<?php
/*
Datei : session.lib.php
Ă„nderungen in dieser Datei nur dann vornehmen wenn Sie wissen was Sie tun!
*/
@session_start();
// Variabeln definieren
if (!isset($_SESSION['login'])) $_SESSION['login'] = "";
if (!isset($_SESSION['werber'])) $_SESSION['werber'] = "0";
if (!isset($_SESSION['uid'])) $_SESSION['uid'] = "0";
if (!isset($_POST['nickname'])) $_POST['nickname'] = "";
if (!isset($_POST['passwort'])) $_POST['passwort'] = "";
if (!isset($_POST['checkid'])) $_POST['checkid'] = "";
if (!isset($_POST['autologin'])) $_POST['autologin'] = "";
if (!isset($_GET['logout'])) $_GET['logout'] = "";
if (!isset($_GET['ref'])) $_GET['ref'] = "0";
if ($_SESSION['werber'] == "0") $_SESSION['werber'] = (int)$_GET['ref'];
// Seiteneinstellungen laden...
$pageconfig = mysqli_fetch_array(db_query("SELECT * FROM " . $db_prefix . "_seitenkonfig LIMIT 1"));
if ($pageconfig['wartung'] == 1 && $_SESSION['uid'] != $admin_id) {
setCookie('uid', '', time() - 86400 * 30);
setCookie('passwort', '', time() - 86400 * 30);
setCookie('autologin', '', time() - 86400 * 30);
$_SESSION['uid'] = "";
$_SESSION['passwort'] = "";
$_SESSION['login'] = "";
header ("location: " . $domain . "/wartung.php");
die();
}
// Login
if ($_POST['checkid'] == 'Login' && $_POST['nickname'] && $_POST['passwort']) {
$_POST['nickname'] = addslashes($_POST['nickname']);
$login_check = db_query("SELECT k.uid,k.passwort,k.status,k.hinweis FROM
" . $db_prefix . "_userdaten u
LEFT JOIN " . $db_prefix . "_kontodaten k ON k.uid=u.uid
WHERE u.nickname='" . $_POST['nickname'] . "' AND k.passwort='" . md5($_POST['passwort']) . "' LIMIT 1");
if (mysqli_num_rows($login_check)) {
$login_check = mysqli_fetch_array($login_check);
// Wenn User noch nicht freigeschaltet!
if ($login_check['status'] == 0) {
$_SESSION['uid'] = "";
$_SESSION['passwort'] = "";
$_SESSION['login'] = "";
$_GET['content'] = '/error/kein_zutritt';
}
// Wenn beim User alles O.K. ist!
if ($login_check['status'] == 1) {
db_query("UPDATE " . $db_prefix . "_kontodaten SET login_ip='" . $ip . "' , loginzeit='" . time() . "' WHERE uid=" . $login_check['uid'] . " and passwort='" . md5($_POST['passwort']) . "' LIMIT 1");
if ($_POST['autologin'] == 'true') {
setCookie('uid', $login_check['uid'], time() + 86400 * 30);
setCookie('passwort', $login_check['passwort'], time() + 86400 * 30);
setCookie('autologin', 'true', time() + 86400 * 30);
}
$_SESSION['uid'] = $login_check['uid'];
$_SESSION['passwort'] = $login_check['passwort'];
$_SESSION['login'] = "true";
header ("location: " . $domain);
die();
}
// Wenn User gesperrt wurde!
if ($login_check['status'] == 2) {
$_SESSION['uid'] = "";
$_SESSION['passwort'] = "";
$_SESSION['login'] = "";
$_GET['content'] = '/error/user_gesperrt';
}
// Wenn es den User garnicht giebt
} else {
$_GET['content'] = '/error/kein_zutritt';
}
} else {
if ($_POST['checkid'] == 'Login') $_GET['content'] = '/error/kein_zutritt';
}
// Autologin
if ($_SESSION['login'] != 'true' && isset($_COOKIE['autologin']) && isset($_COOKIE['uid']) && isset($_COOKIE['passwort'])) {
$_COOKIE['uid'] = (int)$_COOKIE['uid'];
$_COOKIE['passwort'] = addslashes ($_COOKIE['passwort']);
$login_check = db_query("SELECT `uid`,`passwort`,`status`,`hinweis` FROM " . $db_prefix . "_kontodaten WHERE uid=" . $_COOKIE['uid'] . " and passwort='" . $_COOKIE['passwort'] . "' LIMIT 1");
if (mysqli_num_rows($login_check)) {
$login_check = mysqli_fetch_array($login_check);
if ($login_check['status'] == 1) {
db_query("UPDATE " . $db_prefix . "_kontodaten SET login_ip='" . $ip . "' , loginzeit='" . time() . "' WHERE uid=" . $_COOKIE['uid'] . " and passwort='" . $_COOKIE['passwort'] . "' LIMIT 1");
$_SESSION['uid'] = $login_check['uid'];
$_SESSION['passwort'] = $login_check['passwort'];
$_SESSION['login'] = "true";
}
}
}
// Logout
if ($_GET['logout'] == 'true') {
setCookie('uid', '', time() - 86400 * 30);
setCookie('passwort', '', time() - 86400 * 30);
setCookie('autologin', '', time() - 86400 * 30);
$_SESSION['uid'] = "";
$_SESSION['passwort'] = "";
$_SESSION['login'] = "";
header ("location: " . $domain);
die();
}
if (isset ($_SESSION['uid']) && isset ($_SESSION['passwort']) && !empty ($_SESSION['uid']) && !empty ($_SESSION['passwort'])) {
db_query ("UPDATE " . $db_prefix . "_kontodaten SET last_active = " . time() . " WHERE uid = " . $_SESSION['uid'] . " AND passwort = '" . $_SESSION['passwort'] . "' LIMIT 1");
}
?>