<?php

	/* Anmelden */
	if ( isset ( $_POST[ 'siteId' ] ) && $_POST[ 'siteId' ] === 'checkLogin' && isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'checkLogin' )
		{
			/* Nur nicht gelöschte Benutzer */
			$result		= $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordCrypt = "' . md5 ( $_POST[ 'passWord' ] ) . '" AND userDelete = "N";' );
			if ( $result -> num_rows === 0 )
				{
					/* Fehlerhafte Benutzeranmeldung */
					$arrError[ ]	= 'login_001';
					fnc_writeLog ( '00000001' , array ( $_SERVER[ 'REMOTE_ADDR' ] , $_POST[ 'userName' ] ) , 0 );
				}
			else
				{
					$dat_user	= $result -> fetch_assoc ( );
					if ( $dat_user[ 'userActive' ] === 'N' )
						{
							/* User ist deaktiviert */
							$arrError[ ]	= 'login_002';
							fnc_writeLog ( '00000002' , array (  ) , $dat_user[ 'userId' ] );
						}
					else
						{
							/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
							/* Bearbeitungsrechte abfragen */
							$editingRights	= $db -> query ( 'SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user[ 'userId' ] . '";' );
							
							$_SESSION[ 'sess_userId' ]				= $dat_user[ 'userId' ];
							$_SESSION[ 'sess_loginDate' ]			= date( 'YmdHis' );
							$_SESSION[ 'sess_loginStatus' ]			= ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
																	? 'changePW'
																	: 'loggedIn';
							$_SESSION[ 'sess_sessionId' ]			= session_id( );
							$_SESSION[ 'sess_sessionName' ]			= session_name( );
							$_SESSION[ 'sess_loginLang' ]			= 'de';
							$_SESSION[ 'sess_portalRightsType' ]	= $dat_user[ 'userPortalRightsType' ];
							$_SESSION[ 'sess_portalRights' ]		= explode ( ';' , $dat_user[ 'userPortalRights' ] );
							while ( $singleRights = $editingRights -> fetch_assoc ( ) )
								{
									$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] . 'Type' ]	= $singleRights[ 'rightsType' ];
									$_SESSION[ 'sess_' . $singleRights[ 'rightsPrefix' ] ]			= $singleRights[ 'rights' ];
								}
							
							if ( $dat_user[ 'userPasswordOrgCrypt' ] === $dat_user[ 'userPasswordCrypt' ] )
								{
									$_GET[ 'siteId' ]	= 'changePW';
									fnc_writeLog ( '00000005' , array (  ) , $dat_user[ 'userId' ] );
								}
							else
								{
									$_GET[ 'siteId' ] 					= '1';
									fnc_writeLog ( '00000003' , array (  ) , $dat_user[ 'userId' ] );
								}
								
							header( 'Location: index.php?siteId=' . $_GET[ 'siteId' ] );
							die( );
						}
				}
		}
	
	/* Abmelden */
	if ( isset ( $_GET[ 'siteId' ] ) && $_GET[ 'siteId' ] === 'logout' )
		{
			if ( isset ( $_SESSION[ 'sess_userId' ] ) )
				{
					fnc_writeLog ( '00000004' , array (  ) , $_SESSION[ 'sess_userId' ] );
				}
			session_destroy( );
			header( 'Location: index.php?siteId=login' );
			die( );
		}
	
	/* Passwort ändern */
	if ( isset ( $_POST[ 'formAction' ] ) && $_POST[ 'formAction' ] === 'changePW' )
		{
			if ( $_POST[ 'newPassWord' ] !== $_POST[ 'passWordRepeat' ] )
				{
					$arrError[ ]	= 'pw_001';
				}
			else
				{
					$result	= $db -> query ( 'SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST[ 'userName' ] . '" AND userPasswordOrg = "' . $_POST[ 'passWord' ] . '" AND userDelete = "N";' );
					if ( $result -> num_rows === 0 )
						{
							$arrError[ ]	= 'login_001';
						}
					else
						{
							$_SESSION[ 'sess_loginStatus' ]		= 'loggedIn';
							$user								= $result -> fetch_assoc ( );
							$db -> query ( 'UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5 ( $_POST[ 'newPassWord' ] ) . '" WHERE userId = "' . $user[ 'userId' ] . '" LIMIT 1;' );
							fnc_writeLog ( '00000016' , array ( fnc_getUsernameById ( $user[ 'userId' ] ) ) , $_SESSION[ 'sess_userId' ] );
							header( 'Location:index.php?siteId=1' );
							die( );
						}
				}
		}

?>