Skip to content
Snippets Groups Projects
session.lib.php 5.23 KiB
Newer Older
Eric Laufer's avatar
1.1
Eric Laufer committed
<?php
isaack's avatar
isaack committed
/*G8UqVbtH
Eric Laufer's avatar
1.1
Eric Laufer committed
Datei : session.lib.php
Änderungen in dieser Datei nur dann vornehmen wenn Sie wissen was Sie tun!
*/
@session_start();
$ip = (isset($_SERVER['REMOTE_ADDR'])) ? $_SERVER['REMOTE_ADDR'] : '127.0.0.1';
Eric Laufer's avatar
1.1
Eric Laufer committed
// Variabeln definieren
Eric Laufer's avatar
Eric Laufer committed
if(isset($_POST['checkid'])){
	if (!isset($_SESSION['login'])) $_SESSION['login'] = "";
	if (!isset($_SESSION['werber'])) $_SESSION['werber'] = "0";
	if (!isset($_SESSION['uid'])) $_SESSION['uid'] = "0";
	if (!isset($_POST['nickname'])) $_POST['nickname'] = "";
	if (!isset($_POST['passwort'])) $_POST['passwort'] = "";
	if (!isset($_POST['checkid'])) $_POST['checkid'] = "";
	if (!isset($_POST['autologin'])) $_POST['autologin'] = "";
	if (!isset($_GET['logout'])) $_GET['logout'] = "";
	if (!isset($_GET['ref'])) $_GET['ref'] = "0";
}
if( ( !isset($_SESSION['werber']) || ("0" == $_SESSION['werber']) ) && isset($_GET['ref']) )
    $_SESSION['werber'] = (int)$_GET['ref'];
Eric Laufer's avatar
1.1
Eric Laufer committed
// Seiteneinstellungen laden...
$pageconfig = mysqli_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_seitenkonfig LIMIT 1"));

if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $admin_id) {
    setCookie('uid', '', time() - 86400 * 30);
    setCookie('passwort', '', time() - 86400 * 30);
    setCookie('autologin', '', time() - 86400 * 30);
    $_SESSION['uid'] = "";
    $_SESSION['passwort'] = "";
    $_SESSION['login'] = "";
    header ("location: " . $domain . "/wartung.php");
    die();
}
// Login
if (isset($_POST['checkid']) && $_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
Eric Laufer's avatar
1.1
Eric Laufer committed
    $_POST['nickname'] = addslashes($_POST['nickname']);
isaack's avatar
isaack committed
	
	$pw = pw_erstellen($_POST['passwort']);
Eric Laufer's avatar
1.1
Eric Laufer committed
    $login_check = db_query("SELECT k.uid,k.passwort,k.status,k.hinweis FROM
                                        " . $db_prefix . "_userdaten u
                                        LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=u.uid
isaack's avatar
isaack committed
WHERE u.nickname='" . $_POST['nickname'] . "' OR u.uid = '". $_POST['nickname'] ."' AND k.passwort='" . $pw . "' LIMIT 1");
Eric Laufer's avatar
1.1
Eric Laufer committed

    if (mysqli_num_rows($login_check)) {
        $login_check = mysqli_fetch_array($login_check);
        // Wenn User noch nicht freigeschaltet!
        if ($login_check['status'] == 0) {
            $_SESSION['uid'] = "";
            $_SESSION['passwort'] = "";
            $_SESSION['login'] = "";
            $_GET['content'] = '/error/kein_zutritt';
        }
        // Wenn beim User alles O.K. ist!
        if ($login_check['status'] == 1) {
            db_query("UPDATE " . $db_prefix . "_kontodaten SET login_ip='" . $ip . "' , loginzeit='" . time() . "' WHERE uid=" . $login_check['uid'] . " and passwort='" . md5($_POST['passwort']) . "' LIMIT 1");
            if ($_POST['autologin'] == 'true') {
                setCookie('uid', $login_check['uid'], time() + 86400 * 30);
                setCookie('passwort', $login_check['passwort'], time() + 86400 * 30);
                setCookie('autologin', 'true', time() + 86400 * 30);
            }
            $_SESSION['uid'] = $login_check['uid'];
            $_SESSION['passwort'] = $login_check['passwort'];
            $_SESSION['login'] = "true";
            header ("location: " . $domain);
            die();
        }
        // Wenn User gesperrt wurde!
        if ($login_check['status'] == 2) {
            $_SESSION['uid'] = "";
            $_SESSION['passwort'] = "";
            $_SESSION['login'] = "";
            $_GET['content'] = '/error/user_gesperrt';
        }
        // Wenn es den User garnicht giebt
    } else {
        $_GET['content'] = '/error/kein_zutritt';
    }
} else {
    if (isset($_POST['checkid']) && $_POST['checkid'] == 'Login') $_GET['content'] = '/error/kein_zutritt';
Eric Laufer's avatar
1.1
Eric Laufer committed
}
// Autologin
if ( (isset($_SESSION['login']) && $_SESSION['login'] != 'true') || ( isset($_COOKIE['autologin']) && isset($_COOKIE['uid']) && isset($_COOKIE['passwort'])) ) {
Eric Laufer's avatar
1.1
Eric Laufer committed
    $_COOKIE['uid'] = (int)$_COOKIE['uid'];
    $_COOKIE['passwort'] = addslashes ($_COOKIE['passwort']);

    $login_check = db_query("SELECT `uid`,`passwort`,`status`,`hinweis` FROM " . $db_prefix . "_kontodaten WHERE uid=" . $_COOKIE['uid'] . " and passwort='" . $_COOKIE['passwort'] . "' LIMIT 1");
    if (mysqli_num_rows($login_check)) {
        $login_check = mysqli_fetch_array($login_check);
        if ($login_check['status'] == 1) {
            db_query("UPDATE " . $db_prefix . "_kontodaten SET login_ip='" . $ip . "' , loginzeit='" . time() . "' WHERE uid=" . $_COOKIE['uid'] . " and passwort='" . $_COOKIE['passwort'] . "' LIMIT 1");
            $_SESSION['uid'] = $login_check['uid'];
            $_SESSION['passwort'] = $login_check['passwort'];
            $_SESSION['login'] = "true";
        }
    }
}
// Logout
if (isset($_GET['logout']) && $_GET['logout'] == 'true') {
Eric Laufer's avatar
1.1
Eric Laufer committed
    setCookie('uid', '', time() - 86400 * 30);
    setCookie('passwort', '', time() - 86400 * 30);
    setCookie('autologin', '', time() - 86400 * 30);
    $_SESSION['uid'] = "";
    $_SESSION['passwort'] = "";
    $_SESSION['login'] = "";
    header ("location: " . $domain);
    die();
}
if (isset ($_SESSION['uid']) && isset ($_SESSION['passwort']) && !empty ($_SESSION['uid']) && !empty ($_SESSION['passwort'])) {
    db_query ("UPDATE " . $db_prefix . "_kontodaten SET last_active = " . time() . " WHERE uid = " . $_SESSION['uid'] . " AND passwort = '" . $_SESSION['passwort'] . "' LIMIT 1");
}