Code-Formatierungen und Anpassungen an neue Editoren
This commit is contained in:
@@ -1,100 +1,98 @@
|
||||
<?php
|
||||
|
||||
/* Anmelden */
|
||||
if ( isset ( $_POST[ 'siteId' ] ) && $_POST[ 'siteId' ] === 'checkLogin' && isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'checkLogin' )
|
||||
/* Anmelden */
|
||||
if (isset ($_POST['siteId']) && $_POST['siteId'] === 'checkLogin' && isset ($_POST['formAction']) && $_POST['formAction'] === 'checkLogin')
|
||||
{
|
||||
/* Nur nicht gelöschte Benutzer */
|
||||
$result = $db->query('SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST['userName'] . '" AND userPasswordCrypt = "' . md5($_POST['passWord']) . '" AND userDelete = "N";');
|
||||
if ($result->num_rows === 0)
|
||||
{
|
||||
/* Fehlerhafte Benutzeranmeldung */
|
||||
$arrError[] = 'login_001';
|
||||
fnc_writeLog('00000001', array($_SERVER['REMOTE_ADDR'], $_POST['userName']), 0);
|
||||
}
|
||||
else
|
||||
{
|
||||
$dat_user = $result->fetch_assoc();
|
||||
if ($dat_user['userActive'] === 'N')
|
||||
{
|
||||
/* Nur nicht gelöschte Benutzer */
|
||||
$result = $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordCrypt = "' . md5 ( $_POST[ 'passWord' ] ) . '" AND userDelete = "N";' );
|
||||
if ( $result -> num_rows === 0 )
|
||||
{
|
||||
/* Fehlerhafte Benutzeranmeldung */
|
||||
$arrError[ ] = 'login_001';
|
||||
fnc_writeLog ( '00000001' , array ( $_SERVER[ 'REMOTE_ADDR' ] , $_POST[ 'userName' ] ) , 0 );
|
||||
}
|
||||
else
|
||||
{
|
||||
$dat_user = $result -> fetch_assoc ( );
|
||||
if ( $dat_user[ 'userActive' ] === 'N' )
|
||||
{
|
||||
/* User ist deaktiviert */
|
||||
$arrError[ ] = 'login_002';
|
||||
fnc_writeLog ( '00000002' , array ( ) , $dat_user[ 'userId' ] );
|
||||
}
|
||||
else
|
||||
{
|
||||
/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
|
||||
/* Bearbeitungsrechte abfragen */
|
||||
$editingRights = $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user[ 'userId' ] . '";' );
|
||||
|
||||
$_SESSION[ 'sess_userId' ] = $dat_user[ 'userId' ];
|
||||
$_SESSION[ 'sess_loginDate' ] = date( 'YmdHis' );
|
||||
$_SESSION[ 'sess_loginStatus' ] = ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
|
||||
? 'changePW'
|
||||
: 'loggedIn';
|
||||
$_SESSION[ 'sess_sessionId' ] = session_id( );
|
||||
$_SESSION[ 'sess_sessionName' ] = session_name( );
|
||||
$_SESSION[ 'sess_loginLang' ] = 'de';
|
||||
$_SESSION[ 'sess_portalRightsType' ] = $dat_user[ 'userPortalRightsType' ];
|
||||
$_SESSION[ 'sess_portalRights' ] = explode ( ';' , $dat_user[ 'userPortalRights' ] );
|
||||
while ( $singleRights = $editingRights -> fetch_assoc ( ) )
|
||||
{
|
||||
$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] . 'Type' ] = $singleRights[ 'rightsType' ];
|
||||
$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] ] = $singleRights[ 'rights' ];
|
||||
}
|
||||
|
||||
if ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
|
||||
{
|
||||
$_GET[ 'siteId' ] = 'changePW';
|
||||
fnc_writeLog ( '00000005' , array ( ) , $dat_user[ 'userId' ] );
|
||||
}
|
||||
else
|
||||
{
|
||||
$_GET[ 'siteId' ] = '1';
|
||||
fnc_writeLog ( '00000003' , array ( ) , $dat_user[ 'userId' ] );
|
||||
}
|
||||
|
||||
header( 'Location: index.php?siteId=' . $_GET[ 'siteId' ] );
|
||||
die( );
|
||||
}
|
||||
}
|
||||
/* User ist deaktiviert */
|
||||
$arrError[] = 'login_002';
|
||||
fnc_writeLog('00000002', array(), $dat_user['userId']);
|
||||
}
|
||||
|
||||
/* Abmelden */
|
||||
if ( isset ( $_GET[ 'siteId' ] ) && $_GET[ 'siteId' ] === 'logout' )
|
||||
else
|
||||
{
|
||||
if ( isset ( $_SESSION[ 'sess_userId' ] ) )
|
||||
{
|
||||
fnc_writeLog ( '00000004' , array ( ) , $_SESSION[ 'sess_userId' ] );
|
||||
}
|
||||
session_destroy( );
|
||||
header( 'Location: index.php?siteId=login' );
|
||||
die( );
|
||||
}
|
||||
|
||||
