornehmen wenn Sie wissen was Sie tun!
*/
@session_start();
Christoph Zysik's avatar
missing and missing references on forcedbanner area  
Christoph Zysik committed
7 
$ip = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
Eric Laufer's avatar
1.1
Eric Laufer committed
8 
// Variabeln definieren
Eric Laufer's avatar
Bug, Update run.inc.php  
Eric Laufer committed
9 10 11 12 13 14 15 16 17 18 19 
if(isset($_POST['checkid'])){
	if (!isset($_SESSION['login'])) $_SESSION['login'] = "";
	if (!isset($_SESSION['werber'])) $_SESSION['werber'] = "0";
	if (!isset($_SESSION['uid'])) $_SESSION['uid'] = "0";
	if (!isset($_POST['nickname'])) $_POST['nickname'] = "";
	if (!isset($_POST['passwort'])) $_POST['passwort'] = "";
	if (!isset($_POST['checkid'])) $_POST['checkid'] = "";
	if (!isset($_POST['autologin'])) $_POST['autologin'] = "";
	if (!isset($_GET['logout'])) $_GET['logout'] = "";
	if (!isset($_GET['ref'])) $_GET['ref'] = "0";
}
Christoph Zysik's avatar
fixing notices, _POST['checkid'] and _GET['ref']  
Christoph Zysik committed
20 21 
if( ( !isset($_SESSION['werber']) || ("0" == $_SESSION['werber']) ) && isset($_GET['ref']) )
    $_SESSION['werber'] = (int)$_GET['ref'];
Eric Laufer's avatar
1.1
Eric Laufer committed
22 23 24 25 26 27 28 29 30 31 32 33 34 35 
// Seiteneinstellungen laden...
$pageconfig = mysqli_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_seitenkonfig LIMIT 1"));

if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $admin_id) {
    setCookie('uid', '', time() - 86400 * 30);
    setCookie('passwort', '', time() - 86400 * 30);
    setCookie('autologin', '', time() - 86400 * 30);
    $_SESSION['uid'] = "";
    $_SESSION['passwort'] = "";
    $_SESSION['login'] = "";
    header ("location: " . $domain . "/wartung.php");
    die();
}
// Login
Christoph Zysik's avatar
fixing notices, _POST['checkid'] and _GET['ref']  
Christoph Zysik committed
36 
if (isset($_POST['checkid']) && $_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
Eric Laufer's avatar
1.1
Eric Laufer committed
37 
    $_POST['nickname'] = addslashes($_POST['nickname']);
isaack's avatar
neue Funktion  
isaack committed
38 39 
	
	$pw = pw_erstellen($_POST['passwort']);
Eric Laufer's avatar
1.1
Eric Laufer committed
40 41 42 
    $login_check = db_query("SELECT k.uid,k.passwort,k.status,k.hinweis FROM
                                        " . $db_prefix . "_userdaten u
                                        LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=u.uid
isaack's avatar
kleine fehler behoben  
isaack committed
43 
WHERE u.nickname='" . $_POST['nickname'] . "' OR u.uid = '". $_POST['nickname'] ."' AND k.passwort='" . $pw . "' LIMIT 1");
Eric Laufer's avatar
1.1
Eric Laufer committed
44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 

