<?php

/* Anmelden */
if (isset ($_POST['siteId']) && $_POST['siteId'] === 'checkLogin' && isset ($_POST['formAction']) && $_POST['formAction'] === 'checkLogin')
{
	/* Nur nicht gelöschte Benutzer */
	$result = $db->query('SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST['userName'] . '" AND userPasswordCrypt = "' . md5($_POST['passWord']) . '" AND userDelete = "N";');
	if ($result->num_rows === 0)
	{
		/* Fehlerhafte Benutzeranmeldung */
		$arrError[] = 'login_001';
		fnc_writeLog('00000001', array($_SERVER['REMOTE_ADDR'], $_POST['userName']), 0);
	}
	else
	{
		$dat_user = $result->fetch_assoc();
		if ($dat_user['userActive'] === 'N')
		{
			/* User ist deaktiviert */
			$arrError[] = 'login_002';
			fnc_writeLog('00000002', array(), $dat_user['userId']);
		}
		else
		{
			/* Anmeldung erfolgreich und Prüfung, ob Passwort geändert werden muss */
			/* Bearbeitungsrechte abfragen */
			$editingRights = $db->query('SELECT * FROM ' . TBL_RIGHTS . ' WHERE userId = "' . $dat_user['userId'] . '";');

			$_SESSION['sess_userId'] = $dat_user['userId'];
			$_SESSION['sess_loginDate'] = date('YmdHis');
			$_SESSION['sess_loginStatus'] = ($dat_user['userPasswordOrgCrypt'] === $dat_user['userPasswordCrypt'])
				? 'changePW'
				: 'loggedIn';
			$_SESSION['sess_sessionId'] = session_id();
			$_SESSION['sess_sessionName'] = session_name();
			$_SESSION['sess_loginLang'] = 'de';
			$_SESSION['sess_portalRightsType'] = $dat_user['userPortalRightsType'];
			$_SESSION['sess_portalRights'] = explode(';', $dat_user['userPortalRights']);
			while ($singleRights = $editingRights->fetch_assoc())
			{
				$_SESSION['sess_' . $singleRights['rightsPrefix'] . 'Type'] = $singleRights['rightsType'];
				$_SESSION['sess_' . $singleRights['rightsPrefix']] = $singleRights['rights'];
			}

			if ($dat_user['userPasswordOrgCrypt'] === $dat_user['userPasswordCrypt'])
			{
				$_GET['siteId'] = 'changePW';
				fnc_writeLog('00000005', array(), $dat_user['userId']);
			}
			else
			{
				$_GET['siteId'] = '1';
				fnc_writeLog('00000003', array(), $dat_user['userId']);
			}

			header('Location: index.php?siteId=' . $_GET['siteId']);
			die();
		}
	}
}

/* Abmelden */
if (isset ($_GET['siteId']) && $_GET['siteId'] === 'logout')
{
	if (isset ($_SESSION['sess_userId']))
	{
		fnc_writeLog('00000004', array(), $_SESSION['sess_userId']);
	}
	session_destroy();
	header('Location: index.php?siteId=login');
	die();
}

/* Passwort ändern */
if (isset ($_POST['formAction']) && $_POST['formAction'] === 'changePW')
{
	if ($_POST['newPassWord'] !== $_POST['passWordRepeat'])
	{
		$arrError[] = 'pw_001';
	}
	else
	{
		$result = $db->query('SELECT * FROM ' . TBL_USER . ' WHERE userUsername = "' . $_POST['userName'] . '" AND userPasswordOrg = "' . $_POST['passWord'] . '" AND userDelete = "N";');
		if ($result->num_rows === 0)
		{
			$arrError[] = 'login_001';
		}
		else
		{
			$_SESSION['sess_loginStatus'] = 'loggedIn';
			$user = $result->fetch_assoc();
			$db->query('UPDATE ' . TBL_USER . ' SET userPasswordCrypt = "' . md5($_POST['newPassWord']) . '" WHERE userId = "' . $user['userId'] . '" LIMIT 1;');
			fnc_writeLog('00000016', array(fnc_getUsernameById($user['userId'])), $_SESSION['sess_userId']);
			header('Location:index.php?siteId=1');
			die();
		}
	}
}