/* Passwort ändern */
|
||||
if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'changePW' )
|
||||
{
|
||||
if ( $_POST[ 'newPassWord' ] !== $_POST[ 'passWordRepeat' ] )
|
||||
{
|
||||
$arrError[ ] = 'pw_001';
|
||||
}
|
||||
else
|
||||
{
|
||||
$result = $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordOrg = "' . $_POST[ 'passWord' ] . '" AND userDelete = "N";' );
|
||||
if ( $result -> num_rows === 0 )
|
||||
{
|
||||
$arrError[ ] = 'login_001';
|
||||
}
|
||||
else
|
||||
{
|
||||
$_SESSION[ 'sess_loginStatus' ] = 'loggedIn';
|
||||
$user = $result -> fetch_assoc ( );
|
||||
$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5 ( $_POST[ 'newPassWord' ] ) . '" WHERE userId = "' . $user[ 'userId' ] . '" LIMIT 1;' );
|
||||
fnc_writeLog ( '00000016' , array ( fnc_getUsernameById ( $user[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
|
||||
header( 'Location:index.php?siteId=1' );
|
||||
die( );
|
||||
}
|
||||
}
|
||||
}
|
||||
/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
|
||||
/* Bearbeitungsrechte abfragen */
|
||||
$editingRights = $db->query('SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user['userId'] . '";');
|
||||
|
||||
?>
|
||||
$_SESSION['sess_userId'] = $dat_user['userId'];
|
||||
$_SESSION['sess_loginDate'] = date('YmdHis');
|
||||
$_SESSION['sess_loginStatus'] = ($dat_user['userPasswordOrgCrypt'] === $dat_user['userPasswordCrypt'])
|
||||
? 'changePW'
|
||||
: 'loggedIn';
|
||||
$_SESSION['sess_sessionId'] = session_id();
|
||||
$_SESSION['sess_sessionName'] = session_name();
|
||||
$_SESSION['sess_loginLang'] = 'de';
|
||||
$_SESSION['sess_portalRightsType'] = $dat_user['userPortalRightsType'];
|
||||
$_SESSION['sess_portalRights'] = explode(';', $dat_user['userPortalRights']);
|
||||
while ($singleRights = $editingRights->fetch_assoc())
|
||||
{
|
||||
$_SESSION['sess_' . $singleRights['rightsPrefix'] . 'Type'] = $singleRights['rightsType'];
|
||||
$_SESSION['sess_' . $singleRights['rightsPrefix']] = $singleRights['rights'];
|
||||
}
|
||||
|
||||
if ($dat_user['userPasswordOrgCrypt'] === $dat_user['userPasswordCrypt'])
|
||||
{
|
||||
$_GET['siteId'] = 'changePW';
|
||||
fnc_writeLog('00000005', array(), $dat_user['userId']);
|
||||
}
|
||||
else
|
||||
{
|
||||
$_GET['siteId'] = '1';
|
||||
fnc_writeLog('00000003', array(), $dat_user['userId']);
|
||||
}
|
||||
|
||||
header('Location: index.php?siteId=' . $_GET['siteId']);
|
||||
die();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* Abmelden */
|
||||
if (isset ($_GET['siteId']) && $_GET['siteId'] === 'logout')
|
||||
{
|
||||
if (isset ($_SESSION['sess_userId']))
|
||||
{
|
||||
fnc_writeLog('00000004', array(), $_SESSION['sess_userId']);
|
||||
}
|
||||
session_destroy();
|
||||
header('Location: index.php?siteId=login');
|
||||
die();
|
||||
}
|
||||
|
||||
/* Passwort ändern */
|
||||
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'changePW')
|
||||
{
|
||||
if ($_POST['newPassWord'] !== $_POST['passWordRepeat'])
|
||||
{
|
||||
$arrError[] = 'pw_001';
|
||||
}
|
||||
else
|
||||
{
|
||||
$result = $db->query('SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST['userName'] . '" AND userPasswordOrg = "' . $_POST['passWord'] . '" AND userDelete = "N";');
|
||||
if ($result->num_rows === 0)
|
||||
{
|
||||
$arrError[] = 'login_001';
|
||||
}
|
||||
else
|
||||
{
|
||||
$_SESSION['sess_loginStatus'] = 'loggedIn';
|
||||
$user = $result->fetch_assoc();
|
||||
$db->query('UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5($_POST['newPassWord']) . '" WHERE userId = "' . $user['userId'] . '" LIMIT 1;');
|
||||
fnc_writeLog('00000016', array(fnc_getUsernameById($user['userId'])), $_SESSION['sess_userId']);
|
||||
header('Location:index.php?siteId=1');
|
||||
die();
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user