    if (mysqli_num_rows($login_check)) {
        $login_check = mysqli_fetch_array($login_check);
        // Wenn User noch nicht freigeschaltet!
        if ($login_check['status'] == 0) {
            $_SESSION['uid'] = "";
            $_SESSION['passwort'] = "";
            $_SESSION['login'] = "";
            $_GET['content'] = '/error/kein_zutritt';
        }
        // Wenn beim User alles O.K. ist!
        if ($login_check['status'] == 1) {
            db_query("UPDATE " . $db_prefix . "_kontodaten SET login_ip='" . $ip . "' , loginzeit='" . time() . "' WHERE uid=" . $login_check['uid'] . " and passwort='" . md5($_POST['passwort']) . "' LIMIT 1");
            if ($_POST['autologin'] == 'true') {
                setCookie('uid', $login_check['uid'], time() + 86400 * 30);
                setCookie('passwort', $login_check['passwort'], time() + 86400 * 30);
                setCookie('autologin', 'true', time() + 86400 * 30);
            }
            $_SESSION['uid'] = $login_check['uid'];
            $_SESSION['passwort'] = $login_check['passwort'];
            $_SESSION['login'] = "true";
            header ("location: " . $domain);
            die();
        }
        // Wenn User gesperrt wurde!
        if ($login_check['status'] == 2) {
            $_SESSION['uid'] = "";
            $_SESSION['passwort'] = "";
            $_SESSION['login'] = "";
            $_GET['content'] = '/error/user_gesperrt';
        }
        // Wenn es den User garnicht giebt
    } else {
        $_GET['content'] = '/error/kein_zutritt';
    }
} else {
Christoph Zysik's avatar
missing and missing references on forcedbanner area  
Christoph Zysik committed
80 
    if (isset($_POST['checkid']) && $_POST['checkid'] == 'Login') $_GET['content'] = '/error/kein_zutritt';
Eric Laufer's avatar
1.1
Eric Laufer committed
81 82 
}
// Autologin
Christoph Zysik's avatar
missing and missing references on forcedbanner area  
Christoph Zysik committed
83 
if ( (isset($_SESSION['login']) && $_SESSION['login'] != 'true') || ( isset($_COOKIE['autologin']) && isset($_COOKIE['uid']) && isset($_COOKIE['passwort'])) ) {
Eric Laufer's avatar
1.1
Eric Laufer committed
84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 
    $_COOKIE['uid'] = (int)$_COOKIE['uid'];
    $_COOKIE['passwort'] = addslashes ($_COOKIE['passwort']);

    $login_check = db_query("SELECT `uid`,`passwort`,`status`,`hinweis` FROM " . $db_prefix . "_kontodaten WHERE uid=" . $_COOKIE['uid'] . " and passwort='" . $_COOKIE['passwort'] . "' LIMIT 1");
    if (mysqli_num_rows($login_check)) {
        $login_check = mysqli_fetch_array($login_check);
        if ($login_check['status'] == 1) {
            db_query("UPDATE " . $db_prefix . "_kontodaten SET login_ip='" . $ip . "' , loginzeit='" . time() . "' WHERE uid=" . $_COOKIE['uid'] . " and passwort='" . $_COOKIE['passwort'] . "' LIMIT 1");
            $_SESSION['uid'] = $login_check['uid'];
            $_SESSION['passwort'] = $login_check['passwort'];
            $_SESSION['login'] = "true";
        }
    }
}
// Logout
Christoph Zysik's avatar
missing and missing references on forcedbanner area  
Christoph Zysik committed
99 
if (isset($_GET['logout']) && $_GET['logout'] == 'true') {
Eric Laufer's avatar
1.1
Eric Laufer committed
100 101 102 103 104 105 106 107 108 109 110 111 112 
    setCookie('uid', '', time() - 86400 * 30);
    setCookie('passwort', '', time() - 86400 * 30);
    setCookie('autologin', '', time() - 86400 * 30);
    $_SESSION['uid'] = "";
    $_SESSION['passwort'] = "";
    $_SESSION['login'] = "";
    header ("location: " . $domain);
    die();
}
if (isset ($_SESSION['uid']) && isset ($_SESSION['passwort']) && !empty ($_SESSION['uid']) && !empty ($_SESSION['passwort'])) {
    db_query ("UPDATE " . $db_prefix . "_kontodaten SET last_active = " . time() . " WHERE uid = " . $_SESSION['uid'] . " AND passwort = '" . $_SESSION['passwort'] . "' LIMIT 1");
}
Christoph Zysik's avatar
missing and missing references on forcedbanner area  
Christoph Zysik committed
113 
?>